Ccie Rs Lab Prep

© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 1

CCIE Routing and Switching

2

Techtorial Session Topics

Session 1

Session 2

CCIE Program Overview/ Roadmap

Core Knowledge

Session 3 Multilayer Switching/Frame-Relay

Session 4 IP Routing Concepts/OSPF

Session 5 IP Version 6

Session 6 IP Routing BGP

Session 7 MPLS/VPN

Session 8 IP Multicast

Session 9 Quality of Service

Session 10 Troubleshooting


Program Overview and Roadmap

4

www.cisco.com/go/learnnetspace

CCNACCENT

CCNP

CCIE

Cisco CCIE Certification

CCIE R&S: Configure and troubleshoot complex converged networks

CCIE Security: Configure complex, end-to-end secure networks, troubleshoot environments, and anticipate and respond to network attacks

CCIE Service Provider: Configure and troubleshoot advanced technologies to support service provider networks

CCIE Storage: Configure and troubleshoot storage area networks over a variety of interfaces

CCIE Voice: Configure complex, end-to-end telephony, as well as network, troubleshoot, and resolve VoIP-related problems

CCIE Wireless: Plan, design, implement, operate, and troubleshoot wireless network and mobility infrastructure

5

Certification Process

CCIEs must pass two exams

The written qualification exam uses simulations and multiple-choice questions

The lab exam is what makes this certification different; the full-day, hands-on lab exam tests the ability to configure and troubleshoot equipment

Not all lab exams are offered at all lab locations

6

Process: Step 1 The Written Exam

Available worldwide at Pearson VUE for $350 USD, adjusted for exchange rate and local taxes where applicable

Two-hour exam uses simulations and multiple-choice questions

Closed book; no outside reference materials allowed

Pass/fail results available immediately; passing score set by statistical analysis and subject to periodic change

Waiting period of five calendar days to retake the exam

Candidates must wait minimum of six months before retaking the same number exam

Must take first lab exam attempt within 18 months of passing written, or written exam expires

7

Process: Step 2 The Lab Exam

Available in select Cisco locations for $1,400 USD, adjusted for exchange rates and local taxes where applicable, not including travel and lodging

Eight-hour exam requires working configurations and troubleshooting to demonstrate expertise

Cisco documentation available via Cisco Web; no personal materials of any kind allowed in lab

Minimum score of 80% to pass

Scores generally can be viewed online within 48 hours; failing score reports indicate areas where additional study may be useful

9


Most popular track, over 80% of CCIE candidates attempt R&S first

Expert-level knowledge of LAN and WAN interfaces, Routing Protocols, and variety of routers and switches

Expert-level in troubleshoot to solve complex connectivity problems and apply solutions to increase bandwidth, improve response times, maximize performance, improve security, and support global applications

10

Recent Changes to CCIE R&S

Reflect growth of network as a service platform

Aligning to job tasks of expert-level network engineers and expectations of employers

New certification standards released on May 5, 2009

New areas include: –planning and evaluating network changes

–MPLS and VPN networking

–implementing performance routing and optimized edge routing

–filtering and route distribution

–EIGRPv6

–IPv6 multicast

11

CCIE R&S v4.0 Certification

Written and lab exams refreshed with new questions

Adding coverage of MPLS and VPN

Written exam adding simulations

Lab exam adding hands-on troubleshooting

Exam durations and pricing remain same

V4.0 exams scheduled for release October 18, 2009 and will immediately replace v3.0 exams

Last day to take v3.0 exam is October 17, 2009

12

CCIE Exam Development Process

Job role and career development survey

Cisco business unit/ technology groups

Cisco Technical Support team

Comprehensive Job Task Analysis, performed by external and internal network experts

Customer Advisory Groups

Certification Standards

Exam Design

Development Inputs • Cisco content

advisory team

• CCIE program managers

• Customer validation survey

• Alpha review

• Beta test and statistical analysis

Validation and Feedback

Clearly defined and ISO-reviewed process ensures exams are relevant and valid.


CCIE Routing and Switching Written Exam

14

CCIE R&S Written Exam

Covers networking theory related to:

Evaluate proposed changes to a Network

General networking*

Bridging and LAN switching (Implement Layer 2 Technologies)

IP and IP routing (Implement IPv4)

QoS (Implement Quality of Service)

WAN (Implement Layer 2 Technologies)

IP multicast (Implement IP Multicast)

Security (Implement Network Security)

IPv6 (Implement IPv6)

MPLS (Implement MPLS Layer 3 VPNs)

Implement Network Services

Troubleshoot a Network

Optimize the Network

Written lays foundation to the Lab Exam

Black = v3.0 blueprint

Red= v4.0 blueprint

* = removed fromv4.0


CCIE Routing and Switching Lab Exam

16

R&S Lab LocationsTokyo

Sydney

Sao Paulo

Beijing

San Jose

RTP

Dubai

Brussels

Hong Kong

Permanent CCIE R&S Lab Locations

Bangalore

Upcoming Mobile Labs:

Moscow, Russia May 4-8, 2009Singapore, Singapore June 8-12, 2009Riyadh, Saudi Arabia June 20-24, 2009

17

Introduction

Candidates build a network to a series of supplied specifications

The point values for each question are shown on the exam

Some questions depend upon completion of previous parts of the network

Report any suspected equipment issues to the proctor as soon as possible; adjustments cannot be made once the exam is over

18

R&S Lab Exam: Topics Evaluate proposed changes to a Network

Bridging and Switching (Implement Layer 2 Technologies)

IP IGP Routing (which includes IPv6) (Implement IPv4 – includes BGP)

BGP

Implement IPv6

Implement MPLS Layer 3 VPNs

IP and Cisco IOS Features (Implement Network Services)

Implement MPLS Layer 3 VPNs

IP Multicast (Implement IP Multicast)

QoS (Implement Quality of Service)

Security (Implement Network Security)

Troubleshoot a Network

Optimize the Network

Black = v3.0 blueprint

Red= v4.0 blueprint

19

Introduction

Each candidate has his/her own PC and rack of equipment

Equipment rack may or may not be with candidates desk and PC

Equipment requires no HW or Cabling configuration by candidate

If the candidate feels that a HW or cabling intervention is needed the CCIE lab proctor must be involved

Check the CCIE web page for the latest equipment list and IOS versions

20

Rack Access

The Comm Server is pre-configured

The Candidate PC has the terminal emulator pre-configured to access all routers and switches (in general SecureCRT), browsers and any other needed application

Comm ServerCandidate PC

Exam Routers

Ethernet

Rack Connection Method

21

Passwords

All routers and switches have a startup configuration: hostnames, passwords, line setup, and IP addresses for primary interfaces are already configured; since all tests require the router to be accessible via the VTY and AUX ports, do not change these established configurations

22

Standard Restrictions

Static routes (of any kind)

Default routes

**Dynamic routes to null are permitted

Unless Specified within the exam you are NOT allowed to use

23

R&S Lab Exam: Sample Topology

R1

R5

R4

R3

R2

Frame Relay

SW1

SW2

FA0/0-10.11/24 S0/0-11.1/24 S0/0-11.2/24

FA0/0-33.1/24

FA0/0-50.1/24

FA0/0-50.1/24

FA0/0-22.1/24

FA0/0-22.5/24

Lo0-1.1/24Lo1-172.16.1.1Lo2-172.16.2.2Lo3-172.16.3.3Lo4-172.16.4.4

Lo0-2.2/24

Lo0-5.5/24

R6 Lo0-4.4/24

Network Addressing 125.10.0.0

Frame Relay

24

R&S Lab Exam: Sample Question

Configure RIPv2 on R1, R2, and R5

Redistribute between RIP and OSPF on R5

All routes should be visible on all routers

Score: 2 Points

Section: 2.5 RIP

25

R&S Lab Exam: Sample Answer

R4 must have all routes on its routing tableR4#show ip route <-> 172.16.0.0/24 is subnetted, 4 subnetsO E2 172.16.4.0 [110/20] via 125.10.50.1, 22:34:38, Ethernet0/0O E2 172.16.1.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0O E2 172.16.2.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0O E2 172.16.3.0 [110/20] via 125.10.50.1, 22:34:58, Ethernet0/0 125.0.0.0/8 is variably subnetted, 8 subnets, 2 masksC 125.10.50.0/24 is directly connected, Ethernet0/0O E2 125.10.22.0/24 [110/20] via 125.10.50.1, 22:44:39, Ethernet0/0C 125.10.4.0/24 is directly connected, Loopback0O E2 125.10.2.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.1.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O 125.10.5.5/32 [110/11] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.11.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.10.0/24 [110/20] via 125.10.50.1, 22:44:44, Ethernet0/0R4#

Verification—1

26

R&S Lab Exam: Grading

Proctors grade all lab exams

Automatic tools aid proctors with simple grading tasks

Automatic tools are never solely responsible for lab exam grading

Proctors complete grading of the exam and submit the final score within 48 hours

Partial credit is not awarded on questions

Points are awarded for working solutions only

Some questions have multiple solutions


Q and A


Session 2:

Core Knowledge

29

Agenda

What is the Core Knowledge questions

How many questions?

Structure through the lab exam

Sample questions

30

Core Knowledge Consists of four and computer-delivered short-answer

questions is being added to the lab exam in all global lab locations.

Candidates will be required to type out their answers, which typically require five words or less.

This section covers core concepts from the CCIE R&S exam objectives.

When candidates complete the Core Knowledge section, they may move immediately to the lab configuration portion of the exam.

You must be completed before the candidate moves to the lab configuration scenarios.

31

Core Knowledge Sample Question - 1

Refer to the diagram below. On which routers can you enable summarization in OSPF?

(Answer: Any ABR router)

32


What protocol do the following statements describe?

Integral to IPv6

Every node that implements IPv6 must fully implement this protocol.

Many IPv6 functions utilize this protocol e.g. MTU path discovery, and neighbor discovery, etc.

(Answer: ICMPv6)

33


What device is used to dynamically announce the RP address to all routers in a PIM environment ?

Which open standard BGP attribute is used first in the BGP Best Path selection algorithm?


Session 3:

Multilayer Switching and Frame Relay

35

Agenda

LAN Switching

MLS Concepts

Layer 2 Protocols

Layer 2 Features

Layer 3 Features

Troubleshooting Tips

Frame Relay

Concepts

Configuration Options


36

MLS Concepts

Layer 1:

Collision domain: Hub

Layer 2:

Broadcast domain: Vlan

VTP domain

STP domain

Layer 3 and 4: MLS

Wire-rate forwarding based on upper layer info

IP (address or TOS)

TCP/UDP ports

37

Layer 2 VLAN’s

Broadcast domains spanning multiple switches

Default Vlan 1

Normal-range: 1 to 1005

Extended-range: 1006 to 4094

Deprecated vlan-database > vlan config-mode

Minimal port config once the Vlan is known:

switchport mode access

switchport access vlan X

38

Layer 2 FeaturesVerify VLAN Configuration

switch#sh vlan brief

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5 Fa0/7, Fa0/8, Fa0/9, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/21 Fa0/22, Fa0/24, Gi0/1, Gi0/211 VLAN_BB1 active Fa0/1012 VLAN_BB2 active 13 VLAN_BB3 active 21 VLAN_A active 22 VLAN_B active 23 VLAN_C active 55 vlan_test active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup switch#switch#s run int f0/10!interface FastEthernet0/10 switchport access vlan 11 switchport mode accessend

39

Most LAN topologies consist of multiple VLANs

How to carry multiple VLANs on a single physical link, while maintaining isolation?

Trunking Protocols:IEEE 802.1q

4 bytes tag with Vlan ID

Supports Native Vlan (not tagged, must match on L2 links)

ISL (Cisco Proprietary)

30 bytes header (26 + 4) true encapsulation

No Native concepts, ALL frames encapsulated

Layer 2 Ethernet Trunk

X

10 VLANS

?

40

Sample Question

Create trunking among the four switches meeting the following requirements:

Trunking will be formed unconditionally

Use ISL encapsulation

Choose the encapsulation and create a trunk between R6 and Sw2. Only VLAN_BB3 and VLAN_B must be allowed in the trunk

Implicit: refer to the diagrams to determine IP addresses

Score: 2 Points

41

Sample Questions

You have multiple diagrams and have to figure out which ports to configure

Diagrams

FR FR

Sw1 Sw2

Fa0/19Fa0/20Fa0/21Fa0/22

Fa0/19Fa0/20Fa0/21Fa0/22

sw1

sw1

sw1

sw1

Fa0/1

Fa0/2

Fa0/3

Fa0/4

g0/0

g0/0

g0/0

g0/0

sw1 Fa0/10

g0/1

g0/2

g0/3

g0/4

Fa0/1

Fa0/2

Fa0/3

Fa0/4

Fa0/10

sw2

sw2

sw2

sw2

sw2BB1 BB2

R1

R2

R3

R4

42

Sample Question—Solution

On switch-switch links, use ‘interface-range’ to speed up and minimize missed/wrong configConfig)#interface range fa0/19-20switchport trunk encapsulation islswitchport mode trunk

On switch-router, with the IOS running, only dot1Q is supported!

Router’ subinterface:-if)#encapsulation dot1q [vlanID]-if)#ip address [asPerDiagram…]

Switch port:-if)#switchport encapsulation dot1q-if)#switchport trunk allowed vlan 13,22-if)#switchport mode trunk

43

Sample Question—Verification

switch#s int f0/x trunk

Port Mode Encapsulation Status Native vlanFa0/x on isl trunking 1

Port Vlans allowed on trunkFa0/x 1-4094

Port Vlans allowed and active in management domainFa0/x 1,11-13,21-23,55

Port Vlans in spanning tree forwarding state and not prunedFa0/x 1,11-12,21-23,55

44

Layer 2 Protocols

CDP

Useful to discover L2 topology and detect weird forwarding issues (cdp neighbors appear where they shouldn’t)

switch3#sh cdp neigh

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

bb3-sw Fas 0/10 130 S I WS-C3550-4Fas 0/8

Switch4 Fas 0/24 178 R S I WS-C3560-2Fas 0/24

Switch4 Fas 0/23 178 R S I WS-C3560-2Fas 0/23

45

Sample Question

Configure the amount of time a neighbor should hold CDP information sent by Sw2 before discarding it to 2 minutes

Score: 2 Points

46


Sw2

Config)#cdp holdtime 120

Verification:

switch2#sh cdp

Global CDP information:

Sending CDP packets every 60 seconds

Sending a holdtime value of 120 seconds

Sending CDPv2 advertisements is enabled

47

Layer 2 ProtocolsDTP (Dynamic Trunking Protocol)

Negotiate trunking encapsulation, enabled by default

Some basic error checking

48

Sample Written Question

What trunk mode combination would not produce an operational ISL trunk?

Local: auto Remote: auto

Local: on Remote: auto

Local: nonegociate Remote: on

Local: nonegociate Remote: nonegociate

Local: auto Remote: desirable

Solution: AIf both sides are set to Auto, trunk will never come up

49

Sample Lab Question

Completely disable DTP traffic on all Fast Ethernet ports on all switches

Score: 2 Points

50

Sample Lab Question—Solution

if)#switchport mode access

if)#switchport nonegociate

Verification :

show interfaces switchport

Name: FaX/Y

Negotiation of Trunking: Off

51

VLAN Trunk Protocol (VTP)

Same VTP domain, version (1 or 2) and password

3 modes: server—client—transparent

Pruning

Switch-1 Switch-2

VTP Domain is CCIE

VLAN 10

Switch-1(config-if)#vlan 10

52

VTP CLI

sh vtp statusmost info comes out of this

sh vtp countersto see, whether pruning joins are received/transmitted

sh int pruningto see, which vlans are pruned and which vlans we request from upstream

sh int trunkto see, which vlans are (not) pruned and are forwarding

debug sw-vlan vtp <events|packets|xmit|pruning>

53

Layer 2 FeaturesVTP Verification

3550# show vtp countersVTP statistics:Summary advertisements received : 734Subset advertisements received : 0 Request advertisements received : 0Summary advertisements transmitted : 2199…

3550# show vtp statusVTP Version : 2Configuration Revision : 16Maximum VLANs supported locally : 1005Number of existing VLANs : 9VTP Operating Mode : ServerVTP Domain Name : ciscoVTP Pruning Mode : EnabledVTP V2 Mode : Disabled…

54

Layer 2 FeaturesEtherChannels

A logical aggregation of similar links (up to 8) 10/100/1000/10GE ports

Channel always point-to-point and viewed as one logical link by other protocols

Two flavors: Cisco’s PAgP and IEEE 802.3ad LACP

Each defines an “active” and “passive” side

55

EtherChannels

Can aggregate L2 Access Ports, L2 Trunks or L3 Links

Load-balancing algorithm (default is src-mac)

Operates between switches, routers, and certain vendors’ NICs

56

Sample Question

Create EtherChannels among Sw1 and Sw2 so that it will be formed unconditionally NOT using any protocol negotiation

Score: 2 Points

57


Use interface range

Config)#int range FastEthernet0/x-y

Config)#channel-group z mode on

Verification

sh etherchannel z port-channel

sh etherchannel [sum|load]

sh pagp|lacp [[port-chan#] neigh|count|internal]

58

Layer 2 FeaturesEtherChannel Verification

Rack08Sw2#sh etherchannel sum

...

Number of channel-groups in use: 1

Number of aggregators: 1

Group Port-channel Protocol Ports

------+-------------+-----------+--------------------------------------------

12 Po12(SU) - Fa0/23(P) Fa0/24(P)

switch#sh ether 12 port

Ports in the group:

-------------------

Port: Fa0/23

------------

Port state = Up Mstr In-Bndl

Channel group = 12 Mode = On/FEC Gcchange = -

Port-channel = Po12 GC = - Pseudo port-channel = Po12

Port index = 0 Load = 0x00 Protocol = -

Age of the port in the current state: 00d:00h:00m:17s

59

Layer 2 FeaturesEtherChannel Verification [2]

switch#sh int port-channel 12

Port-channel12 is up, line protocol is up (connected)

Members in this channel: Fa0/23 Fa0/24

switch#sh pagp ?

<1-64> Channel group number

counters Traffic information

internal Internal information

neighbor Neighbor information

switch#sh lacp ?

<1-64> Channel group number

counters Traffic information

internal Internal information

neighbor Neighbor information

sys-id LACP System ID

60

Spanning Tree

Provide loop free topology while physical redundant links/trunks are allowed between switches

Elects a root bridge and defines roles to the ports based on least cost path to the root

One Root port per bridge and one Designated port per segment

Blocks other ports to break loops(PDU still passes through)

61

Spanning Tree

Port States

Blocking: No user traffic allowed, only BPDUs

Listening: Receives BPDUs and wait for convergence of BPDUs

Learning: Learn source MAC from user traffic to build CAM

Forwarding: Normal mode, forward user traffic AND BPDUs

Disabled: Port is shut (/admin or not)...

