Articles

OSPF

In Network Basics, Network Planning, OSPF on May 31, 2011 by carlosfvc Tagged: , , , , , , , , , , , , , , , , , , , , , ,

– How is OSPF?

OSPF is a fairly complex protocol made up of several protocol handshakes, database advertisements, and packet types.

Link-State Routing Protocols

  • They respond quickly to network changes.
  • They send triggered updates when a network change occurs.
  • They send periodic updates, known as link-state refresh, at long time intervals, such as every 30 minutes.
  • Uses cost as metric.
  • Protocol identifier of 89 in the IP header indicates an OSPF packet
  • Each interface participating in OSPF uses the IP multicast address 224.0.0.5 to periodically send hello packets

Link-state routing protocols generate routing updates only when a change occurs in the network topology.

  1. When a link changes state, the device that detected the change creates a link-state advertisement (LSA) concerning that link.
  2. The LSA propagates to all neighboring devices using a special multicast address.
  3. Each routing device stores the LSA, forwards the LSA to all neighboring devices (in same area).
  4. This flooding of the LSA ensures that all routing devices can update their databases and then update their routing tables to reflect the new topology.
  5. The LSDB is used to calculate the best paths through the network.
  6. Link-state routers find the best paths to a destination by applying Dijkstra’s algorithm, also known as SPF, against the LSDB to build the SPF tree.
  7. Each router selects the best paths from their SPF tree and places them in their routing table.

For all the routers in the network to make consistent routing decisions, each link-state router must keep a record of the following information:

  • Its immediate neighbor routers.
  • All the other routers in the network, or in its area of the network, and their attached networks.
  • The best paths to each destination.

OSPF neighbor table = adjacency database

OSPF topology table = OSPF topology database = LSDB

Routing table = forwarding database

OSPF Area Structure

If an area becomes too big, the following issues need to be addressed:

  • Frequent SPF algorithm calculations.
  • Large routing table— OSPF does not perform route summarization by default.
  • Large LSDB

Solutions:

  • Link-state routing protocols usually reduce the size of the Dijkstra calculations by partitioning the network into areas.

Advantages of OSPF areas

  • Reduced frequency of SPF calculations.
  • Smaller routing tables
  • Reduced LSU overhead

OSPF uses a two-layer area hierarchy:

  • Backbone area
  • Regular (nonbackbone) area – subtypes standard area, stub area, totally stubby area, not-so-stubby area (NSSA), and totally stubby NSSA

• An area should have no more than 50 routers.

• A router should not be in more than three areas.

Area Terminology

  • Internal router
  • Backbone router
  • Area Border Router (ABR)
  • Autonomous System Boundary Router (ASBR)

OSPF Adjacencies

  1. The router sends and receives hello packets to and from its neighboring routers. The destination address is typically a multicast address.
  2. The routers exchange hello packets subject to protocol-specific parameters, such as checkingwhether the neighbor is in the same area, using the same hello interval, and so on. Routers declare the neighbor up when the exchange is complete.
  3.  After two routers establish neighbor adjacency using hello packets, they synchronize their LSDBs by exchanging LSAs and confirming the receipt of LSAs from the adjacent router. The two neighbor routers now recognize that they have synchronized their LSDBs with each other. For OSPF, this means that the routers are now in full adjacency state with each other.
  4.  If necessary, the routers forward any new LSAs to other neighboring routers, ensuring complete synchronization of link-state information inside the area.

Notes: OSPF routers on broadcast networks, such as LAN links, elect one router as the designated router (DR) and another as the backup designated router (BDR). All other routers on the LAN form full adjacencies with these two routers and pass LSAs only to them. The DR forwards updates received from one neighbor on the LAN to all other neighbors on that same LAN. One of the main functions of a DR is to ensure that all the routers on the same LAN have an identical LSDB. Thus, on broadcast networks, an LSDB is synchronized between a DROTHER (a router that is not a DR or a BDR) and its DR and BDR.

The DR passes its LSDB to any new routers that join that LAN. Having all the routers on that LAN pass the same information to the new router is inefficient, so the one DR router represents the other routers to a new router on the LAN or to other routers in the area. Routers on the LAN also maintain a partial-neighbor relationship, called a two-way adjacency state, with the other routers on the LAN that are not the DR or BDR, the DROTHERs.

LSAs have the following characteristics:

  • LSAs are reliable. There is a method for acknowledging their delivery.
  • LSAs are flooded throughout the area (or throughout the domain if there is only one area).
  • LSAs have a sequence number and a set lifetime, so each router recognizes that it has the most current version of the LSA.
  • LSAs are periodically refreshed to confirm topology information before they age out of the LSDB.

OSPF Metric Calculation

For OSPF, the default behavior on Cisco routers is that the interface cost is calculated based on its configured bandwidth. The higher the bandwidth, the lower the cost. The default OSPF cost on Cisco routers is calculated using the formula (100) / (bandwidth in megabits per second [Mbps]).

So, a DS-3 interface, with a configured bandwidth of 45000 kbps, has a cost of:

100,000,000 / 45,000 = 2222

• 56-kbps serial link—Default cost is 1785.
• 64-kbps serial link—Default cost is 1562.
• T1 (1.544-Mbps serial link)—Default cost is 64.
• E1 (2.048-Mbps serial link)—Default cost is 48.
• Ethernet—Default cost is 10.
• Fast Ethernet—Default cost is 1.
• FDDI—Default cost is 1.
• ATM—Default cost is 1.

