CCNP

Routing

300 – 101

1 | P a g e

ATN Education

Implementing CISCO IP routing (300-101)

Structure of syllabus

• Network principals 10%

• Layer 2 technologies 10%

• Layer 3 technologies 40%

• VPN technologies 10%

• Infrastructure security 10%

• Infrastructure service 20%

Networking principals

Packet switching architecture

Good, better and best

• Process switching

• Fast switching

• Cisco Express Forwarding (CEF)

Process switching

• Request the CPU to be personally involved with every forwarding decision

Outgoing

packets Incoming

packets Layer 3 Switch or Router

CPU

Ingress Interface Egress Interface

Data Flow

Control Plane

CCNP

Routing

300 – 101

2 | P a g e

ATN Education

Fast Switching

• Still uses the CPU, but after a packet has been forwarded, information about how to reach the

Cisco expressing forwarding (CEF)

Cisco expressing forwarding (CEF)

Data plan

• Optimized the router to make it be able to forward more packets faster

• CEF cache routing information in F1B table and layer 2 next-hop IP address in the adjacency

table

To enable CEF

GM# IP CEF

To verify CEF

PM# show IP CEF

Sub sequent Packet in data flow

Sub sequent

Packet in data flow

Forwarding

information

CPU

Ingress

Interface

Egress

Interface

Fast

Cache

Data

flow

Data

flow

CPU

CEF data structure

FIB

Adjacency Table Egress

Interface

Ingress

Interface

IP routing table

ARP cache

Control Plan

FIB – Forwarding

Information Base

CCNP

Routing

300 – 101

3 | P a g e

ATN Education

Unicast flooding

1st Reason

MAC address flooding attack

2nd Reason

Spanning – Tree topology changing

3rd Reason

Asymmetric routing

Solution

• Maintain MAC address table

• Enable port fast

• Configure port security

• Stop asymmetric routing

A C

B

CCNP

Routing

300 – 101

4 | P a g e

ATN Education

Out – of – Order Packets

Reasons

• Layer 2 or layer 3 multiple path.

• Routing path inside.

• Quality of Service (Have to select which one is first voice or data).

Solution

• To ensure do not load balance through redundant links.

• Configure Quality of Service property.

Destination Source G

F

E

D

C A

B

1

2

3

4

5

6

1

2

6

4

5

3

CCNP

Routing

300 – 101

5 | P a g e

ATN Education

Asymmetric routing

Reason

• Routing issue.

• Redistribution issue.

• Config the administrative distance manually.

Solution

• Proper filtering on redistribution.

• Use same configuration on redundant link.

25.12.11.0/24 192.168.1.0/24

Destination Source F

E

D

C

A

B

Routing table

25.12.11.0/24 via B Routing table

192.168.1.0/24 via E

CCNP

Routing

300 – 101

6 | P a g e

ATN Education

Internet control message protocol (ICMP)

ICMP header

• Type code checksum of header.

Type Code Checksum

Rest of Header

Type

• An 8 bits field that indicates the type of ICMP message.

Code

• An 8 bits field used to further defend an ICMP message type.

Checksum

• A 16 bits field used for error-checking.

Rest of header

• A 4 bits field whose length can vary depending on the ICMP message type.

Key topics

Destination unreachable

• An ICMP message type that a router can send back to a sender if the router does not know how to

reach a destination IP address

Redirect

• An ICMP message type that a router can send back to sender in order to inform the sender it

should use a different next-hop IP address

CCNP

Routing

300 – 101

7 | P a g e

ATN Education

Internet protocol

IPv4 header

Version Header length Type of Service Total length

Identification IP flags Fragment of set

TTL [Time To Live] Protocol Header checksum

Source address [32 – bits]

Destination address [32 – bits]

IP option [Variable length]

Version

• 4 bits field containing an IP version number

Type of service (TOS)

• An 8 bits field used to indicate the property of a packet

Time to live (TTL)

• An 8 bits field that gets decremented by 1 for each router hop. Packets that reach a TTL of 0 are

dropped

Protocol

• An 8 bits field indicating the type of data encapsulation in a packet

Source / destination address

• 32 bits field containing the source and destination address of a packet

Destination Source C B A

CCNP

Routing

300 – 101

8 | P a g e

ATN Education

IPv6 header

• Version traffic class flow payload length, next header, hop limit, Source address (128-bits),

destination address (128-bits).

Version Traffic class Flow label

Payload length Next header Hop limit

Source address (128 – bits)

Destination address (128 – bits)

Version

• 4 bits field contain an IP version number

Traffic class

• An 4 bits field used indicate the priority of a packet

Flow label

• A 20 bits field that can be used by a router to instruct all packets that are part of the same flow to

use same egress interface

Next-header

• An 8 bits field indicating the type of data encapsulated in packet

Hop limit

• An 8 bits field that gets decremented by 1 for each router hop. Packet that reach a TTL of 0 are

dropped

CCNP

Routing

300 – 101

9 | P a g e

ATN Education

Transmission Control Protocol (TCP)

TCP characteristic

• Reliable

• Connection oriented

• Session base

• Streaming

TCP header

Source port Destination port

Sequence number

Acknowledgement number

Offset Reserved TCP flags Window

Checksum Urgent pointer

TCP option (optional)

Source / destination port

• 16 bits field containing the source and destination TCP dropped

Sequence / Acknowledgement number

• 32 bits field used by type TCP address and receive to confirm all transmitted segment are

received

Window

• A 16 bits field indicating the number of bytes a sender is willing to transmit before receiving an

acknowledgement

Sync Request

Windowing &

Flow control

Fin

Ack 10

Ack

Ack

Ack, Sync Request

A B

Ack

3 – Way

hand –shake

Connection established

1 2

3

3 4 5 6 7

6

6 7 8 9

Ack – Fin

Ack

CCNP

Routing

300 – 101

10 | P a g e

ATN Education

User datagram protocol (UDP)