62

Spanning-Tree Algorithm

A BPDU Is Superior than Another if it Has:

1. A lower Root Bridge ID

2. A lower path cost to the Root

3. A lower Sending Bridge ID

4. A lower Sending Port ID

63

A Root

C Peer

D Peer

1

2

2

1

2

21

RP

DP

DP

RP

DP

DP

RP

NDP

1Core

Distribution

B Peer

Spanning Tree

32768:000000000003

8192:000000000001

32768:000000000004

32768:000000000002

Designated Ports: PortsSelected for Forwarding

Direction ofBPDU Flow

Root Ports: Port with LeastCost Path to the Root Bridge

Nondesignated Ports:Ports in Blocking

64

Spanning Tree—RSTP—802.1w

switch(config)#spanning-tree mode ? mst Multiple spanning tree mode pvst Per-Vlan spanning tree mode rapid-pvst Per-Vlan rapid spanning tree mode

Mechanism of handshake to bypass listening/ forwarding state of the designated port if all bridges on a segment recognized this port as the designated

‘Disabled’+’Blocking’+’Listening’ states are merged into ‘Discarding’ state

65

Spanning Tree—MST—802.1s

Enhances STP scalability (preserves CPU power)

Flexible load-balancing

Complex interoperability with other STP flavors

66

Spanning Tree—MST—802.1s

MST Configuration: Identical for all switches in the same region

Digest of the config is sent in the MST BPDU

spanning-tree mode mst

spanning-tree mst configuration

name MST < up to 32bytes

revision 1

instance 1 vlan 20, 40, 60

instance 2 vlan 30, 50, 70

67

Spanning Tree Features

Portfast

Bpduguard

Bpdufilter

Uplinkfast

Backbonefast

Rootguard

68

Sample Lab Question

The 3550 switches in your topology are pre-cabled as shown in the diagram above. VLANs have already been assigned to the switches. Configure Sw1 and Sw2 to have the following behavior:

Only ODD VLANs should be forwarded on Fa0/23 during normal operationOnly EVEN VLANs should be forwarded on Fa0/24 during normal operationInterfaces should begin forwarding traffic within eight seconds of link-upDO THIS WITH EXACTLY WITH TWO COMMANDS PER SWITCH

Fa0/24

Fa0/23

Fa0/24

Fa0/23

Score: 3 Points

Sw2Sw1

69

Sample Lab Question: Analysis

Analyze the Initial Status

Sw#sh vlan brief ; Sw1#sh int trunk

Only Vlan 1 and Vlan 2 are active

Fa0/23 and Fa0/24 are trunk ports on both sides

Sw#sh span vl [1 | 2]

Sw1 is the root for both Vlans, as per lower sys MAC

Sw2 is Forwarding both Vlans out of Fa0/23 as per lower port ID Sw2Sw1

Desg FWDRoot FWD

Altn BLK

70

Vlan 1

Sw2Sw1

Sample Lab Question: Design

Think About It…

Vlan 2

Initial : Vlan 1 + 2

Possible Solution?

No, Because This Doesn’t Answer the “Exactly 2 Commands Per Switch” !

spanning-tree vlan 1 forward-time 4spanning-tree vlan 2 forward-time 4-if)#spanning-tree vlan 2 port-priority 112

Desg FWDRoot FWD

Altn BLK

Sw2Sw1

Sw2Sw1

71

Sample Lab Question: Solution

So We Need Sw2 to Become Root for One Vlan!

spanning-tree vlan 1 forward-time 4spanning-tree vlan 2 priority 61440

spanning-tree vlan 2 forward-time 4-if)#spanning-tree vlan 2 port-priority 112

Desg FWDRoot FWD

Altn BLK

Vlan 1

Sw2Sw1

Vlan 2

Sw2Sw1

72

Sample Lab Question: Verification

Sw1#s span vlan 1VLAN001 Spanning tree enabled protocol ieee Root ID Priority 32779 Address 0009.e8e2.6200 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 4 sec. . .

Sw1#s span vlan 2VLAN002 Spanning tree enabled protocol ieee Root ID Priority 32780 Address 0015.6286.7400 Cost 19 Port 24 (FastEthernet0/24) Hello Time 2 sec Max Age 20 sec Forward Delay 4 sec

Bridge ID Priority 61452 (priority 61440 sys-id-ext 2) Address 0009.e8e2.6200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300

Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/23 Altn BLK 19 128.23 P2p Fa0/24 Root FWD 19 128.24 P2p

73

Layer 3 FeaturesSwitched Virtual Interface (SVI)

Software-based virtual interface

Configure SVIs for any VLANs for which you want to route traffic

SVI VLAN1 is created by default

3.0.0.1

5.0.0.4

5.0.0.1

Fa0/5

Fa0/1VLAN10

Fa0/2

Fa0/33.0.0.83.0.0.6

SVI

vlan10

74

Layer 3 FeaturesRouted Ports

Acts like a port on a router

Not associated with a particular VLAN

Put the interface into Layer 3 mode with the no switchport interface configuration command

Routed Port

3.0.0.1

5.0.0.4

5.0.0.1

Fa0/5

Fa0/1VLAN10

Fa0/2Fa0/3

3.0.0.83.0.0.6

SVI 10

75

Layer 3 FeaturesSVI/Routed Port Configuration

Routed Port

!interface Vlan10 ip address 3.0.0.1 255.0.0.0end

!interface FastEthernet0/5 no switchport ip address 5.0.0.1 255.0.0.0end

SVI

3.0.0.1

5.0.0.4

5.0.0.1

Fa0/5

Fa0/1VLAN10

Fa0/2Fa0/3

3.0.0.83.0.0.6

SVI 10

76

Layer 2/Layer 3Troubleshooting Discussion

R1 R2E0/0

Fa0/1 Fa0/2

Fa0/0

Ping from R1 to R2 FailsHow Do You Troubleshoot?

77

References

Cisco LAN Switching, Kennedy Clark, Cisco Press®

Interconnections, 2nd edition, Radia Perlman

Cisco Catalyst 3550 configuration guide CCOhttp://www.cisco.com/univercd/cc/td/doc/product/lan/c3550

Cisco Catalyst 3560 configuration guide CCOhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/index.htm


Q and A

79

Frame Relay

Concepts

Implementation Options


80

Frame Relay Concepts

DLCI—Data-link connection identifier

LMI—Local Management Interface

PVC—Permanent Virtual Circuit

Frame RelaySwitchLMI

PVC

DLCI DLCI

LMI

81

Frame Relay: CCIE Lab FR Switch

Sample Configuration!frame-relay switching!interface Serial1/0 no ip address encapsulation frame-relay clockrate 1007616 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 102 interface Serial1/2 201 frame-relay route 103 interface Serial2/0 301 frame-relay route 104 interface Serial2/2 401

FR-SWR1 R2

The Frame Relay Switch Is Pre-Configured

82

NBMA—Hub and SpokeTypical Exam Scenario

R2

R3

Frame Relay R1

172.16.1.2/24

172.16.1.3/24

172.16.1.1/24

201

301

102

103

83

Frame-Relay Inverse ARP

interface Serial0

ip address 172.16.1.1 255.255.255.0

encapsulation frame-relay

interface Serial1

ip address 172.16.1.2 255.255.255.0


Dynamic L3 to L2 Address Mapping Uses Frame Relay Inverse ARP to Request the Next Hop Protocol Address for a Specific

Connection (DLCI)

Rtr A Rtr BS0 S1

140 401

84

Frame-Relay Verification

RtrA# show frame-relay map

Serial0 (up): ip 172.16.1.2 dlci 140(0x8C,0x20C0), dynamic, broadcast,, status defined, active

RtrA# show frame-relay pvc

DLCI = 140, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 83 output pkts 87 in bytes 8144 out bytes 8408 dropped pkts 0 in FECN pkts0 in BECN pkts 0 out FECN pkts 0 out BECN pkts0 in DE pkts 0 out DE pkts 0 out bcast pkts 41 out bcast bytes 3652 pvc create time 01:31:50, last time pvc status changed 01:28:28

Rtr A Rtr BS0 S1

140 401

85

Frame-Relay Static Mapping

interface Serial0

ip address 172.16.1.1 255.255.255.0


no frame-relay inverse-arp

frame-relay map ip 172.16.1.2 140 broadcast

interface Serial1

ip address 172.16.1.2 255.255.255.0


No frame-relay inverse-arp

Frame-relay map ip 172.16.1.1 401 broadcast

Manually Disable Inverse ARP!

Rtr A Rtr BS0 S1

140 401

86

Hub and Spoke—Multipoint

R1interface Serial1 ip address 172.16.1.1 255.255.255.0 frame-relay map ip 172.16.1.2 102 broadcast frame-relay map ip 172.16.1.3 103 broadcast no frame-relay inverse-arp

R3interface Serial1 ip address 172.16.1.3 255.255.255.0 frame-relay map ip 172.16.1.1 301 broadcast frame-relay map ip 172.16.1.2 301 no frame-relay inverse-arp

R2

R3

Frame Relay R1

172.16.1.2/24

172.16.1.3/24

172.16.1.1/24

201

301

102

103

87

Hub and Spoke—Point-to-Point

R2

R3

Frame Relay R1

172.16.1.2/24

172.16.1.3/24

172.16.1.1/24

201

301

102

103

R1interface Serial1 ip address 172.16.1.1 255.255.255.0 frame-relay map ip 172.16.1.2 102 broadcast frame-relay map ip 172.16.1.3 103 broadcast no frame-relay inverse-arp

R2interface Serial1.201 point-to-point ip address 172.16.1.2 255.255.255.0frame-relay interface dlci 201

88

Frame Relay Troubleshooting

show interfaceshow frame-relay mapshow frame-relay lmishow frame-relay pvc

Rtr A Rtr BS0 S1

114 411

89

Frame Relay Troubleshootingshow interface

R1#show interfaces s0/0/1

Serial0/0/1 is up, line protocol is up

…

Encapsulation FRAME-RELAY, loopback not set

Keepalive set (10 sec)

LMI enq sent 147, LMI stat recvd 147, LMI upd recvd 0, DTE LMI up

LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0

LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE

FR SVC disabled, LAPF state down

…

DCD=up DSR=up DTR=up RTS=up CTS=up

90

Frame Relay Troubleshooting show frame-relay lmi

R1#show frame-relay lmi

LMI Statistics for interface Serial0/0/1 (Frame Relay DTE) LMI TYPE = ANSI

Invalid Unnumbered info 0 Invalid Prot Disc 0

Invalid dummy Call Ref 0 Invalid Msg Type 0

Invalid Status Message 0 Invalid Lock Shift 0

Invalid Information ID 0 Invalid Report IE Len 0

Invalid Report Request 0 Invalid Keep IE Len 0

Num Status Enq. Sent 183 Num Status msgs Rcvd 183

Num Update Status Rcvd 0 Num Status Timeouts 0

Last Full Status Req 00:00:24 Last Full Status Rcvd 00:00:24

91

Frame Relay Troubleshootingshow frame-relay pvc

R1#show frame-relay pvc

PVC Statistics for interface Serial0/0/1 (Frame Relay DTE) Active Inactive Deleted StaticLocal 1 0 0 0Switched 0 0 0 0Unused 0 0 0 0

DLCI = 114, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/1

input pkts 20 output pkts 11 in bytes 1310

out bytes 1004 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 2 out bcast bytes 68 5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/secpvc create time 00:32:30, last time pvc status changed 00:32:20

92

Frame Relay Default Behavior

Multipoint

LMI type is “cisco”

Inverse ARP is enabled

Split Horizon is disabled

93

References

Frame Relay Configuration Guide CCO

http://www.cisco.com/en/US/tech/tk713/tk237/technologies_tech_note09186a008014f8a7.shtml


Q and A


Session 4:

IP Routing Concepts

96

IP Routing Concepts

Policy-based Routing

Administrative Distance

Passive Interfaces

97

Policy-Based Routing

Configured on the receiving (ingress) interface

Packets are routed based on a configured policy specified in a route map

The route map statements can be marked as permit or deny

If a matching statement is marked as a deny, packets are sent back through the normal forwarding channels

Packets that not match any route map statements are sent back through the normal forwarding channels

If it is desired to drop packets that do not match the specified criteria, interface Null 0 should be specified as the last interface in the list

98

Policy-Based Routing—Configuration

Configuration Steps

Define a sequenced Policy (route-map)route-map policyName [permit|deny]

[seq#]

Identify which traffic to policy-routematch…

Specify the policy for that traffic set…

Apply the policy to an interface-if)#ip policy route-map policyName

99

Verification

R3#trace ip 140.10.1.1

Type escape sequence to abort.

Tracing the route to YY.YY.10.7

1 136.15.1.5 0 msec 0 msec 0 msec It goes to R5 than

2 140.10.1.1 20 msec 16 msec 16 msec it goes to R2 (not to R1)

PBR Sample Lab Question

Configure only R5 so that any received IP traffic that is sourced from 135.12.1.0 is forwarded to R2.

R2 R5

R3R1

135.12.1.0/24

140.10.1.1/24

R4

136.15.1.5/24

150.2.2.0/24

100

Administrative Distance

A router with more than one IP routing protocol enabled will use the administrative distance to select a route if the route is learned from more than one protocol; a lower admin distance is preferred

Connected 0

Static 1

eBGP 20

EIGRP 90

IGRP 100

OSPF 110

IS-IS 115

RIP 120

Ext EIGRP 175

iBGP 200

Unknown 255 Not Believed

101

Passive Interfaces

To disable sending routing updates out an interface, use the passive-interface command

Used in router configuration mode

Configuration Examples:

passive-interface gi0/0/0 no updates sent out interface gi0/0/0

passive-interface default no updates sent out any interfaces use no passive-interface on specified interfaces to send updates

** Note: A passive interface does not send routing protocol information. It does receive and process updates on the interface.


EIGRP

103

Disclaimer—Reminder

With the time allocated, we can only review the cornerstones of the most important IGPs

EIGRP and OSPF

104

EIGRP

Introduction and Review

Neighbor Relationships

Summarization

Load Balancing

105

Advantages of EIGRP

Uses multicast instead of broadcast

Utilize composite metric (bandwidth, delay, load, reliability)

Unequal cost paths load balancing

More flexible than OSPF

Full support of distribute list

Manual summarization can be done in any interface at any router within network

106

EIGRP



Load Balancing

Summarization

107

EIGRP Packets

Hello: Establish neighbor relationships

Update: Send routing updates

Query: Ask neighbors about routing information

Reply: Response to query about routing information

Ack: Acknowledgement of a reliable packet

108

EIGRP Neighbor Relationship

Two routers become neighbors when they see each other’s hello packet (see later for details)

Hello address = 224.0.0.10

Hellos sent once every five seconds on the following links:

Broadcast Media: Ethernet, Token Ring, FDDI, etc.

Point-to-point serial links: PPP, HDLC, point-to-point frame relay/ATM sub-interfaces

Multipoint circuits with bandwidth greater than T1: ISDN PRI, SMDS, Frame Relay

109


Hellos sent once every 60 seconds on thefollowing links:

Multi-point circuits with bandwidth less than T1: ISDN BRI, Frame Relay, SMDS, etc.

Neighbor declared dead when no EIGRP packets are received within hold interval

Not only Hello can reset the hold timer

Hold time by default is three times the hello time

Config-if)#ip hold-time eigrp as-number seconds

110


EIGRP will form neighbors even though hello time and hold time don’t match

EIGRP sources hello packets from primary address of the interface

EIGRP will not form neighbor if K-values are mismatched

EIGRP will not form neighbor if AS numbers are mismatched

111

Neighbor Process—Review

Used for establishing and maintaining neighbors

Multicast hellos (by default)

224.0.0.10 (0100.5e00.000a)

Neighbor timers

Default Hello Interval—5 or 60 sec.

Default Hold time—15 or 180 sec.

A

B

Hello

112

Checking Neighbor Status

Hold—How long to wait for an EIGRP packet before declaring this neighbor dead

Uptime—How long since last time this neighbor was discovered

RTRA#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 2 10.1.1.1 Et0 12 6d16h 20 200 0

233 1 10.1.4.3 Et1 13 2w2d 87 522 0 452 0 10.1.4.2 Et1 10 2w2d 85 510 0 3

113

Checking Neighbor Status

EIGRP log-neighbor-changes is on by default since 12.1(3)

Don’t turn it off in the lab

Best to send to logs to console in the lab

RouterA(config) # router eigrp 100

RouterA(config-router) # eigrp log-neighbor-changes

RouterA(config) # logging console

114

Log-Neighbor-Changes Messages

Common neighbor change messages

(Hint: Peer restarted means you have to check the peer; it’s the one that restarted)

Neighbor 10.1.1.1 (Ethernet0) is down: peer restarted

Neighbor 10.1.1.1 (Ethernet0) is up: new adjacency

Neighbor 10.1.1.1 (Ethernet0) is down: holding time expired

Neighbor 10.1.1.1 (Ethernet0) is down: retry limit exceeded

Neighbor 10.1.1.1 (Ethernet0) is down: route filter changed

115

What Causes Neighbor Instability?

Holding time expired

Retry limit exceeded

Manual changes

Physical link instability

Stuck-in-active routes

116

Holding Time Expired

Holding time expires when an EIGRP packet is not seen for the duration of the hold time

Usually caused by missing multicast hello packets

Typically caused by congestion, physical errorsor even routing issue

A

B

Hello

Neighbor 10.1.1.1 (Ethernet0) Is Down: Holding Time Expired

117

Ping the multicast Address (224.0.0.10) from the Other Router

Ping 224.0.0.10

Note: If There Are Many Interfaces/Neighbors on Router B, You Should Use Extended Ping and Specify the Source Address/Interface of the Multicast Ping

Troubleshooting Holding Time Expiration

A

B

Neighbor 10.1.1.1 (Ethernet0) Is Down: Holding Time Expired

118

Troubleshooting Holding Time Expiration

RouterA# debug eigrp packet hello

EIGRP Packets debugging is on (HELLO)

19:08:38.521: EIGRP: Sending HELLO on Serial1/1

19:08:38.521: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

19:08:38.869: EIGRP: Received HELLO on Serial1/1 nbr 10.1.6.2

19:08:38.869: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

19:08:39.081: EIGRP: Sending HELLO on FastEthernet0/0

19:08:39.081: AS 100, Fags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

Remember—Any Debug Can Be Hazardous

on a Live Network; It’s Ok in CCIE Lab Though

119

Retry Limit Exceeded

EIGRP sends unreliable and reliable packets

Hellos and Acks are unreliable

Updates, Queries, and Replies are reliable

Reliable packets are sequenced and require an Acknowledgement

Reliable packets are retransmitted up to 16 times if not acknowledged

120

Retry Limit Exceeded (Cont.)

Reliable packets are re-sent after Retransmit Time Out (RTO)

Typically 6 x Smooth Round Trip Time (SRTT)

Minimum RTO is 200 ms

Maximum RTO is 5000 ms (5 seconds)

16 retransmits takes between 50 seconds and 80 seconds

121

A

B

Retry Limit Exceeded (Cont.)