Link-State Data Structures

  • Each LSA entry has its own aging timer
  • After a default of 30 minutes the router that originated the entry resends the LSA, with a higher sequence number, in a link-state update (LSU), to verify that the link is still active.
  • If the LSA were to reach its maximum age (max age) of 60 minutes, it would be discarded.

Benefit: This LSA validation method saves on bandwidth compared to distance vector routers, which send their entire routing table at short, periodic intervals.

OSPF Packets

  • Neighbor discovery, to form adjacencies
  • Flooding link-state information, to facilitate LSDBs being built in each router
  • Running SPF to calculate the shortest path to all known destinations
  • Populating the routing table with the best routes to all known destinations

 Data— Contains different information, depending on the OSPF packet type:

  • For the hello packet—Contains a list of known neighbors.
  • For the DBD packet—Contains a summary of the LSDB, which includes all known router IDs and their last sequence number, among several other fields.
  • For the LSR packet—Contains the type of LSU needed and the router ID of the router tha thas the needed LSU.
  • For the LSU packet—Contains the full LSA entries. Multiple LSA entries can fit in one OSPFupdate packet.
  • For the LSAck packet—This data field is empty.

Establishing OSPF Neighbor Adjacencies: Hello

The Hello protocol establishes and maintains neighbor relationships by ensuring bidirectional (two-way) communication between neighbors and the package contain:

  • Router ID
  • Hello and dead intervals (must match between neighbors)
  • Area ID (must match between neighbors)
  • Router priority
  • DR and BDR IP addresses
  • Authentication password (if enabled)
  • Stub area flag (must match between neighbors)

Note

For routers to establish an adjacency on an interface, the primary IP addresses on the routers’ interfaces  must also be on the same subnet with the same mask, and the interface maximum transmission unit (MTU) must match.

Exchange Process and OSPF Neighbor Adjacency States

  1. Down: It begins by sending a hello packet through each of its interfaces participating in OSPF, even though it does not know the identity of the DR or of any other routers. The hello packet is sent out using the multicast address 224.0.0.5.
  2. Init: All directly connected routers running OSPF receive the hello packet from Router  and add Router to their list of neighbors.
  3. All routers that received the hello packet send a unicast reply packet to Router with their corresponding information. The Neighbor field in the hello packet includes all other neighboring routers, including Router .
  4. Two-way: When Router receives these hello packets, it adds all the routers that have its router ID in their hello packets to its own neighbor relationship database.

If a router joins a broadcast network in which there is already a DR and BDR, it will get to the neighbor two-way state with all routers, including the DR and BDR, and those that are DROTHER (not DR or BDR). The joining router will continue to form full bidirectional adjacencies only with the DR and BDR.

OSPF Neighbor StatesThe following is a brief summary of the states OSPF may pass through before becoming adjacent to (neighbors with) another router:

• Down: No active neighbor detected.

• Init: Hello packet received.

• Two-way: Router sees its own router ID in a received hello packet.

• ExStart: Master/slave roles determined.

• Exchange: DBDs (summary of LSDB) sent.

• Loading: Exchange of LSRs and LSUs, to populate LSDBs.

• Full: Neighbors fully adjacent.

Network instability SPF calculation

The timers throttle spf router configuration command, introduced in Cisco IOS Software Release 12.2(14)S, enables the OSPF throttling feature so that the SPF calculations can be potentially delayed during network instability.

LSA Sequence number:

show ip ospf database

debug ip ospf packet

Configuring and Verifying Basic OSPF Routing

Considerations for OSPF include the following:

IP addressing plan— The IP addressing plan governs how OSPF can be deployed and how well the OSPF deployment will scale. A detailed hierarchical IP subnet and addressing plan must be produced, to enable OSPF summarization, allow the network to scale more easily, and to optimize OSPF behavior.

Network topology— The topology consists of the devices (routers, switches, and so on) and the links connecting them. A detailed network topology should be created to assess OSPF scalability requirements and to determine which OSPF features might be required (for example, multiple areas, OSPF summarization, stub areas, and redistribution). The topology should include backup links where necessary.

OSPF areas— Dividing an OSPF network into areas decreases the LSDB size and limits the propagation of link-state updates when the topology changes. The routers that are to be ABRs and ASBRs must be identified, as are those that are to perform any summarization or redistribution.

After the requirements have been assessed, the implementation plan can be created. The implementation plan should include the following steps:

• Define the network requirements

• Gather the required parameters

• Define the OSPF routing parameters

• Configure OSPF

• Verify the OSPF configuration

Basic configuration:

router process-id

network ip-address wildcard-mask area area-id  example network 10.0.0.0 0.255.255.255 area 0 or

ip ospf process-id area area-id  interface configuration command

OSPF Router ID

An OSPF router ID uniquely identifies each OSPF router in the network. The OSPF routing process chooses a router ID for itself when it starts up. The router ID is a unique number in IP address format that can be assigned in the following ways:

  1. By default, the highest IP address of any active physical interface when OSPF starts is chosen as the router ID. The interface does not have to be part of the OSPF process, but it has to be up. There must be at least one “up” IP interface on the router for OSPF to use as the router ID. If no up interface with an IP address is available when the OSPF process starts, the following error message occurs:R1(config)#router ospf 12w1d: %OSPF-4-NORTRID: OSPF process 1 cannot start.
  2. Alternatively, if a loopback interface exists, its IP address will always be preferred as the router ID instead of the IP address of a physical interface, because a loopback interface never goes down. If there is more than one loopback interface, the highest IP address on any active loopback interface becomes the router ID.
  3. Alternatively, if the router-id ip-address OSPF router configuration command is used, it will override the use of the address of a physical or loopback interface as the router ID. Using the router-id command is the preferred procedure for setting the router ID.

