implementing cisco ip routing (300-101) - atnedu.lk300 – 101 2 | p a g e atn education fast...
TRANSCRIPT
CCNP
Routing
300 – 101
1 | P a g e
ATN Education
Implementing CISCO IP routing (300-101)
Structure of syllabus
• Network principals 10%
• Layer 2 technologies 10%
• Layer 3 technologies 40%
• VPN technologies 10%
• Infrastructure security 10%
• Infrastructure service 20%
Networking principals
Packet switching architecture
Good, better and best
• Process switching
• Fast switching
• Cisco Express Forwarding (CEF)
Process switching
• Request the CPU to be personally involved with every forwarding decision
Outgoing
packets Incoming
packets Layer 3 Switch or Router
CPU
Ingress Interface Egress Interface
Data Flow
Control Plane
CCNP
Routing
300 – 101
2 | P a g e
ATN Education
Fast Switching
• Still uses the CPU, but after a packet has been forwarded, information about how to reach the
Cisco expressing forwarding (CEF)
Cisco expressing forwarding (CEF)
Data plan
• Optimized the router to make it be able to forward more packets faster
• CEF cache routing information in F1B table and layer 2 next-hop IP address in the adjacency
table
To enable CEF
GM# IP CEF
To verify CEF
PM# show IP CEF
Sub sequent Packet in data flow
Sub sequent
Packet in data flow
Forwarding
information
CPU
Ingress
Interface
Egress
Interface
Fast
Cache
Data
flow
Data
flow
CPU
CEF data structure
FIB
Adjacency Table Egress
Interface
Ingress
Interface
IP routing table
ARP cache
Control Plan
FIB – Forwarding
Information Base
CCNP
Routing
300 – 101
3 | P a g e
ATN Education
Unicast flooding
1st Reason
MAC address flooding attack
2nd Reason
Spanning – Tree topology changing
3rd Reason
Asymmetric routing
Solution
• Maintain MAC address table
• Enable port fast
• Configure port security
• Stop asymmetric routing
A C
B
CCNP
Routing
300 – 101
4 | P a g e
ATN Education
Out – of – Order Packets
Reasons
• Layer 2 or layer 3 multiple path.
• Routing path inside.
• Quality of Service (Have to select which one is first voice or data).
Solution
• To ensure do not load balance through redundant links.
• Configure Quality of Service property.
Destination Source G
F
E
D
C A
B
1
2
3
4
5
6
1
2
6
4
5
3
CCNP
Routing
300 – 101
5 | P a g e
ATN Education
Asymmetric routing
Reason
• Routing issue.
• Redistribution issue.
• Config the administrative distance manually.
Solution
• Proper filtering on redistribution.
• Use same configuration on redundant link.
25.12.11.0/24 192.168.1.0/24
Destination Source F
E
D
C
A
B
Routing table
25.12.11.0/24 via B Routing table
192.168.1.0/24 via E
CCNP
Routing
300 – 101
6 | P a g e
ATN Education
Internet control message protocol (ICMP)
ICMP header
• Type code checksum of header.
Type Code Checksum
Rest of Header
Type
• An 8 bits field that indicates the type of ICMP message.
Code
• An 8 bits field used to further defend an ICMP message type.
Checksum
• A 16 bits field used for error-checking.
Rest of header
• A 4 bits field whose length can vary depending on the ICMP message type.
Key topics
Destination unreachable
• An ICMP message type that a router can send back to a sender if the router does not know how to
reach a destination IP address
Redirect
• An ICMP message type that a router can send back to sender in order to inform the sender it
should use a different next-hop IP address
CCNP
Routing
300 – 101
7 | P a g e
ATN Education
Internet protocol
IPv4 header
Version Header length Type of Service Total length
Identification IP flags Fragment of set
TTL [Time To Live] Protocol Header checksum
Source address [32 – bits]
Destination address [32 – bits]
IP option [Variable length]
Version
• 4 bits field containing an IP version number
Type of service (TOS)
• An 8 bits field used to indicate the property of a packet
Time to live (TTL)
• An 8 bits field that gets decremented by 1 for each router hop. Packets that reach a TTL of 0 are
dropped
Protocol
• An 8 bits field indicating the type of data encapsulation in a packet
Source / destination address
• 32 bits field containing the source and destination address of a packet
Destination Source C B A
CCNP
Routing
300 – 101
8 | P a g e
ATN Education
IPv6 header
• Version traffic class flow payload length, next header, hop limit, Source address (128-bits),
destination address (128-bits).
