Cisco - Building Scalable Cisco Networks

1
Building Scalable Cisco Networks Introduction
Overview
Building Scalable Cisco Networks (BSCN) is an instructor-led course presented by Cisco Systems, Inc. training partners to their end-user customers. This fiveday course focuses on using Cisco routers connected in local area networks (LANs) and wide area networks (WANs) typically found at medium to large network sites. Upon completion of this training course, you will be able to select and implement the appropriate Cisco IOS services required to build a scalable routed network. This chapter highlights the course prerequisites and course highlights as well as some administrative issues. It includes the following topics:
s s s s s s s s
Course Objectives Course Topics Prerequisites Participant Role General Administration Sources of Information Course Syllabus Graphic Symbols
Course Objectives
This section lists the course objectives.
Course Objectives
Upon completion of this course, you will be able to perform the following tasks:
Given a network specification that calls for simplifying IP address management at branch offices by centralizing addresses, select and configure the appropriate services Given a network specification calling for a scalable routed network that includes link state protocols and redistribution, implement the appropriate technologies
1999, Cisco Systems, Inc.
www.cisco.com
BSCN1-2
Upon completion of this course, you will be able to perform the following highlevel tasks:
s
Select and configure a scalable IP address solution (including route summarization) for a branch office environment, given a list of specifications Select and implement the technologies necessary to redistribute between and to support multiple, advanced, IP routing protocols, given a network specification
1-2 Building Scalable Cisco Networks
Copyright 1999, Cisco Systems, Inc.
Course Objectives (cont.)

Given a network specification calling for either a single or a multi-homed interconnection into an ISPs BGP network, configure the edge routers to properly interconnect into the BGP cloud Given a network specification calling for controlling access to networks or devices, or for minimizing overhead traffic, select and configure the appropriate access list features
www.cisco.com
BSCN1-3
Configure and test edge router connectivity (either single or multi-homed connection) into a BGP network, given a network specification Configure access lists, given a need to control access to devices and to selectively reduce overhead traffic in the network
Introduction
1-3
Course Objectives (cont.)
Given various network specifications calling for multiple routed and routing protocols, implement case studies that reflect a scalable internetwork
www.cisco.com
BSCN1-4
Implement the results of case study discussions in a laboratory environment, given a specification containing multiple routed and routing protocols
Course Topics
This section lists the topics that will be covered in this course.
Course Topics
BGP AS #1 BGP AS #2
Legend
FastEthernet/ Ethernet Primary Secondary
www.cisco.com
BSCN1-5
The figure shows a high-level overview of a network that you should be able to build at the end of this class. To accomplish this course goal, you will be taught how to configure Cisco routers with Ethernet LAN and serial WAN interfaces. You will configure the following on a Cisco device: Transmission Control Protocol/Internet Protocol (TCP/IP) and Internet Protocol (IP) addresses Hierarchical addressing using variable length subnet masking (VLSM) and s route summarization Routing protocols: Enhanced Internet Gateway Routing Protocol (EIGRP), s Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP) Redistribution between different routing protocols s Access lists to control IP traffic and routing updates s Serial WAN connections over interfaces that use High-Level Data Link s Control (HDLC) and Point-to-Point Protocol (PPP) Serial WAN connections over subinterfaces that use Frame Relay s encapsulation Configuration, verification, and troubleshooting are done with Cisco IOS software.
s
Introduction
1-5
Prerequisites
This section lists the courses prerequisites.
Prerequisites
Working knowledge of the OSI reference model and the hierarchical model Understanding of internetworking fundamentals Operating and configuring a Cisco IOS device Working knowledge of the TCP/IP stack and how to configure a routed protocol, such as IP
Building Scalable Cisco Networks (BSCN)
Understanding distance vector routing protocol operation and configuring RIP and IGRP Determining when to use static and default routes and enabling them on a Cisco router
www.cisco.com
BSCN1-6
To fully benefit from BSCN, you should already possess certain prerequisite skills. The skills are presented in the following figures. These skills can be gained from self-paced/instructor-led training sessions and from work experience. These prerequisites are highlighted in the figures and are outlined on the following pages. The participant should have a working knowledge of:
s s s s s s
Commonly used networking terms, numbering schemes, and topologies The Open System Interconnection (OSI) reference model Operation and configuration of a Cisco router TCP/IP stack and configuration of IP addresses Distance-vector routing protocol (RIP, IGRP) operation and configuration Static and default route usage, implementation, and configuration
Prerequisites
Displaying and interpreting a Cisco routing table Enabling an IP standard and extended access list Enabling a WAN serial connection Configuring Frame Relay PVCs on interfaces and subinterfaces
Verifying router configurations with available tools like show and debug commands
www.cisco.com
BSCN1-7
The participant should also have a working knowledge of:

s s s s s
Contents and interpretation of a Cisco routing table Traffic filtering with standard and extended access lists Verifying router configuration using show and debug command output WAN serial interface configuration using HDLC WAN serial interface configuration using Frame Relay PVCs
Introduction
1-7
Prerequisites
Successful completion of:
Internetworking Technologies Multimedia (ITM) Plus ...
One of the following combinations:

Introduction to Cisco Router Configuration (ICRC) and Cisco LAN Switch Configuration (CLSC) Cisco Router and LAN Switches (CRLS) Interconnecting Cisco Network Devices (ICND)
www.cisco.com
BSCN1-8
The participant should already possess certain knowledge and skills gained in a structured learning environment. These skills can be gained from completing the Internetworking Technology Multimedia (ITM) CD-ROM plus a combination of instructor-led training sessions. These courses are highlighted in the figure and are outlined below:
s
Introduction to Cisco Router Configuration (ICRC) contains router configuration basics and Cisco LAN Switch Configuration (CLSC) contains LAN switch configuration basics Cisco Router and LAN Switches (CRLS) contains router and LAN switch configuration basics Interconnecting Cisco Network Devices (ICND) contains router and LAN switch configuration basics
Participant Role
This section discusses your responsibilities as a student.
Participant Role
Student role
Meet prerequisites Introduce yourself Ask/answer questions
www.cisco.com
BSCN1-9
To take full advantage of the information presented in this course, you should meet the prerequisites for this class. Introduce yourself to the instructor and other students who will be working with you during the five days of this course. You are encouraged to ask any questions relevant to the course materials. If you have pertinent questions concerning other Cisco features and products not covered in this course, please bring these topics up during breaks or after class and the instructor will try to answer the questions or direct you to an appropriate information source.
Introduction
1-9
Welcome: Please Introduce Yourself
Your name and work location Your job responsibilities Your internetworking experience Your objectives for this week
www.cisco.com
BSCN1-10
Introduce yourself, stating your name and the job function you perform at your work location. Briefly describe what exposure you have with installing and configuring Cisco routers, attending Cisco classes, and how your work experience helped you meet the prerequisites highlighted earlier. You should also state what you expect to learn from this course.
General Administration
This section highlights miscellaneous administrative tasks that must be addressed.
General Administration
Class-related
Sign-in sheet Length and times Participant materials Attire
Facilities-related
Rest rooms Site emergency procedures Break and lunch room locations Communications
www.cisco.com
BSCN1-11
The instructor will discuss the administrative issues in detail so you will know exactly what to expect from both the class and facilities. The following items will be discussed:
s s s s s s s s
Recording your name on a sign-in sheet The starting and anticipated ending time of each class day What materials you can expect to receive during the class The appropriate attire during class attendance Rest room locations What to do in the event of an emergency Class breaks and lunch facilities How to send and receive telephone, email and fax messages
Introduction 1-11
Sources of Information
This section identifies additional sources of information.
Sources of Information
Student kit www.cisco.com CD-ROM Cisco Press

www.cisco.com
BSCN1-12
Most of the information presented in this course can be found on the Cisco Systems Web site or on CD-ROM. These supporting materials are available in HTML format, and as manuals and release notes. To learn more about the subjects covered in this course, feel free to access the following sources of information:
s s s
Cisco Documentation CD-ROM or www.cisco.com ITM CD-ROM or www.cisco.com Cisco IOS 12.0 Configuration Guide and Command Reference Guide
All of these documents can all be found at the following URL: http://www.cisco.com
Course Syllabus
This section discusses the weeks schedule.
Course Syllabus
Module 1
Building Scalable Cisco Networks Introduction
Module 2
Scalable Routing Protocol Overview Configuring OSPF in a Single Area
Module 3
Managing Traffic and Access Configuring IP Access List Optimizing Routing Update Operation Scaling IP Addresses in Your Internetwork Implementing Scalability Features in Your Internetwork
BSCN1-13
Overview of Scalable Interenetworks
Interconnecting Multiple OSPF Areas Configuring Enhanced IGRP Configuring Basic Border Gateway Protocol Implementing BGP in Scalable ISP Networks
Routing Principles
Extending IP Addressess
www.cisco.com
The following schedule reflects the recommended structure for this course. This structure allows enough time for your instructor to present the course information to you and for you to work through the laboratory exercises. The exact timing of the subject materials and labs depends on the pace of your specific class. Module 1, Scalable Internetworks The purpose of the module is to introduce you to the training room and the BSCN network environment. This section describes the characteristics of scalable networks and provides a review of routing fundamentals. You will also be introduced to methods for extending IP addresses, such as VLSM and route summarization. Module 1 includes the following chapters:
s s s s
Chapter 1Building Scalable Cisco Networks Introduction Chapter 2Overview of Scalable Internetworks Chapter 3Routing Principles Chapter 4Extending IP Addresses
Module 2, Scalable Routing Protocols The purpose of the module is to describe the operation and configuration of different, sophisticated, routing protocols. You will learn to configure OSPF, Enhanced IGRP and BGP.
Copyright 1999, Cisco Systems, Inc. Introduction 1-13
Module 2 includes the following chapters:

s s s s s s
Chapter 5Scalable Routing Protocols Overview Chapter 6Configuring OSPF in a Single Area Chapter 7Interconnecting Multiple OSPF Areas Chapter 8Configuring Enhanced IGRP Chapter 9Configuring Basic Border Gateway Protocol Chapter 10Implementing BGP in Scalable ISP Networks
Module 3, Controlling Scalable Internetworks The purpose of the module is to describe ways to control overhead traffic, including routing updates, in a growing network environment. You will also learn how to control network access using access lists. In this section, you will learn about redistributing routes between different routing protocols such as RIP, IGRP, Enhanced IGRP and OSPF. After a discussion on scalable IP address solutions, the module completes with a comprehensive lab implementing most of the scalability features discussed throughout the course. Module 3 includes the following chapters:
s s s s s
Chapter 11Managing Traffic and Access Chapter 12Configuring IP Access Lists Chapter 13Optimizing Routing Update Operation Chapter 14Scaling IP Addresses in Your Internetwork Chapter 15Implementing Scalability Features in Your Internetwork
Graphic Symbols
This section illustrates symbols that are used throughout the course.
Graphic Symbols
Multi-layer Network switch switch
Bridge
Switch
Router
Access server
DSU/CSU
ISDN switch
Personal computer
File Server
Data Service Unit/ Channel Service Unit
Modem
Web Server
WAN cloud
VLAN (Color May Vary) Fast Ethernet

www.cisco.com
Hub
Network Cloud or Broadcast Domain Circuit Switched Line

BSCN1-14
Ethernet
Serial Line
These symbols are used in the graphical presentations of this course to represent device or connection types.
The addressing schemes and telephone numbers used in this course are Note reserved and not to be used in the public network. They are used in this course as examples to facilitate learning. When building your network, use only the addresses and telephone numbers assigned by your network designer and service provider.
Introduction 1-15
Overview of Scalable Internetworks
Overview of Scalable Networks
1-1
Objectives
Upon completion of this chapter, you will be able to perform the following tasks:
Describe the key requirements of a scalable internetwork Select a Cisco IOS feature as a solution for a given internetwork requirement
www.cisco.com
BSCN2-2
Objectives
This chapter defines scalable internetworks and discusses some of the Cisco IOS features that can be used to meet the needs of these networks. Topics include:
s s s s s s
Objectives Scaling Large Internetworks Characterizing Scalable Internetworks Summary Written Exercise: Overview of Scalable Internetworks Answers to Exercise
2-2
Building Scalable Cisco Networks
Scaling Large Internetworks

WAN Backbone
Core
Campus Backbone
Distribution Access
Branch Office
www.cisco.com
BSCN2-3
Scaling Large Internetworks

Todays internetworks need to be scalable because they are experiencing phenomenal growth, primarily due to the increasing demands for connectivity in business and at home. What do scalable networks look like? What are the requirements that you, as an administrator, must be aware of when managing the growth of your scalable internetwork? Scalable internetworks are typically described as networks that are experiencing constant growth. They must be flexible and expandable. The best-managed scalable internetworks are typically designed following a hierarchical model. This simplifies the management of the internetwork and allows for controlled growth without overlooking the network requirements. The graphic illustrates a three-layer hierarchical model. The layers are defined as follows: CoreThe core is the central internetwork for the entire enterprise and may include LAN and WAN backbones. The primary function of this layer is to provide an optimized and reliable transport structure. DistributionThis represents the campus backbone. The primary function of s this layer is to provide access to various parts of the internetwork, as well as access to services. AccessThis provides access to corporate resources for a workgroup on a s local segment. A hierarchy simplifies things such as addressing and device management. Using an addressing scheme that maps to the hierarchy reduces the chance of you needing to redo the network addresses as a result of growth. Knowing where devices are placed in a hierarchy enables you to configure all routers within one layer in a consistent way because they all must perform similar tasks. Router specialization allows the best use of the Cisco IOS features discussed in this course.
s
2-3
Defining the Routers Role in a Hierarchy

Core WAN Backbone
Campus Backbone Building Backbone
Distribution
Access
Dial-In Branch Office Workgroups Telecommuter
www.cisco.com
BSCN2-4
Defining the Routers Role in a Hierarchy

The hierarchical model provides a physical topology for building internetworks. Because the hierarchical structure uses three distinct layers that provide unique functionality, the routers placed at each layer also have unique functionality.
s
Core routers provide services that optimize communication among routes at different sites or in different logical groupings. In addition, core routers provide maximum availability and reliability. Core routers should be able to maintain connectivity when LAN or WAN circuits fail at this layer. Distribution routers control access to resources that are available at the core layer, and must make efficient use of bandwidth. In addition, a distribution router must address the quality of service (QoS) needs for different protocols by implementing policy-based traffic control to isolate backbone and local environments. Access routers control traffic by localizing broadcasts and service requests to the access media. Access routers must also provide connectivity without compromising network integrity. For example, the routers at the access point must be able to detect whether a telecommuter dialing in is legitimate, with minimal authentication steps required by the telecommuter.
2-4
Characterizing Scalable Internetworks

Scalable internetworks need to be:
Reliable and available Responsive Efficient Adaptable Accessible but secure
www.cisco.com
BSCN2-5
Characterizing Scalable Internetworks

The key requirements inherent in scalable internetworks are in the following list. This course presents features and technologies that can be used to respond to these requirements.
s
Reliable and availableThis includes being dependable and available 24 hours, 7 days a week. In addition, failures need to be isolated and recovery must be nonvisible to the end user. ResponsiveThis includes managing the QoS needs for the different protocols being used without affecting response at the desktop. For example, the internetwork must be able to respond to latency issues common for Systems Network Architecture (SNA) traffic, but still allow for the routing of desktop traffic, such as IPX, without compromising QoS requirements. EfficientLarge internetworks must optimize the use of resources, especially bandwidth. Reducing the amount of overhead traffic such as unnecessary broadcasts, service location, and routing updates results in an increase in data throughput without increasing the cost of hardware or the need for additional WAN services. AdaptableThis includes being able to accommodate disparate networks and interconnect independent network clusters (or islands), as well as to integrate legacy technologies, such as those running SNA. Accessible but secureThis includes the ability to enable connections into the internetwork using dedicated, dialup, and switched services while maintaining network integrity.
2-5
Making the Network Reliable and Available

OSPF
Use routing protocols that

Increase reachability Decrease convergence time
www.cisco.com
BSCN2-6
Making the Network Reliable and Available

The internetwork should be reliable and available at all layers, but most critically at the core layer. Core routers are reliable when they can accommodate failures by rerouting traffic and respond quickly to changes in the network topology. The protocols that enhance network reliability and availability that the Cisco IOS supports are as follows:
s
Scalable protocolsIncludes Open Shortest Path First (OSPF) and Enhanced IGRP (EIGRP). These protocols provide the following features:
ReachabilityScalable networks, including those using a hierarchical design, can have a large number of reachable networks or subnetworks. These networks can be subject to reachability problems due to metric limitations of distance vector routing protocols. Scalable routing protocols such as OSPF and EIGRP use metrics that expand the reachability potential for routing updates because they use cost, rather than hop count, as a metric. Fast convergence timeScalable protocols can converge quickly because of the routers ability to detect failure rapidly and because each router maintains a network topology map. Routers also forward network changes quickly to all routers in the network topology.
2-6
Making the Network Responsive
Use routing protocols that Use alternate paths Load balance Use dial backup over WANs
www.cisco.com
BSCN2-7
Making the Network Responsive

s
Scalable protocols support additional features, such as:
Alternate pathsScalable protocols, such as EIGRP and OSPF, enable a router to maintain a map of the entire network topology, so when a failure is detected the router can reroute traffic by looking at the network topology and finding another path. Enhanced IGRP is also a feasible solution because it keeps a record of alternate routes in case the preferred route goes away. Load balancingBecause scalable protocols have a map of the entire network topology, and because of how they maintain their routing tables, they are able to transport data across multiple paths to a given location simultaneously.
Dial backupOn WAN connections, you can configure backup links when you need to do the following:
Make the primary WAN connection more reliable by configuring one or more on backup connections. Increase availability by configuring the backup connections to be used when a primary connection is experiencing congestion.
2-7
Making the Network Efficient
Optimize bandwidth utilization using Access lists Route summarization Incremental updates
www.cisco.com
BSCN2-8
Making the Network Efficient

Optimizing your network at all layers of an internetwork hierarchy is critical because it can reduce potential costs in additional WAN services. In this course, the focus is on optimizing your bandwidth. Bandwidth optimization is normally done by reducing the amount of update traffic over a WAN connection, without dropping essential routing information, to increase data traffic throughput. Cisco IOS features discussed in this course that help optimize bandwidth use are:
s
Access listsCan be used to permit or drop (deny) protocol update traffic, data traffic, and broadcast traffic. Access lists are available for IP and other protocols and can be tailored to meet the needs for each protocol. For example, an access list can be defined by Transmission Control Protocol (TCP) port or by other criteria, depending on the situation. Reduce the number of routing table entriesYou can reduce the number of router processing cycles by reducing the overall number of routing entries in a routers routing table. This can be done using the following Cisco IOS features:
Route summarizationThe number of entries in a routing table can be reduced by using route aggregation or, as it is more commonly known, route summarization. Summarization of routes occurs at major network boundaries for most routing protocols. Some IP routing protocols, such as OSPF and Enhanced IGRP, allow manual summarization on arbitrary boundaries within the major network. Careful planning and address allocation is required for route summarization to be most effective. Incremental updatesProtocols such as Enhanced IGRP and OSPF make more efficient use of bandwidth than distance vector protocols by only sending topology changes rather than the entire routing table contents at fixed intervals.
2-8
Making the Network Efficient (cont.)

Dial Connection
DCE
ISDN or Basic Service
Dial-on-demand routing Switched access Snapshot routing Compression over WANs

www.cisco.com
BSCN2-9
Making the Network Efficient (cont.)

s
Dial-on-demand routing (DDR)Connections for infrequent traffic flow can be accomplished using DDR. Active links are created only after interesting traffic is detected by the router. This only as required service replaces dedicated circuits that are charged for even when that link is idle. Switched accessPacket-switched networks such as X.25 and Frame Relay offer the advantage of providing global connectivity through a large number of service providers with established circuits to most major cities. Snapshot routingAllows peer routers to exchange full distance vector routing information upon initial connection, then on a predefined interval. Typically used with ISDN, this feature can reduce WAN costs when using distance vector protocols because routing information is exchanged at an interval you define. Between update exchanges, the routing tables for the distance vector protocols are kept frozen. Compression over WANsSeveral compression techniques can be used to reduce traffic that is crossing a WAN connection. Cisco supports TCP/IP header compression and data (payload) compression. In addition, you can configure link compression, which compresses header and data information in packets that cross point-to-point (leased lines) connections. Compression is accomplished in software by the router before the frame is placed on the medium.
2-9
Making the Network Adaptable
IP
SNA
SNA
Network must support routable and nonroutable traffic

www.cisco.com
BSCN2-10
Making the Network Adaptable

Because scalable internetworks experience change frequently, they must be able to adapt to changes such as:
s
Mixing routable and nonroutable protocolsA network delivering both routable and nonroutable traffic has some unique problems. Most nonroutable protocols lack a mechanism to provide flow control and are sensitive to delays in delivery. Any delays in delivery or packets arriving out of order can result in session loss. Integrating islands of networksMany companies are integrating islands of networks that are typically using different protocols in their hierarchical design. In this case, you can add any protocols used by the network islands to the core layer, or create a tunnel in the backbone that will connect the network islands but not add new protocol traffic to the core backbone. Meeting the varying requirements for each protocol in the internetwork When multiple protocol traffic is present, the network must be balanced between the special needs of each protocol.
In this course, Cisco IOS features that focus on network adaptability are as follows:
s s
EIGRPA routing protocol that supports IP, IPX, and AppleTalk traffic. RedistributionYou can exchange routing information between networks that are using different routing protocols.
2-10
Making the Network Accessible but Secure

Dialup Dedicated Packet Switched
Frame Relay PSTN
Network should support the necessary connection types
www.cisco.com
BSCN2-11
Making the Network Accessible but Secure

The network should be accessible, particularly at the access layer. Access routers need to connect to a variety of WAN services, yet be secure. For example, access routers must allow telecommuters to dial in, but be able to differentiate between legitimate and hostile connection attempts. Cisco IOS features discussed in this course that support access are as follows:
s
Dedicated and switched WAN support:
Dedicated accessCisco routers can be directly connected to basic telephone service or digital services such as T1/E1. This means that you can create a core WAN infrastructure for heavy traffic loads, then use other access services for sporadic traffic requirements. Switched accessCisco routers support Frame Relay, X.25, SMDS, and ATM. With this variety of support, you can determine which switched service, or combination of switched services, to use, based on cost, location, and traffic requirements.
Exterior protocol supportCisco IOS supports several exterior protocols including Exterior Gateway Protocol (EGP) and Border Gateway Protocol (BGP). BGP, which is discussed in this course, is often used by Internet Service Providers (ISPs) and by organizations that want to connect to ISPs.
2-11
Making the Network Accessible but Secure (cont.)

Authentication Procedure Central-Site
Secure access to and from each remote site Secure access to devices within a network
www.cisco.com
BSCN2-12
Making the Network Accessible but Secure (cont.)

Features discussed in this course that support network security are as follows:
s
Access listsAccess lists can be defined to prevent user traffic from accessing portions of the network. Access lists can also assist in providing security because when they block user traffic effectively, the users themselves are being denied access to sensitive areas of the network. Authentication protocolsOn WAN connections using PPP, you can configure authentication protocols such as Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP).
For a complete discussion of how Cisco supports security, and how to make Note your network secure using Cisco products, refer to the Managing Cisco Network Security course.
2-12
Summary
Scalable internetworks must be reliable, responsive, efficient, adaptable, and accessible Routers can be specialized based on their location in the internetwork Cisco IOS features can be used to meet the requirements of today's scalable internetworks
www.cisco.com
BSCN2-13
Summary
Key points from this chapter include the following:
s
Scalable internetworks must meet several requirements, as listed in the graphic. Note that these requirements are more or less critical to meet at each layer of the three-layer hierarchy presented. Remember that routers should be configured based on the key functions they need to perform at a given layer of the hierarchy. The Cisco IOS provides a large number of features, but not all features should be configured on a router. Only those features that meet the desired network requirements should be enabled on the router.
2-13
Written Exercise: Overview of Scalable Internetworks

Objective: Describe the key requirements of a scalable internetwork. Objective: Select a Cisco IOS feature as a solution for a given internetwork requirement. Complete the table by doing the following:
s
Assigning each network problem one of the five requirements listed below. _____ Reliable and available _____ Responsive _____ Efficient _____ Adaptable _____ Accessible but secure
Listing one or more Cisco IOS features that can be used to correct each network problem.
Network Problem Connectivity restrictions Single paths available to all networks Too much broadcast traffic Convergence problems with metric limitations Competition for bandwidth Illegal access to services on the internetwork Single WAN links available to each remote site Expensive tariffs on WAN links that do not get much use Very large routing tables Integrate networks using legacy protocols Key Requirement Cisco IOS Feature(s)
2-14
Answers to Exercise
www.cisco.com
1-15
Answers to Exercise
2-15
Written Exercise: Overview of Scalable Internetworks

Network Problem Connectivity restrictions Key Requirement Accessible but secure Cisco IOS Feature(s)
s
Dedicated and switched access technologies BGP support Scalable protocols Dial backup Access lists Scalable protocols Scalable protocols Access lists Snapshot routing Compression over WANs Generic Traffic Shaping Access lists (not an end-all solution) Authentication protocols Lock and Key Security Dial backup Switched access technologies Route summarization Incremental updates Bridging mechanisms
Single paths available to all networks
Reliable and available
s s
Too much broadcast traffic
Efficient
s s
Convergence problems with metric limitations Competition for bandwidth
Reliable and available Efficient
s s s s s
Illegal access to services on the internetwork
Accessible but secure
s s
Single WAN links available to each remote site Expensive tariffs on WAN links that do not get much use Very large routing tables
Responsive Efficient
s s
Efficient
s s
Integrate networks using legacy protocols
Adaptable
2-16
Routing Principles
Overview
This chapter covers concepts related to logical Internet Protocol (IP) network addresses and the usage of network masks to make routing decisions. The mechanisms by which Cisco routers learn and maintain knowledge of the network topology is also discussed. It includes the following topics:
s s s s s
IP Address Overview Subnetting Overview Distance-Vector Operation Link-State Operation Routing Table Analysis
Objectives
This section lists the chapters objectives.
Objectives
List the key information routers need to route data Describe classful and classless routing protocols Compare distance vector and link-state protocol operation Describe the use of the fields in a routing table Given a pre-configured laboratory network, discover the topology, analyze the routing table, and test connectivity using accepted troubleshooting techniques
www.cisco.com
BSCN4-2
Objectives
This chapter covers a review of IP addressing and routing principles. The difference between distance vector and link-state routing protocol behavior is explained and an example of each is presented in a Case Study. Convergence issues surrounding the most commonly used interior routing protocols (RIP, IGRP, Enhanced IGRP and OSPF) are also presented. Upon completion of this chapter, you will be able to perform the following tasks:
s
List the major classes of IP addresses and describe the default mask associated with each Describe the requirements for subnetting a classful network Compare and contrast the two major functions performed by a router Describe, in detail, the functionality of each field in a routing table entry Explain the convergence steps used by the following routing protocols Routing Information Protocol (RIP) Interior Gateway Routing Protocol (IGRP) Enhanced IGRP Open Shortest Path First (OSPF)
s s s s
IP Addressing Review
This section contains review information related to IP addressing and subnetting concepts. Section topics are as follows:
s s s s
Classes of IP Addresses Default Routing Masks Creating Subnets by Extending the Mask Subnetting Examples
Routing Principles
3-3
IP Address Overview
32 bits
Network
Host
Boundary between network and host is determined by a 32-bit mask

Mask contains contiguous ones in the network portion Mask contains contiguous zeros in the host portion
Once the network portion of the address is defined, all devices on the network will share the same binary pattern in the network portion
www.cisco.com
BSCN4-4
IP Address Overview
IP addresses are composed of 32 binary bits and uniquely identify devices within the Transmission Control Protocol/Internet Protocol (TCP/IP) domain. The TCP/IP domain includes all device connected to the Internet using the World Wide Web (WWW). An IP address contains two parts: a network part and a host part. The boundary between the two parts of the IP address is defined by another 32-bit field, referred to as a routing mask. There is a bit-for-bit alignment between the IP address and the routing mask. The routing mask contains a field of all ones and a field of all zeros. The routing mask contains contiguous ones starting at the left and moving to the right. The routing mask also contains a field of contiguous zeros starting at the right and moving to the left. Where the contiguous ones stop indicates the boundary between the network part and the host part of the IP address. The network boundary can occur at any place after the eighth bit position from the left. Once the boundary between the network part and the host part of the IP address is known, all devices addressed in that network will have a common binary pattern in the network part that identifies the device as belonging to the specified network.
IP Address Classes
IP address and associated mask are represented in 32-bit dotted decimal
Other formats are commonly used
Decimal value in the first octet determines the Class of the address
001 - 126 = Class A 128 - 191 = Class B 192 - 223 = Class C 224 - 239 = Class D 240 - 254 = Class E
www.cisco.com
BSCN4-5
IP Address Classes
Both the IP address and the associated routing mask contain 32 bits. Routing devices are similar to computers in that they both use the binary numbering scheme to represent addresses. Working with 32-bit binary numbers is the standard operational mode for a routing device. However, network administrators do not use binary numbers on a daily basis and have therefore adopted other formats to represent 32-bit IP addresses. Some common formats include decimal (base 10) and hexadecimal (base 16) notation. The generally accepted method of representing IP addresses and routing masks is to break the 32-bit field into four groups of eight bits and to represent those eightbit fields in a decimal format separated by decimal points. Hence the reference to IP addresses and routing masks being represented in 32-bit dotted decimal notation. Although the dotted decimal notation is commonly accepted, that notation means nothing to the routing device because the device internally uses the 32-bit binary string as an address identifier. All routing decisions are based on the 32-bit binary field. IP addresses belong to classes defined by the decimal value represented in the first eight bits (octet). The decimal number ranges are strictly dictated by the binary weights of the ones and zeros patterns within the octet. The class definition is referred to the First Octet Rule. Classes A through E are defined, but only Class A, B and C addresses are used to identify devices connected to the Internet. The two remaining classes are used for special or testing purposes.
Routing Principles
3-5
IP Address Default Masks

IP address Class determines the default mask
A = 255.0.0.0 B = 255.255.0.0 C = 255.255.255.0
A bit for bit alignment exists between an IP address and its associated mask
www.cisco.com
BSCN4-6
IP Address Default Masks

Once the class of address is known, the number of bits in the default routing mask is also known. By default, routing masks contain one or more octets of contiguous ones that define the network part of the IP address. To simplify the class representation, the fields of contiguous ones are limited to the fields separated by the decimal points.
Determining IP Address Class

Which Class of address is 201.222.5.12?
201 is in the 192 - 223 range = Class C
Device Address
201.
222. Network
5.
12 Host
Default Mask
255.
255.
255.
www.cisco.com
BSCN4-7
Determining IP Address Class

To determine the class of an IP address, one only has to match the decimal value in the first octet to the accepted number ranges. Once the class of address is known, the default routing mask is also known. In the example above, because 201 is in the Class C range of addresses there is a default 24-bit routing mask. The bit position where the 24 contiguous one bits end defines the end of the network part of the address. Therefore, all of the bits that represent 201.222.5 are part of the network part of the IP address. As described earlier, the routing mask will help routing devices forward traffic to the network defined by the binary bits in the network portion of the IP address.
Routing Principles
3-7
Subnetting Overview
Moving the network boundary to the right creates additional subnetworks at the expense of fewer hosts on each segment The new network mask will contain additional contiguous ones indicating by how many bits the network portion has been extended The formula 2n, where n equals the number of extended bits, indicates the maximum number of subnets created
www.cisco.com
BSCN4-8
Subnetting Overview
When additional contiguous ones are added to the default routing mask, the allones field is longer and that extends the definition of the network part of an IP address. Adding bits to the network part of an address is responsible for decreasing the number of bits in the host part. Creating additional network binary patterns is done at the expense of the number of host devices that can occupy each network segment. The number of bits added to the point where the default routing mask ended creates a counting range. This binary range counts sub networks. Each count is a unique binary pattern and defines a location within the master network address space. The remaining bits not allocated as the network part or the subnetwork part form a counting range for hosts. Host addresses are selected from these remaining bits and must also be numerically unique from all other hosts on this network.
Creating Subnets
Extending the mask creates subnets
201. 222. 5. 0 Network 255. 255. 255. 224 Mask
Subnet Counting Range 4 2 1
Subnet Number
Host Counting Range 16 8 4 2 1
Host Number
128 64 32 16 8 4 2 1 1 1 1 0 0 0 0 0 S S S HH H H H
0 0 0 0 1 1 1 1
0 0 1 1 0 0 1 1
0 1 0 1 0 1 0 1
0 1 2 3 4 5 6 7
** Special usage
0 0 0 0 0 . . . 1 1
0 0 0 0 0 . . . 1 1
0 0 0 0 0 1 0 1 1 0 . . . . . . . . . 1 1 1 1
0 1 0 1 0 . . . 0 1
0 ** 1 2 3 4 . . . 30 31 **
BSCN4-9
www.cisco.com
Creating Subnets
In the example above, the network part has been extended and is indicated by the new mask of 255.255.255.224, which is three bits longer than the default mask of 255.255.255.0. Once the default routing mask has been extended, in this case by three bits, it creates a counting range to represent subnetworks. For the sample network of 201.222.5.0, the fourth octet now contains two counting ranges; a three-bit field for counting subnetworks and a five-bit field for counting hosts. Each counting range is displayed with individual binary weights assigned to the bit positions. As is true for eight-bit binary fields discussed earlier, the least significant bit (LSB) has a binary weight of one and is always located at the right side of the field. Each count is an assignment for a subnetwork or a discrete host. Reminder: The count of all zeros and of all ones in the host range is reserved for special usage. The count of all zeros represents the segment identifier and the count of all ones represents a broadcast address used to contact all hosts on that segment. Reminder: The count of all zeros in the subnetwork range must be explicitly allowed. The count of all ones has no special significance in the subnetwork range and identifies a location within the major network. Only after all of the binary counts have been performed, can the 32 binary bits be broken into four eight-bit fields and represented as a dotted decimal value. Only after the binary bits have been represented in dotted decimal notation does the IP address have significance to the network administrator. An example of the dotted decimal notation for the counting ranges is shown on the following page.
Routing Principles
3-9
Subnet Addressing
Before Before subnetting subnetting 201.222.5.0 255.255.255.0 201.222.5.0
Host Range 001 - 254
Hosts/Seg. 254
After After subnetting subnetting
201.222.5.32 201.222.5.64 201.222.5.96
(001) (010) (011)
33 - 62 65 - 94 . . . . . . . . . . . . . . 225 - 254 Total
30 30 . . . . . . . 30 210
BSCN4-10
201.222.5.128 (100) 201.222.5.0 255.255.255.224

Extend mask by three bits 23 = 8 subnets
201.222.5.160 (101) 201.222.5.192 (110) 201.222.5.224 (111)
* Additional configuration required to activate subnet zero

www.cisco.com
Subnet Addressing
In the upper portion of the graphic, the Class C network of 201.222.5.0 is shown with all host addresses belonging to a single segment. This major network is associated with the default routing mask of 255.255.255.0. In the lower portion of the graphic, the default routing mask for network 201.222.5.0 has been extended by three bits, as indicated by the subnet mask of 255.255.255.224. The mask extension creates a three-bit counting range, which, using the 2n formula, generates eight possible counts. The seven counts which do not require additional configuration statements on the Cisco router are shown above. Subnetwork zero must be explicitly allowed using configuration commands in Cisco IOS releases prior to 12.0. In Cisco IOS Release 12.0 and later, subnet zero is enabled by default. Once each unique count is determined in the subnetwork range, the valid counts from the host range are added to it. The resulting decimal values represent a range of valid host addresses for each location (subnetwork) within the network address space. The function of extending the network mask (subnetting) creates additional unique locations within the network at the expense of fewer hosts on each segment. There is a small loss of usable host addresses due to the special usage of some bits within the host range. This loss of usable host addresses can be minimized by good network design with an eye toward address utilization on a per segment basis.
Routing Fundamentals
This section discusses the components that make up a routing decision. The different methods of learning and the mechanisms for maintaining the routers awareness of the network topology are covered in detail. These topics are consolidated into a discussion of how to read and understand the contents of a routing table display. Section topics are as follows:
s s s s
What is routing? Routing requirements Router functions Distance vector routing protocols

Operation Comparison
Link-state routing protocols

Operation Comparison
s s
Convergence on a new network topology Routing table interpretation
Routing Principles 3-11
What is Routing?
Routing is the process of forwarding an item from one location to another Routers forward traffic to a logical destination in a computer network Routers perform two major functions:
Routing
Learning the logical topology of the network
Switching
Forwarding packets from an inbound interface to an outbound interface
www.cisco.com
BSCN4-12
What is Routing?
What is routing? Routing is a relay system by which items are forwarded from one location to another. In computer networks, user generated traffic, such as electronic mail or graphic/text documents, is forwarded from a logical source to a logical destination. Each device in the network has a logical address so it can be reached individually or in some cases as part of a larger group of devices. For a router to act as an effective relay device, it must be able to understand the logical topology of the network and to communicate with its neighboring devices. The router understands several different logical addressing schemes and regularly exchanges topology information with other devices in the network. The mechanism of learning and maintaining awareness of the network topology is considered to be the routing function. The actual movement of transient traffic through the router is a separate function and is considered to be the switching function. Routing devices must perform both a routing and a switching function to be an effective relay device.
Routing Requirements
Is the protocol suite active on this device? Is the destination network known to this device?
Is there an entry in the routing table? Is the route currently available?
Which outbound interface represents the best path?

Lowest metric path is preferred Equal lowest metric paths are shared
www.cisco.com
BSCN4-13
Routing Requirements
There are three major decisions that have to be made in order to make a routing decision. First and foremost, can the routing device understand the logical destination address? For a logical address understanding to exist within the router, the protocol suite that uses that logical addressing scheme must be enabled and currently active. Some examples of common aprotocol suites are TCP/IP, IPX, DECnet, and others. Secondly, once the router can understand the addressing scheme, does the destination logical network exist within the current routing table as a valid destination. If the destination logical network does not exist in the routing table, routing devices are programmed to discard the packet and to generate an Internet Control Message Protocol (ICMP) message to notify the sender of the event. Some network managers have successfully reduced the size of their networks routing tables by including only a few destination networks and manually specifying a default route entry. If specified, a default route will be followed if the destination logical network, as indicated by the packet header, is not included as part of this devices routing table. Lastly, if the destination network is in the routing table, through which outbound interface will the packet be forwarded? The routing table should contain only the best path to any given destination logical network. The best path to a destination network has been associated with a particular outbound interface by the routing protocol process. Routing protocols use a metric scheme to determine the best path to a destination. A smaller metric indicates a preferred path and if two or more paths have an equal lowest metric, then all of those paths will be equally shared. Sharing packet traffic across multiple paths is referred to as load balancing to the destination. Once the outbound interface is known, the router must also have an encapsulation solution to forward with. An encapsulation method (framing) is required to forward the packet to the next-hop logical device in the relay path.
Copyright 1999, Cisco Systems, Inc. Routing Principles 3-13
Routing Information
Most of the necessary information is contained in the routing table
II 172.16.8.0 172.16.8.0
I 172.16.8.0 [100 /118654] via 172.16.7.9 00:00:23 Serial0
[100/118654] via 172.16.7.9, 00:00:23, Serial0 [100/118654] via 172.16.7.9, 00:00:23, Serial0
-------How the route was learned (IGRP) Destination logical network/subnet Administrative distance (prioritization factor) Metric value (reachability) Next hop logical address (next router) Age of entry (in hours:minutes:seconds) Interface through which route was learned and through which the packet will leave
www.cisco.com
BSCN4-14
Routing Information
Most of the information required to perform the routing operation is included in the routing table on a per-entry basis. Each entry is created by the routing protocol process and indicates the following:
s
By which mechanism the was route learned. Learning methods can be either dynamic or manual entries. Logical destination address, expressed either as a major network or as a subnetwork of a major network. In isolated cases, host addresses can be contained in the routing table. Administrative distance; a measure of the trustworthiness of the learning mechanism. Metric; a measure of the aggregate path cost specified in a format consistent with the metric used by that routing protocol. Address of the next relay device (router) in the path to the destination. How current is the route information? This field indicates the amount of time the information has been in the routing table. Entry information is refreshed periodically to ensure it is current. The interface associated with reaching the destination network. This is the port through which the packet will leave the router, being forwarded to the next-hop relay device.
s s
Administrative Distance
Administrative Distance is a prioritization method for IP routing protocols The lower the administrative distance, the more trusted the learning mechanism
Manually entered routes are preferred to dynamically learned routes Routing protocols with sophisticated metrics are preferred over protocols with simple metric structures
www.cisco.com
BSCN4-15
The routing process is responsible for selecting the best path to any destination network. The concept of an administrative distance is required to handle the case when there are multiple inputs on the same route. More than one learning mechanism can exist inside the router at any given time. The routing process has been programmed to prefer lower values rather than higher values when comparing administrative distances. In general, administrative distances have been assigned in a fashion to prefer manual entries over dynamically learned entries and to prefer routing protocols with more sophisticated metrics over routing protocols with simple metrics. A comparison chart of administrative distances is located on the following page.
Administrative Distance Comparison Chart

Route Source Default Distance 0 0 1 5 20 90 100 110 115 120 140 170 200 255
BSCN4-16
Connected Interface Static Route out an Interface Static Route to a Next Hop Enhanced IGRP Summary Route External BGP Internal Enhanced IGRP IGRP OSPF IS-IS RIP v1, v2 EGP External Enhanced IGRP Internal BGP Unknown
www.cisco.com
Administrative Distance Comparison Chart

The chart above compares the administrative distances for the different learning methods available in a TCP/IP environment.
Routing Decisions
Routing protocols maintain a loop-free, single path to each destination network Routes are advertised with a reachability factor referred as a metric The path to the destination network is represented by the sum of the metrics associated with all intermediate links The routing process uses the metric value to select a preferred path to each destination Multiple paths can be used if metric values are equal
www.cisco.com
BSCN4-17
Routing Decisions
In a routed network, the routing process relies on the routing protocol to maintain a loop-free topology. In addition to maintaining a loop-free topology, the routing process must locate the best path to every destination network. The concept of what is the best path to any destination is what distinguishes different routing protocols in the TCP/IP environment. Each routing protocol uses a different measurement as to what is best. Routers advertise the path to any network in terms of a metric value. Some common examples of metrics are: hop count (how many routers to pass through), cost (based on bandwidth) and composite (using several parameters in their calculation). If the destination network is not local to this router, then the path is represented by the total of metric values defined for all of the links that must be traversed to reach that network. Once the routing process knows the metric values associated with the different paths (assuming that multiple paths exist), then the routing decision can be made. The routing process will select the path that has the smallest metric value. In Cisco routers, if multiple, lowest, equal metric paths exist in an IP environment, then, load sharing (also known as load balancing) will be in effect across the multiple paths. Cisco supports up to six equal metric paths to a common destination network.
RIP Routing Metrics

5.1 4.0 5.2 5.3 5.4 C C R R R 5.0 dir conn Eth0 4.0 dir conn Ser0 10.0 [120/4] via 5.2, Eth0 10.0 [120/4] via 5.3, Eth0 10.0 [120/4] via 5.4, Eth0
TR
FDDI 10.0
Routing metric used by RIP is hop count

Using a neighboring router interface is a hop
Routing process arbitrarily selects a path from several possible paths

IP load balancing is enabled by default
www.cisco.com
BSCN4-18
RIP Routing Metrics

The Routing Information Protocol (RIP) is a commonly used routing protocol in small-to-medium sized TCP/IP networks. RIP uses hop count as a metric (based upon how many neighboring routers must be passed through to reach the destination). In the topology indicated above, traditional RIP implementations would arbitrarily choose one path in order to reach network 10.0. In this case, only the selected path would be displayed in the routing table. In Cisco routers, the RIP implementation is such that multiple equal hop paths can be shared. In the graphic above, notice that network 10.0 can be reached by three different paths that vary in bandwidth but have an equal hop count. As a result of the equal metric, all three paths will be displayed in the routing table as the lowest metric path. This graphic illustrates that bandwidth is not a consideration in RIPs understanding of the best path to reach network 10.0. In addition, this topology is for demonstration purposes only and does not represent an optimal network design.
IGRP Routing Metrics

5.1 4.0 5.2 5.3 5.4
TR
FDDI 10.0
C 5.0 dir conn Eth0 C 4.0 dir conn Ser0 I 10.0 [100/327684] via 5.4, Eth0
Routing metric used by IGRP is composite

Bandwidth, delay, reliability, load, MTU
Routing process selects the fastest path

IP load balancing is enabled by default
www.cisco.com
BSCN4-19
IGRP Routing Metric

Ciscos IGRP is a commonly used routing protocol in medium-to-large sized TCP/IP networks. IGRP uses a composite metric, one based upon bandwidth, delay, reliability, load, and Maximum Transfer Unit (MTU). In IGRPs standard algorithm computation, only the bandwidth and delay values are enabled by default. Load balancing is enabled for all IP routing protocols implemented by Cisco. IGRPs composite metric can distinguish subtle differences in link characteristics and, therefore, will select the highest bandwidth (fastest) path to the destination network. In the graphic above, the FDDI-link path is selected because its 100 Mbps bandwidth is higher than the other available paths. If equal (at least equal within one percent) metric paths exist, load balancing will be in effect. IGRP is capable of load balancing across as many as six equal metric paths. Again, this topology is for demonstration purposes only and does not represent an optimal network design.
Routers Forward Traffic

Routing protocols maintain neighbor relationships with adjacent (connected) routers
Neighboring routers/routing protocols exchange frames containing either: Hello packets Routing update packets Routing tables contain routes learned from neighboring routers
Routers forward traffic to the destination network by passing packets to the next-hop logical device (router) in the delivery path
www.cisco.com
BSCN4-20
Routers Forward Traffic

Immediately after a router completes its startup procedure, the router attempts to establish a routing relationship with neighboring routing devices. The purpose of this initial communication is to identify the neighboring devices and to begin learning the network topology. The method of establishing adjacencies and initial learning of the topology varies between different routing protocols. Often, broadcast frames are used to locate the neighboring devices, especially until the media access control (MAC) addresses of the adjacent network interface card (NIC) cards are learned. The routing process, via the routing protocol, establishes a peer relationship at the software layers (layers four through seven) of the OSI reference model with the neighboring routers. The routing protocol(s) will exchange either periodic Hello messages or periodic routing updates to maintain the on-going communication between the neighbors. Once the network topology is understood and the routing table contains the best path to all known destination networks, the forwarding of traffic can begin. The function of forwarding transient packets by the router is referred to as the switching. The switching function relies heavily on the router knowing the MAC address of the next-hop routing device. The MAC address learning process was a critical phase in establishing the neighbor relationship after startup. The graphic on the following page summarizes the switching operation performed by the router.
Basic Switching Functions

1
Check framing and buffer packet Associate destination logical address with next-hop logical device and outbound interface Associate next-hop logical device with physical address to create frame header Create framing and forward packet
www.cisco.com
Inbound interface
Routing table
Maintained by routing protocol*
ARP cache (LAN)
Map table (WAN)
Maintained by ARP or Inverse ARP process*
Outbound interface
* Manual entries available
BSCN4-21
Basic Switching Functions

In order to forward a packet that has arrived at a router interface, the router must perform the switching function. The switching function needs the end result of the routing function, which is a routing table entry that points to the destination logical network. The switching function has four basic steps:
s
A packet transiting the router will be accepted into the router if the frame (in which the packet resides) header contains the MAC address of one of the routers NIC cards. If properly addressed, once the framing is checked, the frame and its content (the packet) will be buffered pending further processing. The buffering occurs in main memory or some other specialized memory location. The switching process checks the destination logical network portion of the packet header against the network/subnetwork entries in the routing table. If the search is successful, the switching process associates the destination network with a next-hop logical device and an outbound interface. Once the next-hop logical device address is known, a lookup is performed to locate a physical address for the next device in the relay chain. The lookup is performed in an Address Resolution Protocol (ARP) table for local-area network (LAN) interfaces or a map table for wide-area network (WAN) interfaces. The contents of these tables can be created either by dynamic means or by manual entries. Once the physical address of the next delivery device is known, an overwrite of the frame header occurs in the memory locations where the frame (and packet) is buffered. After the frame header is created, the frame is programmatically moved to the outbound interface for transmission onto the media. As the frame is placed on the media, the outbound interface adds the CRC character and ending delimiters to the frame. These characters will need to be validated at the arriving interface on the next-hop relay device.
Classful Routing Overview

Classful routing protocols are a consequence of the distance vector method of route calculation RIPv1 IGRP Routing masks are not carried within the routine, periodic routing updates Within a network, consistency of mask is assumed
www.cisco.com
BSCN4-22
Classful Routing Overview

Classful routing is a consequence of the fact that routing masks are not advertised in the periodic, routine, routing advertisements generated by distance vector routing protocols. In a classful environment, the receiving device must know the routing mask associated with any advertised subnets or those subnets cannot be advertised to it. How would the receiving device know the mask of an advertised subnet? There are two ways this information can be gained:
s s
Share the same routing mask as the advertising device If the routing mask does not match, this device must summarize the received route a classful boundary and send the default routing mask in its own advertisements.
Classful Routes
Subnetwork routes are shared by devices within the same network Summary routes are exchanged between foreign networks Summary routes are automatically created at major network boundaries
www.cisco.com
BSCN4-23
Classful Routes
Classful routing protocols, such as RIPv1 and IGRP, exchange routes to subnetworks within the same network. This is possible because all of the subntworks in the major network will have the same routing mask. This consistency is enforced by administrative controls invoked by the network administrators. When routes are exchanged with foreign (networks whose network portion does not match ours) networks, subnetwork information from this network cannot be included because the routing mask of the other network is not known. As a result, the subnetwork information from this network must be summarized to a classful boundary using a default routing mask prior to inclusion in the routing update. The creation of a classful summary route at major network boundaries is handled automatically by classful routing protocols. Summarization at other points within the major network address is not allowed by classful routing protocols.
Classful Subnetting Requirements

A requirement for only two host addresses Forced to allocate 30 host addresses
201.222.5.129 /27 E0 S1 201.222.5.98 /27 S0 E0
201.222.5.97 /27 E1 201.222.5.65 /27
201.222.5.33 /27
All router interfaces in the network must have the same subnet mask This approach may not fully utilize available allocation of host addresses
www.cisco.com
BSCN4-24
Classful Subnetting Requirements

When performing subnetting in conjunction with a classful routing protocol, care must be taken to assign the same subnet mask to all router interfaces in the classful routing domain. This consistency is a requirement for subnetwork routes to be advertised correctly. The consistency of subnet mask has a potential downside from the standpoint of efficient address allocation. While a 27-bit mask, as shown in the graphic above, allocates the proper number of host addresses (approximately 30 addresses) onto each Ethernet segment, not all of the 30 addresses can be utilized on the serial link.
Distance Vector Routing Update Traffic

Routing Table
All Routes
In a distance vector environment, routing updates are propagated only to directlyconnected neighbors
www.cisco.com
BSCN4-25
Distance Vector Routing Update Traffic

The periodic, routine, routing updates generated by distance vector routing protocols are only addressed to directly-connected routing devices. The addressing scheme most commonly used is a logical broadcast, although unicast updates can be specified. In a distance vector environment, the routing update includes a complete routing table. By receiving a neighbors full table, a router can verify all of the known routes and make changes to the local table based upon updated information received from the neighboring router. This process is easily understood, but it becomes obvious that this routers understanding of the network is based upon the neighbors perspective of the network topology. The distance vector approach to routing is sometimes referred to as routing by rumor.
Distance Vector Protocol Comparison Chart

Characteristic
Count to infinity Split horizon with poison reverse Hold-down timer Triggered updates with route poisoning Load balancing - equal paths Load balancing - unequal paths VLSM support Routing algorithm Metric Hop count limit Scalability
RIPv1 RIPv2 IGRP

X X X X X X X X X X X B-F Hops 16 Med X X X X X X B-F Comp 100 Large
EIGRP**
X X X X X DUAL Comp 100 Large
B-F Hops 16 Med
** Enhanced IGRP is an advanced distance vector protocol

www.cisco.com
BSCN4-26
Distance Vector Protocol Comparison Chart

The chart above compares the characteristics of the different distance vector routing protocols supported on Cisco routers. Most distance vector routing protocols use the Bellman-Ford (B-F) algorithm for route calculation. Enhanced IGRP is an advanced distance vector protocol and uses the Diffusing Updatebased algorithm (DUAL). The hop count limit for IGRP defaults to 100 but is configurable up to a maximum of 255 hops.
Written Exercise: Comparing Distance Vector Routing Protocols

Objective: Describe the operating characteristics of different distance vector routing protocols. 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: RIPv1, RIPv2, IGRP, EIGRP Protocol Characteristic Has a hop count limitation of 15 hops Uses broadcast packets to propagate routing updates Has an administrative distance of 100 Supports split horizon to avoid routing loops Uses a composite metric to determine best path Employs a count to infinity concept to avoid routing loops Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment
2. Which of the following statements are true for all distance vector routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. _______ Routing updates contain all routes in the routing table
_______
Load balancing of equal metric paths in enabled by default
_______
Automatic route summarization occurs at major network boundaries
_______
Length of the subnet mask is carried in the routing update
_______
Consistency of subnet mask is a network design requirement
Case Study: Using Distance Vector Routing Protocols
Distance Vector Case Study
Class C Class C
Token Ring
Token Ring
Class C
Gigabit Ethernet Fast Ethernet Ethernet Serial

www.cisco.com
BSCN4-28
Distance vector routing protocols are commonly deployed in small to medium sized networks. These protocols are popular, well understood, and straightforward to configure. Although distance vector protocols, such as RIP and IGRP, are widely deployed there are still some operational guidelines that must be adhered to. Some operational concepts that require consideration include:
s s s s s
Topology considerations Metric limitations Routing update traffic Convergence Ease of configuration and management
Classless Routing Overview

Classless routing protocols include the routing mask with the route advertisement
Open Shortest Path First (OSPF) Enhanced IGRP RIPv2 IS-IS BGP
Routing updates triggered by topology changes Summary routes manually controlled at any point within the network
www.cisco.com
BSCN4-29
Classless Routing Overview

Classless routing protocols can be considered as second generation protocols because they are designed to deal with some of the limitations of the earlier classful protocols. One of the most serious limitations in a classful network environment is that the routing mask is not exchanged during the routing update process. This original approach required the same routing mask be used on all subnetworks. The classless approach advertises the routing mask for each route and therefore a more precise lookup can be performed in the routing table. Once the initial topology learning phase is complete, updates about network routes are triggered by changes in topology. The event-driven approach reduces the periodic bandwidth consumption associated with full table updates. Classless routing protocols also addressed another limitation of the classful approach: the need to summarize to a classful network with a default routing mask at major network boundaries. In the classless environment, the summarization process is manually controlled and can be invoked at any point within the network. Since subnet routes are propagated throughout the routing domain, summarization is required to keep the size of the routing tables at a manageable size.
Classless Subnetting Requirements

A requirement for only two host addresses VLSM support accommodates this
201.222.5.129 /27 E0 S1 201.222.5.209 /30 S0 E0
201.222.5.210 /30 E1 201.222.5.65 /27
201.222.5.33 /27
Router interfaces within the same network can have different subnet masks
Variable length subnet masking (VLSM) is supported
This approach maximizes allocation of available host addresses

www.cisco.com
BSCN4-30
Classless Subnetting Requirements

Another limitation of classful routing protocols was the requirement for a consistent mask to be applied to all router interfaces within the major network. This strict (classful) approach resulted in inefficient utilization of host addresses Classless routing protocols understand that different routes within a major network can have different masks. The use of different masks within a major network is referred to as Variable Length Subnet Masking (VLSM). Classful routing protocols support VLSM and that in turn leads to more efficient utilization of host addresses. In the graphic above, the serial link has been configured with a subnet mask that properly supports the links requirement for only two host addresses.
Link-State Routing Update Traffic

Routing Table
One Route
In a link-state environment, link-state announcements are propagated to all devices in the routing domain
Hierarchical design can limit the requirement to notify all devices
www.cisco.com
BSCN4-31
Link State Routing Update Traffic

Link state routing protocols generate routing updates only when there is a change in the topology. When a link changes state, a link-state advertisement (LSA) concerning that link (route) is created by the device that detected the change and propagated to all neighboring devices using a special multicast address. Each routing device takes a copy of the LSA, updates its topological database and forwards the LSA to all neighboring devices. This flooding of the LSA is required to ensure that all routing devices update their database before creating an updated routing table that reflects the new topology. Most link-state routing protocols require a hierarchical design, especially to support proper address summarization. The hierarchical approach, such as creating multiple logical areas for OSPF, reduces the need to flood an LSA to all devices in the routing domain. The use of areas restricts the flooding to the logical boundary of the area rather than to all devices in the OSPF domain. In other words, a change in one area should only cause routing table recalculation in that area, not in the entire domain.
Link-State Protocol Comparison Chart

Characteristic
Hierarchical topology - required Retains knowledge of all possible routes Route summarization - manual Route summarization - automatic Event triggered announcements Load balancing - equal paths Load balancing - unequal paths VLSM support Routing algorithm Metric Hop count limit Scalability
** Enhanced IGRP has some link-state features
OSPF IS-IS
X X X X X X X X X X
EIGRP**
X X X X X X X DUAL Comp 100 Large
X X Dijks IS-IS Cost Cost 200 1024 Large VryLg
www.cisco.com
BSCN4-32
Link State Routing Protocol Comparison Chart

The chart above compares some of the characteristics exhibited by link-state routing protocols. Enhanced IGRP is technically an advanced distance vector protocol, but it demonstrates some link-state features. The routing algorithm used by OSPF is the Dijkstra algorithm. Iintermediate system-to- intermediate system (IS-IS) is the routing algorithm used by the International Standards Organization (ISO) protocol suite, which includes connectionless network services (CLNS). Enhanced IGRP uses Distributed Update-based algorithm (DUAL) in its route calculations.
Written Exercise: Comparing Link State Routing Protocols

Objective: Describe the operating characteristics of link-state routing protocols 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: OSPF, IS-IS, EIGRP Protocol Characteristic Maintains additional tables to assist in rapid convergence Uses broadcast packets to propagate topology updates Has an administrative distance of 115 Supports flooding of updates to avoid routing loops Requires a hierarchical design to operate correctly Allows manual route summarization at any location Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment
2. Which of the following statements are true for all link-state routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. _______ Routing updates contain only the affected routes in the routing table
_______
_______
_______
_______
Case Study: Using Link State Routing Protocols
Link-State Case Study
Area
Hi-speed Core
DR
BDR
FDDI
Token Ring
Gigabit Ethernet Fast Ethernet Ethernet Serial

www.cisco.com
BSCN4-34
Link state routing protocols are commonly deployed in medium to large-scale networks. Implementation of these protocols requires that sound design principles be followed with an eye towards a hierarchical topology. A hierarchical structure is important for both router functionality and for address allocation. Some operational concepts that require consideration include:
s s s s s
Topology considerations Metric limitations Routing update traffic Convergence Ease of configuration and management
Convergence
Convergence is the time that it takes for all routers to agree on the network topology after a change New routes being added Existing routes changing state Convergence time is effected by: Update mechanism (hold-down timers) Size of the topology table Route calculation algorithm
www.cisco.com
BSCN4-35
Convergence
In a routed network, the routing process in each router must maintain a loop-free, single path to each possible destination logical network. When all of the routing tables are synchronized and each contains a usable route to each destination network, the network is described as being converged. Convergence is the activity associated with making the routing tables synchronized after a topology change occurs. Convergence efforts are different within different routing protocols and the default timers used within the same routing protocol can vary by vendor implementation. Convergence time can vary within any network. One of the critical questions to be answered when measuring convergence time is how was the link change detected? Using the OSI reference model terminology as a guideline, there are at least two different detection methods. First, when the NIC (at the Physical/Data Link layer) fails to receive three consecutive keepalives, the link is considered to be down. Second, when the routing protocol (at the Network/Transport Layer) fails to receive three consecutive Hello messages (or routing updates, etc.), the link is considered to be down. Once the detection method is understood, factors associated with routing protocol operation come into play. Most routing protocols have timers that prevent topological loops from forming during periods of link transition. For example, when a route is suspect, it is placed in hold-down and no new routing information about that route will be accepted until the hold-down timer expires. This approach gives the network topology an opportunity to stabilize before new route calculations are performed. Unfortunately, a network cannot converge more rapidly than the duration of the hold-down timer. The concept of a hold-down timer is primarily associated with distance vector routing protocols. In addition to timer values, other factors such as the size of internet, the efficiency of the routing algorithm and how the failure information is radiated all affect convergence time. Some examples are shown on the following pages.
Copyright 1999, Cisco Systems, Inc. Routing Principles 3-35
RIP Convergence
S1 S0 F E D E0 C E1 E0 B S0 S0 A
Steps of convergence:
1. C detects link failure; sends flash update, goes to D and B
- Route is poisoned to B and D; removed from Cs routing table
2. C sends a request to neighbors for alternate path - Broadcast for v1, multicast for v2 3. D reports no alternate path; B reports route with weaker metric
- Route via B immediately placed in routing table
4. C advertises route via B in periodic update to D

- No change to table because route is in hold-down
5. In D, E, and F, as hold-down timer expires, route added to table

- New route propagated in periodic update
Convergence time at F: 6 update intervals + 60 seconds

www.cisco.com
BSCN4-36
RIP Convergence
The sequence of events for RIP convergence is as follows: 1. Router C detects the link failure between A and C, C sends a flash update with a poisoned route to B and D. D creates a new flash update and sends it to E. E creates a new flash update and sends it to F. C purges the entry for the down link and removes all routes associated with that link from the routing table. 2. Router C sends a query to its neighbors on 255.255.255.255 (v1) and 224.0.0.9 (v2). D responds with a poisoned route and B responds with a route with a weaker metric. The route from B is immediately installed in the routing table. 3. Router C does not go into hold-down because the entry was already purged. 4. Router D is in hold-down for the failed route. When C makes its periodic advertisement that the route is available with a weaker metric, D ignores the route because it is in hold-down. D continues to send a poisoned route to C in Ds updates. 5. As routers D, E, and F come out of hold-down, the new route announced by C will cause their routing table entries to be updated. From Fs perspective, convergence time is the total of detection time, plus holddown time, plus two update times (D to E and E to F), plus one partial or full update time. The actual time to converge at F could exceed 240 seconds or approximately four minutes.
IGRP Convergence
1) C detects link failure; sends flash update, goes to D and B
- Route is poisoned to B and D; removed from Cs routing table
2) C sends query to neighbors for alternate route - Broadcast on all interfaces 3) C receives route with weaker metric from B; no route from D
- Route via B placed in routing table
4) C advertises route via B in flash update to D and B

- No change to table because route is in hold-down
5) In D, E, and F, as hold-down timer expires, route added to table

- New route propagated in periodic update
Convergence time at F: 5 update intervals + 30 seconds

www.cisco.com
BSCN4-37
IGRP Convergence
The sequence of events for IGRP convergence is as follows: 1. Router C detects the link failure between A and C, C sends a flash update with a poisoned route to B and D. D creates a new flash update and sends it to E. E creates a new flash update and sends it to F. C purges the entry for the down link and removes all routes associated with that link from the routing table. 2. Router C sends a query to its neighbors on 255.255.255.255 using all interfaces including the one that is down. D responds with a poisoned route and C sends (out all interfaces) a flash update without the failed link entry. 3. B responds with a route with a weaker metric. The route from B is immediately installed in the routing table. Router C does not go into holddown because the entry was already purged. C sends a flash update with the new route information out all interfaces. 4. Router D is in hold-down for the failed route. When C makes its flash advertisement that the route is available with a weaker metric, D ignores the route because it is in hold-down. D continues to send a poisoned route to C in Ds updates. 5. As routers D, E, and F come out of hold-down, the new route announced by C will cause their routing table entries to be updated. From Fs perspective, convergence time is the total of detection time, plus holddown time, plus two update times (D to E and E to F), plus one partial or full update time. The actual time to converge at F could exceed 490 seconds or approximately six minutes.
EIGRP Convergence
1) C detects link failure; has no FS, goes into active convergence
- No successor candidates present in topology database
2) C sends query to B and D to get logical successor

- No route with a lower feasible distance available
3) 4) 5) 6)
Ds response indicates no logical successor Bs response indicates FS with higher feasible distance C accepts new path and distance, adds route via B to table Sends flash update about higher metric, goes to D and B
- Only higher metric propagated in triggered update
Convergence time to F: approximately 2 seconds

www.cisco.com
BSCN4-38
Enhanced IGRP Convergence

The sequence of events for IGRP convergence is as follows: 1. Router C detects the link failure between A and C, checks the topology table for a feasible successor, doesnt find a qualifying alternate route and enters in an active convergence state. 2. C sends a Query out all interfaces for other routes to the failed link. The neighboring routers acknowledge the query. 3. The reply from D indicates no other route to the failed link. 4. Bs reply contains a route to the failed link, although it has a higher feasible distance. 5. Router C accepts the new path and metric information, places it in the topology table, and creates an entry for the routing table. 6. C sends an update about the new route out all interfaces. All neighbors acknowledge the update and send updates of their own (which are acknowledged) back to the sender. These bi-directional updates are necessary to ensure the routing tables are synchronized and to validate the neighbors awareness of the new topology. From Fs perspective, convergence time is the total of detection time, plus Query and Reply times, plus Update times. The actual time to converge at F is very rapid, approximately two seconds.
OSPF Convergence
1) C detects link failure; sends link-state advertisement, goes to D and B
- Topology change is detected, traffic forwarding suspended
2) All routers update topology database; copy LSA and flood to neighbors
- All devices have topological awareness
3) All routers run Dijkstra algorithm, generate new routing table

- Route via B in routing tables, traffic forwarding resumed
Convergence time to F: approximately 6 seconds
www.cisco.com
BSCN4-39
OSPF Convergence
The sequence of events for OSPF convergence is as follows: 1. Router C detects the link failure between A and C and tries to perform a DR election process on the LAN interface, but fails to reach any neighbors. C deletes the route from the routing table, builds a router LSA and sends it out all other interfaces. 2. Upon receipt of the LSA, routers B and D copy the advertisement and forward (flood) the LSA packet out all interfaces other than the one upon which it arrived. 3. All routers, including router C, wait five seconds after receiving the LSA and run the shortest path first (Dijkstra) algorithm. After running the algorithm, router C adds the new route to the routing table, and routers D, E and F update the metric in the routing table. After approximately 30 seconds, A sends an LSA after aging out the topology entry from router C about the failed link. After five seconds, all routers run the SPF algorithm again and update their routing tables to reflect that B is the path to the failed link. From Fs perspective, convergence time is the total of detection time, plus LSA flooding time, plus five seconds. The actual time to converge at F is very rapid, approximately six seconds and could be longer depending on the size of the topology table. If As LSA about aging out of the topology entry is also considered in Fs convergence, approximately another 30 - 40 seconds could be added before the network is again stable.
Routing Updates
Different ways to send route information
Routing Table Distance vector Approach Full Table
Routing Table
link-state Single Entry Approach
www.cisco.com
BSCN4-40
Routing Updates
There are two basic ways to send routing updates: the distance vector approach and the link-state approach. These approaches are being described after the initial learning mechanisms have completed. Distance-vector protocols use a routine, periodic announcement that contains the entire contents of the routing table. These announcements are usually broadcasts and are propagated only to directly-connected devices. This approach allows the router to view the network from the neighbors perspective and facilitates the addition of the routers metric to the distance already stated by the neighboring router. The downside of this approach is that considerable bandwidth is consumed at regular intervals on each link even if there are no topology changes to report. Link-state protocols use a triggered-update type of announcement. These announcements are generated only when there is a topology change within the network. The link-state announcements only contain information about the link that changed (such as a single route) and are propagated to all devices in the network. The flooding of the announcement is required because link-state devices all make their route calculations independently but those calculations are based upon a common understanding of the network topology. This approach saves bandwidth on each link because the announcements contain less information, as well as, only being sent when there is a topology change. In some link-state protocols, a periodic announcement (every 30 minutes for OSPF) is required to ensure that the topology database is synchronized among all routing devices.
Routing Tables
Entries are listed in binary descending order
Simplifies the search mechanism
Multiple paths to a common destination can be listed

Load balancing is enabled by default for IP
Displayed by the show ip route command Entries can be refreshed by clear ip route command
Specify a single entry, use network number Specify all entries, use * as a wildcard character
www.cisco.com
BSCN4-41
Routing Tables
The entries in a routing table represent each possible logical destination network that is known to this router. The entries for major networks are listed in ascending order and, most commonly, within each major network the subnetworks are listed in descending order. The order of the entries may at times look like a random pattern, but the order is optimized by bit patterns to facilitate the lookup process based upon length of subnet mask. The routing process must maintain a single, loop-free path to each destination network. If equal, lowest metric paths exist to a destination, all paths (up to a maximum of six) will be listed in the routing table. The IP routing process will attempt to load share traffic across equal metric paths. An IP routing table display can be requested with the privileged EXEC command show ip route. If the information that is displayed is not trusted, an update can be obtained from the neighboring devices with the clear ip route command. An optional keyword, either an individual network/subnetwork route or the * (wildcard for all) character, can be used to further identify the route(s) to be refreshed.
Sample Routing Table

Include sample display
Include Static, default and gateway of last resort
www.cisco.com
BSCN4-42
Sample Routing Table

Click here to enter topic content.
Lab Exercise: Discovering the Network

Refer to the Lab Guide for details about the tasks to be performed during this lab exercise. The lab will be pre-configured by the instructor and includes IP and IGRP. The following is an overview of the tasks to be performed:
s
Use show commands and CDP to discover

Addresses Protocols Metrics
s s s
Analyze the contents of the routing table Verify connectivity to all other pods Using the addresses assigned to your pod, determine

Subnet ID Host IDs Broadcast address
Summary
This section summaries the tasks you learned to complete in this chapter
Summary
After completing this chapter, you should be able to perform the following tasks:
List the key information routers need to route data Describe classful and classless routing protocols Compare distance vector and link-state protocol operation Describe the use of the fields in a routing table
www.cisco.com
BSCN4-44
Answers to Exercises
www.cisco.com
4-45
Written Exercise: Comparing Distance Vector Routing Protocols Objective: Describe the operating characteristics of different distance vector routing protocols. 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: RIPv1, RIPv2, IGRP, EIGRP Protocol RIPv1, RIPv2 RIPv1, IGRP IGRP RIPv1, RIPv2, IGRP, EIGRP IGRP, EIGRP RIPv1, RIPv2 IGRP, EIGRP RIPv2, EIGRP RIPv1 Characteristic Has a hop count limitation of 15 hops Uses broadcast packets to propagate routing updates Has an administrative distance of 100 Supports split horizon to avoid routing loops Uses a composite metric to determine best path Employs a count to infinity concept to avoid routing loops Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment
___T___
___T___
_______
_______
Written Exercise: Comparing Link State Routing Protocols Objective: Describe the operating characteristics of link-state routing protocols 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: OSPF, IS-IS, EIGRP Protocol OSPF, IS-IS, EIGRP None IS-IS OSPF OSPF, IS-IS OSPF. IS-IS, EIGRP OSPF, EIGRP OSPF, IS-IS, EIGRP OSPF Characteristic Maintains additional tables to assist in rapid convergence Uses broadcast packets to propagate topology updates Has an administrative distance of 115 Supports flooding of updates to avoid routing loops Requires a hierarchical design to operate correctly Allows manual route summarization at any location Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment
2. Which of the following statements are true for all link-state routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. ___T___ Routing updates contain only the affected routes in the routing table
___T___
_______
___T___
_______
Extending IP Addresses
Overview
This chapter discusses various aspects if IP addressing. This chapter includes the following topics:
s s s s s s s s s s s s
Objectives Issues with IP Addressing IP Addressing Solutions Hierarchical Addressing Variable-Length Subnet Masks Written Exercise: Calculating VLSMs Route Summarization Written Exercise: Using Route Summarization Classless Inter-domain Routing Case Study: Introduction to Course Case Studies Summary Review Questions
Objectives
Objectives
Given an IP address, use VLSMs to extend the use of the IP address Given a network plan that includes IP addressing, explain if route summarization is or is not possible
www.cisco.com
BSCN4-2
s s
Given an IP address, use VLSMs to extend the use of the IP address. Given a network plan that includes IP addressing, explain if route summarization is or is not possible.
Issues with IP Addressing

This section discusses issues with IP addressing.
Issues with IP Addressing
Internet
UNIVERSITY
IP address exhaustion Routing table growth

www.cisco.com
BSCN4-4
When IP addressing was first defined, in 1981, it was a 32-bit number that had two components: a network address and a node (host) address. Classes of addresses were also definedclass A, B, and C and later classes D and E. Since then, the growth of the Internet has been incredible. Two addressing issues have resulted from this explosion:
s
IP address exhaustionThis has largely been due to the random allocation of IP addresses by the NIC. It is also due to the fact that subnetting with one subnet mask may not be suitable for a typical network topology, as you will see later in this chapter. Routing table growth and manageabilityOne source indicates that in 1990 only about 5000 routes were tracked in order to use the Internet. This number had grown to 74,000 routes by 1999. In addition to the exponential growth of the Internet, the random assignment of IP addresses throughout the world has also contributed to the exponential growth of routing tables.
Next-generation IP (IP version 6) tries to respond to these problems by introducing a 128-bit address. In the meantime Internet Request For Comments (RFCs), have been introduced to enable the current IP addressing scheme to continue to be useful.
Extending IP Addresses 4-3
IP Addressing Solutions
This section identifies solutions to IP addressing issues.
Subnet Masking, RFC 1812 Address Allocation for Private Internets, RFC 1918 Network Address Translation, RFC 1631 Hierarchical Addressing Variable-Length Subnet Masks, RFC 1812 Route Summarization, RFC 1518 Classless Inter-Domain Routing, RFCs 1518, 1519
www.cisco.com
BSCN4-5
Since the 1980s, solutions have been developed to slow the depletion of IP addresses and to reduce the number of Internet route table entries by enabling more hierarchical layers in an IP address. These solutions include:
s
Subnet MaskingRFCs 950 (1985), 1812 (1995)Developed to add another level of hierarchy to an IP address. This additional level allows for extending the number of network addresses derived from a single IP address. (Subnet masking is discussed in chapter 3 of this course and in detail in the Interconnecting Cisco Network Devices [ICND] course.) Address Allocation for Private InternetsRFC 1918 (1996)Developed for organizations that do not need much access to the Internet. The only reason to have a NIC-assigned IP address is to interconnect to the Internet. Any and all companies can use the privately assigned IP addresses within their organization, rather than using a NIC-assigned IP address unnecessarily. (Private addresses are discussed in chapter 14 of this course and in the Building Cisco Remote Access Networks [BCRAN] course). Network Address Translation (NAT)RFC 1631 (1994)Developed for those companies that use private addressing or use non-NIC-assigned IP addresses. This strategy enables an organization to access the Internet with a NIC-assigned address, without having to reassign the private or illegal addresses that are already in place. (NAT is discussed in chapter 14 of this course and in the BCRAN course). Hierarchical Addressing Applying a structure to addressing such that multiple addresses share the same leftmost bits. Hierarchical addressing is discussed later in this chapter.
Variable-Length Subnet Masks (VLSMs)RFC 1812 (1995)Developed to allow multiple levels of subnetworked IP addresses within a single network. This strategy can only be used when it is supported by the routing protocol in use, such as OSPF and EIGRP. VLSMs are discussed later in this chapter. Route SummarizationRFC 1518 (1993)A way of having a single IP address represent a collection of IP addresses when you employ a hierarchical addressing plan. Route summarization is discussed later in this chapter. Classless Inter-Domain Routing (CIDR)RFCs 1518, 1519 (1993), 2050 (1996)Developed for ISPs. This strategy suggests that the remaining IP addresses be allocated to ISPs in contiguous blocks, with geography being a consideration. CIDR is discussed later in this chapter.
Hierarchical Addressing
This section discusses what hierarchical addressing is and the benefits of using it.
Planning an IP Address Hierarchy

Long (Remote) Distance Path to 1
(A number indicates destination is remote)
Long Distance Virginia Path to 555 Path to 703

(An area code summarizes an area in VA) (A Prefix summarizes Local Office a smaller area in VA)
Local Office
Alexandria
Path to 1212 (Number) California Aunt Judy
Does a telephone switch in California know how to reach a specific phone (1-703-555-1212) in Virginia?
www.cisco.com
BSCN4-11
What is an addressing hierarchy, and why do you want to have it? Perhaps the best known addressing hierarchy is the telephone network. The telephone network uses a hierarchical numbering scheme that includes country codes, area code, and local exchange numbers. For example, if you are in San Jose, California and call someone else in San Jose, then you dial the San Jose local exchange number, 528, and the persons telephone number, 7777. The central office, upon seeing the number 528, recognizes that the destination telephone is within its area so it looks for number 7777 and transfers the call. To call Aunt Judy in Alexandria, Virginia from San Jose, dial 1, then the area code, 703, the Alexandria prefix, 555, then Aunt Judys local number, 1212. The central office first sees the number 1, indicating a remote call, then looks up the number 703. The central office immediately routes the call to a central office in Alexandria. The San Jose central office does not know exactly where 555-1212 is in Alexandria, nor does it have to. It only needs to know the area codes, which summarize the local telephone numbers within an area. If there were no hierarchical structure, every central office would need to have every telephone number, worldwide, in its locator table. Instead, the central offices have summary numbers, such as area codes and country codes. A summary number (address) represents a group of numbers. For example, an area code such as 408 is a summary number for the San Jose area. That is, if you dial 1- 408 from anywhere in the United States, then a seven-digit telephone number, the central office will route the call to a San Jose central office. This is the kind of addressing
strategy that the Internet gurus are trying to work toward, and that you as a network administrator should implement in your own internetwork.
Benefits of Hierarchical Addressing

Reduce the number of route table entries Summarize multiple addresses into route summaries Efficient allocation of addresses Contiguous address assignment allows you to use all possible addresses
www.cisco.com
BSCN4-12
The benefits of hierarchical addressing include:

s
Reduced number of routing table entriesWhether it is with your Internet routers, or your internal routers, you should try to keep your routing tables as small as possible by using route summarization. Route summarization is a way of having a single IP address represent a collection of IP addresses when you employ a hierarchical addressing plan. By summarizing routes, you can keep your routing table entries manageable, which means: More efficient routing. Reduced number of CPU cycles when recalculating a routing table, or sorting through the routing table entries to find a match. Reduced router memory requirements. Faster convergence after a change in the network. Easier troubleshooting
Efficient allocation of addressesHierarchical addressing enables you to take advantage of all possible addresses because you group them contiguously. With random address assignment, you may end up wasting groups of addresses because of addressing conflicts. For example, recall that classful routing protocols automatically create summary routes at a network boundary. These protocols therefore do not support discontiguous addressing (as you will see later in this chapter), so some addresses would be unusable if not assigned contiguously.
Variable-Length Subnet Masks

This section introduces variable-length subnet masks, including some examples, and discusses VLSM use with classless and classful routing protocols.
What Is a Variable-Length Subnet Mask?