If a reliable packet is not acknowledged before 16 retransmissions and the Hold Timer duration has passed, re-initialize the neighbor

UpdateAck

XXXXXXXXXXXXXX

Neighbor 10.1.1.1 (Ethernet0) Is Down: Retry Limit Exceeded

122

Manual Changes

Some manual configuration changes also reset EIGRP neighbors:

Summary changes (manual and auto)

Route filter changes

This is normal behavior

Metric change does not reset neighbors

123

Physical Link State Changes

Interface drivers tell EIGRP when a link goes down or comes up

EIGRP removes neighbors from the neighbor table when the interface used to reach them goes down

EIGRP (re)-initializes neighbors when a link comes up (and Hellos received)

Normal, but not nice

124

EIGRP



Summarization

Load Balancing

125

EIGRP Summarization

Purpose: Smaller routing tables, smaller updates

Auto summarization:

On major network boundaries, networks are summarized to the major networks

Auto summarization is turned on by default

150.150.X.X

150.150.X.X

151.151.X.X

126

Manual Summarization

Configurable on per interface basis in any router within the network

When summarization is configured on an interface, the router immediate creates a route pointing to null zero with administrative distance of five

Loop prevention mechanism

When the last specific route of the summary goes away, the summary is deleted

The minimum metric of the specific routes is used as the metric of the summary route

127

150.2.0.0/16

150.3.0.0/16

150.2.0.0/15

interface s0ip address 150.1.1.1 255.255.0.0ip summary-address eigrp 100 150.2.0.0 255.254.0.0

S0

AS 100

EIGRP Summarization

Manual Summarization Command:ip summary-address eigrp <as number> <address> <mask>

128

Deploying Summarization

Summarization is simply a way to hide topological detail while maintaining reachability

But sometimes you have to be creative to summarize

10.1.1.0/24 10.1.3.0/24

10.1.0.0/22

A

B

C

129


For instance, can you still summarize here?

Note that A has a component which is part of 10.1.0.0/22 behind it

10.1.1.0/24 10.1.3.0/24

10.1.0.0/22

10.1.2.0/24

A

B

C

130


Sure

Routers always route to the longest prefix

Destinations within 10.1.2.0/24 will be routed towards A, while destinations within 10.1.1.0/24 and 10.1.3.0/24 will be routed towards C

10.1.1.0/24 10.1.3.0/24

10.1.0.0/22

10.1.2.0/24

A

B

C

10.1.2.0/24

10.1.0.0/22

131

EIGRP



Summarization

Load Balancing

132

EIGRP Load Balancing

Routes with equal metric to the minimum metric, will be installed in the routing table (equal cost load balancing)

There can be up to six entries in the routing table for the same destination (default = 4)

ip maximum-paths <1-6>

133

EIGRP UnequalCost Load Balancing

EIGRP offers unequal cost load balancing feature with the command:

Variance <multiplier>

Variance command will allow the router to include routes with a metric smaller than multiplier times the minimum metric route for that destination, where multiplier is the number specified by the variance command

134

10

20

10

10

20

25

A

B

C

D

E

Variance 2

Variance Example

Router E will choose router C to get tonet 172.16.10.0/24 FD=20

With variance of 2, router E will also choose router B to get to net 172.16.10.0/24

Router D will not be used to get to net 172.16.10.0/24

Net 172.16.10.0.24

135

EIGRP Sample Lab Question Configure EIGRP 100 on VLAN_30.

Make mutual redistribution between OSPF and EIGRP on R2 only.

At this point, you must be able to ping between EIGRP 100 subnets and the OSPF subnets, and the Backbone 3 router IP address 100.3.1.254.

Backbone 3

R1

R2

R5

VLAN_30

EIGRP 100

Frame Relay

R1

OSPF Area 0

Verification

R5#ping 100.3.1.254

<..>

!!!!!

R5#ping YY.YY.14.4

<…>

!!!!!

R5#sh ip route

D EX YY.YY.12.0/30

D EX YY.YY.14.0/24

D EX YY.YY.20.0/24

D EX YY.YY.40.0/24

D EX YY.YY.50.0/24


Q and A


OSPF

138

OSPF

Review

Dealing with NBMA

Commands

Preparing for OSPF

139

OSPF

Review

Dealing with NBMA

Commands

Preparing for OSPF

140

OSPF Areas

OSPF uses a two-level hierarchical model

Backbone area

All other areas

Areas defined with 32 bit number

Defined in IP address format

Can also be defined using single decimal value (i.e., Area 0.0.0.0, or Area 0)

0.0.0.0 reserved for the backbone area

Area boundaries are at the routers

Each link is in one and only one area

Area 0

Area 1

Area 2

Area 3

141

OSPF LSAs

Router and network LSA’s within an area

Summary LSA Type 3 outside the area

Summary LSA Type 4and Type 5 forredistributed routes

Area 0

Area 1

Area 2

Area 3

142

OSPF LSAs

143

OSPF Virtual Links

Allow areas to connect to areas other than 0

Repair a discontinuousarea 0

Backup purposeArea 0

Area 1

Area 2

Area 3

X

X

Can Be Useful for Several Purposes

144

OSPF Router Types

A router with at least one interface in area 0 and 1 or more interfaces in one or more non-backbone areas

OSPF routes can only be summarized on an ABR

Area Border Router—ABR

Area 0Area 51

ABR

145

OSPF Router Types

A router with at least one interface in an OSPF area that is redistributing routes from another protocol into OSPF; external routes can be summarized on an ASBR

ASBR

BGPRIPIGRPEIGRPStaticConnected

Area 0Area 51

ABR

Autonomous System Boundry Router—ASBR

146

OSPF Area Types

Area 0Area 1Stub Redistribute

Connected

A B C10.1.1.1/30

S0/1S0

S010.1.1.2/30

S1

10.1.1.5/3010.1.1.6/30 192.168.3.3/32

Stub AreaRedistributed Routes (OSPF External Routes or Type 5) are not advertised into a Stub Area; OSPF Inter-Area Routes are advertised into a Stub Area; the ABR will advertise a default into the Stub Area

RTR-A(config-router)# area 1 stub

RTR-B(config-router)# area 1 stubconfigure on all routers in the area

ABR ASBR

Default RouteOSPF Inter-Area Routes (10.1.1.4)

OSPF External Routes (192.168.3.3) X

147

Area 0Area 1Totally Stubby

S0/1S0

S0S1

10.1.1.5/30

OSPF Area Types

Default RouteOSPF Inter-Area Routes (10.1.1.4)

OSPF External Routes (192.168.3.3) XX

ABR ASBR

Totally Stubby AreaRedistributed Routes (OSPF External Routes or Type 5) andOSPF Inter-Area Routes are Not Advertised Into a Totally Stubby Area; the ABR will Advertise a Default into the Stub AreaRTR-A(config-router)# area 1 stubRTR-B(config-router)# area 1 no-summary

configure no-summary on the ABR

A B C

RedistributeConnected

10.1.1.1/30 10.1.1.2/30

10.1.1.6/30 192.168.3.3/32

148

OSPF Area Types

Redistributed Routes (OSPF External Routes) are advertised as Type 7 at the ASBR; the ABR converts them toType 5; the ABR will not advertise a default into the NSSA AreaRTR-B(config-router)# area 1 nssaRTR-C(config-router)# area 1 nssa

configure on all routers in the area

S1S0

Area 0

ASBR

RedistributeRIP

A B C10.1.1.1/30

S0/1S0

S010.1.1.2/30S1

10.1.1.5/3010.1.1.6/30

10.1.1.10/3010.1.1.9/30

RIP V2 172.26.32.1/24

172.26.33.1/24D

Not So Stubby Area—NSSA

OSPF Inter-Area Routes (10.1.1.0) Type 3

OSPF External RoutesType 5

X

Area 1NSSA

ABR

OSPF Type 5Routes

OSPF Type 7 Routes toOSPF Type 5 Routes

RIP Routes toOSPF Type 7 Routes

149

OSPF Area Types

S1S0

Area 1Totally Stubby

NSSAABR

RedistributeRIP

B C10.1.1.1/30

S0/1S0

S010.1.1.2/30S1

10.1.1.5/3010.1.1.6/30

10.1.1.10/3010.1.1.9/30

RIP V2 172.26.32.1/24

172.26.33.1/24

OSPF Type 5Routes

OSPF Type 7 Routes toOSPF Type 5 Routes

RIP Routes toOSPF Type 7 Routes

OSPF Inter-Area Routes (10.1.1.0) Type 3

OSPF External RoutesType 5

XX

OSPF Inter-Area Default Route

DA

Totally Stubby NSSA

Area 0

ASBR

Redistributed Routes (OSPF External Routes) are advertised as Type 7 at the ASBR; the ABR converts them back to Type 5; OSPF Inter-Area Routes are not advertised into the Totally Stub Not So Stubby Area; the ABR Will Advertise a Default Route into the Totally Stubby NSSARTR-B(config-router)# area 1 nssa no summary

RTR-C(config-router)# area 1 nssa

configure no-summary on the ABR

150

Designated Routers

On a multi-access network, the DR is responsible for distributing LSAs to other attached OSPF routers; DR is selected by highest priority (default = 1), highest loopback address, or highest IP address assigned to a physical interface

Always configure a loopback interface before configuring OSPF—stable OSPF Router ID

DR

Designated Router—DR

151

Designated Routers

The BDR will assume the DR role if the DR fails

Listens and learns all information that the DR learns—a “hot standby”

BDRDR

Backup Designated Router—BDR

152

Designated Routers

All other routers on the multi-access network segment

DROTHER DROTHERBDRDR

DROTHER—Not the DR or BDR

153

Designated Routers

On a multi-access network, all OSPF routers will become adjacent with the DR and BDR

Full2-Way


Adjacency

154

Broadcast and Non-Broadcast Multi-Access

Full—Router and network LSAs exchanged, databases are fully synchronized; normal state

2-Way—Bi-directional communications have been established; normal state between DROTHER routers

Full2-Way


Adjacency

155

Designated Routers

A router stuck in any other state has a problem

router# show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

172.16.5.1 1 INIT/- 00:00:34 172.16.1.1 Serial0

router#

Full2-Way

DROTHERBDRDR

Adjacency

156

OSPF Domain RIP Domain

RIP Cost = 5OSPF Cost = 10

Type 1 Cost = 15 Type 2 Cost = 5

External CostsExternal Routes

158

OSPF

Review

Dealing with NBMA

Commands

Preparing for OSPF

159

Point-to-Point Media

Serial links

Multicast used

No DR or BDR

160

Frame Relay

Non-Broadcast Multi-Access Media (NBMA)

Several possibilities: Point-to-point, broadcast, point-to-multipoint, or nonbroadcast

Frame Relay (Multipoint), X.25

161

Dealing with NBMA

Benefits: Individual costs can be configured; can be simple, treated like standard point-to-point links

Drawbacks: Complex to configure if the NBMA network is big or redundant; wastes address space

Point-to-Point Model

162

Dealing with NBMA

Benefits: Simple to configure; treated like a multi-access network

Drawbacks: Must maintain an L2 full-mesh at all times; one metric for all VCs

Broadcast Model

163

Dealing with NBMA

Benefits: Only one IP subnet used

Drawbacks: Complex to configure and scale; need to manually configure each neighbor

Non-Broadcast (NBMA) Model

164

Dealing with NBMA

Point-to-multipoint model:

Benefits: Simple to configure; no neighbor configuration (unless you want individual costs); no requirement for a full mesh at L2

Drawbacks: Compared to other choices—none

This is the recommended method of dealing with NBMA networks

165

OSPF

Review

Dealing with NBMA

Commands

Preparing for OSPF

166

OSPF Commands—Router

The router-id command is used to explicitly specify the router ID OSPF will use

If the OSPF process already has neighbors, this command will not take effect until the next reload or manual restart of the OSPF process

clear ip ospf

Order of determining the RID

Manually configured RID

Highest loopback interface IP address (if available)

Highest active interface IP address

router-id

167


The network command is used to determine which interfaces will be enabled for OSPF

network 10.2.1.1 0.0.0.0 area 0

network 10.2.2.1 0.0.0.0 area 1

network 10.2.3.1 0.0.0.0 area 2

network

10.2.1.1/24 10.2.3.1/24

10.2.2.1/24

168


network 10.2.1.0 0.0.0.255 area 0

network 10.2.2.0 0.0.0.255 area 1

network 10.2.3.0 0.0.0.255 area 2

network

10.2.1.1/24 10.2.3.1/24

10.2.2.1/24

169


network 10.2.0.0 0.0.255.255 area 0or in this example

Network 0.0.0.0 255.255.255.255 area 0is the equivalent

Do you know why?

10.2.1.1/24 10.2.3.1/24

10.2.2.1/24

network

170


By default, redistributed routes have external metric type 2; Type 2 routes have a cost which consists of the external cost only; Type 1 routes include the cost of traversing the OSPF domain

ASBR(config-router)#redistribute rip metric-type? 1 Set OSPF External Type 1 metrics 2 Set OSPF External Type 2 metrics

ASBR(config-router)#redistribute rip metric-type 1

redistribute metric-type

171


Addresses can be summarized into OSPF on an ASBR

ASBR(config-router)# summary-address 10.1.0.0 255.255.252.0

OSPF Domain10.1.0.0/22

RIP Domain10.1.0.0/2410.1.1.0/2410.1.2.0/2410.1.3.0/24ASBR

summary-address

172


Addresses can be summarized on an ABR into area 0 or from area 0

Area 110.2.0.0/2410.2.1.0/2410.2.2.0/2410.2.3.0/24

10.1.0.0/22

Area 010.1.0.0/2410.1.1.0/2410.1.2.0/2410.1.3.0/24

10.2.0.0/22

ABR

OSPF Does Not Allow Summarizing Anywhere Else (Only ASBR and ABR)

area range

ABR(config-router)# area 1 range 10.2.0.0 255.255.252.0

ABR(config-router)# area 0 range 10.1.0.0 255.255.252.0

173


All routers in the area must be configured as stub

Add no-summary at the ABR and the area becomes totally stubby

Area 1 Area 0

ABR

area stub

RTR(config-router)# area 1 stubABR(config-router)# area 1 stub [no summary]

174


All routers in the area must be configured as NSSA

Add no-summary at the ABR and the area becomes totally stubby NSSA

Area 0

RTR(config-router)# area 1 nssaABR(config-router)# area 1 nssa [no summary]

ABR

RIP Domain

ASBR

Area 1

area nssa

175


Area 0Area 1Transit

AreaArea 51

Virtual Link

Rtr ARID=10.10.254.254

Rtr BRID = 10.11.254.254

Rtr A Rtr B

router ospf 1 router ospf 1 area 1 virtual-link 10.11.254.254 area 1 virtual-link 10.10.254.254

area virtual-link

176


Designate neighbors on non-broadcast networks

Must be the primary address of the neighbor’s interface

RTR(config-router)# neighbor ip-address [additional optional

keywords]

neighbor

Frame Relayor

X.25

177

Commands—Interface

Pvcs Can Be on Same Subnet or on Different SubnetsPractice and Understand the Effect of OSPF Network Types

RTR(config-if)# ip ospf network point-to-multipoint (Hello = 30, Dead = 120)RTR(config-if)# ip ospf network point-to-point (Hello = 10, Dead = 40)RTR(config-if)# ip ospf network broadcast (Hello = 10, Dead = 40)

Non-Broadcast Multi-Access (NBMA) Network

Frame Relayor

X.25

178

OSPF Commands—Interface

OSPF interfaces have a cost equal toref-bw / bandwidth (defined by the bandwidth statement)

ref-bw = 100,000,000 by defaultFastEthernet = 100,000,000 / 100,000,000 = 1Ethernet = 100,000,000 / 10,000,000 = 10T1 = 100,000,000 / 1,544,000 = 64

The auto-cost command is used to change the reference value, which changes the cost of every OSPF interface on the router

Rtr(config-router)#auto-cost reference-bandwidth ref-bw

ref-bw <1-4294967> in Mbits per second

auto-cost

179

OSPF Commands—Interface

ip ospf cost interface-cost

Specify the cost of sending a packet on the interface

ip ospf hello-interval seconds

Specify the interval between hello packets sent on the interface

ip ospf dead-interval seconds

Specify the interval during which at least one hello packet is received before declaring the neighbor down

The default dead-interval is the hello-interval * 4

ip ospf priority

Set the router priority for DR / BDR selection (highest wins)

ip ospf keyword(s)

180

OSPF Commands—Security

Authentication requires router and/or interface commands; the router command is used to enable authentication for an area and the interface command is used to enable authentication on an interface and set the authentication password

Area 0

Rtr A Rtr BS0 S0

Rtr A Rtr Binterface serial 0 interface serial 0 ip ospf authentication ip ospf authentication ip ospf authentication-key cisco ip ospf authentication-key cisco! !router ospf 1 router ospf 1 area 0 authentication area 0 authentication

Authentication—Clear Text

181


Rtr A Rtr Binterface serial 0 interface serial 0 ip ospf authentication message-digest ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco ip ospf message-digest-key 1 md5 cisco! !router ospf 1 router ospf 1 area 0 authentication message-digest area 0 authentication message-digest

Authentication—Message Digest

Area 0

Rtr A Rtr BS0 S0

182


Area 0Area 1Transit

AreaArea 51

Virtual Link

Rtr ARID=130.10.254.254

Rtr BRID = 130.11.254.254

Rtr Arouter ospf 1 area 1 virtual-link 130.11.254.254 authentication-key cisco area 0 authentication

Rtr Brouter ospf 1 area 1 virtual-link 130.10.254.254 authentication-key cisco area 0 authentication

Authentication—Clear Text—Virtual Link

183


Interface

ip ospf authenticationip ospf authentication-key password

ip ospf authentication message-digestip ospf message-digest key-id md5 password

ip ospf authentication null

Virtual Link

area area-id virtual-link router-id authentication authentication-key password

area area-id virtual link router-id authentication message–digestarea area-id virtual link router-id message-digest-key key-id md5 password

area area-id virtual-link router-id authentication null

Authentication—Can Be Applied per Interface or Virtual Link

184

OSPF Commands—Monitoring

Show ip ospf Neighbor

Neighbor ID Pri State Dead Time Address Interface

10.1.1.254 1 2WAY/DROTHER 00:00:35 10.1.2.1 Ethernet0

10.1.3.254 1 FULL/BDR 00:00:39 10.1.2.2 Ethernet0

10.1.4.254 1 FULL/DR 00:00:37 10.1.2.3 Ethernet0

10.1.5.254 1 FULL/--- 00:00:36 10.1.6.1 Serial0

Show IP OSPF Neighbor

DR BDR DROTHER DROTHER

185

OSPF Commands—Monitoring

DR BDR DROTHER DROTHER

RTR# show ip ospf interface s0/0 Internet Address 10.255.255.201/30, Area 0 Process ID 1, Router ID 10.255.254.3, Network Type NON_BROADCAST, Cost: 400 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 10.255.254.4, Interface address 10.255.255.202 Backup Designated router (ID) 10.255.254.3, Interface address 10.255.255.201 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 Hello due in 00:00:14 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 3 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 10.255.254.4 (Designated Router) Suppress hello for 0 neighbor(s)

show ip ospf interface

186

OSPF

Review

Dealing with NBMA

Commands

Preparing for OSPF

187

Preparation Suggestions

Practice every OSPF command

Both Rtr(config-router)# & Rtr(config-if)# commands

Practice OSPF over Frame Relay

Point-to-point, point-to-multipoint, broadcast, non-broadcast

DR & BDR, Wildcard masks

Virtual link

Authentication

Redistribution and route feedback filtering

VERIFY YOUR CONFIGURATION WITH SH CMD!