Version Traffic class Flow label
Payload length Next header Hop limit
Source address (128 – bits)
Destination address (128 – bits)
Version
• 4 bits field contain an IP version number
Traffic class
• An 4 bits field used indicate the priority of a packet
Flow label
• A 20 bits field that can be used by a router to instruct all packets that are part of the same flow to
use same egress interface
Next-header
• An 8 bits field indicating the type of data encapsulated in packet
Hop limit
• An 8 bits field that gets decremented by 1 for each router hop. Packet that reach a TTL of 0 are
dropped
CCNP
Routing
300 – 101
9 | P a g e
ATN Education
Transmission Control Protocol (TCP)
TCP characteristic
• Reliable
• Connection oriented
• Session base
• Streaming
TCP header
Source port Destination port
Sequence number
Acknowledgement number
Offset Reserved TCP flags Window
Checksum Urgent pointer
TCP option (optional)
Source / destination port
• 16 bits field containing the source and destination TCP dropped
Sequence / Acknowledgement number
• 32 bits field used by type TCP address and receive to confirm all transmitted segment are
received
Window
• A 16 bits field indicating the number of bytes a sender is willing to transmit before receiving an
acknowledgement
Sync Request
Windowing &
Flow control
Fin
Ack 10
Ack
Ack
Ack, Sync Request
A B
Ack
3 – Way
hand –shake
Connection established
1 2
3
3 4 5 6 7
6
6 7 8 9
Ack – Fin
Ack
CCNP
Routing
300 – 101
10 | P a g e
ATN Education
User datagram protocol (UDP)
UDP characteristic
• Unreliable
• Directionless
• Connectionless
• Speeder
UDP header
Source / destination port
• 16 bits field containing the source and destination UDP port number for a UDP segment
Length
• A 16 bits field indicating the size of the UDP header
Checksum
• A 16 bits field used for error-checksum
Real-time transport protocol (RTP)
• A layer 4 protocol encapsulation inside of UDP (another layer 4 protocol). Commonly used to
transmit voice or video
Latency
• Delay experienced by traffic travelling between points in a network
Low latency
• A QOS feature that allows select traffic to be placed in a priority queue and sent before non-
priority traffic (up to limit)
Source port Destination port
UDP length UDP checksum
Destination Source
1 2 3
4 5 6 7
8 9 10 11
12 13 14 15
A B
CCNP
Routing
300 – 101
11 | P a g e
ATN Education
Layer 2 technologies
WAN protocols
• Application layer
• Presentation layer
• Session layer
• Transport layer
• Network layer
• Data-link layer
LLC- logical link control - (WAN)
MAC- media access control – (LAN)
• Physical layer
Serial interface verification
Channel service unit / data service unit (CSU / DSU)
• A digital modem that can connect a router’s serial port to a service provider
Serial interface connector
V. 35
• Supports speeds of 2.048 Mbps using a rectangular connector
DB - 60
• A 60 pin connector [also known as a cisco 5-in-1 connector] that is supported on several cisco
router model
Smart serial
• A “HIGH DENSITY” connector that allows a WAN interface card (WIC) to have two serial
connection instead of just once
EIA / TIA – 232
• A 25 pin D- connector that support speeds of 64 kbps for short distance
i. Electronic industries alliance – EIA
ii. Telecommunication industry association – TIA
High-level data link control (HDLC)
• The default layer 2 protocol used by cisco router on serial interface
[NOTE: cisco uses their own proprietary version of HDLC)
Data communication equipment (DCE)
• The end of a serial cable that provides clocking
Data terminal equipment (DTE)
• The end of a serial cable that receive clocking
To verify the DCE / DTE
PM # Show Controllers serial _______________
(Interface number)
CCNP
Routing
300 – 101
12 | P a g e
ATN Education
Serial interface configuration
Router configuration
GM # Interface _____serial_____ ____0/2____
(Interface name) (Interface no)
# IP address _____10.1.1.1_____ ___255.255.255.0___
(IP address) (Subnet mask)
# Bandwidth ___64___
# Clock rate ___64000___
# No shutdown
Interface verification
PM # Show IP interface brief
Interface Status (layer 1 ) Protocol (layer 2)
Serial 2/0 Up Up
Serial 3/0 Down Down
To verify encapsulation protocol
PM # Show interface serial 0/3
Configure and verify Point to point protocol (PPP)
• Open standard
• PPP authentication methods
Password authentication protocol (PAP) default
Challenge handshake authentication protocol (CHAP)
R2 R1
Configured only on DCE
CCNP
Routing
300 – 101
13 | P a g e
ATN Education
Example configuration
Router configuration
GM # User name ________ password _________
(Name) (Password)
R1 &R2 configuration
GM # Interface serial _________
(Number)
# Encapsulation PPP
# PPP authentication __CHAP___
Debug PPP
PM # Debug PPP authentication
To disable debug
PM # No debug PPP authentication
User Name – R1
Password – 123
User Name – R2
Password – 123
R2 R1
CCNP
Routing
300 – 101
14 | P a g e
ATN Education
Frame Relay A layer 2 WAN technology that sends frames over virtual circuit (VC’s) that are identified by the
data link connection identify (DLCI) number
Virtual circuit (VC)
A logical connection between two end points
Switched virtual circuit (SVC)
A virtual circuit that is brought up on an as-needed basis
Permanent virtual circuit (PVC)
A virtual circuit that is always active
Point-to-point circuit
A single VC interconnecting two end pints, where both end points belong to the same IP subnet
Point-to-multipoint circuit
A connection from one end point to one or more other end points, where all end pints belong to
the same subnet
Service level agreement (SLA)
An agreement between a service provider and their customer, describing the level of service the
service provider guarantees for a specific connection
Committed information rate (CIR)
A bandwidth amount a service provider guarantees to be available, a certain percentage of the
time on a customer’s virtual circuit
Discard eligibility (DE) bit
A bit in a frame relay frame’s header that indicates the frame was sent in excess of CIR and can
be discarded by the service provider if congestion is occurring
Forward explicit congestion notification (FECN)
A bit in a frame relay frame’s header used to tell a receiver to send a frame to the sender, which
the signal provider will mark with BECN bit
401
301
201
102
103
104
CCNP
Routing
300 – 101
15 | P a g e
ATN Education
Frame – relay topology
1. Hub and spoke
2. Partial Mesh
3. Full Mesh
BR2
BR1 HQ
BR2
BR1 HQ
BR3
BR2
BR1 HQ
BR3
CCNP
Routing
300 – 101
16 | P a g e
ATN Education
Frame – Relay Lab
In all branches and headquarter
GM # Encapsulation Frame – relay
Frame relay switch
Add DLCI number in respective order
Show commands
PM # Show frame-relay PVC
PVC status
I. Active- The connection is good between the local router and the far – end router
II. Inactive- The connection is good between the local router and the frame relay switch, but not
between the frames relay switch and the FAR-end router.
