Alcatel-Lucent Scalable IP Networks Student Guide
-
Upload
zurgani-alaa -
Category
Documents
-
view
250 -
download
5
description
Transcript of Alcatel-Lucent Scalable IP Networks Student Guide
Alcatel-Lucent Scalable IP Networks
Module 0 — Introduction
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 0 - 2Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 2 All rights reserved © 2006–2007 Alcatel-Lucent
Module Objectives
Course timelineCourse objectivesCourse prerequisitesCourse introduction
Alcatel-Lucent Scalable IP Networks
This course is part of the Alcatel-Lucent Service Routing Certification (SRC) Program. For more information on the the SRC program, see www.alcatel-lucent.com/src
To locate additional information relating to the topics presented in this manual, refer to the following:
Technical Practices for the specific product
Internet Standards documentation such as protocol standards bodies, RFCs, and IETF drafts
Technical support pages of the Alcatel website located at: http://www.alcatel-lucent.com/support
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 0 - 3Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 3 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks — Timeline
Day 1Module 0 — IntroductionModule 1 — Internet OverviewModule 2 — 7x50 SR/ESS Components and CLI
Day 2Module 3 — Ethernet Overview Module 4 — IP Overview & Addressing
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 0 - 4Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 4 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks — Timeline
Day 3Module 5 — Transport Layer OverviewModule 6 — IP Routing Module 7 — Link State Routing Protocols
Day 4Module 8 — BGP OverviewModule 9 — 7750 SR Services Overview
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 0 - 5Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 5 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks — Objectives
After successful completion of this course, you should be familiar with:
The OSI protocol suiteKey functions of the Ethernet protocolKey functions of an IP networkThe IP address classes, IP subnet masking, and IP super-nettingConfiguration of IP addresses and subnet masks on router interfacesThe concepts of static and dynamic routingThe differences between IGP and EGP routing protocols
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 0 - 6Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 6 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks — Objectives (continued)
Understand the differences between a distance vector protocol and a link state protocolUnderstand the basic operation of RIPUnderstand the basic operation of OSPFSuccessfully configure the various IGP protocolsUnderstand the basic operation of BGPv4Successfully configure BGPv4Understand TCP and UDP as transport protocolsUnderstand the various services offered by the 7750 SR
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 0 - 7Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 7 All rights reserved © 2006–2007 Alcatel-Lucent
Prerequisites and Follow-On
Suggested prerequisitesThere is no prerequisite for this course, however familiarity with binary arithmetic is an asset.
Suggested follow-on coursesBased on the material covered in this course, it is recommended that this course be followed with the Alcatel-Lucent IGP course.
ASIN examTo ensure full comprehension of the material covered in this course, it is recommended that the student register for and take the Alcatel-Lucent Scalable IP Networks exam following successful completion of this course.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 0 - 8Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 8 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks — Introduction
IP technology has exploded over the last decade. The technology has now infiltrated every facet of our lives. This 4-day course introduces the layer 2 and layer 3 technology that is used in the networking world.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 0 - 9Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 9 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks — Course Goal
Provide the participants with foundation knowledge of IP networking, its applications, and its implementation in an Alcatel-Lucent environment.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 0 - 10Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 10 All rights reserved © 2006–2007 Alcatel-Lucent
Graphical Symbols and Icons
DA SA Type IP Data
10.1.1.1
Generic router
Table
Flow or lookup
Packet (showing detail)
Network Cloud System or loopbackInterface
Data plane
(dotted blue)
Control plane
(dashed red)
Physical link
(solid black)
PE
Customer site 1
Switch
Customer site 2Server
Workstation
User
1
These typical graphical symbols are used in this course.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 0 - 11Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 11 All rights reserved © 2006–2007 Alcatel-Lucent
Administration
RegistrationFacility informationRestroomsCommunicationsMaterialsScheduleIntroductions
Name and companyExperience
Questions
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Alcatel-Lucent Scalable IP Networks
Module 1 — Internet Overview
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 2Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 2 All rights reserved © 2006–2007 Alcatel-Lucent
Module Objectives
After successful completion of this module, you should be able to:
Understand the layering concepts of network protocols Discuss the functions of the different layers of the TCP/IP protocol suiteIdentify some of the different protocols that operate at the different layersUnderstand the encapsulation process as data travels across the InternetCompare and contrast the OSI and TCP/IP layering models
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
OSI Overview
Section 1 — Reference Model
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 4Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 4 All rights reserved © 2006–2007 Alcatel-Lucent
TCP/IP Protocols
Developed in the 1970s by pioneering network engineers Vinton Cerf and Bob KahnIntended to provide a common framework to allow the interworking of diverse network hardware and computer systemsIncluded in early releases of the UNIX operating systemDuring the 1980s, primarily used by U.S. universities and research institutionsDuring the 1990s, increasingly adopted by commercial enterprises Provides the underlying technological framework of the Internet today
Developed in the 1970s by pioneering network engineers Vinton Cerf and Bob Kahn.
Intended to provide a common framework to allow the interworking of diverse network hardware and computer systems.
TCP/IP was included in early releases of the UNIX operating system. This led to extensive use of TCP/IP at universities and other enterprises that used UNIX.
During the 1980s, primarily used by U.S. universities and research institutions. From 1986, the backbone of the Internet was primarily provided by the NSFnet, a government-sponsored network, and was not intended for commercial use.
Increasingly adopted by commercial enterprises during the 1990s. On April 30, 1995, the architecture was transitioned from the NSFnet backbone to the use of distributed interconnection or peering points.
Provides the underlying technological framework of the Internet today. As of June 30, 2006, it was estimated that there are 1.04 billion Internet users worldwide (http://www.internetworldstats.com/stats.htm).
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 5Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 5 All rights reserved © 2006–2007 Alcatel-Lucent
TCP/IP Layering
ApplicationServices
Transport
InternetProtocol
NetworkInterfaces
TCP/IP Layers
The purpose of a network protocol suite is to define the protocols and technologies that support the interconnection of a diverse array of hardware and systems to support the operation of a wide range of applications over the network. Anyone who has used an Internet application such as a web browser or e-mail can appreciate the complexity of the systems required to support these applications.
The layering of protocols provides a way to simplify this complex problem by segregating it into a number of smaller functions. Each layer performs a specific function that contributes to the overall functioning of the network. Protocol layers have the following benefits:
Simplify complex procedures into a structure that is easier to understand
Allow vendors to interoperate
Isolate problems from one layer that may be passed to other areas
Allow modular plug-and-play functionality
The TCP/IP protocol suite (or Internet protocol suite) is constructed around four layers of technology. The application layer provides all the services (for example, web browsing and e-mail) available to users of the Internet. The network interfaces layer includes all the hardware that comprises the physical infrastructure of the Internet. The two intermediate layers provide a common set of services that are available to all Internet applications and that operate on all the hardware infrastructure of the Internet.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 6Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 6 All rights reserved © 2006–2007 Alcatel-Lucent
TCP/IP Layering — Application Layer
ApplicationServices
Transport
InternetProtocol
NetworkInterfaces
TCP/IP Layers
ApplicationUser interface to the network
User Applications• E-mail• Telnet• FTP• WWW
The application layer is the layer for the user. It is important to understand at this point that this layer only describes Network applications. Applications such as word processors and database programs are not considered network applications as they do not require network connectivity and are not part of this layer.
The figure above shows examples of network applications. Without network connectivity, these applications would be useless.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 7Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 7 All rights reserved © 2006–2007 Alcatel-Lucent
TCP/IP Layering — Transport Layer
ApplicationServices
Transport
InternetProtocol
NetworkInterfaces
TCP/IP Layers
TransportCommunication between applications
• Reliable data transfer• Flow control• Sequencing of data
Transport protocols are the application’s interface to the network. The transport protocol provides a mechanism for an application to communicate with an application residing on another device in the network.
In the TCP/IP protocol suite there are two transport protocols: TCP and UDP. TCP is a connection-oriented protocol that provides an ordered and reliable transfer of data over the network. UDP is a connectionless protocol that supports the transfer of a single datagram across the network with no delivery guarantee. UDP is simpler and operates with less overhead than TCP.
Most Internet applications use TCP for data transfer because it provides a reliable transfer service. This includes HTTP (web browsing), e-mail, Telnet, and FTP. Some applications, such as DNS and SNMP, use UDP because they only require a simple datagram transfer, while RTP uses UDP to avoid the overhead of TCP and because there is no benefit in retransmitting lost packets for applications that use RTP.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 8Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 8 All rights reserved © 2006–2007 Alcatel-Lucent
TCP/IP Layering — Internet Protocol Layer
ApplicationServices
Transport
InternetProtocol
NetworkInterfaces
TCP/IP Layers
Internet ProtocolCommon services and addressing
• Unique network addressing scheme to identify hosts• Routing protocols for path determination• End-to-end forwarding of datagrams
The Internet protocol layer provides a common addressing plan for all hosts on the Internet as well as a simple, unreliable datagram transfer service between these hosts. IP is the common glue that defines the Internet.
IP also defines the way a datagram (or packet) is routed to its final destination. In an IP network, the forwarding of packets across the network is handled by routers. IP routers examine the destination address of a datagram and determine which router is the next hop that will provide the best route to the destination (known as hop-by-hop routing). Routers communicate with each other using dynamic routing protocols to exchange information about the networks they are connected to. This allows routers to make forwarding decisions for the datagrams they receive.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 9Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 9 All rights reserved © 2006–2007 Alcatel-Lucent
TCP/IP Layering — Network Interfaces
ApplicationServices
Transport
InternetProtocol
NetworkInterfaces
TCP/IP Layers
Network InterfacesPhysical transfer of data
• Ethernet• ATM• Frame Relay• PPP
The network interfaces layer comprises the hardware that supports the physical interconnection of all network devices. The technologies of this layer are often defined as multiple layers themselves. The common attribute of all technologies of this layer is that they are able to forward IP datagrams.
There are many different technologies that operate at this layer, some of which are very complex. Some of the protocols commonly used at this layer include ATM, frame relay, PPP, and Ethernet. However, there are many other protocols used; some are open standards and some are proprietary. The diversity of the network interfaces layer demonstrates one of the benefits of protocol layering. As new transmission technologies are developed, it is not necessary to make changes to the upper layers to incorporate these technologies in the network. The only requirement is that the new technology be able to support the forwarding of IP datagrams.
This layer is often referred to as “Layer 2” in reference to the data link layer of the OSI reference model (presented later).
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 10Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 10 All rights reserved © 2006–2007 Alcatel-Lucent
Application Encapsulation
ApplicationServices
Transport
InternetProtocol
NetworkInterfaces
TCP/IP Layers
From: [email protected]: [email protected]
Message Body
When a network application wants to communicate with another application across the network, it must first prepare its data in the specific format defined by the protocol to be used by the receiving application. A specific protocol is used so that the receiving application will know how to interpret the data it receives.
In the case of a mail message, the message consists of two parts, the message header and the body. The message header contains the sender’s and receiver’s addresses as well as other information such as the urgency of the message and the nature of the message body. The format of the header and the nature of the addresses is defined by the application protocol. In the case of a mail message, the protocol is SMTP.
In addition to defining the format of the message, the protocol also specifies how the applications are expected to interact with each other, including the exchange of commands and the expected responses.
To accomplish the transfer of the application’s data, the application uses the services of the transport layer.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 11Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 11 All rights reserved © 2006–2007 Alcatel-Lucent
Transport Encapsulation
ApplicationServices
Transport
InternetProtocol
NetworkInterfaces
TCP/IP Layers
From: [email protected]: [email protected]
Message Body
Source: 1223Destination: 25
Message BodyHeader Body
The transport layer provides a service to transfer data between applications across a network. There are two transport protocols used on the Internet: TCP and UDP. For exchanging e-mail across the Internet, an e-mail application uses SMTP. SMTP uses TCP to accomplish the transfer. TCP provides a reliable transfer service so that the application does not have to be concerned about whether all data is properly transferred. UDP provides a simple, unreliable datagram delivery service (much like IP).
TCP treats all application data as a simple byte stream, including both the message header and the message body. TCP accepts the application’s data and breaks it into segments for transmission across the network as required. To accomplish this reliable transfer, TCP packages the application data with a TCP header. On the receiving end of the connection, TCP removes the TCP header and reconstructs the application data stream exactly as it was received from the application on the sender’s side of the network.
The TCP and UDP headers carry source and destination addresses that identify the sending and recipient applications because a single host system may support multiple applications. These addresses are known as port numbers. The TCP units of data are known as segments; UDP data is called a datagram.
To transmit its segments of data across the network, TCP uses the services of the IP layer.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 12Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 12 All rights reserved © 2006–2007 Alcatel-Lucent
IP Encapsulation
ApplicationServices
Transport
InternetProtocol
NetworkInterfaces
TCP/IP Layers
From: [email protected]: [email protected]
Message Body
Source: 1223Destination: 25
Message BodyHeader Body
Source:138.120.191.122Dest.: 197.199.45.12
Header Header Body
The IP layer provides a common addressing scheme across the network as well as a simple, unreliable datagram forwarding service between nodes in the network.
Data from the transport layer is packaged in IP datagrams for transfer over the network. Each datagram travels independently across the network. The intermediate routers forward the datagram on a hop-by-hop basis based on the destination address.
Each datagram contains source and destination addresses that identify the end nodes in the network. Every node in an IP network is expected to have a unique IP address.
IP uses the services of the underlying network interfaces to accomplish the physical transfer of data.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 13Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 13 All rights reserved © 2006–2007 Alcatel-Lucent
Data Link Encapsulation
ApplicationServices
Transport
InternetProtocol
NetworkInterfaces
TCP/IP Layers
From: [email protected]: [email protected]
Message Body
Source: 1223Destination: 25
Message BodyHeader Body
Source:138.120.191.122Dest.: 197.199.45.12
Header Header Body
DA: 00-D0-F6-A4-26-5CSA: 00-20-60-37-BB-5F
Hdr FCS
Hdr Hdr Body
The data link layer is the term used to describe the network interfaces used by IP for physically transmitting the data across the network. The units of data transmitted at the data link layer are usually known as frames. IP datagrams must always be encapsulated in some type of data link frame for transmission.
A typical data link frame contains a header, usually containing some type of address. The frame also often carries a trailer that contains some type of checksum to verify the integrity of the transmitted data. There are many types of technology used as network interfaces by IP, and they each have their own specific format and rules of operation. The common characteristic is that the technologies are all capable of carrying IP datagrams.
Most protocols at this layer also use some type of addressing. The address identifies the two endpoints of a data exchange to the data link protocol. For example, the figure above shows the addressing of an Ethernet frame. Some point-to-point protocols such as PPP may not use addresses if there is only one possible destination for the data.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 14Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 14 All rights reserved © 2006–2007 Alcatel-Lucent
OSI — A History Lesson
Early 1970s — Canepa and Bachman at Honeywell Information Systems worked to develop a mechanism to distribute databases.Late 1970s — ISO and CCITT each developed a standard.1983 — The ISO and CCITT documents merged into the Basic Reference Model for Open Systems Interconnection.1984 — The merged document was published by both ISO and CCITT, with CCITT being renamed ITU-T (ISO 7498 and ITU-T X.200).Some OSI protocols (e.g., X.21 and ATM) competed with TCP/IP, but growth of the Internet caused IP to be adapted.
The OSI reference model was developed at the end of the 1970s, but the development of actual protocols to support the reference model was slow. By the early 1990s a number of OSI protocols (TP0-4, CLNS, CONS, X.400, and X.500) had been specified and commercial implementations attempted, but the success of TCP/IP and the weaknesses of OSI led to the complete adoption of TCP/IP for internetworking.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 15Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 15 All rights reserved © 2006–2007 Alcatel-Lucent
OSI — Interesting Facts
Formed the basis of the OSI protocol suite, to create a widely adopted suite of protocols to be used by international networksThe 7-layer model created by Bachman and Canepa was the only model submitted to the ISO subcommittee in March 1978Introduced to compete with IBM’s SNA, due to the company‘s closed architecture
OSI was designed as an open standard to replace the strictly proprietary networking technologies that were in use in the 1970s (SNA was dominant, but many others were also in use). However, TCP/IP applications and implementations grew much more rapidly than OSI and by 2000, OSI was essentially replaced by TCP/IP.
The OSI reference model is widely used to describe the layering of network protocols, and much networking terminology derives from the OSI protocol suite. A few remnants of OSI are still in use; for example, LDAP, which is a derivation and simplification of X.500, and IS-IS, which was designed as an OSI routing protocol and was adapted to TCP/IP networks.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 16Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 16 All rights reserved © 2006–2007 Alcatel-Lucent
OSI Model
OSI
Upper Layers
Lower Layers
Application
Presentation
Session
Transport
Network
Data Link
Physical
The OSI reference model represents a logical way of organizing how networks talk to each other so that all hardware and software vendors have an agreed-upon framework to develop networking technologies. By providing and using this model, the ISO has accomplished the following:
Simplifies complex procedures into an easy-to-understand structure
Allows vendors to interoperate
Provides the ability to isolate problems from one layer that may be passed to other areas
Allows a modular plug-and-play functionality
Provides an independent layer design
The OSI model is represented by the seven layers depicted in the figure above. These layers may be grouped into two main areas, defined simply as the upper and lower layers.
Although a single device (for example, a UNIX workstation) can execute all seven layers, this is not practical in real networks. The amount of traffic that needs to be moved through modern networks requires purpose-built devices that handle various layer functions. Two such examples are bridges, which are purpose-built for layer 2 operation, and routers, which are purpose-built for layer 3 operation.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 17Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 17 All rights reserved © 2006–2007 Alcatel-Lucent
TCP/IP Suite vs. OSI
ApplicationServices
Transport
InternetProtocol
NetworkInterfaces
TCP/IP Suite
Application
Presentation
Transport
Data Link
OSI
Session
Network
Physical
The TCP/IP suite differs from the OSI model in that the TCP/IP suite uses four protocol layers and the OSI model uses seven layers. The figure above roughly shows the protocol layer relationship between the two models.
Network Interfaces — This layer is used to define the interface between hosts and contains the functionality of both the physical and data link layers of the OSI model. Protocols such as Ethernet describe both the framing of data (layer 2) and the physical transmission of the frame over the media (layer 1). This layer is often referred to as layer 2 or L2 because it provides OSI layer 2-type services to the IP layer.
Internet Protocol — The IP layer provides a universal and consistent forwarding service across a TCP/IP network. IP provides services comparable to the OSI network layer and is sometimes referred to as a layer 3 (or L3) protocol. The OSI protocol CLNP corresponds most closely to IP.
Transport — The transport layer comprises two main protocols, TCP and UDP. These transport protocols provide similar services to the OSI transport protocols. TCP is very similar to the OSI transport protocol, TP4. TCP and UDP may be referred to as layer 4 protocols.
Application Services — The application services provide end-user access to the Internet. Any of the services of the upper three OSI protocols that are required are incorporated into the application protocols. There are a number of Internet protocols that provide services similar to these OSI layers, although they do not follow the layering or service definitions of OSI. For example, TLS provides session-like services to Internet applications and MIME provides presentation-like services to SMTP and HTTP. Application layer protocols are sometimes referred to as layer 7 protocols.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
OSI Overview
Section 2 — Network Devices
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 19Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 19 All rights reserved © 2006–2007 Alcatel-Lucent
Network Devices — Examples
Switch Router
Hub
Repeater
The figure above shows some different network devices. The major difference between them is the OSI layer that each of the devices operates at.
L1 Physical Layer — With regard to the figure above, the repeater and the hub are considered to be layer 1 devices. These devices normally have no intelligence. The devices simply take whatever traffic comes in and send it out with no decision-making.
L2 Data Link Layer — In the figure above, the switch is the layer 2 device. The switch makes intelligent forwarding decisions based on the data link address, whether it be a MAC address, VPI/VCI, or DLCI. An Ethernet switch also dynamically learns the MAC addresses of the hosts in its LAN. Data on a switch is divided into collision domains (a port on a switch represents a single collision domain). However, the switch and all its ports reside in one broadcast domain.
L3 Network Layer — The most common layer 3 device is a router. The router makes intelligent forwarding decisions based on the network layer address. As in a switch, each port on a router is a single collision domain. However, each port on a router is also a single broadcast domain. Therefore, traffic crossing from one broadcast domain to another broadcast domain must go through a router.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 20Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 20 All rights reserved © 2006–2007 Alcatel-Lucent
Layer 1 Devices
A repeater retransmits the Ethernet signal down a wire and amplifies it to be used again. The repeater extends the reach ofEthernet in a LAN.A hub works exactly like a repeater, with the exception that it functions less as a distance extender and more like a port concentrator of several hosts in one physical area.
HubRepeater
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 21Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 21 All rights reserved © 2006–2007 Alcatel-Lucent
Layer 1 Devices — Repeater
Connects network segmentsRetimes and regenerates signals to proper amplitudesDisadvantage — propagation delay due to broadcastingDisadvantage — physical limit to the number of repeaters used
Repeater
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 22Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 22 All rights reserved © 2006–2007 Alcatel-Lucent
Layer 1 Devices — Hub
A single Ethernet segment device that can operate at 10/100/1000 MbCan act as a repeaterDisadvantage — Same as repeaterUsed in small home networks or isolated segments in larger networks
Hub
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 23Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 23 All rights reserved © 2006–2007 Alcatel-Lucent
Bridging and Bridges
Bridging is a layer 2 (L2) concept. Bridging is primarily associated with Ethernet.A bridge (or switch) operates at L2 of the OSI model.A bridge is an intelligent device that does an L2 address lookup.
OSI Model
Bridge
Application
Presentation
Session
Transport
Network
Data Link
Physical
L2 Network Device
Bridge
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 24Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 24 All rights reserved © 2006–2007 Alcatel-Lucent
Switches
A switch is a multiple Ethernet segment device that can have dedicated 10/100/1000 Mb ports.Traffic in isolated segments is “switched” via a high-speed, bandwidth-dedicated backplane called a “fabric”.The majority of modern switches function in store/forward.
Switch
L2 Network Device
A store/forward switch requires the whole Ethernet frame (packet) to be received before it can be forwarded. Although this may suggest higher network latencies due to larger frame sizes, high-speed switching hardware and interfaces mean that this is usually not a problem.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 25Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 25 All rights reserved © 2006–2007 Alcatel-Lucent
A router, unlike a bridge, operates up to L3 of the OSI model.A router connects two different network segments.
Routing
OSI Model
Router
L3 Network Device
Router
Application
Presentation
Session
Transport
Network
Data Link
Physical
Basic router functions:• Examine the IP header of the incoming packet for
the destination IP address• Look up this address in its routing table• Determine the best path to the destination IP
address• Determine the egress interface for the above path • Forward the data out of this egress interface
L3 Devices — Routers
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 26Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 26 All rights reserved © 2006–2007 Alcatel-Lucent
ETHERNET
IP
TCP/UDP
DATA
ATM
IP
TCP/UDP
DATA
Ethernet
Ethernet/ ATM
ETHERNET
IP
TCP/UDP
DATA
ETHERNET
IP
TCP/UDP
DATA
DATA
POS
IP
TCP/UDP
DATA
ETHERNET
IP
TCP/UDP
PPP
IP
TCP/UDP
DATA PPP
1
10 9
6
43
2
8
5
7
L2 Encapsulations
Encapsulated data enters the ingress Ethernet switch on the top left via Ethernet interface 1 and leaves the switch via interface 2. Because both the ingress and egress interfaces for the Ethernet switch are Ethernet line cards, the Ethernet switch simply transmits the Ethernet frame, unchanged, out the egress interface. The data frame is still referred to as an Ethernet frame or layer 2 frame.
When the L2 frame reaches the router at interface 3, the router strips off the Ethernet header, looks into the next encapsulation, which is the IP header, and forwards the frame based on the IP header only via interface 4.
Basic router functions:
1. Examine the IP header of the incoming packet for the destination IP address.
2. Look up this address in its routing tables.
3. Determine the best path described in the routing table for the destination IP address.
4. Determine the egress interface for the above path.
5. Forward the data out of this egress interface.
Assuming that the next router decides to forward this data packet out of interface 6 because this interface is connected to a PPP-based L2 switch, egress interface 6 of the router encapsulates the IP frame with a PPP header and sends the data to the PPP device.
If the router decides to forward the data packet via interface 7, to the next router and then out to interface 8, the egress interface at 8 would add an ATM header to the IP frame because it is connected to ATM interface 9 on the Ethernet/ATM switch.
Note: Although only the IP header is relevant during the routing of the data packet, the data packet is encapsulated at router interfaces 4, 5, and 7 by the appropriate L2 headers.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 27Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 27 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary
TCP/IP and OSI protocol suites provides a common framework to allow the interworking of diverse network hardware and computer systemsTCP/IP protocol suite has 4 layers:
Application ServicesTransportInternet ProtocolNetwork Interfaces
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 28Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 28 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary (cont’d)
OSI protocol suite has 7 layers:ApplicationPresentationSessionTransportNetworkData LinkPhysical
Routers are layer 3 devices, switches are layer 2 devices and hubs & repeaters are layer 1 devicesAt each layer of the TCP/IP or OSI suite data is encapsulated in the appropriate format
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 29Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 29 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment
1. Which of the following applications fall under the application layer of the OSI model? (Select all that apply)A. MS WordB. TelnetC. NotepadD. FTP
2. Which layer is responsible for providing reliable communications?A. SessionB. ApplicationC. Physical D. TransportE. NetworkF. Data linkG. Presentation
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 1 – page 30Scalable IP Networks v1.01
Alcatel-Lucent Scalable IP Networks v1.1 Module 1 | 30 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment (continued)
3. Which of the following devices operate at the physical layer? (Select all that apply)A. RouterB. RepeaterC. HubD. Switch
4. Which of the following are layer 2 encapsulations?(select all that apply)
A. ATMB. PPPC. IPD. Ethernet
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Alcatel-Lucent Scalable IP Networks
Module 2 —7x50 SR/ESS Components and CLI
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 2Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 2 All rights reserved © 2006–2007 Alcatel-Lucent
Module Objectives
After successful completion of this module, you should be able to:
Understand the hierarchical structure of the 7x50 CLI Understand basic CLI commandsUnderstand the concepts of configuring the hardware of the 7x50 product lineUnderstand the physical access options of the 7x50Understand basic system configurationUnderstand the purpose of the BOF
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
7x50 SR/ESS Components and CLI
Section 1 — Hardware Configuration
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 4Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 4 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel 7450 Ethernet Service Switch Group
Integrated switch fabric/control, IOM, and power
20 Gb/s full duplexsystem capacity
Two 10 Gb/s MDAsOver-subscription of
some MDAs availablePower redundancy
7 Slots (5 IOM, 2 SF/CPM)100 Gb/s full duplex system capacity 200 Gb/s switch fabric/ controlFabric/control redundancyFive 20 Gb/s IOMsTen 10 Gb/s MDAsOver-subscription of some MDAs availablePower redundancy
Slot
MDA
1 2
12345AB
ESS-7ESS-1
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 5Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 5 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel 7450 Ethernet Service Switch Group
10 Slots (10 IOM, 2 SF/CPM)400 Gb/s full duplex system capacity 400 Gb/s switch fabric/ controlFabric/control redundancyTen 20/40 Gb/s IOMsOver-subscription of some MDAs availablePower redundancy
6 Slots (4 IOM, 2 SF/CPM)80 Gb/s full duplex system capacity 80 Gb/s switch fabric/ controlFabric/control redundancy4 10/20 Gb/s IOMsOver-subscription of some MDAs availablePower redundancy
ESS 6
ESS 12
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 6Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 6 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel 7750 Service Router Family
• Three chassis options – 1, 7, and 12 slots• Carrier-class reliability combined with high
density in a small footprint• System capacities scalable from 20 Gb/s to
200 Gb/s• Modular design for the SR-7 and SR-12–removable IOM, SF/CPM,
and MDAs• Common operating system
12345AB
Slot
MDA
1 2
SR-7
MDA
1 2
A1 SR-1
Slot
1 2 3 4 5 A B 6 7 8 9 10
1
MDA
2
SR-12
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 7Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 7 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel 7750 SR SF/CPM Cards
Redundant SF/CPMs supported on
SR7 and SR12
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 8Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 8 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel 7750 SR IOM, MDAs, and SFPs
Small Form-Factor Pluggable (SFP) optics
2 MDAs per IOM
10 IOMs per SR-125 IOMs per SR-7
IOMs and MDAs are hot-swappable
IOM - Input/Output Module
IOMs are hot-swappable modules responsible for connecting to standard physical interfaces. It contains two 10Gbps traffic-processing programmable fast path complexes. Each complex supports a pluggable Media Dependent Adapter (MDA) that allows a common programmable fast path to support all of the possible interface types. The IOM also contains a CPU section for managing the forwarding hardware in each flexible fast path.
MDA - Media Dependent Adapters
MDAs provide one or more physical interfaces, such as Ethernet, ATM or SONET/SDH. MDAs pass incoming packets to the IOM for processing, and transmits outgoing packets out the appropriate physical interface in the correct format.
SFP – Small Form Factor Pluggable interfaces
SFPs transceivers are small optical modules available in a variety of formats.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 9Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 9 All rights reserved © 2006–2007 Alcatel-Lucent
Alcatel 7x50 Service Router System Components
Switch Fabric
Control Plane
Media Dependent
Adapter(MDA)
Flexible Fast Path Complex
CPU
Media Dependent
Adapter(MDA)
Flexible Fast Path Complex
CPU
CPU
FFPC
Media Dependent
Adapter(MDA)
Flexible Fast Path Complex
I/O Module
CPU
Media Dependent
Adapter(MDA)
Flexible Fast Path Complex
Control Plane
SF/CPM Module
Data plane operationData coming in from the remote network/customer site, ingresses through the Media dependent adapters, where the data is formatted (internal format). The data is then processed in the I/O module where the decision to switch happens (L2/L3 Forwarding information lookup) and the data packets are sent to the switch fabric. The switch fabric then forwards the data to the appropriate IOM from where its sent to the appropriate MDA.
The data plane operation happens after the control plane has built the forwarding information and stored them in the IOM.
Control plane operationControl messages ingress the 7x50 in a manner similar to the data packets, except they are processed further by the control plane.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 10Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 10 All rights reserved © 2006–2007 Alcatel-Lucent
Comparisons between the 7450 ESS and 7750 SR
MDA
RedundancyPwr/Control
Platforms
Purpose
Type
All Ethernet, ATM, POS, DS3/OC3 channelized
Ethernet, POS
SR-7 and SR-12ESS-6,7 and ESS-12
SR-1, SR-7, SR-12ESS-1, ESS-6, ESS-7 and ESS-12
Support Ethernet, ATM, Frame relay and VPRN services
Primarily designed to support Ethernet aggregation services
7750 Service Router7450 Ethernet Service Switch
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
7x50 SR/ESS Components and CLI
Section 2 — CLI Commands
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 12Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 12 All rights reserved © 2006–2007 Alcatel-Lucent
Command Line Interface
Alcatel’s 7750 SR CLI is a command-driven interface accessible through the console, Telnet and SSH. The CLI is used for configuration and management of 7750 SR routers.The CLI command structure is a hierarchical inverted tree.The highest level is root.Navigation down the hierarchy tree is performed by typing the names of submenus.Global commands can be used anywhere in the hierarchy.
The Alcatel 7750 SR CLI is a command-driven interface accessible through the console, Telnet and SSH. The CLI can be used for the configuration and management of 7750 SR routers.
The 7750 SR CLI command tree is a hierarchical inverted tree. At the highest level is root. Below root are other levels with the major command groups; for example,
configuration commands and show commands are levels below root.
To move up in the hierarchy, enter the command node name (sometimes a parameter must be provided).
Navigate down the tree by typing the name of the successively lower contexts. For example, typing ‘configure’ or ‘show’ at the root level navigates down to the ‘configure’ or ‘show’ context, respectively. Global commands, such as back, exit, info, and tree, can be entered at any level in the CLI hierarchy.
Sometimes the context can be specified in a specific context with a single keyword, such as:
SR>config# router
SR>config>router#
Sometimes a keyword and a user-supplied identifier are required:
SR>config>router# interface system
SR>config>router>if#
Viewing the CLI Tree StructureYou can view the hierarchical CLI command structure below your current position with the tree and tree detailcommands.
Displaying Configuration ContextsUse the info and info detail commands to display information about the current context level.
info displays non-default information
info detail displays all configuration information, including defaults
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 13Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 13 All rights reserved © 2006–2007 Alcatel-Lucent
CLI Command Prompt
Example of configuring OSPF:
SR1>config>router>ospf#
Example of creating a new router interface:
SR1>config# router interface Toronto SR1>config>router>if$ address 131.131.131.1/30
Host name SR1 Context separator
At the end of the prompt, there is either a pound symbol (#) or a dollar symbol ($). A # symbol at the end of the prompt indicates that the context is an existing context. A $ symbol at the end of the prompt indicates that the context has been newly created.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 14Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 14 All rights reserved © 2006–2007 Alcatel-Lucent
Command Completion
Command completion can be achieved by:
1. Abbreviation, if the keystrokes entered are unique.SR1>config>router>os [ENTER]SR1>config>router>ospf#
2. Tab Key or Space Key to automatically complete the command.SR1>config>router>os [TAB]SR1>config>router>ospf
SR1>config>router>os [SPACEBAR]SR1>config>router>ospf
If a match is not unique, the CLI displays possible matches:SR1>config# ro [TAB]
router router-ipv6SR1>config# router
The system maintains a history of previously entered commands. The history command displays the previous 30 commands entered.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 15Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 15 All rights reserved © 2006–2007 Alcatel-Lucent
CLI Navigation
Console Control CommandsConsole control commands are used for navigating a CLI session and displaying information about a console session. The following is a list of some of the more commonly used global commands (see next page for additional commands):<Ctrl-c> Aborts the pending command<Ctrl-z> Terminates the pending command line and
returns to the root contextecho Echoes the text that is typed (primary use is to
display messages in an exec file)
When you enter a CLI command, you move from one command level to another. When you start a CLI session, you begin in the root context. Navigate to another level by entering the name of successively lower contexts. For example, enter either the configure or show commands at the root level to navigate to the config or show context, respectively.
Other navigation methods include:
Move down the hierarchy by entering the level; for example, config.
Move up one level in the hierarchy by entering the keyword back.
Move several levels down in the hierarchy by entering multiple contexts separated by spaces. For example: #config router ospf
See Console Control Commands below for explanations of exit, exit all and <Ctrl-z>.
Some contexts are specified with a single keyword, such as router, and others require a keyword and a user-supplied identifier such as interface interface-name.
Console Control Commands
Console control commands are used for navigating in a CLI session and for displaying information about a console session. Many of these commands are global commands, which means they can be executed at any level of the CLI hierarchy.
The following are some of the more commonly used global commands (see the next page for additional commands):
<Ctrl-c> Aborts the pending command
<Ctrl-z> Terminates the pending command line and returns to the root context
— This is a special keyboard sequence that acts like pressing the <Enter> key and entering exit all to return the user to the root context.
back Navigates the user to the parent context
echo Echoes the text that is typed (primary use is to display messages within an exec file)
exec Executes the contents of a text file as if they were CLI commands entered at the console
exit Returns the user to the previous higher context
exit all Returns (moves up) the user to the root context
help Displays a brief description of the help system
? Lists all commands in the current context
history Displays a list of the most recently entered commands (like history in UNIX shell environments)
info Displays the running configuration for a configuration context
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 16Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 16 All rights reserved © 2006–2007 Alcatel-Lucent
CLI Navigation (continued)
back Brings you back one contextexit all Brings you back to the root levelup/down arrow Lists previous command(s) to be repeated tree Shows available commands from context
SR1>config>router>ospf# tree ospf
|
+---area
| |
| +---area-range
| |
| +---blackhole-aggregate| |
| +---interface
| | |
| | +---advertise-subnet
| | |
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 17Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 17 All rights reserved © 2006–2007 Alcatel-Lucent
CLI Navigation (continued)
The shutdown command can be used to disable protocols and interfaces. The no form of any command may have one of two results:
The removal from the configuration (i.e., no ospf). Reset to default settings (i.e.,config>ospf>area>interface>no hello-interval)
The shutdown command does not change, reset, or remove any configuration settings or statistics. Many objects must be shut down before they can be deleted. A shutdown is saved in the configuration file. All ports are shut down by default when the system is first powered on.
To restore the settings after issuing a no command, you must reconfigure the router, reboot from a configuration file that has the correct configuration, or do an exec command on a configuration file that contains the correct settings. You can use an exec command to process a configuration file and restore the configuration stored in the file.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 18Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 18 All rights reserved © 2006–2007 Alcatel-Lucent
Info provides info on the configurationlogout Terminates the CLI sessionoam OAM test suite (see the Service OAM section of the 7750 SR OS
Services Guide)password Changes the user CLI login password
Note: Not a global command; must be entered at the root level.ping Verifies the reachability of a remote hostpwc Displays the present or previous working context of the CLI
sessionsleep Causes the console session to pause operation (sleep) for 1
second or for the specified number of seconds (primary use is tointroduce a pause during the execution of an exec file)
ssh Opens a secure shell connection to a hosttelnet Telnet to a hosttraceroute Determines the route to a destination addresstree Displays a list of all commands at the current level and all
sublevelswrite Sends a console message to a specific user or to all users with
active console sessions
CLI Global Commands
Refer to the 7750 SR OS System Guide for detailed information about CLI commands and navigation.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 19Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 19 All rights reserved © 2006–2007 Alcatel-Lucent
alias Enables the substitution of a command line by an alias
create Enables the create parameter check
more Configures whether CLI output should be displayed 1screen at a time, awaiting user input to continue
reduced-prompt Configures the number of higher-level CLI contextlevels to display in the CLI prompt
terminal Configures the terminal screen length for the current CLIsession
time-display Specifies whether time should be displayed in local or UTC format
CLI Environment Commands
CLI environment commands are used to customize session preferences for a single CLI session.
Refer to the 7750 SR OS System Guide for detailed information about CLI commands and navigation.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 20Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 20 All rights reserved © 2006–2007 Alcatel-Lucent
Help Displays a brief description of the help system
? Lists all commands in the current context
string ? Lists all commands available in the current context that start with string
command ? Displays the command’s syntax and associated keywords
command keyword ? Lists the associated arguments for keyword in command
string <Tab> Completes a partial command name (auto-completion) or listsstring <Space> available commands that match string
Help Edit Displays help on editing (editing keystrokes)Lists the available editing keystrokes
Help Globals Displays help on global commandsLists the available global commands
Finding Help
The tree and tree detail system commands are help commands that are useful when you search for a command in a lower-level context.
Refer to the 7750 SR OS System Guide for detailed information about CLI commands and navigation.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 21Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 21 All rights reserved © 2006–2007 Alcatel-Lucent
File System CLI Context
File system is DOS based and is used to store software image, configuration files and event logsFile commands can be used to create, copy, move, remove files and directories
RootFile Attrib
CdCopyDeleteDirMdMoveRdScpTypeVersion
Displays the version of a 7750 SR OS cpm.tim or iom.tim file.version
Display the contents of a text file.type
Copies a file from the local files system to a remote host on the network. scp uses ssh for the data transfer, and uses the same authentication and provides the same security as ssh.
scp
Moves a local file, system file, or a directory. If the target already exists, the command fails and an error message displays.
move
Deletes the specified file. The optional wildcard (*) can be used to delete multiple files that share a common (partial) prefix and/or (partial) suffix.
Delete
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
7x50 SR/ESS Components and CLI
Section 3 — Boot Process
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 23Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 23 All rights reserved © 2006–2007 Alcatel-Lucent
Basic Boot Up components
Uses a Boot Option File (BOF) to start the systemStored in the compact flash CF3Other components required for startup
Boot loaderBOF configuration fileTiMOS-m.n.Y.Z software image fileDefault config file
Basic Operating SystemThe 7750 SR does not use a BOOT PROM to start the system; instead, it uses a Boot Option File (BOF).
Each new system is shipped with a Compact Flash (CF) card that contains the files required to start a 7750 SR system. The system files are stored on CF3 and that is where the system looks for the files when initializing.
The CF3 card contains the following directories and files located off of the root directory:
Boot.ldrThis file contains the system bootstrap image.
Bof.cfgThe Bof.cfg file is user configurable and contains information such as:
Management port IP address
Location of the image files (primary, secondary, and tertiary)
Location of the configuration files (primary, secondary, and tertiary)
TiMOS-m.n.Y.zThis is a directory this is named according to the major and minor software release, type of release and version.
For example, if the software release is Version 1.2 of a released software version the name would be:
TiMOS 1.2.R.0
On an SR7, and SR12 this directory contains two files, cpm.tim and iom.tim, for the SF/CPM and IOM cards respectively. Since the SR-1 has an integrated fabric/control and I/O, there is only one file, named both.tim.
Config.cfgThis file contains the default configuration file. The default configuration file is very basic and provides just enough information to make the system operational.
You can create other configuration files and point the system to them using the bof.cfg file.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 24Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 24 All rights reserved © 2006–2007 Alcatel-Lucent
Software Release Media
Root
config.cfg TiMOS-m.n.Y.z
cpm.tim iom.tim
boot.ldr
Bootstrap Image
Default Configuration
File
CPMImage
File
bof.cfg
Boot Option
File
IOMImage
File
m Major release number n Minor release numberY A Alpha Release
B Beta ReleaseM Maintenance Release R Released SoftwareI Internal Engineering and Test Release
z Version number.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 25Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 25 All rights reserved © 2006–2007 Alcatel-Lucent
System Initialization
START
Load & Execute boot strap loader
(cf3:\boot.ldr)
Processboot option file(cf3:\bof.cfg)
InitializeHardware
Waitrequired
Get runtime image(3 possible locations)
YN
Get config(3 possible locations)
Image OK ?
StartupFailed
N
Y
Config found ?
Boot with DefaultsSNMP shutdown
Issue TrapIssue Log entry
Issue Console msg
N
NeedPersistence
?
Y
Config FileProcessed OK
Log InPrompt
N
Y
Y
NPersistenceFile Processed
OK
Y
NUser intervention point:
1
User activity detected
SNMP shutdownIssue Trap (if possible)
Issue Log entryIssue Console msg
Processpersistence
andConfiguration
files
1
ProcessConfig File
The configuration file includes chassis, IOM, MDA, and port configurations, as well as system, routing and service configurations.
PersistenceYou can configure the BOF to turn persistence On or Off (default is Off). Persistence is required if the 7450 is managed by the 5620 SAM network manager. When persistence is turned on the 7450 SR creates an index file with the same file prefix name as the current configuration file. The index file contains variable index information (i.e. interface indexes, LSP ids, path ids, etc.). The index file is built dynamically by the 7450 operating system and does not contain configuration information entered by users. The index file is saved whenever the system configuration file is saved.
