Professional Documents
Culture Documents
TECCCIE-3000_c3
Cisco Public
IP Version 6
TECCCIE-3000_c3
Cisco Public
CCNP
CCNA CCENT
www.cisco.com/go/learnnetspace
4
Certification Process
CCIEs must pass two exams
The written qualification exam uses simulations and multiple-choice questions
The lab exam is what makes this certification different; the full-day, hands-on lab exam tests the ability to configure and troubleshoot equipment
Not all lab exams are offered at all lab locations
Scores generally can be viewed online within 48 hours; failing score reports indicate areas where additional study may be useful
TECCCIE-3000_c3
Cisco Public
Expert-level in troubleshoot to solve complex connectivity problems and apply solutions to increase bandwidth, improve response times, maximize performance, improve security, and support global applications
10
11
Development Inputs
Clearly defined and ISO-reviewed process ensures exams are relevant and valid.
12
TECCCIE-3000_c3
Cisco Public
13
Bridging and LAN switching (Implement Layer 2 Technologies) IP and IP routing (Implement IPv4) QoS (Implement Quality of Service) WAN (Implement Layer 2 Technologies) IP multicast (Implement IP Multicast) Security (Implement Network Security) IPv6 (Implement IPv6) MPLS (Implement MPLS Layer 3 VPNs) Implement Network Services Troubleshoot a Network Optimize the Network
TECCCIE-3000_c3
Cisco Public
15
San Jose
Bangalore
Sydney Upcoming Mobile Labs: Moscow, Russia Singapore, Singapore Riyadh, Saudi Arabia
Dubai Sao Paulo May 4-8, 2009 June 8-12, 2009 June 20-24, 2009
16
Introduction
Candidates build a network to a series of supplied specifications
The point values for each question are shown on the exam
17
Bridging and Switching (Implement Layer 2 Technologies) IP IGP Routing (which includes IPv6) (Implement IPv4 includes BGP) BGP Implement IPv6 Implement MPLS Layer 3 VPNs IP and Cisco IOS Features (Implement Network Services)
Introduction
Each candidate has his/her own PC and rack of equipment
Equipment rack may or may not be with candidates desk and PC
19
Rack Access
Rack Connection Method
Ethernet
Candidate PC Exam Routers
Comm Server
Passwords
All routers and switches have a startup configuration: hostnames, passwords, line setup, and IP addresses for primary interfaces are already configured; since all tests require the router to be accessible via the VTY and AUX ports, do not change these established configurations
21
Standard Restrictions
Unless Specified within the exam you are NOT allowed to use Static routes (of any kind)
Default routes
**Dynamic routes to null are permitted
22
Frame Relay
SW2
R1
Lo0-1.1/24 Lo1-172.16.1.1 Lo2-172.16.2.2 FA0/0-22.5/24 Lo3-172.16.3.3 Lo4-172.16.4.4
R2
FA0/0-22.1/24
SW1 R3
FA0/0-33.1/24 FA0/0-50.1/24 FA0/0-50.1/24
Frame Relay
R5
Lo0-5.5/24
R6 R4
Lo0-4.4/24
23
24
Q and A
TECCCIE-3000_c3
Cisco Public
27
Session 2:
Core Knowledge
TECCCIE-3000_c3
Cisco Public
28
Agenda
What is the Core Knowledge questions
How many questions? Structure through the lab exam
Sample questions
29
Core Knowledge
Consists of four and computer-delivered short-answer questions is being added to the lab exam in all global lab locations.
Candidates will be required to type out their answers, which typically require five words or less.
This section covers core concepts from the CCIE R&S exam objectives. When candidates complete the Core Knowledge section, they may move immediately to the lab configuration portion of the exam.
You must be completed before the candidate moves to the lab configuration scenarios.
30
Every node that implements IPv6 must fully implement this protocol.
Many IPv6 functions utilize this protocol e.g. MTU path discovery, and neighbor discovery, etc.
(Answer: ICMPv6)
32
33
Session 3:
Multilayer Switching and Frame Relay
TECCCIE-3000_c3
Cisco Public
34
Agenda
LAN Switching
MLS Concepts Layer 2 Protocols Layer 2 Features Layer 3 Features Troubleshooting Tips
Frame Relay
Concepts Configuration Options Troubleshooting Tips
35
MLS Concepts
Layer 1:
Collision domain: Hub
Layer 2:
Broadcast domain: Vlan VTP domain STP domain
36
Layer 2 VLANs
Broadcast domains spanning multiple switches
Default Vlan 1 Normal-range: 1 to 1005 Extended-range: 1006 to 4094 Deprecated vlan-database > vlan config-mode Minimal port config once the Vlan is known:
switchport mode access switchport access vlan X
37
?
X
IEEE 802.1q 4 bytes tag with Vlan ID 10 Supports Native Vlan (not tagged, must match on L2 links) ISL (Cisco Proprietary) 30 bytes header (26 + 4) true encapsulation No Native concepts, ALL frames encapsulated
VLANS
39
Sample Question
Create trunking among the four switches meeting the following requirements:
Trunking will be formed unconditionally Use ISL encapsulation
Choose the encapsulation and create a trunk between R6 and Sw2. Only VLAN_BB3 and VLAN_B must be allowed in the trunk Implicit: refer to the diagrams to determine IP addresses
Score: 2 Points
40
Sample Questions
Diagrams You have multiple diagrams and have to figure out which ports to configure
Sw1 Fa0/19 Fa0/20 Fa0/21 Fa0/22
Sw2
Fa0/19 Fa0/20 Fa0/21 Fa0/22 g0/0 R1 g0/0 R2 g0/0 R3 g0/0 R4 BB1 BB2 g0/4 g0/3 g0/2 g0/1
sw1 Fa0/1
FR FR sw1 Fa0/2 sw1 Fa0/3
Fa0/1 sw2
Sample QuestionSolution
On switch-switch links, use interface-range to speed up and minimize missed/wrong config
Config)#interface range fa0/19-20 switchport trunk encapsulation isl switchport mode trunk
On switch-router, with the IOS running, only dot1Q is supported! Router subinterface:
-if)#encapsulation dot1q [vlanID] -if)#ip address [asPerDiagram]
Switch port:
-if)#switchport encapsulation dot1q -if)#switchport trunk allowed vlan 13,22 -if)#switchport mode trunk
42
Sample QuestionVerification
switch#s int f0/x trunk Port Fa0/x Mode on Encapsulation isl Status trunking Native vlan 1
Port Fa0/x
Port Fa0/x
Port Fa0/x
43
Layer 2 Protocols
CDP
Useful to discover L2 topology and detect weird forwarding issues (cdp neighbors appear where they shouldnt)
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Capability S I R S I
Platform
Port ID
Switch4
Fas 0/23
178
R S I
WS-C3560-2Fas 0/23
44
Sample Question
Configure the amount of time a neighbor should hold CDP information sent by Sw2 before discarding it to 2 minutes
Score: 2 Points
45
Sample QuestionSolution
Sw2
Config)#cdp holdtime 120
Verification:
switch2#sh cdp
Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 120 seconds Sending CDPv2 advertisements is enabled
46
47
Local: nonegociate
Local: nonegociate Local: auto
Remote: on
Remote: nonegociate Remote: desirable
Solution: A If both sides are set to Auto, trunk will never come up
48
Score: 2 Points
49
Verification :
show interfaces switchport Name: FaX/Y
50
Switch-1
VLAN 10
Switch-2
51
VTP CLI
sh vtp status most info comes out of this
sh vtp counters to see, whether pruning joins are received/transmitted
sh int pruning to see, which vlans are pruned and which vlans we request from upstream sh int trunk to see, which vlans are (not) pruned and are forwarding
debug sw-vlan vtp <events|packets|xmit|pruning>
52
3550# show vtp counters VTP statistics: Summary advertisements received Subset advertisements received Request advertisements received Summary advertisements transmitted
: : : :
734 0 0 2199
53
54
EtherChannels
Can aggregate L2 Access Ports, L2 Trunks or L3 Links
Load-balancing algorithm (default is src-mac) Operates between switches, routers, and certain vendors NICs
55
Sample Question
Create EtherChannels among Sw1 and Sw2 so that it will be formed unconditionally NOT using any protocol negotiation
Score: 2 Points
56
Sample QuestionSolution
Use interface range
Config)#int range FastEthernet0/x-y Config)#channel-group z mode on
Verification
sh etherchannel z port-channel sh etherchannel [sum|load] sh pagp|lacp [[port-chan#] neigh|count|internal]
57
------+-------------+-----------+--------------------------------------------
switch#sh ether 12 port Ports in the group: ------------------Port: Fa0/23 -----------Port state Port-channel Port index = Up Mstr In-Bndl Mode = On/FEC GC = Load = 0x00 Gcchange = Pseudo port-channel = Po12 Protocol = = Po12 = 0 Channel group = 12
58
counters
internal neighbor
Traffic information
Internal information Neighbor information
switch#sh lacp ? <1-64> counters internal neighbor sys-id Channel group number Traffic information Internal information Neighbor information LACP System ID
59
Spanning Tree
Provide loop free topology while physical redundant links/trunks are allowed between switches
Elects a root bridge and defines roles to the ports based on least cost path to the root
One Root port per bridge and one Designated port per segment
Blocks other ports to break loops
(PDU still passes through)
60
Spanning Tree
Port States
Blocking: No user traffic allowed, only BPDUs Listening: Receives BPDUs and wait for convergence of BPDUs Learning: Learn source MAC from user traffic to build CAM Forwarding: Normal mode, forward user traffic AND BPDUs Disabled: Port is shut (/admin or not)...
