Network Routing Protocols - A Brief

2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Advanced Routing Technologies

Session 2200
2200 1303_06_2000_c2
Agenda
Background Host Interaction Too Much Information Multi-Routing-Protocol Redistribution Policy Routing Internet
2200 1303_06_2000_c2
Background
2200 1303_06_2000_c2
CCIE Credo
Just because you can, doesnt mean you should.
2200 1303_06_2000_c2
Router Functions
Routing = building maps and giving directions Switching = forwarding packets between interfaces Routers are packet relays or switches Path determination is overhead
2200 1303_06_2000_c2
Routing Protocols
Routers are packet switches that forward traffic based on Layer 3 logical addresses Routing protocol updates are exchanged by routers to learn about paths to other logical networks Each routing protocol offers features that can make it desirable as part of an internetwork design
I Know About: Network A Network B Network C I Know About: Network X Network Y Network Z
A B C
2200 1303_06_2000_c2
Routing Update
X Y
Exchanges Network Knowledge

Z
7
Internet Routing Protocols

IP routing protocols are characterized as
Name RIP RIPV2 IGRP EIGRP OSPF IS-IS BGP
2200 1303_06_2000_c2
Type DV DV DV Adv DV LS LS Path Vec
Proprietary Function Updates Metric No No Yes Yes No No No Interior Interior Interior Interior Interior Interior Exterior 30 Sec 30 Sec 90 Sec Trig Trig Trig Incr Hops Hops Comp Comp Cost Cost N/A
VLSM No Yes No Yes Yes Yes Yes
Summ Auto Auto Auto Both Man Auto Auto
The Forwarding Table

Src
D O R C
Network #
198.113.181.0/24 198.113.178.0/26 192.168.96.0/24 192.150.42.178/25
Dist/Metric
[170/304793] [110/9936] [120/3]
Next Hop
Age
Interface
Ethernet0 Ethernet0 Ethernet0 Ethernet0
192.150.42.177 02:03:50 192.150.42.177 02:03:50 192.150.42.177 00:00:20 Direct Connect
Populated by
Hardware State Configuration Routing Protocols
2200 1303_06_2000_c2
The Forwarding Table

Configuration defines what protocol processes run, which interfaces they own, and how they process protocol data Each routing protocol process
Creates its own tables and databases Receives protocol packets and processes them Tries to insert the results into the forwarding table
2200 1303_06_2000_c2
IOS
Src Src
D D O O R R C C
Network Network# #
198.113.181.0/24 198.113.181.0/24 198.113.178.0/26 198.113.178.0/26 192.168.96.0/24 192.168.96.0/24 192.150.42.178/25 192.150.42.178/25
Dist/Metric Dist/Metric
Next Next Hop Hop
Age Age
Interface Interface
[170/304793] [170/304793] 192.150.42.177 192.150.42.177 [110/9936] [110/9936] [120/3] [120/3] 192.150.42.177 192.150.42.177 192.150.42.177 192.150.42.177 Direct Direct Connect Connect
02:03:50 02:03:50 Ethernet0 Ethernet0 02:03:50 02:03:50 Ethernet0 Ethernet0 00:00:20 00:00:20 Ethernet0 Ethernet0 Ethernet0 Ethernet0
10
Host Interaction
2200 1303_06_2000_c2
11
How Hosts Transmit