The OSPF database uses the router ID to uniquely describe each router in the network.

Configuration

Router(config)#router ospf  1

Router(config-router)#router-id  172.16.1.1

Router#clear ip ospf process

Verifying

show ip ospf

Loopback interfaces

first define a loopback interface with the interface loopback number global configuration command, and then configure an IP address on the loopback interface.

To verify that OSPF has been properly configured, use the following show commands:

  •  show ip ospf
  •  show ip ospf interface [type number] [brief]
  • show ip ospf neighbor [type number] [neighbor-id] [detail]
  •  show ip route ospf
  • show ip protocols
  • debug ip ospf events
  • debug ip ospf adj
  • debug ip ospf packet

Types of OSPF Networks

• Point-to-point— A network that joins a single pair of routers.

• Broadcast— A multiaccess broadcast network, such as Ethernet.

• Nonbroadcast multiaccess (NBMA)— A network that interconnects more than two routers but that has no broadcast capability.

Electing a DR and BDR and Setting Priority

To elect a DR and BDR, the routers view the OSPF priority value of the other routers during the hello packet exchange process and then use the following conditions to determine which router to select:

  • The router with the highest priority value is the DR
  • The router with the second-highest priority value is the BDR.
  • The default for the interface OSPF priority is 1. In case of a tie, the router ID is used.
  • A router with a priority of 0 cannot become the DR or BDR. A router that is not the DR or BDR is a DROTHER.
  • If a router with a higher priority value gets added to the network, it does not preempt the DR and BDR. The only time a DR or BDR changes is if one of them goes out of service. If the DR is out of service, the BDR becomes the DR, and a new BDR is selected. If the BDR is out of service, a new BDR is elected.

Configuring

Use the ip ospf priority number interface configuration command

Adjacency Behavior for a Point-to-Point Link

The default OSPF hello and dead intervals on point-to-point links are 10 seconds and 40 seconds, respectively. (The hello and dead timers can be changed with the ip ospf hello-interval seconds and ip ospf dead-interval seconds interface configuration commands.)

OSPF Nonbroadcast Mode Configuration

After you enable the OSPF process for specific interfaces, you configure nonbroadcast mode by
• Manually configuring OSPF neighbors
• Defining the OSPF network type as nonbroadcast (unless it is the default)

Use the neighbor ip-address [priority number] [poll-interval number] [cost number] [database-filter all] router configuration command to statically define adjacent relationships in NBMA networks using the nonbroadcast mode.

Configuring hub:

router ospf 10
network 192.186.1.0 0.0.0.255 area 0
neighbor 192.168.1.2 priority 0
neighbor 192.168.1.3 priority 0

interface s1/0
ip address 192.168.1.2 255.255.255.252
ip ospf priority 0

Verify neighborship status:

show ip ospf neighbor

Point-to-multipoint mode has the following properties:

  • Does not require a full-mesh network.
  • Does not require a static neighbor configuration
  • Duplicates LSA packets

Config:

RouterA(config)#interface Serial0/0/0
RouterA(config-if)#ip address 192.168.1.1 255.255.255.0
RouterA(config-if)#encapsulation frame-relay
RouterA(config-if)#ip ospf network point-to-multipoint

RouterA(config)#router ospf 100
RouterA(config-router)#log-adjacency-changes
RouterA(config-router)#network 172.16.0.0 0.0.255.255 area 0
RouterA(config-router)#network 192.168.1.0 0.0.0.255 area 0

RouterC(config)#interface Serial0/0/0
RouterC(config-if)#ip address 192.168.1.3 255.255.255.0
RouterC(config-if)#encapsulation frame-relay
RouterC(config-if)#ip ospf network point-to-multipoint

RouterC(config)#router ospf 100
RouterC(config-router)#log-adjacency-changes
RouterC(config-router)#network 192.168.1.0 0.0.0.255 area 0

OSPF Configuration in Cisco Point-to-Multipoint Nonbroadcast Mode

  • Cisco extension
  • Statically define neighbors
  • Cost of the link to the neighboring router to reflect the different bandwidths of each link
  • DRs and BDRs are not elected.

Using Subinterfaces in OSPF over Frame Relay Configuration

  • A physical interface can be split into multiple logical interfaces called subinterfaces.
  • Subinterfaces were originally created to better handle issues caused by split horizon over NBMA for distance vector-based routing protocols.
  • Each subinterface requires an IP subnet
  • interface serial number.subinterface-number {multipoint | point-to-point}global configuration command.

RouterA#
interface Serial0/0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0/0.1 point-to-point
ip address 192.168.1.1 255.255.255.0
frame-relay interface-dlci 121
interface Serial0/0/0.2 point-to-point
ip address 192.168.2.1 255.255.255.0
frame-relay interface-dlci 132
RouterB#
interface Serial0/0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0/0.1 point-to-point
ip address 192.168.1.2 255.255.255.0
frame-relay interface-dlci 122

Multipoint

interface Serial0/0/0.2 multipoint
ip address 192.168.2.1 255.255.255.0
<output omitted>
router ospf 100
network 192.168.0.0 0.0.255.255 area 0
neighbor 192.168.2.2 priority 0
neighbor 192.168.2.3 priority 0
RouterB#
interface Serial0/0/0
ip address 192.168.1.2 255.255.255.0
<output omitted>
RouterC#
interface Serial0/0/0
ip address 192.168.2.2 255.255.255.0
ip ospf priority 3

Note
Recall that, by default, OSPF advertises loopback interface addresses as /32 host routes. If the ip ospf network point-to-point command is configured on a loopback interface, OSPF advertises the actual loopback subnet mask, instead of a /32 host route.

