EdoorcaStudy Guide for the 2014 Cisco CCDE Written Exam V2.0 Author: Brad Ellis Coauthor: Rahim Raoufi Copyright® 2014 Network Leaming, Inc. Published by: Network Learning, Inc. (Cisco Premier Partner) 375 N Stephanie Building 21 Henderson, NV 89014 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, ‘except for the inclusion of brief quotations in a review. Printed in the United States of America First printing January 2014 Warning and Disclaimer This book is designed to provide information the Cisco CCDE written exam. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. ‘The information is provided on an “as is" basis. The authors, editors, and Network Learning, Inc., shall have neither liabilty nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it ‘The opinions expressed in this book belong to the author and are not necessarily those of Network Learning, Inc. ‘Trademark Acknowledgements Al terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Network Leaming, Inc. cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.Feedback Information ‘At Network Learning, Inc, our goal is to create advanced technical material of the highest quality and value, Each book is authored with attention to detail, undergoing strenuous development that involves input from a variety of technical experts. Readers’ feedback is a natural part of this process. If you have any comments regarding how we could improve the quality of our materials, or otherwise change it to better suit your needs, you can contact us through e-mail at sales@ccbootcamp.com. Please make sure to include the book title in your message. Also, feel free to visit our website: woinw. ccbootcamp,com for information on many more great productst ‘Thank you for your inputAbout the contributors: Author — Brad Ellis Brad Ellis (CCIE #5796, CCSI #30482, CSS1, CCDP, CCNP, MCNE, MCSE) works as a network engineer and is CEO of Network Learning, Inc. He has been dedicated to the networking industry for over 12 years. Brad has worked on large scale security assessments and infrastructure projects. He is currently focusing his efforts in the security and voice fields. Brad is a dual CCIE (R&S / Security) #5796. Coauthor — Rahim Raoufi CCIE #8918 (R&S / Security), Cisco360 Instructor, CCS! #30151, Cisco Data Center Networking Infrastructure Support Specialist, Cisco Data Center Networking Infrastructure Design Specialist, CCNP, CCSP, CCIP, CCVP, CCDA, CCNA, VMware VCP, EMCISA, McP) Rahim Raoufi is dual CCIE#8918 (Routing & Switching / Security) and has over 13 years of, technical training and consulting experience in the high tech industry working as a Senior Network Engineer, Consultant, and Instructor within Silicon Valley and nationwide. With a range of technical certifications, he has proven himself among the elite in the technical training industry. Rahim Raoufi is one of the pioneer leaders in Cisco CCIE Lab Exam training and also an author and creator of CCIE Routing & Switching curriculum published in 2002, with growing list of successful candidates that have passed the Cisco CCIE Written & Lab. ‘He has a diverse networking background adept in end-to-end network infrastructure design, solutions and implementation from both a technical and a business level in wide variety of network engineering roles.Table of Content in Brief: Chapter 1 IP Routing 152 Chapter 2 MPLS Fundamentals... Chapter 3 Tunneling 166 Chapter 4 QOS 205 Chapter 5 Security. 284 338 Chapter 6 Management ... Chapter 7 Data Center Overview 366 Sources. 402Table of Content Introduction Chapter 1 IP Routing Network Design. Route Aggregation Purpose of Route Aggregation 3 Scalability and Fault Isolation. 4 How to Aggregate. 4 Network Topology Abstraction and Layering.. Layers and Their Purpose 7 Core, Aggregation, Distribution and Access. 8 Routing Protecel Operatior Open Shortest Path First (OSPF) Summary. 10 osPF Other OSPF Features: 2 OSPF Trae Types: 2 OSPF Metrics 2 Passive OSPF Interface 13 OSPF Multicast Addresses. 1“ Default Routes. OSPF Flooding Reduction.. EIGRP. Types of EIGRP Successors. 29 Feasibility Condition 29Table of Contents (Continued) Attributes of EIGRP 29 EIGRP Tables. 30 Choosing routes. 30 Init Flag 32 EIGRP Stub Routing. 33 ‘Simple Hub and Spoke Network... 34 Route Summary... Auto-Summarization 35 Process ID for an Autonomous System. 35 ‘Show IP Route EIGRP. 36 ‘Show Ip Eigrp Topology 37 ‘Show Ip Eigrp Neighbor. 38 Isis... cLNs a NSAP Addresses... ISIS Adjacencies.... Route Leaking... IS-IS Network Types. 47 IP Addressing 49 Border Gateway Protocol (BGP. st Situations that may require BGP: 82 Interior Border Gateway Protocol (IBGP) 52 Exterior Border Gateway Protocol (EBGP) 82 BGP Attributes Weight Attribute...Table of Contents (Continued) Local Preference Atribute Mult-Exit Discriminator Attibute Origin Atribute AS_path Attribute. Next-Hop Attribute Community Attribute . Cluster-List.... Originator 1D BGP Neighbor Connectivity ‘Synchronization/Full Mesh Next-Hop-Self Command Private AS numbers. BGP Path Selection. ‘Scalability Problems with Internal BGP (IBGP) Peer Groups ... Confederations... Route Reflectors... Route Summary. BGP Clusters BGP Fast Peering Deactivation Route Filtering and Route hiding Designing Route Distribution Generic Routing and Addressing Concepts. Policy-Based Routing, Policy-Based Routing Benefits... 54 55 56 56 87 58 59 59 59 60 61 et 61 62 63 64 64 65 66Table of Contents (Continued) Data Forwarding Using Policy-Based Routing Tagging Network Traffic Applying Policy-Based Routing Policy Route Maps. Match Clauses Define the Criteria Set Clauses Define the Route .. ‘Source-Sensitive and Equal-Access Routing... IPv6 Basics. Unchanged characteristics of Addressing in IPv6. Zero Compression in IPv6 Addresses IPV6 Mixed Notation. IPv6 Address Prefix Length Representation IPv6 Address Types. Aggregatable Global Addresses. Site-Local Addresses (Also known as Unique) Link-Local Addresses IPV6 Multicast Addresses ... IP v6 Multicast Address Format. IPv6 Anycast Addresses, IPV6 neighbor discovery protocol Host-Router Discovery Funetions. Host-Host Communication Functions. Redirect Function. IPV6 ND Funetions Compared to Equivalent IPv4 Functions. Host-Router Discovery Functions Performed By Routers. 67 68 68 68 69 69 70 1 1 75 75 75 76 7 7 7 7 78 79 80 80 81 81 ar 82Table of Contents (Continued) Host-Router Discovery Functions Performed By Hosts Next-Hop Determination Address Resolution Duplicate Address Detection IPv6 Router Advertisement Message The RA messages are sent to the all-nodes multicast address... Prerequisites for Implementing First Hop Security in IPv6, Restrictions for Implementing First Hop Security in IPv RA Guard in Cisco IOS. Information About Implementing First Hop Security in IPv6 IPv6 First-Hop Security Binding Table... IPv6 Device Tracking. IPv6 Port-Based Access List Support IPv6 Global Policies. ‘Secure Neighbor Discovery in IPv6. IPV6 Tunneling IPV6 Manually Configured Tunnels. IPV6 over IPv4 GRE Tunnels. Automatic 6to4 Tunnels. ‘Automatic IPv4-Compatible IPv6 Tunnels... The Intra-Site Automatic Tunnel Addressing Protocol (/SATAP Tunnels) OSPFv3 vs. OSPFv2. LSA Types for IPV6. NBMA in OSPF for IPv6 Importing Addresses into OSPF for IPV6. 83 83 83 84 87 88 90 on 91 on 92 96 97 97 98 98 99 101 102 102Table of Contents (Continued) 18-18 Enhancements for IPV6 Coniiguring Single-Topology 1S-1S for IPv6 Single-Topology Prerequisites Single-Topology Restrictions. Configuring Mulitopology IS-IS for IPv6. RIP for IPV6.... Nonstop Forwarding for IPV6 RIP.. Filtring IPV6 RIP Routing Updates. Mutticast Listener Discovery Protocol for IPv6 Implementation Strategy for QoS for IPV6. Packet Classification in [Pv Policies and Class-Based Packet Marking in IPv6 Networks. Congestion Management in IPV6 Networks Congestion Avoidance for IPV8 Traffic Traffic Policing in IPv6 Environments... IPv4 Multicast Routing Concepts. Mutticast Concepts... Benefits of IP Multicast Muticast IGMP and CGMP Multicast Protocols Designated Querier. IOMP Versions 1, 2, and 3 Mutticast Forwarding and Distribution Trees Rendezvous Points (Auto-RP, BSR) Recommended Rendezvous Point Placement. vi 106 106 106 107 107 107 107 108 109 110 111 111 112 112 12 12 113 113 116 116 123 123 124Table of Contents (Continued) Group-RP Mapping Mechanism Comments on Auto-RP. Comments on Static RP Calculating a Muticast Address Protocol Independent Multicast (PIM) PIM Commands. Reverse Path Forwarding (RPF)... PIM and Distance Vector Mutticast Routing Protocol (OVMRP) PIM-SM Mechanies (Joining, Pruning PIM State, Mrouto table) PIM-DM. Bidirectional PIM (bidr-PIM) Designated Forwarder (DF) Election. Bidirectional Group Tree Building. Packet Forwarding Memory, Bandwidth, and CPU Requirements... Debugging bidir-PIM is easier than PIM-SM.... RP Tree Delivery for All Packets... Bidir-PIM Partial Upgrades Not Allowed. Bicli-PIM Network Redundancy Not Supported Bidi-PIM Nonbroadcast Multiaccess Mode Not Supported. Bidr-PIM Trafle Forwarding Restrictions Secure Mulicast. Group Member. Chapter 1 Questions. Chapter 1 Answers vil 125 125 126 127 128 129 129 129 130 131 132 134 135 135 136 137 137 137 137 137 137 139 142Table of Contents (Continued) Chapter 2 MPLS Fundamentals 152 Chapter 3 Tunneling 166 ‘Service Provider Layer 3 VPNS Summary. 171 Customer Provisioned VPNS. GRE Tunnels (Generic Routing Encapsulation) 2172 Advantages and Disadvantages of GRE 172 Configuring a GRE Tunnel 173 IPSec VPNs 173 Dynamic Multipoint IPSec VPNs 173 DMVPN Network Designs 174 DMVPN Phase 3 - Hierarchical Designs. 175 DMVPN Components 175 DMVPN Deployment Topologies... 175 ‘Single DMVPN Cloud Topology . 17 Dual DMVPN Hub-and-Spoke..... 17 About Group Encrypted Transport Virtual Private Networks (GETVPN). 180 Configuring L2TPv3. 196 Advantages and Disadvantages of L2TPv3 197 Advantages and Disadvantages of AToM. 198 Advantages and Disadvantages of VPLSIHPLS. 201 BGPIMPLS (RFC 4364) MPLS Layer 3 VPNs 202 Advantages and Disadvantages of MPLS VPNS.... 204 Chapter 4 QOS 205 Q08 and BPR 205 villTable of Contents (Continued) Measuring Jitter Delay and Packet Loss 206 Traffie Conditioning. 207 08 Overview. 210 Five Benefits for Implementing QoS in the Enterprise Networks 210 How a Converged Network Behaves Without QoS. 210 0S framework. 210 Call Admission Control Functionality... ant Integrated Services vs. Differentiated Services. an Configure QoS Policy using Modular QoS CL 213 Classification and Marking. 219 Purposes of Classification and Marking 219 Difference Between Classification and Marking 220 Class of Service, IP Precedence and DiffServ Code Points... Network Based Application Recognition (NBAR) 222 Classify and Mark Traffic. 1.223 Congestion Management Identify and Differentiate Between IOS Queuing Techniques... 226 Apply Each Queuing Technique to the Appropriate Application 229 IP RTP Priority and Low Latency Queuing (LLQ) Differences 230 Configure WFQ, CBWFQ, and LLQ 231 Congestion Avoidance. Explain How TCP Responds to Congestion. 234 Explain Tail Drop and Global Synchronization 234 Identity and Differentiate Botw. 1: RED, WRED, FRED. 235 Configure OS Congestion Avoidance Features... 236Table of Contents (Continued) 237 Link Efficiency Tools. The Need for Link Efficiency Tools. 237 Real Time Protocol Header Compression (CRTP). 