172.16.14.32/27
A
17 2.
16 .1
4. 1
172.16.14. 64/27
172.1
6.14. 1
0 36/30
32 /3
2. 17
. .1 16
2 0/
172.16.14.96/27
.14.14 172.16
0/30
HQ 1 72
.16 .2.
172.16.0.0/16
0/2 4
Subnet 172.16.14.0/24 is divided into smaller subnets:

Subnet with one mask at first (/27) Further subnet one of these subnets not used elsewhere (/30)
www.cisco.com
BSCN4-16
VLSMs provide the ability to include more than one subnet mask within a network, and the ability to subnet an already subnetted network address. The benefits of VLSMs include:
s
Even more efficient use of IP addressesWithout the use of VLSMs, companies are locked into implementing a single subnet mask within an entire class A, B or C network number. For example, consider the 172.16.0.0/16 network address divided into subnets using /24 masking, and one of the subnetworks in this range, 172.16.14.0/24, further divided into smaller subnets with the /27 masking, as shown in the graphic. These smaller subnets range from 172.16.14.0/27 to 172.16.14.224/27. In the graphic, one of these smaller subnets, 172.16.14.128, is further divided with the /30 prefix, creating subnets with only two hosts, to be used on the WAN links.
Greater capability to use route summarizationVLSMs allow for more hierarchical levels within your addressing plan, and thus allow for better route summarization within routing tables. For example, in the graphic, subnet 172.16.14.0/24 summarizes all of the addresses that are further subnets of 172.16.14.0, including those from subnet 172.16.14.0/27 and from 172.16.14.128/30. Route summarization is discussed in more detail later in this chapter.
Classless and Classful Routing Updates

RIPv1 Network
172.16.2.0/24 A 172.16.2.0 172.16.1.0/24 B 172.16.0.0
Routing Table 172.16.0.0/16
192.168.5.0/24 C
OSPF Network
172.16.2.0/24 A 172.16.2.0/24 172.16.1.0/24 B 172.16.2.0/24 172.16.1.0/24
Routing Table 172.16.2.0/24 172.16.1.0/24
192.168.5.0/24 C
www.cisco.com
BSCN4-20
VLSMs can be used when the routing protocol sends a subnet mask along with each network address. As discussed in chapter 3, routing protocols that include a subnet mask are known as classless routing protocols; they include RIPv2, OSPF, EIGRP, BGP, and ISIS. As also discussed in chapter 3, routing protocols that do not send subnet mask information along with each network address are known as classful routing protocols. RIPv1 and IGRP are classful routing protocols and therefore do not support VLSMs. RIPv1 and IGRP networks support only one subnet mask per network address because routing updates do not include a subnet mask field. As a result, upon receiving a packet, the router does one of the following to determine the network portion of the destination address:
s
If the routing update information is about the same network number as configured on the receiving interface, the router applies the subnet mask that is configured on the receiving interface. If the routing update information is about a network address that is not the same as the one configured on the receiving interface, the router will apply the default (by class) subnet mask.
For example, in the graphic the RIPv1 network Router B is attached to network 172.16.1.0/24. Therefore, if Router B learns about any network on this interface that is also a subnet of the 172.16.0.0 network, it will apply the subnet mask configured on its receiving interface (/24) to that learned network. But, notice how Router C, which is attached to Router B via the 192.168.5.0/24 network, handles routing information about network 172.16.0.0. Rather than using the subnet mask that Router B knows about (/24), Router C applies the default (classful) subnet mask for a class B address (/16) when it receives information about 172.16.0.0. (Also notice that Router B summarized the routing information about the 172.16.0.0 network when sending it to Router C, because it was sent over an interface in a different network.)
4-10 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.
It is impossible in this kind of environment to further subnet already subnetted IP addresses without causing confusion. Instead VLSMs can be used only when the routing protocol sends subnet mask information along with the network address. To contrast, in the lower graphic the OSPF network Router B passed the subnet and subnet mask information to Router C; Router C put the subnet details into its routing table. Router C did not have to use any default masks for the received routing information.
Calculating VLSMs
Subnetted Address: 172.16.32.0/20 In Binary 10101100. 00010000.00100000.00000000 VLSM Address: 172.16.32.0/26 In Binary 10101100. 00010000.00100000.00000000
1st Subnet: 2nd Subnet: 3rd Subnet: 4th Subnet: 5th Subnet:
10101100 172 172 172 172
. 00010000 .0010 0000.00 000000=172.16.32.0 . 16 .0010 0000.01 000000=172.16.32.64 . 16 .0010 0000.10 000000=172.16.32.128 . 16 .0010 0000.11 000000=172.16.32.192 . 16 .0010 0001.00 000000=172.16.33.0 Subnet VLSM Subnet
. . .
www.cisco.com
Network
. . .
Host
. . .
BSCN4-24
. . .
. . .
As already discussed, VLSMs allow you to subnet an already subnetted address. Consider, for example, that you have a subnet address 172.16.32.0/20 and you need to assign addresses to a network that has ten hosts. With this subnet address, however, you have over 4000 (212-2=4094) host addresses, so you would be wasting over 4000 IP addresses. With VLSMs you can further subnet the address 172.16.32.0/20 to give you more network addresses and fewer hosts per network, which would probably work better in this network topology. If, for example, you subnet 172.16.32.0/20 to 172.16.32.0/26, you gain 64(=26) subnets, each of which could support 62 (=26-2) hosts. To further subnet 172.16.32.0/20 to 172.16.32.0/26 do the following: 1. Write 172.16.32.0 in binary form. 2. Draw a vertical line between the 20th and 21st bits, as shown in the graphic. 3. Draw a vertical line between the 26th and 27th bits, as shown in the graphic. 4. Calculate the 64 subnet addresses using the bits between the two vertical lines, from lowest to highest in value. The graphic shows the first five subnets available. If necessary, refer to the Job Aid: Binary Decimal Conversion Chart in Appendix A.
A Working VLSM Example

Derived from the 172.16.32.0/20 Subnet 172.16.32.0/26 172.16.33.0/30 172.16.32.64/26
172.16.33.4/30
172.16.33.8/30
172.16.32.128/26
172.16.33.12/30 Derived from the 172.16.33.0/26 Subnet 172.16.32.192/26
30 bit mask (2 hosts)
26 bit mask (62 hosts)
www.cisco.com
BSCN4-28
VLSMs are commonly used to maximize the number of possible addresses available for a network. For example, because point-to-point serial lines require only two host addresses, you want to use a subnetted address that will not waste scarce subnet numbers. In the graphic, the addresses used on the ethernets are those generated on the previous page, Calculating VLSMs. This graphic illustrates where the addresses can be applied, depending on the number of hosts anticipated at each layer. For example, the WAN links use addresses with a prefix of /30. This prefix allows for only 2 hostsjust enough hosts for a point-to-point connection between a pair of routers. To calculate the addresses used on the WAN links, further subnet one of the unused subnets. In this case, we further subnetted 172.16.33.0/26 with a prefix of /30. This provides 4 more subnet bits and therefore 24 = 16 subnets for the WANs.
It is important to remember that only subnets that are unused can be further Note subnetted. In other words, if you use any addresses from a subnet, that subnet cannot be further subnetted. In the example in the graphic, four subnet numbers are used on the LANs. Another, unused, subnet, 172.16.33.0/26, is further subnetted for use on the WANs.
Written Exercise: Calculating VLSMs

Objective: Given an IP address, use VLSMs to extend the use of the IP address. Task: You are in charge of the network in the graphic below. It consists of 5 LANs with 25 users on each segment and 5 serial links. You have been assigned the IP address 192.168.49.0/24 to allocate addressing for all links.
Written Exercise
Using VLSMs, define appropriate subnets for addressing the networks using 192.168.49.0/24. 25 Users
Addresses for WAN links

A Serial B Serial C Serial D Serial E Serial
A
25 Users
A B C HQ
B
25 Users
C
25 Users
D D E
25 Users
E
www.cisco.com
BSCN4-30
_________________________________________________________________ _________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
_________________________________________________________________
Route Summarization
This section describes and gives examples of route summarization, including implementation considerations.
What Is Route Summarization?

172.16.25.0/24 I can route to the 172.16.0.0/16 network. 172.16.26.0/24
A
172.16.27.0/24
B Routing Table 172.16.0.0/16
Routing Table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24
Routing protocols can summarize addresses of several networks into one address
www.cisco.com
BSCN4-33
In large internetworks hundreds or even thousands of network addresses can exist. In these environments, it is often not desirable for routers to maintain all these routes in their routing table. Route summarization, also called route aggregation or supernetting, can reduce the number of routes that a router must maintain because it is a method of representing a series of network numbers in a single summary address. For example, as the graphic shows, the router can either send three routing update entries, or summarize the addresses into a single network number.
The router in the graphic is saying that it can route to the network 172.16.0.0/16, Note including all subnets of that network. However, if there were other subnets of 172.16.0.0 elsewhere in the network (for example, if 172.16.0.0 was discontiguous), summarizing in this way may not be valid. Discontiguous networks and summarization are discussed later in this chapter.
Another advantage to using route summarization in a large, complex network is that it can isolate topology changes from other routers. That is, if a specific link in the 172.16.27.0/24 domain was flapping, the summary route would not change, so no router external to the domain would need to keep modifying its routing table due to this flapping activity. Route summarization is most effective within a subnetted environment when the network addresses are in contiguous blocks in powers of two. For example, 4, 16, or 512 addresses can be represented by a single routing entry because summary
Copyright 1999, Cisco Systems, Inc. Extending IP Addresses 4-15
masks are binary masksjust like subnet masksso summarization must take place on binary boundaries (powers of two). Routing protocols summarize or aggregate routes based on shared network numbers within the network. Classless routing protocolsRIPv2, OSPF, and Enhanced IGRPsupport route summarization based on subnet addresses, including VLSM addressing. Classful routing protocolsRIPv1 and IGRP automatically summarize routes on the class network boundary, and do not support summarization on any other boundaries. Summarization is described in RFC 1518, An Architecture for IP Address Allocation with CIDR.
Summarizing within an Octet

172.16.168.0/24 = 10101100 . 00010000 .10101 000 . 00000000 172.16.169.0/24 = 172.16.170.0/24 = 172.16.171.0/24 = 172.16.172.0/24 = 172.16.173.0/24 = 172 172 172 172 172 . . . . . 16 16 16 16 16 .10101 001 . .10101 010 . .10101 011 . .10101 100 . .10101 101 . 0 0 0 0 0
Number of Common Bits = 21 Summary: 172.16.168.0/21

Noncommon Bits = 11
BSCN4-34
www.cisco.com
The previous graphic illustrated a summary route based on a full octet 172.16.25.0/24, 172.16.26.0/24, and 172.16.27.0/24 could be summarized into 172.16.0.0/16. What if a router received updates for the following routeshow would the router summarize them?
s s s s s s
172.16.168.0/24 172.16.169.0/24 172.16.170.0/24 172.16.171.0/24 172.16.172.0/24 172.16.173.0/24
To determine the summary route, the router determines the number of highestorder number of bits that match in all of the addresses. Referring to the list of IP addresses on this page, 21 bits match in all of the addresses. Therefore the best summary route is 172.16.168.0/21, as shown in the graphic. To allow the router to aggregate the most number of IP addresses into a single route summary, your IP addressing plan should be hierarchical in nature. This approach is particularly important when using VLSMs, as illustrated on the next page. You can summarize when the number of addresses is a power of two. If it is not a power of two you can divide the addresses into groups and summarize the groups separately.
Summarizing Addresses in a VLSM-Designed Network

172.16.128.0/20 B
17 2. 16 .1 28 .0
172.16.32.64/26 172.16.32.0/24 C 172.16.32.128/26
/2 0
Corporate network A
172.16.0.0/16
64 6. .1 72 0 /2 .0
1
172.16.64.0/20 D
www.cisco.com
BSCN4-35
A VLSM design allows for maximum use of IP addresses, as well as more efficient routing update communication when using hierarchical IP addressing. In the graphic, for example, route summarization occurs at two levels:
s
Router C summarizes two routing updates from networks 172.16.32.64/26 and 172.16.32.128/26 into a single update, 172.16.32.0/24. Router A receives three different routing updates, but summarizes them into a single routing update before propagating it to the corporate network.
Implementation Considerations
Multiple IP addresses must have same highest order bits Routing decisions made based on entire address Routing protocols must carry prefix (subnet mask) length
www.cisco.com
BSCN4-36
Route summarization reduces memory use on routers and routing-protocol network traffic. Requirements for summarization to work correctly are as follows:
s s
Multiple IP addresses must share the same high-order bits. Routing protocols must base their routing decisions on a 32-bit IP address and prefix length that can be up to 32 bits. Routing protocols must carry the prefix length (subnet mask) with the 32-bit IP address.
Route Summarization Operation in Cisco Routers

172.16.5.33 172.16.5.32 172.16.5.0 172.16.0.0 0.0.0.0 /32 /27 /24 /16 /0 host subnet network block of networks default
Supports host-specific routes, blocks of networks, default routes Routers use the longest match
www.cisco.com
BSCN4-37
This following discusses the generalities of how Cisco routers handle route summarization. Details about how route summarization operates with a specific protocol are discussed in the specific protocol chapter. For example, route summarization for OSPF is discussed in the Interconnecting Multiple OSPF Areas chapter. Cisco routers manage route summarization in two ways:
s
Sending route summariesRouting information advertised out an interface is automatically summarized at major (classful) network address boundaries by RIP, IGRP, and Enhanced IGRP. Specifically, this automatic summarization occurs for those routes whose classful network address differs from the major network address of the interface to which the advertisement is being sent. For OSPF you must configure summarization. Route summarization is not always a solution. You would not want to use route summarization if you needed to advertise all networks across a boundary, such as when you have discontiguous networks (discussed on the next page). EIGRP and RIPv2 allow you to disable autosummarization.
Selecting routes from route summariesIf more than one entry in the routing table matches a particular destination, the longest prefix match in the routing table is used. Several routes might match one destination, but the longest matching prefix is used. For example, if a routing table has different paths to 172.16.0.0/16 and to 172.16.5.0/24, packets addressed to 172.16.5.99 would be routed through 172.16.5.0/24 path because that address has the longest match with the destination address.
Summarizing Routes in a Discontiguous Network

172.16.5.0 255.255.255.0 192.168.14.16 255.255.255.240 172.16.6.0 255.255.255.0
A
RIPv1 will advertise network 172.16.0.0
B
RIPv1 will advertise network 172.16.0.0
RIPv1 and IGRP do not advertise subnets, and therefore cannot support discontiguous subnets OSPF, EIGRP, and RIPv2 can advertise subnets, and therefore can support discontiguous subnets
www.cisco.com
BSCN4-38
Classful routing protocols summarize automatically at network boundaries. This behavior, which cannot be changed with RIPv1 and IGRP, has important results:
s s
Subnets are not advertised to a different major network. Discontiguous subnets are not visible to each other.
In the example, the 172.16.5.0 255.255.255.0 and 172.16.6.0 255.255.255.0 subnets are not advertised by RIP because RIP cannot advertise subnets; both Router A and Router B advertise 172.16.0.0. This leads to confusion when routing across network 192.168.14.0; for example Router C receives routes about 172.16.0.0 from two different directions so it cannot make a correct routing decision. This situation can be resolved by using RIPv2, OSPF, or Enhanced IGRP and not using summarization, because the subnet routes would be advertised with their actual subnet masks. Advertisements are configurable when using OSPF and Enhanced IGRP. The Cisco IOS software also provides an IP unnumbered feature that permits noncontiguous subnets separated by an unnumbered link.
Be Careful When Summarizing Routes

172.16.5.0/24 172.16.7.0/24 192.168.14.16 255.255.255.240 172.16.6.0/24
172.16.9.0/24
EIGRP advertises 172.16.0.0/16
EIGRP advertises 172.16.0.0/16
EIGRP on both Router A and Router B advertise a summarized route to 172.16.0.0/16 Router C receives two routes to 172.16.0.0/16 Router A (and/or B) should be configured to not summarize
www.cisco.com
BSCN4-39
Be careful when using route summarization in a network that has discontiguous subnets, or if not all of the summarized subnets are reachable via the advertising router. If a summarized route indicates that certain subnets are reachable via a router, when in fact those subnets are discontiguous and/or are not reachable via that router, the network may have problems similar to those shown in the previous graphic for a RIPv1 network. However, since routers running classless routing protocols use the longest prefix match when selecting a route from the routing table, if the other subnets are advertised without being summarized, then other routers can select the longest prefix match and follow the correct path. For example, in the graphic, if Router A continues to summarize to 172.16.0.0/16 and Router B was configured to not summarize, then Router C would receive explicit routes for 172.16.6.0/24 and 172.16.9.0/24 along with the summarized route to 172.16.0.0/16. All traffic for Router Bs subnets would then be sent to Router B, while all other traffic for the 172.16.0.0 network would be sent to Router A.
Written Exercise: Using Route Summarization

Objective: Given a network plan that includes IP addressing, explain if route summarization is or is not possible. Task: In the following graphics, indicate where route summarization can occur, and what the summarized address would be, by completing the tables.
Exercise 1
Written Exercise
Exercise 1
172.16.1.192/28 172.16.1.208/28
A
172.16.1.64/28 172.16.1.96/28
B
172.16.1.80/28
Other Network Addresses

172.16.1.128/28 172.16.1.144/28 172.16.1.176/28 172.16.1.160/28 172.16.1.48/28
172.16.1.112/28
D Major Network 172.16.0.0/28

www.cisco.com
BSCN4-41
Router C Route Table Entries
Routes That Can Be Advertised to Router D from Router C
Exercise 2
Written Exercise (cont.)

Exercise 2
172.16.1.128/28 172.16.1.144/28
F Other Network Addresses

172.16.1.192/28 172.16.1.208/28 172.16.1.64/28 172.16.1.80/28 172.16.1.96/28 172.16.1.112/28
G
172.16.1.160/28
172.16.1.176/28
H
172.16.1.48/28
D Major Network 172.16.0.0/28
www.cisco.com
BSCN4-42
Router H Route Table Entries
Routes That Can Be Advertised to Router D from Router H
Classless Inter-Domain Routing

This section describes the classless inter-domain routing (CIDR) mechanism.
Classless Inter-domain Routing (CIDR)

Mechanism developed to alleviate exhaustion of addresses and reduce routing table size Blocks of Class C addresses assigned to ISPs; ISPs assign subsets of address space to organizations Blocks are summarized in routing tables
www.cisco.com
BSCN4-44
Classless Inter-domain Routing (CIDR) is a mechanism developed to help alleviate the problem of exhaustion of IP addresses and growth of routing tables. The idea behind CIDR is that blocks of multiple Class C addresses can be combined, or aggregated, to create a larger (that is, more hosts allowed) classless set of IP addresses. Blocks of Class C network numbers are allocated to each network service provider. Organizations using the network service provider for Internet connectivity are allocated subsets of the service provider's address space as required. These multiple Class C addresses can then be summarized in routing tables, resulting in fewer route advertisements CIDR is described further in RFCs 1518 and 1519. RFC 2050, the Internet Registry IP Allocation Guidelines, specifies guidelines for the allocation of IP addresses.
CIDR Example
192.168.8.0/24
A
19 2.1 68
.8.
192.168.9.0/24
. . .
0/2 4
192.168.8.0/21
HQ
B . . . H
192.1 68.9.0
/24
192.168.15.0/24
6 2.1 19
/24 5 .0 8.1
Networks 192.168.8.0/24 through 192.168.15.0/24 are summarized by HQ in one advertisement 192.168.8.0/21

www.cisco.com
BSCN4-45
The graphic shows an example of CIDR and route summarization. The class C network addresses 192.168.8.0/24 through 192.168.15.0/24 are being used and are being advertised to the HQ router. When the HQ router advertises the networks available, instead of separately advertising the eight class C networks, it can summarize these into one route. By advertising 192.168.8.0/21, the HQ router is saying: I can get to all destination addresses that have the first 21 bits the same as the first 21 bits of the address 192.168.8.0. The mechanism used to calculate the summary route to advertise is the same as shown earlier in the chapter.
Case Study: Introduction to Course Case Studies

This section introduces the case studies used throughout the remainder of the course.
Case Study: Introduction to Course Case Studies

Internet
Acquisition A 1 Class A - Private 2 Class C - Public IGRP AS 350, RIP OSPF Area 0 - Small Acquisition C 1 Class B - Public OSPF Area 0 - All Multi-vendor Equipment No Summarization
JKL Corporation 1 Class B - Public Recently re-designed, optimal OSPF Area 0 - Small, Redundant OSPF Multi-Area, Hierarchical VLSM with Route Summarization
Acquisition B 3 Class C - Public IP RIP Only 500 Devices, out of addr. 6 Hops
Acquisition D 1 Class B - Public 1 Class C - Private Enhanced IGRP AS 400 Discontig. Subnets
JKLs Problem: How to integrate Acquisitions A - D?

www.cisco.com
BSCN4-47
Check numbers with Kip Throughout the rest of this course we will be using a Case Study of JKL Corporation to discuss various aspects of scalable routing. The case studies are used to review key concepts, to discuss critical issues surrounding network operation, and to provide a focus for the lab exercises. JKL is an enterprise that will be making four acquisitions A, B, C and D. JKLs ultimate goal is to integrate the acquisitions networks with its own network. JKL has recently undertaken to redesign their network and now have a robust design using OSPF, VLSM and route summarization. JKL has a class B public address. As we introduce details on various topics throughout the rest of the course we will see the problems that JKL must overcome as it integrates the networks of its acquisitions with its own OSPF network. Acquisition A is using a mixture of routing protocolsRIP, IGRP and OSPF. It has two class C public addresses and uses a class A private address. Acquisition B is using 3 class C public addresses and is using only IP RIP as its routing protocol. It has 500 devices and has run out of IP addresses. Acquisition C has a multi-vendor environment and is using OSPF and 1 class B public address. It is not using summarization. Acquisition D has 1 class B and 1 class C public address and discontiguous subnets. It is using EIGRP as the routing protocol.
Copyright 1999, Cisco Systems, Inc. Extending IP Addresses 4-27
In this course we elaborate on many issues relating to routing protocols and addressing strategies; the JKL case study will provide a mechanism to study a practical application of these concepts.
Summary
Summary
Given an IP address, use VLSMs to extend the use of the IP address Given a network plan that includes IP addressing, explain if route summarization is or is not possible
www.cisco.com
BSCN4-48
Review Questions
Answer the following questions.
Review Questions
1. What are some of the advantages of using a hierarchical IP addressing model? 2. Given an address with a prefix of /20, how many additional subnets are gained when subnetting with a prefix of /28? 3. When selecting a route, the __________ prefix match is used.
www.cisco.com
BSCN4-49
Scalable Routing Protocol Overview
Objectives
List the key information routers need to route data Compare distance vector and link-state protocol operation
www.cisco.com
BSCN5-2
Objectives
This chapter discusses the kind of information routers need in order to route traffic and how distance vector and link-state routing protocols operate to get the information. Sections:
s s s s s s
Objectives What Is Routing? Comparing Routing Protocols Written Exercise: Comparing Routing Protocols Summary Answers to Exercises
5-2
What Is Routing?
How do I get this to Hong Kong?
Options
Hong Kong
Regular mail service Two-week ground mail service Overnight air mail service
www.cisco.com
BSCN5-3
What Is Routing?
Routing is the process by which an item gets from one location to another. Many items get routed: for example, mail, telephone calls, and trains. In this class, you have been learning how to configure a router, the device used to route traffic in a computer network. To be able to route anything, a router, or any other entity that performs the routing, needs to know the following key information:
s s s s s
The destination, or address of the item that needs to be routed. From which source it can learn the paths to given destinations. Possible routes, or paths, to intended destinations. The best path(s) to the intended destinations. A way of verifying that the known paths to destinations are the most current.
This information is exactly what a routing protocol provides a router. Further, each routing protocol uses a slightly different mechanism to obtain this information, nevertheless, the goal is the same. The chapters in this module discuss routing protocols in the context of how they operate to provide a router the key information listed. In this way you should be able to better compare routing protocols and their application in your networking environment.
5-3
Comparing Routing Protocols

What must I know to route to Hong Kong?
Destination address Who I can learn routes from Possible routes The best route A way to verify the route is current
Protocol Categories Characteristic Distance Vector Link State Older; for small networks Newer; for large networks Supported Protocols RIP, IGRP, RTMP OSPF, NLSP, IS-IS
www.cisco.com
BSCN5-10
Comparing Routing Protocols

Although there are numerous routing protocols such as RIP, OSPF, IS-IS, and NLSP, they can all be classified under one of the categories shown in the table.
Category Distance vector routing protocols Link-state routing protocols Routing Protocol IP RIP, IPX RIP, AppleTalk RTMP, IGRP IP OPSF, IPX NLSP, IS-IS
Although the protocols operate slightly differently, the mechanisms they use for learning and selecting paths, for example, have their origin in either distance vector or link-state routing. Distance vector protocols were written first and were designed for use in smaller network environments. Link-state protocols were created as a result of growing networks in order to address the limitations that distance vector protocols have when used in larger internetworks. This subsection summarizes the differences in how each routing protocol category obtains the following key information for a router:
s s s s s
Addressing Identifying neighbors Discovering routes Selecting route Maintaining routing information
5-4
172.16.25.0
I can route to the 172.16.0.0 network.

172.16.26.0
172.16.27.0
A single address, similar to a state, represents a large collection of addresses
172.16.28.0
A single address, similar to a city, represents a smaller collection of addresses
www.cisco.com
BSCN5-12
In a small networking environment, there is no concern about running out of addresses. In large and growing networking environments, however, the number of addresses can become very limited unless the addresses are structured into a hierarchical framework. A hierarchical addressing framework has at least two key advantagesincreased availability of addresses and reduced need to memorize all addressing entries. Consider, the postal system, which uses the following hierarchy for routing mail in the United States:
s s s s s
Zip code State City Street House number (most specific)
This six-layer hierarchical structure enables an unlimited number of addresses to exist. In addition, a postal carrier need not memorize all the streets in Chicago, Illinois, if he or she delivers mail in San Diego, California. All the carrier needs to know is what zip code represents Chicago. That is, the zip code is a single entry that represents all house addresses in a given area. In other words, it is a summary of the addresses in an area. To accommodate large internetworks, a similar type of hierarchical framework must be used. To support hierarchical addressing, this module discusses variable length subnet masking (VLSM), which is specifically used in IP environments, and route summarization.
5-5
Identifying Neighbors
B A A D D C
Hello, are you my neighbor?
www.cisco.com
BSCN5-13
Identifying Neighbors
In networks with few routers, routers can converge in a reasonable amount of time, even though a downed router is not detected quickly. However, the delay in detecting a downed router in a large network can be disastrous. To make sure that a downed router is located quickly in a large network, link-state protocols include a process for identifying neighbors and verifying periodically that the neighbors exist. The key differences in how distance vector and link-state protocols identify neighbors is as follows:
Distance Vector Does not have a formal way of learning about neighbors. Link-State Establishes a formal connection (linkstate) with each directly connected neighbor. This is done using the Hello protocol, which is discussed in detail in the Configuring OSPF in a Single Area chapter. Detects when a neighbor is unavailable when a hello is not received in predefined update interval. Typically the interval is 10 seconds.
Detects when a neighbor is unavailable only when the neighbor does not send its routing update during the periodic routing update interval, which can range from 10 to 90 seconds.
5-6
Discovering Paths to Destinations
Token Ring
FDDI
What routes do I have to each network?
www.cisco.com
BSCN5-14
Discovering Paths to Destinations

In networks with few routers, distance vector protocols can use the hearsay method to communicate because there are not many routers through which the information must cross. Further, sending out the entire routing table in a small internetwork does not use much overhead. But consider an internetwork with 100 routers. What would happen if each router sent out its entire routing table? To reduce traffic overhead, link-state routers send information for specific links, not their entire link-state table. In addition, because the link-state information is received firsthand by each router, there is less chance for routing errors to be propagated throughout the network. The key differences in how distance vector and link-state protocols discover the network are as follows:
Distance Vector Each router creates a routing table that includes its directly connected networks and sends the routing table to its directly connected neighbors. The neighbor incorporates all received routing tables into its own routing table and sends the updated routing table to its neighbors. Link-State Each router creates a link-state table that includes entries about the entire network.
Each router floods the entire internetwork with information about the links it knows about in update packets. Each neighboring router receives the update packet, copies the contents, and continues sending it. Note that the router does not recalculate its routing table before sending the entry to its neighbors.
5-7
Selecting the Best Path

A
B
Token Ring
FDDI
What is the best path to host B?

www.cisco.com
BSCN5-15
Selecting the Best Path

In small networks, the media types used are generally the same and the metric used to determine distance is based on the number of routers that are in the path to the destination. But both of these conditions may be problematic in a large and growing network, particularly in the case when there are 100 or so routers and when mixed media is present throughout the network. To address these issues, link-state protocols use bandwidth to determine the distance to a destination. The key differences in how distance vector and link-state protocols select the best path to a destination in the internetwork are as follows:
Distance Vector The typical metric used is to count the number of routers (hops) on the path to the destination. IPX RIP also uses a time value called a tick. The path with the lowest number of hops is the best path. The maximum number of hops is typically 15. To determine the shortest path, the Bellman-Ford algorithm is used. The routing table can include multiple equal cost routes to a given destination. These can be used for load balancing or redundancy. Link-State The metric used is a numerical value based on the bandwidth of the link. The value is called cost. The path with the lowest total cost is the best path. The maximum possible cost is almost unlimited. The algorithm used to determine the lowest cost is the shortest path first (SPF) algorithm. The routing table can include multiple equal cost routes to a given destination. These can be used for load balancing or redundancy.
5-8
Maintaining Routes
A
C C
D D
Routing Update
Routing Table
Routing Table
Routing Table
Routing Table
Send routing table periodically or Send updated entries incrementally

www.cisco.com
BSCN5-16
Maintaining Routes
In a small network using a distance vector protocol, neighboring routers exchange their route information at a periodic interval, which is acceptable because a small network does not typically have much route information. In contrast, routers in large networks must manage large amounts of routing information. Exchanging large routing tables periodically could bring down a network and not allow any data traffic to flow. Link-state protocols address this issue. The key differences in how distance vector and link state protocols maintain routes is as follows:
Distance Vector When a router learns about a change in the internetwork, the router updates its routing table with the change and sends its entire routing table to its neighbors. Neighboring routers incorporate the received routing table into their routing table, run the Bellman-Ford algorithm, and forward their updated routing tables. This process continues until all routers converge. If there is no change in the internetwork at a periodic interval (usually 60 seconds), each router sends out its routing table to its neighbors. Link-State When a router learns about a change in the internetwork, it updates its link-state table and sends an update only about changed entries to all routers in the internetwork. Each router receives the update and adds it to the link-state table.
The routers then run the SPF algorithm to select the best paths. If no change occurs in the internetwork, then the routers will send updates only for those route entries that have not been updated periodicallyfrom 30 minutes to 2 hours, depending on the routing protocol.
5-9
Written Exercise: Comparing Routing Protocols

Objective: List the key information routers need to route data. Objective: Compare distance vector and link-state protocol operation. Task: List the five pieces of information that a router needs in order to route traffic. 1 2 3 4 5 __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________ __________________________________________________________
Task: In the line to the left of each statement, identify the routing protocol by placing a DV for distance vector or LS for link-state. If a sentence describes more than one routing protocol, identify all protocols that apply. _____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ 1. Sends periodic updates, even if no network change has occurred. 2. Sends out updates when network changes occur. 3. The simplest routing protocol to configure. 4. RIP and RTMP are examples of this routing protocol. 5. OSPF is an example of this protocol. 6. Learns about neighbors to ensure bidirectional communication. 7. This protocol determines the best path by the lowest hop count. 8. This protocol uses the shortest path first algorithm.
5-10
Summary
A routing protocol learns the following information: Destination address Identified neighbors Paths to destinations Best path Route information maintained Distance vector protocols are designed for smaller networks Link-state protocols are designed for larger networks
www.cisco.com
BSCN5-18
Summary
5-11
Answers to Written Exercise: Comparing Routing Protocols

First Written Exercise
1 2 3 4 5 Destination address Identify neighbors Discover routes Select routes Maintain routing information
Second Written Exercise

1 2 3 4 5 6 7 8 DV (Note: OSPF sends out updates every 30 minutes.) LS DV DV LS LS DV LS
5-12
5-13
Configuring OSPF in a Single Area
Objectives
Explain why OSPF is better than RIP in a large internetwork Explain how OSPF discovers, chooses, and maintains routes in Multiaccess, Point-to-Point and NBMA networks Configure OSPF for proper operation Verify OSPF operation
www.cisco.com
BSCN 6-2
Objectives
This chapter covers the use, operation, configuration, and verification of OSPF. Sections:
s s s
Objectives OSPF Overview OSPF Operation within a Single Area

s s s
Mutliaccess Network Point-to-Point Network NBMA Network
s s s s s s s
Written Exercise: OSPF Operation Configuring OSPF in a Single Area Verifying OSPF Operation Summary Lab Exercise: Configuring OSPF for a Single Area Answers to Exercises Supplement AOSPF Single Area Configuration Examples
OSPF was written for large and growing networks. It allows you to segregate the Note internetwork into smaller areas. This chapter discusses how OSPF operates within an area and the next chapter, Interconnecting Multiple OSPF Areas, discusses how the areas interoperate with each other.
6-2
OSPF Overview
This section provides an overview of OSPF
What Is OSPF?
Has fast convergence Supports VLSM Has no hop count limitation Processes updates efficiently Selects paths based on bandwidth Supports equal-cost multipath
www.cisco.com
BSCN 6-4
What Is OSPF?
OSPF is a link-state technology, as opposed to a distance vector technology such as RIP. The OSPF protocol performs the two basic primary function of every routing protocol algorithm: path selection and path switching . OSPF was developed by the Internet Engineering Task Force (IETF) in 1988. The most recent version, known as OSPF version 2, is described in RFC 2328. OSPF is an Interior Gateway Protocol (IGP) which means that it distributes routing information between routers belonging to the same Autonomous System. OSPF was written to address the needs of large, scalable internetworks that RIP could not. The issues it addresses are as follows: s Speed of convergenceIn large networks, RIP convergence can take several minutes as the routing algorithm goes through a holddown and route-aging period. With OSPF, convergence is faster than with RIP because routing changes are flooded immediately and computed in parallel. s Support for Variable-Length Subnet Masks (VLSMs)RIP1 does not support VLSMs. OSPF supports subnet masking and VLSMs. (Note that RIP2 supports VLSMs.) s Network reachabilityA RIP network that spans more than 15 hops (15 routers) is considered unreachable. OSPF has virtually no reachability limitations. s Use of bandwidthRIP broadcasts full routing tables to all neighbors every 30 seconds, which is especially problematical over slow WAN links. OSPF multicasts link state updates and only sends the updates when there is a change in the network.
6-3
Method for path selectionRIP has no concept of network delays and link costs. Routing decisions are based purely on hop count, which could lead to suboptimal path selection in cases where a longer path (in terms of hop count) has a higher aggregate link bandwidth and shorter delays. OSPF uses a cost value, which is based on the speed of the connection. As with RIP and IGRP, OSPF also provides support for equal-cost multipath. Note that although OSPF was written for large networks, implementing it requires proper design and planning, which is especially important if your network has more than 50 routers.
s
6-4
OSPF Terminology
Autonomous System
Neighbors
Interfaces
DR
Area 1
Cost=1785
Cost=10
Token Ring
Area 0
BDR
Cost=6
Neighbors Lists Lists Neighbors
Topology Database Lists All Routes
Routing Table Lists Best Routes
www.cisco.com
BSCN 6-13
OSPF Terminology
This page introduces you to a variety of terms related to link-state technology and OSPF. The following are basic terms to get you started:
s
InterfaceThe connection between the router and one of its attached networks. An interface is sometimes referred to as a link in OSPF literature. Link stateThe status of a link between two routers, that is a routers interface and its relationship to its neighboring routers. CostThe value assigned to a link. Rather than hops, link-state protocols assign a cost to a link that is based on the speed of the media. A cost is associated with the output side of each router interface, referred to as Interface Output Cost. Autonomous SystemA group of routers exchanging routing information using a common routing protocol. AreaA collection of networks and routers that have the same area identification. Each router within an area has the same link-state information. A router within an area is an internal router. NeighborTwo routers that have interfaces on a common network. Neighbor relationship are usually discovered and maintained by the Hello protocol. HelloProtocol used by OSPF to establish and maintain neighbor relationship. Designated router (DR) and backup designated router (BDR)A router that is elected by all other routers on the same LAN to represent all the routers. Each network has a DR and BDR. These routers have special responsibilities that are discussed later in this chapter.
6-5
Neighborship list A listing of all the neighbors to which a router has established bi-directional communication. Not every pair of neighboring routers become adjacent. Link-state database, also known as a topological databaseA list of link-state entries of all other routers in the internetwork. It shows the internetwork topology. All routers within an area have identical link-state databases. The link-state database is pieced together from LSAs generated by routers Routing tableThe routing table (also known as forwarding database) generated when an algorithm is run on the link-state database. Each routers routing table is unique.
6-6
OSPF Operation
The following section discusses the operation of OSPF.
OSPF Topologies
Broadcast Multiaccess
Point-to-Point
NBMA
X.25
Frame Relay
www.cisco.com
BSCN 6-15
OSPF Topologies
OSPF can run over multi-access networks or over non-broadcast networks. The topology of a network has an impact on how adjacencies are created. Following are the different topologies found in OSPF and covered in this chapter.
Broadcast Multi-access networksNetworks supporting many (more than two) attached routers, together with the capability to address a single physical message to all of the attached routers (broadcast). An Ethernet segment is an example of a broadcast network. Point-to-point networksA network that joins a single pair of routers. A T1 dedicated serial line is an example of a point-to-point network. Non-broadcast Multi-access networksNetworks supporting many (more than two) routers, but having no broadcast capability. Frame Relay and X.25 are example of Non-Broadcast Multiaccess Networks (NBMA)
6-7
OSPF Operation in a Multi-Access Network

The following section discusses OSPF operation in a multi-access environment, such as Ethernet or Token Ring
Neighborship
D E Hello
A
afadjfjorqpoeru 39547439070713
Hello
Router ID Hello/Dead Intervals Neighbors Area-ID Router Priority DR IP Address BDR IP Address Authentication Password Stub Area Flag
* Entry must match on neighboring routers

www.cisco.com
BSCN 6-17
Neighborship
Because OSPF routing is dependent on the status of a link between two routers, neighbor routers must recognize each other on the network before they can share information. This process is done using the Hello protocol. The Hello Protocol is responsible for establishing and maintaining neighbor relationships.. It ensures that the communication between neighbors is bi-directional, where a router sees itself listed in the Hello packet it received from a neighbor. Hello packets are sent periodically out of each interface participating in OSPF using IP multicast address 224.0.0.5. The information contained in a Hello packet is as follows: Router IDA 32-bit number which uniquely identifies the router within an Autonomous System. The highest IP address on an active interface is chosen by default, for example, IP address 131.108.13.5 would be chosen over 128.11.4.1. This identification is important in establishing neighbor relationships and coordinating messages between copies of the SPF algorithm running in the network. Also, the router ID is used to break ties during the DR and BDR election processes if the priority values are equal. (DR and BDR are discussed later.) Hello and dead intervalsThe hello interval specifies the frequency in seconds that a router sends hellos (ten-second default on multi-access
Copyright 1999, Cisco Systems, Inc. Configuring OSPF in a Single Area 6-8
networks). The dead interval is the time in seconds that a router waits to hear from a neighbor before declaring the neighbor router down (four times the hello interval by default). These timers must be the same on neighboring routers.
6-9
Neighborship (cont.)
D E Hello
A
Hello
Router ID Hello/Dead Intervals Neighbors Area-ID Router Priority DR IP Address BDR IP Address Authentication Password Stub Area Flag
* Entry must match on neighboring routers

www.cisco.com
BSCN 6-18
NeighborsThe neighbors to which a bi-directional communication has been established. Bi-directional communication is indicated when the router sees itself listed in the neighbor's Hello Packet. (At this point, this field is empty.) Area-IDTo communicate, two routers must share a common segment and have their interfaces belong to the same area on that segment (also same subnet and mask). These routers will all have the same link-state information. Router Priority An 8-bit number that indicates the priority of this router when selecting a designated DR and BDR. DR and BDRIf known, the IP addresses of the DR and BDR for the specific network(covered in next section). Authentication passwordIf authentication is enabled, two routers must exchange the same password. Authentication does not have to be set, but if it is set, all peer routers must have the same password. Stub area flagA stub area is a special area that will be discussed in the next chapter. Two routers must agree on the stub area flag in the hello packets.
6-10
A
172.68.5.1/24 E0 172.68.5.2/24 E1
Down State
I am router ID 172.68.5.1 and I see no one.

Init State
Router B Neighbors List 172.68.5.1/24, int E1 I am router ID 172.68.5.2, and I see 172.68.5.1 Router A Neighbors List 172.68.5.2/24, int E0
Two-Way State
www.cisco.com
BSCN 6-22
The exchange process, using the hello protocol, when all routers are coming up on the network at the same time, is as follows: 1. Router A is enabled on the LAN and is in a down state because it has not exchanged information with any other router. It begins by sending a hello packet through each of its interfaces participating in OSPF, even though it does not know the identity of the DR or of any other routers. The Hello packet is sent out using multicast address 224.0.0.5. 2. All routers running OSPF receive the hello packet from router A and add router A to their list of neighbors. This is the Init state. 3. All routers that received the packet send a unicast reply hello packet to router A with their corresponding information, as listed in step 1. The neighbor field includes all other neighboring routers, including router A. 4. When router A receives these packets, it adds all the routers that had its (router As) router ID in their packet to its own neighborship database. This is referred to as the two-way state. At this point, all routers that have each other in their list of neighbors have established bi-directional communication. 5. The routers determine who the DR and BDR will be. The DR and BDR election process is described in the next subsection, Electing the DR and BDR. This process must occur before routers can begin exchanging link-state information. Link-state exchanges are discussed in the Discovering Routes subsection. 6. Periodically (ten seconds by default) the routers within a network exchange hello packets to ensure communication is still working. The hello updates include the DR/BDR and the list of routers whose hello packets have been received by the router. Remember that received means that the receiving router saw its name as one of the entries in the received hello packet.
Establishing Adjacency
DR BDR
Hellos elect DR and BDR Each router forms adjacency with DR and BDR
www.cisco.com
BSCN 6-23
Establishing Adjacency
Adjacency refers to the relationship, which exists between a router and its DR/BDR. Adjacency is based upon the use of a common media segment, example, two routers connected on the same Ethernet segment. But prior to establishing a preferred When routers first come up on a network, they perform the hello process, as discussed in the previous sub-section. A router will then attempt to form adjacencies with some of its newly acquired neighbors. Routers must elect a DR and BDR to represent the network. The DR and BDR add value to the network in the following ways:
s
Reducing routing update trafficThe DR and BDR act as a central point of contact for link-state information exchange on a given network, therefore, each router must establish an adjacency with the DR/BDR. Instead of each router exchanging link-state information with every other router on the segment, each router sends the link-state information to the DR and BDR. The DR represents the multiaccess network in the sense that it sends each routers link-state information to all other routers in the network. This flooding process significantly reduces the router-related traffic on a segment. Manage link-state synchronizationThe DR and BDR assure that the other routers on the network have the same link-state information about the internetwork. In this way, the number of routing errors is reduced.
The BDR does not perform any DR functions when the DR is operating. Instead, it receives all information, but allows the DR to performs the forwarding and synchronization tasks. The BDR performs DR tasks only if the DR fails.
Once a DR/BDR is elected, then any router added to the network will go through Note the establishing adjacencies process only with the DR and BDR.
Copyright 1999, Cisco Systems, Inc. Configuring OSPF in a Single Area 6-12
Electing the DR and BDR

P=3 P=2
DR
BDR
Hello
P=1
P=1
P=0
Hello packets exchanged via IP multicast Router with highest OSPF priority elected
www.cisco.com
BSCN 6-24
Electing a DR and BDR

To elect a DR and BDR, the routers view each others priority value during the hello packet exchange process, and use the following conditions to determine which is elected:
s s s
The router with the highest priority value is the DR. The router with the second highest priority value is the BDR. The default for the interface OSPF priority is 1. In case of a tie, the routers router ID is used. A router with a priority set to 0 is ineligible to become DR or BDR. If a router with a higher priority value gets added to the network, the DR and BDR do NOT change. The only time a DR or BDR will change is if one goes down. If the DR goes down, then the BDR takes over as the DR and a new BDR is elected. If the BDR goes down, a new BDR is elected. To determine if the DR is down, the BDR sets a timer. This is a reliability feature. If the BDR does not hear the DR forwarding link-state advertisements (LSAs) before the timer expires, then the BDR assumes the DR is out of service.
s s
In a multiaccess environment, each network segment will have its own DR and BDR. Therefore a router that is connected to multiple networks can be a DR on one segment and a regular router on another segment. How neighbors are perceived in other network topologies is discussed later on in this chapter.
6-13
Discovering Routes
E0 172.68.5.1
afadjfj orqpoeru 39547439070713
DR E0 172.68.5.3
Exstart State
Hello
I will start exchange because I have router ID 172.68.5.1.

No, I will start exchange because I have a higher router ID.

Exchange State
Hello
Here is a summary of my link-state database.

DBD
DBD
Here is a summary of my link-state database.

www.cisco.com
BSCN 6-26
Discovering Routes
Once the DR and BDR have been elected, the routers are considered to be in the Exstart state and are ready to discover the link-state information about the internetwork and create their link-state databases. The process used to discover the network routes is called the Exchange protocol, and is performed to get the routers to a Full state of communication. Once adjacent routers are in a Full state, they do not redo the exchange protocol unless the Full state changes. The exchange protocol operates as follows: 1. In the Exstart state, the DR and BDR establish adjacencies with each router in the network. During this process, a master-slave relationship is created between each router and its adjacent DR/BDR. The router that has the higher router ID acts as the master. Note that link-state information is exchanged and synchronized only between the DR/BDR and the routers to which they have established adjacencies because having the DR represent the network in this capacity reduces the amount of routing update traffic. 2. The master and slave routers exchange one or more database description packets (DBDs or DDPs), which is referred to as the Exchange state. A DBD includes the LSA entries that appear in the master routers link-state database. The entries can be about a link or about a network. Each LSA entry includes such things as a link-state type, the address of the advertising router, the cost of the link, and the sequence number. The sequence number is a routers way of determining the newness of the received link-state information. The sequence number used by the adjacent routers is the one defined by the master.
6-14
Discovering Routes (cont.)

DR E0 172.68.5.1
E0 172.68.5.3
LSAck
Thanks for the information!

Loading State.
LSAck
LSR
I need the complete entry for network 172.68.6.0/24.

Here is the entry for network 172.68.6.0/24.

LSU
LSAck Thanks for the information!

Full State
www.cisco.com
BSCN 6-29
Discovering Routes (cont.)

3. When the slave router receives the DBD, it does the following: Acknowledges the receipt of the DBD by echoing the link-state entry sequence numbers in a link-state acknowledgment (LSAck) packet. Compares the information it received with the information it has. Remember that the initial entries put into the link-state database are from the adjacencies database. If the DBD has a more up-to-date link-state entry, then the slave router sends a link-state request (LSR) to the master router. The master router responds with the complete information about the requested entry in a link-state update (LSU) packet. Again, the slave router sends an LSAck when the LSU is received. The process of sending LSRs is referred to as the Loading state. 4. All routers add the new link-state entries into their link-state database. 5. Once all LSRs have been satisfied for a given router, the adjacent routers are considered synchronized and in a Full state. The routers must be in a Full state before they can route traffic. At this point, the routers should all have identical link-state databases.
6-15
Choosing Routes
1.1.1.0/24 A
Token Ring
2.2.2.0/24 B
FDDI
3.3.3.0/24 C
Cost=6 Cost=1 Cost=10

4.4.4.0/24 Topology Table Net Cost Out Interface 2.2.2.0 6 To0 3.3.3.0 7 To0 This is the best route to C. 3.3.3.0 10 E0
www.cisco.com
BSCN 6-30
Choosing Routes
Once a router has a complete link-state database, it is ready to create its routing table so it can route traffic. Recall that distance vector protocols such as RIP select the best route to a destination based on a hop count metric. The Bellman-Ford algorithm is run to determine the routes with the lowest hop count. Link-state protocols use a cost metric to determine the best path to a destination. The default cost metric is based on media bandwidth. For example, 10-Mbps Ethernet has a lower cost than a 56kbps line because it is faster. To calculate the lowest cost to a destination, link-state protocols such as OSPF use the Dijkstra algorithm. Using its link-state database as input, a router runs the Dijkstra Algorithm, thus building its routing table step by step. In simple terms, the algorithm adds up the total costs between the local router (the root) and each destination network. If there are multiple paths to a destination, the lowest-cost path is preferred. But note that OSPF keeps up to six equal cost route entries in the routing table for load balancing. Sometimes a link, such as a serial line, will go up and down rapidly (called flapping), or a link-state change may affect another series of links. In these situations, a series of LSUs could be generated, which would cause routers to repeatedly recompute a new routing table. This flapping could be so serious that the routers would never converge. To minimize this problem, each time an LSU is received the router waits for a period of time before recalculating its routing table. The spf holdtime command was added to the Cisco IOS software to prevent routers from computing a new routing table after fewer than 10 seconds (default). Refer to the OSPF version 2 RFC 2328 for a detailed description of the Dijkstra algorithm.
6-16
Maintaining Routing Information

2
Link-State Change
LSU
DR
4 I need to update my routing table. 1 LSU
A New Router
3
LSU
New router tells all OSPF DRs on 224.0.0.6 DR tells others on 224.0.0.5
www.cisco.com
BSCN 6-34
Maintaining Routing Information

In a link-state routing environment, it is very important for all routers' topological databases to stay synchronized. When there is a change in a link-state, the routers use a flooding process to notify the other routers in the network of the change. Link State Update packets provide the mechanism for flooding LSAs. In general, the flooding process is as follows: 1. A router notices a change in a link state and multicasts an LSU packet that includes the updated LSA entry to 224.0.0.6, the all OSPF DRs (and BDR) address. . An LSU packet may contain several distinct LSAs. 2. The DR acknowledges the receipt of the change and floods the LSU to others on the network using the OSPF multicast address 224.0.0.5. To make the flooding procedure reliable, each LSA must be acknowledged separately. After receiving the LSU, each router responds to the DR with an LSAck. 3. If a router is connected to another network, it floods the LSU to other networks by forwarding the LSU to the DR of the multi-access network, or adjacent router if in a point-to-point network. The DR, in turn, multicasts the LSU to the other routers in the network. 4. When a router receives the LSU that includes the changed LSU, the router updates its link-state database. It then computes the SPF algorithm with the new database to generate a new routing table. After a short delay, it switches over to the new routing table. OSPF simplifies the synchronization issue by requiring only adjacent routers to remain synchronized.
6-17
In a Cisco router, if a route already exists, the routing table is used simultaneously Note as the SPF is calculating. But if the SPF is calculating a new route, the use of the routing table occurs after the SPF calculation is complete.
6-18
Maintaining Routing Information (cont.)

LSU LSA Is entry in link-state database? No A Add to database Is seq. # the same? No Is seq. # newer? No Send LSU with newer information to source End
www.cisco.com
BSCN 6-38
Ignore LSA Yes
Yes
Yes
Send LSAck to DR
Flood LSA Run SPF to calculate new routing table
Go to A
End
Maintaining Routing Information (cont.)

Each LSA entry has its own aging timer, carried in the LS Age field. The default timer value is 30 minutes (it is expressed in seconds in the LS age field). After an LSA entry ages, the router that originated the entry sends an LSU to the network to verify that the link is still active. This validation method saves on bandwidth compared to distance vector routers, which send their entire routing table. When each router receives the LSU, it does the following:
s
If the entry already exists and the received LSU has the same information, it ignores the LSA entry. If the entry already exists but the LSU includes new information, it sends an LSAck to the DR, adds the entry to its link state database, and updates its routing table. If the entry already exists but the LSU includes older information, it sends an LSU with its information.
Remember that there are different types of LSAs. In this chapter, the LSAs Note discussed are the router link LSA, which is an LSA about a link and its status, and the network LSA, which the DR sends out. The network LSA describes all the routers attached to a multiaccess segment. The next chapter will discuss other LSA types.
6-19
OSPF Operation in a Point-to-Point network

The following section discusses the OSPF operation with Point-to-Point links
Point-to-Point Neighborship
Router dynamically detects its neighboring router using the Hello protocol No election: adjacency is automatic as soon as the two routers can communicate OSPF packets are always sent as multicast 224.0.0.5
www.cisco.com
BSCN 6-40
Point-to-Point Neighborship
A Point-to-point network joins a single pair of routers. A T1 serial line is an example of a point-to-point network. On point-to-point networks, the router dynamically detects its neighboring routers by sending its Hello packets to the multicast address AllSPFRouters, 224.0.0.0.5. On physical point-to-point networks, neighboring routers become adjacent whenever they can communicate directly. No election is performed. On physical point-to-point networks, the IP destination is always set to the multicast address AllSPFRouters, 224.0.0.5. On all other network types, the majority of OSPF packets are sent as unicasts, i.e., sent directly to the other end of the adjacency, sent as unicasts to the DR and BDR. It is possible to use IP unnumbered with OSPF. Usually, the IP source address is set to the address of the outgoing interface. Interfaces to unnumbered point-topoint networks have no associated IP address. On these interfaces, the IP source will be set to any of the other IP addresses belonging to the router.
6-20
OSPF Operation in a NBMA network

The following section discusses OSPF in a Non-Broadcast Multi-Access environment.
NBMA Network
X.25
Frame Relay
Single interface interconnects multiple sites NBMA support multiple routers but without broadcasting capabilities
www.cisco.com
BSCN 6-42
NBMA Networks
When a single interface is used to interconnect multiple sites, you may have reachability issues because of the nonbroadcast multiaccess (NBMA) nature of Frame Relay and X.25. With Frame Relay running multiple PVCs over a single interface, the primary issue is with split horizon. NBMA networks are those networks that support many (more than two) routers, but have no broadcast capability, such as Frame Relay. For the purpose of our NBMA presentation, we will work with a Frame Relay environment. By default, a Frame Relay network provides NBMA connectivity between remote sites. NBMA connectivity means that although all locations can reach each other, depending on the topology, routing update broadcasts received by one router cannot be forwarded to all locations because Frame Relay networks use split horizon to reduce the number of routing loops.
6-21
Frame Relay Topologies

Multiaccess
(Full Mesh)
Point-to-Multipoint
(Partial Mesh)
Point-to-Point
(Star (Hub and Spoke))
Reachability issues ?
www.cisco.com
BSCN 6-43
Frame Relay Topologies

Frame Relay allows you to interconnect your remote sites in a variety of ways, and by default interfaces that support Frame Relay are multipoint connection types. Example topologies, as shown in Figure 11-7, include the following:
s
A star topology, also known as a hub-and-spoke configuration, is the most popular Frame Relay network topology. In this topology, remote sites are connected to a central site that generally provides a service or application. This is the least expensive topology because it requires the least number of PVCs. In this scenario, the central router provides a multipoint connection because it is typically using a single interface to interconnect multiple PVCs. In a full-mesh topology, all routers have virtual circuits to all other destinations. This method, although costly, provides direct connections from each site to all other sites and allows for redundancy. When one link goes down, a router at site A can reroute traffic through site C, for example. As the number of nodes in the full-mesh topology increases, the topology becomes increasingly more expensive. In a partial-mesh topology, not all sites have direct access to a central site.
Reachability Issues with Routing Updates

By default, a Frame Relay network provides NBMA connectivity between remote sites. NBMA connectivity means that although all locations can reach each other, depending on the topology, routing update broadcasts received by one router cannot be forwarded to all locations because Frame Relay networks use split horizon to reduce the number of routing loops.
6-22
Split-horizon
R1
Update
DLCI 51
S0 Central R2
DLCI 52 Split-Horizon
R3
DLCI 53
Routing updates are prevented from exiting the router interface through which the update was first learned
www.cisco.com
BSCN 6-44
Split-Horizon in NBMA
Split horizon reduces the number of routing loops by not allowing a routing update received on one interface to be forwarded through the same interface. As shown above, central routers interface S0 receives a routing update from router R1. Central router is connecting through three PVCs over a single interface. Split Horizon forbids Central router to send out updates via the same interface that it received them. Therefore, routers R2 and R3 will never receive the update.
6-23
OSPF over Frame Relay Modes of operation

RFC-compliant modes: Non-broadcast multiaccess Point-to-multipoint Additional modes from Cisco: Broadcast multiaccess Point-to-Point
www.cisco.com
BSCN 6-45
OSPF over Frame Relay

As described in RFC 2328, OSPF runs in one of two official modes over nonbroadcast networks:
s
Nonbroadcast multiaccess (NBMA) - Simulates the operation of OSPF in a broadcast network. That is, the routers exchange update traffic to identify their neighbors and elect a designated router (DR)/ backup designated router (BDR). This configuration is usually seen in a fully meshed network. Some configuring is necessary on the router for this mode to work properly, which we will see later on in this chapter. The neighbor will have to be statically defined or they are broadcast.
Broadcasting is implemented by multiplicating packets in routers and individually sent to destination. This process is CPU and bandwidth intensive.
Point-to-multipoint - Treats the non- broadcast network as a collection of point-to-point links. Non-broadcast networks are referred to as NBMA networks or point-to-multipoint networks, depending on OSPF's mode of operation over the network. In this environment, the routers identify their neighbors but do not elect a DR/BDR. This configuration is used typically with partially meshed networks.
The OSPF point-to-multipoint mode is a numbered Point to point interface. This configuration is treated just like any other point to point physical interface. It can be either done under the serial interface itself (typically a point to point interface) or under a point to point subinterface. These point-to-point links operate as if you had a large number of leased lines. Remember though that each point-to-point links must be on its own separate subnet for IP addresses.
6-24
The choice of mode of operation between NBMA mode and point-to-multipoint mode, determines the way that the Hello protocol and flooding work over the nonbroadcast network.
6-25
NBMA mode neighborship
Fully-meshed network Stability of network DR/BDR elected if more than two routers on the Frame Relay network RFC 2328 compliant
www.cisco.com
BSCN 6-46
OSPF in NBMA mode

OSPF considers the NBMA environment like any other broadcast media such as Ethernet. NBMA clouds are usually built in a hub and spoke topology. PVCs or SVCs are laid out in a partial mesh and the physical topology does not provide the multi access that OSPF believes is out there. In NBMA mode, OSPF emulates operation over a broadcast network. A DR and BDR are elected for the NBMA network, and the DR/BDR originates an LSA for the network. Note that in this environment, the routers must be fully meshed in order for adjacencies to be established among the routers. Assuming that there are not a lot of neighbors in the network, NBMA mode is the most efficient way to run OSPF over non-broadcast networks, both in terms of link-state database size and in terms of the amount of routing protocol traffic. However, consider the following before using this mode:
s
Full Mesh: Requires all routers attached to the NBMA network to be able to communicate directly with each other. This restriction may be met on some non-broadcast networks, such as an ATM subnet utilizing SVCs, or Frame Relay, when using subinterfaces, but it is not met in fully-meshed Frame Relay networks. In Fully meshed (and to certain extent partially meshed) Frame Relay networks, the split horizon rule is used, therefore, anything received on a PVC over a given interface, cannot be sent out the same interface on which it was received, even if it is over another PVC, as explained earlier in this chapter. Stability of the network: Link-state routing protocols require that, for a multiaccess environment, neighbor adjacencies has been defined in order for routing updates to be exchanged. In OSPF, the designated router (DR) and backup designated router (BDR), assure that all the routers on the have the same link-state information regarding the internetwork. If the network is not
Configuring OSPF in a Single Area 6-26
stable, anytime a connection is compromised, routers noticing the link state change, multicast an update to the DR/BDR. DR will acknowledged the update and floods it to other routers. Further, any changes made to the link state database, will require the forwarding database to be recalculated, and thus burdening the router CPU. DR and BDR are elected when there are multiple devices (more than two) on the same segment. The intent is to prevent the segment from being overwhelmed with broadcast updates from all of the devices on that same segment. It does not, however, mean that broadcasts are limited to those devices. When a modification occurs the DR and BDR handle the change for that segment. The change is then flooded out into the area, which you will see in the next chapter. It is possible for the frame relay cloud to be its own area, therefore isolating its link state changes from the rest of the network. This however is not a rule and depends on the customers network and their provider. If you are using a single PVC on an interface, and that PVC goes down, the interface goes down. This means that a link failure would be recognized. If running OSPF over subinterfaces, however, if a subinterface goes down, the interface remains up, and therefore, the router does not reflect that there is a connectivity problem. On non-broadcast networks where not all routers can communicate directly, you can break the non-broadcast network into logical subnets, with the routers on each subnet being able to communicate directly. Then, each separate subnet can be run as an NBMA network or a point to point network if each virtual circuit is defined as a separate logical subnet. However, this setting requires quite a bit of administrative overhead, and is prone to misconfiguration. It is probably better to run such a non- broadcast network in point-to-multipoint mode.
6-27
Point-to-Multipoint mode neighborship
Fully-meshed or partially meshed Static neighbor statement Unique IP subnet Duplicate LSA packets RFC 2328 compliant
www.cisco.com
BSCN 6-47
OSPF in Point-to-Multipoint mode

Point-to-multipoint networks are designed to work with partial mesh connectivity. In point-to-multipoint mode, OSPF treats all router-to-router connections over the non- broadcast network as if they are point-to-point links, that is no DR/BDRs are elected, nor is there an LSA generated for the network. In large Frame Relay networks, using point-to-multipoint mode reduces the amount of Frame Relay PVCs required for complete connectivity since you are not required to have fully meshed topology. In addition, not having a fully meshed topology also reduces the number of neighbor entries in your neighbor table. In contrast to NBMA networks, point-to-multipoint networks have the following properties:
s
Does not require fully-meshed network - This environment allows for routing between two routers that are not directly connected, but are connected through a router that has virtual circuits to each. The router that interconnects the non-adjacent neighbors is the one configured for point-to-multipoint. The other routers, assuming that they only have connections to the target router, should be configured for point-to-point. If, however, a spoke router was interconnected to the hub router and another spoke router, then it would be configured as point-to-multipoint as well. Requires static neighbor configuration- In a broadcast network, a multicasted hello packet is used to identify the routers neighbors. In a pointto- multipoint, you must statically define neighbors using the neighbor command, particularly since not all routers are adjacent.
Using the neighbors command, you specify the neighbor by its IP address-number and modify, if necessary, the cost of the link to the neighbor. In a broadcast network, the cost of the link to each neighbor is
equal, but in a point-to-multipoint, the cost can be statically configured to reflect the different bandwidths of each link.
s
Uses unique IP subnets - When using subinterfaces, it requires a unique subnet for each point-to-point connection- can use ip unnumbered for this. Duplicates LSA packet - When flooding out a non-broadcast interface (when either in NBMA or point-to- multipoint mode) the LSA update or LSA ACK packet is replicated in order to be sent to each of the interface's neighbors, as defined in the neighbors table.
6-29
Additional Cisco modes neighborship
Broadcast mode Point-to-point subinterface mode
www.cisco.com
BSCN 6-48
Cisco additional modes

The Broadcast mode approach is a workaround for using the "neighbor" command which statically lists all existing neighbors. The interface will be logically set to broadcast and will behave as if the router were connected to a LAN. DR and BDR election will still be performed so special care should be taken to assure either a full mesh topology or a static selection of the DR based on the interface priority. The point-to-point subinterface mode, the same physical interface can be split into multiple logical interfaces, with each subinterface being defined as point-topoint. This was originally created in order to handle better issues caused by split horizon over NBMA and vector based routing protocols. A point-to-point subinterface has the properties of any physical point-to-point interface. As far as OSPF is concerned, an adjacency is always formed over a point-to-point subinterface with no DR or BDR election, as explained earlier in the section on point-to-point neighborship.
6-30
Adjacencies creation
Point-to-Point interfaces coming up: No election
%LINK-3-UPDOWN: Interface Serial1, changed state to up OSPF: Interface Serial1 going Up OSPF: Rcv hello from 192.168.0.11 area 0 from Serial1 10.1.1.2 OSPF: End of hello processing OSPF: Build router LSA for area 0, router ID 192.168.0.10 OSPF: Rcv DBD from 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x7 len 32 state INIT OSPF: 2 Way Communication to 192.168.0.11 on Serial1, state 2WAY OSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x167F opt 0x2 flag 0x7 len 32 OSPF: NBR Negotiation Done. We are the SLAVE OSPF: Send DBD to 192.168.0.11 on Serial1 seq 0x20C4 opt 0x2 flag 0x2 len 72
Ethernet interface coming up: Election

OSPF: 2 Way Communication to 192.168.0.10 on Ethernet0, state 2WAY OSPF: end of Wait on interface Ethernet0 OSPF: DR/BDR election on Ethernet0 OSPF: Elect BDR 192.168.0.12 OSPF: Elect DR 192.168.0.12 DR: 192.168.0.12 (Id) BDR: 192.168.0.12 (Id) OSPF: Send DBD to 192.168.0.12 on Ethernet0 seq 0x546 opt 0x2 flag 0x7 len 32 <> OSPF: DR/BDR election on Ethernet0 OSPF: Elect BDR 192.168.0.11 OSPF: Elect DR 192.168.0.12 DR: 192.168.0.12 (Id) BDR: 192.168.0.11 (Id)
www.cisco.com
BSCN 6-49
Adjacencies creation
On this two debug output screen, you can see how no election is performed on a point-to-point network. The DBD are exchanged as soon as the two routers can communicate. On a Ethernet segment, an election takes place prior to any routing exchanges.
6-31
OSPF over NBMA Summary

MODE Preferred Topology Subnet Address Same Adjacency Manual configuration DR/BDR elected Automatic No DR/BDR Automatic DR/BDR elected Automatic No DR/BDR RFC or Cisco RFC RFC
Non-broadcast Fully Meshed Point-toMultipoint Broadcast Point-to-Point Subinterface
Star Fully Meshed
Same Same Different for each subint.
Cisco
Any
Cisco
www.cisco.com
BSCN 6-50
OSPF over NBMA Summary

The above table provides a concise comparison between the different modes of operation for OSPF over NBMA.
OSPF has two new features related to point-to-multipoint networks with IOS Note 11.3a: point-to-multipoint broadcast networks: no need to specify neighbors. However, you can specify neighbors with the neighbor command, in which case you should specify a cost to that neighbor. point to multipoint nonbroadcast networks: you now use the neighbor command to identify neighbors . You can find more information on the subject at www.cisco.com with the keywords: OSPF Point-to-Multipoint Network with Separate Costs per Neighbor.
6-32
Written Exercise: OSPF Operation Objective: Explain why OSPF is better than RIP in a large internetwork. Objective: Explain how OSPF discovers, chooses, and maintains routes. Task: Answer the following questions. 1 List three reasons why OSPF operates better than RIP in a large internetwork. ______________________________________________________________ ______________________________________________________________ ______________________________________________________________
What does a router do when it receives an LSU? ______________________________________________________________ ______________________________________________________________ ______________________________________________________________
Identify when the exchange protocol and the flooding protocol are used, and describe how each operates. ______________________________________________________________ ______________________________________________________________ ______________________________________________________________ ______________________________________________________________
Write a brief description of the following: Internal router _________________________________________________ LSU ________________________________________________________
DDP __________________________________________________________ Hello packet _________________________________________________
Match the term with the statement most closely describing it. Write the letter of the description next to the term. ____area ____Full state ____DR A) The router responsible for route synchronization. B) Indicates routers can route information. C) Indicates routers can discover link state information.
____Exchange state D) A collection of routers and networks.
Name the two RFC-compliant modes for OSPF over Non-broadcast Multiaccess network:. ______________________________________________________________
6-33
______________________________________________________________ Name the two additional Cisco modes for OSPF over NBMA: ______________________________________________________________ ______________________________________________________________
6-34

The following section discusses how to configure OSPF in a Single Area
Configuring OSPF on Internal Routers

Broadcast Network A
E0 10.64.0.2 10.64.0.1 E0
Point-to-Point Network B
S0 10.2.1.2 10. 2.1.1 S1
<Output Omitted> interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! <Output Omitted> router ospf 1 network 10.0.0.0 0.255.255.255 area 0
<Output Omitted> interface Ethernet0 ip address 10.64.0.2 255.255.255.0 ! interface Serial0 ip address 10.2.1.2 255.255.255.0 <Output Omitted> router ospf 50 network 10.2.1.2 0.0.0.0 area 0 network 10.64.0.2 0.0.0.0 area 0
Can assign network or interface address.

www.cisco.com
BSCN 6-53
Configuring OSPF on Internal Routers

To configure OSPF, do the following:
Step 1
Enable OSPF on the router.

router(config)#router ospf process-id
process-idAn internally used number to identify if you have multiple OSPF processes running within a single router. The process-id need not match process-ids on other routers. Running multiple OSPF processes on the same router is not recommended because it creates multiple database instances that add extra overhead.
Step 2
Identify which IP networks on the router are part of the OSPF network. For each network, you must identify to what area the networks belong. The network value can vary in that it can be the network address supported by the router, or the specific interface addresses configured. The router knows how to interpret the address by comparing the address to the wildcard mask.
router(config-router)#network address wildcard-mask area area-id
network area Command address
Description Can be the network address, subnet, or the address of the interface. Instructs router to know which links to advertise, which links to listen to advertisements on, and what networks to advertise. An inverse mask used to determine how to read the address. The mask has wildcard bits where 0 is a match and 1 is dont care; for example, 0.0.255.255 indicates a match in the first two bytes.
wildcard-mask
6-35
area area-id
If specifying the interface address, use mask 0.0.0.0. Specifies the area to be associated with the address. Can be a number or can be similar to an IP address A.B.C.D. For a single area, the ID must equal 0.
6-36
Configuring Optional Commands

Bogus Loopback Address Ex: 1.1.1.1 Not in OSPF table Saves address space Cannot use ping Real Loopback Address Ex: 131.108.17.5 In OSPF table Uses address space Can use ping Network 131.108.0.0
Router ID:
Number by which the router is known to OSPF Default: The largest IP address on an active interface at the moment of OSPF process startup Can be overridden by a loopback interface: highest
IP address of any active loopback interface
www.cisco.com
BSCN 6-54
Configuring Optional Commands

The following commands can be used to modify OSPF behavior:
s
Modifying the OSPF router ID to a loopback address:

router(config-if)#interface loopback number
The highest IP address used as the router ID can be overridden by configuring an IP address on a loopback interface. OSPF is more reliable if a loopback interface is configured because it is always active and cannot go down like a real interface. So it is recommended that you use the loopback address on all key routers, at least. If you plan to publish your loopback address with the network area command, make sure you use a private IP address. Note that a loopback address requires a different subnet for each router. Pros and cons exist in using a made-up or bogus address as opposed to using real subnet addresses. In addition to reliability, a bogus address saves on real IP addresses, but the address does not appear in the OSPF table, so it cannot be pinged. This decision represents a trade-off between the ease of debugging the network and conservation of address space. To determine the router ID of a router, type show ip ospf interface.
s
Modifying router priorityChanging the OSPF priority on an interface is done using the following interface command:
router(config-if)#ip ospf priority number (from 0 to 255)
The default is 1. A priority value of 0 indicates an interface cannot be elected as DR or BDR.
6-37
Configuring Optional Commands (cont.)

Traffic
Token Ring
Cisco
Router(config-if)#
Non-Cisco
ip ospf cost cost
Assigns a cost to an outgoing interface May be required for interoperability Use default cost between Cisco devices
www.cisco.com
BSCN 6-55
Configuring Optional Commands (cont.)

s
Modifying the link costOverride the default cost value assigned to an OSPF interface.
router(config-if)#ip ospf cost cost
costA number from 1 to 65535 that indicates the metric assigned to the interface. Path cost is the total of the costs assigned to all interfaces that forward traffic along the path to the destination. Ciscos OSPF default cost assignment is based on the bandwidth of the link. Other vendors might use a different mechanism to assign OSPF cost to a link, so you may have to change the default cost because all interfaces connected to the same link must agree on the links cost. In general, the path cost in Cisco routers is calculated using the formula:108/Bandwidth. Using this formula, the following are some example default costs: 56-kbps serial linkDefault cost is 1785 T1 (1.544-Mbps serial link)Default cost is 64 EthernetDefault cost is 10 16-Mbps Token RingDefault cost is 6
On serial lines, the default bandwidth is 1.544 Mbps. If the line is a slower speed, Note use the bandwidth command to specify the real link speed. The cost of the link will then change to correspond to the bandwidth you configured.
6-38
Configuring OSPF over Frame Relay

Router(config-if)#
ip ospf network {non-broadcast | point-to-multipoint | broadcast}
Non-broadcast mode Point-to-Multipoint mode Broadcast mode Point-to-point subinterface mode
www.cisco.com
BSCN 6-56
Configuring OSPF over Frame Relay

OSPF over Frame Relay can be configured in four different modes:
s
RFC compliant modes:

Non-broadcast mode (RFC compliant) Point-to-Multipoint mode (RFC compliant) Broadcast mode (additional Cisco mode) Point-to-point mode (this mode is achieved through the subinterface point-to-point configuration) (additional Cisco mode)
The following command is used to specify the ospf network configuration (not necessarily the physical configuration): router(config-if)#ip ospf network {non-broadcast | point-tomultipoint | broadcast}
Ip ospf network Command Non-broadcast Point-to-multipoint Broadcast Description Sets the network type to non-broadcast Sets the network type to point-to-multipoint Sets the network type to broadcast
6-39
Configuring OSPF in Non-broadcast mode

Router(config-router)#
Neighbor ip-address priority number poll-interval sec

R1(config)#interface Serial0 R1(config-if)#ip address 10.1.1.1 255.255.255.0 R1(config-if)#encapsulation frame-relay R1(config-if)#ip ospf network non-broadcast R1(config)#router ospf 1 R1(config-router)#network 10.1.1.0 0.0.0.255 area 0 R1(config-router)#neighbor 10.1.1.2 R1(config-router)#neighbor 10.1.1.3 R1(config-router)#neighbor 10.1.1.4
Non-broadcast mode by default, so no need for this command Neighbor statements necessary www.cisco.com
BSCN 6-57
Configuring OSPF in NBMA mode

The selection of the DR becomes an issue in a NBMA mode because the DR and BDR need to have full physical connectivity with all routers that exist on the cloud. Also, because of the lack of broadcast capabilities, the DR and BDR need to have a static list of all other routers attached to the cloud. This is achieved using the neighbor command. The neighbor commend is somewhat obsolete with the introduction of means of setting the interface Network Type to whatever we want irrespective of what the underlying physical media is. Different methods can be used to avoid the complications of configuring static neighbors and having specific routers becoming DRs or BDRs on the non-broadcast cloud. This is explained in the following section. The neighbor command is used to configure OSPF routers interconnecting to nonbroadcast networks: router(config-router)#neighbor ip address [priority number] [pollinterval seconds] [cost number]
Neighbor Command
Description Interface IP address of the neighbor (Optional) 8-bit number indicating the router priority value of the nonbroadcast neighbor associated with the IP address specified. The default is 0. This keyword does not apply to point-to-multipoint interfaces.
Ip address
Priority
Poll-interval
(Optional) Unsigned integer value reflecting the poll interval. RFC 1247 recommends that this value be much larger than the hello interval. The
Cost
default is 120 seconds (2 minutes). This keyword does not apply to point-to-multipoint interfaces. (Optional) Assigns a cost to the neighbor, in the form of an integer from 1 to 65535. Neighbors with no specific cost configured will assume the cost of the interface, based on the ip ospf cost command. On point-to-multipoint interfaces, this is the only keyword and argument that make sense. This keyword does not apply to NBMA networks.
6-41
Configuring OSPF in Point-to-Multipoint mode

R1(config)#interface Serial0 R1(config-if)#ip address 10.1.1.1 255.255.255.0 R1(config-if)#encapsulation frame-relay R1(config-if)#ip ospf network point-to-multipoint R1(config)#router ospf 1 R1(config-router)#network 10.1.1.0 0.0.0.255 area 0
No need for DR and neighbor statements OSPF exchanges additional LSUs Can be done with Star topology
www.cisco.com
BSCN 6-58
Configuring OSPF in Point-to-Multipoint mode

An OSPF point-to-multipoint interface is defined as a numbered point-to-point interface having one or more neighbors. The cloud is configured as one subnet. No need to worry about DRs and neighbor statements. OSPF point-to-multipoint works by exchanging additional link-state updates that contain a number of information elements that describe connectivity to the neighboring routers.
6-42
Configuring OSPF in Broadcast mode

R1(config)#interface Serial0 R1(config-if)#ip address 10.1.1.1 255.255.255.0 R1(config-if)#encapsulation frame-relay R1(config-if)#ip ospf network broadcast R1(config)#router ospf 1 R1(config-router)#network 10.1.1.0 0.0.0.255 area 0
No need for DR and neighbor statements

Full mesh topology required or a static selection of the DR based on priority
www.cisco.com
BSCN 6-59
Configuring OSPF in Broadcast mode

This approach is a workaround for using the "neighbor" command which statically lists all existing neighbors. This configuration works best with a fully-meshed network.
6-43
Configuring OSPF in Point-to-Point subinterface mode

R1(config)#interface Serial0 R1(config-if)#no ip address R1(config-if)#encapsulation frame-relay R1(config)#interface Serial0.1 point-to-point R1(config-if)#ip address 10.1.1.1 255.255.255.0 R1(config-if)#frame-relay interface-dlci 51 R1(config)#interface Serial0.2 point-to-point R1(config-if)#ip address 10.1.2.1 255.255.255.0 R1(config-if)#frame-relay interface-dlci 52 R1(config)#router ospf 1 R1(config-router)#network 10.1.0.0 0.0.255.255 area 0
OSPF considers each subinterface as a physical point-to-point network Adjacency is automatic

www.cisco.com
BSCN 6-60
Configuring OSPF in Point-to-Point subinterface mode

To configure subinterfaces on a physical interface, do the following: 1. Select the interface that you want to create subinterfaces on and get into the interface configuration mode. 2. It is recommended that you remove any network-layer address assigned to the physical interface and assign the network layer address to the subinterface. 3. Configure Frame Relay encapsulation, as discussed in the Configuring Basic Frame Relay section. 4. Select the subinterface you want to configure: router(config)#interface serial number.subinterface-number {multipoint | pointto-point}
interface serial Command .subinterface-number Description Subinterface number in the range 1 to 4294967293. The interface number that precedes the period (.) must match the interface number to which this subinterface belongs. Select this if routing IP and you want all routers in same subnet. Select this if you want each pair of point-to-point routers to have its own subnet.
multipoint point-to-point
6-44
Verifying OSPF Operation

The following section describes commands to use to verify OSPF operation.