UDP characteristic

• Unreliable

• Directionless

• Connectionless

• Speeder

UDP header

Source / destination port

• 16 bits field containing the source and destination UDP port number for a UDP segment

Length

• A 16 bits field indicating the size of the UDP header

Checksum

• A 16 bits field used for error-checksum

Real-time transport protocol (RTP)

• A layer 4 protocol encapsulation inside of UDP (another layer 4 protocol). Commonly used to

transmit voice or video

Latency

• Delay experienced by traffic travelling between points in a network

Low latency

• A QOS feature that allows select traffic to be placed in a priority queue and sent before non-

priority traffic (up to limit)

Source port Destination port

UDP length UDP checksum

Destination Source

1 2 3

4 5 6 7

8 9 10 11

12 13 14 15

A B

CCNP

Routing

300 – 101

11 | P a g e

ATN Education

Layer 2 technologies

WAN protocols

• Application layer

• Presentation layer

• Session layer

• Transport layer

• Network layer

• Data-link layer

LLC- logical link control - (WAN)

MAC- media access control – (LAN)

• Physical layer

Serial interface verification

Channel service unit / data service unit (CSU / DSU)

• A digital modem that can connect a router’s serial port to a service provider

Serial interface connector

V. 35

• Supports speeds of 2.048 Mbps using a rectangular connector

DB - 60

• A 60 pin connector [also known as a cisco 5-in-1 connector] that is supported on several cisco

router model

Smart serial

• A “HIGH DENSITY” connector that allows a WAN interface card (WIC) to have two serial

connection instead of just once

EIA / TIA – 232

• A 25 pin D- connector that support speeds of 64 kbps for short distance

i. Electronic industries alliance – EIA

ii. Telecommunication industry association – TIA

High-level data link control (HDLC)

• The default layer 2 protocol used by cisco router on serial interface

[NOTE: cisco uses their own proprietary version of HDLC)

Data communication equipment (DCE)

• The end of a serial cable that provides clocking

Data terminal equipment (DTE)

• The end of a serial cable that receive clocking

To verify the DCE / DTE

PM # Show Controllers serial _______________

(Interface number)

CCNP

Routing

300 – 101

12 | P a g e

ATN Education

Serial interface configuration

Router configuration

GM # Interface _____serial_____ ____0/2____

(Interface name) (Interface no)

# IP address _____10.1.1.1_____ ___255.255.255.0___

(IP address) (Subnet mask)

# Bandwidth ___64___

# Clock rate ___64000___

# No shutdown

Interface verification

PM # Show IP interface brief

Interface Status (layer 1 ) Protocol (layer 2)

Serial 2/0 Up Up

Serial 3/0 Down Down

To verify encapsulation protocol

PM # Show interface serial 0/3

Configure and verify Point to point protocol (PPP)

• Open standard

• PPP authentication methods

Password authentication protocol (PAP) default

Challenge handshake authentication protocol (CHAP)

R2 R1

Configured only on DCE

CCNP

Routing

300 – 101

13 | P a g e

ATN Education

Example configuration

Router configuration

GM # User name ________ password _________

(Name) (Password)

R1 &R2 configuration

GM # Interface serial _________

(Number)

# Encapsulation PPP

# PPP authentication __CHAP___

Debug PPP

PM # Debug PPP authentication

To disable debug

PM # No debug PPP authentication

User Name – R1

Password – 123

User Name – R2

Password – 123

R2 R1

CCNP

Routing

300 – 101

14 | P a g e

ATN Education

Frame Relay A layer 2 WAN technology that sends frames over virtual circuit (VC’s) that are identified by the

data link connection identify (DLCI) number

Virtual circuit (VC)

A logical connection between two end points

Switched virtual circuit (SVC)

A virtual circuit that is brought up on an as-needed basis

Permanent virtual circuit (PVC)

A virtual circuit that is always active

Point-to-point circuit

A single VC interconnecting two end pints, where both end points belong to the same IP subnet

Point-to-multipoint circuit

A connection from one end point to one or more other end points, where all end pints belong to

the same subnet

Service level agreement (SLA)

An agreement between a service provider and their customer, describing the level of service the

service provider guarantees for a specific connection

Committed information rate (CIR)

A bandwidth amount a service provider guarantees to be available, a certain percentage of the

time on a customer’s virtual circuit

Discard eligibility (DE) bit

A bit in a frame relay frame’s header that indicates the frame was sent in excess of CIR and can

be discarded by the service provider if congestion is occurring

Forward explicit congestion notification (FECN)

A bit in a frame relay frame’s header used to tell a receiver to send a frame to the sender, which

the signal provider will mark with BECN bit

401

301

201

102

103

104

CCNP

Routing

300 – 101

15 | P a g e

ATN Education

Frame – relay topology

1. Hub and spoke

2. Partial Mesh

3. Full Mesh

BR2

BR1 HQ

BR2

BR1 HQ

BR3

BR2

BR1 HQ

BR3

CCNP

Routing

300 – 101

16 | P a g e

ATN Education

Frame – Relay Lab

In all branches and headquarter

GM # Encapsulation Frame – relay

Frame relay switch

Add DLCI number in respective order

Show commands

PM # Show frame-relay PVC

PVC status

I. Active- The connection is good between the local router and the far – end router

II. Inactive- The connection is good between the local router and the frame relay switch, but not

between the frames relay switch and the FAR-end router.