61
Spanning-Tree Algorithm
A BPDU Is Superior than Another if it Has:
1. A lower Root Bridge ID 2. A lower path cost to the Root
62
Spanning Tree
Root Ports: Port with Least Cost Path to the Root Bridge
8192:000000000001
Core
32768:000000000002
DP RP
1
A Root 1 2
RP
32768:000000000003
Distribution
B Peer 2
DP 1 RP NDP D Peer 2
C Peer 2 DP
32768:000000000004
Spanning TreeRSTP802.1w
switch(config)#spanning-tree mode ? mst Multiple spanning tree mode pvst Per-Vlan spanning tree mode rapid-pvst Per-Vlan rapid spanning tree mode
Mechanism of handshake to bypass listening/ forwarding state of the designated port if all bridges on a segment recognized this port as the designated Disabled+Blocking+Listening states are merged into Discarding state
64
Spanning TreeMST802.1s
Enhances STP scalability (preserves CPU power)
Flexible load-balancing Complex interoperability with other STP flavors
65
Spanning TreeMST802.1s
MST Configuration: Identical for all switches in the same region
Digest of the config is sent in the MST BPDU
spanning-tree mode mst spanning-tree mst configuration name MST < up to 32bytes
revision 1
instance 1 vlan 20, 40, 60 instance 2 vlan 30, 50, 70
66
Uplinkfast
Backbonefast Rootguard
67
Sw1
Sw2
The 3550 switches in your topology are pre-cabled as shown in the diagram above. VLANs have already been assigned to the switches. Configure Sw1 and Sw2 to have the following behavior:
Only ODD VLANs should be forwarded on Fa0/23 during normal operation Only EVEN VLANs should be forwarded on Fa0/24 during normal operation Interfaces should begin forwarding traffic within eight seconds of link-up Score: 3 Points DO THIS WITH EXACTLY WITH TWO COMMANDS PER SWITCH
68
Sw1 Vlan 1
Sw2
Sw1 Vlan 2
Sw2
No, Because This Doesnt Answer the Exactly 2 Commands Per Switch !
70
Sw1
Vlan 1
Sw2
Sw1
Vlan 2
Sw2
71
Sw1#s span vlan 2 VLAN002 Spanning tree enabled protocol ieee Root ID Priority 32780 Address 0015.6286.7400 Cost 19 Port 24 (FastEthernet0/24) Hello Time 2 sec Max Age 20 sec Forward Delay 4 sec Bridge ID Priority 61452 (priority 61440 sys-id-ext 2) Address 0009.e8e2.6200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface ---------------Fa0/23 Fa0/24 Role Sts Cost Prio.Nbr Type ---- --- --------- -------- -------------------------------Altn BLK 19 128.23 P2p Root FWD 19 128.24 P2p
72
vlan10
3.0.0.1
SVI
5.0.0.4
73
5.0.0.1 Fa0/5
Routed Port
3.0.0.6
5.0.0.4
3.0.0.6
R1
E0/0 Fa0/1 Fa0/2 Fa0/0
R2
76
References
Cisco LAN Switching, Kennedy Clark, Cisco Press
Interconnections, 2nd edition, Radia Perlman Cisco Catalyst 3550 configuration guide CCO
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550
77
Q and A
TECCCIE-3000_c3
Cisco Public
78
Frame Relay
Concepts
Implementation Options Troubleshooting Tips
79
LMI
DLCI
DLCI
80
R1
FR-SW
R2
Sample Configuration
! frame-relay switching ! interface Serial1/0 no ip address encapsulation frame-relay clockrate 1007616 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 102 interface Serial1/2 201 frame-relay route 103 interface Serial2/0 301 frame-relay route 104 interface Serial2/2 401
81
82
Dynamic L3 to L2 Address Mapping Uses Frame Relay Inverse ARP to Request the Next Hop Protocol Address for a Specific Connection (DLCI)
83
Frame-Relay Verification
Rtr A
S0 S1
RtrA# show frame-relay map Serial0 (up): ip 172.16.1.2 dlci 140(0x8C,0x20C0), dynamic, broadcast,, status defined, active RtrA# show frame-relay pvc DLCI = 140, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 83 output pkts 87 in bytes 8144 out bytes 8408 dropped pkts 0 in FECN pkts0 in BECN pkts 0 out FECN pkts 0 out BECN pkts0 in DE pkts 0 out DE pkts 0 out bcast pkts 41 out bcast bytes 3652 pvc create time 01:31:50, last time pvc status changed 01:28:28
84
interface Serial0 ip address 172.16.1.1 255.255.255.0 encapsulation frame-relay no frame-relay inverse-arp frame-relay map ip 172.16.1.2 140 broadcast interface Serial1 ip address 172.16.1.2 255.255.255.0 encapsulation frame-relay No frame-relay inverse-arp Frame-relay map ip 172.16.1.1 401 broadcast
85
172.16.1.2/24 R2 201
301 R3 172.16.1.3/24
R3
interface Serial1 ip address 172.16.1.3 255.255.255.0 frame-relay map ip 172.16.1.1 301 broadcast frame-relay map ip 172.16.1.2 301 no frame-relay inverse-arp
86
102
103 172.16.1.1/24 R1
R3
301 172.16.1.3/24
R2
interface Serial1.201 point-to-point ip address 172.16.1.2 255.255.255.0 frame-relay interface dlci 201
R1
interface Serial1 ip address 172.16.1.1 255.255.255.0 frame-relay map ip 172.16.1.2 102 broadcast frame-relay map ip 172.16.1.3 103 broadcast no frame-relay inverse-arp
87
show interface show frame-relay map show frame-relay lmi show frame-relay pvc
88
LMI enq sent 147, LMI stat recvd 147, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent LMI DLCI 0 DCD=up DSR=up DTR=up RTS=up CTS=up
89
90
input pkts 20 output pkts 11 in bytes 1310 out bytes 1004 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 2 out bcast bytes 68 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec pvc create time 00:32:30, last time pvc status changed 00:32:20
91
92
References
Frame Relay Configuration Guide CCO
http://www.cisco.com/en/US/tech/tk713/tk237/technologies_ tech_note09186a008014f8a7.shtml
93
Q and A
TECCCIE-3000_c3
Cisco Public
94
Session 4:
IP Routing Concepts
TECCCIE-3000_c3
Cisco Public
95
IP Routing Concepts
Policy-based Routing
Administrative Distance Passive Interfaces
96
Policy-Based Routing
Configured on the receiving (ingress) interface
Packets are routed based on a configured policy specified in a route map The route map statements can be marked as permit or deny
If a matching statement is marked as a deny, packets are sent back through the normal forwarding channels
Packets that not match any route map statements are sent back through the normal forwarding channels
If it is desired to drop packets that do not match the specified criteria, interface Null 0 should be specified as the last interface in the list
97
Policy-Based RoutingConfiguration
Configuration Steps
Define a sequenced Policy (route-map) route-map policyName [permit|deny] [seq#] Identify which traffic to policy-route match Specify the policy for that traffic set Apply the policy to an interface -if)#ip policy route-map policyName
98
135.12.1.0/24
140.10.1.1/24 R3 R1 136.15.1.5/24
Verification
R3#trace ip 140.10.1.1 Type escape sequence to abort. Tracing the route to YY.YY.10.7 1 136.15.1.5 0 msec 0 msec 0 msec
R4
R2
R5
It goes to R5 than
99
Administrative Distance
Connected Static eBGP EIGRP IGRP OSPF IS-IS RIP Ext EIGRP iBGP Unknown 0 1 20 90 100 110 115 120 175 200 255
Not Believed
A router with more than one IP routing protocol enabled will use the administrative distance to select a route if the route is learned from more than one protocol; a lower admin distance is preferred
100
Passive Interfaces
To disable sending routing updates out an interface, use the passive-interface command
Used in router configuration mode Configuration Examples:
passive-interface gi0/0/0 no updates sent out interface gi0/0/0 passive-interface default no updates sent out any interfaces use no passiveinterface on specified interfaces to send updates
** Note: A passive interface does not send routing protocol information. It does receive and process updates on the interface.
101
EIGRP
TECCCIE-3000_c3
Cisco Public
102
DisclaimerReminder
With the time allocated, we can only review the cornerstones of the most important IGPs
EIGRP and OSPF
103
EIGRP
Introduction and Review
Neighbor Relationships Summarization
Load Balancing
104
Advantages of EIGRP
Uses multicast instead of broadcast
Utilize composite metric (bandwidth, delay, load, reliability) Unequal cost paths load balancing More flexible than OSPF
Full support of distribute list Manual summarization can be done in any interface at any router within network
105
EIGRP
Introduction and Review
Neighbor Relationships Load Balancing
Summarization
106
EIGRP Packets
Hello: Establish neighbor relationships
Update: Send routing updates Query: Ask neighbors about routing information Reply: Response to query about routing information Ack: Acknowledgement of a reliable packet
107
108
Neighbor declared dead when no EIGRP packets are received within hold interval
Not only Hello can reset the hold timer
109
110
Neighbor ProcessReview
Used for establishing and maintaining neighbors
Multicast hellos (by default)
224.0.0.10 (0100.5e00.000a)
A
Neighbor timers
Default Hello Interval5 or 60 sec. Default Hold time15 or 180 sec.