The index file ensures that the 5620 SAM has the same index data as the 7450 ESS node after a system reboot. If a 7450 reboots and the indexes stored on the SAM do not match the node indexes, a complete re-synchronization between the node and the SAM takes place automatically. This can be a very time consuming and processor intensive operation.
If a node reboots with persistence turned on, it must locate the persistence index file and successfully process it before processing the system configuration file.
If the index file cannot be processed for some reason, the system performs an SNMP shutdown (Get and Set functionality is disabled), however traps will continue to be issued. The system issues traps, log messages, and console messages to advise the user. It requires a no shutdown SNMP to reactivate full SNMP functionality.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 26Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 26 All rights reserved © 2006–2007 Alcatel-Lucent
Boot Options File
Stores parameters that specify the location of the image filename that the router will try to boot from and the configuration file that the router uses to configure the applications and interfacesThe most basic BOF configuration should have the following:
Primary addressPrimary image locationPrimary configuration location
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 27Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 27 All rights reserved © 2006–2007 Alcatel-Lucent
BOF Parameters
BootOptionFile
Alcatel 7750 SR uses the BOF file to perform the following tasks:
1) Set up the CPM Ethernet port (speed, duplex, auto)2) Create an IP address for the CPM Ethernet port3) Create a Static route for the CPM Ethernet port4) Set the console port speed.5) Configure the DNS Domain name6) Configure Primary, Secondary, Tertiary configuration source7) Configure Primary, Secondary, Tertiary image source8) Configure persistence requirements
Always be sure to save the BOF!
Parameters that are configured in the BOF are shown in the chart above. Configuration of the BOF is done in the BOF CLI context.
Sample BOF file commands:
SR-1# buff cf3 # Change or create a buff file on media cf3
SR-1>buff# address 10.10.10.2/24 primary # Change or create the CPM Ethernet Port IP address (must be entered from console)
SR-1>buff# speed 100 # Set the CPM Ethernet Port speed to 100 Mbps.
SR-1>bof# primary-image cf3:/TIMOS.1.0.R0 # Set the primary image directory
SR-1>bof# primary-config cf3:/test.cfg # Set the primary configuration file to be test.cfg
SR-1>bof# save # Saves the bof
Show Commands:
SR-1>show bof Displays the in-memory bof file (last used)
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 28Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 28 All rights reserved © 2006–2007 Alcatel-Lucent
Show BOF
A:sr1a# show bof===============================================================================BOF (Memory)===============================================================================
primary-image cf3:\4.0.R9primary-config cf3:\test\test_sr1a.cfgaddress 138.120.199.60/24 activeautonegotiateduplex fullspeed 100wait 3persist onconsole-speed 115200
===============================================================================
The slide above shows the information that is contained in the boot options file. The primary image location is one of the most important items in the BOF. If the router cannot find an image, it will remain in the boot cycle forever.
In this example, the primary configuration is located in CF1. Therefore, when the router reboots, it goes to CF1, gets the configuration that is specified in the BOF, and loads the router with that configuration. In addition, after the primary configuration location has been defined, every time the operator inputs the command admin save, the current configuration is saved to the primary configuration file.
The address that is referred to in the slide above is the address of the management port on the CPM. Notice the console speed; this is the default speed of the RS-232 port on the CPM. This speed can be changed here in the BOF.
Setting the CPM Ethernet Port AddressUse the following command to assign an IP address to the active CPM in the running configuration and the BOF or the standby CPM for systems that use redundant CPMs.
SR1# bof ↵
SR1>bof# address <xxx.xxx.xxx.xxx/xx> ↵(or e.g.,SR7>bof# address <xxx.xxx.xxx.xxx/xx> <active
|standby>↵)
SR1# show bof ↵
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 29Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 29 All rights reserved © 2006–2007 Alcatel-Lucent
Compact Flash
Each Control/Switch processor on a 7x50 product can have 3 compact flashes, cf1:, cf2:, cf3:Flash size can be 256M, 512M, 1G and 2GBy default the system startup looks for the boot.ldr file in cf3cf3 can store the runtime image, the running configurationRequires a shutdown of the compact flash before removing itCompact flash 1 and 2 can be used to store debug/accounting logs
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
7x50 SR/ESS Components and CLI
Section 4 — Basic Router Configuration
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 31Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 31 All rights reserved © 2006–2007 Alcatel-Lucent
Physical Access
OOB-CPMManagement
EthernetPort
In-band
Customer-Facing
Access Ports&
Network Portsare located on
MDAs
CPM Console Port
SF/CPM (Switch Fabric/Control Processor Module) Card Common to the SR-7 and 12
SR-1
The 7750 SR can be accessed in three ways:
In-band ports — These are access ports and network ports on MDAs.
Console port — A DB-9 serial port; this port is enabled by default. The default settings are:
Baud Rate: 115,200
Data Bits: 8
Parity: None
Stop Bits: 1
Flow Control: None
CPM Ethernet port — A 10/100 Ethernet management port.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 33Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 33 All rights reserved © 2006–2007 Alcatel-Lucent
Initial System SETUP
The following steps are typically used to configure a system from start up
Login to the SR/ESS using console inputConfigure System name and changing admin user passwordConfigure CPM Ethernet management IP addressConfigure additional BOF parametersConfigure IOM cardsConfigure MDA cardsView AlarmsConfigure system addressConfigure Logs if requiredView entire running config
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 34Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 34 All rights reserved © 2006–2007 Alcatel-Lucent
Initial System SETUP (cont’d)
Set the system name >config>system# name SR-1
Configure the CPM Ethernet port IP address
SR-1# bof
SR-1>bof># address 10.1.1.1/32
SR-1>bof# save
SR-1>bof# exit
Change admin user password
SR-1# passwordEnter current password: Enter new password:
Re-enter new password:
Basic System Management ConfigurationSome basic configuration on the 7750 SR is required before putting it into service:
System nameChange admin passwordCPM Ethernet management port IP addressConfigure IOMs, MDAs, and ports
System NameThe system name can be any ASCII printable string of up to 32 characters. The system name is configured in the config CLI context. If the name contains spaces, it must be enclosed in double quotes to delimit the start and end of the name. The system name becomes part of the CLI prompt.
PasswordsThe default login and password is admin. This password should be changed before your router is put into service.
The system automatically creates at least one admin user (the default) and must retain at least one admin user unless you are using an external protocol such as RADIUS or TACACS+ to provide authentication.
You can configure the following password parameters:
Aging — The maximum number of days (1 to 500) that a password remains valid before the user must change it. The default is no aging enforced.
Attempts — The number of unsuccessful login attempts allowed in a specified time period. If the configured threshold is exceeded, the user is locked out for a specified time.
Count: 4Time (minutes): 10Lockout (minutes): 10
In the example above, a user is locked out for 10 minutes if 4 unsuccessful login attempts in occur in a 10-minuteperiod.
Authentication Order — You can configure the order in which password authentication is attempted among RADIUS, TACACS +, and local methods.
Complexity — You can use this parameter to specify if passwords must contain upper- and lowercase characters, numeric, and special characters.
Minimum Length — You can specify the minimum number of characters (1 to 8) required for a password.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 35Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 35 All rights reserved © 2006–2007 Alcatel-Lucent
Show Card
A:sr1a# show card 1
===============================================================================Card 1===============================================================================Slot Provisioned Equipped Admin Operational
Card-type Card-type State State -------------------------------------------------------------------------------1 iom-20g-b iom-20g-b up up ===============================================================================
Show CardThe slide above shows the output of a show card command. The output shows that the card slot is configured to support all IOMs. The next columns show which card the slot is configured to accept and then which card is actually installed in the slot. These two entries must match. Finally, the administrative and operational states should both be up.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 36Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 36 All rights reserved © 2006–2007 Alcatel-Lucent
Show MDA
A:sr1a# show mda
===============================================================================MDA Summary===============================================================================Slot Mda Provisioned Equipped Admin Operational
Mda-type Mda-type State State -------------------------------------------------------------------------------1 1 m5-1gb-sfp-b m5-1gb-sfp-b up up
2 m16-oc3-sfp m16-oc3-sfp up up ===============================================================================
Show MDAThe slide above shows the output of a show mda command. The output shows the card slot that is being referenced, in this case card 1, and then the MDAs that are supported by the IOM in card slot 1. In this case, all MDAs are supported.
Next is which MDA is the IOM slot configured to accept, the actual MDA that is installed in the IOM MDA slot, and the status of the MDA.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 37Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 37 All rights reserved © 2006–2007 Alcatel-Lucent
Admin display-config
A:acie_sr1a# admin display-config # TiMOS-B-4.0.R9 both/hops ALCATEL SR 7750 Copyright (c) 2000-2007 Alcatel-Lucent.# All rights reserved. All use subject to applicable license agreements.# Built on Tue Dec 19 15:56:05 PST 2006 by builder in /rel4.0/b1/R9/panos/main
# Generated FRI DEC 22 16:00:41 2006 UTC
exit allconfigure#--------------------------------------------------echo "System Configuration"#--------------------------------------------------
systemname "acie_sr1a"snmp
shutdownexitlogin-control
Press any key to continue (Q o quit)
Admin display-configThe slide above shows a partial output of the admin display-config command. The first portion of the output shows the current version of the operating system that is running on the router. The router then outputs the entire configuration of the router, down to the port level. This command can output a large number of pages on a fully configured router.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 38Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 38 All rights reserved © 2006–2007 Alcatel-Lucent
Info Command
The info command provides informational display during configuration without the need to use the show configcommand.
A:Training1>config>router# interface TorontoA:Training1>config>router>if# info----------------------------------------------
address 131.131.131.1/30port 1/1/1
----------------------------------------------
You can view more details by using the detailed version of the info command: info detail
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 39Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 39 All rights reserved © 2006–2007 Alcatel-Lucent
Logs
Record Events, Alarms, Faults that result from actions performed on the 7X50Can be used to record debug messages for trouble shootingLog Sources
Main - most normal logs Security - any attempt to breach system securityDebug - events as a result of turning debug tracing onChange - any events that change configuration of the node
Log DestinationsConsole, Session Memory, FileSYSLOG ServerSNMP Trap Group
7x50 Logs
The 7x50 ESS keeps very extensive logs of events, alarms, traps, and debug/trace messages. The logs are used to monitor events and troubleshoot faults in the 7450. You can configure what type of logging information is captured and where you want to send the captured logging information.
Log Sources
Applications and processes within the 7450 generate event logs. The logs are divided into four streams:
Main – most normal logs not specifically directed to any other event stream.
Security – any attempts to breach system security, such as failed login attempts.
Change – any events that affect the configuration or operation of the node.
Debug/Trace – all output generated as a result of turning on debug/trace.
Forwarded events are placed into an event log. Each event log has a log identification (log-id) number and can contain events from more than one event stream.
Log Destinations
You can configure the destination for the contents of a log-id. A log-id can be directed to one of the following destinations:
Console – the physical 9-pin console port of the 7450.
Session – a console or Telnet session. Sessions are temporary log destinations that are valid only as long as the session lasts.
Memory – a circular buffer where the oldest entry is overwritten when the buffer is full.
File – event logs and accounting policy information can be directed to a file.
Syslog – event log information can be sent to a syslog server.
SMNP Trap Group – event log information can be sent to an SNMP trap group. All events and traps are time-stamped and numbered per destination. Traps are sequence-numbered per destination and stored in memory. If the 7450 NMS should go offline for some reason it may not receive some trap notifications. When the NMS comes back online it will automatically recognize that it has missed some trap notifications because the last sequence number it has will be different from the sequence number in the 7450. The NMS will then update its records with the missing traps. If the in-memory notification log become full and some records are overwritten the NMS will resynchronize itself with
the 7450.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 40Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 40 All rights reserved © 2006–2007 Alcatel-Lucent
Configuring Logs
Main
Event ControllerLog event?
Security Change Debug
Optional Filter Policy
YesNo
Garbage
Sources
Session File Memory SNMP
Log Id 10 Log Id 13Log Id 11 Log Id 12
Configuring Logs
Steps1. Configure a log id with a number from 1-98
2. Identify the source
3. Specify an optional filter to filter events if desired
4. Identify the destination
5. Examine the logs to view the events
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 41Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 41 All rights reserved © 2006–2007 Alcatel-Lucent
CLI for Configuring Logs
A:PE1>config# log filter - filter <filter-id>- no filter <filter-id>
<filter-id> : [1..1001]
[no] default-action - Specify the default action for the event filter[no] description - Description string for the event filter[no] entry + Configure an event filter entry
A:PE1>config# log filter 14
A:PE1>config>log>filter$ description "default filter"A:PE1>config>log>filter$ default-action forward A:PE1>config>log>filter$ back
A:PE1>config>log>filter# info detail ----------------------------------------------
default-action forwarddescription "default filter"
----------------------------------------------
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 42Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 42 All rights reserved © 2006–2007 Alcatel-Lucent
CLI for Configuring Logs (cont’d)
A:PE1>config>log# log-id 14A:PE1>config>log>log-id# from debug-trace A:PE1>config>log>log-id# to session A:PE1>config>log>log-id# filter 14
A:PE1>config>log>log-id# info detail ----------------------------------------------
no descriptionfilter 14 time-format utcfrom debug-traceto sessionno shutdown
----------------------------------------------A:PE1>config>log>log-id#
General Log Commands
Show log applications
Show log event-control
Show log file-id
Show log filter-id
Show log log-collector
Show log log-id
Show log snmp-trap-group
Show log syslog
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 43Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 43 All rights reserved © 2006–2007 Alcatel-Lucent
Default Alarm Logs
There are two default logs Log 99 – All severity levels of alarmsLog 100 – Only serious errors
To view the logs use the following commands:Show log log-id 99Show log log-id 100
More granular “data mining” of the two log files can be accomplished:Show log log-id 99 subject 1/1/1 – port specificShow log log-id 99 application chassis – chassis related alarmsOthers exist.
Only store about 500 entries. If more entries are required then specific alarm logs need to be created
How to show Layer 1 & Layer 2 alarms7X50 has two default memory logs (Log-id 99 & 100) containing all the events from the “main” application. All severity levels of alarms are recorded in log-id 99, where log-id 100 only contains serious errors.
There are several ways to view the alarms of a specific subject, such as alarms related to a particular port. One method is to create a new log that only monitors the specific subject.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 44Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 44 All rights reserved © 2006–2007 Alcatel-Lucent
Default Logs – Alarm Monitoring Example
The “show log” commandA:PE1>config>log>log-id# show log log-id 99===================================================================Event Log 99===================================================================Description : Default System LogMemory Log contents [size=500 next event=25 (not wrapped)]
24 2006/08/17 15:30:55.29 UTC WARNING: SYSTEM #2006 - CHASSIS"tmnxMDATable: Slot 1, MDA 2 configuration modified"
23 2006/08/17 15:30:55.29 UTC WARNING: SYSTEM #2007 - PORT"Pool on Port 1/2/b.net-sap Modified managed object created“…………………….5 2006/08/17 15:30:55.29 UTC MINOR: CHASSIS #2004 - Mda 1/2"Class MDA Module : wrong type inserted"
The “show log log-id 99 application chassis” command details any and all alarms that have been logged within the router. In the above case the detailed information only shows minor alarms from the individual modules being inserted into the chassis. Noting the time, these entries were from when the router first booted.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 45Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 45 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary
7x50 product CLI commands and navigationUseful commandsSystem startup and boot filesBoot Options File (BOF) and default configuration filesBasic system and hardware configurationLogs and alarms
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 46Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 46 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment
1. What information does the BOF contain?2. What is the CLI context in which interfaces are configured?3. What command can be used to view the status of the MDAs?4. List the possible log sources.5. How many default logs are there, and what info do they
provide?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 2 – page 47Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 2 | 47 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment Answers
Page left blank for notes
1. What information does the BOF contain?
Stores the parameters that specify the location of the image file from which the router will try to boot, and stores the configuration file which the routers uses to configure the applications and interfaces.
2. What is the CLI context in which interfaces are configured?
PE1>config>router#
3. What command can be used to view the status of the MDAs?
PE1>show mda x
4. List the possible log sources.
Main, Security, Debug, Change
5. How many default alarm logs are there, and what info do they provide?
There are two. Log 99 provides list of alarms of all severity. Log 100 provides a list of only the serious errors that occur.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Alcatel-Lucent Scalable IP Networks
Module 3 — Ethernet Overview
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 2Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 2 All rights reserved © 2006–2007 Alcatel-Lucent
Module Objectives
After successful completion of this module, you should be able to:
Understand layer 2 requirementsDiscuss the Ethernet protocol and its different components Discuss the operation of STPDiscuss the operation of RSTP and its improvement over STPDiscuss the function of virtual local area networksDiscuss the operation of MSTP and how it relates to VLANs
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Ethernet Overview
Section 1 — Layer 2 OSI and Ethernet Defined
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 4Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 4 All rights reserved © 2006–2007 Alcatel-Lucent
Data Link Layer/ Layer 2 OSI
Defines an addressing structure that is used between end systemsProvides framing and error checking for the transfer of data viaphysical mediaLayer 2 examples:
EthernetPPPATMFrame relayToken ring
The data link layer defines a lower-level addressing structure to be used between end systems as well as the lower-level framing and checksums used to transmit over the physical medium. Using checksums maintains data integrity across end systems. It is at the data link layer that the data is broken down into bits for transmission via the physical layer.
Ethernet, token ring, and frame relay are all examples of data link layer or layer 2 protocols.
Traditional Ethernet switches operate at the data link layer and are concerned with forwarding packets based on the layer 2 addressing scheme. Layer 2 Ethernet switches are not concerned with whether the packet contains IP, IPX, or AppleTalk, but only with the transmission of the Ethernet frame.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 5Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 5 All rights reserved © 2006–2007 Alcatel-Lucent
Layer 2 Protocols - ATM
ATM Asynchronous Transfer ModePacket oriented cell switching technologyApplication packets are broken into 53 byte fixed sized cells including a 5 byte header also referred to as an ATM packetATM circuit is identified by a VPI/VCI valueEnhanced QoS support with 5 service classesIdeal for multiple services on the same line
CLPPTVCIHEC
VCIVPIVCI
VPIGFC0 7Bits
The UNI header consists of the following fields:
GFC—4 bits of generic flow control that are used to provide local functions, such as identifying multiple stations that share a single ATM interface. The GFC field is typically not used and is set to a default value.VPI—8 bits of virtual path identifier that is used, in conjunction with the VCI, to identify the next destination of a cell as it passes through a series of switch routers on its way to its destination.VCI—16 bits of virtual channel identifier that is used, in conjunction with the VPI, to identify the next destination of a cell as it passes through a series of switch routers on its way to its destination. PT—3 bits of payload type. The first bit indicates whether the cell contains user data or control data. If the cell contains user data, the second bit indicates congestion, and the third bit indicates whether the cell is the last in a series of cells that represent a single AAL5 frame.CLP—1 bit of cell loss priority that indicates whether the cell should be discarded if it encounters extreme congestion as it moves through the network. HEC—8 bits of header error control that are a checksum calculated only on the header itself.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 6Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 6 All rights reserved © 2006–2007 Alcatel-Lucent
Layer 2 Protocols - ATM Adaptation Layers
AALATM packets are further encapsulated by ATM adaptation layers (AAL) which are responsible for Segmentation of higher layer data into ATM cells and Re-assembly (SAR) of ATM packets received at the other end into higher layer dataPurpose is to adapt the class of service from higher layers onto connectionless ATM cellsAAL classification is related to the service and application required for transport
AAL1 – Constant Bit rate trafficAAL2 – Variable Bit rate trafficAAL3/4 – Connection oriented service usuallyAAL5 – Connectionless oriented service usually (for e.g. IP)
Constant Bit Rate (CBR) service: AAL1 encapsulation supports a connection-oriented service where minimal data loss is required. Examples of this service include 64 Kbit/sec voice, fixed-rate uncompressed video and leased lines for private data networks.
Variable Bit Rate (VBR) service: AAL2 encapsulation supports a connection-oriented service in which the bit rate is variable but requires a bounded delay for delivery. Examples of this service include compressed packetized voice or video. The requirement on bounded delay for delivery is necessary for the receiver to reconstruct the original uncompressed voice or video.
Connection-oriented data service: For connection-oriented file transfer and in general, data network applicationswhere a connection is set up before data is transferred, this type of service has variable bit rate and does not require bounded delay for delivery. Two AAL protocols were defined to support this service class, and have been merged into a single type, called AAL3/4.
Connectionless data service: Examples of this service include datagram traffic and in general, data network applications where no connection is set up before data is transferred. This is used to transport IP/Ethernet/Frame relay applications
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 7Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 7 All rights reserved © 2006–2007 Alcatel-Lucent
Layer 2 Protocols - ATM Adaptation Layer 5
AAL 5 Generally used to transport non-real time connectionless dataEncapsulation used for transporting IP packets and inter-working with Frame Relay or Ethernet packetsAAL5 is the simple and efficient AAL which is the one used most for data traffic; it has no per-cell length nor per-cell CRC fields.
CRC-32LICPIUUPADPDU payload
4 Bytes2110-47Variable length
PDU - Variable length user information field (broken into 48 byte segments)
PAD - Padding used to cell align the trailer between 0 and 47 bytes long.
UU - CPCS user-to-user indication to transfer one byte of user information
CPI - Common Part Indication
LI - Length indicator
Higher level SDUs may be several bytes in length, however, as the ATM payload is only 48 bytes, the SDUs must be segmented into multiple cells as it enters the ATM network, and then reassembled when it exits the ATM network. This function of the ATM adaptation layer is known as SAR – Segmentation and Reassembly. The adaptation layer comprises two sub-layers, one of which is the SAR sub-layer, the other being the CS – Convergence Sub-layer, which performs service-dependent functions.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 8Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 8 All rights reserved © 2006–2007 Alcatel-Lucent
Layer 2 Protocols -PPP
PPP (Point to Point Protocol)Point to Point data link layer protocol initially designed to transport IP packetsCan be used over Asynchronous (ATM, dial-up) or synchronous ISDN digital mediaComponents:
Physical- Can operate across any DTE/DCE (EIA/TIA, ISDN etc.)LCP (Link Control Protocol) – to build data link connectionsNCP ( Network Control Protocol)- to allow multiple Network protocols to be used over the point to point links
Supports authentication, compression, error detection, multi-link as part of the LCP protocol
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 9Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 9 All rights reserved © 2006–2007 Alcatel-Lucent
Layer 2 Protocols - PPP (cont’d)
PPP Frame
PPP in OSI frame IP/IPX/AppleTalk3
Physical Layer1
HDLC (High-level Data link)
LCP (Link Control)
NCP (Network Control)2
Flag0x7E
Frame Check SequencePacking
Padding
Data
ProtocolSecond byte
ProtocolFirst byte
Control0x03
Address0xFF
Flag0x7E
Flag: The first flag field indicates the start of a PPP frame. Always has the value “01111110” binary (0x7E hexadecimal, or 126 decimal). The last flag field indicates the end of a PPP frame. Always has the value “01111110” binary (0x7E hexadecimal, or 126decimal
Address: In HDLC this is the address of the destination of the frame. But in PPP we are dealing with a direct link between two devices, so this field has no real meaning. It is thus always set to “11111111” (0xFF or 255 decimal), which is equivalent to a broadcast (it means “all stations”).
Control: This field is used in HDLC for various control purposes, but in PPP it is set to “00000011” (3 decimal).
Data: Zero or more bytes of payload that contains either data or control information, depending on the frame type. For regular PPP data frames the network-layer datagram is encapsulated here. For control frames, the control information fields are placed here instead.
Padding: In some cases, additional dummy bytes may be added to pad out the size of the PPP frame.FCS2 (or 4)
Frame Check Sequence (FCS): A checksum computed over the frame to provide basic protection against errors in transmission. This is a CRC code similar to the one used for other layer two protocol error protection schemes such as the one used in Ethernet. It can be either 16 bits or 32 bits in size (default is 16 bits). The FCS is calculated over the Address, Control, Protocol, Information and Padding fields.
Protocol: Identifies the protocol of the datagram encapsulated in the Information field of the frame. See below for more information on the Protocol field.
Value (in hex) Protocol Name Reference-------------- ----------------- ------------
0001 Padding Protocol 0003 ROHC small-CID [RFC3095] 0005 ROHC large-CID [RFC3095] 0007 to 001f reserved (transparency inefficient) 0021 Internet Protocol version 4 0023 OSI Network Layer 0025 Xerox NS IDP 0027 DECnet Phase IV 0029 Appletalk 002b Novell IPX
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 10Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 10 All rights reserved © 2006–2007 Alcatel-Lucent
Layer 2 Protocols – PPP (cont’d)
PPP Establishment Sequence
Data Network
LCP
LCP
Set Receive Data size and compression
CHAP Challenge
CHAP Response
Success
NCP
1
3
4
2
5
6
A PPP Session establishment has three phases:
1. Link Establishment Phase
- each PPP device sends LCP packets to configure/test the data link
- LCP packets contain a Configuration Option field to negotiate:
• maximum receive unit
• compression of certain PPP fields
• link authentication protocol
2. (Optional) Authentication Phase
PAP - Password Authentication Protocol
• Two-way handshake
• Passwords sent in clear text
• Remote node in control of attempts
CHAP - Challenge Handshake Authentication Protocol
• Three-way handshake
• Challenge | Response | Accept/Reject
• Use secret know only to authenticator and peer
• Can be repeated any time after the link has been established
3. Network-Layer Protocol Phase
1. - PPP devices send NCP packets to choose and configure one or more network-layer protocols
2. - Once protocols are configured, datagrams can be sent over the network
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 11Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 11 All rights reserved © 2006–2007 Alcatel-Lucent
Layer 2 Protocols - Ethernet
EthernetMost commonly used layer 2 protocol for LANsUses MAC for identifying interfacesEncapsulates layer 3 traffic in an Ethernet frame that requires a source MAC and a destination MAC address for end system identificationCan use the broadcast address FF:FF:FF:FF:FF:FF as the destination MAC address to forward data to all Ethernet devices in the LAN
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 12Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 12 All rights reserved © 2006–2007 Alcatel-Lucent
Ethernet History
Ethernet is a LAN architecture developed by the Xerox Corporation in cooperation with DEC and Intel in 1976. Ethernet initially supported data transfer rates of 10 Mb/s. The Ethernet specification served as the basis for the IEEE 802.3 standard, which specifies the physical and lower software layers.
Ethernet started using the CSMA/CD access method (half-duplex) to handle simultaneous demands. Ethernet is one of the most widely implemented LAN standards.
Ethernet was originally designed by the Xerox Corporation, but the company was unsuccessful at launching the technology commercially. Later Xerox joined with Digital Equipment Corporation to commercially standardize a suite of network products that would use the Ethernet technology. The Intel Corporation later joined the group, known as DEC-Intel-Xerox (DIX). DIX developed and published the standard that was used for 10 Mb/s version of Ethernet. Originally, the only medium capable of handling these speeds was a multidrop thick coaxial cable.
The IEEE had started project 802, which was to provide the industry with a framework for standardizing of LAN technology. Because the technology was so diverse, the IEEE formed working groups in support of the different LAN technologies. The 802.3 working group was tasked with standardizing LANs based on the Ethernet technology.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 13Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 13 All rights reserved © 2006–2007 Alcatel-Lucent
Ethernet and the OSI Model
Application
Presentation
Session
Transport
Network
Data Link
Physical
Media AccessControl
Logical Link Control802.2
LLC – Interface to the L3 protocolMAC – L2 addressing, data transfer, sync, error control, and data flow
Ethernet resides at the data link layer. The Ethernet layer is subdivided into two sublayers: LLC and MAC.
The LLC interfaces between the network interface layer and the higher L3 protocol and may provide additional functions such as flow control.
The MAC layer is responsible for determining the physical source and destination addresses for a particular frame and for the reliable transfer of data, synchronization of data transmission, error control, and flow of data.
At the physical layer, to observe the physical link condition, Ethernet uses the link integrity test, in which Ethernet transceivers continually monitor the data path for activity. The result of good activity is the green LED on most Ethernet NICs.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 14Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 14 All rights reserved © 2006–2007 Alcatel-Lucent
Ethernet Frame Format
SFDPre-amble
8 bytes, fixed sequence to alert the receiver(0x55555555555555D5), start frame delimiter
DA
Destination MAC address (6 bytes)
SA
Source MAC address (6 bytes)
Length/type
Frame length or type information, 2 bytes
P a y l o a d (46 to 1500 bytes)
Payload: Internet layer
FCS
Frame check sequence4 bytes
The frame consists of a set of bits organized into several fields. These fields include address fields, a variable size data field that carries from 46 to 1500 bytes of data, and an error checking field that checks the integrity of the bits in the frame to make sure that the frame has arrived intact.The original Ethernet standards defined the minimum frame size as 64 bytes and the maximum as 1518 bytes. These numbers include all bytes from the destination MAC address field to the frame check sequence field. The preamble and the start frame delimiter fields are not included when quoting the size of a frame. The IEEE 802.3ac standard released in 1998 extended the maximum allowable frame size to 1522 bytes to allow for a VLAN tag to be inserted into the Ethernet frame format.Frames can be bigger for gigabit Ethernet and 10 gigabit Ethernet ports.Preamble
This is a stream of bits used to allow the transmitter and receiver to synchronize their communication. The preamble is an alternating pattern of binary 56 ones and zeroes. The preamble is immediately followed by the Start Frame Delimiter.
Start Frame Delimiter This is always 10101011 and is used to indicate the beginning of the frame information.
Destination MACThis is the MAC address of the machine receiving data..
Source MACThis is the MAC address of the machine transmitting data.
LengthThis is the length of the entire Ethernet frame in bytes.
Data/Padding (a.k.a. Payload) The data is inserted here. This is where the IP header and data is placed if you are running IP over Ethernet. This field contains IPX information if you are running IPX/SPX (Novell). Contained within the data/padding section of an IEEE 802.2 frame are four specific fields: DSAP - Destination Service Access PointSSAP - Source Service Access PointCTRL - Control bits for Ethernet communicationNLI - Network Layer Interface
The Frame Check Sequence (FCS) is a part of the frame put in place to verify that the information each frame contains is not damaged during transmission. If a frame is corrupted during transmission, the FCS on the frame will not match with the recipient's calculated FCS. Any frames that do not match the calculated FCS will be discarded
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 15Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 15 All rights reserved © 2006–2007 Alcatel-Lucent
Ethernet II Frame Capture
0000 00 11 43 45 61 23 00 e0 52 d4 a5 00 08 00 45 00 ..CEa#..R.....E.0010 01 21 0e ab 00 00 40 06 ea a8 8a 78 35 fe 8a 78 [email protected] 35 95 00 17 09 55 98 09 6c 96 8e 7b 67 a7 50 18 5....U..l..{g.P.0030 40 00 bc 0e 00 00 ff fb 03 0d 0a 64 65 76 69 63 @..........devic0040 65 3a 20 20 73 54 57 33 32 66 62 69 38 32 0d 0a e: sTW32fbi82..0050 0d 0a 41 6c 63 61 74 65 6c 20 4e 65 74 77 6f 72 ..Alcatel Networ0060 6b 73 20 43 61 6e 61 64 61 2c 20 36 30 30 20 4d ks Canada, 600 M0070 61 72 63 68 20 52 6f 61 64 2c 20 4b 61 6e 61 74 arch Road, Kanat0080 61 2c 20 4f 6e 74 61 72 69 6f 0d 0a 55 6e 61 75 a, Ontario..Unau0090 74 68 6f 72 69 7a 65 64 20 61 63 63 65 73 73 20 thorized access 00a0 70 72 6f 68 69 62 69 74 65 64 2e 20 20 41 63 63 prohibited. Acc00b0 65 73 73 20 74 6f 20 74 68 69 73 20 64 65 76 69 ess to this devi00c0 63 65 20 69 73 20 72 65 73 74 72 69 63 74 65 64 ce is restricted00d0 2e 0d 0a 51 75 65 73 74 69 6f 6e 73 20 61 62 6f ...Questions abo00e0 75 74 20 74 68 69 73 20 64 65 76 69 63 65 20 73 ut this device s00f0 68 6f 75 6c 64 20 62 65 20 64 69 72 65 63 74 65 hould be directe0100 64 20 74 6f 20 4e 65 74 77 6f 72 6b 20 4f 70 65 d to Network Ope0110 72 61 74 69 6f 6e 73 0d 0a 61 74 20 2b 31 20 36 rations..at +1 60120 31 33 2d 37 38 34 2d 33 31 32 34 2e 20 0d 0a 13-555-3124. ..
Source Address Ether Type L3/IP Information TCP InfoDestination Address
DetailsFrame 234 (303 bytes on wire, 303 bytes captured)Ethernet II, Src: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00), Dst: Dell_45:61:23 (00:11:43:45:61:23)
Destination: Dell_45:61:23 (00:11:43:45:61:23)Source: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00)Type: IP (0x0800)
Internet Protocol, Src: 138.120.53.254 (138.120.53.254), Dst: 138.120.53.149 (138.120.53.149)Version: 4Header length: 20 bytesDifferentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)Total Length: 289Identification: 0x0eab (3755)Flags: 0x00Fragment offset: 0Time to live: 64Protocol: TCP (0x06)Header checksum: 0xeaa8 [correct]Source: 138.120.53.254 (138.120.53.254)Destination: 138.120.53.149 (138.120.53.149)
Transmission Control Protocol, Src Port: 23 (23), Dst Port: 2389 (2389), Seq: 4, Ack: 1, Len: 249Source port: 23 (23)Destination port: 2389 (2389)Sequence number: 4 (relative sequence number)Next sequence number: 253 (relative sequence number)Acknowledgement number: 1 (relative ack number)Header length: 20 bytesFlags: 0x0018 (PSH, ACK)Window size: 16384Checksum: 0xbc0e [correct]
Telnet
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 16Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 16 All rights reserved © 2006–2007 Alcatel-Lucent
Ethernet — MAC Addressing
MAC addresses allow Ethernet connected devices to communicate with each other.IEEE 802.3 uses a 48-bit address space, yielding 2^48 possible addresses.A unique L2 MAC address is given to each network host.Most MAC addresses are pre-programmed into the Ethernet NIC at the time of manufacture.MAC addresses are assigned by IEEE and are globally unique.The first 3 octets in the address are assigned by IEEE on a per-manufacturer basis.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 17Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 17 All rights reserved © 2006–2007 Alcatel-Lucent
Ethernet — MAC Addressing (continued)
MAC Address Format
XX-XX-XX-XX-XX-XXVendor AssignedOUI
The OUI is the number assigned by the IEEE to vendors such as AlcatelOUI examples: Alcatel Canada 00-80-21 and 00-D0-F6, Alcatel USA 00-17-CC, Alcatel Italia 00-20-60OUI engine: http://standards.ieee.org/regauth/oui/index.shtml
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 18Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 18 All rights reserved © 2006–2007 Alcatel-Lucent
Ethernet Frame Types
Ethernet 802.3 RawOriginal frame type; does not support LLC
Ethernet 802.2Includes fields from 802.3 and LLC 802.2
Ethernet IISimilar frame type except that the length field has been replaced by a type field
Ethernet SNAPSimilar to 802.2 but has expanded LLC capabilities
Ethernet supports multiple frame types that are often related to the payload that is in the frame itself.
Ethernet 802.3 Raw — This type of Ethernet frame was developed by Netware and will only support Novell IPX/SPX traffic. The frame is similar to the standard 802.3 frame except that it does not contain the LLC information.
Ethernet 802.2 — This frame includes fields from 802.3 and 802.2. The major difference in this type of frame is that the first 3 bytes of the data field are reserved for the LLC header information: the DSAP, SSAP, and control field. This is the most commonly used frame today.
Ethernet II — The major difference of this frame is that the 2 bytes that typically define the length of the frame are now used to define the type of frame. In addition, the Ethernet II frame does not use an LLC header in the data field.
Ethernet SNAP — SNAP is similar to 802.2, with LLC parameters, but has expanded capabilities. The LLC now uses the first 8 bytes of the data field for LLC header information. The wireless protocol 802.11g uses this format.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 19Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 19 All rights reserved © 2006–2007 Alcatel-Lucent
Ethernet Transmission
Half-duplex transmissionData sent in one direction at a timeResults in collisionsUses CSMA/CD to resolve collisionsHubs are the most common half-duplex devices
Full-duplex transmissionData sent in both directions at the same timeRequires point-to-point connectionsNo collisionsAn approach to higher network efficiency Switches are the most common full-duplex devices
Half-duplex transmission is the traditional means of transporting Ethernet frames. Because data is transmitted in one direction at a time over a shared medium, such as a hub, collisions are possible. The CSMA/CD algorithm is used to handle collisions. A hub uses shared media and supports half-duplex only. 10Base-T, which works on half-duplex, is efficient 30 to 40% of the time because of collisions and as such the effective throughput is only 3 to 4 Mb.
Full-duplex transmission has data forwarding in both directions simultaneously. Full-duplex implementations also require a point-to-point connection between each send and receiver port. Therefore a switch with 8 ports would have each of the 8 ports connected to the rest of the ports via a dedicated set of wires. This ensures that there is no shared medium and collision is not possible. Because data can be transmitted bidirectionally, the effective rate of a 10-Mb full-duplex transmission is 20 Mb (i.e., 10 Mb each way). Hence full-duplex transmissions are more efficient than half-duplex. Switches and routers usually support full-duplex transmissions.
When devices such as switches and hubs are interconnected, care must be taken to ensure that the proper transmission parameters are set on the ports. For switch-to-hub connections, the switch port must be set to half-duplex because the hub only supports half-duplex. For switch-to- switch, switch-to-host, or switch-to-router connections, full-duplex can be used.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 20Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 20 All rights reserved © 2006–2007 Alcatel-Lucent
Half-Duplex Operation (CSMA/CD )
All hosts constantly listen to the line.Host A transmits.Hosts B, C, and D listen to host A and do not transmit.All hosts receive host A’s message.
Hub
A B C D
The CSMA/CD access rules are summarized by the protocol’s acronym.
Carrier Sense means that a host that wants to transmit data will first monitor the link, and if it does not sense the transmission signal of another host, it will transmit its data. If the waiting host senses another host transmission signal, the waiting host will continue to wait until the link goes silent.
Multiple Access means many hosts share the same medium.
Collision Detection means that hosts monitor the medium while transmitting to detect another host that is transmitting while they are transmitting. This means that only one host can transmit at once, as shown in the figure above.
In this scenario:
All the hosts are listening to the line.
Host A decides to transmit because there is no message transmitted by any other host (idle line).
Hosts B, C, and D listen to host A transmitting and will not transmit data until host A has transmitted the data.
Host A’s message is transmitted on all hub ports.
The procedure above reduces the chance of collisions but does not prevent them. Both hosts A and B could decide to transmit at once because no other hosts are transmitting a message on the line (idle line).
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 21Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 21 All rights reserved © 2006–2007 Alcatel-Lucent
Half-Duplex Operation (CSMA/CD) (continued)
All hosts constantly listen to the line.Host A and host B transmit simultaneously.Messages collide.Both hosts back off for a random time interval.
Hub
A B C D
When host A and host B transmit frames at the same time, they will both detect collision or corruption of the data.
Both host A and host B will generate a jam signal, which will be received by other hosts so that they discard the data that was just corrupted by a collision.
A random back-off timer is then started on the transmitting hosts. Afterward, either host A or host B will initiate a transmission after they detect no other transmission on the line.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 22Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 22 All rights reserved © 2006–2007 Alcatel-Lucent
Full-Duplex Operation
Point-to-point onlyAttached to a dedicated switched portRequires full-duplex support on both endsCollision-free
Switch
A B C ED
Full-duplex operation is an optional MAC layer capability that allows simultaneous two-way transmission over point-to-point links.
Full-duplex transmission involves no media contention, no collisions, and no need to schedule retransmissions. There are exactly two hosts connected on a full-duplex point-to-point link.
The link bandwidth is effectively doubled because each link can now support full-rate, simultaneous, two-way transmission.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 23Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 23 All rights reserved © 2006–2007 Alcatel-Lucent
Auto-Negotiation
Ethernet’s negotiable operationSpeed
10 Mb/s100 Mb/s1000 Mb/s
Operation modeHalf-duplex (CSMA/CD)Full-duplex
If auto-negotiation is enabled, Ethernet nodes connected by a twisted pair cable negotiate their speed as well as duplex mode prior to establishing a link.
Auto-negotiation is a mechanism that takes control of the cable when a connection to a network device is established. Auto-negotiation detects the various modes that exist in the device on the other end of the wire (the link partner) and advertises its own abilities to automatically configure the highest performance mode of interoperation.
Auto-negotiation was first defined in 1995 as an optional feature for 10 and 100 Mb/s twisted-pair Ethernet, clause 28 of 802.3u. 1000Base-T requires auto-negotiation to establish signal timing control to make the link operational.
Basically, an auto-negotiation device advertises its abilities and detects the abilities of the remote device that it is connected to, known as the link partner. After auto-negotiation has received the link partner's abilities in a robust manner and it receives acknowledgment that its abilities have also been received by the link partner, auto-negotiation compares the two sets of abilities and decides which technology to connect. This decision is based upon a previously agreed priority of technologies. Auto-negotiation attaches the highest-performance common technology to the medium and becomes transparent until the link goes down or is reset.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 24Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 24 All rights reserved © 2006–2007 Alcatel-Lucent
1 Collision Domain,1 Collision Domain,1 Broadcast Domain1 Broadcast Domain
Resource
2 Collision Domains, 2 Collision Domains, 1 Broadcast Domain1 Broadcast Domain
Router
3 Broadcast Domains,3 Broadcast Domains,3 Collision Domains3 Collision Domains
Bridge
Switch
Network Domains
Hub
A collision domain is a group of Ethernet or fast Ethernet devices in a CSMA/CD LAN that are connected by repeaters and that compete for access in the network. Only one device in the collision domain may transmit at any one time, and the other devices in the domain listen to the network to avoid data collisions. A collision domain is sometimes referred to as an Ethernet segment.
A broadcast domain is a restricted area in which information can be transmitted for all devices in the domain to receive. More specifically, Ethernet LANs are broadcast domains. Any devices attached to the LAN can transmit frames to any other device because the medium is a shared transmission system. Frames are normally addressed to a specific destination device in the network. While all devices detect the frame transmission in the network, only the device to which the frame is addressed actually receives it. A special broadcast address consisting of all 1s is used to send frames to all devices in the network.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 25Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 25 All rights reserved © 2006–2007 Alcatel-Lucent
Collision Domains
In this figure, there are 8 collision domains and 3 broadcast domains.