III. Deleted- The connection is not good between the local router and the frame relay switch

PM # Show frame-relay map

IV. Inverse ARP- Allows a frame relay router to determine the layer 3 address at the FAR-end of a

DLCI

PM # Show frame-relay LMI

BR3

BR2

BR1

HQ

401

301

201

102

103

104

CCNP

Routing

300 – 101

17 | P a g e

ATN Education

Layer 3 Technology

IPv6 (Internet Protocol version 6)

Benefit of IPv6

• Increased address space 5*1028 address for each person on the planet

• Simplified header

IPv4 header: 12 fields

IPv6 header: 15 fields

• No broadcast

• Security and mobility features built-in

• No fragmentation

MTU discovery is performed for each session

• Can coexist with IPv4 during a migration

DUAL stack

IPv6 over IPv4

IPv6 address structure

• IPv6 address structure

XXXX.XXXX.XXXX.XXXX.XXXX.XXXX.XXXX.XXXX

[Where X is a hexadecimal number in the range of 0 – 9 and the letters in the range of A – F]

• 32 hexadecimal digits X 4 bits per digit =12848

• Example: 200A:0123:4040:0000:0000:0000:000A:000B

Shortening an IPv6 addressing

• Leading zeros in a field can be omitted

Continues fields containing all zeros can be represented with a double colon

[NOTE: This can only be done one for a single IPv6 address]

Full address

2345:0123:4040:0000:0000:0000:000A:000B

Abbreviate address

2345:123:4040:: A:B

Practice exercise

2000:0000:0000:1234:0000:0000:000B

IPv6 address type and description

• Global uncast: Destined for a single recipient and can be routed on the public internet

• Multicast : Destined for a number of a multicast group

• Link local: Valid only on a network segment

• Unique local: cannot be routed on the public internet

• Loop back: The local host address of a device

• Unspecified: Does not specific a source address [all 128 bits in the IPv6 address set to zero]

• Solicited-node multicast: A multicast IPv6 address corresponding to a device’s IPv6 addresses

CCNP

Routing

300 – 101

18 | P a g e

ATN Education

Global unicast address

• Address starts with 2000::/3

• Addressing assign by the IANA

001

(8 bits)

Global Routing Prefix

(45 bits)

Subnet ID

(16 bits)

Interface ID

(64 bits)

Multicast address

• Addressing has an FF as the two hexadecimal digits

|||| ||||

(8 bits)

Flags

(4 bits)

Scope

(4 bits)

Group ID

(112 bits)

Link local address

• Address starts with FE80::/10

• Can only communicate on one network segment

• Similar to the IPv4 APIPA addresses [169.254.0.0/16]

• Can be automatically or statically assigned

|||| |||0 ||

(10 bits)

54 zeros

(54 bits)

Interface ID

(64 bits)

2000::2 2000::1

Multicast g

roup

FF

:04::1

0

2000::2

2000::1

Receiver

Receiver

2000::3

Non Receiver

FE80::B FE80::A FE80::2 FE80::1

CCNP

Routing

300 – 101

19 | P a g e

ATN Education

Unique local

• Addressing starts with FC00::/7

• Cannot be routed over the public internet

• Similar to IPv4 private address

• If the address is locally assigned the Last bit set to A 1

|||| ||0

(7 bits)

2

(Last bit)

Global ID

(40 bits)

Subnet ID

(16 bits)

Interface ID

(64 bits)

Loop back address

• Written as ::1

• Also known as local host

• Similar to the IPv4 127.0.0.1 address

• Can be used to verify the IPv6 stack is operating on a devices

127 zeros

(127 bits)

1

(1 bits)

Unspecified address

• Written as ::

• Used for a client’s source address when sending a neighbor solicitation message

• Used for a client’s source address when sending a router solicitation message

128 zeros

(128 bits)

FD00::2 FD00::1 Internet

Source IPv6 address

Destination IPv6 address

(FE02::2)

CCNP

Routing

300 – 101

20 | P a g e

ATN Education

Solicited-node multicast address

• Address begin with FF02::1:F

• Address ends with the last 24 bits of the corresponding IPv6 ARP broadcast

• Used instead of an IPv4 ARP broadcast

• Also used for duplicate address dedication (DAD)

FF02::1:FF00

(104 bits)

Last 24 bits in IPv6 address

(24 bits)

64 bit extend unique identifier (EUI – 64)

• Use the MAC address of an interface to create a 64 – bit interface ID

• The challenge

➢ A MAC address is only 48 bits long

Example: R1’s FA0/0 interface has a MAC address of 0015.2BE4.9860, and that MAC

address can be used for the interface’s link local address

o Step 1: split the 48-bit MAC address in the middle

o Step 2: insert FF.FF in the middle

o Step 3: change format to use a colon delimiter

o Step 4: convert the first eight bits to binary

o Step 5: flip the 7th bit

o Step 6: convert the first eight bits back into hexadecimal

Destination IPv6 address

(FF02::1:FF00:2)

300::2 300::1

R1

(0015:2BEA.9B60)

MAC address

R2 Fa 0/0

0215.20FF.FEE4.9860

FF80::215:2BFF:FEE4:9860

0000 0000

0000 0010

CCNP

Routing

300 – 101

21 | P a g e

ATN Education

IPv6 traffic flow

• Unicast - one-to-one communication

• Multicast - one-to-many communication

• Any cast - one-to-nearest

• Broadcast - one-to-all communication

NOTE: Even though IPv6 does not do broadcast. It can do an all-nodes multicast, which is very

similar to a broadcast

Assigning IPv6 address to interface

IM #IPv6 address ______________ / _________

(IPv6 address) (Prefix)

Router information protocol (RIP)

Fundamental of RIP

• RIPv1 - Broadcast

- No VLSM support

- IPv4

• RIPv2 - Multicast 224.0.0.9

- VLSM support

- IPv4

• RIPng - Multicast FF02::9

- VLSM support

- IPv6

Characteristics of RIP

• Hop count (maximum of 15)

• Full and triggered update (every 30 seconds)

• Split horizon Loop prevent mechanism

• Poison reserve

CCNP

Routing

300 – 101

22 | P a g e

ATN Education

RIPng configuration

• Enable IPv6 routing

GM # IPv6 unicast-routing

• Enable IPv6 CEF

GM # IPv6 CEF

(Enable cisco express forwarding (CEF) is a highly-efficient packet switching technology

supported by cisco routers)

• Enable IPv6 flow set

GM # IPv6 flow set

(Configures flow-label marking for packet sent a router that are 1280 – bits or larger)

