Вы находитесь на странице: 1из 64

Chapter 1:

Basic Network and Routing Concepts

Ильющенко Сергей Леонидович


Cisco: СCNP-R&S, CCNA-Security, CCIP, CCAI, CCIT;
Huawei: HCNP-R&S, HCNA-Storage;
VMware: VCA-DCV, VCA-WM, VCA-Cloud.
OSI Model
• The OSI reference model allows you to
– view the network functions that occur at each layer
– a framework that you can use to understand how
information travels throughout a network.
– understand, visualize, and troubleshoot the sending
and receiving data on a network
– visualize how information, or data packets, travels
from application programs, through a network
medium (e.g. wires, etc.), to another application
program that is located in another computer on a
network, even if the sender and receiver have
different types of network media
Cisco Enterprise Architecture
Техническая архитектура ЦОД
Enterprise Composite Network Model
Benefits of a Hierarchical Network:
• Scalability - The modularity of the design allows you to replicate design elements as the network grows.
• Redundancy - You can dramatically increase availability through easy redundant implementations with
hierarchical networks.
• Performance – link Aggregation
• Security – Port Security and Policies make the network more secure.
• Manageability - Manageability is relatively simple on a hierarchical network.
• Maintainability - Because hierarchical networks are modular in nature and scale very easily, they are easy to
maintain.
Routing
Routing is done packet-by-packet and
hop-by-hop. Each packet is treated
independently in each router along the
path. At each hop, the router examines
the destination IP address for each packet
and then checks the routing table for
forwarding information.

The router will do one of three things


with the packet:
• Forward it to the next-hop router
• Forward it to the destination host
• Drop it

L3 Header Packet

L2 Header Frame

Bits
Routing Table Principles

1. Every router makes its decision


alone, based on the information it has
in its own routing table.

2. The fact that one router has certain


information in its routing table does not
mean that other routers have the same
information.

3. Routing information about a path


from one network to another does not
provide routing information about the
reverse, or return, path.

Asymmetric Routing

Because routers do not necessarily


have the same information in their
routing tables, packets can traverse
the network in one direction, using
one path, and return via another path.
This is called asymmetric routing.
Asymmetric routing is more common
in the Internet, which uses the BGP
routing protocol than it is in most
internal networks.
Routing Table
The routing table is actually a hierarchical structure that is used to speed up the lookup process
when locating routes and forwarding packets.
The sample routing table in the figure consists of route entries from the
following sources:
• Local route interfaces
• Directly connected networks
• Static routes
• Dynamic routing protocols

Parent Routes
Child Routes
Supernet
Default Route
Best match is equal to the longest
match!!!

For there to be a match between the


destination IPv4 address of a packet and a
route in the routing table, a minimum
number of far left bits must match
between the IPv4 address of the packet
and the route in the routing table. The
subnet mask of the route in the routing
table is used to determine the minimum
number of far left bits that must match.
Remember that an IPv4 packet only
contains the IPv4 address and not the
subnet mask.

The best match is the route in the routing


table that has the most number of far left
matching bits with the destination IPv4
address of the packet. The route with the
greatest number of equivalent far left bits,
or the longest match, is always the
preferred route.

A packet is destined for 172.16.1.1. Where will the router send packet?
Classless and Classful Routing Behaviors

Router(config)# ip classless
Router(config)# no ip classless Classless Routing Behavior
Classfull Routing Behavior

! Classless and classful routing behaviors are not the same as classless and classful routing
protocols.
Routing Types
• A router must learn about non-
directly connected networks
either statically or dynamically.
• Directly connected
networks are networks that
the router is connected to, has
an IP address/mask.
• Non-directly connected
networks are remote
networks connected to other
routers.
Static Routes

! For static routes with outbound point-to-point serial networks, it is best to configure static routes with only the
exit interface. For point-to-point serial interfaces, the next-hop address in the routing table is never used by the
packet delivery procedure, and so it is not needed.

! For static routes with outbound Ethernet networks, it is best to configure the static routes with both the next-
hop address and the exit-interface.
Best Path and Metric
The best path is selected by a routing protocol based on the value or metric it uses to determine the distance to reach a network. The
routing algorithm generates a value, or a metric, for each path through the network. Metrics can be based on either a single
characteristic or several characteristics of a path. Some routing protocols can base route selection on multiple metrics, combining them
into a single metric. The smaller the value of the metric, the better the path.