Router#
show ip protocol
Verifies OSPF is configured

Router#
show ip route
Displays all the routes learned by the router

Router#
show ip ospf interface
Displays area ID and adjacency information

www.cisco.com
BSCN 6-62

The following commands can be used to verify OSPF operation and statistics. The show ip protocol displays parameters about timers, filters, metrics, networks, and other information for the entire router. The show ip route displays the routes known to the router and how they were learned. This is one of the best ways to determine connectivity between the local router and the rest of the internetwork. The show ip ospf interface verifies that interfaces have been configured in the intended areas. If no loopback address is specified, the interface with the highest address is taken as the router ID. It also gives the timer intervals including the hello interval and shows the neighbor adjacencies.
6-45
Verifying OSPF Operation (cont.)

Router#
show ip ospf
Displays OSPF timers and statistics

Router#
show ip ospf neighbor detail
Displays information about DR/BDR and neighbors

Router#
show ip ospf database
Displays the link-state database
www.cisco.com
BSCN 6-64

The show ip ospf displays the number of times the shortest path first (SPF) algorithm has been executed. It also shows the link-state update interval, assuming no topological changes have occurred. The show ip ospf neighbor detail displays details list of neighbors, their priorities, and their state, for example, init, exstart, or full. The show ip ospf database displays the contents of the topological database maintained by the router. The command also shows the router ID and the OSPF process ID. A number of database types can be shown with this command using keywords. Refer to the Cisco IOS Command Reference, Part 1 manual for details about the keywords.
6-46

Router#
clear ip route *
Allows you to clear the IP routing table

Router#
debug ip ospf
Displays router interaction during the hello, exchange, and flooding processes
www.cisco.com
BSCN 6-69

The following commands and their associated options can be used when troubleshooting OSPF. These will be discussed further in the Configuring OSPF lab exercise.
s
Reset the IP routing table using the following options:

p2r2#clear ip route ? * Delete all routes A.B.C.D Destination network route to delete
Debug a variety of OSPF operations using the following debug options:

p2r2#debug ip ospf ? adj OSPF events OSPF flood OSPF lsa-generation OSPF packet OSPF retransmission OSPF spf OSPF tree OSPF adjacency events events flooding lsa generation packets retransmission events spf database tree
6-47
show ip ospf interface
R2#sh ip ospf int e0 Ethernet0 is up, line protocol is up Internet Address 192.168.0.12/24, Area 0 Process ID 1, Router ID 192.168.0.12, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 192.168.0.11, Interface address 192.168.0.11 Backup Designated router (ID) 192.168.0.13, Interface address 192.168.0.13 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 3, Adjacent neighbor count is 2 Adjacent with neighbor 192.168.0.13 (Backup Designated Router) Adjacent with neighbor 192.168.0.11 (Designated Router) Suppress hello for 0 neighbor(s)
www.cisco.com
BSCN 6-63
Show ip ospf interface command

The show ip ospf interface command displays OSPF-related interface information:
Router>show ip ospf interface [type number]

Show ip ospf interface Command Description
Type Number
(optional) Interface type (Optional) Interface number
6-48
Show ip ospf neighbor Multiaccess and Point-to-Point

Neighbor ID 192.168.0.13 192.168.0.14 192.168.0.11 192.168.0.12 Pri 1 1 1 1 State 2WAY/DROTHER FULL/BDR 2WAY/DROTHER FULL/DR Dead Time Address 00:00:31 192.168.0.13 00:00:38 192.168.0.14 00:00:36 192.168.0.11 00:00:38 192.168.0.12 Interface Ethernet0 Ethernet0 Ethernet0 Ethernet0
OSPF over Ethernet - Multiaccess network
Neighbor ID 192.168.0.11
Pri State 1 FULL/ -
Dead Time Address 00:00:39 10.1.1.2
Interface Serial1
OSPF over HDLC - Point-to-Point network
www.cisco.com
BSCN 6-65
Show ip ospf neighbor command multiaccess and point-to-point mode

The show ip ospf neighbor OSPF-neighbor information on a per-interface basis:
Router>show ip ospf neighbor [type number] [neighbor-id] [detail]
Show ip ospf neighbor Command
Description
Type number Neighbor-id

detail
(optional) Interface type (Optional) Interface number (Optional) Neighbors ID. (Optional) Displays all neighbors given in detail (list all neighbors).
6-49
Show ip ospf neighbor (cont.) NBMA network
Neighbor ID 192.168.0.12 192.168.0.13 192.168.0.11
Pri State Dead Time Address 1 FULL/DROTHER 0:01:56 10.1.1.2 0 FULL/DROTHER 0:01:34 10.1.1.3 1 FULL/BDR 0:01:56 10.1.1.1
Interface Serial0 Serial0 Serial0
OSPF over Frame Relay - Non-broadcast mode using the neighbor command
www.cisco.com
BSCN 6-66
Show ip ospf neighbor command (cont.) Non-broadcast mode

If this example, though not visible, the neighbor statement was used under the router ospf command, so the adjacencies could be established.
6-50
Show ip ospf neighbor (cont.) NBMA network
Neighbor ID 192.168.0.14 192.168.0.13 192.168.0.12
Pri 1 1 1
State Dead Time Address Interface FULL/DR 00:00:30 10.1.1.4 Serial0 FULL/DROTHER 00:00:36 10.1.1.3 Serial0 FULL/DROTHER 00:00:39 10.1.1.2 Serial0
OSPF over Frame Relay - Broadcast mode
www.cisco.com
BSCN 6-67
Show ip ospf neighbor command (cont.) Broadcast mode
6-51

R2#show ip ospf database OSPF Router with ID (192.168.0.12) (Process ID 1)
Router Link States (Area 0) Link ID ADV Router 192.168.0.10 192.168.0.10 192.168.0.11 192.168.0.11 192.168.0.12 192.168.0.12 192.168.0.13 192.168.0.13 192.168.0.14 192.168.0.14 Age 817 817 816 816 817 Seq# Checksum Link count 0x80000003 0xFF56 1 0x80000003 0xFD55 1 0x80000003 0xFB54 1 0x80000003 0xF953 1 0x80000003 0xD990 1
Net Link States (Area 0) Link ID ADV Router Age 192.168.0.14 192.168.0.14 812 Seq# Checksum 0x80000002 0x4AC8
www.cisco.com
BSCN 6-68
Show ip ospf database command

When using the show ip ospf database command, you wish to confirm that your router is aware of all segment in your area. You are also seen the advertising router, the DR.
6-52
Debug ip ospf adj

192.168.0.14 on Ethernet0, state 2WAY OSPF: end of Wait on interface Ethernet0 OSPF: DR/BDR election on Ethernet0 OSPF: Elect BDR 192.168.0.14 OSPF: Elect DR 192.168.0.14 DR: 192.168.0.14 (Id) BDR: 192.168.0.14 (Id) OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x11DB opt 0x2 flag 0x7 len 32 OSPF: Build router LSA for area 0, router ID 192.168.0.11 OSPF: Neighbor change Event on interface Ethernet0 OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x7 len 32 state EXSTART OSPF: NBR Negotiation Done. We are the SLAVE OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x1598 opt 0x2 flag 0x2 len 52 OSPF: Rcv DBD from 192.168.0.14 on Ethernet0 seq 0x1599 opt 0x2 flag 0x3 len 92 state EXCHANGE OSPF: Exchange Done with 192.168.0.14 on Ethernet0 OSPF: Send DBD to 192.168.0.14 on Ethernet0 seq 0x159A opt 0x2 flag 0x0 len 32 OSPF: Synchronized with 192.168.0.14 on Ethernet0, state FULL OSPF: Build router LSA for area 0, router ID 192.168.0.11 OSPF: Neighbor change Event on interface Ethernet0 OSPF: DR/BDR election on Ethernet0 OSPF: Elect BDR 192.168.0.13 OSPF: Elect DR 192.168.0.14 DR: 192.168.0.14 (Id) BDR: 192.168.0.13 (Id)
www.cisco.com
BSCN 6-70
Debug ip ospf adj command

When using the debug ip ospf adj command to debug adjacency, you wish to monitor the election of the DR and BDR as shown on the screen capture. Be advised that the command is really: debug ip ospf adj
6-53
Summary
OSPF is a scalable, standards-based linkstate routing protocol Link-state protocol OSPF benefits include:
No hop count limit Mulitcasts routing updates Faster convergence Better path selection
www.cisco.com
BSCN 6-71
Summary
6-54
Case Study OSPF Single Area Considerations

Ethernet
Process ID = 109
Area 0
Area 0 Process ID = 31 Frame Relay Area 0 Process ID = 63
Point-to-Point
PID = 16
Requires Internal Route Redistribution

PID = 17 Point-to-Point PID = 18
PID = 19
www.cisco.com
BSCN 6-73
OSPF Single Area Considerations

Following are some points to consider when designing an OSPF network:
s s
Which router should be the DR/BDR? Should I use the priority command? For NBMA, what would be the advantages and disadvantages of each of the following mode in terms of IP subnet addresses and how would the adjacency be done:

Non-broadcast Point-to-Multipoint Broadcast Point-to-point subinterface
If my router is running two separate OSPF Process, do I wish to redistribute the routes learned on one ID to the next Process ID? (Redistribution will be discussed later in the course).
6-55
Answers to Written Exercise: OSPF Operation

Task: Answer the following questions. 1 List three reasons why OSPF operates better than RIP in a large internetwork. Refer to the list of reasons in the What Is OSPF? section. 2 What does a router do when it receives an LSU? When each router receives the LSU, it does the following: If the entry already exists and the received LSU has the same information, it resets the aging timer on the LSA entry and sends an LSAck to the DR. (Recall that the DR is the central point of contact during the flooding process.) If the entry already exists but the LSU includes new information, it sends a LSR to request all the information about the entry. If the entry already exists but the LSU includes older information, it sends an LSU with its information. 3 Identify when the exchange protocol and the flooding protocol are used, and describe how each operates. The exchange process is used to get neighboring routers into a Full state. To be initiated, two routers must agree on a master-slave relationship. The process enables them to synchronize their link-state databases using DDPs. Once in a Full state the exchange process does not get done again unless the Full state is changed to a different state. The flooding process is used anytime there is a change in a link-state, such as the link goes down or a new link is added to the network. In this process, all link-state changes are sent in LSU packets to the DR/BDR of the area. The DR is then responsible for forwarding the LSUs to all other routers in the network. 4 Write a brief description of the following: Internal routerA router that resides within an area and routes traffic. LSUA link-state update packet. This packet includes update information about link-state advertisements. DDPA database description packet. This packet is used during the exchange protocol and includes summary information about link-state entries. Hello packetUsed during the hello process, includes information that enables routers to establish themselves as neighbors.
Match the term with the statement most closely describing it. Write the letter of the description next to the term. ___D ___B ___A area Full state DR A) The router responsible for route synchronization. B) Indicates routers can route information. C) Indicates routers can discover link state information.
___C
Exchange state D) A collection of routers and networks.
Name the two RFC-compliant modes for OSPF over Non-broadcast Multiaccess network:. Non-broadcast Point-to-Multipoint Name the two additional Cisco modes for OSPF over NBMA: Broadcast Point-to-point
6-57
6-58
Interconnecting Multiple OSPF Areas
Objectives
Describe the issues with interconnecting multiple areas and how OSPF addresses each Explain the differences between the possible types of areas, routers, and LSAs Configure a multiarea OSPF network Configure area as Stubby, Totally Stubby and Not-so-stubby-area Verify OSPF operation
www.cisco.com
BSCN7-2
Objectives
This chapter covers the use, operation, configuration, and verification of OSPF. Sections:
Objectives Creating Multiple OSPF Areas OSPF Operation across Multiple Areas Written Exercise: OSPF Operation across Multiple Areas Using and Configuring OSPF Multiarea Components Verifying OSPF Operation Summary Lab Exercise: Configuring a Multiarea Network Answers to Exercises Supplement AOSPF Multiarea Configuration Examples Supplement BVirtual Links Overview Supplement CNot-So-Stubby Areas (NSSA) Overview
7-2
Creating Multiple OSPF Areas

This chapter presents OSPF capabilities. OSPF design is covered in the Cisco Note Internetwork Design course.
Issues with Maintaining a Large OSPF Network

OSPF I am only receiving LSAs, no data. OSPF OSPF OSPF OSPF The SPF is running too often for me to route.
My routing table is too big, I am running low on memory.
www.cisco.com
BSCN7-4
Issues with Maintaining a Large Single-Area OSPF Network

Thus far you have seen how OSPF operates within a single area. What issues would arise if this single area ballooned into having 400 networks? The following issues, at a minimum, would need to be addressed:
s
Frequent SPF calculationsWith such a large network, network changes are inevitable, so the routers would have to spend many more CPU cycles recalculating the routing table. Large routing tableEach router would need to maintain at least one entry for every network, that is, at least 400 networks. And assuming that there were multiple paths to 25 percent of the networks, then that is another 100 entries. Large link-state tableBecause the link-state table includes the complete topology of the network, each router would need to maintain an entry for every network in the area, even of the routes not selected for the routing table.
It is because of these kinds of issues that OSPF was written to allow large areas to be separated into smaller, more manageable areas that can still exchange routing information.
7-3
The Solution: OSPF Hierarchical Routing

Area 0
Area 1
Area 2
Autonomous System
Consists of areas and autonomous systems Minimizes routing update traffic

www.cisco.com
BSCN7-5
The Solution: OSPF Hierarchical Routing

OSPFs ability to separate a large internetwork into multiple areas is also referred to as hierarchical routing. Hierarchical routing enables you to separate large internetworks (autonomous system) into smaller internetworks that are called areas. With this technique, routing still occurs between the areas (called interarea routing), but many of the minute internal routing operations such as recalculating the database are kept within an area. For example, if area 1 is having problems with a link going up and down, routers in other areas need not continually run their SPF calculation because they are isolated from the area 1 problem. The hierarchical topology possibilities of OSPF have several important advantages:
s
Reduced frequency of SPF calculationsBecause detailed route information is kept within each area, it is not necessary to flood all link-state changes to all other areas. Thus, not all routers need to run the SPF calculation, only those affected by the change. Smaller routing tablesWhen using multiple areas, detailed route entries for specific networks within an area are kept in the area. Instead of advertising these explicit routes outside the area, you can have the routes summarized into one or more summary addresses. Advertising these summaries reduces the amount of LSAs propagated between areas, but keeps all networks reachable. Reduced LSU overheadLSUs can contain a variety of LSA types, including link-state information and summary information. Rather than send an LSU about each network within an area, you can advertise a single or fewer summarized routes between areas to reduce the overhead associated with linkstate updates when they are crossing areas.
7-4
OSPF Multiarea Components

Areas Routers LSAs
Area 0 I am a backbone.
Internal
Type 1
Type 2
Area 1 I am standard.
ABR
Type 3/4
Area 2 I am a stub.
ASBR
Type 5
Backbone
www.cisco.com
BSCN7-6
OSPF Multiarea Components

Hierarchical routing enables routing efficiency because it allows you to control the types of routing information that you allow in and out of an area. The way OSPF enables different types of routing updates is to assign characteristics to each area and the routers connecting the areas. The characteristics an area and router have govern how they process routing information, including what types of LSUs a router can create, receive, and send. This subsection provides an overview of the following OSPF multiarea components; details about their usage and configuration appear in the following section:
s s s
Types of areas Types of routers Types of LSAs
7-5
Types of OSPF Routers

Area 1 Backbone Area 0 Area 2
ABR and Backbone Router Backbone/ Internal Internal Routers Routers
Internal Routers ASBR and Backbone Router ABR and Backbone Router
External AS
www.cisco.com
BSCN7-11
Types of OSPF Routers

To control the traffic types that go in and out of the various types of areas, you need certain types of OSPF routers. The router types are as follows:
s
Internal routerAs already discussed, routers that have all interfaces in the same area are internal routers. Internal routers within the same area have identical link-state databases and run a single copy of the routing algorithm. Backbone routersRouters that sit on the perimeter of the backbone area. They have at least one interface connected to area 0.These routers maintain OSPF routing information using the same procedures and algorithms as internal routers. Area Border Router (ABR)Routers that have interfaces attached to multiple areas. These routers maintain separate link-state databases for each area to which they are connected, and route traffic destined for or arriving from other areas. ABRs are exit points for the area, which means routing information destined for another area can only get there via the local areas ABR. ABRs summarize information from their link-state databases of their attached areas and distribute the information into the backbone. The backbone ABRs then forward the information to all other connected areas. An area can have one or more ABR. Autonomous System Boundary Router (ASBR)Routers that have at least one interface into an external internetwork (another autonomous system), such as a non-OSPF network. These routers can import (referred to as redistribution) non-OSPF network information to the OSPF network, and visa versa.
A router can be more than one router type. For example, if a router interconnects to area 0 and area 1, as well as to a non-OSPF network, it would be both an ABR and ASBR.
7-6
A router has a separate link-state database for each area it is connected to. Therefore, a ABR would have a link-state database for Area 0 and another linkstate database for the other area it participates to. Two routers belonging to the same area have, for that one area, identical area link-state databases. Also, remember that Link-state databases are synchronized between pairs of adjacent routers, meaning that it is synchronized between a router and its DR/BDR
7-7
Types of Link-State Advertisements

Area 1
DR
Area 0
Network Router
ABR
External
ASBR
External AS
Summary
p1r3#show ip ospf database OSPF Router with ID (10.64.0.1) (Process ID 1) Router Link States (Area 1) ADV Router Age Seq# Checksum Link count 10.1.2.1 651 0x80000005 0xD482 4 Net Link States (Area 1) ADV Router Age 10.64.0.1 538
Link ID 10.1.2.1
Link ID 10.64.0.1
Seq# Checksum 0x80000002 0xAD9A
Link ID 10.2.1.0
Summary Net Link States (Area 1) ADV Router Age Seq# Checksum 10.2.1.2 439 0x80000002 0xE6F8
www.cisco.com
BSCN7-12
Types of Link-State Advertisements

Following are the types of LSAs that can be included in an LSU:
7-8
LSA Type 1
Name
Description
Router link entry (record) (O-OSPF)
Generated by each router for each area it belongs to. It describes the states of the router's link to the area. These are only flooded within a particular area. The link status and cost are two of the descriptors provided. Generated by DRs in multiaccess networks. They describe the set of routers attached to a particular network. Flooded within the area that contains the network only. Originated by ABRs. Describes the links between the ABR and the internal routers of a local area. These entries are flooded throughout the backbone area to the other ABRs. Type-3 describes routes to networks within the local area and are sent to the backbone area. Type-4 describes reachability to ASBRs. These link entries are not flooded through totally stubby areas. Originated by the ASBR. Describes routes to destinations external to the autonomous system. Flooded throughout an OSPF autonomous system except for stub and totally stubby areas.
Network link entry (O-OSPF)
3 or 4
Summary link entry (IA-OSPF Inter area)
Autonomous system external link entry (E1-OSPF external type-1) (E2-OSPF external type-2)
All LSA types, except the AS-external-LSAs (LS type = 5), are flooded throughout Note a single area only.
7-9
Calculating Costs for Summary and AS External Routes

Area 1
E1
Area 0
E1
R5
10
R4
10
R3
E1
10
R1
1785 1785 R 5s Cost to: AS1 (E1) via R1 = 1815 AS1 (E1) via R3 = 1805 AS1 R 3s Cost to: AS1 (E1) via R1 = 1795 AS1 (E1) via R3 = 1785
www.cisco.com
BSCN7-14
Calculating Costs for Summary and AS External Routes

How you calculate the cost for summary and external routes is as follows:
s
Calculating the cost for summary routes The cost of a summary route is the smallest cost of a given interarea route that appears in the summary plus the cost of the ABR link to the backbone. So if the ABR link to the backbone was 50, and the summary router had two interarea routes, one at cost 49 and the other at cost 50, the total cost associated with the summary route would be 99. This calculation is done automatically for each summary route.
Calculating the cost of external routes The cost of an external route differs depending on the external type configured on the ASBR. You configure the router to generate one of the following external packet types: Type-1 (E1)If a packet is an E1, then the metric is calculated by adding the external cost to the internal cost of each link the packet crosses. Use this packet type when you have multiple ASBRs advertise a route to the same autonomous system. Type-2 (E2)(The default.) If a packet is an E2, then the packet will always have the external cost assigned, no matter where in the area it crosses. Use this packet type if only one router is advertising a route to the autonomous system. Type-2 routes are preferred over type-1 routes unless two same-cost routes exist to the destination.
When different routing protocols exchange routing information, it is referred to as Note redistribution. Redistribution is discussed in the Optimizing Routing Update Operation chapter.
7-10
Types of Areas
Stub Area Backbone Area 0 Totally Stubby Area
Does not accept external LSAs.
Interconnects areas; accepts all LSAs.

www.cisco.com
Does not accept external or summary LSAs.

BSCN7-18
Types of Areas
The characteristics you assign an area controls the type of route information that it can receive. The area types possible are as follows:
s
Standard areaAn area that operates as discussed in the Configuring OSPF chapter. This area can accept link updates and route summaries. Backbone area (transit area)When interconnecting multiple areas, the backbone area is the central entity to which all other areas connect. The backbone area is always labeled 0. All other areas must connect to this area in order to exchange and route information. The OSPF backbone has all of the properties of a standard OSPF area. Stub areaRefers to an area that does not accept information about routes external to the autonomous system (that is, the OSPF internetwork) such as routes from non-OSPF sources. If routers need to route to networks outside the autonomous system, they use a default route. A default route is noted as 0.0.0.0. Totally stubby areaAn area that does not accept external autonomous system (AS) routes and summary routes from other areas internal to the autonomous system. Instead, if the router needs to send a packet to a network external to the area, it sends it using a default route.
The following page shows example routing tables for some of the area types listed.
7-11
Routing Table Results with Different LSAs

Following is a comparison of routing tables that result when using stub and totally stubby areas.
7-12
OSPF Operation across Multiple Areas

This section summarizes how routers generate link information, flood information, and build their routing tables when operating within a multiarea environment.
OSPF router operation is complex and accounts for numerous possible scenarios Note based on the nature of the network. This section provides a basic overview; refer to the OSPF version 2 RFC for more detailed information
Forwarding Packets in a Multiarea Network

Area 50 Area 1
Internal ABR1 BBone
Area 0
ABR2 Internal
Data
To Destination Network
To ABR1
To Backbone To ABR2
www.cisco.com
BSCN7-21
Forwarding Packets in a Multiarea Network

Before reviewing how ABRs and other router types process route information, you should know how a packet makes its way across multiple areas. In general, the path a packet must take is as follows:
s
If the packet is destined for a network within an area, then it is forwarded from the internal router, through the area to the destination internal router. If the packet is destined for a network outside the area, it must go through the following path: The packet goes from the source network to an ABR. The ABR sends the packet through the backbone area to the ABR of the destination network. All packets must cross the backbone when being forwarded from one area to another.
7-13
The destination ABR then forwards the packet through the area to the destination network.
7-14
Flooding LSUs to Multiple Areas

RIP Area 1
Internal ABR1 BBone
afadjfj orqpoeru 39547439070713 afadjfj orqpoeru 39547439070713 afadjfj orqpoeru 39547439070713
Area 50-Stub Area 0

ABR2 Internal
Type 1
Type 3
Type 3
afa 39 djfjor 5 47 q 43 poer 90 70 u 71 3
Type 5
Ty
pe 5
Default
www.cisco.com
BSCN7-24
Flooding LSUs to Multiple Areas

ABRs are responsible for generating routing information about each area to which they are connected and flooding the information through the backbone area to the other areas to which they are connected. The general process for flooding is as follows: 1. The intra-area routing process, as discussed in the Configuring OSPF in a Single Area chapter, occurs. Note that the entire intra-area must be synchronized before the ABR can begin sending summary LSAs. 2. The ABR reviews the resulting link-state database and generates summary LSAs. By default, the ABR sends summary LSAs for each network that it knows about. To reduce the number of summary LSA entries, you can configure route summarization so that a single IP address can represent multiple networks. To use route summarization, your areas need to use contiguous IP addressing, as discussed in the Extending IP Addressing Using VLSMs chapter. The better your IP address plan, the lower the number of summary LSAs entries an ABR sends to advertise. 3. The summary LSAs (types 3 and 4) are placed in an LSU and distributed through all ABR interfaces, with the following exceptions: If the interface is connected to a neighboring router that is in a state below the exchange state, then the summary LSA is not forwarded. If the interface is connected to a totally stubby area, then the summary LSA is not forwarded. If the summary LSA includes a type-5 (external) route and the interface is connected to a stub or totally stubby area, then the LSA is not sent to that area.
Flooding LSUs to Multiple Areas (cont.)

Routing Table Intra-area routes Interarea routes External (non-OSPF routes) Area 1
Area 1
Area 0
Area 1
RIP
www.cisco.com
BSCN7-25
Flooding LSUs to Multiple Areas (cont.)

4. Once an ABR or ASBR receives summary LSAs, it adds them to their link-state databases, and floods them to their local area. The internal routers then assimilate the information into their databases. Note that to reduce the number of route entries internal routers maintain, you can define the area as stub, totally stubby, or not so stubby.
Updating the Routing Table

Once all router types receive the routing updates, they must add them to their linkstate databases and recalculate their routing tables. The order in which paths are calculated is as follows: 1. All routers first calculate the paths to destinations within their area and add these entries into the routing table. These are the type-1 and type-2 LSAs. 2. All routers then calculate the paths to the other areas within the internetwork. These paths are the interarea route entries, or type-3 and type -4 LSAs. If a router has an interarea route to a destination and an intra-area route to the same destination, the intra-area route is kept. 3. All routers, except those that are in a form of stub area, then calculate the paths to the AS external (type-5) destinations. At this point, a router can get to any network within or outside the OSPF autonomous system.
7-16
Virtual Links Overview Meeting the Backbone Area Requirements

Area 0 (Backbone)
Virtual Link
Area 1 Area 2
Area 3
Transit Area
Backbone center of communication Virtual links provide path to backbone Avoid configuring virtual links if possible
www.cisco.com
BSCN7-27
Meeting the Backbone Area Requirements

OSPF has certain restrictions when multiple areas are configured. One area must be defined as area 0, the backbone area. It is called the backbone because all communication must go through it. That is, all areas should be physically connected to area 0 so that the routing information injected into area 0 can be disseminated to other areas. There are situations, however, where a new area is added after the OSPF internetwork has been designed and configured and it is not possible to provide that new area with direct access to the backbone. In these cases, a virtual link can be defined to provide the needed connectivity to the backbone area. The virtual link provides the disconnected area a logical path to the backbone. The virtual link has two requirements:
s s
It must be established between two routers that share a common area. One of these two routers must be connected to the backbone.
When virtual links are used, they require special processing during the SPF calculation. That is, the real next hop router must be determined so the true cost to get to a destination across the backbone can be calculated.
7-17
Meeting the Backbone Area Requirements (cont.)

Area 1
Transit Area
Area 2
Area 0 Area 3
Area 0
Link discontiguous backbone Merged networks

Redundancy
Point-to-Point Links
www.cisco.com
BSCN7-28
Meeting the Backbone Area Requirements (cont.)

Virtual links serve the following purposes:
s
Linking an area that does not have a physical connection to the backbone. This linking could occur when two organizations merge, for example. Patching the backbone in case discontinuity of area 0 occurs.
The graphic illustrates the second purpose. Discontinuity of the backbone might occur if, for example, two companies, each running OSPF, are trying to merge the two separate networks into one with a common area 0. The alternative would be to redesign the entire OSPF network and create a unified backbone. Another reason for creating a virtual link is to add redundancy in cases where a router failure causes the backbone to be split into two. In the graphic, the disconnected area 0s are linked via a virtual link through the common area 3. If a common area does not already exist, one can be created to become the transit area. For adjacency purposes, OSPF treats two routers joined by a virtual-links if they were connected by an unnumbered point-to-point backbone network.
7-18
Written Exercise: OSPF Operation across Multiple Areas

Objective: Describe the issues with interconnecting multiple areas and how OSPF addresses these issues. Objective: Compare the function of the different router, area, and LSA types used by OSPF. 1 Define hierarchical routing and explain what internetwork problems it solves. ______________________________________________________________ ______________________________________________________________ 2 An internal router will receive type-5 LSAs if it is what type of area? ______________________________________________________________ ______________________________________________________________ 3 What area types are connected to the backbone area? ______________________________________________________________ ______________________________________________________________ 4 The backbone must be configured as what area? ______________________________________________________________ 5 Write a brief description of the following: Type-1 LSA _________________________________________________ Type-2 LSA _________________________________________________ Type-3/4 LSAs _________________________________________________ Type-5 LSA _________________________________________________
Describe the path a packet must take in order to get from one area to another. ______________________________________________________________ ______________________________________________________________
When is a default route injected into an area? ______________________________________________________________ ______________________________________________________________
7-19
Using and Configuring OSPF Multiarea Components

This section presents how to configure OSPF for Multiarea
Configuring OSPF ABRs

Area 0 A
E0 10.64.0.2 10.64.0.1 E0
ABR B
S0 10.2.1.2
Area 1
10. 2.1.1 S1
<Output Omitted> interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! <Output Omitted> router ospf 77 network 10.0.0.0 0.255.255.255 area 0
<Output Omitted> interface Ethernet0 ip address 10.64.0.2 255.255.255.0 ! interface Serial0 ip address 10.2.1.2 255.255.255.0 <Output Omitted> router ospf 50 network 10.2.1.2 0.0.0.0 area 1 network 10.64.0.2 0.0.0.0 area 0
www.cisco.com
BSCN7-31
Configuring OSPF ABRs

There are no special commands to make a router an ABR or ASBR. The router takes on this role by virtue of the areas to which it is connected. As a reminder, the basic OSPF configuration steps are as follows:
Step 1
Enable OSPF on the router.

Step 2
Identify which IP networks on the router are part of the OSPF network. For each network, you must identify what area the network belongs to. When configuring multiple OSPF areas, make sure to associate the correct network addresses with the desired area ID, as shown in the graphic.
router(config-router)#network address wildcard-mask area area-id
Step 3
(Optional) If the router has at least one interface connected into a nonOSPF network, perform the proper configuration steps. At this point the router will be acting as an ASBR. How the router exchanges (redistributes) non-OSPF route information with the other OSPF routers is discussed in the Optimizing Routing Update Operation chapter.
7-20
Refer to the Configuring OSPF for a Single Area chapter for details about basic Note OSPF configuration commands.
7-21
Using Stub and Totally Stubby Areas

Area 50Stub RIP Area 0 Area 1Totally Stubby
Internal Non-Cisco Router

ABR1
ASBR
BBone
ABR2
Internal
Summary
Summary
Summary
Default
Default
External
External
Default
www.cisco.com
BSCN7-32
Using Stub and Totally Stubby Areas

OSPF allows areas to be configured as stub and totally stubby areas. Their differences are as follows:
s
Configuring a stub area reduces the size of the link-state database inside an area and as a result reduces the memory requirements of routers inside that area. External networks (type-5 LSAs), such as those redistributed from other protocols into OSPF, are not allowed to be flooded into a stub area. Routing from these areas to the outside world is based on a default route (0.0.0.0). A default route means that if a packet is addressed to a network that is NOT in an internal routers route table, the router automatically forwards the packet to the ABR that sent a 0.0.0.0 LSA, which allows routers within the stub to reduce the size of their routing tables because a single default route replaces the many external routes. A stub area is typically created when you have a hub and spoke topology, with the spoke being the stub area, such as a branch office. In this case, the branch office does not need to know about every network at the headquarters site, instead it can use a default route to get there.
To further reduce the number of routes in a table, you can create a totally stubby area, which is a Cisco-specific feature. A totally stubby area is a stub area that blocks external type-5 LSAs and summary (type 3/4) LSAs (interarea routes) from going into the area. This way, intra-area routes and the default of 0.0.0.0 are the only routes known to the stub area. ABRs inject the default summary link 0.0.0.0 into the totally stubby area. Each router picks the closest ABR as a gateway to everything outside the area. Totally stubby areas further minimize routing information (as compared to stub areas) and increase stability and scalability of OSPF internetworks. This
7-22
is typically a better solution than creating stub areas, unless the target area uses a mix of Cisco and non-Cisco routers.
7-23
Stub and Totally Stubby Area Restrictions

Area 2
0.0.0.0
R3 R4
Single Exit Point
X
External AS
Typically single exit point into area, if multiple exit points, suboptimal paths may be selected An ASBR cannot be internal to stub Area is not the backbone Area 0
www.cisco.com
BSCN7-33
Stub and Totally Stubby Area Restrictions

An area could be qualified as a stub or totally stubby when:
s
There is a single exit point from that area, or if there are multiple exits (ABRs), routing to outside of the area does not have to take an optimal path. If the area has multiple exits, one or more ABR will inject a default into the stub area. In this situation, routing to other areas or autonomous systems could take a suboptimal path in reaching the destination by going out of the area via an exit point that is farther to the destination than other exit points. All OSPF routers inside the stub area (ABRs and internal routers) are configured as stub routers so that they will become neighbors and exchange routing information. The configuration commands for creating stub networks are covered later in this chapter. The area is not needed as a transit area for virtual links. (Virtual links are discussed in Supplement B at the end of this chapter.) No ASBR is internal to the stub area. The area is not the backbone area (area 0).
s s
These restrictions are made because a stub/totally stubby area is mainly configured not to carry external routes, and any of the situations described cause external links to be injected in that area.
7-24
Configuring Stub and Totally Stubby Areas

area area-id stub [ no-summary ]
Creates a stub area

area area-id default-cost cost
Specifies cost for default route sent into stub area
www.cisco.com
BSCN7-34
Configuring Stub and Totally Stubby Areas

To configure an area as stub or totally stubby, do the following:
Step 1 Step 2
Configure OSPF, as described in the Configuring OSPF ABRs section. Define an area as stub/totally stubby by adding this command to ALL routers within the area:
router(config-router)#area area-id stub [no summary]
area stub Command area-id
Description Identifier for the stub/totally stubby area. The identifier can be either a decimal value or an IP address. (Only for ABRs connected to totally stubby areas.) Prevents an ABR from sending summary link advertisements into the stub area. Use this option for creating a totally stubby area.
no-summary
Step 3
(Optional. for ABRs only) Define the cost of the default route that is injected in the stub/totally stubby area.
7-25
OSPF Stub Area Configuration Example

External AS
192.168.14.1 E0
R3
192.168.15.1 S0 192.168.15.2 S0
R4
Area 0
Stub Area 2
R3# interface Ethernet 0 ip address 192.168.14.1 255.255.255.0 interface Serial 0 ip address 192.168.15.1 255.255.255.252 router ospf 100 network 192.168.14.0 0.0.0.255 area 0 network 192.168.15.0 0.0.0.255 area 2 area 2 stub
R4# interface Serial 0 ip address 192.168.15.2 255.255.255.252 router ospf 15 network 192.168.15.0 0.0.0.255 area 2 area 2 stub
www.cisco.com
BSCN7-35
router(config-router)#area area-id default-cost cost
area default-cost Command area-id cost
Description Identifier for the stub area. The identifier can be either a decimal value or an IP address. Cost for the default summary route used for a stub/totally stubby area. The acceptable value is a 24-bit number. The default cost is 1.
OSPF Stub Area Configuration Example

In this example, area 2 is defined as the stub area. No external routes from the external autonomous system will be forwarded into the stub. The last line in each configuration, area 2 stub, defines the stub area. The area stub default-cost has not been configured on R3, so this router will advertise 0.0.0.0 (the default route) with a default cost metric of 1 plus any internal costs. Each router in the stub must be configured with the area stub command. The only routes that will appear in R4s routing table are intra-area routes (designated with an O in the routing table), the default route, and interarea routes (both designated with an IA in the routing table; the default route will also be denoted with an asterisk).
The area stub command determines whether the routers in the stub become Note neighbors. This command must be included in all routers in the stub if they are to exchange routing information.
7-26
OSPF Totally Stubby Configuration Example

External AS
192.168.14.1 E0
R3
Area 0
192.168.15.1 S0 192.168.15.2 S0
Totally Stubby Area 2

R4#
R4
R3# router ospf 100 network 192.168.14.0 0.0.0.255 area 0 network 192.168.15.0 0.0.0.255 area 2 area 2 stub no-summary
router ospf 15 network 192.168.15.0 0.0.0.255 area 2 area 2 stub
www.cisco.com
BSCN7-36
OSPF Totally Stubby Configuration Example

In this example, the keyword no-summary has been added to the area stub command on R3. This keyword causes summary routes (interarea) to also be blocked from the stub. Each router in the stub picks the closest ABR as a gateway to everything outside the area. The only routes that will appear in R4s routing table are intra-area routes (designated with an O in the routing table) and the default route. No interarea routes (designated with an IA in the routing table) will be included.
It is only necessary to configure the no-summary keyword on the totally stubby Note border routers because the area is already configured as stub.
7-27
NSSA Overview
NSSA 1
4 3
10.10.0.0/16 10.11.0.0/16 20.0.0.0/8
Type-5
10.10.0.0/16 10.11.0.0/16 20.0.0.0/8 RIP or EIGRP 1 10.10.0.0/16 10.11.0.0/16 20.0.0.0/8 Branch Office
Type-7
External AS
A
19.2 kbps 172.19.92.0
Backbone Area 1 172.19.89.0/24 Central Site
Exchange 10.10.0.0, 10.11.0.0, and 20.0.0.0 to advertise to outside areas
www.cisco.com
BSCN7-37
Not-So-Stubby Areas (NSSA) Overview

NSSA was first introduced in Cisco IOS Release 11.2. It is based on RFC 1587, The OSPF NSSA Option. NSSA enables you to make a hybrid stub area in that the area can accept some autonomous system external routes, referred to as type-7 LSAs. Use a NSSA if you are an Internet service provider (ISP) or a network administrator that must connect a central site using OSPF to a remote site using a different protocol, such as RIP or EIGRP. You can use NSSA to simplify the administration of this kind of topology. Prior to NSSA, the connection between the corporate site ABR and the remote router used RIP or EIGRP, which meant maintaining two routing protocols. Now, with NSSA, you can extend OSPF to cover the remote connection by defining the area between the corporate router and the remote router as an NSSA, as shown in the graphic. In the graphic, router A is defined as an ASBR. It is configured to exchange any routes within the RIP/EIGRP domain to the NSSA. Following is what happens when using an NSSA: 1 2 3 4 Router A receives RIP or EGRP routes for networks 10.10.0.0/16, 10.11.0.0/16, and 20.0.0.0/8. Router A, connected to the NSSA, imports the non-OSPF routes as type-7 LSAs into the NSSA. Router B, an ABR between the NSSA and the backbone area 0, receives the type-7 LSAs. After the SPF calculation on the forwarding database, router B translates the type-7 LSAs into type-5 LSAs and then floods them throughout backbone area 0.
It is at this point that router B could have summarized routes 10.10.0.0/16 and 10.11.0.0/16 as 10.0.0.0/8, or could have filtered one or more of the routes.
Copyright 1999, Cisco Systems, Inc. Interconnecting Multiple OSPF Areas 7-28
Configuring NSSA
router ospf 1 redistribute rip subnets network 172.19.92.0.0.0.255 area 1 area 1 nssa ! router ospf 1 summary-address 10.0.0.0.255.0.0.0 tag 8 network 172.19.89.0.0.0.255 area 0 network 172.19.92.0.0.0.255 area 1 area 1 nssa !
172.19.92.0/24 RIP or EIGRP 10.10.0.0/16 10.11.0.0/16 20.0.0/8 NSSA1 A 19.2kbps 200.0.0.62 Router ID B Backbone Area 0 172.19.88.0/24
200.0.0.63 Router ID
www.cisco.com
BSCN7-38
Configuring NSSA
The steps used to configure OSPF NSSA are as follows:
Step 1
On the ABR connected to the NSSA, configure OSPF, as described in the Configuring OSPF ABRs section. Configure an area as NSSA.
router(config-router)#area area-id nssa
Step 2
Every router within the same area must agree that the area is NSSA, otherwise the routers will not be able to communicate with each other. Therefore, configure this command on every router in the NSSA area.
Step 3
(Optional) Control the summarization or filtering during the translation. The example shows how router B will summarize routes using the following command:
router(config-router)#summary-address address mask prefix mask [notadvertise]
The redistribute command shown in the graphic instructs the router to import RIP Note packets into the OSPF network. Redistribution is discussed in detail in the Optimizing Routing Update Operation chapter.
7-29
Multiple Area NBMA environment

Area 0
R1 Area 1 Frame Relay
www.cisco.com
BSCN7-39
Multiple Area NBMA environment

The networks located at the corporate headquarters are in Area 0 while the FullyMeshed Frame Relay network and each of the regional site networks are assigned to Area 1. One benefit of this design is that it eliminates the flooding of ExternalLSAs into the Frame Relay network since OSPF does not flood External-LSAs into Stub areas, in this case Area 1. Router R1 functions as an ABR which keeps topology changes in Area 0 from causing a topological recalculation in Area. With this topology, LAN segment must participate in Area 1 or else Virtual Links would need to be configured so LAN segments Area would connect to the Backbone area.
7-30
Multiple Area NBMA environment (cont.)

Area 1
R1 Area 0 Frame Relay
Area 2 Area 3
www.cisco.com
Area 4
BSCN7-40
Multiple Area NBMA environment (cont.)

Another possible OSPF Area configuration involves putting all Frame Relay interfaces in Area 0. This permits the location of stub or transit areas at each remote site and at Headquarters, but causes External-LSAs to be flooded throughout the Frame Relay network and will result in a larger number of routers performing recalculation if any topology change takes place in Area 0.
7-31
Using Route Summarization

Area 0 Backbone Summarization ABRs Area 1
x
Minimizes number of routing table entries Localizes impact of a topology change
www.cisco.com
BSCN7-41
Using Route Summarization

Summarizing is the consolidation of multiple routes into one single advertisement. Proper summarization requires contiguous addressing. Route summarization is different than an LSA summary route. Route summarization directly affects the amount of bandwidth, CPU, and memory resources consumed by the OSPF process. With summarization, if a network link fails, the topology change will not be propagated into the backbone (and other areas by way of the backbone). As such, flooding outside the area will not occur. There are two types of summarization:
s
Interarea route summarizationInterarea route summarization is done on ABRs and applies to routes from within each area. It does not apply to external routes injected into OSPF via redistribution. In order to take advantage of summarization, network numbers within areas should be assigned in a contiguous way so as to be able to consolidate these addresses into one range. This graphic illustrates where interarea summarization occurs. External route summarizationExternal route summarization is specific to external routes that are injected into OSPF via redistribution. Here again, it is important to ensure that external address ranges that are being summarized are contiguous. Summarization overlapping ranges from two different routers could cause packets to be sent to the wrong destination. Only ASBRs can summarize external routes. These types of routes cannot be summarized by any other router type.
7-32
Supporting VLSM
Hierarchical Addressing Scheme Efficient Route Summarization Reduces LSAs Save CPU
www.cisco.com
BSCN7-42
Supporting VLSM
Because OSPF supports variable-length subnet masking (VLSM), you can really develop a true hierarchical addressing scheme. This hierarchical addressing results in very efficient summarization of routes throughout the network. The operation and benefits of route summarization have been discussed in a previous chapter. At this point though, you should realize the importance of proper summarization in a network. Not using summarization, every specific-link LSA will be propagated into the OSPF backbone and beyond, causing unnecessary network traffic and router overhead. Whenever an LSA is sent, all affected OSPF routers will have to recompute their LSA database and routes using the SPF algorithm. OSPF will provide some added benefits if you design the network with summarization. For example, only summary-link LSAs will propagate into the backbone (area 0). This is very important because it prevents every router from having to rerun the SPF algorithm, increases the network's stability, and reduces unnecessary traffic. OSPF can carry multiple subnet information for the same major network, but other protocols such as RIP and IGRP cannot. Discontiguous subnets are supported by OSPF because subnets masks are part of the link-state database. If the same major network crosses the boundaries of an OSPF and RIP domain, VLSM information redistributed into RIP or IGRP will be lost and static routes will have to be configured in the RIP or IGRP domains.
7-33
Using Route Summarization (cont.)

Area 1
A
ABR
B
Area 0
C
Summarization Routing Table for B

O 131.108.8.0 O 131.108.12.0 O 131.108.16.0 O 131.108.20.0 O 131.108.24.0 O 131.108.28.0 255.255.252.0 255.255.252.0 255.255.252.0 255.255.252.0 255.255.252.0 255.255.252.0
LSAs sent to Router C

IA 131.108.8.0 255.255.248.0 IA 131.108.16.0 255.255.240.0
Interarea (IA) summary link carries mask One entry can represent several subnets
www.cisco.com
BSCN7-43
Using Route Summarization (cont.)

In order to take advantage of summarization, as discussed in the Extending IP Addresses Using VLSMs chapter, network numbers in areas should be assigned in a contiguous way to be able to group these addresses into one range. For example, referring to the table, the list of six networks in router Bs routing table can be summarized into two summary address advertisements. The third octet of each address is shown in binary here, to illustrate which addresses can be summarized: Bit value 128 64 32 16 The first two addresses can be summarized using a /21 prefix The last four addresses can be summarized using a /20 prefix 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 8 1 1 0 0 1 1 4 0 1 0 1 0 1 2 0 0 0 0 0 0 1 0 0 0 0 0 0 = = = = = = 8 12 16 20 24 28
Actual Mask is /22
Refer to the Extending IP Addresses Using VLSMs chapter for details on Note summarization.
7-34
Configuring Route Summarization

area area-id range address mask
Consolidates IA (intra-area) routes on an ABR

summary-address address mask
Consolidates external routes (interarea) on an ASBR

www.cisco.com
BSCN7-44
Configuring Route Summarization

Summarization is off by default. To configure route summarization on the ABR, do the following:
Step 1 Step 2
Configure OSPF as discussed in the Configuring OSPF ABRs section. Instruct the ABR to summarize routes for a specific area before injecting them into a different area.
router(config-router)#area area-id range address mask
area range Command area-id address mask
Description Identifier of the area about which routes are to be summarized. Summary address designated for a range of addresses. IP subnet mask used for the summary route.
To configure route summarization on an ASBR to summarize external routes, do the following:

Step 1 Step 2
Configure OSPF, as discussed in the Configuring OSPF ABRs section. Instruct the ASBR to summarize external routes before injecting them into the OSPF domain.
router(config-router)#summary-address address mask
summary-address Command address mask

Description Summary address designated for a range of addresses. IP subnet mask used for the summary route.
Route Summarization Configuration Example

Area 0 Interface Addresses (255.255.255.0 mask)
172.16.96.0 - 172.16.127.0 255.255.255.0 172.16.96.1 172.16.127.1
R2 R1 R2
Interface Addresses (255.255.255.0 mask)
172.16.32.1 172.16.32.0 - 172.16.63.0 255.255.255.0
172.16.64.1
172.16.64.0 - 172.16.95.0 255.255.255.0
Area 1
R1# router ospf 100 network 172.16.32.1 0.0.0.0 area 1 network 172.16.96.1 0.0.0.0 area 0 area 0 range 172.16.96.0 255.255.224.0 area 1 range 172.16.32.0 255.255.224.0
Area 2
R2# router ospf 100 network 172.16.64.1 0.0.0.0 area 2 network 172.16.127.1 0.0.0.0 area 0 area 0 range 172.16.96.0 255.255.224.0 area 2 range 172.16.64.0 255.255.224.0
www.cisco.com
BSCN7-45
Route Summarization Configuration Example

This example shows that route summarization can occur in both directions. In the configuration on the left:
s
area 0 range 172.16.96.0 255.255.224.0Identifies area 0 as the area containing the range of networks to be summarized into area 1. The ABR R1 is summarizing the range of subnets from 172.16.96.0 to 172.16.127.0 into one range: 172.16.96.0 255.255.224.0. This summarization is achieved by masking the first three left-most bits of subnet 96 using the mask 255.255.224.0. This summarization was successful because we are summarizing two distinct subnet ranges into the backbone: 32 to 63 and 64 to 95.
area 1 range 172.16.32.0 255.255.224.0Identifies area 1 as the area containing the range of networks to be summarized into area 0. The ABR R1 is summarizing the range of subnets from 172.16.32.0 to 172.16.63.0 into one range: 172.16.32.0 255.255.224.0.
The configuration on the right works exactly the same way. Note that, depending on your network topology, you may not want to summarize area 0 networks. For example, if you have more that one ABR between an area and the backbone area, sending a summary LSA with the explicit network information will ensure that the shortest path is selected. If you summarize the addresses, a suboptimal path selection may occur.
7-36
Configuring Virtual Links

area area-id virtual-link router-id
Creates a virtual link

remoterouter#show ip ospf interface ethernet 0 Ethernet0 is up, line protocol is up Internet Address 10.64.0.2/24, Area 0 Process ID 1, Router ID 10.64.0.2, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.64.0.2, Interface address 10.64.0.2 Backup Designated router (ID) 10.64.0.1, Interface address 10.64.0.1
www.cisco.com
BSCN7-46
Configuring Virtual Links

To configure a virtual link, do the following:
Step 1 Step 2
Configure OSPF, as described in the Configuring OSPF ABRs section. On each router that will make the virtual link, create the virtual link. The routers that make the links are the ABR that connects the remote area to the transit area and the ABR that connects the transit area to the backbone area.
router(config-router)#area area-id virtual-link router-id
area virtual-link Command area-id
Description Area ID assigned to the transit area for the virtual link (decimal or dotted-decimal format). There is no default. Router ID of the virtual link neighbor.
router-id
If you do not know the neighbors router ID, you can Telnet to it and type the show ip ospf command.
7-37
OSPF Virtual Link Configuration Example

Router ID 10.3.10.5
Area 1
Router ID 10.7.20.123
R1
Token Ring
R2
Area 0
Area 3 R2: router ospf 63 network 10.3.0.0 0.0.0.255 area 1 network 10.7.0.0 0.0.0.255 area 3 area 1 virtual-link 10.3.10.5 R1: router ospf 100 network 10.2.3.0 0.0.0.255 area 0 network 10.3.2.0 0.0.0.255 area 1 area 1 virtual-link 10.7.20.123
www.cisco.com
BSCN7-47
OSPF Virtual Link Configuration Example

In this example, area 3 does not have a direct physical connection to the backbone (area 0), which is an OSPF requirement because the backbone is a collection point for LSAs. ABRs forward summary LSAs to the backbone, which in turn forwards the traffic to all areas. All interarea traffic transits the backbone. To provide connectivity to the backbone, a virtual link must be configured between R2 and R1. Area 1 will be the transit area and R1 will be the entry point into area 0. R2 will have a logical connection to the backbone through the transit area. Both sides of the virtual link must be configured.
s
R2: area 1 virtual-link 10.3.10.5With this command, area 1 is defined to be the transit area and the router ID of the other side of the virtual link is configured.
R1: area 1 virtual-link 10.7.20.123With this command, area 1 is defined to be the transit area and the router ID of the other side of the virtual link is configured.
7-38

This section present the commands used to verify OSPF operation
Show ip ospf command

Router#
show ip ospf border-routers
Lists the ABRs in the autonomous system

Router#
show ip ospf virtual-links
Displays the status of the virtual link

Router#
show ip ospf process-id
Displays statistics about each area to which the router is connected

Router#
Displays the contents of the OSPF tables

www.cisco.com
BSCN7-49
Show ip ospf command

The same show commands listed in the Configuring OSPF for a Single Area chapter can be used to verify OSPF operation in multiple areas. Some additional commands include:
s
show ip ospf border-routersDisplays the internal OSPF routing table entries to an ABR. show ip ospf virtual-linksDisplays parameters about the current state of OSPF virtual links. show ip ospf process-idDisplays information about each area to which the router is connected, and indicates if the router is an ABR, ASBR, or both. show ip ospf databaseDisplays the contents of the topological database maintained by the router. Several keywords can be used with this command to get specific information about links: show ip ospf [process-id area-id] database [network]Displays network link-state information. show ip ospf [process-id area-id] database [summary]Displays summary information about router link states. show ip ospf [process-id area-id] database [asbr-summary]Displays information about ASBR link-states. show ip ospf [process-id area-id] database [external]Displays information about autonomous system external link states.
7-39
show ip ospf [process-id area-id] database [database-summary] Displays database summary information and totals. The Configuring a Mutliarea Network lab exercise covers these commands in more detail.
7-40
Summary
OSPF components that make it useful in a large internetwork include:
Various types of areas including stub, totally stubby, and transit Various types of routers including ABRs and ASBRs Various types of link-state advertisements
www.cisco.com
BSCN7-50
Summary
7-41
Case Study
Following is a case study related to OSPF.
Case Study - OSPF Multiarea

Area 0
Frame Relay Network
FDDI
Area 3 Area 11 Gigabit Ethernet Fast Ethernet Ethernet Serial

Area 16
www.cisco.com
BSCN7-52
Case Study OSPF Multiarea

As your organization grows, the network must be able to keep pace. Your network and its initial design must enable it to expand accordingly. A network that cannot keep pace with the organization's needs is not much use. Following are some points about Multiarea OSPF networks.
s
Hierarchical topology: Core Router, Distribution router, Access Router. The benefits of hierarchical network include:

Scalable.. Ease of Implementation. Ease of Troubleshooting Predictability Protocol Support Manageability
Route summarization
Be sure that your network addressing scheme is configured so that the range of subnets assigned within an area is contiguous. Create an address space that will permit you to split areas easily as your network grows.
7-42
Plan ahead for the addition of new routers to your OSPF environment
DR/BDR functionality: Any device running OSPF is eligible to become the DR or BDR. NBMA issues: Due to the lack of broadcast capability, some configuration information may be necessary to aid in the discovery of neighbors Ease of configuration: Simplicity in the topology will translate in simplicity of management
7-43
Answers to Written Exercise: OSPF Operation across Multiple Areas

1 Define hierarchical routing and explain what internetwork problems it solves. OSPFs ability to separate a large internetwork into multiple areas is also referred to as hierarchical routing. Hierarchical routing enables you to separate your large internetwork (autonomous system) into smaller internetworks that are called areas. The advantages include smaller routing tables, reduced frequency of SPF calculations, and reduced LSU overhead.
An internal router will receive type-5 LSAs if it is what type of area? If it is an area that is NOT configured for stubby or totally stubby.
What area types are connected to the backbone area? All area types are connected to the backbone.
The backbone must be configured as what area? The backbone area must always be area 0.
Write a brief description of the following:

Name Description
LSA Type 1
Router link entry (record) (O-OSPF)
Generated by each router for each area it belongs to. It describes the states of the routers link to the area. These are only flooded within a particular area. The link status and cost are two of the descriptors provided. Generated by DRs in multiaccess networks. They describe the set of routers attached to a particular network. Flooded within the area that contains the network only. Originated by ABRs. Describes the links between the ABR and the internal routers of a local area. These entries are flooded throughout the backbone area to the other ABRs. Type-3 describes routes to networks within the local area that are sent to the backbone area. Type-4 describes routes from the ABR to the ASBR. These link entries are not flooded through totally stubby areas. Originated by the ASBR. Describes routes to destinations external to the autonomous system. Flooded throughout an OSPF autonomous system except for stub and totally stubby areas.
3 or 4
Summary link entry (IA-OSPF interarea)
7-44
Describe the path a packet must take in order to get from one area to another. The packet must go through the interarea, through the ABR, through the backbone area, through the next ABR, and then through the internal routers to its final destination.
When is a default route injected into an area? When the area is configured for stub or totally stubby.
7-45
Configuring EIGRP
Objectives
Objectives
Describe Enhanced IGRP features and operation Configure Enhanced IGRP Describe Enhanced IGRPs usage in scalable internetworks Verify Enhanced IGRP operation
www.cisco.com
BSCN8-2
Objectives
This chapter presents Enhanced IGRP configuration. Sections:
s s s s s s s s s s s
Objectives Enhanced IGRP Overview Enhanced IGRP Operation Written Exercise: EIGRP Overview Configuring EIGRP Using EIGRP in Scalable Internetworks Verifying Enhanced IGRP Operation Summary Case Study Enhanced IGRP Lab Exercise: Configuring EIGRP Answers to Exercises
Configuring EIGRP
8-2
Enhanced IGRP Overview

www.cisco.com
8-3
8-3
What Is Enhanced IGRP (EIGRP)?

IP Routing Protocols AppleTalk Routing Protocol IPX Routing Protocols Enhanced IGRP IP Routing Protocols AppleTalk Routing Protocol IPX Routing Protocols
Enhanced IGRP supports: Rapid convergence

Reduced bandwidth usage Multiple network-layer protocols
www.cisco.com
BSCN8-4
What Is Enhanced IGRP (EIGRP)?

Enhanced IGRP (EIGRP) is a Cisco proprietary protocol that combines the advantages of link-state and distance vector routing protocols. As a hybrid protocol, EIGRP includes the following features:
s
Rapid convergenceEIGRP uses the Diffusing Update Algorithm (DUAL) to achieve rapid convergence. A router running Enhanced IGRP stores backup routes, when available, for destinations so it can quickly adapt to alternate routes. If no appropriate route or backup route exists in the local routing table, EIGRP queries its neighbors to discover an alternative route. These queries are propagated until an alternate route is found. Reduced bandwidth usageEIGRP does not make periodic updates. Instead, it sends partial updates about a route when the path changes or the metric for that route changes. When path information changes, the DUAL algorithm sends an update about that link only, rather than the entire table. In addition, the information is sent only to the routers that need it, in contrast to link-state protocol operation, which sends a change update to all routers within an area. Multiple network-layer supportEIGRP supports AppleTalk, IP, and Novell NetWare through the use of protocol dependent modules (PDMs). These modules are responsible for network-layer-specific protocol requirements.
Only TCP/IP implementations of Enhanced IGRP will be covered in this class.
Note
Configuring EIGRP
8-4
EIGRP Features
Advanced distance vector 100% loop free Fast convergence Easy configuration Less network design constraints than OSPF
www.cisco.com
BSCN8-5
EIGRP Features
EIGRP has its roots as a distance vector routing protocol and, as such, is predictable in its behavior. Like its predecessor IGRP, EIGRP is easy to configure and is adaptable to a wide variety of network topologies. What makes EIGRP an advanced distance vector protocol is its addition of several link-state features, such as dynamic neighbor discovery. EIGRP offers superior performance over IGRP because of its rapid convergence and its guarantee of a loop-free topology at all times. These improvements are the key to the name Enhanced IGRP.
8-5
EIGRP Features (cont.)

Incremental updates Supports VLSM and discontiguous networks Classless routing Compatible with existing IGRP networks Protocol independent (supports IPX and AppleTalk)
www.cisco.com
BSCN8-6
EIGRP Features (cont.)

EIGRP is compatible with existing IGRP networks and, at the same time, offers clear advantages in its default behavior. Changes in topology trigger routing updates (rather than periodic announcements) and the information exchanged between routers is limited to only the affected routes. Because EIGRP is a classless routing protocol it advertises a routing mask for each destination network. This feature enables EIGRP to support discontiguous subnetworks and variable length subnet masks (VLSM). An additional feature that brings great value to multiprotocol networks is EIGRPs ability to support IPX and AppleTalk protocols. EIGRPs rapid convergence and sophisticated metric structure offer superior performance and stability when implemented in IPX and AppleTalk networks.
Configuring EIGRP
8-6
Advantages of EIGRP
Uses multicast instead of broadcast Utilize link bandwidth and delay
EIGRP Metric = IGRP Metric x 256 (32 bit Vs. 24 bit)
Unequal cost paths load balancing More flexible than OSPF

Full support of distribute list Manual summarization can be done in any interface at any router within network
www.cisco.com
BSCN8-7
Advantages of EIGRP
EIGRP offers many advantages over traditional distance vector routing protocols. One of the most significant advantages is in the area of bandwidth utilization. EIGRPs operational traffic is primarily multicast rather than broadcast in nature. As a result, end stations are unaffected by routing updates and requests for topology information. Enhanced IGRP uses the same algorithm for metric calculation as does IGRP, but the value is represented in 32-bit format to give it additional granularity when selecting routes to destination networks. EIGRP supports unequal metric load balancing that allows administrators to more fully distribute traffic flow in their networks. Some of EIGRPs operational characteristics are borrowed from link-state protocols. For example, EIGRP allows administrators to create summary routes anywhere within the network rather than the traditional distance vector approach of performing classful summarization only at major network boundaries. In addition, EIGRP supports bi-directional route redistribution from other routing domains at the process level.
8-7
EIGRP Support for Different Topologies

D A
Rest of the Core

B
S0
C
Frame Relay
S1
Enhanced IGRP supports

Multiaccess (ie. LANs) Point-to-point (ie. HDLC) NBMA (ie. Frame Relay)
www.cisco.com
BSCN8-8
EIGRP Support for Different Topologies

Enhanced IGRP was designed to operate well in both LAN and WAN environments. In multiaccess topologies, such as Ethernet and Token Ring, neighbor relationships are formed and maintained using reliable multicasting. Wide area network support for dedicated, point-to-point, links and non-broadcast multiaccess (NBMA) topologies is a standard for EIGRP. Differences in media type is accounted for in the formation of neighbor adjacencies across WAN links.
Configuring EIGRP
8-8
EIGRP Support for IP Addresses

/16
D
World /24
/30
/27
Enhanced IGRP supports

Variable length subnet masks (VLSM) Hierarchical designs
www.cisco.com
BSCN8-9
EIGRP Support for IP Addresses

EIGRP supports IP address implementation in both hierarchical and nonhierarchical designs. To further the efficient allocation of addresses in the network, EIGRP supports variable length subnet masks (VLSM). This allows different masks to be applied to different segments based upon the host requirements for each link. Secondary addresses can be applied to interfaces to solve particular addressing issues, although all routing overhead will be generated through the primary interface address.
8-9
EIGRP Support for Route Summarization

172.16.0.0 /24 192.168.42.0 /27 10.0.0.0 /18
172.16.0.0 /16
172.16.0.0 /16 192.168.42.0 /24
Enhanced IGRP performs route summarization

Classful network boundaries (default) Arbitrary network boundaries (manual)
www.cisco.com
BSCN8-10
EIGRP Support for Route Summarization

As an advanced distance vector protocol, EIGRP supports route summarization at major network boundaries as the default. Administrators can configure manual summarization on arbitrary network boundaries in order to shrink the size of the routing table. Enhanced IGRP supports the creation of supernets or aggregated blocks of addresses (networks).
Configuring EIGRP
8-10
EIGRP Terminology
Neighbor TableAppleTalk Neighbor TableIPX Destination Next Hop Neighbor Next Hop DestinationTableIP Router Next Hop Router Interface Router Topology TableAppleTalk Destination TableIPX Topology 1 Next Router 1/Cost Topology Destination 1TableIP Destination 1Next Router 1/Cost Next Router 1/Cost Destination Successor Destination 11 Next Router 1/Cost Destination 1 Feasible Successor Routing TableAppleTalk Routing TableIPX Destination 1 Next Router X Routing 1 Next Router X Destination 1 Next Router X Destination TableIP Destination Next Router Destination 1 1 Successor X
www.cisco.com
BSCN8-15
EIGRP Terminology
This section introduces you to a variety of terms related to EIGRP used throughout this chapter:
s
Neighbor tableEach EIGRP router maintains a neighbor table that lists adjacent routers. This table is comparable to the adjacencies database used by OSPF. It serves the same purpose, to ensure bi-directional communication between each of the directly connected neighbors. There is a neighbor table for each protocol that EIGRP supports. Topology tableEach EIGRP router maintains a topology table for each configured routing protocol. This table includes route entries for all destinations that the router has learned. All learned routes to a destination are maintained in the topology table. Routing tableEIGRP chooses the best (successor) routes to a destination from the topology table and places these routes in the routing table. The router maintains one routing table for each network protocol. SuccessorA route selected as the primary route to use to reach a destination. Successors are the entries kept in the routing table. Feasible successorA backup route. These routes are selected at the same time the successors are identified, but they are kept in a topology table, discussed later on this page. Multiple feasible successors for a destination can be retained.
8-11
Enhanced IGRP Operation

www.cisco.com
8-16
Configuring EIGRP
8-12
EIGRP Packets
Hello: Establish neighbor relationships Update: Send routing updates Query: Ask neighbors about routing information Reply: Response to query about routing information Ack: Acknowledgement of a reliable packet
www.cisco.com
BSCN8-17
EIGRP Packets
EIGRP supports five generic packet types. Hello: Hello packets are used for neighbor discovery. They are sent as multicasts and carry a zero acknowledgment number. Update: An Update is sent to communicate the routes that a particular router has converged on. These are sent as multicasts when a new route is discovered, or when convergence has completed (and the route is Passive). They are also sent as unicasts when neighbors start up in order to synchronize the topology tables (since Updates are not sent periodically as in IGRP). Queries: When a router is performing route computation, and it does not have a feasible successor, it will send a Query packet to its neighbors asking if they have a feasible successor for the destination. Queries are always multicast. Replies: A Reply packet is sent in response to a Query packet. Replies are unicast to the originator of the Query. ACK: The ACK is used for acknowledging other types of packets described below. ACKs are Hello packets that are sent as unicasts, and contain a non-zero acknowledgment number.
8-13
EIGRP Neighbor Relationship

Two routers become neighbors when they see each others Hello packet
Hello address = 224.0.0.10
Hellos sent once every five seconds on the following links:

Broadcast Media: Ethernet, Token Ring, FDDI, etc. Point-to-point serial links: PPP, HDLC, point-to-point Frame Relay/ATM subinterfaces Multipoint circuits with bandwidth greater than T1: ISDN PRI, SMDS, Frame Relay
www.cisco.com
BSCN8-18
EIGRP Neighbor Relationship

When EIGRP is configured on an interface, the router sends periodic multicast Hello packets on that interface. When a router running an EIGRP process with the same Autonomous System number receives another routers Hello packet, it establishes a neighbor relationship (Adjacency). Hello packets are sent at various time intervals depending on the media. They default to once every 5 seconds over a LAN and dedicated or higher-speed WAN links. When a router is configured for EIGRP it dynamically discovers other routers directly connected to it. Each router maintains information that it has learned from its neighboring routers. This information is maintained in the Neighbor Table. The address and the interface through which the neighbor can be reached is also recorded. The Neighbor Table also maintains an entry known as the HoldTime. A router, as part of its Hello message, reports the HoldTime. HoldTime is the amount of time the router treats the neighbor as reachable and operational.
Configuring EIGRP
8-14
EIGRP Neighbor Relationship (cont.)

Hellos sent once every 60 seconds on the following links:
Multipoint circuits with bandwidth less than T1: ISDN BRI, Frame Relay, SMDS, etc.
Neighbor declared dead when no EIGRP packets are received within hold interval
Not only Hello can reset the hold timer
Hold time by default is three times the hello time
www.cisco.com
BSCN8-19

Hello packets are sent out less frequently on lower-speed links, such as multipoint serial interfaces. Hellos are generated at 60-second intervals on this type of interface. The Hello mechanism is also used to discover the loss of their neighbors. This is done dynamically and quickly. If a Hello packet is not heard before the expiration of the HoldTime, then a topology change is detected. The neighbor adjacency is deleted, and all topology table entries learned from that neighbor are removed (as if the neighbor had sent an Update stating that all of the routes are unreachable. This may cause routes to enter Active State). This enables the routes to quickly reconverge if an alternate feasible route is available. The rate at which hello packets are sent is called the hello interval, and can be adjusted per interface with the ip eigrp hello-interval command. The amount of time that a router will consider a neighbor up without receiving a hello (or some other eigrp packet) is called the hold time, and is typically three times the hello interval - so the hold times are 15 seconds and 180 seconds by default. HoldTime is calculated as 3 x Hello time interval, but it can also be configured. The hold time can be adjusted with the "ip eigrp hold-time" interface command.
If you change the hello interval, the hold time is not automatically adjusted to Note account for this change you must manually adjust the hold time to reflect the configured hello interval.
8-15

EIGRP will form neighbors even though hello time and hold time dont match EIGRP sources Hello packets from primary address of the interface EIGRP will not form neighbor if K-values are mismatched EIGRP will not form neighbor if AS numbers are mismatched Passive interface configuration might be required for compatibility (IGRP vs. EIGRP)
www.cisco.com
BSCN8-20

It is possible for two routers to become EIGRP neighbors even though the hello and hold timers do not match. The hold time is included in the hello packets so each neighbor should remain up correctly even though the hello interval and hold timers do not match. EIGRP will not build peer relationships over secondary addresses because all EIGRP traffic uses the primary address of the interface. In addition, peer relationships will not be formed if the neighbor resides in a different autonomous system or if the metric-calculation mechanism (K values) is mis-aligned for that link. K values are discussed later in this section. If you suspect that the network difficulties are caused by neighbor-related problems, follow these suggestions: Running show ip eigrp neighbor several times in a row can give you a good idea of what the hello interval and hold timers are for the given neighboring router. The Hold column should never get above the hold time, and should never get below the hold time minus the hello interval (unless, of course, you are losing hello packets). If the Hold column usually ranges between 10 and 15 seconds, the hello interval is 5 seconds and the hold time is 15 seconds. If the Hold column usually has a wider range - between 120 and 180 seconds the hello interval is 60 seconds and the hold time is 180 seconds. If the numbers do not seem to fit one of the default timer settings, check the interface in question on the neighboring router - the hello and hold timers have probably been configured manually.
Configuring EIGRP
8-16
What Is in a Neighbor Table?

p2r2
p2r2#show ip eigrp neighbors IP-EIGRP neighbors for process 400 H Address Interface Hold Uptime SRTT (sec) (ms) 1 172.68.2.2 To0 13 02:15:30 8 0 172.68.16.2 Se1 10 02:38:29 29
RTO Q Seq Cnt Num 200 0 9 200 0 6
www.cisco.com
BSCN8-21
What Is in a Neighbor Table?

Like OSPF, EIGRP routers multicast hello packets to discover neighbor routers and to exchange route updates. If you recall, adjacent routers are the only ones that can exchange routing information. Each router builds a neighbor table from hello packets that it receives from adjacent EIGRP routers running the same networklayer protocol. EIGRP maintains a neighbor table for each configured network-layer protocol. The table includes the following key elements:
s s
Neighbor addressThe network-layer address of the neighbor. QueueIndicates the number of packets waiting in queue to be sent. If this value is constantly higher than zero, then there may be a congestion problem. A zero means that there are no EIGRP packets in the queue. Smooth Round Trip TimerIndicates the average time it takes to send and receive packets from a neighbor. This timer is used to determine the retransmit interval (RTO). Hold TimeThe interval to wait without receiving anything from a neighbor before considering the link unavailable. Originally, the expected packet was a hello packet, but in current Cisco IOS software releases, any EIGRP packets received after the first hello will reset the timer.
8-17
EIGRP Reliable Transport Protocol

EIGRP reliable packets are packets that requires explicit acknowledgement:
Update Query Reply
EIGRP unreliable packets are packets that do not require explicit acknowledgement:
Hello Ack
www.cisco.com
BSCN8-22
EIGRP Reliable Transport Protocol

Reliable Transport Protocol (RTP) is responsible for guaranteed, ordered delivery of Enhanced IGRP packets to all neighbors. It supports intermixed transmission of multicast or unicast packets. For efficiency, only certain Enhanced IGRP packets are transmitted reliably. On a multi-access network that has multicast capabilities, such as Ethernet, it is not necessary to send hello packets reliably to all neighbors individually. For that reason, Enhanced IGRP sends a single multicast hello packet containing an indicator that informs the receivers that the packet need not be acknowledged. Other types of packets, such as updates, indicate in the packet that acknowledgment is required. RTP contains a provision for sending multicast packets quickly when unacknowledged packets are pending, which helps ensure that convergence time remains low in the presence of varying speed links. All packets carrying routing information (Update/Query/Reply) must be sent reliably, since they are not sent periodically. Assigning a sequence number to each reliable packet, and requiring an explicit acknowledgment for that sequence number provides reliability. Acknowledgments and Hello packets, which help provide the reliability mechanism, by their nature, are not sent reliably.
Configuring EIGRP
8-18
EIGRP Reliable Transport Protocol (cont.)

The router keeps a neighbor list and a retransmission list for every neighbor Each reliable packet (Update, Query, Reply) will be retransmitted when packet is not acked Neighbor relationship is reset when retry limit (limit = 16) for reliable packets is reached
www.cisco.com
BSCN8-23

RTP is also tasked with ensuring that on-going communication is maintained between neighboring routers. As such, a retransmission list is maintained for each neighbor. This list indicates packets (that require acknowledgement) to which responses have not yet been received. Reliable packets that have not been acknowledged will be retransmitted up to a maximum of 16 times. EIGRPs reliability mechanism ensures delivery of critical route information to neighboring routers. This information is required to allow EIGRP to maintain a loop-free topology at all times.
8-19

EIGRP transport has window size of one (stop and wait mechanism)
Every single reliable packet needs to be acknowledged before the next sequenced packet can be sent If one or more peers are slow in acknowledging, all other peers suffer from this
Solution: The nonacknowledged multicast packet will be retransmitted as a unicast to the slow neighbor
www.cisco.com
BSCN8-24

The use of reliable multicast traffic is efficient and effective. A potential delay exists on multiaccess media where multiple neighbors exist. The next reliable multicast packet cannot be transmitted until all peers have acknowledged the previous multicast. If one or more peers are slow to respond, it adversely effects all peers by delaying the next transmission. RTP is designed to handle exceptions just like the one described here. Neighbors that are slow to respond to multicasts will have the nonacknowledged multicast packets retransmitted as unicast packets. This allows the reliable multicast operation to proceed without delaying communication with other peers.
Configuring EIGRP
8-20
Discovering Routes
A 1
Hello
B
I am router A, who is on the link?
Here is my routing information.
Update
4
Topology Table
3 5
Ack
Update Here is my route information.
Ack
Converged
www.cisco.com
BSCN8-30
Discovering Routes
The neighbor establishment and discovering routes processes occur at the same time in EIGRP. A high-level description of the process is as follows: 1. A new router (router A) comes up on the link and sends out a hello through all interfaces. 2. Routers receiving the hello reply with update packets that contain all the routes they have in their routing table, except those learned through that interface (split horizon). In addition, these update packets have the Init bit set, indicating that this is the initialization process. An Update packet includes information about the routes a neighbor is aware of, including the metric that the neighbor is advertising for each destination. 3. Router A replies to each neighbor with an Ack packet, indicating that it received the update information. 4. Router A ports all update packets in its topology table. The topology table includes all destinations advertised by neighboring (adjacent) routers. It is organized such that each destination is listed, along with all the neighbors that can get to the destination, and their associated metric. 5. Router A then exchanges update packets with each of its neighbors. 6. Upon receiving the update packets, each router sends an Ack packet to router A. When all updates are received, the router is ready to choose the primary and backup routes to keep in the topology table.
8-21
EIGRP Route Selection

IP
A B
IP T1 19.2 T1 AppleTalk IPX T1

C D
AppleTalk IPX
EIGRP uses a composite metric to pick the best path

www.cisco.com
BSCN8-31
EIGRP Route Selection

EIGRP route selection is perhaps what distinguishes it most from other routing protocols. Its key characteristics are as follows:
s
EIGRP selects primary and backup routes that are kept in the topology table (up to six per destination). The primary routes are then moved to a routing table. Like OSPF, EIGRP supports several types of routes: internal, external (that is, non-EIGRP), and summary routes.
EIGRP uses the same composite metric as IGRP to determine the best path. The metric can be based on five criteria. The default criteria used are: BandwidthThe smallest bandwidth between source and destination DelayCumulative interface delay along the path Additional criteria that can be used follow. These criteria are not recommended for use because they typically result in frequent recalculation of the topology table. ReliabilityWorst reliability between source and destination based on keepalives LoadingWorst load on a link between source and destination based on bits per second MTUSmallest MTU in path
EIGRP uses the DUAL algorithm to calculate the best route to a destination. DUAL selects routes based on the composite metric and assures that the selected routes are loop-free.
Configuring EIGRP
8-22
EIGRP Metrics Calculation

Metric = [K1 x BW + (K2 x BW) / (256 - Load) + K3 x Delay] x [K5 / (Reliability + K4)]
By Default: K1 = 1, K2 = 0, K3 = 1, K4 = K5 = 0
Delay is sum of all the delays of the link along the paths
Delay = Delay/10
Bandwidth is the lowest bandwidth of the link along the paths

Bandwidth = 10000000/Bandwidth
www.cisco.com
BSCN8-32
EIGRP Metrics Calculation

EIGRP uses the following formula to calculate a metric: Metric = [K1*bandwidth + (K2*bandwidth)/(256 - load) + K3*delay] * [K5/(reliability + K4)] In basic terms, the values K1, K2, K3, K4, and K5 represent Bandwidth, Load, Delay, MTU, and Reliability respectively. K values are carried in Hello packets. Mismatched K values can cause a neighbor to be reset. (Only K1 and K3 are used, by default, in metric complilation). These K values shouldn't be modified without extremely careful planning. Changing these values can cause your network to fail to converge. Some modifications to the values are made for purposes of use in the metric calculation. For example, the format of the Delay and Bandwidth values is different than those displayed by the show interface command. The EIGRP Delay value is divided by 10 to represent it in tens of uSec rather than in uSec as in the sho int display. Likewise, EIGRPs Bandwidth is the inverse of 107 (unlike OSPFs inverse of 109) rather than shown as Kbits in the sho int display. For example, EIGRP values Ethernet Delay as 100 (not as 1000 uSec) and Bandwidth as 1000 (not as 10000K). Enhanced IGRP represents its metrics in a 32-bit format vice the 24-bit representation used by IGRP. This representation allows a more granular decision to be made when calculating successor (and feasible successor) routes. When integrating IGRP routes into an EIGRP domain, multiply the IGRP metric by 256 to get the approximate EIGRP-equivalent metric.
8-23
Choosing Routes
Network 7 (20)
H
(10)
G C
(10)
B
(1)
FDDI
(100)
40 31 230
(100)
30 21 220
(10)
Destination Feasible. Dist. Advert. Dist. Neighbor
Router As Routing Table

7 31 B
Topology Table
7 7 7
H B D
B is current successor (lowest FD) H is the feasible successor (AD < FD) D is not a feasible successor (AD > FD)
www.cisco.com
BSCN8-35
Choosing Routes
EIGRP uses the following process to determine what routes to keep in the topology and route tables: 1. DUAL is run on the topology table to determine the best and loop-free primary and backup routes to each destination. Best is the lowest cost route that is calculated by adding the cost between the next-hop router and the destination (referred to as advertised distance) to the cost between the local router and the next-hop router (referred to as feasible distance). For example, in the graphic, from router A, the advertised distance to network 7 using router B is 21, and the feasible distance is 31 because of the additional link cost between routers A and B, which is 10. The next-hop router(s) selected as the best path is referred to as the successor. Multiple successors can exist, if they have the same feasible distance and use different next-hop routers. All successors are added to the route table. In the graphic, router B is the successor for network 7. The next-hop router(s) for the backup path is referred to as the feasible successor. If the successors route is no longer valid and a suitable feasible successor exists, this feasible successor replaces an invalid successor in the routing table without a recomputation. More than one feasible successor can be kept at one time. These routes need not have the same feasible distance, but their advertised distance must be less than the feasible distance of the successor route. 2. The successors and feasible successors are kept in the topology table, along with all other routes, referred to as possible successors. The only routes removed are those that have a metric of infinity (unreachable).
Configuring EIGRP
8-24
Maintaining Routes - Passive

Net 7 (20)
H
(10)
G C
(10)
B
(1)
FDDI
A
Topology Table
(10)
D
(100) 40 31
(100)
Advert. Dist.
F Neighbor State
Destination Feasible Dist.
7 7
30 21
H B
P P
Router As Routing Table

7 40 H
www.cisco.com
BSCN8-36
Maintaining Routes - Passive

When there is a change in the network, the router that learned about the change advertises it to its neighbors by multicasting an update packet with the change. If the update packets are to notify the neighbors that a router was added to the network, then the process described in the previous Discovering Neighbors and Discovering Routes sections occurs. But if the update packet says that a link has a worse metric, or is no longer available, the router must find an alternative path. To obtain an alternative path, the router that lost the link looks for a new feasible successor in its topology table. If a feasible successor exists, it is promoted to a successor and added to the routing table, and used. The topology table is then recalculated to determine if there are any new feasible successors, based on the new successors feasible distance. If a feasible successor is found, the route remains passive and no interaction with neighboring routers is required. This operation represents the most rapid type of convergence for EIGRP. An example of this condition is demonstrated in the graphic above.
8-25
Maintaining Routes - Active

Net 7 (10) (20)
H G
(10) (10)
A
Topology Table at A
(100)
(100)
Advert. Dist.
Neighbor
State
7 A
40
30
2
At the same time Topology Table at D
Query
Do you have feasible successor to network 7?
Advert. Dist.
Neighbor
State
7 D
40
30
2
Query

www.cisco.com
BSCN8-37
Maintaining Routes Active

When a link fails and if a feasible successor is not available, the following process is followed: 1. The router (router A) flags the failed route as in an active state in the topology table. When routes are operating well, they are in passive state. 2. Router A looks for an alternative path by sending out a query packet to all its neighbors to learn if they have a path to the given destination. The query packet is multicast out every interface except the one from which the dead link was learned about, thus following the split horizon rule. Because the router expects a reply to the query from each neighbor, it tracks the sending and receiving of these packets from each neighbor from the topology table. In the graphic, for example, no feasible successor exists, because no routers advertised distance is less than router Bs feasible distance. As a result, router A must query its neighbors to find new successors and feasible successors. The route to network 7 changes from passive to active state. Router D also used router B as the next-hop router to reach network 7. Router D flags the failed route as in an active state in the topology table and attempts to locate a new route to network 7.
Configuring EIGRP
8-26
Maintaining Routes - Active (cont.)

