Ccie Rs Lab Prep

CCIE Routing and Switching
TECCCIE-3000_c3
2009 Cisco Systems, Inc. All rights reserved.
Cisco Public
Techtorial Session Topics

Session 1
Session 2 Session 3 Session 4 Session 5 Session 6 Session 7 Session 8 Session 9 Session 10
CCIE Program Overview/ Roadmap Core Knowledge Multilayer Switching/Frame-Relay IP Routing Concepts/OSPF
IP Version 6
IP Routing BGP MPLS/VPN IP Multicast
Quality of Service Troubleshooting
Program Overview and Roadmap
TECCCIE-3000_c3
Cisco Public
Cisco CCIE Certification

CCIE R&S: Configure and troubleshoot complex converged networks CCIE Security: Configure complex, end-to-end secure networks, troubleshoot environments, and anticipate and respond to network attacks CCIE Service Provider: Configure and troubleshoot advanced technologies to support service provider networks CCIE Storage: Configure and troubleshoot storage area networks over a variety of interfaces CCIE Voice: Configure complex, end-to-end telephony, as well as network, troubleshoot, and resolve VoIP-related problems CCIE Wireless: Plan, design, implement, operate, and troubleshoot wireless network and mobility infrastructure
CCIE
CCNP
CCNA CCENT
www.cisco.com/go/learnnetspace
4
Certification Process
CCIEs must pass two exams
The written qualification exam uses simulations and multiple-choice questions
The lab exam is what makes this certification different; the full-day, hands-on lab exam tests the ability to configure and troubleshoot equipment
Not all lab exams are offered at all lab locations
Process: Step 1 The Written Exam

Available worldwide at Pearson VUE for $350 USD, adjusted for exchange rate and local taxes where applicable
Two-hour exam uses simulations and multiple-choice questions
Closed book; no outside reference materials allowed

Pass/fail results available immediately; passing score set by statistical analysis and subject to periodic change
Waiting period of five calendar days to retake the exam

Candidates must wait minimum of six months before retaking the same number exam Must take first lab exam attempt within 18 months of passing written, or written exam expires
6
Process: Step 2 The Lab Exam

Available in select Cisco locations for $1,400 USD, adjusted for exchange rates and local taxes where applicable, not including travel and lodging
Eight-hour exam requires working configurations and troubleshooting to demonstrate expertise Cisco documentation available via Cisco Web; no personal materials of any kind allowed in lab Minimum score of 80% to pass
Scores generally can be viewed online within 48 hours; failing score reports indicate areas where additional study may be useful
TECCCIE-3000_c3
Cisco Public

Most popular track, over 80% of CCIE candidates attempt R&S first
Expert-level knowledge of LAN and WAN interfaces, Routing Protocols, and variety of routers and switches
Expert-level in troubleshoot to solve complex connectivity problems and apply solutions to increase bandwidth, improve response times, maximize performance, improve security, and support global applications
Recent Changes to CCIE R&S

Reflect growth of network as a service platform
Aligning to job tasks of expert-level network engineers and expectations of employers New certification standards released on May 5, 2009 New areas include:
planning and evaluating network changes MPLS and VPN networking implementing performance routing and optimized edge routing filtering and route distribution EIGRPv6 IPv6 multicast
10
CCIE R&S v4.0 Certification

Written and lab exams refreshed with new questions Adding coverage of MPLS and VPN Written exam adding simulations Lab exam adding hands-on troubleshooting Exam durations and pricing remain same V4.0 exams scheduled for release October 18, 2009 and will immediately replace v3.0 exams Last day to take v3.0 exam is October 17, 2009
11
CCIE Exam Development Process

Job role and career development survey Cisco business unit/ technology groups Cisco Technical Support team Comprehensive Job Task Analysis, performed by external and internal network experts Customer Advisory Groups
Development Inputs
Validation and Feedback Cisco content

advisory team
Certification Standards Exam Design
CCIE program managers

Customer validation survey Alpha review
Beta test and statistical analysis
Clearly defined and ISO-reviewed process ensures exams are relevant and valid.
12
CCIE Routing and Switching Written Exam
TECCCIE-3000_c3
Cisco Public
13
CCIE R&S Written Exam

Covers networking theory related to:
Evaluate proposed changes to a Network General networking*
Black = v3.0 blueprint Red= v4.0 blueprint * = removed fromv4.0
Bridging and LAN switching (Implement Layer 2 Technologies) IP and IP routing (Implement IPv4) QoS (Implement Quality of Service) WAN (Implement Layer 2 Technologies) IP multicast (Implement IP Multicast) Security (Implement Network Security) IPv6 (Implement IPv6) MPLS (Implement MPLS Layer 3 VPNs) Implement Network Services Troubleshoot a Network Optimize the Network
Written lays foundation to the Lab Exam

14
CCIE Routing and Switching Lab Exam
TECCCIE-3000_c3
Cisco Public
15
R&S Lab Locations

Beijing Tokyo RTP Brussels
Permanent CCIE R&S Lab Locations

Hong Kong
San Jose
Bangalore
Sydney Upcoming Mobile Labs: Moscow, Russia Singapore, Singapore Riyadh, Saudi Arabia
Dubai Sao Paulo May 4-8, 2009 June 8-12, 2009 June 20-24, 2009
16
Introduction
Candidates build a network to a series of supplied specifications
The point values for each question are shown on the exam
Some questions depend upon completion of previous parts of the network

Report any suspected equipment issues to the proctor as soon as possible; adjustments cannot be made once the exam is over
17
R&S Lab Exam: Topics

Evaluate proposed changes to a Network
Black = v3.0 blueprint Red= v4.0 blueprint
Bridging and Switching (Implement Layer 2 Technologies) IP IGP Routing (which includes IPv6) (Implement IPv4 includes BGP) BGP Implement IPv6 Implement MPLS Layer 3 VPNs IP and Cisco IOS Features (Implement Network Services)
Implement MPLS Layer 3 VPNs

IP Multicast (Implement IP Multicast) QoS (Implement Quality of Service) Security (Implement Network Security) Troubleshoot a Network Optimize the Network
18
Introduction
Each candidate has his/her own PC and rack of equipment
Equipment rack may or may not be with candidates desk and PC
Equipment requires no HW or Cabling configuration by candidate

If the candidate feels that a HW or cabling intervention is needed the CCIE lab proctor must be involved Check the CCIE web page for the latest equipment list and IOS versions
19
Rack Access
Rack Connection Method
Ethernet
Candidate PC Exam Routers
Comm Server
The Comm Server is pre-configured

The Candidate PC has the terminal emulator pre-configured to access all routers and switches (in general SecureCRT), browsers and any other needed application
20
Passwords
All routers and switches have a startup configuration: hostnames, passwords, line setup, and IP addresses for primary interfaces are already configured; since all tests require the router to be accessible via the VTY and AUX ports, do not change these established configurations
21
Standard Restrictions
Unless Specified within the exam you are NOT allowed to use Static routes (of any kind)
Default routes
**Dynamic routes to null are permitted
22
R&S Lab Exam: Sample Topology

Network Addressing 125.10.0.0
FA0/0-10.11/24 S0/0-11.1/24 S0/0-11.2/24
Lo0-2.2/24
Frame Relay
SW2
R1
Lo0-1.1/24 Lo1-172.16.1.1 Lo2-172.16.2.2 FA0/0-22.5/24 Lo3-172.16.3.3 Lo4-172.16.4.4
R2
FA0/0-22.1/24
SW1 R3
FA0/0-33.1/24 FA0/0-50.1/24 FA0/0-50.1/24
Frame Relay
R5
Lo0-5.5/24
R6 R4
Lo0-4.4/24
23
R&S Lab Exam: Sample Question

Section: 2.5 RIP Configure RIPv2 on R1, R2, and R5 Redistribute between RIP and OSPF on R5 All routes should be visible on all routers Score: 2 Points
24
R&S Lab Exam: Sample Answer

Verification1
R4 must have all routes on its routing table
R4#show ip route <-> 172.16.0.0/24 is subnetted, 4 subnets O E2 172.16.4.0 [110/20] via 125.10.50.1, 22:34:38, Ethernet0/0 O E2 172.16.1.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0 O E2 172.16.2.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0 O E2 172.16.3.0 [110/20] via 125.10.50.1, 22:34:58, Ethernet0/0 125.0.0.0/8 is variably subnetted, 8 subnets, 2 masks C 125.10.50.0/24 is directly connected, Ethernet0/0 O E2 125.10.22.0/24 [110/20] via 125.10.50.1, 22:44:39, Ethernet0/0 C 125.10.4.0/24 is directly connected, Loopback0 O E2 125.10.2.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0 O E2 125.10.1.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0 O 125.10.5.5/32 [110/11] via 125.10.50.1, 22:44:40, Ethernet0/0 O E2 125.10.11.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0 O E2 125.10.10.0/24 [110/20] via 125.10.50.1, 22:44:44, Ethernet0/0 R4#
25
R&S Lab Exam: Grading

Proctors grade all lab exams
Automatic tools aid proctors with simple grading tasks Automatic tools are never solely responsible for lab exam grading Proctors complete grading of the exam and submit the final score within 48 hours
Partial credit is not awarded on questions

Points are awarded for working solutions only Some questions have multiple solutions
26
Q and A
TECCCIE-3000_c3
Cisco Public
27
Session 2:
Core Knowledge
TECCCIE-3000_c3
Cisco Public
28
Agenda
What is the Core Knowledge questions
How many questions? Structure through the lab exam
Sample questions
29
Core Knowledge
Consists of four and computer-delivered short-answer questions is being added to the lab exam in all global lab locations.
Candidates will be required to type out their answers, which typically require five words or less.
This section covers core concepts from the CCIE R&S exam objectives. When candidates complete the Core Knowledge section, they may move immediately to the lab configuration portion of the exam.
You must be completed before the candidate moves to the lab configuration scenarios.
30
Core Knowledge Sample Question - 1

Refer to the diagram below. On which routers can you enable summarization in OSPF?
(Answer: Any ABR router)

31

What protocol do the following statements describe?
Integral to IPv6
Every node that implements IPv6 must fully implement this protocol.
Many IPv6 functions utilize this protocol e.g. MTU path discovery, and neighbor discovery, etc.
(Answer: ICMPv6)
32

What device is used to dynamically announce the RP address to all routers in a PIM environment ?
Which open standard BGP attribute is used first in the BGP Best Path selection algorithm?
33
Session 3:
Multilayer Switching and Frame Relay
TECCCIE-3000_c3
Cisco Public
34
Agenda
LAN Switching
MLS Concepts Layer 2 Protocols Layer 2 Features Layer 3 Features Troubleshooting Tips
Frame Relay
Concepts Configuration Options Troubleshooting Tips
35
MLS Concepts
Layer 1:
Collision domain: Hub
Layer 2:
Broadcast domain: Vlan VTP domain STP domain
Layer 3 and 4: MLS

Wire-rate forwarding based on upper layer info IP (address or TOS) TCP/UDP ports
36
Layer 2 VLANs
Broadcast domains spanning multiple switches
Default Vlan 1 Normal-range: 1 to 1005 Extended-range: 1006 to 4094 Deprecated vlan-database > vlan config-mode Minimal port config once the Vlan is known:
switchport mode access switchport access vlan X
37
Layer 2 Features Verify VLAN Configuration

switch#sh vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5 Fa0/7, Fa0/8, Fa0/9, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/21 Fa0/22, Fa0/24, Gi0/1, Gi0/2 11 VLAN_BB1 active Fa0/10 12 VLAN_BB2 active 13 VLAN_BB3 active 21 VLAN_A active 22 VLAN_B active 23 VLAN_C active 55 vlan_test active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup switch# switch#s run int f0/10 ! interface FastEthernet0/10 switchport access vlan 11 switchport mode access end
38
Layer 2 Ethernet Trunk

Most LAN topologies consist of multiple VLANs How to carry multiple VLANs on a single physical link, while maintaining isolation? Trunking Protocols:
?
X
IEEE 802.1q 4 bytes tag with Vlan ID 10 Supports Native Vlan (not tagged, must match on L2 links) ISL (Cisco Proprietary) 30 bytes header (26 + 4) true encapsulation No Native concepts, ALL frames encapsulated
VLANS
39
Sample Question
Create trunking among the four switches meeting the following requirements:
Trunking will be formed unconditionally Use ISL encapsulation
Choose the encapsulation and create a trunk between R6 and Sw2. Only VLAN_BB3 and VLAN_B must be allowed in the trunk Implicit: refer to the diagrams to determine IP addresses
Score: 2 Points
40
Sample Questions
Diagrams You have multiple diagrams and have to figure out which ports to configure
Sw1 Fa0/19 Fa0/20 Fa0/21 Fa0/22
Sw2
Fa0/19 Fa0/20 Fa0/21 Fa0/22 g0/0 R1 g0/0 R2 g0/0 R3 g0/0 R4 BB1 BB2 g0/4 g0/3 g0/2 g0/1
sw1 Fa0/1
FR FR sw1 Fa0/2 sw1 Fa0/3
Fa0/1 sw2
Fa0/2 sw2 Fa0/3 sw2
sw1 Fa0/4 sw1 Fa0/10
Fa0/4 sw2 Fa0/10 sw2

41
Sample QuestionSolution
On switch-switch links, use interface-range to speed up and minimize missed/wrong config
Config)#interface range fa0/19-20 switchport trunk encapsulation isl switchport mode trunk
On switch-router, with the IOS running, only dot1Q is supported! Router subinterface:
-if)#encapsulation dot1q [vlanID] -if)#ip address [asPerDiagram]
Switch port:
-if)#switchport encapsulation dot1q -if)#switchport trunk allowed vlan 13,22 -if)#switchport mode trunk
42
Sample QuestionVerification
switch#s int f0/x trunk Port Fa0/x Mode on Encapsulation isl Status trunking Native vlan 1
Port Fa0/x
Port Fa0/x
Vlans allowed on trunk 1-4094

Vlans allowed and active in management domain 1,11-13,21-23,55
Port Fa0/x
Vlans in spanning tree forwarding state and not pruned 1,11-12,21-23,55
43
Layer 2 Protocols
CDP
Useful to discover L2 topology and detect weird forwarding issues (cdp neighbors appear where they shouldnt)
switch3#sh cdp neigh
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID bb3-sw Switch4
Local Intrfce Fas 0/10 Fas 0/24
Holdtme 130 178
Capability S I R S I
Platform
Port ID
WS-C3550-4Fas 0/8 WS-C3560-2Fas 0/24
Switch4
Fas 0/23
178
R S I
WS-C3560-2Fas 0/23
44
Sample Question
Configure the amount of time a neighbor should hold CDP information sent by Sw2 before discarding it to 2 minutes
Score: 2 Points
45
Sw2
Config)#cdp holdtime 120
Verification:
switch2#sh cdp
Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 120 seconds Sending CDPv2 advertisements is enabled
46
Layer 2 Protocols DTP (Dynamic Trunking Protocol)

Negotiate trunking encapsulation, enabled by default
Some basic error checking
47
Sample Written Question

What trunk mode combination would not produce an operational ISL trunk?
Local: auto Local: on Remote: auto Remote: auto
Local: nonegociate
Local: nonegociate Local: auto
Remote: on
Remote: nonegociate Remote: desirable
Solution: A If both sides are set to Auto, trunk will never come up
48
Sample Lab Question

Completely disable DTP traffic on all Fast Ethernet ports on all switches
Score: 2 Points
49
Sample Lab QuestionSolution

if)#switchport mode access
if)#switchport nonegociate
Verification :
show interfaces switchport Name: FaX/Y
Negotiation of Trunking: Off
50
VLAN Trunk Protocol (VTP)

Same VTP domain, version (1 or 2) and password
3 modes: serverclienttransparent Pruning
Switch-1(config-if)#vlan 10 VTP Domain is CCIE
Switch-1
VLAN 10
Switch-2
51
VTP CLI
sh vtp status most info comes out of this
sh vtp counters to see, whether pruning joins are received/transmitted
sh int pruning to see, which vlans are pruned and which vlans we request from upstream sh int trunk to see, which vlans are (not) pruned and are forwarding
debug sw-vlan vtp <events|packets|xmit|pruning>
52
Layer 2 Features VTP Verification

3550# show vtp status VTP Version Configuration Revision Maximum VLANs supported locally Number of existing VLANs VTP Operating Mode VTP Domain Name VTP Pruning Mode VTP V2 Mode : : : : : : : : 2 16 1005 9 Server cisco Enabled Disabled
3550# show vtp counters VTP statistics: Summary advertisements received Subset advertisements received Request advertisements received Summary advertisements transmitted
: : : :
734 0 0 2199
53
Layer 2 Features EtherChannels

A logical aggregation of similar links (up to 8) 10/100/1000/10GE ports
Channel always point-to-point and viewed as one logical link by other protocols
Two flavors: Ciscos PAgP and IEEE 802.3ad LACP

Each defines an active and passive side
54
EtherChannels
Can aggregate L2 Access Ports, L2 Trunks or L3 Links
Load-balancing algorithm (default is src-mac) Operates between switches, routers, and certain vendors NICs
55
Sample Question
Create EtherChannels among Sw1 and Sw2 so that it will be formed unconditionally NOT using any protocol negotiation
Score: 2 Points
56
Use interface range
Config)#int range FastEthernet0/x-y Config)#channel-group z mode on
Verification
sh etherchannel z port-channel sh etherchannel [sum|load] sh pagp|lacp [[port-chan#] neigh|count|internal]
57
Layer 2 Features EtherChannel Verification

Rack08Sw2#sh etherchannel sum ... Number of channel-groups in use: 1 Number of aggregators: Group 12 Port-channel Po12(SU) Protocol 1 Ports Fa0/23(P) Fa0/24(P)
------+-------------+-----------+--------------------------------------------
switch#sh ether 12 port Ports in the group: ------------------Port: Fa0/23 -----------Port state Port-channel Port index = Up Mstr In-Bndl Mode = On/FEC GC = Load = 0x00 Gcchange = Pseudo port-channel = Po12 Protocol = = Po12 = 0 Channel group = 12
Age of the port in the current state: 00d:00h:00m:17s
58
Layer 2 Features EtherChannel Verification [2]

switch#sh int port-channel 12 Port-channel12 is up, line protocol is up (connected) Members in this channel: Fa0/23 Fa0/24 switch#sh pagp ? <1-64> Channel group number
counters
internal neighbor
Traffic information
Internal information Neighbor information
switch#sh lacp ? <1-64> counters internal neighbor sys-id Channel group number Traffic information Internal information Neighbor information LACP System ID
59
Spanning Tree
Provide loop free topology while physical redundant links/trunks are allowed between switches
Elects a root bridge and defines roles to the ports based on least cost path to the root
One Root port per bridge and one Designated port per segment
Blocks other ports to break loops
(PDU still passes through)
60
Spanning Tree
Port States
Blocking: No user traffic allowed, only BPDUs Listening: Receives BPDUs and wait for convergence of BPDUs Learning: Learn source MAC from user traffic to build CAM Forwarding: Normal mode, forward user traffic AND BPDUs Disabled: Port is shut (/admin or not)...
61
Spanning-Tree Algorithm
A BPDU Is Superior than Another if it Has:
1. A lower Root Bridge ID 2. A lower path cost to the Root
3. A lower Sending Bridge ID