239 Configure and Monitor Various LF! methods and CRTP. 240 Policing and Shaping 243, The Difference Between Policing and Shaping and How Each Relates to QoS..243, When to Apply and How to Configure Policing Mechanisms 243 Different Types of Traffic Shaping and How to Apply Them 244 Configure the Different Types of Traffic Shaping 245; First-In, First-Out (FIFO) 249 Weighted Fair Queuing (WFQ) 250 Class-Based Weighted Fair Queuing 250 Packet over SONETISDH (Po) and IP Precedence. 250 IP Precedence 251 Random Early Detection (RED). 252 Weighted Random Early Detection (WRED).... 253, Weighted Round-Robin (WRR)/Queue Scheduling... 253 Class of Service (CoS) 254 ‘Shaping vs, Policing 255 Traffic Shaping. 256 Committed Access Rate (CAR) 258 Network-Based Application Recognition (NBAR) 259 Configuring NBAR 260 Differentiated Services Code Point (DSCP) 261 Resource Reservation Protocol (RSVP)... 263Table of Contents (Continued) Load Balancing. 264 802.1x and QoS. 264 Syntax. 265 Custom Queuing (CQ). 266 Why Use cQ?. 267 Restrictions... 267 Configuring a Traffic Policy. 268 Attaching a Traffic Policy to an Interface 269 Configuring a Traffic Class with NBAR Example. 269 Tos Byte. 270 DiffServ Field 270 Differences Between Traffic-Shaping Mechanisms. 274 €Q and Extended Burst Capability. 275 Committed Access Rate (CAR) definition. 275 Analysis, 278 Connecting from Spoke to Spoke. 280 Chapter 4 Questions. 282 Chapter 4 Answers 283 Chapter 5 Security 284 Security Availability as a Design Process .. 284 Paul Baran Model 284 Compartmentalization 285 Network Viruaization 286 Path Isolation 287 008 Access 288 xiTable of Contents (Continued) Network Security Design and Address Identity.. 288 Understanding DHCP Snoopin; 288 Understanding Dynamic ARP Inspection. 291 Understanding IP Source Guard .. 293 Logging 295 ‘Authentication, Authorization and Accounting 303 AAA Overview. 303 Overview: AAA Secunty Services. 304 AAA Terminology. 305 Benefits of Using AAA so. 806 ‘AAA Configuration Process - Overview. 306 AAA Request for Comments (RFCs) 307 Remote Authentication Dial-In User Service (RADIUS)... 307 Introduction 307 Background Information 307 Authentication and Authorization 308 Accounting. 310 Radius Packet Format 310 Radius Packet Types... 31 Radius Files. 312 Radius Attributes . 318 RADIUS Configuration Task List 314 AAA and RADIUS 10S Configuration 318 Named Method Liss for Authorization 316 Terminal Access Controller Access Control System plus (TACACS+) 317 Introduction 317 xiiTable of Contents (Continued) TACACS+ Packet Format. 317 TACACS+ Encryption 320 TACACS+ Authentication 320 TACACS+ Authentication Example Sequence 321 TACACS+ Authorization 322 TACACS+ Accounting... 1.323 RADIUS and TACACS+ Compared... 324 Implementing Security Mechanisms to Protect the Data Plane. 325 Securing the Data Plane, 325 Unicast Reverse Path Forwarding. 325 Implementing Unicast RPF. 326 Security Incident Preparation and Response Strategies on a Network. 328 Backscatter Traceback. 328 Traffic Scrubbing, 328 Sink holes... 328 Remotely-Triggered Black Holes. 329 Source-Based Remotely Triggered Black Hole Filtering... 332 Deploying RTBH. 333 RTBH Drop Placement. 333 335, 337 Chapter 5 Questions. Chapter 5 Answers Chapter 6 Management .. 338 Network Management and Access Mechanisms. 338 Implementing Out of Band Access 338 Network Management Protocols. 339 xiiTable of Contents (Continued) Active vs Passive Monitoring. 339 SNMP Versions 340 SNMPV1 Operations. 341 ‘SNMPY2 additional Operations (also has SNMPV1 Ops). 341 ‘SNMPV3, 342 SNMP Communities. 342 ‘SNMP Traps and Notifications ..... 343 ‘comp. 343 TN. 344 Network Management Tools and Their Uses 346 Generic On-Line Diagnostics (GOLD) 346 Tools for Event Management 347 Syslog: 347 RMON. 348 NetFiow.. 351 NetFlow Flows: 352 NetFlow Cache 353 NetFlow Export Versions 353 NetFlow Version 9 Export Packet. 384 Netflow Management Applications 355 Netflow Infrastructure. 355 Netflow Collectors. 356 Configuration Tools and Best Practices 356 Software Version Control and Management... 358 IP Addressing Standards and Management 359Table of Contents (Continued) Configuration Upgrade Procedures 360 Solution Templates. 360 Maintain Documentation 361 Current Device, Link, and End-User Inventory. 361 Chapter 6 Questions. 363 Chapter 6 Answers 365 Chapter 7 Data Center Overview 366 Data Center Architecture Overview 366 Data Center Design Models 368 Multi-Tier Model 368 Server Cluster Mode! 370 HPC Cluster Types and Interconnects 371 Logical Overview ... 373 Physical Overview 374 Data Center Design Considerations .. 376 Factors that Influence Scalabi 376 Server Clustering 379 NIC Teaming 382 383 384 Top of Rack Switching 385, Blade Servers 388 Importance of Team Planning .. 389 Fibre Channel over Ethernet Storage Networking Evolu! 389 Need for Unified 1/0... 390 FCoE Protocol. 395, Chapter 7 Questions. 395 396 Pervasive 10% Server Consolidation. Chapter 7 Answers 402 xvIntroduction ‘The CCDE Assesses advanced Network Infrastructure Design Principles and Fundamentals. for large networks. ACCDE can demonstrate an ability to develop solutions which address planning, design, integration, optimization, operations, security and ongoing support focused at the infrastructure level for customer networks. This guide is intended to aid candidates studying for the qualification exam. The qualification ‘exam is a two hour, multiple choice test with 100-105 questions covering IP Routing, Tunneling, QOS, Security and Management. ‘There are no prerequisites for the CCDE qualification however itis recommended that candidates already own an extensive amount of knowledge, and be certified as a CCDP. Good luck in your taskChapter 1 IP Routing Network Design ‘The three fundamental goals of network design are *:- + The network must be reliable. ‘+ The network must be manageable. ‘+ The network must be scalable. Reliability: Reliability is the ability of a network to deliver packets with consistent travel times; availability is a major factor of reliability. Major changes in the topology should not impact network performance. Manageability: Manageability is the abilty to quickly correct problems within a network, Your network devices must be able to be remotely manageable and monitored. Scalability: Scalability is the ably for the network to grow without making drastic changes. New additions to the network should be able to be “bolted in’ without undue impact to the existing infrastructure, Redundancy Redundancy Key Points ‘+ _ Intelligent redundancy is a key component in making a network reliable and available. ‘+ Building too much redundancy into a network makes the network difficult to manage, scale, and can become cost prohibitive. Redundant network designs let you meet requirements of network availabilty by duplicating ‘elements in a network? As a rule, single points of failure within a network are undesirable. A single point of failure within a network makes it far less resi i and increases the likelihood of downtime.In the above example, the single point of failure between R1 and R2 places the network at risk because if either R1, or R2, or the media between them fails, a resulting loss of connectivity will occur, ‘There is the thought that ‘too much redundancy is never enough". While intelligent redundancy increases reliability and resiliency, too much makes the network unmanageable and reduces scalability. The greater the levels of redundancy the slower a network will converge. Using EIGRP with a single backup path, it will take approximately 1.3 seconds for ‘a router with 10000 routes to converge when the best path fails. Adding a third path increases convergence time to 2 seconds, while adding the fourth path increases convergence time to 2.25 seconds. In a voice network, 2.25 seconds is probably unacceptable.In the above example, redundancy has been taken too far. This will negatively impact the network convergence time upon link failure. Also, itis not scalable as each router will require muttple links to be purchased. ‘The above network violates the following network design principles: © Itis not modular. [tis not scalable, ‘* Complexity is not separated from complexity making troubleshooting very difficult. Route Aggregation Purpose of Route Aggregation Classless Inter-Domain Routing (CIDR) and Variable Length Subnet Masking (VLSM) are sed to consolidate addresses with identical high-order bits to reduce the size of the routing table.What's the difference between CIDR and VLSM? The simple answer is that CIDR tends to be associated with extemal protocols like BGP, while VLSM is used with internal protocols, like OSPF. In practice, you wil often find the two terms used interchangeably. Here are some clues as to how these two standards are commonly used: ‘+ CIDRis often called super-netting and is referred to as route aggregation using "super- net networks" to reduce the number of entries in the global routing table. In most cases this will be associated with BGP. + VLSM is usually referred to in connection with route summarization, subnet" to create more subnet prefixes. In most cases, this will be associated with OSPF and other Interior Gateway Protocols (IGPs) sub-netting a Both of these standards reduce the size of routing tables by creating aggregate rautes, minimizing the significance of network classes and supporting the advertising of IP prefixes Remember that CIDR is primarily used by BGP. Scalability and Fault Isolation ‘Summarization is used to improve routing overhead and improve the stably and scalability of routing, The use of summarization to reduce the size of the routing table helps keep topology changes within a specific area. Network stabilly is enhanced because a smaller routing-table size means less bandwidth is required during routing table updates. ‘Summarization also reduces the demands placed on a router's CPU and memory as the router is recalculating the best path based on a smaller routing table, Route aggregation on border routers between contiguously addressed areas improves control over routing table growth. In the event of a link failure, routing updates are not propagated to the rest of the network, but stay in the area. This reduces routing overhead ‘and bandwidth consumption as well as reliving routers from unneeded routing table recalculation How to Aggregate Where summarization is not applied, each router in a network must retain a route to every subnet in the network. This means as the network grows; the routing table becomes larger and larger. Routers that have had their routes summarized can combine some sels of routesto a single advertisement, which reduces the load on the router and simplifies the network design, For instance, let's consider a router that has several interfaces that have the following IP addresses: + Interface 80 - 172.16.215.0/24 + Interface s1 - 172.16.126.0/24 + Interface s2 - 172.16.227.0/24 + Interface 83 - 172.16.218.0/24 + Interface s4 - 172.16.219.0/24 + Interface 86 - 172.16,129.0/24 + Interface s6 - 172.16.119.0/24 + Interface s7 - 172.16.117.0/24 Provided this address sequence was not used elsewhere on the network, an upstream neighbor could summarize these addresses as 172.16.0.0/16 and have only a single route in its table, For another example, consider that you had a router with interfaces configured as follows: + Interface 80 -172,108.168.0124 + Interface 81 - 172.108. 