III. Deleted- The connection is not good between the local router and the frame relay switch
PM # Show frame-relay map
IV. Inverse ARP- Allows a frame relay router to determine the layer 3 address at the FAR-end of a
DLCI
PM # Show frame-relay LMI
BR3
BR2
BR1
HQ
401
301
201
102
103
104
CCNP
Routing
300 – 101
17 | P a g e
ATN Education
Layer 3 Technology
IPv6 (Internet Protocol version 6)
Benefit of IPv6
• Increased address space 5*1028 address for each person on the planet
• Simplified header
IPv4 header: 12 fields
IPv6 header: 15 fields
• No broadcast
• Security and mobility features built-in
• No fragmentation
MTU discovery is performed for each session
• Can coexist with IPv4 during a migration
DUAL stack
IPv6 over IPv4
IPv6 address structure
• IPv6 address structure
XXXX.XXXX.XXXX.XXXX.XXXX.XXXX.XXXX.XXXX
[Where X is a hexadecimal number in the range of 0 – 9 and the letters in the range of A – F]
• 32 hexadecimal digits X 4 bits per digit =12848
• Example: 200A:0123:4040:0000:0000:0000:000A:000B
Shortening an IPv6 addressing
• Leading zeros in a field can be omitted
Continues fields containing all zeros can be represented with a double colon
[NOTE: This can only be done one for a single IPv6 address]
Full address
2345:0123:4040:0000:0000:0000:000A:000B
Abbreviate address
2345:123:4040:: A:B
Practice exercise
2000:0000:0000:1234:0000:0000:000B
IPv6 address type and description
• Global uncast: Destined for a single recipient and can be routed on the public internet
• Multicast : Destined for a number of a multicast group
• Link local: Valid only on a network segment
• Unique local: cannot be routed on the public internet
• Loop back: The local host address of a device
• Unspecified: Does not specific a source address [all 128 bits in the IPv6 address set to zero]
• Solicited-node multicast: A multicast IPv6 address corresponding to a device’s IPv6 addresses
CCNP
Routing
300 – 101
18 | P a g e
ATN Education
Global unicast address
• Address starts with 2000::/3
• Addressing assign by the IANA
001
(8 bits)
Global Routing Prefix
(45 bits)
Subnet ID
(16 bits)
Interface ID
(64 bits)
Multicast address
• Addressing has an FF as the two hexadecimal digits
|||| ||||
(8 bits)
Flags
(4 bits)
Scope
(4 bits)
Group ID
(112 bits)
Link local address
• Address starts with FE80::/10
• Can only communicate on one network segment
• Similar to the IPv4 APIPA addresses [169.254.0.0/16]
• Can be automatically or statically assigned
|||| |||0 ||
(10 bits)
54 zeros
(54 bits)
Interface ID
(64 bits)
2000::2 2000::1
Multicast g
roup
FF
:04::1
0
2000::2
2000::1
Receiver
Receiver
2000::3
Non Receiver
FE80::B FE80::A FE80::2 FE80::1
CCNP
Routing
300 – 101
19 | P a g e
ATN Education
Unique local
• Addressing starts with FC00::/7
• Cannot be routed over the public internet
• Similar to IPv4 private address
• If the address is locally assigned the Last bit set to A 1
|||| ||0
(7 bits)
2
(Last bit)
Global ID
(40 bits)
Subnet ID
(16 bits)
Interface ID
(64 bits)
Loop back address
• Written as ::1
• Also known as local host
• Similar to the IPv4 127.0.0.1 address
• Can be used to verify the IPv6 stack is operating on a devices
127 zeros
(127 bits)
1
(1 bits)
Unspecified address
• Written as ::
• Used for a client’s source address when sending a neighbor solicitation message
• Used for a client’s source address when sending a router solicitation message
128 zeros
(128 bits)
FD00::2 FD00::1 Internet
Source IPv6 address
Destination IPv6 address
(FE02::2)
CCNP
Routing
300 – 101
20 | P a g e
ATN Education
Solicited-node multicast address
• Address begin with FF02::1:F
• Address ends with the last 24 bits of the corresponding IPv6 ARP broadcast
• Used instead of an IPv4 ARP broadcast
• Also used for duplicate address dedication (DAD)
FF02::1:FF00
(104 bits)
Last 24 bits in IPv6 address
(24 bits)
64 bit extend unique identifier (EUI – 64)
• Use the MAC address of an interface to create a 64 – bit interface ID
• The challenge
➢ A MAC address is only 48 bits long
Example: R1’s FA0/0 interface has a MAC address of 0015.2BE4.9860, and that MAC
address can be used for the interface’s link local address
o Step 1: split the 48-bit MAC address in the middle
o Step 2: insert FF.FF in the middle
o Step 3: change format to use a colon delimiter
o Step 4: convert the first eight bits to binary
o Step 5: flip the 7th bit
o Step 6: convert the first eight bits back into hexadecimal
Destination IPv6 address
(FF02::1:FF00:2)
300::2 300::1
R1
(0015:2BEA.9B60)
MAC address
R2 Fa 0/0
0215.20FF.FEE4.9860
FF80::215:2BFF:FEE4:9860
0000 0000
0000 0010
CCNP
Routing
300 – 101
21 | P a g e
ATN Education
IPv6 traffic flow
• Unicast - one-to-one communication
• Multicast - one-to-many communication
• Any cast - one-to-nearest
• Broadcast - one-to-all communication
NOTE: Even though IPv6 does not do broadcast. It can do an all-nodes multicast, which is very
similar to a broadcast
Assigning IPv6 address to interface
IM #IPv6 address ______________ / _________
(IPv6 address) (Prefix)
Router information protocol (RIP)
Fundamental of RIP
• RIPv1 - Broadcast
- No VLSM support
- IPv4
• RIPv2 - Multicast 224.0.0.9
- VLSM support
- IPv4
• RIPng - Multicast FF02::9
- VLSM support
- IPv6
Characteristics of RIP
• Hop count (maximum of 15)
• Full and triggered update (every 30 seconds)
• Split horizon Loop prevent mechanism
• Poison reserve
CCNP
Routing
300 – 101
22 | P a g e
ATN Education
RIPng configuration
• Enable IPv6 routing
GM # IPv6 unicast-routing
• Enable IPv6 CEF
GM # IPv6 CEF
(Enable cisco express forwarding (CEF) is a highly-efficient packet switching technology
supported by cisco routers)
• Enable IPv6 flow set
GM # IPv6 flow set
(Configures flow-label marking for packet sent a router that are 1280 – bits or larger)
• RIPING configuration
GM # IPv6 router RIP _CCNP_
(Word)
• Under interface mode
IM# IPv6 RIP _CCNP_enable
(Word)
RIPING verification
PM # Show IPv6 route
PM # Show IPv6 route RIP
PM # Show IPv6 route 2000:20:: /64
PM # Show IPv6 protocol
PM # Show IPv6 RIP
PM # Show IPv6 RIP next-hops
Loopback 2.2.2.2/32
R1
R2 R
3
Sw 1 Sw 2
2000:50::/64
2000:40::/64 2000:30::/64
2000:20::/64
CCNP
Routing
300 – 101
23 | P a g e
ATN Education
Enhanced interior gateway routing protocol (EIGRP)
• EIGRP is a network protocol that let routers to exchange information more effectively than the
earlier network protocol
Characteristics of EIGRP
• Fast convergence
• Scalable
• Load balancing over unequal cost links
• Classless (VLSM support)
• Communicates via multicast (224.0.0.10)
• Was cisco-proprietary now it is open standard.