• RIPING configuration

GM # IPv6 router RIP _CCNP_

(Word)

• Under interface mode

IM# IPv6 RIP _CCNP_enable

(Word)

RIPING verification

PM # Show IPv6 route

PM # Show IPv6 route RIP

PM # Show IPv6 route 2000:20:: /64

PM # Show IPv6 protocol

PM # Show IPv6 RIP

PM # Show IPv6 RIP next-hops

Loopback 2.2.2.2/32

R1

R2 R

3

Sw 1 Sw 2

2000:50::/64

2000:40::/64 2000:30::/64

2000:20::/64

CCNP

Routing

300 – 101

23 | P a g e

ATN Education

Enhanced interior gateway routing protocol (EIGRP)

• EIGRP is a network protocol that let routers to exchange information more effectively than the

earlier network protocol

Characteristics of EIGRP

• Fast convergence

• Scalable

• Load balancing over unequal cost links

• Classless (VLSM support)

• Communicates via multicast (224.0.0.10)

• Was cisco-proprietary now it is open standard.

Components of EIGRP

• Neighbor discovery

• Reliable Transport Protocol (RTP)

• Diffusing Update Algorithm (DUAL)

• Protocol-dependent modules

DUAL

• Successor :

A neighboring EIGRP – speaking router that offers the best path (i.e. the router with the

smallest metric) to the destination network.

• Successor route :

The most attractive route to a destination network that is known to an EIGRP – speaking

router.

• Feasible Successor :

An EIGRP – neighbor that can get us to the destination network (without using router

loop) and acts as a backup to a successor router.

• Feasible Successor route :

A loop-free route (known to EIGRP) to a destination networks, that acts as a backup to

the successor route

EIGRP data structure

• Neighbor table

PM # Show IP EIGRP neighbors

• Interface table

PM # Show IP EIGRP interface

• Topology table

PM # Show IP EIGRP topology

EIGRP timers

• Default hello interval 5 sec

• Default hold time 15 sec

CCNP

Routing

300 – 101

24 | P a g e

ATN Education

Verification

PM # Show IP EIGRP interface detail

PM # IP EIGRP neighbor

EIGRP metric calculation

• Bandwidth

• Delay

• Reliable

• Load

• Maximum Transmission Unit (MTU)

Default “K” values

K1 = 1

K2 = 0

K3 = 1

K4 = 0

K5 = 0

Metric = K1 * BW min + _K2 * BW min _+ K3 * Delay * __ K5____ * 256

256 – Load K4 + Reliability

Metric = BWmin + Delay

BW min = 107_______

(Least – Bandwidth)

To verify the metric

R1

PM # Show IP EIGRP topology

R2

R1

10.1.1.0/30 192.168.1.0/24

172.16.1.0/24

BW – 1.544 mbps

Delay – 20,000 Microseconds

BW – 100 mbps

Delay – 100 Microseconds

Metric = [(10,000.000/min BW) + (of SWM interface delay / 10)] * 256

= [(10,000.000 / 1544) + (20,100/10)] * 256

= [(6476.604) + (2010)] * 256

= 217246

CCNP

Routing

300 – 101

25 | P a g e

ATN Education

The EIGRP feasible condition

• An EIGRP route is a feasible successor route if its reported distance (RD) from our neighbor is

less than the feasible distance (FD) of the successor route

1,000

R2

R3

R4

R5

10.1.1.0/24

D

R1

Neighbor RD FD Feasible Successor

R2 6000 16000 Successor

R3 11000 18000 Feasible successor

R4 18000 22000

CCNP

Routing

300 – 101

26 | P a g e

ATN Education

Advanced EIGRP Concept

EIGRP queries and the stuck in active state

Rep

ly

Query

Rep

ly

Sw2

Sw1

R2

R5 R

6 R

7

R3 R

4

R8

R1

Query

CCNP

Routing

300 – 101

27 | P a g e

ATN Education

Going active for a route

• When an EIGRP-speaking router sends one or more query message, in an attempt to find an

alternate path to network that is no longer available

Stuck in active (SIA)

• A condition where an EIGRP-speaking router goes. Active for a route, by sending a query, but

never receives a reply

EIGRP stub routing

Stub routers

• Do not advertise router from one EIGRP neighbor to another EIGRP neighbor

• Queries not sent from non-stub routers to stub routers

Under routing mode

RM # EIGRP stub ____________

(Option)

Stub option Description

Connected The stub router advertise

connected router marched

with a network command

Summery The stub router advertise

summarize routers (Either

automatically or statically

summarized)

Static The stub router advertise

statically configured

routers. If the redistribute

static command has

configured

Leak-map The stub router’s dynamic

prefixes are based on

leak-map

Redistribute The stub route advertise

any redistribute

Receive-only The stub router does not

advertise any routers

CCNP

Routing

300 – 101

28 | P a g e

ATN Education

EIGRP passive interface

Goals

• Advertise the 192.168.1.0/24 network via EIGRP

• Do not send EIGRP hello messages out of FA0/0

Solution 1

• Make interface fast Ethernet 0/0 a passive interface

Solution 2

• Do not give a network statement for the 192.168.1.0/24 network

Under router mode

RM # passive-interface __Fastethernet _ ___0/0___

(INT name) (INT no)

EIGRP summary routes

• Helps keep routing table small

• Work best if summarizing is considered when assigning subnet addressing

• Can be summarized on any router (unicast OSPF)

• Reduced query scope

• Can cause suboptimal routing

• Can route packet to a summarizing router that discard those packets

Under interface mode on R5

IM # IP summary-address EIGRP __100_ 172.16.0.0 255.255.252.0

(AS no)