4. A lower Sending Port ID
62
Spanning Tree
Root Ports: Port with Least Cost Path to the Root Bridge
8192:000000000001
Nondesignated Ports: Ports in Blocking DP
Core
32768:000000000002
DP RP
1
A Root 1 2
RP
32768:000000000003
Distribution
B Peer 2
DP 1 RP NDP D Peer 2
C Peer 2 DP
Designated Ports: Ports Selected for Forwarding
32768:000000000004
Direction of BPDU Flow

63
Spanning TreeRSTP802.1w
switch(config)#spanning-tree mode ? mst Multiple spanning tree mode pvst Per-Vlan spanning tree mode rapid-pvst Per-Vlan rapid spanning tree mode
Mechanism of handshake to bypass listening/ forwarding state of the designated port if all bridges on a segment recognized this port as the designated Disabled+Blocking+Listening states are merged into Discarding state
64
Spanning TreeMST802.1s
Enhances STP scalability (preserves CPU power)
Flexible load-balancing Complex interoperability with other STP flavors
65
Spanning TreeMST802.1s
MST Configuration: Identical for all switches in the same region
Digest of the config is sent in the MST BPDU
spanning-tree mode mst spanning-tree mst configuration name MST < up to 32bytes
revision 1
instance 1 vlan 20, 40, 60 instance 2 vlan 30, 50, 70
66
Spanning Tree Features

Portfast
Bpduguard Bpdufilter
Uplinkfast
Backbonefast Rootguard
67
Sample Lab Question

Fa0/23 Fa0/24 Fa0/23 Fa0/24
Sw1
Sw2
The 3550 switches in your topology are pre-cabled as shown in the diagram above. VLANs have already been assigned to the switches. Configure Sw1 and Sw2 to have the following behavior:
Only ODD VLANs should be forwarded on Fa0/23 during normal operation Only EVEN VLANs should be forwarded on Fa0/24 during normal operation Interfaces should begin forwarding traffic within eight seconds of link-up Score: 3 Points DO THIS WITH EXACTLY WITH TWO COMMANDS PER SWITCH
68
Sample Lab Question: Analysis

Analyze the Initial Status
Sw#sh vlan brief ; Sw1#sh int trunk
Desg FWD Root FWD Altn BLK
Only Vlan 1 and Vlan 2 are active

Fa0/23 and Fa0/24 are trunk ports on both sides Sw#sh span vl [1 | 2] Sw1 is the root for both Vlans, as per lower sys MAC Sw2 is Forwarding both Vlans out of Fa0/23 as per lower port ID Sw2 Sw1
69
Sample Lab Question: Design

Think About It
Initial : Vlan 1 + 2 Sw1 Sw2 Possible Solution?
spanning-tree vlan 1 forward-time 4 spanning-tree vlan 2 forward-time 4 -if)#spanning-tree vlan 2 port-priority 112
Sw1 Vlan 1
Sw2
Sw1 Vlan 2
Sw2
No, Because This Doesnt Answer the Exactly 2 Commands Per Switch !
70
Sample Lab Question: Solution

So We Need Sw2 to Become Root for One Vlan!
spanning-tree vlan 1 forward-time 4 spanning-tree vlan 2 priority 61440
spanning-tree vlan 2 forward-time 4 -if)#spanning-tree vlan 2 port-priority 112
Sw1
Vlan 1
Sw2
Sw1
Vlan 2
Sw2
71
Sample Lab Question: Verification

Sw1#s span vlan 1 VLAN001 Spanning tree enabled protocol ieee Root ID Priority 32779 Address 0009.e8e2.6200 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 4 sec ...
Sw1#s span vlan 2 VLAN002 Spanning tree enabled protocol ieee Root ID Priority 32780 Address 0015.6286.7400 Cost 19 Port 24 (FastEthernet0/24) Hello Time 2 sec Max Age 20 sec Forward Delay 4 sec Bridge ID Priority 61452 (priority 61440 sys-id-ext 2) Address 0009.e8e2.6200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface ---------------Fa0/23 Fa0/24 Role Sts Cost Prio.Nbr Type ---- --- --------- -------- -------------------------------Altn BLK 19 128.23 P2p Root FWD 19 128.24 P2p
72
Layer 3 Features Switched Virtual Interface (SVI)

Software-based virtual interface
Configure SVIs for any VLANs for which you want to route traffic SVI VLAN1 is created by default
VLAN10 Fa0/1 Fa0/2 3.0.0.6 3.0.0.8 Fa0/3 5.0.0.1 Fa0/5
vlan10
3.0.0.1
SVI
5.0.0.4
73
Layer 3 Features Routed Ports

Acts like a port on a router
Not associated with a particular VLAN Put the interface into Layer 3 mode with the no switchport interface configuration command
VLAN10 Fa0/1 Fa0/2 Fa0/3 3.0.0.8 SVI 10 3.0.0.1
74
5.0.0.1 Fa0/5
Routed Port
3.0.0.6
5.0.0.4
Layer 3 Features SVI/Routed Port Configuration

VLAN10
Fa0/1 Fa0/2 Fa0/3 3.0.0.8 SVI 10 3.0.0.1 SVI ! interface Vlan10 ip address 3.0.0.1 255.0.0.0 end Routed Port ! interface FastEthernet0/5 no switchport ip address 5.0.0.1 255.0.0.0 end
75
5.0.0.1 Fa0/5 5.0.0.4
3.0.0.6
Layer 2/Layer 3 Troubleshooting Discussion
R1
E0/0 Fa0/1 Fa0/2 Fa0/0
R2
Ping from R1 to R2 Fails How Do You Troubleshoot?
76
References
Cisco LAN Switching, Kennedy Clark, Cisco Press
Interconnections, 2nd edition, Radia Perlman Cisco Catalyst 3550 configuration guide CCO
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550
Cisco Catalyst 3560 configuration guide CCO

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/index.htm
77
Q and A
TECCCIE-3000_c3
Cisco Public
78
Frame Relay
Concepts
Implementation Options Troubleshooting Tips
79
Frame Relay Concepts

LMI
Frame Relay Switch

PVC
LMI
DLCI
DLCI
DLCIData-link connection identifier LMILocal Management Interface PVCPermanent Virtual Circuit
80
Frame Relay: CCIE Lab FR Switch

The Frame Relay Switch Is Pre-Configured
R1
FR-SW
R2
Sample Configuration
! frame-relay switching ! interface Serial1/0 no ip address encapsulation frame-relay clockrate 1007616 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 102 interface Serial1/2 201 frame-relay route 103 interface Serial2/0 301 frame-relay route 104 interface Serial2/2 401
81
NBMAHub and Spoke

Typical Exam Scenario
172.16.1.2/24 R2 201 Frame Relay 301 R3 172.16.1.3/24 103 172.16.1.1/24 102 R1
82
Frame-Relay Inverse ARP

Rtr A
S0 S1
Rtr B 140 401
interface Serial0 ip address 172.16.1.1 255.255.255.0 encapsulation frame-relay
interface Serial1 ip address 172.16.1.2 255.255.255.0 encapsulation frame-relay
Dynamic L3 to L2 Address Mapping Uses Frame Relay Inverse ARP to Request the Next Hop Protocol Address for a Specific Connection (DLCI)
83
Frame-Relay Verification
Rtr A
S0 S1
Rtr B 140 401
RtrA# show frame-relay map Serial0 (up): ip 172.16.1.2 dlci 140(0x8C,0x20C0), dynamic, broadcast,, status defined, active RtrA# show frame-relay pvc DLCI = 140, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 83 output pkts 87 in bytes 8144 out bytes 8408 dropped pkts 0 in FECN pkts0 in BECN pkts 0 out FECN pkts 0 out BECN pkts0 in DE pkts 0 out DE pkts 0 out bcast pkts 41 out bcast bytes 3652 pvc create time 01:31:50, last time pvc status changed 01:28:28
84
Frame-Relay Static Mapping

Rtr A
S0 S1
Rtr B 140 401
interface Serial0 ip address 172.16.1.1 255.255.255.0 encapsulation frame-relay no frame-relay inverse-arp frame-relay map ip 172.16.1.2 140 broadcast interface Serial1 ip address 172.16.1.2 255.255.255.0 encapsulation frame-relay No frame-relay inverse-arp Frame-relay map ip 172.16.1.1 401 broadcast
85
Manually Disable Inverse ARP!
Hub and SpokeMultipoint

R1
interface Serial1 ip address 172.16.1.1 255.255.255.0 frame-relay map ip 172.16.1.2 102 broadcast frame-relay map ip 172.16.1.3 103 broadcast no frame-relay inverse-arp
172.16.1.2/24 R2 201
102 Frame Relay R1 103 172.16.1.1/24
301 R3 172.16.1.3/24
R3
interface Serial1 ip address 172.16.1.3 255.255.255.0 frame-relay map ip 172.16.1.1 301 broadcast frame-relay map ip 172.16.1.2 301 no frame-relay inverse-arp
86
Hub and SpokePoint-to-Point

172.16.1.2/24 R2
201 Frame Relay
102
103 172.16.1.1/24 R1
R3
301 172.16.1.3/24
R2
interface Serial1.201 point-to-point ip address 172.16.1.2 255.255.255.0 frame-relay interface dlci 201
R1
interface Serial1 ip address 172.16.1.1 255.255.255.0 frame-relay map ip 172.16.1.2 102 broadcast frame-relay map ip 172.16.1.3 103 broadcast no frame-relay inverse-arp
87
Frame Relay Troubleshooting

Rtr A
S0 S1
Rtr B 114 411
show interface show frame-relay map show frame-relay lmi show frame-relay pvc
88

show interface
R1#show interfaces s0/0/1
Serial0/0/1 is up, line protocol is up

Encapsulation FRAME-RELAY, loopback not set Keepalive set (10 sec)
LMI enq sent 147, LMI stat recvd 147, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent LMI DLCI 0 DCD=up DSR=up DTR=up RTS=up CTS=up
89
0, LMI upd sent
LMI type is ANSI Annex D
frame relay DTE
FR SVC disabled, LAPF state down

show frame-relay lmi
R1#show frame-relay lmi LMI Statistics for interface Serial0/0/1 (Frame Relay DTE) LMI TYPE = ANSI Invalid Unnumbered info 0 Invalid dummy Call Ref 0 Invalid Status Message 0 Invalid Information ID 0 Invalid Prot Disc 0 Invalid Msg Type 0 Invalid Lock Shift 0 Invalid Report IE Len 0
Invalid Report Request 0

Num Status Enq. Sent 183 Num Update Status Rcvd 0 Last Full Status Req 00:00:24
Invalid Keep IE Len 0

Num Status msgs Rcvd 183 Num Status Timeouts 0 Last Full Status Rcvd 00:00:24
90

show frame-relay pvc
R1#show frame-relay pvc PVC Statistics for interface Serial0/0/1 (Frame Relay DTE) Active Inactive Deleted Static Local 1 0 0 0 Switched 0 0 0 0 Unused 0 0 0 0 DLCI = 114, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/1
input pkts 20 output pkts 11 in bytes 1310 out bytes 1004 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 2 out bcast bytes 68 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:32:30, last time pvc status changed 00:32:20
91
Frame Relay Default Behavior

Multipoint
LMI type is cisco Inverse ARP is enabled
Split Horizon is disabled
92
References
Frame Relay Configuration Guide CCO
http://www.cisco.com/en/US/tech/tk713/tk237/technologies_ tech_note09186a008014f8a7.shtml
93
Q and A
TECCCIE-3000_c3
Cisco Public
94
Session 4:
IP Routing Concepts
TECCCIE-3000_c3
Cisco Public
95
IP Routing Concepts
Policy-based Routing
Administrative Distance Passive Interfaces
96
Policy-Based Routing
Configured on the receiving (ingress) interface
Packets are routed based on a configured policy specified in a route map The route map statements can be marked as permit or deny
If a matching statement is marked as a deny, packets are sent back through the normal forwarding channels
Packets that not match any route map statements are sent back through the normal forwarding channels
If it is desired to drop packets that do not match the specified criteria, interface Null 0 should be specified as the last interface in the list
97
Policy-Based RoutingConfiguration
Configuration Steps
Define a sequenced Policy (route-map) route-map policyName [permit|deny] [seq#] Identify which traffic to policy-route match Specify the policy for that traffic set Apply the policy to an interface -if)#ip policy route-map policyName
98
PBR Sample Lab Question

Configure only R5 so that any received IP traffic that is sourced from 135.12.1.0 is forwarded to R2.
150.2.2.0/24
135.12.1.0/24
140.10.1.1/24 R3 R1 136.15.1.5/24
Verification
R3#trace ip 140.10.1.1 Type escape sequence to abort. Tracing the route to YY.YY.10.7 1 136.15.1.5 0 msec 0 msec 0 msec
R4
R2
R5
It goes to R5 than
2 140.10.1.1 20 msec 16 msec 16 msec it goes to R2 (not to R1)
99
Administrative Distance
Connected Static eBGP EIGRP IGRP OSPF IS-IS RIP Ext EIGRP iBGP Unknown 0 1 20 90 100 110 115 120 175 200 255
Not Believed
A router with more than one IP routing protocol enabled will use the administrative distance to select a route if the route is learned from more than one protocol; a lower admin distance is preferred
100
Passive Interfaces
To disable sending routing updates out an interface, use the passive-interface command
Used in router configuration mode Configuration Examples:
passive-interface gi0/0/0 no updates sent out interface gi0/0/0 passive-interface default no updates sent out any interfaces use no passiveinterface on specified interfaces to send updates
** Note: A passive interface does not send routing protocol information. It does receive and process updates on the interface.
101
EIGRP
TECCCIE-3000_c3
Cisco Public
102
DisclaimerReminder
With the time allocated, we can only review the cornerstones of the most important IGPs
EIGRP and OSPF
103
EIGRP
Introduction and Review
Neighbor Relationships Summarization
Load Balancing
104
Advantages of EIGRP
Uses multicast instead of broadcast
Utilize composite metric (bandwidth, delay, load, reliability) Unequal cost paths load balancing More flexible than OSPF
Full support of distribute list Manual summarization can be done in any interface at any router within network
105
EIGRP
Neighbor Relationships Load Balancing
Summarization
106
EIGRP Packets
Hello: Establish neighbor relationships
Update: Send routing updates Query: Ask neighbors about routing information Reply: Response to query about routing information Ack: Acknowledgement of a reliable packet
107
EIGRP Neighbor Relationship

Two routers become neighbors when they see each others hello packet (see later for details)
Hello address = 224.0.0.10
Hellos sent once every five seconds on the following links:

Broadcast Media: Ethernet, Token Ring, FDDI, etc. Point-to-point serial links: PPP, HDLC, point-to-point frame relay/ATM sub-interfaces Multipoint circuits with bandwidth greater than T1: ISDN PRI, SMDS, Frame Relay
108

Hellos sent once every 60 seconds on the following links:
Multi-point circuits with bandwidth less than T1: ISDN BRI, Frame Relay, SMDS, etc.
Neighbor declared dead when no EIGRP packets are received within hold interval
Not only Hello can reset the hold timer
Hold time by default is three times the hello time

Config-if)#ip hold-time eigrp as-number seconds
109

EIGRP will form neighbors even though hello time and hold time dont match
EIGRP sources hello packets from primary address of the interface EIGRP will not form neighbor if K-values are mismatched EIGRP will not form neighbor if AS numbers are mismatched
110
Neighbor ProcessReview
Used for establishing and maintaining neighbors
Multicast hellos (by default)
224.0.0.10 (0100.5e00.000a)
A
Neighbor timers
Default Hello Interval5 or 60 sec. Default Hold time15 or 180 sec.
Hello
111
Checking Neighbor Status

RTRA#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 2 10.1.1.1 Et0 12 6d16h 20 200 0 233 1 10.1.4.3 Et1 13 2w2d 87 522 0 452 0 10.1.4.2 Et1 10 2w2d 85 510 0 3
HoldHow long to wait for an EIGRP packet before declaring this neighbor dead UptimeHow long since last time this neighbor was discovered
112
Checking Neighbor Status
RouterA(config) # router eigrp 100 RouterA(config-router) # eigrp log-neighbor-changes

RouterA(config) # logging console
EIGRP log-neighbor-changes is on by default since 12.1(3)

Dont turn it off in the lab Best to send to logs to console in the lab
113
Log-Neighbor-Changes Messages
Neighbor 10.1.1.1 (Ethernet0) is down: peer restarted Neighbor 10.1.1.1 (Ethernet0) is up: new adjacency Neighbor 10.1.1.1 (Ethernet0) is down: holding time expired Neighbor 10.1.1.1 (Ethernet0) is down: retry limit exceeded Neighbor 10.1.1.1 (Ethernet0) is down: route filter changed
Common neighbor change messages

(Hint: Peer restarted means you have to check the peer; its the one that restarted)
114
What Causes Neighbor Instability?

Holding time expired
Retry limit exceeded Manual changes
Physical link instability

Stuck-in-active routes
115
Holding Time Expired

Holding time expires when an EIGRP packet is not seen for the duration of the hold time
Usually caused by missing multicast hello packets Typically caused by congestion, physical errors or even routing issue
Hello
B
Neighbor 10.1.1.1 (Ethernet0) Is Down: Holding Time Expired
116
Troubleshooting Holding Time Expiration

Ping 224.0.0.10
Ping the multicast Address (224.0.0.10) from the Other Router

Note: If There Are Many Interfaces/Neighbors on Router B, You Should Use Extended Ping and Specify the Source Address/Interface of the Multicast Ping
Neighbor 10.1.1.1 (Ethernet0) Is Down: Holding Time Expired

117
Troubleshooting Holding Time Expiration

RouterA# debug eigrp packet hello EIGRP Packets debugging is on (HELLO) 19:08:38.521: EIGRP: Sending HELLO on Serial1/1 19:08:38.521: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 19:08:38.869: EIGRP: Received HELLO on Serial1/1 nbr 10.1.6.2 19:08:38.869: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 19:08:39.081: EIGRP: Sending HELLO on FastEthernet0/0 19:08:39.081: AS 100, Fags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
RememberAny Debug Can Be Hazardous on a Live Network; Its Ok in CCIE Lab Though
118
Retry Limit Exceeded

EIGRP sends unreliable and reliable packets
Hellos and Acks are unreliable Updates, Queries, and Replies are reliable
Reliable packets are sequenced and require an Acknowledgement

Reliable packets are retransmitted up to 16 times if not acknowledged
119
Retry Limit Exceeded (Cont.)

Reliable packets are re-sent after Retransmit Time Out (RTO)
Typically 6 x Smooth Round Trip Time (SRTT)
Minimum RTO is 200 ms
Maximum RTO is 5000 ms (5 seconds)
16 retransmits takes between 50 seconds and 80 seconds
120
Retry Limit Exceeded (Cont.)