The Metric Parameters

Different routing protocols use different metrics. The


metric used by one routing protocol is not comparable
to the metric used by another routing protocol.

Two different routing protocols might choose different


paths to the same destination due to using different
metrics.

Metrics used in IP routing protocols include:

• Hop count - A simple metric that counts the


number of routers a packet must traverse
• Bandwidth - Influences path selection by
preferring the path with the highest bandwidth
• Load - Considers the traffic utilization of a certain
link
• Delay - Considers the time a packet takes to
traverse a path
• Reliability - Assesses the probability of a link
When a router has two or more paths to a destination with equal cost failure, calculated from the interface error count
metrics, then the router forwards the packets using both paths equally: or previous link failures
o Equal cost load balancing can improve network performance.
o Equal cost load balancing can be configured to use both dynamic
routing protocols and static routes.
Routing Protocols Characteristics
Routing protocols can be compared based on the following characteristics:
• Time to Convergence - Time to convergence defines how quickly the routers in the network topology share
routing information and reach a state of consistent knowledge. The faster the convergence, the more
preferable the protocol. Routing loops can occur when inconsistent routing tables are not updated due to slow
convergence in a changing network.
• Scalability - Scalability defines how large a network can become based on the routing protocol that is
deployed. The larger the network is, the more scalable the routing protocol needs to be.
• Classless (Use of VLSM) or Classful - Classless routing protocols include the subnet mask in the updates.
This feature supports the use of Variable Length Subnet Masking (VLSM) and better route summarization.
Classful routing protocols do not include the subnet mask and cannot support VLSM.
• Resource Usage - Resource usage includes the requirements of a routing protocol such as memory space,
CPU utilization, and link bandwidth utilization. Higher resource requirements necessitate more powerful
hardware to support the routing protocol operation in addition to the packet forwarding processes.
• Implementation and Maintenance - Implementation and maintenance describes the level of knowledge
that is required for a network administrator to implement and maintain the network based on the routing
protocol deployed.
Administrative Distance
! More than one dynamic routing protocol can be deployed in the same network. In some situations it may be
necessary to route the same network address using multiple routing protocols such as RIP and OSPF. Because
different routing protocols use different metrics

Administrative distance (AD) defines the preference of a routing source. Each routing source - including specific routing
protocols, static routes, and even directly connected networks - is prioritized in order of most- to least-preferable using
an administrative distance value. Cisco routers use the AD feature to select the best path when it learns about the same
destination network from two or more different routing sources. Administrative distance is an integer value from 0 to
255

How the router chooses the best path to the network 192.168.6.0/24?
Administrative Distance
Floating Static Routes
R2(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0
R2(config)# ip route 0.0.0.0 0.0.0.0 s0/0/1 3 Administrative Distance = 1
Administrative Distance = 3

Primary Default Route

Backup Default Route


Cisco Discovery Protocol (CDP)
CDP is an information-gathering tool used by network administrators to get information about directly connected
Cisco devices. CDP is a proprietary tool that enables you to access a summary of protocol and address information
about Cisco devices that are directly connected. By default, each Cisco device sends periodic messages, which are
known as CDP advertisements, to directly connected Cisco devices. These advertisements contain information such as
the types of devices that are connected, the router interfaces they are connected to, the interfaces used to make the
connections, and the model numbers of the devices. CDP operates at Layer 2 only.
Cisco Discovery Protocol (CDP)
CDP provides the following information about each
CDP neighbor device:
• Device identifiers - For example, the configured
host name of a switch
• Address list - Up to one Network layer address for
each protocol supported
• Port identifier - The name of the local and remote
port-in the form of an ASCII character string such as
ethernet0
• Capabilities list - For example, whether this device
is a router or a switch
• Platform - The hardware platform of the device;
for example, a Cisco 7200 series router
On Demand Routing (ODR)
It is important to know that ODR is not a routing protocol. Instead, it is simply an enhancement to CDP that is used to
dynamically propagate routing information at Layer 2.