Hub
Hub
Hub
Hub
Hub
Hub
Switch
Switch
Router
Collision
Domain
Collision
Domain
Collision
Domain
Collision
Domain
Collision
Domain
Collision
Domain
Collision
Domain
Collision
DomainBroadcast
Domain
Broadcast
Domain
Broadcast
Domain
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 26Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 26 All rights reserved © 2006–2007 Alcatel-Lucent
Switch
11 22
Host A
00 00 A2 00 00 01
Host B
00 00 A2 00 00 02
Switch Forwarding TableNode MAC Address00 00 A2 00 00 0100 00 A2 00 00 02
Interface12
Switching
Ethernet switches use the MAC address of the host. The switch dynamically learns which host MAC addresses are associated with an interface and enters the address information into a MAC FDB.
When the switch receives an Ethernet frame, it looks at the destination MAC address of the frame, compares it to the entries in its MAC FDB, and then transmits the frame out of the appropriate interface.
If no entry is found, the switch floods the frame out of all its interfaces.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 27Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 27 All rights reserved © 2006–2007 Alcatel-Lucent
1/1/2
1/1/1
1/1/3
1/1/4
1/1/4
1/1/3
1/1/2
1/1/1Host A
0000.8c01.000A
Host B
0000.8c01.000B
Host C
0000.8c01.000C
Host D
0000.8c01.000D
Step 1: Host A sends a frame to Host B.
Step 2: The switch receives the frame on 1/1/1 and places source in MAC table.
Step 3: The destination is not in the MAC table so the switch forwards the frame to all ports except the source.
Step 4: Host B responds to Host A. The switch adds the source address of Host B to the MAC table.
Step 5: Host A and Host B can now send unicast frames bidirectionally.
Step 6: Similarly, Host C and Host D will send frames and populate the MAC table.
Step 2
Step 4
0000.8c01.000A
0000.8c01.000B
0000.8c01.000C
0000.8c01.000D
Step 6
Building Up the MAC Forward/Filter Table
MAC Table
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 28Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 28 All rights reserved © 2006–2007 Alcatel-Lucent
Link Aggregation Groups (LAG) Characteristics
Features and characteristics:Based on IEEE 802.3ad standardLAGs
Increase bandwidth available between two network devicesProvide redundancy if one or more links in the LAG should fail
LAGs are statically configured or formed dynamically with Link Aggregation Control Protocol (LACP)Failover time less than one secondAlcatel enhanced features:
Dynamic costLAG port thresholdSupport for up to 64 LAGs with 8 links per LAG
A LAG increases the bandwidth available between two nodes by grouping up to eight ports into one logical link. The aggregation of multiple physical links allows for load sharing and offers seamless redundancy. If one of the links fails, traffic is redistributed over the remaining links. Up to eight links can be supported in a single LAG, and up to 64 LAGs can be configured on a 7x50 SR/ESS.
Link Aggregation Control Protocol (LACP) is defined in IEE802.3ad (Aggregation of Multiple Link Segments). LACP provides a standardized method of implementing link aggregation among different manufacturers.
Link aggregation provides two important benefits:
increased performance - provides incremental bandwidth between two devices
increased resiliency - provides automatic, point-to-point redundancy between two devices
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 29Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 29 All rights reserved © 2006–2007 Alcatel-Lucent
LAG Configuration
LAG configurations should include at least two ports. Other parameter considerations include:
A maximum of eight ports can be included in a LAG. All ports in the LAG must share the same characteristics (speed, duplex, hold-timer, etc.). The port characteristics are inherited from the primary port.Auto-negotiation must not be configured for 10/100 ports that are part of a LAG. Ports in a LAG must be configured as full duplex. Configure ports as no autonegotiate.
config> lag 1config>lag# description “LAG from PE1 to PE2”config>lag# port 2/1/1 2/2/1 3/1/1config>lag# port-threshold 2 action downconfig>lag# dynamic-costconfig>lag# no shutdown
Example configuration:
LAG Port Threshold parameterThis parameter determines the behaviour of a LAG when the number of available links falls below the configured threshold value. Two actions can be specified:
Option 1: configure lag <lag-id> port-threshold <threshold value> action down
If the number of available links is less than the threshold value the LAG is declared operationally down until the number of available links is equal to or greater than the threshold value.
Option 2: configure lag <lag-id> port-threshold <threshold value> action dynamic-cost
When the number of available links falls below the threshold value, dynamic costing is used to determine the advertised LAG cost.
Note: The costing of a LAG only affects the IGP costing (OSPF only)
Dynamic Cost ParameterDynamic cost can be enabled with the general command config>lag <lag-id> dynamic-cost.
This parameter enables or disables the IGP costing of a LAG. When dynamic cost is enabled with this command and the number of active links is greater than the port threshold value (0-7), the path cost is dynamically calculated whenever there is change in the number of active links regardless of the specified port threshold action. Note that if the port-threshold action is to declare the logical link down then if the number of active links is falls below the port-threshold value it will be declared down, even if dynamic-cost is enabled.
Conversely, if the port-threshold is met and the action is set to dynamic cost, then the link cost is dynamically recalculated even if the general dynamic cost parameter is not configured.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 30Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 30 All rights reserved © 2006–2007 Alcatel-Lucent
LAG Architecture – Dynamic Cost
LAG 1
LAG 2Node 1
Node 2 Node 3
If each link in LAG 1 and LAG 2 has a cost of 100, then the cost of logical link LAG 1 is 100/4=25 and LAG 2 is 100/3=33.
config> lag 1config>lag# port 2/1/1 2/2/1 3/1/1 3/2/1config>lag# port-threshold 3 action dynamic-costconfig> lag 2config>lag# port 4/1/1 4/2/1 5/1/1config>lag# port-threshold 2 action down
In the slide above, each physical link is configured with a cost of 100. Thus the cost of the logical link LAG 1 is 100/4=25 and LAG 2 is 100/3=33.
The LAG groups are configured as shown in the slide above. Thus, if two of the links in in LAG 1 fail, the logical link cost is recalculated to be 100/2=50. For LAG 2, if two of the links fail, the logical link is declared operationally down.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 31Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 31 All rights reserved © 2006–2007 Alcatel-Lucent
Ethernet Standards
Four data rates are currently defined for operation over opticalfiber and twisted-pair cables:
10 Mb/s — 10Base-T Ethernet – twisted-pair or optical100 Mb/s — 100Base-T or Fast Ethernet – twisted-pair or optical1000 Mb/s — 1000Base-T or Gigabit Ethernet – twisted-pair or optical10 000 Mb/s — 10 Gigabit Ethernet – optical only
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 32Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 32 All rights reserved © 2006–2007 Alcatel-Lucent
Originally IEEE 802.3i; today’s standard is 802.3xTransmission rate with 802.3i is 10 Mb/s half-duplex, with 802.3x is 10 Mb/s full-duplexFrame format was based on Ethernet II, also called DIXMost networks today use the 802.3x frame format
10Base-T Ethernet
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 33Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 33 All rights reserved © 2006–2007 Alcatel-Lucent
100Base-T Ethernet
IEEE standard is 802.3uFull-/half-duplex modes, 100 Mb/s data rateCabling options:
100Base-TX — 2 pairs of twisted-pair cable100Base-T4 — 4 pairs of twisted-pair cable100Base-FX — Optical cable
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 34Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 34 All rights reserved © 2006–2007 Alcatel-Lucent
1000Base-T Ethernet
Also known as gigabit Ethernet or GigEIEEE standard is 802.3abFull duplex mode only, 1000 Mb/s data rate802.3ab specifies distances of 100 m using 4 pairs of Cat 5e cabling
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 35Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 35 All rights reserved © 2006–2007 Alcatel-Lucent
10 Gigabit Ethernet
IEEE standard is 802.3aeFull-duplex only, with 10 Gb/s data rateMinimizes the user's learning curve by maintaining the same management tools and architecturePhysical media used is optical only
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 36Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 36 All rights reserved © 2006–2007 Alcatel-Lucent
Ethernet Interface Types
Single-mode10 km850 nmOptical SFPLR
Multimode300 m850 nmOptical SFPSR
Single-mode40 km1550 nmOptical SFPEW/ER
Single-mode25 km1310 nmOptical SFPFX-SM
Single-mode10 km1310 nmOptical SFPLW/LR10 gigabit Ethernet
Single-mode70 km1470 nm to 1610 nm
Optical SFPCWDM
Single-mode80 km1550 nmOptical SFPZR
Single-mode70 km1550 nmOptical SFPZX
Single-mode10 km1310 nmOptical SFPLX
Multimode550 m850 nmOptical SFPSX
—100 m—CopperTXGigabit Ethernet
Multimode2 km1310 nmOptical SFPFX100Base
—100 m—CopperTX10/100Base
Fiber TypeDistanceWavelengthTypeDesignationEthernet
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Ethernet Overview
Section 2 — Spanning Tree Protocol
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 38Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 38 All rights reserved © 2006–2007 Alcatel-Lucent
Spanning Tree Protocol — What Is It?
Link management protocol that is part of IEEE 802.1Spanning tree algorithm provides path redundancy in Ethernet bridge/switch networksProvides 1 active path at a time between 2 bridges or switchesProvides backup paths to the active path, should the active path failPrimary function is to avoid looping in redundant path Ethernet networks
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 39Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 39 All rights reserved © 2006–2007 Alcatel-Lucent
Redundant Topology — Without STP
Redundancy Advantages:
Necessary for the link of a switch failover Load balancing
Disadvantages:May cause broadcast storms May cause multiple frame copies to be sentMay cause FDB table instability
Frame looping problemsLayer 2 has no mechanism to stop looping as layer 3 has with TTL
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 40Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 40 All rights reserved © 2006–2007 Alcatel-Lucent
Receiving Multiple Copies
Segment 1
Segment 2
Host A
Host B
Switch 1 Switch 2
In a network with built-in redundancy and no STP, the likelihood of receiving multiple copies of a frame is high. Most protocols cannot recognize duplicate transmissions. The protocols that do use a numbered sequencing to track transmitted packets will think that the numbers have reset or are recycled.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 41Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 41 All rights reserved © 2006–2007 Alcatel-Lucent
Broadcast Storms
Segment 1
Segment 2
Host A
Broadcast
Host B
Switch 1 Switch 2
Networks that are designed with redundancy and no STP are vulnerable to the transmission of broadcast frames because the switch receives multiple copies of a frame.
Because the switch receives multiple frames, it floods broadcast frames out of all ports with the exception of the port the frame was received on. In a redundant network, this broadcast frame would perpetuate itself until the switch resets because it gets overwhelmed with activity.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 42Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 42 All rights reserved © 2006–2007 Alcatel-Lucent
Database Instability
Segment 1
Segment 2
Host A
Unicast Unicast
Port 0
Port 1
Port 0
Port 1
Host B
MAC Address DB
Host A Port 0 Host A Port 0Host A Port 1
Switch 1 Switch 2
MAC Address DB
Redundant networks without STP can also cause database instability.
In the slide above, Switch 1 and Switch 2 will map the MAC address of Host A to Port 0. Later, when the copy of the frame arrives at Port 1 of Switch 2, Switch 2 must remove its original entry for Host A and replace it with the new entry for Host A, mapping it to Port 1. This activity causes an unstable database as Switch 2 tries to keep up with the actual location of Host A.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 43Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 43 All rights reserved © 2006–2007 Alcatel-Lucent
STP and IEEE 802.1d
STP is defined in 802.1d as a link management protocolInitially developed in 1990, based on the ISO/IEC 10038 standardDesigned to provide path redundancy in Ethernet bridge/switch-based networks, while preventing loopsSTP uses a root/branch/leaf model, which determines a single path to each leaf spanning the entire L2 networkEnd hosts (e.g., PCs) are oblivious to STP and instead see a single LAN segment
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 44Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 44 All rights reserved © 2006–2007 Alcatel-Lucent
STP Port States
1) Port enabled, by management or initialization2) Port disabled, by management or failure3) Algorithm selects as Designated or Root Port4) Algorithm selects as Blocked Port5) Protocol timer expiry (Forwarding Timer)
Each port on a switch that uses STP exists in one of the following five states.
Blocking — A port in the blocking state does not participate in any frame forwarding. A switch always enters the blocking state following switch initialization.
Listening — This is the state that a port enters into after the blocking state when the STP has decided that this port should participate in frame forwarding.
Learning — A port enters into the learning state after the listening state. This is to prepare the forwarding tables for frame forwarding.
Forwarding — A port in the forwarding state forwards frames.
Disabled — A port in the disabled state is non-operational.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 45Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 45 All rights reserved © 2006–2007 Alcatel-Lucent
STP Port States and Activities
Yes
No
No
Part of active topology
Yes
Yes
No
Learning of MAC addresses
Disabled
Forwarding
Learning
Listening
Blocking
STP port state
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 46Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 46 All rights reserved © 2006–2007 Alcatel-Lucent
STP and BPDU
The root bridge/switch sends STP messages via BPDUs to the branches/leaves.On individual branches and leaves, the user can specify IDs and path costs.The root bridge/switch sets the forwarding delay, hello time, and maximum age.BPDU is sent in Ethernet frame with the port’s address as source and the STP Multicast address 01:80:C2:00:00:00 as destination
Flags (1 byte)
Forwarding delay (2 bytes)
Hello time (2 bytes)
Maximum age (2 bytes)
Message age (2 bytes)
Port ID (2 bytes)
Bridge ID (8 bytes)
Path cost (4 bytes)
Root ID ( 8 bytes)
Message type (1 byte)Version (1 byte)
Protocol ID (2 bytes)
Configurable on each bridgeConfigurable on root bridge
BPDU Packet
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 47Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 47 All rights reserved © 2006–2007 Alcatel-Lucent
BPDU Packet Details
Always set to 0Version
Determines which of two BPDU types; configuration or TCNMessage type
Handle changes in the active topologyFlags
Forwarding delay
Hello time
Maximum age
Message age
Port ID
Bridge ID
Root path cost
Root ID
Protocol ID
Time spent in the listening and learning states
Time between configuration BPDUs
Maximum amount of time this BPDU is saved
Time stamp since the root bridge created this BPDU
Contains a unique value for each port
Identifies the bridge that is transmitting the current configuration message
Cumulative path cost of all links to the root bridge
Contains the bridge ID of root bridge (after convergence, all BPDUs should contain the same value)
Always set to 0
Configurable on each bridgeConfigurable on root bridge
STP performance is directly related to the root bridge/switch timer settings, which are outlined above in the final three fields of the BPDU: Maximum age, hello time, and forwarding delay.
Maximum age — Defines the maximum amount of time that any received STP information is kept. When this timer is exhausted, the STP information is discarded. (typically 20 seconds)
Hello time — Determines the frequency of transmitted hello messages to other bridges or switches (typically 2 seconds)
Forwarding delay — Defines the amount of time the port stays in the learning and listening states (typically 15 seconds)
The setting of all these values affects how quickly the network converges to a stable, frame-forwarding topology.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 48Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 48 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action: State 1 Initialization
Host A
Host B
Boot UpBoot Up
Boot UpBoot Up
Boot UpBoot Up
Boot UpBoot UpState 1 — Initialization
BPDU
BPDU
BPDU
BPDU
BPDU
BPDU
BPDU
BPDU
RootBridge/Switch
RootBridge/Switch
RootBridge/Switch
RootBridge/Switch
B
A
C
D
Path Cost 10 Path Cost 10
Path Cost 2 Path Cost 10
A port in the Initialization state performs as follows:
Upon initialization every switch in the network assumes that it is the root and starts advertising this very fact in the BPDU messages
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 49Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 49 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action: State 1 — Root Bridge/Switch Election
Root bridge/switch election calculation:After bridges/switches have initialized, root bridge election occurs.Each bridge/switch has a user-assigned bridge priority.The bridge priority ranges from 0 to 65 535 (default is 32 768).Each bridge/switch sends its BID to every other bridge/switch. The BID is 8 bytes: 2 for bridge priority and 6 that contain theMAC address of the bridge/switch.Election of the root bridge is determined using the Bridge ID, which is made up of the Priority and MAC address
— the switch with lowest Bridge ID value is selected
Any subsequent physical change in the network after election of the root bridge will cause an STP recalculation.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 50Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 50 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action: State 2 — Root Bridge/Switch Election (continued)
Host A
Host B
RootBridge/Switch
RootBridge/Switch
RootBridge/Switch
RootBridge/Switch
Priority - 32MAC - 00-80-21-00-00-10
Priority - 16MAC - 00-80-21-00-00-05
Priority - 48MAC - 00-80-21-00-00-20
Priority - 16MAC - 00-80-21-00-00-10
B
A
C
D
BPDU
BPD
U
BPDU
BPDU BPDU
BPDU
BPD
U
BPDU
Path Cost 10Path Cost 10
Path Cost 2
Path Cost 10
In this example, the two bridges/switches with the same priority will use their MAC addresses to decide which will be root. In this case, it is the topmost bridge/switch that has the lower MAC address and is therefore the root.
A port in the blocked state
Discards frames received from the attached segment.
Discards frames switched from another port for forwarding.
Does not incorporate station location into its address database. (There is no learning at
this point, so there is no address database update.)
Receives BPDUs and directs them to the system module.
Does not transmit BPDUs received from the system module.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 51Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 51 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action: State 2 — Root Bridge/Switch Election (continued)
Host A
Host B
RootBridge/Switch
LeafBridge/Switch
LeafBridge/Switch
LeafBridge/Switch
Priority - 32MAC - 00-80-21-00-00-10
Priority - 16MAC - 00-80-21-00-00-05
Priority - 48MAC - 00-80-21-00-00-20
Priority - 16MAC - 00-80-21-00-00-10
B
A
C
D
Path Cost 10
Path Cost 10
Path Cost 2Path Cost 10
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 52Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 52 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action:— Path Calculation
Each port on a bridge/switch has a path cost value assigned, depending on bandwidth.The accumulated path cost determines the total cost to reach the root bridge/switch.Path cost values can be found in the IEEE 802.1d standard.
210 Gb/s
41 Gb/s
6622 Mb/s
14155 Mb/s
19100 Mb/s
3945 Mb/s
6216 Mb/s
10010 Mb/s
2504 Mb/s
STP cost valueLink bandwidth
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 53Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 53 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action:— Port Designations
After bridges/switches have initialized, and root and leaf bridges have been selected, each bridge port participating in the Spanning Tree is assigned either the root/designated or blocking status
Ports on root bridge automatically become designated ports.A switch/bridge that is not a root and has ports participating in STP is referred to as a designated bridge/switchPorts on designated bridge closest (least path cost) to the rootare elected as root ports. These ports receive the BPDUs from the rootNon-root ports on the designated bridge providing the least cost path from the segment (that the port is connected to) to the root bridge are elected as designated ports. Non-root ports on the designated bridge that do not provide the least cost path from the segment (that the port is connected to)to the root bridge are elected as non-designated ports and go into the blocked state
If both ports on a segment have equal cost to the root, then the bridge port with the lower bridge Id is elected as the designated port and the other port becomes a non-designated port
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 54Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 54 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action:— Port Designations
If the least path cost to the root bridge for non-root ports on a segment are the same, then
The port that belongs to the bridge with the lower bridge id will be elected as the designated port
If two non-root ports on the same bridge belonging to the same segment have the same least path cost to the root bridge and have the same bridge id, then
The port with the lower port id will be elected as the designated port
If both ports on a segment have equal cost to the root, then the bridge port with the lower bridge Id is elected as the designated port and the other port becomes a non-designated port
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 55Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 55 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action: State 3— Port Designations
Host A
Host B
Root
Leaf
Leaf
Leaf
Path Cost 2
Path Cost 10
Path Cost 10
Path Cost 10
Root Port
Designated Port
Designated Port
Designated Ports
Root Port
Root Port
B
A
C
D
Designated Port
Cost to Root 0
Cost to Root 10
Cost to Root 20Cost to Root 12
Cost to Root 10
Non-Designated
Port
SEGMENTS
Note that in the Alcatel 7750 SR product line, the default is that STP is disabled.
To summarize, three values are used in the STP port calculations:
Port priority (has a default value but is configurable)
Per interface cost (dependent on bandwidth but is configurable)
Port MAC address
Root port — Shortest path toward the root on a leaf, facing the root
Designated port — Sends and receives frames on that segment
Blocked port — Does not forward any frames
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 56Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 56 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action: State 3 — Listening State
Forwarded Traffic
BPDUs
NM Messages
Bridge/Switch
After STP has determined that the port will participate in frame forwarding, it puts the port into the listening state.
While in the listening state, the port can perform the following functions:
Discard any frames it receives from an attached Ethernet segment
Discard any frames another port on the bridge/switch passes to it to forward
Does not update the FDB when it receives updated BIDs
Receives and processes BPDUs both from the link and from the bridge/switch
Receives and processes network management traffic
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 57Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 57 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action: State 4 — Learning State
Forwarded Traffic
BPDUs
NM Messages
Bridge/Switch
Learning is the state that a port enters just before getting ready to participate in frame forwarding. The primary function is to incorporate MAC addresses in the FDB.
In the learning state, the port does the following:
Discards frames received from an attached segment
Discards frames received from another port for forwarding
Updates its FDB with new address information
Receives and processes BPDUs both from the link and from the bridge/switch
Receives and processes network management traffic
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 58Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 58 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action: State 5 — Final Forwarding Paths
Host A
Host B
Root
Leaf
Leaf
Leaf
Path Cost 2
Path Cost 10
Path Cost 10
Path Cost 10
B
A
C
D
A port in the forwarding state forwards frames. It enters this state from the learning state.
While in the forwarding state, the port can perform the following functions:
Forward any frames that it receives from an attached Ethernet segment
Forward any frames that another port in the bridge/switch passes to it to forward
Updates the FDB when it receives updated BIDs
Receives and processes BPDUs both from the link and from the bridge/switch
Receives and processes network management traffic
BPDUs are sent from the root to all the nodes including the PCs i.e host A and host B
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 59Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 59 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action: Topology Changes
After spanning tree has converged, only a change in topology causes the algorithm to be run again. Topology change occurs when
A switch moves a port from blocking into the forwarding stateA switch moves a port from the forwarding/learning state into the blocking state
Switch will generate a TCN BPDU (no data) out of its root port towards the rootEvery other switch on the way to the root will relay the TCN BPDU out its root port and send an acknowledge to the sending switchRoot responds with a TC flag set in its BPDU towards the downstream switches
A topology change occurs when a switch either moves a port into the Forwarding state or moves a port from the Forwarding or Learning states into the Blocking state. In other words, a port on an active switch comes up or goes down. The switch sends a TCN BPDU out its Root Port so that, ultimately, the Root Bridge receives news of the topology change.
The switch continues sending TCN BPDUs every Hello Time interval until it gets an acknowledgment from its upstream neighbor. As the upstream neighbors receive the TCN BPDU, they propagate it on toward the Root Bridge and send their own acknowledgments. When the Root Bridge receives the TCN BPDU, it also sends out an acknowledgment. However, the Root switch sets the Topology Change flag in its Configuration BPDU, which is relayed to every other switch in the network. This is done to signal the topology change and cause all other bridges to shorten their bridge table aging times from the default (300 seconds) to only the Forward Delay value (default 15 seconds).
This condition causes the learned locations of MAC addresses to be flushed out much sooner than they normally would, easing the bridge table corruption that might occur because of the change in topology. However, any stations that actively are communicating during this time are kept in the bridge table. This condition lasts for the sum of the Forward Delay and the Max Age (default 15 + 20 seconds).
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 60Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 60 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action — Topology Change (Breaking a Link)
Host A
Host B
Root
Leaf
Leaf
Leaf
Path Cost 2
Path Cost 10
Path Cost 10
Path Cost 10 A
B D
C
Wait 20 seconds (Max
age time)
BPDU
BPD
U
I am the new root
Given the topology above, the following actions occur when the link between switches A and D has loss of traffic.
1. BPDUs are sent by the root bridge every 2 seconds.
2. When the link between A and D breaks, the root port on D will wait for the maximum age time (20 seconds) before deciding that the path between D and A is no longer operational.
3. During the maximum age time, the BPDUs received at C’s blocked port from D are discarded because C considers these BPDUs to be inferior.
4. After the maximum age time, D thinks it’s the new root and advertises the new BPDUs to C
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 61Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 61 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action — Topology Change (Breaking a Link)
Host A
Host B
Root
Leaf
Leaf
Path Cost 2 Path Cost 10
Path Cost 10 A
B D
C
BPDU
BPD
U
Listen (15 seconds)Learn (15 seconds)
Given the topology above, the following actions occur when the link between switches A and D has loss of traffic.
1. Switch C receives the BPDUs from D’s designated port and realizes that the D’s path to the root A switch is broken. It has a better view to the root A.
2. Switch C then cycles the blocked port to D through listening states when it relays bridge A’s BPDUs to D
3. Switch D obtains the A’s BPDU from C and coverts the port into a root port since this is its only path to root A and enters the listening state
4. Switch C and D’s ports then go through the learning state when data frames are now forwarded and MAC learning takes place.
The total time required for convergence is:
Max Age Time + Listening + Learning = 20 + 15 + 15 = 50 seconds
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 62Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 62 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action — Topology Change (Breaking Link; Port disable)
Host A
Host B
Root
Leaf
Leaf
Leaf
Path Cost 2
Path Cost 10
Path Cost 10
Path Cost 10 A
B D
C TBPD
U
T BPDU
T BPDU
TBPD
U
Given the topology above, the following actions occur when the port on D is disabled
Switch A and D will detect a port down since the port on D is explicitly disabled
Switch D will remove its best BPDU it received from Switch A since its root port to A is down
Switch D will normally try to send a TCN BPDU out of its root port but since its root port is down, will not do so
Switch A will send a TBPDU (BPDU with T bit set) since its designated port is down out of its other designated port
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 63Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 63 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action — Topology Change (Breaking a Link; Port Disable)
Host A
Host B
Root
Leaf
Leaf
Path Cost 2 Path Cost 10
Path Cost 10 A
B D
C
BPDU
BPD
U
Listen (15 seconds)Learn (15 seconds)
Given the topology above, the following actions occur when the link between switches A and D has loss of traffic.
Switch A being the root will generate a BPDU with the T bit set down to switch B, C and D
Switch C does not receive any BPDUs from D and will now transition its blocked port to a designated port and go through the listening and the learning stages before setting it to forwarding
The total time required for convergence is:
Max Age Time + Listening + Learning = 15 + 15 = 30 seconds
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 64Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 64 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action — Topology Change (Adding a Switch)
Host A
Host B
Root
Leaf
Leaf
Leaf
Path Cost 2
Path Cost 10
Path Cost 10
Path Cost 10Path C
ost 10Path Cost 10
Priority - 16MAC - 00-80-21-00-00-05
Priority - 16MAC - 00-80-21-
00-00-00
BPD
U
BPDU
BPDU
B
D
C
EA
New Root
BPDU
BPDU
BPD
U
BPD
U
New Leaf
New switch E addedNew BPDUs sent
What happens when a new switch is added to the existing topology?
In the figure above, a new switch E is added to the top right of the existing topology. This switch has a lower MAC address than the current root. The following actions occur:
1. As soon as switch E starts it thinks that it is the root, it then advertises BPDUs to neighboring switches A and D.
2. Switch A also sends BPDUs to E because A is still the root in the original topology.
3. Because E has a lower MAC address than A and its root bridge priority is the same as that of A, E becomes the new root and starts advertising BPDUs to all other switches in the topology.
Note: In the figure above, the link between switch A and D no longer exists once switch E is added.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 65Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 65 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action — Topology Change (Adding a Switch)
Host A
Host BLeaf
Leaf
Leaf
Path Cost 2 Path Cost 10
Path Cost 10Path C
ost 10
Path Cost 10
B
D
C
EA
Root
Leaf
Re-calculating topologyNew blocked port
Cost to Root 10
Cost to Root 10
Cost to Root 20
Cost to Root 22
Cost to Root 20
Listen (15 seconds)Learn (15 seconds)
1. All other switches in the topology set their ports to the listening state followed by the learning state, in which no data traffic is forwarded.
2. After all BPDUs have converged and the roots and designated ports have been assigned, the switches transition their ports from the listening state to the learning state.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 66Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 66 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action — Topology Change (Path Cost Change)
Host A
Host B
Root
Leaf
Leaf
Leaf
Path Cost 10
2New Path Cost
Path Cost 10
Path Cost Change
New Path Cost 10
B
A
D
C
2Path Cost Path Cost 10
In the figure above, the path between switches C and D is now the better path because the port costs between C and D are changed from 10 to 2.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 67Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 67 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action — Topology Change (Path Cost Change)
Host A
Host B
Root
Leaf
Leaf
Leaf
Path Cost
Path Cost 10
2Path Cost
Path Cost 10
Path Cost Change
Switch C receives BPDUWith new costs
10
BPDU BPDU
BPD
U
BPD
U
BPD
U
BPD
U
B
A
D
C
In the figure above, the path between switches C and D is now the better path because the port costs between C and D are changed from 10 to 2.
Switch C will now get BPDUs from the root A with different cumulative costs.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 68Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 68 All rights reserved © 2006–2007 Alcatel-Lucent
STP in Action — Topology Change (Path Cost Change)
Host A
Host B
Root
LeafLeafLeaf
Path Cost
Path Cost 10
2Path Cost
Path Cost 10
Path Cost Change
Topology changed
10
Listen (15 seconds)
Learn (15 seconds)
B
A
D
C
Cost to Root 0
Cost to Root 10
Cost to Root 12Cost to Root 20
Cost to Root 10
In the figure above, the path between switches C and D is now the better path because the port costs between C and D are changed from 10 to 2.
The following actions occur:
1. Switch C upon receiving BPDUs from the root A via B and D and realizes that the cumulative cost to the root has changed. It will therefore switch both its ports to the listening and the learning state
2. It will then decide that the cumulative cost to root A via B is more than the cumulative cost to root A via D.
3. The ports between C and D change to the forwarding state and the ports between B and C are now blocked.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 69Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 69 All rights reserved © 2006–2007 Alcatel-Lucent
Spanning Tree Exercise
Highlight the steps that will ensure that Switch D is added to the existing Bridge topology using STP
Priority - 16MAC - 00-80-21-00-00-10
Priority - 16MAC - 00-80-21-00-00-20
Priority - 16MAC - 00-80-21-00-00-30
Priority - 16MAC - 00-80-21-00-00-40
A
B C
D
10
10
10
10
10
Steps to add Switch D to the existing Topology
1) Ports on switch D initialize on startup, D thinks it’s the root and
2) BPDUs are sent on each of the two ports and received from switches B and C simultaneously. Since a new port facing D has been turned on switches B and C,
3) Both B and C will send a TCN BPDU to the root out of their respective root ports and they will also forward A’s BPDU to the new switch D
4) Switch D upon receiving A’s BPDU realizes that it cannot be the root since A has a lower MAC address. It now has to transition both of its ports into designated ports
5) Switch D now obtains A’s BPDU from both B and C and therefore has to make a decision as to which port it needs to block.
6) Since both ports on D are equal cost away from the root, D examines the sender bridge’s id i.e. MAC address of B and MAC address of C in the BPDUs.
7) B’s MAC address is smaller, therefore D will block its port towards C. It will then transition its port towards B as a root port and go into the listening state.
8) In the meantime the TCN BPDU generated by B and C towards the root, will be acknowledged by the root A setting the TCA bit on its timely BPDU configuration messages
9) All switches upon receiving this BPDU will set their MAC database flush timer to 15 seconds from the original 300 seconds
10) The root port on D will now go into the learning state after the listening state where it will now receive all the end station data and finally the STP topology is converged
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Ethernet Overview
Section 3 — Rapid Spanning Tree
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 71Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 71 All rights reserved © 2006–2007 Alcatel-Lucent
What is RSTP?
What is RSTP?Stands for rapid spanning tree protocolAn evolution to the loop prevention algorithm (STP) from 802.1dNew IEEE specification is 802.1wAchieves rapid failover and convergence timesUnlike STP, RSTP is not timer-basedAllows backward compatibility with 802.1d STP
Why do we need RSTP?Network topology convergence is significantly faster than STP
The major advantage of RSTP over STP is rapid convergence: the network takes less than 5 seconds to converge to a forwarding topology. STP can take up to a minute for a similar-sized network.
RSTP was the natural evolution of STP. As the demands on the network became more critical, the existing STP convergence time was no longer adequate. The terminology used with RSTP remains basically unchanged.
Note that RSTP is disabled by default on all 7750 SR products.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 72Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 72 All rights reserved © 2006–2007 Alcatel-Lucent
Forwarding
Learning
Discard
RSTP port state
Yes
No
No
Part of active topology
Yes
Yes
No
Learning of MAC addresses
Disabled
Forwarding
Learning
Listening
Blocking
STP port state
STP vs. RSTP — Port States
In STP, the port states were confusing because STP mixed the state of the port (blocking or forwarding traffic) with the role it played in the topology (root port, designated port, or neither).
For example, ports in the blocking state and listening state are operationally similar: they both discard frames and do not learn MAC addresses. In addition, when a port is in the forwarding state, there is no way to infer that it is a root or designated port.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 73Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 73 All rights reserved © 2006–2007 Alcatel-Lucent
Blocked
Designated
Blocking
Forwarding
Port states
Alternate
BackupBlocked
Root
STP port role (assigned by STP algorithm)
Designated
Root
RSTP port role(configurable)
Role — A new variable assigned to a bridge port
STP vs. RSTP — Port Roles
The major difference between STP and RSTP is that the port roles are configurable in RSTP, while in STP they were determined by the algorithm. This adds more time for the network topology to converge in STP when there is a change in the topology due to failure or redesign.
In STP, the port roles were either forwarding or blocking. RSTP is granular when approaching the roles of the ports. The switch is now able to define which forwarding port is a root port or a designated port. The switch can also elect backup and alternate ports for faster recovery from a failure.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 74Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 74 All rights reserved © 2006–2007 Alcatel-Lucent
Alternate Port
Root
Root Port Root Port
Designated PortDesignated Port
Designated PortAlternate Port
BPDU
The alternate and backup ports are blocking ports; however, they have been selected to be the ports that are turned on in the event of a failure. The alternate port resides on a different switch than the designated port.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 75Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 75 All rights reserved © 2006–2007 Alcatel-Lucent
Backup Port
Root
Root PortRoot Port
Designated PortDesignated Port
Designated PortAlternate Port Backup Port
BPDUBPDU
The alternate and backup ports are blocking ports; however, they have been selected to be the ports that are turned on in the event of a failure. The backup port resides on the same switch as the designated port.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 76Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 76 All rights reserved © 2006–2007 Alcatel-Lucent
RSTP BPDU Format
Flags (1 byte)
Version 1 length (2 bytes)
Forwarding delay (2 bytes)
Hello time (2 bytes)
Maximum age (2 bytes)
Message age (2 bytes)
Port ID (2 bytes)
Bridge ID (8 bytes)
Path cost (4 bytes)
Root ID ( 8 bytes)
Message type (1 byte)
Version (1 byte)
Protocol ID (2 bytes)
Configurable
Configurableon root bridge
Bit 4 – Learning
Bit 7 – Topology change ACK
Bit 6 – Agreement
Bit 5 – Forwarding
Bit 2, 3 – Port role0 0 Unknown0 1 Alternate/backup1 0 Root1 1 Designated
Bit 1 – Proposal
Bit 0 – Topology change
In the slide above, only the shaded fields have been changed to support RSTP. As shown, the major change is with the Flags field. In STP, only bits 0 and 7 were identified. RSTP now makes full use of the entire octet.
The message type is now 2, and the version is 2 (this allows 802.1w bridges to detect legacy 802.1d bridges).
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 77Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 77 All rights reserved © 2006–2007 Alcatel-Lucent
Uses a feedback mechanism (no timers involved)
Based on timers (Forward Delay and Max-Age)
Transition to forwarding state
RSTPSTP
Inferior BPDU is accepted and previously stored information may be replaced
—Accepting inferior BPDUs
BPDUs are used like keepalive messages (after 3 BPDUs in a row are missed it ages it out)
BPDU is aged after the max-age timer expires (and no BPDU is received on the port)
Aging
Bridge sends BPDU at hello time intervals
Non-root bridge only transmits BPDUs when it receives one on the root port
BPDU handling
STP vs. RSTP — BPDUs
BPDU handling — STP only generates a BPDU when it receives one on its root port. This is time-consuming as it renders bridges more as BPDU relayers than generators. This change in RSTP greatly improves BPDU handling efficiency.
Aging — In RSTP, due to the way BPDUs are now handled, they can serve as keepalive timers from bridge/switch to bridge/switch. If 3 BPDUs are missed in a row, the bridge/switch considers either the direct neighbor or the designated bridge/switch as unreachable. This results in much faster failure detection.
In STP, this would not be possible, and if the max age expires, the neighbor cannot be assumed to be down. It would only indicate that somewhere along the path from the port with the max age expired to the root bridge/switch, there is a failure.
Accepting inferior BPDUs — This concept is new to RSTP and does not exist in STP. Inferior BPDUs are control information received on a switch that is older than the control information stored on the switch. Accepting inferior information from the designated or root bridge/switch means that the network can recover far more quickly from topology failures.
Transition to forwarding state — This RSTP feature is the key factor in the improvement of topology convergence. This topic is covered in more detail on the next slide.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 78Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 78 All rights reserved © 2006–2007 Alcatel-Lucent
1-step process (topology change flooded quickly across the network)
First sent to root bridge/switch, then relayed from root all the way to the leaf bridge/switch
Topology change
RSTPSTP
No acknowledgement (clears MAC addresses on all ports)
Replies with BPDU with TCA bit set
Topology ACKs
Sends BPDUs (with TC bit set) on all designated and root ports
Sends TCN BPDUs toward rootTopology change notification
STP vs. RSTP — Topology
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 79Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 79 All rights reserved © 2006–2007 Alcatel-Lucent
RSTP Operation
Root
RPRP
DP
DP
DP
AP
BPDU
BPDU
BPD
U
BPD
U
BPDU
BPDU
BPDU
3 BPDUs missing
A
FB
H
A
GC D
IE AP
RPRP
DP
DP
DP
A
FB
H
A
GC D
IE
BPDU
exc
hang
e
BPDU BPDU With TC bit set
RP
1. The link between C and E breaks
2. E doesn’t get 3 BPDUs in a row and realizes that its port to the root is broken
3. C also realizes that it hasn’t received 3 BPDUs in a row from E and concludes that there must be a topology change between C and E
4. It generates a BPDU with TC bit set and floods this out its root port. Switch B receives this BPDU and sends it out all its forwarding ports
5. All switches receiving this BPDU with the TC bit set send this out of all its forwarding ports
6. E now thinks it’s a root since it doesn’t process any BPDUs received from D. It then transitions its port to D into the forwarding state
7. It exchanges BPDU with D indicating to D that it is the root
8. D replies back with a BPDU indicating that it knows of a better root which is A
9. E then changes its port into a root port
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Ethernet Overview
Section 4 — Virtual LAN
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 81Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 81 All rights reserved © 2006–2007 Alcatel-Lucent
Switches and VLANs
A VLAN permits a group of ports to share a common broadcast domain regardless of physical location.A VLAN can reside on 1 switch or on many switches.Each VLAN is identified by a VLAN ID.Devices in different VLANs can only communicate with each other if the frame is first sent to a layer 3 device (a router).
On the 7750 SR and 7450 ESS there is no default VLAN for all ports to join. Other types of switches may have a default VLAN for ports that are not assigned to a particular VLAN.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 82Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 82 All rights reserved © 2006–2007 Alcatel-Lucent
Why VLANs?
Network nodes
Hierarchical
networks
Flat networks
Broadcast traffic as a percentage ofnetwork capacity
100
100
There are two main reasons for the development of VLANs: the amount of broadcast traffic and increased security.
Broadcast traffic increased in direct proportion to the number of stations in the LAN. The goal of the VLAN is the isolation of groups of users so that one group is not interrupted by the broadcast traffic of another.
VLANs also have the benefit of added security by separating the network into distinct logical networks. Traffic in one VLAN is separated from another VLAN as if they were physically separate networks. If traffic is to pass from one VLAN to another, it must be routed.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 83Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 83 All rights reserved © 2006–2007 Alcatel-Lucent
VLAN 101VLAN 102VLAN 103
Ethernet switch
Internal switchVLAN 101
Internal switchVLAN 102
Internal switchVLAN 103
Port 1
Port 2
Port 3
Port 5
Port 6
Port 7
How Do VLANs Work?
In the figure above, VLANs subdivide the Ethernet switch into multiple switches. Note that there are no logical interconnections between these internal switches. Therefore, the broadcast traffic that is generated by a host in a VLAN stays within that VLAN, making the VLAN its own broadcast domain. Because broadcast traffic for a particular VLAN remains within that VLAN’s borders, inter-VLAN or broadcast domain communication must occur through a layer 3 device such as a router.
Hosts are not VLAN-aware, and therefore no 802.1q configuration is required on the hosts. The VLAN configuration is done within the switch and ports are assigned on a VLAN-by-VLAN basis.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 84Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 84 All rights reserved © 2006–2007 Alcatel-Lucent
VLAN 101
Host 1 sends out a broadcast. Which hosts will receive the broadcast?
VLAN Exercise
Switch 1
VLAN 102
VLAN 102
VLAN 101
Host 1
Host 2
Host 3
Host 4
Broadcast
Broadcast
In the figure above, Host 1 sends out a broadcast. Because Host 4 is the only other member of the VLAN, it is the only host to receive the broadcast.
The FDB entries behave much the same way in the VLAN model as they do in the switch model: they are updated based on the source address. In the figure above, the source address of the broadcast frame is only learned by VLAN 101. VLAN 102 will not know the source address of Host 1 after Host 1 transmits its broadcast packet. Therefore, in a VLAN environment, a separate FDB is kept for each VLAN. In the example above, this means that VLAN 101 will never learn about Host 3 or Host 2 unless it is manually configured or interconnected at layer 3.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 85Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 85 All rights reserved © 2006–2007 Alcatel-Lucent
Switch 1
Switch 2 Switch 3
VLAN 101VLAN 102VLAN 103
VLANs across Multiple Switches
The standard that governs VLAN identification between switches (also known as tagging) is 802.1q.
This standard stipulates that a 4-octet header/tag be inserted in the Ethernet frame between the source address and the type/length fields.
Tags are the key component that allows 802.1q to function, and they are the method with which Ethernet frames can be associated with a VLAN segment.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 86Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 86 All rights reserved © 2006–2007 Alcatel-Lucent
VLANs over Multiple Switches
Switch 1
Switch 2
MAC FDB VLAN 101MAC FDB VLAN 102MAC FDB VLAN 103
MAC FDB VLAN 101MAC FDB VLAN 102MAC FDB VLAN 103
VLAN 101VLAN 102VLAN 103
Separate Physical
Interfaces
The sharing of VLANs between switches is achieved by the insertion of a header with a 12-bit VID, which allows for 4094 possible VLAN destinations for each Ethernet frame.