188

OSPF Sample Lab Question Area 0 covers the serial link

between R1 and R4.

Area 1 covers the serial link between R1 and R2.

Area 2 covers VLAN_C. Frame Relay

FrameRelay

R2

R1

R4

OSPF Backbone

OSPF Area 1

OSPF Area 2

VLAN_C

Verification

R1#show ip ospf virtual-link

Virtual Link OSPF_VL0 to router 2.2.2.2 is up

<…>

R1#show ip route ospf

##.0.0.0/8 is variably subnetted, 19 subnets, 4 masks

O IA 1.1.20.0/24 ... Serial0/0/0

O IA 1.1.40.0/24 ... Serial0/0/1

189

References

Cisco OSPF Command and Configuration Handbook, William R. Parkhurst, Cisco Press

OSPF Network Design Solutions, Thomas M. Thomas, Cisco Press

Cisco Documentation


Q and A


Route Distribution

192

Metrics

Be aware of metric requirements going from one protocol to another

RIP metric is a value from 1–16

OSPF metric is from 1–65535

EIGRP uses a composite metric based on

bandwidth, delay, reliability, load, & MTU

Two ways to specify a metric

In the redistribution statement

config-router)# redistribute rip subnets metric 10

or specify a default metric

config-router)# redistribute rip subnets

config-router)# default-metric 10

193

Assigning Metrics

You can include a default metric command as a precaution unless specifically told not to

router ospf 1network 10.1.0.0 0.0.255.255 area 0.0.0.0 redistribute rip subnetsredistribute eigrp 100 metric 10Default-metric 120

router eigrp 100network 172.16.0.0 0.0.255.255 redistribute ospf 1Default-metric 10000 100 255 1 1500

router ripnetwork 192.168.1.0 redistribute eigrp 100Default-metric 1

Note: when routes are redistributed into OSPF, only routes that are not subnetted are redistributed if the subnets keyword is not specified

194

Assigning Metrics

OSPF 1

EIGRP 100

RIP

Redistribute OSPF and EIGRP into RIP;Assign Assign all routes a Metric (hop count) of 2

router rip redistribute ospf 1 redistribute eigrp 3 default-metric 2

Redistribute OSPFand EIGRP into RIP; Assign OSPF routes a metric (hop count) of 1 and EIGRP routes a metric of 2

router rip redistribute ospf 1 metric 1 redistribute eigrp 3 default-metric 2

195

Redistribute OSPF and EIGRP into RIP;Assign OSPF routes 172.16.0.0/16 a metric(hop count) of 1, all other OSPF routes ametric of 3; all EIGRP routes a metric of 2

router rip redistribute ospf 1 route-map ospfmetric redistribute eigrp 100 default-metric 2

route-map ospfmetric permit 10 match ip address 1 set metric 1route-map ospfmetric permit 20 set metric 3

access-list 1 permit 172.16.0.0 0.0.255.255

Route RedistributionRoute Maps

OSPF 1

EIGRP 100

RIP

196

Route Maps

Redistribute OSPF and EIGRP into RIP;block redistribution of OSPF routes 172.16.0.0/16, all other OSPF routes are redistributed with a metric of 3, EIGRP routes with a metric of 2

router rip redistribute ospf 1 route-map ospfmetric redistribute eigrp 100 default-metric 2

route-map ospfmetric deny 10 match ip address 1route-map ospfmetric permit 20 set metric 3

access-list 1 permit 172.16.0.0 0.0.255.255

Route Redistribution

OSPF 1

EIGRP 100

RIP

197

R&S Lab Exam: Sample Topology

R1

R5

R4

R3

R2

Frame Relay

SW1

SW2

FA0/0-10.11/24 S0/0-11.1/24 S0/0-11.2/24

FA0/0-33.1/24

FA0/0-50.1/24

FA0/0-50.1/24

FA0/0-22.1/24

FA0/0-22.5/24

Lo0-1.1/24Lo1-172.16.1.1Lo2-172.16.2.2Lo3-172.16.3.3Lo4-172.16.4.4

Lo0-2.2/24

Lo0-5.5/24

R6 Lo0-4.4/24

Network Addressing 125.10.0.0

Frame Relay

198

R&S Lab Exam: Sample Question

Configure RIPv2 on R1, R2, and R5

Redistribute between RIP and OSPF on R5

All routes should be visible on all routers

Score: 2 Points

Section: 2.5 RIP

199

R&S Lab Exam: Sample Answer

R4 must have all routes on its routing tableR4#show ip route <-> 172.16.0.0/24 is subnetted, 4 subnetsO E2 172.16.4.0 [110/20] via 125.10.50.1, 22:34:38, Ethernet0/0O E2 172.16.1.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0O E2 172.16.2.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0O E2 172.16.3.0 [110/20] via 125.10.50.1, 22:34:58, Ethernet0/0 125.0.0.0/8 is variably subnetted, 8 subnets, 2 masksC 125.10.50.0/24 is directly connected, Ethernet0/0O E2 125.10.22.0/24 [110/20] via 125.10.50.1, 22:44:39, Ethernet0/0C 125.10.4.0/24 is directly connected, Loopback0O E2 125.10.2.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.1.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O 125.10.5.5/32 [110/11] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.11.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.10.0/24 [110/20] via 125.10.50.1, 22:44:44, Ethernet0/0R4#

Verification—1


Session 5:

IP Version 6


IPv6 Addressing, Header and Basic

202

IPv6 Addressing

232 = 4,294,967,296

2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456

2128 = 332 * 296

IPv4 32-bits

IPv6 128-bits

203

IPv6 Addressing

16-bit hexadecimal numbers

Numbers are separated by (:)

Hex numbers are not case-sensitive

Example:

2003:0000:130F:0000:0000:087C:876B:140B

Representation

204

IPv6 Address Representation

16-bit fields in case-insensitive colon hexadecimal representation

2031:0000:130F:0000:0000:09C0:876A:130B

Leading zeros in a field are optional

2031:0:130F:0:0:9C0:876A:130B

Successive fields of 0 represented as (::), but only once in an address

2031:0:130F::9C0:876A:130B

2031::130F::9C0:876A:130B not valid!

205

IPv6 Addressing

Representation of prefix is just like CIDR

In this representation you attach the prefix length

IPv4 address: 198.10.0.0/16

IPv6 address: 3ef8:ca62:12FE::/48

Prefix Representation

206

IPv6 Address Range Reserved or Assigned

2000::/3 (001) is for aggregatable global unicast addresses

FE80::/10 (1111 1110 10) for link-local

FEC0::/10 (1111 1110 11 ) for site-local

FF00::/8 (1111 1111) is for multicast

::/8 is reserved for the “unspecified address”

Other values are currently unassigned (approx. 7/8 of total)

Site-Local Address Deprecated in RFC 3879

Of the Full Address Space

207

Unicast

Unicast addresses are used in a one-to-one context

IPv6 unicast addresses are

Unspecified, loopback, IPv4 mapped, and IPv4 compatible

Link-local

Site-local (deprecated)

Unique-local (IETF draft)

Aggregatable global unicast

208


IPv4 mapped

0:0:0:0:0::FFFF:IPv4 = ::FFFF:IPv4

0:0:0:0:0:FFFF:192.168.30.1 = ::FFFF:C0A8:1E01

IPv4 compatible

0:0:0:0:0:0:IPv4 = ::IPv4

0:0:0:0:0:0:192.168.30.1 = ::192.168.30.1 = ::C0A8:1E01

209

FFFF

IPv4 Mapped Addresses

IPv6 application asks DNS for the address of a host

Host is IPv4 only

DNS creates IPv4 mapped address

Kernal uses IPv4 communication

0

32 bits80 bits

0:0:0:0:0:FFFF:192.168.30.1

= ::FFFF:192.168.30.1

= ::FFFF:C0A8:1E01

IPv4 Address

210

IPv4-Compatible Addresses

IPv4 compatible address

Is a way to insert the IPv4 address into an IPv6 address

Enables easy automatic tunneling

96 bits 32 bits

0:0:0:0:0:0:192.168.30.1

= ::192.168.30.1

= ::C0A8:1E01

IPv4 Address0

211


Loopback address representation

0:0:0:0:0:0:0:1=> ::1

Same as 127.0.0.1 in IPv4

Identifies self

Unspecified address representation

0:0:0:0:0:0:0:0=> ::

Used as a placeholder when no address available

(Initial DHCP request, Duplicate Address Detection DAD)

212

IPv6 Addressing

IPv6 addressing rules are covered by multiple RFCs

Architecture defined by RFC 3513

Address types are

Unicast: One to one (global, link local, compatible)

Anycast: One to nearest (allocated from unicast)

Multicast: One to many

Reserved

A single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, multicast)

No broadcast address use multicast

213

3

Interface IDSubnet

Aggregatable Global Unicast Addresses

Aggregatable global unicast addresses are

Addresses for generic use of IPv6

Structured as a hierarchy to keep the aggregation

See RFC 3513

64 bits45 bits 16 bits

Provider

LANPrefix Host

001

Global Routing Prefix

214

Link-local addresses

Have a limited scope of the link

Are automatically configured with the interface ID

Link-Local

Interface ID0

128 bits

10 bits

64 bits1111 1110 10

FE80::/10

215

2001::4:

Link-Local

Aggregatable Address

FE80:0:0:0

Link-Local Address204:9AFF:FEAC:7D80

204:9AFF:FEAC:7D80

216


Lowest-order 64-bit field of unicast addresses may be assigned in several different ways

Auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g. Ethernet address)

Auto-generated pseudo-random number (to address privacy concerns)

Assigned via DHCP

Manually configured

217


Use the EUI-64 format for stateless auto-configuration

This format expands the 48-bit MAC address to 64 bits by inserting FFFE into the middle 16 bits

To make sure that the chosen address is from a unique Ethernet MAC address, the universal/local (“u” bit) is set to 1 for global scope and 0 for local scope

218

00 90 27 17 FC 0F

00 90 27 17 FC 0F

EUI-64

EUI-64 address is formed by inserting “FFFE” and ORing a bit identifying the uniqueness of the MAC address

00 90 27

02 90 27

17 FC 0F

17 FC 0F

000000X0 Where X=1 = Unique

0 = Not UniqueX = 1

Ethernet MAC Address (48 bits)

64-bit Version

Uniqueness of the MAC

EUI-64 Address FF FE

FF FE

FF FE

219

Anycast

Anycast allows a source node to transmit IP datagrams to a single destination node out of a group of destination nodes with same subnet ID based on the routing metrics

220

Anycast

Is one-to-nearest type of address

Has a current limited use

Anycast Address

111111X111111… 111Prefix

128 bits

7 bits

Anycast ID0 If EUI-64 Format

1 If Non-EUI-64 FormatX =

221

Multicast is used in the context of one-to-many; a multicast scope is new in IPv6

Multicast

Multicast Group ID0

1111 1111

8 bits

Flag

8 bits

ScopeFFFlag =

0 If Permanent

1 If Temporary

Scope =

1 = Node

2 = Link

5 = Site (Deprecated)

8 = Organization

E = Global

128 bits

222

Multicast Mapping over Ethernet

Mapping of IPv6 multicast address to Ethernet address is

33:33:<last 32 bits of the IPv6 multicast address>

IPv6 Multicast Address

Corresponding Ethernet Address

Multicast Prefix for Ethernet

Multicast

FF17 FC0F

FF 17 FC 0F33 33

FF02 0000 0000 0000 0000 0001

223

Expanded Address Space

Address Scope Meaning

FF01::1 Node-Local All Nodes

FF02::1 Link-Local All Nodes

FF01::2 Node-Local All Routers

FF02::2 Link-Local All Routers

FF05::2 Site-Local (Deprecated) All Routers

FF02::1:FFXX:XXXX Link-Local Solicited-Node

Multicast Assigned Addresses (RFC 3306)

224

IPv4 and IPv6 Header Comparison

Version HLType of Service

Total Length

Identification FlagsFragment

Offset

Time to Live Protocol Header Checksum

Source Address

Destination Address

Options Padding

VersionTraffic Class

Flow Label

Payload LengthNext

HeaderHop Limit

Source Address

Destination Address

IPv4 Header IPv6 Header

Field’s Name Kept from IPv4 to IPv6

Fields Not Kept in IPv6

Name and Position Changed in IPv6

New Field in IPv6

225

IPv4 and IPv6 Header Comparison

Version: A 4-bit field that contains the number 6 instead of 4 Version Traffic Class Flow Label

Payload Length Next HeaderHop Limit

Source Address

Destination Address

IPv6 Header

226

IPv4 and IPv6 Header ComparisonFields Renamed

Traffic Class: An 8-bit field that is similar to the TOS field in IPv4

It tags the Packet® with a traffic class that can be used in differentiated services

These functionalities are the same as in IPv4

IPv6 Header

VersionTraffic Class

Flow Label


Source Address

Destination Address

227

Version Traffic Class Flow Label


Source Address

Destination Address

IPv4 and IPv6 Header Comparison Fields Renamed

Payload Length: This is similar to the total length in IPv4, except it does not include the 40-byte header

IPv6 Header

228


Hop Limit: Like TTL field, decrements by one for each router

IPv6 Header



Source Address

Destination Address

229


Payload LengthNext

HeaderHop Limit

Source Address

Destination Address


Next Header: Similar to the protocol field in IPv4

The value in this field tells you what type of information follows

e.g. TCP, UDP, extension header

IPv6 Header

230

Version HL Type of Service

Total Length


Offset


Source Address

Destination Address

Options Padding

IPv4 and IPv6 Header ComparisonFields Removed

Header Length: IPv6 has a fixed header length (40 bytes)

IPv4 Header

231


Fragmentation: IPv6 does not do fragmentation

If a sending host wants to do fragmentation, it will do it through extension headers

IPv4 Header


Total Length


Offset


Source Address

Destination Address

Options Padding

232


Identification: Used to identify the datagram from the source

No fragmentation is done in IPv6 so no need for identification, also no need for flags

IPv4 Header


Total Length


Offset


Source Address

Destination Address

Options Padding

233


Checksum not needed because both media access and upper layer protocol (UDP and TCP) have the checksum; IP is best-effort, plus removing checksum helps expedite Packet processing

IPv4 Header


Total Length


Offset

Time to Live ProtocolHeader

Checksum

Source Address

Destination Address

Options Padding

234

IPv4 and IPv6 Header Comparison Fields Added

20-bit flow label field to identify specific flows needing special QoS

Each source chooses its own flow label values; routers use source addr + flow label to identify distinct flows

Flow label value of 0 used when no special QoS requested (the common case today)

IPv6 Header



Source Address

Destination Address

RFC 3697

235

Extension Headers

Extension Headers Are Daisy Chained

TCP Header+ Data

IPv6 HeaderNext Header = Routing

Routing HeaderNext Header = TCP

TCP Header+ Data

IPv6 HeaderNext Header = TCP

IPv6 HeaderNext Header = Routing

Routing HeaderNext Header = Destination

Destination HeaderNext Header = TCP

Fragment of TCP Header+ Data

236

Header Format Simplification IPv6 Extension Headers

Next Header = TCP/UDP or extension header

Extension headers are optional following the IPv6 basic header

Each extension header is 8 octets (64 bits) aligned

IPv6 Basic Header (40 Octets)

Any Number of Extension Headers

Data (Ex. TCP or UDP)

IPv6 Packet

Ext Hdr Data

Ext Hdr LengthNext Header

237

Upper Layer HeaderUser Datagram Protocol (Protocol 17)

Upper layer (UDP, TCP, ICMPv6) checksum must be computed These are the typical headers used inside a Packet to transport data This could be UDP (Protocol 17), TCP (Protocol 6), or ICMPv6

(Protocol 58)

UDP Packet

IPv6 Basic Header (40 Octets)

Any Number of Extension Headers

Data (UDP)

IPv6 Packet

Source Port Destination Port

UDP Data Portion

Length UDP Checksum

238

Upper Layer HeaderICMPv6 (Protocol 58)

ICMPv6 is similar to IPv4: provides diagnostic and error messages

Additionally, it’s used for neighbor discovery, path MTU discovery, and Mcast listener discovery (MLD)

ICMv6 Packet

IPv6 Basic Header

ICMPv6 Packet

ICMPv6 Data

ICMPv6 CodeICMPv6 Type Checksum

239

Header Format Simplification Path MTU Discovery

DefinitionsLink MTU is link’s maximum transmission unitPath MTU is the minimum MTU of all the links in a path between a source and a destination

Minimum link MTU for IPv6 is 1280 octets (68 octets for IPv4)

On links with MTU < 1280, link-specific fragmentation and reassembly must be used

Implementations are expected to perform path MTU discovery to send Packets bigger than 1280 octets

For each destination, start by assuming MTU of first-hop linkIf a Packet reaches a link in which it cannot fit, will invoke ICMP “Packet too big” message to source, reporting the link’s MTU; MTU is cached by source for specific destination

240

Header Format Simplification Path MTU Discovery

Minimum Link MTU for IPv6 is 1280 Octets (Versus 68 Octets for IPv4)

Source Destination

MTU = 1500

MTU = 1500

MTU = 1400

MTU = 1300

Packet with MTU=1500

ICMP Error: Packet Too Big Use MTU = 1400


ICMP Error: Packet Too Big Use MTU = 1300


Packet ReceivedPath MTU = 1300

241

Header Format SimplificationNeighbor Discovery (RFC 2463)

Uses ICMP messages and solicited-node multicast addresses

Determines the link-layer address of a neighbor on the same link

Finds neighbor routers Verifies the reachability of neighbors Comprised of different message types:

Neighbor Solicitation (NS)/Neighbor Advertisement (NA)

Router Solicitation (RS)/Router Advertisement (RA)

Redirect

Renumbering

Protocol Built on Top of ICMPv6 (RFC 2463) Combination of IPv4 Protocols (ARP, ICMP, IGMP, etc.)

242

Solicited-Node Multicast Address

For each unicast and anycast address configured, there is a corresponding solicited-node multicast

This address has link-local significance only

This is specially used for two purposes: for the replacement of ARP, and DAD

243


FF02:0000:0000:0000:0000:0001:FF00:0000/104

FF02::1:FF00:0000/104

Gets the lower 24 bits from the unicast address

244


A solicited-node address is:

A multicast address with a link-local scope

Formed by a prefix and the right-most 24 bits of the aggregatable address

128 bits

Prefix

Aggregatable Address


FFFF02 Lower 240 1

24 bits

Interface ID

245


24 bits

2001:DB8:0:4:

Aggregatable Address 2001:DB8:0:4:204:98FF:FEAC:7D80

Solicited-Node Multicast Address FF02::1:FFAC:7D80

FFFF02 0 1 AC7D80

AC:7D80204:9AFF:FE

246

Neighbor Solicitation and Advertisement

Neighbor Solicitation:ICMP type = 135 Src = A Dst = Solicited-node multicast address of BData = Link-layer address of A Query = What is your link-layer address?