Components of EIGRP
• Neighbor discovery
• Reliable Transport Protocol (RTP)
• Diffusing Update Algorithm (DUAL)
• Protocol-dependent modules
DUAL
• Successor :
A neighboring EIGRP – speaking router that offers the best path (i.e. the router with the
smallest metric) to the destination network.
• Successor route :
The most attractive route to a destination network that is known to an EIGRP – speaking
router.
• Feasible Successor :
An EIGRP – neighbor that can get us to the destination network (without using router
loop) and acts as a backup to a successor router.
• Feasible Successor route :
A loop-free route (known to EIGRP) to a destination networks, that acts as a backup to
the successor route
EIGRP data structure
• Neighbor table
PM # Show IP EIGRP neighbors
• Interface table
PM # Show IP EIGRP interface
• Topology table
PM # Show IP EIGRP topology
EIGRP timers
• Default hello interval 5 sec
• Default hold time 15 sec
CCNP
Routing
300 – 101
24 | P a g e
ATN Education
Verification
PM # Show IP EIGRP interface detail
PM # IP EIGRP neighbor
EIGRP metric calculation
• Bandwidth
• Delay
• Reliable
• Load
• Maximum Transmission Unit (MTU)
Default “K” values
K1 = 1
K2 = 0
K3 = 1
K4 = 0
K5 = 0
Metric = K1 * BW min + _K2 * BW min _+ K3 * Delay * __ K5____ * 256
256 – Load K4 + Reliability
Metric = BWmin + Delay
BW min = 107_______
(Least – Bandwidth)
To verify the metric
R1
PM # Show IP EIGRP topology
R2
R1
10.1.1.0/30 192.168.1.0/24
172.16.1.0/24
BW – 1.544 mbps
Delay – 20,000 Microseconds
BW – 100 mbps
Delay – 100 Microseconds
Metric = [(10,000.000/min BW) + (of SWM interface delay / 10)] * 256
= [(10,000.000 / 1544) + (20,100/10)] * 256
= [(6476.604) + (2010)] * 256
= 217246
CCNP
Routing
300 – 101
25 | P a g e
ATN Education
The EIGRP feasible condition
• An EIGRP route is a feasible successor route if its reported distance (RD) from our neighbor is
less than the feasible distance (FD) of the successor route
1,000
R2
R3
R4
R5
10.1.1.0/24
D
R1
Neighbor RD FD Feasible Successor
R2 6000 16000 Successor
R3 11000 18000 Feasible successor
R4 18000 22000
CCNP
Routing
300 – 101
26 | P a g e
ATN Education
Advanced EIGRP Concept
EIGRP queries and the stuck in active state
Rep
ly
Query
Rep
ly
Sw2
Sw1
R2
R5 R
6 R
7
R3 R
4
R8
R1
Query
CCNP
Routing
300 – 101
27 | P a g e
ATN Education
Going active for a route
• When an EIGRP-speaking router sends one or more query message, in an attempt to find an
alternate path to network that is no longer available
Stuck in active (SIA)
• A condition where an EIGRP-speaking router goes. Active for a route, by sending a query, but
never receives a reply
EIGRP stub routing
Stub routers
• Do not advertise router from one EIGRP neighbor to another EIGRP neighbor
• Queries not sent from non-stub routers to stub routers
Under routing mode
RM # EIGRP stub ____________
(Option)
Stub option Description
Connected The stub router advertise
connected router marched
with a network command
Summery The stub router advertise
summarize routers (Either
automatically or statically
summarized)
Static The stub router advertise
statically configured
routers. If the redistribute
static command has
configured
Leak-map The stub router’s dynamic
prefixes are based on
leak-map
Redistribute The stub route advertise
any redistribute
Receive-only The stub router does not
advertise any routers
CCNP
Routing
300 – 101
28 | P a g e
ATN Education
EIGRP passive interface
Goals
• Advertise the 192.168.1.0/24 network via EIGRP
• Do not send EIGRP hello messages out of FA0/0
Solution 1
• Make interface fast Ethernet 0/0 a passive interface
Solution 2
• Do not give a network statement for the 192.168.1.0/24 network
Under router mode
RM # passive-interface __Fastethernet _ ___0/0___
(INT name) (INT no)
EIGRP summary routes
• Helps keep routing table small
• Work best if summarizing is considered when assigning subnet addressing
• Can be summarized on any router (unicast OSPF)
• Reduced query scope
• Can cause suboptimal routing
• Can route packet to a summarizing router that discard those packets
Under interface mode on R5
IM # IP summary-address EIGRP __100_ 172.16.0.0 255.255.252.0
(AS no)
Verification
PM # Show IP protocol
192.168.2.0/24
172.16.3.0/24
172.16.2.0/24
172.16.1.0/24
172.16.0.0/24
192.168.1.0/30
10.1.1.12/30
10.1.1.8/30
10.1.1.4/30
10.1.1.0/30
Se2/0
R3
R2
Se2/0 Se2/0
Fa0/0 R1
192.168.1.0/24 172.16.2.0/24
10.1.1.0/24
CCNP
Routing
300 – 101
29 | P a g e
ATN Education
Open Shortest Path First (OSPF)
OSPF fundamentals
• Link state protocol
• Open standard (IETF) internet engineering task force
• Establish adjacency with other routers
• Sends link state advertisement (LSA) to other routers in an area
• Constructs a link state database from received LSA’s