Verification

PM # Show IP protocol

192.168.2.0/24

172.16.3.0/24

172.16.2.0/24

172.16.1.0/24

172.16.0.0/24

192.168.1.0/30

10.1.1.12/30

10.1.1.8/30

10.1.1.4/30

10.1.1.0/30

Se2/0

R3

R2

Se2/0 Se2/0

Fa0/0 R1

192.168.1.0/24 172.16.2.0/24

10.1.1.0/24

CCNP

Routing

300 – 101

29 | P a g e

ATN Education

Open Shortest Path First (OSPF)

OSPF fundamentals

• Link state protocol

• Open standard (IETF) internet engineering task force

• Establish adjacency with other routers

• Sends link state advertisement (LSA) to other routers in an area

• Constructs a link state database from received LSA’s

• Runs the disaster shortest path first (SPF) algorithm to determine the shortest path to a network

• Attempt to inject the best path for each network into a router’s IP routing table

Neighbor VS adjacency

• Neighbor are router that:

Reside on the same network

Exchange hello message

• Adjacency are routers that:

Are neighbors

Have exchange link state updates (LSUs) and database description (DD) packets

Hello 224.0.0.5

R1 R2

Hello 224.0.0.5

Hello 224.0.0.5

R1 R2

Hello 224.0.0.5

DD (Data Description)

DD

LSU

LSU

CCNP

Routing

300 – 101

30 | P a g e

ATN Education

OSPF area

I. Single area OSPF

Link state down Link state down

Sw1 192.168.1.2 /24

Gig 0/0 192.168.1.1 /24

Gig 0/1 R

1 R

2

Link come up

Hello 224.0.0.5

Hello 224.0.0.5

State = Initiate State = Initiate

(I received a hello from R1. But my router ID was not in the hello message)

(I received a hello from R2,

I’m listed as its neighbor)

Hello 224.0.0.5 State = 2way State = 2way

DR / BDR election

(If needed)

State = 2way State = 2way

Primary / Secondary (Router selected)

State = Extract State = Extract

Database description packets (Exchanged)

State = Exchange State = Exchange

Routers query one another (Listing LBRS for missing

entries sent in LSUs)

State = Loading State = Loading

Adjacency fully formed

State = Full State = Full

G

F

E

D

C A

B

Area 0

CCNP

Routing

300 – 101

31 | P a g e

ATN Education

II. Multiple area OSPF

ABR- area board router

• A router with at least one interface in the backbone area and at least one interface in a non-

backbone area

Virtual link

• A logical link that interconnect the backbone area. With an area that is out adjacency to the

backbone area

➢ If we have 50 routers we have to go for areas

➢ Other areas should be connect to backbone area

III. Backbone area

• An area (number either 0 or 0.0.0.0) to which all other area directly connect

• The disaster algorithm runs on the link state data-base for each area

R14

R13

R12

R9

R11

R8

Area 0

R6

R5

R3

R4

R1

R2

Area 10 ABR

R7

CCNP

Routing

300 – 101

32 | P a g e

ATN Education

OSPF network types

Broadcast network

❖ Elect a DR and BDR: Yes

❖ Default hello interval: 10 seconds (* 4 dead timer)

❖ Uses the neighbor command: No

Point-to-point network

❖ Elect a DR and BDR: No

❖ Default hello interval: 10 seconds

❖ Uses the neighbor command: No

Non-Broadcast Multi-Access (NBMA)

❖ Elect a DR and BDR: Yes

❖ Default hello interval: 30 seconds * 4 dead

❖ Uses the neighbor command: Yes

R4

R5

R3

R6

R1

R2

R2 R1

PPP or HDLC

IP WAN

R4

R3

R2

R1

Frame

Relay

OSPF Priority 0

CCNP

Routing

300 – 101

33 | P a g e

ATN Education

Point-to-multipoint

❖ Elect a DR and BDR: No

❖ Default hello interval: 30 seconds

❖ Uses the neighbor command: No

OSPF network type’s summary

• Broadcast is the default network type on Ethernet networks

• Point-to-pint is the default network type on frame relay

Point-to-point sub interface

• Non-broadcast (NBMA) is the default network type on frame-relay

Physical interface and multipoint sub interface

Network types Elect a DR & BDR Default hello interval Uses the neighbor command

Broadcast Yes 10 seconds No

Point-to-point No 10 seconds No

Non-broadcast Yes 30 seconds Yes

Point-to-multipoint No 30 seconds No

R4

R3

R2

R1

Frame

Relay

CCNP

Routing

300 – 101

34 | P a g e

ATN Education

Designated router and backup designated routers (DR and BDR)

Of adjacencies = [n*(n-1)] 1/2,

Where n = The number of routers

• Adjacency only need to be formed with DR & BDR

224.0.0.5 - All OSPF routers

224.0.0.6 - All designated routers

How a DR is elected

• The hello protocol is used to elect a DR

• During a DR election, the router with the highest OSPF priority value wins

• The OSPF priority value is associated with an interface and can be a value in the range 0 – 255

• An OSPF priority value of ‘0’ means that the router will not become the DR

• The default OSPF priority value of an interface is ‘1’

• The OSPF priority of an interface can be configured using the

IM # IP OSPF priority ________

(Value)

• If the priority tie, the router with the highest router-ID (RID) become the DR

• A router’s RID can be configured in router configuration mode, with the command

RM # router-ID _____________

(IPv4 address)

• If an RID is not configured, the highest IP address of a loopback interface that is currently up (

becomes the router ID)

• If a router has no loopback interface the highest IP address of a non-loopback interface (that is

currently up) becomes the RID

BDR DR

CCNP

Routing

300 – 101

35 | P a g e

ATN Education

OSPF timer

Hello timer

• The interval (in seconds) at which a router sends hello message out of an OSPF-enable interface

Dead timer

• The time in second that an OSPF-enabled interface will wait to receive a hello message from an

adjacency, before considering that adjacencies to be down

Dead timer = hello timer * 4

PM # Show IP OSPF interface Fastethernet 0/0

IM # IP OSPF hello 30

OSPF passive interface

RM # passive-interface default

RM # passive interface fastethernet 0/0

Link state advertisements types

Type 1 LSA (Router LSA) – Advertising its directly connected

Type 2 LSA (Network LSA) – Generated by DR

Type 3 LSA (Network summary) – Generated by ABR

Type 4 LSA (ASBR summary)