169.0124 + Intorface 82 -172,108.170.0124 + Interface 83 -172.108.171.0124 + Interface 84 - 172.108.172.0/24 # Interface s5 - 172,108.173.0/24 The entire range of subnets could be summarized, as 172.108.168.0/21 and an upstream neighbor would only have to maintain a single route in its table. Let's take one more example, but this time review the actual bits involved: a. 172.16.25.0/24 b. 172.16.26.0/24First let's translate the decimal values of the IP addresses to binary: Now let's compare and determine which the least significant digit is where the numbers 172.16.27.0124 172.16.28.0/24 172.16.29.0124 172.16.30.0/24 4g. 10101100.00010000.0001 1001.00000000 hh. 10101100.00010000.00011010.00000000 i. 10101100.00010000.00011011.00000000 j. 10101100,00010000.00011100.00000000 k. 10101100,00010000,00011101,00000000 1. 10101100.00010000.00011110.00000000 remain identical: ‘You have just discovered the summary address and subnet: 172.16.24.0/21 10101100,00010000.00011 10101100.00010000.00011 410101100,00010000.00011 410101100.00010000.00011 410101100,00010000.00011 10101100,00010000.00011 > 2p 038 001,00000000 010.00000000 011.00000000 100.00000000 101.00000000 110.00000000 ‘Some important reasons to take advantage of summarization: The larger the routing table, the more memory is required because every entry takes up some of the available memory. ‘The routing decision process may take longer to complete as the number of entries in the table are increased. ‘An added benefit of reducing the IP routing table size, is that it requires less bandwidth and time to advertise the network to remote locations; thereby increasing network. performance,For large networks, the reduction in route propagation and routing information overhead can be significant. Route summarization must be taken into account when initially designing the network or it could make it extremely difficult to implement if deployed later. ‘Some routing protocols, such as EIGRP, summarize automatically. Other routing protocols, such as OSPF, require manual configuration to support route summarization. Arouting protocol can summarize on a bit boundary only if it supports variable-length subnet ‘masks (VLSMs). When redistributing routes from a routing protocol that supports VLSM (such as EIGRP or OSPF) into a routing protocol that does not (such as RIPV1 or IGRP), you might lose some routing information, Most specific network match is used first for a router running multiple protocols to learn how to reach a destination network/host. ‘Some important requirements exist for route summarization: ‘+ Multiple IP addresses must share the same high-order bits. Since the summarization takes place on the low-order bits, the high-order bits must have commonality. + Routing tables and protocols must use classless addressing to make their routing decisions; in other words, they are not restricted by the Class A, B and C designations to indicate the boundaries for networks. * Routing protocols must carry the prefix length (subnet mask) with the IP address. Network Topology Abstraction and Lay. Layers and Their Purpose ‘The hierarchical network model breaks networks down into different modules, making it ‘easier to design and build a scalable network. Using a hierarchical design simplifies the process of making changes. Modularity in network design allows you to create design elements that can be reused as the network grows. AS‘each element in the network design requires modification, the cost and complexity of making the upgrade is constrained to a small subset of the overall network. In large flat or meshed network architectures, changes tend to impact a large number of systems. Improved fault isolation is also facilitated by modular structuring of the network into ‘smaller, easier defined sections. Network managers and engineers can then easily understand the transition points between the network layers, which help to identify points of failure. Core, Aggregation, Distribution and Access Ceol HSS LL) Distribution Wey Lado erucadU Local and Remote Workgroup Access The hierarchical model divides networks into three logical groupings: 1. Access Layer 2. Distribution layer3, Core Layer (sometimes referred to as the backbone} Access Layer: The access layer is the entry point into the network for end user devices. ‘The access layer consists of workstations, IP Phones, and also servers. These devices allow workgroups and users access to the services provided by the Distribution and Core layers. Access Layer devices must also provide connectivity without compromising network integrity. The key functions of the access layer can be summarized as: * Controls and authenticates local end user access to network resources. + Sometimes called desktop layer. + Classifies traffic ‘+ Supports Multicast and Voice traffic Distribution Layer: Distribution Layer Devices control access to the core and enforce Q08 and security policies. The key functions of the Distribution layer can be summarized as: * Determines the fastest path to the core. + The enforcement of security and network policies such as address translation and fre walling + Re-distibulion between routing protocols including static routing + Routing between VLANs. + IP routing funetions such as redistribution, summarization and default gateways + Definition of broadcast and multicast domains + Implementation of QOS and Security Policies. ‘The distribution layer uses a combination of Layer 2 and multilayer switching to segment and isolate network problems. The segmentation of the network prevents problems from spreading from the distribution to the core. Core layer: The Core is sometimes referred to as the backbone and is center point for the other layers in the Cisco Enterprise Campus model. Devices in the Core provide rapid connectivity within the network. Core Layer devices are required to provide fault10 tolerance to provide maximum availabilty and reliability. Typically the core is concerned with moving large amounts of data as quickly as possible without regard to QOS and security policies. The Core, Distribution, and Access layers do not have to exist as separate physical devices. The layers are defined as a guide to network design and they represent functions that should be present in the network. The representation of each layer can be in distinct routers or switches or they can be represented by a physical media, combined into a single device, or can be omitted altogether. The way the layers are implemented totally depends on what is trying to be achieved, However, for optimal design, the three layers should be functionally present. Routing Protocol Oper: Open Shortest Path First (OSPF) Summary ‘osPF OSPF Short Path First Protocol Type Link State, Interior Gateway Protocol Scalability Scales well, however the general limitation is two hundred routers per area, Classless / Classful Classless ‘Authentication Updates Yes Metrics ‘Assigns each interface a cost derived from th interface bandwidth. By default the cost is 10° divided by the bandwidth Complexity OSPF is a moderately complex routing protocol with a steeper learning curve than EIGRP. Convergence Times COSFP supports sub second hellos and BFD, making {or very fast convergence. ‘OSPF Key Points ‘Trafic between two non-backbone areas cannot transit a third non-backbone area, It must transit via areao Intra area routes are preferred over Inter area (0 over, OMut Inter area routes are preferred over External Routes (0/0 IA over 0 E2/0 E1 ) External type 1 routes are preferred over External type 2. (O Et over £2) When to use. OSPF scales well and supports MPLS TE extensions and is therefore popular with Service Providers. Importantly for mult Vendor environment OSPF is an IETF standard. OSPF supports the fast convergence times required to ‘support Voice networks.osPF 12 OSPF is a Link State routing protocol that uses Dijkstra or Shortest Path First (SPF) algorithm. OSPF is an open standard (following RFC 1253) and is often used in multi-vendor environments, Several of OSPF's advantages include fast convergence, classless routing, VLSM support, authentication support, support for much larger inter-networks, the use of areas to minimize routing protocol traffic, and a hierarchical design Other OSPF Features: + Equal cost load balancing (up to 16 maximum path but by default 4) ‘+ Mutticast routing updates or unicast + Route tagging for tagging of external routing information when redistributing route into OSPF domain + Classless behavior, which allows the use of discontinuous networks + OSPF uses IP protocol #89 OSPF Traffic Types: + Intra-area (0)—Traffic passed between routers within a single area. * Inter-area (0 1A)—Tratfic passed between routers in different areas. + External (0 E2 and 0 1 or 0 N2 and 0 N1)—Traffic passed between an OSPF router and a router in another autonomous system. OSPF Metrics Every routing protocol has metric used to prefer one route over the other. For OSPF, the metric that is used is cost. With OSPF, the cost is a number that is inversely proportional to the bandwidth of the link. In other words, the higher the cost, the LESS the link is preferred. The lower the cost, the MORE the link is preferred. By default, OSPF load balances on up to four equal cost paths.13 ‘The formula that OSPF uses to calculate the cost of a link is Cost = 100,000,000 / bandwidth of the link or Cost = 10° bandwidth of the link For example, a 10Mb 10Base-T Ethemet link’s cost would be calculated as: Cost = 100,000,000 / 10,000,000 or Cost = 10°/ 107 = 10 With this formula, the cost of a 64k Frame Relay link would be 1562 and the default cost of a T-1 would be 64. ‘So you may be asking, ‘what about a 100Mb Ethernet link or a Gigabit Ethernet link?° The cost of a 100Mb Ethernet link, or faster, when calculated with this formula, ends up being just 4. Note that the bandwidth of 10° is the same as the bandwidth of 100Mb Ethernet, or 100,000,000, This value is the default “reference bandwidth’, This can be changes, thus ‘causing all OSPF cost values to be changed on that router, with auto-cost reference- bandwidth command under the OSPF process. To manually change the cost of a link, you would use the following command on the interface that you wish to change ip ospf cost (new cost) OSPF prefers Intra Area Path over Inter Area Paths. Passive OSPF Interface With a passive-interface no hello packets are sent and therefore an adjacency will never ‘occur with this interface,14 OSPF Multicast Addresses + 224.0.0.5 is the allOSPF routers multicast address ‘+ 224.0.0.6 is the Designated Routers (DR) multicast address and you will only see it with network-type Broadcast. Default Routes ‘An OSPF router will need a default route itself before injecting a default route into an area, Unless the keyword always is used in the configuration. For example, default-information originate always command under the OSPF process OSPF Network-Types - Broadcast = DR and BDR, hello 10 seconds and dead interval 40 seconds (4 x hello), DR. with highest priority and tie breaker (Highest Router-1D) is highest IP address Logical over physical. Part of Cisco - Point-to-point = No DR or BDR, hello 10 seconds and dead-interval 40 seconds (4 x hello), media-type NBMA sub-interface point-to-point and encapsulation PPP or HDLC. Part of Cisco - Non-Broadcast = DR and BDR, hello 30 seconds and dead interval 120 seconds (4 x hello), DR with highest priority and tie breaker (Highest Router-1D) is highest IP address Logical