Using default-gw:
Compare DA to interfaces and masks If local, get L2 data via arp and transmit Else get L2 data of default router via arp and transmit
Using tables:
Search table for longest match use next hop Local is a special case, next hop is DA If no match use default route for next hop Get L2 data of next hop via arp and transmit
12
Note: Simplified
2200 1303_06_2000_c2
Proxy ARP
10.1.1.2/16
10.1.1.1/24
ARP for 10.1.2.2 Respond to ARP Packet for 10.1.2.2
Router responds to ARPs for off subnet addresses if it has a route Enabled by default RFC 1027
2200 1303_06_2000_c2
13
ICMP Redirects
Cisco routers send ICMP redirects when:
The input interface is the output interface and the (sub)network of the source IP address is the same (sub)network of the next-hop IP address of the routed packet and the datagram is not source-routed and the system is configured to send redirects. (On by default) You can use the interface subcommand no ip redirects to disable ICMP redirects.)
Note: ICMP redirects are disabled by default if HSRP is configured on the interface
2200 1303_06_2000_c2
14
Find a Default Router
10.1.1.4/16
10.1.1.1/24
10.1.1.2/24
I am default I am default Are there any routers?
IRDPICMP Router Discovery Protocol, RFC 1256 Routers periodically announce via ICMP that they are default Clients can solicit routers as well
2200 1303_06_2000_c2
15
IRDP on Routers
Announcements have a lifetime and preference Configured per interface; off by default Can advertise via all systems multicast (224.0.0.1) Preference level can be set
ip irdp [ multicast holdtime seconds (3X max) maxadvertinterval seconds (600) minadvertinterval seconds (3/4X max) preference number (0) address address [number]]
2200 1303_06_2000_c2
16
IRDP on Hosts
in.rdisc in Solaris (multicast only) gated in Linux, HP-UX and AIX
routerdiscovery client yes | no | on | off ;
WinSock2 in Windows
NT 4.0 KB Article Q223756
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\adaptername\Parameters\Tcpip\
DHCP option 31
2200 1303_06_2000_c2
17
HSRPHot Standby Router Protocol
10.1.1.33
10.1.1.2 00:10:7B:04:88:CC 10.1.1.1 00:10:7B:04:88:AA
10.1.1.3 00:10:7B:04:88:BB
default-gw = 10.1.1.1
Transparent failover of default router Phantom router created One router is active, responds to phantom L2 and L3 addresses
Others monitor and take over phantom addresses
2200 1303_06_2000_c2
18
HSRPRFC 2281
HSR multicasts hellos every 3 sec with a default priority of 100 HSR will assume control if it has the highest priority and preempt configured after delay (default=0) seconds HSR will deduct 10 from its priority if the tracked interface goes down
2200 1303_06_2000_c2
Router Group #1 Primary
Standby Standby
Primary
Standby Router Group #2
19
HSRP
Hot Standby Router Protocol
Router1:
interface ethernet 0/0 bandwidth 128 ip address 169.223.10.1 255.255.255.0 standby 10 ip 169.223.10.254
Router Router 1 1 Router Router 2 2
Internet or ISP backbone
Router2:
interface ethernet 0/0 bandwidth 1500 ip address 169.223.10.2 255.255.255.0 standby 10 priority 150 preempt delay 10 standby 10 ip 169.223.10.254 standby 10 track serial 0 60
2200 1303_06_2000_c2
Server Systems
20
Speak RIP to Hosts
Using EIGRP but hosts run RIP Router can:

RIP out, but not in Advertise default only
2200 1303_06_2000_c2
router rip network 172.16.0.0 redistribute eigrp 1 subnets router eigrp 1 network 172.16.0.0
21
IP Broadcast Control
Subnet or directed broadcast->w.x.y.255 All net broadcast->255.255.255.255 IP directed broadcasts are dropped by default ip helper-address forwards ip forward-protocol packets ip directed-broadcast floods ip forward-protocol packets To be forwarded:
The packet must be a MAC-level broadcast. The packet must be an IP-level all or major network broadcast. The packet must be a TFTP, DNS, Time, NetBIOS, ND, or BOOTP packet, or a UDP protocol specified by the ip forward-protocol udp global configuration command. The time-to-live (TTL) value of the packet must be at least two.
2200 1303_06_2000_c2
22
IP Helper Address
Specified on the input interface Indicates direction toward broadcast destination Forwards ip forward-protocol broadcast packets, specifically:
TFTP, DNS, bootp, DHCP, TACACS, time, NetBIOS name and datagram servers
Router A: interface ethernet 0 ip helper-address 10.2.1.3
2200 1303_06_2000_c2
e0
A
TFTP server 10.2.1.3

23
IP Forward Protocol
Flooded UDP packets have destination address changed to ip broadcast-address ip forward-protocol spanning-tree
uses spanning tree database for flooding
ip forward-protocol turbo-flood
speed-up if using spanning tree flooding
Example:
ip forward-protocol spanning-tree bridge 1 protocol dec access-list 201 deny 0x0000 0xFFFF interface ethernet 0 bridge-group 1 bridge-group 1 input-type-list 201
2200 1303_06_2000_c2
24
UDP Broadcast Application
Feed network provides data TIC servers UDP broadcast data Feed network connected to routers for management
2200 1303_06_2000_c2
Feed Network
200.200.200.0
TIC Servers .61 A
e0
e0 B
164.53.7.0 .62
164.53.8.0
164.53.9.0
164.53.10.0
Trader Networks
25
Helper Addresses
IP helper added to router interfaces on TIC network Each router sees the other routers broadcasts Each station receives multiple copies of data
2200 1303_06_2000_c2
Feed Network
200.200.200.0
TIC Servers .61 A B
164.53.7.0 .62
164.53.8.0
164.53.9.0
164.53.10.0
Trader Networks
26
UDP Forward Protocol