If a reliable packet is not acknowledged before 16 retransmissions and the Hold Timer duration has passed, re-initialize the neighbor
A
Ack
Update
X
B
Neighbor 10.1.1.1 (Ethernet0) Is Down: Retry Limit Exceeded
121
Manual Changes
Some manual configuration changes also reset EIGRP neighbors:
Summary changes (manual and auto) Route filter changes
This is normal behavior

Metric change does not reset neighbors
122
Physical Link State Changes

Interface drivers tell EIGRP when a link goes down or comes up
EIGRP removes neighbors from the neighbor table when the interface used to reach them goes down
EIGRP (re)-initializes neighbors when a link comes up (and Hellos received)
Normal, but not nice
123
EIGRP
Load Balancing
124
EIGRP Summarization
Purpose: Smaller routing tables, smaller updates
Auto summarization:
On major network boundaries, networks are summarized to the major networks Auto summarization is turned on by default
150.150.X.X
150.150.X.X
151.151.X.X
125
Manual Summarization
Configurable on per interface basis in any router within the network
When summarization is configured on an interface, the router immediate creates a route pointing to null zero with administrative distance of five Loop prevention mechanism When the last specific route of the summary goes away, the summary is deleted The minimum metric of the specific routes is used as the metric of the summary route
126
EIGRP Summarization
Manual Summarization Command:
ip summary-address eigrp <as number> <address> <mask>
AS 100 150.2.0.0/16 150.2.0.0/15 S0 150.3.0.0/16
interface s0 ip address 150.1.1.1 255.255.0.0 ip summary-address eigrp 100 150.2.0.0 255.254.0.0
127
Deploying Summarization
Summarization is simply a way to hide topological detail while maintaining reachability But sometimes you have to be creative to summarize
10.1.0.0/22
10.1.1.0/24
10.1.3.0/24
128
For instance, can you still summarize here?
Note that A has a component which is part of 10.1.0.0/22 behind it
10.1.2.0/24 A
10.1.0.0/22
10.1.1.0/24
10.1.3.0/24
129
Sure
Routers always route to the longest prefix Destinations within 10.1.2.0/24 will be routed towards A, while destinations within 10.1.1.0/24 and 10.1.3.0/24 will be routed towards C
10.1.2.0/24 A 10.1.2.0/24 B 10.1.0.0/22
10.1.0.0/22
10.1.1.0/24
10.1.3.0/24
130
EIGRP
Load Balancing
131
EIGRP Load Balancing

Routes with equal metric to the minimum metric, will be installed in the routing table (equal cost load balancing)
There can be up to six entries in the routing table for the same destination (default = 4)
ip maximum-paths <1-6>
132
EIGRP Unequal Cost Load Balancing

EIGRP offers unequal cost load balancing feature with the command:
Variance <multiplier>
Variance command will allow the router to include routes with a metric smaller than multiplier times the minimum metric route for that destination, where multiplier is the number specified by the variance command
133
Variance Example
B E 20 10 Variance 2 20 C D 10 10 25 A Net 172.16.10.0.24
Router E will choose router C to get to net 172.16.10.0/24 FD=20 With variance of 2, router E will also choose router B to get to net 172.16.10.0/24 Router D will not be used to get to net 172.16.10.0/24
134
EIGRP Sample Lab Question

Configure EIGRP 100 on VLAN_30.
Make mutual redistribution between OSPF and EIGRP on R2 only. At this point, you must be able to ping between EIGRP 100 subnets and the OSPF subnets, and the Backbone 3 router IP address 100.3.1.254.
Backbone 3
EIGRP 100
R1
VLAN_30
R2
R5
OSPF Area 0
Frame Relay
Verification R5#ping 100.3.1.254 <..> !!!!! R5#ping YY.YY.14.4 <> !!!!!
R5#sh ip route D EX D EX D EX D EX D EX YY.YY.12.0/30 YY.YY.14.0/24 YY.YY.20.0/24 YY.YY.40.0/24 YY.YY.50.0/24

R1
135
Q and A
TECCCIE-3000_c3
Cisco Public
136
OSPF
TECCCIE-3000_c3
Cisco Public
137
OSPF
Review
Dealing with NBMA Commands
Preparing for OSPF
138
OSPF
Review
Preparing for OSPF
139
OSPF Areas
OSPF uses a two-level hierarchical model
Backbone area All other areas
Area 3
Areas defined with 32 bit number

Defined in IP address format
Area 0 Area 2 Area 1
Can also be defined using single decimal value (i.e., Area 0.0.0.0, or Area 0)
0.0.0.0 reserved for the backbone area Area boundaries are at the routers
Each link is in one and only one area
140
OSPF LSAs
Router and network LSAs within an area
Summary LSA Type 3 outside the area
Area 3
Summary LSA Type 4 and Type 5 for redistributed routes
141
OSPF LSAs
142
OSPF Virtual Links

Can Be Useful for Several Purposes Allow areas to connect Area 3 to areas other than 0 Repair a discontinuous area 0
X X
Backup purpose
143
OSPF Router Types

Area Border RouterABR A router with at least one interface in area 0 and 1 or more interfaces in one or more non-backbone areas OSPF routes can only be summarized on an ABR
Area 51
Area 0
ABR
144
OSPF Router Types

Autonomous System Boundry RouterASBR A router with at least one interface in an OSPF area that is redistributing routes from another protocol into OSPF; external routes can be summarized on an ASBR
Area 51
Area 0
ASBR BGP RIP IGRP EIGRP Static Connected
ABR
145
OSPF Area Types

Stub Area
Redistributed Routes (OSPF External Routes or Type 5) are not advertised into a Stub Area; OSPF Inter-Area Routes are advertised into a Stub Area; the ABR will advertise a default into the Stub Area RTR-A(config-router)# area 1 stub RTR-B(config-router)# area 1 stub configure on all routers in the area
Default Route OSPF Inter-Area Routes (10.1.1.4) OSPF External Routes (192.168.3.3)
Area 1 Stub
S0/1 A S0 B 10.1.1.2/30
Area 0
10.1.1.5/30 10.1.1.6/30 S1 S0
Redistribute Connected 192.168.3.3/32 C
10.1.1.1/30
ABR
ASBR
146
OSPF Area Types

Totally Stubby Area
Redistributed Routes (OSPF External Routes or Type 5) and OSPF Inter-Area Routes are Not Advertised Into a Totally Stubby Area; the ABR will Advertise a Default into the Stub Area RTR-A(config-router)# area 1 stub RTR-B(config-router)# area 1 no-summary configure no-summary on the ABR
Default Route OSPF Inter-Area Routes (10.1.1.4) OSPF External Routes (192.168.3.3)
X X
Area 1 Totally Stubby

S0/1 A S0 B 10.1.1.2/30
Area 0
10.1.1.5/30 10.1.1.6/30 S1 S0
Redistribute Connected 192.168.3.3/32 C
10.1.1.1/30
ABR
ASBR
147
OSPF Area Types

Not So Stubby AreaNSSA
Redistributed Routes (OSPF External Routes) are advertised as Type 7 at the ASBR; the ABR converts them to Type 5; the ABR will not advertise a default into the NSSA Area RTR-B(config-router)# area 1 nssa RTR-C(config-router)# area 1 nssa configure on all routers in the area
OSPF Inter-Area Routes (10.1.1.0) Type 3 OSPF External Routes Type 5
X
10.1.1.5/30 Redistribute RIP S1
Area 0
S0/1
S0
10.1.1.6/30
S0
RIP V2 D
172.26.32.1/24 172.26.33.1/24
10.1.1.1/30 10.1.1.2/30
S1
ABR
OSPF Type 5 Routes
Area 1 NSSA
C ASB R
S0 10.1.1.10/30 10.1.1.9/30
OSPF Type 7 Routes to OSPF Type 5 Routes
RIP Routes to OSPF Type 7 Routes

148
OSPF Area Types

Totally Stubby NSSA
Redistributed Routes (OSPF External Routes) are advertised as Type 7 at the ASBR; the ABR converts them back to Type 5; OSPF Inter-Area Routes are not advertised into the Totally Stub Not So Stubby Area; the ABR Will Advertise a Default Route into the Totally Stubby NSSA
RTR-B(config-router)# area 1 nssa no summary RTR-C(config-router)# area 1 nssa configure no-summary on the ABR
OSPF Inter-Area Default Route OSPF Inter-Area Routes (10.1.1.0) Type 3 OSPF External Routes Type 5
X X
10.1.1.5/30 Redistribute RIP S1
Area 0
S0/1
S0
10.1.1.6/30
RIP V2 D
172.26.32.1/24 172.26.33.1/24
10.1.1.1/30 10.1.1.2/30
S1
ABR
OSPF Type 5 Routes
Area 1 S0 Totally Stubby NSSA
C ASB R
S0 10.1.1.10/30 10.1.1.9/30
OSPF Type 7 Routes to OSPF Type 5 Routes
RIP Routes to OSPF Type 7 Routes

149
Designated Routers
Designated RouterDR On a multi-access network, the DR is responsible for distributing LSAs to other attached OSPF routers; DR is selected by highest priority (default = 1), highest loopback address, or highest IP address assigned to a physical interface
DR
Always configure a loopback interface before configuring OSPFstable OSPF Router ID

150
Designated Routers
Backup Designated RouterBDR The BDR will assume the DR role if the DR fails Listens and learns all information that the DR learns a hot standby
DR
BDR
151
Designated Routers
DROTHERNot the DR or BDR All other routers on the multi-access network segment
DR
BDR
DROTHER
DROTHER
152
Designated Routers
Adjacency On a multi-access network, all OSPF routers will become adjacent with the DR and BDR
DR
BDR
DROTHER
DROTHER
Full 2-Way
153
Broadcast and Non-Broadcast Multi-Access

Adjacency FullRouter and network LSAs exchanged, databases are fully synchronized; normal state 2-WayBi-directional communications have been established; normal state between DROTHER routers
DR
BDR
DROTHER
DROTHER
Full 2-Way
154
Designated Routers
Adjacency A router stuck in any other state has a problem
router# show ip ospf neighbor Neighbor ID Pri State Dead Time Address 172.16.5.1 router#
DR
Interface
INIT/- 00:00:34
172.16.1.1 Serial0
BDR
DROTHER
Full 2-Way
155
External Costs
External Routes
Type 1 Cost = 15
Type 2 Cost = 5
OSPF Domain
RIP Domain
OSPF Cost = 10
RIP Cost = 5
156
OSPF
Review
Preparing for OSPF
158
Point-to-Point Media
Serial links
Multicast used No DR or BDR
159
Non-Broadcast Multi-Access Media (NBMA)

Frame Relay (Multipoint), X.25 Several possibilities: Point-to-point, broadcast, point-to-multipoint, or nonbroadcast
Frame Relay
160
Dealing with NBMA

Point-to-Point Model Benefits: Individual costs can be configured; can be simple, treated like standard point-to-point links Drawbacks: Complex to configure if the NBMA network is big or redundant; wastes address space
161
Dealing with NBMA

Broadcast Model Benefits: Simple to configure; treated like a multi-access network Drawbacks: Must maintain an L2 full-mesh at all times; one metric for all VCs
162
Dealing with NBMA

Non-Broadcast (NBMA) Model Benefits: Only one IP subnet used Drawbacks: Complex to configure and scale; need to manually configure each neighbor
163
Dealing with NBMA

Point-to-multipoint model:
Benefits: Simple to configure; no neighbor configuration (unless you want individual costs); no requirement for a full mesh at L2 Drawbacks: Compared to other choicesnone
This is the recommended method of dealing with NBMA networks
164
OSPF
Review
Preparing for OSPF
165
OSPF CommandsRouter
router-id The router-id command is used to explicitly specify the router ID OSPF will use If the OSPF process already has neighbors, this command will not take effect until the next reload or manual restart of the OSPF process
clear ip ospf Order of determining the RID Manually configured RID Highest loopback interface IP address (if available) Highest active interface IP address
166
OSPF CommandsRouter
network The network command is used to determine which interfaces will be enabled for OSPF
network 10.2.1.1 network 10.2.2.1 network 10.2.3.1 0.0.0.0 area 0 0.0.0.0 area 1 0.0.0.0 area 2
10.2.1.1/24
10.2.3.1/24
10.2.2.1/24
167
OSPF CommandsRouter
network
network 10.2.1.0 0.0.0.255 area 0
network 10.2.2.0 0.0.0.255 area 1

network 10.2.3.0 0.0.0.255 area 2
10.2.1.1/24
10.2.3.1/24
10.2.2.1/24
168
OSPF CommandsRouter
network
network 10.2.0.0 0.0.255.255 area 0 or in this example Network 0.0.0.0 255.255.255.255 area 0 is the equivalent Do you know why?
10.2.1.1/24
10.2.3.1/24
10.2.2.1/24
169
OSPF CommandsRouter
redistribute metric-type By default, redistributed routes have external metric type 2; Type 2 routes have a cost which consists of the external cost only; Type 1 routes include the cost of traversing the OSPF domain ASBR(config-router)#redistribute rip metric-type? 1 Set OSPF External Type 1 metrics 2 Set OSPF External Type 2 metrics ASBR(config-router)#redistribute rip metric-type 1
170
OSPF CommandsRouter
summary-address Addresses can be summarized into OSPF on an ASBR
ASBR(config-router)# summary-address 10.1.0.0 255.255.252.0
OSPF Domain 10.1.0.0/22
ASBR
RIP Domain 10.1.0.0/24 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
171
OSPF CommandsRouter
area range Addresses can be summarized on an ABR into area 0 or from area 0
ABR(config-router)# area 1 range 10.2.0.0 255.255.252.0 ABR(config-router)# area 0 range 10.1.0.0 255.255.252.0
Area 1 10.2.0.0/24 10.2.1.0/24 10.2.2.0/24 10.2.3.0/24
10.1.0.0/22 Area 0 10.1.0.0/24 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 10.2.0.0/22
ABR
OSPF Does Not Allow Summarizing Anywhere Else (Only ASBR and ABR)
172
OSPF CommandsRouter
area stub All routers in the area must be configured as stub Add no-summary at the ABR and the area becomes totally stubby
RTR(config-router)# area 1 stub ABR(config-router)# area 1 stub [no summary]
ABR
Area 1
Area 0
173
OSPF CommandsRouter
area nssa All routers in the area must be configured as NSSA Add no-summary at the ABR and the area becomes totally stubby NSSA
RTR(config-router)# area 1 nssa ABR(config-router)# area 1 nssa [no summary]
ABR
ASBR
Area 0
Area 1
RIP Domain
174
OSPF CommandsRouter
area virtual-link
Virtual Link
Area 0
Area 1 Transit Area
Area 51
Rtr A RID=10.10.254.254
Rtr B RID = 10.11.254.254
Rtr A router ospf 1 area 1 virtual-link 10.11.254.254
Rtr B router ospf 1 area 1 virtual-link 10.10.254.254
175
OSPF CommandsRouter
neighbor Designate neighbors on non-broadcast networks Must be the primary address of the neighbors interface
RTR(config-router)# neighbor ip-address
[additional optional keywords]
Frame Relay or X.25
176
CommandsInterface
Non-Broadcast Multi-Access (NBMA) Network
Frame Relay or X.25
Pvcs Can Be on Same Subnet or on Different Subnets Practice and Understand the Effect of OSPF Network Types RTR(config-if)# ip ospf network point-to-multipoint (Hello = 30, Dead = 120) RTR(config-if)# ip ospf network point-to-point (Hello = 10, Dead = 40) RTR(config-if)# ip ospf network broadcast (Hello = 10, Dead = 40)
177
OSPF CommandsInterface
auto-cost OSPF interfaces have a cost equal to ref-bw / bandwidth (defined by the bandwidth statement) ref-bw = 100,000,000 by default
FastEthernet = 100,000,000 / 100,000,000 = 1 Ethernet = 100,000,000 / 10,000,000 = 10 T1 = 100,000,000 / 1,544,000 = 64
The auto-cost command is used to change the reference value, which changes the cost of every OSPF interface on the router
Rtr(config-router)#auto-cost reference-bandwidth ref-bw ref-bw <1-4294967> in Mbits per second
178
OSPF CommandsInterface
ip ospf keyword(s) ip ospf cost interface-cost
Specify the cost of sending a packet on the interface
ip ospf hello-interval seconds

Specify the interval between hello packets sent on the interface
ip ospf dead-interval seconds

Specify the interval during which at least one hello packet is received before declaring the neighbor down
The default dead-interval is the hello-interval * 4
ip ospf priority
Set the router priority for DR / BDR selection (highest wins)
179
OSPF CommandsSecurity
AuthenticationClear Text Authentication requires router and/or interface commands; the router command is used to enable authentication for an area and the interface command is used to enable authentication on an interface and set the authentication password
Area 0
Rtr A
S0
S0
Rtr B
Rtr A interface serial 0 ip ospf authentication ip ospf authentication-key cisco ! router ospf 1 area 0 authentication
Rtr B interface serial 0 ip ospf authentication ip ospf authentication-key cisco ! router ospf 1 area 0 authentication
180
AuthenticationMessage Digest
Area 0
Rtr A
S0
S0
Rtr B
Rtr B interface serial 0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco ! router ospf 1 area 0 authentication message-digest
181
Rtr A interface serial 0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco ! router ospf 1 area 0 authentication message-digest
AuthenticationClear TextVirtual Link
Virtual Link
Area 0
Area 1 Transit Area
Area 51
Rtr A RID=130.10.254.254
Rtr B RID = 130.11.254.254
Rtr A router ospf 1 area 1 virtual-link 130.11.254.254 authentication-key cisco area 0 authentication Rtr B router ospf 1 area 1 virtual-link 130.10.254.254 authentication-key cisco area 0 authentication
182
AuthenticationCan Be Applied per Interface or Virtual Link
Interface
ip ospf authentication ip ospf authentication-key password

ip ospf authentication message-digest ip ospf message-digest key-id md5 password ip ospf authentication null Virtual Link area area-id virtual-link router-id authentication authentication-key password area area-id virtual link router-id authentication messagedigest area area-id virtual link router-id message-digest-key key-id md5 password area area-id virtual-link router-id authentication null
183
OSPF CommandsMonitoring
Show IP OSPF Neighbor
DR
BDR DROTHER DROTHER
Show ip ospf Neighbor
Neighbor ID
10.1.1.254 10.1.3.254 10.1.4.254 10.1.5.254
Pri
1 1 1 1
State
2WAY/DROTHER FULL/BDR FULL/DR FULL/---
Dead Time Address

00:00:35 00:00:39 00:00:37 00:00:36 10.1.2.1 10.1.2.2 10.1.2.3 10.1.6.1
Interface
Ethernet0 Ethernet0 Ethernet0 Serial0
184
OSPF CommandsMonitoring
show ip ospf interface
DR
BDR DROTHER DROTHER
RTR# show ip ospf interface s0/0 Internet Address 10.255.255.201/30, Area 0 Process ID 1, Router ID 10.255.254.3, Network Type NON_BROADCAST, Cost: 400 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 10.255.254.4, Interface address 10.255.255.202 Backup Designated router (ID) 10.255.254.3, Interface address 10.255.255.201 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 Hello due in 00:00:14 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 3 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 10.255.254.4 (Designated Router) Suppress hello for 0 neighbor(s)
185
OSPF
Review
Preparing for OSPF
186
Preparation Suggestions
Practice every OSPF command
Both Rtr(config-router)# & Rtr(config-if)# commands
Practice OSPF over Frame Relay

Point-to-point, point-to-multipoint, broadcast, non-broadcast
DR & BDR, Wildcard masks Virtual link
Authentication
Redistribution and route feedback filtering
VERIFY YOUR CONFIGURATION WITH SH CMD!