Destination Feasible Dist. Advert. Dist. Neighbor State
Topology Table at E
7 7
120 140
20 40
Here is a successor to network 7.
F D E
Reply
P P
Topology Table at D
Advert. Dist.
Neighbor
State
220
Here is a successor to network 7.
120 D
Reply
4
State
Topology Table at A
Advert. Dist.
Neighbor
230
220
www.cisco.com
BSCN8-38
Maintaining Routes Active (cont.)

3. If a neighbor has a feasible successor that does not use the querying router, or no route at all to the destination, it unicasts a Reply packet to the requestor indicating the appropriate information. If a neighbor that receives the query is using the querying router as its feasible successor, then it sends its own Query packet to its neighbors, which creates a query ripple effect through the network until a major network boundary is met with, a manual summarization is met with, or the router is on the autonomous system boundary. 4. When the query router receives replies it reacts, based on the answer in the reply: If the reply included a successor or feasible successor, the information is put into its topology table and the querying router waits until all replies are received. Then it recalculates the topology table and adds the successor(s) to the routing table. The route returns to a passive state in the topology table and routing can continue.
If none of the replies includes a successor or feasible successor, the querying router removes the active route from its topology and routing tables. In addition, the router console receives a message indicating that no route was found.
In the graphic, Router D receives a reply from router E about an alternate path to network 7 and goes from active to passive on network 7. Router D sends a unicast reply to A indicating an alternate path and A updates its topology table by moving the route from an active to passive state.
8-27
Removing Routes
Net 7 (10)
D E F G
(10)
(100)
L
(100)
M
(10)
N
(100)
(100)
Query
2
I have no route to network 7.
Reply
Query
I have no route to network 7.
Reply
3
Topology Table at A
Destination Advert. Distance Feasible Dist. Neighbor
State
Entry for network 7 removed

www.cisco.com
BSCN8-39
Removing Routes
If one or more routers to which a query is sent do not respond with a reply within the active time of 180 seconds, EIGRP tears down the neighbor relationship with this rogue router and puts routes that used the rogue router into an active state. Then the querying router generates queries for the route(s) it lost through the rogue router. The reason for these additional queries is that other valid routes (in addition to the route that was just lost) may be reachible through the rogue router and path information about those routes must be relearned. In the graphic, when the link at router D fails, router A goes active on the route to network 7 and queries router L. Router L has no other route to network 7 and generates a query to router M. Router M has no other route to network 7 and generates a query to router N. Each router replies that no additional route to network 7 is available. Router L and router D reply to A indicating no additional path to network 7 is available. As a result, router A removes the entry for network 7 from its topology table.
Configuring EIGRP
8-28
EIGRP DUAL
Diffusing update algorithm (DUAL) Finite-State-Machine
Tracks all routes advertised by neighbors Select loop-free path using a successor and remembers any feasible successors If successor lost Use feasible successor If no feasible successor Query neighbors and recompute new successor
www.cisco.com
BSCN8-40
EIGRP DUAL
The DUAL finite state machine embodies the decision process for all route computations. It tracks all routes advertised by all neighbors. The distance information, known as a metric, is used by DUAL to select efficient loop-free paths. DUAL selects routes to be inserted into a routing table based on feasible successors. A successor is a neighboring router used for packet forwarding that has a least cost path to a destination that is guaranteed not to be part of a routing loop. When there are no feasible successors but there are neighbors advertising the destination, a recompilation must occur. This is the process where a new successor is determined. The amount of time it takes to recalculate the route affects the convergence time. Even though the recompilation is not processor-intensive, try to avoid recompilation if it is not necessary. When a topology change occurs, DUAL tests for feasible successors. If there are feasible successors, it uses any it finds in order to avoid any unnecessary recompilation.
8-29
DUAL Example (Start)

(a)
C
(a)
EIGRP Topology Cost (3) via B Cost (3/1) via D Cost (4/2) via E Cost (4/3)
(fd) (Successor) (fs)
(1) B (1) D
D
(a)
EIGRP Topology Cost (2) (fd) via B Cost (2/1) (Successor) via C Cost (5/3) EIGRP Topology Cost (3) (fd) via D Cost (3/2) (Successor) via C Cost (4/3)
(2) C
(2) (1)
(1) E
E
(a)
www.cisco.com
BSCN8-41

In the graphic, the topology table indicates the following: fd feasible distance equals the sum of the links to reach (a) Cost link cost of the path to (a) (with hops shown, as well) Successor forwarding path to (a), path cost equal to fd fs feasible successor, an alternate path The sample network is stable and converged.
Configuring EIGRP
8-30
DUAL Example
(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D Cost (4/2) (fs) via E Cost (4/3)
(1) B (1)
D
(a) D
X
(1)
(2) C
(2) (1)
E
(a) E
www.cisco.com
BSCN8-42
DUAL Example
Routers B and D detect the link failure. Upon being notified of the link failure, DUAL performs the following steps in the graphic: At D: Marks the path to (a) through B as unusable
8-31
DUAL Example
(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E Cost (4/3)
(1) B (2) Q (1) D
D EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** (fd) **ACTIVE** (fd) via E (q) via C Cost (5/3) (q) E
EIGRP Topology Cost (3) (fd) via D Cost (3/2) (Successor) via C Cost (4/3)
(2) C
(1) Q E
(a)
www.cisco.com
BSCN8-43
DUAL Example
The following steps occur in the graphic: At D: Has no feasible successor to (a) Sets the metric to (a) as unreachable (-1 is unreachable) Goes active on (a) Sends query to C and E for alternate path Marks C and E as having a query pending (q) At E: Marks the path to (a) through D as unusable
Configuring EIGRP
8-32
DUAL Example
(a) C EIGRP Topology (a) Cost (3) (fd) via B Cost (3/1) (Successor) via D via E
(1) B (2) (1) Q

D R
D EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** **ACTIVE** via E (q) via C Cost (5/3) E EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** **ACTIVE** via D via C Cost (4/3) (q)
BSCN8-44
(2) C
(1) E
www.cisco.com
DUAL Example
The following steps occur in the graphic: At D: Receives reply from C, no change to path to (a) Removes query flag from C Stays active on (a), awaiting reply from E (q) At E: Has no feasible successor to (a) Generates query to C Marks C as query pending (q)
8-33
DUAL Example
(1) B (2) (1) R

D EIGRP Topology (a) **ACTIVE** Cost (-1) (fd) **ACTIVE** **ACTIVE** via E (q) via C Cost (5/3) E
(a) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D
(2) C
(1) E
www.cisco.com
BSCN8-45
DUAL Example
The following steps occur in the graphic: At D: At E: Stays active on (a), awaiting reply from E (q) Receives reply from C Removes query flag from C Calculates new fd and installs new successor route in table
Configuring EIGRP
8-34
DUAL Example
(1) B R (2) C (2) (1) (1) E D
D
(a)
EIGRP Topology Cost (5) (fd) via C Cost (5/3) (Successor) via E Cost (5/4) (Successor) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D
E
(a)
www.cisco.com
BSCN8-46
DUAL Example
The following steps occur in the graphic: At D: Receives reply from E Removes query flag from E Calculates new fd Installs new successor routes in table. Two routes match the fd and both are marked as successor.
8-35
DUAL Example
(1) B (2) (1) D
D
(a)
EIGRP Topology Cost (5) (fd) via C Cost (5/3) (Successor) via E Cost (5/4) (Successor) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D
(2) C
(1) E
E
(a)
www.cisco.com
BSCN8-47
DUAL Example
The following steps occur in the graphic: At D: Two successor routes in the topology table for (a). Both successor routes should be listed in the routing table and equal cost load balancing should be in effect.
The network is stable and converged.
Configuring EIGRP
8-36

(a)
C
(a)
EIGRP Topology Cost (3) via B Cost (3/1) via D Cost (4/2) via E Cost (4/3)
(fd) (Successor) (fs)
(1) B (1) D
D
(a)
(2) C
(2) (1)
(1) E
E
(a)
www.cisco.com
BSCN8-48

In the graphic, the original topology (prior to the link failure) shows Es traffic passing through D and B.
8-37
DUAL Example (End)

(a)
C
(a)
EIGRP Topology Cost (3) (fd) via B Cost (3/1) (Successor) via D via E EIGRP Topology Cost (5) (fd) via C Cost (5/3) (Successor) via E Cost (5/4) (Successor) EIGRP Topology Cost (4) (fd) via C Cost (4/3) (Successor) via D
(1) B (2) (1) D
D
(a)
(2) C
(1) E
E
(a)
www.cisco.com
BSCN8-49
DUAL Example (End)

In the graphic, the new topology is represented and shows Ds and Es traffic passing through C and B.
Configuring EIGRP
8-38
Written Exercise: EIGRP Overview

Objective: Describe EIGRP features and operation. Task: In this exercise, you can test your understanding of EIGRP by matching terms with statements. Place the letter of the description in front of the term that the statement describes. A statement may describe several terms.
Term _____ _____ _____ _____ _____ _____ _____ _____ 1. Successor 2. Feasible successor 3. Hello 4. Topology table 5. IP 6. Update 7. AppleTalk 8. Routing table
Statement A) A network protocol that EIGRP supports. B) A table that contains feasible successor information. C) Administrative distance determines routing information that is included in this table. D) A neighbor router that has the best path to a destination. E) A neighbor router that has the best alternative path to a destination. F) An algorithm used by EIGRP that assures fast convergence. G) A multicast packet used to discover neighbors. H) A packet sent by EIGRP routers when a new neighbor is discovered and when a change occurs.
_____ _____
9. DUAL 10. IPX
8-39
Configuring EIGRP
Configuring EIGRP
www.cisco.com
8-51
Configuring EIGRP
Configuring EIGRP
8-40
Configuring EIGRP for IP

AS=109
3.1.0.0 1.1.0.0
B
Token Ring
1.4.0.0 2.7.0.0
2.6.0.0
E
T0
A
S1 S2
2.5.0.0 2.2.0.0
D
S0
2.1.0.0
1.2.0.0
2.3.0.0
Token Ring
2.4.0.0
router eigrp 109 network 1.0.0.0 network 2.0.0.0
Network 3.0.0.0 is not configured on router A because it is not directly connected to router A
www.cisco.com
BSCN8-52
Configuring EIGRP for IP

Perform the following steps to configure EIGRP for IP:
Step 1
Enable EIGRP and define the autonomous system.

router(config)#router eigrp autonomous-system-number
autonomous-system-numberThe number that identifies the autonomous system, it is used to indicate all routers that belong within the internetwork. This value must match on all routers within the internetwork.
Step 2
Indicate which networks are part of the EIGRP autonomous system.

router(config-router)#network network-number
network-numberThe network number determines which interfaces of the router are participating in EIGRP, and which networks are advertised by the router.
Step 3
If using serial and HDLC links, especially for Frame Relay or SMDS, elect the interface to have the bandwidth used for routing updates changed. If you do not change the bandwidth for these interfaces, EIGRP assumes that the bandwidth on the link is of T1 speed. If the link is slower, the router may not be able to converge, or routing updates might become lost. Define bandwidth of a link for the purposes of sending routing update traffic on the link.
router(config-if)#bandwidth kilobits
Step 4
kilobitsIntended bandwidth in kilobits per second. For generic serial interfaces (PPP or HDLC) set the bandwidth to the line speed. For Frame Relay on point-to-point, set it to the CIR, or for multipoint connections set it to the sum of all CIRs.
8-41
EIGRP Summarization Automatic

Purpose: Smaller routing tables, smaller updates, Query boundary Auto summarization:
On major network boundaries, subnetworks are summarized to a single classful (major) network Auto summarization is turned on by default
150.150.X.X 151.151.X.X
150.150.0.0/16
www.cisco.com
BSCN8-53
EIGRP Summarization - Automatic

Some of the features of EIGRP are characteristic of pure distance vector operation. The need to summarize routes at a major network boundary is an example of distance vector behavior. Distance-vector protocols cannot assume the mask for non-directly connected networks because routing masks are not exchanged by the routing updates. In addition to the restrictions imposed by the lack of mask information, summarizing routes at major (classful) boundaries creates smaller routing tables. Smaller routing tables, in turn, make the routing update process less bandwidth intensive. Routing protocols from Cisco that are based upon distance-vector principles have auto summarization enabled by default.
Configuring EIGRP
8-42
EIGRP Summarization Manual

Manual summarization
Configurable on per interface basis in any router within network When summarization is configured on an interface, the router immediate creates a route pointing to null zero with administrative distance of five Loop prevention mechanism When the last specific route of the summary goes away, the summary is deleted The minimum metric of the specific routes is used as the metric of the summary route
www.cisco.com
BSCN8-54
EIGRP Summarization - Manual

The lack of ability to create summary routes at arbitrary boundaries with a major network has been a drawback of distance-vector protocols since their inception. EIGRP has the added functionality to allow administrators to turn off auto summarization and to create one or more summary routes within their network. For manual summarization to be effective, blocks of contiguous addresses (subnets) must come together at a common router so that a single summary route can be advertised by one interface. The number of subnets that can be represented by a summary route is directly related to the number of bits by which the subnet mask has been pulled back towards the major network (natural) mask. The formula of 2n, where n equals the number of bits by which the subnet mask has been reduced, indicates how many subnets can be represented by a single summary route. For example, if the summary mask contains three less bits than the subnet mask then eight subnets can be aggregated into one advertisement. When specifying summary routes the administrator only needs to specify the IP address of the summary route and the routing mask. The IOS software for EIGRP handles many of the details surrounding proper implementation. The IOS handles details about metrics, loop prevention and removal of the route from the routing table when the summary route is no longer valid.
8-43
Configuring Summarization
(config-router)#
no auto-summary
Turns off auto summarization for the EIGRP process

(config-if)#
ip summary-address eigrp <as-number> <address> <mask>
Creates a summary address to be generated by this interface

www.cisco.com
BSCN8-55
Configuring Summarization
EIGRP automatically summarizes routes at the classful boundary. In some cases, however, you may not want autosummarization to occur. For example, if you have discontiguous networks, you need to turn off summarization to minimize router confusion. To turn off automatic summarization, initiate the following command:
router(config-router)#no auto-summary
Use the ip summary-address command to manually create a summary route at an arbitrary network boundary within an EIGRP domain. ip summary-address eigrp Command Description as-number address Autonomous system number of the network being summarized. The IP address being advertised as the summary address. This address does not need to be aligned on Class A, B, or C boundaries. The IP mask being used to create the summary address.
mask
Configuring EIGRP
8-44
Summarizing EIGRP Routes

192.168.4.2 172.16.1.0
A
10.0.0.0
C
S0 World
172.16.2.0
router eigrp 1 network 10.0.0.0 network 172.16.0.0 no auto-summary
router eigrp 1 network 10.0.0.0 network 192.168.4.0 ! int s0 ip address 192.168.4.2 255.255.255.0 ip summary-address eigrp 1 172.16.0.0 255.255.0.0
www.cisco.com
BSCN8-57
Summarizing EIGRP Routes

In the configuration example, routers A and B have turned off automatic route summarization for the 172.16.1 and 172.16.2 subnets as those advertisements pass into network 10.0.0.0. These discontiguous subnets will now be included in the routing tables of routers in the 10.0.0.0 network. At router C, a manual summary route has been created to represent all subnets belonging to network 172.16.0.0 as a single entry in its advertisements to the rest of the world. If you want to summarize networks in an address that you define, do the following:
Step 1 Step 2
Select the interface that will propagate the route summary. Specify the format of the route summary and the autonomous system into which it needs to be injected.
Note that, for manual summarization, the summary is advertised only if a component (an entry that is represented in the summary) of the summary is present in the routing table.
8-45
EIGRP Load Balancing

Routes with metric equal to the minimum metric, will be installed in the routing table (Equal Cost Load Balancing) Up to six entries in the routing table for the same destination
Number of entries is configurable Default is 4
www.cisco.com
BSCN8-58
EIGRP Load Balancing

Load balancing is the ability of a router to distribute traffic over all its network ports that are the same distance from the destination address. Good load-balancing algorithms use both line speed and reliability information. Load balancing increases the utilization of network segments, thus increasing effective network bandwidth. For IP, by default IOS does balance between equal-cost paths. Equal-cost load balancing cannot be disabled, as this is equivalent to removing certain routes from the routing table. When a packet is process switched, load balancing over equal-cost paths is on a per-packet basis. When packets are fast switched, load balancing over equal-cost paths is on a per-destination basis. Remember for testing, dont ping to/from the routers with the fast switching interfaces, because these packets will obviously be process switched rather than fast switched and might lead to confusing results.
Configuring EIGRP
8-46
EIGRP Unequal Cost Load Balancing

EIGRP offers unequal cost load balancing
Variance command
Variance allows the router to include routes with a metric smaller than multiplier times the minimum metric route to that destination
Multiplier is the number specified by the variance command
www.cisco.com
BSCN8-59
EIGRP Unequal Cost Load Balancing

EIGRP can balance traffic across multiple routes that have different metrics. The amount of load balancing that is performed can be controlled by the "variance subcommand. The multiplier is a metric value that is used for load balancing. This value can be from 1-128. The default is 1, which means equal cost load balancing. The multiplier defines the range of metric values that will be accepted for load balancing. In our example on the following page, the value is 40. This value is used in the procedure for determining the "feasibility" of a potential route. A route is feasible if the next router in the path is closer to the destination than the current router and if the metric for the entire path is within the variance. Only paths that are feasible can be used for the load balancing and included in the routing table. The two feasibility conditions are: Local best metric > Best metric learned from the next router The "multiplier" * Local best metric for the destination > Metric through the next router If both of these conditions are met, the route is called feasible and it can be added to the routing table.
8-47
Variance Example
20 10 E
(config)#
10 10 A Network Z
20
25
variance 2 D
Router E will choose router C to get to network Z because FD=20 With variance of 2, router E will also choose router B to get to network Z (20 + 10) < (2 x [FD]) Router D will not be used to get to network Z (45 > 40)
www.cisco.com
BSCN8-60
Variance Example
In the graphic, router E will use router C as the successor because its feasible distance is lowest (20). With the variance command applied to router A, the path through router B meets the criteria for load balancing. In this case, the feasible distance through B is less than twice the feasible distance for the successor (C). Router D will not considered for load balancing because the feasible distance through D is greater than twice the feasible distance for the successor (C). Another Example: If there were four paths to a given destination, and the metrics for these paths were: Path 1: 1100 Path 2: 1100 Path 3: 2000 Path 4: 4000 The router would, by default, place traffic on both paths 1 and 2. Using EIGRP, you can use the variance command to instruct the router to also place traffic onto paths 3 and 4. Traffic will be placed on any link that has a metric less than the best path multiplied by the variance. To load balance over paths 1, 2, and 3, you would use variance 2, because 1100 x 2 = 2200, which is greater than the metric through path 3. Similarly, to also add path 4, you would issue variance 4 under the router eigrp process in configuration mode.
Configuring EIGRP
8-48
Configuring WAN Links

EIGRP supports different WAN links
Point-to-point NBMA Multipoint Point-to-point
EIGRP configurations must address

Bandwidth utilization Overhead traffic associated with router operation
www.cisco.com
BSCN8-61
Configuring WAN Links

Enhanced IGRP has been designed to operate well in WAN environments. It is scalable on both point-to-point links and NBMA links. Due to the inherent differences in operational characteristics of the links listed above, taking the default configuration parameters for all WAN links may not be the best option. A solid understanding of EIGRP operation coupled with a knowledge of available link speeds can yield an efficient, reliable, scalable router configuration.
8-49
EIGRP Bandwidth Utilization

(config-if)#
ip bandwidth-percent eigrp as-number <nnn>
Specifies what percentage of bandwidth EIGRP packets will be able to utilize on this interface Uses up to 50% of the link bandwidth for EIGRP packets, by default
Used for greater EIGRP load control
www.cisco.com
BSCN8-62
EIGRP Bandwidth Utilization

By default, EIGRP will use up to 50% of the bandwidth of an interface or sub interface, as set with the "bandwidth" parameter. This percentage can be changed on a per interface basis by using the following interface subcommands:
router (config-if)#ip bandwidth-percent eigrp <as-number> <nnn>
In the above commands, nnn is the percentage of the configured bandwidth that EIGRP is allowed to use. Note that this can be set to greater than 100. This is useful if the bandwidth is configured artificially low for routing policy reasons. For example,
interface serial0 bandwidth 20 ip bandwidth-percent eigrp 1 200
This configuration would allow EIGRP to use 40Kbps (200% of the configured bandwidth) on the interface. It is essential to make sure that the line is provisioned handle the configured capacity.
Configuring EIGRP
8-50
Bandwidth over WAN Interfaces

Bandwidth utilization over point-to-point subinterfaces using Frame Relay
Treats bandwidth as T1, by default Best practice is to manually configure bandwidth as the CIR of the PVC
www.cisco.com
BSCN8-63
Bandwidth over WAN Interfaces

In the Cisco IOS, point-to-point Frame Relay subinterfaces are assumed to be operating at full T1 link speed. In many implementations only fractional T1 speeds are available and, as a result, when configuring these types of interfaces, set the bandwidth to match the contracted CIR.
8-51
Bandwidth over WAN Interfaces (cont.)
Bandwidth over multipoint Frame Relay, ATM, SMDS, and ISDN PRI:
EIGRP uses the bandwidth on the main interface divided by the number of neighbors on that interface to get the bandwidth information per neighbor
www.cisco.com
BSCN8-64

When configuring multipoint interfaces, especially for Frame Relay, it is important to understand that the bandwidth is shared equally by all neighbors. EIGRP configuration should reflect the correct percentage of the actual available bandwidth on the line.
Configuring EIGRP
8-52

Each PVC might have different CIR, this might create EIGRP packet pacing problem
Multipoint interfaces: Convert to point-to-point configuration Manually configure bandwidth = (lowest CIR x number of PVC) ISDN PRI: Use Dialer Profile (treat as point-to-point link)
www.cisco.com
BSCN8-65

Each installation has a unique topology and with that comes unique configurations. Differing CIR values often require a hybrid configuration that blends the characteristics of point-to-point circuits with multipoint circuits. When configuring multipoint interfaces, configure the bandwidth to represent the minimum CIR times the number of circuits. This approach may not fully utilize the higher-speed circuits but it certainly ensures that the circuits with the lowest CIR will not be overdriven. If the topology has a small number of very low-speed circuits, these interfaces should be defined as point-to-point so that their bandwidth can be set to match the provisioned CIR.
8-53
EIGRP WAN Configuration Pure Multipoint

C interface serial 0 encap frame-relay bandwidth 224
S0
T1 CIR 56
Frame Relay
CIR 56
CIR 56 CIR 56
E F G
All VCs share bandwidth evenly: 4 x 56 = 224

www.cisco.com
BSCN8-66
EIGRP WAN Configuration Pure Multipoint

In the graphic, the interface has been configured for a bandwidth of 224 Kbps. In a pure multipoint topology, each circuit will be allocated one quarter of the configured bandwidth on the interface and this 56K allocation matches the provisioned CIR of each circuit.
Configuring EIGRP
8-54
EIGRP WAN Configuration Hybrid Multipoint

C interface serial 0 encap frame-relay bandwidth 224
S0
T1 CIR 256 BW 224 CIR 256 BW 224 E F
Frame Relay
CIR 56 BW 56 CIR 256 BW 224 H G
Lowest CIR x # of VC: 56 x 4 = 224

www.cisco.com
BSCN8-67
EIGRP WAN Configuration Hybrid Multipoint

In the graphic, one of the circuits has been provisioned for a 56K CIR while the other circuits have been provisioned for a much higher rate. This interface has been configured for a bandwidth that represents the lowest CIR multiplied by the number of circuits being supported. This configuration protects against overwhelming the slowest speed circuit in the topology.
8-55
EIGRP WAN Configuration Hybrid Multipoint (Preferred)

C interface serial 0.1 multipoint bandwidth 768 interface serial 0.2 point-to-point bandwidth 56
S0
T1 CIR 256 BW 256 CIR 256 BW 256 E F
Frame Relay
CIR 56 BW 56 CIR 256 BW 256 H G
Configure lowest CIR VC as point-to-point, specify BW = CIR Configure higher CIR VCs as multipoint, combine CIRs
www.cisco.com
BSCN8-68
EIGRP WAN Configuration Hybrid Multipoint (Preferred)

In the graphic, a hybrid solution is presented. There is only one lower speed circuit and the other circuits are all provisioned to the same CIR. The preferred configuration shows the low-speed circuit being configured as pointto-point in an attempt to match the bandwidth with the CIR value. The remaining circuits are designated as multipoint and their respective CIRs are added together to form the bandwidth for the interface. We should be reminded that in multipoint interfaces the bandwidth is shared equally amongst all circuits. Combining three CIRs of 256 Kbps and then dividing the 768 by three again matches the bandwidth allocation to the link capacity.
Configuring EIGRP
8-56
EIGRP WAN Configuration Pure Point-to-Point

Hub and Spoke with 10x VCs
C interface serial 0.1 point-to-point bandwidth 25 ip bandwidth-percent eigrp 63 110 --interface serial 0.10 point-to-point bandwidth 25 ip bandwidth-percent eigrp 63 110 CIR 56 BW 25 CIR 56 BW 25 H interface serial 0 bandwidth 25 ip bandwidth-percent eigrp 63 110
S0
256
Frame Relay
CIR 56 BW 25 CIR 56 BW 25
E F G
Configure each VC as point-to-point, specify BW = 1/10 of link capacity Increase EIGRP utilization to 50% of actual VC capacity
www.cisco.com
BSCN8-69
EIGRP WAN Configuration Pure Point-to-Point

The graphic illustrates a common hub and spoke topology with ten virtual circuits out to the remotes. This topology is characteristic of an oversubscribed Frame Relay network. The circuits are provisioned as 56K links but there is not sufficient bandwidth at the interface to support the allocation. In a pure point-to-point topology, all virtual circuits are treated equally and are configured for exactly one tenth (25 Kbps) of the available link speed. Enhanced IGRPs default utilization is 50% of the configured bandwidth on the circuit. In an attempt to ensure that EIGRP packets are delivered through the Frame Relay network, each subinterface has the EIGRP allocation percentage raised to 110% of the specified bandwidth. This adjustment results in EIGRP packets receiving approximately 28 Kbps of the provisioned 56 Kbps on each circuit. This effective restores the 50-50 ratio that was tampered with when the bandwidth was set to an artificially low value.
8-57
EIGRP Command Enhancements

Recent command additions improve ease of configuration
Classless networking Neighbor control Stub routers
www.cisco.com
BSCN8-70
EIGRP Command Enhancements

A number of new features are in the works for EIGRP in order to make it even more scalable and flexible. The next few slides will briefly explain some of these features.
Note Refer to the release notes to see the final form of the features!
Configuring EIGRP
8-58
Classless Network Statements

(config-router)#
network ip-address wildcard-mask
Selects interfaces to participate in the EIGRP process Allows for supernetted interfaces Provides more granular control of interfaces
Uses a wildcard mask to determine matching bit strings
www.cisco.com
BSCN8-71
Classless Network Statements

Provides similar functionality to OSPF wildcard bits. In the past, supernetted interfaces were required to be redistributed as connected (showed up as externals.) With this feature, supernetted interfaces can be included natively, as internal routes. Refer to the example on the following page to demonstrate a supernetted route. This feature also allows you to identify which interfaces are to be included under the EIGRP process. In the past, you could only define the major network and then would have to put passive-interface in for every interface that you didnt intend to run EIGRP on. For reference only! This feature is integrated in 12.0(03.00.02)PI04 12.0(03.04)T 12.0(03.04)PI5.1.
8-59
Classless Network Configuration

10.4.17.0 /24 192.31.42.0 /27 192.31.44.0 /27 192.168.12.0 /27 router eigrp 1 network 10.1.0.0 0.0.255.255 network 192.31.0.0 0.0.255.255 On the left, enables upper two serial links for EIGRP On the right, enables two Ethernets for EIGRP, but not the serial link to the external domain
OSPF Domain
10.1.1.0 /24 10.1.2.0 /24
www.cisco.com
BSCN8-72
Classless Network Configuration

In the graphic, the network statements applied to the EIGRP process contain a wildcard mask (similar to OSPF configurations) to further delineate interface participation in the EIGRP routing process. When the wildcard mask of 0.0.255.255 applied to the interfaces in the left-hand cloud, it selects only interfaces that match 192.31 in the first two octets. The upper two serial interfaces match the network criteria and will route EIGRP packets. The first two octets of the address on the serial link leading to the OSPF domain do not match the requirement set down by the network 10.1.0.0 0.0.255.255 statement. As a result, EIGRP Hellos and updates will not be sent into the OSPF domain. In the right-hand cloud, both Ethernet interfaces have been selected to route EIGRP because their interface addresses start with 10.1
The ability to specify classless networks at the interface level is a new feature first Note made available in IOS release 12.0.
Configuring EIGRP
8-60
Neighbor Control
(config-router)#
eigrp neighbor auto-discovery [interface]
Defines how neighbors are discovered

(config-router)#
neighbor ip-address
Permits explicit definition of neighbors Provides supports non-broadcast media (Classical IP on ATM)
www.cisco.com
BSCN8-73
Neighbor Control
In the past, EIGRP would allow you to define neighbor statements; they just didnt actually do anything! Now you will be able to define explicit neighbors for testing and security, and will now allow you to run EIGRP over networks that dont support broadcasts/multicasts, such as Classical IP over ATM. Also, by being able to select neighbors on multiaccess interfaces, this command provides additional security and screening from external routes.
8-61
Neighbor Control Configuration

OSPF Domain B 10.4.17.11 E0 A C 10.4.17.3 10.4.17.1 router eigrp 1 no eigrp neighbor auto-discovery e0 neighbor 10.4.17.7 EIGRP neighbor relationship will only be formed with router D
D 10.4.17.7
www.cisco.com
BSCN8-74
Neighbor Control Configuration

In the example above, the automatic neighbor discovery mechanism using the multicast hellos has been disabled on interface Ethernet 0. The neighbor statement requires EIGRP to use unicast addressing to establish a neighbor relationship with router D whose address is also part of the neighbor statement. In this topology, disabling automatic neighbor discovery helps to enforce the security policy of keeping the two routing domains (EIGRP and OSPF) separate and distinct.
Configuring EIGRP
8-62
Stub Routers
(config-router)#
stub [connected] [static] [summary] [receive-only]
Defines how router participates in route advertisements Defined on remote routers Restricts route advertisement to connected, static, summary, or none Queries are not propagated to stub routers
www.cisco.com
BSCN8-75
Stub Routers
EIGRP stub support will allow you simply define your remote routers to advertised only as connected, static, summary, or none (depending on the configuration) back to the distribution layer. This will eliminate the problem with routes reflecting through the remote routers as if they were intended to be transit. This problem is especially prevalent in redundant topologies. This would take the place of defining the distribute-list out on the remote routers advertising only local routes. Additionally, the distribution layer router will see in the received hello that the remote is a stub, so it will not send a query to the remote about any route loss in the remainder of the network. This is a major improvement, since there has not been any way up to now to stop queries from flowing to the remotes!
8-63
Normal Query Operation

Distribution Layer
10.1.80/24
Remote Sites
Queries Replies
X
B
D A E
www.cisco.com
BSCN8-76
Normal Query Operation

The graphic above indicates normal query operation in a redundant, two-layer design model. When a link fails at the distribution layer and no feasible successor is available, router B send queries out all interfaces except the link that failed. Upon receipt of the query, the remotes generate queries of their own because they have no route to the failed link. These queries are reflected back up to the distribution layer by the redundant topology. The result is similar to a broadcast storm reported in bridged topologies, but at least there is a limit to this flurry of query activity.
Configuring EIGRP
8-64
Reduced Query Traffic Stub Router Configuration

Distribution Layer Queries Replies
10.1.80/24
Remote Sites
X
B
D A E
Remote Routers (Router C, D, and E) Are All Defined as Stub Routers
router eigrp 1 stub connected

BSCN8-77
www.cisco.com
Reduced Query Traffic Stub Router Configuration

When the stub command is applied to the remotes, excessive query activity is terminated. The announcement of stub configuration is carried in the Hello packets generated by the remotes. Because the remotes have no transit function when defined as a stub, the distribution routers suppress queries to the remotes when searching for an alternate to the lost route. Notice from the arrows on the graphic that the query activity is limited to the distribution layer which represents a considerable bandwidth savings.
8-65
Using Enhanced IGRP in Scalable Internetworks

www.cisco.com
8-78
Configuring EIGRP
8-66
Factors That Influence EIGRP Scalability

EIGRP is not plug and play for large networks Limit EIGRP query range! Quantity of routing information exchanged between peers
Advertise major network or default route to regions or remotes
www.cisco.com
BSCN8-79
Factors That Influence EIGRP Scalablility

The following factors (and others) impact how scalable a network is: The amount of information being exchanged between neighbors. If more information is passed than necessary for routing to function correctly, EIGRP will have to work harder at neighbor startup and reacting to changes in the network. When a change occurs in the network, the amount of resources consumed by EIGRP will be directly related to the number of routers that must be involved in the change. The depth of the topology is also a factor in how scalable a network is. This describes the situation where you have to propagate the information through many hops (depth) for convergence. A Multinational network without summarization is an example of this type of condition. The number of alternative paths through the network can also impact scalability in a network. A network should provide alternative paths in order to avoid single points of failure. Too much complexity (alternative paths), however, can also create problems with EIGRP converging.
8-67
EIGRP Query Process

Queries are sent out when a route is lost and no feasible successor is available The lost route is now in active state Queries are sent out to all of its neighbors on all interfaces except the interface to the successor If the neighbor does not have the lost route information, queries are sent out to their neighbors
www.cisco.com
BSCN8-80
EIGRP Query Process

EIGRP is Advanced Distant Vector. It relies on its neighbor(s) to provide routing information If a route is lost and no feasible successor is available, EIGRP needs to converge fast, its only mechanism for fast convergence is to actively query for the lost route to its neighbors. Whenever a router loses a route and does not have a feasible successor in its topology table it will look for an alternative path to the destination. This is known as going active on a route. It will query its neighbors to determine if they have an alternate path. It will not however, send queries out the interface that it had the original route through. If any of the queried neighbors have an alternative path, they will reply that they do. If not, then they will query each of their neighbors for an alternative path. The queries will then propagate out through the network. If a router has an alternate route it will answer the query and not propagate it further. This will stop the spread of the query through that branch of the network. The query may still spread through other portions of the network.
Configuring EIGRP
8-68
EIGRP Query Process (cont.)

The router will have to get ALL of the replies from the neighbors before the router calculates the successor information If any neighbor fails to reply the query in three minutes, this route is stuck in active and the router resets the neighbor that fails to reply Solution for stuck in active is to: Limit query range, also known as query scoping
www.cisco.com
BSCN8-81
EIGRP Query Process (cont.)

Due to the reliable multicast approach used by EIGRP when searching for an alternate to a lost route, it is imperative that a reply be received for each query generated in the network. If after a route goes active and the query sequence are initiated, the only way the route can come out of the active state is receive a reply for every generated query. If any neighbor fails to reply to a query, the route stays active at the querying router. This condition is known as stuck in active and it can be difficult to isolate the actual cause of why the replies were not received. A Supplement is provided in Appendix A to assist in troubleshooting stuck in active conditions. One way to help avoid the stuck in active condition is to limit the scope of queries propagation through the network. By keeping the query packets close to the source, we are reducing the chance of an isolated failure in another part of the network from restricting the convergence process on the local router.
8-69
EIGRP Query Range

Autonomous System Boundaries
Contrary to popular belief, queries are not bounded by AS boundaries. Queries from AS 1 will be propagated to AS 2
A AS 2 Query for X
B AS 1 Reply for X
Network X
X
1
Query for X
3
2
www.cisco.com
BSCN8-82
EIGRP Query Range

Many networks have been implemented using multiple EIGRP AS to sort of simulate OSPF areas. With mutual redistribution between the different AS Cisco used to recommend this design a number of years ago. While this approach does change the way the network behaves, it is not doing what most think it does. Many think that using multiple EIGRP AS will bound the query range, decreasing the chances of a stuck-in-active route. This is only sort of true. If a query reaches the edge of the AS (where routes are redistributed into another AS), the original query will indeed be answered. A new query will be initiated in the other AS. However, we havent really stopped the query process. Weve just changed who will be affected if something bad happens and we get stuck on the route. Instead of the AS where the route went active, the SIA would occur in the other AS. However, if things are bad enough that an SIA was going to happen if it were all one AS, its not likely that the multiple AS will change the timing enough to stop it. Another misconception is that having multiple AS protects one AS from route flaps in another AS. If components are passed between AS, this isnt true. Transitions in routes from one AS will be felt in the other AS, as well.
Configuring EIGRP
8-70
EIGRP Query Range (cont.)

Summarization point
Auto or manual summarization is the best way to bound queries Requires a good address allocation scheme
B Summarizes 130.0.0.0/8 to A 130.130.1.0/24 129.x.x.x A B Query for 130.130.1.0/24 C 130.x.x.x
1
Query for 130.130.1.0/24
BSCN8-83
Reply with Infinity and the Query Stops Here!

2
www.cisco.com
EIGRP Query Range (cont.)

The best solution to control queries is to reduce the range of queries. This is done by summarization. The query range by itself, however, is not a common reason for stuck in active routes being reported. The most common reason for stuck in active routes is that some router on the network cannot answer a query for some reason, such as: The router is too busy to answer the query (generally high cpu utilization) The router is having memory problems, and cannot allocate the memory to process the query or build the reply packet the circuit between the two routers is not good A lot of packets are being lost between the routers, but enough packets are getting through to keep the neighbor relationship up, and some queries or replies are not Unidirectional links (a link on which traffic can only flow in one direction due to a failure)
8-71
Limiting Size/Scope of Updates/Queries

Evaluate routing requirements
What routes are needed where?
Once needs are determined

Use summary address Use distribute lists
www.cisco.com
BSCN8-84
Limiting Size/Scope of Updates/Queries

Very seldom do remote routers need to know all of the routes being advertised in the entire network. The network manager needs to look at what information is necessary to properly route user traffic to where it needs to go. There are trade-offs between how much information is supplied to the remote routers to provide the desired level of path selection. In other words, maximum stability/scalability is felt when the remote routers only use a default route to reach the core. If some component knowledge needs to be allowed so that optimum path selection can take place for those targets, then a business decision needs to be made. Once the minimum requirements are determined, either summary-address statements need to be added on the outbound interfaces of the routers or distribute-list statements need to be added to the router process. These mechanisms are used to limit what information is provided to the end system.
Configuring EIGRP
8-72
Limiting Updates/QueriesExample
Distribution Layer
Queries Replies
10.1.8.0/24
Remote Sites
B D A E
www.cisco.com
BSCN8-85
Limiting Updates/Queries - Example

In the sample network above, each dual-homed remote router would be seen as a valid alternative path to 10.1.8.0 from router A unless information-hiding techniques are used. Once the query process starts, each path receives duplicate convergence traffic due to the redundancy designed into the topology. This topology and the reflective nature of the query traffic was described in detail in an earlier section of this chapter.
8-73
Limiting Updates/QueriesReality
Remote routers are fully involved in convergence
Most remotes are never intended to be transit Convergence complicated through lack of information hiding
www.cisco.com
BSCN8-86
Limiting Updates/Queries - Reality

In the example on the previous page, not only are the remote routers required to respond to questions (queries) from the distribution layer, they also continue the search by reflecting the queries back toward the distribution layer. This significantly complicates the convergence process on the network. With our example of only two distributions and three remotes, its not all that significant. On a real network with possibly hundreds of remotes, it can be brutal. In most networks the designer put dual legs to remotes in order to improve their uptime reaching the remainder of the network. Rarely if ever does a designer desire for traffic to go from the distribution layer to the remote and back, so why is convergence acting as if this is a valid alternative path? We didnt tell it any different, that's why. The design of this sample network is sound, but due to the nature of the selected routing protocols behavior, it involves the remote routers in the convergence decision. The remote routers have too much information in their topology tables. Several ways to solve this condition are presented on the following pages.
Configuring EIGRP
8-74
Limiting Updates/QueriesBetter
Distribution Layer
Queries Replies
10.1.8.0/24
Remote Sites
B D A
ip summary-address eigrp 1 10.0.0.0 255.0.0.0 on all outbound interfaces to remotes
www.cisco.com
BSCN8-87
Limiting Updates/Queries - Better

With the summary-address commands on the outbound interfaces of router A and router B, some route components are not sent to the remote routers at all, so they will not reflect the routes back to the distribution layer. This approach reduces the convergence traffic by absorbing the reflective aspects caused by the redundant topology. Likewise, if the distribute-list out commands were installed at the remote routers their advertisements would be limited to only those networks that exist at that remote site. Therefore, they wont even reflect the summary route from router A back to router B, nor will they reflect the summary route from router B back to router A. This will minimize the part the remote routers play in the update and query process and will increase the stability and scalability of this network.
8-75
Limiting Updates/QueriesBest
Distribution Layer Queries Replies
10.1.80/24
Remote Sites
X
B
D A E
Remote Routers (Router C, D, and E) Are All Defined as Stub Routers
router eigrp 1 stub connected

BSCN8-88
www.cisco.com
Limiting Updates/Queries - Best

In the previous example, weve decreased the role of the remotes so that they dont propagate the queries back to the distribution layer, so convergence is significantly simplified. It can still create problems is a massive number of queries are sent to the remotes at once, however. A new feature (stub routers) will decrease the remotes role even farther, by removing the remote routers from the query path entirely! As described earlier in this section, the stub command was created to handle situations and topologies similar to this example. The distribution layer routers (A and B), once neighbor relationships are formed with the remote routers, would suppress route components (also known as information hiding) advertisements to routers C, D, and E. This approach eliminates the remote routers from the convergence process, speeds convergence and increases overall network stability.
Note The stub command is only available on IOS release 12.0 and later.
Configuring EIGRP
8-76
Limiting Updates/Queries Summary

Convergence simplified by adding the summary-address statements
Remote routers just reply when queried, do not forward queries
In recent IOS releases, use the stub command on remote routers
www.cisco.com
BSCN8-89
Limiting Updates/Queries - Summary

As seen by the preceding examples, even sound network designs can require additional configuration commands to optimize bandwidth utilization and to reduce convergence time. In earlier releases of the IOS, the most effective method to restrict the scope of queries was the establishment of route summarization boundaries. In more recent releases of the IOS the stub router command, severely limits the bandwidth consumed by the query process, especially in redundant topologies.
8-77
EIGRP Scalability Rules

EIGRP is a very scalable routing protocol if proper design methods are used:
Good allocation of address space Each region should have an unique address space so route summarization is possible Have a tiered network design model (Core, Distribution, Access)
www.cisco.com
BSCN8-90
EIGRP Scalability Rules

EIGRP possesses many features that allow the creation of large to very large internetworks. As with any large network, good, solid design principles are the foundation upon which the infrastructure rests. Address allocation is critical to any design effort because, irregardless of the advanced routing protocol selected, logical blocks of addresses are a requirement for route summarization to occur. Having a two- or three-layered hierarchy with routers positioned by function rather than by geography greatly assists traffic flow and route distribution.
Configuring EIGRP
8-78
Nonscalable NetworkExample
Core
1.1.1.0 1.1.2.0 2.2.3.0 3.3.4.0 2.2.1.0 3.3.2.0 3.3.3.0 1.1.4.0
3.3.1.0 2.2.2.0 1.1.3.0

Token Ring Token Ring
1.1.1.0 3.3.4.0
Token Ring
2.2.1.0
1.1.4.0
Token Ring
3.3.1.0
Token Ring
1.1.2.0
2.2.3.0 2.2.2.0
1.1.3.0
Token Ring
3.3.4.0 3.3.3.0
Bad addressing scheme

Subnets are everywhere throughout entire network
Queries not bounded

www.cisco.com
BSCN8-91
Nonscalable Network - Example

The graphic indicates a topology where addresses (subnets) are randomly assigned or at least assigned by historical requirements. In this example, multiple subnets from different major networks are located in each cloud. The number of routes injected into the core is far greater than necessary because route summarization is not possible. In addition, due to the random assignment of addresses, query traffic cannot be localized to any portion of the network and that fact delay convergence time.
8-79
Scalable NetworkExample
Core 1.0.0.0 2.0.0.0
1.1.1.0 1.1.4.0
3.0.0.0
3.3.1.0 2.2.1.0
3.3.4.0
Token Ring
1.1.2.0
1.1.3.0 2.2.2.0
2.2.3.0
Token Ring
3.3.4.0 3.3.3.0
Readdress the network

Each region has its own block of addresses
Queries bounded by using ip summary-address eigrp command

www.cisco.com
BSCN8-92
Scalable Network - Example

This graphic illustrates a more well-designed network. Subnet addresses form individual major networks are localized with each of the clouds. This allows for the creation of summary routes to be injected into the core. As an added benefit, the summary routes act a boundary for the queries generated by a topology change.
Configuring EIGRP
8-80
Tiered Network Design

Summarized Routes Other Regions Core Other Regions Summarized Routes Distribution Layer Summarized Routes Summarized Routes Other Regions Summarized Routes Other Regions
Summarized Routes
Access Layer
www.cisco.com
BSCN8-93
Tiered Network Design

A tiered network model provides benefits at all layers of the hierarchical model. At the core: Summarized routes reduce the size of the routing table in the core routers. These smaller tables make for efficient lookups that speed user traffic on its way to its final destination. This reinforces the concept of a high-speed switching core. At the distribution layer: Summarized routes at the distribution layer help select the most efficient path for user traffic from different regions by reducing the number of entries that need to be checked. At the access layer: Proper allocation of blocks of addresses to remote offices enables local traffic to remain local and not to unnecessarily burden other portions of the network.
8-81
More EIGRP Scalability Rules

Proper network resources
Sufficient memory on the router Sufficient bandwidth on WAN interfaces
Proper configuration of the bandwidth statement over WAN interfaces, especially over Frame Relay Avoid blind mutual redistribution between two routing protocols or two EIGRP processes
www.cisco.com
BSCN8-94
More EIGRP Scalability Rules

Enhanced IGRP will operate more efficiently is some common network design principles are followed. Routers located at convergence points within the network must be equipped to sufficient memory to buffer a large number of packets and to support numerous processes related to routing large volumes of traffic. Especially in hub and spoke topologies, adequate bandwidth is required on WAN links. There should be enough bandwidth to allow necessary router overhead traffic from interfering with or competing with normal user generated traffic. If reliable EIGRP packets are lost due to contention for bandwidth, a lack of convergence is a far greater problem than application delays experienced by some users. Multiple autonomous systems or routing domains can share route information through the redistribution process. Proper implementation of redistribution requires route filters to prevent feedback loops from forming. It is strongly recommended that redistribution between multiple ASs or multiple routing protocols be accompanied by route filters.
Configuring EIGRP
8-82
Verifying Enhanced IGRP Operation

www.cisco.com
8-95
8-83

Router#
show ip eigrp neighbors

Router#
Displays the neighbors discovered by IP Enhanced IGRP Displays the IP Enhanced IGRP topology table Displays current Enhanced IGRP entries in the routing table Displays the parameters and current state of the active routing protocol process Displays the number of IP Enhanced IGRP packets sent and received
show ip eigrp topology

Router#
show ip route eigrp

Router#
show ip protocols
Router#
show ip eigrp traffic
www.cisco.com
BSCN8-96

The following show commands can be used to verify EIGRP operation: Command show ip eigrp neighbors show ip eigrp topology Description Displays neighbors discovered by EIGRP. Displays the EIGRP topology table. This command shows the topology table, the active/passive state of routes, the number of successors, and the feasible distance to the destination. Displays the current EIGRP entries in the routing table. Displays the parameters and current state of the active routing protocol process. This command shows the EIGRP autonomous system number. It also displays filtering and redistribution numbers as well as neighbors and distance information. Displays the number of EIGRP packets sent and received. This command displays statistics on hello, updates, queries, replies, and acknowledgments.
show ip route eigrp show ip protocols
show ip eigrp traffic
The lab exercise Configuring EIGRP enables you to practice using some of these commands.
Configuring EIGRP
8-84
Summary
Summary
Enhanced IGRP is an advanced routing protocol that uses the DUAL algorithm Enhanced IGRP has the following features:
Converges rapidly Incremental updates Routes IP, IPX, and AppleTalk Summarizes routes
www.cisco.com
BSCN8-97
Summary
8-85
Case Study Configuring EIGRP
Case Study
www.cisco.com
8-98
Case Study - Enhanced IGRP
Configuring EIGRP
8-86
Case Study - Enhanced IGRP

Autonomous System 400
Frame Relay Network
Class C
Redundant PVCs to each
Class B Gigabit Ethernet Fast Ethernet Ethernet Serial

www.cisco.com
BSCN8-99
Case Study Enhanced IGRP

The case study illustrates some key features within Enhance IGRP, such as:
s s s s s s s
Only routers within the same AS exchange route information Support for VLSM and discontiguous subnets Automatic route summarization at major network boundaries Manual route summarization at arbitrary network boundaries Support for various WAN topologies, including NBMA Efficient bandwidth utilization for overhead routing operations Support for hierarchical designs
8-87
Lab Exercise: Configuring EIGRP
Lab Exercise
www.cisco.com
8-100
Exercise: Configuring EIGRP
Configuring EIGRP
8-88
www.cisco.com
8-101
8-89
Configuring EIGRP
8-90
Configuring Basic Border Gateway Protocol (BGP)
Overview
This chapter introduces the Border Gateway Protocol (BGP), including the fundamentals of BGP operation This chapter includes the following topics:
s s s s s s s s s s
Objectives BGP Overview When Not To Use BGP BGP Terminology BGP Operation Written Exercise: BGP Operation Configuring BGP Verifying BGP Summary Review questions
Objectives
Objectives
Describe BGP features and operation Describe how to connect to another AS using an alternative to BGP, static routes Explain how BGP policy-based routing functions within an AS Explain how BGP peering functions Describe and configure External and Internal BGP Describe BGP synchronization Given a set of network requirements, configure a BGP environment and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN9-2
s s
Describe BGP features and operation Describe how to connect to another Autonomous System (AS) using an alternative to BGP, static routes Explain how BGP policy-based routing functions within an Autonomous System Explain how BGP peering functions Describe and configure External and Internal BGP Describe BGP synchronization Given a set of network requirements, configure a BGP environment and verify proper operation (within described guidelines) of your routers
s s s s
Notes to reviewers: Compared to the Design Document, topics in this chapter have been significantly re-ordered Note and new topics have been added, in order that for all of the concepts required be explained, and the contents flow better. The objective and contents from chapter 10 on static routes was moved to this chapter as it fits better here.
BGP Overview
This section provides an overview of BGP. Understanding BGP first requires an understanding of autonomous systems.
Autonomous Systems
IGPs: RIP, IGRP, OSPF, EIGRP EGPs: BGP
An autonomous system (AS) is a collection of networks under a a single technical administration IGPs operate within an autonomous system EGPs connect different autonomous systems
www.cisco.com
BSCN9-4
One way to categorize routing protocols is by whether they are interior or exterior:
s
Interior gateway protocols (IGPs)Routing protocols used to exchange routing information within an autonomous system. RIP, IGRP, OSPF and EIGRP are examples of IGPs. Exterior gateway protocols (EGPs)used to connect between autonomous systems. Border Gateway Protocol (BGP) is an example of an EGP.
BGP is an inter-domain routing protocol, also known as an EGP. All of the routing protocols we have seen so far in this course are interior routing protocols, also known as IGPs. BGP version 4, BGP-4, is the latest version of BGP and is defined in RFC 1771. As noted in this RFC, the classic definition of an autonomous system is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs. Nowadays, ASs may use more than one IGP, with potentially several sets of metrics. The important characteristic of an AS from the BGP point of view is that the AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it. All parts of the AS must be connected to each other. The Internet Assigned Numbers Authority (IANA) is the umbrella responsible for allocating autonomous system numbers. Specifically, the American Registry for
Copyright 1999, Cisco Systems, Inc. Configuring Basic Border Gateway Protocol 9-3
Internet Numbers (ARIN) has the jurisdiction for assigning numbers for the Americas, Caribbean, and Africa. Reseaux IP Europeennes-Network Information Center (RIPE-NIC) administers the numbers for Europe, and the Asia Pacific-NIC (AP-NIC) administers the autonomous system numbers for the Asia-Pacific region. This autonomous system designator is a 16-bit number, with a range of 1 to 655535. RFC 1930 provides guidelines for the use of AS numbers. A range of AS numbers, 64512 through 65530, is reserved for private use, much like the private IP addresses discussed in chapter 4.
Using the IANA-assigned autonomous system number rather than some other Note number is only needed if your organization plans to use an EGP such as BGP.
BGP Is Used Between ASs

BGP AS 100
BB
AS 200
BGP
A
AS 400
BGP
D
AS 300
BGP is used between autonomous systems Guarantees exchange of loop-free routing information
www.cisco.com
BSCN9-5
The main goal of BGP is to provide an inter-domain routing system that guarantees the loop-free exchange of routing information between autonomous systems. Routers exchange information about paths to destination networks. BGP is a successor of EGP, the Exterior Gateway Protocol. (Note the reuse of the EGP acronym). The EGP protocol was developed to isolate networks from each other, as the beginnings of the Internet grew. There are many RFCs relating to BGP-4, including: 1771, 1772, 1773, 1774, 1863, 1930, 1965, 1966, 1997, 1998, 2042, 2283, 2385, and 2439. BGP-4 has many enhancements over earlier protocols. It is used extensively in the Internet today to connect ISPs and to connect enterprises to ISPs.
Configuring Basic Border Gateway Protocol 9-5
When To Use BGP

BGP is most appropriate when at least one of the following conditions exist:
zAn AS allows packets to transit through it to reach other ASs. zAn AS has multiple connections to other ASs zThe flow of traffic entering and leaving your AS must be manipulated. zThe effects of BGP are well understood.
www.cisco.com
BSCN9-6
BGP was designed to allow Internet Service Providers (ISPs) to communicate and exchange packets. These ISPs have multiple connections to one another, and have agreements to exchange updates. BGP is the protocol that is used to implement these agreements between two or more ASs. BGP, if not properly controlled and filtered, has the potential to allow an outside AS to affect your routing decisions. This chapter and the next will focus on how BGP operates and how to configure it properly, so you can prevent this from happening.
When Not To Use BGP

This section discusses when BGP is not appropriate and the use of the alternative, static routes.
When NOT To USE BGP

BGP is not always appropriate, dont use BGP if you have one of the following conditions:
zA single connection to the Internet or other AS zRouting policy and route selection are not a concern for your AS zLack of memory or processor power on BGP routers to handle constant updates zLimited understanding of route filtering and BGP path selection process zLow bandwidth between ASs
Use static routes instead

www.cisco.com
BSCN9-7
BGP is not always the appropriate solution to interconnect ASs. For example, if only one path exists, a default route would be appropriate. Using BGP would not accomplish anything except to use router CPU resources and memory. If the routing policy that will be implemented in an AS is consistent with policy implemented in the ISP AS, it is not necessary or even desirable to configure BGP in that AS. The use of static routes to connect to another AS is reviewed in the next few pages.
Static Route Command Review

Router(config)#
ip route prefix mask {address | interface } [ distance ]
Creates a static route Can establish a floating route
www.cisco.com
BSCN9-8
Use the ip route command to define a static route entry in the IP routing table. ip route Command prefix mask address interface distance Description IP route prefix and mask for the destination to be entered into the IP routing table. IP address of the next hop that can be used to reach the destination network. Identifies the local router outbound interface to be used to reach the destination network. Administrative distance.
As discussed in an earlier chapter, if there is more than one route to a destination, the administrative distance determines which one will be put in the routing table, with the lower administrative distance preferred. By default, the administrative distance of a static route specified with the address parameter is set to 1. The default administrative distance of a static route specified with the interface parameter is set to 0. You can establish a floating static route by using an administrative distance larger than the default distance used by the dynamic routing protocol. A floating static route is a statically configured route that can be overridden by dynamically learned routing information. Thus, a floating static route can be used to create a path of last resort that is used only when no dynamic information is available.
RIP Static Route Example
10.1.1.0
RIP 172.16.0.0
A SO 10.1.1.1 10.1.1.2
ISP AS200 Service Provider Running BGP
ip route 0.0.0.0 0.0.0.0 S0 ! router rip network 172.16.0.0
www.cisco.com
BSCN9-9
The route 0.0.0.0 is a default route in the IP routing table. If there is no matching route for the destination IP address in the routing table, then the 0.0.0.0 will match the address and cause the packet to be routed out interface serial 0.
OSPF Example
10.1.1.0
OSPF 172.16.0.0
A SO 10.1.1.1 10.1.1.2
ISP AS200 Service Provider Running BGP
ip route 0.0.0.0 0.0.0.0 S0 ! router ospf 111 network 172.16.0.0 0.0.255.255 area 0 default-information originate always
OSPF default configuration using a static route

www.cisco.com
BSCN9-10
The default-information originate always command in OSPF propagates a default route into the OSPF routing domain. The configuration in this example has an effect similar to the previous RIP example. The always keyword causes the default route to always be advertised, whether or not the router has a default route. This ensures that the default route will get advertised into OSPF.
BGP Terminology
BGP has a lot of concepts that become clearer if you understand the terminology. This section discusses BGP characteristics, the concepts of BGP neighbors, internal and external BGP, policy-based routing, and BGP attributes.
BGP Characteristics
BGP is a distance-vector protocol with enhancements:
Reliable updates - BGP runs on top of TCP (port 179) Incremental, triggered updates only Periodic keepalives to verify TCP connectivity Rich metrics (called path vectors or attributes) Designed to scale to huge internetworks
www.cisco.com
BSCN9-11
What type of protocol is BGP? In an earlier chapter we discussed the characteristics of distance vector, link state and hybrid routing protocols. BGP is a distance vector protocol, but is has many differences to the likes of RIP. BGP uses TCP as its transport protocol, which provides connection-oriented reliable delivery. In this way, BGP assumes that its communication is reliable and therefore it doesnt have to implement any retransmission or error recovery mechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCP connection with one another and exchange messages to open and confirm the connection parameters. These two routers are called peer routers or neighbors. Once the connection is made, full routing tables are exchanged. However since the connection is reliable, BGP routers need only send changes (incremental updates) after that. Periodic routing updates are also not required on a reliable link, so triggered updates are used. BGP sends keepalive messages, similar to the hello messages sent by OSPF and EIGRP. BGP routers exchange network reachability information, called path vectors, made up of path attributes, including a list of the full path (of BGP AS numbers) that a route should take in order to reach a destination network. This path information is used in constructing a graph of ASs that is loop free and where routing policies can be applied in order to enforce some restrictions on the routing behavior. The path is loop free because a router running BGP will not accept a routing update that already includes its AS number in the path list, since this would mean that the
update has already passed through its AS, and accepting it again would result in a routing loop.
Tables
IGP Routing Protocol IP BGP BGP Routing Protocol
BGP has its own table, in addition to the IGP Routing Table Information can be exchanged between the two tables
www.cisco.com
BSCN9-12
BGP keeps its own table, for storing BGP information received from and sent to other routers. This table is separate from the IP routing table in the router. The router can be configured to share information between the two tables.
Peers = Neighbors
neighbors
AS 200
B C
neighbors A
AS 100
Any two routers that have formed a TCP connection in order to exchange BGP routing information are called peers or neighbors.
www.cisco.com
BSCN9-14
As mentioned, BGP peers are routers with which a router has established a BGP connection. BGP peers are also known as neighbors and can be either internal to the AS or external to the AS.
Internal BGP (IBGP)

IBGP neighbors
AS 200
B C
neighbors A
AS 100
When BGP neighbors belong to the same AS Neighbors do not have to be directly connected
www.cisco.com
BSCN9-15
When BGP is running between routers within one AS it is termed internal BGP (IBGP). IBGP is run within an AS in order to exchange BGP information within the AS, so that it can be passed to other autonomous systems. Routers running IBGP do not have to be directly connected to each other, so long as they can reach each other (usually because an IGP is running within the AS).
External BGP (EBGP)

IBGP neighbors
AS 200
B C
EBGP neighbors A
AS 100
When BGP neighbors belong to different ASs Neighbors should be directly connected
www.cisco.com
BSCN9-16
When BGP is running between routers in different ASs it is termed external BGP (EBGP). Routers running EBGP are usually directly connected to each other.
Policy-Based Routing
BGP allows administrators to define policies, or rules, for how data will flow through the ASs BGP and associated tools cannot express all routing policies
BGP does not enable one AS to send traffic to a neighbor AS intending that the traffic take a different route from that taken by traffic originating in the neighbor AS
However, BGP can support any policy conforming to (i.e. implementable by) the hop-by-hop routing paradigm
www.cisco.com
BSCN9-17
BGP allows policy decisions at the AS level to be enforced. This setting of policies, or rules, for routing is known as policy-based routing. BGP specifies that a BGP router can advertise to its peers in neighboring ASs only those routes that it itself uses. This rule reflects the "hop-by-hop" routing paradigm generally used throughout the current Internet. Some policies cannot be supported by the "hop-by-hop" routing paradigm and thus require techniques such as source routing to enforce. For example, BGP does not enable one AS to send traffic to a neighboring AS, intending that the traffic take a different route from that taken by traffic originating in the neighboring AS. On the other hand, BGP can support any policy conforming to the "hop-by-hop" routing paradigm. Since the current Internet uses only the "hop-by-hop" routing paradigm and since BGP can support any policy that conforms to that paradigm, BGP is highly applicable as an inter-AS routing protocol for the current Internet.
BGP Attributes
BGP metrics are called path attributes. Characteristics of attributes include: Well-known versus optional Mandatory versus discretionary Transitive versus non-transitive Partial
www.cisco.com
BSCN9-18
Routers send BGP update messages about destination networks. These update messages include information called attributes. Some terms define how these attributes are implemented: An attribute is either well-known or optional, mandatory or discretionary, transitive or non-transitive. An attribute may also be partial. Not all combinations of these characteristics are valid. In fact, path attributes fall into four separate categories: 1. Well-known mandatory 2. Well-known discretionary 3. Optional transitive 4. Optional non-transitive Only optional transitive attributes may be marked as partial. These characteristics are described on the following pages.
Well-known Attributes
Well-known attributes
must be recognized by all compliant BGP implementations are propagated to other neighbors HQ
Well-known mandatory attributes

must be present in all update messages
Well-known discretionary attributes

could be present in update messages
www.cisco.com
BSCN9-19
A well-known attribute is one that all BGP implementations must recognize. These attributes are propagated to BGP neighbors. A mandatory attribute must appear in the description of a route. A discretionary attribute does not need to appear.
Optional Attributes
Optional attributes
recognized by some implementations (could be private), expected not to be recognized by everyone recognized optional attributes are propagated to other neighbors based on their meaning
Optional transitive attributes

if not recognized, marked as partial and propagated to other neighbors
Optional non-transitive attributes

discarded if not recognized
www.cisco.com
BSCN9-20
An optional attribute need not be supported by all BGP implementations. If it is supported it may be propagated to BGP neighbors. A transitive attribute that is not implemented in a router can be passed to other BGP routers untouched. In this case, the attribute is marked as partial. A nontransitive attribute must be deleted by a router that has not implemented the attribute.
BGP Attributes
BGP Attributes include:
AS-path Next-hop Local preference MED Origin
www.cisco.com
BSCN9-21
The attributes defined by BGP include: Well-known mandatory attributes: AS-path Next-hop Origin Well-known discretionary attributes: Local preference Atomic aggregate Optional transitive attributes: Aggregator Communities Optional non-transitive attribute: Multi-Exit-Discriminator (MED) In addition, Cisco has defined a Weight attribute for BGP. Each of the attributes shown on the graphic is expanded upon in the following pages. The other attributes are explained in later sections in this chapter or in the following chapter.
AS-Path Attribute
AS 100 192.168.1.0
A B
AS 200 192.168.2.0
AS 300 192.168.3.0
A list of ASs that a route has traversed

For example, on Router B the path to 192.168.1.0 is the AS sequence 300 200
www.cisco.com
BSCN9-22
The AS-path attribute is a well-known mandatory attribute. Whenever a route update passes through an AS, the AS number is prepended to that update. The ASpath attribute is actually the list of AS numbers that a route has traversed in order to reach a destination. The components of this list can be AS-SEQUENCEs, which are ordered lists, or AS-SETs, which are unordered sets. An AS-SEQUENCE is an ordered mathematical set of all the ASs that have been traversed. The need for AS-SETs is discussed in the CIDR and Aggregate Addresses section later in this chapter. In the graphic, network 192.168.1.0 is advertised by Router A in AS 100. When that route traverses AS 300, Router C will prepend its own AS number to it. So when 192.168.1.0 reaches Router B, it will have two AS numbers attached to it. From Router Bs perspective the path to reach 192.168.1.0 is (300,100). The same applies for 192.168.2.0 and 192.168.3.0. Router As path to 192.168.2.0 will be (300,200) i.e. traverse AS 300 and then AS 200. Router C will have to traverse path (200) in order to reach 192.168.2.0 and path (100) in order to reach 192.168.1.0.
Next-Hop Attribute
172.20.0.0 172.20.10.1
AS
B 200 10.10.10.1
172.20.10.2 C
10.10.10.2 A
172.16.0.0
AS 100
Next-Hop to reach a network

Router A will advertise network 172.16.0.0 to Router B in EBGP, with a next hop of 10.10.10.2 Router B advertises 172.16.0.0 in IBGP to Router C keeping 10.10.10.2 as the next hop address
www.cisco.com
BSCN9-23
The BGP next-hop attribute is a well-known mandatory attribute that indicates the next hop IP address that is to be used to reach a destination. For EBGP, the next hop is the IP address of the neighbor specified who sent the update. In the graphic, Router A will advertise 172.16.0.0 to Router B, with a next hop of 10.10.10.2 and Router B will advertise 172.20.0.0 to Router A with a next hop of 10.10.10.1. For IBGP, the protocol states that the next hop advertised by EBGP should be carried into IBGP. Because of that rule, Router B will advertise 172.16.0.0 to its IBGP peer Router C, with a next hop of 10.10.10.2 (Router As address). Therefore Router C knows the next hop to reach 172.16.0.0 is 10.10.10.2, not 172.20.10.1 as you might expect. It is therefore very important that Router C knows how to reach the 10.10.10.0 subnet, either via an IGP or a static route; otherwise it will drop packets destined to 172.16.0.0 because it would not be able to get to the next hop address for that network.
Next-Hop on Multi-Access Network

172.20.0.0 10.10.10.1 B 172.30.0.0
AS 200
10.10.10.2 C EBGP 10.10.10.3 A 172.16.0.0
AS 100
In a multi-access network
Router B will advertise network 172.30.0.0 to Router A in EBGP, with a next hop of 10.10.10.2, not 10.10.10.1 This avoids an unnecessary hop
www.cisco.com
BSCN9-24
When running BGP over a multi-access network such as ethernet, a BGP router will use the appropriate address as the next-hop address, to avoid inserting additional hops into the network. This feature is sometimes called third party next-hop. For example, in the graphic, assume that Router B and C in AS 200 are running an IGP. Router B can reach network 172.30.0.0 via 10.10.10.2. Router B is running BGP with Router A. When Router B sends a BGP update to Router A regarding 172.30.0.0 it will use as the next hop 10.10.10.2 and not its own IP address (10.10.10.1). This is because the network between the three routers is a multiaccess network and it makes more sense for Router A to use Router C as a next hop to reach 172.30.0.0 rather than making an extra hop via Router B.
Next-Hop on NBMA Network

172.20.0.0 10.10.10.1 B 172.30.0.0
AS 200
10.10.10.2 C EBGP
FR
172.16.0.0 A
10.10.10.3
AS 100
In an NBMA network
By default, Router B will advertise network 172.30.0.0 to Router A in EBGP, with a next hop of 10.10.10.2, not 10.10.10.1. Can be overridden
www.cisco.com
BSCN9-25
If the common media between routers is a NBMA (Non Broadcast Media Access) media, then complications may occur. For example, in the graphic we change the last example so that the three routers are connected by Frame Relay. Router B can still reach network 172.30.0.0 via 10.10.10.2. When Router B sends a BGP update to Router A regarding 172.30.0.0 it will use as the next hop 10.10.10.2 and not its own IP address (10.10.10.1). A problem will arise if Router A and Router C do not know how to communicate directly; i.e. if Routers A and C do not have a map to each other. Router A will not know how to reach the next hop address on Router C. This behavior can be overridden in Router B by configuring it to advertise itself as the next hop address for routes sent to Router A.
Local Preference Attribute

AS 690 172.16.0.0 AS 1755 AS 1880
Local pref = 200
Needs to go to 690
AS 666
B Local pref = 150
AS 200
Paths with highest preference value are most desirable

Preference configured on routers Preference sent to internal BGP neighbors only
www.cisco.com
BSCN9-26
Local preference is a well-known discretionary attribute that provides an indication to routers in the AS about which path is preferred to exit the AS. A path with a higher local preference is more preferred. The local preference is an attribute that is configured on a router and exchanged only among routers within the same AS. The default value for local preference on a Cisco router is 100. For example, in the graphic AS 200 is receiving updates about network 172.16.0.0 from two directions. Assume the local preference on Router A is set to 200 and the local preference on Router B is set to 150. Since the local preference information is exchanged within AS 200, all traffic in AS 200 addressed to network 172.16.0.0 will be sent to Router A as an exit point from AS 200.
MED Attribute
AS 200
172.20.0.0 B MED = 150 C MED = 200
172.16.0.0
AS 100
Paths with lowest MED (also called the metric) value are most desirable
MED configured on routers MED sent to external BGP neighbors only
www.cisco.com
BSCN9-27
The Multi-exit-discriminator (MED) attribute, also called the metric, is an optional non-transitive attribute. The MED was known as the Inter-AS attribute in BGP-3. The MED is an indication to external neighbors about the preferred path into an AS. This is a dynamic way to influence another AS on which way it should choose in order to reach a certain route, if there are multiple entry points into an AS. A lower value of a metric is more preferred. Unlike local preference, the MED is exchanged between ASs. The MED is carried into an AS and used there, but is not passed onto the next AS. When the same update is passed on to another AS, the metric will be set back to its default of 0. By default a router will compare the MED attribute only for paths from neighbors in the same AS. For example, in the graphic, Router B has set the MED attribute to 150 and Router C has set the MED attribute to 200. When Router A receives updates from Routers B and C, it will pick Router B as the best next hop because 150 is less than 200.
Origin Attribute
IGP (i)
Network command
EGP (e)
Redistributed from EGP
Incomplete (?)
Redistributed from IGP or static
www.cisco.com
BSCN9-28
The origin is a well-known mandatory attribute that defines the origin of the path information. The origin attribute can be one of three values:
s
IGP: The route is interior to the originating AS. This normally happens when the network command (discussed later in this chapter) is used to advertise the route via BGP. An origin of IGP is indicated with an "i" in the BGP table. EGP: The route is learned via the EGP (Exterior Gateway Protocol). This is indicated with an "e" in the BGP table. Incomplete: The origin of the route is unknown or is learned via some other means. This usually occurs when a route is redistributed into BGP. An incomplete origin is indicated with a "?" in the BGP table.
Weight Attribute (Cisco only)

AS 200
B D C
AS 400
172.20.0.0
AS 300
Weight = 200
Weight = 150
AS 100
Paths with highest Weight value are most desirable

Weight configured on routers, on a per neighbor basis Weight not sent to any BGP neighbors
www.cisco.com
BSCN9-29
The weight attribute is a Cisco defined attribute, used for the path selection process. The weight is configured locally to a router and is not propagated to any other routers. The weight can have a value from 0 to 65535. Paths that the router originates have a weight of 32768 by default and other paths have a weight of zero by default. Routes with a higher weight are preferred when multiple routes exist to the same destination. In the graphic, Router B and Router C learn about network 172.20.0.0 from AS 400 and will propagate the update to Router A. Router A has two ways to reach 172.20.0.0 and has to decide which way to go. In the example, Router A sets the weight of updates coming from Router B to 200 and the weight of those coming from Router C to 150. Since the weight for Router B is higher than the weight for Router C, we will force Router A to use Router B as a next hop to reach 172.20.0.0.
BGP Synchronization
Synchronization Rule:
Do not advertise a route to an external neighbor until a matching route has been learnt from an IGP
Ensures consistency of information throughout the AS Avoids black holes within the AS Safe to turn off when there is a full IBGP mesh
www.cisco.com
BSCN9-30
The BGP synchronization rule states that a BGP router should not advertise a route to an external neighbor unless that route is local or is learnt from the IGP. If your autonomous system is passing traffic from one AS to another AS, BGP should not advertise a route before all routers in your AS have learned about the route via IGP. BGP will wait until IGP has propagated the route within the AS and then will advertise it to external peers. This is done so that all routers in the AS are synchronized and will be able to route traffic that the AS advertises to other ASs that it is able to route. BGP synchronization is on by default. If all routers in the AS were running BGP, only then would it be safe to turn it off.
BGP Synchronization (contd)

C
AS 10
EBGP
AS 1
E
IBGP B EBGP
AS 2 172.16.0.0
Assume BGP info is not redistributed into AS 10; Routers C and D are not running BGP.
If synchronization is on (the default) then

Router A would not use or advertise the route to 172.16.0.0, until it receives the matching route via an IGP Router E would not hear about 172.16.0.0
If synchronization is off then

Router A would use and advertise the route it receives via BGP. Router E would hear about 172.16.0.0 If Router E sends traffic for 172.16.0.0, Router C would drop the packets since it has no route to 172.16.0.0
www.cisco.com
BSCN9-31
The synchronization rule also results in other behavior on BGP routers. In the example in the graphic, assume that Routers C and D are not running BGP and do not receive any of the routes that Routers A and B learn from BGP. (Sharing information between routing protocols is called redistribution and is covered in chapter 13). Specifically, they do not know about the network 172.16.0.0 that Router B learns from AS 2. Router B will advertise the route to 172.16.0.0 to Router A using IBGP. By default Router A will not use the route to 172.16.0.0, nor will it advertise that route to Router E in AS 1. Note that Router B will use the route to 172.16.0.0 and will install it in its routing table. If synchronization is turned off in AS 10, Router A can use the route to 172.16.0.0, will install the route in its routing table, and will advertise it to Router E. This is where the problem occurs. Router E now may send traffic destined for network 172.16.0.0. Router E will send the packets to Router A; Router A will forward them to Router C. Router C has not learnt a route to 172.16.0.0 and therefore will drop the packets. If all of the routers in AS 10 were running IBGP, turning off synchronization would not create this problem.
BGP Operation
This section describes the operation of the BGP protocol.
BGP Packet Types

BGP Defines the following message types:
OPEN
includes hold time and BGP Router ID
KEEPALIVE UPDATE
information for one single path only (could be to multiple networks) includes path attributes and networks
NOTIFICATION
when error detected BGP connection closed after sent
www.cisco.com
BSCN9-33
BGP peers will initially exchange their full BGP routing tables. From then on incremental updates are sent as the routing table changes. Keepalive packets are sent to ensure that the connection is alive between the BGP peers, and notification packets are sent in response to errors or special conditions. After a TCP connection is established, the first message sent by each side is an OPEN message. If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is sent back. Once the OPEN is confirmed, the BGP connection is established and UPDATE, KEEPALIVE, and NOTIFICATION messages may be exchanged. An OPEN Message includes the following information:
s
Hold time: maximum number of seconds that may elapse between the receipt of successive KEEPALIVE and/or UPDATE messages by the sender. Upon receipt of an OPEN message, the router calculates the value of the Hold Timer to use by using the smaller of its configured Hold Time and the Hold Time received in the OPEN message. BGP Router Identifier (Router ID): This 32-bit field indicates the BGP Identifier of the sender. The BGP Identifier is an IP address assigned to that router and is determined on startup. The BGP router ID is chosen the same way that the OSPF router ID is chosen it is highest active IP address on the router, unless a loopback interface with an IP address exists, in which case it is the highest such loopback IP address.
BGP does not use any transport protocol-based keep-alive mechanism to determine if peers are reachable. Instead, KEEPALIVE messages are exchanged between peers often enough as not to cause the Hold Timer to expire. If the negotiated Hold Time interval is zero, then periodic KEEPALIVE messages will not be sent. KEEPALIVE message consists of only message header. An UPDATE message has information on one single path only; multiple paths require multiple messages. All of the attributes in the message refer to that path, and the networks are those that can be reached through it. An UPDATE message may include the following fields:
s
Withdrawn Routes: A list of IP address prefixes for routes that are being withdrawn from service, if any. Path Attributes: These path attributes are the AS-Path, origin, local preference, etc. discussed earlier in this chapter. Each path attribute includes the attribute type, attribute length, attribute value. The attribute type consists of the attribute flags followed by the attribute type code. Network Layer Reachability Information: This field contains a list of IP address prefixes that can be reached by this path.
A NOTIFICATION message is sent when an error condition is detected. The BGP connection is closed immediately after sending it. Notification messages include an error code, an error subcode, and data related to the error.
Route Selection Decision Process