A B

Neighbor Advertisement:ICMP type = 136 Src = B Dst = A Data = Link-layer address of B

A and B Can Now Exchange Packets on This Link

247

At Boot Time, an IPv6 Host Builds a Link-Local Address,

Then Its Global IPv6 Address(es) from RA

RA Indicates Subnet PrefixAdvertised

IPv6 Auto-Configuration

Stateless (RFC2462)

Router solicitations are sent by booting nodes to request RAs for configuring the interfaces

Host autonomously configures its own link-local address

Stateful

DHCPv6

SUBNET PREFIX + MAC ADDRESS

SUBNET PREFIX + MAC ADDRESS

Subnet Prefix Received + MAC

Address

Subnet Prefix Received + MAC

Address

RA: Router Advertisement

248

IPv6 Auto-Configuration

Host renumbering is done by modifying the RA to announce the old prefix with a short lifetime and the new prefix

Router renumbering protocol (RFC 2894), to allow domain-interior routers to learn of prefix introduction/withdrawal

Renumbering

249

Stateless Auto-Configuration

1. ICMP Type = 133 (RS)

Src = Link-local address (FE80::/10)

Dst = All-routers multicast address (FF02::2)

Query = please send RA

2. RA1. RS

2. ICMP Type = 134 (RA)

Src = Link-local address (FE80::/10)

Dst = All-nodes multicast address (FF02::1)

Data = options, subnet prefix, lifetime, autoconfig flag

Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces

250

Duplicate Address Detection (DAD)

1. Host A boots up and assigns itself

LINK LOCAL ADDRESS (FF80::/10)

2. Host A sends RS (ICMP Type 133)

3. Host A receives RA (ICMP Type 134) with subnet prefix (2001:DB8:410:1/64)

A BRS

RA

251


Host A wants to assign itself a unique global unicast address 2001:DB8:0410:1::34:123A

Before it does that, it sends out a DAD request to all nodes on the link

NS

A B

252


4. Host A sends NS (ICMP Type 135) with

Source address (::)

Destination address FF02::1:FF34:123A (solicited-node Mcast address for 2001:DB8:0410:1::34:123A )

5. If Host A does not receive a reply back, it will assign itself 2001:DB8:0410:1::34:123A

NS

A B

253

Redirect

Redirect is used by a router to signal the reroute of a Packet to a better router

Redirect:Src = R2Dst = AData = good router = R12001:DB8:C18:2::/64

R1

R2A B

Src = A Dst IP = 2001:DB8:C18:2::1 Dst Ethernet = R2 (default router)

254

Renumbering

Renumbering—modify the RA to announce the old prefix with a short lifetime and the new prefix

RA

RA Packet definitions:ICMP Type = 138Src = Router link-local addressDst = All-nodes multicast addressData= 2 prefixes:

Current prefix (to be deprecated) with short lifetimeNew prefix (to be used) with normal lifetime

255

Enabling IPv6

To enable IPv6 on a Cisco router, you must

Enable IPv6 traffic forwarding

ipv6 unicast-routing

Enable IPv6 on the interface(s) by configuring an IPv6 address on the interface

ipv6 address <ipv6addr>[/<prefix-length>]

ipv6 enable (can be used, but only for link-local addresses)

256

Cisco IOS Address Configuration

ipv6 address

Enables IPv6 on the interface

Configures the interface link-local and global IPv6 addresses

Syntax:

ipv6 address <ipv6addr>[/<prefix-length>] [link-local]

ipv6 address <ipv6prefix>/<prefix-length> eui-64

ipv6 unnumbered <interface>

ipv6 enable

257


interface Ethernet0/0 ipv6 enable

IPv6 Address Configuration Link Local

MAC address: 0004:9AAC:7D80

router#show ipv6 interface Ethernet 0/0Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 No global unicast address is configured Joined group address(es): FF02::1 (All Nodes Link Local) FF02::2 (All Routers Link Local) FF02::1:FFAC:7D80 (Solicited-Node Multicast) MTU is 1500 bytes

r1#show interface ethernet 0/0Ethernet0/0 is up, line protocol is up Hardware is AmdP2, address is 0004.9aac.7d80 (bia 0004.9aac.7d80)

Ethernet0/0

258

IPv6 Address Configuration Ethernet EUI-64

Ethernet0/0

router# show ipv6 interface Ethernet0/0Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 Global unicast address(es): 2001:DB8:0:4:204:9AFF:FEAC:7D80, subnet is 2001:DB8:0:4::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FFAC:7D80 MTU is 1500 bytes


interface Ethernet0/0 ipv6 address 2001:DB8:0:4::/64 eui-64

Link-Local Automatically Configured

LAN: 2001:DB8:0:4::/64


259

IPv6 Address ConfigurationEthernet (No EUI-64)

LAN: 2001:DB8:0:4::/64


interface Ethernet0/0 ipv6 address 2001:DB8:0:4:1:2:3:4/64

Ethernet0/0


router# show ipv6 interface Ethernet0/0Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 Global unicast address(es): 2001:DB8:0:4:1:2:3:4, subnet is 2001:DB8:0:4::/64 Joined group address(es): FF02::1 FF02::2

FF02::1:FF03:4 FF02::1:FFAC:7D80 MTU is 1500 bytes

260

R1ipv6 unicast-routing

interface Serial0/0 encapsulation frame-relay ipv6 address 2001:DB8:0:1:1:2:3:1/126 frame-relay map ipv6 FE80::204:C1FF:FE09:1DA1 102 broadcast frame-relay map ipv6 2001:DB8:0:1:1:2:3:2 102 broadcast no frame-relay inverse-arp

R2ipv6 unicast-routing

interface Serial0/0 encapsulation frame-relay ipv6 address 2001::1:1:2:3:2/126 frame-relay map ipv6 FE80::204:9AFF:FEAC:7D80 201 broadcast frame-relay map ipv6 2001:DB8:0:1:1:2:3:1 201 broadcast no frame-relay inverse-arp

IPv6 Address ConfigurationFrame Relay

R1 R2

S0/0 S0/02001:DB8:0:1:1:2:3:0/126

261

R1r1#show ipv6 interface serial 0/0Serial0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:C1FF:FE09:1DA1 Global unicast address(es): 2001:DB8:0:1:1:2:3:1, subnet is 2001:DB8:0:1:1:2:3:0/126 Joined group address(es): FF02::1 FF02::2 FF02::9 FF02::1:FF03:2 FF02::1:FF09:1DA1 MTU is 1500 bytes

IPv6 Address Configuration Frame Relay

E0/0 MAC address: 0004:C109:1DA1

R1 R2

S0/0 S0/02001:DB8:0:1:1:2:3:0/126

E0/0

262

r1#ping fe80::204:9aff:feac:7d80Output Interface: serial0/0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to FE80::204:9AFF:FEAC:7D80, timeout is 2 seconds:Packet sent with a source address of FE80::204:C1FF:FE09:1DA1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms

r1#ping 2001:DB8:0:1:1:2:3:2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001:DB8:0:1:1:2:3:2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms

IPv6 Address Configuration Verification

R1 R2

S0/0 S0/02001:DB8:0:1:1:2:3:0/126

E0/0

263

Cisco IOS Neighbor Discovery Parameters

Router Advertisements

Default router

IPv6 network prefix

Lifetime of advertisementAutoconfiguring IPv6 Hosts

264

Cisco IOS Neighbor Discovery Command Syntax

ipv6 nd prefix-advertisement <routing-refix>/<length> <valid-lifetime> <preferred-lifetime> [onlink] [autoconfig]

Valid-Lifetime—the amount of time (in seconds) that the specified IPv6 prefix is advertised as being valid

Preferred-Lifetime—the amount of time (in seconds) that the specified IPv6 prefix is advertised as being preferred

Onlink—indicates that the specified prefix is assigned to the link; nodes sending traffic to such addresses that contain the specified prefix consider the destination to be locally reachable on the link

Autoconfig—indicates to hosts on the local link that the specified prefix can be used for IPv6 auto-configuration

265

Configuring Neighbor Discovery

LAN1: 2001:DB8:c18:1::/64

LAN2: 2001:DB8:c18:2::/64

RA

RA

Ethernet0

Ethernet1

Ethernet0

interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200 onlink autoconfig ipv6 nd ra-lifetime 0

interface Ethernet1 ipv6 nd prefix-advertisement 2001:DB8:c18:2::/64 43200 43200 onlink autoconfig


Router2

Router1

IPv6 Internet

266

Cisco IOS Prefix Renumbering Scenario

Network Prefix: 2001:DB8:c18:1::/64


preferred address 2001:DB8:c18:1:260:8ff:fede:8fbe

Router Configuration Before Renumbering

Host ConfigurationAuto-Configuring

IPv6 Hosts


Network Prefix: 2001:DB8:c18:1::/64

267

deprecated address 2001:DB8:c18:1:260:8ff:fede:8fbepreferred address 2001:DB8:c18:2:260:8ff:fede:8fbe

interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 0 onlink autoconfig ipv6 nd prefix-advertisement 2001:DB8:c18:2::/64 43200 43200 onlink autoconfig

Cisco IOS Prefix Renumbering Scenario

NEW Network Prefix: 2001:DB8:c18:2::/64Deprecated Prefix: 2001:DB8:c18:1::/64

Host Configuration


Router Configuration After Renumbering

Auto-Configuring IPv6 Hosts

268

DHCPv6

Client first detects the presence of routers on the link

If found, then examines router advertisements to determine if DHCP can be used

If no router found or if DHCP can be used, then:

DHCP solicit message is sent to the All-DHCP-agents multicast address

Using the link-local address as the source address


OSPFv3 (RFC 2780)

270

Similarities with OSPFv2

OSPFv3 is OSPF for IPv6 (RFC 2740)

Based on OSPFv2, with enhancements

Distributes IPv6 prefixes

Runs directly over IPv6

OSPFv3 and v2 can be run concurrently, because each address family has a separate SPF (ships in the night)

271

Similarities with OSPFv2

OSPFv3 uses the same basic Packet types as OSPFv2, such as hello, database description blocks (DDB), link state request (LSR), link state update (LSU), and link state advertisements (LSA)

Neighbor discovery and adjacency formation mechanism are identical

RFC-compliant NBMA and point-to-multipoint topology modes are supported; also supports other modes from Cisco, such as point-to-point and broadcast, including the interface

LSA flooding and aging mechanisms are identical

272

Differences from OSPFv2

OSPF Packet type

OSPFv3 will have the same five Packet types, but some fields have been changed

All OSPFv3 Packets have a 16-byte header verses the 24-byte header in OSPFv2

Packet Type Description

1 Hello

2 Database Description

3 Link State Request

4 Link State Update

5 Link State Acknowledgement

Version Type Packet Length

Router ID

Area ID

Checksum Autype

Authentication

Authentication

Version Type Packet Length

Router ID

Area ID

Checksum Instance ID 0

273


IPv6 connects interfaces to links

Multiple IP subnets can be assigned to a single link

Two nodes can talk directly over a single even if they do not share a common subnet

The terms “network” and “subnet” are being replaced with “link”

An OSPF interface now connects to a link instead of a subnet

OSPFv3 Protocol Processing Per-Link, Not Per-Subnet

274


This allows for separate ASes, each running OSPF, to use a common link; single link could belong to multiple areas

Instance ID is a new field that is used to have multiple OSPFv3 protocol instances per link

In order to have two instances talk to each other, they need to have the same instance ID; by default it is 0, and for any additional instance it is increased

Multiple OSPFv3 Protocol Instances Can Now Run Over a Single Link

275


Multicast addressesFF02::5—represents all SPF routers on the link-local scope, equivalent to 224.0.0.5 in OSPFv2FF02::6—represents all DR routers on the link-local scope, equivalent to 224.0.0.6 in OSPFv2

Removal of address semanticsIPv6 addresses are no longer present in OSPF Packet header (part of payload information)Router LSA, Network LSA do not carry IPv6 addressesRouter ID, Area ID, and Link State ID remain at 32 bitsDR and BDR are now identified by their Router ID and no longer by their IP address

Security OSPFv3 uses IPv6 AH and ESP extension headers instead of variety of mechanisms defined in OSPFv2

276

OSPFv3 Configuration Example

IPv6 Prefix2001:DB8:101::/48

OSPFArea 0

Loopback 0Subnet 2

Area 1

Loopback 0Subnet 3

Area 51 Subnet 1

S0/0S0/0

A B

277


Router A


interface Loopback0 no ip address ipv6 address 2001:DB8:101:3::/64 eui-64 ipv6 ospf 1 area 51

interface Serial0/0 no ip address encapsulation frame-relay ipv6 address 2001:DB8:101:1::/64 eui-64 ipv6 ospf network point-to-point ipv6 ospf 1 area 0 frame-relay map ipv6 FE80::204:9AFF:FE5C:8B41 602 broadcast frame-relay map ipv6 2001:DB8:101:1:204:9AFF:FE5C:8B41 602 broadcast ipv6 router ospf 1 router-id 10.1.1.1

278


Router B


interface Loopback0 no ip address ipv6 address 2001:DB8:101:2::/64 eui-64 ipv6 ospf 1 area 1

interface Serial0/0 no ip address encapsulation frame-relay ipv6 address 2001:DB8:101:1::/64 eui-64 ipv6 ospf network point-to-point ipv6 ospf 1 area 0 frame-relay map ipv6 FE80::204:C1FF:FE09:1DA1 206 broadcast frame-relay map ipv6 2001:DB8:101:1:204:C1FF:FE09:1DA1 206 broadcast ipv6 router ospf 1 router-id 10.1.1.2

279

OSPFv3 Verification

rA#show ipv6 route ospfIPv6 Routing Table - 7 entriesCodes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2OI 2001:DB8:101:2:204:9AFF:FE5C:8B41/128 [110/64] via FE80::204:9AFF:FE5C:8B41, Serial0/0

ra#show ipv6 ospf neighbor

Neighbor ID Pri State Dead Time Interface ID Interface10.1.1.2 1 FULL/ - 00:00:33 3 Serial0/0

280

OSPFv3 Router Commands

A(config)#ipv6 router ospf 1A(config-rtr)#? area OSPF area parameters auto-cost Calculate OSPF interface cost according to bandwidth compatible OSPF compatibility list default Set a command to its defaults default-information Distribution of default information default-metric Set metric of redistributed routes discard-route Enable or disable discard-route installation distance Administrative distance distribute-list Filter networks in routing updates

281


exit Exit from IPv6 routing protocol configuration modeignore Do not complain about specific eventlog-adjacency-changes Log changes in adjacency statemaximum-paths Forward packets over multiple pathsno Negate a command or set its defaultspassive-interface Suppress routing updates on an interfaceredistribute Redistribute IPv6 prefixes from another routing protocolrouter-id router-id for this OSPF processsummary-prefix Configure IPv6 summary prefixtimers Adjust routing timers

282


A(config-rtr)#area 1 ? default-cost Set the summary default-cost of a NSSA/stub area nssa Specify a NSSA area range Summarize routes matching address/mask (border routers only) stub Specify a stub area virtual-link Define a virtual link and its parameters

283

OSPFv3 Interface Commands

r2(config)#int s0/0r2(config-if)#ipv6 ospf ? <1-65535> Process ID cost Interface cost database-filter Filter OSPF LSA during synchronization and flooding dead-interval Interval after which a neighbor is declared dead demand-circuit OSPF demand circuit flood-reduction OSPF Flood Reduction hello-interval Time between HELLO packets mtu-ignore Ignores the MTU in DBD packets neighbor OSPF neighbor network Network type priority Router priority retransmit-interval Time between retransmitting lost link state advertisements transmit-delay Link state transmit delay


Q and A


Session 6:

IP Routing BGP

286

Topics

Introduction

BGP Path Section

BGP Attributes

Debugging

287

Introduction

What Is BGP?

How Does BGP Work

EBGP and IBGP

What Is a Peer (Neighbor)

288

Configuring BGP

Rtr A Rtr Brouter bgp 1 router bgp 2

10.1.1.1/24 10.1.1.2/24

Rtr A Rtr B

AS 1 AS 2

289

Configuring Peers

*address-family Enter address family command mode

***aggregate-address Configure BGP aggregate entries

*auto-summary Enable automatic network number summarization

*bgp BGP specific commands

default Set a command to its defaults

*default-information Control distribution of default information

*default-metric Set metric of redistributed routes

*distance Define an administrative distance

+++distribute-list Filter networks in routing updates

exit Exit from routing protocol configuration mode

Importance: ***High **Medium *Low+++: Do Not Use with BGP

Use neighbor x.x.x.x distribute-list {in|out}

Rtr(config-router)#?

290

help Description of the interactive help system

*maximum-paths Forward packets over multiple paths

***neighbor Specify a neighbor router

**network Specify a network to announce via BGP

no Negate a command or set its defaults

***redistribute Redistribute information from another routing protocol

*synchronization Perform IGP synchronization

*table-map Map external entry attributes into routing table

*timers Adjust routing timers

Configuring Peers (Cont.)

Rtr(config-router)#?

Importance: ***High **Medium *Low

291

Rtr A Rtr Brouter bgp 1 router bgp 2 neighbor 10.1.1.2 remote-as 2 neighbor 10.1.1.1 remote-as 1

Configuring BGP Peers (Cont.)

10.1.1.1/24 10.1.1.2/24

Rtr A Rtr B

AS 1 AS 2

Neighbor

292

BGP Issue: Synchronization

Rtr B does not know about 172.16.0.0; therefore Rtr C should not advertise 172.16.0.0 to Rtr D

Redistribute 172.16.0.0 into IGP (not recommended); or use a full iBGP mesh and disable synchronization (default)

eBGP eBGP

iBGP

172.16.0.0

Rtr A

Rtr B

Rtr C

Rtr D

12.2(8)T—Default changedto no synchronization

A BGP Router will Not Advertise a Route to an eBGP Neighbor Unless the Route Is Already in the IP Routing Table

293

BGP Path Selection

Ignore a route if the next hop is not known

Ignore external routes with local AS in path

1. Prefer the route with the largest weight

2. Prefer the route with the largest local preference

3. Prefer the route that was locally originated

via network, aggregate or redistribution from an IGP

294

BGP Path Selection (Cont.)

4. Prefer the route with the shortest AS path

If using bgp bestpath as-path ignore then skip this step; when using the as-set option for aggregated routes then the as_set counts as 1 regardless of the number of AS entries in the set; confederation sub AS numbers are not used to determine the AS-path length

5. Prefer the route with the lowest origin(IGP < EGP < Incomplete)

6. Prefer the route with the lowest MED

This comparison is only between routes advertised by the same external AS

7. Prefer eBGP paths to iBGP path

295

BGP Path Selection (Cont.)

8. For iBGP paths, prefer the path with lowest IGP metric to the BGP next hop

9. For eBGP paths, prefer the oldest (most stable) path

10.Prefer the path received from the router with the lowest router ID

296

BGP Attributes: Next Hop

The next hop IP address that is used to reach a destination

For eBGP, the next hop is the IP address specified in the neighbor command

For iBGP, the eBGP next hop information is carried into iBGP

10.1.1.1 10.1.1.2 10.1.20.1 10.1.20.2

AS 1 AS 2

172.16.0.0

172.16.0.0Next Hop = 10.1.1.1

Router C

Does Router C Know How to Get to the Next Hop?