Displaying OSPF Adjacency Activity
Use the debug ip ospf adj command to track OSPF adjacencies as they go up or down

Understanding OSPF LSAs

  • LSA Type 1 – Router – contains router links and state and is flooded into the area of origin
  • LSA Type 2 – Network – generated by DR – lists all attached routers – flooded into the area of origin.
  • LSA Type 3 – Network Summary – generated by ABR’s sent into an area to advertise prefixes to other areas – flooded throughout the Autonomous System.
  • LSA Type 4 – ASBR Summary – generated by ABR’s – advertises the ASBR – flooded throughout the Autonomous System
  • LSA Type 5 – AS External – generated by ASBR – advertises external destination – flooded throughout the Autonomous System
  • LSA Type 7 – NSSA External – generated by the ASBR in a not so stubby area – advertises external destination.

– By default, OSPF does not automatically summarize groups of contiguous subnets, or even summarize a network to its classful boundary.

Advertisements

Articles

EIGRP

In EIGRP on May 11, 2011 by carlosfvc Tagged: , , , , , , , , , , , , , , , , , , , ,

EIGRP

Fast Convergence:
Uses Dual
Store all the network topology

Partial Updates
Triggered updates only changes occurred
Consumes less bandwidth

Multiple network layer support
IPV4 and IPV 6 support

Use of multicast and unicast
Address is 224.0.0.10

Variable-lenght subnet masking (VLSM) support

Operates in same way on LAN and WAN environments

Sophisticated metric
Unequal load balancing (improve use of traffic)

Protocols number is 88

Summarization can be enable in any interface. (decrease the size of the routing table)

Uses Hello packets to ensure the neighbor is still alive

Reliable Transport Protocol (RTP) responsible for guarantee the EIGRP packets delivery to all neighbors

EIGRP Terminology

– Neighbor table
– Topology table (all the destinations advertised by the neighbors)
– Advertised distance (cost between the local router and the next-hop router)
– Feasible distance  ( sum of these ADs costs is referred to as the feasible distance (FD)
– Successor (Installed in the routing table)

Verifying

show ip eigrp topology all-links (all the IP entries in the topology table)
show ip eigrp topology  ( only the successors and feasible successors)

Routers states :

Active or passive.
Considered passive when the router is not performing recomputation on that route. A route is active when it
is undergoing recomputation

EIGRP sends out five different types of packets:

hello, update, query, reply, and acknowledge (ACK).

– Hello and Hold Intervals

The time interval of hello packets varies depending on the medium. By default, hello packets are sent every 60 seconds on T1 or slower NBMA interfaces and every 5 seconds on other serial interfaces and on LANs.

The default hold-time value is 15 seconds on LAN and fast WAN interfaces and 180 seconds on slower WAN interfaces

Changing
ip hello-interval eigrp as-number seconds
ip hold-time eigrp as-number seconds

Tip
Two routers can become EIGRP neighbors even though the hello and hold time values do not match. This means that the hello interval and hold-time values can be set independently on different routers.

Verify
show ip eigrp neighbors

Neighborship

1. A new router (Router A in Figure 2-4) comes up on the link and sends out a hello packet through all of its EIGRP-configured interfaces.
2. Routers receiving the hello packet on an interface (Router B in Figure 2-4) reply with update packets that contain all the routes they have in their routing table, except those learned through that interface(because of the split horizon rule). Router B sends an update packet to Router A, but a neighbor relationship is not established until Router B sends a hello packet to Router A. The update packet from Router B has the initial bit set, indicating that this is the initialization process. The update packet contains information about the routes that the neighbor (Router B) is aware of, including the metric that the neighbor is advertising for each destination.
3. After both routers have exchanged hellos and the neighbor adjacency is established, Router A replies to Router B with an ACK packet, indicating that it received the update information.
4. Router A inserts the update packet information in its topology table. The topology table includes all destinations advertised by neighboring (adjacent) routers. It is organized so that each destination is listed, along with all the neighbors that can get to the destination and their associated metrics.
5. Router A then sends an update packet to Router B.
6. Upon receiving the update packet, Router B sends an ACK packet to Router A. After Router A and Router B successfully receive the update packets from each other, they are ready to chose the successor (best) and FS (backup) routes in the topology table, and offer the successor routes to the routing table.

Neighborhip notes:

– If the EIGRP topology table has many entries that have an equal cost FD to a given destination network, all successors (up to four by default) for that destination network are installed in the routing table.

– If the EIGRP topology table has many entries that have an equal cost FD to a given destination network, all successors (up to four by default) for that destination network are installed in the routing table.

To qualify as an FS, a next-hop router must have an AD less than the FD of the current successor route for the particular network. This is known as the feasibility condition.

The cost to reach the next-time must be smaller than the cost of the successors to reach the desired network.

EIGRP Metric Calculation

DUAL selects routes based on the EIGRP composite metric. Five criteria are associated with the EIGRP composite metric, but EIGRP uses only two by default:

Bandwidth— The smallest (slowest) bandwidth between the source and destination
Delay— The cumulative interface delay along the path

The following criteria, although available, are not commonly used, because they typically result in frequent
recalculation of the topology table:

Reliability— The worst reliability between the source and destination, based on keepalives.
Loading— The worst load on a link between the source and destination based on the packet rate and
the interface’s configured bandwidth.
Maximum transmission unit (MTU)— The smallest MTU in the path. (MTU is included in the EIGRP update but is actually not used in the metric calculation.) EIGRP calculates the metric by adding together weighted values of different variables of the path to the network in question. The default constant weight values are K1 = K3 = 1, and K2 = K4 = K5 = 0.