187
OSPF Sample Lab Question

Area 0 covers the serial link between R1 and R4. Area 1 covers the serial link between R1 and R2. Area 2 covers VLAN_C.
R2
OSPF Area 2 VLAN_C OSPF Area 1
Frame Relay
OSPF Backbone
Frame Relay
R1
R4
Verification
R1#show ip ospf virtual-link
Virtual Link OSPF_VL0 to router 2.2.2.2 is up <> R1#show ip route ospf ##.0.0.0/8 is variably subnetted, 19 subnets, 4 masks O IA O IA 1.1.20.0/24 ... Serial0/0/0 1.1.40.0/24 ... Serial0/0/1
188
References
Cisco OSPF Command and Configuration Handbook, William R. Parkhurst, Cisco Press
OSPF Network Design Solutions, Thomas M. Thomas, Cisco Press
Cisco Documentation
189
Q and A
TECCCIE-3000_c3
Cisco Public
190
Route Distribution
TECCCIE-3000_c3
Cisco Public
191
Metrics
Be aware of metric requirements going from one protocol to another
RIP metric is a value from 116 OSPF metric is from 165535
EIGRP uses a composite metric based on

bandwidth, delay, reliability, load, & MTU
Two ways to specify a metric

In the redistribution statement config-router)# redistribute rip subnets metric 10 or specify a default metric config-router)# redistribute rip subnets
config-router)# default-metric 10
192
Assigning Metrics
You can include a default metric command as a precaution unless specifically told not to
router ospf 1 network 10.1.0.0 0.0.255.255 area 0.0.0.0 redistribute rip subnets redistribute eigrp 100 metric 10 Default-metric 120 router eigrp 100 network 172.16.0.0 0.0.255.255 redistribute ospf 1 Default-metric 10000 100 255 1 1500 router rip network 192.168.1.0 redistribute eigrp 100 Default-metric 1
Note: when routes are redistributed into OSPF, only routes that are not subnetted are redistributed if the subnets keyword is not specified
193
Assigning Metrics
Redistribute OSPF and EIGRP into RIP; Assign Assign all routes a Metric (hop count) of 2
router rip redistribute ospf 1 redistribute eigrp 3 default-metric 2
OSPF 1 RIP
Redistribute OSPFand EIGRP into RIP; Assign OSPF routes a metric (hop count) of 1 and EIGRP routes a metric of 2
router rip redistribute ospf 1 metric 1 redistribute eigrp 3 default-metric 2
EIGRP 100
194
Route Maps
Route Redistribution
Redistribute OSPF and EIGRP into RIP; Assign OSPF routes 172.16.0.0/16 a metric (hop count) of 1, all other OSPF routes a metric of 3; all EIGRP routes a metric of 2
router rip redistribute ospf 1 route-map ospfmetric redistribute eigrp 100 default-metric 2 route-map ospfmetric permit 10 match ip address 1 set metric 1 route-map ospfmetric permit 20 set metric 3 access-list 1 permit 172.16.0.0 0.0.255.255
OSPF 1 RIP
EIGRP 100
195
Route Maps
Route Redistribution
Redistribute OSPF and EIGRP into RIP; block redistribution of OSPF routes 172.16.0.0/16, all other OSPF routes are redistributed with a metric of 3, EIGRP routes with a metric of 2
router rip redistribute ospf 1 route-map ospfmetric redistribute eigrp 100 default-metric 2 route-map ospfmetric deny 10 match ip address 1 route-map ospfmetric permit 20 set metric 3 access-list 1 permit 172.16.0.0 0.0.255.255
OSPF 1 RIP
EIGRP 100
196
R&S Lab Exam: Sample Topology

Network Addressing 125.10.0.0
FA0/0-10.11/24 S0/0-11.1/24 S0/0-11.2/24
Lo0-2.2/24
Frame Relay
SW2
R1
Lo0-1.1/24 Lo1-172.16.1.1 Lo2-172.16.2.2 FA0/0-22.5/24 Lo3-172.16.3.3 Lo4-172.16.4.4
R2
FA0/0-22.1/24
SW1 R3
FA0/0-33.1/24 FA0/0-50.1/24 FA0/0-50.1/24
Frame Relay
R5
Lo0-5.5/24
R6 R4
Lo0-4.4/24
197
R&S Lab Exam: Sample Question

Section: 2.5 RIP Configure RIPv2 on R1, R2, and R5 Redistribute between RIP and OSPF on R5 All routes should be visible on all routers Score: 2 Points
198
R&S Lab Exam: Sample Answer

Verification1
R4 must have all routes on its routing table
R4#show ip route <-> 172.16.0.0/24 is subnetted, 4 subnets O E2 172.16.4.0 [110/20] via 125.10.50.1, 22:34:38, Ethernet0/0 O E2 172.16.1.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0 O E2 172.16.2.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0 O E2 172.16.3.0 [110/20] via 125.10.50.1, 22:34:58, Ethernet0/0 125.0.0.0/8 is variably subnetted, 8 subnets, 2 masks C 125.10.50.0/24 is directly connected, Ethernet0/0 O E2 125.10.22.0/24 [110/20] via 125.10.50.1, 22:44:39, Ethernet0/0 C 125.10.4.0/24 is directly connected, Loopback0 O E2 125.10.2.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0 O E2 125.10.1.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0 O 125.10.5.5/32 [110/11] via 125.10.50.1, 22:44:40, Ethernet0/0 O E2 125.10.11.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0 O E2 125.10.10.0/24 [110/20] via 125.10.50.1, 22:44:44, Ethernet0/0 R4#
199
Session 5:
IP Version 6
TECCCIE-3000_c3
Cisco Public
200
IPv6 Addressing, Header and Basic
TECCCIE-3000_c3
Cisco Public
201
IPv6 Addressing
IPv4 32-bits IPv6 128-bits
232 = 4,294,967,296 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456
2128 = 332 * 296
202
IPv6 Addressing
Representation 16-bit hexadecimal numbers Numbers are separated by (:) Hex numbers are not case-sensitive
Example:
2003:0000:130F:0000:0000:087C:876B:140B
203
IPv6 Address Representation

16-bit fields in case-insensitive colon hexadecimal representation
2031:0000:130F:0000:0000:09C0:876A:130B
Leading zeros in a field are optional

2031:0:130F:0:0:9C0:876A:130B
Successive fields of 0 represented as (::), but only once in an address

2031:0:130F::9C0:876A:130B
2031::130F::9C0:876A:130B not valid!
204
IPv6 Addressing
Prefix Representation Representation of prefix is just like CIDR In this representation you attach the prefix length IPv4 address: 198.10.0.0/16
IPv6 address: 3ef8:ca62:12FE::/48
205
IPv6 Address Range Reserved or Assigned

Of the Full Address Space 2000::/3 (001) is for aggregatable global unicast addresses FE80::/10 (1111 1110 10) for link-local FEC0::/10 (1111 1110 11 ) for site-local FF00::/8 (1111 1111) is for multicast ::/8 is reserved for the unspecified address
Other values are currently unassigned (approx. 7/8 of total)
Site-Local Address Deprecated in RFC 3879

206
Unicast
Unicast addresses are used in a one-to-one context
IPv6 unicast addresses are
Unspecified, loopback, IPv4 mapped, and IPv4 compatible Link-local Site-local (deprecated) Unique-local (IETF draft) Aggregatable global unicast
207

IPv4 mapped
0:0:0:0:0::FFFF:IPv4 = ::FFFF:IPv4 0:0:0:0:0:FFFF:192.168.30.1 = ::FFFF:C0A8:1E01
IPv4 compatible
0:0:0:0:0:0:IPv4 = ::IPv4 0:0:0:0:0:0:192.168.30.1 = ::192.168.30.1 = ::C0A8:1E01
208
IPv4 Mapped Addresses

80 bits 0 FFFF 32 bits IPv4 Address
0:0:0:0:0:FFFF:192.168.30.1 = ::FFFF:192.168.30.1 = ::FFFF:C0A8:1E01
IPv6 application asks DNS for the address of a host

Host is IPv4 only
DNS creates IPv4 mapped address Kernal uses IPv4 communication
209
IPv4-Compatible Addresses
96 bits 0 0:0:0:0:0:0:192.168.30.1 = ::192.168.30.1 = ::C0A8:1E01 32 bits IPv4 Address
IPv4 compatible address

Is a way to insert the IPv4 address into an IPv6 address
Enables easy automatic tunneling
210

Loopback address representation
0:0:0:0:0:0:0:1=> ::1 Same as 127.0.0.1 in IPv4 Identifies self
Unspecified address representation

0:0:0:0:0:0:0:0=> :: Used as a placeholder when no address available (Initial DHCP request, Duplicate Address Detection DAD)
211
IPv6 Addressing
IPv6 addressing rules are covered by multiple RFCs
Architecture defined by RFC 3513
Address types are

Unicast: One to one (global, link local, compatible) Anycast: One to nearest (allocated from unicast) Multicast: One to many Reserved
A single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, multicast)
No broadcast address use multicast
212
Aggregatable Global Unicast Addresses

Provider 3 45 bits
Global Routing Prefix
LAN Prefix 16 bits

Subnet
Host 64 bits
Interface ID
001
Aggregatable global unicast addresses are

Addresses for generic use of IPv6 Structured as a hierarchy to keep the aggregation
See RFC 3513

213
Link-Local
128 bits 0
1111 1110 10 FE80::/10
Interface ID 64 bits
10 bits
Link-local addresses
Have a limited scope of the link Are automatically configured with the interface ID
214
Link-Local
Aggregatable Address
2001::4: 204:9AFF:FEAC:7D80
Link-Local Address
FE80:0:0:0
204:9AFF:FEAC:7D80
215

Lowest-order 64-bit field of unicast addresses may be assigned in several different ways
Auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g. Ethernet address)
Auto-generated pseudo-random number (to address privacy concerns)

Assigned via DHCP Manually configured
216

Use the EUI-64 format for stateless auto-configuration
This format expands the 48-bit MAC address to 64 bits by inserting FFFE into the middle 16 bits
To make sure that the chosen address is from a unique Ethernet MAC address, the universal/local (u bit) is set to 1 for global scope and 0 for local scope
217
EUI-64
Ethernet MAC Address (48 bits) 00 00 90 90 27 FF 64-bit Version Uniqueness of the MAC EUI-64 Address 00 90 27 FF FE FE 17 FC 0F 27 17 FC 17 0F FC 0F
000000X0
1 = Unique Where X= 0 = Not Unique FE 17 FC 0F
X=1
02 90 27 FF
EUI-64 address is formed by inserting FFFE and ORing a bit identifying the uniqueness of the MAC address
218
Anycast
Anycast allows a source node to transmit IP datagrams to a single destination node out of a group of destination nodes with same subnet ID based on the routing metrics
219
Anycast Address
128 bits Prefix 111111X111111 111
Anycast ID
0 If EUI-64 Format X=
1 If Non-EUI-64 Format
7 bits
Anycast
Is one-to-nearest type of address Has a current limited use
220
Multicast
128 bits 0
1111 1111
Multicast Group ID 0 If Permanent Flag =
Flag
Scope
1 If Temporary 1 = Node 2 = Link
8 bits
8 bits
Scope =
5 = Site (Deprecated) 8 = Organization
E = Global
Multicast is used in the context of one-to-many; a multicast scope is new in IPv6

221
Multicast Mapping over Ethernet

IPv6 Multicast Address FF02 0000 0000 0000 0000 0001 FF17 FC0F
Corresponding Ethernet Address Multicast Prefix for Ethernet Multicast
33
33
FF
17
FC
0F
Mapping of IPv6 multicast address to Ethernet address is

33:33:<last 32 bits of the IPv6 multicast address>
222
Expanded Address Space

Multicast Assigned Addresses (RFC 3306)
Address
FF01::1
Scope
Node-Local
Meaning
All Nodes
FF02::1
FF01::2 FF02::2 FF05::2 FF02::1:FFXX:XXXX
Link-Local
Node-Local Link-Local Site-Local (Deprecated) Link-Local
All Nodes
All Routers All Routers All Routers Solicited-Node
223
IPv4 and IPv6 Header Comparison

IPv4 Header
Version
IPv6 Header
Version
HL
Type of Service
Total Length Flags Fragment Offset
Traffic Class
Flow Label
Identification Time to Live Protocol
Payload Length
Header Checksum
Next Header
Hop Limit
Source Address Destination Address Options Padding Source Address
Fields Name Kept from IPv4 to IPv6 Fields Not Kept in IPv6 Name and Position Changed in IPv6 New Field in IPv6
224
Destination Address
IPv4 and IPv6 Header Comparison

Version: A 4-bit field that contains the number 6 instead of 4 IPv6 Header
Version Traffic Class Flow Label
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
225
IPv4 and IPv6 Header Comparison Fields Renamed

Traffic Class: An 8-bit field that is similar to the TOS field in IPv4
It tags the Packet with a traffic class that can be used in differentiated services These functionalities are the same as in IPv4
IPv6 Header
Version
Traffic Class
Flow Label
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
226

Payload Length: This is similar to the total length in IPv4, except it does not include the 40-byte header IPv6 Header
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
227

Hop Limit: Like TTL field, decrements by one for each router IPv6 Header
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
228

Next Header: Similar to the protocol field in IPv4
Version
IPv6 Header
Traffic Class Flow Label
The value in this field tells you what type of information follows
e.g. TCP, UDP, extension header
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
229
IPv4 and IPv6 Header Comparison Fields Removed

Header Length: IPv6 has a fixed header length (40 bytes) IPv4 Header
Version
HL
Type of Service
Total Length
Identification
Flags
Fragment Offset
Time to Live
Protocol
Header Checksum
Source Address Destination Address Options Padding
230

Fragmentation: IPv6 does not do fragmentation
If a sending host wants to do fragmentation, it will do it through extension headers
Version
IPv4 Header
HL
Type of Service Total Length
Identification
Flags
Fragment Offset
Time to Live
Protocol
Header Checksum
231

Identification: Used to identify the datagram from the source
No fragmentation is done in IPv6 so no need for identification, also no need for flags
IPv4 Header
Version
HL
Type of Service
Total Length
Identification
Time to Live Protocol
Flags
Fragment Offset
Header Checksum
232

Checksum not needed because both media access and upper layer protocol (UDP and TCP) have the checksum; IP is best-effort, plus removing checksum helps expedite Packet processing IPv4 Header
Version
HL
Type of Service
Total Length
Identification
Flags
Fragment Offset
Time to Live
Protocol
Header Checksum
233
IPv4 and IPv6 Header Comparison Fields Added

20-bit flow label field to identify specific flows needing special QoS
Each source chooses its own flow label values; routers use source addr + flow label to identify distinct flows Flow label value of 0 used when no special QoS requested (the common case today)
IPv6 Header
Version Traffic Class
Flow Label
Next Header
Payload Length
Hop Limit
Source Address
Destination Address
RFC 3697
234
Extension Headers
IPv6 Header Next Header = TCP TCP Header + Data
IPv6 Header Next Header = Routing
Routing Header Next Header = TCP
TCP Header + Data
IPv6 Header Next Header = Routing
Routing Header Next Header = Destination
Destination Header Next Header = TCP
Fragment of TCP Header + Data
Extension Headers Are Daisy Chained
235
Header Format Simplification

IPv6 Extension Headers
IPv6 Basic Header (40 Octets) Any Number of Extension Headers Data (Ex. TCP or UDP)
Next Header
IPv6 Packet
Ext Hdr Length

Ext Hdr Data
Next Header = TCP/UDP or extension header
Extension headers are optional following the IPv6 basic header

Each extension header is 8 octets (64 bits) aligned
236
Upper Layer Header

User Datagram Protocol (Protocol 17)
IPv6 Basic Header (40 Octets) Any Number of Extension Headers Data (UDP) UDP Packet
Source Port
Length UDP Data Portion Destination Port UDP Checksum
IPv6 Packet
Upper layer (UDP, TCP, ICMPv6) checksum must be computed These are the typical headers used inside a Packet to transport data This could be UDP (Protocol 17), TCP (Protocol 6), or ICMPv6 (Protocol 58)
237
Upper Layer Header

ICMPv6 (Protocol 58)
IPv6 Basic Header ICMPv6 Packet ICMv6 Packet

ICMPv6 Type
ICMPv6 Code
ICMPv6 Data
Checksum
ICMPv6 is similar to IPv4: provides diagnostic and error messages
Additionally, its used for neighbor discovery, path MTU discovery, and Mcast listener discovery (MLD)
238

Path MTU Discovery
Definitions
Link MTU is links maximum transmission unit Path MTU is the minimum MTU of all the links in a path between a source and a destination
Minimum link MTU for IPv6 is 1280 octets (68 octets for IPv4)
On links with MTU < 1280, link-specific fragmentation and reassembly must be used
Implementations are expected to perform path MTU discovery to send Packets bigger than 1280 octets
For each destination, start by assuming MTU of first-hop link If a Packet reaches a link in which it cannot fit, will invoke ICMP Packet too big message to source, reporting the links MTU; MTU is cached by source for specific destination
239

Path MTU Discovery
Source MTU = 1500 MTU = 1500 MTU = 1400 MTU = 1300 Destination
Packet with MTU=1500 ICMP Error: Packet Too Big Use MTU = 1400 Packet with MTU=1400 ICMP Error: Packet Too Big Use MTU = 1300 Packet with MTU=1300 Packet Received Path MTU = 1300
Minimum Link MTU for IPv6 is 1280 Octets (Versus 68 Octets for IPv4)
240

Neighbor Discovery (RFC 2463)
Protocol Built on Top of ICMPv6 (RFC 2463) Combination of IPv4 Protocols (ARP, ICMP, IGMP, etc.) Uses ICMP messages and solicited-node multicast addresses Determines the link-layer address of a neighbor on the same link
Finds neighbor routers Verifies the reachability of neighbors Comprised of different message types:
Neighbor Solicitation (NS)/Neighbor Advertisement (NA) Router Solicitation (RS)/Router Advertisement (RA) Redirect Renumbering
241
Solicited-Node Multicast Address

For each unicast and anycast address configured, there is a corresponding solicited-node multicast
This address has link-local significance only This is specially used for two purposes: for the replacement of ARP, and DAD
242

FF02:0000:0000:0000:0000:0001:FF00:0000/104
FF02::1:FF00:0000/104 Gets the lower 24 bits from the unicast address
243

Aggregatable Address Prefix
Solicited-Node Multicast Address FF02 0 128 bits 1 FF Lower 24
Interface ID
24 bits
A solicited-node address is:

A multicast address with a link-local scope Formed by a prefix and the right-most 24 bits of the aggregatable address
244

Aggregatable Address 2001:DB8:0:4:204:98FF:FEAC:7D80 2001:DB8:0:4: 204:9AFF:FE
AC:7D80 24 bits Solicited-Node Multicast Address FF02::1:FFAC:7D80 FF02 0 1 FF AC7D80
245
Neighbor Solicitation and Advertisement

A
Neighbor Solicitation: ICMP type = 135 Src = A Dst = Solicited-node multicast address of B Data = Link-layer address of A Query = What is your link-layer address? Neighbor Advertisement: ICMP type = 136 Src = B Dst = A Data = Link-layer address of B A and B Can Now Exchange Packets on This Link
246
IPv6 Auto-Configuration
Stateless (RFC2462)
Router solicitations are sent by booting nodes to request RAs for configuring the interfaces Host autonomously configures its own link-local address
RA Indicates Subnet Prefix Advertised Subnet Prefix Received + MAC SUBNET PREFIX + Address MAC ADDRESS
Stateful
DHCPv6
Subnet Prefix Received + MAC Address
At Boot Time, an IPv6 Host Builds a Link-Local Address, Then Its Global IPv6 Address(es) from RA
RA: Router Advertisement
247
IPv6 Auto-Configuration
Renumbering Host renumbering is done by modifying the RA to announce the old prefix with a short lifetime and the new prefix Router renumbering protocol (RFC 2894), to allow domain-interior routers to learn of prefix introduction/withdrawal
248
Stateless Auto-Configuration
1. RS
1. ICMP Type = 133 (RS)
2. RA
2. ICMP Type = 134 (RA)
Src = Link-local address (FE80::/10) Src = Link-local address (FE80::/10) Dst = All-routers multicast address (FF02::2) Query = please send RA Dst = All-nodes multicast address (FF02::1) Data = options, subnet prefix, lifetime, autoconfig flag
Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces
249
Duplicate Address Detection (DAD)