ODR has the following key characteristics:


• Applicable in a hub-and-spoke topology only.
• Uses Cisco Discovery Protocol (CDP)
• Sent as multicast
• Sent every 60 seconds by default
• Enabled by default.
• Except ATM where CDP must be explicitly enabled.
• Configured on hub router
• router odr global configuration command.
• ODR is able to carry Variable Length Subnet Mask (VLSM) information.
• Stub router can’t have an IP routing protocol. In fact, no IP routing protocol is
considered a stub by ODR.
• WAN links such as dialer links and Frame Relay, use broadcast keyword in
mapping statements.
Differentiate traffic types
Differentiate traffic types
Unicast
• Unicast addresses are used in a one-to-one context. Unicast traffic is
exchanged only between one sender and one receiver.
Multicast
• Multicast addresses identify a group of interfaces across different devices.
Traffic that is sent to a multicast address is sent to multiple destinations at
the same time.
• IPv6 reserved multicast addresses 224.0.0.0–239.255.255.255.
• IPv6 reserved multicast addresses have the prefix FF00::/8.
Anycast
• An anycast address is assigned to an interface on more than one node. When
a packet is sent to an anycast address, it is routed to the nearest interface
that has this address. The nearest interface is found according to the
measure of distance of the particular routing protocol.
Broadcast
• IPv4 broadcast addresses are used when sending traffic to all devices in the
subnet. Local broadcast address 255.255.255.255.
• IPv6 does not use a broadcast address, but uses multicast addresses instead
Well-known IPv4 and Assigned IPv6
Multicast Addresses
Differentiate IPv6 address types
Describe ICMPv6 neighbor discovery
Router Solicitation (RS)
• Sent by a device to the all IPv6 routers multicast to request a Router
Advertisement message from the router.
Router Advertisement (RA)
• Sent by an IPv6 router to the all IPv6 devices multicast. Includes link
information such as prefix, prefix-length, and the default gateway address.
• The RA also indicates to the host whether it needs to use a stateless or
stateful DHCPv6 server.
Neighbor Solicitation (NS)
• Sent by a device to the solicited node multicast address when it knows the
IPv6 address of a device but not its Ethernet MAC address. This is similar to
ARP for IPv4.
Neighbor Advertisement (NA)
• Sent by a device usually in response to a Neighbor Solicitation message.
Redirect
• This has similar functionality as in IPv4. Sent by a router to inform the source
of a packet of a better next-hop router on the link that is closer to the
destination.
Network Types
Network Types
Point-to-point network
• A network that connects a single pair of routers.
• A serial link is an example of a point-to-point connection.
Broadcast network
• A network that can connect many routers along with the capability to
address a single message to all of the attached routers.
• Ethernet is an example of a broadcast network.
Nonbroadcast Multiaccess (NBMA) network
• A network that can support many routers but does not have broadcast
capability.
• The sender needs to create an individual copy of the same packet for
each recipient if it wishes to inform all connected packet can be
transmitted.
• Frame Relay and Asynchronous Transfer Mode (ATM) are examples of
an NBMA network type.
Connecting Remote Locations
with Headquarters
Basic PPP Overview
• Point-to-Point Protocol (PPP) has several advantages over its predecessor High-Level
Data Link Control (HDLC).
– Authentication
– Multi-link
– Compression
– Quality
PPP Authentication Overview
Router(config-if)# ppp authentication { chap | chap pap | pap chap | pap } [ if-needed ][
list-name | default ] [ callin ]
PPP Configuration Example
PPPoE Motivation
• Most commonly used data link layer protocol by ISPs is PPP.
• The PPP over Ethernet (PPPoE) protocol allows the transmission of PPP
frames encapsulated inside Ethernet frames.
PPPoE Concepts
.
PPPoE Configuration
aaa new-model
aaa authentication ppp default local
username user1 password 0 PASSWORD

bba-group pppoe global


virtual-template 1

interface Virtual-Template1
mtu 1492
ip address 192.168.1.254
peer default ip address pool 1

ip address-pool local
ip local pool 1 192.168.1.1 192.168.1.100

interface FastEthernet0/0
pppoe enable group global
Лабораторный стенд технологии DSL