Type 5 LSA (AS external LSA) – Advertising external router

Type 7 LSA (NSSA external LSA)

Stub area

Only type 1 and type 3

Type 3

R3

R2

R1

Area 0 Area 1

Type 1

SA

CCNP

Routing

300 – 101

36 | P a g e

ATN Education

Totally stubby area

Only type 1 and type 3 as a default

Not-so-stubby area

Only type 1, type 3 and type 7

Totally NSSA

Save as NSSA

Stub area configurations

Stubby area and totally stubby area

• Stubby area

RM # Area 1 stub

• Totally stubby area

RM # Area 1 stub no-summary

Type 3 default

Type 3 LSA

Type 2 LSA

Type 1 LSA

R1

Type 1

Area 0 Area 1

ASBR

Type 3

R3

R2

R1

Type 1 Type 1

Type 2

Type 4 Type 7

Type 5 ABR

Type 3 default Type 3 LSA Type 7 LSA

R1

Type 1 LSA

CCNP

Routing

300 – 101

37 | P a g e

ATN Education

Not-so-stubby area and totally NSSA

• Not-so-stubby area

RM # Area 1 NSSA

• Totally Not-so-stubby area

RM # Area 1 NSSA no-summary

OSPF root summarization

Configuration in ABR

RM # Area 1 range ___________ ____________

Configuration in ABR

RM # Summary-address ____________ _____________

ABR- Area range

ASBR- Summary-address

192.168.0.0/24

192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

192.168.0.0/22

CCNP

Routing

300 – 101

38 | P a g e

ATN Education

Virtual link configuration

In R2

RM # Area 1 virtual-link 3.3.3.3

In R3

RM # Area 1 virtual-link 2.2.2.2

Show commands

PM # Show IP OSPF neighbor

PM # Show IP OSPF virtual-link

Shortest Path Algorithm

From node 10.1.1.0 10.2.2.0 10.3.3.0 10.4.4.0 10.5.5.0

R1 Via R1

1

Via R1

10

10.1.1.0 Via R1

1

Via R1

10

Via 10.1.1.0

1+1+1=3

10.3.3.0 Via R1

1

Via R1

10

Via 10.1.1.0

3

Via 10.3.3.0

3+1+10=14

Via 10.3.3.0

3+1+1=5

10.5.5.0 Via R1

1

Via R1

10

Via 10.1.1.0

3

Via 10.3.3.0

14

Via 10.3.3.0

5

10.2.2.0 Via R1

1

Via R1

10

Via 10.1.1.0

3

Via 10.3.3.0

14

Via 10.3.3.0

5

2.2.2.2

3.3.3.3 1.1.1.1 Area 0

Area 1 Area 2

1

1

1

1 1 1

1 10

10

10 10

10

R6

R5

R4

R3

R2

R1

10.1.1.0/24 10.2.2.0/24 10.4.4.0/24

10.3.3.0/24 10.5.5.0/24

CCNP

Routing

300 – 101

39 | P a g e

ATN Education

OSPF metric calculation

• The default reference bandwidth 100.000.000 bits per second (100 mbps)

OSPF E1 VS E2 routers

• E1- OSPF external type 1 routers

• E2- OSPF external type 2 routers

Sw3

Sw2

Sw1

10

100 100

Auto – cost Reference – Bandwidth __________

(Value)

Cost = Ref.BW / INT.BW

CCNP

Routing

300 – 101

40 | P a g e

ATN Education

Border gateway protocol (BGP)

Fundamentals of BGP concepts

• Forms neighbor ship

• Neighbor’s IP address is explicitly configured

• A TCP session is established between neighbor

• Advertises address prefix and length (called network layer reachability information NLRI)

• Advertises a collection of path attributes that can be used for path selection

• Path vector routing protocol

Topology

• Internal BGP (IBGP) neighbor

A BGP neighbor in the same autonomous system

• External BGP (RBGP) neighbor

A BGP neighbor in a different autonomous system

Fa 0/1 Fa 0/0 Fa 0/1

R – ID 5.5.5.5 ISPI

AS 65004

Fa 0/0

Fa 0

/0

203.0.113.0/30

203.0.113.4/30

R – ID 4.4.4.4 F

a 0/1

Fa 0

/0

AS 65002

Fa 0

/0

R – ID

3.3.3.3

ISPI

AS 65003

R – ID 2.2.2.2

R – ID 1.1.1.1

192.0.2.0/24 R1 R

2

AS 65001

CCNP

Routing

300 – 101

41 | P a g e

ATN Education

Configuration

R1

GM# Router BGP __65001__

RM# BGP router-ID __1.1.1.1__

RM# Network 192.0.2.0 mask 255.255.255.0

RM# neighbor 192.0.2.0 remote-AS __65001__

R2

GM # Router BGP __65001__

RM # BGP router-ID 2.2.2.2

RM # Network 192.0.2.0 mask 255.255.255.0

RM # Network 198.51.100.0 mask 255.255.255.252

RM # Network 198.51.100.4 mask 255.255.255.252

RM # Neighbor 192.0.2.1 remote-as __65001__

RM # Neighbor 192.51.100.2 remote-as __65002__

RM # Neighbor 192.51.100.6 remote-AS __650014__

Verification commands

R1 -

PM # Show IP route

PM # Ping 9.9.9.9

BGP data structure

• External BGP (EBGP)

Administrative distance (AD) =20

• Internal BGP (IBGP)

Administrative distance (AD) =200

R2

PM # Show IP BGP summary

PM # Show IP BGP neighbors

PM # Show IP BGP

PM # Show IP route BGP

BGP neighbor table BGP table

Routing information base (RIB)