Consider only (synchronized) routes with no AS loops and a valid next-hop, then :
Prefer highest weight (local to router) Prefer highest local preference (global within AS) Prefer route originated by the local router Prefer shortest AS path Prefer lowest origin code (IGP < EGP < incomplete) Prefer lowest MED (from other AS) Prefer EBGP path over IBGP path Prefer the path through the closest IGP neighbor Prefer the path with the lowest neighbor BGP router id
www.cisco.com
BSCN9-34
After BGP receives updates about different destinations from different autonomous systems, the protocol decides which path to choose in order to reach a specific destination. BGP will choose only a single path to reach a specific destination. The decision process is based on the attributes discussed earlier in this chapter. When faced with multiple routes to the same destination, BGP chooses the best route for routing traffic toward the destination. The following process summarizes how BGP on a Cisco router chooses the best route. 1. If the path is internal, synchronization is on and route is not synchronized, do not consider it. 2. If the Next-Hop address of a route is not reachable do not consider it. 3. Prefer the route with the highest Weight. (Recall that the weight is Cisco proprietary and is local to the router only). 4. If multiple routes have the same Weight, prefer the route with the highest Local Preference. (Recall that the local preference is used within an AS). 5. If multiple routes have the same Local Preference, prefer the route that was originated by the local router. 6. If multiple routes have the same Local Preference, or if no route was originated by the local router, prefer the route with the shortest AS path. 7. If the AS path length is the same, prefer the lowest origin code (IGP<EGP<Incomplete). 8. If all origin codes are the same, prefer the path with the lowest MED. (Recall that the MED is sent from other ASs). The MED comparison is only done if the neighboring autonomous system is the same for all routes considered, unless the bgp always-compare-med command is enabled.
The most recent IETF decision regarding BGP MED assigns a value of infinity to Note the missing MED, making the route lacking the MED variable the least preferred. The default behavior of BGP routers running Cisco IOS software is to treat routes without the MED attribute as having a MED of 0, making the route lacking the MED variable the most preferred. To configure the router to conform to the IETF standard, use the bgp bestpath missing-as-worst command.
9. If the routes have the same MED, prefer external paths (EBGP) over internal paths (IBGP). 10. If IGP synchronization is disabled and only internal paths remain, prefer the path through the closest IGP neighbor. This means the router will prefer the shortest internal path within the AS to reach the destination (the shortest path to the BGP next-hop). 11. Prefer the route with the lowest neighbor BGP Router ID value. The path is put in the routing table and propagated to the routers BGP neighbors.
CIDR and Aggregate Addresses

AS 200
B D C
AS 400
192.168.1.0/24
AS 300
192.168.2.0/24
192.168.0.0/16 A
AS 100
Routes can be aggregated when passing through an AS

www.cisco.com
BSCN9-35
As discussed in chapter 4, Classless Inter-domain Routing (CIDR) is a mechanism developed to help alleviate the problem of exhaustion of IP addresses and growth of routing tables. The idea behind CIDR is that blocks of multiple Class C addresses can be combined, or aggregated, to create a larger classless set of IP addresses. These multiple Class C addresses can then be summarized in routing tables, resulting in fewer route advertisements. Earlier versions of BGP did not support CIDR; BGP-4 does. Support includes:
s
The BGP UPDATE message includes both the prefix and the prefix length; previous versions only included the prefix, the length was assumed from the address class. Addresses can be aggregated when advertised by a BGP router. The AS-path attribute can include AS-SEQUENCEs, which are ordered lists, and AS-SETs, which are unordered sets. An AS-SEQUENCE is an ordered mathematical set of the ASs that have been traversed. The AS_SET is an unordered set of other ASs, not included in the AS-SEQUENCE, that any of the non-aggregated routes would transverse. The combination of the ASs listed in the both components should be considered to ensure that the route is loopfree.
s s
As an example, in the graphic Router C is advertising network 192.168.2.0/24 and Router D is advertising network 192.168.1.0/24. Router A could pass those advertisements to Router B; however, Router A could reduce the size of the routing tables by aggregating the two routes into one, for example 192.168.0.0/16. There are two BGP attributes related to aggregate addressing. The well-known discretionary attribute atomic aggregate informs the neighbor AS that the originating router has aggregated the routes. The optional transitive attribute aggregator specifies the BGP Router ID and AS number of the router that performed the route aggregation.
By default the aggregate route will be advertised as coming from the autonomous system that did the aggregation and will have the atomic aggregate attribute set to show that information might be missing; the AS numbers in the non-aggregated routes are not listed. The router can be configured to include the AS-SET, the list of all ASs contained in all paths that are being summarized. In the example in the graphic, by default the aggregated route 192.168.0.0/16 would have an AS-path attribute of (100). If Router A was configured to include the AS-SET, it would include the AS-SET of {300, 400} as well as (100) in the AS-path attribute.
In the example, the aggregate route that Router A is sending covers more that the Note two routes from Routers C and D. The example assumes that Router A also has jurisdiction over all of the other routes covered by this aggregate route.
Written Exercise: BGP Terminology and Operation

Objectives:
s s
Describe BGP features and operation. Explain how BGP policy-based routing functions within an Autonomous System. Explain how BGP peering functions. Describe External and Internal BGP. Describe BGP synchronization.
s s s
Task: Answer the following questions. 1. What protocol does BGP us as its transport protocol? What port number does BGP use? _________________________________________________________________ 2. Any two routers that have formed a BGP connection are called BGP ________ or BGP _________. 3. Write a brief description of the following: Internal BGP _______________________________________ External BGP ______________________________________ Well-known attributes _______________________________ Transitive attributes __________________________________ BGP synchronization _____________________________________ 4. For an external update advertised by IBGP, where does the value for the nexthop attribute of an update come from? _________________________________________________________________ 5. Describe the complication that an NBMA network can cause for the next-hop attribute of an update. _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ 6. Complete the table to answer the following questions about these BGP attributes: Which order are the attributes preferred in (1, 2 or 3)? For the attribute, is the highest or lowest value preferred? Which other routers if any is the attribute sent to? Attribute Order Preferred Highest or Lowest value Sent to which other routers?
in Local Preference MED Weight
preferred?
7. How is the BGP Router ID chosen? _________________________________________________________________ _________________________________________________________________
Configuring BGP
This section covers the commands used to configure the BGP features discussed in this chapter.
Basic BGP Commands
Router(config)#
router bgp autonomous-system
Enables the BGP routing protocol
www.cisco.com
BSCN9-39
The syntax of these commands is similar to the syntax for configuring internal routing protocols; however, there are significant differences in the way that an external protocol functions. Use the router bgp command to activate the BGP protocol and identify the local autonomous system. router bgp Command autonomous-system Description Identifies the local autonomous system.
Basic BGP Commands (Contd)

neighbor {ip-address|peer-group-name} remote-as autonomous-system
Activates a BGP session with another router, used for either IBGP or EBGP
network network-number mask network-mask
Allows BGP to advertise an IGP route if it is already in the IP table Does not activate the protocol on an interface
www.cisco.com
BSCN9-40
Use the neighbor remote-as command to identify a peer router with which the local router will establish a session. neighbor remote-as CommandDescription ip address peer-group-name autonomous-system Identifies the peer router. Name of a BGP peer group (peer groups are covered in the next chapter). Identifies the autonomous system of the peer router.
The value placed in the autonomous system field of the neighbor command determines whether the communication with the neighbor is an EBGP or an IBGP session. If the autonomous system field configured in the router bgp command is identical to the field in the neighbor remote-as command, then BGP will initiate an internal session. If the field values are different, then BGP will initiate an external session. Use the network command to permit BGP to advertise a network if it is present in the IP routing table. network Command network-number network-mask Description Identifies an IP network to be advertised by BGP. Identifies the subnet mask to be advertised by BGP
The network command controls which networks are originated by this router. This is a different concept from what you are used to when configuring IGPs. The network command does not start up BGP on certain interfaces; rather it indicates to BGP which networks it should originate from this router. The mask portion is used because BGP-4 can handle subnetting and supernetting. The list of network commands must include all networks in your AS that you want to advertise, not just those locally connected to your router.
Prior to Cisco IOS Release 12.0, there was a limit of 200 network commands per BGP router; this limit has now been removed. The routers resources, such as the configured NVRAM or RAM determine the maximum number of network commands you can now use.
BGP Example #1
AS 109
B 172.16.0.0 A 10.1.1.2 10.1.1.1
AS 110
172.17.0.0
RtrA(config)#router bgp 109 RtrA(config-router)# neighbor 10.1.1.1 remote-as 110 RtrA(config-router)# network 172.16.0.0
RtrB(config)#router bgp 110 RtrB(config-router)# neighbor 10.1.1.2 remote-as 109 RtrB(config-router)# network 172.17.0.0
www.cisco.com
BSCN9-41
The graphic shows an example of BGP configuration. Routers A and B define each other as BGP neighbors, and will start an EBGP session. Router A will advertise the network 172.16.0.0/16 while Router B will advertise the network 172.17.0.0/16.
Next-hop-self
neighbor {ip-address|peer-group-name} next-hop-self
Forces all updates for this neighbor to be advertised with this router as the next hop
www.cisco.com
BSCN9-42
As mentioned earlier, it is sometimes necessary, for example in an NBMA environment, to override the default behavior of a router and force it to advertise itself as the next hop address for routes sent to a neighbor. The neighbor next-hop-self command is used to force BGP to use its own IP address as the next hop rather than letting the protocol choose the next hop address to use. neighbor next-hop-self Command ip address Description Identifies the peer router to which advertisements will be sent with this router identified as the next hop. Name of a BGP peer group (peer groups are covered in the next chapter).
peer-group-name
Disabling BGP Synchronization

no synchronization
Disables BGP synchronization so that a router will advertise routes in BGP before learning them in IGP
www.cisco.com
BSCN9-43
As discussed earlier, there are some cases when you do not need BGP synchronization. If you will not be passing traffic from a different autonomous system through your AS, or if all routers in your AS will be running BGP, you can disable synchronization. Disabling this feature can allow you to carry fewer routes in your IGP and allow BGP to converge more quickly. Use synchronization if there are routers in the AS that are not running BGP. Synchronization is on by default. Use the no synchronization command to disable it.
Configuring BGP for Aggregate Addressing

aggregate-address ip-address mask
Creates an aggregate (summary) entry in the BGP table Use the summary-only option to only advertise the summary and not the specific routes Add the as-set option to include an AS-SET attribute that aggregates the ASs in all of the paths
www.cisco.com
BSCN9-44
The aggregate-address command is used to create an aggregate, or summary, entry in the BGP table. aggregate-address Command Description ip address mask The aggregate address to be created. The mask of the aggregate address to be created.
The aggregate-address command has some optional parameters, including summary-only Causes the router to advertise only the aggregated route; the default is to advertise both the aggregate and the more specific routes Generates AS-SET path information with the aggregate route to include all of the AS numbers listed in all of the paths of the more specific routes. The default for the aggregate route is to list only the AS number of the router that generated the aggregate route.
as-set
When you use this command, the aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)
Resetting BGP
Router#
clear ip bgp {* | address} [soft [in | out]]
Resets BGP connections Use after changing BGP configuration
www.cisco.com
BSCN9-45
Use the clear ip bgp command to remove entries from the BGP routing table and reset BGP sessions. Use this command after every configuration change to ensure that the change is activated and that peer routers are informed. clear ip bgp Command * address soft in | out Description Clear all. Identifies a specific network to be removed from the BGP table. Soft reconfiguration. Triggers inbound or outbound soft reconfiguration. If the in or out option is not specified, both inbound and outbound soft reconfiguration are triggered.
If you specify BGP soft reconfiguration, by including the soft keyword, the sessions are not reset and the router sends all routing updates again. To generate new inbound updates without resetting the BGP session, the local BGP speaker would have to store all received updates without modification regardless of whether it is accepted by the inbound policy, using the neighbor softreconfiguration command. This process is memory intensive and should be avoided if possible. Outbound BGP soft configuration does not have any memory overhead. You can trigger an outbound reconfiguration on the other side of the BGP session to make the new inbound policy take effect.
BGP Example #2
AS 200
172.16.10.0 192.168.1.49 B 10.1.1.1 172.16.20.0 192.168.1.50 C 172.16.0.0/16 10.1.1.2
AS 100
A 192.168.2.0
www.cisco.com
BSCN9-46
The graphic shows another BGP example. The configuration for Router B is shown on the next page.
BGP Example #2 (contd)

1. RtrB(config)#router bgp 200 2. RtrB(config-router)# neighbor 10.1.1.2 remote-as 100 3. RtrB(config-router)# neighbor 192.168.1.50 remote-as 200 4. RtrB(config-router)# network 172.16.10.0 mask 255.255.255.0 5. RtrB(config-router)# network 192.168.1.0 mask 255.255.255.0 6. RtrB(config-router)# no synchronization 7. RtrB(config-router)# neighbor 192.168.1.50 next-hop-self 8. RtrB(config-router)# aggregate-address 172.16.0.0 255.255.0.0 summary-only
www.cisco.com
BSCN9-47
The first three commands establish that Router B has two BGP neighbors Router A in AS 100 and Router C in AS 200. The next two commands allow Router B to advertise networks 172.16.10.0 and 192.168.1.0 to its BGP neighbors. Assuming Router C is advertising 172.16.20.0 in BGP, Router B would get that route but would not pass it to Router A until the no synchronization command (the sixth command) is added to both Router B and C, since we are not running an IGP in this example. This command can be used here since all of the routers in the AS are running BGP. The clear ip bgp * command would be required on Routers B and C in order to reset the BGP sessions after the synchronization has been turned off. By default Router B will pass the BGP advertisement from Router A about network 192.168.2.0 to Router C with the next hop address left as 10.1.1.2. Router C does not know how to get to 10.1.1.2 though, so it will not install the route. The neighbor 192.168.1.50 next-hop-self command will force Router B to send advertisements to Router C with its own (Router B) address as the next hop address. Router C will then be able to reach 192.168.2.0. Router A will learn about both subnets 172.16.10.0 and 172.16.20.0. However once the aggregate-address 172.16.0.0 255.255.0.0 summary-only command is added to Router B, Router B will summarize the subnets and send only the 172.16.0.0/16 route to Router A.
Verifying BGP
Verifying BGP
show ip bgp show ip bgp summary show ip bgp neighbors debug ip bgp
www.cisco.com
BSCN9-49
Verifying BGP operation can be accomplished using the following show commands:
s
show ip bgpDisplays entries in the BGP routing table. Specify a network number to get more specific information about a particular network. show ip bgp summaryDisplays the status on all BGP connections. show ip bgp neighborsDisplays information about the TCP and BGP connections to neighbors.
s s
Other BGP show commands can be found in the BGP documentation on Ciscos web site or on the Documentation CD-ROM. Debug commands display events as they are happening on the router. For BGP, the debug ip bgp command has the following options:
s s s s
dampening events keepalives updates
BGP dampening BGP events BGP keepalives BGP updates
Show ip bgp
RTRA#show ip bgp BGP table version is 5, local router ID is 192.168.2.1 Status codes:s suppressed,d damped,h history,* valid,> best,i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 172.16.0.0 *> 192.168.1.0 *> 192.168.2.0 Next Hop 10.1.1.1 10.1.1.1 0.0.0.0 Metric LocPrf Weight Path 0 200 i 0 0 200 i 0 32768 i
www.cisco.com
BSCN9-50
This example output is taken from Router A in BGP Example #2. The status codes are shown at the beginning of each line of output and the origin codes are shown at the end of each line of output. From the example output, we can see that Router A learnt about two networks from 10.1.1.1. The path it will use to get to these networks is via AS 200, and the routes have origin codes of IGP.
Show ip bgp summary
RTRA#show ip bgp sum BGP table version is 5, main routing table version 5 3 network entries and 3 paths using 363 bytes of memory 3 BGP path attribute entries using 372 bytes of memory BGP activity 3/0 prefixes, 3/0 paths 0 prefixes revised. Neighbor 10.1.1.1 V AS MsgRcvd MsgSent 14 13 TblVer 5 InQ OutQ Up/Down 0 0 00:08:03 State/PfxRcd 2
4 200
www.cisco.com
BSCN9-51
This example output is taken from Router A in BGP Example #2. Router A has one neighbor, 10.1.1.1. It speaks BGP version 4 with that neighbor, who is in AS 200. Router A has received 14 messages from and sent 13 messages to 10.1.1.1. The TblVer is the last version of the BGP database that was sent to that neighbor. There are no messages in either the input or output queue. The BGP session has been established for 8 minutes and 3 seconds. Router A has received two prefixes from neighbor 10.1.1.1.
Show ip bgp neighbors

RTRA#sh ip bgp nei BGP neighbor is 10.1.1.1, remote AS 200, external link Index 1, Offset 0, Mask 0x2 BGP version 4, remote router ID 172.16.10.1 BGP state = Established, table version = 5, up for 00:10:47 Last read 00:00:48, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 30 seconds Received 16 messages, 0 notifications, 0 in queue Sent 15 messages, 1 notifications, 0 in queue Prefix advertised 1, suppressed 0, withdrawn 0 Connections established 1; dropped 0 Last reset 00:16:35, due to Peer closed the session 2 accepted prefixes consume 64 bytes 0 history paths consume 0 bytes --More--
www.cisco.com
BSCN9-52
This example output is taken from Router A in BGP Example #2. This command is used to display information about the BGP connections to neighbors. In the example, the BGP state is Established which means that the neighbors have established a TCP connection and the two peers have agreed speak BGP with each other.
Debug ip bgp
RTRA#debug ip bgp updates BGP updates debugging is on RTRA#clear ip bgp * 3w5d: BGP: 10.1.1.1 computing updates, neighbor version 0, table version 1, starting at 0.0.0.0 3w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighbor version 0, start version 1, throttled to 1, check point net 0.0.0.0 3w5d: BGP: 10.1.1.1 rcv UPDATE w/ attr: nexthop 10.1.1.1, origin i, aggregated by 200 172.16.10.1, path 200 3w5d: BGP: 10.1.1.1 rcv UPDATE about 172.16.0.0/16 3w5d: BGP: nettable_walker 172.16.0.0/16 calling revise_route 3w5d: BGP: revise route installing 172.16.0.0/16 -> 10.1.1.1 3w5d: BGP: 10.1.1.1 rcv UPDATE w/ attr: nexthop 10.1.1.1, origin i, metric 0, path 200 3w5d: BGP: 10.1.1.1 rcv UPDATE about 192.168.1.0/24 3w5d: BGP: nettable_walker 192.168.1.0/24 calling revise_route 3w5d: BGP: revise route installing 192.168.1.0/24 -> 10.1.1.1
www.cisco.com
BSCN9-53
This example output is taken from Router A in BGP Example #2. The output in the graphic shows update messages being received from neighbor 10.1.1.1. Further output after that displayed in the graphic is provided below, showing Router A sending updates to its neighbor. RTRA# 3w5d: BGP: 10.1.1.1 computing updates, neighbor version 1, table version 3, starting at 0.0.0.0 3w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighbor version 1, start version 3, throttled to 3, check point net 0.0.0.0 3w5d: BGP: nettable_walker 192.168.2.0/24 route sourced locally 3w5d: BGP: 10.1.1.1 computing updates, neighbor version 3, table version 4, starting at 0.0.0.0 3w5d: BGP: 10.1.1.1 send UPDATE 192.168.2.0/24, next 10.1.1.2, metric 0, path 100 3w5d: BGP: 10.1.1.1 1 updates enqueued (average=52, maximum=52) 3w5d: BGP: 10.1.1.1 update run completed, ran for 0ms, neighbor version 3, start version 4, throttled to 4, check point net 0.0.0.0
Summary
Summary
Describe BGP features and operation Describe how to connect to another AS using an alternative to BGP, static routes Explain how BGP policy-based routing functions within an Autonomous System Explain how BGP peering functions
www.cisco.com
BSCN9-55
Summary (contd)
Describe BGP synchronization Given a set of network requirements, configure a BGP environment and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN9-56
Review Questions
Review Questions
1. Describe the BGP synchronization rule. What command disables synchronization? 2. What are the four BGP message types? 3. How does BGP-4 support CIDR? 4. What command is used to activate a BGP session with another router? 5. What command is used to display information about the BGP connections to neighbors?
www.cisco.com
BSCN9-57
10
Implementing BGP in Scalable ISP Networks
Overview
This chapter starts with a discussion of problems that may occur when scaling IBGP. Various solutions, including route reflectors, policy control using prefix lists, communities, and Ciscos peer groups are explained. Connecting an AS with more than one BGP connection is known as multi-homing, and different ways to accomplish this are explored. Configuration of all of these BGP features is included in this chapter. This chapter includes the following topics:
Objectives Scalability problems with IBGP Route Reflectors Policy Control Written Exercise: BGP Route Reflectors and Policy Control Route Maps Communities Peer groups Multi-homing Redistribution with IGPs Case Study: Multi-homed BGP Summary
Review questions
Objectives
Objectives
Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists Describe and configure BGP Communities and Peer Groups
www.cisco.com
BSCN10-2
s s s s s s
Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists Describe and configure BGP Communities and Peer Groups Describe methods to connect to multiple ISPs using routes BGP Explain the use of redistribution between BGP and Interior Gateway Protocols (IGPs) Given a set of network requirements, configure a multi-homed BGP environment and verify proper operation (within described guidelines) of your routers
Note to reviewers: Compared to the design document, the 5th objective was changed; static routes moved to Note chapter 9. Route Maps topic moved to this chapter from later chapter (needed for Communities discussion).
Implementing BGP in Scalable ISP Networks 10-3
Objectives (contd)
Describe methods to connect to multiple ISPs using BGP Explain the use of redistribution between BGP and Interior Gateway Protocols (IGPs) Given a set of network requirements, configure a multi-homed BGP environment and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN10-3
Scalability Problems with IBGP

This section discusses scalability problems with IBGP.
BGP Split Horizon

A
AS 100
B
X
C
BGP split horizon:

Routes learned via IBGP are never propagated to other IBGP peers
Therefore need full mesh IBGP

www.cisco.com
BSCN10-5
Chapter 9 discussed many BGP concepts, including IBGP and EBGP. Another rule governing IBGP behavior is the BGP split horizon rule. This BGP rule specifies that routes learned via IBGP are never propagated to other IBGP peers. Similar to the distance vector routing protocol split horizon rule, BGP split horizon is necessary to ensure that routing loops are not started within the AS. The result is that a full mesh of IBGP peers is required within an AS.
Full Mesh IBGP Problem

# IBGP sessions = n(n-1)/2 1000 routers means nearly half a million IBGP sessions!
13 Routers => 78 IBGP Sessions!
www.cisco.com
BSCN10-6
As the graphic illustrates though, a full mesh of IBGP is not scalable. With only 13 routers, 78 IBGP sessions would need to be maintained. As the number of routers increases, so does the number of sessions required, governed by the formula: n(n-1)/2 where n= the number of routers.
Full Mesh IBGP

Full Mesh IBGP:
Avoids routing information loops Does not scale many TCP sessions duplicate routing traffic
Solutions include:
Route Reflectors
www.cisco.com
BSCN10-7
As well as the number of BGP TCP sessions that must be created and maintained, the routing traffic may also be a problem. Depending on the AS topology, traffic may be duplicated many times on some links as it travels to each IBGP peer. For example, if the physical topology of a large AS includes some WAN links, the IBGP sessions running over those links may be consuming a significant amount of bandwidth. A solution to this problem is the use of route reflectors, discussed in the next section.
Route Reflectors
This section describes what a route reflector is, how it works, and how to configure it.
Route Reflectors
Route Reflector
AS 100
Modifies BGP split horizon rule

www.cisco.com
BSCN10-9
Route reflectors modify the BGP split horizon rule by allowing the router configured as the route reflector to propagate routes learned by IBGP to other IBGP peers. This saves on the number of BGP TCP sessions that must be maintained, and also reduces the BGP routing traffic.
Route Reflector Benefits

Solves the IBGP full mesh problem used mainly by ISPs when number of internal neighbor statements becomes excessive Packet forwarding is not affected Can have multiple route reflectors for redundancy Can have multiple levels of route reflectors Normal BGP peers can co-exist Easy migration
www.cisco.com
BSCN10-10
With a BGP route reflector configured, full mesh of IBGP peers is no longer required. The route reflector is allowed to propagate IBGP routes to other IBGP peers. Route reflectors are used mainly by ISPs when the number of internal neighbor statements becomes excessive. Route reflectors reduce the number of BGP neighbor relationships in an AS by having key routers duplicate updates to their route reflector clients. Route reflectors do not affect the paths that IP packets follow; only how the routing information is distributed is affected. Within an AS there can be multiple route reflectors, both for redundancy and for grouping to further reduce the number of IBGP sessions required. Migrating to route reflectors involves a minimal configuration, and does not have to be done all at once since non-route-reflector routers can co-exist with route reflectors within an AS.
Route Reflector Terminology

Terminology
Route reflector Client Cluster Non-client Originator ID Cluster ID
www.cisco.com
BSCN10-11
A route reflector is a router that is configured to be the router that is allowed to advertise (or reflect) routes that it learnt via IBGP to other IBGP peers. The route reflector will have a partial IBGP peering with other routers, which are called clients. Peering between the clients is not needed because the route reflector will pass advertisements between the clients. The combination of the route reflector and its clients is called a cluster. Other IBGP peers of the route reflector that are not clients are called non-clients. Two techniques prevent routing loops in route reflector configurations. The originator-ID is an optional, non transitive BGP attribute that is created by the route reflector. This attribute carries the router ID of the originator of the route in the local AS. If, because of poor configuration, the update comes back to the originator, the originator ignores it. Usually a cluster has a single route reflector, in which case the cluster is identified by the router ID of the route reflector. To increase redundancy and avoid single points of failure, a cluster might have more than one route reflector. When a cluster has more than one route reflector, all of the route reflectors in the cluster need to be configured with a cluster ID. The cluster ID allows route reflectors to recognize updates from other route reflectors in the same cluster.
Route Reflector Design
Divide AS into multiple clusters At least one route reflector and few clients per cluster Route reflectors are fully meshed with IBGP Use single IGP, to carry next hop and local routes
www.cisco.com
BSCN10-12
The AS can be divided into multiple clusters, each having at least one route reflector and a few clients. Multiple route reflectors can exist in one cluster for redundancy. The route reflectors must be fully meshed with BGP to ensure that all routes learnt will be propagated throughout the AS. An IGP is still used, just as it was before route reflectors were introduced, in order to carry local routes and next hop addresses.
Route Reflector Design Example

X
AS 100
B D E F
A C G H
IBGP connections EBGP connections
www.cisco.com
BSCN10-13
The graphic provides an example of a BGP route reflector design.

Note The physical connections within AS 100 are not shown in the graphic.
Routers B, D, E and F form one cluster. Routers C, G and H form another cluster. Router A forms a third cluster. Routers A, B and C are all route reflectors and are fully meshed with BGP. Note that the routers within a cluster are not fully meshed.
Route Reflector Operation

Route Reflector Operation
Reflector receives updates from clients and non-clients Reflector selects best path If best path is from client reflect to non-clients If best path is from non-client reflect to clients
www.cisco.com
BSCN10-14
When a route reflector receives an update, it takes the following actions, depending on the type of peer that sent the update:
s
If the update is from a non-client peer, it sends the update to all clients in the cluster. If the update is from a client peer, it sends the update to all non-client peers and to all client peers. If the update is from an EBGP peer, it sends the update to all non-client peers and to all client peers.
For example, in the graphic on the previous page, if Router C

s
receives an update from Router A (a non-client), it will send it to Routers G and H. receives an update from Router H (a client), it will send it to Router G as well as to Routers A and B. receives an update from Router X (via EBGP), it will send it to Routers G and H as well as to Routers A and B.
Route Reflector Migration Tips

Where to place the route reflectors?
Follow the physical topology! This will guarantee that the packet forwarding wont be affected
Configure one route reflector at a time

Eliminate redundant IBGP sessions Place one route reflector per cluster
www.cisco.com
BSCN10-15
When migrating to using route reflectors, the first consideration is which routers should be the reflectors and which should be the clients. Following the physical topology in this design decision will ensure that the packet forwarding paths will not be affected. Not following the physical topology (for example configuring route reflector clients that are not physically connected to the route reflector) may result in routing loops. Configure one route reflector at a time, and then delete the redundant IBGP sessions between the clients.
Route Reflector Configuration

neighbor ip-address route-reflector-client
Configures the router as a BGP route reflector and configures the specified neighbor as its client
www.cisco.com
BSCN10-16
The neighbor route-reflector-client command is used to configure the router as a BGP route reflector and configure the specified neighbor as its client. neighbor route-reflector-client Command ip address Description IP address of the BGP neighbor being identified as a client.
Route Reflector Example

Route Reflector A AS 2 AS3 B 172.16.12.1 C
172.16.17.2
AS1
RTRA(config)# router bgp 2 RTRA(config-router)# neighbor 172.16.12.1 remote-as 2 RTRA(config-router)# neighbor 172.16.12.1 route-reflector-client RTRA(config-router)# neighbor 172.16.17.2 remote-as 2 RTRA(config-router)# neighbor 172.16.17.2 route-reflector-client
www.cisco.com
BSCN10-17
In the graphic Router A is configured as a route reflector in AS 2. The neighbor route-reflector-client commands are used to configure which neighbors will be route reflector clients. In this example, both Routers B and C will be route reflector clients.
Verifying Route Reflectors

RTRA#sh ip bgp neigh BGP neighbor is 172.16.12.1, Index 1, Offset 0, Mask 0x2 Route-Reflector Client BGP version 4, remote router ID 192.168.101.101 BGP state = Established, table version = 1, up for 00:05:42 Last read 00:00:42, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 5 seconds Received 14 messages, 0 notifications, 0 in queue Sent 12 messages, 0 notifications, 0 in queue Prefix advertised 0, suppressed 0, withdrawn 0 Connections established 2; dropped 1 Last reset 00:05:44, due to User reset 1 accepted prefixes consume 32 bytes 0 history paths consume 0 bytes --More- 1999, Cisco Systems, Inc.
remote AS 2, internal link
www.cisco.com
BSCN10-18
The show ip bgp neighbor command indicates that a particular neighbor is a route reflector client. The example output in the graphic is from Router A in the previous example and shows that 172.16.12.1 (Router B) is a route reflector client of Router A.
Policy Control
This section describes how a routing policy is applied to a BGP network, using distribute lists and prefix lists.
Policy Control
To restrict routing information to/from neighbors use
Distribute lists (using access lists) or Prefix lists
www.cisco.com
BSCN10-20
Note to reviewers: this section assumes the student knows how access lists work (which they should know from Note ICND) but chapters 11 and 12 are on access lists. Should those chapters be done before this one?
If you want to restrict the routing information that the Cisco IOS software learns or advertises, you can filter BGP routing updates to and from particular neighbors. To do this, you can either define an access list or a prefix list, and apply it to the updates.
Distribute Lists
192.168.2.0 172.30.0.0
AS 200
B 10.10.10.2 10.10.20.2 C
AS 300
172.30.0.0
172.30.0.0
10.10.10.1
Router A can prevent updates about 172.30.0.0 from going to AS 200

In the example in the graphic, Router C is advertising network 172.30.0.0 to Router A. If we wanted to stop those updates from propagating to AS 200, an access-list could be applied on Router A to filter those updates when Router A is talking to Router B.
X
A
www.cisco.com
10.10.20.1
AS 100
192.168.1.0
BSCN10-21
Configuring Distribute Lists

neighbor {ip-address|peer-group-name} distribute-list access-list-number in|out
Configures the router to distribute BGP neighbor information as specified in an access list Can use standard or extended access lists
www.cisco.com
BSCN10-22
The neighbor distribute-list command is used to distribute BGP neighbor information as specified in an access list. neighbor distribute-list Command ip address peer-group-name Description IP address of the BGP neighbor for which routes will be filtered. Name of a BGP peer group (peer groups are covered later in this chapter). Number of a standard or extended access list. It can be an integer from 1 to 199. (A named access-list can also be referenced). Indicates that the access list is applied to incoming advertisements from the neighbor. Indicates that the access list is applied to outgoing advertisements to the neighbor.
access-list-number
in
out
Distribute List Example

RtrA(config)#router bgp 100 RtrA(config-router)# network 192.168.1.0 RtrA(config-router)# neighbor 10.10.10.2 remote-as 200 RtrA(config-router)# neighbor 10.10.20.2 remote-as 300 RtrA(config-router)# neighbor 10.10.10.2 distribute-list 1 out RtrA(config-router)# exit RtrA(config)# access-list 1 deny 172.30.0.0 0.0.255.255 RtrA(config)# access-list 1 permit 0.0.0.0 255.255.255.255
www.cisco.com
BSCN10-23
The configuration in this example is for Router A in the graphic two pages Note previously.
Router A has two neighbors, Router B (10.10.10.2 in AS 200) and Router C (10.10.20.2 in AS 300). When Router A sends updates to neighbor Router B, the neighbor distribute-list statement specifies that it will use the access-list 1 to determine which updates are to be sent. Access-list 1 specifies that any route starting with 172.30, i.e. the route to 172.30.0.0, should not be sent (it is denied in the access-list). All other routes will be sent to Router B. (Recall that since access-lists have an implicit deny any at the end, the permit statement is required in the access-list in order for the other routes to be sent).
IP ACL Usage in Distribute-list

Standard IP access list matches a routes network number Extended access list is used to filter out more specific routes Extended IP access list matches the routes network number (source IP address) and subnet mask (destination IP address) allows for filtering of more specific routes this is different interpretation than in other uses of extended access lists!
www.cisco.com
BSCN10-24
As shown in the previous example, a standard IP access-list can be used to control the sending of updates about a specific network number. If, however, a router wants to control updates about subnets and supernets of a network with a distribute-list, extended access-lists would be required.
When an IP extended access-list is used with a distribute-list, the parameters Note have different meanings than when the extended access-list is used in other ways. The next page explains the differences.
IP Extended ACL Usage in Distribute-list

Meaning of arguments in extended access list in distribute-list:
access-list <ACL#> permit ip <source address> <source wildcard> means:<network address> <wildcard bits> <destination address> <dest.wildcard> means:<subnet mask> <wildcard bits> Example: access-list 101 ip permit 172.0.0.0 0.255.255.255 255.0.0.0 0.0.0.0
means: permit only 172.0.0.0/8

www.cisco.com
BSCN10-25
The syntax of the IP extended access-list is the same as usual, with a source address and wildcard, and a destination address and wildcard. However, the meanings of these parameters are different. The source parameters are used to indicate the address of the network whose updates are to be permitted or denied. The destination parameters are used to indicate the subnet mask of that network. The wildcard parameters indicate, for the network and subnet mask, which bits are relevant. Network/subnet mask bits corresponding to wildcard bits set to 1 are ignored during comparisons, and network/subnet mask bits corresponding to wildcard bits set to 0 are used in comparisons. If the example access-list shown was used with a neighbor distribute-list command, it would allow only the supernet 172.0.0.0/8 to be advertised. For example, assume that Router A had routes to networks 172.20.0.0/16 and 172.30.0.0/16, and also had an aggregated route to 172.0.0.0/8. The use of this access list would allow only the supernet 172.0.0.0/8 to be advertised; networks 172.20.0.0/16 and 172.30.0.0/16 would not be advertised.
Prefix Lists
New in IOS Release 12.0
Prefix lists can be used as an alternative to access lists in many BGP route filtering commands. Advantages are:
Significant performance improvement Support for incremental modifications More user-friendly command-line interface Greater flexibility
www.cisco.com
BSCN10-26
As discussed, distribute lists make use of access lists in order to do route filtering. However, access-lists were originally designed to do packet filtering. Prefix lists, introduced in Release 12.0 of the Cisco IOS, can be used as an alternative to access lists in many BGP route filtering commands. The advantages of using prefix lists include:
s
A significant performance improvement over access-lists in loading and route lookup of large lists. Support for incremental modifications. Compared to the normal access-list where one no command will erase the whole access-list, a prefix-list can be modified incrementally. More user-friendly command-line interface. As we just saw, the command-line interface for using extended access lists to filter BGP updates is difficult to understand and use. Greater flexibility.
Filtering With Prefix Lists

Match prefix of routes with prefix in list
Empty prefix list permits all routes Permit = use route Router begins the search at the statement at the top of the prefix list, with the lowest sequence number When there is a match, rest of list ignored Implicit deny is assumed at end of a prefix list
www.cisco.com
BSCN10-27
Filtering by prefix list involves matching the prefixes of routes with those listed in the prefix list, similar to using access lists. Whether a prefix is permitted or denied is based upon the following rules:
s s
An empty prefix list permits all prefixes. If a prefix is permitted, the route is used. If a prefix is denied, the route is not used. Prefix lists consist of statements with sequence numbers. The router will begin the search for a match at the top of the prefix list, which is the statement with the lowest sequence number. Once a match occurs, the router does not need to go through the rest of the prefix list. For efficiency, you may want to put the most common matches (permits or denies) near the top of the list by specifying the sequence number. An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
Configuring Prefix Lists

Router(config)#
ip prefix-list list-name [seq seq-value] deny|permit network/len [ge ge-value] [le le-value]
Creates a prefix-list
neighbor {ip-address|peer-group-name} prefix-list prefix-listname in|out
Configures the router to distribute BGP neighbor information as specified in a prefix list
www.cisco.com
BSCN10-28
The ip prefix-list command is used to create a prefix-list. ip prefix-list Command list-name seq-value Description Name of the prefix list that will be created. Sequence number of the prefix-list statement, used to determine the order in which the statements are processed when filtering. The action taken once a match is found. The prefix to be matched and the length of the prefix. The network is a 32-bit address; the length is a decimal number. Used to specify the range of the prefix length to be matched, for prefixes that are more specific than network/len. The range is assumed to be from ge-value to 32 if only the ge attribute is specified. Used to specify the range of the prefix length to be matched, for prefixes that are more specific than network/len. The range is assumed to be from len to le-value if only the le attribute is specified.
deny|permit network/len
ge-value
le-value
Both ge and le are optional. They can be used to specify the range of the prefix length to be matched for prefixes that are more specific than network/len. The value range is: len < ge-value < le-value <= 32 An exact match is assumed when neither ge nor le is specified.
A prefix-list can be re-configured incrementally, that is, an entry can be deleted or added individually. The neighbor prefix-list command is used to distribute BGP neighbor information as specified in a prefix list. neighbor prefix-list Command Description ip address peer-group-name prefix-listname in out IP address of the BGP neighbor for which routes will be filtered. Name of a BGP peer group (peer groups are covered later in this chapter). Name of the prefix list that will be used to filter the routes. Prefix list is applied to incoming advertisements from the neighbor. Prefix list is applied to outgoing advertisements to the neighbor.
The neighbor prefix-list command can be used as an alternative to the Note neighbor distribute-list command, but you cannot use both commands for configuring the same BGP peer.
The no ip prefix-list list-name command, where list-name is the string identifier of a prefix-list, is used to delete (i.e., destroy) a prefix-list. The [no] ip prefix-list list-name description text command can be used to add/delete a text description for a prefix-list.
Prefix-list Sequence Numbers
Sequence Numbers
Generated automatically by default Use to insert entry in specific order Use to delete individual entry
www.cisco.com
BSCN10-29
Prefix list sequence numbers are generated automatically, unless you disable this automatic generation. If you disable the automatic generation of sequence numbers, you must specify the sequence number for each entry using the seq-value argument of the ip prefix-list command. Regardless of whether the default sequence numbers are used in configuring a prefix list, a sequence number does not need to be specified when removing a configuration entry. By default, the entries of a prefix list will have sequence values of 5, 10, 15 and so on. In the absence of a specified sequence value, a new entry will be assigned with a sequence number equal to the current maximum sequence number + 5. A prefix-list is an ordered list. The sequence number is significant when a given prefix is matched by multiple entries of a prefix list, in which case the one with the smallest sequence number is considered as the real match. Show commands include the sequence numbers in their output. The no ip prefix-list sequence-number command is used to disable the automatic generation of sequence numbers of prefix-list entries. Use the ip prefix-list sequence-number command to re-enable the automatic generation of sequence numbers.
Prefix List Example

172.30.0.0
AS 200
B 10.10.10.2 10.10.20.2 C
AS 300
172.30.0.0/16 172.0.0.0/8 10.10.20.1 10.10.10.1 A
AS 100
192.168.1.0
Router A can send only 172.0.0.0/8 update to AS 200, not 172.30.0.0/16

www.cisco.com
BSCN10-30
In this example we want Router A to only send the supernet 172.0.0.0/8 to AS 200; the route to the network 172.30.0.0/16 should not be sent.
Prefix List Example (contd)

RtrA(config)# router bgp 100 RtrA(config-router)# network 192.168.1.0 RtrA(config-router)# neighbor 10.10.10.2 remote-as 200 RtrA(config-router)# neighbor 10.10.20.2 remote-as 300 RtrA(config-router)# aggregate-address 172.0.0.0 255.0.0.0 RtrA(config-router)# neighbor 10.10.10.2 prefix-list superonly out RtrA(config-router)# exit RtrA(config)# ip prefix-list superonly permit 172.0.0.0/8 RtrA(config)# ip prefix-list superonly description only permit supernet
www.cisco.com
BSCN10-31
Router A has two neighbors, Router B (10.10.10.2 in AS 200) and Router C (10.10.20.2 in AS 300). When Router A sends updates to neighbor Router B, the neighbor prefix-list statement specifies that it will use the prefix-list called superonly to determine which updates are to be sent. The ip prefix-list superonly specifies that only the route 172.0.0.0/8, should be sent (it is permitted in the prefix-list). No other routes will be sent to Router B, since prefix-lists have an implicit deny any at the end.
Verifying Prefix Lists

To display prefix lists
show ip prefix-list
To clear the hit count of prefix list entries

clear ip prefix-list
www.cisco.com
BSCN10-32
The commands related to prefix-lists are described below: Show ip prefix-list [detail|summary] Displays information of all prefixlists. Specifying the detail keyword includes the description and the hit count in the display. Display a table showing the entries in a specific prefix-list Display the policy associated with the node in a prefix-list. Display the prefix-list entry with a given sequence number. Display all entries of a prefix-list that are more specific than the given network and length. Display the entry of a prefix-list that matches the given prefix (network and length of prefix). Resets the hit count shown on prefix-list entries
Show ip prefix-list [detail|summary] name show ip prefix-list name [network/len] show ip prefix-list name [seq seq-num] show ip prefix-list name [network/len] longer show ip prefix-list name [network/len] first-match clear ip prefix-list name [network/len]
Verifying Prefix Lists Example

RtrA #show ip prefix-list detail Prefix-list with the last deletion/insertion: superonly ip prefix-list superonly: Description: only permit supernet count: 1, range entries: 0, sequences: 5 - 5, refcount: 1 seq 5 permit 172.0.0.0/8 (hit count: 0, refcount: 1)
www.cisco.com
BSCN10-33
The output shown in the graphic is from Router A in the last example. It has a prefix-list called superonly, with only one entry (sequence number 5).
Written Exercise: BGP Route Reflectors and Policy Control

Objectives:
s s s
Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists
Task: Answer the following questions. 1. Describe the BGP split horizon rule. _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ 2. What effect do route reflectors have on the BGP split horizon rule? _________________________________________________________________ 3. Write a brief description of the following: Route reflector _______________________________________ Route reflector client ______________________________________ 4. Routers configured as route reflectors do not have to be fully meshed with IBGP, true or false? _________________ 5. When a route reflector receives an update from a client, it sends it to _____________________________________________________________ 6. What is the command used to configure a router as a BGP route reflector? _________________________________________________________________ 7. When an extended access-list is used in a distribute-list, what is the meaning of the parameters of the access-list? _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ 8. Describe the advantages of using prefix lists rather than access lists for BGP route filtering. _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ 9. In a prefix list, what is the sequence number used for? _________________________________________________________________ _________________________________________________________________
Copyright 1999, Cisco Systems, Inc. Implementing BGP in Scalable ISP Networks 10-33
_________________________________________________________________ 10. What command is used to clear the hit count of the prefix list entries? _________________________________________________________________
Route Maps
Route maps can be used in many places. They are introduced here since they are used in communities discussed in the next section. Route maps will also be used in later chapters.
Route Maps
Filters for network advertisements Offer detailed control over advertisements Complex conditional advertisement via match command Changes routing table parameters via set command
www.cisco.com
BSCN10-37
For BGP, a route map is a method used to control and modify routing information. This is done by defining conditions for redistributing routes from one routing protocol to another or controlling routing information when injected in and out of BGP. (Redistribution between routing protocols is covered in a later chapter.) Route maps are complex access lists that allow some conditions to be tested against the route in question, and if the conditions match then some actions can be taken to modify the route. These actions are specified by set commands.
Route Maps
Route maps are complex access lists:
lines in access-lists statements in route maps access-list number route-map name addresses and masks in access-lists match statements in route maps statements in route-maps are numbered
can insert and delete statements in a route-map can edit match conditions in a statement
route-map statement can modify matched route with set command

www.cisco.com
BSCN10-38
A collection of route-map statements that have the same route-map name are considered one route-map. Within a route-map, each route-map statement is numbered, and can therefore be edited individually. The statements in a route-map correspond to the lines of an access-list. Specifying the match conditions in a route-map is similar to specifying the source and destination address and masks in an access-list. One big difference between route maps and access-lists is that route maps can modify the route, by using set commands.
Route Maps Configuration

Router(config)#
route-map map-tag [permit | deny] [sequence-number]
Defines the conditions for policy routing

Router(config-route-map)#
match {conditions}
Defines the conditions to match

set {actions}
Defines the action to be taken on a match

www.cisco.com
BSCN10-39
The route-map command is used to define the conditions for policy routing. route-map Command map-tag permit|deny sequence-number Description Name of the route-map. Defines the action to be taken if the routemap match conditions are met. Sequence number that indicates the position a new route map is to have in the list of route maps already configured with the same name.
The route-map statements compose a route list. The list is processed top-down like an access list. The first match found for a route is applied. The sequence number is used for inserting or deleting specific route-map statements. The match route-map configuration commands are used to define the conditions to be checked. The set route-map configuration commands are used to define the actions to be followed if there is a match. The single match statement may contain multiple references. A route must be permitted by at least one reference in the match statement to be considered a match. A route must be permitted by all match statements in the route-map list to be considered a match for the route-map list. The sequence-number specifies the order in which conditions are checked. For example, if there are two instances of a route-map named MYMAP, one with sequence 10 and the other with sequence 20, sequence 10 will be checked first. If the match conditions in sequence 10 are not met then sequence 20 will be checked. Like an access-list, there is an implicit deny any at the end of a route-map.
Route Maps
Matching routes modified by set commands Matching routes permitted or denied by the associated route-map statement. If match criteria met and route-map specified permit control routes as specified by the set action; ignore rest of the route-map list If match criteria met and route-map specified deny do not control routes; ignore rest of the route-map list If all sequences in the list checked and no matches do not accept or forward route
www.cisco.com
BSCN10-40
If the match criteria are met and the route-map specified permit, then the routes will be controlled as specified by the set action(s), and the rest of the route-map list will be ignored. If the match criteria are met and the route-map specified deny, then the routes will not be controlled and the rest of the route-map list will be ignored. If all sequences in the list are checked without a match, then the route will not be accepted nor forwarded (this is the implicit deny any at the end of the routemap). Match commands include:
s s s s s s s s s s
match as-path match community match clns match interface match ip address match ip next-hop match ip route-source match metric match route-type match tag
Set commands include:

s s
set as-path set clns

s s s s s s s s s s s s s
set automatic-tag set community set interface set default interface set ip default next-hop set level set local-preference set metric set metric-type set next-hop set origin set tag set weight
A prefix-list can be used as an alternative to an access-list in the command Note match {ip address|next-hop|route-source} access-list of a route-map. The configuration of prefix-lists and access-lists are mutually exclusive within the same sequence of a routemap.
Route Maps with BGP Neighbor

neighbor {ip-address|peer-group-name} route-map map-name {in|out}
Apply a route map to incoming or outgoing routes
www.cisco.com
BSCN10-41
The neighbor route-map command is used to apply a route map to incoming or outgoing routes. neighbor route-map Command Description ip-address peer-group-name map-name in out Neighbors IP address. Name of a BGP peer group (peer groups are covered later in this chapter). Name of route map to apply Apply route map to incoming routes from the neighbor. Apply route map to outgoing routes to the neighbor.
When used for filtering BGP updates, route maps can not be used to filter Note inbound updates when using a "match" on the ip address. Filtering outbound updates is permitted.
Route Map Example

RtrA(config)# router bgp 100 RtrA(config-router)# neighbor 172.20.1.1 route-map changemetric out .. RtrA(config)# route-map changemetric permit 10 RtrA(config-route-map)# match ip address 1 RtrA(config-route-map)# set metric 2 RtrA(config-route-map)# exit RtrA(config)# route-map changemetric permit 20 RtrA(config-route-map)# set metric 5 RtrA(config-route-map)# exit RtrA(config)# access-list 1 permit 172.16.0.0 0.0.255.255
www.cisco.com
BSCN10-42
In the example shown, BGP is running on the router, and a route-map named changemetric is being used when routes are sent out to neighbor 172.20.1.1.
Other router bgp configuration commands have been omitted from the example Note in the graphic.
Two instances of changemetric have been defined. Sequence number 10 will be checked first. If a routes IP address matches access-list 1, in other words if the IP address starts with 172.16, the route will have its metric (MED) set to 2, and the rest of the list will be ignored. If there is no match, then sequence number 20 will be checked. Since there is no match statements in this instance, the metric (MED) on all other routes will be set to 5. It is always very important to plan what will happen to routes that do not match any of the route-map instances, because they will be dropped by default.
Communities
This section discusses BGP communities and how to configure them.
BGP Communities
Communities are a means of tagging routes to ensure consistent filtering or route-selection policy Any BGP router can tag routes in incoming and outgoing routing updates or when doing redistribution Any BGP router can filter routes in incoming or outgoing updates or select preferred routes based on communities By default, communities are stripped in outgoing BGP updates
www.cisco.com
BSCN10-44
BGP communities are another way to filter incoming or outgoing routes. The distribute-lists and prefix-lists discussed in the previous section would be cumbersome to configure for a large network with a complex routing policy. For example, individual neighbor statements and access-lists or prefix-lists would need to be configured for each neighbor on each router that was involved in the policy. The BGP communities function allows routers to tag routes with an indicator (the community) and allows other routers to make decisions based upon that tag. BGP communities are used for destinations (routes) that share some common properties and that therefore share common policies; routers therefore act on the community rather than on individual routes. Communities are not restricted to one network or one AS, and have no physical boundaries. If a router does not understand the concept of communities it will pass it on to the next router. However, if the router does understand the concept, then it must be configured to propagate the community, otherwise communities are dropped by default.
Community Attribute
Community Attribute
Represented as an integer Carried across ASs (transitive) Each network can be member of multiple communities
www.cisco.com
BSCN10-45
The community attribute is an optional transitive attribute that can be in the range 0 to 4,294,967,200. Each network can be a member of more than one community. Route maps can be used to set the community attributes.
Community Attribute Values

Community value
32 bits upper 16 bits: AS # of AS that defined community lower 16 bits: local significance
www.cisco.com
BSCN10-46
The community attribute is a 32 bit number, with the upper 16 bits indicating the AS number of the AS that defined the community. The lower 16 bits are the community number and have local significance. The community value can be entered as one decimal number or in the format AS:nn (where AS is the AS number and nn is the lower 16-bit local number). The community value is displayed as one decimal number by default.
Communities Configuration
set community {community-number [additive]}|none
Sets BGP communities attribute of a route Done in route-map Use with neighbor route-map command to apply to updates
www.cisco.com
BSCN10-46
The set community command is used within a route-map to set the BGP communities attribute. set community Command community-number additive none Description The community number; values are 1 to 4294967200. Specifies that the community is to be added to the already existing communities. Removes the community attribute from the prefixes that pass the route-map
Predefined well known community-numbers that can be used in this command are:
s s s
no-export (do not advertise to EBGP peers) no-advertise (do not advertise this route to any peer) local-AS (do not send outside local AS)
Community Propagation Configuration

neighbor {ip-address|peer-group-name} send-community
Specify that the BGP communities attribute should be sent to a BGP neighbor By default, communities are stripped in outgoing BGP updates
www.cisco.com
BSCN10-48
The neighbor send-community command is used to specify that the BGP communities attribute should be sent to a BGP neighbor. neighbor send-community Command Description ip-address peer-group-name Neighbors IP address. Name of a BGP peer group (peer groups are covered later in this chapter).
By default the communities attribute is not sent to any neighbor.
Communities Example 1
172.30.0.0
AS 200
B 10.10.10.2 10.10.20.2 C
AS 300
172.30.0.0/16
172.30.0.0/16
10.10.10.1
Router C sends BGP routes to Router A but does not want Router A to propagate these routes to Router B
In the example in the graphic, Router C is sending BGP updates to Router A, but it does not want Router A to propagate these routes to Router B. Router C will set the community attribute in the BGP routes it is advertising to Router A. The no-export community attribute will be used, to indicate that Router A should not send the routes to its external BGP peers.
X
A
www.cisco.com
10.10.20.1
AS 100
192.168.1.0
BSCN10-49
Communities Example 1 (contd)

Router C
router bgp 300 network 172.30.0.0 neighbor 10.10.20.1 remote-as 100 neighbor 10.10.20.1 send-community neighbor 10.10.20.1 route-map SETCOMM out ! route-map SETCOMM permit 10 match ip address 1 set community no-export ! access-list 1 permit 0.0.0.0 255.255.255.255
www.cisco.com
BSCN10-50
The configuration for Router C is shown in the graphic. Router C has one neighbor, 10.10.20.1 (Router A). The route-map SETCOMM is used when sending routes to Router A. The route-map SETCOMM is used to set the community attribute. Any route that matches access-list 1 will have the community attribute set to no-export. Accesslist 1 permits any routes; therefore all routes will have the community attribute set to no-export. When communicating with Router A, the community attribute is sent, as specified by the neighbor send-community command. Router A will receive all of Router Cs routes, but will not pass them on to Router B.
Using Communities
Router(config)#
ip community-list community-list-number permit|deny community-number
Create a community-list
match community community-list-number [exact]
Match the community attribute to a value in the community-list
www.cisco.com
BSCN10-51
The ip community-list configuration command is used to create a community list for BGP and control access to it. ip community-list Command community-list-number community-number Description Community list number, in the range 1 to 99. Community number, configured by a set community command.
Some predefined well known community-numbers that can be used with the ip community-list command are:
s s s s
no-export (do not advertise to EBGP peers) no-advertise (do not advertise this route to any peer) local-AS (do not send outside local AS) internet (advertise this route to the internet community, any router belongs to it)
The match community route-map configuration command is used to match a BGP community attribute to a value in a community-list. match community Command community-list-number Description Community list number, in the range 1 to 99, that will be used to compare the community attribute with. Indicates an exact match is required. All of the communities and only those communities in the community list must be present in the community attribute.
exact
The match community command appears in the documentation as the match Note community-list command; however only match community actually works on the routers.
Communities Example 2
172.30.0.0
AS 200
B 10.10.10.2 10.10.20.2 C
AS 300
172.30.0.0/16 172.30.0.0/16 10.10.20.1 10.10.10.1 A
AS 100
192.168.1.0
Router C sends BGP routes to Router A, and Router A sets the weight of these routes based on the community
www.cisco.com
BSCN10-52
In the example in the graphic, Router C is sending BGP updates to Router A. Router A will set the weight of these routes based on the community value set by Router C.

Router C
router bgp 300 network 172.30.0.0 neighbor 10.10.20.1 remote-as 100 neighbor 10.10.20.1 send-community neighbor 10.10.20.1 route-map SETCOMM out ! route-map SETCOMM permit 10 match ip address 1 set community 100 additive ! access-list 1 permit 0.0.0.0 255.255.255.255
www.cisco.com
BSCN10-53
The configuration for Router C is shown in the graphic. Router C has one neighbor, 10.10.20.1 (Router A). The route-map SETCOMM is used when sending routes to Router A. The route-map SETCOMM is used to set the community attribute. Any route that matches access-list 1 will have 100 added to the existing communities in the community attribute of the route. In this example access-list 1 permits any routes; therefore all routes will have 100 added to the list communities. If the additive keyword is not set, 100 will replace any old community that already exits; if the keyword additive is used then the 100 will be added to the list of communities that the route is part of. When communicating with Router A, the community attribute will be sent, as specified by the neighbor send-community command. The configuration for Router A is shown on the next page.

Router A
router bgp 100 neighbor 10.10.20.2 remote-as 100 neighbor 10.10.20.2 route-map CHKCOMM in ... route-map CHKCOMM permit 10 match community 1 set weight 20 route-map CHKCOMM permit 20 match community 2 ! ip community-list 1 permit 100 ip community-list 2 permit internet
www.cisco.com
BSCN10-54
The configuration for Router A is shown in the graphic. Router A has a neighbor, 10.10.20.2 (Router C). The route-map CHKCOMM is used when receiving routes from Router C.
Other router bgp configuration commands for Router A are not shown in the Note graphic.
The route-map CHKCOMM is used to check the community attribute. Any route whose community attribute matches community-list 1 will have its weight attribute set to 20. Community-list 1 permits routes with a community attribute of 100; therefore all routes from Router C (which all have 100 in their list of communities) will have their weight set to 20. Any route that did not match community-list 1 would be checked against community-list 2. Any route matching community-list 2 would be permitted, but would not have any of its attributes changed. Community-list 2 specifies the internet keyword, which means all routes.

RtrA #sh ip bgp 172.30.0.0/16 BGP routing table entry for 172.30.0.0/16, version 2 Paths: (1 available, best #1) Advertised to non peer-group peers: 10.10.10.2 300 10.10.20.2 from 10.10.20.2 (172.30.0.1) Origin IGP, metric 0, localpref 100, weight 20, valid, external, best, ref 2 Community: 100
www.cisco.com
BSCN10-55
The example output shown in the graphic is from Router A. The output shows the details about the route 172.30.0.0 from Router C, including that its community attribute is 100 and its weight attribute is now 20.
Peer Groups
This section discusses peer groups and how to configure them.
Peer Groups
Peer Groups
Define template with parameters set for group of neighbors instead of individually Useful when many neighbors with same outbound policies Members can have different inbound policy Updates generated once per peer-group Simplifies configuration
www.cisco.com
BSCN10-57
Often, in BGP many neighbors are configured with the same update policies (that is, the same outbound route maps, distribute lists, filter lists, update source, and so on). On Cisco routers neighbors with the same update policies can be grouped into peer groups to simplify configuration and, more importantly, to make updating more efficient. When you have many peers, this approach is highly recommended. A BGP peer group is a group of BGP neighbors with the same update policies. Instead of separately defining the same policies for each neighbor, a peer group can be defined with these policies assigned to the peer group. Individual neighbors are then made members of the peer group. Members of the peer group inherit all of the configuration options of the peer group. Members can also be configured to override these options if these options do not affect outbound updates; in other words only options that affect the inbound updates can be overridden. Peer groups are useful to simplify configurations when many neighbors have the same policy. They are also more efficient since updates are generated only once per peer group rather than once for each neighbor. The peer group name is only local to the router it is configured on, it is not passed to any other router.
Configuring Peer Groups

neighbor peer-group-name peer-group
Create a BGP peer group

neighbor ip-address peer-group peer-group-name
Configure a BGP neighbor to be a member of a peer group
www.cisco.com
BSCN10-58
The neighbor peer-group command is used to create a BGP peer group and assign neighbors as part of the group. The parameters of the first syntax of the command shown in the graphic have the following meaning: neighbor peer-group Command peer-group-name Description Name of the BGP peer group to be created.
The parameters of the second syntax of the command shown in the graphic have the following meaning: neighbor peer-group Command ip-address Description IP address of neighbor that is to be assigned as a member of the peer group. Name of the BGP peer group.
peer-group-name
Peer group parameters can be set with other neighbor commands.
Clearing a Peer Group

Router#
clear ip bgp peer-group peer-group-name
Clear BGP connections of a BGP peer group
www.cisco.com
BSCN10-59
The clear ip bgp peer-group command is used to clear the BGP connections for all members of a BGP peer group. clear ip bgp peer-group Command peer-group-name Description Name of the BGP peer group.
The documentation says that the clear ip bgp peer-group command is used to Note remove all the members of a BGP peer group; however it actually clears the connections.
Peer Groups Example

172.30.0.0
AS 200
B 10.10.10.2 10.10.20.2 C
AS 300
10.10.20.1 10.10.10.1
192.168.2.2
E 192.168.3.1
192.168.2.1 A 192.168.1.1 192.168.1.2 D
192.168.3.2
AS 100
www.cisco.com
BSCN10-60
In the example in the graphic, Router A has 2 internal neighbors, Routers D and E, and two external neighbors, Routers B and C. The routing policies for Routers D and E are the same, and the routing policy for Routers B and C are the same. Router A will be configured with two peer groups, one for internal neighbors, and one for external neighbors, rather than individual neighbor configurations.
Peer Groups Example (contd)

Router A - configuration for internal neighbors
router bgp 100 neighbor INTERNALMAP peer-group neighbor INTERNALMAP remote-as 100 neighbor INTERNALMAP prefix-list PREINTIN in neighbor INTERNALMAP prefix-list PREINTOUT out neighbor INTERNALMAP route-map SETINTERNAL out neighbor 192.168.2.2 peer-group INTERNALMAP neighbor 192.168.1.2 peer-group INTERNALMAP neighbor 192.168.2.2 prefix-list JUST2 in
www.cisco.com
BSCN10-61
Part of the configuration for Router A is shown in the graphic. This configuration creates a peer group called INTERNALMAP. All members of this peer group are in AS 100. A prefix-list called PREINTIN will be applied to all routes from members of this peer group and a prefix-list called PREINTOUT will be applied to all routes going to members of this peer group. A route-map called SETINTERNAL will be applied to all routes going to members of this peer group. Router E (192.168.2.2) and Router D (192.168.1.2) are members of the peer group INTERNALMAP. A prefix list called JUST2 will be applied to all routes from Router E (192.168.2.2). Recall that you can only override peer group options that affect inbound updates.
Note Router bgp configuration commands for Router A not related to peer groups are not shown in the graphic. The configuration for Router As external peer group is shown on the next page.
Peer Groups Example (contd)

Router A - configuration for external neighbors
router bgp 100 neighbor EXTERNALMAP peer-group neighbor EXTERNALMAP prefix-list PREEXTIN in neighbor EXTERNALMAP prefix-list PREEXTOUT out neighbor EXTERNALMAP route-map SETEXTERNAL out neighbor 10.10.10.2 remote-as 200 neighbor 10.10.10.2 peer-group EXTERNALMAP neighbor 10.10.10.2 prefix-list JUSTEXT2 in neighbor 10.10.20.2 remote-as 300 neighbor 10.10.20.2 peer-group EXTERNALMAP
www.cisco.com
BSCN10-62
Part of the configuration for Router A is shown in the graphic. This configuration creates a peer group called EXTERNALMAP. A prefix-list called PREEXTIN will be applied to all routes from members of this peer group and a prefix-list called PREEXTOUT will be applied to all routes going to members of this peer group. A route-map called SETEXTERNAL will be applied to all routes going to members of this peer group. Router B (10.10.10.2) is in AS 200 and is a member of the peer group EXTERNALMAP. Router C (10.10.20.2) is in AS 300 and is a member of the peer group EXTERNALMAP. A prefix list called JUSTEXT2 will be applied to all routes from Router B (10.10.10.2). Recall that you can only override peer group options that affect inbound updates.
Note Router bgp configuration commands for Router A not related to peer groups are not shown in the graphic.
Multi-homing
This section describes multi-homing and provides some examples of configuring it.
What is Multi-homing?
Connecting to two or more ISPs to increase:
Reliabilityif one ISP fails, still connected Performancebetter paths to common Internet destinations
www.cisco.com
BSCN10-64
Multi-homing is the term used to describe when an AS is connected to more than one ISP. This is usually done for two reasons:
s
To increase the reliability of the connection to the Internet, so that if one connection fails another will still be available. To increase the performance, so that better paths can be used to certain destinations.
Types of Multi-homing
Three common types:
Default routes from all providers Customer routes and default routes from all providers Full routes from all providers
www.cisco.com
BSCN10-65
The configuration of the multiple connections to the ISPs can be classified depending on the routes that are provided to the AS from the ISPs. Three common ways of the configuring the connections are:
s s
All ISPs pass only default routes to the AS. All ISPs pass default routes, and selected specific routes (for example, from customers with who the AS exchanges a lot of traffic) to the AS. All ISPs pass all routes to the AS.
Each of these scenarios is examined in the following pages.
Default Routes From All Providers

Low memory and CPU solution Provider sends BGP default route choice of provider decided by IGP metrics to reach default route AS sends all of its routes to provider inbound path decided by Internet
www.cisco.com
BSCN10-66
The first scenario is when all ISPs pass only default routes to the AS. This requires the minimum resources within the AS, since only default routes will have to be processed. The AS will send all of its routes to the ISPs, who will process them and pass them on to other ASs as appropriate. The ISP that a specific router within the AS uses to reach the Internet will be decided by the IGP metric used to reach the default route within the AS. The route that inbound packets take to get to the AS will be decided outside of the AS (within the ISPs and other ASs).
Default Routes From All Providers Example

AS 100
172.16.0.0/16
ISP AS 200
D 0.0.0.0 A B
ISP AS 300
E 0.0.0.0
AS 400
C
C Chooses Lowest IGP Metric to Default

BSCN10-67
www.cisco.com
In the example in the graphic, As 200 and AS 300 send default routes into AS 400. The ISP that a specific router within AS 400 uses to reach any external address will be decided by the IGP metric used to reach the default route within the AS. For example if RIP is used within AS 400, Router C will select the route with the lowest hop count to the default route when it wants to send packets to network 172.16.0.0.
Customer and Default Routes From All Providers

Medium memory and CPU solution Best path is usually shortest AS-path Can override path choice IGP metric to default route used for all other destinations
www.cisco.com
BSCN10-68
The second scenario is when all ISPs pass default routes, and selected specific routes (for example, from customers with who the AS exchanges a lot of traffic) to the AS. This requires the more resources within the AS, since default routes and some external routes will have to be processed. The AS will send all of its routes to the ISPs, who will process them and pass them on to other ASs as appropriate. The ISP that a specific router within the AS uses to reach the customer networks will usually be the shortest AS-path. However this can be overridden using the methods discussed earlier in this chapter, including distribute-lists, prefix-lists and communities. The path to all other external destinations will be decided by the IGP metric used to reach the default route within the AS. The route that inbound packets take to get to the AS will be decided outside of the AS (within the ISPs and other ASs).
Customer and Default Routes From All Providers - 1

Customer AS 100
172.16.0.0/16
ISP AS 200
D E
ISP AS 300
C Chooses Shortest AS Path
AS 400
C
www.cisco.com
BSCN10-69
In the example in the graphic, As 200 and AS 300 send default routes, as well as specific routes to the customers (AS 100) network 172.16.0.0, into AS 400. The ISP that a specific router within AS 400 uses to reach the customer networks will usually be the shortest AS-path. The shortest AS-path to AS 100 is via AS 200 (versus via AS 300, then AS 200) through Router A. Router C will select this route when it wants to send packets to network 172.16.0.0. The routes to other external addresses that are not specifically advertised to AS 400 will be decided by the IGP metric used to reach the default route within the AS.
Customer and Default Routes From All Providers - 2

Customer AS 100
172.16.0.0/16
ISP AS 200
D E
ISP AS 300
C Chooses Highest Local-Preference
Local preference = 800 for 172.16.0.0/16
AS 400 AS 400
C
www.cisco.com
BSCN10-70
In this example, As 200 and AS 300 send default routes, as well as specific routes to the customers (AS 100) network 172.16.0.0, into AS 400. The ISP that a specific router within AS 400 uses to reach the customer networks will usually be the shortest AS-path. However, Router B is configured to change the local preference of routes to 172.16.0.0/16 to 800 from its default of 100. Router C will therefore take the path through Router B to get to 172.16.0.0. The routes to other external addresses that are not specifically advertised to AS 400 will be decided by the IGP metric used to reach the default route within the AS.
Full Routes From All Providers

Higher memory and CPU solution Reach all destinations by best path usually shortest AS path Can still manually tune path choice
www.cisco.com
BSCN10-71
The third scenario is when all ISPs pass all routes to the AS. This requires a lot of resources within the AS, since all external routes will have to be processed. The AS will send all of its routes to the ISPs, who will process them and pass them on to other ASs as appropriate. The ISP that a specific router within the AS uses to reach the external networks will usually be the shortest AS-path. However this can still be overridden using the methods discussed earlier in this chapter, including distribute-lists, prefix-lists and communities. The route that inbound packets take to get to the AS will be decided outside of the AS (within the ISPs and other ASs).
Full Routes From All Providers

AS 100 AS 500
ISP AS 200
D E
ISP AS 300
AS 400
C Chooses Shortest AS Path
C
www.cisco.com
BSCN10-72
In this example, As 200 and AS 300 send all routes into AS 400. The ISP that a specific router within AS 400 uses to reach the external networks will usually be the shortest AS-path. However, the routers in AS 400 could be configured to influence the path that routes to certain networks take.
Configuring Weight and Local Preference

neighbor {ip-address|peer-group-name} weight weight
Assign a weight to a neighbor connection

bgp default local-preference value
Change the default local preference value

set local-preference value
Change the local preference value

www.cisco.com
BSCN10-73
These commands are some of the ones that can be used to influence the path taken to external routes. The neighbor weight command is used to assign a weight to a neighbor connection. neighbor weight Command ip-address Description IP address of neighbor that is to be assigned as a member of the peer group. Name of the BGP peer group. Weight to assign. Acceptable values are 0 to 65535.
peer-group-name weight
The bgp default local-preference command is used to change the default local preference value. bgp default local-preference Command value Description Local preference value from 0 to 4294967295. Higher is more preferred.
The set local-preference command is used to specify a preference value for the autonomous system path. set local-preference Command value Description Local preference value from 0 to 4294967295. Higher is more preferred.
Configuring Conditional Advertisement

neighbor ip-address advertise-map route-map non-exist-map route-map
Conditionally advertise prefixes non-exist-map is periodically checked; if satisfied (i.e. if routes are not in the BGP table), the prefixes matched by the advertise-map are advertised to the neighbor
www.cisco.com
BSCN10-74
The neighbor advertise-map command is used to conditionally advertise prefixes. neighbor advertise-map Command ip-address advertise-map route-map non-exist-map route-map Description IP address of neighbor to which advertisements will be sent. Route-map to be used to advertise prefixes. Route-map that will be periodically checked. If routes specified are not in the BGP table then the prefixes matched by the advertise-map routemap are advertised to the neighbor.
Multi-homing Example
172.25.0.0
AS 250
ISP AS 200
172.20.0.0 172.30.0.0 B 10.10.10.2 10.10.20.1 C
ISP AS 300
10.10.20.2 10.10.10.1 A
AS 100
www.cisco.com
BSCN10-75
In the example in the graphic, AS 100 is connected to two ISPs, AS 200 and AS 300. Assume that both ISPs are sending full routes to AS 100. The following pages show some configurations and results for Router A.
Example 1 Configuration - no Tuning

RtrA(config)# router bgp 100 RtrA(config-router)# network 10.10.10.0 mask 255.255.255.0 RtrA(config-router)# network 10.10.20.0 mask 255.255.255.0 RtrA(config-router)# neighbor 10.10.10.2 remote-as 200 RtrA(config-router)# neighbor 10.10.20.1 remote-as 300
www.cisco.com
BSCN10-76
In this first example configuration, Router A is configured with two EBGP neighbors, Router B (10.10.10.2) and Router C (10.10.20.1). No special tuning is done to influence the way that AS 100 gets to the other ASs.
Results 1 - No Tuning
RtrA#show ip bgp BGP table version is 7, local router ID is 172.16.10.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 10.10.10.0/24 *> 10.10.20.0/24 * *> *> 172.25.0.0 * * *>
Next Hop 0.0.0.0 0.0.0.0 10.10.20.1 10.10.10.2 10.10.10.2 10.10.20.1 10.10.10.2 10.10.20.1
Metric LocPrf Weight Path 0 0 0 32768 i 32768 i 0 300 200 i 0 200 i 0 200 250 i 0 300 250 i 0 200 300 i 0 0 300 i
BSCN10-77
172.20.0.0
172.30.0.0
www.cisco.com
In this example, Router A will select the route via 10.10.10.2 (Router B) to get to 172.20.0.0 and the route via 10.10.20.1 (Router C) to get to 172.30.0.0, since these paths have the shortest AS-path length (of one AS). Router A has 2 paths to 172.25.0.0, and they both have the same AS-path length (there are two ASs in each path). In this case, with all other attributes being equal, Router A will select the path that has the lowest BGP Router ID value. Router A therefore chooses the path through 10.10.10.2 (Router B) to get to 172.25.0.0 in AS 250.
Example 2 Configuration Change Weights

RtrA(config)# router bgp 100 RtrA(config-router)# network 10.10.10.0 mask 255.255.255.0 RtrA(config-router)# network 10.10.20.0 mask 255.255.255.0 RtrA(config-router)# neighbor 10.10.10.2 remote-as 200 RtrA(config-router)# neighbor 10.10.10.2 weight 100 RtrA(config-router)# neighbor 10.10.20.1 remote-as 300 RtrA(config-router)# neighbor 10.10.20.1 weight 150
www.cisco.com
BSCN10-78
In this example configuration, Router A is configured with two EBGP neighbors, Router B (10.10.10.2) and Router C (10.10.20.1). The weights used for routes from each neighbor have been changed from their default of zero; routes received from 10.10.10.2 (Router B) will have a weight of 100 while routes received from 10.10.20.1 (Router C) will have a weight of 150.
Results 2 - Change Weights

RtrA#sh ip bgp BGP table version is 9, local router ID is 172.16.10.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 10.10.10.0/24 *> 10.10.20.0/24 *> 172.20.0.0 * *> 172.25.0.0 * *> 172.30.0.0 *
Next Hop 0.0.0.0 0.0.0.0 10.10.20.1 10.10.10.2 10.10.20.1 10.10.10.2 10.10.20.1 10.10.10.2
Metric LocPrf Weight Path 0 0 0 32768 i 32768 i 150 300 200 i 100 200 i 150 300 250 i 100 200 250 i 0 150 300 i 100 200 300 i
BSCN10-79
www.cisco.com
In this example, since the weight for Router C is higher than the weight for Router B, we will force Router A to use Router C as a next hop to reach all external routes. Recall that the weight attribute is looked at before the AS-path length, so the AS-path length will be ignored in this case.
Redistribution with IGPs

Chapter 13 discusses route redistribution and how it is configured. Here we examine specifics of when redistribution between BGP and IGPs is appropriate.
BGP and IGPs

IGP Routing Protocol IP BGP BGP Routing Protocol
BGP has its own table, in addition to the IGP Routing Table Information can be exchanged between the two tables
www.cisco.com
BSCN10-81
As noted earlier, a router running BGP keeps a table of BGP information, separate from the IP routing table. Information in the tables can be exchanged between the BGP protocol and the IGP protocol running in the routers
Advertising Networks Into BGP

Three ways:
Using the network command Redistributing static routes use null 0 Redistributing dynamic IGP routes Redistribution from the IGP is NOT recommended as it may cause instability
www.cisco.com
BSCN10-82
Route information is sent from an Autonomous System into BGP in one of three ways:
s
Using the network command. As already discussed, for BGP the network command allows BGP to advertise a network that is already in the IP table. The list of network commands must include all of the networks in the AS that you want to advertise. Redistributing static routes into BGP. Redistribution is when a router running different protocols advertises routing information received between the protocols. Static routes in this case are considered to be a protocol, and static information is advertised to BGP. Redistributing dynamic IGP routes into BGP. This solution is not recommended as it may cause instability.
The following pages examine the last two bullets in more detail.
Redistributing Static Routes Into BGP

Aggregate static routes point to null0
Example:
router bgp 100 redistribute static ! ip route 192.168.0.0 255.255.0.0 null 0
Use aggregate-address instead

www.cisco.com
BSCN10-83
Redistribution of static routes configured to the null 0 interface into BGP is done to advertise aggregate routes rather than specific routes from the IP table. Any route redistributed into BGP must already be known in the IP table. Using the static route to null 0 is a way of fooling the process into believing that a route actually exists for the aggregate. A static route to null 0 is not necessary if you are using a network command with a non-aggregated network, i.e. a network that exists in the IP table. The use of null 0 may seem to be strange, since a static route to null 0 means discard any information for this network. This will usually not be a problem since the router doing the redistribution has a more specific route to the destination networks, and these will be used to route any traffic that comes into the router. A problem with using this method of aggregation is that if the router looses access to the more specific routes, it would still be advertising the static aggregate, thus creating a black hole. The preferred method is to use the aggregate-address command. With this command as long as a more specific route exists in the BGP table, then the aggregate gets sent. If the aggregating router looses connection to the networks being aggregated, then they disappear from the BGP table and hence the BGP aggregate does not get sent.
Redistributing Dynamic IGP Routes Into BGP
Redistributing into BGP from IGP

Not recommended, unstable routes Include only local routes Filter out other routes can be complex
www.cisco.com
BSCN10-84
Redistributing from an IGP into BGP is not recommended because any change in the IGP routes, for example if a link goes down, may cause a BGP update. This method could result in unstable BGP tables. If redistribution is used, care must be taken that only local routes are redistributed. For example, routes learned from other ASs (that were learnt by redistributing BGP into the IGP) must not be sent out again from the IGP, or routing loops could result. Configuring this filtering can be complex.
Advertising From BGP Into IGP

Done with redistribution, if necessary For ISP ASs
redistribution not done
For other ASs

redistribution can be done, but filter use default routes instead
www.cisco.com
BSCN10-85
Route information is sent from BGP into an Autonomous System by redistribution of the IGP routes into BGP. Since BGP is an external routing protocol, care must be taken when exchanging information with internal protocols due to the amount of information in BGP tables. For ISP autonomous systems, redistributing into BGP is not normally required. Other ASs may use redistribution, but the number of routes will mean that filtering will normally be required. Each of these situations is examined on the next two pages.
ISP - No Redistribution From BGP Into IGP

Redistribution into IGP not required
All routers run BGP; IBGP full mesh IBGP carries exterior routes IGP carries local information only, and next-hop information Use no synchronization
Advantages
Carry fewer routes in IGP BGP converges faster
www.cisco.com
BSCN10-86
An ISP typically has all routers in the AS running BGP. This would of course be a full mesh IBGP environment, and IBGP would be used to carry the EBGP routes across the AS. All of the routers in the AS would be configured with the no synchronization command, so that synchronization between IGP and BGP is not required. The BGP information would then not need to be redistributed into the IGP. The IGP would only need to route information local to the AS, and routes to the next-hop addresses of the BGP routes. One advantage of this approach is that the IGP protocol does not have to be concerned with all of the BGP routes, BGP will take care of them. BGP will also converge faster in this environment since it doesnt have to wait for the IGP to advertise the routes.
Non-ISP - Redistribution From BGP Into IGP

Redistribution into IGP required if
Not all routers run BGP Require external route knowledge
Many routes - filtering likely required Alternatives

Default routes
www.cisco.com
BSCN10-87
A non-ISP AS typically would not have all routers in the AS running BGP, and may not have a full mesh IBGP environment. If this is the case, and knowledge of external routes is required inside the AS, then redistribution of BGP into the IGP would be necessary. However, due to the number of routes that would be in the BGP tables, filtering will normally be required. As discussed in the multi-homing section, an alternative to receiving full routes from BGP is that the ISP could send only default routes, or default routes and some external routes to the AS.
Case Study: Multi-homed BGP

Recall that throughout this course we have been using a case study of JKL Corporation to discuss various aspects of scalable routing. The case studies are used to review key concepts, to discuss critical issues surrounding network operation, and to provide a focus for the lab exercises.
Case Study - Multi-homed BGP

Internet
IBGP IBGP
EBGP
EBGP
ISP #1
ISP #2
Enterprise - Corporation JKL
Ethernet (within AS 4304 only) Serial (all other links)

www.cisco.com
BSCN10-89
In this case study, we will look at how JKL will connect to the Internet. As shown in the graphic, JKL has two ISP connections, to AS 4304 and AS 1673. The following topics are some considerations to discuss with the class during the case study:
s
The hierarchical topology within JKL, including scaling issues:

s s s
Which routers will be running BGP? Where in the hierarchy will the ISP connections be made? How does JKLs topology approach differ from an ISP approach?
Exchange of route information

s
Recall that JKL is using OSPF, VLSM and route summarization. JKL has a class B public address. How will JKLs routes be advertised to the Internet? How will JKL learn routes of external ASs?
s s
Synchronization issues
s
Should JKL use synchronization between BGP and OSPF, or can it be turned off?
Implementing policy controls

s s
What policies might JKL have and why? How would these policies be implemented?
Ease of configuration
s s
How difficult would the policies be to implement? Are there alternatives how easy would they be to implement?
Summary
Summary
Describe the scalability problems associated with Internal BGP Explain and configure BGP Route Reflectors Describe and configure policy control in BGP using prefix lists Describe and configure BGP Communities and Peer Groups
www.cisco.com
BSCN10-85
Summary (contd)
Describe methods to connect to multiple ISPs using static routes, default routes, and BGP Explain the use of redistribution between BGP and Interior Gateway Protocols (IGPs) Given a set of network requirements, configure a multi-homed BGP environment and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN10-86
Review Questions
Review Questions
1. What is the command used to configure a router to distribute BGP information as specified in an access-list? 2. What is a route reflector cluster? 3. Route maps use ________ commands to test conditions and _______ commands to modify routes. 4. What is the command used to specify that the BGP communities attribute should be sent to a neighbor?
www.cisco.com
BSCN10-92
Review Questions (contd)

5. When would peer groups be useful? 6. What is BGP multi-homing? 7. What command is used to assign a weight to a neighbor connection? 8. What is the preferred method to use to advertise an aggregated route from an AS into BGP?
www.cisco.com
BSCN10-93
11
Managing Traffic and Access
Objectives
Describe the functions of access lists Describe how routing updates can be optimized
www.cisco.com
BSCN11-2
Objectives
This chapter discusses network congestion causes and presents ways to control network congestion. Sections:
s s s s s s s s
Objectives Congestion Overview Managing Traffic Congestion IP Access List Usage Optimizing Routing Updates Summary Written Exercise: Managing Traffic and Access Answers to Exercise
11-2
Congestion Overview
Network Traffic Bandwidth of the Link
Congestion occurs when the data traffic exceeds the data-carrying capacity of the link Congestion anywhere in the path results in delays for user applications
www.cisco.com
BSCN11-3
Congestion Overview
Congestion can occur when the amount of network traffic transmitted on a particular medium exceeds the bandwidth of that medium. The users of the network perceive the network to be slow, but may not understand the cause of the slowness. Temporary congestion can be expected in every network. Periodic congestion often occurs because of the bursty nature of todays network applications. Causes of chronic congestion should be identified and remedied. Serial lines are generally where congestion is experienced.
11-3
Traffic in an IP Network
IP Network IP Network
Sources of data and overhead traffic: User applications Routing protocol updates Domain name server (DNS) requests Encapsulated protocol transport
www.cisco.com
BSCN11-4
Traffic in an IP Network
An IP network has many sources of data traffic and overhead traffic:
s
User applicationsData traffic is usually generated by user applications. These applications initiate file transfers using the File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP). Electronic mail is another common source of data traffic; it uses the Simple Mail Transfer Protocol (SMTP). Routing protocol updatesRouting protocols send updates periodically or when routing information changes. Domain Name System (DNS) requestsOverhead traffic is generated when the traffic is not directly related to user applications. Examples of overhead traffic are routing updates and broadcast requests, such as for a DNS. Encapsulated protocol transportNoncontiguous networks can be joined by encapsulating the network traffic in IP packets and sending that traffic across the IP network. If the two noncontiguous networks generate large amounts of traffic, slow links in the IP network could become congested.
11-4
Other Traffic in a Multiprotocol Network

DNS ZIP SNMP ARP FTP IGRP GNS NBP Watchdog SDLC SAP Telnet Bandwidth of the Link
IP Network IPX Network AppleTalk Network IP Network
IPX Network AppleTalk Network
Sources of data and overhead traffic: All user applications All routing protocol updates All overhead broadcasts and multicasts All data link/physical-layer signaling
www.cisco.com
BSCN11-5
Other Traffic in a Multiprotocol Network

A multiprotocol network has several different protocol suites active at the same time. All user data traffic for the different protocols is active at the same time, and many concurrent data transfers are taking place. In addition, the overhead traffic for each protocol requires a portion of the bandwidth of the medium. Although it was not mentioned earlier, there is some underlying traffic on the media associated with the lower layers of the OSI reference model. All of the following require some portion of the mediums data-carrying capacity:
s
Address Resolution Protocol (ARP) to resolve logical-to-physical addressing issues Keepalives to maintain connectivity Tokens for accessibility Time To Live updates
s s s
11-5
Managing Traffic Congestion

Control network congestion by: Filtering user and application traffic Filtering broadcast traffic Adjusting timers on periodic announcements Providing static entries in tables Controlling routing overhead traffic
www.cisco.com
BSCN11-6
Managing Traffic Congestion

Network congestion results from too much traffic at one time. To resolve congestion, the traffic either must be reduced or rescheduled.
s
Filtering user and application trafficYou can use access lists to filter user and application traffic. Traffic filters can keep some traffic from reaching critical links. Filtering broadcast trafficSome periodic broadcasts, such as SAP packets, have configurable transmission timers to lengthen the interval between broadcasts. Adjusting timers on periodic announcementsLengthening the timers reduces the overall traffic load on the link. For example, you can adjust the time between SAP updates. Providing static entries in tablesUsing static entries in a routing table can eliminate the need to dynamically advertise network routes across that link. This technique is very effective for serial lines. Controlling routing overhead trafficTraffic that is required to support the routing process can be reduced. Converting from a distance vector protocol to a link-state protocol will almost eliminate the periodic announcements made by distance vector protocols such as RIP.
11-6
Filtering Traffic with Access Lists

Proper placement of access lists is key to controlling traffic flow
Understand application requirements
Centralized server or distributed tasks
Understand ACL processing requirements

Adequate resources
CPU and memory
Location
Access/distribution layer Validate traffic where it enters network
www.cisco.com
BSCN11-7
Filtering Traffic with Access Lists

Access lists, as supported in the Cisco IOS, were originally designed as a security feature and have the additional benefit of providing traffic filtering capability. Proper placement of traffic filters is one of the key factors in effectively controlling traffic flow in a network. Before access lists can be implemented as effective traffic filters, you must study the requirements of the supported applications. Different applications have different needs and generate differing amounts of traffic, sometimes in a unidirectional fashion. Access control lists (ACLs) are a form of list processing and can require significant amounts of CPU processing cycles. The order of search criteria is critical because the top-down processing terminates when a matching condition occurs. The recommended approach is to place the most commonly occurring search criteria at the top of the list. In addition to knowing the direction of traffic flow, it is equally critical to apply traffic filters to the correct device or portion of the network. Traffic should be validated at the point where it enters the network. If a hierarchical model is in place, traffic validation should take place at either the access or distribution layer devices. Unwanted traffic needs to be removed from the network before it can reach the high-speed switching core because core devices cant tolerate delays associated with long table lookups. Also, ACLs should assigned to devices that have sufficient CPU and memory resources to handle the repeated, potentially lengthy table searches.
11-7
When to Use Access Lists

Access List
Internet
Unsolicited requests
Place traffic filter here
Corporate Network
Solicited replies to prior requests from within
Access lists provide critical security at Internet access points

www.cisco.com
BSCN11-8
When to Use Access Lists

As mentioned earlier, it is important to validate traffic at the point where it enters the corporate network. For many companies, that entry point is traffic coming from the Internet. One of the challenges for an ACL (and the administrator that creates the ACL) is to block unwanted inbound traffic and at the same time to allow in requested data files. If a reliable file transfer mechanism, such as FTP, is in place, access lists can detect the difference between unsolicited requests and responses to requests that were previously generated from within the corporate network. If the arriving data is the result of a previously established session, then it falls in a category that the ACL can test for. Access lists also provide a logging capability to record the types of activity that the ACL rejected. Sometimes it is more important to know what information was rejected rather than what was accepted, especially when dealing with hackers. Using an access list on a perimeter router should only be a part of the corporate security policy. Several components, such as firewalls and proxy servers, should be concurrently implemented to help protect the corporate network from unwanted external access.
11-8
When to Use Access Lists (cont.)