over physical, media-type NBMA physical or sub-interface mubipoint. Explicit neighbor statements are required for adjacency to form. Part of RFC - Point-to-Muttipoint = No DR or BDR, hello 30 seconds and dead interval 120 seconds (4 x hello), no media-type by default. Part of RFC - Point-to-Muttipoint Non-Broadcast = No DR or BDR, hello 30 seconds and dead interval 120 seconds (4 x hello). Explicit neighbor statements are required for adjacency to form. Part of Cisco. OSPF LSA Types ‘There are 4 general LSAs + Router LSAs (Type 1 LSAs) describe the routers attached to a network + Network LSAs (Type 2 LSAs) describe the networks attached to an OSPF router + Summary LSAs (Type 3 and Type 4 LSAs) condense routing information at area borders.15 + External LSAs (Type 5 and Type 7 LSAs) describe routes to external networks: ‘OSPF LSA Types Type 1 ‘Type 1 LSAs are router link advertisements that are passed within an area by all OSPF routers. They describe the router links to the network. Type 1 LSAs are only flooded within a particular area Type z ‘Type 2 LSAs are network link advertisements that are flooded within an area by the Designated Router. They describe ALL the routers attached to specific networks including the DR, These LSAs are flooded only in the originating area, Type 3 ‘Type 3 LSAs are summary link advertisements that ‘are passed between areas. They describe the networks within an area, Type 4 ‘Type 4 LSAs are summary link advertisements that are passed between areas. They describe the path to the ASBR. Type 4 LSAs do not get floaded into stub Type 5 ‘Type 5 LSAs are passed between and flooded into areas by ABSRs. They describe routes external to the AS, Stub areas and NSSAs do not receive these LSAS Type 7 ‘Type 7 LSAs are NSSA AS-external routes that are flooded by the ASBR. ‘They are similar to Type 5 LSAs, but unlike Type SLSAs, which are flooded into multiple areas, Type 7 LSAs are only flooded into NSSA Area. ‘Type 7 LSAs are converted to Type 5 LSAs by ABRs before being flooded into the backbone ‘Types of OSPF Areas Normal Areas: These areas can either be standard areas or transit (backbone) areas. Standard areas are defined as areas that can accept intra-area, inter-area and external routes. The backbone area is the central area to which all other areas in OSPF connect. Note: Intra-area routes refer to updates that are passed within the area, Inter-area routes refer to updates that are passed between areas. External routes refer to updates passed from another routing protocol into the OSPF domain by the Autonomous System Border Router (ASBR).16 Stub Areas: These areas do not accept routes belonging to external autonomous systems (AS); however, these areas have inter-area and intra-area routes. In order to reach the ‘outside networks, the routers in the stub area use a default route which is injected into the area by the Area Border Router (ABR). A stub area is typically configured in situ the branch office need not know about all the routes to every other office, instead it could use a default route to the central office and get to other places from there. Hence the memory requirements of the leaf node routers is reduced, and so is the size of the OSPF database. ns where. To define an area as a stub area, use the OSPF router configuration command, area stub Totally Stub Areas: These areas do not allow routes other than intra-area and the default routes to be propagated within the area, The ABR injects a default route into the area and all the routers belonging to this area use the default route to send any traffic outside the area. To define a totally stub area, use the OSPF router configuration command, area stub no-summary, on the ABR. NSSA Are: his type of area allows the flexibility of importing a few external routes into the area while still trying to retain the stub characteristic. Assume that one of the routers in the ‘stub area is connected to an external AS running a different routing protocol, it now becomes the ASBR, and hence the area can no more be called a stub area, However, ifthe area is configured as a NSSA, then the ASBR generates a NSSA external link-state advertisement (LSA) (Type-7) which can be floaded throughout the NSSA area. These Type-7 LSAS are converted into Type-5 LSAs at the NSSA ABR and flooded throughout the OSPF domain. External network LSAs (type 5), redistributed from other routing protocols into OSPF, are not Permitted to flood into a NSSA area, ‘To define a NSSA, use the OSPF router configuration command, area nssa Totally NSSA Area: These areas do not allow routes other than intra-area and the default routes to be propagated within the area. The ABR injects a default route into the area and all the routers belonging to this area use the default route to send any traffic outside the area; but this type of area allows the flexibility of importing a few external routes into the area while stil trying to retain the Totally Stubby Area characteristic. Assume that one of the routers in the Totally Stubby Area is connected to an external AS running a different routing protocol, it now becomes the ASBR, and hence the area can no more be called a Totally Stubby Area,7 However, if the area is configured as a Totally NSSA, then the ASBR generates a NSSA ‘external link-state advertisement (LSA) (Type-7) which can be flooded throughout the NSSA area, These Type-7 LSAs are converted into Type-5 LSAs at the NSSA ABR and flooded throughout the OSPF domain. External network LSAs (type 5), redistributed from other routing protocols into OSPF, are not permitted to flood into a Totally NSSA area To define a NSSA, use the OSPF router configuration command, area nssa no- summary on the ABR. OSPF Route Preference Intra-area routes, O = Inter-area routes, © 1A, + External routes type 1, © E1 (or © N1) + External routes type 2, © £2 (or © N2) + Traffic between areas must transit via the backbone area. Consider the network diagram below,Area 0 eS. ton12024 —— ta TF 4 Cost 1 2 Area1 —|Cost 100 Cost 100 Area 1 t0.1.1401% 10.1280 4 Cost 100 3 st ae UR _ e190 ER Area 1 Ia tracroute was run from R1 (10.1.14.1} to R2 (10.1.23.2) which path would the packet follow? Would the packet take the direct path via R2 with the lower cost or the longer path via Ré and R37 Consider for a moment the routing table on R1:- 10.1.14.0 is directly connected, FastEthernet0/1 10.1.12.0 is directly connected, 10.1.23.0 [110/201] via 10.3.14.4, 00:01:13, FastEtherneto/1 10.1.34.0 [110/101] via 10.1.14.4, 00:01:13, Fastetherneto/t astEthernet0/0 18 When executing a traceroute from R1 we observe that the packet actually travels the longer more tedious path. The packet takes this path because R1 is learning 10.1.23.0/24 as an intra area (type O) and inter area (type | 0) route, the intra area route will be always be preferred.19 Riftraceroute 10.1.23.2 Tracing the route te 10.1.23.2 2 10.1.14.4 188 msec 216 msec 252 meee 2 10.1.34.3 248 msec 188 msec 332 meee 2 10.1.22.2 S44 msec 548 msec 480 msec = = 4 10.1.12.0/24 an 2 4 Cost 1 2 Cost 100 Cost 100 10.41.14.0128 10.1.23.0104 a Cost 100 3 — TF TF Cag — oro od This problem can be resolved by simply adding the 10.1.23.0/24 to Area 0. Thus R1 would learn 10.1.23.0/24 as an intra area route only and the decision as to the best path would be taken purely on cost only.20 Consider the network diagram below, Cost J jor.r20028 to..13.02%4 t0..14028 Area 0 Area 0| ‘Area 2 3 ‘ Pr Se ee t0..28.0124 10.1.34.0724 naw Cae on Gg oo 0 ea wea Which path would a packet sourced form 10.1.34.4 take destined for 10.1.12.2 take (given that the cost for links from R1 to R2, R3 and Ré is 1000)? Consider for a moment Ra's routing table:- Réfshow ip route © 10.1.14.0 is directly connected, Fastithernet0/0 10,1.13.0 (2110/1001) via 10.1.14.1, 00:28:31, Fastetherneto/o 10,1.12.0 (110/1001] via 10.1.14.1, 00:28:31, Fastetherneto/o OIA 20.1.23.0 [110/102] via 10.1.14.1, 00:28:31, FastEtherneto/0 c 10.1.34.0 is directly connected, Fastethernet0/1 ‘The preferred path from R4 to R2 is via R1, because traffic between two non-backbone areas cannot transit a third non-backbone area. It must transit via area 0 which in the above example is R121 This problem could be simply rectified by changing by both Areas 23 and 34 to area 0. cost 1000 / Cost 1000 Gost 1000 tor.r20%8 rors0n6 or.s40re ‘ead reat] rea A 4 tox.za0%4 i waseona 3 3 : eas arent Consider the following example, 10.10.1008 Area 10 Area 0 Area 0 sorazore roas4.0r.4 ro..23.004 Area22 Would 10.10.10.0 be present in R4’s routing table? A “show ip route" on R2 shows that 10.10.10.0124 is not present, nor is present within R3's routing table. 10.10.10.00/24 is however present with in R3's OSPF database. R3ishow ip ospf Database summary 18 age: 37 options: (No Tos-capability, DC, Upward) $ Type: Summary Links (Network) Link State ID: 10,.10.10.0 (summary Network Number) ter: 2.2.2.2 1 Advertising Rou IS Seq Number: @1 0x8226 Network Mask: /24 YOS: 0 Metric: 2 R3 will not place 10.10.10.0 into its routing table as ABR's ignore LSAs create by other ABRs, when learned through a nonbackbone area when calculating least-cost paths. This prevents an ABR from choosing a path goes into nonnackbone area and then back into area O through some other ABR. This enforces the rule that “trafic between two non-backbone areas cannot transit a third non-backbone area’. This problem could be rectified by creating a virtuablink (or GRE tunnel) between routers R2 and R3. OSPF Summarization Using route summarization reduces the amount of memory required to store the routing table, reduces bandwidth by limiting the number of routes sent across a link, minimizes the ‘exchange and process of routing information, and optimizes the routing information advertisement during route redistribution. OSPF Route Filtering Filtering within OPSF can take two forms; inbound fitering with route maps or via ‘ABR Type 3LSA filtering’ OSPF Inbound Route Filtering23 ‘The preferred method of fitering inbound routes is to define a route map (although itis perfectly possible to use a distribute-list). This will prevent OSPF routes from being added to the routing table, it wil not however have any effect on LSA flooding, That is to say the route will be present on the OPSF database and advertised to down stream neighbors. The fitering happens at the moment when OSPF is installing the route in the routing table. Using a route-map the following can used to match incoming routes:- + match interface + match ip address + match jp next-hop + match jp route-source + match metric + match route-type + match tag OSPF ABR Type 3 LSA Filtering Using the ‘area filter-list’ command it possible for an Area Boarder Router to filter Type 3 link-state advertisement (LSA) between areas, thus making it possible to specify which prefixes are to be sent from one area to another area, Type 3 LSA filtering can be applied ‘out of an OSPF area, into a specific OSPF Area or both at the same time. OSPF Flooding Reduction By default OSPF requires link-state advertisements (LSAs) be refreshed as they expire after 3600 seconds. This creates an unnecessary overhead even in relatively stable networks. ‘The OSPF Flooding Reduction feature is derived from RFC 1793 (OSPF demand circuits) OSPF Flooding reduction eliminates the flooding of already known and unchanged information. OPSF Flooding Reduction is of most use in large fell mesh OSPF