A VID must be assigned for each VLAN. Assigning the same VID to VLANs on different connected switches can extend the VLAN (broadcast domain) across a network.
The 802.1q standard works by inserting a 32-bit VLAN header into the Ethernet frame of all network traffic of the VLAN. The VID uses 12 bits of the 32-bit VLAN header. The switch then uses the VID to determine which FDB it will use to find the destination. After a frame reaches the destination switch port, the VLAN header is removed.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 87Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 87 All rights reserved © 2006–2007 Alcatel-Lucent
VLAN Trunking
Switch 1
Switch 2
VLAN 101VLAN 102VLAN 103
MAC FDB VLAN 101MAC FDB VLAN 102MAC FDB VLAN 103
MAC FDB VLAN 101MAC FDB VLAN 102MAC FDB VLAN 103
VLAN trunking provides efficient inter-switch forwarding of VLAN frames. In the previous example, each VLAN required its own inter-switch connections to forward frames from one switch to another.
VLAN trunking allows a single Ethernet port to carry frames from multiple VLANs. This allows the use of a single high-bandwidth port, such as a gigabit Ethernet port, to carry the VLAN traffic between switches instead of multiple fast Ethernet ports.
VLANs are separated within the trunk based on their VLAN IDs (Q tags). The FDB at the destination switch designates the destination VLAN for the traffic on the VLAN trunk.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 88Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 88 All rights reserved © 2006–2007 Alcatel-Lucent
SFDPre-amble DA SA Length
/Type P a y l o a d (46 to 1500 bytes) FCS
802.1q tag type (value 81 00) Tag control information
2 bytes2 bytes 2 bytes2 bytes
CFI(Canonical format: bit ordering can be different)CFICFI(Canonical format: bit orderin(Canonical format: bit ordering can be different)g can be different)
User_priorityUser_priorityUser_priority VLAN_IDVLAN_IDVLAN_ID
3 bits3 bits3 bits 1 bit1 bit1 bit 12 bits12 bits12 bits
Length of the MAC frame + 4 bytes
Length of the Length of the MAC frame + 4 bytesMAC frame + 4 bytes
VLANtag
802.1q Ethernet Frame
VLAN Tagging
The VLAN header can be broken down into two parts: the VLAN tag type and the tag control information.
The tag type is a fixed value that is an indicator of a VLAN tag. It indicates that the Length/Type field can be found a further 4 bytes into the frame. Because the frame is a Q-tag frame and is longer, it needs to indicate that the Length/Type field is offset from the traditional location by 4 bytes.
The tag control information has three parts:
Priority value — A 3-bit value that specifies a frames priority.
CFI — A single bit. A setting of 0 means that the MAC address information is in its simplest form. Currently no other value is supported.
VID — A 12-bit value that identifies the VLAN that the frame belongs to. If the VID is 0, the tag header contains only priority information.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 89Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 89 All rights reserved © 2006–2007 Alcatel-Lucent
VLAN Stacking — More VLANs
CE
CE
CE CE
CE
CE
Customer 1VLAN 10-300
Customer 1VLAN 10-300
Customer 2VLAN 10-300
Customer 2VLAN 10-300
Customer 3VLAN 10-300
Customer 3VLAN 10-300
Customer 1VLAN 20Customer 2VLAN 200Customer 3VLAN 35
PE PE
data10-300
data10-30020
data10-300
data10-300
data10-300
data10-300200
data10-30035
data10-300
data10-300
A restriction of Ethernet VLANs is the limited number of VIDs. With 12 bits used to define the VID, there are only 4096 possibilities. Because VLAN 0 and 4095 are reserved, the PE is really only capable of supporting 4094 VLANs — not a significant number if it is compared with the expanding rates of networks.
One of the solutions to this restriction is VLAN stacking, also known as Q-in-Q. VLAN stacking allows the service provider to use layer 2 protocols to connect customer sites. In the figure above, 3 customers are connected through a common switch using VLAN stacking.
At the PE, the administrator has assigned a VLAN to represent the customer on that port. When the customer’s traffic arrives at the PE device, the PE switch simply inserts another VLAN tag in the frame. It is this second or stacked VLAN tag that takes the customer’s traffic through the provider’s network. At the egress port of the PE equipment, the second or stack VLAN tag is removed and the traffic forwarded out the port.
This allows Customers 1, 2, and 3 to use the same VLAN tags in their network. In theory, the service provider can support 4094 customers, with each customer supporting 4094 VLANs within their network.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 90Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 90 All rights reserved © 2006–2007 Alcatel-Lucent
DA SA Length/Type P a y l o a d (46 to 1500 bytes) FCS
VLANtag
DA SA Length/Type P a y l o a d (46 to 1500 bytes) FCSVLAN
tagVLANtag
Customer VLAN Tag 100
Customer VLAN Tag 100
Providers VLAN Tag 20
VLANs Stacking — More VLANs (continued)
In the figure on the previous slide, Customer 1 has sent a frame to the PE switch with a VLAN tag of 100. The PE switch inserts a second VLAN tag of 20. This tag number represents Customer 1 traffic. The second tag keeps Customer 1 traffic separate from Customer 2 and 3 traffic and gives Customer 1 the ability to add 4095 more associated VLANs.
The VLAN tag that is inserted by the provider is the VLAN tag that is used in the provider network. When the frame has reached the appropriate egress port, the provider’s VLAN tag is removed and the frame with the customer’s VLAN tag is forwarded out the egress port.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Ethernet Overview
Section 5 — Multiple Spanning Tree Protocol
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 92Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 92 All rights reserved © 2006–2007 Alcatel-Lucent
Multiple Spanning Tree Protocol (MSTP)
What is MSTP?Why do we need MSTP?Differences: MSTP vs. STPWhere to use MSTP
Example
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 93Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 93 All rights reserved © 2006–2007 Alcatel-Lucent
Multiple Spanning Tree Protocol
What is MSTP?An IEEE standard that allows more than one instance of STPA natural progression from RSTP, introduced in 2003 as part of 802.1s
Why do we need MSTP?Allows load balancing of network between different sets of VLANsAllows a set of VLANs to run a single instance of the spanning tree while another set runs another instance of the spanning treeSome early versions of MSTP, before 802.1s, used a single STP instance per VLAN, which was very CPU-intensive. MSTP lowers CPU usage in these instances.Reduce overhead of BPDUs as otherwise they're sent for every VLANInteroperabilityScalabitility
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 94Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 94 All rights reserved © 2006–2007 Alcatel-Lucent
Switch A
Switch CSwitch B
R
D
A
VLAN 1-500
VLAN 501-1000
Root
LeafLeaf
D
R
D
D - DesignatedR - RootA - Alternate
Port States
Standard STP
In a common spanning tree, all VLANs are mapped to the same spanning tree instance. This leads to under-utilized links and possible communication interruptions.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 95Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 95 All rights reserved © 2006–2007 Alcatel-Lucent
D - DesignatedR - RootA - Alternate
Port StatesSwitch A
Switch CSwitch B
R
D
A
VLAN 1-500VLAN 501-1000
D
R
D
D
R D
D
A R
MSTP
With MSTP, each VLAN or range of VLANs is mapped to a separate instance of STP. This allows for better utilization of the network. As shown in the figure above, MSTP permits multiple root switches in a network. In one instance of the spanning tree a port may be blocking, but another instance may use that port for forwarding.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 96Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 96 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary
Provided an overview of Ethernet and the various types of Ethernet framesDiscussed the operation of an Ethernet switch and how MAC addresses are dynamically learnedDiscussed the concept and reasons behind STPCompared STP and RSTPDiscussed the concepts of VLANs and why they are usedDiscussed VLAN stacking and why it is usedDiscussed the use of MSTP and how it can be used with VLANs
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 97Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 97 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment
1. What is the purpose of using a spanning tree protocol?A. Prevent routing loopsB. Maintain redundant paths in a switched environmentC. Build forwarding tablesD. Prevent switching loops
2. The forwarding port leading away from the root bridge is known as what?
A. Backup portB. Designated portC. Root portD. Alternate port
3. When would it be appropriate to use the multiple spanning tree protocol?
A. When using VLANsB. In a simple switched networkC. When crossing broadcast domains
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 3 – page 98Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 3 | 98 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment (continued)
4. How is the root bridge/switch selected?A. Election process using the highest bridge IDB. Election process using the lowest bridge IDC. Election process based on the port priorityD. Election process based on the port MAC address
5. When would CSMA/CD be invoked?A. When multiple hosts share the same mediumB. When a single host is directly connected to a single switch portC. CSMA/CD is no longer used
6. What is the primary difference between STP and RSTP?A. Basically the same except RSTP is easier to installB. STP uses the concept of backup and alternate portsC. RSTP uses the concept of backup and alternate ports
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Alcatel-Lucent Scalable IP Networks
Module 4 — IP Overview
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 2Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 2 All rights reserved © 2006–2007 Alcatel-Lucent
Module Objectives
After successful completion of this module, you should be able to:
Discuss the concept of IP address classesCalculate IP subnetsCalculate variable length subnet masksDiscuss the concept of CIDRDiscuss the value of route summarizationCalculate routing entries as a result of route summarizationConduct basic network designConfigure and verify layer 3 interfaces on the 7750 SR and 7450 ESS switches
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
IP Addressing
Section 1 — IPv4 address
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 4Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 4 All rights reserved © 2006–2007 Alcatel-Lucent
Internet Protocol
Packet-based protocol used to exchange informationEquivalent to the OSI network layerProvides addressing, fragmentation, reassembly, and protocol demultiplexingEnables the routing of information
The Internet Protocol (RFC 791) provides services that are roughly equivalent to the OSI network layer. IP provides a datagram (connectionless) transport service across the network. This service is sometimes referred to as unreliable because the network does not guarantee delivery or notify the end host system about packets lost due to errors or network congestion. IP datagrams contain a message, or one fragment of a message, that may be up to 65 535 bytes (octets) in length. IP does not provide a mechanism for flow control. This is taken care of by the transport layer.
IP supports a whole range of application protocols, such as ICMP, and ARP.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 5Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 5 All rights reserved © 2006–2007 Alcatel-Lucent
IPv4 Packet
Version — Always set to the value 4, which is the current version of IP
IHL — IP Header Length: Number of 32-bit words forming the header, usually five
ToS, now known as DSCP — Usually set to 0, but may indicate particular QoS needs from the network. The DSCP defines the way routers should queue packets while they are waiting to be forwarded
Size of Datagram — In bytes, the combined length of the header and the data
Identification — 16-bit number that, together with the source address, uniquely identifies this packet; used during the reassembly of fragmented datagrams
Flags — Sequence of three flags (one of the four bits is unused) used to control whether routers are allowed to fragment a packet (i.e., the Don't Fragment [DF] flag), and to indicate the parts of a packet to the receiver
Fragmentation Offset — Byte count from the start of the original sent packet, set by any router that performs IP router fragmentation
Time To Live — Number of hops/links that the packet may be routed over, decremented by most routers (used to prevent accidental routing loops)
Protocol — SAP that indicates the type of transport packet being carried (e.g., 1 = ICMP, 2= IGMP, 6 = TCP, 17 = UDP)
Header Checksum —1s complement checksum inserted by the sender and updated whenever the packet header is modified by a router. Used to detect processing errors introduced into the packet inside a router or bridge in which the packet is not protected by a link-layer cyclic redundancy check. Packets with an invalid checksum are discarded by all nodes in an IP network.
Source Address — IP address of the original sender of the packet
Destination Address — IP address of the final destination of the packet
Options — Not normally used, but when used, the IP header length is greater than five 32-bit words to indicate the size of the options field
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 6Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 6 All rights reserved © 2006–2007 Alcatel-Lucent
IPv4 Addressing
An IP address is a unique L3 identifier of computers, routers, and devices in an IP network.The 32-bit address is in dotted-decimal format, with each octet separated by a period.
IP address example: 192.168.2.100
Binary equivalent: 11000000.10101000.00000010.01100100
An IP address is 32 bits long and is in binary format, normally expressed by four decimal numbers. Each decimal number is separated by a dot. This format is called dotted-decimal notation.
The dotted-decimal format divides the 32-bit IP address into four octets of 8 bits each. These octets specify the value of each field as a decimal number, as shown in the slide above.
The range of each octet is from 0 to 255.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 7Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 7 All rights reserved © 2006–2007 Alcatel-Lucent
IPv4 Addressing (continued)
Network Number Host Number
Network Prefix Host Number
OR
32 Bits
The first part of an IP address identifies the network that a host would reside in. The second part of an IP address identifies an individual host inside that network. This creates a two-level hierarchy, as shown in the slide above.
All hosts in a given network share the same network prefix. However, the host numbers must be unique to each host. Conversely, hosts with different network prefixes may share the same host number.
Note: The size of the network/host portions can be adjusted, as shown in the following slides.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 8Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 8 All rights reserved © 2006–2007 Alcatel-Lucent
IPv4 Address Classes
Network
Network
Network
Host
Host
Host
0
0
0
7
15
23
31
31
31
8
16
24
Class A
Class B
Class C
0
0
0
1
11
32 bits
When addresses were first being assigned, it was decided that, to provide some form of flexibility to support the various sizes of networks that were being implemented, the IP address space be divided into classes.
The classes were defined as Class A, Class B, and Class C. This is referred to as classful addressing because the address space is split into predefined sizes. As shown above, each class defines the boundary between the network and host at a different octet within the 32-bit address.
Class A (1 to 126) — A Class A network has an 8-bit network prefix and, as shown above, the highest-order bit is always set to 0. This allows for a maximum of 128 networks that can be defined; however, 2 out of the 128 networks are reserved. The 0.0.0.0 network is reserved for default routes, and the 127.0.0.0 network is reserved for loopback functions.
Class B (128 to 191) — A Class B network has a 16-bit network prefix and, as shown above, the two highest-order bits are always set to 10. A maximum of 16 384 networks can be defined.
Class C (192 to 223) — A Class C network has a 24-bit network prefix and, as shown above, the three highest-order bits are always set to 110. A maximum of 2 097 152 networks can be defined.
Classes D (224 to 239) and E (240 to 255) — Class D is used for multicast addresses (used in applications such as OSPF), and Class E is used for scientific purposes.
The concept of classes never envisioned the enormous growth of the Internet. Many of the addressing problems can be traced back to this early classification of the IP address space.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 9Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 9 All rights reserved © 2006–2007 Alcatel-Lucent
Unique IP Addressing
Each node that uses the TCP/IP protocol suite has a unique 32-bit logical IP address.
10.0.0.110.0.0.2
192.168.0.1
192.168.0.2 172.16.0.1
172.16.0.2
192.10.0.1
192.10.0.2
192.10.0.3
192.10.0.4
172.5.0.1
172.5.0.2
172.5.0.3
172.5.0.4
Hosts
HostsNetworkNetwork
Network
NetworkNetwork
A router’s function is to separate broadcast networks. In the figure above, each router is connected to 2 or 3 networks via 2 or 3 interfaces. Every interface is identified by an IP address. The interfaces in the same network belong to the same network prefix or network class.
There are 5 networks in the figure above:
Class C 192.168.0.0
192.10.0.0
Class B 172.5.0.0
172.16.0.0
Class A 10.0.0.0
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 10Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 10 All rights reserved © 2006–2007 Alcatel-Lucent
IP Global Address Assignments
Global addressing is provided by IANA.Major organizations of the world all have specific address assignments.Address assignments are available at RFC 1466 http://www.iana.org/assignments/ipv4-address-space.The Alcatel IP address assignment is 138.120.0.0.The addresses assigned by IANA are also referred to as public addresses.In addition, IANA reserves some addresses (referred to as private addresses) to be used in private networks.
Under the current IP addressing scheme (often known as IPv4, eventually to be replaced by IPv6), the address space is divided into two types: public address space and private address space. Understanding the difference is important and useful for a network administrator, especially if your organization is connected to the Internet. All of the public address space (IP addresses) that are routable via the Internet are managed by one of the three RIRs. Each RIR is responsible for a geographic region. (Don't confuse RIRs with the InterNIC [http://www.internic.net] and its designated registrars, such as Network Solutions, Inc. They handle domain name registration, not address registration.)
The IANA distributes IP addresses to the RIRs.
You must request address space, and IANA will either grant or deny your request. Alternatively, you can request the address space from your ISP (who then, in turn, allocates from its ARIN-allotted address space, or makes the request on your behalf).
This system preserves address space and provides a central authority to prevent address-space collisions. When you are using a public address, you can send to and receive from all (non-broken) parts of the Internet. This means that all routers on the Internet have an idea about how to route your IP address toward you. Because of this, not all address space is portable. If you own your address space, you can authorize an ISP to route it for you, but there is a chance that when you change providers or locations, it will no longer be possible to route your IP addresses to the new location. (You might, therefore, want to check before you travel with your address space.)
IANA has reserved the following three blocks of the IP address space for private internets (local networks):
10.0.0.0 to 10.255.255.255172.16.0.0 to 172.31.255.255192.168.0.0 to 192.168.255.255
In addition, IP addresses in the range of 169.254.0.0 to 169.254.255.255 are reserved for automatic private IP addressing. These IP addresses should not be used on the Internet.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 11Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 11 All rights reserved © 2006–2007 Alcatel-Lucent
IPv4 Addressing (Unicast/Broadcast)
“Unicast address” refers to a specific IP address.A routing update from source to a specific destination address is referred to as a unicast update. This update is usually delivered to a single host or a single interface on the router.
Example: 139.120.200.25
“Broadcast address” refers to all IP addresses in the broadcast domain.
A routing update from a source to all hosts in a broadcast domain (such as Ethernet) is referred to as a broadcast update. The destination IP address in the update contains the network number and all 1s for the host address.
Example: 138.120.255.255 specified in the destination IP header of a packet ensures that the packet will be delivered to all hosts in the 138.120.0.0 network.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 12Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 12 All rights reserved © 2006–2007 Alcatel-Lucent
IPv4 Addressing (Multicast/Anycast)
Multicast addressUsed to address a group of hostsReserved addresses are used for specific applications (224.0.0.0 to 239.255.255.255)
Anycast addressAny source or destination address but do not uniquely identify a hostUpdates are sent to the nearest host or service No specific address ranges for anycast addressesSupported differently in IPv6
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
IP Addressing
Section 2 — Subnet Introduction
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 14Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 14 All rights reserved © 2006–2007 Alcatel-Lucent
Subnetting
Network Host
Host
0 15 31
31
16
24
Class B 01
2316Subnet
Introduces an additional level of hierarchy in addressing.Without subnetting, there are the network and host portions.With subnetting, there are the network, subnetwork, and host portions.Host space is now more efficiently used. For example, with one network address, 6 or more subnetworks can be created.
There are three main problems with classful addressing.
Lack of Internal Address Flexibility — Big organizations are assigned large, monolithic blocks of addresses that do not match the structure of their underlying internal networks well.
Inefficient Use of Address Space — The existence of only three block sizes (Classes A, B, and C) leads to waste of limited IP address space.
Proliferation of Router Table Entries — As the Internet grows, more and more entries are required for routers to handle the routing of IP datagrams, which causes performance problems for routers. Attempting to reduce inefficient address space allocation leads to even more router table entries.
As shown in the slide above, these problems were resolved by adding another layer of hierarchy to the addressing structure. Instead of being a simple two-level hierarchy, that defines the network prefix and host number, a third level was introduced that defines a subnet number.
Adding a third level allowed network administrators the flexibility to manage their current network address in a manner that best suited their needs by assigning a distinct subnet number for each of their internal networks.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 15Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 15 All rights reserved © 2006–2007 Alcatel-Lucent
Subnet Masking
Q. How do you identify the subnet portion of a network?A. With the concept of subnet masking.
A subnet mask is a 32-bit number that accompanies an IP address.The mask indicates the network and the subnet.Boolean logic is performed to differentiate the network and subnet.In a subnet, the first and last IP addresses are reserved.
The first address is the subnetwork.The last address is reserved as a broadcast address for the subnetwork.
A subnet mask is a 32-bit binary number that accompanies an IP address. It is created so that it has a one bit for each corresponding bit of the IP address that is part of its network ID or subnet ID, and a zero for each bit of the IP address’s host ID. The mask thus tells TCP/IP devices which bits in the IP address belong to the network ID and subnet ID, and which are part of the host ID.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 16Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 16 All rights reserved © 2006–2007 Alcatel-Lucent
Subnet Masking (continued)
IP Address Example: 192.168.2.132 (Class C)What is the network and what is the subnet?Let’s assume a subnet mask of 255.255.255.128 (32-bit value).Rewriting the IP address and subnet mask as binary and applying Boolean logic:IP address 11000000.10101000.00000010.10000100
LOGICAL AND
Subnet mask 11111111.11111111.11111111.10000000equals
Subnetwork 11000000.10101000.00000010.10000000192.168.2.128
Network Class C 192.168.2.0Subnetwork 192.168.2.128Host range 192.168.2.129 to 192.168.2.254
The subnet mask of 255.255.255.128 has been chosen arbitrarily and is applied to the IP address of 192.168.2.132, which is a Class C address. This subnet mask splits the Class C network of 192.168.2.0 into two subnetworks, each with 127 hosts.
Using another IP example of 192.168.2.100, after applying the Boolean logic as shown above, we have the Class C network, which is always 192.168.2.0, and the subnetwork with 192.168.2.0, with the host range of 192.168.2.0 to 192.168.2.127.
Note that, although the subnet and the network have the same network prefix, they are essentially different.
A network with 192.168.2.0 with no subnet mask has a host range of 192.168.2.0 to 192.168.2.25.
As seen in the next slides, a network of 192.168.2.0 can be referred to as a network with 192.168.2.0 with a subnet mask of 255.255.255.0.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 17Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 17 All rights reserved © 2006–2007 Alcatel-Lucent
Subnet Masks
An IP address is usually associated with a subnet mask IP:192.168.2.132 with a subnet mask of 255.255.255.128IP:192.168.2.132 with a subnet mask of 255.255.255.0
Another denotation for subnet masking is using /x, where x represents the number of 1s in the subnet mask
255.255.255.0 can be referred to as /24, as in 24 1s255.255.255.128 can be referred to as /25, as in 25 1sIP:192.168.2.132/24 implies a subnet mask of 255.255.255.0
All possible subnet masks are as follows:
128.0.0.0 /1 255.255.128.0 /17
192.0.0.0 /2 255.255.192.0 /18
224.0.0.0 /3 255.255.224.0 /19
240.0.0.0 /4 255.255.240.0 /20
248.0.0.0 /5 255.255.248.0 /21
252.0.0.0 /6 255.255.252.0 /22
254.0.0.0 /7 255.255.254.0 /23
255.0.0.0 /8 255.255.255.0 /24
255.128.0.0 /9 255.255.255.128 /25
255.192.0.0 /10 255.255.255.192 /26
255.224.0.0 /11 255.255.255.224 /27
255.240.0.0 /12 255.255.255.240 /28
255.248.0.0 /13 255.255.255.248 /29
255.252.0.0 /14 255.255.255.252 /30
255.254.0.0 /15 255.255.255.254 /31
255.255.0.0 /16
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 18Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 18 All rights reserved © 2006–2007 Alcatel-Lucent
All 0 and All 1 Subnet
Subnet 0 192.168.1.0/27 11000000.10101000.00000001.00000000Subnet 1 192.168.1.32/27 11000000.10101000.00000001.00100000Subnet 2 192.168.1.64/27 11000000.10101000.00000001.01000000Subnet 3 192.168.1.96/27 11000000.10101000.00000001.01100000Subnet 4 192.168.1.128/27 11000000.10101000.00000001.10000000Subnet 5 192.168.1.160/27 11000000.10101000.00000001.10100000Subnet 6 192.168.1.192/27 11000000.10101000.00000001.11000000Subnet 7 192.168.1.224/27 11000000.10101000.00000001.11100000
All 0 subnet
All 1 subnet
27 bits
Given a network 192.168.1.0 and subnet mask of /27, what are the possible subnets and hosts?
What is the difference between 192.168.1.0/24 and 192.168.1.0/27?
When subnetting first came about, the use of the all 0 and all 1 subnet was forbidden. That meant that when doing your subnet calculations, you had to subtract two subnets, and all host addresses associated with them, from your network. The reason why these subnets were restricted was because of the older classful routing protocols, such as RIPv1. These addresses could cause confusion in a router that ran a classful protocol.
In the all 0 subnet, for example, a router must be able to transmit its routing updates with the route/prefix so that a receiving router can differentiate between the new 192.168.1.0/27 subnet and the 192.168.1.0/24 base network addresses. Without being able to understand these prefix lengths, a router would not be able to understand the difference between the base network and the all 0 subnet.
With the all 1 subnet, a router also needs to understand the prefix length so that it can determine if a broadcast should be sent to the all 1 subnet or to the entire network. If the router does not understand the prefix length, it does not know if the broadcast 192.168.1.255 would be sent to the all 1 subnet or to all hosts in all subnets.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 19Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 19 All rights reserved © 2006–2007 Alcatel-Lucent
Calculating Host Addresses
Host address 0 192.168.1.0/27 11000000.10101000.00000001.00000000Host address 1 192.168.1.1/27 11000000.10101000.00000001.00000001Host address 2 192.168.1.2/27 11000000.10101000.00000001.00000010………………………….Host address 29 192.168.1.29/27 11000000.10101000.00000001.00011101Host address 30 192.168.1.30/27 11000000.10101000.00000001.00011110Host address 31 192.168.1.31/27 11000000.10101000.00000001.00011111
All 0 host
All 1 host
Example:
Find all hosts in subnet address 192.168.1.96/27
Total number of hosts 30
First host 192.168.1.96+1/27 192.168.1.97/27
Tenth host 192.168.1.96+10/27 192.168.1.106/27
Last host 192.168.1.96+30/27 192.168.1.126/27
Broadcast address 192.168.1.96+31/27 192.168.1.127.27
The assigned host address field of a subnet cannot contain all 0s or all 1s. The host number of all 0s is reserved for the network address while the host number of all 1s is reserved for the broadcast address for that network or subnet.
In the example above, 5 bits are used for the host address field. Using the formula of 25 – 2 = 30, there are 30 assignable host addresses in this subnet. This means that each of the subnets that were created can support a maximum of 30 hosts. In the example above, defining the host address for the tenth host in the subnet is relatively simple: you simply take the host bits and place them in the bit pattern that represents 10 or 01010. This gives the host address of 192.168.1.10/27. If one of the other subnets were used (for example, 192.168.1.96/27), defining the host address is a little more difficult; however, the concept remains the same.
Given a subnet address of 192.168.1.96/27 to define the tenth host address, the host bits are once again arranged in the bit pattern that represents 10 or 01010. This is then added to the network address of 192.168.1.96/27 to give the host address of 192.168.1.106/27.
To define the broadcast address for this network, the host bits would be all set to 1 or 11111. This is the binary representation of 31, so 31 would be added to the network address of 192.168.1.96, giving a broadcast address of 192.168.1.127/27 for this particular subnet.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 20Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 20 All rights reserved © 2006–2007 Alcatel-Lucent
Extended Network Prefix
Class-based addressing for IP addresses is not required and is seldom used today.Subnetting is very common for IPv4 addresses, and all network addresses supported by modern protocols expect a subnet mask.Because any subnet mask can be applied to any IP address, a network address can be referred to by a prefix with a subnet mask.
For example: A Class A IP address of 10.0.0.0 can be referred to asnetwork 10.0.0.0/8, where /8 implies a subnet mask of 255.0.0.0, ornetwork 10.0.0.0/16, where /16 implies a subnet mask of 255.255.0.0, in which case the 10.0 is the extended network prefix.
Similarly, an IP address of 138.120.24.253/25 has an extended network prefix of 138.120.24.128.
Routers use the network prefix of the destination IP address to route the traffic to a subnetted environment. Routers in the subnetted environment use the extended network prefix to route traffic between the individual subnets. The extended network prefix is a combination of the network prefix and the subnet number.
The extended network prefix was originally defined by the subnet mask, as shown in the slide above. When the bits in the subnet mask are set to 1, the router examining the address treats the corresponding bits in the destination IP address as part of the network address. The bits in the subnet mask that are set to 0 define the host portion of the address.
The more modern protocols, such as OSPF, ISIS, and BGP, allow the extended network prefix to be represented by a decimal number that indicates the length of the subnet mask, as shown above. This number represents the number of contiguous 1s in the subnet mask.
It should be understood that this concept of representing the prefix length with a decimal number is strictly for the convenience of the user. The protocol still carries the four octet subnet mask in its routing updates.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 21Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 21 All rights reserved © 2006–2007 Alcatel-Lucent
Subnet Design Considerations
1. How many subnets required now?2. How many subnets in the future?3. How many hosts in the largestsubnet?4. How many hosts will be in thesubnet in the future?
Subnet 1Subnet 2
Subnet 3
Subnet 4
Subnet 5
Subnet 6
Subnet 7
Subnet 9
Subnet 8
An addressing plan requires careful planning and consideration for future requirements. The network administrator cannot just look at the existing infrastructure in the assignment of addresses but must take into account future growth of hosts of all the subnets as well as future growth in the number of subnets that will be required.
The first planning step is to define the number of subnets that are required. In the example above, there is a requirement for nine subnets; therefore, 23 or 8 subnets would not meet the requirement. To meet this requirement,the administrator must plan for 24 or 16 subnets. This now leaves room for future expansion.
The next step is to ensure that there is enough host space available to meet the requirements of the largest subnet. If the largest subnet required 35 hosts, a 26- or 64-host space must be used. This size would also leave room for expansion.
After the design is completed, the administrator must ensure that the organization’s allocated IP address space is sufficient to meet current as well as future needs.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 22Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 22 All rights reserved © 2006–2007 Alcatel-Lucent
Subnet Example
1. Subnet 2, the largest subnet, requires20 host addresses2. Network IP address is 192.168.1.0/24
Subnet 1 Subnet 2
Subnet 3Subnet 4
Subnet 5
Subnet 6
First the administrator must identify the bits required to provide the six needed subnets. Because the address is a binary address, the boundaries for the subnets are base on the power of 2.
In the example above, the administrator would require 3 bits of the existing host address to provide the necessary subnets: 23 = 8 available subnets. This would give the subnets an extended prefix of 27 bits. The 4-octet subnet mask would appear as 255.255.255.224.
This would leave 5 bits of the last octet for host addresses. The calculation for usable or assignable host addresses is 2n – 2, or in this case 25 – 2. The reason why 2 host addresses must be subtracted from the total is because the host address 00000 (all 0s) is reserved for the network address and the host address of 11111 (all 1s) is reserved for the broadcast address of the subnet.
In the example above, the base address is 192.168.1.0/24. With the subnet extended prefix defined above, the administrator would have the following subnets, with each subnet supporting 30 hosts:
192.168.1.0/27 192.168.1.32/27 192.168.1.64/27
192.168.1.96/27 192.168.1.128/27192.168.1.160/27
192.168.1.192/27192.168.1.224/27
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
IP Addressing
Section 3 — Variable Length Subnet Mask
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 24Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 24 All rights reserved © 2006–2007 Alcatel-Lucent
Variable-Length Subnet Mask
Given a network of 192.168.10.0/24, generate subnetworks to address each of the networks below:
In this scenario there are 5 networks; we can therefore generate our subnets with a /27 mask as follows:
192.168.10.224/27192.168.10.96/27
192.168.10.192/27192.168.10.64/27
192.168.10.160/27192.168.10.32/27
192.168.10.128/27192.168.10.0/27
When an IP network is assigned more than one subnet mask, it is considered to be a network with variable-length subnet masks—i.e., the extended prefixes that are used are not all the same for each subnet.
VLSM is a more efficient use of the allocated IP address space. Instead of being locked into a single subnet prefix, VLSM allows the administrator to tailor the size of the subnets to meet the host requirements. For example, the figure above shows one of the subnets being further subdivided into /30 subnets. These work well for point-to-point links used between routers, for which only two host addresses are required.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 25Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 25 All rights reserved © 2006–2007 Alcatel-Lucent
VLSM (continued)
The following subnetworks have been assigned randomly:
192.168.10.0/27
192.168.10.64/27192.168.10.32/27
192.168.10.96/27
192.168.10.128/27
Each of the above subnets supports 30 hosts. However, the link between the routers is a point-to-point link and only requires 2 host addresses.The broadcast networks attached to a switch could require 60 hosts each but are limited by 30 hosts. How do we rectify this situation?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 26Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 26 All rights reserved © 2006–2007 Alcatel-Lucent
VLSM (continued)
Assign variable-length subnet masks to the network.Use a different mask (e.g., use /26 for 192.168.10.0/24).The total number of subnetworks generated are:
192.168.10.0/26192.168.10.64/26192.168.10.128/26192.168.10.192/26 (all with 62 hosts each)
This is not enough to represent five networks, but take subnetwork 192.168.10.192/26 and apply /30 to it.
192.168.10.192/26 can then be divided into:192.168.10.192/30 192.168.10.196/30192.168.10.200/30 192.168.10.204/30192.168.10.208/30 192.168.10.212/30 and so on..
Any one of the above addresses can be used to represent point-to-point links between the routers.
When developing a VLSM design, the network administrator must take into consideration the same questions that were asked when doing the traditional subnet design. At each level, the administrator must ensure that there are enough bits available for expansion.
If the networks are spread out over a number of different sites, the administrator must ensure that enough bits are used to support those sites and any future sites that may be deployed. In addition, the administrator must envision how each site may further subdivide their network to support the sub-subnets in the site itself.
Development of this hierarchical addressing scheme requires careful consideration and planning. The network must recursively work its way down so that each level has enough space in the host address to support each requirement.
If this hierarchical scheme is planned correctly before deployment, the multiple networks can then be aggregated into a single address that will help to reduce the number of routing entries in the backbone routers.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 27Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 27 All rights reserved © 2006–2007 Alcatel-Lucent
VLSM Requirements
Subnet 1Subnet 2
Subnet 3
Subnet 4
Subnet 5
Subnet 6
Subnet 7
Subnet 9
Subnet 8
VLSM brings about a new set of challenges: how the different subnets and their various extended prefixes get advertised throughout the network This requires the use of more modern routing protocols. The routing protocol used must be able to satisfy the following:
The routing protocol must be able to carry the extended prefixes with each subnet advertised.
The routers themselves must make forwarding decisions based on the longest match.
The routing protocol must be able to perform summarization to support route aggregation.
Routing protocols such as OSPF and IS-IS support the use of VLSM. RIPv1 does not support the use or deployment of VLSM; however, RIPv2 does support the use of VLSM.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 28Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 28 All rights reserved © 2006–2007 Alcatel-Lucent
VLSM Example 1
• In this example, the service provider is allocated and address of 172.16.0.0/16
• It requires 5 subnets each needing at least 2000 hosts
Subnet 1172.16.0.0/19
Subnet 2172.16.32.0/19
Subnet 3172.16.64.0/19
Subnet 4172.16.96.0/19
Subnet 5172.16.128.0/19
In the example above, the organization is assigned the network IP address of 172.16.0.0/16, and it plans to design and deploy a VLSM network. Five subnets are required each with a requirement of 2000 hosts.
In typical Class B fashion, there is only 1 network with 65 534 hosts, and this is represented by the last 16 bits. We need 5 networks. Using some of the default Class B host bits should give us the required networks.
Option 1: Using 2 bits out of 16 gives us 22 = 4 networks and 214 = 16 384 hosts
Option 2: Using 3 bits out of 16 gives us 23 = 8 networks and 213 = 8192 hosts
Option 3: Using 4 bits out of 16 gives us 24 = 16 networks and 212 = 4096 hosts
Option 2 or 3 can be used, but because only 5 networks are required, option 2 is the best choice here. However, if the network is bound to grow with no more than 4000 hosts ever in any given subnet, option 3 might be better because the network has been designed for 16 subnets.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 29Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 29 All rights reserved © 2006–2007 Alcatel-Lucent
VLSM Example 2
The service provider has the IP address 172.16.0.0/16 and has a subnet, 172.16.64.0/19 which must be further subnetted into 6 subnets supporting different numbers of hosts
Subnet 3172.16.64.0/19
Subnet 3a172.16.64.0/20
Subnet 3b172.16.80.0/21
Subnet 3c172.16.88.0/22
Subnet 3d172.16.92.0/23
Subnet 3e172.16.94.0/24
Subnet 3f172.16.95.0/24
In the example above, subnet 172.16.64.0/19 has been isolated and is now going to be further subdivided to support the six subnets that are located in the local campus. The total number of hosts supported in the /19 network is 8190. This can be further subdivided into more subnetworks with a smaller number of hosts.
If the requirement is to have six unequal subnets, one option is as follows:
172.16.64.0/20 212 – 2 = 4094
172.16.80.0/21 211 – 2 = 2046
172.16.88.0/22 210 – 2 = 1022
172.16.92.0/23 29 – 2 = 510
172.16.94.0/24 28 – 2 = 254
172.16.95.0/24 28 – 2 = 254
Note that the sum of all valid hosts is 8180. This is because by dividing further, two addresses are reserved for the subnetwork number and broadcast number for each. The use of VLSM allows flexibility in the design of networks. Not all subnetworks or networks require the same number of hosts.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 30Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 30 All rights reserved © 2006–2007 Alcatel-Lucent
VLSM Exercise
The base network address is 138.120.0.0/16.Divide the address space into the subnets as shown in the diagram below
First host Last host Broadcast
Subnet 1 Subnet 2 Subnet 3
Subnet 2a
Subnet 2bSubnet 2c
Subnet 2d
In the figure above, the administrator is tasked with taking the base address and subnetting it to support three subnets.
Then the second subnet must be further subdivided to support four subnets. The administrator must then define the first, last, and broadcast addresses for the second sub-subnet.
Subnet 1 network address ______________________
Subnet 2 network address ______________________
Subnet 3 network address ______________________
Subnet 2a network address ______________________
Subnet 2b network address ______________________
Subnet 2c network address ______________________
Subnet 2d network address ______________________
Subnet 2b
First host address ___________________
Last host address ___________________
Broadcast address __________________
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 31Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 31 All rights reserved © 2006–2007 Alcatel-Lucent
25 Users
20 Users
20 Users
25 Users
18 Users
18 Users
Using 10.10.10.0/24, provideIP subnet addressesA
B
C
D
E
F
Corporate HQ
VLSM Exercise (continued)
In the figure above, the administrator is tasked with taking the base address and subnetting it to support six subnets,ensuring that each subnet will support its host requirements.
The next task for the administrator is to take one of the subnets and further subdivide it to support the point-to-point links that join the subnet routers to the main router.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 32Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 32 All rights reserved © 2006–2007 Alcatel-Lucent
VLSM Exercise (continued)
Given the IP address, use VLSMs to extend the use of the address. Provide a possible address for:
HQ A ________________________HQ B ________________________HQ C ________________________HQ D ________________________HQ E ________________________HQ F ________________________
Router A LAN ________________________Router B LAN ________________________Router C LAN ________________________Router D LAN ________________________Router E LAN ________________________Router F LAN ________________________
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
IP Addressing
Section 4 — Classless Inter-Domain Routing
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 34Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 34 All rights reserved © 2006–2007 Alcatel-Lucent
.
.
.
10.10.0.0/24
10.10.1.0/24
10.10.254.0/24
10.10.255.0/24
Routing Table10.10.0.0/2410.10.1.0/24...10.10.255.0/24
Router A Router B
Classless Inter-Domain Routing
With the rapid expansion of the Internet, IPv4 addresses were quickly becoming exhausted, and the sizes of routing tables were expanding exponentially. The response to these problems was the development and adaptation of CIDR.
CIDR eliminated the concept of address classes and replaced it with the concept of network prefixes. Rather than the first 3 bits defining the network mask, the network prefix now defines the network mask. This prefix mask is a method of defining the leftmost contiguous bits in the network portion of the routing table entry.
By eliminating the concept of address classes, CIDR allowed for a more efficient allocation of the IP address space. In addition, CIDR supports the concept of route aggregation, thus allowing a single route entry to represent multiple networks.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 35Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 35 All rights reserved © 2006–2007 Alcatel-Lucent
Route Table10.15.24.0/2410.15.25.0/2410.15.26.0/2410.15.27.0/2410.15.28.0/2410.15.29.0/2410.15.30.0/2410.15.31.0/24
Route Table10.15.24.0/21
10.15.24.0/24 00001010 . 00001111 . 00011 000 . 0000000010.15.25.0/24 00001010 . 00001111 . 00011 001 . 0000000010.15.26.0/24 00001010 . 00001111 . 00011 010 . 0000000010.15.27.0/24 00001010 . 00001111 . 00011 011 . 0000000010.15.28.0/24 00001010 . 00001111 . 00011 100 . 0000000010.15.29.0/24 00001010 . 00001111 . 00011 101 . 0000000010.15.30.0/24 00001010 . 00001111 . 00011 110 . 0000000010.15.31.0/24 00001010 . 00001111 . 00011 111 . 00000000
NetworkLine (/24)
CommonLine (/21)
All possible combinations are contained within the network line and the common line.
Common bit pattern
Router A Router B
Route Aggregation
As was discussed in the VLSM section, address planning is extremely important when subnets are first deployed. The subnets should be deployed so that they support the concept of aggregation, and when aggregation or summarization is applied all subnets can be represented by as few entries as possible in the route table.
In the slide above, Router A supports eight different subnets with a /24 prefix. Rather than advertising all eight subnets, the administrator has decided to implement route aggregation. To see what network address or addresses will be advertised from Router A to Router B, the administrator has decided to calculate what the new network prefix or prefixes should be.
First, define the octet that will be manipulated by the aggregation. In this case, it is the third octet.
Next, identify the original network prefix (/24), then look to the left of the prefix line and identify the area where all the addresses have the same bit pattern. Draw a line down that portion. Look in-between these two lines and ensure that all possible bit patterns are contained between the two lines. If this is the case, you can then summarize those bit patterns into (in this example) a /21 mask.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 36Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 36 All rights reserved © 2006–2007 Alcatel-Lucent
Route Aggregation Exercise
10.15.1.32/28
10.15.1.48/28
10.15.1.64/28
10.15.1.80/28
10.15.1.96/28
10.15.1.112/28
Given the information on the slide, what summarized route or routes will be advertised to Router 2 from Router 1?
Router 1 Router 2
In the figure above, the administrator is going to be using route aggregation on Router 1. What route or routes will be advertised to Router 2?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 37Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 37 All rights reserved © 2006–2007 Alcatel-Lucent
CIDR and VLSM
ISPCustomer
VLSM
CIDR
When you first look at CIDR and VLSM, they seem to both provide the same function and they are very similar. The difference between the two is how they appear to the Internet.