Configure spanning tree Filter non-routed protocols STP path costs set
A = 100 default B = 50
164.53.8.0 164.53.9.0 164.53.10.0
Feed Network
200.200.200.0
TIC Servers .61 A B
164.53.7.0 .62
Router A default router

IRDP preference
2200 1303_06_2000_c2
Trader Networks
27
Router A Configuration
ip forward-protocol spanning-tree ip forward-protocol udp 111 ! interface ethernet 0 ip address 200.200.200.61 255.255.255.0 ip broadcast-address 200.200.200.255 ! interface ethernet 1 ip address 164.53.7.61 255.255.255.192 ip broadcast-address 164.53.7.63 ip irdp preference 100 bridge-group 1 bridge-group 1 input-type-list 201 ! bridge 1 protocol dec bridge 1 priority 255 access-list 201 deny 0xFFFF 0x0000
2200 1303_06_2000_c2
28
Router B Configuration
ip forward-protocol spanning-tree ip forward-protocol udp 111 ! interface ethernet 0 ip address 200.200.200.62 255.255.255.0 ip broadcast-address 200.200.200.255 ! interface ethernet 1 ip address 164.53.7.62 255.255.255.192 ip broadcast-address 164.53.7.63 ip irdp preference 90 bridge-group 1 bridge-group 1 path-cost 50 bridge-group 1 input-type-list 201 ! bridge 1 protocol dec bridge 1 priority 255 access-list 201 deny 0xFFFF 0x0000
2200 1303_06_2000_c2
29
Secondary Addresses
More than one IP address on an interface Every router on the broadcast media must be part of all networks For RIP and IGRP, each address will broadcast routing tables Also called multinetting
2200 1303_06_2000_c2
30
Secondary Addressing
172.16.1.1 172.17.2.1 172.16.1.64 172.16.1.2 172.17.2.2 172.17.2.21
Useful in switched networks

Router may relay packets, acting as a default gateway Host may communicate directly, using ARP for learning All routers on the same subnet must be part of all secondary networks
2200 1303_06_2000_c2
31
Too Much Information

Static Routes
2200 1303_06_2000_c2
32
Static Routes
Routes configured manually Useful when few or just one route exist Can be administrative burden Frequently used for default route Two formats:
Outbound interface Explicit next hop (not always adjacent)
2200 1303_06_2000_c2
33
Redistributing Static Routes

Redistributed via network statement
If next hop is interface and network specd
ip route 172.16.1.0 255.255.255.0 ethernet 0 router xxxx network 172.16.0.0
Redistributed if so configured
router xxxx redistribute static
2200 1303_06_2000_c2
34
Floating Static Routes
A static route with a high distance Can be overridden by dynamic info

E1 172.16.3.2 ISDN 172.16.3.1 172.16.1.0
ip route 172.16.1.0 255.255.255.0 172.16.3.1 140 router rip network 172.16.0.0

2200 1303_06_2000_c2
35

Default Routes
2200 1303_06_2000_c2
36
Default Routes
Route used if no match is found in forwarding table Can be carried by routing protocols Two models
Special network number: 0.0.0.0 Flagged in routing protocol
CITY
WORLD
Protocols support multiple models

2200 1303_06_2000_c2
37
Creating a Default Route

default-gateway is for host mode RIP, RIPv2: network 0.0.0.0 IGRP, EIGRP: ip default-network OSPF, ISIS, BGP: default originate
2200 1303_06_2000_c2
38
Default Subnet
Two defaults
For unknown networks For unknown subnets
Controlled by ip classless
172.16.1.0
s0 172.16.0.0
s1 Internet
2200 1303_06_2000_c2
39
RIP Example
10.64.0.2/24
10.1.0.0/24 172.68.0.0/24
10.64.0.1/24
router rip network 10.0.0.0 network 172.68.0.0 ! ip default-network 10.0.0.0
Gateway of last resort is 10.64.0.2 to network 0.0.0.0 R C C R* 172.68.0.0/16 [120/1] via 10.64.0.2, Ethernet0/1 10.0.0.0/24 is subnetted, 2 subnets 10.1.0.0 is directly connected, Ethernet0/0 10.64.0.0 is directly connected, Ethernet0/1 0.0.0.0/0 [120/1] via 10.64.0.2, Ethernet0/1
ip route 0.0.0.0 0.0.0.0 172.68.1.1 would also work
2200 1303_06_2000_c2
40
OSPF Example
Service Provider Running BGP ISP AS 200
10.1.1.0/23
OSPF 19.0.0.0
SO 10.1.1.1 10.1.1.2
ip route 0.0.0.0 0.0.0.0 serial 0 router ospf 1 network 19.0.0.0 0.225.225.225 area 0 default-information originate always
OSPF default configuration using a static route