297

BGP Attributes: Weight

A Cisco defined attribute which is used for path selection; the weight is assigned locally and is not propagated in routing updates

Value: 0–65535 Default is 32768 for local routes, 0 for all others

Higher value is preferred

Net 172.16.0.0Weight = 0

Net 172.16.0.0Weight = 80

Preferred

AS 1

AS 2AS 3

172.16.0.0/16

AS 4

298

BGP Attributes: Local Pref

Signals which path is preferred to exit the AS and is exchanged among all BGP speakers in the AS; local preference is not exchanged between ASs

Value: 0–4294967295

Default value: 100

Higher value is preferred

AS 2AS 3

172.16.0.0/16

AS 4

Net 172.16.0.0Loc Pref = 100

Net 172.16.0.0Loc Pref = 800

Preferred

AS 1

299

BGP Attribute: AS Path

10.1.0.0/2410.1.1.1/24

AS 5

^1$

^1$

^1$

^2 1$

^3$

^4 1$

AS 1

AS Path Attribute—the List of AS Numbers That a Route Has Traversed to Reach a Destination

AS 2

AS 3

AS 4

300

BGP Attributes: Origin

IGP—i

Network Layer Reachability Information (NLRI) is interior to the originating AS; network statement or redistribute IGP routes

EGP—e

NLRI is learned via eBGP

Incomplete—?

NLRI is unknown; redistributing static into BGP

301

BGP Attributes: Metric (MED)

Also known as the Multi-Exit-Discriminator (MED); metric is used as a suggestion to other ASs about the preferred path into the AS; exchanged between ASs

Value: 0–4294967295 Default value: 0 Lower value is preferred

AS 1

Net 172.16.1.0Metric = 80

Net 172.16.1.0Metric = 0 Preferred

172.16.1.0

AS 2

302

BGP Path Selection—BGP Table

The best routes to the destination networks are selected from the BGP table

303

BGP Path Selection Summary

Prefer highest weight (local to router)

Prefer highest local preference (global within AS)

Prefer routes that the router originated

Prefer shorter AS paths (only length is compared)

Prefer lowest origin code (IGP < EGP < Incomplete)

Prefer lowest MED

Prefer external (EBGP) paths over internal (IBGP)

For IBGP paths, prefer path through closest IGP neighbor

For EBGP paths, prefer oldest (most stable) path

Prefer paths from router with the lower BGP router-ID

304

Atomic Aggregate—The Route Has Been Summarized and Path Information Is Lost

RouterD# show ip bgpBGP table version is 6, local router ID is 4.4.4.4Status codes: s suppressed, d damped, h history, * valid, > best, i – internalOrigin codes: i - IGP, e - EGP, ? – incomplete Network Next Hop Metric LocPrf Weight Path*> 160.0.0.0/8 4.4.4.1 0 300 i

Other BGP Attributes: Atomic Aggregate

Use of the as-set CommandWhen Aggregating (Router C) Will Propagate the Path Information

305

BGP Attributes: Community

Used to group destinations and apply routing decisions according to community; by default, not sent to any peers

Value: 0–4,294,967,200 or 0:0–65535:65535

Values of all-zeroes and all-ones in the high order 16 bits are reserved

Well known communities

no-export (Do not export to next AS)

no-advertise (Do not advertise to any peer)

Internet (Advertise to all routers)

local-AS (Do not advertise outside local AS)

To send community values to a peer use the send-community keyword

neighbor 1.1.1.1 send-community

306

BGP Attributes: Community (Cont.)

AS 1250 AS 88 AS 51

AS 1

201.3.3.196/26144.8.1.0/24144.9.3.128/2712.1.0.0/16

197.4.3.0/27152.1.1.0/24152.4.5.128/2628.5.0.0/17

201.3.3.196/22144.8.1.0/24144.9.3.128/2312.1.0.0/16

AS 1 Wants to Adjust the BGP Attributes of the Underlined Routes;How Can We Do That? AS-Path? Prefix and Mask?

307


Use the Community Attribute

AS 1250 AS 88 AS 51

AS 1

201.3.3.196/26,1:4144.8.1.0/24144.9.3.128/2712.1.0.0/16

197.4.3.0/27152.1.1.0/24, :44152.4.5.128/26,1:428.5.0.0/17

201.3.3.196/22144.8.1.0/24, 1:4144.9.3.128/2312.1.0.0/16, 1:4

308


router bgp 51 neighbor 10.1.1.1 remote-as 1 neighbor 10.1.1.1 send-community neighbor 10.1.1.1 route-map setcomm out!access-list 1 permit 144.8.1.0 0.0.0.255access-list 1 permit 12.1.0.0 0.0.255.255!route-map setcomm permit 10 match ip address 1 set community 1:4!route-map setcomm permit 20

Setting the Community Value

309


rtrA#sh ip bgp 172.16.1.0BGP routing table entry for 172.16.1.0/24, version 7Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 172.10.2.2 172.10.6.6 254 10.1.1.1 from 10.1.1.1 (199.172.15.254) Origin IGP, metric 0, localpref 100, valid, external, best Community: 65546

Viewing the Community Value—Old Format

310


ip bgp-community new-format (global configuration)

rtrA#sh ip bgp 172.16.1.0BGP routing table entry for 172.16.1.0/24, version 7Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 172.10.2.2 172.10.6.6 254 10.1.1.1 from 10.1.1.1 (199.172.15.254) Origin IGP, metric 0, localpref 100, valid, external, best Community: 1:10

Viewing the Community Value—New Format


Controlling the Flow of BGP Updates

312

Aggregate Addresses

Used to minimize the size of the routing table

Combines characteristics of several routes to allow a single route to be advertised

RTB#

router bgp 200

neighbor 3.3.3.1 remote-as 300

network 160.10.0.0

RTC#

router bgp 300



network 170.10.0.0

aggregate-address 160.0.0.0 255.0.0.0

313

Aggregate Addresses (Cont.)

aggregate-address address mask advertises the prefix route and all of the more specific routes

aggregate-address address mask summary-only This advertises the prefix only; all the more specific routes are suppressed*

aggregate-address address-mask suppress-map map-nameThis command advertises the prefix route and the more specific routes but it suppresses advertisement according to a route map

314

Example: Aggregate Address

Question: Advertise the aggregate route 132.0.0.0/8 into AS 3. Ensure that the aggregate address and only 132.108.10.0/24 is allowed through to AS 3

315

Example (Cont.): Configuration

r8(config)#router bgp 4

r8(config-router)#aggregate-address 132.0.0.0 255.0.0.0 suppress-map AGGREGATE_MAP1

r8(config-router)#exit

r8(config)#access-list 3 deny 132.108.10.0 0.0.0.255

r8(config)#access-list 3 permit any

r8(config)#route-map AGGREGATE_MAP1 permit 10

r8(config-route-map)#match ip address 3

r8(config-route-map)#end

316

Example (Cont.): Verification

r5#sh ip ro bgp

B 141.108.0.0/16 [200/0] via 142.108.10.6, 2d03h

B 131.108.0.0/16 [20/0] via 162.108.21.8, 00:06:41

B 161.108.0.0/16 [20/0] via 162.108.21.8, 00:06:41

132.108.0.0/16 is variably subnetted, 2 subnets, 2 masks

B 132.108.10.0/24 [20/0] via 162.108.21.8, 00:06:41

B 132.108.0.0/16 [200/0] via 142.108.10.6, 2d03h

B 132.0.0.0/8 [20/0] via 162.108.21.8, 00:06:41

317

BGP Route Filtering

Filter networks in incoming or outgoing BGP updates based on IP address

Rtr A Rtr Brouter bgp 1 router bgp 2 neighbor 10.1.1.2 distribute-list 1 in neighbor 10.1.1.1 distribute-list 2 out

access-list 1 permit 172.16.0.0 0.0.255.255 access-list 2 permit 192.30.8.0 0.0.0.255

Route Filtering

10.1.1.1/24 10.1.1.2/24

Rtr A Rtr B

AS 1 AS 2

Do You See A Problem Here?

318

BGP Route Filtering

Path filtering—filter networks in incoming or outgoing BGP updates based on AS path information

Rtr A Rtr Brouter bgp 1 router bgp 2 neighbor 1.1.1.2 filter-list 1 in neighbor 1.1.1.1 filter-list 2 out… ...ip as-path access-list 1 deny ^2$ ip as-path access-list 2 permit ^$(deny routes belonging to AS 2) (allow routes from this AS only)ip as-path access-list 1 permit .*

Route Filtering

10.1.1.1/24 10.1.1.2/24

Rtr A Rtr B

AS 1 AS 2

Do You See A Problem Here?

319

Route-Map Overview

Route-maps are very complex access-lists:

Access-lists have lines Route-maps contain statements

Access-lists use addresses and masks Route-maps use match conditions

With access-lists, there is an access-list number With route-maps, there is a route-map name

Statements in route-maps are numbered

You can insert and delete statements in a route-map

You can edit match conditions in a statement

Route-map statements can modify matched routes with “set” options

Route Maps

320

Route-Map Overview (Cont.)

The default statement action is “permit”

A route not matched by any statement is dropped

“Permit all” is achieved by specifying “permit” without a “match” clause

Match conditions in one statement are ANDed together

The first matching statement permits or denies the route

Route Maps

321

Route-Map Overview (Cont.)

router bgp 300

network 172.16.0.0

neighbor 2.2.2.2 remote−as 100

neighbor 2.2.2.2 route−map STOPUPDATES out

…

route−map STOPUPDATES deny 10

match ip address 1

route−map STOPUPDATES permit 20

…

access−list 1 permit 170.16.0.0 0.0.255.255

Blocks Advertisement of Network 172.16.0.0 to Neighbor 2.2.2.2

Route Maps


Debugging BGP

323

Debugging

Test the IP connection between the BGP routers

If you can ping the remote endpoint then you can form a BGP connection

Rtr A#ping 1.1.1.2 Rtr B#ping 1.1.1.1

10.1.1.1/24 10.1.1.2/24

Rtr A Rtr B

AS 1 AS 2

324

Debugging

Rtr A# Rtr B#

router bgp 1 router bgp 2 neighbor 1.1.1.2 remote-as 2 neighbor 1.1.1.1 remote-as 1

10.1.1.1/24 10.1.1.2/24

Rtr A Rtr B

AS 1 AS 2

Start with a Minimum BGP Configuration

325

Debugging

Rtr A#show ip bgp neighbors

BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 1.1.1.2 BGP state = Established, table version = 1, up for 0:12:20 Last read 0:00:20, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 30 seconds Received 15 messages, 0 notifications, 0 in queue Sent 15 messages, 0 notifications, 0 in queue Connections established 1; dropped 0Connection state is ESTAB, I/O status: 1, unread input bytes: 0Local host: 10.1.1.7, Local port: 11002Foreign host: 10.1.1.1, Foreign port: 179

IF BGP Stat = Established Then Continue with Your BGP Configuration

326

Further Possible Areas of Study

IBGP—Route Reflector

IBGP—Confederations

EBGP—Neighbor Local-as

BGP Multipath

BGP Conditional Advertisement


Q and A

328

Recommended Reading

Internet Routing Architectures, Bassam Halabi, Cisco Press

Cisco BGP-4 Command and Configuration Handbook, William Parkhurst, Cisco Press

Available Onsite at the Cisco Company Store


Session 7:

MPLS/VPN

330

Agenda

MPLS Technology Introduction

MPLS Network Ingredients

Building MPLS Services

MPLS VPNs

MPPS Layer 3 VPNs


MPLS Technology Introduction

332

What Is MPLS Technology?

Multi Protocol Label Switching is a technology for delivery of IP services MPLS technology switches packets instead of routing, to transport data A highly scalable mechanism that is topology driven rather than

flow driven Single infrastructure architecture supporting multitudes of applications MPLS has evolved long way from its original goal, now serving as a

foundation for value-added services

VPLSTraffic

Engineer

Unicast &multicastL3 VPNs

MPLS

Single Network Infrastructure

IP+OpticalGMPLS

Any TransportOver MPLS

333

Evolving Infrastructures, Growing Requirements

Fast Convergence

Fast Convergence

High Availability

High Availability

RedundancyRedundancy

Resilience Resilience and Scaleand Scale

Resilience Resilience and Scaleand Scale

Next Generation Services Networks Require Next Generation Services Networks Require a Transport that Offers End-to-End:a Transport that Offers End-to-End:

Next Generation Services Networks Require Next Generation Services Networks Require a Transport that Offers End-to-End:a Transport that Offers End-to-End:

ReportReport

MeasureMeasure

Test andVerify

Test andVerify

ProvisionProvision

OAMOAMOAMOAM

Point to Point

Point to Point

Point to MultipointPoint to Multipoint

Service Service FlexibilityFlexibilityService Service

FlexibilityFlexibility

Mutipoint to Multipoint

Mutipoint to Multipoint

Traffic ClassesTraffic Classes

BW GuaranteesBW Guarantees

SLA SLA GuaranteesGuarantees

SLA SLA GuaranteesGuarantees

Traffic PriorityTraffic Priority

334

CustomerA

Remote Users/ Telecommuters

MPLS Backbone

VPN B

PE2

VPN B

Local or Direct

Dial ISP

HQ AHQ A

Internet

ProviderNetworks

Branch OfficeBranch Office

HQ CHQ C

HQ BHQ B

FR/ATM/

Carrier Ethernet

VPN C

MPLS Use Case

P1 P2

VPN A

VPN A

VPN C

VPN BPE3

Mobile Backhaul

Shared/Managed Services

ERP VideoServer

HostedContent

PE4

PE1

Mobile Backhaul

P3 P4

VMVM

VMVM

VMVM

VMVM

Requirements: L2 pt-pt, L2 fully meshed,L3 fully meshed sites through HQ site, all sites

directly access Hosted content and the Internet with SLA

MPLS to MPLS to IPsecIPsec//PEPE

PE5


MPLS Network Ingredients

336

MPLS Network Ingredients Network devices

P (Provider) routers = label switching routers = core routers

PE (Provider Edge) routers = edge LSR = provider edge device

ProtocolsIGP: core routing protocol, OSPF, EIGRP, IS-IS

Label Distribution Protocol (LDP)

Multiprotocol e/iBGP

Resource reservation (RSVP) protocol

MPLS labelForwarding Equivalence Class (FEC)

MPLS label

MPLS label encapsulation

MPLS planesMPLS control planes

MPLS forwarding planes

337

MPLS Network Devices

P (Provider) routers = label switching routers = core routers

Switch packets from ingress PE to egress PE

PE (Provider Edge) routers = edge LSR = provider edge device

MPLS services are enabled on PE devices. They interconnect customer sites

PE

P

P

P

P

PE

PE

PE

PE

PE

338

P

P

PE

PE

PE

PE

P

P

PE

PE

IGPRSVP

LDP

MPLS Network Protocols

IGP: OSPF, EIGRP, IS-IS on core facing and core links

RSVP and/or LDP on core and/or core facing links

MP-e/iBGP on PE devices

339

Label Distribution Protocol

Defined in RFC 3035 and 3036, LDP-superset of Tag Distribution Protocol

Uses UDP for session discovery and TCP(646) for the rest of the messages

LDP Header:

Uses per-interface or per-platform label space, each needing separate LDP sessions

Label distribution protocols distribute labels for prefixes advertised by unicast routing protocols (OSPF, IS-IS, EIGRP, etc.) using LDP or BGP

Multiple phases to establish a session & allocate labels so that traffic can be switched:

Discovery mechanisms

Session establishment

Label distribution and management

Label binding advertisement (unsolicited or on-demand), distribution, liberal retention

Version (2 Octets)

PDU Length (2 Octets)

LDP ID (6 Octets)

340

MPLS Label and Label Encapsulation

LabelPPP Header Layer 2/L3 PacketPPP Header(Packet over SONET/SDH)

Label MAC Header Layer 2/L3 PacketLAN MAC Label Header

MPLS Label Encapsulation

COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Label # – 20bits EXP S TTL-8bits

MPLS Label

341

Forwarding Equivalence Class

FEC Is Used by Label Switching Routers to Determine How Packets Are Mapped to Label Switching Paths (LSP):

IP prefix/host address

Layer 2 circuits (ATM, FR, PPP, HDLC, Ethernet)

Groups of addresses/sites—VPN x

A bridge/switch instance—VSI

Tunnel interface—traffic engineering

342

MPLS Control Plane and Forward Plane

Control plane used to distribute labels and build label-switched paths

Routing Process

MPLS Process

RIB

LIB

Route Updates/Adjacency

Label BindUpdates/Adjacency

Forwarding plane consists of label imposition, swapping, and disposition—no matter what the control plane

Destination-based unicast/multicast

Labels divorce forwarding from IP address

Labels define destination and service

MFI FIB

IP TrafficMPLS Traffic

343

MPLS Control Plane Downstream Unsolicited Mode

Step I: Core Routing Convergence

128.89

171.69

1

01

In Label

Address Prefix

128.89

171.69

…

OutI’face

1

1

…

Out Label

In Label

Address Prefix

128.89

171.69

…

OutI’face

0

1

…

Out Label

In Label

Address Prefix

128.89

…

OutI’face

0

…

Out Label

0

Routing Updates (OSPF, EIGRP, …)

You Can Reach 128.89 Thru Me

You Can Reach 171.69 Thru Me

You Can Reach 128.89 and 171.69 Thru Me

344

Step II: Assigning Labels

MPLS Control PlaneDownstream Unsolicited Mode

1

Use Label 7 for 171.69

Use Label 4 for 128.89 andUse Label 5 for 171.69

128.89

01

0

171.69

In Label

Address Prefix

128.89

171.69

…

OutI’face

1

1

…

Out Label

In Label

Address Prefix

128.89

171.69

…

OutI’face

0

1

…

Out Label

In Label

Address Prefix

128.89

…

OutI’face

0

…

Out Label

4

5

…

-

-

…

9

7

…

4

5

…

-

…

9

…

Use Label 9 for 128.89

Downstream Node Advertise Labels for Prefixes/FEC Reachable via that Device

345

1

0

1

128.89.25.4 Data4128.89.25.4 Data

128.89.25.4 Data

128.89.25.4 Data9

Label Switch Forwards Based on Label

128.890

171.69

In Label

Address Prefix

128.89

171.69

…

OutI’face

1

1

…

Out Label

In Label

Address Prefix

128.89

171.69

…

OutI’face

0

1

…

Out Label

In Label

Address Prefix

128.89

…

OutI’face

0

…

Out Label

4

5

…

-

-

…

9

7

…

4

5

…

-

…

9

…

MPLS Forwarding Plane

Step III: Forwarding Labeled Packets

346

Label Stacking

There may be more than one label in an MPLS packet

As we know labels correspond to forwarding equivalence classesExample—there can be one label for routing the packet to an egress point and another that separates a customer A packet from customer B

Inner labels can be used to designate services/FECs, etc.

e.g. VPNs, fast reroute

Outer label used to route/switch the MPLS packets in the network

Last label in the stack is marked with EOS bit

Allows building services such as MPLS VPNs

Traffic engineering and fast reroute

VPNs over traffic engineered core

Any transport over MPLS

TE Label

LDP Label

VPN Label

Inner Label

Outer Label

IP Header

347

MPLS Core Architecture Summary1a. Existing Routing Protocols (e.g. OSPF, IS-IS) Establish Reachability to Destination Networks

1b. LDP Establishes Label to Destination Network Mappings

2. Ingress Edge LSR Receives Packet, Performs Layer 3 Value-Added Services, and “Labels” Packets 3. LSR Switches Packets

Using Label Swapping

4. Edge LSR at Egress Removes Label and Delivers Packet

!ip cefmpls label protocol ldp!Interface ether0/0mpls ip!