Hello
111
HoldHow long to wait for an EIGRP packet before declaring this neighbor dead UptimeHow long since last time this neighbor was discovered
112
113
Log-Neighbor-Changes Messages
Neighbor 10.1.1.1 (Ethernet0) is down: peer restarted Neighbor 10.1.1.1 (Ethernet0) is up: new adjacency Neighbor 10.1.1.1 (Ethernet0) is down: holding time expired Neighbor 10.1.1.1 (Ethernet0) is down: retry limit exceeded Neighbor 10.1.1.1 (Ethernet0) is down: route filter changed
114
115
Hello
B
Neighbor 10.1.1.1 (Ethernet0) Is Down: Holding Time Expired
116
RememberAny Debug Can Be Hazardous on a Live Network; Its Ok in CCIE Lab Though
118
119
120
Ack
Update
X
B
Neighbor 10.1.1.1 (Ethernet0) Is Down: Retry Limit Exceeded
121
Manual Changes
Some manual configuration changes also reset EIGRP neighbors:
Summary changes (manual and auto) Route filter changes
122
123
EIGRP
Introduction and Review
Neighbor Relationships Summarization
Load Balancing
124
EIGRP Summarization
Purpose: Smaller routing tables, smaller updates
Auto summarization:
On major network boundaries, networks are summarized to the major networks Auto summarization is turned on by default
150.150.X.X
150.150.X.X
151.151.X.X
125
Manual Summarization
Configurable on per interface basis in any router within the network
When summarization is configured on an interface, the router immediate creates a route pointing to null zero with administrative distance of five Loop prevention mechanism When the last specific route of the summary goes away, the summary is deleted The minimum metric of the specific routes is used as the metric of the summary route
126
EIGRP Summarization
Manual Summarization Command:
ip summary-address eigrp <as number> <address> <mask>
127
Deploying Summarization
Summarization is simply a way to hide topological detail while maintaining reachability But sometimes you have to be creative to summarize
10.1.0.0/22
10.1.1.0/24
10.1.3.0/24
128
Deploying Summarization
For instance, can you still summarize here?
Note that A has a component which is part of 10.1.0.0/22 behind it
10.1.2.0/24 A
10.1.0.0/22
10.1.1.0/24
10.1.3.0/24
129
Deploying Summarization
Sure
Routers always route to the longest prefix Destinations within 10.1.2.0/24 will be routed towards A, while destinations within 10.1.1.0/24 and 10.1.3.0/24 will be routed towards C
10.1.2.0/24 A 10.1.2.0/24 B 10.1.0.0/22
10.1.0.0/22
10.1.1.0/24
10.1.3.0/24
130
EIGRP
Introduction and Review
Neighbor Relationships Summarization
Load Balancing
131
132
Variance command will allow the router to include routes with a metric smaller than multiplier times the minimum metric route for that destination, where multiplier is the number specified by the variance command
133
Variance Example
B E 20 10 Variance 2 20 C D 10 10 25 A Net 172.16.10.0.24
Router E will choose router C to get to net 172.16.10.0/24 FD=20 With variance of 2, router E will also choose router B to get to net 172.16.10.0/24 Router D will not be used to get to net 172.16.10.0/24
134
EIGRP 100
R1
VLAN_30
R2
R5
OSPF Area 0
Frame Relay
135
Q and A
TECCCIE-3000_c3
Cisco Public
136
OSPF
TECCCIE-3000_c3
Cisco Public
137
OSPF
Review
Dealing with NBMA Commands
138
OSPF
Review
Dealing with NBMA Commands
139
OSPF Areas
OSPF uses a two-level hierarchical model
Backbone area All other areas
Area 3
Can also be defined using single decimal value (i.e., Area 0.0.0.0, or Area 0)
0.0.0.0 reserved for the backbone area Area boundaries are at the routers
Each link is in one and only one area
140
OSPF LSAs
Router and network LSAs within an area
Summary LSA Type 3 outside the area
Area 3
141
OSPF LSAs
142
Backup purpose
143
Area 51
Area 0
ABR
144
Area 51
Area 0
ABR
145
Area 1 Stub
S0/1 A S0 B 10.1.1.2/30
Area 0
10.1.1.5/30 10.1.1.6/30 S1 S0
Redistribute Connected 192.168.3.3/32 C
10.1.1.1/30
ABR
ASBR
146
X X
Area 0
10.1.1.5/30 10.1.1.6/30 S1 S0
Redistribute Connected 192.168.3.3/32 C
10.1.1.1/30
ABR
ASBR
147
X
10.1.1.5/30 Redistribute RIP S1
Area 0
S0/1
S0
10.1.1.6/30
S0
RIP V2 D
172.26.32.1/24 172.26.33.1/24
10.1.1.1/30 10.1.1.2/30
S1
ABR
OSPF Type 5 Routes
Area 1 NSSA
C ASB R
S0 10.1.1.10/30 10.1.1.9/30
X X
10.1.1.5/30 Redistribute RIP S1
Area 0
S0/1
S0
10.1.1.6/30
RIP V2 D
172.26.32.1/24 172.26.33.1/24
10.1.1.1/30 10.1.1.2/30
S1
ABR
OSPF Type 5 Routes
C ASB R
S0 10.1.1.10/30 10.1.1.9/30
Designated Routers
Designated RouterDR On a multi-access network, the DR is responsible for distributing LSAs to other attached OSPF routers; DR is selected by highest priority (default = 1), highest loopback address, or highest IP address assigned to a physical interface
DR
Designated Routers
Backup Designated RouterBDR The BDR will assume the DR role if the DR fails Listens and learns all information that the DR learns a hot standby
DR
BDR
151
Designated Routers
DROTHERNot the DR or BDR All other routers on the multi-access network segment
DR
BDR
DROTHER
DROTHER
152
Designated Routers
Adjacency On a multi-access network, all OSPF routers will become adjacent with the DR and BDR
DR
BDR
DROTHER
DROTHER
Full 2-Way
153
BDR
DROTHER
DROTHER
Full 2-Way
154
Designated Routers
Adjacency A router stuck in any other state has a problem
router# show ip ospf neighbor Neighbor ID Pri State Dead Time Address 172.16.5.1 router#
DR
Interface
INIT/- 00:00:34
172.16.1.1 Serial0
BDR
DROTHER
Full 2-Way
155
External Costs
External Routes
Type 1 Cost = 15
Type 2 Cost = 5
OSPF Domain
RIP Domain
OSPF Cost = 10
RIP Cost = 5
156
OSPF
Review
Dealing with NBMA Commands
158
Point-to-Point Media
Serial links
Multicast used No DR or BDR
159
Frame Relay
160
161
162
163
164
OSPF
Review
Dealing with NBMA Commands
165
OSPF CommandsRouter
router-id The router-id command is used to explicitly specify the router ID OSPF will use If the OSPF process already has neighbors, this command will not take effect until the next reload or manual restart of the OSPF process
clear ip ospf Order of determining the RID Manually configured RID Highest loopback interface IP address (if available) Highest active interface IP address
166
OSPF CommandsRouter
network The network command is used to determine which interfaces will be enabled for OSPF
network 10.2.1.1 network 10.2.2.1 network 10.2.3.1 0.0.0.0 area 0 0.0.0.0 area 1 0.0.0.0 area 2
10.2.1.1/24
10.2.3.1/24
10.2.2.1/24
167
OSPF CommandsRouter
network
10.2.1.1/24
10.2.3.1/24
10.2.2.1/24
168
OSPF CommandsRouter
network
network 10.2.0.0 0.0.255.255 area 0 or in this example Network 0.0.0.0 255.255.255.255 area 0 is the equivalent Do you know why?
10.2.1.1/24
10.2.3.1/24
10.2.2.1/24
169
OSPF CommandsRouter
redistribute metric-type By default, redistributed routes have external metric type 2; Type 2 routes have a cost which consists of the external cost only; Type 1 routes include the cost of traversing the OSPF domain ASBR(config-router)#redistribute rip metric-type? 1 Set OSPF External Type 1 metrics 2 Set OSPF External Type 2 metrics ASBR(config-router)#redistribute rip metric-type 1
170
OSPF CommandsRouter
summary-address Addresses can be summarized into OSPF on an ASBR
ASBR
171
OSPF CommandsRouter
area range Addresses can be summarized on an ABR into area 0 or from area 0
ABR(config-router)# area 1 range 10.2.0.0 255.255.252.0 ABR(config-router)# area 0 range 10.1.0.0 255.255.252.0
Area 1 10.2.0.0/24 10.2.1.0/24 10.2.2.0/24 10.2.3.0/24
10.1.0.0/22 Area 0 10.1.0.0/24 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 10.2.0.0/22
ABR
OSPF Does Not Allow Summarizing Anywhere Else (Only ASBR and ABR)
172
OSPF CommandsRouter
area stub All routers in the area must be configured as stub Add no-summary at the ABR and the area becomes totally stubby
RTR(config-router)# area 1 stub ABR(config-router)# area 1 stub [no summary]
ABR
Area 1
Area 0
173
OSPF CommandsRouter
area nssa All routers in the area must be configured as NSSA Add no-summary at the ABR and the area becomes totally stubby NSSA
RTR(config-router)# area 1 nssa ABR(config-router)# area 1 nssa [no summary]
ABR
ASBR
Area 0
Area 1
RIP Domain
174
OSPF CommandsRouter
area virtual-link
Virtual Link
Area 0
Area 51
Rtr A RID=10.10.254.254
175
OSPF CommandsRouter
neighbor Designate neighbors on non-broadcast networks Must be the primary address of the neighbors interface
RTR(config-router)# neighbor ip-address
[additional optional keywords]
176
CommandsInterface
Non-Broadcast Multi-Access (NBMA) Network
Pvcs Can Be on Same Subnet or on Different Subnets Practice and Understand the Effect of OSPF Network Types RTR(config-if)# ip ospf network point-to-multipoint (Hello = 30, Dead = 120) RTR(config-if)# ip ospf network point-to-point (Hello = 10, Dead = 40) RTR(config-if)# ip ospf network broadcast (Hello = 10, Dead = 40)
177
OSPF CommandsInterface
auto-cost OSPF interfaces have a cost equal to ref-bw / bandwidth (defined by the bandwidth statement) ref-bw = 100,000,000 by default
FastEthernet = 100,000,000 / 100,000,000 = 1 Ethernet = 100,000,000 / 10,000,000 = 10 T1 = 100,000,000 / 1,544,000 = 64
The auto-cost command is used to change the reference value, which changes the cost of every OSPF interface on the router
Rtr(config-router)#auto-cost reference-bandwidth ref-bw ref-bw <1-4294967> in Mbits per second
178
OSPF CommandsInterface