A RS RA
1. Host A boots up and assigns itself

LINK LOCAL ADDRESS (FF80::/10)
2. Host A sends RS (ICMP Type 133)

3. Host A receives RA (ICMP Type 134) with subnet prefix (2001:DB8:410:1/64)
250

A NS
Host A wants to assign itself a unique global unicast address 2001:DB8:0410:1::34:123A Before it does that, it sends out a DAD request to all nodes on the link
251

A NS
4. Host A sends NS (ICMP Type 135) with

Source address (::)
Destination address FF02::1:FF34:123A (solicited-node Mcast address for 2001:DB8:0410:1::34:123A )
5. If Host A does not receive a reply back, it will assign itself 2001:DB8:0410:1::34:123A
252
Redirect
A
B R2
R1
Src = A Dst IP = 2001:DB8:C18:2::1 Dst Ethernet = R2 (default router)
2001:DB8:C18:2::/64
Redirect: Src = R2 Dst = A Data = good router = R1
Redirect is used by a router to signal the reroute of a Packet to a better router
253
Renumbering
RA
RA Packet definitions: ICMP Type = 138 Src = Router link-local address Dst = All-nodes multicast address Data= 2 prefixes: Current prefix (to be deprecated) with short lifetime New prefix (to be used) with normal lifetime
Renumberingmodify the RA to announce the old prefix with a short lifetime and the new prefix
254
Enabling IPv6
To enable IPv6 on a Cisco router, you must
Enable IPv6 traffic forwarding ipv6 unicast-routing Enable IPv6 on the interface(s) by configuring an IPv6 address on the interface ipv6 address <ipv6addr>[/<prefix-length>] ipv6 enable (can be used, but only for link-local addresses)
255
Cisco IOS Address Configuration

ipv6 address
Enables IPv6 on the interface Configures the interface link-local and global IPv6 addresses Syntax: ipv6 address <ipv6addr>[/<prefix-length>] [link-local] ipv6 address <ipv6prefix>/<prefix-length> eui-64 ipv6 unnumbered <interface>
ipv6 enable
256
IPv6 Address Configuration

Link Local
Ethernet0/0
r1#show interface ethernet 0/0 Ethernet0/0 is up, line protocol is up Hardware is AmdP2, address is 0004.9aac.7d80 (bia 0004.9aac.7d80)
ipv6 unicast-routing interface Ethernet0/0 ipv6 enable
MAC address: 0004:9AAC:7D80
router#show ipv6 interface Ethernet 0/0 Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 No global unicast address is configured Joined group address(es): FF02::1 (All Nodes Link Local) FF02::2 (All Routers Link Local) FF02::1:FFAC:7D80 (Solicited-Node Multicast) MTU is 1500 bytes
257

Ethernet EUI-64
LAN: 2001:DB8:0:4::/64 Ethernet0/0
ipv6 unicast-routing interface Ethernet0/0 ipv6 address 2001:DB8:0:4::/64 eui-64
router# show ipv6 interface Ethernet0/0 Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 Global unicast address(es): 2001:DB8:0:4:204:9AFF:FEAC:7D80, subnet is 2001:DB8:0:4::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FFAC:7D80 MTU is 1500 bytes
Link-Local Automatically Configured

258

Ethernet (No EUI-64)
LAN: 2001:DB8:0:4::/64 Ethernet0/0
ipv6 unicast-routing interface Ethernet0/0 ipv6 address 2001:DB8:0:4:1:2:3:4/64
router# show ipv6 interface Ethernet0/0 Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 Global unicast address(es): 2001:DB8:0:4:1:2:3:4, subnet is 2001:DB8:0:4::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF03:4 FF02::1:FFAC:7D80 MTU is 1500 bytes
259

Frame Relay
R1
S0/0
R2 2001:DB8:0:1:1:2:3:0/126
S0/0
R1 ipv6 unicast-routing
interface Serial0/0 encapsulation frame-relay ipv6 address 2001:DB8:0:1:1:2:3:1/126 frame-relay map ipv6 FE80::204:C1FF:FE09:1DA1 102 broadcast frame-relay map ipv6 2001:DB8:0:1:1:2:3:2 102 broadcast no frame-relay inverse-arp
R2 ipv6 unicast-routing interface Serial0/0 encapsulation frame-relay ipv6 address 2001::1:1:2:3:2/126 frame-relay map ipv6 FE80::204:9AFF:FEAC:7D80 201 broadcast frame-relay map ipv6 2001:DB8:0:1:1:2:3:1 201 broadcast no frame-relay inverse-arp
260

Frame Relay
R1
E0/0 S0/0
R2 2001:DB8:0:1:1:2:3:0/126
S0/0
E0/0 MAC address: 0004:C109:1DA1

R1 r1#show ipv6 interface serial 0/0 Serial0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:C1FF:FE09:1DA1 Global unicast address(es): 2001:DB8:0:1:1:2:3:1, subnet is 2001:DB8:0:1:1:2:3:0/126 Joined group address(es): FF02::1 FF02::2 FF02::9 FF02::1:FF03:2 FF02::1:FF09:1DA1 MTU is 1500 bytes
261

Verification
R1
E0/0 S0/0
R2 2001:DB8:0:1:1:2:3:0/126
S0/0
r1#ping fe80::204:9aff:feac:7d80 Output Interface: serial0/0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FE80::204:9AFF:FEAC:7D80, timeout is 2 seconds : Packet sent with a source address of FE80::204:C1FF:FE09:1DA1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms r1#ping 2001:DB8:0:1:1:2:3:2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:0:1:1:2:3:2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
262
Cisco IOS Neighbor Discovery Parameters
Router Advertisements
Default router Autoconfiguring IPv6 Hosts IPv6 network prefix Lifetime of advertisement
263
Cisco IOS Neighbor Discovery Command Syntax

ipv6 nd prefix-advertisement <routing-refix>/<length> <valid-lifetime> <preferred-lifetime> [onlink] [autoconfig]
Valid-Lifetimethe amount of time (in seconds) that the specified IPv6 prefix is advertised as being valid
Preferred-Lifetimethe amount of time (in seconds) that the specified IPv6 prefix is advertised as being preferred
Onlinkindicates that the specified prefix is assigned to the link; nodes sending traffic to such addresses that contain the specified prefix consider the destination to be locally reachable on the link Autoconfigindicates to hosts on the local link that the specified prefix can be used for IPv6 auto-configuration
264
Configuring Neighbor Discovery

IPv6 Internet
Router1 RA Ethernet0
interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200 onlink autoconfig
LAN1: 2001:DB8:c18:1::/64
interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200 onlink autoconfig ipv6 nd ra-lifetime 0 interface Ethernet1 ipv6 nd prefix-advertisement 2001:DB8:c18:2::/64 43200 43200 onlink autoconfig
Ethernet0
RA
Router2
Ethernet1
LAN2: 2001:DB8:c18:2::/64
265
Cisco IOS Prefix Renumbering Scenario

Router Configuration Before Renumbering
interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200 onlink autoconfig
Network Prefix: 2001:DB8:c18:1::/64
Router Advertisements
Host Configuration Auto-Configuring IPv6 Hosts

preferred address 2001:DB8:c18:1:260:8ff:fede:8fbe
Network Prefix: 2001:DB8:c18:1::/64

266
Cisco IOS Prefix Renumbering Scenario

Router Configuration After Renumbering
interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 0 onlink autoconfig ipv6 nd prefix-advertisement 2001:DB8:c18:2::/64 43200 43200 onlink autoconfig
NEW Network Prefix: 2001:DB8:c18:2::/64 Deprecated Prefix: 2001:DB8:c18:1::/64 Router Advertisements
Host Configuration Auto-Configuring IPv6 Hosts

deprecated address 2001:DB8:c18:1:260:8ff:fede:8fbe preferred address 2001:DB8:c18:2:260:8ff:fede:8fbe
267
DHCPv6
Client first detects the presence of routers on the link
If found, then examines router advertisements to determine if DHCP can be used
If no router found or if DHCP can be used, then:

DHCP solicit message is sent to the All-DHCP-agents multicast address Using the link-local address as the source address
268
OSPFv3 (RFC 2780)
TECCCIE-3000_c3
Cisco Public
269
Similarities with OSPFv2

OSPFv3 is OSPF for IPv6 (RFC 2740)
Based on OSPFv2, with enhancements Distributes IPv6 prefixes
Runs directly over IPv6

OSPFv3 and v2 can be run concurrently, because each address family has a separate SPF (ships in the night)
270
Similarities with OSPFv2

OSPFv3 uses the same basic Packet types as OSPFv2, such as hello, database description blocks (DDB), link state request (LSR), link state update (LSU), and link state advertisements (LSA) Neighbor discovery and adjacency formation mechanism are identical
RFC-compliant NBMA and point-to-multipoint topology modes are supported; also supports other modes from Cisco, such as point-to-point and broadcast, including the interface LSA flooding and aging mechanisms are identical
271
Differences from OSPFv2

OSPF Packet type
OSPFv3 will have the same five Packet types, but some fields have been changed All OSPFv3 Packets have a 16-byte header verses the 24-byte header in OSPFv2
Version Type Packet Length Router ID Area ID Checksum Autype Authentication Authentication Version Type Packet Length Router ID Area ID Checksum Instance ID 0 Packet Type 1 2 3 4 5 Description Hello Database Description Link State Request Link State Update Link State Acknowledgement
272

OSPFv3 Protocol Processing Per-Link, Not Per-Subnet IPv6 connects interfaces to links Multiple IP subnets can be assigned to a single link Two nodes can talk directly over a single even if they do not share a common subnet The terms network and subnet are being replaced with link An OSPF interface now connects to a link instead of a subnet
273

Multiple OSPFv3 Protocol Instances Can Now Run Over a Single Link This allows for separate ASes, each running OSPF, to use a common link; single link could belong to multiple areas
Instance ID is a new field that is used to have multiple OSPFv3 protocol instances per link
In order to have two instances talk to each other, they need to have the same instance ID; by default it is 0, and for any additional instance it is increased
274

Multicast addresses
FF02::5represents all SPF routers on the link-local scope, equivalent to 224.0.0.5 in OSPFv2 FF02::6represents all DR routers on the link-local scope, equivalent to 224.0.0.6 in OSPFv2
Removal of address semantics

IPv6 addresses are no longer present in OSPF Packet header (part of payload information) Router LSA, Network LSA do not carry IPv6 addresses Router ID, Area ID, and Link State ID remain at 32 bits DR and BDR are now identified by their Router ID and no longer by their IP address
Security
OSPFv3 uses IPv6 AH and ESP extension headers instead of variety of mechanisms defined in OSPFv2
275
OSPFv3 Configuration Example
IPv6 Prefix 2001:DB8:101::/48

Loopback 0 Subnet 3
Area 51 A Subnet 1 S0/0 S0/0 B
Loopback 0 Subnet 2
Area 1
OSPF Area 0
276

Router A ipv6 unicast-routing interface Loopback0 no ip address ipv6 address 2001:DB8:101:3::/64 eui-64 ipv6 ospf 1 area 51 interface Serial0/0 no ip address encapsulation frame-relay ipv6 address 2001:DB8:101:1::/64 eui-64 ipv6 ospf network point-to-point ipv6 ospf 1 area 0 frame-relay map ipv6 FE80::204:9AFF:FE5C:8B41 602 broadcast frame-relay map ipv6 2001:DB8:101:1:204:9AFF:FE5C:8B41 602 broadcast ipv6 router ospf 1 router-id 10.1.1.1
277

Router B ipv6 unicast-routing interface Loopback0 no ip address ipv6 address 2001:DB8:101:2::/64 eui-64 ipv6 ospf 1 area 1 interface Serial0/0 no ip address encapsulation frame-relay ipv6 address 2001:DB8:101:1::/64 eui-64 ipv6 ospf network point-to-point ipv6 ospf 1 area 0 frame-relay map ipv6 FE80::204:C1FF:FE09:1DA1 206 broadcast frame-relay map ipv6 2001:DB8:101:1:204:C1FF:FE09:1DA1 206 broadcast ipv6 router ospf 1 router-id 10.1.1.2
278
OSPFv3 Verification
rA#show ipv6 route ospf IPv6 Routing Table - 7 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 OI 2001:DB8:101:2:204:9AFF:FE5C:8B41/128 [110/64] via FE80::204:9AFF:FE5C:8B41, Serial0/0
ra#show ipv6 ospf neighbor Neighbor ID Pri State 10.1.1.2 1 FULL/ Dead Time Interface ID Interface 00:00:33 3 Serial0/0
279
OSPFv3 Router Commands

A(config)#ipv6 router ospf 1 A(config-rtr)#? area OSPF area parameters auto-cost Calculate OSPF interface cost according to bandwidth compatible OSPF compatibility list default Set a command to its defaults default-information Distribution of default information default-metric Set metric of redistributed routes discard-route Enable or disable discard-route installation distance Administrative distance distribute-list Filter networks in routing updates
280
exit ignore log-adjacency-changes maximum-paths no passive-interface redistribute router-id summary-prefix timers
Exit from IPv6 routing protocol configuration mode Do not complain about specific event Log changes in adjacency state Forward packets over multiple paths Negate a command or set its defaults Suppress routing updates on an interface Redistribute IPv6 prefixes from another routing protocol router-id for this OSPF process Configure IPv6 summary prefix Adjust routing timers
281
A(config-rtr)#area 1 ? default-cost Set the summary default-cost of a NSSA/stub area nssa Specify a NSSA area range Summarize routes matching address/mask (border routers only) stub Specify a stub area virtual-link Define a virtual link and its parameters
282
OSPFv3 Interface Commands

r2(config)#int s0/0 r2(config-if)#ipv6 ospf ? <1-65535> cost database-filter dead-interval demand-circuit flood-reduction hello-interval mtu-ignore neighbor network priority retransmit-interval transmit-delay
Process ID Interface cost Filter OSPF LSA during synchronization and flooding Interval after which a neighbor is declared dead OSPF demand circuit OSPF Flood Reduction Time between HELLO packets Ignores the MTU in DBD packets OSPF neighbor Network type Router priority Time between retransmitting lost link state advertisements Link state transmit delay
283
Q and A
TECCCIE-3000_c3
Cisco Public
284
Session 6:
IP Routing BGP
TECCCIE-3000_c3
Cisco Public
285
Topics
Introduction
BGP Path Section BGP Attributes
Debugging
286
Introduction
What Is BGP?
How Does BGP Work EBGP and IBGP
What Is a Peer (Neighbor)
287
Configuring BGP
Rtr A 10.1.1.1/24 10.1.1.2/24
Rtr B
AS 1 Rtr A
router bgp 1
AS 2 Rtr B
router bgp 2
288
Configuring Peers
Rtr(config-router)#?
*address-family ***aggregate-address Enter address family command mode Configure BGP aggregate entries
*auto-summary
*bgp default *default-information *default-metric
Enable automatic network number summarization

BGP specific commands Set a command to its defaults Control distribution of default information Set metric of redistributed routes
*distance
+++distribute-list exit
Define an administrative distance

Filter networks in routing updates Exit from routing protocol configuration mode
Importance: ***High **Medium *Low +++: Do Not Use with BGP Use neighbor x.x.x.x distribute-list {in|out}
289
Configuring Peers (Cont.)

Rtr(config-router)#?
help *maximum-paths Description of the interactive help system Forward packets over multiple paths
***neighbor
**network no ***redistribute *synchronization
Specify a neighbor router

Specify a network to announce via BGP Negate a command or set its defaults Redistribute information from another routing protocol Perform IGP synchronization
*table-map
*timers
Map external entry attributes into routing table

Adjust routing timers
Importance: ***High **Medium *Low
290
Configuring BGP Peers (Cont.)

Neighbor
Rtr A 10.1.1.1/24 10.1.1.2/24
Rtr B
AS 1 Rtr A
router bgp 1 neighbor 10.1.1.2 remote-as 2
AS 2 Rtr B
291
BGP Issue: Synchronization

A BGP Router will Not Advertise a Route to an eBGP Neighbor Unless the Route Is Already in the IP Routing Table
Rtr B
Rtr A
iBGP
Rtr C
eBGP
eBGP
Rtr B does not know about 172.16.0.0; therefore Rtr C should not advertise 172.16.0.0 to Rtr D
172.16.0.0
Rtr D
Redistribute 172.16.0.0 into IGP (not recommended); or use a full iBGP mesh and disable 12.2(8)TDefault changed to no synchronization synchronization (default)
292
BGP Path Selection
Ignore a route if the next hop is not known

Ignore external routes with local AS in path
1. Prefer the route with the largest weight 2. Prefer the route with the largest local preference 3. Prefer the route that was locally originated
via network, aggregate or redistribution from an IGP
293
BGP Path Selection (Cont.)

4. Prefer the route with the shortest AS path
If using bgp bestpath as-path ignore then skip this step; when using the as-set option for aggregated routes then the as_set counts as 1 regardless of the number of AS entries in the set; confederation sub AS numbers are not used to determine the AS-path length
5. Prefer the route with the lowest origin (IGP < EGP < Incomplete)
6. Prefer the route with the lowest MED

This comparison is only between routes advertised by the same external AS
7. Prefer eBGP paths to iBGP path

294
BGP Path Selection (Cont.)

8. For iBGP paths, prefer the path with lowest IGP metric to the BGP next hop
9. For eBGP paths, prefer the oldest (most stable) path 10. Prefer the path received from the router with the lowest router ID
295
BGP Attributes: Next Hop

The next hop IP address that is used to reach a destination For eBGP, the next hop is the IP address specified in the neighbor command For iBGP, the eBGP next hop information is carried into iBGP
AS 1 AS 2 Router C
10.1.1.1 172.16.0.0
10.1.1.2
10.1.20.1 10.1.20.2
172.16.0.0 Next Hop = 10.1.1.1 Does Router C Know How to Get to the Next Hop?
296
BGP Attributes: Weight

A Cisco defined attribute which is used for path selection; the weight is assigned locally and is not propagated in routing updates Value: 065535 Default is 32768 for local routes, 0 for all others Higher value is preferred
172.16.0.0/16 AS 4 AS 1 AS 3
Net 172.16.0.0 Weight = 0 Net 172.16.0.0 Weight = 80 Preferred
297
AS 2
BGP Attributes: Local Pref

Signals which path is preferred to exit the AS and is exchanged among all BGP speakers in the AS; local preference is not exchanged between ASs
Value: 04294967295
Default value: 100
Higher value is preferred
172.16.0.0/16 AS 4 AS 1 AS 3
Net 172.16.0.0 Loc Pref = 100 Net 172.16.0.0 Loc Pref = 800 Preferred
298
AS 2
BGP Attribute: AS Path

AS Path Attributethe List of AS Numbers That a Route Has Traversed to Reach a Destination
AS 2 ^2 1$ ^1$ ^1$
AS 5
^3$ ^4 1$
AS 3
AS 1 10.1.0.0/24 10.1.1.1/24
^1$ AS 4
299
BGP Attributes: Origin

IGPi
Network Layer Reachability Information (NLRI) is interior to the originating AS; network statement or redistribute IGP routes
EGPe
NLRI is learned via eBGP
Incomplete?
NLRI is unknown; redistributing static into BGP
300
BGP Attributes: Metric (MED)

Also known as the Multi-Exit-Discriminator (MED); metric is used as a suggestion to other ASs about the preferred path into the AS; exchanged between ASs
Value: 04294967295 Default value: 0 Lower value is preferred
AS 2 Net 172.16.1.0 Metric = 0 Preferred Net 172.16.1.0 Metric = 80
AS 1
172.16.1.0
301
BGP Path SelectionBGP Table

The best routes to the destination networks are selected from the BGP table
302
BGP Path Selection Summary

Prefer highest weight (local to router)
Prefer highest local preference (global within AS) Prefer routes that the router originated Prefer shorter AS paths (only length is compared) Prefer lowest origin code (IGP < EGP < Incomplete) Prefer lowest MED Prefer external (EBGP) paths over internal (IBGP) For IBGP paths, prefer path through closest IGP neighbor For EBGP paths, prefer oldest (most stable) path Prefer paths from router with the lower BGP router-ID
303
Other BGP Attributes: Atomic Aggregate

Atomic AggregateThe Route Has Been Summarized and Path Information Is Lost
Use of the as-set Command When Aggregating (Router C) Will Propagate the Path Information
RouterD# show ip bgp BGP table version is 6, local router ID is 4.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? incomplete Network Next Hop Metric LocPrf Weight Path *> 160.0.0.0/8 4.4.4.1 0 300 i
304
BGP Attributes: Community

Used to group destinations and apply routing decisions according to community; by default, not sent to any peers
Value: 04,294,967,200 or 0:065535:65535
Values of all-zeroes and all-ones in the high order 16 bits are reserved
Well known communities

no-export no-advertise Internet local-AS (Do not export to next AS) (Do not advertise to any peer) (Advertise to all routers) (Do not advertise outside local AS)
To send community values to a peer use the send-community keyword

neighbor 1.1.1.1 send-community
305
BGP Attributes: Community (Cont.)