MPLS VPNs

349

What Is a Virtual Private Network?

VPN is a set of sites or groups which are allowed to communicate with each other

VPN is defined by a set of administrative policiesPolicies established by VPN customers

Policies could be implemented completely by VPN service providers

Flexible intersite connectivity

Ranging from complete to partial mesh

Sites may be either within the same or in different organizations

VPN can be either intranet or extranet

Site may be in more than one VPN

VPNs may overlap

Not all sites have to be connected to the same service provider

VPN can span multiple providers

350

L2 vs. L3 VPNs

Point-to-Point Layer 2 VPNs Customer endpoints (CPE) connected via Frame Relay DLCI, ATM VC or

point-to-point connection No routing with the provider network. VPN CEs peer with each other,

much better propagation delay Good for point to point L2 connectivity, provider will need to manually fully

mesh end points if any-to-any connectivity is required

Multipoint Layer 2 VPNs Customer endpoints (CPE) connected via Ethernet (VLAN or ethernet) Fully meshed, hub-spoke service possible w/o routing

Layer 3 VPN Any access medium is supported Customer end points peer with providers’ routers @ L3 and exchange

VPN site-routing information Reduced provisioning, Scales


MPLS L3 VPNs

352

VPN A

VPN B

VPN A

VPN B

VPN CVPN A

VPN C

VPN B

IP L3 vs. MPLS L3 VPNs

Overlay VPN

ACLs, ATM/FR, IP tunnels, IPSec, … etc. requiring n*(n-1) peering points

Transport dependent

Groups endpoints, not groups

Pushes content outside the network

Costs scale exponentially

NAT necessary for overlapping subnets

Limited scaling, QoS Complexity

MPLS-Based VPNs

Point-to-cloud single point of connectivity

Transport independent

Easy grouping of users and services

Enables content hosting inside the network

“Flat” cost curve

Supports private overlapping IP addresses

Scalable to over millions of VPNs

Per VPN QoS

Hosting

Multicast

VoIP

Intranet

Extranet

353

MPLS L3 VPN Control Plane Basics

1. VPN service is enabled on PEs

2. VPN site’s CE1 connects to a VRF enabled interface on a PE1

3. VPN site CE1 distributes routes to PE1

4. PE1 allocates VPN label for each prefix, redistributes routes into MP-iBGP, sets itself as a next hop and relays VPN site routes to PE3

5. PE3 distributes CE1’s routes to CE2

VRF

VRF

VRF

MP-iBGP—VPNv4 Label Exchange

MP-iBGP—VPNv4 iBGP—VPNv4

PE1

PE3

PE2CE1

CE4

CE3

CE2

P1 P2

VRF VRF

P3

Static, EIGRP, OSPF, eBGP

354

How Control Plane Information Is Separated

PE1

P1 P2

PE2

CE2CE1

IPv4 Route Exchange

VPN-IPv4Net=RD:16.1/16NH=PE1Route Target100:1Label=42

16.1/16

IGP/eBGP Net=16.1/16

IGP/eBGP Net=16.1/16

No VPN Routes in

the Core(P)

ip vrf YellowRD 1:100route-target export 1:100route-target import 1:100

Route Distinguisher (RD): 8-byte field—unique value assigned by a provider to each VPN to make different VPN routes unique

VPNv4 address: RD+VPN IP prefix Route Target (RT): 8-byte field, unique value assigned by a provider to define the

import/export rules for the routes from/to each VPN MP-iBGP: facilitates advertisement of VPNv4* prefixes + labels between BGP

peers Virtual Routing Forwarding Instance (VRF): contains VPN site routes Multi-VRF CE: CE device supporting multiple VRFs w/o MP-iBGP & VPN labels

355

PE1 PE2CE1 Forwards IPv4 Packet

MPLS L3 VPN Forwarding PlaneHow Data Plane Is Separated

1. PE1 imposes pre-allocated label for the prefix

2. Core facing interface allocates IGP label

3. Core swaps IGP labels

4. PE2 strips off VPN label and forwards the packet to CE2 as an IP packet

CE2 Receives IPv4 Packet

!Interface S1/0ip vrf forwarding Yellow!

P1 P2

CE2CE1

IPv4 IPv4

IPv4 IPv4 IPv4


MPLS L3 VPNs Applications

357

CustomerA

Remote Users/ Telecommuters

MPLS Backbone

VPN B

Local or Direct

Dial ISP

HQ Hub

Internet

ProviderNetworks

MPLS to IPsec/PE

Branch Office

Business Partner

FR/ATM/

VPN A

Deployment Example I:

P1 P2

VPN A

VPN A

VPN A

VPN AVMVM

VMVM

VMVMPE2

PE3

Remote Site

VMVM

PE1

MPLS VPN SP Interconnecting VPN Sites for different Access Technologies

358

Deployment Example II: MPLS VPNs in Enterprise Campus

L2 access

Multi-VRF-CE at distribution

BGP/MPLS VPNs in core only

Multi-VRF between core and distribution

Multi-VRF doesn’t require MPLS labels

Layer 3

L2

L2

MP-iBGP

VPN1

VPN2

802.1Q

CE (Multi-VRF)

BGP/MPLS VPN

PE w/VRF

P

359

Remote SitesEnterprise-A

Enterprise-AHub-1-UK Global Backbone

Service Provider AS100

Deployment Example III: End-to-End VPN Services Using Multiple MPLS SPs


Enterprise-A Hub-2-US

Enterprise-AHub-3-India


Regional SP1

MPLS Core AS1

Regional SP2

MPLS Core AS2

Regional SP3

MPLS CoreAS3

360

MPLS L3 VPNs Summary

SPs can provide Intranet, extranet, hub-spoke, fully-meshed connectivity services

Advanced multicast VPNs, shared hosting, voice, video, Internet and traditional IP services can also be supported over a single infrastructure

SP configured route target can be used to filter/limit import/export of VPN routes

SP configured per VPN route distinguisher segregates VPN control plane traffic

Unique per-VPN labels segregates data plane traffic

Subscribers have several access medium and routing protocol options to connect to the providers

SPs can offer service level guarantees using QoS and traffic engineering applications for MPLS L3 VPNs

MPLS L3VPNs over IP

361

Terminology ReferenceTerminology Description

AC Attachment Circuit. An AC Is a Point-to-Point, Layer 2 Circuit Between a CE and a PE.

AS Autonomous System (a Domain)

CoS Class of Service

ECMP Equal Cost Multipath

IGP Interior Gateway Protocol

LAN Local Area Network

LDP Label Distribution Protocol, RFC 3036.

LER Label Edge Router. An Edge LSR Interconnects MPLS and non-MPLS Domains.

LFIB Labeled Forwarding Information Base

LSP Label Switched Path

LSR Label Switching Router

NLRI Network Layer Reachability Information

P Router An Interior LSR in the Service Provider's Autonomous System

PE RouterAn LER in the Service Provider Administrative Domain that Interconnects the Customer Network and the Backbone Network.

PSN Tunnel Packet Switching Tunnel

362

Terminology ReferenceTerminology Description

Pseudo-WireA Pseudo-Wire Is a Bidirectional “Tunnel" Between Two Features on a Switching Path.

PWE3 Pseudo-Wire End-to-End Emulation

QoS Quality of Service

RD Route Distinguisher

RIB Routing Information Base

RR Route Reflector

RT Route Target

RSVP-TE Resource Reservation Protocol based Traffic Engineering

VPN Virtual Private Network

VFI Virtual Forwarding Instance

VLAN Virtual Local Area Network

VPLS Virtual Private LAN Service

VPWS Virtual Private WAN Service

VRF Virtual Route Forwarding Instance

VSI Virtual Switching Instance

363

MPLS/L3VPN Sample Lab Question

Backbone 1

VLAN_B

Backbone 2

Sw1 Sw2

Sw3Sw4

R2

R5

R3

R1

R4

Fa0/0.25.5/24

Gi0/0.25.2/24

Gi0/1.20.2/24

VLAN_C

VLAN_A

Fa0/1.100.5/24

Gi0/1.100.1/24

Gi0/1.100.3/24

Gi0/0.30.3/24

Fa0/1.50.4/24

Fa0/0150.1.YY.1/24

Gi0/0150.2.YY.1/24

S0/0/0.12.2/30

S0/0/1.12.1/30

S0/0/0.14.4/24

S0/0/0.14.1/24

SVI .30.9/24

VLAN_D

SVI .30.10/24

SVI .50.7/24

SVI .50.8/24

VLAN_E

CE

CE

PE

PE

P P

PE

PE

CE CE

P

PE

P

P

VPN Tunnel

MP-BGP/IGP/MPLS

IGP/MPLS

IGP/MPLS

PECEStatic Route/No MPLS

VPN Tunnel

Static Route/No MPLS

170.1.9.9/24

170.1.7.7/24

364

MPLS/L3VPN Sample Lab Question (Cont.)

MP-BGP should be configured to carry vpnv4 updates.

VRF instance should be named "ccie"

RT & RD values is upon candidates discretion.

Include only the relevant interface in the vrf instance.

Configure the vrf route as appropriate on PEs

You are allowed to use static route from CE to PE for the private traffic.

There is a private network on Sw3 170.1.9.0 and another on Sw1 170.1.7.0. Build a VPN tunnel to carry the private traffic between these two networks using the MPLS core and edge infrastructure.

365

MPLS/L3VPN Sample Lab Question (Cont.)Verification

R3: Verify VPNv4 routes are received from R4(PE):

R3#sh ip route vrf ccie

Routing Table: ccie

170.1.0.0/32 is subnetted, 2 subnets

S 170.1.9.9 [1/0] via 1.1.30.9

B 170.1.7.7 [200/0] via 1.1.4.4, 3d16h---Loopback intf.(Private Network) on Sw1


C 1.1.30.0 is directly connected, GigabitEthernet0/0

B 1.1.50.0 [200/0] via 1.1.4.4, 3d16h R4: Verify VPNv4 routes are received from R3(PE):

R3#sh ip route vrf ccie

Routing Table: ccie


S 170.1.7.7 [1/0] via 1.1.50.7

B 170.1.9.9 [200/0] via 1.1.3.3, 3d16h---Loopback intf.(Private Network) on Sw3


C 1.1.50.0 is directly connected, GigabitEthernet0/1

B 1.1.30.0 [200/0] via 1.1.3.3, 3d16h

366

Further Reading

http://www.cisco.com/go/mpls

http://www.ciscopress.com

MPLS and VPN Architectures—Jim Guichard, Ivan Papelnjak—Cisco Press®

Traffic Engineering with MPLS—Eric Osborne, Ajay Simha—Cisco Press

Layer 2 VPN Architectures— Wei Luo, Carlos Pignataro, Dmitry Bokotey, Anthony Chan—Cisco Press

MPLS QoS—Santiago Alvarez-Cisco Press


Q and A


Session 8:

IP Multicast

369

Agenda

Multicast Concepts

PIM-SM Configuration and Verification

Multicast Troubleshooting

370

Multicast At-a-Glance

PIM

IGMPP

IMP

IM

IGMP

371

McastSample Written Question

Which of the following is NOT true of IP Multicast Addressing?

1. Multicast Group addresses comprise the range 224.0.0.0–239.255.255.255

2. The Link-Local Address Range is 224.0.0.0–224.0.0.255

3. Administratively Scoped Addresses (239.0.0.0– 239.255.255.255) are assigned to user applications by IANA

4. EIGRP Hello’s to 224.0.0.10 have a TTL = 1

5. Scope Relative Addresses are the top 256 addresses of a scoped address range


Multicast Forwarding

373

Unicast vs. Multicast Forwarding

Destination IP address directly determines where to forward the packet

Decision based on route table

Hop-by-hop forwarding continues even during routing topology changes

Unicast Forwarding

374

Unicast vs. Multicast Forwarding

Destination IP address doesn’t directly indicate where to forward packet

Forwarding is connection-oriented

Receivers must first “connect” to the source before traffic begins to flow

Connection messages (PIM Joins) follow unicast routing table toward multicast source

Build Multicast Distribution Trees that determine where to forward packets

Distribution Trees rebuilt dynamically in case of network topology changes

Mulitcast Forwarding

375

Reverse Path Forwarding (RPF)

The multicast source address is checked against the unicast routing table

This determines the interface and upstream router in the direction of the source to which PIM Joins are sent

This interface becomes the “Incoming” or RPF interface

A router forwards a multicast datagram only if received on the RPF interface

The RPF Calculation


PIM Sparse Mode

377

PIM Sparse Mode

Protocol-independent

Supports all underlying unicast routing protocols including: static, RIP, IGRP, EIGRP, IS-IS, BGP, and OSPF

Sparse mode

Uses “pull” model

Traffic sent only to where it is requested

Explicit join behavior

378

PIM-SM Shared Tree Join

Receiver

RP

PIM (*, G) Join(*, G) State Created OnlyAlong the Shared Tree

Shared Tree

IGMP (*, G) Join

379

PIM-SM Sender Registration

Receiver

RP

(S, G) Join

Source

(S, G) Register (unicast)

(S, G) State Created OnlyAlong the Source Tree

Source Tree

Traffic Flow

Shared Tree

380


Receiver

RPSource

RP Sends a Register-Stop Back to the First-Hop Router to Stop the Register Process

(S, G) Register-Stop (unicast)

(S, G) Register (unicast)

(S, G) Traffic Begins Arriving at the RP Via the Source Tree

Source Tree

Traffic Flow

Shared Tree

381


Receiver

RPSource

Source Traffic Flows NativelyAlong SPT to RP

From RP, Traffic Flows Downthe Shared Tree to ReceiversSource Tree

Traffic Flow

Shared Tree

382

PIM-SM SPT Switchover

Receiver

RP

(S, G) Join

Source

Last-Hop Router Joins the Source Tree

Source Tree

Traffic Flow

Shared Tree

383


Receiver

RPSource

Last-Hop Router Joins the Source Tree

Additional (S, G) State Is Created Along New Part of the Source TreeSource Tree

Traffic Flow

Shared Tree

384


Receiver

RPSource

(S, G)RP-bit Prune

Traffic begins Flowing Down the New Branch of the Source Tree

Additional (S, G) State is Created Along the Shared Tree to Prune off (S, G) Traffic

Source Tree

Traffic Flow

Shared Tree

385


Receiver

RPSource

Shared Tree

(S, G) Traffic Flow Is Now Pruned off of the Shared Tree and Is Flowing to the Receiver via the Source TreeSource Tree

Traffic Flow

Shared Tree

386


Receiver

RPSource

Shared Tree

(S, G) Traffic Flow Is No Longer Needed by the RP So it Prunes the Flow of (S, G) Traffic

(S, G) Prune

Source Tree

Traffic Flow

Shared Tree

387


Receiver

RPSource

Source Tree

(S, G) Traffic Flow Is Now Only Flowing to the Receiver via a Single Branch of the Source Tree

Traffic Flow

Shared Tree


PIM Sparse Mode Configuration and Verification

389

PIM Sparse Mode Static RP

R4 R3

R2

R1

E0/0 10.1.1.1/24ip pim sparse-mode


S0/1 10.2.2.2/24ip pim sparse-mode



On Every RouterGlobal Configuration Command


ip multicast-routingip pim rp-address 10.1.22.22

LO0 10.1.22.22/32ip pim sparse-mode

390

PIM Sparse Mode Static RP—Verification

R4 R3

R2

R1










r3# show ip pim rp mappingGroup(s): 224.0.0.0/4, Static RP: 10.1.22.22 (R2)

391

R4 R3

R2

R1











r2# show ip pim interface Address Interface Ver/ Nbr Query DR DR Mode Count Intvl Prior10.1.1.2 Ethernet0/0 v2/S 1 30 1 10.1.1.210.2.3.2 Serial0/0 v2/S 1 30 1 10.2.3.410.2.2.2 Serial0/1 v2/S 1 30 1 10.2.2.3

392

R4 R3

R2

R1











r2# show ip pim neighborPIM Neighbor TableNeighbor Interface Uptime/Expires Ver DRAddress Priority/Mode10.1.1.1 Ethernet0/0 1d00h/00:01:17 v2 1 / B S10.2.3.4 Serial0/0 1d00h/00:01:44 v2 1 / DR B S10.2.2.3 Serial0/1 1d00h/00:01:44 v2 1 / DR B S

393

PIM Sparse Mode Auto-RP

Routers automatically learn RP address

Only routers that are candidate RPs or mapping agents need to be configured

Makes use of multicast to distribute info

Two specially IANA-assigned groups used

Cisco-Announce—224.0.1.39

Cisco-Discovery—224.0.1.40

Typically dense mode is used forward these groups

Permits backup RP’s to be configured

394

PIM Sparse Mode Auto-RP

ip pim send-rp announce loopback 0 scope 16


ip multicast-routing

Interface Configuration Command

ip pim sparse-dense-modeor

ip pim sparse-mode with

Global command: ip pim auto-rp listener

R4

R2

R1

ip pim send-rp-discovery loopback 0 scope 16

R3

RP

MA

395








R4


R3MA

PIM Sparse Mode Auto-RP—Verification

R2

R1

RP

r2# show ip pim rp mappingPIM Group-to-RP MappingsThis system is an RP (Auto-RP) Group(s) 224.0.0.0/4 RP 10.1.22.22 (r2), v2v1 Info source: 10.1.44.44 (R3), via Auto-RP Uptime: 00:02:19, expires: 00:02:38

396








R4


R3MA


R2

R1

RP

r3# show ip pim rp mappingPIM Group-to-RP MappingsThis system is an RP-mapping agent (Loopback0) Group(s) 224.0.0.0/4 RP 10.1.22.22 (r2), v2v1 Info source: 10.1.22.22 (R2), via Auto-RP Uptime: 00:02:55, expires: 00:02:00

397








R4


R3MA


R2

R1

RP

r4# show ip pim rp mappingPIM Group-to-RP Mappings Group(s) 224.0.0.0/4 RP 10.1.22.22 (r2), v2v1 Info source: 10.1.44.44 (R3), via Auto-RP Uptime: 00:24:29, expires: 00:02:17

398

PIM Sparse Mode BSR

ip pim rp-candidate loopback 0

ip pim bsr-candidate loopback 0




ip pim sparse-mode

R4 R3BSR

R2

R1

RP

399






ip pim sparse-mode

R4 R3BSR

PIM Sparse Mode BSR—Verification

R2

R1

RP

r2# show ip pim rp mappingPIM Group-to-RP MappingsThis system is a candidate RP (v2) Group(s) 224.0.0.0/4 RP 10.1.22.22 (?), v2 Info source: 10.1.44.44 (?), via bootstrap Uptime: 00:04:09, expires: 00:02:27

400






ip pim sparse-mode

R4 R3BSR

PIM Sparse Mode BSR—Verification

R2

R1

RP

r2# show ip pim bsr-routerPIMv2 Bootstrap information BSR address: 10.1.44.44 (?) Uptime: 00:06:16, BSR Priority: 0, Hash mask length: 0 Expires: 00:01:55 Next Cand_RP_advertisement in 00:00:39 RP: 10.1.22.22(Loopback0)

401

Anycast RP: Overview

Uses single statically defined RP address

Two or more routers have same RP address

RP address defined as a loopback interface

Loopback address advertised as a host route

Senders and receivers join/register with closest RP

Closest RP determined from the unicast routing table

Can never fall back to dense mode

Because RP is statically defined

MSDP session(s) run between all RPs

Informs RPs of sources in other parts of network

RPs join SPT to active sources as necessary

402

ip pim rp-address 10.1.1.1ip pim rp-address 10.1.1.1

Interface loopback 0 ip address 10.1.1.1 255.255.255.255

Interface loopback 1 ip address 10.0.0.2 255.255.255.255!ip msdp peer 10.0.0.1 connect-source loopback 1ip msdp originator-id loopback 1

Interface loopback 0 ip address 10.1.1.1 255.255.255.255

Interface loopback 1 ip address 10.0.0.1 255.255.255.255!ip msdp peer 10.0.0.2 connect-source loopback 1ip msdp originator-id loopback 1

MSDPB

RP2

A

RP1

X Y

Anycast RP MSDP Configuration

403

References

Developing IP Multicast Networks; Beau Williamson, Cisco Press

Routing TCP/IP Volume II; Jeff Doyle, Cisco Press

ftp://ftpeng.cisco.com/ipmulticast/training/index.html

Available Onsite at the Cisco Company Store


Session 9:

Quality of Services

405

Quality of Service (QoS)

What Is Qos, Why?