topologies. OPSF flooding reduction is treating the symptoms of problem rather than the underlying ‘cause, a better solution may be to reduce the number of routers in an area or move from a full mesh topology. OSPF Graceful Restart Functionality24 Graceful restart also known as nonstop forwarding (NSF) allows a router to keep forwarding packets when OSPF crashes. Graceful restart is possible because routers use separate control and data planes. It is possible for a router to continue forwarding packets while the routing process restarts. Graceful restart on router will only occur when the following conditions are met:- +The neighbor must have a full adjacency with the restarting router over the associated network segment. + There have been no changes to the link-state database since the restarting router began restarting, + The grace period has not yet expired. ‘+ Local policy allows the neighbor router to act as a helper router, ‘©The neighbor router must not be in its own graceful restart process. ‘+ Helper mode for this router has not been disabled by the network administrator. In Cisco 10S, CEF is responsible for forwarding during graceful restart while OPSF rebuilds the routing table, Both Cisco and IETF NSF support are enabled by default, Fast Convergence Techniques for OSPF To support fast convergence OSPF supports sub-second hello timers and incremental SPF. OSPF Fast Hello Packets OSPF fast hello packets refer to hello packets being sent at intervals of less than 1 second. OSPF fast hello packets are activated by using the ip ospf dead-interval command. The dead interval is set to 1 second, and the hello-multiplier value is set to the number of hello packets you want sent during that 1 second, thus providing sub-second or "fast" hello packets. For example setting the “ip ospf dead. interval minimal hello-multiplier 5” the 5 will cause § hello packets will be sent every second. When fast hello packets are configured ‘on an interface, the hello interval advertised in the hello packets that are sent out this, interface is set to 0. The hello interval in the hello packets received over this interface is ignored. ‘The dead interval must be the same for all OSPF Neighbors, whether itis set to 1 second (for fast hello packets) or set to any other value.25 The hello multiplier need not be the same for the entire segment as long as at least one hello packet is sent within the dead interval. Fast hellos should only used with a reasonably limited number of interfaces. Any more than 300 neighbors could possibly cause undue stress on the routers CPU. OSPF Incremental SPF OSPF uses Dijkstra's SPF algorithm to compute the shortest path tree (SPT). During the ‘computation of the SPT, the shortest path to each node is discovered. The topology tree is used to populate the routing table with routes to IP networks. When changes to a Type-1 or Type? link-state advertisement (LSA) occur in an area, the entire SPT is recomputed. In many cases, the entire SPT need not be recomputed because most of the tree remains unchanged. Incremental SPF allows the system to recalculate only the affected part of the {ree, which results in faster OSPF convergence and saves CPU resources. Ifa change to a ‘Type-1 or Type-2 LSA occurs in the calculating router itself, then the full SPT must be performed. Incremental SPF should not be confused with partial SPF, which means that the SPT is persevered (because there were no changes to the router or network link states), and only impacted prefixes need to be updated in the routing table. A partial SPF may be used for ‘Type 3 (network summary), Type 4 (ASBR) and type 5 (AS extemal) link-state adverts ‘changes in the router ink states. ements. An example might be when an external route has changed but there are no Incremental OSPF can interoperate with routers not running this feature on the same network. Shortest Path First (SPF) Throttling Prior to the OSPF LSA Throttling feature, LSA generation was rate-limited for § seconds. ‘That meant that changes in an LSA could not be propagated in millseconds, thus OSPF networks could not achieve millisecond convergence. ‘The OSPF LSA Throttling feature is enabled by default and allows faster OSPF convergence (in milliseconds). This feature can be customized. One command controls the generation (sending) of LSAs and another command controls the receiving interval. This feature also provides a dynamic mechanism to slow down the frequency of LSA updates in OSPF during periods of network instability.26 The “timers throttle Isa all” command controls the generation (sending) of LSAs. The first LSA is always generated immediately upon an OSPF topology change, and the next LSA ‘generated is controlled by the minimum start interval, The subsequent LSAs generated for the same LSA are rate-limited until the maximum interval is reached. The "same LSA" is defined as an LSA instance that contains the same LSA ID number, LSA type, and advertising router ID. ‘The “timers Isa arrival” command controls the minimum interval for accepting the same LSA. Ifan instance of the same LSA arrives sooner than the interval that is set, the LSA is ‘dropped. Its recommended that the arrival interval be less than or equal to the hold-time interval of the “timers throttle Isa all” command. OSPF and Bidirectional Forwarding Bidirectional Forwarding Detection (BFD) is a form of very fast hello that is used to detect the presence or (absence for that matter) of an adjacent neighbor. BFD is a detection protocol that is enabled under an interface and routing protocol. BFD provides fast BFD peer detection failures independently of all media types, encapsulations, and routing protocols. By sending rapid failure detection notices to the routing protocols in the local router to initiate the routing table recalculation process, BFD contributes to greatly a reduced overall network ‘convergence time. OSPF Neighbors =n BFD Neighbors Routers BFD neighbor relationships as well as OSPF neighbor relationships. In the above ‘exam R1 has formed a BFD and OSPF neighbor relationship with R2. Ia failure occurs in the network, the BFD neighbor session is torn down. BFD then notifies the local OSPF process that the BFD neighbor is no longer reachable. The local OSPF27 process tears down the OSPF neighbor relationship causing OSPF to install alternate routes. 10. Riffshow bfd neighbors ourndde Neighhddr D/RD_RK/RS Holddown(mult) State Int Riftshow ip ospf net 112.1 10,1,12.2 1A Up 0 3) Up Pa0/0 Nelghbor TD Pri State bead Tine Address Interface 2.2.2.2 1 FULL/BDR 00:00:33 10.1.12.2 Fastetherneto/0 EIGRP EIGRP is a Cisco proprietary protocol that combines the attributes of a Link State and a Distance Vector routing protocol, Itis considered a ‘hybrid’ routing protocol. EIGRP was released as an enhancement to Cisco's other proprietary rouling protocol, |GRP. EIGRP supports automatic route summarization, VLSM addressing, multicast updates, non-periodic updates, unequal-cost load balancing, and protocol independent module support for IP, IPX and AppleTalk. EIGRP added many features to overcome the limitations of IGRP: + The Diffusing Update Algorithm (DUAL) + Loop-free networks + Incremental updates instead of periodic (only send changes as they occur) ‘+ Knowledge about neighbors as opposed to the entire network. + Independent Support for IP, IPX and AppleTalk + Classless routing28 * Efficient summarization of networks + Efficient use of link bandwidth for routing updates * Authentication * EIGRP uses the same metrics as IGRP ‘+ EIGRP uses IP protocol #88 + Administrative distance (internal 90, external 170, summary 5) + Support Equal cost load balance (Maximum path up to 16 by default 4 is enable) EIGRP sends hello packets every 5 seconds on high bandwidth links, tke PPP and HDLC leased lines, Ethernet, TR, FODI and Frame Relay point-to-point and ATM. It sends hellos ‘every 60 seconds on low bandwidth multipoint links, like FR multipoint and ATM multipoint links. Note by default hold-down timer is 3 times the hello. + EIGRP reliable packets are: Update, Query and Reply. ‘+ EIGRP unreliable packets are: Hello and Ack. Updates are always transmitted reliably. Updates convey reachability of destinations. On discovery of a new neighbor, update packets are sent so the neighbor can build its topology table. These update packets are unicast. In other cases, such as a link cost change, updates are multicast. Both queries and replies are transmitted reliably. When destinations go into active state, ‘queries and replies are sent. Queries are always multicast unless they are sent in response toa received query. In this case, a reply is unicast back to the successor that originated the ‘query. Replies are always sent in response to queries to indicate to the originator that it does not need to go into active state because it has feasible successors. Replies are unicast to the originator of the query. EIGRP and Split Horizon EIGRP uses split horizon or advertises a route as unreachable when: ‘+ two routers are in startup mode (exchanging topology tables for the first time) ‘+ advertising a topology table change ‘+ sending a query29 ‘Types of EIGRP Successors + Suecessor—a route selected as the primary route to reach a destination network specified by the Feasibility Condition. Successors are entries kept in the routing table. + Feasible Successor—a backup route to a specified network. Multiple feasible successors for a destination network can be retalned in a topology table. Thus when a route goes down the entire routing table does not have to be recomputed. Feasibility Condition ‘When the receiving router has a Feasible Distance (FD) to a specified network and when it receives an update from a neighbor with a lower advertised or Reported Distance (RD) to that network, the Feasible Condition is met. The neighbor then becomes a Feasible ‘Successor (FS) for that route because itis one hop closer to the destination network. In a meshed network environment, there can be a number of Feasible Successors, ‘The RD for a neighbor to reach a specified network must always be less than the FD for the local router to reach the network. In this way EIGRP avoids routing loops. This is the reason why routes that have RD larger than the FD are not entered into the Topology table. * Neighbor DiscoveryiRecovery—Routers learn of the other routers on their directly attached networks dynamically, by sending Hello Packets. A router is assumed to be present by its neighbor through the hello packets it sends. * DUAL (Diffusing Update Algorithm)}—Tracks all the routes advertised by all neighbors. DUAL will use various metrics to select the most efficient path. It selects routes to be inserted into the routing table depending on feasible successors. * Protocol Dependent Modules—these are individually responsible for IP, IPX, and Appletalk. The IPX EIGRP module is responsible for sending and receiving EIGRP packets that are encapsulated in IPX. The Apple EIGRP module is responsible for AppleTalk packets. The IP EIGRP module is responsible for IP packets. They route like strangers in the night, except they don't even exchange glances.30 EIGRP Tables ° Nei ;hbor table—the current configuration of all the router's immediately adjacent neighbors. + Topology table—This table is maintained by the protocol dependent modules and is. used by DUAL. It has all the destination networks