Both CIDR and VLSM support the following:
The routing protocol must carry network-prefix information with each advertised route.
All routers must support the longest-match forwarding algorithm.
Addresses must be allocated to support route aggregation.
The difference is, as mentioned earlier, how the manipulation of the address space appears to the Internet.
VLSM address manipulation is done on the address assigned to an organization and is invisible to the Internet.
CIDR, on the other hand, manipulates addresses, and these manipulations are advertised to the Internet.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 38Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 38 All rights reserved © 2006–2007 Alcatel-Lucent
LAB 2.1-2.2 IP Addressing
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4Edge-Pod3
Edge-Pod2
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
IP Addressing
Section 5 — IPv6 Addressing
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 40Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 40 All rights reserved © 2006–2007 Alcatel-Lucent
Features of IPv6
Provides a huge address spaceMore than 3.4 x 1038 addresses
Hierarchical address allocation provides efficient routingSmall routing table
Support for anycast addresses and the elimination of broadcast addressesEfficient IP header (40 bytes with 8 fields)
Fewer fields and simpler forwarding
Built-in security (IPsec implemented in IPv6)Authentication header and encapsulation security payload
Better QoS supportFlexibility in the Extension header
Daisy chain of next headers
Provides a huge address space
• There are more than 3.4 x 1038 addresses (this represents approximately 5 x 1028 address for each person alive today!). Practically an infinite number of addresses insures no future shortages and provides great flexibility in address allocation.
Hierarchical address allocation provides efficient routing
• There is a small routing table because routes can be summarized due to the hierarchical nature of address space. This simplifies routing for mobile and other specialized devices.
Support for anycast addresses and the elimination of broadcast addresses
Efficient IP header (40 bytes with 8 fields)
• Fewer fields and simpler forwarding enhances router efficiency.
Built-in security (IPsec implemented in IPv6)
• Authentication header and encapsulation security payload
Better QoS support
Flexibility in the extension header
• A daisy chain of next headers provides flexibility to increase IP functionality without complicating the primary header used for forwarding.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 41Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 41 All rights reserved © 2006–2007 Alcatel-Lucent
IPv6 Header
IPv6 header: 8 fields, 40 bytes
Version Traffic Class Flow Label
Payload Length Next Header Hop Limit
Source Address
Destination Address
Version
• Value is 6
Traffic Class
• Similar to ToS field in IPv4; supports differentiated services
Flow label
• Can be used to identify specific data flows
Payload length
• Length of the IP payload; similar to IPv4 except that it does not include the header length
Next header
• Similar to the protocol field in IP; specific values are used to indicate that extension headers follow the mail header
Hop Limit
• Similar to TTL in IPv4, but specifically designated as a hop count field
Source Address
• 128-bit address of the sending node
Destination Address
• 128-bit address of the intended recipient
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 42Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 42 All rights reserved © 2006–2007 Alcatel-Lucent
IPv4 vs. IPv6
Compare IPv4 and IPv6 headers:IPv4 header: 12 fields, 20 bytes IPv6 header: 8 fields, 40 bytes
There is no Identification or Fragment Offset field in IPv6 because it does not support packet fragmentation. A minimum MTU of 576 is defined for IPv6 networks, and packets exceeding the MTU are discarded.
There is no Header Checksum field because there is no checksum at the IP level in IPv6. IPv6 relies on layers 2 and 4 to provide the error-free transmission of data.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 43Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 43 All rights reserved © 2006–2007 Alcatel-Lucent
IPv6 Addressing
Defined in RFC 3513Represented by colon-hexadecimal format
2001:0211:0000:0000:ab01:0000:0000:0011
Compressed representationLeading zero compression:
— 2001:211:0:0:ab01:0:0:11
Multiple successive zero fields can be compressed (only once):2001:211::ab01:0:0:11
Types of addressing:Unicast addressingMulticast addressingAnycast addressing
Represented by colon-hexadecimal format (each digit represents one hex digit)
• 2001:0211:0000:0000:ab01:0000:0000:0011
Compressed representation
• Leading zero compression:
— 2001:211:0:0:ab01:0:0:11
• Multiple successive zero fields can be compressed (only once). “::” represents a number of zeroes but can only be used once in the string because it would be ambiguous if used more than once.
• 2001:211::ab01:0:0:11
Types of addressing:
• Unicast addressing (a single host)
• Multicast addressing (a number of hosts)
• Anycast addressing (any one of a number of hosts)
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
IP Addressing
Section 6 — NAT/PAT
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 45Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 45 All rights reserved © 2006–2007 Alcatel-Lucent
IP Addressing — NAT/PAT
Translates private IP addresses into public rangesNAT — One-to-one address translationNAT — Does not monitor transport layer port numbersPAT — Many-to-one address translationPAT — Does monitor transport layer port numbersDefined in RFCs 2663 and 3022NAT/PAT is not currently supported on the Alcatel 7750 SR
It is important to note that the 7750 SR does not currently support NAT or PAT. The 7750 SR is not an enterprise router, and this feature is generally found in enterprise routers. The 7750 SR is not generally placed at that level of a network. There are currently no plans for the 7750 SR to support NAT or PAT. The reason that NAT and PAT are mentioned in this review is that they are currently commonly seen in the network infrastructure, and thus network experts should have a generic understanding of their purpose.
Network address translation and Port and address translation were created to alleviate the stresses of IP allocation in the world. Working closely with the private IP address ranges, NAT and PAT allow for private IP addresses to be translated into public IP addresses. This translation can be in one of two forms.
The first form of translation is “one-to-one” translation; we call this NAT. A single private IP address is translated to a single public IP address. In this form, the transport-layer port numbers are not monitored or modified. This allows for all applications to function normally without any change to the upper layers. The disadvantage of this form of translation is that there must be a pool of available addresses to support all the private IP-addressed clients. If all addresses in the pool are in use and a new NAT requirement emerges, it will fail because there is no available address within the pool of public addresses.
The second form of translation is “many-to-one”; we call this PAT. A single public IP address supports multiple private IP addresses simultaneously. To accomplish this, the router must not only map the IP address of the client device, it must also map the port number in use by the client. As translation occurs, the IP address is changed to a single public address. To keep track of the multiple streams of traffic from client devices, the port numbers are mapped into the database. If a client’s random port number is already mapped by a different active client, the router not only changes the IP address, it also changes the client’s port number.
Note that with the extremely large address space provided by IPv6, NAT/PAT will no longer be required.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 46Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 46 All rights reserved © 2006–2007 Alcatel-Lucent
IP Addressing — NAT
NAT Table:Public pool: 192.1.1.1 — 192.1.1.254 /24
Internal <> External10.1.1.1 <> 192.1.1.210.1.1.2 <> 192.1.1.310.1.1.3 <> 192.1.1.4
192.1.1.0/24
NAT router
10.1.1.0/24
Internet
10.1.1.2
10.1.1.3
10.1.1.1 192.1.1.1
In the example of NAT above, the range of public IP addresses is from 192.1.1.2 to 192.1.1.254. Each client that sends traffic through the router will be mapped to a single IP address in the pool. If 253 clients are actively sending traffic through the router, the pool of available public IP addresses is saturated. When the 254th client tries to send traffic out the router, it will time out because there are no available public IP addresses to use for NAT. Although this limits the number of clients who can simultaneously use this NAT router, it does not limit the types of applications that each client can be using.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 47Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 47 All rights reserved © 2006–2007 Alcatel-Lucent
IP Addressing — PAT
PAT Table:Public pool: 192.1.1.5/32 (Int. 1/1/1)
Internal <> External10.1.1.1:1101 <> 192.1.1.5:110110.1.1.2:1212 <> 192.1.1.5:121210.1.1.3:1212 <> 192.1.1.5:2424*
192.1.1.4/30
PAT router
10.1.1.0/24
Internet
10.1.1.2
10.1.1.3
10.1.1.1 1/1/1=192.1.1.5
* Duplicate port; random port replaces duplicate
When using PAT, the router that is performing the operation must keep track of the source IP address and the source port number being used at the transport layer. Optionally, the router may also keep track of the destination address and port number. Because only one public address is allocated to the translation pool, all source IP addresses must be translated to the one public address. To keep track of each client’s traffic, the router maps the source port number into its database. Because client port numbers are typically sourced from the random port range (1024 to 65535), there is a possibility that two clients could use the same port number. When this occurs, the router not only modifies the source IP address, but it also modifies the source port number so that it can differentiate the traffic. This port change is not reflected to the client and is therefore transparent to the client. Most modern applications do not have a problem with the change of port. However, some applications (mostly legacy ones) require specific source and destination port numbers. If the router modifies the source port to one different than the application expects, or requires, the application may not function properly.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
IP Overview
Section 7 — IP Protocols
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 49Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 49 All rights reserved © 2006–2007 Alcatel-Lucent
Internet Control Message Protocol
ICMP is a core IP application protocol used mainly to report errors in delivering IP datagrams.IP is connectionless and basically unreliable.ICMP is needed to send error control messages to routers and hosts.ICMP is encapsulated in the IP packet and is routed like a data packet.ICMP is part of the Internet protocol suite, defined in RFC 792. ICMP messages are typically generated in response to errors in IP datagrams (as specified in RFC 1122) or for diagnostic or routing purposes.The version of ICMP for IPv4 is also known as ICMPv4 as it is part of IPv4. IPv6 has an equivalent protocol, ICMPv6.
ICMP messages are constructed at the IP layer, usually from a normal IP datagram that has generated an ICMP response. IP encapsulates the appropriate ICMP message with a new IP header (to get the ICMP message back to the original sending host) and transmits the resulting datagram in the usual manner.
For example, each device (such as an intermediate router) that forwards an IP datagram must decrement the TTL field of the IP header by one. If the TTL reaches 0, an ICMP “time to live exceeded in transit” message is sent to the source of the datagram.
Each ICMP message is encapsulated directly in a single IP datagram, and thus, like UDP, ICMP does not guarantee delivery.
Although ICMP messages are contained in standard IP datagrams, ICMP messages are usually processed as a special case, distinguished from normal IP processing, rather than processed as a normal subprotocol of IP. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application that generated the original IP packet (the one that prompted the sending of the ICMP message).
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 50Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 50 All rights reserved © 2006–2007 Alcatel-Lucent
ICMP Message Types
Some common message types are:Echo request and echo reply (type 8 and type 0)
The host device sends an echo request to the destination device.The destination device sends back an echo reply.The ping utility uses the echo request and reply message types.
Destination unreachable (type 3)Used by a router that cannot forward an IP datagram to send to the source of the IP datagramThe router then discards the IP datagram.
Redirect (type 5)A redirect message can be sent back to the host, indicating that the IP datagram is taking a suboptimal route. The router then forwards the data to the destination.Useful but may have security issues
Echo request and echo reply messages are very frequently used. A host or router sends an ICMP echo request message to a specified destination. Any device that receives an echo request generates an echo reply and returns it to the original sender. The request contains an optional data area, and the reply contains a copy of the data sent in the request. The echo request and reply can thus be used to test whether a destination is reachable. The echo request and reply are sent via IP datagrams.
Assumptions:
The IP software on the source computer must route the datagram.
The intermediate routers between the source and destination must be operating and must route the datagram correctly.
The destination device must be running and both ICMP and IP software must be working.
All routers along the path must have the correct routes.
Ping is the most common way to send an ICMP echo request. The command usually sends a series of echo request messages and captures the corresponding echo replies. Ping then calculates the data loss statistics.
The destination unreachable command can be quite useful. For example, if the destination device connects to an Ethernet network, the network hardware does not provide ACKs. Therefore, a router can continue to send packets to a destination even after the destination is powered down without receiving an indication that the destination is down.
The destination unreachable message is only useful in determining that the destination is not reachable. It does not inform the source router why the packet was not delivered.
The hosts in a network have minimal routing information on system startup. As the network topology changes, the host routing table may not have the optimal information. The router redirect message can be used to inform the host that it needs to change its route to the destination. The host routing table will then contain optimal routes.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 51Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 51 All rights reserved © 2006–2007 Alcatel-Lucent
ICMP in Action
Normal IP packet flow from Host A to Host BDestination link is brokenICMP destination unreachable message is sent to sourceDestination link is fixedGateway G1 decides that gateway G2 is more optimal and sends a redirect message to Host AIP packet flow from Host A to Host B occurs via Gateway G2
G1
G2
Host A
Host B
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 52Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 52 All rights reserved © 2006–2007 Alcatel-Lucent
Address Resolution Protocol
Host 210.10.10.2/24
ARPrequest
ARPreply
ICMPPing 10.10.10.2
Echo request10.10.10.2
Echo reply10.10.10.1
Host 2Is alive
Host 1 Host 2
Host 110.10.10.1/24
When a host device sends a ping to another host device on the same subnet, how does it know what the MAC address of the distant host device is? This is when ARP is used. ARP is used by IP to map a known IP address to the unknown hardware address of the host. ARP operates between L2 and L3 of the OSI model.
An Ethernet network uses two hardware addresses to identify the source and destination of each frame. If the destination address is all 1s (a broadcast frame), it will be sent to all hosts in that broadcast domain. ARP uses this broadcast to find out the destination MAC address of the distant host.
In the figure above, Host 1 pings Host 2. Host 1 looks in its cache of MAC addresses for the destination MAC address of Host 2. If it is not there, Host 1 queues the ICMP packet and sends an ARP request message. The ARP request is a broadcast message, and it is sent to all hosts in the broadcast domain. Each host opens the frame and checks the destination IP address. If it is not its address, the host ignores the packet. However, when Host 2 receives the request, it sees that it is the destination and sends an ARP reply. This ARP reply is wrapped in a frame that has for its destination the MAC address of Host 1, and the source is the MAC address of Host 2. On receiving the reply, Host 1 now learns the MAC address of Host 2 and is able to wrap the ICMP message and send it to Host 2.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 53Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 53 All rights reserved © 2006–2007 Alcatel-Lucent
ARP across a Router
Host 110.10.10.1/24
Host 1220.20.20.1/24
ICMPPing 20.20.20.1
ARPrequest
ARPrequest
ARPreply
ARPreply
Echo request20.20.20.1 Echo request
20.20.20.1
Echo reply10.10.10.1
Echo reply10.10.10.1
Host 12Is alive
Router 1
Host 1 Router 1 Router 1 Host 12
2
1
3
8
4
5
6
7
With the previous slide, the discussion was of the use of ARP within the same subnet. What happens if the distant host is not in the same subnet as shown above?
Host 1 generates a ping to Host 12. Again, when Host 1 goes to wrap the packet in the Ethernet frame, it does not have a destination MAC address associated with the Host 12 IP address, so Host 1 generates an ARP request message. This is still a broadcast message and is received by Router 1 [1]. Router 1 examines the destination IP address of the request and sees that the subnet is in its routing table. Router 1 responds to Host 1 with an ARP reply [2] that provides Host 1 with the MAC address of the interface of Router 1 as the destination MAC address for the packet. This makes Router 1 the proxy destination for any traffic that goes to Host 12.
When Host 1 wants to send a packet to Host 12, it uses its MAC table lookup and uses the router’s MAC address as the target MAC address [3].
Router 1 then generates an ARP request message to the 20.20.20.0/24 network, looking for the MAC address of Host 12 [4]. Host 12 responds to Router 1, and Router 1 learns the Host 12 MAC address [5].
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 54Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 54 All rights reserved © 2006–2007 Alcatel-Lucent
ARP Request Packet Capture
Frame 31 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:04:80:9f:78:00, Dst: ff:ff:ff:ff:ff:ff
Destination: ff:ff:ff:ff:ff:ff
Source: 00:04:80:9f:78:00
Type: ARP (0x0806)
Trailer: 000000000000000000000000000000000000
Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender MAC address: 00:04:80:9f:78:00
Sender IP address: 138.120.53.253
Target MAC address: 00:00:00_00:00:00
Target IP address: 138.120.53.149
In the above packet capture a host with IP address 138.120.53.253 is attempting to resolve the MAC address for a host with IP address 138.120.53.149. The destination MAC address of the Ethernet II frame is sent to the broadcast address ff:ff:ff:ff:ff:ff. All devices in the same broadcast domain will receive this frame. Only the host with IP address 138.120.53.149 will reply. The EtherType for ARP is 0x0806 and is used to indicate which protocol is being transported in the Ethernet II frame.
ARP Packet
Hardware Type- Each layer 2 protocol is assigned a number used in this field. For example, Ethernet is 1
Protocol Type- Each protocol is assigned a number used in this field. For example, IP is 0x0800
Hardware Size- Size in bytes for hardware addressing. Ethernet addresses are 6 bytes in length.
Protocol Size- Size in bytes for logical addressing. IPv4 addresses are 4 bytes in length.
Operation Code- Specifies the operation the sender is performing. A value of 1 is for ARP request and a value of 2 is for ARP reply.
Sender MAC address- The hardware MAC address of sender.
Sender IP address- Protocol address of sender.
Target MAC address- The hardware MAC address of the intended receiver. The MAC address will be all 0’s for a request.
Target IP address- The protocol address of the intended receiver.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 55Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 55 All rights reserved © 2006–2007 Alcatel-Lucent
ARP Reply Packet Capture
Frame 32 (42 bytes on wire, 42 bytes captured)
Ethernet II, Src: 00:11:43:45:61:23, Dst: 00:04:80:9f:78:00
Destination: 00:04:80:9f:78:00
Source: 00:11:43:45:61:23
Type: ARP (0x0806)
Address Resolution Protocol (reply)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: reply (0x0002)
Sender MAC address: 00:11:43:45:61:23
Sender IP address: 138.120.53.149
Target MAC address: 00:04:80:9f:78:00
Target IP address: 138.120.53.253
The above packet capture is the ARP reply in response to the ARP request on the previous page. The Ethernet frame is a unicast frame and is sent only to the MAC address of the ARP request sender. All fields in the ARP reply packet have the same meaning as the ARP request packet. The main difference in the APR reply packet is the Operation code (Value of 2 for request) and fully populated MAC addresses for the sender and the target. Note the sender and target addresses have been swapped.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 56Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 56 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary
IPv4 addresses consist of 32 bits (4 octets) traditionally divided into a Network prefix and a Host numberThere are 5 Classes of addressesThere are 4 types of addresses:
Unicast: a specific IP address that identifies one hostBroadcast: all IP addresses in a broadcast domainMulticast: a group of hostsAnycast: a specific IP address that identifies multiple hosts
There are Classful and Classless addressing formatsSub-netting and classless addressing provides flexibility and more efficient use of address space by adding a level in the addressing format to define the sub-net number
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 57Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 57 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary (cont’d)
VLSM enables an IP network to be assigned more than one sub-net mask, allowing for more efficient use of the address spaceRoute aggregation reduces the number of routing table entries by allowing several sub-nets to be advertised by only a few prefixesNAT & PAT used to alleviate IPv4 address shortage in the world
With NAT a single private IPv4 address is translated to a singlepublic IP address.With PAT a single public address supports multiple private IP addresses simultaneously
IPv6 provides huge address space, with addresses of 128 bits, it has 8 fields in its header with the following that differ from IPv4:Traffic Class, Flow Label, Next Header
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 58Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 58 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary (cont’d)
ICMP is a core IP application protocol used mainly to report errors in delivering IP datagramsICMP is encapsulated in an IP packet and routed like a data packetARP is used by IP to map a known IP address to the unknown hardware address of the host
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 59Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 59 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment
1. Define the first, last, and broadcast addresses of the following network address: 192.168.16.64/27
2. Which of the following addresses is a broadcast address?a. 138.120.0.255/23b. 191.16.1.99/30c. 145.1.1.108/30
3. Subnet the following address to provide a minimum of 9 subnets: 190.16.4.0/22
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 60Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 60 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment (continued)
4. Choose the correct addresses from the following list that can be super-netted to provide 300 host addresses.a. 192.168.1.0/24b. 192.168.2.0/24c. 192.168.3.0/24d. 192.168.4.0/24
5. Summarize the following addresses to the least amount of addresses that will be advertised.a. 11.11.11.16/28b. 11.11.11.32/28c. 11.11.11.48/28d. 11.11.11.64/28e. 11.11.11.96/28f. 11.11.11.80/28g. 11.11.11.112/28
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 4 – page 62Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 4 | 62 All rights reserved © 2006–2007 Alcatel-Lucent
LAB 2.3 Testing for ICMP and ARP (Optional)
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4Edge-Pod3
Edge-Pod2
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Alcatel-Lucent Scalable IP Networks
Module 5 — Transport Layer
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 2Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 2 All rights reserved © 2006–2007 Alcatel-Lucent
Module Objectives
After successful completion of this module, you should be able to:
Understand the transport layer functions Understand the concepts of ports and sockets Discuss the TCP 3-way handshake Discuss the concept of the TCP window Understand the TCP method of congestion avoidance Discuss TCP slow start Discuss the operation of UDP
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Transport Layer Overview
Section 1 — Transport Layer Protocols
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 4Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 4 All rights reserved © 2006–2007 Alcatel-Lucent
Transport Layer
Layer 4 of the OSI modelResponds to requests from the higher layers and relays requests to the network layersProvides reliable or unreliable transfer of dataCan provide end-to-end error checking and flow control TCP and UDP are transport protocols for the TCP/IP stack
TCP is connection-oriented while UDP is connectionless
OSI transport layers are TP0, TP1, TP2, TP3, and TP4TP4 and TCP are functionally similar
Transport Protocol Class 0 (TP0) performs segmentation (fragmentation) and reassembly functions. TP0 discerns the size of the smallest maximum PDU supported by any of the underlying networks, and segments the packets accordingly. The packet segments are reassembled at the receiver.
Transport Protocol Class 1 (TP1) performs segmentation (fragmentation) and reassembly, as well as error recovery. TP1 sequences PDUs and retransmits PDUs or reinitiates the connection if an excessive number of PDUs are unacknowledged.
Transport Protocol Class 2 (TP2) performs segmentation and reassembly as well as multiplexing and demultiplexing of data streams over a single virtual circuit.
Transport Protocol Class 3 (TP3) offers error recovery, segmentation and reassembly, and multiplexing and demultiplexing of data streams over a single virtual circuit. TP3 also sequences PDUs and retransmits them or reinitiates the connection if an excessive number are unacknowledged.
Transport Protocol Class 4 (TP4) offers error recovery, performs segmentation and reassembly, and supplies multiplexing and demultiplexing of data streams over a single virtual circuit. TP4 sequences PDUs and retransmits them or reinitiates the connection if an excessive number are unacknowledged. TP4 provides reliable transport service and functions with either connection-oriented or connectionless network service. TP4, the most commonly used of all the OSI transport protocols, is similar to TCP in the TCP/IP suite.
Both TP4 and TCP are built to provide a reliable, connection-oriented, end-to-end transport service on top of an unreliable network service. The network service may lose packets, store them, deliver them in the wrong order, or even duplicate packets. Both protocols must be able to deal with the most severe problems (e.g., a subnetwork stores valid packets and sends them at a later date). TP4 and TCP both have connect, transfer, and disconnect phases, and their principles of operation during these phases are also quite similar.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 5Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 5 All rights reserved © 2006–2007 Alcatel-Lucent
Ports
Application Services
Telnet HTTP SMTP IMAP DNSDOOM TFTP GopherFTP
TCP UDP
21 23 80 25 143 53 53 69666 70
Ports identify an application service. This is how the transport layer can differentiate between application services. Each process that wants to communicate with another process identifies itself to the transport layer by using one or more port numbers.
A port is a 16-bit number used by the host-to-host protocol to identify to which higher-level protocol or application service it must deliver incoming messages. There are two types of port numbers:
Well-known ports — Well-known port numbers belong to standard servers. Well-known port numbers range from 1 to1023. These port numbers are assigned by the IANA.
Ephemeral — Client applications do not require well-known port numbers as they initiate communications with servers. Each client process is allocated a port number for as long as it needs it by the host system. Ephemeral port numbers occupy the 1024 to 65535 range and are not controlled by the IANA. Because the host dynamically assigns the port number to the client application, the port number may vary each time that the client application is launched.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 6Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 6 All rights reserved © 2006–2007 Alcatel-Lucent
Sockets
Unique application handle into the TCP/IP stackUsed to differentiate application users between network hostsFormulated by using transport protocol, IP address, and application source/destination port numbersCreated at both ends of the data transfer (i.e., source and destination)
Example:
Socket address = Protocol, local IP address, and local port number (e.g., TCP, 138.120.3.1, 15633)
Conversation = Protocol, local IP address, local port number,remote IP address, and remote port number(e.g., TCP, 138.120.3.1, 15633. 137.10.2.2, 23)
Sockets are primarily used to differentiate between applications. Although applications on different hosts can be differentiated using IP addresses and destination address, it is impossible to differentiate between two sessions on the same hosts for the same application. The sockets also ensure that a datagram that arrives at the wrong host will not be accepted by the transport layer even though the well-known port exists. It is conceivable that an IP header could have its IP address corrupted and might therefore arrive at the wrong device. If the IP checksum is ignored, it is passed to the transport layer, where the port is examined.
Example: There are two Telnet sessions between Host A and Host B. The IP address and destination port numbers are not enough for Host B to differentiate between the two Telnet sessions. In this case, having the source port numbers, which are unique for each Host A client session, are required for Host B to discern between the packets of each of the session. A detailed example of Telnet is in the next slide.
In general, a client program, in this case a Telnet request from Host A, uses a unique source port number and uses the well-known port number (23 as the destination port on the server program on Host B).
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 7Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 7 All rights reserved © 2006–2007 Alcatel-Lucent
Transport Example — Telnet
Enable Telnet server application
Create socket address TCP,138.120.168.100,23
Listen to client requests, incoming request from Client 1
Conversation: TCP, 138.120.168.100,23,138.120.191.233,15633
Incoming request from Client 2
Conversation: TCP, 138.120.168.100,23,138.120.191.233,15322
Enable Telnet client 1 application
Create client socket TCP,138.120.191.233,15633
Connect to server
Enable Telnet client 2 application
Create client socket TCP,138.120.191.233,15322
Connect to server
TCP/IP
Operating system
Telnet Client 1
Operating system
Telnet Client 2
Operating system
Telnet server
PC A wants to Telnet into a server with two applications, A1 and A2.
The IP address of A is 138.120.191.233 and the server address is 138.120.168.200.
Application A1 opens a client session with a socket handle.
Application: Telnet
Source port number: 15633
Destination port number: 23
Transport layer: TCP
Socket handle: TCP, 138.120.191.233, 15633
Application A2
Application: Telnet
Source port number: 15322
Destination port: 23
Transport layer: TCP, 138,120.191.233, 15322
The server enables the Telnet server and creates a destination socket.
Application: Telnet server
Source port number: 23
Destination port number: 15633,15322
Socket numbers: TCP, 138.120.168.200, 23
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Transport Layer Overview
Section 2 — Transmission Control Protocol
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 9Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 9 All rights reserved © 2006–2007 Alcatel-Lucent
Transmission Control Protocol Concepts
ApplicationService
ApplicationService
TCP TCP
IP IP
Network interfaceNetwork interface
Port X Port Y
Host A Host B
Unreliable IP datagrams
Reliable TCPconnection
The primary purpose of TCP is to provide reliable communications between application services. TCP understands that the lower levels are unreliable, so TCP must guarantee the delivery of the data itself.
Data transfer — From the application-services viewpoint, TCP provides a contiguous stream of data through the network. TCP groups the bytes into segments, which it passes to the Internet layer for transmission to the destination.
Reliability — TCP uses sequence numbers for each byte transmitted and expects to receive an acknowledgment from the distant end. If the acknowledgment is not received within a specific interval, the data is retransmitted.
Flow control — The TCP process of the distant end, when sending an acknowledgment back, informs the sender of the number of bytes it can receive above the last TCP segment, without causing an overflow of its internal buffers. This is done by specifying the highest sequence number that it can receive.
Multiplexing — Multiplexing and demultiplexing are achieved using port numbers.
Logical connections — To support reliability and flow control, TCP must initialize and maintain status information for each connection. This status information contains sockets, sequence numbers, and window size. These components combine to form a logical connection.
Full-duplex — TCP maintains full-duplex data streams.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 10Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 10 All rights reserved © 2006–2007 Alcatel-Lucent
Establishing a TCP Connection
ApplicationService
ApplicationService
TCP TCP
Port X Port Y
Host A Host B
1. Active Open SYN, seq=A
2. SYN+ACK, seq=BACK A+1
3. ACKSend ACK B+1
Before transmitting any data, TCP must establish a connection between the two application services. This connection establishment is referred to as the “three-way handshake”. As shown in the figure above, the opening TCP segments include the sequence numbers from both sides.
After a session is established between the two hosts, data can be transferred until the session is interrupted or shut down. Data is sent in pieces; each piece forms a TCP segment. A TCP segment is a combination of the data and a TCP header.
Send SYN — This is a request for a session.
Receive SYN — A session request has been received.
ACK — This is the acknowledgment and shows the sending unit of the next sequence number that the receiver expects to see.
This begins with a SYN (Synchronize) segment (as indicated by the code bit) that contains a 32-bit Sequence number A called the Initial Send Sequence (ISS), which is chosen by, and sent from, Host A. The 32-bit sequence number A is the starting sequence number of the data in the packet and increments by 1 for every byte of data sent within the segment (i.e., there is a sequence number for each octet sent). The SYN segment also puts the value A+1 in the first octet of the data.
Host B receives the SYN with sequence number A and sends a SYN segment with its own totally independent ISS number B in the sequence number field. In addition, Host B sends an increment on the sequence number of the last-received segment (i.e., A+1) in its Acknowledgment field. The Acknowledgment number informs the recipient that its data was received at the other end and that it expects the next segment of data bytes to be sent, to start at sequence number A+1. This stage is often called the SYN-ACK. It is here that the MSS is agreed on.
Host A receives the SYN-ACK segment and sends an ACK segment containing the next sequence number (B+1). This is called the Forward Acknowledgment and is received by Host B. The ACK segment is identified by the fact that the ACK field is set. Segments that are not acknowledged within a certain interval are retransmitted.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 11Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 11 All rights reserved © 2006–2007 Alcatel-Lucent
TCP Header
Source Port Destination Port
Sequence Number
Acknowledgment Number
Window
Urgent Pointer
Options and Padding
Data
Checksum
32 Bits
AC
KU
RG
PSHR
STSYNFINRes.HLEN
Source and Destination ports — Identify the upper-layer applications using the connection
Sequence Number — This 32-bit number ensures that data is correctly sequenced. Each byte of data is assigned a sequence number. The first byte of data by a station in a particular TCP header has its sequence number in this field (e.g., 58000). If this packet has 700 bytes of data in it, the next packet sent by this station will have sequence number 58000 + 700 = 58700.
Acknowledgment Number — This 32-bit number indicates the next sequence number that the sending device is expecting from the other station.
HLEN — Gives the number of 32-bit words in the header. Sometimes called the Data Offset field.
Reserved — Always set to 0
Code bits — The following flags indicate the nature of the header:
URG — Urgent Pointer
ACK — Acknowledgment
PSH — Push function; causes the TCP sender to push all unsent data to the receiver rather than sends segments when it gets around to them (i.e., when the buffer is full).
RST — Reset the connection
SYN — Synchronize sequence numbers
FIN — End of data
Window — Indicates the range of acceptable sequence numbers beyond the last segment that was successfully received. It is the allowed number of octets that the sender of the ACK is willing to accept before an acknowledgment.
Urgent Pointer — Shows the end of the urgent data so that interrupted data streams can continue. When the URG bit is set, the data is given priority over other data streams.
Checksum — Used to verify integrity of the TCP segment. Checksum calculation is performed on the TCP “pseudo-header” and data. This is the IP source and destination addresses, TCP header and the TCP data.
Option — Mainly only the TCP MSS, sometimes called Maximum Window Size or SMSS. A segment is a series of data bytes within a TCP header.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 12Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 12 All rights reserved © 2006–2007 Alcatel-Lucent
TCP Windows
Send Window
Send WindowReceive Window
Receive WindowBuffered Data
Buffered Data
1
1
2
2
3
3
4
4
5678
8
12 9
9
10
10
11
1112765
TCP uses a send/acknowledge/send scheme to ensure the reliable delivery of data. If this was done one segment at a time, it would still ensure the reliable delivery of the data but would not be a very efficient use of the bandwidth of the link.
TCP uses windows to ensure the reliable delivery of data as well as use the available bandwidth. TCP groups the segments together in the send window and transmits them as a group. However, the transmitting host expects an acknowledgment from the receiver for each individual segment in that group. When the sender has received the acknowledgments, it then moves data from the buffer into the send window and transmits the next group of segments. This is why the send window of the local host and the receive window of the distant host must be the same.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 13Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 13 All rights reserved © 2006–2007 Alcatel-Lucent
Sliding Windows
Can Send 1-6, only 1-2 sent Receive Window123456
Buffered Data12 7891011
Can Send 3-6 Receive Window34567812 91011 12
Ack 3
Receive Window34567812 91011 12
Ack 7
Receive Window7812 91011 1234
Ack 7
56
Wnd 4
Wnd 6
Wnd 0
Wnd 6
Cannot send any
Can send 7-12, only 7-9 sent
The concept of sliding windows keeps the network protocol saturated with packets to transmit. Because an acknowledgment is not required for every segment transmitted, network bandwidth is more efficiently used.
During the establishment of a TCP session, the MSS and the receiver’s window size are negotiated. This indicates that the receiver and sender in both directions have decided that, any one time, a sender can transmit bytes up to the MSS. However, this is not always the case: the transmit (slow start ) will often only transmit a limited number of segments to the receiver, as indicated by the receiver’s window size. The receiver’s window can be thought of as the current buffer size for the received packets. When the sender sends the required number of packets specified by the window size, the receiver buffer is full. If the received buffer is only partially cleared by the TCP application, the receiver sends back an ACK specifying the new window size, which is the originally negotiated window size minus the partially cleared segments. The sender then slides its window by the number of segments transferred and can only send the number of packets equal to this new window size.
Example:
Assume a negotiated window size of 6 segments.
The sender only sends 2 segments.
The receiver sends an ACK back, indicating the start of the next segment and also a new window size of 4 because the first 2 segments are still buffered.
The sender sends the remainder of the 4 segments, and fills up the receiver’s window.
The receiver sends an ACK 7 with a window size of 0 because its received buffer is full.
The sender is unable to transfer any more segments.
When the TCP application on the receiver side clears the buffer, the sender then transmits 3 segments.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 14Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 14 All rights reserved © 2006–2007 Alcatel-Lucent
Acknowledgment and Retransmission
Send 1-6 Receive Window123456
Buffered Data7812 91011
Send 3-8 Receive Window34567812 91011
Ack 3
Receive Window7812 91011Send 3-8
Ack 3
Receive Window37812 91011
12
12
12Send 3-8
456
Retransmit
3456
With reference to the slide above, the sender window transmits a group of segments (1 to 6). The receive window receives segments 1 and 2 and acknowledges the receipt of those segments by telling the sender that the next segment it expects to see is sequence number 3. The window slides at the transmitting host.
For some reason, segment 3 is lost. The receive window continues to receive the rest of the segments; however, when it acknowledges the receipt of the segments, it informs the transmitting host that it is still expecting to see segment 3. The sender’s window cannot slide past segment 3. The sender host continues to send all the bytes in the window. Eventually, a timeout will occur and the sending host will retransmit.
The problem arises as to how much information the sender should retransmit. It does know that segment 3 was lost;however, it does not know the status of segments 4 to 6. The decision must therefore be made as to whether the sending host retransmits just segment 3 or all data from segment 3 on.
Each TCP instance is free to react to these outages as it wants: either just retransmit the current missing segment and wait for an acknowledgment to tell it of other segments that may be missing, or transmit everything from segment 3 on and let the receive window deal with the duplicate segments.
This occurs because the actual acknowledgment is not of the segment that it has received but to identify the next segment that it expects to see.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 15Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 15 All rights reserved © 2006–2007 Alcatel-Lucent
TCP Operation Example
Host 210.10.10.2/24
Host 110.10.10.1/24
Seq.no. 122 (next seq.no. 123) Ack.no. 0 Wnd 8192 LEN = 0B
Seq.no. 286 (next seq.no. 287) Ack.no. 123 Wnd 8760 LEN = 0B
Seq.no. 123 (next seq.no. 123) Ack.no. 287 Wnd 8760 LEN = 0B
Seq.no. 123 (next seq.no. 323) Ack.no. 287 Wnd 8760 LEN = 200B
Ack.no. 323 Wnd 8560
Seq.no. 323 (next seq.no. 723) Ack.no. 287 Wnd 8760 LEN = 400B
Seq.no. 724 (next seq.no. 724) Ack.no. 0 Wnd 8760 LEN = 0B
Ack.no. 723 Wnd 8160
Seq.no. 723 (next seq.no. 724) Ack.no. 287 Wnd 8760 LEN = 0B
Seq.no. X (next seq.no. X+1) Ack.no. 724 Wnd 8160 LEN = 0B
Initial 3-way handshake
Data transfer
Closing session
SYNSYN+ACKACK
FIN
FIN+ACK
ACK
Assumptions:
Although the data transfer and window parameter negotiation occurs as a duplex, the slide above only shows a single-sided transfer.
The session begins with station 10.10.10.1/24 initiating a SYN that contains the sequence number 122, which is the ISS. In addition, the first octet of data contains the next sequence number, 123. There are only zeros in the acknowledgment number field as this is not used in the SYN segment. The window size of the sender starts off as 8192 octets as assumed to be acceptable to the receiver.
The receiving station sends its own ISS (286) in the sequence number field and acknowledges the sender's sequence number by incrementing it by 1 (287), expecting this to be the starting sequence number of the data bytes that will be sent next by the sender. This is called the SYN-ACK segment. The receiver's window size starts off as 8760.
When the SYN-ACK has been received, the sender issues an ACK that acknowledges the receiver's ISS by incrementing it by 1 and placing it in the acknowledgment field (287). The sender also sends the same sequence number that it sent previously (123). This segment is empty of data, and we do not want the session to keep ramping up the sequence numbers unnecessarily. The window size of 8760 is acknowledged by the sender.
From now on ACKs are used until just before the end of the session. The sender now starts sending data by stating the sequence number 123 again because this is the sequence number of the first byte of the data that it is sending. Again, the acknowledgment number 287 is sent, which is the expected sequence number of the first byte of data that the receiver will send. In the above scenario, the sender is initially sending 200 bytes of data in one segment. The network analyzer may indicate the next expected sequence number in the trace: in this case, 123 + 200 = 323. The sender has now agreed on the window size of 8760 and uses it itself.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 17Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 17 All rights reserved © 2006–2007 Alcatel-Lucent
TCP Congestion Control — Slow Start
Send Window Receive WindowBuffered Data1234567812 91011
1
1
Ack 2cwnd
Send Window Receive WindowBuffered Data1234567812 91011
2
1
Ack 4cwnd 3
Send WindowBuffered Data1234567812 91011
5Ack 7
cwnd 6
23
Receive Window123456
4
Initially, when TCP first establishes a connection, it sends a group of segments of the size specified by the receiving host’s window. If the two hosts are in the same LAN, this should not be an issue. However, if they are in different networks, the possibility of low-speed links exists and the result could be multiple packet discards and multiple retransmissions, causing congestion in the network.
To avoid this situation, TCP uses what is referred to as “slow start”. Slow start creates another window for the sender, called the congestion window (cwnd). The congestion window starts out as one segment. When the sender receives an acknowledgment, it doubles the size of the congestion window to two segments. Again, after an acknowledgment is received, the sender doubles the size of the congestion window to four. This continues until the advertised size of the receive window is reached or until the capacity of the network is reached.
Note that in the slide above at the last step, the sender sends only 3 segments despite its congestion window size being 4 segments. This is because the receiver’s window size at this point is 3 segments.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 18Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 18 All rights reserved © 2006–2007 Alcatel-Lucent
TCP Congestion Control — Congestion Avoidance
Step 1
Step 2
Step 4
Ack 9Send Window
Receive Window789101112131418 151617 7
Ack 9cwnd
810
Duplicate Ack
Receive Window789101112131418 151617 7
cwnd
810
9 Ack 11Initiate Slow Start
131415161718192024 212223 13
cwnd
1415
Ack 16131415
Start congestionavoidance
161718192021222327 242526 16
cwnd
1718
Ack 20161718Increase oneSegment at a time 19
19Step 5
9
Step 3 10
cwnd
1112
Ack 131112
789101112131418 151617
Increase oneSegment at a time
Although it is a totally different process, congestion avoidance works hand-in-hand with slow start. With the improvements in network design, the TCP process assumes that packet loss due to damage is rare. Therefore, the loss of a packet must indicate network congestion and that the packet was discarded. The congestion avoidance process has two indications of packet loss:
A timeout occurs.
A duplicate ACK is received.
The slide above shows the process if a duplicate ACK is received. However, if a timeout occurs, the process would be the same. When the duplicate ACK is received, the slow start process is initiated and the congestion window is set back to one segment. It continues to double in size with each acknowledgment until it reaches half the original window size before the duplicate ACK was received. At this point, the congestion avoidance process takes over and increases the congestion window one segment at a time with each received ACK. This cycle continues until the TCP process reaches a steady state.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Transport Layer Overview
Section 3 — User Datagram Protocol
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 20Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 20 All rights reserved © 2006–2007 Alcatel-Lucent
User Datagram Protocol
ApplicationService 1
Port 67 Port 69 Port 123 Port 56981
UDPMultiplexing and Demultiplexing
IP
ApplicationService 4
ApplicationService 3
ApplicationService 2
Unlike TCP, UDP offers no delivery guarantees or congestion avoidance. It is considered to be a means of best-efforttransport. UDP simply provides a transport mechanism for one application to send a datagram to another application. The responsibility for error recovery or any form of reliability resides with the application itself.
Like TCP, UDP uses port numbers to identify the receiving and sending application processes. It uses these port numbers in its multiplexing and demultiplexing operations.
Because there is no windowing (buffering) or any retransmission capability, UDP has found favor with real-time applications such as VoIP.
The following are some of the well-known UDP port numbers :
Port 67 – DHCP (Dynamic Host Configuration Protocol)
Port 69 – TFTP (Trivial File Transfer Protocol)
Port 123 – NTP (Network Timing Protocol)
Port 520 – RIP (Routing Information Protocol)
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 21Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 21 All rights reserved © 2006–2007 Alcatel-Lucent
UDP Header
Source Port Destination Port
Length Checksum
Data
32 Bits
The UDP header is extremely simple when compared to the TCP header. There are no synchronization, sequence, or acknowledgment fields. All that the header contains is the source application port number, the destination application port number, a length field for the length of the data, and a checksum for the UDP pseudo-header and data (IP source and destination addresses, UDP header and UDP data). This gives the UDP packet very little overhead.