ip ospf keyword(s) ip ospf cost interface-cost
Specify the cost of sending a packet on the interface
ip ospf priority
Set the router priority for DR / BDR selection (highest wins)
179
OSPF CommandsSecurity
AuthenticationClear Text Authentication requires router and/or interface commands; the router command is used to enable authentication for an area and the interface command is used to enable authentication on an interface and set the authentication password
Area 0
Rtr A
S0
S0
Rtr B
Rtr A interface serial 0 ip ospf authentication ip ospf authentication-key cisco ! router ospf 1 area 0 authentication
Rtr B interface serial 0 ip ospf authentication ip ospf authentication-key cisco ! router ospf 1 area 0 authentication
180
OSPF CommandsSecurity
AuthenticationMessage Digest
Area 0
Rtr A
S0
S0
Rtr B
Rtr B interface serial 0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco ! router ospf 1 area 0 authentication message-digest
181
Rtr A interface serial 0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco ! router ospf 1 area 0 authentication message-digest
OSPF CommandsSecurity
AuthenticationClear TextVirtual Link
Virtual Link
Area 0
Area 51
Rtr A RID=130.10.254.254
Rtr A router ospf 1 area 1 virtual-link 130.11.254.254 authentication-key cisco area 0 authentication Rtr B router ospf 1 area 1 virtual-link 130.10.254.254 authentication-key cisco area 0 authentication
182
OSPF CommandsSecurity
AuthenticationCan Be Applied per Interface or Virtual Link
Interface
183
OSPF CommandsMonitoring
Show IP OSPF Neighbor
DR
BDR DROTHER DROTHER
Neighbor ID
10.1.1.254 10.1.3.254 10.1.4.254 10.1.5.254
Pri
1 1 1 1
State
2WAY/DROTHER FULL/BDR FULL/DR FULL/---
Interface
Ethernet0 Ethernet0 Ethernet0 Serial0
184
OSPF CommandsMonitoring
show ip ospf interface
DR
BDR DROTHER DROTHER
RTR# show ip ospf interface s0/0 Internet Address 10.255.255.201/30, Area 0 Process ID 1, Router ID 10.255.254.3, Network Type NON_BROADCAST, Cost: 400 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 10.255.254.4, Interface address 10.255.255.202 Backup Designated router (ID) 10.255.254.3, Interface address 10.255.255.201 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 Hello due in 00:00:14 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 3 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 10.255.254.4 (Designated Router) Suppress hello for 0 neighbor(s)
185
OSPF
Review
Dealing with NBMA Commands
186
Preparation Suggestions
Practice every OSPF command
Both Rtr(config-router)# & Rtr(config-if)# commands
Authentication
Redistribution and route feedback filtering
Frame Relay
OSPF Backbone
Frame Relay
R1
R4
Verification
R1#show ip ospf virtual-link
Virtual Link OSPF_VL0 to router 2.2.2.2 is up <> R1#show ip route ospf ##.0.0.0/8 is variably subnetted, 19 subnets, 4 masks O IA O IA 1.1.20.0/24 ... Serial0/0/0 1.1.40.0/24 ... Serial0/0/1
188
References
Cisco OSPF Command and Configuration Handbook, William R. Parkhurst, Cisco Press
OSPF Network Design Solutions, Thomas M. Thomas, Cisco Press
Cisco Documentation
189
Q and A
TECCCIE-3000_c3
Cisco Public
190
Route Distribution
TECCCIE-3000_c3
Cisco Public
191
Metrics
Be aware of metric requirements going from one protocol to another
RIP metric is a value from 116 OSPF metric is from 165535
config-router)# default-metric 10
192
Assigning Metrics
You can include a default metric command as a precaution unless specifically told not to
router ospf 1 network 10.1.0.0 0.0.255.255 area 0.0.0.0 redistribute rip subnets redistribute eigrp 100 metric 10 Default-metric 120 router eigrp 100 network 172.16.0.0 0.0.255.255 redistribute ospf 1 Default-metric 10000 100 255 1 1500 router rip network 192.168.1.0 redistribute eigrp 100 Default-metric 1
Note: when routes are redistributed into OSPF, only routes that are not subnetted are redistributed if the subnets keyword is not specified
193
Assigning Metrics
Redistribute OSPF and EIGRP into RIP; Assign Assign all routes a Metric (hop count) of 2
router rip redistribute ospf 1 redistribute eigrp 3 default-metric 2
OSPF 1 RIP
Redistribute OSPFand EIGRP into RIP; Assign OSPF routes a metric (hop count) of 1 and EIGRP routes a metric of 2
router rip redistribute ospf 1 metric 1 redistribute eigrp 3 default-metric 2
EIGRP 100
194
Route Maps
Route Redistribution
Redistribute OSPF and EIGRP into RIP; Assign OSPF routes 172.16.0.0/16 a metric (hop count) of 1, all other OSPF routes a metric of 3; all EIGRP routes a metric of 2
router rip redistribute ospf 1 route-map ospfmetric redistribute eigrp 100 default-metric 2 route-map ospfmetric permit 10 match ip address 1 set metric 1 route-map ospfmetric permit 20 set metric 3 access-list 1 permit 172.16.0.0 0.0.255.255
OSPF 1 RIP
EIGRP 100
195
Route Maps
Route Redistribution
Redistribute OSPF and EIGRP into RIP; block redistribution of OSPF routes 172.16.0.0/16, all other OSPF routes are redistributed with a metric of 3, EIGRP routes with a metric of 2
router rip redistribute ospf 1 route-map ospfmetric redistribute eigrp 100 default-metric 2 route-map ospfmetric deny 10 match ip address 1 route-map ospfmetric permit 20 set metric 3 access-list 1 permit 172.16.0.0 0.0.255.255
OSPF 1 RIP
EIGRP 100
196
Frame Relay
SW2
R1
Lo0-1.1/24 Lo1-172.16.1.1 Lo2-172.16.2.2 FA0/0-22.5/24 Lo3-172.16.3.3 Lo4-172.16.4.4
R2
FA0/0-22.1/24
SW1 R3
FA0/0-33.1/24 FA0/0-50.1/24 FA0/0-50.1/24
Frame Relay
R5
Lo0-5.5/24
R6 R4
Lo0-4.4/24
197
198
Session 5:
IP Version 6
TECCCIE-3000_c3
Cisco Public
200
TECCCIE-3000_c3
Cisco Public
201
IPv6 Addressing
IPv4 32-bits IPv6 128-bits
202
IPv6 Addressing
Representation 16-bit hexadecimal numbers Numbers are separated by (:) Hex numbers are not case-sensitive
Example:
2003:0000:130F:0000:0000:087C:876B:140B
203
204
IPv6 Addressing
Prefix Representation Representation of prefix is just like CIDR In this representation you attach the prefix length IPv4 address: 198.10.0.0/16
205
Unicast
Unicast addresses are used in a one-to-one context
IPv6 unicast addresses are
Unspecified, loopback, IPv4 mapped, and IPv4 compatible Link-local Site-local (deprecated) Unique-local (IETF draft) Aggregatable global unicast
207
IPv4 compatible
0:0:0:0:0:0:IPv4 = ::IPv4 0:0:0:0:0:0:192.168.30.1 = ::192.168.30.1 = ::C0A8:1E01
208
209
IPv4-Compatible Addresses
96 bits 0 0:0:0:0:0:0:192.168.30.1 = ::192.168.30.1 = ::C0A8:1E01 32 bits IPv4 Address
210
211
IPv6 Addressing
IPv6 addressing rules are covered by multiple RFCs
Architecture defined by RFC 3513
A single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, multicast)
No broadcast address use multicast
212
Host 64 bits
Interface ID
001
Link-Local
128 bits 0
1111 1110 10 FE80::/10
Interface ID 64 bits
10 bits
Link-local addresses
Have a limited scope of the link Are automatically configured with the interface ID
214
Link-Local
Aggregatable Address
2001::4: 204:9AFF:FEAC:7D80
Link-Local Address
FE80:0:0:0
204:9AFF:FEAC:7D80
215
216
To make sure that the chosen address is from a unique Ethernet MAC address, the universal/local (u bit) is set to 1 for global scope and 0 for local scope
217
EUI-64
Ethernet MAC Address (48 bits) 00 00 90 90 27 FF 64-bit Version Uniqueness of the MAC EUI-64 Address 00 90 27 FF FE FE 17 FC 0F 27 17 FC 17 0F FC 0F
000000X0
X=1
02 90 27 FF
EUI-64 address is formed by inserting FFFE and ORing a bit identifying the uniqueness of the MAC address
218
Anycast
Anycast allows a source node to transmit IP datagrams to a single destination node out of a group of destination nodes with same subnet ID based on the routing metrics
219
Anycast Address
128 bits Prefix 111111X111111 111
Anycast ID
0 If EUI-64 Format X=
1 If Non-EUI-64 Format
7 bits
Anycast
Is one-to-nearest type of address Has a current limited use
220
Multicast
128 bits 0
1111 1111
Flag
Scope
8 bits
8 bits
Scope =
E = Global
33
33
FF
17
FC
0F
222
Scope
Node-Local
Meaning
All Nodes
FF02::1
FF01::2 FF02::2 FF05::2 FF02::1:FFXX:XXXX
Link-Local
Node-Local Link-Local Site-Local (Deprecated) Link-Local
All Nodes
All Routers All Routers All Routers Solicited-Node
223
IPv6 Header
Version
HL
Type of Service
Traffic Class
Flow Label
Payload Length
Header Checksum
Next Header
Hop Limit
Fields Name Kept from IPv4 to IPv6 Fields Not Kept in IPv6 Name and Position Changed in IPv6 New Field in IPv6
224
Destination Address
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
225
IPv6 Header
Version
Traffic Class
Flow Label
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
226
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
227
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
228
IPv6 Header
Traffic Class Flow Label
The value in this field tells you what type of information follows
e.g. TCP, UDP, extension header
Payload Length
Next Header
Hop Limit
Source Address
Destination Address
229
HL
Type of Service
Total Length
Identification
Flags
Fragment Offset
Time to Live
Protocol
Header Checksum
230
IPv4 Header
HL
Type of Service Total Length
Identification
Flags
Fragment Offset
Time to Live
Protocol
Header Checksum
231
IPv4 Header
Version
HL
Type of Service
Total Length
Identification
Time to Live Protocol
Flags
Fragment Offset
Header Checksum
232
HL
Type of Service
Total Length
Identification
