Вы находитесь на странице: 1из 26

Section 1 Routing and MPLS on the 7450

Module 1 Routing and Route Policies

7450 ESS Services Implementation

Alcatel University

7450 ESS Services Implementation


Routing and Route Policies
Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 2

7450 ESS Services Implementation

Alcatel University

Module Objectives
Upon successful completion of this module, the student will understand: Main features of the supported 7450 routing protocols Basic route policy support on the 7450

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 3

7450 ESS Services Implementation

Alcatel University

RIP on the 7450 ESS


>

Features

Support for both RIP v1 and v2 Supported on all IP interfaces, including network and access interfaces Able to specify what RIP version will be sent to RIP neighbors and what version of RIP updates will be accepted and processed. Supports simple password (plain text) or message digest (MD5) authentication Metrics - uses split horizon with poison reverse to protect against counting to infinity problems Non-stop routing (NSR)

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

RIP Standards Support


RFC 1058 RIP Version 1 RFC 2082 RIP-2 MD5 Authentication RFC 2453 RIP Version 2

Further details about configuring RIP on the 7450 can be found in the 7450 ESS OS Routing Protocols Guide
Routing and Route Policies
Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 4

7450 ESS Services Implementation

Alcatel University

RIP CLI Command Structure

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

RIP Configuration Flow

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 5

7450 ESS Services Implementation

Alcatel University

OSPF on the 7450 ESS


>

Features

Supports OSPF-TE Supports simple password (plain text) or message digest (MD5) authentication 16 equal-cost paths per destination Non-stop routing (NSR)

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

OSPF Standards Support


RFC 1765 OSPF Database Overflow RFC 2328 OSPF Version 2 RFC 2370 Opaque LSA Support RFC 3101 OSPF NSSA Option RFC 3630 Traffic Engineering (TE) Extensions to OSPF Version 2

Further details about configuring OSPF on the 7450 can be found in the 7450 ESS OS Routing Protocols Guide
Routing and Route Policies
Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 6

7450 ESS Services Implementation

Alcatel University

OSPF CLI Command Structure

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

OSPF Configuration Flow

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 7

7450 ESS Services Implementation

Alcatel University

IS-IS on the 7450 ESS


>

Features:

Router can be configured as Level 1, Level 2, or Level 1/2 (default) Support for simple text password or MD5 authentication Support for route leaking (RFC 2966), ie. L1 to L2 16 equal-cost paths per destination IS-IS IPv4 route summarization supports:
Level 1, Level 1-2, and Level 2 Route summarization for the IPv4 routes redistributed from other protocols Metric used to advertise the summary address will be the smallest metric of all the more specific IPv4 routes

Supports the ability to suppress IS-IS authentication on a permessage type and per-level basis. Improves interoperability with non-7450 IS-IS implementations. Non-stop routing (NSR)

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

IS-IS Standards Support


RFC 1142 OSI IS-IS Intra-domain Routing Protocol RFC 1195 Use of OSI IS-IS for routing in TCP/IP & dual environments RFC 2763 Dynamic Hostname Exchange for IS-IS RFC 2966 Domain-wide Prefix Distribution with Two-Level IS-IS RFC 2973 IS-IS Mesh Groups RFC 3373 Three-Way Handshake for Intermediate System to Intermediate System (IS-IS) Point-to-Point Adjacencies draft-ietf-isis-hmac-0x.txt draft-ietf-isis-traffic-0x.txt ISO 10589

Further details about configuring IS-IS on the 7450 can be found in the 7450 ESS OS Routing Protocols Guide
Routing and Route Policies
Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 8