– Mismatched K values can cause a neighbor to be reset

Planning EIGRP Routing Implementations

– When preparing to deploy EIGRP in a network, you first need to gather the requirements, determine the existing network state, and consider different deployment options.

Considerations for EIGRP include the following:
• IP addressing plan
• Network topology
• EIGRP traffic engineering

– Create the implementation plan

Information needed:

• The IP addresses to be configured on individual router interfaces.
• The EIGRP autonomous system number, used to enable EIGRP. The autonomous system number
must be the same on all the routers in the EIGRP domain.
• A list of routers on which EIGRP is to be enabled along with the connected networks that are to run
EIGRP and that need to be advertised (per individual router).
• Metrics that need to be applied to specific interfaces, for EIGRP traffic engineering. The required
metric and the interface where the metric needs to be applied should be specified.

Tasks:

– Enabling the EIGRP routing protocol
– Configuring the proper network statements
– Optionally configuring the metric to appropriate interfaces

Verification
tasks include the following:
• Verifying the EIGRP neighbor relationships
• Verifying that the EIGRP topology table is populated with the necessary information
• Verifying that IP routing table is populated with the necessary information
• Verifying that there is connectivity in the network between routers and to other devices
• Verifying that EIGRP behaves as expected in a case of a topology change, by testing link failure and
router failure events.

Configuring eigrp

interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0

interface Serial0/0/1
bandwidth 512
ip address 192.168.1.101 255.255.255.224

interface Serial0/0/1
ip address 172.16.5.1 255.255.255.0

router eigrp 110
network 172.16.1.0 0.0.0.255
network 192.168.1.0

Verifying

Show commands:

Neighborship
show ip eigrp neighbors
show ip eigrp neighbors details
Routes
show ip route
show ip route eigrp
show ip protocols
show ip eigrp interfaces
show ip eigrp topology
show ip eigrp traffic

Debug Commands

debug eigrp packets
debug ip eigrp
debug ip eigrp summary
debug eigrp neighbors

Tips :

Two routers must have identical K values for EIGRP to establish an adjacency. The show ip protocols command is helpful in determining the current K value settings before an adjacency is attempted.

Router ID

The EIGRP router ID is chosen as the highest IP address on an active interface on the router, unless loopback interfaces are configured, in which case it is the highest IP address assigned to a loopback interface. Alternatively, if the eigrp router-id ip-address router configuration command.

The metric
value (4,294,967,295) is the highest possible value for a 32-bit number—it indicates that the route is unreachable.

Passive interface

The passive-interface {type number} | default router configuration command prevents a routing protocol’s routing updates from being sent through the specified router interface. This command is used to set either a particular interface or all router interfaces to passive; use the default option to set all router interfaces to passive.

For EIGRP, the passive-interface command does the following:
• It prevents a neighbor relationship from being established over a passive interface.
• It stops routing updates from being processed or sent over passive interface.
• It allows a subnet on a passive interface to be announced in an EIGRP process.

Used in the ip default-network network-number global configuration command. A router configured with this command considers the network-number the last-resort gateway that it will announce to other routers with the exterior flag set.

– Use the show ip route command to view the routing table.

Summarization

EIGRP automatic summarization on the major network boundary can be turned on or off.
– EIGRP has added functionality to allow administrators to create one or more summary routes within a network on any bit boundary, on any router within the network,as long as a more specific route exists in the routing table. EIGRP has added functionality to allow administrators to create one or more summary routes within a network on any bit boundary, on any router within the network,as long as a more specific route exists in the routing table.

To turn off automatic summarization, use the no auto-summary router configuration command. Use the ip summary-address eigrp as-number address mask [admin-distance] interface configuration command to manually create a summary route at an arbitrary bit boundary.

– IP EIGRP summary routes are given an administrative distance value of 5.

Configuring and Verifying EIGRP in an Enterprise WAN

To emulate the LAN broadcast capability that is required by IP routing protocols (for example, to send EIGRP hello or update packets to all neighbors reachable over an IP subnet), the Cisco IOS implements pseudobroadcasting, in which the router creates a copy of the broadcast or multicast packet for each neighbor reachable through the WAN media, and sends it over the appropriate PVC for that neighbor.

Pseudo-broadcasting can be controlled with the broadcast option on static maps in a Frame Relay configuration. However, pseudo-broadcasting cannot be controlled for neighbors reachable through dynamic maps created via Frame Relay Inverse Address Resolution Protocol (ARP). Dynamic maps always allow pseudo-broadcasting. Dynamic maps always allow pseudo-broadcasting.

R1#show run
<output omitted>
interface Serial0/0
encapsulation frame-relay
ip address 192.168.1.101 255.255.255.0
frame-relay map ip 192.168.1.101 101
frame-relay map ip 192.168.1.102 102 broadcast
frame-relay map ip 192.168.1.103 103 broadcast

– Split horizon is disabled by default on Frame Relay physical interfaces.

Multipoint subinterfaces

are configured with the interface serial number.subinterface number multipoint command. For Frame Relay, the IP address-to-DLCI mapping on multipoint subinterfaces is done by either specifying the local DLCI value (using the frame-relay interface-dlci dlci command) and relying on Inverse ARP, or using manual IP address-to-DLCI mapping.