IP routing table

CCNP

Routing

300 – 101

42 | P a g e

ATN Education

BGP message types

• Open

• Keep alive

• Update

• Notification

Open message

• Includes BGP version number, local as number, hold time, BGP router ID, optional parameter

Keep alive

• A message header that keeps the hold timer from expiring

Update message

• Can contain with drawn routes, path attributes, and NLRI

Notification

• Contain an error code, an error sub code and information about the error

BGP peer groups

• Reduces a BGP router’s CPU load by greeting an update once per group, rather than once per

neighbor

NOTE: We can filter using distribute list or IP prefix list

R2

GM # router BGP 65001

RM # neighbor route-PG peer-group

RM # neighbor route-PG prefix-list route-demo in

(Prefix list name)

RM # neighbor 198.51.100.2 peer-group route-PG 198.51.100.6

(1 SP 1) (1 SP 2)

State = Open confirm

R1 R

2

State = Idle State = Idle

Setup a TCP session State = Connect State = Connect

Often message sent to peer

State = Open sent State = Open sent

Often message received for keep alive

State = Open confirm

Neighbor established

State = Established State = Established

CCNP

Routing

300 – 101

43 | P a g e

ATN Education

Show command

PM # Show IP prefix-list

IP prefix-list route in 5 entries

➢ SEQ 10 deny 10.0.0.8/8 LE 32

➢ SEQ 20 deny 172.168.0.0/12 LE 32

➢ SEQ 30 deny 192.198.0.0./16 LE 32

➢ SEQ 40 permit 0.0.0.0/0 GE 8

Advanced BGP concepts

• Path selection criteria

The weight attribute

R2

GM # Route-map set-weight 10

(Route-map) # Set weight 10

(Route-map) # Exit

GM # Router BGP 65001

RM # Neighbor 198.51.100.6 route-map set-weight 10

PM # Clear IP BGP* soft

PM # Show IP BGP

The local preference attribute

R2

GM # route-map ISP1

(Route-map) # set local-preference 50

(Route-map) # Exit

GM # Route-map ISP2

(Route-map) # Set local-preference 150

(Route-map) # Exit

GM # Router BGP 65001

RM # Neighbor 198.51.100.2 route-map ISP1 in

RM # Neighbor 198.51.100.6 route-map ISP2 in

PM # Clear IP BGP * soft

PM # Show IP BGP

CCNP

Routing

300 – 101

44 | P a g e

ATN Education

The as path attribute

R2

GM # Route-map long-as-path

(Route-map) # Set as-path prepend 65001 65001 65001

(Route-map) # Exit

GM # Router BGP 65001

RM # Neighbor 198.51.100.2 route-map long-as-path out

PM # Clear IP BGP * soft

PM # Show IP BGP

The med attribute

R2

GM # Route-map med-10

(Route-map) # Set metric 10

(Route-map) # Exit

GM # Route-map med-20

(Route-map) # Set metric 20

(Route-map) # Exit

GM # Router BGP 65001

RM # Neighbor 198.51.100.2 route-map med-20 out

RM # Neighbor 198.51.100.2 route-map med-10 out

PM # Clear IP BGP * soft

PM # Show IP BGP

CCNP

Routing

300 – 101

45 | P a g e

ATN Education

Route redistribution

• Allows routes leavened from one routing source to be inject into a routing protocol

Route redistribution fundamentals

• The need for route redistribution

➢ An enterprise has more than one IGP

➢ Company merger

➢ Different deportments under different administration control

➢ Connection to partner network

➢ An IGP routes need to be advertised into BGP

➢ BGP routes need to be advertise into an BGP

Mutual route redistribute

• Occurs when two routing protocol each inject the routes they have learned in to each other

The ‘redistribute’ commands

• A router configuration mode command that says, “redistribute routes from the specified routing

source into this routing protocol”

Seed metric

• Assigned, by default, to redistributed roots, when no manually configured

Routing protocol Default seed matric

RIP Infinity

EIGRP Infinity

OSPF 20 ( 1 for BGP)

BGP Uses the BGP metric value

Mutual rate redistribution configuration

R2

GM # Router OSPF 10

RM # Redistribute EIGRP 21 subnet

R2

GM # Router EIGRP 21

RM # Redistribute OSPF 2

# Default-metric

Verification

PM # Show IP route

PM # Show IP EIGRP topology

PM # Show IP OSPF database

CCNP

Routing

300 – 101

46 | P a g e

ATN Education

Route redistribution with route maps

Topology

R2

GM # Access-list 1 permit 3.3.3.3 0.0.0.0

(ACL no) (Address) (Wildcard mask)

GM # Route-map LAB deny 10

(Route-map name) (Action) (SEQ no)

(Route-map) # Match IP address 1

(ACC no)

• (Route-map) # Exit

• GM # Router OSPF 10

• RM # Redistribute EIGRP 21 subnet route-map LAB

(Route-map name)

Verification

R2

PM # Show route-map

R1

PM # Show IP route

Resolving route redistribution issues

➢ Higher metric

➢ Administrative distance

➢ Filter redistributed routes

➢ Tags

CCNP

Routing

300 – 101

47 | P a g e

ATN Education

Administrative distance

R2

GM # Router OSPF 10

RM # distance 80

(AD)

# Exit

Verification

R2

PM # Show IP route

Tags

R2

GM # Route-map tag10

(Route-map name)

(Route-map) # Set tag 10

# Exit

GM # route-map denytag10 deny 10

(Route-map name) (Access) (SEQ no)

(Route-map) # Match tag 10

# Exit

GM # route-map denytag10 permit 20

(Route-map) # Exit

GM # router OSPF 10

RM # redistribute EIIGRP 221 subnet route-map tag10

# Exit

GM # Router EIGRP 21

RM # Redistribute OSPF 10 metric

CCNP

Routing

300 – 101

48 | P a g e

ATN Education

Policy based routing (path control)