Flags
Fragment Offset
Time to Live
Protocol
Header Checksum
233
IPv6 Header
Version Traffic Class
Flow Label
Next Header
Payload Length
Hop Limit
Source Address
Destination Address
RFC 3697
234
Extension Headers
IPv6 Header Next Header = TCP TCP Header + Data
235
IPv6 Packet
IPv6 Packet
Upper layer (UDP, TCP, ICMPv6) checksum must be computed These are the typical headers used inside a Packet to transport data This could be UDP (Protocol 17), TCP (Protocol 6), or ICMPv6 (Protocol 58)
237
ICMPv6 Code
ICMPv6 Data
Checksum
Additionally, its used for neighbor discovery, path MTU discovery, and Mcast listener discovery (MLD)
238
Definitions
Link MTU is links maximum transmission unit Path MTU is the minimum MTU of all the links in a path between a source and a destination
Minimum link MTU for IPv6 is 1280 octets (68 octets for IPv4)
On links with MTU < 1280, link-specific fragmentation and reassembly must be used
Implementations are expected to perform path MTU discovery to send Packets bigger than 1280 octets
For each destination, start by assuming MTU of first-hop link If a Packet reaches a link in which it cannot fit, will invoke ICMP Packet too big message to source, reporting the links MTU; MTU is cached by source for specific destination
239
Packet with MTU=1500 ICMP Error: Packet Too Big Use MTU = 1400 Packet with MTU=1400 ICMP Error: Packet Too Big Use MTU = 1300 Packet with MTU=1300 Packet Received Path MTU = 1300
Minimum Link MTU for IPv6 is 1280 Octets (Versus 68 Octets for IPv4)
240
Finds neighbor routers Verifies the reachability of neighbors Comprised of different message types:
Neighbor Solicitation (NS)/Neighbor Advertisement (NA) Router Solicitation (RS)/Router Advertisement (RA) Redirect Renumbering
241
242
243
Interface ID
24 bits
244
245
Neighbor Solicitation: ICMP type = 135 Src = A Dst = Solicited-node multicast address of B Data = Link-layer address of A Query = What is your link-layer address? Neighbor Advertisement: ICMP type = 136 Src = B Dst = A Data = Link-layer address of B A and B Can Now Exchange Packets on This Link
246
IPv6 Auto-Configuration
Stateless (RFC2462)
Router solicitations are sent by booting nodes to request RAs for configuring the interfaces Host autonomously configures its own link-local address
RA Indicates Subnet Prefix Advertised Subnet Prefix Received + MAC SUBNET PREFIX + Address MAC ADDRESS
Stateful
DHCPv6
Subnet Prefix Received + MAC Address
At Boot Time, an IPv6 Host Builds a Link-Local Address, Then Its Global IPv6 Address(es) from RA
RA: Router Advertisement
247
IPv6 Auto-Configuration
Renumbering Host renumbering is done by modifying the RA to announce the old prefix with a short lifetime and the new prefix Router renumbering protocol (RFC 2894), to allow domain-interior routers to learn of prefix introduction/withdrawal
248
Stateless Auto-Configuration
1. RS
1. ICMP Type = 133 (RS)
2. RA
2. ICMP Type = 134 (RA)
Src = Link-local address (FE80::/10) Src = Link-local address (FE80::/10) Dst = All-routers multicast address (FF02::2) Query = please send RA Dst = All-nodes multicast address (FF02::1) Data = options, subnet prefix, lifetime, autoconfig flag
Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces
249
250
Host A wants to assign itself a unique global unicast address 2001:DB8:0410:1::34:123A Before it does that, it sends out a DAD request to all nodes on the link
251
5. If Host A does not receive a reply back, it will assign itself 2001:DB8:0410:1::34:123A
252
Redirect
A
B R2
R1
2001:DB8:C18:2::/64
253
Renumbering
RA
RA Packet definitions: ICMP Type = 138 Src = Router link-local address Dst = All-nodes multicast address Data= 2 prefixes: Current prefix (to be deprecated) with short lifetime New prefix (to be used) with normal lifetime
Renumberingmodify the RA to announce the old prefix with a short lifetime and the new prefix
254
Enabling IPv6
To enable IPv6 on a Cisco router, you must
Enable IPv6 traffic forwarding ipv6 unicast-routing Enable IPv6 on the interface(s) by configuring an IPv6 address on the interface ipv6 address <ipv6addr>[/<prefix-length>] ipv6 enable (can be used, but only for link-local addresses)
255
ipv6 enable
256
router#show ipv6 interface Ethernet 0/0 Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 No global unicast address is configured Joined group address(es): FF02::1 (All Nodes Link Local) FF02::2 (All Routers Link Local) FF02::1:FFAC:7D80 (Solicited-Node Multicast) MTU is 1500 bytes
257
router# show ipv6 interface Ethernet0/0 Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 Global unicast address(es): 2001:DB8:0:4:204:9AFF:FEAC:7D80, subnet is 2001:DB8:0:4::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FFAC:7D80 MTU is 1500 bytes
router# show ipv6 interface Ethernet0/0 Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 Global unicast address(es): 2001:DB8:0:4:1:2:3:4, subnet is 2001:DB8:0:4::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF03:4 FF02::1:FFAC:7D80 MTU is 1500 bytes
259
R2 2001:DB8:0:1:1:2:3:0/126
S0/0
R1 ipv6 unicast-routing
interface Serial0/0 encapsulation frame-relay ipv6 address 2001:DB8:0:1:1:2:3:1/126 frame-relay map ipv6 FE80::204:C1FF:FE09:1DA1 102 broadcast frame-relay map ipv6 2001:DB8:0:1:1:2:3:2 102 broadcast no frame-relay inverse-arp
R2 ipv6 unicast-routing interface Serial0/0 encapsulation frame-relay ipv6 address 2001::1:1:2:3:2/126 frame-relay map ipv6 FE80::204:9AFF:FEAC:7D80 201 broadcast frame-relay map ipv6 2001:DB8:0:1:1:2:3:1 201 broadcast no frame-relay inverse-arp
260
R2 2001:DB8:0:1:1:2:3:0/126
S0/0
261
R2 2001:DB8:0:1:1:2:3:0/126
S0/0
r1#ping fe80::204:9aff:feac:7d80 Output Interface: serial0/0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FE80::204:9AFF:FEAC:7D80, timeout is 2 seconds : Packet sent with a source address of FE80::204:C1FF:FE09:1DA1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms r1#ping 2001:DB8:0:1:1:2:3:2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:0:1:1:2:3:2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
262
Router Advertisements
Default router Autoconfiguring IPv6 Hosts IPv6 network prefix Lifetime of advertisement
263
Preferred-Lifetimethe amount of time (in seconds) that the specified IPv6 prefix is advertised as being preferred
Onlinkindicates that the specified prefix is assigned to the link; nodes sending traffic to such addresses that contain the specified prefix consider the destination to be locally reachable on the link Autoconfigindicates to hosts on the local link that the specified prefix can be used for IPv6 auto-configuration
264
Router1 RA Ethernet0
LAN1: 2001:DB8:c18:1::/64
interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200 onlink autoconfig ipv6 nd ra-lifetime 0 interface Ethernet1 ipv6 nd prefix-advertisement 2001:DB8:c18:2::/64 43200 43200 onlink autoconfig
Ethernet0
RA
Router2
Ethernet1
LAN2: 2001:DB8:c18:2::/64
265
Router Advertisements
267
DHCPv6
Client first detects the presence of routers on the link
If found, then examines router advertisements to determine if DHCP can be used
268
TECCCIE-3000_c3
Cisco Public
269
270
271
272
273
Instance ID is a new field that is used to have multiple OSPFv3 protocol instances per link
In order to have two instances talk to each other, they need to have the same instance ID; by default it is 0, and for any additional instance it is increased
274
Security
OSPFv3 uses IPv6 AH and ESP extension headers instead of variety of mechanisms defined in OSPFv2
275
Loopback 0 Subnet 2
Area 1
OSPF Area 0
276
OSPFv3 Verification
rA#show ipv6 route ospf IPv6 Routing Table - 7 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 OI 2001:DB8:101:2:204:9AFF:FE5C:8B41/128 [110/64] via FE80::204:9AFF:FE5C:8B41, Serial0/0
ra#show ipv6 ospf neighbor Neighbor ID Pri State 10.1.1.2 1 FULL/ Dead Time Interface ID Interface 00:00:33 3 Serial0/0
279
280
Exit from IPv6 routing protocol configuration mode Do not complain about specific event Log changes in adjacency state Forward packets over multiple paths Negate a command or set its defaults Suppress routing updates on an interface Redistribute IPv6 prefixes from another routing protocol router-id for this OSPF process Configure IPv6 summary prefix Adjust routing timers
281
A(config-rtr)#area 1 ? default-cost Set the summary default-cost of a NSSA/stub area nssa Specify a NSSA area range Summarize routes matching address/mask (border routers only) stub Specify a stub area virtual-link Define a virtual link and its parameters
282
Process ID Interface cost Filter OSPF LSA during synchronization and flooding Interval after which a neighbor is declared dead OSPF demand circuit OSPF Flood Reduction Time between HELLO packets Ignores the MTU in DBD packets OSPF neighbor Network type Router priority Time between retransmitting lost link state advertisements Link state transmit delay
283
Q and A
TECCCIE-3000_c3
Cisco Public
284
Session 6:
IP Routing BGP
TECCCIE-3000_c3
Cisco Public
285
Topics
Introduction
BGP Path Section BGP Attributes
Debugging
286
Introduction
What Is BGP?
How Does BGP Work EBGP and IBGP
287
Configuring BGP
Rtr B
AS 1 Rtr A
router bgp 1
AS 2 Rtr B
router bgp 2
288
Configuring Peers
Rtr(config-router)#?