– Split horizon is enabled by default on Frame Relay multipoint subinterfaces.

– To disable use no ip split-horizon eigrp as-number command

Verify commands

show ip eigrp neighbors

EIGRP on Frame Relay Point-to-Point Subinterfaces

Point-to-point subinterfaces are created with the interface serial number.subinterface-number point-to-point
command. For Frame Relay, IP address-to-DLCI mapping on point-to-point subinterfaces is done by
specifying the local DLCI value, using the frame-relay interface-dlci dlci command

Configuration example:

interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.1 point-to-point
ip address 192.168.3.103 255.255.255.0
frame-relay interface-dlci 130
!
router eigrp 110
network 172.16.3.0 0.0.0.255
network 192.168.3.0

Verify

show ip eigrp
neighbors command can be used to verify the operation of the EIGRP routing protocol over the Frame Relay
point-to point subinterface.

MPLS

MPLS is an Internet Engineering Task Force (IETF) standard architecture that combines the advantages of
Layer 3 routing with the benefits of Layer 2 switching.
With MPLS, short fixed-length labels are assigned to each packet at the edge of the network. Rather than
examining the IP packet header information, MPLS nodes use this label to determine how to process the
data.

This process results in a more scalable and flexible WAN solution. The MPLS standards evolved from the
efforts of many companies, including Cisco’s tag-switching technology.
MPLS enables scalable VPNs, end-to-end quality of service (QoS), and other IP services that allow efficient
utilization of existing networks with simpler configuration, management, and quicker fault correction.
MPLS Operation
MPLS is a connection-oriented technology whose operation is based on a label attached to each packet as it
enters the MPLS network. A label identifies a flow of packets (for example, voice traffic between two nodes),
also called a forwarding equivalence class (FEC). An FEC is a grouping of packets. Packets belonging to the
same FEC receive the same treatment in the network. The FEC can be determined by various parameters,
including source or destination IP address or port numbers, IP protocol, IP precedence, or Layer 2 circuit
identifier. Therefore, the FEC can define the flow’s QoS requirements. In addition, appropriate queuing and
discard policies can be applied for FECs.
The MPLS network nodes, called label-switched routers (LSRs), use the label to determine the next hop for
the packet. The LSRs do not need to examine the packet’s IP header; rather, they forward it based on the
label.
After a path has been established, packets destined to the same endpoint with the same requirements can be
forwarded based on these labels without a routing decision at every hop. Labels usually correspond to Layer
3 destination prefixes, which makes MPLS equivalent to destination-based routing.
A label-switched path (LSP) must be defined for each FEC before packets can be sent. It is important to note
that labels are locally significant to each MPLS node only. Therefore, the nodes must communicate what label
to use for each FEC. One of two protocols is used for this communication: the Label Distribution Protocol or
an enhanced version of the Resource Reservation Protocol. An interior routing protocol, such as OSPF or
EIGRP is also used within the MPLS network to exchange routing information.
A unique feature of MPLS is its capability to perform label stacking, in which multiple labels can be carried in
a packet. The top label, which is the last one in, is always processed first. Label stacking enables multiple
LSPs to be aggregated, thereby creating tunnels through multiple levels of an MPLS network.

The Layer 2 MPLS VPN provides a Layer 2 service across the backbone, where Routers R1 and R2 are
connected together on the same IP subnet.Figure 2-28 represents connectivity through the backbone as a
Layer 2 switch.
The Layer 3 MPLS VPN provides a Layer 3 service across the backbone, where Routers R1 and R2 are
connected to ISP edge routers. On each side, a separate IP subnet is used. Figure 2-28 represents
connectivity through the backbone as a router.

EIGRP Equal-Cost Load Balancing
Equal-cost load balancing is a router’s capability to distribute traffic over all the routers that have the same
metric for the destination address. All IP routing protocols on Cisco routers can perform equal-cost load
balancing.

Load balancing increases the utilization of network segments, thus increasing effective network bandwidth.
By default, the Cisco IOS balances between a maximum of four equal-cost paths for IP. Using
the maximum-paths maximum-path router configuration command, you can request that up to 16 equally
good routes be kept in the routing table. Set the maximum-path parameter to 1 to disable load balancing.

Note
Load balancing is performed only on traffic that passes through the router, not traffic generated by the
router.

EIGRP Unequal-Cost Load Balancing
EIGRP can also balance traffic across multiple routes that have different metrics—this is called unequal-cost load balancing. The degree to which EIGRP performs load balancing is controlled by the variance multiplier router configuration command. The multiplier is a variance value, between 1 and 128, used for load balancing. The default is 1, which means equal-cost load balancing. The multiplier defines the range of metric values that are accepted for load balancing. Setting a variance value greater than 1 allows EIGRP to install multiple loopfree routes with unequal cost in the routing table. EIGRP will always install successors (the best routes) in the routing table. The variance allows feasible successors to also be installed in the routing table.

EIGRP Link Utilization
By default, EIGRP uses up to 50 percent of the bandwidth declared on an interface or subinterface. EIGRP uses the bandwidth of the link set by the bandwidth command, or the link’s default bandwidth if none is configured, when calculating how much bandwidth to use.

Configuration template:

Router(config)#interface serial0/0/0
Router(config-if)#bandwidth 20
Router(config-if)#ip bandwidth-percent eigrp 1 200

The Cisco IOS assumes that point-to-point Frame Relay subinterfaces are operating at the default speed of the interface. In many implementations, however, only fractional speeds (such as a fractional T1) are available. Therefore, when configuring these subinterfaces, set the bandwidth to match the contracted CIR.