Sales
Access List
Finance
R&D
HR
Marketing
Secure Subnet
Access lists guard secure subnets

www.cisco.com
BSCN11-9

Access list can perform a function much like that of a security guard. Each packet can be checked before it is cleared to access a given subnet, such as the research and development (R & D) area shown in the graphic. Most access of this type is based upon the source address (where did this packet come from?) of the packet. Some areas of the network are more trusted than others and only traffic generated by the devices on the trusted subnets will allowed to pass into the secure area. Administrators need to take great care to allow traffic generated from within the secure subnet to return to that area, as well. See the discussion on the previous page about established connections.
11-9

Only allow FTP and E-mail traffic on this segment E-mail FTP
Access List
Access lists restrict application traffic on designated media segments

www.cisco.com
BSCN11-10

Extended IP access lists can detect the application used to generate the payload being carried by the packet. This functionality is critical to the attempts to limit only FTP and E-mail traffic access to the upper subnet displayed in the graphic. Most search mechanisms like this use well-known ports to identify key applications. For example, TCP port 25 supports E-mail using SMTP and FTP uses ports 20 and 21 to accomplish its data transfers.
11-10
Other Access List Uses

Priority and custom queuing
Queue List
Dial-on-demand routing
Route filtering
Routing Table
Access lists are multipurpose
www.cisco.com
BSCN11-13
Other Access List Uses

You can use IP access lists to establish a finer granularity of control when differentiating traffic into priority and custom queues. An access list can also be used to identify interesting traffic that serves to trigger dialing in dial-on-demand routing (DDR). When acting as a distribute list, an access list can be used to control the contents of a routing update. Access lists are also a fundamental component of route maps, which filter and in some cases alter the attributes within a routing protocol update. Distribute lists and route maps provide different approaches to determining the information contained in a routing update.
Managing Traffic and Access 11-11
Reducing Routing Update Traffic

Routing update traffic can be reduced by:
Replacing periodic updates with incremental Switch from distance vector to link-state Creating summary routes Shrinks size of routing table Configuring static and default routes Reduces number of routes propagated Filtering content of updates Reduces number of routes propagated
www.cisco.com
BSCN11-14
Reducing Routing Update Traffic

Routing update traffic can be radically reduced by configuring a link-state protocol, such as OSPF, rather than a distance vector protocol, such as RIP. Distance vector protocols sent periodic updates that contain the entire routing table whereas linkstate protocols only sent incremental updates about a single route. The savings in bandwidth consumption will be realized on all links where the link-state protocol is configured. Normally, all subnets are included in the routing table and that information would be shared with peer routers in a link-state implementation. Summary routes representing a group of routes with a common prefix can be created to reduce the size of the routing table in area zero of a hierarchical designed OSPF network. Route filters can be applied to arriving updates and this mechanism can result in smaller routing tables. Smaller routing tables equate to less route information carried in periodic routing updates. Several mechanisms, including route maps and distribute lists, can be used to control the amount of information included in a routing update. Another way to reduce the size of a routing update is to create static route entries for the local router. The manually configured entries are significant only to the local device and are not propagated to neighboring devices in the periodic announcements.
11-12
Optimizing Routing Updates

Routing updates can be optimized by:
Outbound route filter Summary route Passive interface Static route
Degree of optimization controlled by network policy on route awareness
www.cisco.com
BSCN11-15
Optimizing Routing Updates

In those cases when routing updates are sent, the size of the update stream can be reduced by the following methods:
s
Apply route filter outboundan outbound route filter will selectively remove (according to the distribute-list statements) routes from the transmitted routing update. The routing table will indicate more routes than are actually transmitted to the neighboring router. The distribute-list can be applied to one or more transmitting interfaces. Create summary routethis action has no effect on the routing table of the router where the configuration was applied, but it does affect the content of the routing update. Summary routes reduce the update size by removing some of the subnet detail normally included in routing updates. Configure passive interfaceprevents the interface from generating regularly scheduled routing updates for the routing processes to which the interface is linked. Arriving routing updates will be accepted by this interface. Create static routemanually entered routes have significance on the router where the static entry was created. These route entries are not propagated to neighboring routers unless explicit redistribution statements are applied. As a result of not sending all entries in the routing table, the routing update becomes smaller.
Optimizing Routing Updates (cont.)

Routing table content can be reduced by:
Inbound route filter Default route
Requires administrative control of neighboring routers
www.cisco.com
BSCN11-16
Optimizing Routing Updates (cont.)

There are several ways to shrink the size of the routing table on a router:
s
Apply route filter inboundan inbound route filter will selectively remove (according to the distribute-list statements) routes from the arriving routing update. The distribute-list can be applied to an arriving interface or if route redistribution is occurring, at the input to the routing process receiving the routes. Create a default routeusing a default route allows much of the subnet detail to be removed from the local routing table. Most often, a distribute-list is placed on the neighboring routers outbound interface to suppress subnet details from arriving at the router that relies heavily on the default route.
11-14
Summary
Traffic congestion is caused by:
Bursts of user application traffic Multicast and broadcast traffic Too much traffic on low-bandwidth links Network design issues
Traffic congestion can be overcome by:

Filtering unwanted traffic Reducing the amount of overhead and broadcast traffic Controlling routing update traffic
www.cisco.com
BSCN11-17
Summary
Written Exercise: Managing Traffic and Access

Objective: Describe causes of network congestion. Task: In the space below, briefly describe each cause of network congestion.
User services
Router updates
DNS traffic
Novell SAP broadcasts
Objective: List solutions for controlling network congestion. Task: List five ways to control network congestion: 1.__________________________________
2. __________________________________
3. __________________________________
4. __________________________________
5.__________________________________ Note: Answers will vary for these exercises.
11-16
Answers to Exercise
www.cisco.com
2-19
Answers to Exercise
Written Exercise: Managing Traffic and Access

Answers will vary.
11-18
12
Configuring IP Access Lists
Objectives
Configure IP standard and extended access lists Limit virtual terminal, HTTP and SNMP access Verify access list operation Configure an alternative to using access lists
www.cisco.com
BSCN12-2
Objectives
This chapter discusses the following Cisco IOS software features useful in reducing unwanted traffic or controlling access in an IP environment: access lists, null interfaces, and helper addresses. Sections include:
Objectives Managing IP Traffic Overview Configuring IP Standard Access Lists Configuring IP Extended Access Lists Restricting Virtual Terminal, HTTP and SNMP Access Verifying Access List Configuration Written Exercise: Restricting Access Using an Alternative to Access Lists Written Exercise: Alternative to Access Lists Summary Case Study Filtering Traffic Answers to Exercises
12-2
Managing IP Traffic Overview

FTP
Limit traffic and restrict network use
Broadcast
X
www.cisco.com
BSCN12-4
Managing IP Traffic Overview

Integral to the task of managing IP traffic is eliminating unwanted traffic while still allowing appropriate user-access to necessary services. For many protocols, broadcasting is the primary method for locating services. Because routers inherently do not forward broadcasts, it is frequently necessary to help these broadcasts get forwarded onto the appropriate subnet where the server is located. The Cisco IOS software provides mechanisms for reducing unwanted traffic, for restricting network use to only authorized users, and for enabling broadcasts to be forwarded beyond the local router to the desired server. Access lists limit traffic and restrict network use, and helper addressing enables broadcast forwarding. Both access lists and helper addressing are covered in this chapter.
IP Access Lists 12-3
Access List Applications

Transmission of packets on an interface
Virtual terminal line access (IP)
Access lists control packet movement through a network
www.cisco.com
BSCN12-6
Access List Applications

Packet filtering helps control packet movement through the network. Such control can help limit network traffic and restrict network use by certain users or devices. To permit or deny packets from crossing specified router interfaces, Cisco provides access lists. An IP access list is a sequential collection of permit and deny conditions that apply to IP addresses or upper-layer IP protocols. The following table shows the types of access lists and the available list numbers for IP:
Type of Access List IP standard IP extended Bridge type-code IPX standard IPX extended IPX SAP Range 1 - 99 100 - 199 200 - 299 800 - 899 900 - 999 1000 - 1099
12-4
Configuring IP Standard Access Lists

www.cisco.com
12-7
The Cisco IOS Release 10.3 introduced substantial additions to IP access lists. Caution These extensions are backward compatible. Migrating from existing releases to the Release 10.3 or later image will convert your access lists automatically. However, previous releases are not upwardly compatible with these changes. Thus, if you save an access list with the Release 10.3 or later image and then use older software, the resulting access list will not be interpreted correctly. This incompatibility can cause security problems. Save your old configuration file before booting Release 10.3 (or later) images in case you need to revert to an earlier version.
IP Standard Access Lists Overview

Destination Address Source Address
172.16.5.17 10.0.0.3
172.16.5.0
Use source address only Access list range: 1 to 99
www.cisco.com
BSCN12-8
IP Standard Access Lists Overview

Standard access lists permit or deny packets based only on the source IP address of the packet. The access list number range for defining standard access lists is 1 to 99. Standard access lists are easier to configure than their more robust counterparts, extended access lists.
12-6
Inbound Access List Processing

For Standard IP Access Lists
Incoming packet Access list on interface? Yes Next entry in list Yes More entries? No Does source address match? No Yes Do route table lookup No
Route to interface
Apply condition
Deny ICMP Message
Permit Process Packet
www.cisco.com
BSCN12-9
Inbound Access List Processing

An access list is a sequential collection of permit and deny conditions that apply to IP addresses. The router tests addresses against the conditions in an access list one by one. The first match determines whether the router accepts or rejects the packet. Because the router stops testing conditions after the first match, the order of the conditions is critical. If no conditions match, the router rejects the packet. For inbound standard access lists, after receiving a packet, the router checks the source address of the packet against the access list. If the access list permits the address, the router exits the access list and continues to process the packet. If the access list rejects the address, the router discards the packet and returns an ICMP Host Unreachable message. Note that the action taken if no more entries are found in the access list is to deny the packet, which illustrates an important concept to remember when creating access lists. The last entry in an access list is what is known as an implicit deny any. All traffic not explicitly permitted will be implicitly denied.
When configuring access lists, order is important. Make sure that you list the entries in Note order from specific to general. For example, if you want to filter a specific host address, then permit all other addresses, make sure your entry about the specific host appears first.
Outbound Access List Processing

Outgoing packet Do route table lookup Access list on interface? Yes Next entry in list Yes More entries? No Does source address match? No Yes No
Apply condition Deny Permit
ICMP Message Forward Packet
www.cisco.com
BSCN12-10
Outbound Access List Processing

For outbound standard IP access lists, after receiving and routing a packet to a controlled interface, the router checks the source address of the packet against the access list. If the access list permits the address, the router transmits the packet. If the access list denies the address, the router discards the packet and returns an ICMP Host Unreachable message. The primary difference between a standard access list and an extended access list is that the latter may continue to check other information in the packet against the access list after the source address has been found to match.
When configuring access lists, order is important. Make sure that you list the entries in Note order from specific to general. For example, if you want to filter a specific host address, then permit all other addresses, make sure your entry about the specific host appears first.
12-8
High-Order Bits 0 10 110 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 First Octet 1-126 128-191 192-223 Class A B C Standard Mask 255.0.0.0 255.255.0.0 255.255.255.0
Class B subnets
255.255.0.0 255.255.128.0 255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252 255.255.255.254
www.cisco.com
0 1 2 3 4 5 6 7
Class C subnets
BSCN12-11
The IP address is 32 bits in length and is made up of two parts:
s s
Network number Host number
The address format is known as dotted-decimal notation. An example address is 131.108.122.204. Each bit in an octet has a binary weight, such as (128,...4,2,1). The minimum value for an octet is 0; it contains all zeros. The maximum value for an octet is 255; it contains all ones. The allocation of addresses is managed by a central authority. Network numbers are administered by the Internet Network Information Center (InterNIC). The NIC is also the main Request For Comments (RFCs) repository.
Access Lists Use Wildcard Mask

Address 0.0.0.0 131.108.0.0/16 131.104.7.11/16 255.255.255.255 131.111.8.0 Mask 255.255.255.255 0.0.255.255 0.0.0.0 0.0.0.0 0.0.7.255 Matches any address network 131.108.0.0 host or subnet address exactly host 131.104.7.11 local broadcast only subnet 131.111.8.0 *
0 bit = must match bits in addresses 1 bit = no need to match bits in addresses
* Assuming subnet mask of 255.255.248.0
www.cisco.com
BSCN12-16
Access Lists Use Wildcard Mask

Both standard and extended IP access lists use a wildcard mask. Like an IP address, a wildcard mask is a 32-bit quantity written in dotted-decimal format. Address bits corresponding to wildcard mask bits set to 1 are ignored in comparisons; address bits corresponding to wildcard mask bits set to 0 are used in comparisons. An alternative way to think of the wildcard mask is as follows: If a 0 bit appears in the mask, then the corresponding bit location in the access list address and the same location in the packet address must match (either both 0 or both 1). If a 1 bit appears in the mask, then the bit location in the packet will match whether it is 0 or 1, and the bit location in the access list address is ignored. For this reason, 1 bits in the mask are sometimes called dont care bits. An access list can contain an indefinite number of actual and wildcard addresses. A wildcard address has a non-zero address mask and thus potentially matches more than one actual address. Remember that the order of the access list statements is important, because the access list is not processed further after a match has been found.
12-10
Access List Configuration Tasks

To create an access list, perform the following tasks:
Define an access list Apply the list to an interface
www.cisco.com
BSCN12-18
Access List Configuration Tasks

Whether you are creating a standard or extended access list, you will need to complete two tasks:
Step 1
Create an access list in global configuration mode by specifying an access list number and access conditions. Define a standard IP access list using a source address and wildcard. Define an extended access list using source and destination addresses, as well as optional protocol-type information for finer granularity of control.
Step 2
Apply the access list in interface configuration mode to interfaces or terminal lines. After an access list is created, you can apply it to one or more interfaces. Access lists can be applied on either outbound or inbound interfaces.
Standard Access List Commands

Router(config)#
access-list access-list-number { permit | deny } { source [ source-wildcard ] | any }
Defines a standard access list (numbered 1-99)

Router(config-if)#
ip access-group access-list-number { in | out }
Applies an access list to a specific interface
www.cisco.com
BSCN12-19
Standard Access List Commands

Use the access-list command to create an entry in a standard traffic filter list.
access-list Command Description
access-list-number permit | deny source source-wildcard
Identifies the list to which the entry belongs; a number from 1 to 99. Indicates whether this entry allows or blocks traffic from the specified address. Identifies source IP address. (Optional) Identifies which bits in the address field are matched. It has a 1 in positions indicating dont care bits, and a 0 in any position that is to be strictly followed. If this field is omitted, the mask 0.0.0.0 is assumed. Uses address 0.0.0.0 and source wildcard 255.255.255.255 to match any address.
any
Use the ip access-group command to link an existing access list to an interface. Each interface may have both an inbound and an outbound access list (provided they are both standard or extended).
ip access-group Command Description
access-list-number in | out
Indicates the number of the access list to be linked to this interface. Process packets arriving on/leaving from (default) this interface.
Eliminate the entire list by typing no access-list access-list number. Deapply the access list with the no ip access-group access-list-number command.
Implicit Masks
correct common errors not needed access-list 1 permit 131.108.5.17 ! access-list 1 permit 0.0.0.0 access-list 1 permit 131.108.0.0 access-list 1 deny access-list 1 deny any 0.0.0.0 255.255.255.255
Omitted mask assumed to be 0.0.0.0 Last two lines unnecessary (implicit deny any)
www.cisco.com
BSCN12-20
Implicit Masks
Implicit masks reduce typing and simplify configuration. Shown are three examples of implicit masks.The first line is an example of a specific host configuration. For standard access lists, if no mask is specified, the mask is assumed to be 0.0.0.0. The implicit mask makes it easier to enter a large number of individual addresses. When the symbolic name any is used, the mask 255.255.255.255 is implied. When a packet does not match any of the configured lines in an access list, the packet is denied by default because there is an invisible line at the end of the access list that is equivalent to deny any. Denying any is the same as configuring 0.0.0.0 255.255.255.255, so the last two lines are not needed. Common errors are found in the other access list lines:
s
The second linepermit 0.0.0.0 would exactly match the address 0.0.0.0 and then permit it. In most cases, this address is illegal so this list would prevent all traffic from getting through (the implicit deny any). The third linepermit 131.108.0.0 is probably a configuration error. The intention is probably 131.108.0.0 0.0.255.255. The exact address 131.108.0.0 is reserved to refer to the network and would never be assigned to a host. Network and subnets are represented by explicit masks. As a result, nothing would get through with this list, again due to the implicit deny any. The fourth and fifth linesdeny any and deny 0.0.0.0 255.255.255.255 are unnecessary to configure because they duplicate the function of the default deny that occurs when a packet fails to match all of the configured lines in an access list.
Although not necessary, you may want to add one of these entries for record-keeping purposes.
Copyright 1999, Cisco Systems, Inc. IP Access Lists 12-13
Configuration Principles
Top-down processing
Place more specific references first
Implicit deny any

Unless access list ends with explicit permit any
New lines added to the end

Cannot selectively add/remove lines
Undefined access list = permit any

Need to create access list lines for implicit deny any
www.cisco.com
BSCN12-21
Configuration Principles
Following these general principles helps ensure the access lists you create have the intended results:
s
Top-down processing
Organize your access list so that more specific references in a network or subnet appear before more general ones. Place more frequently occurring conditions before less frequent conditions.
Implicit deny any
Unless you end your access list with an explicit permit any, it will deny by default all traffic that fails to match any of the access list lines.
New lines added to the end

Subsequent additions are always added to the end of the access list. You cannot selectively add or remove lines when using numbered access lists, but you can when using IP named access lists (a Cisco IOS Release 11.2 feature).
Undefined access list = permit any
If you apply an access list with the access-group command to an interface before any access list lines have been created, the result will be permit any. The list is live, so if you enter only one line, it goes from a permit any to a deny most (because of the implicit deny any) as soon as you press Return. For this reason, create your access list before you apply it to an interface.
12-14
Standard Access List Example

36.48.0.3
A E0 B C
Internet
D
36.48.0.0
36.51.0.0
36.0.0.0
Router(config)#access-list 2 permit 36.48.0.3 Router(config)#access-list 2 deny 36.48.0.0 0.0.255.255 Router(config)#access-list 2 permit 36.0.0.0 0.255.255.255 Router(config)#!(Note: all other access implicitly denied) Router(config)#interface ethernet 0 Router(config-if)#ip access-group 2 in
Who can connect to A?

www.cisco.com
BSCN12-22
Standard Access List Example

Can host B communicate with host A? Yes. Permitted by the first line, which uses an implicit host mask. Can host C communicate with host A? No. Host C is in the subnet denied by the second line. Can host D communicate with host A? Yes. Host D is on a subnet that is explicitly permitted by the third line. Can users on the Internet communicate with host A? No. Users outside of this network are not explicitly permitted, so they are denied by default (implicit deny any).
Location of Standard Access Lists

10.3.0.1
W 10.20.0.0 E0 X Y Z
A A
E1 E0
B B
E1
E0
C C
E1 E0
D D
E1
access-list 3 deny 10.30.0.1 access-list 3 permit any
On which router should the access list be configured to deny host Z access to network 10.20.0.0? How does location of a standard access list change the policy implemented?
www.cisco.com
BSCN12-23
Location of Standard Access Lists

Access list location can be more of an art than a science, but there are some general guidelines that we can discover by looking at this simple example. If the policy goal is to deny host Z access to a host on another network (called host V), and not to change any other access policy, on which router should the access list shown be configured and on which interface of that router? The access list would be placed on router A. The reason is that the standard access list can only specify the source address. Wherever in the path the traffic is denied, no hosts beyond can connect. The access list could be configured as an outbound list on E0, but it would most likely be configured as an inbound list on E1 so that packets to be denied would not have to be routed first. What would be the effect of placing the access list on other routers?
s s
Router BHost Z could not connect with host W (and host V on another network). Router CHost Z could not connect with hosts W and X (and host V on another network). Router DHost Z could not connect with hosts W, X, and Y (and host V on another network).
For standard access lists, place them as close to the destination router as possible to exercise the most control.
12-16
Configuring Extended Access Lists
Configuring IP Extended Access Lists

www.cisco.com
12-24
Configuring Extended Access Lists
IP Extended Access List Overview

Sales
Internet
FTP Telnet
Manufacturing
SMTP
Accounting
Control traffic by application, not just address
www.cisco.com
BSCN12-25
IP Extended Access List Overview

Standard access lists offer quick configuration and low overhead in limiting traffic based on source address within a network. Extended access lists provide a higher degree of control by enabling filtering based on the session-layer protocol, destination address, and application port number. These features make it possible to limit traffic based on the uses of the network.
12-18
Extended Access List Processing

Access list? Does not match Yes Source address Match Match Match No
Destination address
Protocol? *
Protocol options? * Match Apply condition Next entry in list Deny ICMP Message * If present in access list
Permit Forward Packet
www.cisco.com
BSCN12-26
Extended Access List Processing

Every condition tested must match in order for the line of the access list to match and the permit or deny condition to be applied. As soon as one parameter or condition fails, the next line in the access list is compared. The extended access list checks source address, protocol, and destination address. Depending on the protocol configured, there may be more protocol-dependent options tested. For example, a TCP port may be checked, which allows routers to filter at the application layer.
Extended IP Access List Command

Router(config)#
access-list access-list-number { permit | deny } { protocol | protocol-keyword } { source source-wildcard | any } { destination destination-wildcard | any } [ protocol-specific options ] [ log ]
Defines an extended access list (numbered 100 to 199) Protocol keywords icmp, tcp, and udp define alternate syntax with protocolspecific options
www.cisco.com
BSCN12-27
Extended IP Access List Command

Use the access-list command to create an entry in a complex traffic filter list.
access-list Command Description
access-list-number permit | deny protocol
A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). ip, tcp, udp, icmp, igmp, gre, igrp, eigrp, ospf, nos, or a number in the range of 0 through 255. To match any Internet protocol, use the keyword ip. Some protocols have more options that are supported by an alternate syntax for this command.
source and destination IP addresses. source-wildcard and destination-wildcard any Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are dont care. Use this keyword as an abbreviation for a source and source-wildcard, and destination and destination-wildcard of 0.0.0.0 255.255.255.255. (Optional) Causes informational logging messages about the packet that matches the entry to be sent to the console. Exercise caution when using this keyword because it consumes CPU cycles.
log
12-20
Extended Mask Keywords

access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 ! (alternate configuration) access-list 101 permit ip any any
The keyword any can be used in place of the address 0.0.0.0. with mask 255.255.255.255
access-list 101 permit ip 0.0.0.0 255.255.255.255 131.108.5.17 0.0.0.0 ! (alternate configuration) access-list 101 permit ip any host 131.108.5.17
The keyword host preceding an ip-address can be used in place of the mask 0.0.0.0
www.cisco.com
BSCN12-28
Extended Mask Keywords

The keyword any in either the source or destination position matches any address and is equivalent to configuring 0.0.0.0 255.255.255.255. The keyword host in either the source or destination position causes the address that immediately follows it to be treated as if it were specified with a mask of 0.0.0.0. host 131.108.5.17 = 131.108.5.17 0.0.0.0
ICMP Command Syntax

Router(config)#
access-list access-list-number { permit | deny } icmp { source source-wildcard | any } { destination destination-wildcard | any } [ icmp-type [ icmp-code ] | icmp-message ]
Filters based on ICMP messages
www.cisco.com
BSCN12-29
ICMP Command Syntax

Use the access-list icmp command to create an entry in a complex traffic filter list. The protocol keyword icmp indicates that an alternate syntax is being used for this command and that protocol-specific options are available.
access-list icmp Command Description
access-list-number permit | deny source and destination source-wildcard and destination-wildcard
A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). IP addresses. Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are dont care. The keyword any used in place of either the source and destination, or wildcard masks can be used as a shortcut to typing 0.0.0.0 255.255.255.255. (Optional) Packets can be filtered by ICMP message type. The type is a number from 0 to 255. (Optional) Packets that have been filtered by ICMP message type can also be filtered by ICMP message code. The code is a number from 0 to 255. (Optional) Packets can be filtered by a symbolic name representing an ICMP message type or a combination of ICMP message type and ICMP message code. A list of these names is provided on the following graphic.
icmp-type icmp-code
icmp-message
12-22
ICMP Message and Type Names

administratively-prohibited alternate-address conversion-error dod-host-prohibited dod-net-prohibited echo echo-reply general-parameter-problem host-isolated host-tos-redirect host-tos-unreachable host-unknown host-unreachable information reply mask-reply mask-request mobile-redirect net-redirect net-tos-redirect net-tos-unreachable net-unreachable network-unknown no-room-for-option option-missing packet-too-big parameter-problem port unreachable reassembly-timeout redirect router-advertisement router-solicitation source-quench source-route-failed time-exceeded traceroute ttl-exceeded unreachable
Names simplify configuration

www.cisco.com
BSCN12-30
ICMP Message and Type Names

Cisco IOS Release 10.3 and later versions provide symbolic names that make configuration and reading of complex access lists easier. With symbolic names it is no longer critical to understand the meaning of message 8 and message 0 in order to filter the ping command. Instead, the configuration would use echo and echo-reply. Use the context-sensitive help feature by entering ? in the Cisco IOS user interface to verify available names and proper command syntax.
TCP Syntax
Router(config)#
access-list access-list-number { permit | deny } tcp { source source-wildcard | any } [ operator source-port | source-port ] { destination destination-wildcard | any } [ operator destination-port | destination-port ] [ established ]
Filters based on tcp/tcp port number or name
www.cisco.com
BSCN12-31
TCP Syntax
Use the access-list tcp command to create an entry in a complex traffic filter list. The protocol keyword tcp indicates that an alternate syntax is being used for this command and that protocol-specific options are available.
access-list tcp Command Description
access-list-number permit | deny source and destination source-wildcard and destination-wildcard operator source-port and destination-port established
A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). IP addresses. Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are dont care. (Optional) A qualifying condition. Can be: lt, gt, eq, neq. (Optional) A decimal number from 0 to 65535 or a name that represents a TCP port number. (Optional) A match occurs if the TCP datagram has the ACK or RST bits set. Use this if you want a Telnet or another activity to be established in one direction only.
12-24
TCP Port Names

bgp chargen daytime discard domain echo finger ftp control ftp-data gopher hostname irc klogin kshell lpd nntp pop2 pop3 sunrpc syslog tacacs-ds talk telnet time uucp whois www
Type ? to get port numbers corresponding to names Other port numbers found in Assigned Numbers RFC
www.cisco.com
BSCN12-32
TCP Port Names

Use the ? in place of the port number when entering the command in order to verify the port numbers associated with these protocol names. The current Assigned Numbers RFCs are 1700 and 1799.
Reserved TCP Port Numbers

Decimal 0 1-4 5 7 9 11 13 15 17 19 20 21 23 25 37 39 42 43 53 67 68 69 75 77 79 95 101 102 113 117 123 133-138 139 140-159 160-223 224-255 NetBios FINGER SUPDUP HOSTNAME ISO-TSAP AUTH UUCP-PATH NTP RJE ECHO DISCARD USERS DAYTIME NETSTAT QUOTE CHARGEN FTP-DATA FTP TELNET SMTP TIME RLP NAMESERVER NICNAME DOMAIN BOOTPS BOOTPC TFTP Keyword Description Reserved Unassigned Remote job entry Echo Discard Active users Daytime Who is up or NETSTAT Quote of the day Character generator File Transfer Protocol (data) File Transfer Protocol Terminal connection Simple Mail Transfer Protocol Time of day Resource Location Protocol Host name server Who is Domain name server Bootstrap protocol server Bootstrap protocol client Trivial File Transfer Protocol Any private dial-out service Any private RJE service Finger SUPDUP Protocol NIC host name server ISO-TSAP Authentication service UUCP path service Network Time Protocol Unassigned Session Service Unassigned Reserved Unassigned
12-26
UDP Syntax
Router(config)#
access-list access-list-number { permit | deny } udp { source source-wildcard | any } [ operator source-port | source-port ] { destination destination-wildcard | any } [ operator destination-port | destination-port ]
Filters based on udp protocol or udp port number or name
www.cisco.com
BSCN12-33
UDP Syntax
The access-list udp command creates an entry in a complex traffic filter list. The protocol keyword udp indicates that an alternate syntax is being used for this command and that protocol-specific options are available.
access-list udp Command Description
access-list-number permit | deny source and destination source-wildcard and destination-wildcard any
A number from 100 to 199. Whether this entry is used to allow or block the specified address(es). IP addresses. Wildcard masks of address bits that must match. 0s indicate bits that must match, 1s are don't care. Use this keyword as an abbreviation for a source and source-wildcard, and destination and destination-wildcard of 0.0.0.0 255.255.255.255. (Optional) A decimal number from 0 to 65535 or a name that represents a UDP port number. (Optional) A qualifying condition. Can be: lt, gt, eq, neq.
source-port and destination-port operator
UDP Port Names

biff bootpc bootps discard dns dnsix echo mobile-ip nameserver netbios-dgm netbios-ns ntp rip snmp snmptrap sunrpc syslog tacasds-ds talk tftp time whois xdmcp
Type ? to get port numbers corresponding to the name Other port numbers found in Assigned Numbers RFC
www.cisco.com
BSCN12-34
UDP Port Names

Use the ? in place of the port number when entering the command in order to verify the port numbers associated with these protocol names.
12-28
Reserved UDP Port Numbers

Decimal 0 14 5 7 9 11 13 15 17 19 20 21 23 25 37 39 42 43 53 67 68 69 75 77 79 123 133-136 137 138 139-159 160-223 160 161 224-255 520 SNMP SNMP Trap Unassigned RIP NetBios NetBios FINGER NTP RJE ECHO DISCARD USERS DAYTIME NETSTAT QUOTE CHARGEN FTP-DATA FTP TELNET SMTP TIME RLP NAMESERVER NICNAME DOMAIN BOOTPS BOOTPC TFTP Keyword Description Reserved Unassigned Remote job entry Echo Discard Active users Daytime Who is up or NETSTAT Quote of the day Character generator File Transfer Protocol (data) File Transfer Protocol Terminal connection Simple Mail Transfer Protocol Time of day Resource Location Protocol Host name server Who is Domain name server Bootstrap protocol server Bootstrap protocol client Trivial File Transfer Protocol Any private dial-out service Any private RJE service Finger Network Time Protocol Unassigned Name Service Datagrams Service Unassigned Reserved
Extended Access List Example 1

Providing Internet Mail
128.88.1.2 A
E1
Internet
128.88.1.0
128.88.3.0
access-list 103 permit tcpany128.88.0.0 0.0.255.255 established access-list 103 permit tcp any host 128.88.1.2 eq smtp ! interface ethernet 1 ip access-group 103 in
www.cisco.com
BSCN12-35

In this example, Ethernet interface 1 is part of a Class B network with the address 128.88.0.0, and the mail hosts address is 128.88.1.2. The keyword established is used only for the TCP protocol to indicate an established connection. A match occurs if the TCP datagram has the ACK or RST bits set, which indicate that the packet belongs to an existing connection. If the ACK is not set, and the SYN is set, then someone on the Internet is initializing the session, in which case, the packet is denied.
12-30

Also Providing DNS and Ping
128.88.1.2 A
S0
Internet
128.88.1.0 E0
E1
128.88.3.0
access-list 104 permit tcp any 128.88.0.0 0.0.255.255 established access-list 104 permit tcp any host 128.88.1.2 eq smtp access-list 104 permit udp any any eq dns access-list 104 permit icmp any any echo access-list 104 permit icmp any any echo-reply ! interface serial 0 ip access-group 104 in
www.cisco.com
BSCN12-36

This example also permits name/domain server packets and ICMP echo and echo-reply packets.
Location of Extended Access Lists

Minimize distance traveled by traffic that will be denied (and ICMP unreachable messages) Keep denied traffic off the backbone Select router to receive CPU overhead from access lists Consider number of interfaces affected Consider access list management and security Consider network growth impacts on access list maintenance
www.cisco.com
BSCN12-37
Location of Extended Access Lists

Because extended access lists can filter on more than source address, location is no longer a constraint. Frequently, policy decisions and goals are the driving force behind extended access list placement. If your goal is to minimize traffic congestion and maximize performance, you might want to push the access lists close to the source to minimize cross traffic and host unreachable messages. If your goal is to maintain tight control over access lists as part of your network security strategy, you might want to have them more centrally located. Notice how changing network goals will affect access list configuration.
12-32
Restricting Virtual Terminal, HTTP and SNMP Access

www.cisco.com
12-38
Virtual Terminal Access Overview
X
Router #
X
Router #
Standard and extended access lists will not block access from the router For security, virtual terminal (vty) access can be blocked to or from the router
www.cisco.com
BSCN12-39
Virtual Terminal Access Overview

Standard and extended access lists will block packets from going through the router. They are not designed to block packets that originate within the router. An outbound Telnet extended access lists does not prevent router-initiated Telnet sessions, by default. For security purposes, users can be denied virtual terminal (vty) access to the router, or users can be permitted vty access to the router but denied access to destinations from that router. Restricting virtual terminal access is less a traffic control mechanism than one technique for increasing network security. vty access is accomplished using the Telnet protocol. As a result, there is only one type of vty access list.
12-34
How to Control vty Access

Physical port (E0)
0 Router #
4 Virtual ports (vty 0 through 4) Router #
Five virtual terminal lines (0 through 4) Set identical restrictions on all the virtual terminal lines
www.cisco.com
BSCN12-41
How to Control vty Access

Just as there are physical ports or interfaces such as E0 and E1, there are also virtual ports. These virtual ports are called virtual terminal lines. There are five such virtual terminal lines, numbered vty 0 through 4 because you cannot control on which virtual terminal line a user will connect.
Some experts recommend that you configure one of the vty terminal lines differently Note than the others. This way you will have a back door into the router.
Virtual Terminal Line Commands

Router(config)#
line vty { vty-number | vty-range }
Enters configuration mode for a terminal line or a range of lines

Router(config-line)#
access-class access-list-number { in | out }
Restricts incoming and outgoing connections between a particular virtual terminal line (into a device) and the addresses in an access list
www.cisco.com
BSCN12-42
Virtual Terminal Line Commands

Use the line vty command to place the router in line configuration mode.
line vty Command Description
vty-number vty-range
Indicates the number of the line to be configured. Indicates the lines to which the configuration will apply.
Use the access-class command to link an existing access list to a terminal line or range of lines.
access-class Command Description
access-list-number in out
Indicates the number of the access list to be linked to a terminal line. This is a decimal number from 1 to 99. Prevents the router from receiving incoming connections from the addresses in the access list. Prevents someone from initiating a Telnet to addresses defined in the access list.
12-36
Virtual Terminal Access Example

Controlling Inbound Access
access-list 12 permit 192.89.55.0 0.0.0.255 ! line vty 0 4 access-class 12 in
Permits only hosts in network 192.89.55.0 to connect to the virtual terminal ports on the router
www.cisco.com
BSCN12-43
Virtual Terminal Access Example

In this example, we are permitting any device on network 192.89.55.0 to establish a virtual terminal (Telnet) session with the router. Of course, the user must know the appropriate passwords to enter user mode and privileged mode. Notice that identical restrictions have been set on all virtual terminal lines (0-4) because you cannot control on which virtual terminal line a user will connect. The implicit deny any still applies in an alternate application such as limiting virtual terminal access.

Provides Web Access and Network Management Browser A 128.88.2.0 128.88.1.0
E0
Internet
NOC
S0 E1
128.88.1.2
DNS FTP E-mail
B 128.88.3.0
access-list 118 permit tcp any 128.88.0.0 0.0.255.255 eq www established access-list 118 permit tcp any host 128.88.1.2 eq smtp access-list 118 permit udp any any eq dns access-list 118 permit udp 128.8.3.0 0.0.0.255 128.8.1.0 0.0.0.255 eq snmp access-list 118 deny icmp any 128.8.0.0 0.0.255.255 echo access-list 118 permit icmp any any echo-reply ! interface ethernet 0 ip access-group 118 out
www.cisco.com
BSCN12-44

In the graphic, replies to queries from the client As browser will be allowed back into the corporate network. Browser queries from external sources are not explicitly allowed and will be discarded by the access list. Access list 118 allows mail to be delivered exclusively to the mail server and the name server resolves DNS requests. The right-hand subnet is controlled by the network management group and network management queries (SNMP) will be allowed to reach devices in the server farm. Attempts to ping the corporate network from outside will fail because the access list blocks the echo requests. However, the replies to echo requests generated from within the corporate network will be allowed to re-enter the network.
12-38
Verifying Access List Configuration

www.cisco.com
12-45
Access List show Commands

Router#
show access-list
Displays access lists from all protocols

Router#
show ip access-list [ access-list-number ]
Displays a specific IP access list

Router#
clear access-list counters [ access-list-number ]
Clears packet counts

Router#
show line
Displays line configuration

www.cisco.com
BSCN12-46
Access List show Commands

Use the show access-list command to display access lists from all protocols. Use the show ip access-list command to display IP access lists.
show ip access-list Command Description
access-list-number
(Optional) Shows a specific list. If this option is not specified, then all IP access lists are displayed.
The system counts how many packets pass each line of an access list; the counters are displayed by the show access-list command. Use the clear access-list counters command in EXEC mode to clear the counters of an access list. Use the show line command to display information about terminal lines.
12-40
show ip access-lists Command

p1r1#show access-lists Extended IP access list 100 deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet (3 matches) deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet permit ip any any (629 matches)
Matches are shown for extended access lists
www.cisco.com
BSCN12-47
show ip access-lists Command

The output from the show ip access-lists command displays the contents of previously defined IP access lists.
Written Exercise
Written Exercise
www.cisco.com
12-48
Written Exercise
12-42
Written Exercise: IP Extended Access Lists

Outside World 172.16.1.3
W E0 E1 A E0 E2 S0 E1
172.16.3.3
X
172.16.1.0
172.16.2.0
172.16.3.0 172.16.4.0
Z
DNS
FTP
WWW
Client
4.2
4.3
4.4
4.5
BSCN12-49
www.cisco.com
Written Exercise: IP Extended Access Lists

Objective: Configure IP extended access lists.
y ,
w.cc.cm wisoo w
Create an access list and place it in the proper location to satisfy the following requirements:
s
Prevents all hosts on subnet 172.16.1.0/24 except host 172.16.1.3 from accessing the Web server on subnet 172.16.4.0 Prevents the outside world from pinging subnet 172.16.4.0 Allows all other hosts on all other subnets of network 172.16.0.0 (subnet mask 255.255.0.0) to queries to the DNS server on subnet 172.16.4.0 Prevents only host 172.16.3.3 from accessing subnet 172.16.4.0
s s
Write your configuration in the space below. Be sure to include the router name (A or B), interface name (E0, E1, or E2), and access list direction (in or out).
Using an Alternative to Access Lists

www.cisco.com
12-50
12-44
Null Interface
Routing table Packet arrives Access list access-list ip permit 1.0.0.0 ... access-list ip deny 2.0.0.0 ... access-list ip permit 3.0.0.0 ... access-list ip deny 4.0.0.0 ... access-list ip permit 5.0.0.0 ... Null 0 E0 S0 S1 T0
Route to nowhere saves valuable CPU cycles

www.cisco.com
BSCN12-51
Null Interface
Access lists are processor-intensive. The router processes every line of an access list until a match is found. There is an alternative to using access lists if the policy is for unwanted traffic to be discarded every time. The alternative is to configure a null interface. A null interface saves CPU cycles. The null interface is a software-only interface that functions similarly to a null device used by operating systems. Message traffic that is not required (to be displayed) is directed to the null interface using a static route, where it is effectively dropped.
It is important to consider the location of the null interface because anytime a packet Note comes into the router to the defined destination, it will be dropped.
Null Interface Command

Router(config)#
ip route address mask null 0
Creates a static route to filter unwanted traffic Interface name is always null 0
www.cisco.com
BSCN12-52
Null Interface Command

Use the ip route command to establish static routes and specify the null interface (always null 0).
ip route Command Description
address mask
IP address of the target network, subnet, or host. Network mask that lets you mask network, subnetwork, or host bits.
12-46
Null Interface Example

131.108.5.0
Token 131.108.1.0 Ring
131.108.7.0 131.108.6.2
131.108.6.1
131.108.4.0
201.222.5.0
ip route 201.222.5.0 255.255.255.0 null 0
Eliminates traffic for 201.222.5.0 from WAN
www.cisco.com
BSCN12-53
Null Interface Example

The graphic shows:
ip route 201.222.5.0 255.255.255.0 null 0 Command Description
201.222.5.0. 255.255.255.0 null 0
The destination IP address and the mask. The null interface to which traffic is forwarded.
The static route forwards traffic for network 201.222.5.0 to the null interface, which drops it.
Written Exercise: Alternative to Access Lists

172.16.20.0 172.16.12.0 172.16.16.0
Token Ring
192.168.2.0 255.255.255.0
Fill in the Blank
www.cisco.com
BSCN12-55

Objective: Configure an alternative to using access lists. Write the configuration statement in the box above that sends all traffic bound for 192.168.2.0 to the null interface.
12-48
Summary
You can manage IP traffic by: Controlling packet transmission on each medium Using a static route to the null interface in place of an access list to minimize processing overhead Configuring helper addresses to forward broadcasts Standard access lists are easy to configure and require lower processing overhead Extended access lists provide greater control
www.cisco.com
BSCN12-56
Summary
Case Study Traffic Filters

www.cisco.com
12-57
12-50
Case Study - Traffic Filters

ISP
Internet
Filter Private Addresses Web E-mail DNS Enterprise Corporation JKL
PIX
Secure R & D Restrict Access Enable Web Access Enable Network Mangmnt HR, Accounting
Gig Enet Fast Enet Ethernet Serial

Browser
Private Address Space Network 10.0.0.0
NOC
www.cisco.com
BSCN12-58

The graphic highlights several key concepts:
s s s
Before filters can be applied, you must understand traffic flow in your network What steps are involved in implementing the corporate security policy How to control network functionality with access control lists
Case Study - Traffic Filters (cont.)

Web E-mail
DNS
PIX
Secure R & D Enable Web Access
Future Plans
Public Area Enable Network Mangmnt
Browser
NOC
www.cisco.com
BSCN12-59
Case Study Traffic Filters (cont.)

Key points related to the graphic:
s s s s
Secure areas must be protected Network management requires access to all areas of the network Security policy involves several platforms and operating systems Web access complicates the security policy
12-52
www.cisco.com
12-60
12-54
13
Optimizing Routing Update Operation
Overview
This chapter discusses different ways to control routing update information. Route redistribution to interconnect networks that use multiple routing protocols is explained. Controlling information between the protocols can be accomplished using filters, changing of administrative distance, and configuring metrics. The configuration of each of these techniques is provided. Policy-based routing using route-maps is explained and configured. This chapter includes the following topics:
s
Objectives
Note to reviewers: Route summarization (review) was a topic that was included in the design document for this Note chapter; however this topic has been covered many times already in the course so I didnt cover it again here.
s s s s s s s s
Redistribution Between Multiple Routing protocols Configuring Redistribution Controlling Routing Update Traffic Verifying Redistribution Operation Written Exercise: Redistribution and Controlling Routing Update Traffic Policy-based Routing Using Route-Maps Verifying Policy-Based Routing Case Study: Redistribution
s s
Summary Review Questions
Objectives
Objectives
Select and configure the different ways to control route update traffic Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes
www.cisco.com
BSCN13-2
s s
Select and configure the different ways to control routing update traffic Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes Resolve path selection problems that result in a redistributed network Verify route redistribution Configure policy-based routing using route-maps Given a set of network requirements, configure redistribution between different routing domains and verify proper operation (within described guidelines) of your routers Given a set of network requirements, configure policy-based routing within your pod and verify proper operation (within described guidelines) of your routers
s s s s
Optimizing Routing Update Operation 13-3
Objectives (contd)
Resolve path selection problems that result in a redistributed network Verify route redistribution Configure policy-based routing using route-maps Given a set of network requirements, configure redistribution between different routing domains and verify proper operation (within described guidelines) of your routers Given a set of network requirements, configure policy-based routing within your pod and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN13-3
Redistribution Between Multiple Routing Protocols

This section explains when multiple protocols may be needed in a network, and discusses how redistribution works between the protocols. How to plan and design redistribution solutions for your network is beyond the scope of this course because creating a design is very dependent on your network topology and traffic patterns.
When Do You Use Multiple Routing Protocols?

Interim during conversion Application-specific protocols One size does not always fit all Political boundaries Groups that do not work and play nicely with others Mismatch between devices Multivendor interoperability Host-based routers
www.cisco.com
BSCN13-5
Thus far, we have looked at networks that use a single routing protocol. There are times, however, when you will need to use multiple routing protocols. Some reasons why you may need multiple protocols are as follows:
s
When you are migrating from an older IGP to a new IGP, multiple redistribution boundaries may exist until the new protocol has displaced the old protocol completely. Dual existence of protocols is effectively the same as a long-term coexistence design. When you want to use another protocol but need to keep the old protocol due to the needs of host systems. Different departments might not want to upgrade their routers or they might not implement a sufficiently strict filtering policy. In these cases you can protect yourself by terminating the other routing protocol on one of your routers. If you have a mixed router vendor environment, you can use a Cisco-specific protocol in the Cisco portion of the network and then use a common protocol to communicate with non-Cisco devices.
What Is Redistribution?
ASBR
AS 200 IGRP 172.16.0.0
S1
C
S0 A
B
AS 300 EIGRP 192.168.5.0
I I I I
IP Routing Table 192.168.5.0 172.16.1.0 172.16.2.0 172.16.3.0
S1 advertises routes from EIGRP to IGRP S0 advertises routes from IGRP to EIGRP
IP Routing Table D EX D D D 172.16.0.0 192.168.5.8 192.168.5.16 192.168.5.24
Routes are learned from another routing protocol when a router redistributes the information between the protocols
www.cisco.com
BSCN13-7
When any of these situations arises, Cisco routers allow internetworks using different routing protocols (referred to as autonomous systems) to exchange routing information through a feature called route redistribution. Redistribution is defined as the ability for boundary routers connecting different autonomous systems to exchange and advertise routing information received from one autonomous system to the other autonomous system.
The term autonomous system as used here denotes internetworks using different Note routing protocols. These routing protocols may be IGPs and/or EGPs. This is a different use of the term Autonomous System than is used when discussing BGP.
Within each autonomous system the internal routers have complete knowledge about their network. The router interconnecting autonomous systems is called an autonomous system boundary router (ASBR). In the example shown in the graphic, AS 200 is running IGRP and AS 300 is running EIGRP, and the internal routers within each autonomous system have complete knowledge about their networks. Router A is the ASBR. Router A has both IGRP and Enhanced IGRP processes active and is responsible for advertising routes learned from one autonomous system into the other autonomous system. In this example, Router A learns about network 192.168.5.0 from Router B via the EIGRP protocol running on its S0 interface. It passes that information to Router C on its S1 interface via IGRP. Routing information is also passed the other way, from IGRP into EIGRP. Router B's routing table shows that it has learnt about network 172.16.0.0 via EIGRP (as indicated by the D in the routing table) and that the route is external to this autonomous system (as indicated by the EX in the routing table). Router
Cs routing table shows that it has learnt about network 192.168.5.0 via IGRP (as indicated by the I in the routing table). Note that there is no indication in IGRP if the route is external to the autonomous system. Note that in this case the routes that are exchanged are summarized on the network class boundary. Recall from the route summarization discussion in chapters 3 and 4 that EIGRP and IGRP automatically summarize routes on the network class boundary.
Redistribution Implementation Considerations

RIP
172.16
EIGRP
172.16
RIP 172.16.0.0 RIP

172.16
ASBR
AS 300 EIGRP
ASBR
EIGRP
172.16
Routing feedback Suboptimal path selection Routing loops Incompatible routing information Inconsistent convergence time
www.cisco.com
BSCN13-8
Redistribution, although powerful, increases the complexity and potential for routing confusion, so it should only be used when absolutely necessary. The key issues that arise when using redistribution are as follows:
s
Routing feedback (loops)Depending on how you employ redistribution, routers can send routing information received from one autonomous system back into that same autonomous system. The feedback is similar to the routing loop problem that occurs in distance vector technologies. Incompatible routing informationBecause each routing protocol uses different metrics to determine the best path, for example RIP uses hops and OSPF uses cost, path selection using the redistributed route information may not be optimal. Because the metric information about a route cannot be translated exactly into a different protocol, the path a router chooses may not be the best. Inconsistent convergence timeDifferent routing protocols converge at different rates. For example, RIP converges slower that EIGRP, so if a link goes down, the EIGRP network will learn about it before the RIP network.
To understand why some of these problems may occur, you must first understand how Cisco routers select the best path when more than one routing protocol is running, and how they convert the metrics used when importing routes from one autonomous system into another. These topics are discussed in the following pages.
Selecting the Best Route

Different protocols use different metrics Metrics are difficult to compare algorithmically Therefore, need a selection process:
1Which protocol do you believe the most? Use the administrative distance 2Then decide which metric is the best
www.cisco.com
BSCN13-9
Most routing protocols have metric structures and algorithms that are not compatible with other protocols. In a network where multiple routing protocols are present, the exchange of route information and the ability to select the best path across the multiple protocols is critical. In order for routers to select the best path when they learn two or more routes to the same destination from different routing protocols, Cisco uses two parameters:
s
Administrative distanceAs we saw in chapter 3, administrative distance is used to rate the believability of a routing protocol. Each routing protocol is prioritized in order of most to least believable (reliable) using a value called administrative distance. This criterion is the first a router uses to determine which routing protocol to believe if more than one protocol provides route information for the same destination. A routing metricThe metric is a value representing the path between the local router and the destination network. The metric is usually a hop or cost value, depending on the protocol being used.
The following pages discuss these two path selection tools in more detail.
Which Protocol to Believe?

Route Source Default Distance 0 1 5 20 90 100 110 115 120 140 170 200 255
BSCN13-10
Connected Interface Static Route Enhanced IGRP Summary Route External BGP Internal Enhanced IGRP IGRP OSPF IS-IS RIP EGP External Enhanced IGRP Internal BGP Unknown
www.cisco.com
The table in the graphic lists the default believability (administrative distance) of the protocols that Cisco supports. For example, if a router received a route to network 10.0.0.0 from IGRP and then received a route to the same network from OSPF, the router would use the administrative distance to determine that IGRP is more believable, and would add the IGRP version of the route to the routing table. When using route redistribution, there may occasionally be a need to modify the administrative distance of a protocol so that it will be preferred. For example, if you want the router to select RIP-learned routers rather than IGRP-learned routes to the same destination, then you must increase the administrative distance for IGRP or decrease the administrative distance for RIP. Modifying the administrative distance is discussed in the Controlling Routing Update Traffic section later in this chapter.
Seed Metric
The first, or seed, metric for a route is derived from being directly connected to a router interface But redistributed routes are not physically connected
Use default-metric command to establish the seed metric for the route Once a compatible metric is established, the metric will increment just like any other route Set default metric larger than the largest native metric
www.cisco.com
BSCN13-11
Once the most believable protocol is determined for each destination and the routes are added to the routing table, a router may advertise the routing information to other protocols if configured to do so. If the router was advertising a link directly connected to one of its interfaces, the initial or seed metric used would be derived from the characteristics of that interface and the metric would increment as the routing information passed to other routers. However, redistributed routes are not physically connected to a router; they are learnt from other protocols. If an ASBR wants to redistribute information between routing protocols, it must be able to translate the metric of the received route from the source routing protocol into the other routing protocol. For example, if an ASBR receives a RIP route, the route will have hop count as a metric. To redistribute the route into OSPF, the router must translate the hop count into a cost metric that will be understood by other OSPF routers. This cost metric, referred to as the seed or default metric, is defined during configuration. Once the seed metric for a redistributed route is established, the metric will increment normally within the autonomous system. (The exception to this is OSPF E2 routes, as discussed previously, which hold their default metric regardless of how far they are propagated across an autonomous system.) When configuring a default metric for redistributed routes, the metric should be set to a value larger than the largest metric within the receiving autonomous system, to help prevent routing loops. Configuring default metrics is discussed distance is discussed in the Controlling Routing Update Traffic section later in this chapter.
Redistribution Supports All Protocols

RtrA(config-router)#redistribute ? bgp Border Gateway Protocol (BGP) connected Connected egp Exterior Gateway Protocol (EGP) eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) isis ISO IS-IS iso-igrp IGRP for OSI networks mobile Mobile routes odr On Demand stub Routes ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP) static Static routes
www.cisco.com
BSCN13-12
As the graphic shows for IP, all protocols are supported by redistribution. Before implementing redistribution, consider the following points:
s
You can only redistribute protocols that support the same protocol stack. For example, you can redistribute between IP RIP and OSPF because they both support the TCP/IP stack. But you cannot redistribute between IPX RIP and OSPF because IPX RIP supports the IPX/SPX stack and OSPF does not. How you configure redistribution varies among protocols and among combinations of protocols. For example, redistribution occurs automatically between IGRP and EIGRP when they have the same autonomous system number, but it must be configured between EIGRP and RIP.
Redistribution and EIGRP

Enhanced IGRP
IP AppleTalk IPX IP AppleTalk IPX
IPX RIP redistribution with Enhanced IGRP is enabled by default AppleTalk RTMP redistribution is enabled by default Redistribution of IGRP in the same autonomous system is automatic; manual if different autonomous system Other protocols require manual redistribution
www.cisco.com
BSCN13-13
EIGRP, because it supports multiple routing protocols, can be used to redistribute with IP, IPX, and AppleTalk routing protocols (within the same protocol stack). Consider the following when redistributing EIGRP with these protocols:
s
In the IP environment, IGRP and EIGRP have a similar metric structure and therefore redistribution is straightforward. For migration purposes, when IGRP and Enhanced IGRP are both running in the same autonomous system, redistribution is automatic. When redistributing between different autonomous systems, redistribution must be configured for Enhanced IGRP, just as it is required for IGRP. All other IP routing protocols, both internal and external, require that redistribution be configured in order to communicate with EIGRP. By design, EIGRP automatically redistributes route information with Novell RIP. Beginning with Cisco IOS Release 11.1, EIGRP can be configured to redistribute route information with NLSP. EIGRP for AppleTalk understands RTMP updates, and redistribution is enabled by default.
Configuring Redistribution
This section describes how to configure redistribution between multiple protocols.
What do I need to determine before configuring redistribution?
Identify the ASBRs, where the protocols will run Determine which protocol is the core and which is the edge Determine the directions you want to redistribute the protocols
www.cisco.com
BSCN13-17
Configuring route redistribution can be very simple or very complex, depending on the mix of protocols that you want to redistribute. The commands used to enable redistribution and assign metrics vary slightly depending on the protocols being redistributed. The following steps are generic enough to apply to virtually all protocol combinations. However, the commands used to implement the steps may vary. It is highly recommended that you review the Cisco IOS documentation for the configuration commands that apply to the specific protocols that you want to redistribute.
In this section the terms core and edge are generic terms used to simplify the Note discussion about redistribution. Step 1 Step 2
Locate the ASBR that redistribution needs to be configured on. Determine which routing protocol is the core or backbone protocol. Usually this is OSPF or EIGRP. Determine which routing protocol is the edge or short-term (if you are migrating) protocol. Access the routing process into which you want routes redistributed. Typically, you start with the backbone routing process. For example, to access OSPF, do the following:
Step 3
Step 4
Configuring Redistribution into

OSPF
RtrA(config-router)#router ospf 1 RtrA(config-router)#redistribute eigrp ? <1-65535> Autonomous system number RtrA(config-router)#redistribute eigrp 100 ? metric Metric for redistributed routes metric-type OSPF/IS-IS exterior metric type for redistributed routes route-map Route map reference subnets Consider subnets for redistribution into OSPF tag Set tag for routes redistributed into OSPF <cr>
www.cisco.com
BSCN13-18
Step 5
Configure the router to redistribute routing updates from the edge protocol into the backbone protocol. This command varies, depending on the protocols. The command shown here is for redistributing updates into OSPF:
router(config-router)#redistribute protocol [process-id] [metric metricvalue] [metric-type type-value] [route-map map-tag] [subnets] [tag tagvalue]
redistribute Command protocol
Description Source protocol from which routes are being redistributed. It can be one of the following keywords: connected, bgp, eigrp, egp, igrp, isis, iso-igrp, mobile, odr, ospf, static, or rip. For bgp, egp, eigrp or igrp, this is an autonomous system number For ospf, this is an OSPF process ID. An optional parameter used to specify the metric used for the redistributed route. When redistributing into protocols other than OSPF, if this value is not specified and no value is specified using the default-metric router configuration command, the default metric is 0 and routes may not be redistributed. With OSPF, the default metric is 20. Use a value consistent with the destination protocol, in this case OSPF cost. An optional OSPF parameter that specifies the external link type associated with the default route advertised into the OSPF routing domain.
process-id
metric-value
type-value
This value can be 1 for type-1 external routes or 2 for type-2 external routes. The default is a type-2 external route. map-tag Optional identifier of a configured route-map to be interrogated to filter the importation of routes from this source routing protocol to the current routing protocol. An optional OSPF parameter that specifies that subnetted routes should also be redistributed. Only routes that are not subnetted are redistributed if the subnets keyword is not specified. Optional 32-bit decimal value attached to each external route. This is not used by the OSPF protocol itself. It may be used to communicate information between Autonomous System Boundary Routers.
subnets
tag-value
into EIGRP
RtrA(config-router)#router eigrp 100 RtrA(config-router)#redistribute ospf ? <1-65535> Process ID RtrA(config-router)#redistribute ospf 1 ? match Redistribution of OSPF routes metric Metric for redistributed routes route-map Route map reference <cr>
www.cisco.com
BSCN13-19
The command shown here is for redistributing updates into EIGRP:

router(config-router)#redistribute protocol [process-id] [match {internal | external1 | external2} [metric metric-value] [route-map map-tag]
redistribute Command protocol
Description Source protocol from which routes are being redistributed. It can be one of the following keywords: connected, bgp, eigrp, egp, igrp, isis, iso-igrp, mobile, odr, ospf, static, or rip. For bgp, egp, eigrp or igrp, this is an autonomous system number For ospf, this is an OSPF process ID. Optional, for OSPF, the criteria by which OSPF routes are redistributed into other routing domains. It can be one of the following: internal: redistribute routes that are internal to a specific autonomous system. external 1: redistribute routes that are external to the autonomous system, but are imported into OSPF as type 1 external route. external 2: redistribute routes that are external to the autonomous system, but are imported into OSPF as type 2 external route.
process-id
match
metric-value
An optional parameter used to specify the metric used for the redistributed route. When redistributing into protocols other than OSPF, if this value is not specified and no value is specified using the default-metric router configuration command, the default metric is 0 and routes may not be redistributed. Use a
value consistent with the destination protocol (see the description of the default metric command in this section for a description of the EIGRP metric). map-tag Optional identifier of a configured route-map to be interrogated to filter the importation of routes from this source routing protocol to the current routing protocol.
Configuring Default Metric

default-metric bandwidth delay reliability loading mtu
Used for redistributing into IGRP or Enhanced IGRP

default-metric number
Used for redistributing into OSPF, RIP, EGP, or BGP
www.cisco.com
BSCN13-20
Step 6
Define the default seed metric that the router uses when redistributing routes into a routing protocol.
s
When redistributing into IGRP or EIGRP use the top command shown in the graphic. Description Minimum bandwidth of the route in kilobits per second. Route delay in tens of microseconds. Likelihood of successful packet transmission expressed in a number from 0 to 255, where 255 means the route is 100% reliable. Effective loading of the route expressed in a number from 1 to 255, where 255 means the route is 100% loaded. Maximum transmission unit (MTU)the maximum packet size along the route in bytes, an integer greater than or equal to 1.
default-metric Command bandwidth delay reliability
loading
mtu
When redistributing into OSPF, RIP, EGP, and BGP use the lower command shown in the graphic. Description The value of the metric, such as the number of hops for RIP.
default-metric Command number

Step 7
Exit the routing process.
Edge Protocol
Redistribute Default or Static
Core Protocol
Redistribute and Filter
Redistribute and Change Administrative Distance
www.cisco.com
BSCN13-21
Step 8
Enter configuration mode for the other routing process, usually the edge or short-term process. Depending on your network, this configuration will vary because you want to employ some techniques to reduce routing loops. For example, you may do any of the following:
s
Step 9
Redistribute a default route about the core autonomous system into the edge autonomous system. Redistribute multiple static routes about the core autonomous system into the edge autonomous system. Redistribute all routes from the core autonomous system into the edge autonomous system, then assign a distribution filter to filter out inappropriate routes. Redistribute all routes from the core autonomous system into the edge autonomous system, then modify the administrative distance associated with the received routes so that they are not the selected routes when multiple routes exist for the same destination. In some cases, the route learned by the native protocol is better, but may have a less believable administrative distance. Refer to the Redistribution Example Using distance later in this chapter for an example of this scenario.
Redistribution of static and default information are discussed in the following pages. Filtering and changing the administrative distance are discussed in the Controlling Routing Update Traffic section later in this chapter.
Using and Configuring Static Routes

Router(config)#
ip route prefix mask address [ distance ] [tag tag] [permanent]
Defines a path using a next hop address Use if have a route to the defined address Requires redistribution
Router(config)#
ip route prefix mask interface [ distance ] [tag tag] [permanent]
Defines a path using an interface Use if do not have a route to the next hop address Automatically redistributed in some cases
www.cisco.com
BSCN13-23
Static routes are routes that you can manually configure on the router. Static routes are used most often to:
s
Define specific routes to use when two autonomous systems must exchange routing information, rather than having entire routing tables exchanged. Define routes to destinations over a WAN link to eliminate the need for a dynamic routing protocol. That is, when you do not want routing updates to enable or cross the link.
The commands to configure static routes for IP are shown in the graphic and their use is discussed in the following steps:
Step 1
Determine which networks you want defined as static. For example, if you are configuring static routes on a WAN router that is connecting to a branch office, you probably want to select the networks at the branch office. Determine the next-hop router to the destination networks or the local routers interface that connects to the remote router. Configure the static route on each router. For IP, use the ip route command. Description The route prefix for the destination The prefix mask for the destination. The IP address of the next-hop router that can be used to reach that network. The network interface to use to get to the destination network.
Step 2 Step 3
ip route Command prefix mask address interface
distance
Optional administrative distance to assign to this route. (Recall that administrative distance refers to how believable the routing protocol is). Optional value that can be used as a match value in route-maps. Specifies that the route will not be removed even if the interface associated with the route goes down.
tag permanent
Static routes pointing to an interface should only be used on point-to-point Note interfaces since on other interfaces the router will not know which specific address to send the information to. On point-to-point interfaces the information will be sent to the only other device on the network.
Static Route Example

10.1.0.0
router rip passive-interface Serial1 network 10.0.0.0 ! ip route 172.16.0.0 255.255.0.0 Serial1
p1r2
p2r2
172.16.0.0
p1r2#sh ip rout <Output Omitted> Gateway of last resort is not set 10.0.0.0 255.255.255.0 is subnetted, 2 subnets C 10.1.3.0 is directly connected, Serial1 C 10.1.1.0 is directly connected, Serial0 S 172.16.0.0 is directly connected, Serial1 <Output Omitted>
www.cisco.com
BSCN13-24
The example in the graphic shows a static route configured on Router p1r2. P1r2 will use its interface serial 1 to get to network 172.16.0.0/16. As shown in the routing table for p1r2, static routes pointing to an interface are treated as directly connected networks. When configuring static routes, keep in mind the following considerations:
s
When using static routes, all participating routers must have static routes defined so that they can advertise the remote networks. This requirement is necessary because static routes replace routing updates. If you want a router to advertise a static route in a routing protocol, you may need to redistribute it.
Static route entries must be defined for all routes that a router is responsible for. To reduce the number of static route entries, you can define a default static route, for example ip route 0.0.0.0 0.0.0.0 s1. When using RIP, default static routes are advertised (redistributed) automatically.
Using and Configuring Default-Network

10.64.0.2/24 172.68.0.0/24 10.1.0.0/24
p1r3 p2r2
10.64.0.1/24
p2r2: router rip network 10.0.0.0 network 172.68.0.0 ! ip classless ip default-network 172.68.0.0
p1r3#show ip route <Output Omitted> Gateway of last resort is 10.64.0.2 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks <Output Omitted> R 10.2.3.0/24 [120/1] via 10.64.0.2, 00:00:05, Ethernet0 C 10.64.0.0/24 is directly connected, Ethernet0 R 172.68.0.0/16 [120/1] via 10.64.0.2, 00:00:16, Serial0 R* 0.0.0.0/0 [120/1] via 10.64.0.2, 00:00:05, Ethernet0
www.cisco.com
BSCN13-25
Cisco lets you configure default routes for other protocols. For example, when you create a default route on a router running RIP, the router advertises an address of 0.0.0.0. When a router receives this default route, it will forward any packets destined to a destination that does not appear in its routing table to the default route you configured. When running RIP, you can create the default route by using the ip defaultnetwork command. If the router has a directly connected interface onto the network specified in the ip default-network command, RIP will generate (or source) a default route to its RIP neighbor routers. The ip default-network command is used as a method of distributing default route information to other routers. This command provides no functionality for the router on which it is configured. ip default-network Command network-number Description The number of the destination network
Other protocols behave differently than RIP with the ip route 0.0.0.0 0.0.0.0 and Note ip default-network commands. For example, EIGRP will not redistribute default routes by default. However, if the network 0.0.0.0 command is added to the EIGRP configuration, it will redistribute a default route as the result of the ip route 0.0.0.0 0.0.0.0 command, but not as the result of the ip default-network command. Refer to Cisco IOS documentation for further information.
Redistribution Example Using ip default-network

S1:10.1.1.1/24
P1R1
S0:10.1.2.1/24 S1:10.1.2.2/24 E0:172.6.31.5/24
S0:10.1.1.2/24
P1R2
P1R3
S1:10.1.3.1/24 S0:10.1.3.2/24
S1:10.2.1.1/24
P2R1
RIP
S0:10.2.2.1/24 S1:10.2.2.2/24
P2R3
OSPF
S0:10.2.1.2/24
P2R2
E0:172.6.31.6/24
S1:10.2.3.1/24
S0:10.2.3.2/24
RIP
www.cisco.com
BSCN13-26
This example demonstrates how you can redistribute in one direction and use a default route in the other direction, instead of redistributing in both directions. The graphic illustrates an internetwork that uses three autonomous systems. In this case, OSPF is the core protocol and RIP is the edge protocol. The following pages illustrate how to:
s
Allow the OSPF backbone to know all the routes in each autonomous systemThis is done by configuring redistribution on the ASBRs so that all RIP routes are redistributed into OSPF. Allow the RIP autonomous systems to know only about their internal routes, and use a default route to networks that are not in the autonomous system This is done by configuring a default route on the ASBRs. The default route is advertised by the ASBRs into the RIP autonomous systems.
This redistribution example shows one way to configure redistribution. Many other Note ways exist, so you must understand your network topology and requirements in order to choose the best solution.
Redistribution Example Using ip default-network (contd)

P1R1-Internal
interface Serial0 ip address 10.1.2.1 255.255.255.0 bandwidth 64 ! interface Serial1 ip address 10.1.1.1 255.255.255.0 clockrate 56000 ! <Output Omitted> ! router rip network 10.0.0.0 ! ip classless <Output Omitted>
P1R3-ASBR
<Output Omitted> Must be enabled ! for subnets. router ospf 200 redistribute rip metric 10 subnets network 172.6.31.5 0.0.0.0 area 0 ! router rip network 10.0.0.0 ! no ip classless ip default-network 10.0.0.0 ! <Output Omitted>
Must be on all RIP/IGRP routers if want to use default route to get to unknown subnets of directly connected networks
www.cisco.com
BSCN13-27
The graphic illustrates the configurations for one of the ASBRs and a router in one of the RIP networks. Points about each configuration are as follows:
s
Internal RIP router (P1R1) No redistribution configuration is necessary because the intent is not to have this router learn about external routes. The ip classless command is required on all RIP/IGRP routers that must use a default route to get to other subnets of network 10.0.0.0 (for example the 10.2.x.0 subnets). This command allows the software to forward packets that are destined for unrecognized subnets of directly connected networks. The packets are forwarded to the best supernet route, which may be the default route. When this feature is disabled, the software discards the packets when the router receives packets for a subnet that numerically falls within its subnetwork addressing scheme, if there is no such subnet number in the routing table
Note ip classless is on by default in Cisco IOS Release 12.0; it is off by default in earlier releases.
s
ASBR (P1R3) When redistributing into OSPF, you need the subnets keyword so that subnetted networks will be redistributed. Define the default network to be advertised to the edge protocols.
Comprehensive examples of this configuration and outputs appear in Appendix A, Note Supplement B, One-Way Redistribution Configuration Examples.
Redistribution Example Using ip default-network (cont'd)