*address-family ***aggregate-address Enter address family command mode Configure BGP aggregate entries
*auto-summary
*bgp default *default-information *default-metric
*distance
+++distribute-list exit
Importance: ***High **Medium *Low +++: Do Not Use with BGP Use neighbor x.x.x.x distribute-list {in|out}
289
***neighbor
**network no ***redistribute *synchronization
*table-map
*timers
290
Rtr B
AS 1 Rtr A
router bgp 1 neighbor 10.1.1.2 remote-as 2
AS 2 Rtr B
router bgp 2 neighbor 10.1.1.1 remote-as 1
291
Rtr A
iBGP
Rtr C
eBGP
eBGP
Rtr B does not know about 172.16.0.0; therefore Rtr C should not advertise 172.16.0.0 to Rtr D
172.16.0.0
Rtr D
Redistribute 172.16.0.0 into IGP (not recommended); or use a full iBGP mesh and disable 12.2(8)TDefault changed to no synchronization synchronization (default)
292
1. Prefer the route with the largest weight 2. Prefer the route with the largest local preference 3. Prefer the route that was locally originated
via network, aggregate or redistribution from an IGP
293
5. Prefer the route with the lowest origin (IGP < EGP < Incomplete)
295
10.1.1.1 172.16.0.0
10.1.1.2
10.1.20.1 10.1.20.2
172.16.0.0 Next Hop = 10.1.1.1 Does Router C Know How to Get to the Next Hop?
296
AS 2
AS 2
AS 2 ^2 1$ ^1$ ^1$
AS 5
^3$ ^4 1$
AS 3
AS 1 10.1.0.0/24 10.1.1.1/24
^1$ AS 4
299
EGPe
NLRI is learned via eBGP
Incomplete?
NLRI is unknown; redistributing static into BGP
300
AS 1
172.16.1.0
301
302
Use of the as-set Command When Aggregating (Router C) Will Propagate the Path Information
RouterD# show ip bgp BGP table version is 6, local router ID is 4.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? incomplete Network Next Hop Metric LocPrf Weight Path *> 160.0.0.0/8 4.4.4.1 0 300 i
304
AS 1
AS 1 Wants to Adjust the BGP Attributes of the Underlined Routes; How Can We Do That? AS-Path? Prefix and Mask?
306
AS 1
rtrA#sh ip bgp 172.16.1.0 BGP routing table entry for 172.16.1.0/24, version 7 Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 172.10.2.2 172.10.6.6 254 10.1.1.1 from 10.1.1.1 (199.172.15.254) Origin IGP, metric 0, localpref 100, valid, external, best Community: 65546
309
ip bgp-community new-format (global configuration) rtrA#sh ip bgp 172.16.1.0 BGP routing table entry for 172.16.1.0/24, version 7 Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 172.10.2.2 172.10.6.6 254 10.1.1.1 from 10.1.1.1 (199.172.15.254) Origin IGP, metric 0, localpref 100, valid, external, best Community: 1:10
310
TECCCIE-3000_c3
Cisco Public
311
Aggregate Addresses
Used to minimize the size of the routing table
Combines characteristics of several routes to allow a single route to be advertised
RTB# router bgp 200 neighbor 3.3.3.1 remote-as 300 network 160.10.0.0 RTC# router bgp 300 neighbor 3.3.3.3 remote-as 200 neighbor 2.2.2.2 remote-as 100 network 170.10.0.0 aggregate-address 160.0.0.0 255.0.0.0
312
313
Question: Advertise the aggregate route 132.0.0.0/8 into AS 3. Ensure that the aggregate address and only 132.108.10.0/24 is allowed through to AS 3
314
315
AS 1 Rtr A
router bgp 1 neighbor 10.1.1.2 distribute-list 1 in
AS 2 Rtr B
router bgp 2 neighbor 10.1.1.1 distribute-list 2 out
AS 1 Rtr A
router bgp 1 neighbor 1.1.1.2 filter-list 1 in ip as-path access-list 1 deny ^2$ (deny routes belonging to AS 2) ip as-path access-list 1 permit .*
AS 2 Rtr B
router bgp 2 neighbor 1.1.1.1 filter-list 2 out ... ip as-path access-list 2 permit ^$ (allow routes from this AS only)
Route-Map Overview
Route Maps Route-maps are very complex access-lists:
Access-lists have lines Route-maps contain statements Access-lists use addresses and masks Route-maps use match conditions With access-lists, there is an access-list number With route-maps, there is a route-map name Statements in route-maps are numbered
The default statement action is permit A route not matched by any statement is dropped
match ip address 1
routemap STOPUPDATES permit 20 accesslist 1 permit 170.16.0.0 0.0.255.255 Blocks Advertisement of Network 172.16.0.0 to Neighbor 2.2.2.2
321
Debugging BGP
TECCCIE-3000_c3
Cisco Public
322
Debugging
Test the IP connection between the BGP routers
Rtr B
AS 1
AS 2
If you can ping the remote endpoint then you can form a BGP connection
Rtr A#ping 1.1.1.2 Rtr B#ping 1.1.1.1
323
Debugging
Start with a Minimum BGP Configuration
Rtr B
AS 1 Rtr A#
router bgp 1 neighbor 1.1.1.2 remote-as 2
AS 2 Rtr B#
router bgp 2 neighbor 1.1.1.1 remote-as 1
324
Debugging
IF BGP Stat = Established Then Continue with Your BGP Configuration
Rtr A#show ip bgp neighbors
BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 1.1.1.2 BGP state = Established, table version = 1, up for 0:12:20 Last read 0:00:20, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 30 seconds Received 15 messages, 0 notifications, 0 in queue Sent 15 messages, 0 notifications, 0 in queue Connections established 1; dropped 0 Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Local host: 10.1.1.7, Local port: 11002 Foreign host: 10.1.1.1, Foreign port: 179
325
BGP Multipath
BGP Conditional Advertisement
326
Q and A
TECCCIE-3000_c3
Cisco Public
327
Recommended Reading
Internet Routing Architectures, Bassam Halabi, Cisco Press
Cisco BGP-4 Command and Configuration Handbook, William Parkhurst, Cisco Press
Session 7:
MPLS/VPN
TECCCIE-3000_c3
Cisco Public
329
Agenda
MPLS Technology Introduction
MPLS Network Ingredients Building MPLS Services
MPLS VPNs MPPS Layer 3 VPNs
330
TECCCIE-3000_c3
Cisco Public
331
VPLS
Traffic Engineer
IP+Optical GMPLS
SLA Guarantees
OAM
Traffic Classes
Provision Measure
Fast Convergence
High Availability
333
CustomerA
VM
MPLS Backbone
PE1 P1 P2 PE2
Internet
Provider Networks
PE5
P3 MPLS to IPsec/PE
PE3
P4
PE4
VM
VPN B
VM
Mobile Backhaul
HQ B VPN B
VPN C HQ C VPN C
334
TECCCIE-3000_c3
Cisco Public
335
Protocols
IGP: core routing protocol, OSPF, EIGRP, IS-IS Label Distribution Protocol (LDP) Multiprotocol e/iBGP Resource reservation (RSVP) protocol
MPLS label
Forwarding Equivalence Class (FEC) MPLS label MPLS label encapsulation
MPLS planes
MPLS control planes MPLS forwarding planes
336
337
PE
PE
RSVP
PE P PE
IGP
LDP
PE
IGP: OSPF, EIGRP, IS-IS on core facing and core links RSVP and/or LDP on core and/or core facing links MP-e/iBGP on PE devices
338
Uses per-interface or per-platform label space, each needing separate LDP sessions Label distribution protocols distribute labels for prefixes advertised by unicast routing protocols (OSPF, IS-IS, EIGRP, etc.) using LDP or BGP Multiple phases to establish a session & allocate labels so that traffic can be switched:
Discovery mechanisms Session establishment Label distribution and management Label binding advertisement (unsolicited or on-demand), distribution, liberal retention
339
Label # 20bits
EXP S
TTL-8bits
MAC Header
Label
340
341
LIB
MPLS Process
Forwarding plane consists of label imposition, swapping, and dispositionno matter what the control plane
Destination-based unicast/multicast
MFI
FIB
IP Traffic
342
0 1 0
128.89
171.69
343
0 1 0
128.89
171.69
Downstream Node Advertise Labels for Prefixes/FEC Reachable via that Device
344
0 0
128.89
171.69
345
Label Stacking
There may be more than one label in an MPLS packet
As we know labels correspond to forwarding equivalence classes
Examplethere can be one label for routing the packet to an egress point and another that separates a customer A packet from customer B Inner labels can be used to designate services/FECs, etc.
Outer label used to route/switch the MPLS packets in the network Last label in the stack is marked with EOS bit
Outer Label TE Label LDP Label VPN Label Inner Label IP Header
346
2. Ingress Edge LSR Receives Packet, Performs Layer 3 Value-Added Services, and Labels Packets
MPLS VPNs
TECCCIE-3000_c3
Cisco Public
348
L2 vs. L3 VPNs
Point-to-Point Layer 2 VPNs Customer endpoints (CPE) connected via Frame Relay DLCI, ATM VC or point-to-point connection No routing with the provider network. VPN CEs peer with each other, much better propagation delay Good for point to point L2 connectivity, provider will need to manually fully mesh end points if any-to-any connectivity is required Multipoint Layer 2 VPNs Customer endpoints (CPE) connected via Ethernet (VLAN or ethernet) Fully meshed, hub-spoke service possible w/o routing Layer 3 VPN Any access medium is supported Customer end points peer with providers routers @ L3 and exchange VPN site-routing information Reduced provisioning, Scales
350
MPLS L3 VPNs
TECCCIE-3000_c3
Cisco Public
351
Multicast
Hosting Intranet
VPN A VPN A VPN B Overlay VPN ACLs, ATM/FR, IP tunnels, IPSec, etc. requiring n*(n-1) peering points Transport dependent Groups endpoints, not groups Pushes content outside the network Costs scale exponentially NAT necessary for overlapping subnets Limited scaling, QoS Complexity
VoIP
Extranet
MPLS-Based VPNs Point-to-cloud single point of connectivity Transport independent Easy grouping of users and services
PE3
VRF VRF
PE1
MP-iBGPVPNv4
P3 iBGPVPNv4
PE2
CE1
VRF
CE2
1. 2. 3. 4.