• Runs the disaster shortest path first (SPF) algorithm to determine the shortest path to a network
• Attempt to inject the best path for each network into a router’s IP routing table
Neighbor VS adjacency
• Neighbor are router that:
Reside on the same network
Exchange hello message
• Adjacency are routers that:
Are neighbors
Have exchange link state updates (LSUs) and database description (DD) packets
Hello 224.0.0.5
R1 R2
Hello 224.0.0.5
Hello 224.0.0.5
R1 R2
Hello 224.0.0.5
DD (Data Description)
DD
LSU
LSU
CCNP
Routing
300 – 101
30 | P a g e
ATN Education
OSPF area
I. Single area OSPF
Link state down Link state down
Sw1 192.168.1.2 /24
Gig 0/0 192.168.1.1 /24
Gig 0/1 R
1 R
2
Link come up
Hello 224.0.0.5
Hello 224.0.0.5
State = Initiate State = Initiate
(I received a hello from R1. But my router ID was not in the hello message)
(I received a hello from R2,
I’m listed as its neighbor)
Hello 224.0.0.5 State = 2way State = 2way
DR / BDR election
(If needed)
State = 2way State = 2way
Primary / Secondary (Router selected)
State = Extract State = Extract
Database description packets (Exchanged)
State = Exchange State = Exchange
Routers query one another (Listing LBRS for missing
entries sent in LSUs)
State = Loading State = Loading
Adjacency fully formed
State = Full State = Full
G
F
E
D
C A
B
Area 0
CCNP
Routing
300 – 101
31 | P a g e
ATN Education
II. Multiple area OSPF
ABR- area board router
• A router with at least one interface in the backbone area and at least one interface in a non-
backbone area
Virtual link
• A logical link that interconnect the backbone area. With an area that is out adjacency to the
backbone area
➢ If we have 50 routers we have to go for areas
➢ Other areas should be connect to backbone area
III. Backbone area
• An area (number either 0 or 0.0.0.0) to which all other area directly connect
• The disaster algorithm runs on the link state data-base for each area
R14
R13
R12
R9
R11
R8
Area 0
R6
R5
R3
R4
R1
R2
Area 10 ABR
R7
CCNP
Routing
300 – 101
32 | P a g e
ATN Education
OSPF network types
Broadcast network
❖ Elect a DR and BDR: Yes
❖ Default hello interval: 10 seconds (* 4 dead timer)
❖ Uses the neighbor command: No
Point-to-point network
❖ Elect a DR and BDR: No
❖ Default hello interval: 10 seconds
❖ Uses the neighbor command: No
Non-Broadcast Multi-Access (NBMA)
❖ Elect a DR and BDR: Yes
❖ Default hello interval: 30 seconds * 4 dead
❖ Uses the neighbor command: Yes
R4
R5
R3
R6
R1
R2
R2 R1
PPP or HDLC
IP WAN
R4
R3
R2
R1
Frame
Relay
OSPF Priority 0
CCNP
Routing
300 – 101
33 | P a g e
ATN Education
Point-to-multipoint
❖ Elect a DR and BDR: No
❖ Default hello interval: 30 seconds
❖ Uses the neighbor command: No
OSPF network type’s summary
• Broadcast is the default network type on Ethernet networks
• Point-to-pint is the default network type on frame relay
Point-to-point sub interface
• Non-broadcast (NBMA) is the default network type on frame-relay
Physical interface and multipoint sub interface
Network types Elect a DR & BDR Default hello interval Uses the neighbor command
Broadcast Yes 10 seconds No
Point-to-point No 10 seconds No
Non-broadcast Yes 30 seconds Yes
Point-to-multipoint No 30 seconds No
R4
R3
R2
R1
Frame
Relay
CCNP
Routing
300 – 101
34 | P a g e
ATN Education
Designated router and backup designated routers (DR and BDR)
Of adjacencies = [n*(n-1)] 1/2,
Where n = The number of routers
• Adjacency only need to be formed with DR & BDR
224.0.0.5 - All OSPF routers
224.0.0.6 - All designated routers
How a DR is elected
• The hello protocol is used to elect a DR
• During a DR election, the router with the highest OSPF priority value wins
• The OSPF priority value is associated with an interface and can be a value in the range 0 – 255
• An OSPF priority value of ‘0’ means that the router will not become the DR
• The default OSPF priority value of an interface is ‘1’
• The OSPF priority of an interface can be configured using the
IM # IP OSPF priority ________
(Value)
• If the priority tie, the router with the highest router-ID (RID) become the DR
• A router’s RID can be configured in router configuration mode, with the command
RM # router-ID _____________
(IPv4 address)
• If an RID is not configured, the highest IP address of a loopback interface that is currently up (
becomes the router ID)
• If a router has no loopback interface the highest IP address of a non-loopback interface (that is
currently up) becomes the RID
BDR DR
CCNP
Routing
300 – 101
35 | P a g e
ATN Education
OSPF timer
Hello timer
• The interval (in seconds) at which a router sends hello message out of an OSPF-enable interface
Dead timer
• The time in second that an OSPF-enabled interface will wait to receive a hello message from an
adjacency, before considering that adjacencies to be down