ATM

IP

AAA Server
• User PC Billing
• CPE (ATU-R) – ADSL Modem
• DSLAM (ATU-C)
• Transport Network
• Authentication system and billing
VPN Connectivity Overview
• MPLS-based VPNs
• Tunneling VPNs
– GRE
– Ipsec
– DMVPN
Private WAN Infrastructures

MPLS
Multiprotocol Label Switching (MPLS) is a multiprotocol high-
performance WAN technology that directs data from one router to the
next, based on short path labels rather than IP network addresses.
L3 MPLS VPNs
• Traffic forwarding through the MPLS backbone is based on
labels that are previously distributed among the core routers.
• With a Layer 3 MPLS VPN, the service provider participates in
customer routing.
• The service provider establishes routing peering between the
PE and CE routers.
• Then customer routes that are received on the PE router are
redistributed into MP-BGP and conveyed over the MPLS
backbone to the remote PE router.
• On the remote PE, these customer routes are redistributed
back from MP-BGP into a remote PE-CE routing protocol.
• Routing protocols between PE-CE routers on the local and
remote sites may be totally different.
Routing Across MPLS VPNs

• The Layer 3 MPLS VPN backbone solution is providing the Layer 3


service across the backbone, where R1 and R2 are connected to ISP
edge routers.
• A separate IP subnet is used on each side. If you deploy a routing
protocol over this VPN, service providers need to participate in it.
• Neighbor adjacency is established between your R1 and the closest PE
router and between your R2 and it’s closest PE router.
L2 MPLS VPNs
• A Layer 2 MPLS VPN CE router interconnects with the PE
router at Layer 2 using any Layer 2 protocol with Ethernet
being the most common.
• Layer 2 traffic is sent between PE routers, over a pre-
established pseudowire.
• Pseudowire emulates a wire between PE routers that carries
Layer 2 frames across the IP-MPLS backbone.
• There are two basic Layer 2 MPLS VPN service architectures.
– Virtual Private Wire Service (VPWS) is a point-to-point technology
that allows the transport of any Layer 2 protocol at the PE.
– The second type of Layer 2 MPLS VPN is Virtual Private LAN Service
(VPLS), which emulates an Ethernet multiaccess LAN segment over
the MPLS core and provides multipoint- to-multipoint service.
Routing Across MPLS VPNs

• The Layer 2 MPLS VPN backbone solution is providing the


Layer 2 service across the backbone, where R1 and R2 are
connected together directly using the same IP subnet.
• If you deploy a routing protocol over the Layer 2 MPLS VPN,
neighbor adjacency is established between your R1 and R2
routers. The figure presents the connectivity through the
backbone, which can be illustrated as one big switch.
Tunneling VPNs
GRE
• Tunneling protocol developed by Cisco that enables encapsulation of
arbitrary Layer 3 protocols inside a point-to-point, tunnel-over-IP network.
• Traffic that is transported over the GRE tunnel is not encrypted
• GRE traffic is usually encapsulated within IPsec.
IPsec
• Is a framework that uses a set of cryptographic protocols to secure traffic at
Layer 3.
DMVPN
• This solution offers the capability to dynamically establish hub-to-spoke and
spoke-to-spoke IPsec tunnels, thus reducing latency and optimizing network
performance.
• DMVPN supports dynamic routing protocols between hub and spokes as well
as IP multicast. It is also suitable for environments with dynamic IP addresses
on physical interfaces such as DSL or cable connections.
Routing Over GRE Tunnel