Configuring and Verifying EIGRP Authentication

By default, no authentication is used for routing protocol packets. Without neighbor authentication,
unauthorized or deliberately malicious routing updates could compromise the security of network traffic.

Routers use two types of authentication:
• Simple password authentication (also called plain-text authentication)— Supported by
Integrated System-Integrated System (IS-IS) Protocol, OSPF, and Routing Information Protocol
Version 2 (RIPv2)
• MD5 authentication— Supported by OSPF, RIPv2, BGP, and EIGRP

At a high level, configuring EIGRP MD5 authentication requires the following steps:
Step 1. Configure the authentication mode for EIGRP.
Step 2. Configure the key chain.
Step 3. Optionally configure the keys’ lifetime parameters.
Step 4. Enable authentication to use the keys in the key chain.

Configuration

Step 1. Enter configuration mode for the interface on which you want to enable authentication.

Step 2. Specify MD5 authentication for EIGRP packets using the ip authentication mode eigrp autonomous-system md5 interface configuration command. The autonomous-system is the EIGRP autonomous system number in which authentication is to be used.

Step 3. Enter the key-chain configuration mode for the key chain (that you will later configure on the
interface) using the key chain name-of-chain global configuration command.

Step 4. Identify a key ID to use and enter configuration mode for that key (the key-chain-key configuration mode) using the key key-id key-chain configuration command. The key-id is the ID number of an authentication key on a key chain. The range of keys is from 0 to 2147483647. The key ID numbers need not be consecutive.

Step 5. Identify the key string (the password) for this key using the key-string key key-chain-key configuration command. The key is the authentication key-string that is to be used to authenticate sent and received EIGRP packets. The key string can contain from 1 to 80 uppercase and lowercase alphanumeric characters, except that the first character cannot be a number. The key string for a given key ID must be the same on neighboring routers and is case sensitive.

Step 6. Optionally specify the time period during which this key will be accepted for use on received packets using the accept-lifetime start-time{infinite | end-time | duration seconds} key-chain-key configuration command. Table 2-9 describes the parameters for this command.

Step 7. Optionally specify the time period during which this key can be used for sending packets using the send-lifetime start-time {infinite |end-time | duration seconds} key-chain-key configuration.

Step 8. Enable the authentication of EIGRP packets with a key specified in a key chain by using the ip authentication key-chain eigrp autonomous-system name-of-chain interface configuration command. The autonomous-system parameter specifies the EIGRP autonomous system number in which authentication is to be used. The name-of-chain parameter specifies the name of the configured key chain from which a key is to be obtained for this interface.

If the service password-encryption command is not used when implementing EIGRP authentication, the key string will be stored as plain text in the router configuration.

Configuration authentication:

R1#show running-config
<output omitted>
key chain R1chain
key 1
key-string firstkey
accept-lifetime 04:00:00 Jan 1 2009 infinite
send-lifetime 04:00:00 Jan 1 2009 04:00:00 Jan 31 2009
key 2
key-string secondkey
accept-lifetime 04:00:00 Jan 25 2009 infinite
send-lifetime 04:00:00 Jan 25 2009 infinite
<output omitted>
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
!
interface Serial0/0/1
bandwidth 64
ip address 192.168.1.101 255.255.255.224
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 R1chain
!
router eigrp 100
network 172.16.1.0 0.0.0.255
network 192.168.1.0
auto-summary
EIGRP

EIGRP MD5 Authentication Verification

show ip eigrp neighbors and show ip route commands

show key chain

show ip eigrp interface detail

Troubleshooting MD5 Authentication

debug eigrp packets authentication messages

Stuck-in-Active Connections in EIGRP
Because of the reliable multicast approach used by EIGRP when searching for an alternative to a lost route, it is imperative that a reply be received for each query generated in the network. In other words, when a route goes active and queries are initiated, the only way this route can come out of the active state and transition to passive state is by receiving a reply for every generated query. If the router does not receive a reply to all the outstanding queries within 3 minutes (the default time), theroute goes to the SIA state.
Note
You can change the active-state time limit from its default of 3 minutes using the timers active-time [timelimit | disabled] router configuration command. The time-limit is in minutes.

Limiting the EIGRP Query Range

• Configure route summarization using the ip summary-address eigrp command on the outbound
interfaces of the appropriate routers.
• Configure the remote routers as stub EIGRP routers.

Articles

Network Basics – Cisco Discovery Protocol (CDP)

In Network Basics on April 30, 2011 by carlosfvc Tagged:

Cisco Discovery Protocol (CDP) to carry network information

between spoke (stub) routers and the hub router. ODR provides IP routing information with minimal
overhead compared to a dynamic routing protocol and requires less manual configuration than static routes.

When ODR is configured, the stub routers use CDP to send IP prefix information to the hub router. Stub
routers send prefix information for all their directly connected networks. ODR reports the subnet mask, so it
allows different subnets within the same major network to have different subnet masks. This is known as
variable-length subnet masking (VLSM)
The hub router, in turn, sends a default route to the spokes that points back to itself. It installs the stub
networks reported by ODR in its routing table and can be configured to redistribute these routes into a
dynamic routing protocol. For a next-hop address, the hub router uses the IP address of the spoke router as reported to it by CDP.

CDP uses Subnetwork Access Protocol (SNAP)
CDP updates are sent every 60 seconds by default

Configuring ODR
ODR is configured on the hub router using the router odr global configuration command.On the stub router, there must be no IP routing protocol configured.

cdp timer global configuration command.

verify CDP settings by using the show cdp interface command.