7450 ESS Services Implementation

Alcatel University

IS-IS CLI Command Structure

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

IS-IS Configuration Flow

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 9

7450 ESS Services Implementation

Alcatel University

Proxy ARP and Local Proxy ARP


Address Resolution Protocol (ARP) was designed to be used by devices that are directly connected on a local network. Normally, if devices are separated by a router, they would not be considered local to each other. There may be a situation in some networks where there are two physical network segments connected by a router that are in the same IP network or subnetwork. In other words device A and device D (shown in the diagram on the opposite page) might be on different networks at the data link layer level, but on the same IP network or subnet. When this happens, A and D will each think the other is on the local network when they look to send IP datagrams. Suppose that A wants to send a datagram to D. It doesn't have D's hardware address in its cache, so it begins an address resolution (ARP). When it broadcasts the ARP Request message to get D's hardware address it will have a problem since D is not on A's local network. The router between them will not pass A's broadcast onto D's part of the network, because routers don't pass hardware-layer broadcasts. D will never get the request and A will not get a reply containing Ds hardware address. The solution to this situation is called Proxy ARP. This technique allows the router that sits between the local networks to be configured to respond to device A's broadcast on behalf of device D. The router does not send back to A the hardware address of device D. Since they are not on the same network, A cannot send directly to D. The router sends A the hardware address of the interface that received the ARP request. A then sends data to the router, which forwards the data to D on the other network. The router also does the same thing on A's behalf for D, and for every other device on both networks, when a broadcast is sent that targets a device not on the same actual physical network as the ARP initiator. Typical routers only support proxy ARP for directly attached networks. The 7450 supports proxy ARP for all known networks in the routing instance where the virtual interface proxy ARP is configured. In order to support DSLAM and other edge-like environments, 7450 proxy ARP supports policies that allow the provider to configure prefix lists that determine: for which target networks proxy ARP will be attempted and for which source hosts proxy ARP will be attempted In addition, The 7450 proxy ARP implementation supports the ability to respond for other hosts within the local subnet domain (local proxy ARP). This is needed in environments such as DSL where multiple hosts are in the same subnet but can not reach each other directly.

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 10

7450 ESS Services Implementation

Alcatel University

Proxy-ARP
Host A IP add.=IP_A MAC add.= MAC_A Host B IP add.=IP_B MAC add.= MAC_B

Interface X Subnet 20
MAC=MAC_X IP add.=IP_X Router MAC=MAC_Y IP add.=IP_Y

Subnet 10 Interface Y

Host C IP add.=IP_C MAC add.= MAC_C

Host D IP add.=IP_D MAC add.= MAC_D

Configurable in: base router and IES contexts


Routing and Route Policies
Alcatel Proprietary, all rights reserved 2006, Alcatel

In the network shown above, a single router connects two LANs that are on the same IP network or subnet. The router will not pass ARP broadcasts, but has been configured to act as an ARP proxy. Device A and device D are trying to send IP datagrams to each other, and so each broadcasts an ARP Request. The router responds to the request sent by Device A as if it were Device D, giving A its own hardware address (without propagating Device As broadcast.) It will forward the message sent by A to D on Ds network. Similarly, it responds to Device D as if it were Device A, giving its own address, then forwarding what D sends to it over to the network where A is located.

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 11

7450 ESS Services Implementation

Alcatel University

Local Proxy-ARP
Configurable in: base router and IES contexts
Residential Bridging in DSLAM blocks direct communication between users on the DSLAM Local Proxy ARP allows communication between users in different DSLAMs Internet

7450
DSLAM

7750 IP/MPLS
ARP response: Src-MAC : ESS Dst-MAC : PC_B Src-IP:PC_A Dst-IP:PC_B

PC_A PC_B
DSLAM
ARP query: Src-MAC : PC_B Dst-MAC : ff:ff:ff:ff:ff:ff; Src-IP:0.0.0.0 Dst-IP:PC_A

7450 responds to ARP request with its own MAC address, so packets for PC_A are sent to the 7450 first.