Fundamentals

➢ Layer 2 FCS

➢ Layer 2 header removed

➢ Forward based on destination IP address

Policy based routing

➢ Layer 2 FCS

➢ Layer 2 header removed

➢ Forward based on route map instruction

Route map

• Match

➢ IP address

➢ Range of packet lengths

• Set

➢ Next-hop IP address

➢ Default next-hop IP address

➢ Interface

➢ Default interface

CCNP

Routing

300 – 101

49 | P a g e

ATN Education

Policy best routing configuration

Client

Tracer 198.51.100.3

Next-hop 192.0.2.0

203.0.113.6

198.31.100.63

R1

GM # Access-list 100 (ACL no) permit IP host 192.0.2.2 host 198.51.100.3

GM # route-map client to server

(Route-map) # Metric IP address 100

(ACL no)

# Set IP next-hop 203.0.113.2

# Exit

GM # Interface fast Ethernet 0/0

IM # IP policy route-map client to server

Verification

R1

PM # show route-map

Client

Tracer 198.51.100.3

Next-hop 192.0.2.1

203.0.113.2

198.31.100.3

CCNP

Routing

300 – 101

50 | P a g e

ATN Education

Virtual private network (VPN)

Remote site connectivity fundamentals

Traditional Remote Connectivity Solutions

• Frame – Relay, ATM, Leased lines

Benefits

• Can use common broadband technologies [Example: DSL and cable]

• Can scale to many connections [i.e. new connections just need internet network]

• Can securely transmit data over an untrusted network [Example: the internet]

Types of VPNs used for Remote Access

• MPLS – Based VPNS

• Tunnel- Based VPNS

• Hybrid VPNS

MPLS [Multi – protocol Label Switching]

• A technology that Allows routers to forward traffic based on labels , as opposed to network

address

L2 header 32-bit shim

header

L3

header

Payload

Layer 2 MPLS VPNs

VPN

R2 R1 Location B Location A

Internet

Location D

Location B

Location C

CPE

Location A

CPE

CPE

CPE

ELSR ELSR

LSR

LSR

LSR

LSR

CCNP

Routing

300 – 101

51 | P a g e

ATN Education

Label Switch Router [LSR]

• An MPLS router that receives and transmit MPLS frames to and from another MPLS router,

while making a forwarding decision based on label information and rewriting the lables

Edge Label Switch Rooter [ELSR]

• An MPLS router that adds lable information to traffic coming from a customer premise

equipment [CPE] router, and removes lable information from traffic being sent to a CPE router

Layer 2 MPLS VPNS

• Allows routers at different customer sites to appear as if they are layer 2 adjacent and from

peering relationship

ELSR

• Also known as a provider Edge [PE] router

CPE

• Also known as a customer Edge [CE] router

Layer 3 MPLS VPN

• Allows CPE [CE] routers and ELSR [PE] routers to form peering relationships

Tunnel -Based VPN

VPN Technologies that use Virtual Tunnels

1. Generic Routing Encapsulation [GRE]

2. Dynamic Multipoint VPN [DMVPN]

3. Multipoint GRE

4. IPsec

GRE Tunnel theory and configuration

Generic Routing Encapsulation [GRE]

• A type of tunnel that can encapsulate multiple layer 3 protocols

GRE Tunnel

Internet

CCNP

Routing

300 – 101

52 | P a g e

ATN Education

GRE Tunnel inside an IPsec Tunnel

LAB Topology

Configuration

R1

GM # Interface tunnel 1

# IP address 192.168.0.1 255.255.255.252

# Tunnel source loopback 0

# Tunnel destination 4.4.4.4

R4

GM # Interface tunnel 1

# IP address 192.168.0.2 255.255.255.252

# Tunnel source loopback 0

# Tunnel destination 1.1.1.1

Verification

PM # Show IP interface brief

PM # Show interface tunnel 1

IPsec Tunnel

Internet

Tunnel 1 192.168.0.2/30

Tunnel 1 192.168.0.1/30

198.51.100.0/30 203.0.113.0/30 192.0.2.0/30

LO 0 3.3.3.3/32

LO 0 2.2.2.2/32

R4 R

3 R

2 R

1

S1/1 S1/1 S1/0 S1/0 S1/0 S1/0

GRE Tunnel

CCNP

Routing

300 – 101

53 | P a g e

ATN Education

DMVPN and MGRE Theory

Dynamic Multipoint VPN [DMVPN]

• Allows VPN tunnels to be setup and turn down on an as-needed basis

Multipoint GRE [MGRE]

• Allows a single router interface to have multiple GRE tunnels

Next Hop Resolution Protocol (NHRP)

• Allows an interface configured for MGRE to discover the ip address of the device at the

far end of a tunnel

NHRP Database

Tunnel Interface IP Physical Interface IP

10.0.0.1 192.0.2.1

10.0.0.2 203.0.113.1

10.0.0.3 198.51.100.1

Verification (Configuration covers at security track)

PM # Show IP NHRP

H/Q

198.51.100.1

10.0.0.2 is at 203.0.113.1

192.0.2.1

A

B

C

Headquarters

Branch – C

Branch – B

Branch – A

mGRE Interface

mGRE Interface mGRE Interface

Dynamic Multipoint

VPN tunnel

CCNP

Routing

300 – 101

54 | P a g e

ATN Education

IPsec Theory

A collection of protocols used to secure traffic being transmitted over a tunnel

Benefits of IPsec

• Confidentiality

• Integrity

• Authentication

• Anti – reply

Internet Key Exchange (IKE)

• A protocol used to set up a security association (SA) which includes information such as

encryption type and hashing type for a secure tunnel

IPsec Operation

Internet Security Association and key management protocol (ISAKMP)

• A protocol used IKE to negotiate the security parameters used establish an IKE phase 1

tunnel

(For DMVPN)

IKE Phase 2 tunnel

PC2

PC1 R2 R1

STEP 1

STEP 2

IKE Phase 1 tunnel

STEP 3

IKE Phase 1 tunnel

STEP 4

STEP 5