2200 1303_06_2000_c2
41
EIGRP Example
Service Provider Running BGP ISP AS 200
10.1.1.0/23
EIGRP 19.0.0.0
SO 10.1.1.1 10.1.1.2
ip route 10.0.0.0 0.0.0.0 serial 0 router eigrp 1 network 19.0.0.0 ip default-network 10.0.0.0 The default network of 0.0.0.0 used by RIP cannot be redistributed by IGRP or Enhanced IGRP
2200 1303_06_2000_c2
42
ISIS Example
Service Provider Running BGP
ISIS 19.0.0.0
L1
19.1.1.1 19.1.1.2
L1L2
ISIS
S1 19.0.0.0
ip route 0.0.0.0 0.0.0.0 s1 router isis network 19.0.0.0 default-information originate

L1 default is nearest L1L2 router Both L1 and L2 ISs can generate a default route A L1 IS will always prefer a L1 default route before using the closest L2 capable IS
2200 1303_06_2000_c2
43
BGP Example
Service Provider Running BGP IGP 19.0.0.0
iBGP 19.1.1.1 19.1.1.2
eBGP
router bgp 164 default-information originate
Allows redistribution of 0.0.0.0 Same as adding network 0.0.0.0

2200 1303_06_2000_c2
44
Conditional Default
ip prefix-list cond permit 10.1.1.0/24 ! route-map def-cond permit 10 match ip address prefix-list cond ! router rip default-information originate route-map def-cond
Inserts a default route if the condition in the route map is met In this case, if network (prefix) 10.1.1.0/24 is present, advertise a default
2200 1303_06_2000_c2
45

Route Summarization
2200 1303_06_2000_c2
46
What Is Route Summarization?

172.16.25.0/24
I Can Route to the 172.16.0.0/16 Network
172.16.26.0/24
A Routing Table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24 Routing Table 172.16.0.0/16
172.16.27.0/24
Routing protocols can summarize addresses of several prefixes into one prefix This helps control resource usage
2200 1303_06_2000_c2
47
Route Summarization
172.16.0/17 172.16.128/17
192.111.107/24
Route Summaries 172.16.0.0 255.255.0.0 192.111.107.0 255.255.255.0
By default summaries occur on classful boundariesno auto-summary prevents this

2200 1303_06_2000_c2
48
RIP Summarization Example

int E1 ip address 10.1.1.1 255.255.255.0 ip summary-address rip 10.2.0.0 255.255.0.0 no ip split-horizon router rip network 10.0.0.0
The major network is 10.0.0.0 a Class A address space The summary of the major net defines the prefix as implied by the class (A, B, or C) of the address The summary address 10.2.0.0 overrides the autosummary address of 10.0.0.0 10.2.0.0 is advertised out interface E1 10.0.0.0 is not advertised
2200 1303_06_2000_c2
49
OSPF Inter-Area Summarization

Area 1 A 128.213.64..95/24 B Area 0 C Area 2 D 128.213.96..127/24
128.213.96.0/19 128.213.64.0/19
Summaries sent into backbone

B# router ospf 100 area 1 range 128.213.64.0 255.255.224.0
2200 1303_06_2000_c2
50
EIGRP Summarization
e1 A 128.213.64..95/24 B e0 C D 128.213.96..127/24 128.213.96.0/19 128.213.64.0/19 B# interface ethernet 0 ip summary-address eigrp 123 128.213.64.0 255.255.224.0 C# interface ethernet 1 ip summary-address eigrp 123 128.213.96.0 255.255.224.0
Configured on an interface basis EIGRP summary routes are given a distance of 5

2200 1303_06_2000_c2
51
ISIS Summarization
from L1 areas into the L2 backbone, from L2 leaking down into L1 areas, or when redistributing into L2 or L1
router isis summary address 192.1.0.0 255.255.0.0
2200 1303_06_2000_c2
52
BGP Aggregation
Summarization based on specifics from the BGP routing table aggregate-address w.x.y.z mask {as-set} {summary-only} {routemap} Use as-set to include path and community info from specifics summary-only suppresses specifics route-map sets other attributes
2200 1303_06_2000_c2
53
BGP Summarization Examples

Redistribute summary 193.0.0.0
ip route 193.0.0.0 255.0.0.0 null 0 router bgp 100 redistribute static
Advertise aggregate if BGP has any more specific

router bgp 100 aggregate-address 193.0.0.0 255.0.0.0
Aggregate only, more specific routes suppressed

router bgp 100 aggregate-address 193.0.0.0 255.0.0.0 summary-only
2200 1303_06_2000_c2
54