Articles

Video 22: BGP Tuning Attributes

In BGP on April 27, 2011 by carlosfvc

What are BGP Attributes?

– The BGP metric is not simple
– Attributes are ways that you can ‘tag’ incoming or outgoing BGP routes

– Some attributes are <well-known> (everyone supports) while others are optinal

– Some attributes are manditory (must be in the update) while others are discretionary

– Some attributes are transitive (travel from router to router) while others are non-transitive)

Understanding the BGP Attribute Lineup

– Well known attributes:

Autonomous system path (as-path – mandatory)
Next hop address (mandatory)
Origin (Mandatory)
Local preference( discretionary)
Atomic aggegate (discretionary)

– Optional Attributes

Aggregator
Multi-exit discriminator (MED/METRIC)

How BGP Finds the best path

0. Ignore routes with an inaccessible next hop address

1. Prefer the path with the highest WEIGHT

2. Prefer the path with the highest LOCAL_PREF.

3. Prefer the path that was locally originated via a network

4. Prefer the path with the shortest AS_PATH.

5. Prefer the path with the lowest origin type.

6. Prefer the path with the lowest multi-exit discriminator (MED).

7. Prefer eBGP over iBGP paths.

8. Prefer the path with the lowest IGP metric to the BGP next hop.

9. Determine if multiple paths require installation in the routing table for BGP Multipath.

10. When both paths are external, prefer the path that was received first (the oldest one).

11. Prefer the route that comes from the BGP router with the lowest router ID.

12. If the originator or router ID is the same for multiple paths, prefer the path with the minimum cluster list length.

13. Prefer the path that comes from the lowest neighbor address.
Tuning BGP Attributes

Weight
As-Path
Next hop address
Origin
Local Preference
Metric

Router 1

Verify sh ip bgp sum
sh ip bgp

Articles

Video 21: Implementation and Tuning, Part 2

In BGP on April 27, 2011 by carlosfvc

BGP Neighbor Configuration

– Two ways to get netwroks into BGP:

Network command
Redistribution

– BGP Synchronization
Do not use or adverstise a route learned Via IBGP until the smae route has been learned from the internal routing protocol

config t
router bgp 5500
no synchronization

BGP next-hop processing

For EBGp peers: Change next hop address on advertised routes

For IBGP peers: Do not change next hop address on adverstised routes

————————
Router 1
————————

show ip bgp

config t
router bgp 5500
no synchronization

————————
Router 4
————————

BGP next-hop processing – Changes how routes are being adverstised as being next hoop for R1

router bgp 5500
neighbor 1.1.1.1 next-hop-self

————————
Router 5
———————–

– Advertising routes (Network Command)

config t
router bgp 6500
network 50.1.1.0 mask 255.255.255.0

– Adverstising routes (Redistibution)

access-list 50 deny 200.1.5.0
access-list 50 deny 200.1.6.0
access-list 50 permit any

route-map FILTER
match ip address 50

router bgp 6500
redistribute connected route-map FILTER
no auto-summary

Articles

Video 20: BGP : Implementation and Tuning Part 1

In BGP on April 27, 2011 by carlosfvc Tagged:

Understanding IBGP Vs EBGP

IBGP – Internal AS – Autonomous System
EBGP – External AS – Autonomous System

-BGP can establish relationship to no neighbors

BGP Neighbor Configuration

————————–
Router 1 -IBGP
————————–
config t
int lo 1
ip address 1.1.1.1 255.255.255.255

router ospf 1
netwrok 1.1.1.1 0.0.0.0 area 0

router bgp 5500
neighbor 4.4.4.4 remote-as 5500
neighbor 4.4.4.4 update-source loopback 1

————————–
Router 4 -IBGP
————————–

– EBGP peering with Router 5
config t
router bgp 5500
neighbor 10.1.45.2 remote-as 6500
neighbor 5.5.5.5 ebgp-multihop 2 *

ip route 5.5.5.5 255.255.255.255 10.1.45.2

Verify
show ip bgp summary

– IBGP (use loopback)

config t
int lo 4
ip address 4.4.4.4 255.255.255.255

router ospf 1
netwrok 4.4.4.4 0.0.0.0 area 0

router bgp 5500
neighbor 1.1.1.1 remote-as 5500
neighbor 1.1.1.1 update-source loopback 4 (Important)

– Verify
show ip bgp summary – uptime
show ip bgp

————————–
Router 5 -EBGP –
————————–

inte lo 5
ip adress 5.5.5.5 255.255.255.255

config t
router bgp 6500
neighbor 10.1.45.1 remote-as 5500

Verify
show ip bgp summary

State/PfxRcd: Active (bad)

Articles

Video 19: BGP – The concepts (Part 1)

In BGP on April 26, 2011 by carlosfvc Tagged:

The Facts about BGP

BGP runs on top of TCP (port 179)
TCP used for reliability
Updates (of course) are incremental and triggered
Metric is the biggest you have ever seen
Slowest routing protocol on the planet to converge

Styles of BGP implementations

Default route only
Partial Updates
Full Updates

BGP Routing Algorithms

– BGP is technically a distance vector protocl, but most call it a path vector protocol

– Without tuning, BGP behaves just like RIP

BGP Packets and tables

Packets

Open:  Starts the session

Keepalive:  making sure it is alive

Update: Network reachability exchanges

Notification:  Something bad has happneded; close session

Tables:

– Neighbor table: Connected BGP friends
– BGP table: A list of all BGP routes
– Routing table: A list of the best routes