201.3.3.196/26 144.8.1.0/24 144.9.3.128/27 12.1.0.0/16 AS 1250 197.4.3.0/27 152.1.1.0/24 152.4.5.128/26 28.5.0.0/17 AS 88 201.3.3.196/22 144.8.1.0/24 144.9.3.128/23 12.1.0.0/16 AS 51
AS 1
AS 1 Wants to Adjust the BGP Attributes of the Underlined Routes; How Can We Do That? AS-Path? Prefix and Mask?
306

201.3.3.196/26,1:4 144.8.1.0/24 144.9.3.128/27 12.1.0.0/16 AS 1250 197.4.3.0/27 152.1.1.0/24, :44 152.4.5.128/26,1:4 28.5.0.0/17 AS 88 201.3.3.196/22 144.8.1.0/24, 1:4 144.9.3.128/23 12.1.0.0/16, 1:4 AS 51
AS 1
Use the Community Attribute

307

Setting the Community Value
router bgp 51 neighbor 10.1.1.1 remote-as 1 neighbor 10.1.1.1 send-community neighbor 10.1.1.1 route-map setcomm out ! access-list 1 permit 144.8.1.0 0.0.0.255 access-list 1 permit 12.1.0.0 0.0.255.255 ! route-map setcomm permit 10 match ip address 1 set community 1:4 ! route-map setcomm permit 20
308

Viewing the Community ValueOld Format
rtrA#sh ip bgp 172.16.1.0 BGP routing table entry for 172.16.1.0/24, version 7 Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 172.10.2.2 172.10.6.6 254 10.1.1.1 from 10.1.1.1 (199.172.15.254) Origin IGP, metric 0, localpref 100, valid, external, best Community: 65546
309

Viewing the Community ValueNew Format
ip bgp-community new-format (global configuration) rtrA#sh ip bgp 172.16.1.0 BGP routing table entry for 172.16.1.0/24, version 7 Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 172.10.2.2 172.10.6.6 254 10.1.1.1 from 10.1.1.1 (199.172.15.254) Origin IGP, metric 0, localpref 100, valid, external, best Community: 1:10
310
Controlling the Flow of BGP Updates
TECCCIE-3000_c3
Cisco Public
311
Aggregate Addresses
Used to minimize the size of the routing table
Combines characteristics of several routes to allow a single route to be advertised
RTB# router bgp 200 neighbor 3.3.3.1 remote-as 300 network 160.10.0.0 RTC# router bgp 300 neighbor 3.3.3.3 remote-as 200 neighbor 2.2.2.2 remote-as 100 network 170.10.0.0 aggregate-address 160.0.0.0 255.0.0.0
312
Aggregate Addresses (Cont.)

aggregate-address address mask advertises the prefix route and all of the more specific routes
aggregate-address address mask summary-only This advertises the prefix only; all the more specific routes are suppressed* aggregate-address address-mask suppress-map map-name This command advertises the prefix route and the more specific routes but it suppresses advertisement according to a route map
313
Example: Aggregate Address
Question: Advertise the aggregate route 132.0.0.0/8 into AS 3. Ensure that the aggregate address and only 132.108.10.0/24 is allowed through to AS 3
314
Example (Cont.): Configuration

r8(config)#router bgp 4
r8(config-router)#aggregate-address 132.0.0.0 255.0.0.0 suppress-map AGGREGATE_MAP1 r8(config-router)#exit r8(config)#access-list 3 deny 132.108.10.0 0.0.0.255 r8(config)#access-list 3 permit any r8(config)#route-map AGGREGATE_MAP1 permit 10 r8(config-route-map)#match ip address 3 r8(config-route-map)#end
315
Example (Cont.): Verification

r5#sh ip ro bgp B B B 141.108.0.0/16 [200/0] via 142.108.10.6, 2d03h 131.108.0.0/16 [20/0] via 162.108.21.8, 00:06:41 161.108.0.0/16 [20/0] via 162.108.21.8, 00:06:41 132.108.0.0/16 is variably subnetted, 2 subnets, 2 masks B B B 132.108.10.0/24 [20/0] via 162.108.21.8, 00:06:41 132.108.0.0/16 [200/0] via 142.108.10.6, 2d03h 132.0.0.0/8 [20/0] via 162.108.21.8, 00:06:41
316
BGP Route Filtering

Route Filtering Filter networks in incoming or outgoing BGP updates based on IP address
Rtr A 10.1.1.1/24 10.1.1.2/24 Rtr B
AS 1 Rtr A
router bgp 1 neighbor 10.1.1.2 distribute-list 1 in
AS 2 Rtr B
router bgp 2 neighbor 10.1.1.1 distribute-list 2 out
access-list 1 permit 172.16.0.0 0.0.255.255 0.0.0.255
access-list 2 permit 192.30.8.0
Do You See A Problem Here?

317
BGP Route Filtering

Route Filtering Path filteringfilter networks in incoming or outgoing BGP updates based on AS path information
Rtr A 10.1.1.1/24 10.1.1.2/24 Rtr B
AS 1 Rtr A
router bgp 1 neighbor 1.1.1.2 filter-list 1 in ip as-path access-list 1 deny ^2$ (deny routes belonging to AS 2) ip as-path access-list 1 permit .*
AS 2 Rtr B
router bgp 2 neighbor 1.1.1.1 filter-list 2 out ... ip as-path access-list 2 permit ^$ (allow routes from this AS only)
Do You See A Problem Here?

318
Route-Map Overview
Route Maps Route-maps are very complex access-lists:
Access-lists have lines Route-maps contain statements Access-lists use addresses and masks Route-maps use match conditions With access-lists, there is an access-list number With route-maps, there is a route-map name Statements in route-maps are numbered
You can insert and delete statements in a route-map

You can edit match conditions in a statement Route-map statements can modify matched routes with set options
319
Route-Map Overview (Cont.)

Route Maps
The default statement action is permit A route not matched by any statement is dropped
Permit all is achieved by specifying permit without a match clause

Match conditions in one statement are ANDed together
The first matching statement permits or denies the route

320
Route-Map Overview (Cont.)

Route Maps
router bgp 300 network 172.16.0.0
neighbor 2.2.2.2 remoteas 100

neighbor 2.2.2.2 routemap STOPUPDATES out routemap STOPUPDATES deny 10
match ip address 1
routemap STOPUPDATES permit 20 accesslist 1 permit 170.16.0.0 0.0.255.255 Blocks Advertisement of Network 172.16.0.0 to Neighbor 2.2.2.2
321
Debugging BGP
TECCCIE-3000_c3
Cisco Public
322
Debugging
Test the IP connection between the BGP routers
Rtr A 10.1.1.1/24 10.1.1.2/24
Rtr B
AS 1
AS 2
If you can ping the remote endpoint then you can form a BGP connection
Rtr A#ping 1.1.1.2 Rtr B#ping 1.1.1.1
323
Debugging
Start with a Minimum BGP Configuration
Rtr A 10.1.1.1/24 10.1.1.2/24
Rtr B
AS 1 Rtr A#
AS 2 Rtr B#
324
Debugging
IF BGP Stat = Established Then Continue with Your BGP Configuration
Rtr A#show ip bgp neighbors
BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 1.1.1.2 BGP state = Established, table version = 1, up for 0:12:20 Last read 0:00:20, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 30 seconds Received 15 messages, 0 notifications, 0 in queue Sent 15 messages, 0 notifications, 0 in queue Connections established 1; dropped 0 Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Local host: 10.1.1.7, Local port: 11002 Foreign host: 10.1.1.1, Foreign port: 179
325
Further Possible Areas of Study

IBGPRoute Reflector
IBGPConfederations EBGPNeighbor Local-as
BGP Multipath
BGP Conditional Advertisement
326
Q and A
TECCCIE-3000_c3
Cisco Public
327
Recommended Reading
Internet Routing Architectures, Bassam Halabi, Cisco Press
Cisco BGP-4 Command and Configuration Handbook, William Parkhurst, Cisco Press
Available Onsite at the Cisco Company Store

328
Session 7:
MPLS/VPN
TECCCIE-3000_c3
Cisco Public
329
Agenda
MPLS Technology Introduction
MPLS Network Ingredients Building MPLS Services
MPLS VPNs MPPS Layer 3 VPNs
330
MPLS Technology Introduction
TECCCIE-3000_c3
Cisco Public
331
What Is MPLS Technology?

Multi Protocol Label Switching is a technology for delivery of IP services MPLS technology switches packets instead of routing, to transport data A highly scalable mechanism that is topology driven rather than flow driven Single infrastructure architecture supporting multitudes of applications MPLS has evolved long way from its original goal, now serving as a foundation for value-added services
Unicast &multicast L3 VPNs
Any Transport Over MPLS
VPLS
Traffic Engineer
IP+Optical GMPLS
MPLS Single Network Infrastructure

332
Evolving Infrastructures, Growing Requirements

Next Generation Services Networks Require a Transport that Offers End-to-End:
Service Flexibility
Point to Point Point to Multipoint Mutipoint to Multipoint
Resilience and Scale

Redundancy
SLA Guarantees
OAM
Traffic Classes
Provision Measure
Fast Convergence
High Availability
Traffic Priority Test and Verify BW Guarantees Report
333
MPLS Use Case

Requirements: L2 pt-pt, L2 fully meshed,L3 fully meshed sites through HQ site, all sites directly access Hosted content and the Internet with SLA
Shared/Managed Services
ERP Video Server Hosted Content
CustomerA
Mobile Backhaul VPN A

VM
VM
HQ A VPN A Local or Direct Dial ISP

Remote Users/ Telecommuters
FR/ATM/ Carrier Ethernet
MPLS Backbone
PE1 P1 P2 PE2
Internet
Provider Networks
PE5
P3 MPLS to IPsec/PE
PE3
P4
PE4
Branch Office VPN B
VM
VPN B
VM
Mobile Backhaul
HQ B VPN B
VPN C HQ C VPN C
334
MPLS Network Ingredients
TECCCIE-3000_c3
Cisco Public
335
MPLS Network Ingredients

Network devices
P (Provider) routers = label switching routers = core routers PE (Provider Edge) routers = edge LSR = provider edge device
Protocols
IGP: core routing protocol, OSPF, EIGRP, IS-IS Label Distribution Protocol (LDP) Multiprotocol e/iBGP Resource reservation (RSVP) protocol
MPLS label
Forwarding Equivalence Class (FEC) MPLS label MPLS label encapsulation
MPLS planes
MPLS control planes MPLS forwarding planes
336
MPLS Network Devices

PE P PE PE PE P PE P PE P
P (Provider) routers = label switching routers = core routers

Switch packets from ingress PE to egress PE
PE (Provider Edge) routers = edge LSR = provider edge device

MPLS services are enabled on PE devices. They interconnect customer sites
337
MPLS Network Protocols

PE
PE
PE
RSVP
PE P PE
IGP
LDP
PE
IGP: OSPF, EIGRP, IS-IS on core facing and core links RSVP and/or LDP on core and/or core facing links MP-e/iBGP on PE devices
338
Label Distribution Protocol

Defined in RFC 3035 and 3036, LDP-superset of Tag Distribution Protocol
Uses UDP for session discovery and TCP(646) for the rest of the messages Version (2 Octets) LDP Header:
PDU Length (2 Octets)
LDP ID (6 Octets)
Uses per-interface or per-platform label space, each needing separate LDP sessions Label distribution protocols distribute labels for prefixes advertised by unicast routing protocols (OSPF, IS-IS, EIGRP, etc.) using LDP or BGP Multiple phases to establish a session & allocate labels so that traffic can be switched:
Discovery mechanisms Session establishment Label distribution and management Label binding advertisement (unsolicited or on-demand), distribution, liberal retention
339
MPLS Label and Label Encapsulation

MPLS Label
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label # 20bits
EXP S
TTL-8bits
COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live
MPLS Label Encapsulation

PPP Header (Packet over SONET/SDH) LAN MAC Label Header
PPP Header Label Layer 2/L3 Packet
MAC Header
Label
Layer 2/L3 Packet
340
Forwarding Equivalence Class

FEC Is Used by Label Switching Routers to Determine How Packets Are Mapped to Label Switching Paths (LSP):
IP prefix/host address
Layer 2 circuits (ATM, FR, PPP, HDLC, Ethernet)

Groups of addresses/sitesVPN x A bridge/switch instanceVSI Tunnel interfacetraffic engineering
341
MPLS Control Plane and Forward Plane

Control plane used to distribute labels and build label-switched paths
RIB Routing Process
Route Updates/ Adjacency
LIB
MPLS Process
Label Bind Updates/ Adjacency
Forwarding plane consists of label imposition, swapping, and dispositionno matter what the control plane
Destination-based unicast/multicast
MFI
FIB
Labels divorce forwarding from IP address

Labels define destination and service MPLS Traffic
IP Traffic
342
MPLS Control Plane Downstream Unsolicited Mode

Step I: Core Routing Convergence
In Address Label Prefix 128.89 171.69 Out Out Iface Label 1 1 In Address Label Prefix 128.89 171.69 Out Out Iface Label 0 1 In Address Label Prefix 128.89 Out Out Iface Label 0
0 1 0
128.89
You Can Reach 128.89 and 171.69 Thru Me
You Can Reach 128.89 Thru Me

1
Routing Updates (OSPF, EIGRP, )
You Can Reach 171.69 Thru Me
171.69
343
MPLS Control Plane

Downstream Unsolicited Mode
Step II: Assigning Labels
In Address Label Prefix 128.89 171.69 Out Out Iface Label 1 1 4 5 In Address Label Prefix 4 5 128.89 171.69 Out Out Iface Label 0 1 9 7 In Address Label Prefix 9 128.89 Out Out Iface Label 0 -
0 1 0
128.89
Use Label 9 for 128.89
Use Label 4 for 128.89 and Use Label 5 for 171.69

Use Label 7 for 171.69
171.69
Downstream Node Advertise Labels for Prefixes/FEC Reachable via that Device
344
MPLS Forwarding Plane

Step III: Forwarding Labeled Packets
In Address Label Prefix 128.89 171.69 Out Out Iface Label 1 1 4 5 In Address Label Prefix 4 5 128.89 171.69 Out Out Iface Label 0 1 9 7 In Address Label Prefix 9 128.89 Out Out Iface Label 0 -
0 0
128.89
128.89.25.4 Data 1 9 128.89.25.4 Data 4 128.89.25.4 Data 1 128.89.25.4 Data
Label Switch Forwards Based on Label
171.69
345
Label Stacking
There may be more than one label in an MPLS packet
As we know labels correspond to forwarding equivalence classes
Examplethere can be one label for routing the packet to an egress point and another that separates a customer A packet from customer B Inner labels can be used to designate services/FECs, etc.
e.g. VPNs, fast reroute
Outer label used to route/switch the MPLS packets in the network Last label in the stack is marked with EOS bit
Outer Label TE Label LDP Label VPN Label Inner Label IP Header
Allows building services such as

MPLS VPNs Traffic engineering and fast reroute VPNs over traffic engineered core Any transport over MPLS
346
MPLS Core Architecture Summary

1a. Existing Routing Protocols (e.g. OSPF, IS-IS) Establish Reachability to Destination Networks
1b. LDP Establishes Label to Destination Network Mappings 4. Edge LSR at Egress Removes Label and Delivers Packet
2. Ingress Edge LSR Receives Packet, Performs Layer 3 Value-Added Services, and Labels Packets
! ip cef mpls label protocol ldp ! Interface ether0/0 mpls ip !
3. LSR Switches Packets Using Label Swapping

347
MPLS VPNs
TECCCIE-3000_c3
Cisco Public
348
What Is a Virtual Private Network?

VPN is a set of sites or groups which are allowed to communicate with each other
VPN is defined by a set of administrative policies
Policies established by VPN customers Policies could be implemented completely by VPN service providers
Flexible intersite connectivity

Ranging from complete to partial mesh
Sites may be either within the same or in different organizations

VPN can be either intranet or extranet
Site may be in more than one VPN

VPNs may overlap
Not all sites have to be connected to the same service provider

VPN can span multiple providers
349
L2 vs. L3 VPNs
Point-to-Point Layer 2 VPNs Customer endpoints (CPE) connected via Frame Relay DLCI, ATM VC or point-to-point connection No routing with the provider network. VPN CEs peer with each other, much better propagation delay Good for point to point L2 connectivity, provider will need to manually fully mesh end points if any-to-any connectivity is required Multipoint Layer 2 VPNs Customer endpoints (CPE) connected via Ethernet (VLAN or ethernet) Fully meshed, hub-spoke service possible w/o routing Layer 3 VPN Any access medium is supported Customer end points peer with providers routers @ L3 and exchange VPN site-routing information Reduced provisioning, Scales
350
MPLS L3 VPNs
TECCCIE-3000_c3
Cisco Public
351
IP L3 vs. MPLS L3 VPNs

VPN B VPN C VPN B VPN A VPN C
Multicast
Hosting Intranet
VPN A VPN A VPN B Overlay VPN ACLs, ATM/FR, IP tunnels, IPSec, etc. requiring n*(n-1) peering points Transport dependent Groups endpoints, not groups Pushes content outside the network Costs scale exponentially NAT necessary for overlapping subnets Limited scaling, QoS Complexity
VoIP
Extranet
MPLS-Based VPNs Point-to-cloud single point of connectivity Transport independent Easy grouping of users and services
Enables content hosting inside the network

Flat cost curve Supports private overlapping IP addresses Scalable to over millions of VPNs Per VPN QoS
352
MPLS L3 VPN Control Plane Basics

CE4 CE3
VRF MP-iBGPVPNv4 Label Exchange P1 P2 VRF
PE3
VRF VRF
Static, EIGRP, OSPF, eBGP
PE1
MP-iBGPVPNv4
P3 iBGPVPNv4
PE2
CE1
VRF
CE2
1. 2. 3. 4.
VPN service is enabled on PEs VPN sites CE1 connects to a VRF enabled interface on a PE1 VPN site CE1 distributes routes to PE1 PE1 allocates VPN label for each prefix, redistributes routes into MP-iBGP, sets itself as a next hop and relays VPN site routes to PE3 5. PE3 distributes CE1s routes to CE2
353
How Control Plane Information Is Separated

16.1/16
VPN-IPv4 Net=RD:16.1/16 NH=PE1 Route Target 100:1 Label=42 IGP/eBGP Net=16.1/16
P1
CE1
IGP/eBGP Net=16.1/16 IPv4 Route Exchange
No VPN Routes in the Core(P)
P2 CE2 PE2
PE1
ip vrf Yellow RD 1:100 route-target export 1:100 route-target import 1:100
Route Distinguisher (RD): 8-byte fieldunique value assigned by a provider to each VPN to make different VPN routes unique VPNv4 address: RD+VPN IP prefix Route Target (RT): 8-byte field, unique value assigned by a provider to define the import/export rules for the routes from/to each VPN MP-iBGP: facilitates advertisement of VPNv4* prefixes + labels between BGP peers Virtual Routing Forwarding Instance (VRF): contains VPN site routes Multi-VRF CE: CE device supporting multiple VRFs w/o MP-iBGP & VPN labels
354
MPLS L3 VPN Forwarding Plane How Data Plane Is Separated

CE1
IPv4 IPv4 IPv4
CE2 P1 P2 PE2 ! Interface S1/0 ip vrf forwarding Yellow !