VPN service is enabled on PEs VPN sites CE1 connects to a VRF enabled interface on a PE1 VPN site CE1 distributes routes to PE1 PE1 allocates VPN label for each prefix, redistributes routes into MP-iBGP, sets itself as a next hop and relays VPN site routes to PE3 5. PE3 distributes CE1s routes to CE2
353
P1
CE1
IGP/eBGP Net=16.1/16 IPv4 Route Exchange
P2 CE2 PE2
PE1
Route Distinguisher (RD): 8-byte fieldunique value assigned by a provider to each VPN to make different VPN routes unique VPNv4 address: RD+VPN IP prefix Route Target (RT): 8-byte field, unique value assigned by a provider to define the import/export rules for the routes from/to each VPN MP-iBGP: facilitates advertisement of VPNv4* prefixes + labels between BGP peers Virtual Routing Forwarding Instance (VRF): contains VPN site routes Multi-VRF CE: CE device supporting multiple VRFs w/o MP-iBGP & VPN labels
354
PE1
1. PE1 imposes pre-allocated label for the prefix 2. Core facing interface allocates IGP label
TECCCIE-3000_c3
Cisco Public
356
Deployment Example I:
CustomerA
MPLS Backbone
FR/ATM/ PE1 P1 P2 PE2
VPN A
VM
Provider Networks
MPLS to IPsec/PE
Branch Office
Internet
PE3
VM
VPN A
VM
L2 access
Multi-VRF-CE at distribution BGP/MPLS VPNs in core only Multi-VRF between core and distribution
CE (Multi-VRF)
L2 P Layer 3
PE w/VRF
L2
Enterprise-A Hub-2-US
Regional SP2 MPLS Core AS2
359
Terminology Reference
Terminology
AC
AS CoS Autonomous System (a Domain) Class of Service
Description
Attachment Circuit. An AC Is a Point-to-Point, Layer 2 Circuit Between a CE and a PE.
ECMP
IGP LAN LDP LER LFIB LSP LSR
NLRI
P Router PE Router PSN Tunnel
Terminology Reference
Terminology
Pseudo-Wire PWE3 QoS RD RIB RR RT RSVP-TE VPN
Description
A Pseudo-Wire Is a Bidirectional Tunnel" Between Two Features on a Switching Path. Pseudo-Wire End-to-End Emulation Quality of Service Route Distinguisher Routing Information Base Route Reflector Route Target Resource Reservation Protocol based Traffic Engineering Virtual Private Network
VFI
VLAN VPLS VPWS VRF VSI
170.1.9.9/24
Sw3
CE
SVI .30.9/24 VLAN_B
CE PE P P CE
VLAN_A
CE PE P PE PE
VLAN_C
Fa0/0 .25.5/24
Gi0/0 .30.3/24
MP-BGP/IGP/MPLS
IGP/MPLS IGP/MPLS
Static Route/No MPLS MPLS Static Route/No
R2
S0/0/0 .12.2/30
R5
R3
Gi0/1 .100.3/24
PE
Fa0/1 .100.5/24
VLAN_E
Fa0/0 150.1.YY.1/24
Backbone 1
S0/0/1 .12.1/30
R4
Fa0/1 .50.4/24
S0/0/0 .14.4/24
R1
Backbone 2
PE
VLAN_D
Sw1
Sw2
SVI .50.8/24
170.1.7.7/24
CE
SVI .50.7/24
363
364
Verification
R3: Verify VPNv4 routes are received from R4(PE): R3#sh ip route vrf ccie Routing Table: ccie S B C 170.1.9.9 [1/0] via 1.1.30.9 170.1.7.7 [200/0] via 1.1.4.4, 3d16h---Loopback intf.(Private Network) on Sw1 1.0.0.0/24 is subnetted, 2 subnets 1.1.30.0 is directly connected, GigabitEthernet0/0
R4: Verify VPNv4 routes are received from R3(PE): R3#sh ip route vrf ccie Routing Table: ccie 170.1.0.0/32 is subnetted, 2 subnets S B C 170.1.7.7 [1/0] via 1.1.50.7 170.1.9.9 [200/0] via 1.1.3.3, 3d16h---Loopback intf.(Private Network) on Sw3 1.0.0.0/24 is subnetted, 2 subnets 1.1.50.0 is directly connected, GigabitEthernet0/1
Further Reading
http://www.cisco.com/go/mpls
http://www.ciscopress.com MPLS and VPN Architectures Jim Guichard, Ivan PapelnjakCisco Press Traffic Engineering with MPLS Eric Osborne, Ajay SimhaCisco Press Layer 2 VPN Architectures Wei Luo, Carlos Pignataro, Dmitry Bokotey, Anthony ChanCisco Press MPLS QoSSantiago Alvarez-Cisco Press
366
Q and A
TECCCIE-3000_c3
Cisco Public
367
Session 8:
IP Multicast
TECCCIE-3000_c3
Cisco Public
368
Agenda
Multicast Concepts
PIM-SM Configuration and Verification Multicast Troubleshooting
369
Multicast At-a-Glance
PIM
IGMP
IGMP
370
2.
3.
4.
5.
371
Multicast Forwarding
TECCCIE-3000_c3
Cisco Public
372
373
374
375
TECCCIE-3000_c3
Cisco Public
376
Sparse mode
Uses pull model Traffic sent only to where it is requested Explicit join behavior
377
RP
378
Source
RP
Traffic Flow Shared Tree Source Tree (S, G) Register (S, G) Join
(unicast)
Receiver
379
Source
RP
Traffic Flow Shared Tree Source Tree (S, G) Register (S, G) Register-Stop
(unicast) (unicast)
Receiver
380
Source
RP
381
Source
RP
Receiver
382
Source
RP
Additional (S, G) State Is Created Along New Part of the Source Tree
383
Source
RP
Traffic begins Flowing Down the New Branch of the Source Tree
Receiver
Additional (S, G) State is Created Along the Shared Tree to Prune off (S, G) Traffic
384
Source
RP
(S, G) Traffic Flow Is Now Pruned off of the Shared Tree and Is Flowing to the Receiver via the Source Tree
385
Source
RP
(S, G) Traffic Flow Is No Longer Needed by the RP So it Prunes the Flow of (S, G) Traffic Receiver
386
Source
RP
(S, G) Traffic Flow Is Now Only Flowing to the Receiver via a Single Branch of the Source Tree
387
TECCCIE-3000_c3
Cisco Public
388
R4
R3
S0/1 10.2.2.3/24 ip pim sparse-mode
R2
R1
389
R4
R3
S0/1 10.2.2.3/24 ip pim sparse-mode
R2
R1
390
R4
R3
S0/1 10.2.2.3/24 ip pim sparse-mode
R2
r2# show ip pim interface Address Interface 10.1.1.2 10.2.3.2 10.2.2.2 Ethernet0/0 Serial0/0 Serial0/1
DR Prior 1 1 1
R4
R3
S0/1 10.2.2.3/24 ip pim sparse-mode
R2
r2# show ip pim neighbor PIM Neighbor Table Neighbor Interface Address 10.1.1.1 Ethernet0/0 10.2.3.4 Serial0/0 10.2.2.3 Serial0/1
DR Priority/Mode 1 / B S 1 / DR B S 1 / DR B S
392
393
R4
R3
MA
RP
R2
ip pim send-rp announce loopback 0 scope 16
R1
394
Group(s) 224.0.0.0/4 RP 10.1.22.22 (r2), v2v1 Info source: 10.1.44.44 (R3), via Auto-RP R4 Uptime: 00:02:19, expires: 00:02:38
R3
MA
RP
R2
ip pim send-rp announce loopback 0 scope 16
R1
395
R4
R3
MA
RP
R2
ip ip pim rp mapping r3# showpim send-rp announce loopback 0 scope 16 PIM Group-to-RP Mappings This system is an RP-mapping agent (Loopback0) Group(s) 224.0.0.0/4 RP 10.1.22.22 (r2), v2v1 Info source: 10.1.22.22 (R2), via Auto-RP R1 Uptime: 00:02:55, expires: 00:02:00
396
R4
R3
MA
RP
R2
ip pim send-rp announce loopback 0 scope 16
R4
R3
BSR
RP
R2
ip pim rp-candidate loopback 0
R1
398
R3
BSR
RP
R2
ip pim rp-candidate loopback 0
R1
399
R4 Cand_RP_advertisement
R3
BSR
RP
R2
ip pim rp-candidate loopback 0
R1
400
401
RP1 A
ip pim rp-address 10.1.1.1
MSDP
RP2 B
ip pim rp-address 10.1.1.1
Interface loopback 0 ip address 10.1.1.1 255.255.255.255 Interface loopback 1 ip address 10.0.0.2 255.255.255.255 ! ip msdp peer 10.0.0.1 connect-source loopback 1 ip msdp originator-id loopback 1
Interface loopback 0 ip address 10.1.1.1 255.255.255.255 Interface loopback 1 ip address 10.0.0.1 255.255.255.255 ! ip msdp peer 10.0.0.2 connect-source loopback 1 ip msdp originator-id loopback 1
402
References
Developing IP Multicast Networks; Beau Williamson, Cisco Press
Routing TCP/IP Volume II; Jeff Doyle, Cisco Press
ftp://ftpeng.cisco.com/ipmulticast/trai ning/index.html
Session 9:
Quality of Services
TECCCIE-3000_c3
Cisco Public
404
Classification/Marking
Queuing Policing/Shaping
References
405
406
Congestion Points
Aggregation Speed Mismatch
10 Mbps
LAN to WAN
10 Mbps
1000 Mbps
64 Kbps
Group flows into aggregatesA collection of packets crossing a link in a particular direction
408
409
DiffServ Architecture
410
DSCP value range: aaadd0 where aaa is a binary value of the class and dd is the drop probability
411
412
DSCP Usage
DSCP selects the per-hop behavior (PHB) throughout the network:
Default PHB 000000 Class Selector PHBmaps to IP Precedence Assured forwarding PHB (AF) Expedited forwarding PHB (EF)
413
DSCP
DS Field
DSCP
ECN
415
Configuring class-map
Creates a named traffic class
Specifies packet-matching criteria that identifies packets belonging to a class class-map <class-name> match <match-criteria>
416
match-any vs match-all
Define classes consisting of multiple match criteria class-map match-any <class-name>
match <match-criteria-1>
match <match-criteria-n> match-anyWhen only one match criterion must be met for a packet to match the specified traffic class match-alWhen all match criteria must be met for a packet to match the traffic class. Default when not configured
417
access-list 101 permit ip 10.1.0.0 0.0.0.255 any access-list 102 permit ip 10.2.0.0 0.0.0.255 any
418
class-default class
Implicit pre-existing classNo need to be configured Contains traffic not matching any user-defined class
419
Understanding policy-map
Named object representing a set of policies that are to be applied to a set of traffic classes
e.g. Police traffic class to some maximum rate e.g. Guarantee traffic minimum bandwidth policy-map <map-name> class <class-map-name-1> <policy-1> <policy-n> class <class-map-name-n> <policy-n>
420
421
service-policy Command
Used to attach a policy-map and thereby the associated policies to an interface, subinterface, PVC, etc.