Some protocols that use UDP include: SNMP, DNS, and DHCP.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 22Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 22 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary
This module provided an overview of the protocols in the transport layer.
TCP uses sockets differentiate between applications.TCP provides connection-oriented services between hosts.TCP provides delivery guarantees for data.UDP uses ports for addressing.UDP provides a connectionless service.UDP provides no delivery guarantees for data.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 23Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 23 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment
1. In TCP, what is a send_SYN used for?A. Request a session.B. Synchronize the buffer rate.C. Synchronize the flow control.D. Request a retransmission of a missing segment.
2. In TCP, must the send and receive windows on a local host match?A. YesB. No
3. What process works in conjunction with the congestion-avoidance process in TCP when network congestion is detected?
A. Sliding windowB. AcknowledgmentC. Slow start
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 5 – page 24Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 5 | 24 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment (continued)
4. What does UDP use to establish a session?A. Session requestB. Window sizeC. Hello protocolD. Nothing
5. How does UDP identify the application services that it is supporting?
A. Socket numberB. Port numberC. IP addressD. UDP allows the higher levels to track the application Service.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Alcatel-Lucent Scalable IP Networks
Module 6 — IP Routing
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 2Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 2 All rights reserved © 2006–2007 Alcatel-Lucent
Module Objectives
After successful completion of this module, you should be able to:
Discuss the operations and functions of a routerDiscuss the uses and benefits of static and default routes Discuss the operation of the distance vector protocol RIP
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
IP Routing
Section 1 — Router Functions
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 4Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 4 All rights reserved © 2006–2007 Alcatel-Lucent
Functions of a Router
DestinationMAC
SourceMAC
TypeFCS Payload
12 3
DestinationIP
Source IP
4
1. Read the destination MAC address.
2. Check the FCS.
3. Check the protocol and extract the payload.
4. Record the destination IP address.
When a router receives a frame from a LAN, the first task is to read the destination MAC address to ensure that the router is the intended recipient of that frame.
The next step, assuming that the router is the intended recipient of the frame, is to check the FCS to see if there are any errors with the frame. If there are errors, the router discards the frame at this point.
Assuming the frame is received without error, the router checks the Type field to see which protocol is in the payload. The router then strips off the L2 headers and trailer and moves the payload to the L3 protocol.
The L3 protocol is mainly interested in the destination L3 address. It uses this address to make its forwarding decision.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 5Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 5 All rights reserved © 2006–2007 Alcatel-Lucent
Functions of a Router (cont'd)
Routing Table
DestinationIP
SourceIP
Network Protocol Next-hop
4
5
DestinationMAC
SourceMACTypeFCS Payload6
5. Check the routing table to see if the network is reachable.
6. If the network is found, re-encapsulate the packet in an L2 frame.
The router, after examining the destination L3 address, consults its routing table to find out how to best handle the packet. The routing table reflects network reachability information (network). It then shows how the network was learned (protocol): is it local, a static router, or from a dynamic routing protocol? The final piece of information that concerns the router is what interface the packet is forwarded to (next-hop) so that it can reach its destination. If the packet is a network broadcast packet, the router discards the packet.
When the decision has been made, the router forms a new frame by encapsulating the packet in an L2 frame and sends it out the appropriate interface.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 6Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 6 All rights reserved © 2006–2007 Alcatel-Lucent
IP – 1.1.1.2MAC = AGateway = 1.1.1.1 - B
IP – 2.2.2.2MAC = D
IP – 1.1.1.1MAC = B
IP – 2.2.2.1MAC = C
IP – 3.3.3.1 IP – 3.3.3.2
ARP Cache2.2.2.2 = DData
Source Dest. S D
1.1.1.2 2.2.2.2 A BFCS
Data
Source Dest. WAN
1.1.1.2 2.2.2.2 PPPFCS
Data
Source Dest. S D
1.1.1.2 2.2.2.2 C DFCS
Movement of Data
The basic flow of a packet of data through a network is as follows:
Device A (1.1.1.2) wants to send data to server D (2.2.2.2). Because device A is not located on the same segment as that of device D, it must use the default gateway for the segment. This default gateway is seen as IP address 1.1.1.1 in the figure above. Device A will ARP the 1.1.1.1 address to learn the MAC address of the gateway. The router responds with MAC address “B”. Device A is now able to encapsulate the data, as shown in the top block diagram. Note that the source and destination IP addresses identify the overall source and destination devices, whereas the frame source and destination addresses identify the path across the Ethernet segment only.
When the packet arrives at the left router (router B), the router removes the L2 header and trailer, checks its routing table, and determines that the data needs to be sent to the right router (router C). To accomplish this, router B encapsulates the data in a PPP frame and forwards it.
Router C removes the PPP frame and consults its routing table. Noting that the destination IP network is directly connected to its Ethernet port, router C consults its ARP cache to determine the framing. When the destination L2 MAC address is determined, router C can create the frame of data and forward it to router D.
Note that the IP addressing did not change throughout this movement of data. However, the L2 framing changed over each segment that the packet traversed. The IP address identifies a device within the entire network topology, whereas the L2 address identifies a device on that segment only.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 7Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 7 All rights reserved © 2006–2007 Alcatel-Lucent
Routing Table Entries
A:PE1# show router route-table
===============================================================================Route Table (Router: Base)===============================================================================Dest Prefix Type Proto Age Pref
Next Hop[Interface Name] Metric -------------------------------------------------------------------------------10.1.2.0/24 Local Local 03d23h08m 0
to-p2r1 010.1.3.0/24 Local Local 03d23h08m 0
to-p3r1 010.1.4.0/24 Local Local 04d00h34m 0
to-p4r1 010.2.3.0/24 Remote OSPF 00h41m00s 10
10.1.2.21 200010.2.4.0/24 Remote OSPF 00h41m00s 10
10.1.2.21 200010.3.4.0/24 Remote OSPF 04d00h16m 10
10.1.3.31 200010.10.10.11/32 Local Local 06d18h33m 0
system 010.10.10.21/32 Remote OSPF 00h41m04s 10
10.1.2.21 1000-------------------------------------------------------------------------------No. of Routes: 8===============================================================================
As shown in the slide above, there is a lot of information in a routing table. Routing table entries show network reachability information, how the router learned about the network, and how to reach the network that it has learned.
The routing table Protocol field is broken down into three different categories of routes:
Static routes — Static routes are configured by the user. These routes define the next hop that a packet will take to reach a particular network. A static route overrides any routes learned through a dynamic routing protocol. There are two types of static routes: standard static route, which defines a network address and a next-hop, and default route, which uses 0.0.0.0/0 as the network address. This address is the wildcard address. If a packet does not match any destination addresses in the routing table, it matches the default route and takes the next hop in an attempt to get to its destination.
Local routes — These networks belong to directly connected interfaces. In a route look-up, these routes have priority over all others.
Dynamic routes — Dynamic routes are learned via a protocol (OSPF, IS-IS, BGP). Dynamic routes use metrics in the protocol to decide which route to install in the routing table, and they use the preference value to decide which protocol to believe if the network is learned via multiple protocols.
The Metric field is used by the router to decide which route to enter in the forwarding table when it has learned multiple routes to the same destination from the same protocol.
The Preference field is used by the router to decide which route to enter in the forwarding table when it has learned multiple routes to the same destination from different protocols.
When the router performs a routing table lookup it selects the entry with the longest match to the destination IP address in the packet’s destination field.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 8Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 8 All rights reserved © 2006–2007 Alcatel-Lucent
Routing Protocols
Static Dynamic
IGP EGP
Distance Vector Link State
RIPv1 and RIPv2 OSPFIS-IS
Path Vector
BGP
Explicitly define next hop on every router/Define default route
Routing protocols can be divided into two main categories: static and dynamic. The dynamic routing protocol can be further divided into two main categories: IGP and EGP.
Interior gateway protocols can be further divided into distance vector and link state protocols.
Distance vector — A DV protocol uses a hop-count metric, to take the shortest route to a destination regardless of the bandwidth capability of the path. The common DV protocols are RIPv1 and RIPv2.
Link state — An LS protocol uses a cost metric that is a representation of the status of the link as well as the physical bandwidth of the interface. The LS protocols make their path selection based on the route that has the least cost, which is representative of the path that has the most physical bandwidth. It may not be the shortest path, but it is the best path with regard to bandwidth. Common LS protocols are OSPF and IS-IS.
Path vector — A path vector protocol is a routing protocol, sometimes known as a policy routing protocol, that is used to span different autonomous systems (e.g., BGP). The routing table maintains the autonomous systems that are traversed to reach the destination system.
Exterior gateway protocols — BGPv4 is the current standard for EGP. BGP is a specialized distance vector protocol that chooses the path not based on the number of routers that it must go through but rather based on the number of autonomous systems that it must go through.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 9Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 9 All rights reserved © 2006–2007 Alcatel-Lucent
Static Routes
static-route in Router 1: Config router static-route 192.168.1.0/24 next-hop 10.1.1.1 metric ?? pref ??
192.168.1.0/24
10.1.1.1/3010.1.1.2/30
Router 1
Router 2
Static routes are manually configured and describe the remote destination network and the next hop that a packet must be forwarded to to reach the destination. The entry can be a single network or a range of networks.
If the local router does not participate in route advertising (dynamic routing), the remote routers must also have a static entry that defines how to return packets to the local router.
Static routing saves bandwidth and processing as there are no advertisements or updates. However, there is no real-time indication if the destination becomes unreachable.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 10Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 10 All rights reserved © 2006–2007 Alcatel-Lucent
Default Routes
Static-route in Router 2: Config router static-route 0.0.0.0/0 next-hop 10.1.1.2 metric ??? pref ???
192.168.1.0/24
10.1.1.1/3010.1.1.2/30
Router 1
Router 2Stub
A default entry in the routing table is a wildcard entry that fits any destination. This is used when the destination address of a packet is not specifically defined in the routing table. It is recommended for use in stub routers, in which there is only one way for the stub network to get to all remote networks.
The destination network is 0.0.0.0, which describes any network, with a network mask of 0.0.0.0. A default route is a form of static route. It is the selection of the network address and mask (0.0.0.0/0) that define it as a default route.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 11Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 11 All rights reserved © 2006–2007 Alcatel-Lucent
LAB 2.4-2.5 Static and Default Routes
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4Edge-Pod3
Edge-Pod2
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 12Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 12 All rights reserved © 2006–2007 Alcatel-Lucent
Routing Protocol Basics
Network A
Network B
?
? ?
?
How does Network A send data to Network B?
Router 2
Router 3Router 4
Router 1
All dynamic routing protocols serve the same purpose: to find paths through a network to connect different networks and then to advertise that information to neighbors. The dynamic routing protocols are all built around an algorithm that gives a router the capability of deciding which route to install in the routing table and then advertising that information to its peers.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 13Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 13 All rights reserved © 2006–2007 Alcatel-Lucent
Path Determination
Network A172.16.1.0/24
Network B172.16.2.0/24
172.16.3.1/30172.16.3.2/30
172.16.3.5/30
172.16.3.6/30
172.16.3.9/30
172.16.3.10/30
172.16.3.13/30
172.16.3.14/30
Network A can reach Network B via Path 1 or Path 2. Which one is preferred?
Router 2
Router 3Router 4
Path 2
Path 1
Router 1
All networks are interconnected through routers and when a router has an interface connecting it to another router, the interface must have an address that belongs to a network. In the figure above, there are six distinct networks. Router 1 knows about networks 172.16.1.0/24, 172.16.3.0/30, and 172.16.3.12/30 because it has interfaces or local connectivity to the networks. Likewise, Router 2 knows about networks 172.16.3.0/30 and 172.16.3.4/30. Router 3 knows about networks 172.16.3.12/30 and 172.16.3.8/30, and Router 4 knows networks 172.16.3.8/30, 172.16.3.4/30, and 172.16.2.0/24.
Router 1’s function is to enter its locally connected networks into its routing table and identify them as locally connected networks. It then takes this information and advertises it to routers 2, 3, and 4. This advertisement is called a router update. Routers 2, 3, and 4 will carry out the same operation, advertising their routing updates to the other routers in the network.
Complexity occurs when a router receives this information. For example, when Router 1 receives the information from Router 2 should it place this information in its routing table? Should it pass this information on to Router 3? If Router 1 has heard about network 172.16.3.4/30 from Router 2 and Router 3, which entry should it put in its routing table?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 14Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 14 All rights reserved © 2006–2007 Alcatel-Lucent
Metrics
Network A172.16.1.0/24
Router 1
Network Next-hop router
172.16.3.0/30 to Router 2
172.16.3.12/30 to Router 3
172.16.1.0/24 to Net A172.16.3.4/30
172.16.3.8/30
172.16.2.0/24
172.16.3.4/30172.16.3.2
172.16.3.14172.16.3.14
172.16.3.2172.16.3.8/30
172.16.3.12/30 172.16.3.2
172.16.3.14172.16.3.0/30
172.16.2.0/24 172.16.3.2172.16.3.14
Metric
03030121222
to Router 3
to R
oute
r 2
As shown in the figure above, Router 1 is being flooded with information about network reachability and which paths it can use to get to those destinations. The router requires a way of determining which path is best when it has received multiple paths to the same destination. This method of determining the best path is referred to as metrics. A metric is a value that is assigned to each path to assist in determining which path is best.
In the figure above, Router 1 sees networks 172.16.1.0/24, 172.16.3.0/30, and 172.16.3.12/30. These are local directly connected interfaces. Each of these networks can reach the others because they are directly connected and are considered the best paths. The other three networks, 172.16.3.4/30, 172.16.3.8/30, and 172.16.2.0/24, can be reached via multiple paths. Therefore, the router must decide on a best path to each of these networks among all the paths. Metrics is one of the criteria used by the router to make this decision.
Metrics depend on the type of protocol used. RIPv1 and RIPv2 use hop count for a metric, OSPF and IS-IS use port bandwidth as a metric, and BGP uses AS path count as a metric. Note that metrics are always 0 for a directly connected network.
The hop-count metric chooses the path that goes through the fewest number of routers. It does not take into account the bandwidth of the links. With regard to the above example for network 172.16.3.8/30, using hop count, Router 1 would select the path that goes through Router 3. This link could be T1 while the path through Routers 2 and 4 are going over gigabit Ethernet links.
Bandwidth metric will choose a higher bandwidth path over a shorter distance. In the previous hop-count metric example, a dynamic protocol that uses bandwidth, such as OSPF and IS-IS, would choose the path through Routers 2 and 4 to reach network 172.16.3.8/30 even though the physical distance is twice as long.
.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 15Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 15 All rights reserved © 2006–2007 Alcatel-Lucent
Convergence
Network A172.16.1.0/24
Network B172.16.2.0/24
Network172.16.3.0/30
Network172.16.3.4/30
Network172.16.3.8/30
Network172.16.3.12/30
Router 1 Router 2
Router 3Router 4
All dynamic routing protocols require a way of transmitting the information about their locally connected routes to other routers in the network. Routers also require a method of receiving and processing the information. While processing the information, a routing protocol must use its metrics to decide on the best path. Each router calculates the best path to all networks advertised by every other router in the internetwork and places this information in its routing table. The network is said to be in a convergence state when all routers have successfully computed the best paths and placed them in the routing tables.
When the network topology changes, the neighbors must update their routing information and transmit this change throughout the internetwork.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
IP Routing
Section 2 — Distance Vector Overview
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 17Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 17 All rights reserved © 2006–2007 Alcatel-Lucent
Distance Vector Overview
100 Mb/s
1 Gb/s
1 Gb/s 1 Gb/s
RTR-A RTR-B
RTR-C RTR-D
Routers send periodic updates to physically adjacent neighborsUpdates contain distance (how far) and vectors (direction) for networks
Distance vector routing algorithms (Bellman-Ford) pass periodic copies of a routing table from router to router. Regular (timed-interval) updates between routers communicate topology changes.
Each router receives a routing table from its direct neighbor.
In the figure above, RTR-B receives information from RTR-A.
RTR-B uses the information received from RTR-A to recalculate its routing table.
RTR-B then sends its routing table to RTR-D.
This same step-by-step process occurs in all directions between direct-neighbor routers.
IMPORTANT — With distance vector, no routing table is transmitted beyond the immediate neighbor. For example, RTR-D never sees a routing update directly from RTR-A.
The distance vector algorithm allows network metrics to accumulate and maintains a table showing the next hop for all destinations listed.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 18Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 18 All rights reserved © 2006–2007 Alcatel-Lucent
Distance Vector Overview (cont'd)
Periodic update
sent to neighbor
routersUpdate from neighbor
Process
and compare
with routing
table
The figure above shows the distance vector step-by-step process for updating all routers in an internet when a topology change occurs.
Each router sends its entire routing table to each of its adjacent neighbors. This table includes reachable addresses, a value representing the distance metric, and the IP address of the first router on the path to each network that it knows about.
As each router receives an update from its neighbor, it calculates a new routing table and transmits that to each of its neighbors at the next timed interval.
In a very large network with many routers, this process can take quite a while.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 19Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 19 All rights reserved © 2006–2007 Alcatel-Lucent
Distance Vector Problems
Routing loopsNetwork changes are sent to all routers at periodic intervals.Changes and updates are not sent simultaneously.Slow convergence can cause routing loops.If Network A becomes unreachable, RTR-A sends an update to RTR-B.RTR-B will update RTR-C and RTR-D, but RTR-D can send its periodic update to RTR-C and RTR-B before RTR-B’s update.The packet for RTR-A from other routers will go to RTR-D to RTR-B and then back to RTR-D Routing Loop.
RTR-A
RTR-B
RTR-C
Network A172.16.1.0/24
RTR-D
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 20Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 20 All rights reserved © 2006–2007 Alcatel-Lucent
Loop Avoidance
Split horizon — Do not advertise networks back to the source of the network information.
RTR-A RTR-B RTR-CX
10.0.0.010.0.0.0 – 1 Hop10.0.0.0 – 2 Hops
Routing Table:10.0.0.0 – 1 hop
via 1/1/1
Routing Table:10.0.0.0 – 0 hops
via 1/1/3
Routing Table:10.0.0.0 – 2 hops
via 1/1/2
Split horizon is a loop-avoidance technique for physically adjacent devices. In simplistic terms, split horizon states that an adjacent router will not readvertise a learned network to the router that originally advertised the network.
Without this policy, routers would be susceptible to routing loops. If RTR-C loses network 10.0.0.0, and if RTR-B does not block readvertisments to RTR-C, RTR-C could think that network 10.0.0.0 is accessible via RTR-B. This would cause a loop and a major disruption in traffic flow. To ensure this does not happen, all routers running a distance vector protocol support split horizon.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 21Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 21 All rights reserved © 2006–2007 Alcatel-Lucent
Loop Avoidance (cont'd)
Route poisoning — When a network goes away, the sourcing router sets the hop value to infinity and sends a triggered update to its neighbors.
RTR-A RTR-B RTR-C
10.0.0.010.0.0.0 – 16 Hops10.0.0.0 – 16 Hops
Routing Table:10.0.0.0 – 16 hops
via 1/1/1
Routing Table:10.0.0.0 – 16 hops
via 1/1/3
Routing Table:10.0.0.0 – 16 hops
via 1/1/2
X
Routing Table:10.0.0.0 – 0 hops
via 1/1/3
Routing Table:10.0.0.0 – 1 hop
via 1/1/1
Routing Table:10.0.0.0 – 2 hops
via 1/1/2
Route poisoning is used to speed up convergence. When used in conjunction with triggered updates, the convergence of a network speeds up. Route poisoning is accomplished by the router that is directly connected to the network that goes away. When it determines that the network is not accessible, the router sets the hop count to infinity (16 hops for RIP) and forwards a message to all directly attached neighbors. The neighbors change their routing tables and forward the message to their neighbors on all other links. Note that split horizon still applies when forwarding a route poison advertisement.
In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry and forwards the change to RTR-A. This ensures that all routers learn of the topology change, and by keeping the route in the routing table, the possibility of creating a false path to network 10.0.0.0 is decreased.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 22Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 22 All rights reserved © 2006–2007 Alcatel-Lucent
Loop Avoidance (cont'd)
Poison reverse — The only time that split horizon is violated. Poison reverse helps to avoid loop creation when a network fails.
RTR-A RTR-B RTR-C
10.0.0.010.0.0.0 – 16 Hops10.0.0.0 – 16 Hops
X
10.0.0.0 – 16 HopsPoison Reverse
10.0.0.0 – 16 HopsPoison Reverse
Routing Table:10.0.0.0 – 16 hops
via 1/1/1
Routing Table:10.0.0.0 – 16 hops
via 1/1/3
Routing Table:10.0.0.0 – 16 hops
via 1/1/2
Routing Table:10.0.0.0 – 0 hops
via 1/1/3
Routing Table:10.0.0.0 – 1 hop
via 1/1/1
Routing Table:10.0.0.0 – 2 hops
via 1/1/2
Poison reverse is the only time that split horizon is violated in a distance vector routing protocol environment. The idea of poison reverse is to confirm to the preceding device that the update about a network going away has been recorded. This response to the originator also ensures that a loop-free topology is created.
In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry and forwards the change to RTR-A. RTR-B also sends a poison reverse message back out the interface that RTR-C’s message came in on. This ensures a loop-free topology. When RTR-A gets the route poisoning message from RTR-B, it also sends a poison reverse message back on the interface that the message was received on.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 23Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 23 All rights reserved © 2006–2007 Alcatel-Lucent
Routing Table:10.0.0.0 – 16 hop –
Via 1/1/1
Routing Table:10.0.0.0 – 0 hop
via 1/1/3
Routing Table:10.0.0.0 – 16 hop –
Via 1/1/0
Routing Table:10.0.0.0 – 1 hop
via 1/1/1
Routing Table:10.0.0.0 – 16 hop –
Via 1/1/1
Routing Table:10.0.0.0 – 2 hop
via 1/1/2
Loop Avoidance (cont'd)
Hold-down timers — Provide time for other routers to converge and reduce the creation of loops when a network fails
RTR-A RTR-B RTR-C
10.0.0.010.0.0.0 – 16 Hops10.0.0.0 – 16 Hops
X
Hold-down timer180 seconds
Hold-down timer180 seconds
Hold-down timer180 seconds
Hold-down timers keep the failed network in the routing table, with the hop count set to infinity, for a predetermined period of time. This allows time for the other routers in the network to receive the topology change update without causing loops.
In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry by changing the metric to infinity, and it starts its hold-down timer. RTR-B will not remove the route until the hold-down timer has expired. This ensures that all routers learn of the topology change without causing a loop during convergence. Keeping the route in the routing table decreases the possibility of creating a false path to network 10.0.0.0.
Note that RIP does not make use of a hold-down timer.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 24Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 24 All rights reserved © 2006–2007 Alcatel-Lucent
Routing Table:10.0.0.0 – 16 hop –
Via 1/1/0
Routing Table:10.0.0.0 – 0 hops
via 1/1/3
Routing Table:10.0.0.0 – 16 hop –
Via 1/1/1
Routing Table:10.0.0.0 – 1 hop
via 1/1/1
Routing Table:10.0.0.0 – 16 hop –
Via 1/1/0
Routing Table:10.0.0.0 – 2 hops
via 1/1/2
Topology Change
Combined loop-avoidance mechanisms would look something like this example:
RTR-A RTR-B RTR-C
10.0.0.010.0.0.0 – 16 Hops10.0.0.0 – 16 Hops
X
10.0.0.0 – 16 HopsPoison Reverse
10.0.0.0 – 16 HopsPoison Reverse
Hold-down timer180 seconds
Hold-down timer180 seconds
Hold-down timer180 seconds
When combined, the mixture of route poisoning, poison reverse, triggered updates, and hold-down timers provides a robust loop-avoidance technique when routes fail in a network.
In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity, sets the hold-down timer, and sends an update to RTR-B. RTR-B changes its routing table entry, sets the hold-down timer, and forwards the change to RTR-A. RTR-B also sends a poison reverse message back out the interface that RTR-C’s message came in on. When RTR-A gets the route poisoning message from RTR-B, it also sends a poison reverse message back on the interface that the message was received on. In addition, it modifies the routing entry by setting it to infinity and invokes its hold-down timer.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
IP Routing
Section 3 — Configuring RIP
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 26Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 26 All rights reserved © 2006–2007 Alcatel-Lucent
RIPv1 — Overview
Uses hop-count metricAdvertises updates with broadcast addressingMaximum of 15 hops; 16 equals infinityMaximum of 25 network entries per packet30-second advertisement intervalNo security or authenticationClassful routing protocol
RIPv1 was originally outlined in June 1988 and is defined in RFC 1058.
RIP is an IGP that uses a distance vector algorithm to determine the best route to a destination, using hop count as the metric. A hop is a network-layer device such as a router. For the protocol to provide complete information on routing, every router in the domain must participate in the protocol. RIP is a routing protocol based on a distance vector (Bellman-Ford) algorithm, which advertises network reachability by advertising the prefix/mask and the metric (also known as hop count or cost).
RIPv1 uses broadcast updates to advertise the networks. In the updates, the maximum number of networks that can be advertised per packet is 25. Therefore, if a router needs to advertise 30 networks to its peers, it will send 2 packets every 30 seconds. The first will contain 25 network entries, and the second will contain the remaining 5 network entries. Alcatel-Lucent supports modification of this parameter to a maximum of 255 network entries per packet.
By default, RIP advertises all RIP routes to each peer every 30 seconds. In RIP, the hop metric is limited to a maximum value of 15 hops, i.e., networks can be no more than 15 routers away. To signify that a network is unreachable, the hop value is set to 16, which equates to infinity for RIP. Each router along the path increments the hop count value by 1. The maximum number of hops in a path is 15. If a router receives a routing update with a metric of 15 that contains a new or modified entry, increasing the metric value by 1 will cause the metric increment to 16 (infinity). Then, the destination is considered unreachable. The 7750 SR implementation of RIP uses split horizon with poison reverse to protect from such problems as “counting to infinity”. Split horizon with poison reverse means that routes learned from a neighbor through a given interface are advertised in updates out of the same interface but with a metric of 16 (infinity).
RIPv1 does not support any security or authentication mechanism. However, the more modern version, RIPv2, does have built-in authentication.
The 7750 SR software supports RIPv1 and RIPv2. RIPv1 was written and implemented prior to the introduction of CIDR. Therefore it is a classful routing protocol. It assumes the following netmask information for non-local routes, based on the class the route belongs to:
Class A — 8-bit mask
Class B — 16-bit mask
Class C — 24-bit mask
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 27Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 27 All rights reserved © 2006–2007 Alcatel-Lucent
RIPv2 Overview
RIPv2 is an evolution of RIPv1. In addition to supporting all RIPv1 features, it supports :
VLSMAuthentication of routing updatesNext-hop addresses carried with each route entryExternal route tagsMulticast route updates
RIPv2 is a classless routing protocol.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 28Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 28 All rights reserved © 2006–2007 Alcatel-Lucent
RIPv1 vs. RIPv2
RIPv2Classless routing protocolMulticast updates every 30 secondsSupport for MD5Tagging of external routesHop-count metric16 hops equal infinity
RIPv1Classful routing protocolBroadcast updates every 30 secondsAll updates sent in clearNo method of identifying external routesHop-count metric16 hops equal infinity
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 29Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 29 All rights reserved © 2006–2007 Alcatel-Lucent
RIP Neighbors
Router 1 Router 2
Router 4Router 3
Router 4 has two neighbors, Router 2 and Router 3
Router 1 has two neighbors, Router 2 and Router 3
When a routing protocol refers to neighbors, it is referring to other routers that share a common data link. A distance vector protocol such as RIP sends its updates to its neighbors and relies on them to pass the information on through the internetwork.
This process is referred to as hop-by-hop updating.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 30Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 30 All rights reserved © 2006–2007 Alcatel-Lucent
RIP Messages
Request
Req
uest
Response
Response
Router 1 Router 2
Router 4Router 3
The RIP routing process is a distance vector routing process and operates using UDP port 520. RIP defines two message types: request and response messages. The request message is used to ask RIP neighbors to send an update. The response message is the update itself.
On startup, a RIP router broadcasts or multicasts a packet carrying a RIP request message out of all the RIP-enabled interfaces. When the RIP neighbors receive this message, they generate a response message in the form of an update.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 31Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 31 All rights reserved © 2006–2007 Alcatel-Lucent
RIP Updates
RIP update includes the entirerouting table (25 entries)
RIP update includes the entire
routing table (25 entries)
Router 1
Router 2
Router 4
Router 3
Distance vector protocols normally assume that the neighbor knows nothing. Therefore, when a distance vector protocol sends an update it contains everything from its routing table. The neighbor takes what it needs from the update and discards the rest.
An update message can hold a maximum of 25 routes per update. RIP routers then continue to send complete updates (the entire routing table) every 30 seconds.
The response or update message timer that initiates the generation of the update message has a random variable to prevent table synchronization (all routers sending their updates at the same time). As a result of this random variable, the time between individual updates can be from 25 to 35 seconds.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 32Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 32 All rights reserved © 2006–2007 Alcatel-Lucent
RIP Operation
10.1.1.0/24
NetworkCloud
(assume 12 routers separate Router B
& C
10.1.1.0/24Update from A
1 hop
10.1.1.0/24Update from B
2 hops
10.1.1.0/24Update from C
15 hops
A B C D
10.1.1.0/24Update received by C
14 hops
A Routing Table:Destination Metric Valid10.1.1.0/24 0 Yes
B Routing Table:Destination Metric Valid10.1.1.0/24 2 Yes
C Routing Table:Destination Metric Valid10.1.1.0/24 15 Yes
D Routing Table:Destination Metric ValidRoute INVALID, do not Populate In table
By default the RIP router advertises all RIP routes to each neighbor every 30 seconds. RIP uses a hop-count metric to determine the distance between the packet source and the packet destination. The metric values for a valid route is 1 to 15 inclusive. A route that has a metric value of 16 (infinity) indicates that the route is no longer valid and should be removed from the routing table.
In the slide above, router A sends an Update message containing the route 10.1.1.0/24 with a metric of 0, to router B. Router B updates the metric for the route by adding the cost of the network on which the message arrived. If the result is greater than infinity, infinity (16) is used. That is the metric = MIN (metric + cost, infinity). It then check to see whether there is already an explicit route for the destination address. If there is no such route, router B adds this route to its routing table with the newly calculated metric of 2. It also initializes the Timeout timer for the route. It then triggers a new update message about this route (10.1.1.0/24) which it sends to its neighbor(s) (into the network cloud, in the slide above).
This process is repeated at each router within the cloud which would receive an Update about route 10.1.1.0/24. Hence, router C receives an Update containing route 10.1.1.0/24 with a metric of 14. It calculates the metric value to 15, adds the route to its routing table and sends a new Update message about this route to router D.
Router D calculates the new metric value to 16. As this value indicates that the route is unreachable, router D does not populate this route in its routing table
If a router already has an entry in its database for the route received in the Update, then the following occurs:
-If this datagram is from the same router as the existing route, the router reinitialize the timeout.
- If the datagram is from the same router as the existing route, and the new metric is different or lower than the old one the route and associated info contained in the update replaces the existing route entry. And the router then sends an Update about this route to its neighbors.
-If the new metric associated with the route is infinity then the Flush timer is initiated. The route is no longer used for routing packets. Note that the deletion process (Flush timer) is started only when the metric is first set to infinity. If the metric was already infinity, then a new deletion process is not started.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 33Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 33 All rights reserved © 2006–2007 Alcatel-Lucent
RIP Timers
RIP uses the following three timers:
Update Timerfrequency with which a router sends an update about its routes, to its neighbors
Timeout Timeramount of time within which a router must receive an update about a route. If the timeout timer expires and no update has been received, the route is declared Invalid, but is kept in theRIP database
Flush Timeramount of time a route that has been declared Invalid remains in the database before being removed
By default, every 30 seconds a RIP router sends an unsolicited update message containing its complete routing table to all its peers.
Each route has two timers associated with it: the timeout and flush timers. If the Timeout timer expires and no updates have been received about a given route, that route is marked invalid, but is maintained in the routing table for a short time so that neighbors can be notified that the route has been dropped. The invalid route is still included in the route updates sent by the router until the flush timer expires. When the flush timer expires, the invalid route is removed from the routing table. If an update about the invalid route is received while the flush timer is running, the new route update will replace the one that is about to be deleted. In this case the flush timer must be cleared.
On the 7x50 SR/ESS the default values for the update, timeout and flush timers are respectively, 30 seconds, 180 seconds and 120 seconds.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 34Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 34 All rights reserved © 2006–2007 Alcatel-Lucent
RIP Timers (cont’d)
A B
Update
10.1.1.0/24
Router B receives update
T=0s
Timeout timerStarts
Router B receives update
No updatereceived
Router B receives update
No updatereceived
Still no updatereceived
T=30s T=210s T=300s T=480s T=600s
Timeout timerresets
Router B declares route
InvalidFlush timer
starts
Router B ClearsFlush Timer &
Resets Timeout Timer
Route is Valid
Router B declares route
InvalidFlush timer
starts
Router B removes route from routing
table
Update Timer = 30s Timeout Timer = 180sFlush Timer = 120s
In the above slide, router A sends an update to router B about the route 10.1.1.0/24. At time T= 0 seconds, router B receives the update and populates the route in its routing table. It also initializes the timeout timer. After 30 seconds router A sends another update about the route 10.1.1.0/24, which is received by router B. Router B resets the timeout timer associated with this route. After 180 seconds, router B receives no updates about the route 10.1.1.0/24. The associated timeout timer expires, and router B declares the route invalid. Router B also initializes the flush timer. After 90 seconds router B receives and update about route 10.1.1.0/24. It replaces the route entry with the info in the new update (route is valid again), clears the flush timer and initializes the timeout timer. After 180 seconds, router B receives no updates about route 10.1.1.0/24 and declares it invalid, as the timeout timer has expired. After 120 seconds, router B still does not receive any update about route 10.1.1.0/24, and as the flush timer has now expired, it therefore deletes the route from its routing table.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 35Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 35 All rights reserved © 2006–2007 Alcatel-Lucent
RIP — Pinhole Congestion
10.1.1.0/24 101.10.1.0/24
GigE
GigE
GigE
T1 T1
Traffic Flow
The only metric used by RIP in its routing computation is hop count. The figure above shows that, despite having a higher-bandwidth path through the top of the network, RIP always chooses the route or path with the fewest hops. In this case, all traffic will flow across the T1 link, leaving the gigabit Ethernet path unused. This is known as pinhole congestion.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 36Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 36 All rights reserved © 2006–2007 Alcatel-Lucent
Basic RIP Configuration
All RIP instances must be explicitly created on each device. Once created, RIP is administratively enabled.To configure RIP, perform the following tasks:
Configure interfacesConfigure policy statements (optional)Enable RIPConfigure group parametersConfigure neighbor parameters
Note that routers will not automatically advertise routes with RIP. A route policy must be created and applied to RIP to dictate which routes are to be advertised.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 37Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 37 All rights reserved © 2006–2007 Alcatel-Lucent
Basic RIP Configuration Example
PE3>config>router>rip# info----------------------------------------------export RIP_policygroup "RIP-A"
neighbor "to-pe2“neighbor “to-pe1”exit
exit----------------------------------------------PE3>config>router>rip#
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 38Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 38 All rights reserved © 2006–2007 Alcatel-Lucent
Show RIP Neighbors
PE3>show>router>rip# neighbor
===============================================================================
RIP Neighbors
===============================================================================
Interface Adm Opr Primary IP Send Recv Metric
Mode Mode In
-------------------------------------------------------------------------------
To-pe1 Up Up 192.168.1.1 BCast Both 1
To-pe2 Up Up 192.168.1.10 BCast Both 1
------------------------------------------------------------------------------
No. of RIP Neighbors: 2
===============================================================================
The slide above shows the neighbor information of the RIP routing protocol, including the interfaces that RIP is running on and the addresses of these interfaces.
Note that the send mode is set to broadcast. This is the default value so that RIPv2 is backward-compatible with routers that are running RIPv1. This can be manually configured to multicast. The receive mode is set to both so that it can receive updates from either RIPv1 or RIPv2 routers. Finally, the metric is one hop for these interfaces.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 39Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 39 All rights reserved © 2006–2007 Alcatel-Lucent
Show RIP Peers
PE3# show router rip peers=================================================================RIP Peers=================================================================Peer IP Addr Interface Name Version Last Update-----------------------------------------------------------------10.10.10.1 to-pe1 RIPv2 010.10.10.2 to-pe2 RIPv2 2-----------------------------------------------------------------No. of Peers: 2=================================================================
The slide above shows the peer information of the RIP routing protocol, including the IP addresses of the peers, the name of the interfaces to reach them, the version of RIP that is running on those interfaces, and the last updated sent to the peer.
Peer IP Addr : The IP address of the peer router.Interface Name: The peer interface name.Version: The version of RIP running on the peer.Last Update : The number of seconds since the last update sent to the peer.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 40Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 40 All rights reserved © 2006–2007 Alcatel-Lucent
Show RIP Database
ND184>show>router>rip# database
===========================================================================
RIP Route Database
===========================================================================
Destination Peer Interface Met TTL Valid
---------------------------------------------------------------------------
172.0.0.181/32 192.168.1.2 to182 2 172 No
172.0.0.181/32 192.168.1.9 to181 1 164 Yes
172.0.0.182/32 192.168.1.2 to182 1 172 Yes
172.0.0.182/32 192.168.1.9 to181 2 164 No
192.168.1.4/30 192.168.1.2 to182 1 172 Yes
192.168.1.4/30 192.168.1.9 to181 1 164 No
---------------------------------------------------------------------------
No. of Routes: 6
The slide above shows the RIP database summary information, including all networks and addresses of the peers from which the router has received the updates.
Note that the routes are marked as either valid or not valid. The valid routes are the ones that have the fewest hops (metric) associated with them.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 41Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 41 All rights reserved © 2006–2007 Alcatel-Lucent
Show RIP Update
ND184>show>router>rip# database detail
===============================================================================
RIP Database (Detail)
===============================================================================
Destination : 172.0.0.181/32 Next Hop : 0.0.0.0
Interface : to182 Peer : 192.168.1.2
Metric : 2 Tag : 0x0000
TTL : 167 Valid : No
Destination : 172.0.0.181/32 Next Hop : 0.0.0.0
Interface : to181 Peer : 192.168.1.9
Metric : 1 Tag : 0x0000
TTL : 162 Valid : Yes
The slide above shows a portion of the information that is carried in a RIP update message. A single update message can carry a maximum of 25 networks. The information shown is similar to the database summary information shown in the previous slide.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 42Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 42 All rights reserved © 2006–2007 Alcatel-Lucent
Show RIP Group
ND184>show>router>rip# group detail
=========================================================================
RIP groups (Detail)
=========================================================================
-------------------------------------------------------------------------
Group "rip"
-------------------------------------------------------------------------
Description : No Description Available
Admin State : Up Oper State : Up
Send Mode : Broadcast Receive Mode : Both
Metric In : 1 Metric Out : 1
Split Horizon : Enabled Check Zero : Disabled
Message Size : 25 Preference : 100
Auth. Type : None Update Timer : 30
Timeout Timer : 180 Flush Timer : 120
Export Policies: rip
Import Policies: None
=========================================================================
The slide above shows the configuration information that is applied to all RIP neighbors that belong to this group. The RIP neighbors are the interfaces that are part of the RIP routing process.
Any changes that are made to the group are automatically pushed down to all neighbors that belong to the group. This eases configuration.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 43Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 43 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary
Router functionsRouting loopsStatic and default routesDistance vectorIssues with distance vectorLoop-avoidance mechanisms
Split horizonRoute poisoningPoison reverseHold-down timers
RIPv1 and RIPv2General RIP operations and updatesRIP show commands
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 44Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 44 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment
1. The Layer 2 address is used by the router to make its forwarding decision.A. TrueB. False
2. What is the preference value found in the routing table used for?A. Differentiate between multiple routes to a destination learned by the same protocolB. Differentiate between multiple routes to a destination learned by different protocolsC. Serves no purpose
3. Static routes do not respond in real time to a failure. A. True B. False
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 45Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 45 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment (cont'd)
4. What are the functions of a routing protocol? Choose all that apply.A. Calculate an optimal path through a network.B. Notify applications of inability to reach destination.C. Advertise network reachability information to neighbors.D. Apply flow control to traffic to reduce congestion.
5. What is the maximum number of routes that can be carried in a RIPv1 update message?A. 15B. 25C. 30D. 45
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 46Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 46 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment Answers
Left blank for notes
1. The Layer 2 address is used by the router to make its forwarding decision.A. TrueB. False
2. What is the preference value found in the routing table used for?A. Differentiate between multiple routes to a destination learned by the same protocolB. Differentiate between multiple routes to a destination learned by different protocols C. Serves no purpose
3. Static routes do not respond in real time to a failure. A. True B. False
4. What are the functions of a routing protocol? Choose all that apply.A. Calculate an optimal path through a network. B. Notify applications of inability to reach destination. C. Advertise network reachability information to neighbors. D. Apply flow control to traffic to reduce congestion.
5. What is the maximum number of routes that can be carried in a RIPv1 update message?A. 15B. 25 C. 30D. 45
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 6 - page 47Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 6 | 47 All rights reserved © 2006–2007 Alcatel-Lucent
LAB 3.1 - Basic RIP Configuration
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4Edge-Pod3
Edge-Pod2
RIP
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Alcatel-Lucent Scalable IP Networks
Module 7 — Link-State Routing Protocols
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 2Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 2 All rights reserved © 2006–2007 Alcatel-Lucent
Module Objectives
After successful completion of this module, you should be able to:
Understand link state protocol behaviorUnderstand the terminology used in OSPFUnderstand the concepts of areas used in OSPFDescribe the contents of the different databases used in the OSPF routing processDiscuss the different link state advertisements used in OSPF Configure and verify a simple (flat) OSPF networkConfigure and verify a hierarchical OSPF network
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Link-State Routing Protocols
Section 1 — Link State Overview
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 4Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 4 All rights reserved © 2006–2007 Alcatel-Lucent
Distance vectorDistance vector Link stateLink state
Views the network topology from the neighbor’s perspective
Adds distance vectors from router to router
Frequent, periodic updates: slow convergence
Passes copies of the routingtable to neighbor routers
Views the network topology from the neighbor’s perspective
Adds distance vectors from router to router
Frequent, periodic updates: slow convergence
Passes copies of the routingtable to neighbor routers
Gets a common view of theentire network topology
Calculates the shortestpath to other routers
Event-triggered updates:faster convergence
Passes link-state routingupdates to other routers
Gets a common view of theentire network topology
Calculates the shortestpath to other routers
Event-triggered updates:faster convergence
Passes link-state routingupdates to other routers
Distance Vector vs. Link State
Link state and distance vector can be compared in several key areas:
1. Distance vector sees everything and learns everything as "next hop“. Link state obtains a wide view of the entire internetwork topology by accumulating all necessary LSPs.