CE2 Receives IPv4 Packet
CE1 Forwards IPv4 Packet
PE1
1. PE1 imposes pre-allocated label for the prefix 2. Core facing interface allocates IGP label
3. Core swaps IGP labels

4. PE2 strips off VPN label and forwards the packet to CE2 as an IP packet
355
MPLS L3 VPNs Applications
TECCCIE-3000_c3
Cisco Public
356
Deployment Example I:
CustomerA
MPLS VPN SP Interconnecting VPN Sites for different Access Technologies

VM
MPLS Backbone
FR/ATM/ PE1 P1 P2 PE2
VPN A
VM
HQ Hub VPN A Local or Direct Dial ISP

Remote Users/ Telecommuters
Provider Networks
MPLS to IPsec/PE
Branch Office
Internet
PE3
VM
VPN A
VM
VPN A VPN A Remote Site
Business Partner VPN B

357
Deployment Example II:

MPLS VPNs in Enterprise Campus
L2 access
Multi-VRF-CE at distribution BGP/MPLS VPNs in core only Multi-VRF between core and distribution
CE (Multi-VRF)
L2 P Layer 3
PE w/VRF
Multi-VRF doesnt require MPLS labels
MP-iBGP VPN1 VPN2 802.1Q BGP/MPLS VPN

358
L2
Deployment Example III:

End-to-End VPN Services Using Multiple MPLS SPs
Enterprise-A Hub-1-UK Enterprise-A Hub-3-India
Global Backbone Service Provider AS100

Regional SP3 MPLS Core AS3
Enterprise-A Hub-2-US
Remote Sites Enterprise-A Remote Sites Enterprise-A
Remote Sites Enterprise-A
359
MPLS L3 VPNs Summary

SPs can provide Intranet, extranet, hub-spoke, fully-meshed connectivity services
Advanced multicast VPNs, shared hosting, voice, video, Internet and traditional IP services can also be supported over a single infrastructure
SP configured route target can be used to filter/limit import/export of VPN routes

SP configured per VPN route distinguisher segregates VPN control plane traffic Unique per-VPN labels segregates data plane traffic Subscribers have several access medium and routing protocol options to connect to the providers SPs can offer service level guarantees using QoS and traffic engineering applications for MPLS L3 VPNs
MPLS L3VPNs over IP

360
Terminology Reference
Terminology
AC
AS CoS Autonomous System (a Domain) Class of Service
Description
Attachment Circuit. An AC Is a Point-to-Point, Layer 2 Circuit Between a CE and a PE.
ECMP
IGP LAN LDP LER LFIB LSP LSR
Equal Cost Multipath

Interior Gateway Protocol Local Area Network Label Distribution Protocol, RFC 3036. Label Edge Router. An Edge LSR Interconnects MPLS and non-MPLS Domains. Labeled Forwarding Information Base Label Switched Path Label Switching Router
NLRI
P Router PE Router PSN Tunnel
Network Layer Reachability Information

An Interior LSR in the Service Provider's Autonomous System An LER in the Service Provider Administrative Domain that Interconnects the Customer Network and the Backbone Network. Packet Switching Tunnel
361
Terminology Reference
Terminology
Pseudo-Wire PWE3 QoS RD RIB RR RT RSVP-TE VPN
Description
A Pseudo-Wire Is a Bidirectional Tunnel" Between Two Features on a Switching Path. Pseudo-Wire End-to-End Emulation Quality of Service Route Distinguisher Routing Information Base Route Reflector Route Target Resource Reservation Protocol based Traffic Engineering Virtual Private Network
VFI
VLAN VPLS VPWS VRF VSI
Virtual Forwarding Instance

Virtual Local Area Network Virtual Private LAN Service Virtual Private WAN Service Virtual Route Forwarding Instance Virtual Switching Instance
362
MPLS/L3VPN Sample Lab Question

Sw4
SVI .30.10/24
170.1.9.9/24
Sw3
CE
SVI .30.9/24 VLAN_B
CE PE P P CE
VPN Tunnel VPN Tunnel
VLAN_A
CE PE P PE PE
VLAN_C
Gi0/0 .25.2/24 Gi0/1 .20.2/24
Fa0/0 .25.5/24
Gi0/0 .30.3/24
MP-BGP/IGP/MPLS
IGP/MPLS IGP/MPLS
Static Route/No MPLS MPLS Static Route/No
R2
S0/0/0 .12.2/30
R5
R3
Gi0/1 .100.3/24
PE
Fa0/1 .100.5/24
VLAN_E
Fa0/0 150.1.YY.1/24
Backbone 1
S0/0/1 .12.1/30
Gi0/1 .100.1/24 Gi0/0 150.2.YY.1/24 S0/0/0 .14.1/24
R4
Fa0/1 .50.4/24
S0/0/0 .14.4/24
R1
Backbone 2
PE
VLAN_D
Sw1
Sw2
SVI .50.8/24
170.1.7.7/24
CE
SVI .50.7/24
363
MPLS/L3VPN Sample Lab Question (Cont.)

There is a private network on Sw3 170.1.9.0 and another on Sw1 170.1.7.0. Build a VPN tunnel to carry the private traffic between these two networks using the MPLS core and edge infrastructure.
MP-BGP should be configured to carry vpnv4 updates. VRF instance should be named "ccie" RT & RD values is upon candidates discretion. Include only the relevant interface in the vrf instance. Configure the vrf route as appropriate on PEs You are allowed to use static route from CE to PE for the private traffic.
364
Verification
MPLS/L3VPN Sample Lab Question (Cont.)

170.1.0.0/32 is subnetted, 2 subnets
R3: Verify VPNv4 routes are received from R4(PE): R3#sh ip route vrf ccie Routing Table: ccie S B C 170.1.9.9 [1/0] via 1.1.30.9 170.1.7.7 [200/0] via 1.1.4.4, 3d16h---Loopback intf.(Private Network) on Sw1 1.0.0.0/24 is subnetted, 2 subnets 1.1.30.0 is directly connected, GigabitEthernet0/0
1.1.50.0 [200/0] via 1.1.4.4, 3d16h
R4: Verify VPNv4 routes are received from R3(PE): R3#sh ip route vrf ccie Routing Table: ccie 170.1.0.0/32 is subnetted, 2 subnets S B C 170.1.7.7 [1/0] via 1.1.50.7 170.1.9.9 [200/0] via 1.1.3.3, 3d16h---Loopback intf.(Private Network) on Sw3 1.0.0.0/24 is subnetted, 2 subnets 1.1.50.0 is directly connected, GigabitEthernet0/1
1.1.30.0 [200/0] via 1.1.3.3, 3d16h

365
Further Reading
http://www.cisco.com/go/mpls
http://www.ciscopress.com MPLS and VPN Architectures Jim Guichard, Ivan PapelnjakCisco Press Traffic Engineering with MPLS Eric Osborne, Ajay SimhaCisco Press Layer 2 VPN Architectures Wei Luo, Carlos Pignataro, Dmitry Bokotey, Anthony ChanCisco Press MPLS QoSSantiago Alvarez-Cisco Press
366
Q and A
TECCCIE-3000_c3
Cisco Public
367
Session 8:
IP Multicast
TECCCIE-3000_c3
Cisco Public
368
Agenda
Multicast Concepts
PIM-SM Configuration and Verification Multicast Troubleshooting
369
Multicast At-a-Glance
PIM
IGMP
IGMP
370
Mcast Sample Written Question

Which of the following is NOT true of IP Multicast Addressing?
1. Multicast Group addresses comprise the range 224.0.0.0239.255.255.255
2.
3.
The Link-Local Address Range is 224.0.0.0224.0.0.255

Administratively Scoped Addresses (239.0.0.0 239.255.255.255) are assigned to user applications by IANA
4.
5.
EIGRP Hellos to 224.0.0.10 have a TTL = 1

Scope Relative Addresses are the top 256 addresses of a scoped address range
371
Multicast Forwarding
TECCCIE-3000_c3
Cisco Public
372
Unicast vs. Multicast Forwarding

Unicast Forwarding Destination IP address directly determines where to forward the packet
Decision based on route table Hop-by-hop forwarding continues even during routing topology changes
373
Unicast vs. Multicast Forwarding

Mulitcast Forwarding Destination IP address doesnt directly indicate where to forward packet Forwarding is connection-oriented
Receivers must first connect to the source before traffic begins to flow Connection messages (PIM Joins) follow unicast routing table toward multicast source Build Multicast Distribution Trees that determine where to forward packets Distribution Trees rebuilt dynamically in case of network topology changes
374
Reverse Path Forwarding (RPF)

The RPF Calculation The multicast source address is checked against the unicast routing table This determines the interface and upstream router in the direction of the source to which PIM Joins are sent
This interface becomes the Incoming or RPF interface

A router forwards a multicast datagram only if received on the RPF interface
375
PIM Sparse Mode
TECCCIE-3000_c3
Cisco Public
376
PIM Sparse Mode

Protocol-independent
Supports all underlying unicast routing protocols including: static, RIP, IGRP, EIGRP, IS-IS, BGP, and OSPF
Sparse mode
Uses pull model Traffic sent only to where it is requested Explicit join behavior
377
PIM-SM Shared Tree Join
RP
PIM (*, G) Join Shared Tree IGMP (*, G) Join Receiver
(*, G) State Created Only Along the Shared Tree
378
PIM-SM Sender Registration
Source
RP
Traffic Flow Shared Tree Source Tree (S, G) Register (S, G) Join
(S, G) State Created Only Along the Source Tree
(unicast)
Receiver
379
Source
RP
Traffic Flow Shared Tree Source Tree (S, G) Register (S, G) Register-Stop
(S, G) Traffic Begins Arriving at the RP Via the Source Tree

RP Sends a Register-Stop Back to the First-Hop Router to Stop the Register Process
(unicast) (unicast)
Receiver
380
Source
RP
Traffic Flow Shared Tree Source Tree Receiver
Source Traffic Flows Natively Along SPT to RP

From RP, Traffic Flows Down the Shared Tree to Receivers
381
PIM-SM SPT Switchover
Source
RP
Traffic Flow Shared Tree Source Tree (S, G) Join
Last-Hop Router Joins the Source Tree
Receiver
382
Source
RP
Last-Hop Router Joins the Source Tree
Additional (S, G) State Is Created Along New Part of the Source Tree
383
Source
RP
Traffic Flow Shared Tree Source Tree (S, G)RP-bit Prune
Traffic begins Flowing Down the New Branch of the Source Tree
Receiver
Additional (S, G) State is Created Along the Shared Tree to Prune off (S, G) Traffic
384
Source
RP
(S, G) Traffic Flow Is Now Pruned off of the Shared Tree and Is Flowing to the Receiver via the Source Tree
385
Source
RP
Traffic Flow Shared Tree Source Tree (S, G) Prune
(S, G) Traffic Flow Is No Longer Needed by the RP So it Prunes the Flow of (S, G) Traffic Receiver
386
Source
RP
(S, G) Traffic Flow Is Now Only Flowing to the Receiver via a Single Branch of the Source Tree
387
PIM Sparse Mode Configuration and Verification
TECCCIE-3000_c3
Cisco Public
388
PIM Sparse Mode Static RP

On Every Router Global Configuration Command
ip multicast-routing ip pim rp-address 10.1.22.22
R4
S0/0 10.2.3.4/24 ip pim sparse-mode LO0 10.1.22.22/32 ip pim sparse-mode
R3
S0/1 10.2.2.3/24 ip pim sparse-mode
R2
S0/1 10.2.2.2/24 ip pim sparse-mode E0/0 10.1.1.2/24 ip pim sparse-mode
E0/0 10.1.1.1/24 ip pim sparse-mode
R1
389
PIM Sparse Mode Static RPVerification

r3# show ip pim rp mapping On Every Router Group(s): 224.0.0.0/4, Static Global Configuration Command10.1.22.22 (R2) RP: ip multicast-routing ip pim rp-address 10.1.22.22
R4
R3
R2
E0/0 10.1.1.1/24 ip pim sparse-mode
R1
390

R4
R3
R2
r2# show ip pim interface Address Interface 10.1.1.2 10.2.3.2 10.2.2.2 Ethernet0/0 Serial0/0 Serial0/1
Ver/ Mode v2/S v2/S v2/S
E0/0 10.1.1.1/24 Nbr Query ip pim Count sparse-mode Intvl 1 30 1 30 R1 1 30
DR Prior 1 1 1
DR 10.1.1.2 10.2.3.4 10.2.2.3

391

R4
R3
R2
r2# show ip pim neighbor PIM Neighbor Table Neighbor Interface Address 10.1.1.1 Ethernet0/0 10.2.3.4 Serial0/0 10.2.2.3 Serial0/1
E0/0 10.1.1.1/24 Uptime/Expires ip pim sparse-mode Ver 1d00h/00:01:17 1d00h/00:01:44 R1 1d00h/00:01:44 v2 v2 v2
DR Priority/Mode 1 / B S 1 / DR B S 1 / DR B S
392
PIM Sparse Mode Auto-RP

Routers automatically learn RP address
Only routers that are candidate RPs or mapping agents need to be configured
Makes use of multicast to distribute info

Two specially IANA-assigned groups used Cisco-Announce224.0.1.39 Cisco-Discovery224.0.1.40
Typically dense mode is used forward these groups
Permits backup RPs to be configured
393
PIM Sparse Mode Auto-RP

ip pim send-rp-discovery loopback 0 scope 16
R4
R3
MA

ip multicast-routing
RP
R2
ip pim send-rp announce loopback 0 scope 16
Interface Configuration Command

ip pim sparse-dense-mode or ip pim sparse-mode with Global command: ip pim auto-rp listener
R1
394
PIM Sparse Mode Auto-RPVerification

r2# show ip pim rp mapping PIM Group-to-RP Mappings This system is an RP (Auto-RP) ip pim send-rp-discovery loopback 0 scope 16
Group(s) 224.0.0.0/4 RP 10.1.22.22 (r2), v2v1 Info source: 10.1.44.44 (R3), via Auto-RP R4 Uptime: 00:02:19, expires: 00:02:38
R3
MA

RP
R2

R1
395

R4
R3
MA

RP
R2
ip ip pim rp mapping r3# showpim send-rp announce loopback 0 scope 16 PIM Group-to-RP Mappings This system is an RP-mapping agent (Loopback0) Group(s) 224.0.0.0/4 RP 10.1.22.22 (r2), v2v1 Info source: 10.1.22.22 (R2), via Auto-RP R1 Uptime: 00:02:55, expires: 00:02:00

396

R4
R3
MA

ip multicast-routing r4# show ip pim rp mapping PIM Group-to-RP Mappings
RP
R2

Group(s) 224.0.0.0/4 RPip pim sparse-dense-mode 10.1.22.22 (r2), v2v1 or Info source: 10.1.44.44 (R3), via Auto-RP ip pim sparse-mode Uptime: 00:24:29, expires: 00:02:17 with R1 Global command: ip pim auto-rp listener
397
PIM Sparse Mode BSR

ip pim bsr-candidate loopback 0
R4
R3
BSR

RP
R2
ip pim rp-candidate loopback 0

ip pim sparse-mode
R1
398
PIM Sparse Mode BSRVerification

r2# show ip pim rp mapping PIM Group-to-RP Mappings This system is a candidate RP (v2) Group(s) 224.0.0.0/4 RP 10.1.22.22 (?), v2 R4 Info source: 10.1.44.44 (?), via bootstrap Uptime: 00:04:09, expires: 00:02:27 ip pim bsr-candidate loopback 0
R3
BSR

RP
R2

ip pim sparse-mode
R1
399
PIM Sparse Mode BSRVerification

r2# show ip pim bsr-router PIMv2 Bootstrap information BSR address: 10.1.44.44 (?) ip pim bsr-candidate loopback 0 Uptime: 00:06:16, BSR Priority: 0, Hash mask length: 0 Expires: 00:01:55 Next in 00:00:39 RP: 10.1.22.22(Loopback0)
R4 Cand_RP_advertisement
R3
BSR

RP
R2

ip pim sparse-mode
R1
400
Anycast RP: Overview

Uses single statically defined RP address
Two or more routers have same RP address
RP address defined as a loopback interface Loopback address advertised as a host route
Senders and receivers join/register with closest RP

Closest RP determined from the unicast routing table
Can never fall back to dense mode

Because RP is statically defined
MSDP session(s) run between all RPs

Informs RPs of sources in other parts of network RPs join SPT to active sources as necessary
401
Anycast RP MSDP Configuration
RP1 A
ip pim rp-address 10.1.1.1
MSDP
RP2 B
ip pim rp-address 10.1.1.1
Interface loopback 0 ip address 10.1.1.1 255.255.255.255 Interface loopback 1 ip address 10.0.0.2 255.255.255.255 ! ip msdp peer 10.0.0.1 connect-source loopback 1 ip msdp originator-id loopback 1
Interface loopback 0 ip address 10.1.1.1 255.255.255.255 Interface loopback 1 ip address 10.0.0.1 255.255.255.255 ! ip msdp peer 10.0.0.2 connect-source loopback 1 ip msdp originator-id loopback 1
402
References
Developing IP Multicast Networks; Beau Williamson, Cisco Press
Routing TCP/IP Volume II; Jeff Doyle, Cisco Press
ftp://ftpeng.cisco.com/ipmulticast/trai ning/index.html
Available Onsite at the Cisco Company Store

403
Session 9:
Quality of Services
TECCCIE-3000_c3
Cisco Public
404
Quality of Service (QoS)

What Is Qos, Why?
Differentiated Services Architecture Modular QoS Command Line
Classification/Marking
Queuing Policing/Shaping
References
405
What Is QoS in Internetworking?