Differentiated Services Architecture

Modular QoS Command Line

Classification/Marking

Queuing

Policing/Shaping

References

406

What Is QoS in Internetworking?

Qos is applicable in many domains outside networking (supermarket, public roads,…)

In networking, we refer to the set of requirements an application imposes along an end to end pipe

Loss rate

Latency, jitter

Bandwidth

How can we control these, in order to offer the requested service?

407

Aggregation Speed Mismatch

10 Mbps

1000 Mbps

LAN to WAN

10 Mbps

64 Kbps

Congestion Points

Example of network node congestion

Points of substantial speed mismatch and points of aggregation

Transmit buffers have the tendency to fill

Buffering reduces loss, but introduces delay

408

IETF QoS Model: Differentiated Services

Specify QoS via a packet header value: DSCP

Network uses the QoS specification to classify, shape, and police traffic, as well as perform intelligent queuing

Enables scalable service discrimination in the Internet without the need for per-flow state and signaling at every hop

Group flows into aggregates—“A collection of packets crossing a link in a particular direction”

409

IPv4 ToS vs. DS-Field(The ToS Byte Is Re-Defined)

410

DiffServ Architecture

411

Assured Forwarding PHB

Guarantees bandwidth

Allow access to extra bandwidth if available

Four standard classes (af1, af2, af3, af4)

DSCP value range: ”aaadd0” where “aaa is a binary value of the class and “dd” is the drop probability

412

Expedited Forwarding PHB

Guarantees bandwidth with prioritized forwarding

Polices bandwidth—(excess traffic is dropped)

Recommended DSCP value is 101110 (46)

Looks like IP Precedence 5 to non-DS-compliant devices

413

DSCP Usage

DSCP selects the per-hop behavior (PHB) throughout the network:

Default PHB 000000

Class Selector PHB—maps to IP Precedence

Assured forwarding PHB (AF)

Expedited forwarding PHB (EF)

414

DSCP ECNDS Field

DSCP

High Priority = EF = 101110 = 46 Best Effort = 000000 = 0

DROP Precedence

Class #1 Class #2 Class #3 Class #4

Low Drop Precedence

AF11(001010)

10

AF21(010010)

18

AF31011010)

26

AF41(100010)

34

Medium Drop Precedence

AF12(001100)

12

AF22(010100)

20

AF32011100)

28

AF42(100100)

36

High Drop Precedence

AF13(001110)

14

AF23(010110)

22

AF33(011110)

30

AF43(100110)

38

415

MQC—3 Steps to Configure a QoS Policy

1. class-map—Define traffic classes. Apply same class-map to different policies

2. policy-map—Associate policies/actions with each class of traffic

3. service-policy—Attach policies to interfaces (logical or physical) either in input or output

Note: MQC does not equate to CBWFQ CBWFQ is a queuing mechanism configurable via MQC

416

Configuring class-map

Creates a named traffic class

Specifies packet-matching criteria that identifies packets belonging to a class

class-map <class-name>

match <match-criteria>

match not <match-criteria>

match class-map <class name>

417

match-any vs match-all

Define classes consisting of multiple match criteria

class-map match-any <class-name>

match <match-criteria-1> …

match <match-criteria-n>

match-any—When only one match criterion must be met for a packet to match the specified traffic class

match-al—When all match criteria must be met for a packet to match the traffic class. Default when not configured

418

class-map match-any Gold match access-group 101 match dscp EFclass-map match-all Silver match access-group 102

access-list 101 permit ip 10.1.0.0 0.0.0.255 anyaccess-list 102 permit ip 10.2.0.0 0.0.0.255 any

Configuration Example: class-map

419

Implicit pre-existing class—No need to be configured

Contains traffic not matching any user-defined class

Features configurable by referencing class-default directly in a policy-map:

policy-map foo class class-default

<feature>

class-default class

420

Understanding policy-map

Named object representing a set of policies that are to be applied to a set of traffic classes

e.g. Police traffic class to some maximum rate

e.g. Guarantee traffic minimum bandwidth

policy-map <map-name> class <class-map-name-1> <policy-1> <policy-n>

class <class-map-name-n> <policy-n>

421

policy-map wan_policy class Gold bandwidth 512 queue-limit 64 random-detect class Silver bandwidth 256 class class-default fair-queue

Configuration Example: policy-map

422

service-policy Command

Used to attach a policy-map and thereby the associated policies to an interface, subinterface, PVC, etc.

Indicate input or output direction

(config-if)#service-policy {[output | input policy-name]}

423

Hierarchical Policies

Parent PolicyClass-default

Shape

Class 2Bandwidth

Class 1Priority

Child Policy

424

Hierarchical Policies

Configure the child or second-level policy

policy-map child class http bandwidth <bw specification> class ftp

Configure the parent or first-level policy

policy-map parent class class-default shape average <CIR> service-policy child

425

Other MQC Features with shape

With MQC you can use several QoS features simultaneously in the same policy-map

bandwidth—minimum bandwidth guarantee

shape—maximum rate limit (with buffering)

Police—limits traffic rate (no buffering)

Set—marking

Priority—configures LLQ

…

Note: Not all combinations are supported and/or make sense

426

Classification/Marking Options

Ip precedence/DSCP Values

Other Values

Layer 2—802.1Q, ISL, CLP Bit, DE Bit

MPLS—Experimental Bits

NBAR— (L4, dynamic ports)

Traditional—ACLs, qos-group

427

Three Bits Used for CoS(User Priority bits)

Three Bits (3 LSB of User Field) Used for CoS

Standard IPV4: Three MSB Called IP PrecedenceDiffServ: Six MSB Called DSCP Plus Two for ECN

Layer 2802.1Q/p

Layer 2ISL

Layer 3IPV4

Marking and Classification

VersionLength Len ID Offset TTL Proto FCS IP-SA IP-DA Data

Encapsulated Frame

FCSDATAPTSADASFDPREAM.

FCS4 Bytes

ISL Header26 Bytes

TAG4 Bytes

ToS1 Byte

428

Marking Options

Marking Can Be Done via

CAR (Committed Access Rate)

CBpolicing

CBmarking

PBR (Policy Based Routing)

QPPB (QoS Policy Propagation via BGP)

429

Classification Options

router(config-cmap)#match ? access-group Access group any Any packets class-map Class map cos IEEE 802.1Q/ISL class of service/uses priority values

destination-address Destination address input-interface Select an input interface to match

ip IP specific values (prec, dscp, rtp)

mpls Multi Protocol Label Switching specific values

not Negate this match result protocol Protocol qos-group Qos-group source-address Source address

430

Queuing

Queuing + Scheduling = Congestion Management

Buffering packets in queues

Scheduling packets out of the queues

Outbound Packets

Scheduler

Packets inVarious Queues

431

Congestion Management—Queuing and Scheduling

Queuing

Congestion management entails the creation of queues, assignment of packets to those queues based on classification

Scheduling

Congestion management controls congestion by determining the order in which packets are sent from different queues out an interface based on packet priorities.

Scheduling policy specifies how packets of different classes are served with respect to each other. Example scheduling policies include FIFO and WFQ

432

Backpressure

‘Backpressure’ is the term used for the mechanism which triggers the congestion management (queuing and scheduling)

Backpressure comes from

tx-ring of an interface is full

Token-bucket of a shaper is empty

Others (platform specific like tofab queuing on GSR)

433

scheduler

What’s a txQ ?

Every interface has 2 sets of queues Software queues ( FIFO, WFQ, …)

Any type of software queuing other than FIFO is also referred to as FANCY Queuing

Hardware queue ( =TxQ ) which is always FIFO!The TxQ, also called tx-ring, is a FIFO queue in between the scheduler and the interface asic

Software Q 1

Software Q n

Tx-ring

Wire Signal

434

CBWFQ—MQC Config Example

policy-map mypolicy

class multimedia

bandwidth 3000

class www

bandwidth 2250

class ftp

bandwidth 1500

class class-default

bandwidth 750

435

#sh policy-map interface e1/1

Ethernet1/1

Service-policy output: mypolicy

Class-map: multimedia (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group 101

Weighted Fair Queueing

Output Queue: Conversation 264

Bandwidth 3000 (kbps) Max Threshold 64 (packets)

(pkts matched/bytes matched) 0/0

(depth/total drops/no-buffer drops) 0/0/0

CBWFQ—MQC Verification

436

Low Latency Queueing (LLQ) aka priority Command

Implements both a minimum and maximum bandwidth guarantee

It is a strict priority queue with a specified amount of available bandwidth

During congestion, LLQ cannot use any excess bandwidth. This is achieved with a conditional, built-in policer

437

policy-map wan_policy

class Gold

priority 512

class Silver

bandwidth 256

class class-default

random-detect

Configuration Example:Low Latency Queuing (LLQ)

show policy-map interface

Verification

438

Policing vs. ShapingT

raff

ic

Time

Traffic Rate

Tra

ffic

Time

Traffic Rate

Policing

Tra

ffic

Time

Traffic RateTraffic Rate

Tra

ffic

Time

Shaping

Data Lost

Data Preserved

439

Ways to Limit Throughput

Common mechanism to meter traffic is a Token Bucket

Policing

CAR, CBpolicing: Token bucket(s), NO queue

Conform/exceed actions are configurable

Traffic Shaping

GTS, FRTS, CBshaping: Token bucket + queue

Conform/exceed actions are always transmit/queue

440

Token Bucket

Bc Tokens are Added Every Tc

The Packets are Sent at Access Speed as Long as There are Enough Tokens

Bc + Be: Is the Maximum Number of Token-bits That you Can Store

Tc=Bc/CIR : Time Interval Between 2 Replenishments of Token Bucket (with Bc tokens)

441

Bc = 1M CIR = 1Mbps

Tc—Interval—Hypothetical Example

Time (s)

Rat

e (M

bp

s)

=> TC = 1s

1 2 3

1

2

Bc Bc

If there is continuous traffic, then on average we achieve a shaped rate of 1M (2M during 1/2s, every second = 1Mbps)

interface rate = 2Mbps

Tc1 Tc2 Tc3

442

Be—Excess Burst

Token Bucket Dimensioning:

Every Tc, we add Bc tokens

Allow the token bucket to grow as deep as Be + Bc if not all Bc tokens are used in an interval Bc

Be

443

Class-Based Shaping

Shaping on a class via MQC (shape command)

Classification with extensive MQC match criteria (e.g. NBAR)

Shaping queue is WFQ, CBWFQ, or LLQ

Two forms:

shape average

shape peak

shape {average | peak} [percent percent] [bc] [be]

444

Average vs. Peak

Difference in number of tokens given per Tc and how excess tokens are accrued:

Average—Bc only is added every Tc to the token bucket

Peak—Bc+Be is added every Tc to the token bucket

(To burst at Bc + Be)

Average rate shaper must be idle for some time to build Be with unused tokens added by Bc

Peak rate shaper gets increment of Bc + Be per Tc and does not need to be idle

445

CBShaping: shape average

policy-map SHAPING class AF shape average 241000

Router# show policy interface Serial 3/0

…

Traffic Shaping

Target Byte Sustain Excess Interval Increment Adap

Rate Limit bits/int bits/int (ms) (bytes) Active

241000 1928 7712 7712 32 964 -

Queue Packets Bytes Packets Byte

Depth Delayed Delayed Active

41 3980 978872 3967 975686 yes

446

CBpolicing—Actions

R2(config-pmap-c)#police 30000 conform-action ?

drop drop packet

exceed-action action when rate is within conform and

conform + exceed burst

set-clp-transmit set atm clp and send it

set-discard-class-transmit set discard-class and send it

set-dscp-transmit set dscp and send it

set-frde-transmit set FR DE and send it

set-mpls-exp-imposition-transmit set exp at tag imposition and send it

set-mpls-exp-topmost-transmit set exp on topmost label and send it

set-prec-transmit rewrite packet precedence and send it

set-qos-transmit set qos-group and send it

transmit transmit packet

447

Multi-Action Policers

Two or more set parameters as a conform, exceed or violate action

policy-map QOS class class-default police cir 80000 pir 100000 conform-action transmit exceed-action set-prec-transmit 4 exceed-action set-frde-transmit violate-action set-prec-transmit 2 violate-action set-frde-transmit

448

Hierarchical Policer

Policy Map outer_police Class class-default police cir 110000 bc 5000 be 5000 conform-action transmit exceed-action drop violate-action drop service-policy inner_police

Policy Map inner_police Class ef police cir 10000 bc 1500 conform-action transmit exceed-action drop

449

Trust Boundaries

Trust Boundary

Endpoints Access Distribution CoreWAN

Aggregation

1

2

3

A device is trusted if it correctly classifies packets For scalability, classification should be done as close to the edge as possible The outermost trusted devices represent the trust boundary and are optimal, is acceptable (if the access switch cannot perform classification)1 2 3

450

Catalyst Qos—Gotchas

Understand the concept of (un)trusted ports

‘mls qos’ needs to be enabled first in global config mode

Most catalysts have their own CLI for configuring various features (e.g. queuing)—not always MQC!

Every catalyst model has its own restrictions and qos featureset

Be familiar with 3550 and 3560 specific implementations

Read UCD!

451

WRR Queuing with WRED (Gig Only) or Tail-Drop (Default)

Optional Expedite Queue

Identify and Class Traffic with an Internal DSCP or Trust Existing QoS Value and Map to Internal DSCP

Done on a per Interface Basis

Classification/Reclassification

Policing Marking

Queue/Schedule

Congestion Control

QoS Actions at Ingress

QoS Actions at Egress

Catalyst QoS: Catalyst 3550 Operation

452

QOS—3560 Switch

Packets are assigned an internal QoS label

Queuing is done via SRR (Shaped Round Robin)

Classify

Policer

Policer

Policer

Policer

Marker

Marker

Marker

Marker

IngressQueues

EgressQueues

SRRSRR

453

References

End-to-End QoS Network Design Quality of Service in LANs, WANs, and VPNs, by Tim Szigeti, Christina Hattingh

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/index.htm

www.cisco.com/go/qos


Q and A


Session 10:

Troubleshooting

456

Agenda

Overview

Troubleshooting approach

Sample scenario

Sample lab question

457

Overview

“The minimally qualified Routing and Switching CCIE can abstract functional elements of a complex network environment, understand how infrastructure components interoperate, grasp subtle issues, perceive problem areas, and quickly resolve problems. The expert’s fluency makes them ideally suited for configuring and validating implementations, troubleshooting critical network issues, and participating in network design teams.”

Definition of a Minimum Qualified R&S CCIE Candidate (from the

Exam Design Session)

458

Troubleshooting Approach

When analyzing a problem you should consider the following facts:

Make sure you have a clear definition of the problem.

Gather all the relevant facts and consider the likely possibilities.

Create and implement an action plan and then observe the results.

If the symptoms do not stop try another action plan and gather additional facts. If you try one thing and it doesn’t work you should take that configuration or feature off. In case you make the situation worse, always keep the basic and get back to a known position.

If the symptoms do stop, document how you fixed the problem.

459

Sample TS Lab Scenario

E0/0

S0/0

Frame Relay

R5

R4

R3

R2

EIGRP 10

OSPF Area 0

R1R6

OSPF Area 3

R8

R7

R9

OSPF Area 1NSSA

OSPFArea 2Stub

E0/0

E0/0

E0/0E0/0

E0/0

E0/0

E1/0

E1/0

E2/0

E2/0

S0/0S0/0

S1/0DCE

S1/0

NetworkYY.YY.0.0/16

.1.49/28.1.50/28

.1.18/29

.1.19/29

.1.17/29

.0.10/30.0.9/30

.1.33/28

.1.34/28

.0.65/28

.0.66/28

E1/0

.0.97/28.0.98/28

.0.112/28

.0.113/28

.0.81/28

.0.82/28

Lo0= .0.4/32

Lo0= .0.1/32

Lo0= .1.3/32

Lo0= .1.2/32

Lo0= .1.1/32

Lo0= .0.3/32

Lo0= .0.2/32

Lo0= .1.5/32

Lo0= .1.4/32

460

Sample TS Lab Scenario (Cont.)

R1R6

R8

Lo0: 2001:404:200::1S2/0: 2001:303:100::1

Lo0: 2001:200:208::8E0/0: 2001:308:806::8

E1/0: 2001:300:608::6

OSPFv3

EIGRPv6

Lo0: 2001:333:600::6S2/0: 2001:303:100::6

IPv6 topology

461

Sample TS Lab Scenario (Cont.)

Incident 8Router R1 cannot ping the IPv6 route 2001:200:208::8. 1 fault - Score: 2 Points

Issue:R1#ping ipv6 2001:200:208::8<…>..... IPv6 ping failsSuccess rate is 0 percent (0/5)Verification:R1#ping ipv6 2001:200:208::8!!!!! IPv6 ping success

Possible cause(s)• Address configuration• Routing protocols configuration• Redistribution configuration• Other?


Q and A

Ccie Rs Lab Prep

Documents

Transcript of Ccie Rs Lab Prep