• A passenger protocol or encapsulated protocol,


such as IPv4 or IPv6 that is being encapsulated.
• A carrier protocol, GRE in this example, that is
defined by Cisco as a multiprotocol carrier protocol.
• A transport protocol, such as IP, that carries the
encapsulated protocol.
Dynamic Multipoint Virtual Private
Network
DMVPN
The primary benefits of DMVPNs follow:
• Hub router configuration reduction
– Traditionally, the individual configuration of a GRE tunnel and IPsec
would need to be defined for each individual spoke router. The DMPVN
feature enables the configuration of a single mGRE tunnel interface and a
single IPsec profile on the hub router to manage all spoke routers
• Automatic IPsec initiation
– GRE uses NHRP to configure and resolve the peer destination address.
This feature allows IPsec to be immediately triggered to create point-to-
point GRE tunnels without any IPsec peering configuration.
• Support for dynamically addressed spoke routers
– When using point-to-point GRE and IPsec hub-and-spoke VPN networks,
it is important to know the physical interface IP address of the spoke
routers when configuring the hub router.
– DMVPN enables spoke routers to have dynamic physical interface IP
addresses and uses NHRP to register the dynamic physical interface IP
addresses of the spoke routers with the hub router.
Multipoint GRE
The main characteristics of the mGRE configuration are as follows:
• Only one tunnel interface needs to be configured on a router to support
multiple remote GRE peers
• To learn the IP addresses of other peer, devices using mGRE require NHRP to
build dynamic GRE tunnels.
• mGRE interfaces also support unicast, multicast, and broadcast traffic.
NHRP
NHRP
IPsec
IPsec provides four important security services:
• Confidentiality (encryption)
– No one can eavesdrop on the communication. If the
communication is intercepted, it cannot be read.
• Data integrity
– The receiver can verify that the data was transmitted through the
path without being changed or altered in any way.
• Authentication
– Authentication ensures that the connection is made with the
desired communication partner. IPsec uses Internet Key Exchange
(IKE) to authenticate users and devices that can carry out
communication independently.
• Antireplay protection
– Antireplay protection verifies that each packet is unique and not
duplicated.
Routing Information Protocol
RFC 1058: Routing Information Protocol

RIPv1 has the following key characteristics:


• Distance vector routing protocol
• Classful routing protocol
Does not include the subnet mask in the routing updates
• Uses hop count as its only metric for selecting best path
Routes advertised with hop counts greater than 15 are unreachable
• RIPv1 routing updates, messages, are broadcast every 30 seconds
Route entries in routing table sent every 30 seconds
• Administrative Distance of RIP is 120
Cisco characteristic that is used to determine best route source when there are multiple sources for the same network
(later)
• Auto-Route summarization to classful subnet mask

RIPv2 is defined in RFC 1723


RIPv2 has the following key characteristics:
• Distance vector routing protocol
• Classless routing protocol
Include the subnet mask in the routing updates
• Uses hop count as its only metric for selecting best path
Routes advertised with hop counts greater than 15 are unreachable
• RIPv2 routing updates, messages, are multicast 224.0.0.9 every 30 seconds
Route entries in routing table sent every 30 seconds
• Administrative Distance of RIP is 120
Cisco characteristic that is used to determine best route source when there are multiple sources for the same
network (later)
• Manual and Auto-Route summarization
• Authentification Routing Update Information
Comparing Features in RIPv2 and
RIPng
RIPv2 Configuration
RIPv2 Configuration
• By default, RIPv2 automatically summarizes
networks at major network boundaries,
summarizing routes to the classful network address
• When route summarization is disabled, the
software sends subnet routing information across
classful network boundaries.
Router(config-router)# no auto-summary

• The ip summary-address rip ip-address network-


mask interface command is used to summarize an
address or subnet under a specific interface.
Router(config-if)# ip summary-address rip 10.2.0.0 255.255.0.0
Configuring RIPng

R2(config)# ipv6 router rip CCNP_RIP


Verify RIPng Configuration
RIPng Summarization
Propagating a Default Route

R1(config-if)# ipv6 rip name default-information originate | only


RIPng Verification Commands
RIPng Verification Commands
Investigating the RIPng Database

• The RIP process (there can be multiple RIPng processes on a single router).
• The route prefix.
• The route metric, in which RIPng uses hop count as a metric. In the example, all three
routes have a metric of 2. This means the destination network is 2 hops away,
counting itself as a hop.
• Installed and expired, in which the keyword “installed” means the route is in the
routing table. If a network becomes unavailable, the route will become “expired”
after the dead timer expires. An expired route value (in seconds), during which the
route will be advertised as expired, is listed.
• Expires in, in which if the countdown timer reaches 0, the route is removed from the
routing table and marked expired. This timer, the dead timer, is by default three times
the hello timer—180 seconds.