Local Proxy ARP allows use of a single subnet for the entire DSLAM
Routing and Route Policies
Alcatel Proprietary, all rights reserved 2006, Alcatel

The Local Proxy ARP feature allows the 7450 to respond to ARP requests for IP addresses within a subnet where normally no routing is required. With the local proxy ARP feature enabled, the 7450 responds to all ARP requests for IP addresses within a subnet and forwards all traffic between hosts in the subnet. This feature is useful on subnets where hosts are intentionally prevented from communicating directly by the configuration on the device (in the case shown above the DSLAM) to which they are connected. In an IES service, the 7450 must allow user-to-user communications, however, the DLSAM blocks direct communication between users. Without proxy ARP you need to provide each customer with their own subnet, and route between subnets using IGP. This leads to inefficient address utilization The implementation of Proxy ARP with support for Local proxy ARP allows the 7450 to respond to ARP requests in the subnet assigned to an IES interface. Allowing multiple customers to share the same IP Subnet.

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 12

7450 ESS Services Implementation

Alcatel University

Proxy ARP CLI


The policy statement name defined in the Proxy-ARP statement must exist in the config>router>policy>option construct Specify host source address(es) for which ARP requests can or cannot be forwarded to non-local networks depending on the configured action Specify network prefixes that ARP requests will or will not be forwarded to depending on the action if a match is found

config>..>interface [no] local-proxy-arp [no] proxy-arp [no] policy-statement name

config>router>policy-options> [no] policy statement name [no] description string [no] default-action { accept | reject }

[no] entry entry-id [no] description string [no] action { accept | reject } [no] to [no] prefix-list name [no] from [no] prefix-list name [ [name.]]]] (5)

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 13

7450 ESS Services Implementation

Alcatel University

Proxy ARP Configuration Example - 1


1. Configure a prefix list in the config>router>policy-options>prefix-list context.
config>router>policy-options# begin config>router>policy-options# prefix-list config>router>policy-options>prefix-list# config>router>policy-options>prefix-list# config>router>policy-options# prefix-list config>router>policy-options>prefix-list# config>router>policy-options>prefix-list# config>router>policy-options# commit

prefixlist1 prefix 10.20.30.0/24 through 32 exit prefixlist2 prefix 10.10.10.0/24 through 32 exit

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 14

7450 ESS Services Implementation

Alcatel University

Proxy ARP Configuration Example - 2


2. Configure a route policy statement in the config>router>policy-options>policy-statement context. This will apply the prefix lists configured in Step 1. config>router>policy-options# begin config>router>policy-options# policy-statement "ProxyARP" Specify network prefixes that config>..>policy-statement# default-action accept ARP requests will or will not be config>..>policy-statement>default-action# exit forwarded to depending on the config>..>policy-statement# entry 10 action if a match is found. config>..>policy-statement>entry# from config>..>policy-statement>entry>from# prefix-list prefixlist1 config>..>policy-statement>entry>from# exit config>..>policy-statement>entry# to config>..>policy-statement>entry>to# prefix-list prefixlist2 config>..>policy-statement>entry>to# exit config>..>policy-statement>entry# action reject Specify the host source config>..>policy-statement>entry# exit address(es) for which ARP config>..>policy-statement# exit requests can or cannot be forwarded to non-local networks, config>router>policy-options#
depending on the specified action.

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 15

7450 ESS Services Implementation

Alcatel University

Proxy ARP Configuration Example - 3

3. Apply the policy statement to the proxy-arp configuration in the config>router>interface context.

config>router# interface testARP config>router>if# address 128.251.10.59/24 config>router>if# local-proxy-arp config>router>if# proxy-arp config>router>if>proxy-arp# policy-statement "ProxyARP" config>router>if>proxy-arp# exit config>router>if# exit

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 16

7450 ESS Services Implementation

Alcatel University

Route Policies - Databases


>

Routing Databases:

Routing Database routes learned by the routing protocols Forwarding Database selected routes used to forward traffic through the router IGPs such as OSPF and IS-IS also maintain link state databases

>

Route Policies control:


The size and content of routing tables Routes that are advertised The best route to take to reach a particular destination
There are no default route policies.

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 17

7450 ESS Services Implementation

Alcatel University

Routing Protocol Import/Export Default Behaviour


Protocol OSPF Import
Not applicable, all OSPF routes are accepted from OSPF neighbors and cannot be controlled via route policies.

Export
Internal routes: All OSPF routes are automatically advertised to all neighbors. External routes: By default all non-OSPF learned routes are not advertised to OSPF neighbors.