Dead timer = hello timer * 4
PM # Show IP OSPF interface Fastethernet 0/0
IM # IP OSPF hello 30
OSPF passive interface
RM # passive-interface default
RM # passive interface fastethernet 0/0
Link state advertisements types
Type 1 LSA (Router LSA) – Advertising its directly connected
Type 2 LSA (Network LSA) – Generated by DR
Type 3 LSA (Network summary) – Generated by ABR
Type 4 LSA (ASBR summary)
Type 5 LSA (AS external LSA) – Advertising external router
Type 7 LSA (NSSA external LSA)
Stub area
Only type 1 and type 3
Type 3
R3
R2
R1
Area 0 Area 1
Type 1
SA
CCNP
Routing
300 – 101
36 | P a g e
ATN Education
Totally stubby area
Only type 1 and type 3 as a default
Not-so-stubby area
Only type 1, type 3 and type 7
Totally NSSA
Save as NSSA
Stub area configurations
Stubby area and totally stubby area
• Stubby area
RM # Area 1 stub
• Totally stubby area
RM # Area 1 stub no-summary
Type 3 default
Type 3 LSA
Type 2 LSA
Type 1 LSA
R1
Type 1
Area 0 Area 1
ASBR
Type 3
R3
R2
R1
Type 1 Type 1
Type 2
Type 4 Type 7
Type 5 ABR
Type 3 default Type 3 LSA Type 7 LSA
R1
Type 1 LSA
CCNP
Routing
300 – 101
37 | P a g e
ATN Education
Not-so-stubby area and totally NSSA
• Not-so-stubby area
RM # Area 1 NSSA
• Totally Not-so-stubby area
RM # Area 1 NSSA no-summary
OSPF root summarization
Configuration in ABR
RM # Area 1 range ___________ ____________
Configuration in ABR
RM # Summary-address ____________ _____________
ABR- Area range
ASBR- Summary-address
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.0.0/22
CCNP
Routing
300 – 101
38 | P a g e
ATN Education
Virtual link configuration
In R2
RM # Area 1 virtual-link 3.3.3.3
In R3
RM # Area 1 virtual-link 2.2.2.2
Show commands
PM # Show IP OSPF neighbor
PM # Show IP OSPF virtual-link
Shortest Path Algorithm
From node 10.1.1.0 10.2.2.0 10.3.3.0 10.4.4.0 10.5.5.0
R1 Via R1
1
Via R1
10
10.1.1.0 Via R1
1
Via R1
10
Via 10.1.1.0
1+1+1=3
10.3.3.0 Via R1
1
Via R1
10
Via 10.1.1.0
3
Via 10.3.3.0
3+1+10=14
Via 10.3.3.0
3+1+1=5
10.5.5.0 Via R1
1
Via R1
10
Via 10.1.1.0
3
Via 10.3.3.0
14
Via 10.3.3.0
5
10.2.2.0 Via R1
1
Via R1
10
Via 10.1.1.0
3
Via 10.3.3.0
14
Via 10.3.3.0
5
2.2.2.2
3.3.3.3 1.1.1.1 Area 0
Area 1 Area 2
1
1
1
1 1 1
1 10
10
10 10
10
R6
R5
R4
R3
R2
R1
10.1.1.0/24 10.2.2.0/24 10.4.4.0/24
10.3.3.0/24 10.5.5.0/24
CCNP
Routing
300 – 101
39 | P a g e
ATN Education
OSPF metric calculation
• The default reference bandwidth 100.000.000 bits per second (100 mbps)
OSPF E1 VS E2 routers
• E1- OSPF external type 1 routers
• E2- OSPF external type 2 routers
Sw3
Sw2
Sw1
10
100 100
Auto – cost Reference – Bandwidth __________
(Value)
Cost = Ref.BW / INT.BW
CCNP
Routing
300 – 101
40 | P a g e
ATN Education
Border gateway protocol (BGP)
Fundamentals of BGP concepts
• Forms neighbor ship
• Neighbor’s IP address is explicitly configured
• A TCP session is established between neighbor
• Advertises address prefix and length (called network layer reachability information NLRI)
• Advertises a collection of path attributes that can be used for path selection
• Path vector routing protocol
Topology
• Internal BGP (IBGP) neighbor
A BGP neighbor in the same autonomous system
• External BGP (RBGP) neighbor
A BGP neighbor in a different autonomous system
Fa 0/1 Fa 0/0 Fa 0/1
R – ID 5.5.5.5 ISPI
AS 65004
Fa 0/0
Fa 0
/0
203.0.113.0/30
203.0.113.4/30
R – ID 4.4.4.4 F
a 0/1
Fa 0
/0
AS 65002
Fa 0
/0
R – ID
3.3.3.3
ISPI
AS 65003
R – ID 2.2.2.2
R – ID 1.1.1.1
192.0.2.0/24 R1 R
2
AS 65001
CCNP
Routing
300 – 101
41 | P a g e
ATN Education
Configuration
R1
GM# Router BGP __65001__
RM# BGP router-ID __1.1.1.1__
RM# Network 192.0.2.0 mask 255.255.255.0
RM# neighbor 192.0.2.0 remote-AS __65001__
R2
GM # Router BGP __65001__
RM # BGP router-ID 2.2.2.2
RM # Network 192.0.2.0 mask 255.255.255.0
RM # Network 198.51.100.0 mask 255.255.255.252
RM # Network 198.51.100.4 mask 255.255.255.252
RM # Neighbor 192.0.2.1 remote-as __65001__
RM # Neighbor 192.51.100.2 remote-as __65002__
RM # Neighbor 192.51.100.6 remote-AS __650014__
Verification commands
R1 -
PM # Show IP route
PM # Ping 9.9.9.9
BGP data structure
• External BGP (EBGP)
Administrative distance (AD) =20
• Internal BGP (IBGP)
Administrative distance (AD) =200
R2
PM # Show IP BGP summary
PM # Show IP BGP neighbors
PM # Show IP BGP
PM # Show IP route BGP
BGP neighbor table BGP table
Routing information base (RIB)
IP routing table
CCNP
Routing
300 – 101
42 | P a g e
ATN Education
BGP message types
• Open
• Keep alive
• Update
• Notification
Open message
• Includes BGP version number, local as number, hold time, BGP router ID, optional parameter
Keep alive
• A message header that keeps the hold timer from expiring
Update message
• Can contain with drawn routes, path attributes, and NLRI
Notification