Indicate input or output direction
422
Hierarchical Policies
423
Hierarchical Policies
Configure the child or second-level policy policy-map child class http bandwidth <bw specification> class ftp
424
425
Classification/Marking Options
Ip precedence/DSCP Values
Other Values
Layer 2802.1Q, ISL, CLP Bit, DE Bit MPLSExperimental Bits NBAR (L4, dynamic ports) TraditionalACLs, qos-group
426
Layer 2 ISL
ISL Header 26 Bytes
Three Bits (3 LSB of User Field) Used for CoS FCS 4 Bytes
Encapsulated Frame
Layer 2 802.1Q/p
PREAM. SFD DA SA TAG 4 Bytes PT
Three Bits Used for CoS (User Priority bits) DATA FCS
427
Marking Options
Marking Can Be Done via
CAR (Committed Access Rate) CBpolicing
CBmarking
PBR (Policy Based Routing) QPPB (QoS Policy Propagation via BGP)
428
Classification Options
router(config-cmap)#match ? access-group Access group any Any packets class-map Class map cos IEEE 802.1Q/ISL class of service/uses priority values destination-address Destination address input-interface Select an input interface to match ip IP specific values (prec, dscp, rtp) mpls Multi Protocol Label Switching specific values not Negate this match result protocol Protocol qos-group Qos-group source-address Source address
429
Queuing
Queuing + Scheduling = Congestion Management
Buffering packets in queues Scheduling packets out of the queues
Outbound Packets
Scheduler
Scheduling
Congestion management controls congestion by determining the order in which packets are sent from different queues out an interface based on packet priorities.
Scheduling policy specifies how packets of different classes are served with respect to each other. Example scheduling policies include FIFO and WFQ
431
Backpressure
Backpressure is the term used for the mechanism which triggers the congestion management (queuing and scheduling)
Backpressure comes from
tx-ring of an interface is full
Token-bucket of a shaper is empty Others (platform specific like tofab queuing on GSR)
432
Whats a txQ ?
Every interface has 2 sets of queues Software queues ( FIFO, WFQ, )
Any type of software queuing other than FIFO is also referred to as FANCY Queuing
Software Q n
Wire Signal
433
class class-default
bandwidth 750
434
CBWFQMQC Verification
#sh policy-map interface e1/1
Ethernet1/1 Service-policy output: mypolicy
435
436
priority 512
class Silver bandwidth 256 class class-default random-detect
Verification
show policy-map interface
437
Data Lost
Traffic Rate
Policing
Time
Traffic
Traffic
Data Preserved
Traffic Rate
Shaping
Time
Time
438
Traffic Shaping
GTS, FRTS, CBshaping: Token bucket + queue Conform/exceed actions are always transmit/queue
439
Token Bucket
Tc=Bc/CIR : Time Interval Between 2 Replenishments of Token Bucket (with Bc tokens)
The Packets are Sent at Access Speed as Long as There are Enough Tokens
440
TcIntervalHypothetical Example
Rate (Mbps)
1
Bc Bc
Tc1
Tc2
Tc3
Time (s)
If there is continuous traffic, then on average we achieve a shaped rate of 1M (2M during 1/2s, every second = 1Mbps)
441
BeExcess Burst
Token Bucket Dimensioning:
Every Tc, we add Bc tokens Allow the token bucket to grow as deep as Be + Bc if not all Bc tokens are used in an interval
Be
Bc
442
Class-Based Shaping
Shaping on a class via MQC (shape command) Classification with extensive MQC match criteria (e.g. NBAR) Shaping queue is WFQ, CBWFQ, or LLQ Two forms:
shape average
shape peak
443
Average rate shaper must be idle for some time to build Be with unused tokens added by Bc
Peak rate shaper gets increment of Bc + Be per Tc and does not need to be idle
444
Target
Rate 241000 Queue Depth 41
Byte Sustain
1928 7712
Excess
7712
CBpolicingActions
R2(config-pmap-c)#police 30000 conform-action ? drop drop packet exceed-action action when rate is within conform and conform + exceed burst set-clp-transmit set atm clp and send it set-discard-class-transmit set discard-class and send it set-dscp-transmit set dscp and send it set-frde-transmit set FR DE and send it set-mpls-exp-imposition-transmit set exp at tag imposition and send it set-mpls-exp-topmost-transmit set exp on topmost label and send it set-prec-transmit rewrite packet precedence and send it set-qos-transmit set qos-group and send it transmit transmit packet
446
Multi-Action Policers
Two or more set parameters as a conform, exceed or violate action policy-map QOS class class-default police cir 80000 pir 100000 conform-action transmit exceed-action set-prec-transmit 4 exceed-action set-frde-transmit violate-action set-prec-transmit 2 violate-action set-frde-transmit
447
Hierarchical Policer
Policy Map outer_police Class class-default police cir 110000 bc 5000 be 5000 conform-action transmit exceed-action drop violate-action drop service-policy inner_police Policy Map inner_police Class ef police cir 10000 bc 1500 conform-action transmit exceed-action drop
448
Trust Boundaries
Endpoints Access Distribution Core
WAN Aggregation
3
Trust Boundary A device is trusted if it correctly classifies packets For scalability, classification should be done as close to the edge as possible The outermost trusted devices represent the trust boundary 1 and 2 are optimal, 3 is acceptable (if the access switch cannot perform classification)
449
Catalyst QosGotchas
Understand the concept of (un)trusted ports
mls qos needs to be enabled first in global config mode Most catalysts have their own CLI for configuring various features (e.g. queuing)not always MQC! Every catalyst model has its own restrictions and qos featureset
Be familiar with 3550 and 3560 specific implementations Read UCD!
450
Classification/ Reclassification
Identify and Class Traffic with an Internal DSCP or Trust Existing QoS Value and Map to Internal DSCP Done on a per Interface Basis
QOS3560 Switch
Packets are assigned an internal QoS label
Queuing is done via SRR (Shaped Round Robin)
Egress Queues Policer Policer Classify Policer Marker Marker Marker Marker SRR SRR
Ingress Queues
Policer
452
References
End-to-End QoS Network Design Quality of Service in LANs, WANs, and VPNs, by Tim Szigeti, Christina Hattingh
http://www.cisco.com/univercd/cc/td/doc/product/ software/ios124/index.htm http://www.cisco.com/univercd/cc/td/doc/product/lan/ c3550/index.htm
http://www.cisco.com/univercd/cc/td/doc/product/lan/ cat3560/index.htm
www.cisco.com/go/qos
453
Q and A
TECCCIE-3000_c3
Cisco Public
454
Session 10:
Troubleshooting
TECCCIE-3000_c3
Cisco Public
455
Agenda
Overview
Troubleshooting approach Sample scenario
456
Overview
The minimally qualified Routing and Switching CCIE can abstract functional elements of a complex network environment, understand how infrastructure components interoperate, grasp subtle issues, perceive problem areas, and quickly resolve problems. The experts fluency makes them ideally suited for configuring and validating implementations, troubleshooting critical network issues, and participating in network design teams.
Definition of a Minimum Qualified R&S CCIE Candidate (from the Exam Design Session)
457
Troubleshooting Approach
When analyzing a problem you should consider the following facts:
Make sure you have a clear definition of the problem. Gather all the relevant facts and consider the likely possibilities.
Create and implement an action plan and then observe the results.
If the symptoms do not stop try another action plan and gather additional facts. If you try one thing and it doesnt work you should take that configuration or feature off. In case you make the situation worse, always keep the basic and get back to a known position. If the symptoms do stop, document how you fixed the problem.
458
.0.113/28
Lo0= .1.1/32
OSPF Area 0
Lo0= .1.3/32
R1
OSPF Area 3
Frame Relay
459
OSPFv3
R8 Lo0: 2001:333:600::6 S2/0: 2001:303:100::6
EIGRPv6
R6
E1/0: 2001:300:608::6
460
Possible cause(s) Address configuration Routing protocols configuration Redistribution configuration Other?
Issue: R1#ping ipv6 2001:200:208::8 <> ..... IPv6 ping fails Success rate is 0 percent (0/5) Verification: R1#ping ipv6 2001:200:208::8 !!!!! IPv6 ping success
461
Q and A
TECCCIE-3000_c3
Cisco Public
462