IS-IS

Not applicable, all IS-IS routes are accepted from IS-IS neighbors and cannot be controlled via route policies.

Internal routes: All IS-IS routes are automatically advertised to all neighbors. External routes: By default all non-IS-IS learned routes are not advertised to IS-IS peers.

RIP

By default, all RIP-learned routes are accepted.

External routes: By default all non-RIP learned routes are not advertised to RIP peers.

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 18

7450 ESS Services Implementation

Alcatel University

Route Policies When to Use Route Policies


>

Examples of circumstances of when to use route policies:


To control a protocol

allow all routes to be imported into the routing table. allow a routing protocol to announce active routes learned from another routing protocol. change the route preference, AS path, or community values to manipulate or control the route selection.

Route redistribution

To control route characteristics

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 19

7450 ESS Services Implementation

Alcatel University

7450 Route Policy Characteristics


> > >

Extensive scaling allowing over 64K policies with over 64K entries per policy Control redistribution of routes between all protocols Prefix lists a named list of IP prefixes

an IP prefix specifies a base IP address and a length (the number of bits applied to the base to determine the network prefix), such as 10.10.10.1/32

>

Regular expression matching

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 20

7450 ESS Services Implementation

Alcatel University

Route Policy Match and Set Criteria


>

Match Criteria

>

Set Criteria

Prefix/mask Neighbor Routing Protocol OSPF area OSPF type metric OSPF Tag IS-IS Route Level External IS-IS route Router Interface

Route Preference Route Metric Next hop OSPF Route Type OSPF Tag

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 21

7450 ESS Services Implementation

Alcatel University

Route Policy CLI Command Structure

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Policy options Define the parameters to configure route policies. Route policies are applied to the routing protocol or the router interface. Policy statements A policy-statement is a logical grouping of match and action criteria that controls the flow of routing information to and from a given protocol or set of protocols. Default action The action for routes that do not match any policy entries. Action The action for routes matching a policy entry. To Configure policy match criteria based on destination of routes or protocol into which it is advertised. From Configure policy match criteria based on source of routes or protocol from which it is received.

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 22

7450 ESS Services Implementation

Alcatel University

Policy Statements
config>router>policy-options
>

Begin

>

Commit

Required in order to enter the mode to create or edit route policies. The begin command puts the node (not just the session) in a route policy edit mode. Once begin is entered, until a commit is executed, subsequent users executing the begin command will be warned that a policy configuration is in progress. This command is required to save changes made to a route policy. A commit will save all policy configuration in progress on a node. This includes all sessions that have entered begin without having exited with a commit regardless of the state of the route-policy under configuration. A commit terminates edit mode for all users that are currently in edit mode. The abort command discards changes that have been made to route policies during a session.
Alcatel Proprietary, all rights reserved 2006, Alcatel

>

Abort

Routing and Route Policies

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 23

7450 ESS Services Implementation

Alcatel University

Route Policy Example


Assume an IES interface is with an address of 11.1.1.1/24. Customer XYZ has routes that all fall into the range 172.31.248.0/22 or longer. The static route identifies the customer network that needs to be advertised, the exact parameter is used to control exactly what is being advertised. config router static-route 172.31.248.0/22 next-hop 11.1.1.2 ospf asbr export "Cust XYZ static range to OSPF exit policy-options begin prefix-list "Customer XYZ IP Range prefix 172.31.248.0/22 exact exit

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 24

7450 ESS Services Implementation

Alcatel University

Route Policy Example (continued)


policy-statement "Cust XYZ static range to OSPF description "Advertise Cust XYZ route range from the static route into OSPF entry 10 to protocol ospf exit from protocol static prefix-list "Customer XYZ IP Range exit action accept metric set 100 type 2 exit exit default-action reject exit exit commit exit all
Routing and Route Policies
Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 25

7450 ESS Services Implementation

Alcatel University

Notes

Routing and Route Policies

Alcatel Proprietary, all rights reserved 2006, Alcatel

Section 1 Module 1 Page 26