advertised by the other neighbor routers. + Routing table—EIGRP chooses the best routes to a destination network from the topology table and places these routes in the routing table. The routing table contains: + How the route was discovered + Destination network address and the subnet mask + Metric Distance: This is the cost of the metric from the router + Next hop address + Route age © Outbound interface Choosing routes DUAL selects primary and backup routes using the composite metric and guarantees that the selected routes are loop free. The primary routes are then moved to a routing table. The rest (up to 6) are stored in the topology table as feasible successors. EIGRP uses the same composite metric as IGRP to determine the best path. The default criteria used are: © Bandwidth—The smallest bandwidth cost between source and destination, © Delay—Cumulative interface delay along the path + Reliability—Worst reliability between source and destination depending on keepalives + Load—Utlization on a link between source and destination measured in bits per second on its worst link + MTU—The smallest Maximum Transmission Unit ‘The default for EIGRP is to use only bandwidth and delay when calculating the metric. EIGRP uses the following scaled values to determine the total metric to the network:31 EIGRP Metric = 256*((K1*Bw) + (K2"Bw)/(256-Load) + (K3*Delay)*(K5/(Reliability + K4))) ‘The default values for K are: Kt= ka. Ks. Ka Ks For the default, you can simplify the formula as: Metric = (Bandwidth + Delay) * 256 Bandwiat path 410,000,000/Minimum bandwidth along the path; and Delay = Sum of all delays along the ‘Therefore, the final metric formula becomes: ({10,000,000/Minimum bandwith in Kilos] + Sum of all delay/10 ms) * 256 Note: Formula uses the bandwidth in klobits per second and delay as configured on the interface, Which is in microseconds. After two routers become neighbors, each will send routing updates (and other packets) to the other using a reliable multicast scheme. For example, assume that router 1 has a series of packets, such as a routing table update, Which must be transmitted to routers 1, 3, and 4, Router 1 will send the first packet to the EIGRP multicast address, 224.0.0.10, and then will wait for acknowledgment from each of its neighbors on its Ethernet interface (in this case, routers 2, 3 and 4). Assume that routers 2 and 4 answer the multicast packet, but router 3 does not. Router 1 will ‘ait until the mutticast flow timer expires on the Ethernet interface, then send out a special packet, a sequence TLY, telling router 3 not to listen to any further multicast packets from router 1, Router 1 will then continue transmitting the remainder of the update packets as rmukicast to all other routers on the network. The sequence TLV indicates an out-of- sequence multicast packet, ‘Those routers not listed in the packet enter Conditional Receive (CR) mode, and continue listening to multicast. While there are some routers in this mode, the Conditional Receive bit32 will be set in multicast packets. In this case, router 1 will send out a sequence TLV with router 3 listed, so routers 2 and 4 wil continue listening to further multicast updates. If a router receives an update packet with the init flag set it clearly implies that this packet is the first after a new neighbor relationship has been established. If we clear the IP EIGRP neighbor relationship it wil automatically cause the EIGRP neighbor relationship to be restarted Init Flag ‘There is an 8-bit lag value in the EIGRP header. The rightmost bit is init. When init is set to 0x00000001 the enclosed route entries are treated as the first in a new neighbor relationship, Note that route entries are carried in update packets not hello packets. This debug output displays the Init Sequence increasing only with the update packet: Router debug eigrp packet, EIGRP: Sending HELLO on Etherneto/1 AS 666, Flags 0x0, Seq 0, Ack 0 EIGRP: Sending HELLO on Ethernet0/1 AS 666, Flags 0x0, Seq 0, Ack 0 EIGRP: Sending HELLO on Ethernet0/1 AS 666, Flags 0x0, Seq 0, Ack 0 EIGRP: Received UPDATE on Ethernet0/1 from 10.23.23.23, AS 666, Flags 0x1, Seq 1, Ack 0 EIGRP: Sending HELLO/ACK on Ethernet0/1 to 10.23.23.23, AS 666, Flags 0x0, Seq 0, Ack 1 EIGRP: Sending HELLO/ACK on Ethernet0/1 to 10.23.23.23, AS 666, Flags 0x0, Seq 0, Ack 1 EIGRP: Received UPDATE on Ethernet0/1 from 10.23.23.23, AS 666, Flags 0x0, Seq 2, Ack 033 EIGRP Stub Routing ‘Stub routing is frequently used in a hub and spoke network topology. The EIGRP Stub Routing feature is designed to improve network stability, reduce resource utilization, and simplify stub router configuration. In a hub and spoke network, one or more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more distribution routers (the hub). The remote router is adjacent to one or more distribution routers. The only route for IP traffic to follow to reach the remote router is through a distribution router. This configuration is often used in WAN topologies where the distribution router is directly ‘connected to a WAN. The distribution router can also be connected to many more remote routers, often to 100 or more remote routers. In a hub and spoke network topology, the remote router must forward all nonlocal traffic to a distribution router, so the remote router does not need to hold a complete routing table. Generally, the distribution router just needs to send a default route to the remote router, nothing more is needed When you use EIGRP Stub Routing, you need to configure the distribution and remote routers to use EIGRP, and to configure only the remote router as a stub. Only specified routes are propagated from the remote (stub) router. The router responds with the message “inaccessible” to queries for summaries, connected routes, redistributed static routes, ‘external routes, and intemal routes Acrouter configured as a stub will send a special peer information packet to all neighboring routers to report its status as a stub router. + Neighbors receiving a stub status packet will not query the stub router for any routes, and a router that has a stub peer will not query that peer. + The stub router will depend on the distribution router to send the proper updates to all peers.34 Simple Hub and Spoke Network 6a Cdtomet > “= ee — i (hud) (spoke) ‘The above diagram shows a simple hub and spoke network The stub feature on its own does not prevent routes from being advertised to a remote router. In the Figure 4-1, the remote router can access the corporate network and the Internet through the distribution router only. A full route table on the remote router would have no functional purpose because the larger route table would only increase the amount of memory required by the remote router. Route summarization and filtering on the distribution router can further conserve bandwidth and memory. The remote router doesn't need to receive routes that have already been learned from other networks. If true stub network is desired, the distribution router should be configured to send only a default route to the remote router. ‘The EIGRP Stub Routing feature allows a system administrator to prevent queries from being sent to the remote router, An EIGRP router will not query a stub neighbor about any route. In most cases, the system administrator will need to configure summarization on the distribution routers, The EIGRP Stub Routing feature does not automatically enable summarization on the distribution router. Problems could occur if the stub feature is not used, even after the filtered or summarized routes that are sent from the distribution router to the remote router. a route is lost somewhere in the corporate network, EIGRP could send a query to the distribution router, which in turn will send a query to the remote router even if routes are being summarized.35 ‘A problem communicating over the WAN link between the distribution router and the remote router may cause an EIGRP stuck in active (SIA) condition to occur and cause instability ‘elsewhere in the network. Route Summary Route summarization is the best way to reduce the number of routes within the routing table. To optimize the network, route summarization should take place on the distribution layer of a three-tiered network design. Proper planning is important to ensure that enough IP address space is allocated at each distribution router, so all remote locations can be summarized into cone single network route. Auto-Summarization EIGRP will perform auto-summarization of external routes, performing an auto- summarization each time it crosses a border between two different major networks. The ‘command to disable EIGRP’s default summarization of addresses at network boundaries is no auto-summary, Process ID for an Autonomous System ‘The process ID is the number following the router eigrp command. The process ID denotes the Autonomous System (AS) of the network that the router is in. * The process ID can be any number between 1 and 65535, + Aprocess ID of 0 is not allowed + The process ID can be randomly chosen, as long as it is the same for all EIGRP processes in routers that are to share the routing information, EIGRP checks for the AS number on neighboring routers. EIGRP will only form a neighbor relationship with other routers in the same AS, Since EIGRP always sources data packets from the primary address, you should configure all routers on a particular subnet with primary addresses that belong to the same subnet. Routers do not form EIGRP neighbors ‘over secondary networks. If the primary IP addresses do not agree for all routers, there can be problems with neighbor adjacencies,36 Show IP Route EIGRP ‘An important point to remember with EIGRP is that very old routes are to be expected in a healthy network. Since updates only occur when there is a change, change is bad. Like fine wine, EIGRP routes should be seasoned by time. Here is a sample output from a show IP route command on an EIGRP network r2itshow ip route Codes: C - connected, S- staic, |-IGRP, R- RIP, M- mobile, 8 - BGP D- EIGRP, EX- EIGRP extemal, O - OSPF, IA- OSPF inter area Nt - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2- OSPF external type 2, € EGP 1 ISIS, L1 - IS-IS level-t, L2 - IS-IS level2, *- candidate default U - per-user static route, o- ODR Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks 172.16.0.0/16 is a summary, 4d06h, Nullo 172.16.1.0/24 is directly connected, TokenRingO 192.168.4.0/24 is directly connected, Loopback3 192.168.5.0/24 is directly connected, Loopback 10.0.0.0/8 [90/832000] via 172.16.1.3, 4d06h, TokenRingo 192.168.1.0/24 is directly connected, Loopbacko 192.168.2.0/24 is directly connected, Loopback1 192.168.3.0124 is directly connected, Loopback2 e 2000000 rae Notice that several routes have designations of “4d06h", which mean the routes are over, four days old. Short aging periods in an EIGRP network indicates change, and should be monitored carefully37 Show Ip Eigrp Topology show ip eigrp topology [autanomous-systom-number | [-adsress] mack] factive | alltinks | pending | summary | zero-successors] Router# show ip eigrp topology IP-EIGRP Topology Table for process 77 Codes: P - Passive, A~ Active, U- Update, Q - Query, R - Reply, r- Reply status P 10.16.90.0 255.255.255.0, 2 successors, FD is 0 via 10.16.80.28 (46251776/46226176), Ethernet0 via 10,16.81.28 (46251776/46226176), Ethernet via 10.16.80.31 (46277376/46251776), SerialO P 10.16.81. 