• Contain an error code, an error sub code and information about the error
BGP peer groups
• Reduces a BGP router’s CPU load by greeting an update once per group, rather than once per
neighbor
NOTE: We can filter using distribute list or IP prefix list
R2
GM # router BGP 65001
RM # neighbor route-PG peer-group
RM # neighbor route-PG prefix-list route-demo in
(Prefix list name)
RM # neighbor 198.51.100.2 peer-group route-PG 198.51.100.6
(1 SP 1) (1 SP 2)
State = Open confirm
R1 R
2
State = Idle State = Idle
Setup a TCP session State = Connect State = Connect
Often message sent to peer
State = Open sent State = Open sent
Often message received for keep alive
State = Open confirm
Neighbor established
State = Established State = Established
CCNP
Routing
300 – 101
43 | P a g e
ATN Education
Show command
PM # Show IP prefix-list
IP prefix-list route in 5 entries
➢ SEQ 10 deny 10.0.0.8/8 LE 32
➢ SEQ 20 deny 172.168.0.0/12 LE 32
➢ SEQ 30 deny 192.198.0.0./16 LE 32
➢ SEQ 40 permit 0.0.0.0/0 GE 8
Advanced BGP concepts
• Path selection criteria
The weight attribute
R2
GM # Route-map set-weight 10
(Route-map) # Set weight 10
(Route-map) # Exit
GM # Router BGP 65001
RM # Neighbor 198.51.100.6 route-map set-weight 10
PM # Clear IP BGP* soft
PM # Show IP BGP
The local preference attribute
R2
GM # route-map ISP1
(Route-map) # set local-preference 50
(Route-map) # Exit
GM # Route-map ISP2
(Route-map) # Set local-preference 150
(Route-map) # Exit
GM # Router BGP 65001
RM # Neighbor 198.51.100.2 route-map ISP1 in
RM # Neighbor 198.51.100.6 route-map ISP2 in
PM # Clear IP BGP * soft
PM # Show IP BGP
CCNP
Routing
300 – 101
44 | P a g e
ATN Education
The as path attribute
R2
GM # Route-map long-as-path
(Route-map) # Set as-path prepend 65001 65001 65001
(Route-map) # Exit
GM # Router BGP 65001
RM # Neighbor 198.51.100.2 route-map long-as-path out
PM # Clear IP BGP * soft
PM # Show IP BGP
The med attribute
R2
GM # Route-map med-10
(Route-map) # Set metric 10
(Route-map) # Exit
GM # Route-map med-20
(Route-map) # Set metric 20
(Route-map) # Exit
GM # Router BGP 65001
RM # Neighbor 198.51.100.2 route-map med-20 out
RM # Neighbor 198.51.100.2 route-map med-10 out
PM # Clear IP BGP * soft
PM # Show IP BGP
CCNP
Routing
300 – 101
45 | P a g e
ATN Education
Route redistribution
• Allows routes leavened from one routing source to be inject into a routing protocol
Route redistribution fundamentals
• The need for route redistribution
➢ An enterprise has more than one IGP
➢ Company merger
➢ Different deportments under different administration control
➢ Connection to partner network
➢ An IGP routes need to be advertised into BGP
➢ BGP routes need to be advertise into an BGP
Mutual route redistribute
• Occurs when two routing protocol each inject the routes they have learned in to each other
The ‘redistribute’ commands
• A router configuration mode command that says, “redistribute routes from the specified routing
source into this routing protocol”
Seed metric
• Assigned, by default, to redistributed roots, when no manually configured
Routing protocol Default seed matric
RIP Infinity
EIGRP Infinity
OSPF 20 ( 1 for BGP)
BGP Uses the BGP metric value
Mutual rate redistribution configuration
R2
GM # Router OSPF 10
RM # Redistribute EIGRP 21 subnet
R2
GM # Router EIGRP 21
RM # Redistribute OSPF 2
# Default-metric
Verification
PM # Show IP route
PM # Show IP EIGRP topology
PM # Show IP OSPF database
CCNP
Routing
300 – 101
46 | P a g e
ATN Education
Route redistribution with route maps
Topology
R2
GM # Access-list 1 permit 3.3.3.3 0.0.0.0
(ACL no) (Address) (Wildcard mask)
GM # Route-map LAB deny 10
(Route-map name) (Action) (SEQ no)
(Route-map) # Match IP address 1
(ACC no)
• (Route-map) # Exit
• GM # Router OSPF 10
• RM # Redistribute EIGRP 21 subnet route-map LAB
(Route-map name)
Verification
R2
PM # Show route-map
R1
PM # Show IP route
Resolving route redistribution issues
➢ Higher metric
➢ Administrative distance
➢ Filter redistributed routes
➢ Tags
CCNP
Routing
300 – 101
47 | P a g e
ATN Education
Administrative distance
R2
GM # Router OSPF 10
RM # distance 80
(AD)
# Exit
Verification
R2
PM # Show IP route
Tags
R2
GM # Route-map tag10
(Route-map name)
(Route-map) # Set tag 10
# Exit
GM # route-map denytag10 deny 10
(Route-map name) (Access) (SEQ no)
(Route-map) # Match tag 10
# Exit
GM # route-map denytag10 permit 20
(Route-map) # Exit
GM # router OSPF 10
RM # redistribute EIIGRP 221 subnet route-map tag10
# Exit
GM # Router EIGRP 21
RM # Redistribute OSPF 10 metric
CCNP
Routing
300 – 101
48 | P a g e
ATN Education
Policy based routing (path control)
Fundamentals
➢ Layer 2 FCS
➢ Layer 2 header removed
➢ Forward based on destination IP address
Policy based routing
➢ Layer 2 FCS
➢ Layer 2 header removed
➢ Forward based on route map instruction