ASBR IP routing table
RIP
P1R3#show ip route
P1R3
OSPF
* 10.0.0.0/24 is subnetted, 6 subnets C 10.1.3.0 is directly connected, Serial0 O E2 10.2.1.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0 C 10.1.2.0 is directly connected, Serial1 R 10.1.1.0 [120/1] via 10.1.3.1, 00:00:05, Serial0 [120/1] via 10.1.2.1, 00:00:17, Serial1 O E2 10.2.2.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0 O E2 10.2.3.0 [110/10] via 172.6.31.6, 00:44:56, Ethernet0 172.6.0.0/24 is subnetted, 1 subnets C 172.6.31.0 is directly connected, Ethernet0
www.cisco.com
BSCN13-28
The graphic illustrates one of the ASBR routing tables after redistribution was enabled on both ASBRs. For comparison, an example of the routing table prior to redistribution is as follows:
P1R3#show ip route <Output Omitted> 10.0.0.0/24 10.1.3.0 10.1.2.0 10.1.1.0 is subnetted, 3 subnets is directly connected, Serial0 is directly connected, Serial1 [120/1] via 10.1.3.1, 00:00:16, Serial0 [120/1] via 10.1.2.1, 00:00:28, Serial1 172.6.0.0/24 is subnetted, 1 subnets 172.6.31.0 is directly connected, Ethernet0
C C R
Notice that in the before output the 10.2.0.0/24 networks do not appear. They appear once redistribution is configured on P2R2.
Redistribution Example Using ip default-network (cont'd)

Internal router IP routing table
P1R1#show ip route <Output Omitted>
P1R1
RIP
R C C R* 10.0.0.0/24 is subnetted, 3 subnets 10.1.3.0 [120/1] via 10.1.1.2, 00:00:24, Serial1 [120/1] via 10.1.2.2, 00:00:10, Serial0 10.1.2.0 is directly connected, Serial0 10.1.1.0 is directly connected, Serial1 0.0.0.0/0 [120/1] via 10.1.2.2, 00:00:10, Serial0
Router forwards packets destined to 10.2.0.0/24 networks using the default route
www.cisco.com
BSCN13-29
The graphic illustrates one of the internal routing tables after the default route was configured on the ASBR. Using this routing table, P1R1 can successfully ping any network in the other RIP autonomous system, for example:
P1R1#ping 10.2.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms P1R1#
Controlling Routing Update Traffic

This section discusses why redistributed routing protocol traffic should be controlled, and the mechanisms used to control it.
Redistribution Implementation Guidelines

IGRP/OSPF
IGRP
Redistribute
OSPF
Default or Static
IGRP
Redistribute
OSPF
Redistribute and Filter or Change Administrative Distance

www.cisco.com
BSCN13-31
At a high level, Cisco recommends you consider employing the following guidelines when using redistribution:
s
The overriding recommendation is to be familiar with your network and your network traffic. There are many ways to implement redistribution, so knowing your network will enable you to make the best decision. Do not overlap routing protocolsDo not run two different protocols in the same internetwork. Rather, have distinct boundaries between networks that use different protocols. One-way redistributionTo avoid routing loops, and problems with varying convergence time, only allow routes to be exchanged in one direction, not both directions. In the other direction, you should consider using a default route. Two-way redistributionIf you must allow two-way redistribution, enable a mechanism to reduce the chances of routing loops. Examples of mechanisms covered in this chapter are default routes, route filters, and modification of the metrics advertised. With these types of mechanisms, you can reduce the chances of routes imported from one autonomous system being re-injected into the same autonomous system as new route information.
Controlling Routing Update Traffic

172.16.12.1
How can we prevent routing update traffic from crossing some of these links?
172.16.3.2
Trans 172.16.2.2
172.16.3.1 R200 172.16.7.2
T-1
172.16.1.1 172.16.1.2 Cen 172.16.5.1
172.16.2.1
172.16.4.1 172.16.4.2 Rem 172.16.11.1 172.16.5.2
64Kb
172.16.7.1
T-1 Frame Relay
64Kb
R300 172.16.6.1 R100 172.16.6.2
172.16.9.1
172.16.10.1
www.cisco.com
BSCN13-32
Thus far, we have discussed a variety of routing protocols and how they propagate routing information throughout an internetwork. There are times, however, when you do not want routing information propagated, for example:
s
When using an on-demand WAN linkYou may want to minimize, or stop entirely, the exchange of routing update information across this type of link, otherwise the link will remain up constantly. When you want to prevent routing loopsMany companies have large enough networks where redundant paths are prominent. In some cases, for example, when a path is learned to the same destination by two different routing protocols, you may want to filter the propagation of one of the paths.
This section discusses several ways you can control or prevent routing update exchange and propagation:
s
Passive interfacePrevents all routing updates from being sent through an interface. For EIGRP and OSPF, this method includes Hello protocol packets. Route update filteringUse access lists to filter route update traffic about specific networks. Changing administrative distanceChange the administrative distance to affect which protocol the router believes.
Two other methods of controlling traffic were presented earlier:

s
Default routesInstructs the router that if it does not have a route for a given destination, send the packet to the default route. Static routesA route to a destination that you configured in the router.
Using and Configuring passive-interface

passive-interface type number
Prevents routing protocol updates from being generated on the interface
www.cisco.com
BSCN13-33
The passive-interface command prevents all routing updates for a given routing protocol from being sent into a network, but does not prevent the specified interface from receiving updates. When using the passive-interface command in a network using a link-state routing protocol, the command prevents the router from establishing a neighbor adjacency with other routers connected to the same link as the one specified in the command. An adjacency cannot be established because the Hello protocol is used to verify bi-directional communication between routers. If a router is configured to not send updates, then it cannot participate in bi-directional communication. To configure a passive interface, regardless of the routing protocol, do the following:
Step 1 Step 2
Select the router and routing protocol that requires the passive interface. Determine which interface(s) you do not want routing update traffic to be sent through. Configure using the passive interface command. Description Type of interface and interface number that will not send routing updates.
Step 3
passive-interface Command type number
This capability is typically used in conjunction with other capabilities, as you will Note see in this chapter.
Using Route Filters

Routing Update Determine interface. Is there a filter for this interface? No Process packet normally. Yes Is there an entry for this address? Yes
Process entry according to filter configuration.
No End Drop packet
End
www.cisco.com
BSCN13-38
The Cisco IOS software can filter incoming and outgoing routing updates by using access lists. In general, the process the router uses is as follows: 1. 2. The router receives a routing update or is getting ready to send an update about one or more networks. The router looks at the interface involved with the action. For example, if it is an incoming update, then the interface on which it arrived is checked. If it is an update that must be advertised, the interface out of which it should be advertised is checked. 3. 4. The router determines if a filter is associated with the interface. If a filter is associated with the interface, the router views the access list to learn if there is a match for the given routing update. If a filter is not associated with the interface, the packet is processed as normal. 5 If there is a match, then the route entry is processed as configured. If no match is found in the access list, the implicit deny any at the end of the access list will cause the update to be dropped.
Filtering routing updates was also discussed in chapter 10 for BGP. The ideas Note here are the same, although the commands used are different than those used for BGP, as shown on the next page.
Configuring Route Filtering

For Outbound Updates
distribute-list access-list-number | name out [ interface-name l routing-process | autonomous-system number ]
For Inbound Updates

distribute-list access-list-number | name in [ type number ]
Use a standard access list to permit or deny routes Access list can be applied to transmitted (outbound) or received (inbound) routing updates
www.cisco.com
BSCN13-41
You can filter routing update traffic for any protocol by defining an access list and applying it to specific routing protocol. To configure a filter, do the following:
Step 1 Step 2 Step 3
Identify the network addresses you want to filter and create an access list. Determine if you want to filter them on an incoming or outgoing interface. To assign the access list to filter outgoing routing updates, use the distribute-list out command.
distribute-list out Command Description access-list-number | name out interface-name routing-process Standard access list number or name. Applies the access list to outgoing routing updates. Optional interface name out which updates will be filtered. Optional name of the routing process, or the keyword static or connected, from which updates will be filtered. Optional autonomous system number of routing process.
autonomous-system-number
Or, to assign the access list to filter incoming routing updates, use the distribute-list in command: distribute-list in Command access-list-number | name Description Standard access list number or name.
in type number
Applies the access list to incoming routing updates. Optional interface type and number from which updates will be filtered.
IP Route Filtering Configuration Example

S0 172.16.0.0 10.0.0.0 A
router eigrp 1 network 172.16.0.0 network 192.168.5.0 distribute-list 7 out s0 ! access-list 7 permit 172.16.0.0 0.0.255.255
192.168.5.0
Hides network 10.0.0.0 using interface filtering
www.cisco.com
BSCN13-42
The following describes some of the commands shown in the example in the graphic: Command
distribute-list 7 out s0
Description Applies access list 7 as a route redistribution filter on EIGRP routing updates sent on interface serial 0.
access-list 7 permit 172.16.0.0 0.0.255.255
7 permit 172.16.0.0 0.0.255.255
Access list number. Routes matching the parameters can be forwarded. Network number and wildcard mask used to qualify source addresses. The first two address octets must match and the rest are masked.
The distribute-list out command applies access list 7 to outbound packets. The access list only allows routing information about network 172.16.0.0 to be distributed out the S0 interface. As a result, network 10.0.0.0 is hidden.
IP Static Route Filtering Configuration Example

192.168.7.10 172.16.0.0
A BB
192.168.7.18 10.0.0.0 S0
C
passive-interface s0
D D EE
passive-interface s0
ip route 10.0.0.0 255.0.0.0 192.168.7.18 ip route 172.16.0.0 255.255.0.0 192.168.7.10 ! router eigrp 1 network 192.168.7.0 default-metric 10000 100 255 1 1500 redistribute static distribute-list 3 out static ! access-list 3 permit 10.0.0.0 0.255.255.255
www.cisco.com
BSCN13-43
The example in the graphic shows a static route being redistributed and filtered into EIGRP. The following describes some of the commands shown in the example in the graphic: Command 10.0.0.0 255.0.0.0 192.168.7.18
redistribute static
Description Defines the IP address and subnet mask of the destination network. Defines the next-hop address to use to reach the destination. Assigns routes learned from static entries in the routing table to be redistributed into Enhanced IGRP. Filters routes learned from static entries by using access list 3, before those routes are passed to the Enhanced IGRP process. The access list is list number 3. Routes that match the parameters will be advertised.
ip route 10.0.0.0 255.0.0.0 192.168.7.18
distribute-list 3 out static
access-list 3 permit 10.0.0.0 0.255.255.255
3 permit
10.0.0.0 0.255.255.255 Packets about IP addresses that match the first octet of 10.0.0.0 will be forwarded.
Configure static route redistribution on one router only to eliminate the possibility Note of routing loops created by static route redistribution on routers with parallel routes between networks.
In this example, the 10.0.0.0 route is passed to routers D and E. The static route to 172.16.0.0 is filtered (denied by the implicit deny at the end of the access list).
Modifying Administrative Distance

distance weight [ address mask [ access-list-number | name ] [ ip ]
Used for all protocols except EIGRP and BGP redistribution

distance eigrp internal-distance external-distance
Used for EIGRP redistribution
www.cisco.com
BSCN13-44
In some cases, you will find that a router will select a suboptimal path because it believes a routing protocol that, although it has a better administrative distance, has a poorer route. One way to make sure that routes from the desired routing protocol are selected is to give the undesired routing protocol a larger administrative distance. Use the commands shown in the graphic to change the default administrative distances. For all protocols except EIGRP and BGP, use the distance command: distance Command weight address Description Administrative distance, an integer from 10 to 255 (the values 0 to 9 are reserved for internal use.) Optional IP address. Allows filtering of networks according to the IP address of the router supplying the routing information Optional wildcard mask for IP address. A bit set to 1 in the mask argument instructs the software to ignore the corresponding bit in the address value. Number or name of standard access list to be applied to the incoming routing updates. Allows filtering of the networks being advertised. Optional, specifies IP-derived routes for IS-IS.
mask
access-list-number | name
ip
For EIGRP use the distance eigrp command. distance eigrp Command Description internal-distance Administrative distance for Enhanced IGRP internal routes. Internal routes are those that are
learned from another entity within the same autonomous system. external-distance Administrative distance for Enhanced IGRP external routes. External routes are those for which the best path is learned from a neighbor external to the autonomous system.
Redistribution Example Using distance

172.16.12.1 172.16.3.2 T1 172.16.1.1
R200 Trans
172.16.2.2 172.16.2.1
172.16.3.1
172.16.1.2
Cen
172.16.4.1
S0.2
172.16.7.2
172.16.5.1
S0.1
T1 Frame Relay
172.16.4.2
64 kbps
Rem
172.16.7.1
R300
172.16.11.1
64 kbps
172.16.6.1 172.16.6.2
R100
172.16.5.2
172.16.9.1
172.16.10.1
www.cisco.com
BSCN13-45
This example uses RIP and IGRP to illustrate how a router can make a poor path selection due to the default administrative distance values given to RIP and IGRP in a redundant network. The example also illustrates one possible way of correcting the problem. The graphic illustrates the network prior to using multiple routing protocols. The R200 and Cen routers are the primary focus of this example, as are networks 172.16.6.0, 172.16.9.0, and 172.16.10.0. The configuration output and routing tables appear on the following pages.
This example uses RIP and IGRP for simplicity. These and other protocol Note combinations can have the same problems occur, depending on the network topology, which is one reason Cisco highly recommends that you study your network topology prior to implementing redistribution, and to monitor it after it is enabled.
There are a number of ways to correct path selection problems in a redistribution Note environment. The purpose of this example is to show how a problem can occur, where it appears, and one possible way of resolving it.
Redistribution Example Using distance (cont'd)

With only IGRP running everywhere:
Cen#show ip route <Output Omitted>
Cen
IGRP
I I I C C I I
172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [100/158813] via 172.16.1.1, 00:00:02, TokenRing1 172.16.10.0 [100/8976] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [100/160250] via 172.16.5.2, 00:00:02, Serial0.1 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:03, TokenRing1
Metric
www.cisco.com
BSCN13-46
First, we have only IGRP running in all of the routers in the network. The graphic shows a portion of the routing table on the Cen router. Following is the complete IP routing table for the Cen router:
Cen#show ip route <Output Omitted> 172.16.0.0/24 is subnetted, 11 subnets 172.16.12.0 [100/1188] via 172.16.2.2, 00:00:02, TokenRing0 172.16.9.0 [100/158813] via 172.16.1.1, 00:00:02, TokenRing1 172.16.10.0 [100/8976] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [100/160250] via 172.16.5.2, 00:00:02, Serial0.1 172.16.7.0 [100/158313] via 172.16.1.1, 00:00:02, TokenRing1 172.16.1.0 is directly connected, TokenRing1 172.16.2.0 is directly connected, TokenRing0 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:03, TokenRing1
I I I I C C I I C C I
Note the administrative distance and the composite metrics for each learned link. Administrative distance refers to how believable the routing protocol is, and the composite metric is the value assigned to the link. Now consider that you want to split the network into two autonomous systems IGRP and RIP. Note that IGRP is more believable than RIP because it has an administrative distance of 100 and RIP has an administrative distance of 120.

172.16.12.1 172.16.3.2
Trans
172.16.2.2
172.16.3.1
T1
172.16.1.1 172.16.1.2
172.16.2.1
IGRP
R200
Cen
S0.2
172.16.4.1 T1 Frame Relay
RIP 172.16.7.2
64 kbps
172.16.7.1
172.16.5.1
S0.1
172.16.4.2
Rem
172.16.11.1
64 kbps
R300
172.16.6.1 172.16.6.2
172.16.5.2
R100
172.16.10.1
172.16.9.1
www.cisco.com
BSCN13-47
The graphic shows the network with RIP and IGRP autonomous systems. The configurations for two of the routers are shown on the next graphic.

Router Cen
router rip redistribute igrp 1 passive-interface Serial0.2 passive-interface TokenRing0 passive-interface TokenRing1 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial0.1 network 172.16.0.0 default-metric 10 100 255 1 1500
Router R200
router rip redistribute igrp 1 passive-interface Serial0 passive-interface TokenRing0 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial1 network 172.16.0.0 default-metric 10 100 255 1 1500
www.cisco.com
BSCN13-48
The configurations for the Cen and R200 routers are shown in the graphic. The passive interface commands are used to prevent routes from a particular routing protocol from being forwarded needlessly on links when the remote router cannot understand or is not using that protocol. Note in these configurations that RIP is being redistributed into IGRP and IGRP is being redistributed into RIP, on both routers.

With IGRP and RIP running :
Cen#show ip route <Output Omitted>
RIP
Cen
IGRP
R R I C C R I
172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [120/2] via 172.16.5.2, 00:00:01, Serial0.1 172.16.10.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:02, TokenRing1
Cen has RIP and IGRP routes

www.cisco.com
BSCN13-49
The graphic shows the resulting routing table on the Cen router. The table lists the routes that are relevant to the discussion in this section. Notice that the Cen router learned RIP and IGRP routes. You can use the following graphic to trace some of the routes (this is a copy of the previous figure repeated here for your convenience):

172.16.12.1 172.16.3.2
Trans
172.16.2.2
172.16.3.1
T1
172.16.1.1 172.16.1.2
172.16.2.1
IGRP
R200
Cen
S0.2
172.16.4.1 T1 Frame Relay
RIP 172.16.7.2
64 kbps
172.16.7.1
172.16.5.1
S0.1
172.16.4.2
Rem
172.16.11.1
64 kbps
R300
172.16.6.1 172.16.6.2
172.16.5.2
R100
172.16.10.1
172.16.9.1
www.cisco.com
BSCN13-50

With IGRP and RIP running :
R200#show ip route <Output Omitted> Gateway of last resort is not set 172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.10.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:37, TokenRing0 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0 172.16.6.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.3.0 is directly connected, Serial0
RIP
R200
IGRP
I I I I I I C
R200 includes suboptimal paths

www.cisco.com
BSCN13-51
The graphic shows the resulting routing table on the R200 router. The route table lists the routes that are relevant to the discussion in this section. Notice that all the routes are learned from IGRP, even though R200 is also connected to a RIP network. Notice too that if you trace some of the routes, such as to network 172.16.9.0, the router uses the long way via router Cen rather than via router R300.

Router Cen router rip redistribute igrp 1 <Output Omitted> network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip <Output Omitted> network 172.16.0.0 default-metric 10 100 255 1 1500 distance 130 0.0.0.0 255.255.255.255 1 ! access-list 1 permit 172.16.9.0 access-list 1 permit 172.16.10.0 access-list 1 permit 172.16.6.0 Router R200 router rip redistribute igrp 1 <Output Omitted> network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip <Output Omitted> network 172.16.0.0 default-metric 10 100 255 1 1500 distance 130 0.0.0.0 255.255.255.255 1 ! access-list 1 permit 172.16.9.0 access-list 1 permit 172.16.10.0 access-list 1 permit 172.16.6.0
www.cisco.com
BSCN13-52
Router R200 selected the poor paths because IGRP has a better administrative distance than RIP. To make sure that R200 selects the RIP routes, you can change the administrative distance, as shown in the graphic. The following describes some of the commands shown in the example in the graphic: Command 130 Description Defines the administrative distance that specified routes will be assigned.
distance 130 0.0.0.0 255.255.255.255 1
0.0.0.0 255.255.255.255 Defines the source address of the router supplying the routing information, in this case any router. 1 Defines the access-list to be used to filter incoming routing updates to determine which will have their administrative distance changed. The access-list number. Allows all networks that match the address to be permitted, in this case to have their administrative distance changed. A network to be permitted, in this case to have its administrative distance changed.
access-list 1 permit 172.16.9.0
1 permit
172.16.9.0
Router R200, for example, is configured to assign an administrative distance of 130 to IGRP routes to networks 172.16.9.0, 172.16.10.0, and 172.16.6.0. In this way, when the router learns about these networks from RIP, the RIP-learned routes (with a lower administrative distance of 120) will be selected and put in the
routing table. Note that the distance command is for IGRP-learned routes because it is part of the IGRP routing process configuration.

With IGRP and RIP running and filtering :
R200#show ip route <Output Omitted> R R I I I R C
RIP
R200
IGRP
172.16.0.0/24 is subnetted, 11 subnets 172.16.9.0 [120/1] via 172.16.7.1, 00:00:19, Serial1 172.16.10.0 [120/2] via 172.16.7.1, 00:00:19, Serial1 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:49, TokenRing0 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0 172.16.6.0 [120/1] via 172.16.7.1, 00:00:19, Serial1 172.16.3.0 is directly connected, Serial0
R200 learns some RIP routes

www.cisco.com
BSCN13-53
The output in the graphic shows that Router R200 now has retained the better route to some of the networks by learning them from RIP. With this configuration, however, note the loss of routing information. For example, given the actual bandwidths involved, the IGRP path would have been better for the 172.16.10.0 network, so it may have made sense to not include 172.16.10.0 in the access-list. This example illustrates the importance of not only knowing your network prior to implementing redistribution, but also that you should view which routes the routers are selecting after redistribution is enabled. You should pay particular attention to routers that can select from a number of possible redundant paths to a network because they are more likely to select suboptimal paths.
Verifying Redistribution Operation

This section discusses commands used to verify route redistribution.
Verifying Redistribution Operation

Router#
show ip route
Displays the contents of the IP routing table

Router#
trace
Traces the path a packet takes
www.cisco.com
BSCN13-55
The best way to verify redistribution operation is to:

s s
Know your network topology, particularly where redundant routes exist. Show the routing table of the appropriate routing protocol on a variety of routers in the internetwork. For example, check the routing table on the ASBR as well as some of the internal routers in each autonomous system. Perform a trace on some of the routes that go across the autonomous systems to verify that the shortest path is being used for routing. Make sure that you especially run traces to networks for which redundant routes exist. If you do encounter routing problems, use trace and debug commands to observe the routing update traffic on the ASBRs and internal routers.
Running debug requires extra processing by the router, so if the router is already Note overloaded, initiating debug is not recommended.
Written Exercise: Redistribution and Controlling Routing Update Traffic

Objectives:
s s
Select and configure the different ways to control route update traffic. Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes Resolve path selection problems that result in a redistributed network Verify route redistribution
s s
Task: Answer the following questions about redistribution and controlling routing update traffic. 1 List three reasons why you may use multiple routing protocols in a network. _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 2 What two parameters are used by routers to select the best path when they learn two or more routes to the same destination from different routing protocols? _____________________________________________________________ _____________________________________________________________ 3 What are the components of the EIGRP routing metric? _____________________________________________________________ _____________________________________________________________ _____________________________________________________________ 4 Consider that you have a dialup WAN connection between site A and site B. What can you do to prevent excess routing update traffic from crossing the list, but still have the boundary routers know the networks that are at the remote sites? _____________________________________________________________ _____________________________________________________________ 5 What command is used to cause RIP to source a default route? _____________________________________________________________ 6 If there is no filter associated with an interface, what happens to packets destined for that interface? _____________________________________________________________
What command can be used to discover the path that a packet takes through a network? _____________________________________________________________
How can a routing loop result in a network that has redundant paths between two routing processes? _____________________________________________________________ _____________________________________________________________ _____________________________________________________________
Policy-Based Routing Using Route-Maps

This section describes what policy-based routing is and how to configure it using route-maps.
Policy-based routing
Allows you to implement policies that selectively cause packets to take different paths Can also mark traffic with different TOS Since IOS Release 11.0
www.cisco.com
BSCN13-58
In today's high performance internetworks, organizations need the freedom to implement packet forwarding and routing according to their own defined policies in a way that goes beyond traditional routing protocol concerns. By using policybased routing, introduced in Cisco IOS Release 11.0, policies that selectively cause packets to take different paths can be implemented. Policy-based routing also provides a mechanism to mark packets with different types of service (TOS). This feature can be used in conjunction with IOS queuing techniques so that certain kinds of traffic can receive preferential service.
Policy-Based Routing Benefits

Benefits of Policy-Based Routing
Source-Based Transit Provider Selection
different users go different ways
Quality of Service (QoS)

set precedence or TOS, used with queueing
Cost Savings
use high cost links only when necessary
Load Sharing
use multiple paths based on traffic characteristics
www.cisco.com
BSCN13-59
The benefits that can be achieved by implementing policy-based routing in the networks include:
s
Source-Based Transit Provider SelectionInternet service providers and other organizations can use policy-based routing to route traffic originating from different sets of users through different Internet connections, across the policy routers. Quality of Service (QoS)Organizations can provide QoS to differentiated traffic by setting the precedence or type of service (TOS) values in the IP packet headers in routers at the periphery of the network and leveraging queuing mechanisms to prioritize traffic in the core or backbone of the network. This setup improves network performance by eliminating the need to classify the traffic explicitly at each WAN interface in the core or backbone of the network. Cost Savings An organization can direct the bulk traffic associated with a specific activity to use a higher bandwidth, high-cost link for a short time, and continue basic connectivity over a lower bandwidth, low-cost link for interactive traffic. For example, a dial-on-demand Integrated Services Digital Network (ISDN) line could be brought up in response to traffic to a finance server for file transfers selected by policy routing. Load SharingIn addition to the dynamic load-sharing capabilities offered by destination-based routing that the Cisco IOS software has always supported, network managers can now implement policies to distribute traffic among multiple paths based on the traffic characteristics.
Policies
Applied to incoming packets Implemented using route-maps
Matching routes modified by set commands If match criteria met and route-map specified permit control routing as specified by the set action If match criteria met and route-map specified deny normal (destination based) routing If all sequences in the list checked and no matches normal (destination based) routing
www.cisco.com
BSCN13-60
Policy-based routing is applied to incoming packets. All packets received on an interface with policy-based routing enabled are considered for policy-based routing. The router passes the packets through a route-map. Based on the criteria defined in the route-map, packets are forwarded to the appropriate next hop. Routers normally forward packets to the destination addresses based on information in their routing tables. Instead of routing by the destination address, policy-based routing allows network administrators to determine and implement routing policies to allow or deny paths based on:
s s s s
The identity of a particular end system The application being run The protocol in use The size of packets
As discussed in chapter 10, route-maps are complex access-lists. Each entry in a route-map statement contains a combination of match and set statements. The match statements define the criteria for whether appropriate packets meet the particular policy (that is, the conditions to be met). The set clauses define how the packets should be routed once they have met the match criteria. For each combination of match and set commands in a route-map statement, all sequential match statements must be met simultaneously by the packet for the set statements to be applied. There may be multiple sets of combinations of match and set commands in a full route-map statement. The route-map statements can also be marked as permit or deny. If the statement is marked as a deny, a packet meeting the match criteria is sent back through the normal forwarding channels (in other words, destination-based routing is performed). Only if the statement is marked as permit and the packet meets the
match criteria are all the set commands applied. If no match is found in the routemap then the packet is forwarded through the normal routing channel. If it is desired not to revert to normal forwarding and to drop a packet that does not match the specified criteria, then a set statement to route the packets to interface null 0 should be specified as the last entry in the route-map.
Route-Map Configuration Review

Router(config)#
route-map map-tag [permit | deny] [sequence-number] Defines the conditions for policy routing
match {conditions} Defines the conditions to match

set {actions} Defines the action to be taken on a match

www.cisco.com
BSCN13-61
The graphic is a review of the route-map configuration commands from chapter 10. The specific match and set commands for policy-based routing are discussed in the following pages.
Policy Routing match Commands

match ip address {access-list-number | name} [...access-list-number | name] Matches IP addresses for policy routing
match length min max Matches layer 3 length of packet for policy routing
www.cisco.com
BSCN13-62
IP standard or extended access lists can be used to establish policy-based routing match criteria using the match ip address command. A standard IP access list can be used to specify the match criteria for source address of a packet; extended access lists can be used to specify the match criteria based on source and destination address, application, protocol type, TOS, and precedence. match ip address Command access-list-number | name Description Number or name of a standard or extended access list to be used to test incoming packets. If multiple access-lists are specified, matching any one will result in a match.
The match length command can be used to establish criteria based on the packet length, between specified minimum and maximum values. For example, a network administrator could use the match length as the criterion that distinguishes between interactive and file transfer traffic, since file transfer traffic usually has larger packet sizes. match length Command min max Description Minimum layer 3 length of the packet, inclusive, allowed for a match. Maximum layer 3 length of the packet, inclusive, allowed for a match.
Policy Routing set Commands

set ip next-hop ip-address [...ip-address] Defines next hop to output packets to

set interface type number [...type number] Defines interface to output packets to
www.cisco.com
BSCN13-63
If the match statements are satisfied, one of the following set statements can be used to specify the criteria for forwarding packets through the router; they are evaluated in the order listed here. Once a destination address or interface has been chosen, other set commands for changing the destination address or interface are ignored. 1. The set ip next-hop command provides a list of specified IP addresses used to specify the adjacent next hop router in the path toward the destination to which the packets should be forwarded. The first IP address associated with a currently up connected interface will be used to route the packets. set ip next-hop Command ip-address Description IP address of the next hop to which packets are output. It must be the address of an adjacent router.
2. The set interface command provides a list of interfaces through which the packets can be routed. If more than one interface is specified, then the first interface that is found to be up will be used for forwarding the packets. set interface Command type number Description Interface type and number, to which packets are output.
If there is no explicit route for the destination address of the packet in the routing Note table, the set interface command is not followed.
Policy Routing set Commands (contd)

set ip default next-hop ip-address [...ip-address] Defines next hop to output packets that have no explicit route to the destination
set default interface type number [...type number] Defines interface to output packets that have no explicit route to the destination
www.cisco.com
BSCN13-64
3. The set ip default next-hop command provides a list of default next hop IP addresses. The packet is routed to the next hop specified by this set clause only if there is no explicit route for the destination address in the packet in the routing table. The first next hop specified that appears to be adjacent to the router is used. The optional specified IP addresses are tried in turn. set ip default next-hop Command Description ip-address IP address of the next hop to which packets are output. It must be the address of an adjacent router
4. The set default interface command provides a list of default interfaces. If there is no explicit route available to the destination address of the packet being considered for policy routing, then it will be routed to the first up interface in the list of specified default interfaces. set default interface Command Description type number Interface type and number, to which packets are output.
5. The set ip tos command is used to set the IP TOS value in the IP packets. 6. The set ip precedence command is used to set the IP precedence in the IP packets. The set commands can be used in conjunction with each other.
Configuring Policy-Based Routing

Router(config-if)#
ip policy route-map map-tag
Specify a route-map to use for policy routing on an interface

Router(config-if)#
ip route-cache policy
Enable fast switched policy routing
www.cisco.com
BSCN13-65
To identify a route-map to use for policy routing on an interface, use the ip policy route-map interface configuration command. ip policy route-map Command Description map-tag Name of the route-map to use for policy routing. Must match a map-tag specified by a route-map command.
Policy-based routing is specified on the interface that receives the packets, not on Note the interface from which the packets are sent.
IP policy routing can now be fast-switched. Prior to this feature, policy routing could only be process switched, which meant that on most platforms, the switching rate was approximately 1,000 to 10,000 packets per second. This was not fast enough for many applications. Users who need policy routing to occur at faster speeds can now implement policy routing without slowing down the router. Policy routing must be configured before you configure fast-switched policy routing. Fast switching of policy routing is disabled by default. To have policy routing be fast-switched, use the ip route-cache policy command in interface configuration mode. Fast-switched policy routing supports all of the match commands and most of the set commands, except for the following restrictions:
s s
The set ip default command is not supported. The set interface command is supported only over point-to-point links, unless a route-cache entry exists using the same interface specified in the set interface command in the route-map. Also, at the process level, the routing table is
consulted to determine if the interface is on a reasonable path to the destination. During fast switching, the software does not make this check. Instead, if the packet matches, the software blindly forwards the packet to the specified interface.
Policy-Based Routing Example

192.168.1.0 192.168.2.0 C S0:10.1.1.100 S1:172.17.1.2 B S0:172.16.1.1 S1:172.17.1.1
S3:10.1.1.1
S2:172.16.1.2
Router A has a policy that packets from 192.168.2.1 go to Router Cs interface S1

www.cisco.com
BSCN13-66
In the graphic Router A has a policy that packets from 192.168.2.1 should go out to Router Cs interface serial 1. All other packets should be routed according to their destination.
Policy-Based Routing Example (contd)

RouterA(config)# interface Serial2 RouterA(config-if)# ip address 172.16.1.2 255.255.255.0 RouterA(config-if)# ip policy route-map test RouterA(config)#route-map test permit 10 RouterA(config-route-map)#match ip address 1 RouterA(config-route-map)#set ip next-hop 172.17.1.2 RouterA(config-route-map)#exit RouterA(config)#access-list 1 permit 192.168.2.1 0.0.0.0
www.cisco.com
BSCN13-67
Router As serial 2 interface, where packets from 192.168.2.1 go into Router A, is configured to do policy routing with the ip policy route-map command. The route-map test is used for this policy routing. It tests the IP addresses in packets against access-list 1 to determine which packets will be policy routed. Access-list 1 specifies that packets with a source address of 192.168.2.1 will be policy routed. Packets that match access-list 1 will be sent to the next-hop address 172.17.1.2, which is Router Cs serial 1 interface. All other packets will be forwarded normally, according to their destination. (Recall that access-lists have an implicit deny any at the end, so no other packets will be permitted by accesslist 1).
Verifying Policy-Based Routing

This section discusses commands used to verify policy-based routing.
Verifying Policy-Based Routing

Router#
show ip policy
Display route-maps configured on interfaces

Router#
show route-map [map-name]
Display a route-map
www.cisco.com
BSCN13-69
To display the route-maps used for policy routing on the routers interfaces, use the show ip policy EXEC command. To display configured route-maps, use the show route-map EXEC command. show route-map Command map-name Description Optional name of a specific route-map.
Verifying Policy-Based Routing (contd)

Router#
debug ip policy
Enable display of IP policy routing events

Router#
trace
Extended trace allows specification of source address

Router#
ping
Extended ping allows specification of source address

www.cisco.com
BSCN13-70
Use the debug ip policy EXEC command to display IP policy routing packet activity. This command helps you determine what policy routing is doing. It displays information about whether a packet matches the criteria, and if so, the resulting routing information for the packet.
Because the debug ip policy command generates a significant amount of output, Note use it only when traffic on the IP network is low, so other activity on the system is not adversely affected.
To discover the routes the packets follow when traveling to their destination from the router, use the trace privileged EXEC command. To change the default parameters and invoke an extended trace test, enter the command without a destination argument. You will be stepped through a dialog to select the desired parameters. To check host reachability and network connectivity, use the ping (IP packet internet groper function) privileged EXEC command. You can use the extended command mode of the ping command to specify the supported header options, by entering the command without any arguments.
Verifying Policy-Based Routing Examples

RouterA#show ip policy Interface Route map Serial2 test RouterA#show route-map route-map test, permit, sequence 10 Match clauses: ip address (access-lists): 1 Set clauses: ip next-hop 172.17.1.2 Policy routing matches: 3 packets, 168 bytes
www.cisco.com
BSCN13-71
Note
The output shown in the graphic is from Router A in the last example.
The graphic provides examples of two show commands. The show ip policy command indicates that the route-map called test is used for policy routing on the routers interface serial 2. The show route-map command indicates that three packets have matched sequence 10 of the test route-map.
Verifying Policy-Based Routing Examples

RouterA#debug ip policy Policy routing debugging is on RouterA#show logging ... 11:50:51: IP: s=172.16.1.1 (Serial2), d=192.168.1.1 (Serial3), len 100, policy rejected -- normal forwarding ... 11:51:25: IP: s=192.168.2.1 (Serial2), d=192.168.1.1, len 100, policy match 11:51:25: IP: route map test, item 10, permit 11:51:25: IP: s=192.168.2.1 (Serial2), d=192.168.1.1 (Serial1), len 100, policyrouted 11:51:25: IP: Serial2 to Serial1 172.17.1.2
www.cisco.com
BSCN13-72
Note
The output shown in the graphic is from Router A in the last example.
The graphic provides an example of the output of the debug ip policy command. The show logging command shows the logging buffer including the output of the debug command. The output indicates that a packet from 172.16.1.1 destined for 192.168.1.1 was received on interface serial 2 and that it was rejected by the policy on that interface. The packet is routed normally (i.e. by destination). Another packet, from 192.168.2.1 destined for 192.168.1.1, was later received on the same interface serial 2. This packet matched the policy on that interface and was therefore policy routed and sent out interface serial 1 to 172.17.1.2.
Case Study: Redistribution

Recall that throughout this course we have been using a case study of JKL Corporation to discuss various aspects of scalable routing. The case studies are used to review key concepts, to discuss critical issues surrounding network operation, and to provide a focus for the lab exercises.
Case Study - Redistribution

JKLs Acquisition A
IGRP Domain, Metric = Composite 1 Private Class A Supports Regional Campus Topology
As new acquisition
RIP Domain, Metric = Hops 1 Class C Supports Unix W/S, Servers
3
T-3
To JKL
Fast Ethernet Ethernet Serial

Private Address Space Network 10.0.0.0
OSPF Domain, Metric = Cost 1 Class C Supports Acquisition Policy
www.cisco.com
BSCN13-74
In this case study, we will look at how JKLs Acquisition A will implement its routing protocols. Recall that Acquisition A is running a mixture of protocols, IGRP, RIP and OSPF. It has two class C public addresses and uses a class A private address. As shown in the graphic, each of the three protocol domains is connected to the other two. The following topics are some considerations to discuss with the class during the case study:
s
Routing domains, including scaling issues:

s
Within each of the protocol domains (RIP, IGRP, OSPF) what are the limitations? What implications do these limitations have when redistributing information between the domains?
Redistribution between different routing protocols

s
What issues may arise when configuring redistribution in this network?
Sub-optimal routes in routing tables

s
Which routing protocol will be selected as the most believable?

s s
Is there a potential for routing loops in this network?
Exchange of route information

s s
Will any of the interfaces have to be configured as passive interfaces? When would it be more appropriate to use a distribute-list filter on an interface versus for a process? Is there anywhere in the network where policy-based routing would be appropriate?
Synchronization/metric issues
s
How do each of the protocols in use ensure that the routers running them are synchronized? When a router in the RIP domain learns of a network within the OSPF domain, what meaning does the metric have?
Ease of configuration
s
How difficult would it be to configure each of the individual routing domains? How much more complicated is it to implement redistribution between the routing domains? Are there any alternatives? How easy would they be to implement?
Summary
Summary
Select and configure the different ways to control route update traffic Configure route redistribution in a network that does not have redundant paths between dissimilar routing processes Configure route redistribution in a network that has redundant paths between dissimilar routing processes
www.cisco.com
BSCN13-76
Summary (contd)
Resolve path selection problems that result in a redistributed network Verify route redistribution Configure policy-based routing using route-maps Given a set of network requirements, configure redistribution between different routing domains and verify proper operation (within described guidelines) of your routers Given a set of network requirements, configure policy-based routing within your pod and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN13-77
Review Questions
Review Questions
1. What is redistribution? 2. What is the default administrative distance for IGRP? For RIP? For OSPF? 3. When configuring a default metric for redistributed routes, the metric should be set to a value ________ than the largest metric within the AS. 4. What command is used for policy-based routing to establish criteria based on the packet length?
www.cisco.com
BSCN13-78
Review Questions (contd)

5. What command is used to configure filtering of the routing update traffic from an interface? What command mode is this command entered in? 6. What does the following command do? distance 150 0.0.0.0 255.255.255.255 3 7. What are the benefits of policy-based routing? 8. Policy-based routing is applied to ________ packets?
www.cisco.com
BSCN13-79
14
Implementing Scalability Features in Your Internetwork
Overview
This chapter is a review of the contents in the course, and culminates with a large summary lab that allows the students to configure many of the features discussed. This chapter includes the following topics:
Note to reviewers: The Chapter 14 listed in the design document has been deleted and this chapter now becomes Note chapter 14. Compared to the design document, some topics have been renamed and reordered, to improve the flow of this chapter.
s s s s s s s s
Objective Routing Principles Extending IP Addressing Space Connecting to ISPs Controlling Overhead Traffic Route Redistribution Written Exercise: Using Scalable Strategies Case Study: Summary (Optional)
s s
Summary Review Questions
Objective
This section lists the chapters objective.
Objective
Upon completion of this chapter, you will be able to perform the following task:
Given a set of network requirements, configure many of the features discussed in class and verify proper operation (within described guidelines) of your routers
www.cisco.com
BSCN14-2
Upon completion of this chapter, you will be able to perform the following task:
s
Implementing Scalability Features in Your Internetwork 14-3
Routing Principles
This section reviews the principles of routing.
What is Routing?
Routing is the process of forwarding an item from one location to another Routers forward traffic to a logical destination in a computer network Routers perform two major functions:
Routing
Learning the logical topology of the network
Switching
Forwarding packets from an inbound interface to an outbound interface
www.cisco.com
BSCN14-4
Routing is a relay system by which items are forwarded from one location to another, from a logical source to a logical destination. Each device in the network has a logical address so it can be reached individually or in some cases as part of a larger group of devices. For a router to act as an effective relay device, it must be able to understand the logical topology of the network and to communicate with its neighboring devices. The router understands several different logical addressing schemes and regularly exchanges topology information with other devices in the network. The mechanism of learning and maintaining awareness of the network topology is considered to be the routing function. The actual movement of transient traffic through the router is a separate function and is considered to be the switching function. Routing devices must perform both a routing and a switching function to be an effective relay device.
Classful Routing
Classful routing protocols are a consequence of the distance vector method of route calculation
RIPv1 IGRP
Subnet masks are not carried within the routine, periodic routing updates Summary routes are automatically created at major network boundaries
www.cisco.com
BSCN14-5
Classful routing is a consequence of the fact that subnet masks are not advertised in the periodic, routine, routing advertisements generated by distance vector routing protocols. In a classful environment, the receiving device must know the mask associated with any advertised subnets. There are two ways this information can be gained:
s s
The receiving device shares the same mask as the advertising device. If the mask does not match, the receiving device must use the default routing mask.
Classful routing protocols, such as RIPv1 and IGRP, exchange routes to all subnetworks within the same network. This is possible because all of the subnetworks in the major network must have the same routing mask. When routes are exchanged with foreign networks (networks whose network portion does not match ours), subnetwork information from this network cannot be included because the mask of the network will not be known. As a result, the subnetwork information from this network must be summarized to a classful boundary using a default routing mask prior to inclusion in the routing update. The creation of a classful summary route at major network boundaries is handled automatically by classful routing protocols. Summarization at other points within the major network address is not allowed by classful routing protocols.
Classless Routing
Classless routing protocols include the routing mask with the route advertisement
Open Shortest Path First (OSPF) Enhanced IGRP RIPv2 IS-IS BGP
Routing updates triggered by topology changes Summary routes manually controlled at any point within the network
www.cisco.com
BSCN14-6
Classless routing protocols can be considered as second generation protocols because they are designed to deal with some of the limitations of the earlier classful protocols. One of the most serious limitations in a classful network environment is that the subnet mask is not exchanged during the routing update process. This original approach required the same mask be used on all subnetworks. The classless approach advertises the mask for each route and therefore a more precise lookup can be performed in the routing table. Once the initial topology learning phase is complete, updates about network routes are triggered by changes in topology. The event-driven approach reduces the periodic bandwidth consumption associated with full table updates. Classless routing protocols also address another limitation of the classful approach: the need to summarize to a classful network with a default routing mask at major network boundaries. In the classless environment, the summarization process is manually controlled and can be invoked at any point within the network. Since subnet routes are propagated throughout the routing domain, summarization is required to keep the size of the routing tables at a manageable size.
Extending IP Addressing Space

This section reviews some of the features available to extend the IP addressing space.
Subnet Masking, RFC 1812 Address Allocation for Private Internets, RFC 1918 Network Address Translation, RFC 1631 Hierarchical Addressing Variable-Length Subnet Masks, RFC 1812 Route Summarization, RFC 1518 Classless Inter-Domain Routing, RFCs 1518, 1519
www.cisco.com
BSCN14-8
Since the 1980s, solutions have been developed to slow the depletion of IP addresses and to reduce the number of Internet route table entries by enabling more hierarchical layers in an IP address. These solutions include:
s
Subnet MaskingRFCs 950 (1985), 1812 (1995)Developed to add another level of hierarchy to an IP address. This additional level allows for extending the number of network addresses derived from a single IP address. Address Allocation for Private InternetsRFC 1918 (1996)Developed for organizations that do not need much access to the Internet. The only reason to have a NIC-assigned IP address is to interconnect to the Internet. Any and all companies can use the privately assigned IP addresses within their organization, rather than using a NIC-assigned IP address unnecessarily. Network Address Translation (NAT)RFC 1631 (1994)Developed for those companies that use private addressing or use non-NIC-assigned IP addresses. This strategy enables an organization to access the Internet with a NIC-assigned address, without having to reassign the private or illegal addresses that are already in place. Hierarchical Addressing Applying a structure to addressing such that multiple addresses share the same leftmost bits. Variable-Length Subnet Masks (VLSMs)RFC 1812 (1995)Developed to allow multiple levels of subnetworked IP addresses within a single network. This strategy can only be used when it is supported by the routing protocol in use, such as OSPF and EIGRP.
Route SummarizationRFC 1518 (1993)A way of having a single IP address represent a collection of IP addresses when you employ a hierarchical addressing plan. Classless Inter-Domain Routing (CIDR)RFCs 1518, 1519 (1993), 2050 (1996)Developed for ISPs. This strategy suggests that the remaining IP addresses be allocated to ISPs in contiguous blocks, with geography being a consideration.
What Is a Variable-Length Subnet Mask?

172.16.14.32/27
A
17 2.
16 .1
4. 1
172.16.14.64/27
172.1
B
6.14. 1
0 36/30
32 /3
2. 17
. .1 16
2 0/
172.16.14.96/27
0/3 .14.14 172.16
HQ 17
2.1
6.2 .
172.16.0.0/16
0/2 4
Subnet 172.16.14.0/24 is divided into smaller subnets:

Subnet with one mask at first (/27) Further subnet one of these subnets not used elsewhere (/30)
www.cisco.com
BSCN14-9
VLSMs provide the ability to include more than one subnet mask within a network, and the ability to subnet an already subnetted network address. The benefits of VLSMs include:
s
Even more efficient use of IP addressesWithout the use of VLSMs, companies are locked into implementing a single subnet mask within an entire class A, B or C network number. For example, consider the 172.16.0.0/16 network address divided into subnets using /24 masking, and one of the subnetworks in this range, 172.16.14.0/24, further divided into smaller subnets with the /27 masking, as shown in the graphic. These smaller subnets range from 172.16.14.0/27 to 172.16.14.224/27. In the graphic, one of these smaller subnets, 172.16.14.128, is further divided with the /30 prefix, creating subnets with only two hosts, to be used on the WAN links.
Greater capability to use route summarizationVLSMs allow for more hierarchical levels within your addressing plan, and thus allow for better route summarization within routing tables. For example, in the graphic, subnet 172.16.14.0/24 summarizes all of the addresses that are further subnets of 172.16.14.0, including those from subnet 172.16.14.0/27 and from 172.16.14.128/30.
What Is Route Summarization?

172.16.25.0/24 I can route to the 172.16.0.0/16 network. 172.16.26.0/24
A
172.16.27.0/24
B Routing Table 172.16.0.0/16
Routing Table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24
Routing protocols can summarize addresses of several networks into one address
www.cisco.com
BSCN14-10
In large internetworks hundreds or even thousands of network addresses can exist. In these environments, it is often not desirable for routers to maintain all these routes in their routing table. Route summarization, also called route aggregation or supernetting, can reduce the number of routes that a router must maintain because it is a method of representing a series of network numbers in a single summary address. For example, as the graphic shows, the router can either send three routing update entries, or summarize the addresses into a single network number.
Note The router in the graphic is saying that it can route to the network 172.16.0.0/16, including all subnets of that network. However, if there were other subnets of 172.16.0.0 elsewhere in the network (for example, if 172.16.0.0 was discontiguous), summarizing in this way may not be valid.
What is CIDR?
192.168.8.0/24
A
19 2.1 68
.8.
192.168.9.0/24
. . .
0/2 4
192.168.8.0/21
HQ
B . . . H
192.1 68.9.0
/24
192.168.15.0/24
6 2.1 19
/24 5 .0 8.1
Networks 192.168.8.0/24 through 192.168.15.0/24 are summarized by HQ in one advertisement 192.168.8.0/21

www.cisco.com
BSCN14-11
CIDR is a mechanism developed to help alleviate the problem of exhaustion of IP addresses and growth of routing tables. The idea behind CIDR is that blocks of multiple Class C addresses can be combined, or aggregated, to create a larger (that is, more hosts allowed) classless set of IP addresses. Blocks of Class C network numbers are allocated to each network service provider. Organizations using the network service provider for Internet connectivity are allocated subsets of the service provider's address space as required. These multiple Class C addresses can then be summarized in routing tables, resulting in fewer route advertisements CIDR is described further in RFCs 1518 and 1519. RFC 2050, the Internet Registry IP Allocation Guidelines, specifies guidelines for the allocation of IP addresses. The graphic shows an example of CIDR and route summarization. The class C network addresses 192.168.8.0/24 through 192.168.15.0/24 are being used and are being advertised to the HQ router. When the HQ router advertises the networks available, instead of separately advertising the eight class C networks, it can summarize these into one route. By advertising 192.168.8.0/21, the HQ router is saying: I can get to all destination addresses that have the first 21 bits the same as the first 21 bits of the address 192.168.8.0.
Connecting to ISPs
This section reviews autonomous systems and BGP as they relate to connecting to Internet Service Providers.
Autonomous Systems
IGPs: RIP, IGRP, OSPF, EIGRP EGPs: BGP
An autonomous system (AS) is a collection of networks under a a single technical administration IGPs operate within an autonomous system EGPs connect different autonomous systems
www.cisco.com
BSCN14-13
One way to categorize routing protocols is by whether they are interior or exterior:
s
Interior gateway protocols (IGPs)Routing protocols used to exchange routing information within an autonomous system. RIP, IGRP, OSPF and EIGRP are examples of IGPs. Exterior gateway protocols (EGPs)used to connect between autonomous systems. Border Gateway Protocol (BGP) is an example of an EGP.
BGP version 4, BGP-4, is the latest version of BGP and is defined in RFC 1771. As noted in this RFC, the classic definition of an autonomous system is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs. Nowadays, ASs may use more than one IGP, with potentially several sets of metrics. The important characteristic of an AS from the BGP point of view is that the AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it. All parts of the AS must be connected to each other.
BGP Characteristics
BGP is a distance-vector protocol with enhancements:
Reliable updates - BGP runs on top of TCP (port 179) Incremental, triggered updates only Periodic keepalives to verify TCP connectivity Rich metrics (called path vectors or attributes) Designed to scale to huge internetworks
www.cisco.com
BSCN14-14
BGP is a distance vector protocol, but is has many differences to the likes of RIP. BGP uses TCP as its transport protocol, which provides connection-oriented reliable delivery. In this way, BGP assumes that its communication is reliable and therefore it doesnt have to implement any retransmission or error recovery mechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCP connection with one another and exchange messages to open and confirm the connection parameters. These two routers are called peer routers or neighbors. Once the connection is made, full routing tables are exchanged. However since the connection is reliable, BGP routers need only send changes (incremental updates) after that. Periodic routing updates are also not required on a reliable link, so triggered updates are used. BGP sends keepalive messages, similar to the hello messages sent by OSPF and EIGRP. BGP routers exchange network reachability information, called path vectors, made up of path attributes, including a list of the full path (of BGP AS numbers) that a route should take in order to reach a destination network. This path information is used in constructing a graph of ASs that is loop free and where routing policies can be applied in order to enforce some restrictions on the routing behavior. The path is loop free because a router running BGP will not accept a routing update that already includes its AS number in the path list, since this would mean that the update has already passed through its AS, and accepting it again would result in a routing loop.
BGP Route Selection Decision Process

Consider only (synchronized) routes with no AS loops and a valid next-hop, then :
Prefer highest weight (local to router) Prefer highest local preference (global within AS) Prefer route originated by the local router Prefer shortest AS path Prefer lowest origin code (IGP < EGP < incomplete) Prefer lowest MED (from other AS) Prefer EBGP path over IBGP path Prefer the path through the closest IGP neighbor Prefer the path with the lowest neighbor BGP router id
www.cisco.com
BSCN14-15
After BGP receives updates about different destinations from different autonomous systems, the protocol decides which path to choose in order to reach a specific destination. BGP will choose only a single path to reach a specific destination. The decision process is based on BGP path attributes. When faced with multiple routes to the same destination, BGP chooses the best route for routing traffic toward the destination. The following process summarizes how BGP on a Cisco router chooses the best route. 1. If the path is internal, synchronization is on and route is not synchronized, do not consider it. 2. If the Next-Hop address of a route is not reachable do not consider it. 3. Prefer the route with the highest Weight. (Recall that the weight is Cisco proprietary and is local to the router only). 4. If multiple routes have the same Weight, prefer the route with the highest Local Preference. (Recall that the local preference is used within an AS). 5. If multiple routes have the same Local Preference, prefer the route that was originated by the local router. 6. If multiple routes have the same Local Preference, or if no route was originated by the local router, prefer the route with the shortest AS path. 7. If the AS path length is the same, prefer the lowest origin code (IGP<EGP<Incomplete). 8. If all origin codes are the same, prefer the path with the lowest MED. (Recall that the MED is sent from other ASs).
The MED comparison is only done if the neighboring autonomous system is the same for all routes considered, unless the bgp always-compare-med command is enabled.
Note The most recent IETF decision regarding BGP MED assigns a value of infinity to the missing MED, making the route lacking the MED variable the least preferred. The default behavior of BGP routers running Cisco IOS software is to treat routes without the MED attribute as having a MED of 0, making the route lacking the MED variable the most preferred. To configure the router to conform to the IETF standard, use the bgp bestpath missing-as-worst command.
9. If the routes have the same MED, prefer external paths (EBGP) over internal paths (IBGP). 10. If IGP synchronization is disabled and only internal paths remain, prefer the path through the closest IGP neighbor. This means the router will prefer the shortest internal path within the AS to reach the destination (the shortest path to the BGP next-hop). 11. Prefer the route with the lowest neighbor BGP Router ID value. The path is put in the routing table and propagated to the routers BGP neighbors.
Multi-homing BGP Example

172.25.0.0
AS 250
ISP AS 200
172.20.0.0 172.30.0.0 B 10.10.10.2 10.10.20.1 C
ISP AS 300
10.10.20.2 10.10.10.1 A
AS 100
www.cisco.com
BSCN14-16
In the example in the graphic, AS 100 is connected to two ISPs, AS 200 and AS 300. AS 100 is said to have a multi-homed connection to the Internet and will chose the path it takes to various destinations as detailed in the decision process on the previous graphic.
Controlling Overhead Traffic

This section reviews some of the features available to control router overhead traffic.
Access List Uses

Priority and custom queuing Dial-on-demand routing
Queue List
Transmission of packets on an interface Routing Table
Route filtering
Virtual terminal line access (IP)
Access lists are multipurpose

www.cisco.com
BSCN14-18
Access lists can be used in many ways, including:

s s s
To permit or deny packets from crossing specified router interfaces. To permit or deny virtual terminal (vty) access to and from a router. To establish a finer granularity of control when differentiating traffic into priority and custom queues. To identify interesting traffic that serves to trigger dialing in dial-on-demand routing (DDR). To filter and alter attributes within a routing update.
Route Filters with DistributeList

Routing Update Determine interface. Is there a filter for this interface? No Process packet normally. Yes Is there an entry for this address? Yes
Process entry according to filter configuration.
No End Drop packet
End
www.cisco.com
BSCN14-19
The Cisco IOS software can filter incoming and outgoing routing updates by using distribute-lists that use access-lists. In general, the process the router uses is as follows: 1. 2. The router receives a routing update or is getting ready to send an update about one or more networks. The router looks at the interface involved with the action. For example, if it is an incoming update, then the interface on which it arrived is checked. If it is an update that must be advertised, the interface out of which it should be advertised is checked. 3. 4. The router determines if a filter is associated with the interface. If a filter is associated with the interface, the router views the access list to learn if there is a match for the given routing update. If a filter is not associated with the interface, the packet is processed as normal. 5. If there is a match, then the route entry is processed as configured. If no match is found in the access list, the implicit deny any at the end of the access list will cause the update to be dropped.
Route-Maps
Route-maps
Filters for network advertisements Offer detailed control over advertisements Complex access-lists Complex conditional advertisement via match command Changes routing table parameters via set command
www.cisco.com
BSCN14-20
A route map is a method used to control and modify routing information. This is done by defining conditions for redistributing routes from one routing protocol to another or controlling routing information when injected in and out of BGP. Route maps are complex access lists that allow some conditions to be tested against the route in question, and if the conditions match then some actions can be taken to modify the route. These actions are specified by set commands.
Policy-based routing
Allows you to implement policies that selectively cause packets to take different paths Can also mark traffic with different TOS Since IOS Release 11.0 Applied to incoming packets Implemented using route-maps
www.cisco.com
BSCN14-21
In today's high performance internetworks, organizations need the freedom to implement packet forwarding and routing according to their own defined policies in a way that goes beyond traditional routing protocol concerns. By using policybased routing, introduced in Cisco IOS Release 11.0, policies that selectively cause packets to take different paths can be implemented. Policy-based routing also provides a mechanism to mark packets with different types of service (TOS). This feature can be used in conjunction with IOS queuing techniques so that certain kinds of traffic can receive preferential service. Policy-based routing is applied to incoming packets. All packets received on an interface with policy-based routing enabled are considered for policy-based routing. The router passes the packets through a route-map. Based on the criteria defined in a route-map, packets are forwarded to the appropriate next hop.
BGP Policy Control

To restrict routing information to/from BGP neighbors use
Distribute lists (using access lists) or Prefix lists
www.cisco.com
BSCN14-22
BGP has additional features for controlling update traffic. If you want to restrict the BGP routing information that the Cisco IOS software learns or advertises, you can filter BGP routing updates to and from particular neighbors. To do this, you can either define an access list or a prefix list, and apply it to the updates. Access lists are applied using distribute lists.
Route Redistribution
This section reviews route redistribution.
When Do You Use Multiple Routing Protocols?

Interim during conversion Application-specific protocols One size does not always fit all Political boundaries Groups that do not work and play nicely with others Mismatch between devices Multivendor interoperability Host-based routers
www.cisco.com
BSCN14-24
There are times when you may need to use multiple routing protocols. Some reasons why you may need multiple protocols are as follows:
s
When you are migrating from an older IGP to a new IGP, multiple redistribution boundaries may exist until the new protocol has displaced the old protocol completely. Dual existence of protocols is effectively the same as a long-term coexistence design. When you want to use another protocol but need to keep the old protocol due to the needs of host systems. Different departments might not want to upgrade their routers or they might not implement a sufficiently strict filtering policy. In these cases you can protect yourself by terminating the other routing protocol on one of your routers. If you have a mixed router vendor environment, you can use a Cisco-specific protocol in the Cisco portion of the network and then use a common protocol to communicate with non-Cisco devices.
What Is Redistribution?
ASBR
AS 200 IGRP 172.16.0.0
S1
C
S0 A
B
AS 300 EIGRP 192.168.5.0
I I I I
IP Routing Table 192.168.5.0 172.16.1.0 172.16.2.0 172.16.3.0
S1 advertises routes from EIGRP to IGRP S0 advertises routes from IGRP to EIGRP
IP Routing Table D EX D D D 172.16.0.0 192.168.5.8 192.168.5.16 192.168.5.24
Routes are learned from another routing protocol when a router redistributes the information between the protocols
www.cisco.com
BSCN14-25
When any of these situations arises, Cisco routers allow internetworks using different routing protocols (referred to as autonomous systems) to exchange routing information through a feature called route redistribution. Redistribution is defined as the ability for boundary routers connecting different autonomous systems to exchange and advertise routing information received from one autonomous system to the other autonomous system.
Note The term autonomous system as used here denotes internetworks using different routing protocols. These routing protocols may be IGPs and/or EGPs. This is a different use of the term Autonomous System than is used when discussing BGP.
Within each autonomous system the internal routers have complete knowledge about their network. The router interconnecting autonomous systems is called an autonomous system boundary router (ASBR). In the example shown in the graphic, AS 200 is running IGRP and AS 300 is running EIGRP, and the internal routers within each autonomous system have complete knowledge about their networks. Router A is the ASBR. Router A has both IGRP and Enhanced IGRP processes active and is responsible for advertising routes learned from one autonomous system into the other autonomous system. In this example, Router A learns about network 192.168.5.0 from Router B via the EIGRP protocol running on its S0 interface. It passes that information to Router C on its S1 interface via IGRP. Routing information is also passed the other way, from IGRP into EIGRP. Router B's routing table shows that it has learnt about network 172.16.0.0 via EIGRP (as indicated by the D in the routing table) and that the route is external to this autonomous system (as indicated by the EX in the routing table). Router Cs routing table shows that it has learnt about network 192.168.5.0 via IGRP (as
Copyright 1999, Cisco Systems, Inc. Implementing Scalability Features in Your Internetwork 14-23
indicated by the I in the routing table). Note that there is no indication in IGRP if the route is external to the autonomous system.
Redistribution Implementation Guidelines

IGRP/OSPF
IGRP
Redistribute
OSPF
Default or Static
IGRP
Redistribute
OSPF
Redistribute and Filter or Change Administrative Distance

www.cisco.com
BSCN14-26
At a high level, Cisco recommends you consider employing the following guidelines when using redistribution:
s
The overriding recommendation is to be familiar with your network and your network traffic. There are many ways to implement redistribution, so knowing your network will enable you to make the best decision. Do not overlap routing protocolsDo not run two different protocols in the same internetwork. Rather, have distinct boundaries between networks that use different protocols. One-way redistributionTo avoid routing loops, and problems with varying convergence time, only allow routes to be exchanged in one direction, not both directions. In the other direction, you should consider using a default route. Two-way redistributionIf you must allow two-way redistribution, enable a mechanism to reduce the chances of routing loops. Examples of mechanisms covered in this chapter are default routes, route filters, and modification of the metrics advertised. With these types of mechanisms, you can reduce the chances of routes imported from one autonomous system being re-injected into the same autonomous system as new route information.
Written Exercise: Using Scalable Strategies

Objective: Given a set of network requirements, configure many of the features discussed in class and verify proper operation (within described guidelines) of your routers Task: Answer the following questions. 1. Name the two major functions performed by routers. _________________________________________________________________ _________________________________________________________________ 2. What are the benefits of VLSMs? _________________________________________________________________ _________________________________________________________________ 3. If the subnet 172.17.2.32/28 was further subnetted with a /30 prefix, how many more subnets would be created? How many hosts would be available on each of these new subnets? _________________________________________________________________ 4. Define the following terms: IGP_______________________________________ EGP______________________________________ Autonomous System____________________________________________ _____________________________________________________________ Redistribution__________________________________________________ 5. Describe some of the characteristics of BGP. _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ 6. Describe some of the ways in which access-lists can be used. _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ _________________________________________________________________ 7. Policy-based routing is applied to ______________ packets on an interface.
Case Study: Summary (Optional)

This case study acts as a summary of all of the topics covered in earlier chapters. It reinforces the quantity of the information that has been discussed earlier.
Case Study: Summary

Internet
Acquisition A 1 Class A - Private 2 Class C - Public IGRP AS 350, RIP OSPF Area 0 - Small Acquisition C 1 Class B - Public OSPF Area 0 - All Multi-vendor Equipment No Summarization
JKL Corporation 1 Class B - Public Recently re-designed, optimal OSPF Area 0 - Small, Redundant OSPF Multi-Area, Hierarchical VLSM with Route Summarization
Acquisition B 3 Class C - Public IP RIP Only 500 Devices, out of addr. 6 Hops
Acquisition D 1 Class B - Public 1 Class C - Private Enhanced IGRP AS 400 Discontig. Subnets
JKLs Problem: How to integrate Acquisitions A - D?

www.cisco.com
BSCN14-30
Throughout the course we have been using a Case Study of JKL Corporation to discuss various aspects of scalable routing. The case studies were used to review key concepts, to discuss critical issues surrounding network operation, and to provide a focus for the lab exercises. JKL is an enterprise that is making four acquisitions A, B, C and D. JKLs ultimate goal is to integrate the acquisitions networks with its own network. We have seen the multi-area OSPF design used within JKL, including VLSM and route summarization. JKL has a class B public address. Recall that JKL has two ISP connections. We have seen that Acquisition A is using a mixture of routing protocolsRIP, IGRP and OSPF. It has two class C public addresses and uses a class A private address. We have discussed how Acquisition A will redistribute routing information between the three routing domains. We have seen that Acquisition B is using three class C public addresses and is using only IP RIP as its routing protocol. It has run out of IP addresses. Recall that Acquisition C has a multi-vendor environment and is using OSPF and one class B public address. It is not using summarization. We have also seen that Acquisition D is using EIGRP, has one class B and one class C public address and discontiguous subnets.
Copyright 1999, Cisco Systems, Inc. Implementing Scalability Features in Your Internetwork 14-27
Now we will look at how JKL can integrate these acquisitions into its own network. What would be the most appropriate way for each of the Acquisitions networks to be incorporated into JKLs network? The following topics are some considerations to discuss with the class during the case study:
s
Routing domains, including scaling issues:

s
Are there any parts of the acquisitions networks that do not scale? How should these be incorporated into JKLs network? Should the routing protocols in any of the acquisitions be changed to another protocol? What issues would be involved in selecting those that should be changed? Where in JKLs network should the other networks be integrated? Should they be part of area 0, or should new areas be added in some cases?
Redistribution between different routing protocols

s
If the resulting JKL network has more than one routing protocol how will redistribution be handled? What issues may arise when configuring redistribution in this network? Will any filtering be necessary?
s s s
Addressing
s
How will all of the current addresses be incorporated into the integrated network? If private addresses are kept, what will be required in order to access the Internet?
Internet Access
s
In the integrated network, where will access to the Internet be implemented? Will BGP be used for the Internet connections?
Summary
This section summaries the tasks you learned to complete in this chapter.
Summary
After completing this chapter, you should be able to perform the following task:
www.cisco.com
BSCN14-31
Review Questions
Review Questions
1. What distinguishes classful routing protocols from classless routing protocols? 2. A router has the networks 192.168.160.0/24 through 192.168.175.0/24 in its routing table. How could it summarize these networks into one route? 3. In the BGP selection process, which attribute is checked first, AS-path, weight, or local preference?
www.cisco.com
BSCN14-32
Job Aids and Supplements
Overview
This chapter contains Job Aids and Supplements for the following topics:
s s s s s
Extending IP Addressing OSPF EIGRP BGP Route Optimization
Note to reviewers: In the design document, the Route Optimization supplements were in a separate appendix; Note they have been moved to this appendix for consistency.
Extending IP Addressing
Note to reviewers: In the design document, this section had some job aids and supplements that were redundant; Note these have been cleaned up and the section reordered.
Job Aid: IP Addresses and Subnetting
IP Addresses and Subnetting

Class
A B C
Net Host
N.H.H.H N.N.H.H N.N.N.H
First Octet
Standard Mask Binary
Subnet Bits Class B 2 3 4 5 6 7 8 9 10 11 12 13 14 Class C 2 3 4 5 6
Subnet Mask
# Subnets
# Hosts
1126 1111 1111 0000 0000 0000 0000 0000 0000 128191 1111 1111 1111 1111 0000 0000 0000 0000 192223 1111 1111 1111 1111 1111 1111 0000 0000
Address Subnet Mask S U B N E T T I N G

First octet (131 Class B) defines network portion.
131.108.5.72
1000 0011 0110 1100 0000 0101 0100 1000
255.255.255.192 1111 1111 1111 1111 1111 1111 1100 0000 1000 0011 0110 1100 0000 0101 0100 1000 1111 1111 1111 1111 1111 1111 1100 0000
Network
255.255.192.0 255.255.224.0 255.255.240.0 255.255.248.0 255.255.252.0 255.255.254.0 255.255.255.0 255.255.255.128 255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252
4 8 16 32 64 128 256 512 1024 2048 4096 8192 16384
16382 8190 4094 2046 1022 510 254 126 62 30 14 6 2
Of the part that remains, the subnet mask bits define the subnet portion.
0000 0101 0100 1000 1111 1111 1100 0000 00 1000 00 0000
Subnet
255.255.255.192 255.255.255.224 255.255.255.240 255.255.255.248 255.255.255.252
4 8 16 32 64
62 30 14 6 2
Whatever bits remain define the host portion.
Host
www.cisco.com
BSCNA-2
A-2 Building Scalable Cisco Networks
Job Aid: Binary - Decimal Conversion Chart

Decimal
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
Binary
00000000 00000001 00000010 00000011 00000100 00000101 00000110 00000111 00001000 00001001 00001010 00001011 00001100 00001101 00001110 00001111 00010000 00010001 00010010 00010011 00010100 00010101 00010110 00010111 00011000 00011001 00011010 00011011 00011100 00011101 00011110 00011111 00100000 00100001 00100010 00100011 00100100 00100101 00100110 00100111 00101000 00101001 00101010 00101011 00101100 00101101 00101110 00101111 00110000 00110001 00110010 00110011 00110100 00110101 00110110 00110111 00111000 00111001 00111010 00111011 00111100 00111101 00111110 00111111
Decimal
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
Binary
01000000 01000001 01000010 01000011 01000100 01000101 01000110 01000111 01001000 01001001 01001010 01001011 01001100 01001101 01001110 01001111 01010000 01010001 01010010 01010011 01010100 01010101 01010110 01010111 01011000 01011001 01011010 01011011 01011100 01011101 01011110 01011111 01100000 01100001 01100010 01100011 01100100 01100101 01100110 01100111 01101000 01101001 01101010 01101011 01101100 01101101 01101110 01101111 01110000 01110001 01110010 01110011 01110100 01110101 01110110 01110111 01111000 01111001 01111010 01111011 01111100 01111101 01111110 01111111
Decimal
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191
Binary
10000000 10000001 10000010 10000011 10000100 10000101 10000110 10000111 10001000 10001001 10001010 10001011 10001100 10001101 10001110 10001111 10010000 10010001 10010010 10010011 10010100 10010101 10010110 10010111 10011000 10011001 10011010 10011011 10011100 10011101 10011110 10011111 10100000 10100001 10100010 10100011 10100100 10100101 10100110 10100111 10101000 10101001 10101010 10101011 10101100 10101101 10101110 10101111 10110000 10110001 10110010 10110011 10110100 10110101 10110110 10110111 10111000 10111001 10111010 10111011 10111100 10111101 10111110 10111111
Decimal
192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255
Binary
11000000 11000001 11000010 11000011 11000100 11000101 11000110 11000111 11001000 11001001 11001010 11001011 11001100 11001101 11001110 11001111 11010000 11010001 11010010 11010011 11010100 11010101 11010110 11010111 11011000 11011001 11011010 11011011 11011100 11011101 11011110 11011111 11100000 11100001 11100010 11100011 11100100 11100101 11100110 11100111 11101000 11101001 11101010 11101011 11101100 11101101 11101110 11101111 11110000 11110001 11110010 11110011 11110100 11110101 11110110 11110111 11111000 11111001 11111010 11111011 11111100 11111101 11111110 11111111
Job Aids and Supplements A-3
Supplement AIP Addressing Review

This supplement reviews the basics of IP addresses, including:
s s s s s s
Converting IP Addresses Between Decimal and Binary Determining an IP Address Class Extending an IP Classful Address Using Subnet Masks Calculating a Subnet Mask Calculating the Networks for a Subnet Mask Using Prefixes to Represent a Subnet Mask
Converting IP Addresses Between Decimal and Binary
Converting IP Addresses Between Decimal and Binary

Value for Each Bit
1 1 1 1 1 1 1 1 128 64 32 16 8 4 2 1 = 255
Converting from binary to decimal
0 1 0 0 0 0 0 1 128 64 32 16 8 4 2 1 0 +64 +0 +0 +0 +0 +0 +1 = 65
www.cisco.com
BSCNA-4
An IP address is a 32-bit, two-level hierarchical number. It is hierarchical because the first portion of the address represents the network and the second portion of the address represents the node (host). The 32 bits are grouped into 4 octets with 8 bits per octet. The value of each octet ranges from 0 to 255 decimal, or 00000000 to 11111111 binary. The graphic illustrates how you convert an IP address in dotted-decimal notation into binary. It is important that you understand how this conversion is done for calculating subnet masks, which are discussed later in this section.
Examples: Converting Binary Decimal

Binary Address: Decimal Address: Binary Address: Decimal Address: Binary Address: Decimal Address:
00001010.00000001.00010111.00010011
. 1 . 23 . 19 10101100 00010010 01000001 10101010 . . .