255.255.255.0, 1 successors, FD is 307200 via Connected, Ethernet! via 10.16.81.28 (307200/281600), Ethernet via 10,16.80.28 (307200/281600), Ethernet0 via 10,16.80.31 (332800/307200}, SerialO Table 4-1. show ip eigrp topology Field Descriptions: show ip eigrp topology Field Descriptions Description State of this topology table entry. Passive and Active refer to the EIGRP state with respect to this destination; Update, Query, and Reply refer to the type of packet that is being sent. P_Passive No EIGRP computations are being performed for this destination. ‘A—Active EIGRP computations are being performed for this, destination, U—Update Indicates that an update packet was sent to this destination38 ‘—auery Indicates that a query packet was sent to this destination. R-Reply Indicates that a reply packet was sent to this destination. rReply status Flag that is set after the software has sent a query and is. walting for a reply. 10.16.90.0 Destination IP network number. 255.255.255.0 Destination subnet mask. successors, Number of successors, This number corresponds to the number of next hops in the IP routing table, If “successors” is capitalized, then the route or next hop is in a transition state. FD Feasible distance. The feasible distance is the best metric to reach the destination or the best metric that was known when the route went active. This value Is used in the feasibility condition check. If the reported distance of the router (the metric after the slash) is less than the feasible distance, the feasibility condition is met and that path is a feasible successor. Once the software determines it has a feasible successor, it need not send a query for that destination, via IP address of the peer that told the software about this destination. The first of these entries, where n is the number of successors, is the current successors. The remaining entries on the list are feasible successors. (46251776/46226176) ‘The first number is the EIGRP metric that represents the cost to the destination. The second number is the EIGRP. metric that this peer advertised Etherneto Interface from which this information was learned. Seriald Interface from which this information was leamed, Show Ip Eigrp Neighbor router# show igrp neighbor IP-EIGRP neighbors for process 139 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 1 10.1.1.2 Et — 13.12:0053 12 300 0 620 0 101.22 $0 17412:00:56 17 200 0 645 p-2514aa#t show ip eigrp neighbor IP-EIGRP neighbors for process 1 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 110.112 Ett —1212:00:55 12 300 0 620 © 10122 So 173 12:00:57 17 200 0 645 1p-2514aatt show ip eigrp neighbor IP-EIGRP neighbors for process 1 H Address Interface Hold Uptime SRTT RTO Q Seq Type (see) (ms) Cnt Num 110412 Et 11120056 12 300 0 620 0 10122 $0 172 12:00:58 17 200 0 645 ‘The Hold column value in the command output should always be less than the hold time, and should always be greater than the hold time minus the hello interval (unless you are losing hello packets). + Ifthe Hold column value is between 10 and 15 seconds, the hello interval is 5 seconds, and the hold time is 15 seconds. + Ifthe Hold column has a wider range—between 120 and 180 seconds—the hello interval is 60 seconds and the hold time is 180 seconds. Ifthe numbers do not seem to ft one of the default timer settings, check the interface in ‘question on the neighboring router—the hello and hold timers may have been configured manually. Remember that EIGRP sends hello packets every 5 seconds on high bandwidth links using multicast hellos, and every 60 seconds on low bandwidth multipoint links using unicast hellos.Isis 40 Intermediate System to Intermediate System’ (IS-IS) is a link-state routing protocol, in that local link information is flooded to adjacent routers. Link-state routing protocols have several notable advantages over distance-vector protocols because they converge faster, can support much larger internetworks and are much less prone to routing loops. Some of the features of ISIS include:- + Hierarchical routing + Classless behavior + Rapid flooding of new information + Fast Convergence + Very scalable + Flexible timer tuning IS-IS uses areas to create a two-level hierarchical topology. Unlike OSPF, ISIS has no concept of Area Border Routers, Within ISIS an IS (Routers are known as intermediate ‘systems or IS's for short) may only reside in one area. Routing within an area is referred to ‘as Level 1 routing, Routing between areas is referred to as Level 2 routing. A Level 21S. maintains both a level 1 link state database and a level 2 link state database. A Level 1 |S. maintains a link state database only for its own area. To route a packet out of its area, a Level 1 IS forwards the packet to the nearest Level 21S in its own area, regardless of where the destination area is. Then the packet travels via Level 2 routing to the destination area, where it may travel via Level 1 routing to the destination.41 cLNS Unlike other routing protocols which use IP for communication, ISIS uses CLNS. OSI CLNS is a network layer service that does not require a circuit to be established before data is. transmitted. A CLNS entity communicates over Connectionless Network Protocol (CLNP) with its peer CLNS entity. NSAP Addresses NSAP is the network-layer address for CLNS packets; an NSAP address is still required for IP routing. |S-IS link state packets (LSPs) use NSAP addresses to identify the router and build the topology table and the underlying IS-IS routing tree. ‘The Cisco implementation of the IS-IS divides the NSAP address into three fields: © The Area address © The System ID + The NSEL ‘Area Address The area address must be at least 1 byte separated into two parts. If an official prefix is not required, AFI 49 can be used, which denotes private address space, Ike IP address space for private Internets as defined in RFC 1918, The second par of an Area ‘Address is the area identifier (ID), the area address is defined in the Octets after the AFI ‘System ID All Level 2 routers must have a unique system ID domain-wide, and all Level 1 routers must have a unique system ID area-wide. The US Government OS! Profile version 2.0 standard requires a 6-byte system ID. For example, the following NSAP address may be assigned, 49.0001.0000.0000.0001.00 Which breaks down too:- AFI of 49 ‘Area ID of 0001 ‘System ID of 0000,0000.0001. NSEL of 00 (with Cisco always set to zero)42 ISIS Adjacencies Routers running IS-IS will send hello packets out all interfaces which are running ISIS. ISIS ‘hellos’ are sent out every ten seconds. This interval can be configured using the ‘sis hello- interval’ command. Although IS-IS ‘hellos’ are slightly different for broadcast and point-to- point subnetworks, the Hellos include the same essentially the same information. An IS-IS router uses its Hello PDUs to identify itself and its capabllties and to describe the parameters of the interface on which the Hellos are sent ISIS routers on a common link will form adjacencies if the following conditions are met:- ‘= Authentication + ISIS Type + Matching MTU sizes. IS-IS Operations Routers will build their ink-state database from Link State Packets (LSP's) which are flooded throughout an area. A shortest-path tree (SPT) Is calculated by each IS, and from this SPT the routing table is built. Routers will flood LSPs to all adjacent neighbors except the neighbor from which they received the same LSP ISIS Areas IS-IS uses areas to create a two-level hierarchical topology. Unie OSPF, IS-IS does not have the concept of an area 0, Instead IS-IS uses a collection of level-2 capable routers to form a contiguous backbone. The Level 1-2 and Level 2 routers that form the backbone may be in different areas.43 With IS-IS a router may only reside in one area, the areas themselves are defined by the links between the routers, The reason for this is unlike IP, a router can have a maximum one service point (NSAP) address. The red lines in the following diagram represent the boarders between different areas.Level 1 Routers ‘Alevel one router is aware of the topology of its own area only; in some respects itis, analogous to an OSPF stub area. The level one router will only form adjacencies to other L1, and L1/R2 within its area. To send packets of out of an area the L1 router will calculate the location of the nearest L1/L2 router. When an L2 or L1/L2 router is attached to another area, the router will advertise the fact by setting the ATT bit in its LSP to one, When IS-IS is used to route IP, a default IP route to the L1/L2 is entered into the route table. Level 2 Routers ‘Allevel 2 router may have neighbors in the same or different areas. Level 2 routers will only have a Level 2 link-state database. Therefore Layer 2 routers will have no knowledge of their own area.45 Level 1/2 Routers Unlike Level 1 routers, A Level 1/2 router can have neighbors in any areas. Level1/2 routers maintain two link state databases, a level 1 database for inter area routing and a level database for intra area routing. Because of the extra burden of running two databases the Level 1/2 router will need extra CPU and memory resources compared to the Level 1 router. Route Leal When packets are routed out of an area the Level 1 router will calculate the path to the nearest Level 1/2 router. This can lead to sub-optimal routing when the shortest path to the destination is through a different L1/L2 router. Route leaking helps reduce sub-optimal routing by providing a method for leaking, or redistributing, L2 information into L1 areas. By having extra information about inter-area routes, an L1 router is able to make a better choice with regard to which L1/L2 router to forward the packet. Route leaking is defined in RFC 2966 for use with the narrow metric Type, Length and Value (TLV) types 128 and 130. IS-IS extensions for traffic engineering define route leaking for use with the wide metric TLV type 135. Both drafts define an up/down bit to indicate whether or rot the route defined in the TLV has been leaked. If the up/down bit is set to 0 the route originated within that L1 area. If the up/down bit is not set it is 0), the route has been redistributed into the area from L2. The primary purpose of the up/down bit is to prevent routing information and forwarding loops, An L1/L2 router does not re-advertise into L2 any Lt routes that have the up/down bit set. Isis PDU's ‘The OSI stack defines unit of data as a PDU. OSI recognizes a frame as data-link PDU and a packet as a network PDU. IS-IS PDU’s are encapsulated directly in a data-link PDU (frame); there are no connectionless Network Protocol (CLNP) header and no IP header. ‘The IS-IS contain variable-length fields, depending on the function of the PDU. Each field contains a type code, a length, and the appropriate values; this information is known as the T's IS-IS defines four types of PDU’s, Hello PDU LSP, Partial sequence number PDU's and Complete sequence number PDU's.46 ‘+ Hello PDU: The Hello PDU is used to establish and maintain adjacencies. + LSP: There are four types of LSPs: Level 1 pseudonode, Level 1 nonpseudonode, Level 2 pseudonode, and Level 2 nonpseudonode. LSP packets are used to distribute link-state information. + Partial Sequence number PDU (PSNP) CSNPs contain alist ofall LSPs from the current database. CSNPs are