Route map
• Match
➢ IP address
➢ Range of packet lengths
• Set
➢ Next-hop IP address
➢ Default next-hop IP address
➢ Interface
➢ Default interface
CCNP
Routing
300 – 101
49 | P a g e
ATN Education
Policy best routing configuration
Client
Tracer 198.51.100.3
Next-hop 192.0.2.0
203.0.113.6
198.31.100.63
R1
GM # Access-list 100 (ACL no) permit IP host 192.0.2.2 host 198.51.100.3
GM # route-map client to server
(Route-map) # Metric IP address 100
(ACL no)
# Set IP next-hop 203.0.113.2
# Exit
GM # Interface fast Ethernet 0/0
IM # IP policy route-map client to server
Verification
R1
PM # show route-map
Client
Tracer 198.51.100.3
Next-hop 192.0.2.1
203.0.113.2
198.31.100.3
CCNP
Routing
300 – 101
50 | P a g e
ATN Education
Virtual private network (VPN)
Remote site connectivity fundamentals
Traditional Remote Connectivity Solutions
• Frame – Relay, ATM, Leased lines
Benefits
• Can use common broadband technologies [Example: DSL and cable]
• Can scale to many connections [i.e. new connections just need internet network]
• Can securely transmit data over an untrusted network [Example: the internet]
Types of VPNs used for Remote Access
• MPLS – Based VPNS
• Tunnel- Based VPNS
• Hybrid VPNS
MPLS [Multi – protocol Label Switching]
• A technology that Allows routers to forward traffic based on labels , as opposed to network
address
L2 header 32-bit shim
header
L3
header
Payload
Layer 2 MPLS VPNs
VPN
R2 R1 Location B Location A
Internet
Location D
Location B
Location C
CPE
Location A
CPE
CPE
CPE
ELSR ELSR
LSR
LSR
LSR
LSR
CCNP
Routing
300 – 101
51 | P a g e
ATN Education
Label Switch Router [LSR]
• An MPLS router that receives and transmit MPLS frames to and from another MPLS router,
while making a forwarding decision based on label information and rewriting the lables
Edge Label Switch Rooter [ELSR]
• An MPLS router that adds lable information to traffic coming from a customer premise
equipment [CPE] router, and removes lable information from traffic being sent to a CPE router
Layer 2 MPLS VPNS
• Allows routers at different customer sites to appear as if they are layer 2 adjacent and from
peering relationship
ELSR
• Also known as a provider Edge [PE] router
CPE
• Also known as a customer Edge [CE] router
Layer 3 MPLS VPN
• Allows CPE [CE] routers and ELSR [PE] routers to form peering relationships
Tunnel -Based VPN
VPN Technologies that use Virtual Tunnels
1. Generic Routing Encapsulation [GRE]
2. Dynamic Multipoint VPN [DMVPN]
3. Multipoint GRE
4. IPsec
GRE Tunnel theory and configuration
Generic Routing Encapsulation [GRE]
• A type of tunnel that can encapsulate multiple layer 3 protocols
GRE Tunnel
Internet
CCNP
Routing
300 – 101
52 | P a g e
ATN Education
GRE Tunnel inside an IPsec Tunnel
LAB Topology
Configuration
R1
GM # Interface tunnel 1
# IP address 192.168.0.1 255.255.255.252
# Tunnel source loopback 0
# Tunnel destination 4.4.4.4
R4
GM # Interface tunnel 1
# IP address 192.168.0.2 255.255.255.252
# Tunnel source loopback 0
# Tunnel destination 1.1.1.1
Verification
PM # Show IP interface brief
PM # Show interface tunnel 1
IPsec Tunnel
Internet
Tunnel 1 192.168.0.2/30
Tunnel 1 192.168.0.1/30
198.51.100.0/30 203.0.113.0/30 192.0.2.0/30
LO 0 3.3.3.3/32
LO 0 2.2.2.2/32
R4 R
3 R
2 R
1
S1/1 S1/1 S1/0 S1/0 S1/0 S1/0
GRE Tunnel
CCNP
Routing
300 – 101
53 | P a g e
ATN Education
DMVPN and MGRE Theory
Dynamic Multipoint VPN [DMVPN]
• Allows VPN tunnels to be setup and turn down on an as-needed basis
Multipoint GRE [MGRE]
• Allows a single router interface to have multiple GRE tunnels
Next Hop Resolution Protocol (NHRP)
• Allows an interface configured for MGRE to discover the ip address of the device at the
far end of a tunnel
NHRP Database
Tunnel Interface IP Physical Interface IP
10.0.0.1 192.0.2.1
10.0.0.2 203.0.113.1
10.0.0.3 198.51.100.1
Verification (Configuration covers at security track)
PM # Show IP NHRP
H/Q
198.51.100.1
10.0.0.2 is at 203.0.113.1
192.0.2.1
A
B
C
Headquarters
Branch – C
Branch – B
Branch – A
mGRE Interface
mGRE Interface mGRE Interface
Dynamic Multipoint
VPN tunnel
CCNP
Routing
300 – 101
54 | P a g e
ATN Education
IPsec Theory
A collection of protocols used to secure traffic being transmitted over a tunnel
Benefits of IPsec
• Confidentiality
• Integrity
• Authentication
• Anti – reply
Internet Key Exchange (IKE)
• A protocol used to set up a security association (SA) which includes information such as
encryption type and hashing type for a secure tunnel
IPsec Operation
Internet Security Association and key management protocol (ISAKMP)
• A protocol used IKE to negotiate the security parameters used establish an IKE phase 1
tunnel
(For DMVPN)
IKE Phase 2 tunnel
PC2
PC1 R2 R1
STEP 1
STEP 2
IKE Phase 1 tunnel
STEP 3
IKE Phase 1 tunnel
STEP 4
STEP 5