2. Distance vector determines the best path by adding to the metric value it receives as tables move from router to router. With link state, each router calculates its own shortest path to destinations.
3. Distance vector is a daisy chain of tables passed using periodic table updates. This leads to slow convergence, particularly in large networks.
4. With link state, updates are triggered by topology changes. Relatively small LSPs are passed to all other routers or to a multicast group of routers, which usually results in faster convergence times.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 5Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 5 All rights reserved © 2006–2007 Alcatel-Lucent
Sends subnet mask in update
Supports VLSM, CIDR, and manual route summarization
Supports authentication
Maintains multiple databases
Sends updates using multicast addressing
Link-state driven updates, periodic hellos
Link State Overview
Link-state protocols have the following common attributes:
Link-state protocols trigger an update when a link (interface) changes state. The router connected to the link initiates a triggered update to its neighbors to notify them of the topology change. If the network is stable and no changes in links are detected, the routers send periodic hello messages to maintain connectivity without having to consume excessive bandwidth.
The updates contain the subnet mask of each network being advertised. This allows for more optimal network design and accurate path selection.
VLSM and CIDR are supported in all link-state protocols.
Due to the classless aspects of link-state protocols, manual summarization is actively supported. This allows for network administrators to have much more control of where and how the summarization takes place.
All modern link-state protocols support authentication of the updates being sent between the routers. This ensures that accurate network topologies are created without false information or errors.
Link-state protocols maintain three common databases: topology (link state DB), neighbor (adjacency DB), and routing table (forwarding DB).
Modern link-state protocols use a multicast address to convey updates and hellos to their neighbor link-state routing peers. This reduces processing on devices in the network that are not running the link-state protocol.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 6Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 6 All rights reserved © 2006–2007 Alcatel-Lucent
Link State Overview (continued)
Link = An interfaceState = Active or inactive interfaceIS-IS and OSPF are link-state protocolsMore complex than distance vectorFaster convergenceTriggered updatesThree databases:
Adjacency — Neighbor databaseTopology — Link-State databaseRouting — Forwarding database
Link state, also known as SPF, maintains a complex database of topology information. While distance vector has nonspecific information about distant networks and no knowledge of distant routers, link state maintains full knowledge of distant routers and how they interconnect. OSPF and IS-IS are examples of link-state routing protocols.
LSPs are used to transmit the information necessary to build a topological database, which is used by the SPF algorithm to construct a SPF tree, and finally, a routing table of paths and ports to each network. When a link-state topology changes, the routers must become aware of the change and send information to other routers or to a designated router that all other routers can use for updates. This involves the propagation of common routing information to all routers in the network. To achieve convergence, each router does the following:
Keeps track of it neighbors.
Constructs an LSP that lists neighbor router names and link metrics (cost). This includes new neighbors, change metrics, and links to neighbors that have gone down.
Sends out the LSP so that all routers receive it.
When it receives an LSP, records the LSP in its database so that it can store the most recent LSP received.
Using accumulated LSP data to construct a complete network topology, proceeds from the common starting point for the SPF algorithm and compute routes to every network.
Each time an LSP causes a change to the link-state database, the link-state algorithm recalculates the best paths and updates the routing table.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 7Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 7 All rights reserved © 2006–2007 Alcatel-Lucent
Link State Overview (continued)
Adjacency database
Link State DatabaseRTR-A to RTR-C, cost=1000RTR-A to RTR-B, cost=1000RTR-C to RTR-B, cost=1000
RTR-B to 2.2.2.0/24, cost=1000… …
Link-state databaseForwarding database
Adjacency DatabaseRTR-B — on 1/1/2RTR-C — on 1/1/1
Routing Table:2.2.2.0/24 — via 1/1/2
RTR-A
RTR-C
RTR-B
Network2.2.2.0/24
1/1/2
1/1/1
Link state protocols keep three databases in the routers:
The adjacency database, sometimes called the neighbor database, keeps track of all the other routers that are directly attached and passing link state routing information. The adjacency database is maintained with periodic hello messages.
The LSDB has all learned paths to all destination networks. It is this database that is used to create the SPF tree that ultimately creates the routing table.
The routing table, sometimes called the forwarding database, is used by the router to accurately forward IP packets to the destination network.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 8Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 8 All rights reserved © 2006–2007 Alcatel-Lucent
Link State Overview (continued)
Routing Table10.0.0.0/8 via 2.2.2.1
…
Routing Table10.0.0.0/8 via 2.2.2.1
…
A to 2.2.2.0/30 Cost 10A to 3.3.3.0/30 Cost 10B to 4.4.4.0/30 Cost 10C to 10.0.0.0/8 Cost 10
… …
A to 2.2.2.0/30 Cost 10A to 3.3.3.0/30 Cost 10B to 4.4.4.0/30 Cost 10C to 10.0.0.0/8 Cost 10
… …
Step 1 – Updates received from peers
Step 2 – Topology databaseCreated
Step 3 – SPF algorithm determines the best
path to destination networksStep 4 – Routingtable created
10.0.0.0/8Via 2.2.2.1 Cost 20 - BEST
Via 3.3.3.1 Cost 30 … …
10.0.0.0/8Via 2.2.2.1 Cost 20 - BEST
Via 3.3.3.1 Cost 30 … …
10.0.0.0/8
3.3.3.0/30
.1.2
2.2.2.0/30
.2.1
AFrom router’s APoint-of-view
B
C
.1
.2
4.4.4.0/30
Link state, also known as SPF, maintains a complex database of topology information.
While distance vector has nonspecific information about distant networks and no knowledge of distant routers, link state maintains full knowledge of distant routers and how they interconnect.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 9Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 9 All rights reserved © 2006–2007 Alcatel-Lucent
Exchange of Link State Information
A B C D
R1 Link-state PacketR1 Link-state Packet
AA 1010
BB 1010
R1 R2 R3
R2 Link-state PacketR2 Link-state Packet
BB 1010
CC 1010
R3 Link-state PacketR3 Link-state Packet
CC 1010
DD 1010
Routers exchange LSPs with each other. Each router begins with the directly connected networks for which it has direct link-state information.
Network discovery for link-state routing uses the following processes:
Routers exchange LSPs with each other. Each router begins with the directly connected networks for which it has direct link-state information. It floods its link-state information to other routers in the network.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 10Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 10 All rights reserved © 2006–2007 Alcatel-Lucent
Topological Database
A B C DR1 R2 R3
R1 Link-state packetR1 Link-state packet
AA 1010
BB 1010
R2 Link-state packetR2 Link-state packet
BB 1010
CC 1010
R3 Link-state packetR3 Link-state packet
CC 1010
DD 1010
R1 Link-state packetR1 Link-state packet
AA 1010
BB 1010
R2 Link-state packetR2 Link-state packet
BB 1010
CC 1010
R3 Link-state packetR3 Link-state packet
CC 1010
DD 1010
R1 Link-state packetR1 Link-state packet
AA 1010
BB 1010
R2 Link-state packetR2 Link-state packet
BB 1010
CC 1010
R3 Link-state packetR3 Link-state packet
CC 1010
DD 1010
Network discovery for link-state routing uses the following processes (continued):
Each router constructs a topological database that consists of all the LS information from the other routers in the network.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 11Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 11 All rights reserved © 2006–2007 Alcatel-Lucent
A B C DR1 R2 R3
R1 Link-state packetR1 Link-state packet
AA 1010
BB 1010
R2 Link-state packetR2 Link-state packet
BB 1010
CC 1010
R3 Link-state packetR3 Link-state packet
CC 1010
DD 1010
SPF tree
SPF
R1Routing
table
R1Routing
table
1
2
3
Calculating the SPF Tree and Populating the Routing Table
Network discovery for link-state routing uses the following processes (continued):
1. The SPF algorithm computes network reachability, determining the shortest path to the other networks in the link-state network.
2. The router constructs this logical topology of shortest paths as a tree, with itself as root.
3. The router lists its best paths and the ports to these destination networks in the routing table. It also maintains additional topology elements and status details.
When all these processes are complete, normal routing of packets can begin.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 12Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 12 All rights reserved © 2006–2007 Alcatel-Lucent
Topology Changes
Run SPFUpdateroutingtable
Run SPFUpdateroutingtable
Run SPFUpdateroutingtable
Run SPFUpdateroutingtable
Run SPFUpdateroutingtable
Run SPFUpdateroutingtable
Topologychange
Topologychange
Link-state updates are driven by topology changes.
Link-state information
When a router recognizes a topology change (link down, neighbor down, new link, or new neighbor), it must notify its neighbors. To do this, each link-state router does the following:
The router that recognizes the change sends out new link-state information that reflects the change.
When a router receives new link-state information, it must populate the information in its topological database and pass it on to its neighbors.
The SPF algorithm must be run against the new topological database to update the routing table with the new information.
Each time that there is a topology change that causes an update to the topological database, the SPF algorithm must be run.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 13Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 13 All rights reserved © 2006–2007 Alcatel-Lucent
Link-state information is flooded to other routers in the network.
Link-state information
Flooding
Link-state information is sent during a topology change and periodically to insure topological database synchronization. LSAs are:
Sourced by the router that is connected to the link that changes
Flooded by all other routers
Transmitted at each link-state change
The topological database synchronization relies on the flooding of link-state information throughout the link-state domain.
This must be a reliable procedure.
Routers must also have a way to determine if the link-state information they are receiving is more recent than the information already in the database. There must also be a mechanism to determine if the link-state information should be forwarded to neighbors or dropped. Without such a mechanism in place, the link-state information could be flooded infinitely.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 14Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 14 All rights reserved © 2006–2007 Alcatel-Lucent
Acknowledgment
Each router must receive an acknowledgment that the update was received by its neighbor. If an acknowledgment is not received, the link-state information is retransmitted.
AcknowledgmentLink-state information
Acknowledgments make the flooding procedure reliable. This helps to ensure that the topological database is synchronized.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 15Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 15 All rights reserved © 2006–2007 Alcatel-Lucent
Sequence Numbers
Sequence numbers must be included in the link-state information.
— Without sequence numbers, the link-state information could be flooded infinitely.
— The sequence number remains the same, router-to-router, during the flooding process.
In a link-state environment, routers use the sequence numbers for the following decisions when receiving a link-state update:
— If the sequence number is lower than the one in the database, the link-state information is discarded; and the receiving router will update the sending router with the corresponding information in its own database.
— If the sequence number is the same, an acknowledgement is sent. The link-state information is then discarded.
— If the sequence number is higher, the link-state information is populated in the topological database, an acknowledgement is sent, and the link-state information is forwarded to its neighbors.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 16Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 16 All rights reserved © 2006–2007 Alcatel-Lucent
R1 Link-state packetR1 Link-state packet
Seq=2Seq=2R1 Link-state packetR1 Link-state packet
Seq=2Seq=2R1 Link-state packetR1 Link-state packet
Seq=2Seq=2
Sequence Numbers (continued)
A B C D
R1 Link-state packetR1 Link-state packet
Seq=1Seq=1
R1 R2 R3
R1 Link-state packetR1 Link-state packet
Seq=1Seq=1R1 Link-state packetR1 Link-state packet
Seq=1Seq=1
In the figure above, all routers initially have an entry in their respective topology databases for network A with a sequence number of 1. This information was obtained from an update that R1 has previously sent. When the link to network A fails, R1 generates new link-state information for network A. It increments the sequence number and sends the link-state information to its neighbor. On receiving the link-state information, R2 checks the sequence number and sees that it is newer. R2 populates its topological database with the new information about network A and floods it to its neighbor R3. Likewise, R3 checks the sequence number, sees that it is newer and populates its topological database.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 17Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 17 All rights reserved © 2006–2007 Alcatel-Lucent
Sequence Numbers (continued)
B C
D
R2 R3
A
F E
R5 R4R6
R1
Z
R1 receives 2 copies of the link state information for network Z.R1 must decide what to do with the second copy of the link-state information that it receives.
R1 receives the link-state information via R2 first. It populates its topological database with the newly received link-state information. The link-state information is then received from R6. R1 must compare the link-state information with the information it already has in its database. R1 can see that the sequence numbers are the same. Therefore, it discards the link-state information and does not forward it to R2.
This process stops link-state information from being flooded infinitely.
In the same example as shown in the slide above, if network Z comes up immediately after it goes down, the sequence number is incremented again. For some reason, the link-state information for network Z going down with a sequence number of 2 is delayed via R4 to R3 to R2 to R1. The link-state information for network Z, being available with a sequence number of 3, arrives at R1 via R4 to R5 to R6 to R1 first. When the delayed link-state information with a sequence number of 2 arrives, R1 compares it with the link-state information that it has in its topological database. R1 determines that the link-state information is older and discards it.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 18Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 18 All rights reserved © 2006–2007 Alcatel-Lucent
Link-State Information Aging
Link-state information includes an age field.The age of newly created link-state information is set to 0 for OSPF and 1200 for IS-IS. It is incremented by each hop during the flooding procedure for OSPF and is decremented for IS-IS.The link-state age is also incremented for OSPF and decremented for IS-IS as it is held in the topological database.
Maximum ageWhen the link-state information reaches its maximum age, it is no longer used for routing. The link-state information is flooded to the neighbors with the maximum age, and the link-state information is removed from the topological database.For OSPF the default maximum age is 3600
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 19Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 19 All rights reserved © 2006–2007 Alcatel-Lucent
Hierarchy in Link-State Networks
Scalability issues exist with Link-state networks:The size of the link-state database increases exponentially with the size of the network.The complexity of the SPF calculation also increases exponentially.A topology change requires the complete recalculation of the forwarding table on every router.
A hierarchy allows a large routing domain to be split into several smaller domains.A hierarchy results in suboptimal routing.A hierarchy is less common today due to the increased capacity of routers.
Scalability issues exist with Link-state networks:
The size of the link-state database increases exponentially with the size of the network. Each router must add and keep track of any new destinations that are reachable in the network. A large database increases the consumption of router resources.
The complexity of the SPF calculation also increases exponentially.
A topology change requires the complete recalculation of the forwarding table on every router. The increased overhead in calculating new routing information can overwhelm a router if it has insufficient resources.
A hierarchy allows a large routing domain to be split into several smaller domains. Routing happens within the smaller routing domains and between the domains, simplifying the SPF calculation.
IS-IS and OSPF both implement hierarchy but use different techniques. They both define areas and route within areas and between areas.
A hierarchy results in suboptimal routing. The best path to leave the area may not be the best route to the final destination.
A hierarchy is less common today due to the increased capacity of routers. Many large networks are now configured as a single area, simplifying the configuration and optimizing routing. Modern routers have the ability to handle hundreds of nodes.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 20Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 20 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF Overview
Link-state protocolFaster convergence than a distance vector protocolScalableHierarchical using “areas”Uses the SPF algorithm for routing decisionsCost metric takes into account the physical bandwidth of the portClassless protocolTraffic engineering extensionsAuthentication supportSupport for VLSM and address aggregation
OSPF is a hierarchical routing protocol. It supports the concept of areas within the OSPF routing domain. These areas break the network into smaller pieces to accommodate growth and to reduce the amount of protocol traffic throughout the network.
The classless behavior eliminates any classful problems, such as noncontiguous subnets. OSPF also supports classless routing table lookups, VLSM, and aggregation for address management.
The OSPF cost metric is based on the physical bandwidth of the port. This allows OSPF to make its path decisions based on the path that has the most bandwidth.
OSPF also allows for the use of route tagging to identify external routes (i.e., routes learned from another protocol).
The traffic engineering extensions to OSPF allow the protocol to track and advertise the available bandwidth. This feature is used by MPLS in the creation of traffic tunnels.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 21Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 21 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF Terminology
Area 0
Link
Cost = 10
Router ID172.16.0.1
LSA
Adjacency and Neighbors
The following terminology is used in OSPF routing:
Area — A group of routers that share the same area ID
Router ID — A unique router ID required by each OSPF router. A router ID can be derived by:
1. Defining the value in the config>router router-id context;
2. Defining the system interface in the config>router>interface ip-int-name context, if router-id is not explicitly configured;
3. Inheriting the last four bytes of the MAC address, if neither router-id nor system interface IP address is configured.
Link State — The status of the link between two OSPF routers, a router’s interface, and its relationship to its neighboring routers
Cost — The routing metric used by OSPF in its SPF calculations
Neighbor — An adjacent system reachable by traversing a single subnet
Designated Router —The router that is responsible for ensuring adjacencies between all neighbors in a multiple-access network. This ensures that all routers do not need to maintain full adjacencies with each other. The DR is elected in all multiple-access networks (Ethernet).
Backup DR — Designated to perform the same functions as the DR in the event of a failure
Link State Advertisement (LSA) — Packet that contains all the relevant information regarding a router’s links and the state of those links
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 22Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 22 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF Hierarchy
Area 0.0.0.0Backbone area
Area 0.0.0.1
Area 0.0.0.2
OSPF is a hierarchical routing protocol. It supports the concept of areas within the OSPF routing domain. These areas break the network into smaller pieces to accommodate growth and to reduce the amount of LSA traffic throughout the network.
An area is a grouping of OSPF routers that have the same area ID ( i.e., number). For OSPF-enabled routers to form adjacencies, they must have the same area ID. OSPF areas are logical subdivisions of OSPF autonomous systems. The topology of each area is invisible to entities in other areas.
Each router in an area retains a link-state database that describes the particular area. If a router belongs to more than one area, it retains a separate link-state database for each area.
Area 0 (0.0.0.0) is a required area and is referred to as the backbone area. All other areas must be connected to the backbone area, either physically or logically. The backbone area distributes routing information between areas hence all inter-area communications must go through the backbone.
An Autonomous System is a group of networks and network equipment under a common administration.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 23Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 23 All rights reserved © 2006–2007 Alcatel-Lucent
LAB 4.1 - Configuring OSPF in a Single Area
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4Edge-Pod3
Edge-Pod2
OSPF
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
OSPF Overview
Section 2 — OSPF Areas
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 25Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 25 All rights reserved © 2006–2007 Alcatel-Lucent
Backbone area
Normal area
Stub area
Intra-area routes refer to updates that are passed within the area. Inter-area routes refer to updates that are passed between areas.
External routes refer to updates passed from another routing protocol into the OSPF domain by the ASBR.
Types of OSPF Areas
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 26Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 26 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF Backbone Areas
Area 0Area 1
Area 2
Backbone area 0 ABR
ABR
The OSPF backbone area, area 0.0.0.0, must be contiguous, and all other areas must be connected to the backbone area.
All inter-area traffic must pass through the backbone area.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 27Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 27 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF Normal Areas
Area 0Area 1
Area 2
Backbone area 0 ABR
Normal area
RIBInter-area routesIntra-area routesExternal routes Normal area
Normal area
ABR
The OSPF normal or standard area is the default area type. The normal area imports and exports external routes. It has in its routing information database all intra-area routes, all inter-area routes, and all external routes.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 28Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 28 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF Stub Area
Area 0Area 1
Area 2
Backbone area 0 ABR
Stub area
RIBInter-area routesIntra-area routes
Default route
Normal area
Stub area
ABR
A stub area is an area that does not allow external route advertisements. The ABR of the stub area advertises a single default route (0.0.0.0) into the stub area . Any destination that the internal routers cannot match to an intra- or inter-area route will match the default route.
This reduces the size of the internal router’s database and reduces CPU processing time.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 29Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 29 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF Router Types
Area 0Area 1
Area 2
ABR
Backbonerouters
Internalrouters
ASBR
Non-OSPFrouted domain
ABR
OSPF supports four types of routers:
Internal router — A router that is within a specific non-zero area only. It has no direct connection to another area.
Area border router — A router that is located on the border between one or more OSPF areas. It is responsible for the connection of two or more areas (one of them being the backbone area) and for the maintenance of separate link-state databases for each area.
Autonomous system boundary router — A router that connects an OSPF routing domain to a non-OSPF routing domain
Backbone router — A router that resides in area 0 only
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 30Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 30 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF Databases
Area 0Area 1
Area 2
Adjacency DatabaseList of Neighbors
Link-statedatabase
Forwardingtable
ABR
ABR
OSPF supports a number of databases that it uses in its route calculations:
Adjacency database — When two OSPF routers exchange information, they form an adjacency. The adjacency database is a list of all neighbors to which a router has established bidirectional (full) communication.
Link-state database — Also called the topology table or routing information database, a link-state database contains the next-hop information for all destinations in the OSPF domain.
Forwarding database — This database contains all the “best” routes to the destinations in the network. The forwarding database is created when the SPF algorithm is run on the link-state database.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 31Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 31 All rights reserved © 2006–2007 Alcatel-Lucent
Priority 64
Priority 32
Priority 32
Priority 16
Priority 10
Priority 0
Router ID 172.16.0.1
Router ID 172.16.0.2
DR
BDR
Designated Router
The concept of designated routers and backup designated routers came about because of some problems that multiple-access networks, such as Ethernet, posed to OSPF related to the flooding of LSAs. For example, the formation of adjacencies between all attached routers would create unnecessary LSAs. In the figure above, without the use of DR and BDR, the number of adjacencies would be n (n − 1)/2, or in this case, 5(4)/2 = 10 adjacencies to support 5 routers. Flooding of the LSAs would be out of control. A router would flood an LSA to all its adjacent neighbors, which in turn, would flood to all their neighbors, and so on. This would create many copies of the same LSA on the same link.
The DR represents the network as a pseudo node. Each router forms an adjacency with the DR and the BDR. Only the DR sends LSAs to the rest of the network. This reduces the LSA load on the network.
The BDR is responsible for mirroring the DR and takes over the role of DR if there is a failure.
The election process for the DR and BDR is based on priority: the highest priority wins. In the event of a tie, the router with the highest router ID wins. Any router that has reached a minimum of the 2-way state in the OSPF process is eligible to take part in the election process.
A router with Priority set to 0 can never become the Designated Router.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 32Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 32 All rights reserved © 2006–2007 Alcatel-Lucent
A:SR1# show router ospf interface
=============================================================================
OSPF Interfaces
=============================================================================
If Name Area Id Designated Rtr Bkup Desig Rtr Adm Oper
-----------------------------------------------------------------------------
system 0.0.0.0 172.0.0.152 0.0.0.0 Up DR
fast 0.0.0.0 192.168.2.1 192.168.2.2 Up BDR
faster 0.0.0.0 0.0.0.0 0.0.0.0 Up Down
-----------------------------------------------------------------------------
No. of OSPF Interfaces: 3
DR and BDR
The slide above again shows the interfaces that are running OSPF. In this case, note the DR and BDR designation of interface “fast”. This interface is an Ethernet interface, and even though it is being used in a point-to-point application, OSPF still sees it as a broadcast medium and conducts the DR and BDR election process.
The “fast” interface is actually the BDR even though the priority of the interfaces are the same and the IP address of “fast” is actually higher than the IP address of its neighbor. This is because the other interface was the first one to become operational. When OSPF saw that the interface was a broadcast interface, it conducted an election. Because the far end was operational first, it was the only one taking part in the election process and therefore became the DR. When “fast” interface became operational and exchanged hellos with the adjacent router, the adjacent router informed “fast” interface that it was the DR, and therefore “fast” interface became the BDR.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
OSPF Overview
Section 3 — OSPF Packets
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 34Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 34 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF packet type Description
1 Hello — Used to find neighbors in a router’s attached networks and to determine if a neighboring router’s interface is still functional by periodically sending out hello packets
2 Database description — Exchanged between routers that are in the process of forming an adjacency
3 Link-state request — A router request for newer database description information
4 Link-state update — Used to implement the flooding of LSAs; may contain one or more LSAs
5 Link-state acknowledgment — Acknowledgment of a link-state update
OSPF Packet Types
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 35Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 35 All rights reserved © 2006–2007 Alcatel-Lucent
Hello
Router ID Area ID Password DeadInterval
Hello Interval DR and BDRPriority
Adjacency
* * **
OSPF Hello Packet
The hello protocol is used to allow routers to recognize each other in the network. Hello packets are sent out periodically on each OSPF interface, using the multicast IP address 224.0.0.5.
* - To establish an adjacency between the two routers shown above, certain criteria in the hello packet must be common:
Area — To form an adjacency, both routers must be in the same area.
Password — If using security, both routers must have the same password.
Hello interval — This specifies how often each router will send a hello packet to act as a keepalive. Both routers must have the same hello interval.
Dead interval — This specifies how long a router will wait for a hello packet. If it does not receive a packet within the specified interval, the router will declare the link down. Both routers must have the same dead interval.
Priority — This specifies the router priority of an OSPF interface. A router may have different priorities on its OSPF interfaces. Highest priority is preferred when two or more routers connected to the same network segment all attempt to become DR/BDR. A router whose Priority is set to 0 is ineligible to become DR or BDR on the attached network.
DR — The router ID of the Designated Router selected on the attached broadcast network.
BDR — The router ID of the Backup Designated Router selected on the attached broadcast network.
When the routers have exchanged and agreed on the information above, they will establish an adjacency. This ensures bidirectional communication.
OSPF routes are only exchanged on adjacencies.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 36Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 36 All rights reserved © 2006–2007 Alcatel-Lucent
Hello (RID=1.1.1.1,DR=0.0.0.0 Neighbors known = 0)
Hello (RID=2.2.2.2, DR=0.0.0.0, Neighbors known=1.1.1.1)
Router A1.1.1.1
Router B2.2.2.2
Forming an Adjacency
Hello (RID=1.1.1.1,DR=0.0.0.0, Neighbors known = 2.2.2.2)
Down state
2-way state
Exstart state
Exchange stateRouter with larger RID starts
DBD (RID=1.1.1.1)
DBD (RID=2.2.2.2)
DBD (Summary of all networks known)
DBD (Summary of all networks known)
Init state
In the diagram above the two routers in question have not formed an adjacency. The following will explain how the adjacency is created and the steps that are required to accomplish it.
1. To start both routers are in what is called a “down” state. This is when neither router has sent any OSPF related packets.
2. The router on the left sends a hello packet with the standard header. In the hello information the router will insert it’s RID and leave the neighbor field blank since it does not know of any other router on the Ethernet segment.
3. The right side router will respond with a hello of it’s own. However, in this routers hello, not only is its RID sent; the RID of the left router is also sent. With both routers seeing that the other router is acknowledging they exist the state changes from a “down” state to that of “two-way”.
4. The neighboring routers establish a master/slave relationship. During this phase the initial DBD sequence number is determined for the exchange phase. The router with the highest Router ID becomes the master and its initial sequence number is used.
5. The routers send the DBD packets describing its Link State Database. The sequence number negotiated during the master/slave establishment step is used.
6. The sequence number is incremented and the DBD packet is sent describing the Link State Database
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 37Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 37 All rights reserved © 2006–2007 Alcatel-Lucent
LSR (Send me info on the following networks…)
Router A1.1.1.1
Router B2.2.2.2
Forming an Adjacency (cont’d)
LSR (Send me info on the following networks…)
Full state
Loading state
LSU (Here’s the info you requested)
LSU (Here’s the info you requested)
ACK (Thanks for the info)
ACK (Thanks for the info)
The Adjacency continues to be created with the following steps:
1. The routers ask for explicit information with the use of the Link State Request. When the LSR is sent the “exchange” state changes to the “loading” state.
2. Each router will respond to the LSR with one or more Link State Update Packets. These packets will contain the explicit details of the networks requested.
3. Each router will respond to the LSU with an Acknowledgement packet. This ensures that each knows the other has received the information without error.
4. After all LSUs are received, and acknowledgements sent, each router will now have an identical link state database. When this happens the state changes from a “Loading” state to the “full” state. This means that each router is fully converged with the others database.
5. To maintain the adjacency the routers will now sent periodic hellos to each other. The default timer for this is 10 seconds. If something changes then only that change int eh database will be conveyed to the neighbor.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 38Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 38 All rights reserved © 2006–2007 Alcatel-Lucent
LSA Types
After the initial flood to create the link-state database, LSAs are sent when there is a topology change or every 30 minutes to maintain the database.
Routers can generate the following types of LSAs:Type 1 — Router LSAType 2 — Network LSAType 3 — Summary LSA (Network)Type 4 — Summary LSA (ASBR)Type 5 — AS external LSA
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 39Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 39 All rights reserved © 2006–2007 Alcatel-Lucent
Type 1 — Router LSA
Area 0Area 1
Backbone area 0
ABR
Type 1RouterLSA
DR
LSA type 1 is known as a router LSA and is generated by every internal router in the network with an active interface. These LSAs are only flooded in the area in which they were originated. A router LSA lists all the router’s links along with the state and cost of the links.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 40Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 40 All rights reserved © 2006–2007 Alcatel-Lucent
Type 2 — Network LSA
Area 0Area 1
Backbone area 0
ABR
Type 2Network LSA
DR
LSA type 2 is known as a network LSA. Network LSAs are only produced by the DR in a multiple-access network. The DR represents the network as a type of pseudo node. A network LSA lists all attached routers, including the DR. A network LSA is only flooded in the area of the router that originated it.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 41Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 41 All rights reserved © 2006–2007 Alcatel-Lucent
Type 3 — Network Summary LSA
Area 0Area 1
Backbone area 0 ABR
Type 3Network SummaryLSA
LSA type 3 is known as a network summary LSA and is advertised by an ABR. These LSAs are sent into an area to advertise routes (destinations) that are outside that area. This lets the internal routers know which destinations can be reached by the ABR.
The ABR advertises a network summary LSA in both directions. This means that the ABR advertises network summary LSAs into the non-zero area as well as the backbone or zero area.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 42Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 42 All rights reserved © 2006–2007 Alcatel-Lucent
Type 4 — ASBR LSA and Type 5 — AS External LSA
Area 0Area 1
Area 2
ASBR Non-OSPFrouted domain
Type 5ExternalLSA
Type 4ASBRLSA
LSA type 5 is known as an AS External LSA. These LSAs are originated by an ASBR and advertise destinations external to the AS or a default route that is external to the AS. AS external LSAs are flooded throughout the entire network,with the exception of stub areas.
LSA type 4 is known as an ASBR LSA. An ASBR LSA is only generated by an ABR. ASBR LSAs are identical to type 3 LSAs except that the destination they advertise is not a network but the ASBR itself. An ABR generates a Type 4 LSA after it has received Type 5 LSAs from an ASBR.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 43Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 43 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF LSAs in Action
Area 0 Area 1
Broadcast network
LSA 1: Router
LSA 2: Network
LSA 3: Summary
DR
All links in the hierarchical network above are point-to-point except for the links in Area 1. DR and BDR elections are therefore a concern in area 1.
When the ABR is inserted adjoining both areas, router LSAs are sent out in the respective areas.
Note: The ABR belongs to both areas and therefore has a separate set of router LSAs for each area that it belongs to. Therefore, the topology database of the ABR has a set of router LSAs for area 0 and a set of router LSAs for area 1.
The ABR is connected to a broadcast network in area 1. The interface of the ABR is elected as the DR, and it sends a network LSA to all routers in the broadcast domain.
In addition, the ABR summarizes all networks in Area 1 and sends a network summary LSA on behalf of all the networks to all routers in Area 0.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 44Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 44 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF LSAs in Action (continued)
Area 0
Area 2
ASBR Non-OSPFrouted domain
LSA 4: ASBR
LSA 5: AS external
An ABR now connects Area 0 to Area 2. In addition, Area 2 contains an ASBR, which is connected to a non-OSPF routed domain.
When the ABR comes up, its sends/receives router LSAs from both the respective areas.
The ASBR advertises a type 5 LSA, which is flooded throughout the area.
The ABR then sends an ASBR LSA into Area 0, indicating the router ID of the ASBR.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 45Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 45 All rights reserved © 2006–2007 Alcatel-Lucent
OSPF Route Selection
Area 0Area 1
Area 2
Cost = 10Cost = 10 DR
BDRCost = 1 Cost = 1
Cost = 100
Cost = 1
Cost = 10
Cost = 1
A
B
Router 3 Link-state databasePaths from Router 3 to reach B
Path 1 (via R5) cost 12Path 2 (via R4) cost 22Path 3 (via R6) cost 101
Forwarding tableRouter 3 to BPath 1 cost 12
SPF algorithm
1
23
4
5
6
7
8
Each router gathers all the received LSAs and enters them into the link-state database. The SPF algorithm is applied to this database and is used to calculate the shortest path tree. The SPF algorithm is run first to create the branches of the tree (routers) and second to create the leaves (stub networks) on the branches.
OSPF calculates the shortest path using a cost metric. This cost is assigned to each interface and depends on the bandwidth of the interface. The cost of a route is the sum of all costs of each interface that a packet must traverse to reach its destination.
When all of the costs have been calculated, the route to the destination with the lowest cost is entered in the forwarding table and all traffic going to that destination uses this route.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 46Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 46 All rights reserved © 2006–2007 Alcatel-Lucent
Authentication
All OSPF protocol exchanges can be authenticated. This means that only trusted routers can participate in autonomous system routing. Alcatel’s implementation of OSPF in the 7750 SR supports plain text and MD5 authentication (also called simple password).
MD5 allows an authentication key to be configured per interface. Links between adjacent routers must be configured with the same key.
By default, authentication is not enabled on an interface.
MD5 is a method of verifying data integrity and is more reliable than a common checksum.
MD5 is an algorithm that takes a message of variable length and creates a 128-bit “message digest”. The message digest is then transmitted to the neighbor and can only be decrypted by a receiving station that has the correct password.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 47Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 47 All rights reserved © 2006–2007 Alcatel-Lucent
A:SR1# show router ospf neighbor
===============================================================================
OSPF Neighbors
===============================================================================
Nbr IP Addr Nbr Rtr Id Nbr State Priority RetxQ Len Dead Time
-------------------------------------------------------------------------------
192.168.2.1 172.0.0.154 Full 1 0 30
-------------------------------------------------------------------------------
No. of Neighbors: 1
Show OSPF Neighbors
The slide above shows the adjacencies formed by OSPF with its directly connected neighbors, including the interface that the adjacency was formed on and the router ID of the immediate neighbor.
Note the neighbor state: when the routers have formed their adjacency and the databases are synchronized, the state is Full, as shown above. Other states that may be displayed are Init, Exstart, and Exchange; however, these states are only briefly displayed. The final state is Full.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 48Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 48 All rights reserved © 2006–2007 Alcatel-Lucent
A:SR1# show router ospf interface
===============================================================================
OSPF Interfaces
===============================================================================
If Name Area Id Designated Rtr Bkup Desig Rtr Adm Oper
------------------------------------------------------------------------------
system 0.0.0.0 172.0.0.152 0.0.0.0 Up DR
fast 0.0.0.0 192.168.2.1 192.168.2.2 Up BDR
faster 0.0.0.0 0.0.0.0 0.0.0.0 Up Down
-------------------------------------------------------------------------------
No. of OSPF Interfaces: 3
Show OSPF Interfaces
The slide above shows the interfaces that are running OSPF, including their names and the areas that they belong to. Note that the Adm status is Up and the Oper status is either, in this case, DR, BDR, or Down.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 49Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 49 All rights reserved © 2006–2007 Alcatel-Lucent
A:SR1# show router ospf database detail
===============================================================================
OSPF Link State Database (Type : All) (Detailed)
===============================================================================
-------------------------------------------------------------------------------
Router LSA for Area 0.0.0.0
-------------------------------------------------------------------------------
Area Id : 0.0.0.0 Adv Router Id : 172.0.0.152
Link State Id : 172.0.0.152 LSA Type : Router
Sequence No : 0x80000274 Checksum : 0x78bf
Age : 543 Length : 48
Options : E
Flags : None Link Count : 2
Link Type (1) : Stub Network
Network (1) : 172.0.0.152 Mask (1) : 255.255.255.255
No of TOS (1) : 0 Metric-0 (1) : 1
Link Type (2) : Transit Network
DR Rtr Id (2) : 192.168.2.1 I/F Address (2) : 192.168.2.2
No of TOS (2) : 0 Metric-0 (2) : 1000
-------------------------------------------------------------------------------
Router LSA for Area 0.0.0.0
-------------------------------------------------------------------------------
Show OSPF Link State Database
The slide above shows the detailed information for one LSA in the link-state database.
The information includes the area that the link belongs to, the ID of the router that is sending the LSA, the link-state ID of the LSA, and the type of LSA. Note that in this case, the router ID and link-State ID are the same, because this is the LSA that depicts the system interface. In addition, this is a type 1 (router) LSA.
The information also includes the type of network that the link belongs to, the network address, the network mask,and the metric for this link. Because this is the system interface, the network address is the interface address and the mask is 255.255.255.255 or /32. The metric for the system interface is 1 as it is a loopback or virtual interface.
This slide also shows the network interface that the LSA is advertised out of and the metric that is associated with the interface. In this case, the interface is a 100 Mb/s Ethernet interface with a metric of 1000.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 50Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 50 All rights reserved © 2006–2007 Alcatel-Lucent
A:SR1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Address Next Hop Type Proto Age Metric Pref
-------------------------------------------------------------------------------
172.0.0.152/32 system Local Local 12d19h24m 0 0
172.0.0.154/32 192.168.2.1 Remote OSPF 11d17h16m 1001 10
192.168.2.0/30 fast Local Local 11d17h17m 0 0
-------------------------------------------------------------------------------
No. of Routes: 3
===============================================================================
Show Route Table
The slide above shows the forwarding information that is used by the router to forward traffic to its destination. Note that the local routes have a metric of 0 and a preference of 0. Therefore, if OSPF had learned of paths to these destinations, they would not be entered in the forwarding table because the OSPF preference value is 10.
The information also includes the address or name of the next-hop interface. If it is a local route, the name of the interface is displayed. If it is a remotely learned route, the address of the interface that advertised the route to this router is displayed.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 51Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 51 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary
With Link state protocols every router has the same view of the network (same topology database), routing updates are triggered when there are topology changes, paths are computed to each reachable destination using shortest path first algorithm
OSPF and ISIS are Link state protocolsOSPF has concept of areas which break network into smaller pieces, reducing the amount of routing update floodingThe three types of areas are: Backbone, Normal, Stub
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 52Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 52 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary (cont’d)
The four types of routers are: Internal Router:
within a non-zero (backbone) area
Area Border Router (ABR): between two or more different OSPF areas
Autonomous System Border Router (ASBR): connects OSPF routing domains to another non-OSPF routing domain
Backbone Router: within backbone area
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 53Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 53 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary (cont’d)
There are 5 types or OSPF packets used to establish adjacencies, maintain the adjacencies, and exchange routing information
HelloDatabase DescriptionLink State RequestLink State UpdateLink State Acknowledgement
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 54Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 54 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary (cont’d)
The 5 main LSA types are:Type 1 – Router LSAType 2 – Network LSAType 3 – Summary LSAType 4 – ASBR Summary LSAType 5 – AS-External LSA
On a shared media one router becomes the Designated Router and is responsible for sending LSAs on the network
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 55Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 55 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment
1. In OSPF, what are the areas used for?A. Simplify network design.B. Reduce the amount of transit customer traffic.C. Reduce the amount of LSA traffic.
2. Which one of the following routers connects an OSPF routing domain to a non-OSPF routing domain?A. ASBRB. Backbone C. ABRD. Internal
3. In OSPF terminology, what is the cost used for?A. Cost is the monetary value of a link, such as a satellite link.B. Cost is a metric value used by the SPF algorithm for path calculations.C. Cost is the preference value used to select paths learned from different routing protocols.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 56Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 56 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment (continued)
4. How many databases are formed by standard OSPF?A. 3B. 4C. 2D. 1
5. All non-zero areas must connect to Area 0. A. TrueB. False
6. Which of the following areas supports external routes in the routing table?Choose all that apply.A. Stub B. BackboneC. Normal
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 57Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 57 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment (continued)
7. Which of the following packets is also used as a keepalive?A. Database descriptionB. Link-state requestC. Link-state updateD. Link-state acknowledgmentE. Hello
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 58Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 58 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment Answers
Page left blank for notes
1. In OSPF, what are the areas used for?A. Simplify network design.B. Reduce the amount of transit customer traffic.C. Reduce the amount of LSA traffic. √
2. Which one of the following routers connects an OSPF routing domain to a non-OSPF routing domain?A. ASBR√B. Backbone C. ABRD. Internal
3. In OSPF terminology, what is the cost used for?A. Cost is the monetary value of a link, such as a satellite link.B. Cost is a metric value used by the SPF algorithm for path calculations. √ C. Cost is the preference value used to select paths learned from different routing protocols.
4. How many databases are formed by standard OSPF?A. 3 √ B. 4C. 2D. 1
5. All non-zero areas must connect to Area 0. A. True √ B. False
6. Which of the following areas supports external routes in the routing table?Choose all that apply.A. Stub B. Backbone √ C. Normal √
7. Which of the following packets is also used as a keepalive?A. Database descriptionB. Link-state requestC. Link-state updateD. Link-state acknowledgmentE. Hello √
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 7 – page 59Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 7 | 59 All rights reserved © 2006–2007 Alcatel-Lucent
LAB 4.2 – Multi-Area OSPF
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4Edge-Pod3
Edge-Pod2
Area 3
Area 2Area 1
Area 4
OSPF
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Alcatel-Lucent Scalable IP Networks
Module 8 — Introduction to Border Gateway Protocol
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 2Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 2 All rights reserved © 2006–2007 Alcatel-Lucent
Module Objectives
After successful completion of this module, you should be able to:
Define the use of border gateway protocolDefine public and private autonomous systemsExplain why an IGP must be running to support BGPDefine the difference between EBGP and IBGP peers
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 3Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 3 All rights reserved © 2006–2007 Alcatel-Lucent
BGP originalRFC 1105
BGP originalRFC 1105
1989 1995199419911990
RFC 1164implementation
RFC 1164implementation
BGP — v2RFC 1163
BGP — v2RFC 1163
Present
BGP — v3RFC 1267
BGP — v3RFC 1267
RFC 1168implementation
RFC 1168implementation
BGP — v4RFC 1654
BGP — v4RFC 1654
BGP — v4update
RFC 1771
BGP — v4update
RFC 1771
RFC 1655implementation
RFC 1655implementation
RFC 1772implementation
RFC 1772implementation
BGP History
2006
BGP — v4update
RFC 4271
BGP — v4update
RFC 4271
Over the course of BGP’s existence, multiple RFCs have been created and commonly accepted. The slide above lists the RFCs that explicitly define the characteristics of basic BGP.
In 1989, a workgroup started to outline and create the first RFC for BGP.
RFC 1105 is the first RFC for BGP. It defined the basic operation and common characteristics used by BGP. This was the BGPv1 specification that was first released for public use.