used to inform other routers of LSPs that may be ‘outdated or missing from their own database. This ensures that all routers have the ‘same information and are synchronized. The packets are similar to an OSPF database description packet. + Complete sequence number PDU (CSNP) PSNPs are used to request an LSP (or LSPs) and acknowledge receipt of an LSP (or LSPs). Link State Packets Within IS-IS characteristics of a router are defined by an LSP. The router's LSP contains an LSP header and TLV fields. ‘An LSP header includes the following: ‘+ The PDU type and Length ‘+ The LSP ID, The LSP Consists of three components: system ID, pseudonode ID, and LSP fragmentation number. Length is ID length + 2 bytes. + The LSP sequence number, used to identify duplicate LSPs and to ensure that the latest LSP information is stored in the topology table, ‘+The remaining lifetime for the LSP, which is expressed as time in seconds before the LSP expires. ‘TLV variable-length fields contain elements including:- ‘+The neighbor IS's of the router, which is used to build the map of the network. + The neighbor ESs of the router. + Authentication information, which is used to secure routing updates. ‘+ Attached IP subnets (optional for Integrated IS-1S)47 LSP’s are given sequence numbers that wil allow receiving routers:- ‘+ Ensure that they use the latest LSP's in their route calculations ‘= Avoid entering duplicate LSPs in the topology tables Each LSP that resides in the link-state database has a remaining lifetime, a checksum, and a sequence number. The LSP remaining lifetime counts down from 1200 seconds (20 minutes) to 0. The LSP ‘originator must periodically refresh its LSPs to prevent the remaining lifetime from reaching 0. The refresh interval is 15 minutes, with a random factor of up to 25 percent. Ifthe remaining lifetime reaches 0, the expired LSP will be kept in the database for an additional 60 seconds (known as ZeroAgaLifetimo) before itis finally purged. If a router receives an LSP with an incorrect checksum, the router will cause a purge of the LSP by setting the remaining lifetime value to 0, removing the body and re-flooding it. This, triggers the LSP originator to send a new LSP. IS-IS Network Types IS-IS recognizes only two network types:- + Point to Point Networks + Broadcast Networks Point-to-point networks are single pairs of directly connected routers. A router running IS-IS will form an adjacency with the neighbor on the other side of a point-to-point interface. A Designated Intermediate System (DIS) is not required on this type of link. Once the routers ‘exchange hello packets this is enough to begin the adjacency process, When this occurs, ‘each side then sends a CSNP to trigger database synchronization Broadcast networks, such as Ethernet, are multi access in that they are able to connect. more than two devices; all connected routers will receive a packet sent by one router. On broadcast multi access media (LAN), a Designated Intermediate System (DIS) is elected and will conduct the flooding over the media. The DIS is similar to the designated router in Open Shortest Path First (OSPF) Protocol, even though the details including election process and48 adjacencies within a mutt-access media differ significantly. The DIS is elected by priority; there is no concept of a backup DIS. The router with the highest priority becomes the DIS for that segment. This is configurable on an interface basis. In the case of a tie, the router with the highest SNPA (MAC) address will become the DIS. The DIS election is pre-emptive (unlike with OSPF). If a new router boots on the LAN with a higher interface priority, it becomes the DIS, purges the old pseudonode LSP, and a new set of LSPs will be flooded ‘The DIS has two main tasks:- © Conduct flooding over the LAN. ‘+ Create and update pseudonode LSP. ‘A pseudonode LSP represents a LAN, including all ISs attached to that LAN, just as a non- pseudonode LSP represents a router, including all ISs and LANs connected with the router.49 Physical View =) Logical View Metrics ‘The Cisco implementation of ISIS uses cost only. Each interface has a default active interface metric value of 10 in Cisco IOS software. Ifthe interface is passive, the default value is zero, The total cost to a destination is the sum of the costs on all outgoing interfaces. along a particular path from the source to the destination, and the least-cost paths are preferred. IP Addressing Default Routing50 Default routing is achieved in two methods with Integrated IS-IS: + Attached bit Set by a Level 1/ Level 2 router in its own Level 1 LSP and used to indicate to all Level 1 routers (within the area) that this router is a potential exit point of the area. Level 1-only routers will default to the nearest attached Level 2 router. + Default information originate The default information originate command can be configured in Level 1 as well as Level 2. The default route (0.0.0.0/0) is inserted in the router LSP (Level 1 or Level 2, according to the configuration command) and the LSP is flooded according to the router type (Level 1 or Level 2). A Level 2 router doesn't need to have a default route to originate a default route Level 1 routers will always prefer the explicit default route (0.0.0.0/0) found in an LSP before considering the attached bit Redistribution Redistribution from any other routing protocol, static configuration, or connected interfaces is allowed in any type of router (Level 1 and Level 2). By default the metric type will be sot as internal, which means that the metric of the route will compete with all other internal routes. It is possible to set the metric type as external. In that way the prefix will have a metric equal to the cost specified in the redistribution command plus a value of 64. Although the metric is increased if the metric is flagged as external on redistribution, the internaliexternal bit used to increase the metric is actually ignored when calculating routes unless the use of extemal metric is specified in the configuration ‘Summarization ‘Summarization is one of the key factors affecting scalabilty of a routing protocol. ‘Summarization will reduce the amount of routing updates that will be flooded across the areas and the routing domain. The use of IS-IS (especially with area routing) requires a good addressing scheme to aid summarization and avoid having a huge Level 2 database (populated with updates: originated from Level 1 areas)51 For IP we can summarize only native IS-1S routes into Level 2 from the Level 1 database. It is not possible to summarize IS-IS internal routes at Level 1, although itis possible to summarize external (redistributed) routes at Level 1. If the configured metric type is extemal (the default) or the metric type is not specified (and therefore defaults to external), redistribution will not take place. This can be confusing because the metric type does not appear in the router configuration, regardless of whether it is specified According to RFC 1196, the external reach ability TLV is not permitted in Level 1 LSPs. Therefore, itis not possible to express an external metric type in a Level 1 LSP. This constraint will be relaxed in the future to allow Level 1 external routes to have either an Internal or external metric type Even though the configured metric type is internal, the LSP will show that the route is "IP external" because the external IP reach ability TLV is used to hold the information. Border Gateway Protocol (BGP) BGP version 4 is a path vector routing protocol used to exchange routing information between autonomous systems, and can be considered the routing protocol ofthe Internet. BGP is used to exchange routing information for the Internet and is the protocol used between Intemet service providers (ISPs). BGP carries information as a sequence of AS numbers, which indicate the autonomous systems that must be used to get to a destination network. BGP is defined in RFCs 1163, 1267, and 1771. BGP is considered an Exterior Gateway Protocol (EGP) (not to be confused with the obsolete routing protocol also called “EGP"). BGP is designed to prevent loops from forming between systems. ‘There are both internal and extemal BGP (IBGP and EBGP) configurations. Organizational networks, such as universities and corporations, usually employ an Interior Gateway Protocol (IGP) such as RIP or OSPF for the exchange of routing information within their networks. These networks connect to ISPs, and ISPs use BGP to exchange customer and ISP routes. When BGP is used between autonomous systems (AS), the protocol is referred to as External BGP (EBGP). If a service provider is using BGP to exchange routes within an AS, then the protocol is referred to as Interior BGP (IBGP).52 BGP neighbors are defined in the configuration, not by their physical location in the network, Even if two routers are physically connected, they are not necessarily neighbors unless they form a TCP connection, which is configured by the network engineer. BGP’s effective use of classless inter-domain routing (CIDR) has been a major factor in slowing the explosive growth of the Internet routing table. CIDR doesn't rely on classes of IP networks such as Class A, B, and C. In CIDR, a prefix and a mask, such as 197.32.0.0/14, represent a network. This would normally be considered an illegal Class C network, but CIDR handles itjust fine. A network is called a super-net when the prefix boundary contains fewer bits than the network's natural mask. Situations that may require BGP: + Extremely large networks + Anetwork that is connected to more than one AS + Networks that are connected to two or more Internet Service Providers + When you have a unique routing policy that requires it + Ifyou are an ISP Interior Border Gateway Protocol (IBGP) + Exchanges information within the same AS between routers + Is more flexible, scalable, and efficient for controlling the exchange of information within an AS * Shows a consistent view of the AS to extemal neighbors Exterior Border Gateway Protocol (EBGP) + Used when routers belong to different AS and need to exchange external updates + The BGP Synchronization rule: “Ian AS provides transit service to another AS, then BGP should not advertise the route until all of the routers within this AS have learned the route through the IGP."53 BGP Attributes * Weight (Cisco BGP attribute) * Local preference + Multiexit discriminator + Origin (Mandatory Attribute) © AS_path (Mandatory Attribute) + Next hop (Mandatory Attribute) © Community © Cluster-List Originator 1D ‘The mandatory attributes MUST be included in updates propagated to all peers (both IBGP- and EBGP). Weight Attribute ‘The weight attribute (Cisco specific) is local to a router. The weight attribute is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route withthe highest weight will be preferred, Since weight is Cisco specific, itis technically NOT a BGP attribute. In Figure 4-2, Router A is receiving an advertisement for network 172.16.1.0 from routers B and C. ‘+ When Router A receives the advertisement from Router B, the associated weight is set t0 50. ‘= When Router A receives the advertisement from Router C, the associated weight is set to 100. * Both paths for network 172.16.1.0 will be in the BGP routing table, with their respective weights. + The route with the highest weight will be installed in the IP routing table.