10 172 . 18 . 65 . 170 11000000.01001101.00001110.00000110 192 77 14 6
www.cisco.com
BSCNA-6
The graphic shows three examples of converting between binary and decimal.
Determining an IP Address Class
Determining an IP Address Class

32 bits
Class A Class B Class C
0 network 10 110 network
Host Host Host
network
www.cisco.com
BSCNA-7
To accommodate large and small networks, the NIC segregated the 32-bit IP address into classes A through E. Each address class allows for a certain number of network addresses and a certain number of host addresses within a network, as shown in the following table.
Class Class A Class B Class C Class D Class E Address Range 1.0.0.0 to 126.0.0.0 128.0.0.0 to 191.255.0.0 192.0.0.0 to 223.255.255.0 224.0.0.0 to 239.255.255.254 240.0.0.0 to 255.255.255.255 Number of Networks 128 (2 ) 16,386 (214) Approximately 2 million (221) Reserved for multicast addresses Reserved for research
7
Number of Hosts 16,777,214 65,532 254
Using classes to denote which portion of the address represents the network number and which portion is the node or host address is referred to as classful addressing. There are several issues with classful addressing, however. The number of available Class A, B, and C addresses is finite. Another problem is that not all classes are useful for a midsize organization, as illustrated in the table. As can be expected, the Class B range is the most accommodating to a majority of todays organizational network topologies. To maximize the use of the IP address(es) received by an organization regardless of the class, subnet masks were introduced.
Extending an IP Classful Address Using Subnet Masks
Extending an IP Address Using Subnet Masks

32 bits Network Based on value in first octet. Mask Network Subnet Host Host
Based on subnet mask.
www.cisco.com
BSCNA-8
RFC 950 was written to address the problem of IP address shortage. It proposed a procedure, called subnet masking, for dividing Class A, B, and C addresses into smaller pieces, thus increasing the amount of possible networks. A subnet mask is a 32-bit value that identifies which bits in an address represent network bits and which represent host bits. In other words, rather than the router determining the network portion of the address by looking at the value of the first octet, it looks at the subnet mask associated with the address. In this way, subnet masks allow you to extend the usage of an IP address. It is a way of making an IP address a threelevel hierarchy, as shown in the graphic. To use a subnet mask, put a 1 for each bit that you want to represent a network or subnet portion of the address and a 0 for each bit that you want to represent a node portion of the address. Note that the 1s in the mask are contiguous. For example, the default subnet masks for Class A, B, and C addresses are as follows:
Class Class A Class B Class C Default Mask Decimal 255.0.0.0 255.255.0.0 255.255.255.0 Default MaskBinary 11111111.00000000.00000000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.11111111.00000000
Calculating a Subnet Mask
Calculating a Subnet Mask

IP Address=172.16.0.0
1 2 15 1 2 15
A 1 2 15 E 1
C 1 2 15 D
15
www.cisco.com
BSCNA-9
Because subnet masks extend the number of network addresses you can use by using additional bits in the host portion, you do not want to randomly decide how many additional bits to use for the network portion. Rather, you want to do some research to determine how many network addresses you need to derive from your NIC-given IP address. For example, consider that the NIC has given you IP address 172.16.0.0. The process for establishing your subnet mask would be as follows: 1. Determine the number of networks (subnets) needed. In the graphic, for example, there are five networks. 2. Determine how many nodes per subnet must be defined. The graphic, for example, has 5 nodes on each subnet. 3. Determine future network and node requirements. For example, assume 100 percent growth. 4. Given the information gathered from questions 1 through 3, determine the total number of networks required. For the example, it would be ten networks. Refer to the Job Aid: IP Addressing and Subnetting and select the appropriate subnet mask value that can accommodate ten networks. There is no mask that exactly accommodates ten networks. Depending on your network growth trends, you may select four subnet bits, resulting in a subnet mask of 255.255.240.0. The binary representation of this subnet mask is: 11111111.11111111.11110000.00000000 The number of additional subnetworks given by n additional bits is 2 n. For example, the additional four subnet bits would give you sixteen subnetworks.
Calculating the Networks For a Subnet Mask
Calculating the Networks for a Subnet Mask

Assigned Address: 172.16.0.0/16 In Binary 10101100.00010000.00000000.00000000 Subnetted Address: 172.16.0.0/20 In Binary 10101100.00010000.xxxx0000.00000000
1st Subnet 10101100 . 00010000 .0000 0000.00000000 =172.16.0.0 172 . 16 .0001 0000.00000000 =172.16.16.0 2nd Subnet: 172 . 16 .0010 0000.00000000 =172.16.32.0 3rd Subnet: 172 . 16 .0011 0000.00000000 =172.16.48.0 4th Subnet: . . 10th Subnet: 172 . 16 .1001 0000.00000000 =172.16.144.0
Network Subnet Host
www.cisco.com
BSCNA-10
Once you identify your subnetwork, you must calculate the ten subnetted network addresses to use with 172.16.0.0 255.255.240.0. One way to do this is as follows: 1. Write the subnetted address in binary format, as shown in the graphic. Use the Job Aid: Binary to Decimal Conversion Chart as necessary. 2. On the binary address, draw a line between the 16th and the 17th bits, as show in the graphic. Then draw a line between the 20th and 21st bits. Now you can focus on the target bits. 3. Go to the Job Aid: Binary to Decimal Conversion Chart and locate the first subnetwork number. Because your subnetwork bits are 0000, and the rest of the octet is 0000, the first number would be 00000000, or subnet 0. Historically, it was recommended that you begin choosing networks from highest (from the left-most bit) to lowest so you could have available network addresses. But this strategy does not allow you to adequately summarize network addresses, therefore the present recommendation is to choose networks from lowest to highest (right to left). 4. (Optional) It is recommended that you list each subnetwork in binary form to reduce the number of errors. In this way, you will not forget where you left off in your network address selection. 5. Locate the second lowest subnetwork number. In this case, it would be 0001. When combined with the next four bits this is subnet 16. 6. Continue locating subnetwork numbers until you have what you need, in this case 10 subnets.
Using Prefixes to Represent a Subnet Mask
Using Prefixes to Represent a Subnet Mask

p1r3#show run <Output Omitted> interface Ethernet0 ip address 10.64.4.1 255.255.255.0 ! interface Serial0 ip address 10.1.3.2 255.255.255.0 p1r3#show interface ethernet0 Ethernet0 is administratively down, line protocol is down Hardware is Lance, address is 00e0.b05a.d504 (bia 00e0.b05a.d504) Internet address is 10.64.4.1/24
<Output Omitted>
p1r3#show interface serial0 Serial0 is down, line protocol is down Hardware is HD64570 Internet address is 10.1.3.2/24
<Output Omitted>
www.cisco.com
BSCNA-11
As already discussed, subnet masks are used to identify the number of bits in an address that represent the network, subnet and host portions of the address. Another way of indicating this is to use a prefix. A prefix is a slash (/), and a numerical value that is the sum of the bits that represent the network and subnet portion of the address. For example, if you were using a subnet mask of 255.255.255.0, the prefix would be /24 for 24 bits. The following table shows some examples of the different ways that you can represent a prefix and subnet mask.
IP Address/Prefix 192.168.112.0/21 172.16.0.0/16 10.1.1.0/27 Subnet Mask 255.255.248.0 255.255.0.0 255.255.255.224 Subnet MaskBinary 11111111.11111111.11111000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.11111111.11100000
It is important to know how to write subnet masks and prefixes because the Cisco router uses both as shown in the graphic. You will typically be asked to input a subnet mask when configuring an IP address, but the output generated using show commands typically show an IP address with a prefix.
Written Exercise: Calculating Subnet Masks

Objective: Given an IP address, extend the use of the IP address using subnet masking. Task: Complete the following IP address plan. 1 You need to design an IP network for your organization. Your organizations IP address is 172.16.0.0. Your assessment indicates that the organization needs at least 130 networks of no more than 100 nodes in each network. As a result, you have decided to use a classful subnetting scheme based on the 172.16.0.0/24 scheme. In the space below write any four IP addresses that are part of the range of subnetwork numbers. Also, write the network address and subnet mask for these addresses. One address is provided as an example.
172.16.1.0/24 172.16.1.0 255.255.255.0
Your network has the address 172.16.168.0/21. Write eight IP addresses in this network:
Write the four IP addresses in the range described by the 192.168.99.16/30 address:
Of these four host addresses, which two could you use as host addresses in a point-to-point connection? _____________________________________________________
OSPF
Supplement AOSPF Single Area Configuration Examples
Example Single Area OSPF Configuration

P1R1 10.1.1.1/24 10.1.2.1/24
10.1.1.2/24 P1R2
Area 0
10.1.2.2/24
10.1.3.1/24
10.1.3.2/24
P1R3
www.cisco.com
BSCNA-13
This section includes configuration and show command output examples that result from configuring the network shown in the graphic.
Example of P1R3 Configuration for Single Area OSPF

The following is configuration of P1R3:
P1R3#show run Building configuration... Current configuration: ! version 11.2 no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname P1R3 ! interface Ethernet0 no ip address shutdown ! interface Ethernet1 no ip address shutdown ! interface Serial0 ip address 10.1.3.2 255.255.255.0 no fair-queue clockrate 64000 ! interface Serial1 ip address 10.1.2.2 255.255.255.0 ! router ospf 1 network 10.1.2.0 0.0.0.255 area 0 network 10.1.3.0 0.0.0.255 area 0 ! no ip classless ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login ! end
Run OSPF on both interfaces
P1R3#
Example of P1R3 Show output for Single Area OSPF

The following is the output of some show commands on P1R3:
P1R3#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 10.0.0.0/24 10.1.3.0 10.1.2.0 10.1.1.0 is subnetted, 3 subnets is directly connected, Serial0 is directly connected, Serial1 [110/128] via 10.1.3.1, 00:01:56, Serial0 [110/128] via 10.1.2.1, 00:01:56, Serial1
C C O
Routes learnt by OSPF
P1R3#show ip ospf neighbor detail Neighbor 10.1.3.1, interface address 10.1.3.1 In the area 0 via interface Serial0 Neighbor priority is 1, State is FULL Options 2 Dead timer due in 00:00:34 Neighbor 10.1.2.1, interface address 10.1.2.1 In the area 0 via interface Serial1 Neighbor priority is 1, State is FULL Options 2 Dead timer due in 00:00:36 P1R3#show ip ospf database OSPF Router with ID (10.1.3.2) (Process ID 1) Router Link States (Area 0) Link ID 10.1.2.1 10.1.3.1 10.1.3.2 P1R3# ADV Router 10.1.2.1 10.1.3.1 10.1.3.2 Age 301 292 288 Seq# 0x80000004 0x80000004 0x80000004
Note state of neighbors is FULL
Type 1 LSAs
Checksum 0x4A49 0x1778 0x5D2E Link count 4 4 No type 2 LSAs 4 because all
connections are point-to-point
Supplement BOSPF Multi-area Configuration Examples
Example Multi-Area OSPF Configuration
10.1.1.1/24
P1R1
10.1.2.1/24
10.2.1.1/24 10.2.1.2/24
P2R1
10.2.2.1/24
10.1.1.2/24
Area 1
10.1.3.2/24
10.1.2.2/24
Area 2
10.2.2.2/24
P1R2 10.1.3.1/24
P1R3
Area 0
P2R2 10.2.3.1/24
10.2.3.2/24
P2R3
10.64.0.1/24
10.64.0.2/24
www.cisco.com
BSCNA-14
Example of ABR Configured for Route Summarization and Stub

The following is configuration output for P1R3, a router that is an ABR for a stub area, and is doing route summarization:
P1R3#show run Building configuration... Current configuration: ! version 11.2 no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname P1R3 ! interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! interface Ethernet1 no ip address shutdown ! interface Serial0 ip address 10.1.3.2 255.255.255.0 no fair-queue clockrate 64000 ! interface Serial1 ip address 10.1.2.2 255.255.255.0 ! router ospf 1 network 10.64.0.0 0.0.0.255 area 0 network 10.1.2.0 0.0.0.255 area 1 network 10.1.3.0 0.0.0.255 area 1 area 1 stub no-summary area 1 range 10.1.0.0 255.255.0.0 ! no ip classless ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login ! end
Totally stubby configuration
Summarize area 1 routes with 10.1.0.0/16 route
Example show Output Before Areas Are Configured for Stub and Route Summarization
The following is example output from P1R3, before the network is configured with stub areas and route summarization:
P1R3#show ip ospf database OSPF Router with ID (10.64.0.1) (Process ID 1) Router Link States (Area 0) Link ID 10.64.0.1 10.64.0.2 ADV Router 10.64.0.1 10.64.0.2 Age 84 85 Seq# Checksum Link count 0x80000009 0x6B87 1 0x8000000C 0x6389 1
Net Link States (Area 0) Link ID 10.64.0.2 ADV Router 10.64.0.2 Age 85 Seq# Checksum 0x80000001 0x7990
Type 2 LSAs for Area 0
Summary Net Link States (Area 0) Link ID 10.1.1.0 10.1.2.0 10.1.3.0 10.2.1.2 10.2.2.1 10.2.3.1 ADV Router 10.64.0.1 10.64.0.1 10.64.0.1 10.64.0.2 10.64.0.2 10.64.0.2 Age 128 129 129 71 41 51 Seq# 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 Checksum 0x92D2 0x59F 0xF9A9 0x716F 0x7070 0x657A
Router Link States (Area 1) Link ID 10.1.2.1 10.1.3.1 10.64.0.1 ADV Router 10.1.2.1 10.1.3.1 10.64.0.1 Age 859 868 133 Seq# 0x80000004 0x80000004 0x80000007 Checksum 0xD681 0xEB68 0xAF61 Link count 4 4 4
Summary Net Link States (Area 1) Link ID 10.2.1.2 10.2.2.1 10.2.3.1 10.64.0.0 P1R3# ADV Router 10.64.0.1 10.64.0.1 10.64.0.1 10.64.0.1 Age 74 45 55 80 Seq# 0x80000001 0x80000001 0x80000001 0x80000003 Checksum 0xDBFB 0xDAFC 0xCF07 0x299
Example show Output after Areas Are Configured for Stub and Route Summarization
The following is example output from P1R3, after the network is configured with stub areas and route summarization:
P1R3#show ip ospf database OSPF Router with ID (10.64.0.1) (Process ID 1) Router Link States (Area 0) Link ID 10.64.0.1 10.64.0.2 ADV Router 10.64.0.1 10.64.0.2 Age 245 246 Seq# Checksum Link count 0x80000009 0x6B87 1 0x8000000C 0x6389 1
Net Link States (Area 0) Link ID 10.64.0.2 ADV Router 10.64.0.2 Age 246 Seq# Checksum 0x80000001 0x7990
Summary Net Link States (Area 0) Link ID 10.1.0.0 10.2.0.0 ADV Router 10.64.0.1 10.64.0.2 Age 54 25 Seq# Checksum 0x80000001 0x1B8B 0x80000001 0x9053
Router Link States (Area 1) Link ID 10.1.2.1 10.1.3.1 10.64.0.1 ADV Router 10.1.2.1 10.1.3.1 10.64.0.1 Age 1016 1026 71 Seq# 0x80000004 0x80000004 0x80000009 Checksum 0xD681 0xEB68 0xE9FF Link count 4 4 2
Summary Net Link States (Area 1) Link ID 0.0.0.0 P1R3# ADV Router 10.64.0.1 Age 76 Seq# Checksum 0x80000001 0x4FA3
EIGRP
Supplement AEIGRP Configuration Output Examples
Example EIGRP Configuration
P1R1
10.1.1.1/24 10.1.2.1/24
P2R1
10.2.1.1/24 10.2.1.2/24 10.2.2.1/24
10.1.1.2/24
10.1.2.2/24
10.2.2.2/24
P1R2
10.1.3.1/24
10.1.3.2/24
P1R3
P2R2
10.2.3.1/24
P2R3
10.2.3.2/24
10.64.0.1/24
10.64.0.2/24
Shutdown
www.cisco.com
BSCNA-15
Example EIGRP Configuration

Following is an example configuration output for P1R3 running EIGRP:
P1R3#show run Building configuration... Current configuration: ! version 11.2 no service udp-small-servers no service tcp-small-servers ! hostname P1R3 ! enable password san-fran ! no ip domain-lookup ipx routing 0000.0c01.3333 ipx maximum-paths 2 ! interface Loopback0 no ip address ipx network 1013 ! interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! interface Serial0 ip address 10.1.3.2 255.255.255.0 ipx input-sap-filter 1000 ipx network 1003 ! interface Serial1 ip address 10.1.2.2 255.255.255.0 ipx input-sap-filter 1000 ipx network 1002 clockrate 56000 ! <Output Omitted> ! router eigrp 200 network 10.0.0.0 ! no ip classless ! line con 0 exec-timeout 20 0 password cisco login line aux 0 line vty 0 4 password cisco login ! end
EIGRP configured.
Example of EIGRP Configuration with bandwidth and ip summary-address Commands

Following is an example configuration output for P1R3 running EIGRP with bandwidth and ip summary-address commands configured:
P1R3#show run Building configuration... Current configuration: ! version 11.2 no service udp-small-servers no service tcp-small-servers ! hostname P1R3 ! enable password san-fran ! no ip domain-lookup ! interface Loopback0 no ip address ipx network 1013 ! interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ip summary-address eigrp 200 10.1.0.0 255.255.0.0 ! interface Serial0 ip address 10.1.3.2 255.255.255.0 bandwidth 64 Modify bandwidth ipx input-sap-filter 1000 ipx network 1003 ! interface Serial1 ip address 10.1.2.2 255.255.255.0 ipx input-sap-filter 1000 ipx network 1002 clockrate 56000 ! ! <Output Omitted> ! router eigrp 200 network 10.0.0.0 ! no ip classless ! line con 0 exec-timeout 20 0 password cisco login line aux 0 line vty 0 4 password cisco login ! end
EIGRP route summary entry.
from the default of 1.544 Mbps to 64 kbps.
Example of Effects of modifying bandwidth Command

Following are before and after topology table outputs for P1R3 when modifying bandwidth on serial 0 links on all routers:
Before bandwidth is modifiedAll links are equal bandwidth
P1R3#show ip eigrp topology all IP-EIGRP Topology Table for process 200 IP-EIGRP Topology Table for process 200 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 10.1.3.0/24, 1 successors, FD is 2169856, serno 2 via Connected, Serial0 P 10.1.2.0/24, 1 successors, FD is 2169856, serno 3 via Connected, Serial1 P 10.1.1.0/24, 2 successors, FD is 2681856, serno 9 via 10.1.3.1 (2681856/2169856), Serial0 In the via 10.1.2.1 (2681856/2169856), Serial1 to the P1R3#show ip eigrp topology IP-EIGRP Topology Table for process 200 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 10.1.3.0/24, 1 successors, FD is 2169856 via Connected, Serial0 P 10.1.2.0/24, 1 successors, FD is 2169856 via Connected, Serial1 P 10.1.1.0/24, 2 successors, FD is 2681856 via 10.1.3.1 (2681856/2169856), Serial0 via 10.1.2.1 (2681856/2169856), Serial1
case of equal cost paths same network, both routes appear in the topology table as successors.
After bandwidth is modifiedS0 links are lower bandwidth

P1R3#show ip eigrp topology IP-EIGRP Topology Table for process 200 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 10.1.3.0/24, 1 successors, FD is 40512000 via Connected, Serial0 via 10.1.2.1 (3193856/2681856), Serial1 P 10.1.2.0/24, 1 successors, FD is 2169856 via Connected, Serial1 P 10.1.1.0/24, 1 successors, FD is 2681856 via 10.1.2.1 (2681856/2169856), Serial1 Only
one route appears as a successor.
P1R3#show ip eigrp topology all IP-EIGRP Topology Table for process 200 Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - Reply status P 10.1.3.0/24, 1 successors, FD is 40512000, serno 48 via Connected, Serial0 All routes appear here, but one route via 10.1.2.1 (3193856/2681856), Serial1 has a higher advertised distance P 10.1.2.0/24, 1 successors, FD is 2169856, serno 3 than the feasible distance of the via Connected, Serial1 successor route, so it is not selected P 10.1.1.0/24, 1 successors, FD is 2681856, serno 50 as a feasible successor or successor. via 10.1.2.1 (2681856/2169856), Serial1 via 10.1.3.1 (41024000/40512000), Serial0, serno 51 P1R3#
BGP
Supplement ABGP Configuration Output Examples
Example BGP Configuration

10.14.0.1/24 10.14.0.2/24 1.2.0.1/16 1.2.0.2/16
P1R1
1.1.0.2/16
P2R1
2.2.0.1/16 2.2.0.2/16 2.1.0.2/16
AS1
1.3.0.1/16 1.3.0.2/16 10.14.0.3/24
1.1.0.1/16
AS2
2.3.0.1/16 2.3.0.2/16
2.1.0.1/16
P1R2
P1R3
P2R2
P2R3
10.14.0.4/24
3.2.0.1/16
P3R1
3.1.0.2/16 3.1.0.1/16
4.2.0.1/16 4.2.0.1/16
P4R1
4.1.0.2/16 4.1.0.1/16
3.2.0.2/16
AS3
3.3.0.1/16 3.3.0.2/16
AS4
4.3.0.1/16 4.3.0.2/16
P3R2
P3R3
P4R2
P4R3
www.cisco.com
BSCNA-16
This section includes configuration and show command output examples that result from configuring the network shown in the graphic. RIP is configured as the internal routing protocol within the autonomous systems and BGP is the external protocol between the autonomous systems. BGP routes are redistributed into RIP.
Example of BGP/RIP Configuration for P1R1

Following is an example configuration for P1R1, running both RIP and BGP:
P1R1#show run <output omitted> ! interface Ethernet0 ip address 10.14.0.1 255.255.255.0 ! interface Serial0 ip address 1.1.0.2 255.255.0.0 ! interface Serial1 ip address 1.2.0.1 255.255.0.0 ! router rip network 10.0.0.0 network 1.0.0.0 passive-interface e0 redistribute bgp 1 metric 3 ! router bgp 1 network 1.0.0.0 neighbor 10.14.0.2 remote-as 2 neighbor 10.14.0.3 remote-as 3 neighbor 10.14.0.4 remote-as 4 ! no ip classless ! <output omitted>
RIP advertises network 10.0.0.0 so internal routers can see network 10.0.0.0 Do not allow RIP to advertise any routes on the backbone Redistribute BGP information into RIP, with a hop count of 3
Advertise network 1.0.0.0 to BGP neighbors Router has 3 external BGP neighbors
Example of RIP Configuration for P1R2

Following is an example configuration for P1R2, one of the routers only running RIP:
P1R2#show run <output omitted> ! interface Ethernet0 shutdown ! interface Serial0 ip address 1.2.0.2 255.255.0.0 ! interface Serial1 ip address 1.3.0.1 255.255.0.0 ! router rip network 1.0.0.0 ! no ip classless ! <output omitted>
Run RIP on network 1.0.0.0 and advertise network 1.0.0.0
Example Output of show ip route for P1R1

Following is an example output of show ip route on P1R1, one of the routers running RIP and BGP:
P1R1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 1.0.0.0/16 is subnetted, 3 subnets 1.1.0.0 is directly connected, Serial0 1.3.0.0 [120/1] via 1.2.0.2, 00:00:25, Serial1 [120/1] via 1.1.0.1, 00:00:22, Serial0 C 1.2.0.0 is directly connected, Serial1 B 2.0.0.0/8 [20/0] via 10.14.0.2, 00:03:26 B 3.0.0.0/8 [20/0] via 10.14.0.3, 00:03:26 B 4.0.0.0/8 [20/0] via 10.14.0.4, 00:03:26 10.0.0.0/24 is subnetted, 1 subnets C 10.14.0.0 is directly connected, Ethernet0 P1R1# C R
Routes learned from BGP
Example Output of show ip route for P1R2

Following is an example output of show ip route on P1R2, one of the routers running only RIP:
P1R2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR Gateway of last resort is not set 1.0.0.0/16 is subnetted, 3 subnets 1.1.0.0 [120/1] via 1.2.0.1, 00:00:17, Serial0 [120/1] via 1.3.0.2, 00:00:26, Serial1 C 1.3.0.0 is directly connected, Serial1 C 1.2.0.0 is directly connected, Serial0 R 2.0.0.0/8 [120/3] via 1.2.0.1, 00:00:17, Serial0 R 3.0.0.0/8 [120/3] via 1.2.0.1, 00:00:17, Serial0 R 4.0.0.0/8 [120/3] via 1.2.0.1, 00:00:17, Serial0 R 10.0.0.0/8 [120/1] via 1.2.0.1, 00:00:17, Serial0 P1R2# R
Routes learned by being redistributed into RIP from BGP
Route Optimization
Supplement AExamples of Redistribution in a Non-Redundant Configuration
Note to reviewers: The original supplement Redistribution Configuration Output Examples has been split into Note two supplements: Examples of Redistribution in a Non-Redundant Configuration and Examples of Redistribution in a Redundant Configuration
Addressing for Redistribution Configuration Example
10.1.1.1/24 10.1.1.2/24 P1R2
P1R1
10.1.2.1/24
10.2.1.1/24 10.1.2.2/24 10.2.1.2/24 P1R3 P2R2
P2R1
10.2.2.1/24 10.2.2.2/24
Pod 1
Pod 2
10.1.3.1/24
10.1.3.2/24
P2R3 10.2.3.2/24
10.2.3.1/24 10.64.0.1/24 10.64.0.2/24
www.cisco.com
BSCNA-17
This section includes configuration and show command output examples that result from configuring the network shown in the graphic. The addressing for this configuration is shown on this page; protocols for the example are shown on the next page.
Example Non-Redundant Redistribution Configuration

PxR1 PxR1
Pod 1
E0 PxR2 PXR3 E0 PxR2
Pod 2
EIGRP
OSPF
EIGRP
PxR3
www.cisco.com
BSCNA-18
The addressing for this configuration is shown on the previous page; protocols for the example are shown on this page.
Example of Redistribution between EIGRP and OSPF

Following is an example configuration output for P1R3, an ASBR supporting EIGRP and OSPF.
P1R3#show run Building configuration... Current configuration: ! version 11.2 ! hostname P1R3 ! enable password san-fran ! no ip domain-lookup ipx routing 0000.0c01.3333 ipx maximum-paths 2 ! interface Loopback0 no ip address ipx network 1013 ! interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! interface Serial0 ip address 10.1.3.2 255.255.255.0 bandwidth 64 ipx input-sap-filter 1000 ipx network 1003 ! interface Serial1 ip address 10.1.2.2 255.255.255.0 ipx input-sap-filter 1000 ipx network 1002 clockrate 56000 ! <Output Omitted> ! router eigrp 200 EIGRP is configured. redistribute ospf 300 metric 10000 100 255 1 1500 Redistribute O SPF process using passive-interface Ethernet0 the defined seed metric. network 10.0.0.0 Passive interface so EIGRP traffic will not ! be advertised out E0. router ospf 300 OSPF is configured. redistribute eigrp 200 subnets EIGRP networks, including subnetted network 10.64.0.0 0.0.255.255 area 0 networks to be redistributed. ! no ip classless OSPF area is the backbone area 0. ! line con 0 exec-timeout 20 0 password cisco login line aux 0 line vty 0 4 password cisco login ! end
Example of Redistribution between EIGRP and OSPF (cont.)

Following are example outputs verifying that external routes are learned by OSPF and EIGRP, respectively, on an ASBR.
P1R3#show ip ospf database OSPF Router with ID (10.64.0.1) (Process ID 300)
Router Link States (Area 0) Link ID count 10.64.0.1 1 10.64.0.2 1 (Area 0) Link ID Checksum 10.64.0.2 0x7791 States Link ID Checksum Tag 10.1.1.0 0 10.1.2.0 0 10.1.3.0 0 10.2.1.0 0 10.2.2.0 0 10.2.3.0 0 10.64.0.0 0 10.64.0.0 0 P1R3# ADV Router 10.64.0.1 10.64.0.1 10.64.0.1 10.64.0.2 10.64.0.2 10.64.0.2 10.64.0.1 10.64.0.2 Age 202 202 202 1686 1686 1686 204 1688 Seq# 0x80000002 0x80000002 0x80000002 0x80000001 0x80000001 0x80000001 0x80000002 0x80000001 0xE95E 0xDE68 0xD372 0xD96D 0xCE77 0xC381 0xFD0C 0xF910 ADV Router 10.64.0.2 Age 274 Seq# 0x80000002 ADV Router 10.64.0.1 10.64.0.2 Net Link States Age 280 274 Seq# Checksum Link 0x80000005 0x767F 0x80000004 0x767D
Type-5 AS External Link
External routes learned by OSPF. Note that subnetted networks are included.
P1R3#show ip eigrp topology IP-EIGRP Topology Table for process 200 Codes: P - Passive, A - Active, U - Update, Q - Query, R Reply, r - Reply status P 10.1.3.0/24, 1 successors, FD is 40512000 via Connected, Serial0 via 10.1.2.1 (3193856/2681856), Serial1 P 10.2.1.0/24, 1 successors, FD is 281600 via Redistributed (281600/0) P 10.1.2.0/24, 1 successors, FD is 2169856 via Connected, Serial P 10.2.2.0/24, 1 successors, FD is 281600 via Redistributed (281600/0) P 10.1.1.0/24, 1 successors, FD is 2681856 via 10.1.2.1 (2681856/2169856), Serial1 P 10.2.3.0/24, 1 successors, FD is 281600 via Redistributed (281600/0) P 10.64.0.0/24, 1 successors, FD is 281600 via Connected, Eth t0
External routes learned by EIGRP.
Supplement BExamples of Redistribution in a Redundant Configuration
Addressing for Redistribution Configuration Example
E0:10.14.0.1/24 10.1.1.1/24 10.1.1.2/24 P1R1 10.1.2.1/24
E0:10.14.0.2/24 10.2.1.1/24 P2R1 10.2.2.1/24 10.2.2.2/24
Pod 1
10.1.2.2/24 10.2.1.2/24 P1R3 10.1.3.2/24 P2R2
Pod 2
P1R2 10.1.3.1/24
P2R3 10.2.3.2/24
10.2.3.1/24 10.64.0.1/24 10.64.0.2/24
www.cisco.com
BSCNA-19
This section includes configuration and show command output examples that result from configuring the network shown in the graphic. The addressing for this configuration is shown on this page; protocols for the example are shown on the next page.
Example Redundant Redistribution Configuration

IGRP 200
P1R1 P2R1
Pod 1
E0 P1R2 P1R3 E0 P2R2
Pod 2
RIP
OSPF
IGRP 200
P2R3
P1R1RIP and IGRP 200; passive interface on E0 for RIP and passive interface on S0 and S1 for IGRP P1R2RIP P1R3RIP and OSPF; passive interface on E0 for RIP P2R1IGRP 200 P2R2OSPF and IGRP 200; passive interface on E0 for IGRP P2R3IGRP 200
www.cisco.com
BSCNA-20
The addressing for this configuration is shown on the previous page; protocols for the example are shown on this page.
Example of Redistribution between RIP and IGRP

Following is an example configuration output for P1R1, an ASBR supporting RIP and IGRP:
P1R1#show run Building configuration... <Output Omitted> ! interface Loopback0 no ip address ipx network 1011 ! interface Ethernet0 ip address 10.14.0.1 255.255.255.0 ! interface Serial0 ip address 10.1.2.1 255.255.255.0 bandwidth 64 ipx network 1002 no fair-queue ! interface Serial1 ip address 10.1.1.1 255.255.255.0 ipx network 1001 clockrate 56000 ! <Output Omitted> ! router rip redistribute igrp 200 metric 3 passive-interface Ethernet0 network 10.0.0.0 ! router igrp 200 redistribute rip metric 56 2000 255 1 1500 passive-interface Serial0 passive-interface Serial1 network 10.0.0.0 ! no ip classless ! line con 0 exec-timeout 0 0 password cisco login line aux 0 line vty 0 4 exec-timeout 0 0 password cisco login ! end
RIP configuration. Redistribute IGRP into RIP using a seed metric of 3 hops. IGRP configuration. Redistribute RIP into OSPF using the listed seed metric.
Example of Redistribution between RIP and OSPF

Following is an example configuration output for P1R3, an ASBR supporting RIP and OSPF:
P1R3#show run Building configuration... Current configuration: ! version 11.2 <Output Omitted> ! interface Loopback0 no ip address ipx network 1013 ! interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! interface Serial0 ip address 10.1.3.2 255.255.255.0 bandwidth 64 ipx input-sap-filter 1000 ipx network 1003 ! interface Serial1 ip address 10.1.2.2 255.255.255.0 ipx input-sap-filter 1000 ipx network 1002 clockrate 56000 ! <Output Omitted> ! router ospf 300 redistribute rip subnets network 10.64.0.0 0.0.255.255 area 0 ! router rip redistribute ospf 300 metric 3 passive-interface Ethernet0 network 10.0.0.0 ! no ip classless ! line con 0 exec-timeout 20 0 password cisco login line aux 0 line vty 0 4 exec-timeout 0 0 password cisco login ! end
OSPF configured. Redistribute RIP routes, including subnetted networks. RIP configured. Redistribute OSPF using a seed metric of 3.
Example of Redistribution between OSPF and IGRP

Following is an example configuration output for P2R2, an ASBR supporting OSPF and IGRP:
Example of Resolving Suboptimal Path Selection Using Administrative Distance

Following is an example configuration output for P1R3 which has been configured to use the distance command to resolve the suboptimal path selection:
P1R3#show run Building configuration... <Output Omitted> no ip domain-lookup ipx routing 0000.0c01.3333 ipx maximum-paths 2 ! interface Loopback0 no ip address ipx network 1013 ! interface Ethernet0 ip address 10.64.0.1 255.255.255.0 ! interface Serial0 ip address 10.1.3.2 255.255.255.0 bandwidth 64 ipx input-sap-filter 1000 ipx network 1003 ! interface Serial1 ip address 10.1.2.2 255.255.255.0 ipx input-sap-filter 1000 ipx network 1002 clockrate 56000 ! <Output Omitted> ! ! router ospf 300 redistribute rip subnets network 10.64.0.0 0.0.255.255 area 0 ! router rip redistribute ospf 300 metric 3 passive-interface Ethernet0 network 10.0.0.0 distance 105 0.0.0.0 255.255.255.255 1 ! no ip classless access-list 1 permit 10.14.0.0 access-list 1 permit 10.1.1.0 ! line con 0 exec-timeout 20 0 password cisco login line aux 0 line vty 0 4 exec-timeout 0 0 password cisco login ! end
Indicates to assign an administrative distance of 105 to the RIP-learned routes for networks listed in the access list. In this way they will be selected over OSPF-learned routes to these networks. OSPF has an administrative distance of 110. Access list indicates which networks to assign the new administrative distance of 105.
Example of Resolving Suboptimal Path Selection Using Administrative Distance (cont.)

Following is the before and after show ip route output results when P1R3 is using the distance command:
Before Administrative Distance Modified
P1R3#show ip route <Output Omitted> 10.0.0.0/24 is subnetted, 8 subnets O E2 10.14.0.0 [110/20] via 10.64.0.2, 01:31:38, Ethernet0 C 10.1.3.0 is directly connected, Serial0 O E2 10.2.1.0 [110/20] via 10.64.0.2, 01:31:39, Ethernet0 C Serial1 O E2 O E2 O E2 C P1R3# 10.1.2.0 is directly connected, 10.2.2.0 [110/20] via 10.64.0.2, 10.1.1.0 [110/20] via 10.64.0.2, 10.2.3.0 [110/20] via 10.64.0.2, 10.64.0.0 is directly connected, 01:31:39, Ethernet0 01:31:39, Ethernet0 01:31:39, Ethernet0 Ethernet0
These routes are kept because OSPF has a better administrativ distance than RIP. Note that they are suboptimal, if traced following the example graphic.
After Administrative Distance Modified

P1R3#show ip route <Output Omitted> 10.0.0.0/24 is subnetted, 8 subnets 10.14.0.0 [105/1] via 10.1.2.1, 00:00:00, Serial1
C 10.1.3.0 is directly connected, Serial0 10.2.1.0 [110/20] via 10.64.0.2, 00:01:36, Ethernet0 O E2 C 10.1.2.0 is directly connected, Serial1 10.2.2.0 [110/20] via 10.64.0.2, 00:01:36, Ethernet0 O E2 R 10.1.1.0 [105/1] via 10.1.3.1, 00:00:11, Serial0 [105/1] via 10.1.2.1, 00:00:00, Serial1 10.2.3.0 [110/20] via 10.64.0.2, 00:01:36, Ethernet0 O E2 C 10.64.0.0 is directly connected, Ethernet0 P1R3#
RIP-learned routes to same networks are selected because the OSPF routes are assigned a higher administrative distance when they are learned by OSPF. If the RIP routes were to fail, the OSPF routes would be selected, then used.
Example of Resolving Suboptimal Path Selection Using Route Filtering

Following is an example configuration output for P1R1 which has been configured to use the distribute-list command to resolve the suboptimal path selection:
P1R1#show run Building configuration... Current configuration: ! version 11.2 <Output Omitted> ! interface Loopback0 no ip address ipx network 1011 ! interface Ethernet0 ip address 10.14.0.1 255.255.255.0 ! interface Serial0 ip address 10.1.2.1 255.255.255.0 bandwidth 64 ipx network 1002 no fair-queue ! interface Serial1 ip address 10.1.1.1 255.255.255.0 ipx network 1001 clockrate 56000 ! <Output Omitted> ! router rip redistribute igrp 200 metric 3 passive-interface Ethernet0 network 10.0.0.0 ! router igrp 200 redistribute rip metric 56 2000 255 1 1500 passive-interface Serial0 passive-interface Serial1 network 10.0.0.0 distribute-list 1 in Ethernet0 ! no ip classless access-list 1 deny 10.1.3.0 access-list 1 deny 10.64.0.0 access-list 1 permit any ! ! line con 0 exec-timeout 0 0 password cisco login line aux 0 line vty 0 4 exec-timeout 0 0 password cisco login ! end
Indicates to follow permit and deny instructions in access list 1 on inbound IGRP packets received on E0. Access list indicates which routes to allow or deny by defining the network addresses. This list indicates to drop routes for networks 10.1.3.0 and 10.64.0.0, but permit all other routes.
Example of Resolving Suboptimal Path Selection Using Route Filtering (cont.)

Following is the before and after show ip route output that results when using the distribute-list command.
Before Route Filter IsUsed

P1R1#show ip route <Output Omitted> Gateway of last resort is not set 10.0.0.0/24 is subnetted 8 subnets directly C 10.14.0.0 is connected Ethernet0 I 10.1.3.0 [100/180771] via 10.14.0.2, 00:00:1510.2.1.0 [100/180671] via 10.14.0.2, Ethernet0 I 00:00:1510.1.2.0 is directly Ethernet0 C connected Serial0 I 10.2.2.0 [100/180671] via 10.14.0.2, 00:00:1510.1.1.0 is directly Ethernet0 C connected Serial1 I 10.2.3.0 [100/182671] via 10.14.0.2, 00:00:1510.64.0.0 [100/180771] via 10.14.0.2, Ethernet0 I 00:00:15 Ethernet0
These routes are kept because IGRP has a better administrativ distance than RIP. Note that they are suboptimal, if traced following the example graphic.
After a Route Fil er Is Used t

P1R1#show ip route <Output Omitted> 10.0.0.0/24 is subnetted 8 subnets directly C 10.14.0.0 is connected Ethernet0 R 10.1.3.0 [120/1] via 10.1.1.2, 00:00:16 Serial1[120/1] via 10 1 2 210.2.1.0 [100/180671] via 10.14.0.2, 00:00:04 Serial0 I 00:01:0110.1.2.0 is directly Ethernet0 C connected Serial0 I 10.2.2.0 [100/180671] via 10.14.0.2, 00:01:0110.1.1.0 is directly Ethernet0 C connected Serial1 I 10.2.3.0 [100/182671] via 10.14.0.2, 00:01:0110.64.0.0 [120/1] via 10.1.2.2, Ethernet0 R 00:00:04 Serial0
RIP-learned routes because IGRP routes for the same networks are filtered. In this case, if the RIP routes failed, the IGRP routes would not be used because they are filtered.
Supplement CExamples of One-Way Redistribution Configuration

The examples in this section are additional outputs for the network topology discussed during the Redistribution Example Using ip default-network section in Chapter 13.
ASBR Before Redistribution Is Configured

Following is the configuration of P1R3 before redistribution is configured:
P1R3#show run <Output Omitted> ! interface Ethernet0 ip address 172.6.31.5 255.255.255.0 ! interface Serial0 ip address 10.1.3.2 255.255.255.0 bandwidth 64 ipx input-sap-filter 1000 ipx network 1003 ! interface Serial1 ip address 10.1.2.2 255.255.255.0 ipx input-sap-filter 1000 ipx network 1002 clockrate 56000 ! <Output Omitted> ! router ospf 200 network 172.6.31.5 0.0.0.0 area 0 ! router rip network 10.0.0.0 ! no ip classless <Output Omitted> end P1R3#
Following is the show output on P1R3 before redistribution is configured:

P1R3#show ip route
<Output Omitted> C C R C 10.0.0.0/24 10.1.3.0 10.1.2.0 10.1.1.0 is subnetted, 3 subnets is directly connected, Serial0 is directly connected, Serial1 [120/1] via 10.1.3.1, 00:00:03, Serial0 [120/1] via 10.1.2.1, 00:00:03, Serial1 172.6.0.0/24 is subnetted, 1 subnets 172.6.31.0 is directly connected, Ethernet0
P1R3#show ip ospf neighbor Neighbor ID 172.6.31.6 Pri 1 State FULL/DR Dead Time 00:00:30 Address 172.6.31.6 Interface Ethernet0
P1R3#show ip protocols
Routing Protocol is "rip" Sending updates every 30 seconds, next due in 0 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain BRI0 1 1 2 Serial0 1 1 2 Serial1 1 1 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.2.1 120 00:00:03 10.1.3.1 120 00:00:21 10.64.0.2 120 00:06:43 Distance: (default is 120) Routing Protocol is "ospf 200" Sending updates every 0 seconds Invalid after 0 seconds, hold down 0, flushed after 0 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing: ospf 200 Routing for Networks: 172.6.31.5/32 Routing Information Sources: Gateway Distance Last Update Distance: (default is 110)
P1R3#show ip ospf neighbor

Neighbor ID Pri State Interface 172.6.31.6 1 FULL/DR Ethernet0 P1R3#show ip ospf database Dead Time 00:00:37 Address 172.6.31.6
OSPF Router with ID (172.6.31.5) (Process ID 200) Router Link States (Area 0) Link ID count 10.64.0.1 10.64.0.2 172.6.31.5 172.6.31.6 ADV Router 10.64.0.1 10.64.0.2 172.6.31.5 172.6.31.6 Age 648 648 259 260 Seq# 0x80000002 0x80000002 0x80000003 0x80000003 Checksum Link 0x7684 0x7483 0x8645 0x8444 1 1 1 1
Net Link States (Area 0) Link ID 10.64.0.2 172.6.31.6 ADV Router 10.64.0.2 172.6.31.6 Age 648 261 Seq# Checksum 0x80000001 0x7990 0x80000001 0x8B50
ASBR After Redistribution and ip default-network Are Configured

Following is the configuration for the ASBR with redistribution and ip defaultnetwork configured:
P1R3# show run

<Output Omitted> ! interface Ethernet0 ip address 172.6.31.5 255.255.255.0 ! interface Serial0 ip address 10.1.3.2 255.255.255.0 bandwidth 64 ! interface Serial1 ip address 10.1.2.2 255.255.255.0 clockrate 56000 ! <Output Omitted> ! router ospf 200 redistribute rip metric 10 subnets network 172.6.31.5 0.0.0.0 area 0 ! router rip network 10.0.0.0 ! no ip classless ip default-network 10.0.0.0 <Output Omitted> end
Following is the show output for the ASBR with redistribution and ip defaultnetwork configured:
P1R3#show ip protocol
Routing Protocol is "rip" <Output Omitted> Redistributing: rip Default version control: send version 1, receive any version Interface Send Recv Key-chain BRI0 1 1 2 Serial0 1 1 2 Serial1 1 1 2 Routing for Networks: 10.0.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.2.1 120 00:00:23 10.1.3.1 120 00:00:10 10.64.0.2 120 00:56:28 Distance: (default is 120) Routing Protocol is "ospf 200" <Output Omitted> Redistributing: rip, ospf 200 Routing for Networks: 172.6.31.5/32 Routing Information Sources: Gateway Distance 172.6.31.6 110 Distance: (default is 110) P1R3#
Last Update 00:45:28
Supplement DMore Redistribution Configuration Examples

This supplement presents some more redistribution configuration examples.
IGRP Redistribution Configuration Example

AS 71 10.0.0.0 AS 109 192.168.7.0
router igrp 71 redistribute igrp 109 distribute-list 3 out igrp 109 access-list 3 permit 192.168.7.0 0.0.0.255
Redistributes routes from AS 109 into AS 71

www.cisco.com
BSCNA-21
Cisco IOS software supports multiple IGRP autonomous systems. Each autonomous system maintains its own routing database. You can redistribute routing information between these routing databases. The following describes some of commands in the example in the graphic: Command redistribute igrp109 distribute-list 3 out igrp 109 Description Redistributes routes from IGRP 109 into IGRP 71. Uses access list 3 to define which routes will be redistributed from IGRP 109 into IGRP 71. Redistributes per access list 3. Applies the access list to outgoing routing updates. Identifies the IGRP routing process to filter.
3 out igrp 109
access-list 3 permit 192.168.7.0 0.0.0.255 Permits routes from only network 192.168.7.0. In this example, only routing updates from the 192.168.7.0 network are redistributed into autonomous system 71. Updates from other networks are denied.
RIP/OSPF Redistribution Configuration Example

RIP
172.16.9.1
Avoiding Loops
OSPF Area 0
R1
RIP
R3
172.16.8.1 R2
R2
RIP
"Back door" creates potential loop
router ospf 109 network 172.16.62.0 0.0.0.255 area 0 network 172.16.63.0 0.0.0.255 area 0 redistribute rip subnets metric-type 1 metric 20 distribute-list 11 out rip access-list 11 permit 172.16.8.0 0.0.7.255
www.cisco.com
BSCNA-22
In the example in the graphic, there is an additional path connecting the RIP clouds. These paths, or back doors, frequently exist, allowing the potential for feedback loops. You can use access lists to determine the routes that are advertised and accepted by each router. For example, access list 11 in the configuration file for router R1 allows OSPF to redistribute information learned from RIP only for networks 172.16.8.0 through 172.16.15.0. These commands prevent router R1 from advertising networks in other RIP domains onto the OSPF backbone, thereby preventing other boundary routers from using false information and forming a loop. You would configure similar access lists on R2 and R3.
Redistribution Example Using default-metric

RIP 172.16.0.0 Autonomous System 300 EIGRP 192.168.5.0
A
router rip network 172.16.0.0 redistribute eigrp 300 default-metric 3 router eigrp 300 network 192.168.5.0 redistribute rip default-metric 56 2000 255 1 1500
www.cisco.com
BSCNA-23
In the example in the graphic, the router is redistributing IP RIP and Enhanced IGRP routes. The 192.168.5.0 network is redistributed to the IP RIP network with a metric of three hops. Enhanced IGRP in autonomous system 300 learns routes from IP RIP. The following describes some of commands in the example in the graphic: Command redistribute eigrp 300 Description Enables redistribution of routes learned from Enhanced IGRP autonomous system 300 into the IP RIP network. Specifies that Enhanced IGRP learned routes are three hops away. Enables redistribution of routes learned from the IP RIP network into Enhanced IGRP autonomous system 300. The RIP-derived network is being redistributed with the following Enhanced IGRP metric values: Bandwidth is 56 kilobits per second. Delay is 2000 tens of microseconds. Reliability is 100 percent (255 of 255). Loading is less than 1 percent (1 of 255). MTU is 1500 bytes.
default-metric 3 redistribute rip
default-metric 56 2000 255 1 1500
56 2000 255 1 1500
Redistribution Filtering Example

RIP 192.168.5.0
router rip network 192.168.5.0 redistribute eigrp 1 default-metric 3 distribute-list 7 out eigrp 1 ! router eigrp 1 network 172.16.0.0 redistribute rip default-metric 56 2000 255 1 1500 ! access-list 7 deny 10.0.0.0 0.255.255.255 access-list 7 permit 0.0.0.0 255.255.255.255
EIGRP 172.16.0.0
EIGRP 10.0.0.0
Hides network 10.0.0.0 using redistribution filtering

www.cisco.com
BSCNA-24
The following describes some of commands in the redistribution filtering example in the graphic: Command redistribute eigrp 1 Description Enables routes learned from Enhanced IGRP autonomous system 1 to be redistributed into IP RIP. Specifies that all routes learned from Enhanced IGRP will be advertised by RIP as reachable in three hops. Defines that routes defined by access-list 7 leaving the Enhanced IGRP process will be filtered prior to being given to the RIP process.
default-metric 3
distribute-list 7 out eigrp 1
This example filters the redistribution of routing updates between the routing processes IP RIP and Enhanced IGRP. The distribute-list 7 out eigrp 1 command uses access-list 7 as the input for the RIP process. This distribute list redistributes all routing information except updates about network 10.0.0.0.
Redistribution Example Using default-metric and Route Filters

RIP 192.168.8.0 172.16.0.0 AS 109 192.168.7.0
router igrp 109 network 192.168.7.0 redistribute rip default-metric 10000 100 255 1 1500 distribute-list 10 out rip access-list 10 permit 172.16.0.0 0.0.255.255
Redistributes RIP-based routes into IGRP

www.cisco.com
BSCNA-25
The following describes some of commands in the redistribution example in the graphic: Command redistribute rip default-metric 10000 100 255 1 1500 distribute-list 10 out rip Description Redistributes RIP routes. Sets the metric for IGRP for all redistributed routes. Sets the minimum bandwidth of the route to 10000 kbps. Sets the delay to 100 tens of microseconds. Sets the reliability, in this case to the maximum. Sets the loading to 1. Sets the MTU to 1500 bytes. Uses access list 10 to limit updates going out of RIP into IGRP.
In this example, RIP routes are given an IGRP metric and advertised into the IGRP autonomous system. The RIP configuration for this example is shown on the next page.
Redistribution Example Using default-metric and Route Filters (cont.)
RIP 192.168.8.0 172.16.0.0
AS 109 192.31.7.0
router rip network 192.168.8.0 network 172.16.0.0 redistribute igrp 109 default-metric 4 distribute-list 11 out igrp 109 access-list 11 permit 192.31.7.0 0.0.0.255
Redistributes IGRP routes into RIP network

www.cisco.com
BSCNA-26
You can also redistribute IGRP-derived routes into the RIP network. The following describes some of commands in the redistribution example in the graphic: Command redistribute igrp 109 default-metric 4 Description Redistributes IGRP routes. Sets the metric for IGRP-derived routes to four hops.
Router Password Recovery
Overview
This appendix contains the procedure for password recovery on Cisco routers.
Router Password Recovery Procedure

Step 1 Enter ROM Monitor mode: Power cycle the router and within 60 seconds after the router comes up, press the break key. (On a PC the break key is probably a combination: <control> <break>). Enter the o or the e/s 2000002 command in order to read the configuration registers original value. (The configuration register default value is 0x2102). On some routers you must use the confreg utility to read the configuration register settings. When you use this utility you wont actually see the value of the configuration register, but you will see what settings are enabled; note what they are.
Step 2
Step 3
Set bit 6 (along with the original bit settings) in order to ignore NVRAM on boot up, using the o/r command. For example, if the original configuration register value was 0x2102, then setting bit 6 will give a value of 0x2142 for the configuration register. In this example, to set the configuration register, use: >o/r 0x2142 On some routers you must use the confreg utility to set the configuration register. In the utility, enter y when asked if you want to enable "ignore system config info"? y/n [n]. Keep all other settings the same as you noted in step 2.
Step 4
Initialize and reboot the router, using the i command, or the boot command on some routers.
Step 5
When the router boots it will go into setup mode. Answer no to all questions (just say no!)
Step 6
Once you are back at the router prompt, enter privileged mode: Router> enable
Step 7
Load the configuration in NVRAM to active memory: Router# copy startup-config running-config (or Router# config memory on older versions of the IOS). Remember that this is a merge, so all interfaces will be shutdown at this point because they were shutdown when the router loaded without a configuration.
B-2 Building Scalable Cisco Networks
Step 8
Enable all interfaces that should be enabled: hostname#config term hostname(config)#interface x/y hostname(config-if)#no shutdown
Step 9
Restore the original configuration register value: hostname#config term hostname(config)#config-register 0xvalue (for example hostname(config)#config-register 0x2102)
Step 10 Recover/record lost passwords hostname#show startup-config (or hostname#show config on older versions of the IOS).
Or, change passwords (you must use this method if passwords are encrypted): hostname#config term hostname(config)#enable secret newpassword hostname(config)#enable password newpassword hostname(config)#line con 0 hostname(config-line)#login hostname(config-line)#password newpassword
Step 11 Save your new configuration hostname# copy running-config startup-config (or hostname#write memory on older versions of the IOS).
Router Password Recovery B-3
Answers
Overview
This chapter contains the Answers to Exercises, Review Questions and Lab Exercises.
C-2 Building Scalable Cisco Networks
Chapter 2 Exercises
Answers To Written Exercise: Overview of Scalable Internetworks
Network Problem Connectivity restrictions Key Requirement Accessible but secure Cisco IOS Feature(s)
s
Dedicated and switched access technologies BGP support Scalable protocols Dial backup Access lists Scalable protocols Scalable protocols Access lists Compression over WANs Generic Traffic Shaping Access lists (not an end-all solution) Authentication protocols Dial backup Switched access technologies Route summarization Incremental updates Bridging mechanisms
Single paths available to all networks
Reliable and available
s s
Too much broadcast traffic
Efficient
s s
Convergence problems with metric limitations Competition for bandwidth
Reliable and available Efficient
s s s s
Illegal access to services on the internetwork
Accessible but secure
Single WAN links available to each remote site Expensive tariffs on WAN links that do not get much use Very large routing tables
Responsive Efficient
s s
Efficient
s s
Integrate networks using legacy protocols
Adaptable
Answers C-3
Chapter 3 Exercises
Written Exercise: Comparing Distance Vector Routing Protocols
Objective: Describe the operating characteristics of different distance vector routing protocols. 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: RIPv1, RIPv2, IGRP, EIGRP Protocol RIPv1, RIPv2 RIPv1, IGRP IGRP RIPv1, RIPv2, IGRP, EIGRP IGRP, EIGRP RIPv1, RIPv2 IGRP, EIGRP RIPv2, EIGRP RIPv1 Characteristic Has a hop count limitation of 15 hops Uses broadcast packets to propagate routing updates Has an administrative distance of 100 Supports split horizon to avoid routing loops Uses a composite metric to determine best path Employs a count to infinity concept to avoid routing loops Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment
___T___
___T___
_______
_______
Written Exercise: Comparing Link State Routing Protocols

Objective: Describe the operating characteristics of link-state routing protocols 1. Complete the following table by indicating which protocol(s) demonstrate the characteristic shown in the right-hand column. Indicate your choice(s) in the left-hand column by entering one or more of the following distance vector routing protocols: OSPF, IS-IS, EIGRP Protocol OSPF, IS-IS, EIGRP None IS-IS OSPF OSPF, IS-IS OSPF. IS-IS, EIGRP OSPF, EIGRP OSPF, IS-IS, EIGRP OSPF Characteristic Maintains additional tables to assist in rapid convergence Uses broadcast packets to propagate topology updates Has an administrative distance of 115 Supports flooding of updates to avoid routing loops Requires a hierarchical design to operate correctly Allows manual route summarization at any location Can select preferred path based upon bandwidth consideration Supports variable length subnet masks (VLSM) Is supported by all vendors of routing equipment
2. Which of the following statements are true for all link-state routing protocols? Indicate your selection by placing a T in the blank area in front of each statement. ___T___ Routing updates contain only the affected routes in the routing table
___T___
_______
___T___
_______
Answers C-5
Chapter 4 Exercises
Answers To Written Exercise: Calculating VLSMs
For 5 LANs with 25 users each, 3 subnet bits and 5 host bits will be needed, yielding a maximum of 8 subnets with 30 hosts each. A prefix of /27 will therefore be used. The available subnets are: 192.168.49.0/27 192.168.49.32/27 192.168.49.64/27 192.168.49.96/27 192.168.49.128/27 192.168.49.160/27 192.168.49.192/27 192.168.49.224/27
For the WAN addresses, one of the above subnets that is not used on the LANs would be further subnetted. A prefix of /30 would be used to allow for 2 host addresses on each WAN. This would leave 3 bits for additional subnetting, giving 8 subnets for the WANs. For example, if we further subnetted 192.168.49.160/27, the available subnets for the WANs are: 192.168.49.160/30 192.168.49.164/30 192.168.49.168/30 192.168.49.172/30 192.168.49.176/30 192.168.49.180/30 192.168.49.184/30 192.168.49.188/30
Answers To Written Exercises: Using Route Summarization

Exercise 1
Router C Route Table Entries 172.16.1.192/28 Routes That Can Be Advertised to Router D from Router C
172.16.1.192/27 Summarizes: 172.16.1.192/28, 172.16.1.208/28
172.16.1.208/28 172.16.1.64/28 172.16.1.64/26 Summarizes: 172.16.1.64/28, 172.16.1.80/28, 172.16.1.96/28, 172.16.1.112/28 172.16.1.80/28 172.16.1.96/28 172.16.1.112/28
Exercise 2:
Router H Route Table Entries 172.16.1.48/28 172.16.1.128/28 Routes That Can Be Advertised to Router D from Router H 172.16.1.48/28 172.16.1.128/26 Summarizes: 172.16.1.128/28, 172.16.1.144/28, 172.16.1.160/28, 172.16.1.176/28 172.16.1.144/28 172.16.1.160/28 172.16.1.176/28
Answers to Review Questions

1. What are some of the advantages of using a hierarchical IP addressing model? Reduced number of routing table entries Efficient allocation of addresses
2. Given an address with a prefix of /20, how many additional subnets are gained when subnetting with a prefix of /28? 28 = 256 additional subnets are gained
3. When selecting a route, the longest prefix match is used.
Answers C-7
Chapter 5 Exercises
Answer to Written Exercises: Comparing Routing Protocols
First Written Exercise
1 2 3 4 5 Destination address Identify neighbors Discover routes Select routes Maintain routing information
Second Written Exercise

1 2 3 4 5 6 7 8 DV (Note: OSPF sends out updates every 30 minutes.) LS DV DV LS LS DV LS
Chapter 6 Exercises
Answer to Written Exercise: OSPF Operation
Task: Answer the following questions. 1 List three reasons why OSPF operates better than RIP in a large internetwork. Refer to the list of reasons in the What Is OSPF? section. 2 What does a router do when it receives an LSU? When each router receives the LSU, it does the following: If the entry already exists and the received LSU has the same information, it resets the aging timer on the LSA entry and sends an LSAck to the DR. (Recall that the DR is the central point of contact during the flooding process.) If the entry already exists but the LSU includes new information, it sends a LSR to request all the information about the entry. If the entry already exists but the LSU includes older information, it sends an LSU with its information. 3 Identify when the exchange protocol and the flooding protocol are used, and describe how each operates. The exchange process is used to get neighboring routers into a Full state. To be initiated, two routers must agree on a master-slave relationship. The process enables them to synchronize their link-state databases using DDPs. Once in a Full state the exchange process does not get done again unless the Full state is changed to a different state. The flooding process is used anytime there is a change in a link-state, such as the link goes down or a new link is added to the network. In this process, all link-state changes are sent in LSU packets to the DR/BDR of the area. The DR is then responsible for forwarding the LSUs to all other routers in the network. 4 Write a brief description of the following: Internal routerA router that resides within an area and routes traffic. LSUA link-state update packet. This packet includes update information about link-state advertisements. DDPA database description packet. This packet is used during the exchange protocol and includes summary information about link-state entries. Hello packetUsed during the hello process, includes information that enables routers to establish themselves as neighbors.
Answers C-9
Match the term with the statement most closely describing it. Write the letter of the description next to the term. ___D ___B ___A ___C area Full state DR A) The router responsible for route synchronization. B) Indicates routers can route information. C) Indicates routers can discover link state information.
Exchange state D) A collection of routers and networks.
Name the two RFC-compliant modes for OSPF over Non-broadcast Multiaccess network:. Non-broadcast Point-to-Multipoint Name the two additional Cisco modes for OSPF over NBMA: Broadcast Point-to-point
Chapter 7 Exercises
Answers To Written Exercise: OSPF Operation across Multiple Areas
Define hierarchical routing and explain what internetwork problems it solves. OSPFs ability to separate a large internetwork into multiple areas is also referred to as hierarchical routing. Hierarchical routing enables you to separate your large internetwork (autonomous system) into smaller internetworks that are called areas. The advantages include smaller routing tables, reduced frequency of SPF calculations, and reduced LSU overhead.
An internal router will receive type-5 LSAs if it is what type of area? If it is an area that is NOT configured for stubby or totally stubby.
What area types are connected to the backbone area? All area types are connected to the backbone.
The backbone must be configured as what area? The backbone area must always be area 0.
Write a brief description of the following:
Answers C-11
LSA Type 1
Name Router link entry (record) (O-OSPF)
Description Generated by each router for each area it belongs to. It describes the states of the routers link to the area. These are only flooded within a particular area. The link status and cost are two of the descriptors provided. Generated by DRs in multiaccess networks. They describe the set of routers attached to a particular network. Flooded within the area that contains the network only. Originated by ABRs. Describes the links between the ABR and the internal routers of a local area. These entries are flooded throughout the backbone area to the other ABRs. Type-3 describes routes to networks within the local area that are sent to the backbone area. Type-4 describes routes from the ABR to the ASBR. These link entries are not flooded through totally stubby areas. Originated by the ASBR. Describes routes to destinations external to the autonomous system. Flooded throughout an OSPF autonomous system except for stub and totally stubby areas.
3 or 4
Summary link entry (IA-OSPF interarea)
Describe the path a packet must take in order to get from one area to another. The packet must go through the interarea, through the ABR, through the backbone area, through the next ABR, and then through the internal routers to its final destination.
When is a default route injected into an area? When the area is configured for stub or totally stubby.
Chapter 8 Exercises
Answers To Written Exercise: EIGRP Overview
1 2 3 4 5 6 7 8 9 D E G B A H A C F
10 A
Answers C-13
Chapter 9 Exercises
Answers To Written Exercise: BGP Terminology and Operation
1. What protocol does BGP us as its transport protocol? What port number does BGP use? BGP uses TCP as its transport protocol; port 179 has been assigned to BGP.
2. Any two routers that have formed a BGP connection are called BGP peers or BGP neighbors. 3. Write a brief description of the following: Internal BGP When BGP is running between routers within one AS it is termed internal BGP (IBGP).
External BGP When BGP is running between routers in different ASs it is termed external BGP (EBGP).
Well-known attributes A well-known attribute is one that all BGP implementations must recognize. Well-known attributes are propagated to BGP neighbors.
Transitive attributes A transitive attribute that is not implemented in a router can be passed to other BGP routers untouched
BGP synchronization The BGP synchronization rule states that a BGP router should not advertise a route to an external neighbor unless that route is local or is learnt from the IGP.
4. For an external update advertised by IBGP, where does the value for the nexthop attribute of an update come from? For an external update advertised by IBGP, the value of the next-hop attribute is carried from the EBGP update.
5. Describe the complication that an NBMA network can cause for the next-hop attribute of an update. When running BGP over a multi-access network, a BGP router will use the appropriate address as the next-hop address, to avoid inserting additional hops into the network. The address used is the router on the multi-access network that advertised the network. On ethernet that router will be accessible to all other routers on the ethernet. On NBMA media all routers on the network may not be accessible to each other, so the nexthop address used may be unreachable.
6. Complete the table to answer the following questions about these BGP attributes: Which order are the attributes preferred in (1, 2 or 3)? For the attribute, is the highest or lowest value preferred? Which other routers if any is the attribute sent to? Attribute Order Preferred in 2 3 1 Highest or Lowest value preferred? highest lowest highest Sent to which other routers? Sent to internal BGP neighbors only Sent to external BGP neighbors only Not sent to any BGP neighbors; local to router only
Local Preference MED Weight
7. How is the BGP Router ID chosen? The BGP Identifier is an IP address assigned to that router and is determined on startup. The BGP router ID is chosen the same way that the OSPF router ID is chosen it is highest active IP address on the router, unless a loopback interface with an IP address exists, in which case it is the highest such loopback IP address.

1. Describe the BGP synchronization rule. What command disables synchronization? BGP synchronization rule: Do not advertise a route to an external neighbor until a matching route has been learnt from an IGP. Use the no synchronization command to disable synchronization.
2. What are the four BGP message types? Open Keepalive Update Notification
3. How does BGP-4 support CIDR? BGP-4 support for CIDR includes: The BGP UPDATE message includes both the prefix and the prefix length; previous versions only included the prefix, the length was assumed from the address class. Addresses can be aggregated when advertised by a BGP router.
Answers C-15
The AS-path attribute can include AS-SEQUENCEs, which are ordered lists, and AS-SETs, which are unordered sets. An ASSEQUENCE is an ordered mathematical set of the ASs that have been traversed. The AS_SET is an unordered set of other ASs, not included in the AS-SEQUENCE, that any of the non-aggregated routes would transverse. The combination of the ASs listed in the both components should be considered to ensure that the route is loop-free.
4. What command is used to activate a BGP session with another router? The neighbor remote-as command is used to activate a BGP session with another router.
5. What command is used to display information about the BGP connections to neighbors? The show ip bgp neighbor command is used to display information about the BGP connections to neighbors.
Chapter 10 Exercises
Answers To Written Exercise: BGP Route Reflectors and Policy Control
1. Describe the BGP split horizon rule. The BGP split horizon rule specifies that routes learned via IBGP are never propagated to other IBGP peers.
2. What effect do route reflectors have on the BGP split horizon rule? Route reflectors modify the BGP split horizon rule by allowing the router configured as the route reflector to propagate routes learned by IBGP to other IBGP peers.
3. Write a brief description of the following: Route reflector: A router that is configured to be the router that is allowed to advertise (or reflect) routes that it learnt via IBGP to other IBGP peers.
Route reflector client: A route reflector will have a partial IBGP peering with other routers, which are called clients.
4. Routers configured as route reflectors do not have to be fully meshed with IBGP, true or false? False 5. When a route reflector receives an update from a client, it sends it to all non-client peers and to all client peers.
6. What is the command used to configure a router as a BGP route reflector? The neighbor route-reflector-client command is used to configure the router as a BGP route reflector and configure the specified neighbor as its client.
7. When an extended access-list is used in a distribute-list, what is the meaning of the parameters of the access-list? The syntax of the IP extended access-list is the same as usual, with a source address and wildcard, and a destination address and wildcard. However, the meanings of these parameters are different. The source parameters are used to indicate the address of the network whose updates are to be permitted or denied. The destination parameters are used to indicate the subnet mask of that network. The wildcard parameters indicate, for the network and subnet mask, which bits are relevant. Network/subnet mask bits corresponding to wildcard bits set to 1 are ignored during comparisons, and network/subnet mask bits corresponding to wildcard bits set to 0 are used in comparisons.
8. Describe the advantages of using prefix lists rather than access lists for BGP route filtering.
The advantages of using prefix lists include:

Answers C-17
A significant performance improvement over access-lists in loading and route lookup of large lists. Support for incremental modifications. Compared to the normal access-list where one no command will erase the whole access-list, a prefix-list can be modified incrementally. More user-friendly command-line interface. The command-line interface for using extended access lists to filter BGP updates is difficult to understand and use. Greater flexibility.
9. In a prefix list, what is the sequence number used for? The sequence number of the prefix-list statement is used to determine the order in which the statements are processed when filtering
10. What command is used to clear the hit count of the prefix list entries? The clear ip prefix-list name [network/len] command resets the hit count shown on prefix-list entries.

1. What is the command used to configure a router to distribute BGP information as specified in an access-list? The neighbor distribute-list command is used to distribute BGP neighbor information as specified in an access list.
2. What is a route reflector cluster? The combination of the route reflector and its clients is called a cluster.
3. Route maps use match commands to test conditions and set commands to modify routes. 4. What is the command used to specify that the BGP communities attribute should be sent to a neighbor? The neighbor send-community command is used to specify that the BGP communities attribute should be sent to a BGP neighbor.
5. When would peer groups be useful? Peer groups are useful to simplify configurations when many neighbors have the same policy. They are also more efficient since updates are generated only once per peer group rather than once for each neighbor.
6. What is BGP multi-homing? Multi-homing is the term used to describe when an AS is connected to more than one ISP. This is usually done for two reasons: To increase the reliability of the connection to the Internet, so that if one connection fails another will still be available. To increase the performance, so that better paths can be used to certain destinations.
7. What command is used to assign a weight to a neighbor connection?

C-18 Building Scalable Cisco Networks Copyright 1999, Cisco Systems, Inc.
The neighbor weight command is used to assign a weight to a neighbor connection.
8. What is the preferred method to use to advertise an aggregated route from an AS into BGP? The preferred method to advertise an aggregated route from an AS into BGP is to use the aggregate-address command. With this command as long as a more specific route exists in the BGP table, then the aggregate gets sent. If the aggregating router looses connection to the networks being aggregated, then they disappear from the BGP table and hence the BGP aggregate does not get sent.
Answers C-19
Answers To Written Exercise: Managing Traffic and Access
Answers will vary. Task: In the space below, briefly describe each cause of network congestion.
User services
Large volume of traffic at peak times Multiple large file transfers Client/server model overwhelms server with multiple, continuous requests
Router updates
Periodic advertisements Broadcast traffic affects all devices on the segment Exchanging large tables consumes bandwidth
DNS traffic
Broadcast traffic affects all devices on the segment Name server not always local affects multiple segments Name cache entries short-lived lookup must be repeated
Novell SAP broadcasts
Service advertisements are overhead Periodic announcements even if no changes Broadcast traffic affects all devices on the segment
Objective: List solutions for controlling network congestion. Task: List five ways to control network congestion: 1.____Filter user application traffic___
2. ____Filter unnecessary broadcast-based traffic__
3. ____Lengthen periodic announcement interval_____
4. ____Reduce routing update size__
5.____Eliminate need for dynamic learning___ Note: Answers will vary for these exercises.
Answers To Written Exercise: Configuring IP Access Lists Written Exercise: IP Extended Access Lists
Objective: Configure IP extended access lists.
y ,
w.cc.cm wisoo w
Create an access list and place it in the proper location to satisfy the following requirements:
s
Prevents all hosts on subnet 172.16.1.0/24 except host 172.16.1.3 from accessing the Web server on subnet 172.16.4.0 Prevents the outside world from pinging subnet 172.16.4.0 Allows all other hosts on all other subnets of network 172.16.0.0 (subnet mask 255.255.0.0) to send queries to the DNS server on subnet 172.16.4.0 Prevents only host 172.16.3.3 from accessing subnet 172.16.4.0
s s
Write your configuration in the space below. Be sure to include the router name (A or B), interface name (E0, E1, or E2), and access list direction (in or out). access-list 104 ip permit host 172.16.3.3 172.16.4.0 0.0.0.255 access-list 104 tcp permit 172.16.1.3 0.0.0.0 172.16.4.4 0 0.0.0 eq 80 access-list 104 tcp deny 172.16.1.0 0.0.0.255 host 172.16.4.4 eq 80 access-list 104 udp permit 172.16.0.0 0.0.255.255 host 172.16.4.4 eq 53 access-list 104 icmp permit 172.16.0.0 0.0.255.255 172.16.4.0 0.0.0.255
interface e2 ip access-group 104 out
Answers C-21

Objective: Configure an alternative to using access lists. Write the configuration statement in the box above that sends all traffic bound for 192.168.2.0 to the null interface. ip route 192.168.2.0 255.255.255.0 null0
Answers To Written Exercise: Redistribution and Controlling Routing Update Traffic
1 List three reasons why you may use multiple routing protocols in a network. Some reasons why you may need multiple protocols are as follows: When you are migrating from an older IGP to a new IGP, multiple redistribution boundaries may exist until the new protocol has displaced the old protocol completely. Dual existence of protocols is effectively the same as a long-term coexistence design. When you want to use another protocol but need to keep the old protocol due to the needs of host systems. Different departments might not want to upgrade their routers or they might not implement a sufficiently strict filtering policy. In these cases you can protect yourself by terminating the other routing protocol on one of your routers. If you have a mixed router vendor environment, you can use a Ciscospecific protocol in the Cisco portion of the network and then use a common protocol to communicate with non-Cisco devices.
What two parameters are used by routers to select the best path when they learn two or more routes to the same destination from different routing protocols? In order for routers to select the best path when they learn two or more routes to the same destination from different routing protocols, Cisco uses two parameters: Administrative distanceAdministrative distance is used to rate the believability of a routing protocol. Each routing protocol is prioritized in order of most to least believable (reliable) using a value called administrative distance. This criterion is the first a router uses to determine which routing protocol to believe if more than one protocol provides route information for the same destination. A routing metricThe metric is a value representing the path between the local router and the destination network. The metric is usually a hop or cost value, depending on the protocol being used.
What are the components of the EIGRP routing metric? The components of the EIGRP routing metric are: bandwidth delay reliability Minimum bandwidth of the route in kilobits per second. Route delay in tens of microseconds. Likelihood of successful packet transmission expressed in a number from 0 to 255, where 255 means the route is 100% reliable.
Answers C-23
loading
Effective loading of the route expressed in a number from 1 to 255, where 255 means the route is 100% loaded. Maximum transmission unit (MTU)the maximum packet size along the route in bytes, an integer greater than or equal to 1.
mtu
Consider that you have a dialup WAN connection between site A and site B. What can you do to prevent excess routing update traffic from crossing the link, but still have the boundary routers know the networks that are at the remote sites? Use static routes, possibly in combination with passive interfaces.
What command is used to cause RIP to source a default route? When running RIP, you can create the default route by using the ip default-network command. If the router has a directly connected interface onto the network specified in the ip default-network command, RIP will generate (or source) a default route to its RIP neighbor routers.
If there is no filter associated with an interface, what happens to packets destined for that interface? If a filter is not associated with the interface, the packets are processed normally.
What command can be used to discover the path that a packet takes through a network? To discover the routes a packet follows when traveling to its destination from a router, use the trace privileged EXEC command.
How can a routing loop result in a network that has redundant paths between two routing processes? Depending on how you employ redistribution, routers can send routing information received from one autonomous system back into that same autonomous system. The feedback is similar to the routing loop problem that occurs in distance vector technologies.
Answers To Review Questions

1. What is redistribution? Cisco routers allow internetworks using different routing protocols (referred to as autonomous systems) to exchange routing information through a feature called route redistribution. Redistribution is defined as the ability for boundary routers connecting different autonomous systems to exchange and advertise routing information received from one autonomous system to the other autonomous system.
2. What is the default administrative distance for IGRP? For RIP? For OSPF?
The default administrative distance for IGRP is 100. The default administrative distance for RIP is 120. The default administrative distance for OSPF is 110.
3. When configuring a default metric for redistributed routes, the metric should be set to a value larger than the largest metric within the AS. 4. What command is used for policy-based routing to establish criteria based on the packet length? The match length command can be used to establish criteria based on the packet length, between specified minimum and maximum values.
5. What command is used to configure filtering of the routing update traffic from an interface? What command mode is this command entered in? To assign an access list to filter outgoing routing updates, use the distribute-list access-list-number | name out interface-name command. This command is entered in Router(config-router)# command mode
6. What does the following command do? distance 150 0.0.0.0 255.255.255.255 3 The distance 150 0.0.0.0 255.255.255.255 3 command is used to change the default administrative distance of routes, from specific source addresses, that are permitted by an access-list. The parameters mean: 150 Defines the administrative distance that specified routes will be assigned.
0.0.0.0 255.255.255.255 Defines the source address of the router supplying the routing information, in this case any router. 3 Defines the access-list to be used to filter incoming routing updates to determine which will have their administrative distance changed.
Routes matching access-list 3, from any router, will be assigned an administrative distance of 150. 7. What are the benefits of policy-based routing? The benefits that can be achieved by implementing policy-based routing in the networks include: Source-Based Transit Provider Selection Quality of Service (QoS) Cost Savings Load Sharing
8. Policy-based routing is applied to incoming packets?
Answers C-25
Written Exercise: Using Scalable Strategies
1. Name the two major functions performed by routers. Routers perform both a routing and a switching function.
2. What are the benefits of VLSMs? The benefits of VLSMs include: Even more efficient use of IP addresses Greater capability to use route summarization
3. If the subnet 172.17.2.32/28 was further subnetted with a /30 prefix, how many more subnets would be created? How many hosts would be available on each of these new subnets? The additional 2 subnet bits would create 22 = 4 more subnets. There would be 22 2 = 2 hosts available on each of these subnets.
4. Define the following terms: IGP Interior gateway protocolA routing protocol used to exchange routing information within an autonomous system. RIP, IGRP, OSPF and EIGRP are examples of IGPs. EGPExterior gateway protocolsA routing protocol used to connect between autonomous systems. Border Gateway Protocol (BGP) is an example of an EGP. Autonomous System (AS): BGP Autonomous System A set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other ASs. Another definition of autonomous system internetworks using different routing protocols.
RedistributionThe ability for boundary routers connecting different autonomous systems to exchange and advertise routing information received from one autonomous system to the other autonomous system.
5. Describe some of the characteristics of BGP. BGP is a distance vector protocol, but is has many differences to the likes of RIP: BGP uses TCP as its transport protocol, which provides connectionoriented reliable delivery. In this way, BGP assumes that its communication is reliable and therefore it doesnt have to implement any retransmission or error recovery mechanisms. BGP uses TCP port 179. Two routers speaking BGP form a TCP connection with one another and exchange messages to open and confirm the connection parameters. These two routers are called peer routers or neighbors.
Once the connection is made, full routing tables are exchanged. However since the connection is reliable, BGP routers need only send changes (incremental updates) after that. Periodic routing updates are also not required on a reliable link, so triggered updates are used. BGP sends keepalive messages, similar to the hello messages sent by OSPF and EIGRP. BGP routers exchange network reachability information, called path vectors, made up of path attributes, including a list of the full path (of BGP AS numbers) that a route should take in order to reach a destination network. This path information is used in constructing a graph of ASs that is loop free and where routing policies can be applied in order to enforce some restrictions on the routing behavior. The path is loop free because a router running BGP will not accept a routing update that already includes its AS number in the path list, since this would mean that the update has already passed through its AS, and accepting it again would result in a routing loop.
6. Describe some of the ways in which access-lists can be used. Access lists can be used in many ways, including: To permit or deny packets from crossing specified router interfaces. To permit or deny virtual terminal (vty) access to and from a router. To establish a finer granularity of control when differentiating traffic into priority and custom queues. To identify interesting traffic that serves to trigger dialing in dialon-demand routing (DDR). To filter and alter attributes within a routing update.
7. Policy-based routing is applied to incoming packets on an interface.

1. What distinguishes classful routing protocols from classless routing protocols? Classful routing protocol characteristics: Periodic routing advertisements. Subnet masks are not advertised. Exchange routes to all subnetworks within the same network. The receiving device must know the mask associated with any advertised subnets, therefore all of the subnetworks in the major network must have the same routing mask. The subnetwork information from foreign networks (networks whose network portion does not match ours), must be summarized to a classful boundary using a default routing mask prior to inclusion in the routing update. The creation of a classful summary route at major network boundaries is handled automatically by classful routing protocols. Summarization
Answers C-27
at other points within the major network address is not allowed by classful routing protocols. Classless routing protocol characteristics: Once the initial topology learning phase is complete, updates about network routes are triggered by changes in topology. The event-driven approach reduces the periodic bandwidth consumption associated with full table updates. Advertises the subnet mask for each route. The summarization process is manually controlled and can be invoked at any point within the network. Since subnet routes are propagated throughout the routing domain, summarization is required to keep the size of the routing tables at a manageable size.
2. A router has the networks 192.168.160.0/24 through 192.168.175.0/24 in its routing table. How could it summarize these networks into one route? The addresses in binary are: 192.168.160.0/24 11000000 10101000 10100000 00000000 192.168.161.0/24 11000000 10101000 10100001 00000000 192.168.162.0/24 11000000 10101000 10100010 00000000 192.168.163.0/24 11000000 10101000 10100011 00000000 192.168.164.0/24 11000000 10101000 10100100 00000000 192.168.165.0/24 11000000 10101000 10100101 00000000 192.168.166.0/24 11000000 10101000 10100110 00000000 192.168.167.0/24 11000000 10101000 10100111 00000000 192.168.168.0/24 11000000 10101000 10101000 00000000 192.168.169.0/24 11000000 10101000 10101001 00000000 192.168.170.0/24 11000000 10101000 10101010 00000000 192.168.171.0/24 11000000 10101000 10101011 00000000 192.168.172.0/24 11000000 10101000 10101100 00000000 192.168.173.0/24 11000000 10101000 10101101 00000000 192.168.174.0/24 11000000 10101000 10101110 00000000 192.168.175.0/24 11000000 10101000 10101111 00000000 To determine the summary route, the router determines the number of highest-order number of bits that match in all of the addresses. Referring to the list of IP addresses above, 20 bits match in all of the addresses. Therefore the best summary route is 192.168.160.0/20.
3. In the BGP selection process, which attribute is checked first, AS-path, weight, or local preference? In the BGP selection process the weight is the first attribute checked, of the three listed.
Appendix A Exercises
Extending IP Addressing Written Exercise: Calculating Subnet Masks
1 You need to design an IP network for your organization. Your organizations IP address is 172.16.0.0. Your assessment indicates that the organization needs at least 130 networks of no more than 100 nodes in each network. As a result, you have decided to use a classful subnetting scheme based on the 172.16.0.0/24 scheme. In the space below write any four IP host addresses that are part of the range of subnetwork numbers. Also, write the subnet address and subnet mask for these addresses. One address is provided as an example.
172.16.1.1/24 172.16.1.0 255.255.255.0
172.16.2.9/24 172.16.3.11/24 172.16.4.12/24 172.16.255.2/24
172.16.2.0 255.255.255.0 172.16.3.0 255.255.255.0 172.16.4.0 255.255.255.0 172.16.255.0 255.255.255.0
Your network has the address 172.16.168.0/21. Write eight IP host addresses in this network: 172.16.168.1 172.16.168.255 172.16.169.1 172.16.175.253 172.16.168.2 172.16.169.0 172.16.169.2 172.16.175.254
Write the four IP addresses in the range described by the 192.168.99.16/30 address: 192.168.99.16 192.168.99.17 192.168.99.18 192.168.99.19
Of these four host addresses, which two could you use as hosts addresses in a point-to-point connection? 192.168.99.17 and 192.168.99.18
Answers C-29

Cisco - Building Scalable Cisco Networks

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Cisco - Building Scalable Cisco Networks

Загружено:

Авторское право:

Доступные форматы

1

Building Scalable Cisco Networks Introduction

1-2 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Course Objectives (cont.)

Copyright 1999, Cisco Systems, Inc.

Course Objectives (cont.)

1999, Cisco Systems, Inc.

1-4 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

1999, Cisco Systems, Inc.

Copyright 1999, Cisco Systems, Inc.

Building Scalable Cisco Networks (BSCN)

1999, Cisco Systems, Inc.

1-6 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Building Scalable Cisco Networks (BSCN)

1999, Cisco Systems, Inc.

The participant should also have a working knowledge of:

Copyright 1999, Cisco Systems, Inc.

One of the following combinations:

Building Scalable Cisco Networks (BSCN)

1999, Cisco Systems, Inc.

1-8 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

1999, Cisco Systems, Inc.

Copyright 1999, Cisco Systems, Inc.

Welcome: Please Introduce Yourself

1999, Cisco Systems, Inc.

1-10 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

1999, Cisco Systems, Inc.

Copyright 1999, Cisco Systems, Inc.

Student kit www.cisco.com CD-ROM Cisco Press

1-12 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Interenetworks

1999, Cisco Systems, Inc.

Module 2 includes the following chapters:

1-14 Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Data Service Unit/ Channel Service Unit

VLAN (Color May Vary) Fast Ethernet

Network Cloud or Broadcast Domain Circuit Switched Line

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Internetworks

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Networks

1999, Cisco Systems, Inc.

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Scaling Large Internetworks

1999, Cisco Systems, Inc.

Scaling Large Internetworks

Copyright 1999, Cisco Systems, Inc.

Overview of Scalable Internetworks

Defining the Routers Role in a Hierarchy

1999, Cisco Systems, Inc.

Defining the Routers Role in a Hierarchy

Building Scalable Cisco Networks

Copyright 1999, Cisco Systems, Inc.

Characterizing Scalable Internetworks

1999, Cisco Systems, Inc.