Qos is applicable in many domains outside networking (supermarket, public roads,)
In networking, we refer to the set of requirements an application imposes along an end to end pipe
Loss rate
Latency, jitter Bandwidth
How can we control these, in order to offer the requested service?
406
Congestion Points
Aggregation Speed Mismatch
10 Mbps
LAN to WAN
10 Mbps
1000 Mbps
64 Kbps
Example of network node congestion

Points of substantial speed mismatch and points of aggregation Transmit buffers have the tendency to fill Buffering reduces loss, but introduces delay
407
IETF QoS Model: Differentiated Services

Specify QoS via a packet header value: DSCP
Network uses the QoS specification to classify, shape, and police traffic, as well as perform intelligent queuing Enables scalable service discrimination in the Internet without the need for per-flow state and signaling at every hop
Group flows into aggregatesA collection of packets crossing a link in a particular direction
408
IPv4 ToS vs. DS-Field

(The ToS Byte Is Re-Defined)
409
DiffServ Architecture
410
Assured Forwarding PHB

Guarantees bandwidth
Allow access to extra bandwidth if available Four standard classes (af1, af2, af3, af4)
DSCP value range: aaadd0 where aaa is a binary value of the class and dd is the drop probability
411
Expedited Forwarding PHB

Guarantees bandwidth with prioritized forwarding
Polices bandwidth(excess traffic is dropped) Recommended DSCP value is 101110 (46)
Looks like IP Precedence 5 to non-DS-compliant devices
412
DSCP Usage
DSCP selects the per-hop behavior (PHB) throughout the network:
Default PHB 000000 Class Selector PHBmaps to IP Precedence Assured forwarding PHB (AF) Expedited forwarding PHB (EF)
413
DSCP
DS Field
DSCP
ECN
DROP Class #1 Class #2 Class #3 Class #4 Precedence

Low Drop Precedence Medium Drop Precedence High Drop Precedence
AF11 (001010) 10 AF12 (001100) 12 AF13 (001110) 14 AF21 (010010) 18 AF22 (010100) 20 AF23 (010110) 22 AF31 011010) 26 AF32 011100) 28 AF33 (011110) 30 AF41 (100010) 34 AF42 (100100) 36 AF43 (100110) 38
High Priority = EF = 101110 = 46
Best Effort = 000000 = 0

414
MQC3 Steps to Configure a QoS Policy

1. class-mapDefine traffic classes. Apply same class-map to different policies 2. policy-mapAssociate policies/actions with each class of traffic 3. service-policyAttach policies to interfaces (logical or physical) either in input or output
Note: MQC does not equate to CBWFQ CBWFQ is a queuing mechanism configurable via MQC
415
Configuring class-map
Creates a named traffic class
Specifies packet-matching criteria that identifies packets belonging to a class class-map <class-name> match <match-criteria>
match not <match-criteria>

match class-map <class name>
416
match-any vs match-all
Define classes consisting of multiple match criteria class-map match-any <class-name>
match <match-criteria-1>
match <match-criteria-n> match-anyWhen only one match criterion must be met for a packet to match the specified traffic class match-alWhen all match criteria must be met for a packet to match the traffic class. Default when not configured
417
Configuration Example: class-map

class-map match-any match access-group match dscp EF class-map match-all match access-group Gold 101 Silver 102
access-list 101 permit ip 10.1.0.0 0.0.0.255 any access-list 102 permit ip 10.2.0.0 0.0.0.255 any
418
class-default class
Implicit pre-existing classNo need to be configured Contains traffic not matching any user-defined class
Features configurable by referencing class-default directly in a policy-map:

policy-map foo class class-default <feature>
419
Understanding policy-map
Named object representing a set of policies that are to be applied to a set of traffic classes
e.g. Police traffic class to some maximum rate e.g. Guarantee traffic minimum bandwidth policy-map <map-name> class <class-map-name-1> <policy-1> <policy-n> class <class-map-name-n> <policy-n>
420
Configuration Example: policy-map

policy-map wan_policy class Gold bandwidth 512 queue-limit 64 random-detect class Silver bandwidth 256 class class-default fair-queue
421
service-policy Command
Used to attach a policy-map and thereby the associated policies to an interface, subinterface, PVC, etc.
Indicate input or output direction
(config-if)# service-policy {[output | input policy-name]}
422
Hierarchical Policies
Parent Policy Class-default Shape
Child Policy Class 1 Priority Class 2 Bandwidth
423
Hierarchical Policies
Configure the child or second-level policy policy-map child class http bandwidth <bw specification> class ftp
Configure the parent or first-level policy

policy-map parent class class-default shape average <CIR> service-policy child
424
Other MQC Features with shape

With MQC you can use several QoS features simultaneously in the same policy-map
bandwidthminimum bandwidth guarantee

shapemaximum rate limit (with buffering) Policelimits traffic rate (no buffering) Setmarking Priorityconfigures LLQ
Note: Not all combinations are supported and/or make sense
425
Classification/Marking Options
Ip precedence/DSCP Values
Other Values
Layer 2802.1Q, ISL, CLP Bit, DE Bit MPLSExperimental Bits NBAR (L4, dynamic ports) TraditionalACLs, qos-group
426
Marking and Classification

Layer 3 IPV4
Standard IPV4: Three MSB Called IP Precedence DiffServ: Six MSB Called DSCP Plus Two for ECN
Version ToS Length 1 Byte Len ID
Offset TTL Proto FCS IP-SA IP-DA Data
Layer 2 ISL
ISL Header 26 Bytes
Three Bits (3 LSB of User Field) Used for CoS FCS 4 Bytes
Encapsulated Frame
Layer 2 802.1Q/p
PREAM. SFD DA SA TAG 4 Bytes PT
Three Bits Used for CoS (User Priority bits) DATA FCS
427
Marking Options
Marking Can Be Done via
CAR (Committed Access Rate) CBpolicing
CBmarking
PBR (Policy Based Routing) QPPB (QoS Policy Propagation via BGP)
428
Classification Options
router(config-cmap)#match ? access-group Access group any Any packets class-map Class map cos IEEE 802.1Q/ISL class of service/uses priority values destination-address Destination address input-interface Select an input interface to match ip IP specific values (prec, dscp, rtp) mpls Multi Protocol Label Switching specific values not Negate this match result protocol Protocol qos-group Qos-group source-address Source address
429
Queuing
Queuing + Scheduling = Congestion Management
Buffering packets in queues Scheduling packets out of the queues
Outbound Packets
Scheduler
Packets in Various Queues

430
Congestion Management Queuing and Scheduling

Queuing
Congestion management entails the creation of queues, assignment of packets to those queues based on classification
Scheduling
Congestion management controls congestion by determining the order in which packets are sent from different queues out an interface based on packet priorities.
Scheduling policy specifies how packets of different classes are served with respect to each other. Example scheduling policies include FIFO and WFQ
431
Backpressure
Backpressure is the term used for the mechanism which triggers the congestion management (queuing and scheduling)
Backpressure comes from
tx-ring of an interface is full
Token-bucket of a shaper is empty Others (platform specific like tofab queuing on GSR)
432
Whats a txQ ?
Every interface has 2 sets of queues Software queues ( FIFO, WFQ, )
Any type of software queuing other than FIFO is also referred to as FANCY Queuing
Hardware queue ( =TxQ ) which is always FIFO!

The TxQ, also called tx-ring, is a FIFO queue in between the scheduler and the interface asic
Software Q 1 scheduler Tx-ring
Software Q n
Wire Signal
433
CBWFQMQC Config Example

policy-map mypolicy class multimedia bandwidth 3000 class www bandwidth 2250 class ftp bandwidth 1500
class class-default
bandwidth 750
434
CBWFQMQC Verification
#sh policy-map interface e1/1
Ethernet1/1 Service-policy output: mypolicy
Class-map: multimedia (match-all)

0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 101 Weighted Fair Queueing Output Queue: Conversation 264 Bandwidth 3000 (kbps) Max Threshold 64 (packets) (pkts matched/bytes matched) 0/0 (depth/total drops/no-buffer drops) 0/0/0
435
Low Latency Queueing (LLQ) aka priority Command

Implements both a minimum and maximum bandwidth guarantee It is a strict priority queue with a specified amount of available bandwidth During congestion, LLQ cannot use any excess bandwidth. This is achieved with a conditional, built-in policer
436
Configuration Example: Low Latency Queuing (LLQ)

policy-map wan_policy class Gold
priority 512
class Silver bandwidth 256 class class-default random-detect
Verification
show policy-map interface
437
Policing vs. Shaping

Traffic Traffic Rate Traffic
Data Lost
Traffic Rate
Policing
Time Traffic Rate
Time
Traffic
Traffic
Data Preserved
Traffic Rate
Shaping
Time
Time
438
Ways to Limit Throughput

Common mechanism to meter traffic is a Token Bucket
Policing
CAR, CBpolicing: Token bucket(s), NO queue Conform/exceed actions are configurable
Traffic Shaping
GTS, FRTS, CBshaping: Token bucket + queue Conform/exceed actions are always transmit/queue
439
Token Bucket
Tc=Bc/CIR : Time Interval Between 2 Replenishments of Token Bucket (with Bc tokens)
Bc Tokens are Added Every Tc
Bc + Be: Is the Maximum Number of Token-bits That you Can Store
The Packets are Sent at Access Speed as Long as There are Enough Tokens
440
TcIntervalHypothetical Example
Rate (Mbps)
Bc = 1M => TC = 1s CIR = 1Mbps

interface rate = 2Mbps
1
Bc Bc
Tc1
Tc2
Tc3
Time (s)
If there is continuous traffic, then on average we achieve a shaped rate of 1M (2M during 1/2s, every second = 1Mbps)
441
BeExcess Burst
Token Bucket Dimensioning:
Every Tc, we add Bc tokens Allow the token bucket to grow as deep as Be + Bc if not all Bc tokens are used in an interval
Be
Bc
442
Class-Based Shaping
Shaping on a class via MQC (shape command) Classification with extensive MQC match criteria (e.g. NBAR) Shaping queue is WFQ, CBWFQ, or LLQ Two forms:
shape average
shape peak
shape {average | peak} [percent percent] [bc] [be]
443
Average vs. Peak

Difference in number of tokens given per Tc and how excess tokens are accrued:
AverageBc only is added every Tc to the token bucket

PeakBc+Be is added every Tc to the token bucket
(To burst at Bc + Be)
Average rate shaper must be idle for some time to build Be with unused tokens added by Bc
Peak rate shaper gets increment of Bc + Be per Tc and does not need to be idle
444
CBShaping: shape average

policy-map SHAPING class AF shape average 241000
Router# show policy interface Serial 3/0 Traffic Shaping
Target
Rate 241000 Queue Depth 41
Byte Sustain
1928 7712
Excess
7712
Interval Increment Adap

(ms) 32 Packets Delayed 3967 (bytes) Active 964 Byte Delayed Active 975686 yes
445
Limit bits/int bits/int Packets 3980 Bytes 978872
CBpolicingActions
R2(config-pmap-c)#police 30000 conform-action ? drop drop packet exceed-action action when rate is within conform and conform + exceed burst set-clp-transmit set atm clp and send it set-discard-class-transmit set discard-class and send it set-dscp-transmit set dscp and send it set-frde-transmit set FR DE and send it set-mpls-exp-imposition-transmit set exp at tag imposition and send it set-mpls-exp-topmost-transmit set exp on topmost label and send it set-prec-transmit rewrite packet precedence and send it set-qos-transmit set qos-group and send it transmit transmit packet
446
Multi-Action Policers
Two or more set parameters as a conform, exceed or violate action policy-map QOS class class-default police cir 80000 pir 100000 conform-action transmit exceed-action set-prec-transmit 4 exceed-action set-frde-transmit violate-action set-prec-transmit 2 violate-action set-frde-transmit
447
Hierarchical Policer
Policy Map outer_police Class class-default police cir 110000 bc 5000 be 5000 conform-action transmit exceed-action drop violate-action drop service-policy inner_police Policy Map inner_police Class ef police cir 10000 bc 1500 conform-action transmit exceed-action drop
448
Trust Boundaries
Endpoints Access Distribution Core
WAN Aggregation
3
Trust Boundary A device is trusted if it correctly classifies packets For scalability, classification should be done as close to the edge as possible The outermost trusted devices represent the trust boundary 1 and 2 are optimal, 3 is acceptable (if the access switch cannot perform classification)
449
Catalyst QosGotchas
Understand the concept of (un)trusted ports
mls qos needs to be enabled first in global config mode Most catalysts have their own CLI for configuring various features (e.g. queuing)not always MQC! Every catalyst model has its own restrictions and qos featureset
Be familiar with 3550 and 3560 specific implementations Read UCD!
450
Catalyst QoS: Catalyst 3550 Operation

QoS Actions at Ingress QoS Actions at Egress
Queue/ Schedule Policing Marking Congestion Control
Classification/ Reclassification
Identify and Class Traffic with an Internal DSCP or Trust Existing QoS Value and Map to Internal DSCP Done on a per Interface Basis
WRR Queuing with WRED (Gig Only) or Tail-Drop (Default)

Optional Expedite Queue
451
QOS3560 Switch
Packets are assigned an internal QoS label
Queuing is done via SRR (Shaped Round Robin)
Egress Queues Policer Policer Classify Policer Marker Marker Marker Marker SRR SRR
Ingress Queues
Policer
452
References
End-to-End QoS Network Design Quality of Service in LANs, WANs, and VPNs, by Tim Szigeti, Christina Hattingh
http://www.cisco.com/univercd/cc/td/doc/product/ software/ios124/index.htm http://www.cisco.com/univercd/cc/td/doc/product/lan/ c3550/index.htm
http://www.cisco.com/univercd/cc/td/doc/product/lan/ cat3560/index.htm
www.cisco.com/go/qos
453
Q and A
TECCCIE-3000_c3
Cisco Public
454
Session 10:
Troubleshooting
TECCCIE-3000_c3
Cisco Public
455
Agenda
Overview
Troubleshooting approach Sample scenario
Sample lab question
456
Overview
The minimally qualified Routing and Switching CCIE can abstract functional elements of a complex network environment, understand how infrastructure components interoperate, grasp subtle issues, perceive problem areas, and quickly resolve problems. The experts fluency makes them ideally suited for configuring and validating implementations, troubleshooting critical network issues, and participating in network design teams.
Definition of a Minimum Qualified R&S CCIE Candidate (from the Exam Design Session)
457
Troubleshooting Approach
When analyzing a problem you should consider the following facts:
Make sure you have a clear definition of the problem. Gather all the relevant facts and consider the likely possibilities.
Create and implement an action plan and then observe the results.
If the symptoms do not stop try another action plan and gather additional facts. If you try one thing and it doesnt work you should take that configuration or feature off. In case you make the situation worse, always keep the basic and get back to a known position. If the symptoms do stop, document how you fixed the problem.
458
Sample TS Lab Scenario

Network YY.YY.0.0/16
Lo0= .0.4/32 R9 E2/0
OSPF Area 1 NSSA EIGRP 10

.0.112/28 Lo0= .0.3/32 E2/0 R8 E1/0 .0.82/28 .0.66/28 E0/0 .0.65/28 Lo0= .0.1/32 S1/0 E1/0 R6 E0/0 .0.97/28 .0.98/28 E0/0 R7 .0.9/30 Lo0= .1.2/32 R2 .1.50/28 .1.49/28 E0/0 R3 S0/0 .1.17/29 S0/0 .1.18/29 E0/0
.0.113/28
S1/0 DCE .0.10/30
Lo0= .1.1/32
OSPF Area 0
Lo0= .1.3/32
.0.81/28 E1/0 Lo0= .0.2/32
R1
OSPF Area 3
Frame Relay
S0/0 .1.19/29 Lo0= .1.4/32 R4 .1.33/28 E0/0 .1.34/28 E0/0
OSPF Area 2 Stub

Lo0= .1.5/32 R5
459
Sample TS Lab Scenario (Cont.)

IPv6 topology
Lo0: 2001:200:208::8 E0/0: 2001:308:806::8
OSPFv3
R8 Lo0: 2001:333:600::6 S2/0: 2001:303:100::6
EIGRPv6
R6
R1 Lo0: 2001:404:200::1 S2/0: 2001:303:100::1
E1/0: 2001:300:608::6
460
Sample TS Lab Scenario (Cont.)

Incident 8 Router R1 cannot ping the IPv6 route 2001:200:208::8. 1 fault - Score: 2 Points
Possible cause(s) Address configuration Routing protocols configuration Redistribution configuration Other?
Issue: R1#ping ipv6 2001:200:208::8 <> ..... IPv6 ping fails Success rate is 0 percent (0/5) Verification: R1#ping ipv6 2001:200:208::8 !!!!! IPv6 ping success
461
Q and A
TECCCIE-3000_c3
Cisco Public
462

Ccie Rs Lab Prep

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ccie Rs Lab Prep

Uploaded by

Copyright:

Available Formats

CCIE Routing and Switching

2009 Cisco Systems, Inc. All rights reserved.

Techtorial Session Topics

IP Routing BGP MPLS/VPN IP Multicast

Quality of Service Troubleshooting

Program Overview and Roadmap

2009 Cisco Systems, Inc. All rights reserved.

Cisco CCIE Certification

Process: Step 1 The Written Exam

Closed book; no outside reference materials allowed

Waiting period of five calendar days to retake the exam

Process: Step 2 The Lab Exam

CCIE Routing and Switching

2009 Cisco Systems, Inc. All rights reserved.

CCIE Routing and Switching

Recent Changes to CCIE R&S

CCIE R&S v4.0 Certification

CCIE Exam Development Process

Validation and Feedback Cisco content

Certification Standards Exam Design

CCIE program managers

Beta test and statistical analysis

CCIE Routing and Switching Written Exam

2009 Cisco Systems, Inc. All rights reserved.

CCIE R&S Written Exam

Black = v3.0 blueprint Red= v4.0 blueprint * = removed fromv4.0

Written lays foundation to the Lab Exam

CCIE Routing and Switching Lab Exam

2009 Cisco Systems, Inc. All rights reserved.

R&S Lab Locations

Permanent CCIE R&S Lab Locations

Some questions depend upon completion of previous parts of the network

R&S Lab Exam: Topics

Black = v3.0 blueprint Red= v4.0 blueprint

Implement MPLS Layer 3 VPNs

Equipment requires no HW or Cabling configuration by candidate

The Comm Server is pre-configured

R&S Lab Exam: Sample Topology

R&S Lab Exam: Sample Question

R&S Lab Exam: Sample Answer

R&S Lab Exam: Grading

Partial credit is not awarded on questions

2009 Cisco Systems, Inc. All rights reserved.

2009 Cisco Systems, Inc. All rights reserved.

Core Knowledge Sample Question - 1

(Answer: Any ABR router)

Core Knowledge Sample Question - 2

Core Knowledge Sample Question - 3

2009 Cisco Systems, Inc. All rights reserved.

Layer 3 and 4: MLS

Layer 2 Features Verify VLAN Configuration

Layer 2 Ethernet Trunk

Fa0/2 sw2 Fa0/3 sw2

sw1 Fa0/4 sw1 Fa0/10

Fa0/4 sw2 Fa0/10 sw2

Vlans allowed on trunk 1-4094

Vlans in spanning tree forwarding state and not pruned 1,11-12,21-23,55

switch3#sh cdp neigh

Device ID bb3-sw Switch4

Local Intrfce Fas 0/10 Fas 0/24

Holdtme 130 178

WS-C3550-4Fas 0/8 WS-C3560-2Fas 0/24

Layer 2 Protocols DTP (Dynamic Trunking Protocol)