In 1990, RFC 1163 was released. This RFC incorporated additional features and modifications to the original RFC and was known as BGPv2.
At the same time, RFC 1164 was created to describe the proper implementation of BGP.
Since the release of RFC 1164 and BGPv2, all subsequent releases of BGP have been accompanied by a new RFC related to implementation.
The currently accepted version of BGP is version 4. The currently accepted RFC for BGPv4 is RFC 1771, with accompanying implementation RFC 1772.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 4Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 4 All rights reserved © 2006–2007 Alcatel-Lucent
Autonomous Systems in BGP
AS-65001
AS-65002
AS-65003
• A group of networks and network equipment under acommon administration
• IGP protocols such as OSPF, IS-IS, and RIP run in an AS• BGP is used to connect autonomous systems
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 5Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 5 All rights reserved © 2006–2007 Alcatel-Lucent
Autonomous Systems in BGP (continued)
Public autonomous systemsAssigned by ARIN or another authorityMust be used when connecting to other autonomous systems in the InternetRange from 0 to 64511
Private autonomous systemsAssigned by ISPs (for some clients), local administrators, and so onNot allowed to be advertised to other ISPs or on the InternetRange from 64512 to 65535
Regional Internet RegistriesRegional Internet Registries (RIRs) are nonprofit corporations established for the purpose of administration and registration of Internet Protocol (IP) address space and Autonomous System (AS) numbers. There are five RIRs:
Registry Geographic RegionAfriNIC Africa, portions of the Indian Ocean
APNIC Portions of Asia, portions of Oceania
ARIN Canada, many Caribbean and North Atlantic islands, and the United States
LACNIC Latin America, portions of the Caribbean
RIPE NCC Europe, the Middle East, Central Asia
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 6Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 6 All rights reserved © 2006–2007 Alcatel-Lucent
BGP Protocol Overview
AS-65001
AS-65002
AS-65003
• IGPs run within an autonomous system • EGPs run between autonomous systems
OSPFIS-ISRIP
Interior Gateway Protocols
Exterior Gateway Protocols
IGPs are protocols that run actively within an autonomous system. Common protocols that are used in this manner are RIP, IS-IS, and OSPF.
EGPs are protocols that run actively between autonomous systems. The only commonly accepted protocol used as an EGP is BGP.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 7Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 7 All rights reserved © 2006–2007 Alcatel-Lucent
Requirement for an IGP
OSPF
BGP is not a discovery protocolAn IGP routing protocol is needed within the Autonomous System so that BGP routers know how to reach other BGP routers within the AS
BGP is not a discovery protocol. It has no mechanism to find its way to a neighboring router if a path does not already currently exist in the routing table. BGP therefore requires an IGP of some kind (OSPF, IS-IS, RIP, or static routes) to find a path to the other BGP speakers so that TCP can establish a peering session with those BGP speakers.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 8Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 8 All rights reserved © 2006–2007 Alcatel-Lucent
BGP Scope
Enables the exchange of routing information between autonomous systemsEnables the implementation of administrative policiesAlready scaled to:
Large number of autonomous systemsLarge number of neighborsLarge volume of table entriesHigh rate of change
BGPv4, defined in RFC 1771, provides reachability information to foreign networks (outside the AS) by enabling the exchange of routing information between ASs to allow for data flow between them. When the exchange is enabled, of equal or greater concern is the application of administrative policy to the traffic flows.
Policy implementation is a key strength of BGP and allows the administration to manipulate traffic based on virtually any policy.
BGP has proven scalability. It is the protocol of choice for service providers, running on their Internet routers. BGP is the fundamental building block of the Internet and is used by every service provider in the world for service-provider interoperability. BGP is the most feature-rich and scalable routing protocol in use today. It supports the current requirements of the Internet, and with extended capabilities such as multiple protocol families and extended AS numbers, is well-positioned for the future.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 9Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 9 All rights reserved © 2006–2007 Alcatel-Lucent
BGP Features
Path vector protocolNeighbors can be any reachable devicesUnicast exchange of informationReliability via TCPUses well-known TCP port 179Periodic keepalive for session managementEvent-drivenRobust metrics
Behavior is similar to other TCP/IP applications
Although BGP is an enhanced distance vector protocol, it is specifically called a path vector protocol.
Neighbor relationships in BGP are somewhat different from what is normal in the IGP world. Traditionally, neighbors are always directly connected routers. With BGP, this is no longer the case: neighbors may be directly connected, but it is not required because BGP uses unicast TCP/IP for neighbor establishment. It is possible for neighbor relationships to be established with any device that is IP-reachable. There is no guarantee that the neighbor relationship will succeed because factors such as firewalls or access control lists may prevent certain types of traffic from passing, but they are possible and likely to occur.
At the application layer, BGP functions similarly to other TCP/IP applications, such as Telnet, FTP, and HTTP. BGP may be viewed as an application because it uses registered port number 179 in the TCP/IP model.
Generic TCP/IP applications use a 3-way handshake for session establishment, and once this is completed a TCP/IP session is formed. After the session, the applications exchange or negotiate a set of parameters for the session. In Telnet, for example, parameters such as terminal types and passwords are typically negotiated. If application-level parameters are also acceptable, a session is established at the application layer and data is exchanged. Periodic user data keeps the session alive. When the session is to be terminated, either user input or an inactivity timeout causes the application session to be torn down and TCP/IP to initiate the 4-way session teardown.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 11Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 11 All rights reserved © 2006–2007 Alcatel-Lucent
BGP Considerations
Path vector protocol roots are distance vectorAll distance vector protocols share similar characteristics:
Hop count is a metricSplit horizon is a factor
Table sizes are significantly larger than in IGPConvergence is an issueAdministratively complex
Protocols that are based on distance vector mechanisms, such as path vector, share certain common characteristics. The two that are significant to BGP are hop count and split horizon. It is important to note that these two behaviors are present in the BGP protocol.
Adding to the complexity of BGP is the fact that topology and routing table sizes become much larger than in an IGP environment. The increased size of these tables means that factors such as CPU loading, memory utilization, update generation, and route processing have a far greater implication in BGP.
These items, and others, affect convergence. Convergence may be viewed in two ways. Local convergence is the time taken for a router to receive and process all outstanding messages and settle on a stable topology. Network convergence is the time taken for all routers in the system to settle on a stable topology. In IGP terms, the system is usually the local AS. In BGP terms, the system is the Internet.
Because the entire Internet is the scope of BGP, the administration is typically more complex than that in a single AS.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 12Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 12 All rights reserved © 2006–2007 Alcatel-Lucent
EBGP vs. IBGP Overview
Two types of BGP sessions are possibleExternal BGP (EBGP) sessions:
Routers are in different autonomous systemsTypically directly connected, but not mandatoryDifferent administrations
Internal BGP (IBGP) sessions:Routers are in the same autonomous systemsTypically non adjacent routers; could be directly connectedSame administration
There are two possible types of BGP neighbor relationships. Regardless of the type, a BGP session between two devices is alternatively referred to as a neighbor or peer session. A BGP router is also referred to as a BGP speaker.
A session between two devices in different autonomous systems is referred to as an external BGP or EBGP session. It is typical for devices having an EBGP session to be directly connected, sharing a common data link, but it is not mandatory. Because the devices are in different autonomous systems, the administration of each device is typically handled separately. Care must therefore be taken to ensure that the configuration parameters match so that the peering will succeed.
A session between two devices in the same autonomous system is referred to as an internal BGP or IBGP session. It is typical for devices having an IBGP session not to be directly connected, as they may be across the country or the world. Because the devices are in the same autonomous system, the administration of each device is typically handled by the same organization. Care must still be taken to ensure that the configuration parameters match so that the peering will succeed, but as the devices are locally controlled, this is often an easier task than with EBGP.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 13Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 13 All rights reserved © 2006–2007 Alcatel-Lucent
Internal BGP
AS-65001
AS-65002
AS-65003
Internal BGP sessions (IBGP)
• IBGP neighbors are peers in the same autonomous system.• By default, they do not need to be directly connected.
AS-65004
Physical Link
A session between two devices in the same autonomous system is referred to as an IBGP session. Because the devices are in the same autonomous system, the administration of each device is typically handled by the same organization. Care must still be taken to ensure that the configuration parameters match so that the peering will succeed, but as the devices are locally controlled, this is often an easier task than with EBGP.
A requirement for IBGP is that all routers that participate in an IBGP session must be fully meshed. This requires that every router needs to be able to establish an IBGP session with every other router in the AS. The rationale behind this is beyond the scope of this course and will be fully covered in the BGP course.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 14Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 14 All rights reserved © 2006–2007 Alcatel-Lucent
External BGP
AS-65001
AS-65002
AS-65003
External BGP sessions (EBGP)
• EBGP neighbors are peers in different autonomous systems.• By default, they need to be directly connected..
AS-65004
Physical Link
A session between two devices in different autonomous systems is referred to as an EBGP session. It is typical for devices having an EBGP session to be directly connected, sharing a common data link, but it is not mandatory. Because the devices are in different autonomous systems, the administration of each device is typically handled separately. Care must therefore be taken to ensure that the configuration parameters match so that the peering will succeed.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 15Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 15 All rights reserved © 2006–2007 Alcatel-Lucent
When to Use BGP
Use BGP in the following environments:You are an ISP and need to pass client traffic from one AS to another AS.You need to multi-home to several ISPs due to company requirements.Traffic flow from or to your company must be manipulated and controlled.
Do not use BGP in the following environments:There is no need to have more than one connection to the Internet.Company engineers do not understand how BGP works.The hardware and physical links to the ISP are not able to handle the load of BGP traffic.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 16Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 16 All rights reserved © 2006–2007 Alcatel-Lucent
BGP Metrics
IGP protocols use single metrics for path determination:RIP — Hop countOSPF — Cumulative costISIS — Cumulative cost
BGP uses multiple metrics to select the best path to a destination network.
BGP, as stated above, can implement multiple criteria in selecting the best path to a destination. This makes BGP a very flexible and complicated protocol in the configuration process. However, it does give the administrator a way to influence the way traffic will flow across the network.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 17Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 17 All rights reserved © 2006–2007 Alcatel-Lucent
BGP Attributes
Metrics are called attributesBGP attributes include the following:
AS-path Next-HopOrigin Local PreferenceMultiexit Discriminator (MED)Others
Attributes are carried inside update messages
After BGP establishes a session, routing updates are exchanged. The routing update contains a prefix and metrics. In BGP, metrics are called attributes.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 18Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 18 All rights reserved © 2006–2007 Alcatel-Lucent
AS Path
AS Path – identifies the Autonomous System(s) through which this UPDATE message has passedModified by any border router when propagating an update across an AS boundaryLocal AS number inserted at the beginning of the list
AS Path is a variable length list. Reading left to right:The leftmost entry is the AS that sent the prefix to youThe rightmost entry is the originator of the prefixIntermediate entries (if present) are transit ASsThe list may be null
AS Path is the hop count of BGPUsed for loop detection
The AS Path attribute identifies the sequence of Autonomous Systems through which this UPDATE message has passed.
This attribute is not a single item, like origin code, but is a list that may contain zero, one or more entries. The list may be read in either direction, but if reading from left to right then the significance of the list entries is as follows. The leftmost entry in the list is the neighboring AS that sent the prefix into your AS. The rightmost entry in the list is the originating AS for the prefix. Any intermediate entries are transit ASs that the update has passed through on its way to you.
If you are viewing the update inside the originating AS, the list will be empty or null, since the update has not yet passed ‘through’ any ASs.
The behavior of this attribute is that the AS number of the sender will be prepended (added to the beginning) to the list whenever the update crosses an AS boundary.
If a router receives an update containing the local AS number already in the path sequence, the update is flagged as a loop.
The implementation of AS_PATH is the hop count of BGP. It is important to note that this hop count is not an indication of the number of routers that the update has passed through, but of the number of ASsthe update has passed through, regardless of the actual number of routers.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 19Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 19 All rights reserved © 2006–2007 Alcatel-Lucent
AS Path
AS 65200
AS 65100 AS 65250
Update originated in AS 65100
Prefix Origin AS Path next-hop
null
Prefix Origin AS Path next-hop
65100
Update in AS 65200
Prefix Origin AS Path next-hop
65200 65100
Update received at Router Y
Router ARouter B
Router XRouter Y
In the above illustration, the same BGP update is being originated by the router in AS 65100. The prefix in the update message is internal to AS 65100. Since this router is inside the originating AS, the AS Path is null.
The attribute will propagate in all further BGP updates for this prefix, in this example across AS 65200 and 65250, and each time the update crosses an AS boundary, the AS number of the sender will be prepended to the AS Path list.
When the update arrives in AS 65200, it has crossed an AS boundary in order to get there, so the AS Path attribute now contains 65100, the AS number of the sender.
Similarly, when it arrives in AS 65250, the AS Path attribute now contains the sequence 65200 65100.
If we read the AS Path from left to right, it represents the sequence of ASs leading back to the origin of the route.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 20Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 20 All rights reserved © 2006–2007 Alcatel-Lucent
Next-hop
Next-hop - the IP address of the border router that should be used as the next hop towards the destinationSet by the border router to the local interface address used to reach the neighbor, when propagating an update across an AS boundaryThe behavior is not always the samePoint-to-point networksMulti-access networksSystem Addresses
May be administratively modified
Next-hop defines the IP address of the border router that should be used as the next hop to the destinations listed in the Network Layer Reachability field of the UPDATE message.
When a BGP speaker advertises the route to a BGP speaker located in its own autonomous system, the advertising speaker shall not modify the NEXT_HOP attribute associated with the route.
When a BGP speaker advertises the route to a BGP speaker located in a remote autonomous system, the advertising speaker may modify the NEXT_HOP attribute associated with the route.
The typical behavior is to set the next-hop attribute to the IP address of the egress interface used to send the Update to the remote neighbor. There is no restriction that this must be the case, so other scenarios are possible. The next-hop attribute is one of the greatest administrative challenges when deploying BGP.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 21Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 21 All rights reserved © 2006–2007 Alcatel-Lucent
Next-hop
AS 65200
AS 65100 AS 65250
Update originated in AS 65100
Prefix Origin AS Path next-hop
varies*
Prefix Origin AS Path next-hop
Router X
Update in AS 65200
Prefix Origin AS Path next-hop
Router B
Update received at Router Y
Router ARouter B
Router X Router Y
In the above illustration, the same BGP update is being originated by the router in AS 65100. If viewed on a router inside the originating AS, the next-hop attribute may be one of several addresses, depending on the configuration.
If the network is directly connected to the router originating the prefix, the next-hop is not relevant locally (it is directly connected), and will not be present in the local BGP table. If the prefix was learned from another router in the same AS (not shown in the diagram), then the next-hop will be the IP address of the originating router.
In either case, the border router will set the next-hop address to the interface used to reach the router in AS 65200 when it propagates the update.
The next-hop attribute will propagate in all further BGP updates for this prefix, in this example across AS 65200 and 65250, and each time the update crosses an AS boundary, the next-hop attribute will be set to the IP address of the egress interface used to send the update to the remote neighbor.
When the update is sent between the routers within AS 65200, the next-hop is unmodified by default, it remains the address of the router in AS 65100.
When the update arrives in AS 65250, it crossed an AS boundary to get there, so the next-hop attribute now contains the IP address of the eBGP router that sent the update to AS 65250.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 22Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 22 All rights reserved © 2006–2007 Alcatel-Lucent
Origin Code
Origin Code - defines the origin of the path informationLower Origin value is preferredSet by originating AS, should never change
learned by some other means2?Incomplete
learned via EGP1eEGP
interior to the originating AS0iIGP
MeaningValueCodeName
The ORIGIN attribute shall be generated by the autonomous system that originates the associated routing information. It shall be included in the UPDATE messages of all BGP speakers that choose to propagate this information to other BGP speakers.
It can assume the following values:
0 - IGP - Network Layer Reachability Information is interior to the originating AS, i.e. it is learned via an IGP protocol
1 - EGP - Network Layer Reachability Information learned via EGP
2 - INCOMPLETE - Network Layer Reachability Information learned by some other means, such as static route, or directly connected interface
Once set the ORIGIN attribute should never be modified.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 23Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 23 All rights reserved © 2006–2007 Alcatel-Lucent
Origin Code
AS 65200
AS 65100 AS 65250
Prefix Origin AS Path next-hop
i
Update originated in AS 65100
Prefix Origin AS Path next-hop
i
Update in AS 65200
Prefix Origin AS Path next-hop
i
Update received at Router Y
Router ARouter B
Router XRouter Y
In the above illustration, a BGP update is being originated by the router in AS 65100. The prefix (or NLRI) in the update message is learned via an IGP protocol internal to AS 65100, so the origin code should be set to ‘i’. It will be unknown by default.
The attribute will propagate in all further BGP updates for this prefix, in this example across AS 65200 and 65250, and should never be modified.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 24Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 24 All rights reserved © 2006–2007 Alcatel-Lucent
Local Preference
Local preference The degree of preference for each external route. Used only with iBGP. This attribute can be used to manipulate the way traffic egresses the Autonomous System
LOCAL_PREF shall be included in all UPDATE messages that a given BGP speaker sends to the other BGP speakers located in its own autonomous system. A BGP speaker shall calculate the degree of preference for each external route and include the degree of preference when advertising a route to its internal peers. The higher degree of preference should be preferred.
LOCAL_PREF is only used in iBGP. A BGP speaker shall not include this attribute in UPDATE messages that it sends to BGP speakers located in a neighboring autonomous system. If it is contained in an UPDATE message that is received from a BGP speaker which is not located in the same autonomous system as the receiving speaker, then this attribute shall be ignored by the receiving speaker.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 25Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 25 All rights reserved © 2006–2007 Alcatel-Lucent
Multi Exit Discriminator (MED)
Multi Exit Discriminator (MED) –Defines the preferred entry point to the local Autonomous SystemThis attribute can be used to manipulate the way traffic ingresses the Autonomous System
The MULTI_EXIT_DISC may be used on external (inter-AS) links to discriminate among multiple exit or entry points to the same neighboring AS. The value of the MULTI_EXIT_DISC attribute is a four octet unsigned number which is called a metric. All other factors being equal, the exit or entry point with lower metric should be preferred.
If received over external links, the MULTI_EXIT_DISC attribute may be propagated over internal links to other BGP speakers within the same AS. The MULTI_EXIT_DISC attribute is never propagated to other BGP speakers in neighboring AS's.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 26Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 26 All rights reserved © 2006–2007 Alcatel-Lucent
BGP Route Selection Criteria
If the entry is valid, loop-free and the next-hop is reachable, then prefer the …
1. Route with higher local preference 2. Route with the shorter AS path3. Route with the lower origin code4. Route with the lowest MED5. Route learned from an EBGP peer before those learned
from an IBGP peer6. Route with the lowest IGP cost to the next-hop 7. Route with the lowest BGP router-ID 8. Route with the shortest cluster list 9. Route with the lowest peer IP address
This chart depicts the BGP route selection criteria as implemented on the Alcatel 7750 SR. When BGP receives multiple routes to the same destination prefix, the route selection criteria is used to select the best route.
A route will never be considered if it does not have the valid flag associated to it, contains an AS-Path loop or the next-hop is unreachable.
For each prefix in the BGP table, the first entry for that prefix is compared to the next in the list, until a best route is found for each.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 27Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 27 All rights reserved © 2006–2007 Alcatel-Lucent
Show BGP Neighbor
Node_181# show router bgp neighbor
===========================================================================
BGP Neighbor
===========================================================================
---------------------------------------------------------------------------
Peer : 192.168.1.5 Group : bgp
---------------------------------------------------------------------------
Peer AS : 65002
Peer Address : 192.168.1.5 Peer Port : 49353
Local AS : 65001
Local Address : 192.168.1.6 Local Port : 179
Peer Type : External
State : Established Last State : Established
Last Event : recvKeepAlive
Last Error : Cease
(continued on next slide)
The information shown in the above graphic and continued on the next slide is the output showing the information of a BGP peering session. It first identifies the peer by the IP address (192.168.1.5) and then gives the Peer AS number (65002). It then identifies the local information and gives the state of the connection. If the state says anything other then “ESTABLISHED” then there is a problem. It shows the last event which is the last message that it has received.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 28Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 28 All rights reserved © 2006–2007 Alcatel-Lucent
Show BGP Neighbor (continued)
(continued from previous slide)
Local Family : IPv4 Remote Family : IPv4
Local Capability : RouteRefresh MP-BGP Remote Capability: RouteRefresh MP-BGP
Hold Time : 90 Keep Alive : 30
Active Hold Time : 90 Active Keep Alive: 30
Cluster Id : None
Preference : 170 Num of Flaps : 1
Recd. Prefixes : 6 Active Prefixes : 3
Recd. Paths : 2 Suppressed Paths : 0
Input Queue : 0 Output Queue : 0
i/p Messages : 25 o/p Messages : 23
i/p Octets : 673 o/p Octets : 621
i/p Updates : 7 o/p Updates : 6
Import Policy : None Specified / Inherited
Export Policy : rip
This is a continuation from the previous slide. There is a lot of information shown above but some of the more important information is the local and remote capability. Notice that both support MP-BGP. This is Multi-Protocol BGP and will be covered in the BGP protocol class. Other important information are the timers for the hold and keep alive. These must match in a peering session. The final areas to note are the import and export policies. As was previously stated BGP is not a discovery protocol and not only must you tell it where to go to peer, you must also tell it what information you want it to advertise.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 29Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 29 All rights reserved © 2006–2007 Alcatel-Lucent
Show BGP Paths
Node_181# show router bgp paths
==========================================================================
BGP Router ID : 172.0.0.181 AS : 65001 Local AS : 65001
==========================================================================
BGP Paths
==========================================================================
Path: 65004 65002
Origin : Incomplete Next Hop : 192.168.1.10
MED : none Local Preference : none
Refs : 4 ASes : 2
Segments : 1
Flags : EBGP-learned
--------------------------------------------------------------------------
Path: 65002
Origin : Incomplete Next Hop : 192.168.1.5
MED : none Local Preference : none
Refs : 8 ASes : 1
Segments : 1
Flags : EBGP-learned
The above graphic shows the BGP Paths that have been learned by the router. Note that the path lists the AS numbers of the systems that it must traverse and whether they were learned through e-BGP or i-BGP.
Note that there may a very large number of BGP paths in the router’s routing table and as such it may be wise to specify the particular routes of interest when executing the ‘show router bgp paths’ command.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 30Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 30 All rights reserved © 2006–2007 Alcatel-Lucent
Show BGP Summary
Node_181>show>router>bgp# summary all
===============================================================================
BGP Comprehensive Summary
===============================================================================
ServiceId AS PktRcvd InQ Up/Down State| Recv/Actv/Sent(IPv4)
Neighbor PktSent OutQ Recv/Actv/Sent(VpnIPv4)
----------------------------------------------------------------------------------
Def. Instance 65002 30 0 00h10m17s 6/3/6
192.168.1.5 28 0 VPN-IPv4 Incapable
Def. Instance 65004 21 0 00h07m27s 6/2/7
192.168.1.10 23 0 VPN-IPv4 Incapable
===============================================================================
The above graphic shows a summary of the Autonomous Systems that the router has learned about and the amount of packet traffic it has received from those systems.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 31Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 31 All rights reserved © 2006–2007 Alcatel-Lucent
Show BGP Group
Node_181>show>router>bgp# group bgp
=========================================================================
BGP Group : bgp
=========================================================================
Description : (Not Specified)
Group Type : No Type State : Up
Peer AS : n/a Local AS : 65001
Local Address : n/a Loop Detect : Ignore
Import Policy : None Specified / Inherited
Export Policy : rip
Hold Time : 90 Keep Alive : 30
Cluster Id : None Client Reflect : Enabled
NLRI : Unicast Preference : 170
List of Peers
- 192.168.1.5 : (Not Specified)
- 192.168.1.10 : (Not Specified)
Total Peers : 2 Established : 2
-------------------------------------------------------------------------
Peer Groups : 1
BGP, like RIP, uses the concept of Groups in its configuration. Inside the group, the operator will configure the neighbor information for the BGP protocol to use for peering. Note above, that there are two peers configured and the two sessions established.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 32Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 32 All rights reserved © 2006–2007 Alcatel-Lucent
Show BGP Routes
Node_181>show>router>bgp# routes
===============================================================================
BGP Router ID : 172.0.0.181 AS : 65001 Local AS : 65001
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
Origin codes : i - IGP, e - EGP, ? - incomplete, > - best
===============================================================================
Flag Network Nexthop LocalPref MED
VPN Label As-Path
-------------------------------------------------------------------------------
u*>? 11.11.11.0/24 192.168.1.5 none none
65002
*? 11.11.11.0/24 192.168.1.10 none none
65004 65002
Press any key to continue (Q to quit)
The above graphic is just a portion of the output of the BGP routes. This shows all learned BGP routes to all destinations. It marks each route as valid, the origin of the route and whether the route is used or not. The > signifies the best route and this is the route that will be entered into the routing table.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 33Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 33 All rights reserved © 2006–2007 Alcatel-Lucent
Protocol Summary
Feature
Updates
Update type
Authentication
Metric
Metric type
VLSM/CIDR support
Topology size
Transport protocol
Application port #
RIPv2
Periodic
Broadcast/Multicast
Simple & MD5
Hops
Distance vector
Yes
Small
UDP
520
BGP
Incremental
Unicast
MD5
Multiple
Adv. DV
Yes
Very large
TCP
179
OSPF
Incremental
Multicast
Simple & MD5
Cost
Link-state
Yes
Large
—
—
ISIS
Incremental
Multicast
Simple & MD5
Default
Link-state
Yes
Large
—
—
Protocol # — — 89 —
The comparison above shows the differences and similarities of the routing protocols that are supported on the Alcatel 7750 SR platforms. RIP, OSPF, and IS-IS are the IGPs and BGP is the EGP.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 34Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 34 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary
This module provided a brief overview of BGP.BGP is an external routing protocol.Provided an understanding of IBGP and EBGPProvided an understanding of the operation of BGP and its route selection processBGP connects autonomous systems to other autonomous systems.Provided a high-level summary of the features of the routing protocols
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 35Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 35 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment
1. Two BGP speakers establish a peering session. One BGP speaker isin AS 65001, and the other is in AS 65002. What type of peering session is it?
a. EGPb. IGPc. IBGPd. EBGP
2. BGP is referred to as a path vector protocol, which means that path selection is based on what?
a. AS Hop countb. Costc. AS numbersd. Default
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 36Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 36 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment (continued)
3. What transport layer protocol and port number does BGP use?a. TCP port 79b. UDP port 79c. TCP port 179d. UDP port 179
4. What does BGP require to work correctly within an AS?a. An IGPb. The BGP speakers must be configured with different AS
numbers.c. The BGP speakers must be installed on the edge of the network.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 8 – page 38Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 8 | 38 All rights reserved © 2006–2007 Alcatel-Lucent
LAB 6.1 – BGP
Pod1 Pod2
Pod3 Pod4
Core-Pod3
Core-Pod1
Core-Pod4
Core-Pod2
Edge-Pod1
Edge-Pod4Edge-Pod3
Edge-Pod2
65003
6500265001
65004
BGP
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Alcatel-Lucent Scalable IP Networks
Module 9 — 7x50 SR/ESS Services Overview
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 2Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 2 All rights reserved © 2006–2007 Alcatel-Lucent
Module Objectives
After successful completion of this module, you should be able to:
Discuss the different services offered Understand the concepts of the components that make up a service Understand the function of a service tunnel Discuss the basics of MPLS
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 3Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 3 All rights reserved © 2006–2007 Alcatel-Lucent
Understanding Services
There are two main types of services on the 7x50 SR/ESS platforms:
Internet connectivityRepresented by the IES is a global serviceThe purpose of IES is to provide connectivity to the world as defined in the global routing table.
VPN services VPN services (VLL, VPLS, and VPRN) are, by their nature, restricted. You must define the scope of the VPN: what is allowed into it and how the nodes in the service connect to each other.
Note: The 7450 ESS does not support VPRN services.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 4Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 4 All rights reserved © 2006–2007 Alcatel-Lucent
Network-Component Naming Conventions
CE
CE
PE
PEP
P
P
CE = customer edge
PE = provider edge
P = provider router
Customer Edge DevicesA CE device provides customer access to the service provider network over a data link to one or more PE routers. The end user typically owns and operates these devices. The CE devices run the routing protocol(s) of the end user and support the IP address scheme implemented by the end user. The devices are unaware of the existence of the MPLS protocol or the VPNs.
CE devices used in layer 2 VPNs may be Ethernet switches, in which case they do not need to participate in routing protocols. They must only be aware of VLANs running in the customer network.
Provider Edge DevicesA PE router is directly connected to the customer edge (CE) devices. In an MPLS network PE routers are LERs.
Provider RouterThe routers in the provider core network. In an MPLS provider network routers are LSRs.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 5Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 5 All rights reserved © 2006–2007 Alcatel-Lucent
IES provides direct Internet access for the customer, with the following features:
From the customer’s perspective, it provides a direct connection to the Internet.The service provider can apply all billing, ingress/egress shaping, and policing to the customer.
Internet Enhanced Service
Service providernetwork
Internet
Company A
Company C
Company B
PE A
PE C
PE B
An IES is a routed connectivity service in which the subscriber communicates with an IP (layer 3) router interface to send and receive Internet traffic.
The IES allows the provider to shape and police traffic to conform to SLA parameters. This allows customers to purchase subrate Internet access with asymmetrical SLAs.
CharacteristicsA SAP acts as the access point to the subscriber’s network.
The interface supports RIP, OSPF, IS-IS, and BGP.
Does not require an SDP; traffic is routed rather than encapsulated in a tunnel.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 6Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 6 All rights reserved © 2006–2007 Alcatel-Lucent
VLL Service
A VLL service provides a point-to-point connection between two nodes.
From the customer’s perspective, it looks as if a leased link exists between the two locations.The service provider can apply billing,ingress/egress shaping, and policing.
PE A PE C
PE B
PE D
IP / MPLSNetwork
e-pipe service
A VLL is a layer 2 point-to-point service. The VLL service encapsulates customer data and transports it across a service provider’s IP or MPLS network in a GRE or MPLS tunnel.
Customer access to the service provider’s network is through a SAP. A VLL service connects two access points on the same node or two access points on different nodes through two unidirectional tunnels. Each node needs to provide access to the service tunnel.
A basic VLL service must have the following:
A locally unique identification number
System IP address of the originating and far-end nodes
Tunnel encapsulation type: GRE or MPLS
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 7Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 7 All rights reserved © 2006–2007 Alcatel-Lucent
VPLS is a class of VPN that allows the connection of multiple sites in a single bridged domain over a provider-managed IP/MPLS network.
From the customer’s perspective, it looks as ifall sites are connected toa single switched VLAN.The service provider can reuse the IP/MPLS infrastructureto offer multiple services. The service provider can apply billing,ingress/egress shaping, and policing.
Virtual Private LAN Service
PE A PE C
PE B
PE D
IP / MPLSNetwork
IP/LSP Full-mesh
VPLS Service
The 7750 SR supports VPLS multipoint switched services. A VPLS is a multipoint layer 2 service that allows multiple customer sites to be connected in a single bridged domain contained in a provider-managed IP/MPLS network. Customer sites in the VPLS appear to be on the same LAN even if the sites are geographically dispersed.
A VPLS:
Uses an Ethernet interface on the customer access side to simplify provisioning
Enables customers to control and simplify routing strategies as all routers in the VPLS are part of the same LAN, which simplifies IP addressing
Is protocol-independent, which means there is no layer 2 protocol conversion between LAN and WAN technologies
A VPLS can span a single node or multiple nodes. On a VPLS that spans a single node, subscriber data is distributed through multiple access points on the node.
On a VPLS that spans multiple sites, customer data enters the service using at least one access point on each node. Data is transported among the nodes through service tunnels over an IP/MPLS provider core network. A VPLS that spans multiple nodes requires at least one service tunnel at each node.
VPLS services switch traffic based on MAC addresses (associated with the appropriate access points).
CE EquipmentAlthough VPLS is a layer 2 VPN service and allows the use of layer 2 switches as the CE devices, most customers use routers at the LAN/WAN boundary.
Using a router as the CE device means that the PE device must learn only one MAC address per site, per service.
Using a layer 2 switch as the CE device means that the PE device must learn potentially hundreds of MAC addresses per site, per service. The number of MAC addresses that the PE device must learn can be limited by using MAC filters and/or by limiting the maximum number of MAC addresses accepted by the PE device.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 8Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 8 All rights reserved © 2006–2007 Alcatel-Lucent
VPRN is a class of VPN that allows the connection of multiple sites in a routed domain over a provider-managed IP/MPLS network.
From the customer’s perspective, it looks as ifall sites are connected to a private routed networkadministered by the service provider forthat customer only.The service provider can reuse the IP/MPLS infrastructureto offer multiple services.Each VPRN appears like anadditional routing instance. Routes for a service between the various PEs are exchangedusing MP-BGP.
Virtual Private Routed Network (RFC 4364)
PE A PE C
PE B
PE D
IP / MPLSNetwork
MP-BGP route
exchangefor all
services
VPRN Service
Red
RI-1
RI-1
RI-1
RI-1
RI-2
RI-2
RI-2
RI-2
VPRN ServiceGreen
RFC 4364 (which obsoletes RFC 2547) describes a method of distributing routing information and forwarding data to provide a layer 3 VPN service to end customers.
Each VPRN consists of a set of customer sites that are connected to one or more PE routers. Each associated PE router maintains a separate IP forwarding table for each VPRN. Additionally, the PE routers exchange the routing information configured or learned from all customer sites via MP-BGP peering.
Each route in a VPN is assigned an MPLS label. When BGP distributes a VPN route, it also distributes an MPLS label for the route.
Before a customer data packet travels across the service provider's backbone, it is encapsulated with the MPLS label that corresponds, in the customer's VPN, to the route that best matches the packet's destination address. The MPLS packet is further encapsulated with either another MPLS label or a GRE tunnel header so that it gets tunneled across the backbone to the proper PE router. Each route exchanged by MP-BGP includes a route distinguisher (RD), which identifies the VPRN association. The backbone core routers therefore do not need to know the VPN routes.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 9Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 9 All rights reserved © 2006–2007 Alcatel-Lucent
Tunnel Encapsulation Types
GREEncapsulates traffic in an IP/GRE header; appears like an IP packetLow control plane overheadUses normal IP routing to find a path
MPLSUses LDP or RSVP for label signalingLDP auto-bind is available to simplify configurationLDP relies on an IGP to find its pathRSVP
Requires manual configurationCan be loose or strictMay reserve bandwidthCan use fast reroute to speed convergence
Generic Routing EncapsulationLow control plane overhead
Uses an IGP (e.g., OSPF, IS-IS) to find a path from edge to edge
Convergence depends on the IGP
MPLSUses LSPs (may use primary and secondary paths for protection)
Paths can be manually configured or signaled using LDP or RSVP-TE
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 10Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 10 All rights reserved © 2006–2007 Alcatel-Lucent
MPLS Terminology
LER(Label edge router)LSR (Label switch router)LSP (Label switch path)Push SwapPopLabel StackDoD (Downstream on demand)DU (Downstream unsolicited)RSVP-TE (Resource reservation protocol with traffic engineering extensions)T-LDP (Targeted label distribution protocol)
MPLS TerminologyMPLS has become the basic building block for the various services and VPNs offered on the 7750 SR platforms. The slide above lists some of the more common MPLS acronyms that are used when discussing services.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 11Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 11 All rights reserved © 2006–2007 Alcatel-Lucent
MPLS Basics (continued)
LER LERLSR
In the case of services the LERs are normally located at the edge of the network while the LSRs are normally the core routers.
The MPLS-enabled routers (LERs and LSRs) use a signalling protocol to distribute labels across the network. These labels are used to make the forwarding decision for incoming traffic rather than the IP address. This basically turns the L3 network into an L2 or switch network.
The way the labels are distributed throughout the network depends on the signalling protocol used. LDP is DU, while RSVP is DoD. The next few slides discuss LDP at a high level. RSVP and a more in-depth discussion on LDP are covered in the MPLS/L3VPN course.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 12Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 12 All rights reserved © 2006–2007 Alcatel-Lucent
MPLS Basics (continued)
LER LERLSR
LDPLDP
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
10.1.4.0/24
Router 1 Router 2 Router 320
1 2
Network Label Intf10.1.1.0/2410.1.2.0/24
20 1
In the figure above, LDP is enabled on Router 2 and Router 3. However, before any of this can happen the network must be running some sort of routing protocol. For LDP to set up a peering session, it must be able to find its way to the adjacent router, and that is done by the routing protocols.
When LDP is enabled, the protocol automatically sets up a peering session with adjacent LDP-enabled routers. When this session is established, the routers look at their routing tables and send out a label associated with networks that they see.
In the figure above, an LDP session is established between Router 2 and Router 3. Router 3 examines its routing table for networks that it sees behind it and sends a label to Router 2 to represent those networks. For example, Router 3 sends a label of 20 to represent networks 10.1.1.0/24 and 10.1.2.0/24.
Every time Router 2 receives a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, it pushes the label value of 20 onto the packet and puts it in the LSP that takes the MPLS frame to Router 3. Because Router 3 has sent the label of 20 out, it knows that any MPLS frame coming in with the label of 20 is destined for a network that is terminated from it. Router 3 removes the 20 label from the frame, does a layer 3 look up, and routes the packet to its destination.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 13Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 13 All rights reserved © 2006–2007 Alcatel-Lucent
MPLS Basics (continued)
LER LERLSR
LDPLDP
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
10.1.4.0/24
Router 1 Router 2 Router 320
1 2
Network EgressLabel
Intf
10.1.1.0/2410.1.2.0/24 20 1
LDP 10
IngressLabel
10
1
In the figure above. LDP is now enabled on Router 1. Router 1 now sets up a peering session with Router 2. Router 2 sends a label to Router 1 to represent the networks that it sees behind it; in this case, Router 2 sends a label of 10 to Router 1 to represent the 10.1.1.0/24 and 10.1.2.0/24 networks. Note that the label is not the same as the one Router 2 received from Router 3. Labels are only locally significant. Router 1, when receiving a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, pushes on a label of 10 and sends it to Router 2.
Router 2’s function has now changed. When it now receives an MPLS frame with a label of 10, it swaps (switches) out the 10 label, replaces it with a label of 20, and sends it out the interface to Router 3.
Router 3’s function remains the same; it removes the 20 label and routes the packet to its destination.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 14Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 14 All rights reserved © 2006–2007 Alcatel-Lucent
MPLS Basics (continued)
LER LERLSR
LDPLDP
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
10.1.4.0/24
Router 1 Router 2 Router 320
1 2
Network EgressLabel
Intf
10.1.1.0/2410.1.2.0/24 20 1
LDP 10
IngressLabel
10
LSP 10 LSP 20
10.1.2.0/2410.1.1.0/24Network Label Intf
10 1
Label
20 Route
The figure above shows the complete LSP setup from Router 1 to Router 3. Router 1’s function is to do a L3 lookup, and if the packet is destined for one of the networks supported by Router 3 it pushes (encapsulates the packet in an MPLS frame) the appropriate label onto the packet. This is the function of an LER.
When it receives the MPLS frame, Router 2 examines the label, swaps it for the appropriate egress label, and sends the frame out the appropriate interface to get to its destination. Router 2’s function is now an LSR and is basically a L2 switch function.
When receiving the MPLS frame, Router 3 examines the label and pops (removes the packet from the MPLS frame) the label, performs an L3 lookup, and routes the packet to the appropriate network.
Note that LSPs are unidirectional. For bidirectional communications, another LSP must be set up in the opposite direction.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 15Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 15 All rights reserved © 2006–2007 Alcatel-Lucent
VPN Services
TunnelAccess
TunnelAccess
Service 2
Service 1
Service 2
Service 1Access
Access
Access
Access
Network
Tunnel (MPLS, GRE)
PE-A PE-B
•After a tunnel has been created, multiple services can be carried in it.•Operations on the tunnel affect all the services that are associated with the tunnel.•A tunnel uses the system IP address to identify the far-end 7750 SR.
Tunnel (MPLS, GRE)
It does not matter what type of VPN service is created, they all function using the same method. With reference to the figure above, the tunnel must be created first. As shown, the tunnel can be either GRE or MPLS. After the tunnel is created, a service can be created. The figure above shows two services being created, and each service will have a unique service number. The service number must match at both ends of the service. This service number will isolate Service 1 traffic from Service 2 traffic.
When the service has been created, the customer access point must be configured inside the service, thereby defining which port on the router belongs to the customer. When traffic comes into the router, the unique service number specifies which customer port the traffic is supposed to egress on.
The final step of the process is to associate the service with the tunnel that will take the traffic to its destination. As shown in the figure above, the tunnel is not tied to one specific service but instead can support multiple services.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 16Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 16 All rights reserved © 2006–2007 Alcatel-Lucent
Physical Links, Tunnel LSPs, and VCs
Physicallink
Service tunnel
GRE/MPLS/LDPtunnels
7750 SRs are connected to physical links that are used to carry traffic. When a service is set up using MPLS, LSP tunnels are set up between PE routers. Each service or customer sends traffic through a service tunnel within the LSP tunnel.
Tunnel LSPs are identified by MPLS labels that are swapped at each intermediate node (transit LSR) along the LSP from the ingress to the egress of the MPLS network.
The VC label is used to identify which service or customer a packet belongs to. The label is attached at the ingress point and does not change value as the packet travels from ingress to egress.
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 17Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 17 All rights reserved © 2006–2007 Alcatel-Lucent
Module Summary
Overview of the Layer 2 and Layer 3 services offered.A high-level understanding to the function of a service tunnelA basic understanding of MPLS and the terminology
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 18Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 18 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment
1. An e-pipe (VLL) is a multipoint-to-multipoint service. True or False?
2. A VPLS allows multiple customer sites to be connected in:A. A single collision domainB. A single bridged domainC. A single routing domain
3. What protocol is used to exchange routing information between the PE routers in the service provider’s network, in RFC 4364 layer 3 VPNs?
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
Module 9 – page 19Scalable IP Networks v1.00
Alcatel-Lucent Scalable IP Networks v1.1 Module 9 | 19 All rights reserved © 2006–2007 Alcatel-Lucent
Learning Assessment Answers
Left blank for notes page
1. An e-pipe (VLL) is a multipoint-to-multipoint service. True or False? FALSE
2. A VPLS allows multiple customer sites to be connected in:
A. A single collision domain
B. A single bridged domain
C. A single routing domain
3. What protocol is used to exchange routing information between the PE routers in the service provider’s network, in RFC 4364 layer 3 VPNs? MP-BGP
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 01
Alcatel-Lucent C
onfidential for internal use only -- Do N
ot Distribute