Filtering Route Data
2200 1303_06_2000_c2
55
Passive Interface
Prevents routing updates from being transmitted out an interface Dont waste resources generating updates on interfaces that have no need for them (loopback) Can also use passive-interface default
s0
router xxx passive interface serial 0 neighbor w.x.y.z

2200 1303_06_2000_c2
56
Route Filtering
Selectively announce routes, per neighbor
Hide part of the topology/connectivity
Network X
Selectively accept routes, per neighbor

Refuse erroneous make-believe announcements Protect against redistribution loops
Route filter with distribute-list command Can filter anywhere in distance-vector protocols:
RIP, IGRP, EIGRP, RIPv2 and BGP
Advertise B and Y
Network A
Can filter at redistribution points between any protocols:

RIP, EIGRP, OSPF, IGRP, IS-IS, BGP, Static, etc.
Advertise B and X
Network B
Use route-maps at redistribution points

Based on extended access-lists for route prefixes Based on tags of route origin or history Based on AS filters in BGP
2200 1303_06_2000_c2
Network Y
57
Filtering Incoming Updates

Control input of routing data
10.0.0.0 172.16.1.0 10.0.0.0 129.1.1.0
s0 Partner Network
distribute list 1 in serial 0 access-list 1 permit 129.1.0.0 access-list 1 deny 0.0.0.0 255.255.255.255
2200 1303_06_2000_c2
58
Filtering Outgoing Updates

Useful to propagate default route
s0
router eigrp 111 network 128.1.0.0 distribute list 1 out serial 0 access-list 1 permit 128.1.0.0 0.0.0.0 ip default network 128.1.0.0
2200 1303_06_2000_c2
59
Precedence of Filters
Filter routing updates in or out bound Interface specific or global Evaluation order: interface, global Example:
access-list 1 deny 1.0.0.0 0.255.255.255 access-list 2 permit 1.2.3.0 0.0.0.255 router rip distribute-list 1 in ethernet 0 distribute-list 2 in
List 2 is overridden on interface ethernet 0

2200 1303_06_2000_c2
60
ACL Oversights
Access control lists can filter routing updates
RIP RIPv2 IGRP EIGRP OSPF ISIS BGP
2200 1303_06_2000_c2
UDP Port 520 UDP Port 520 IP Protocol Field 9 IP Protocol Field 88 IP Protocol Field 89 SAP 0xFEFE; Protocol 83 TCP Port 179
255.255.255.255 224.0.0.9 (Default) 255.255.255.255 255.255.255.255 224.0.0.10 224.0.0.5 (AllOSPFRouters) 224.0.0.6 (DRRouters) 01:80:C2:00:00:15 Neighbor Address
61
Secure Routing Route Authentication

Configure: Key and Hash Function
Campus
Signs Route Updates
Signature Route Updates
Verifies Signature
Certifies authenticity of neighbor and integrity of route updates

2200 1303_06_2000_c2
62
Signature Generation
Routing Update
Router A
Hash Function
Hash
Signature
Routing Update
Signature
Signature = Encrypted Hash of Routing Update

2200 1303_06_2000_c2
63
Signature Verification
Router B
Signature Routing Update
Receiving Router Separates Routing Update and Signature
Routing Update Signature Decrypt Using Preconfigured Key Hash If Hashes Are Equal, Signature Is Authentic
2200 1303_06_2000_c2
Re-Hash the Routing Update

Hash Function
Hash
64
Authentication in RIPv2
key chain kal key 1 A key-string 234 ! interface Serial2 ip rip authentication mode md5 ip rip authentication key-chain kal ! router rip key chain ka2 version 2 key 1 B key-string 234 ! interface Serial1/0 ip rip authentication mode md5 ip rip authentication key-chain ka2 ! router rip version 2
2200 1303_06_2000_c2
65
Authentication
RIP uses text and MD5
also validate-update-source
(E)IGRP uses MD5 OSPF has text and MD5 per area and intf ISIS has text per area and domain
MD5 authentication is on the way
BGP uses MD5 per neighbor

2200 1303_06_2000_c2
66
Special Interfaces
Unnumbered
save IP addresses only on p2p interfaces routes with the nexthop via the unnumbered intf show up as interface routes NMSs dont like it pointing to the loopback is a favorite
2200 1303_06_2000_c2
Loopback
is always up use with OSPF for a stable routerID use as tunnel endpoint or source make passive for routing protocols
Null
the big black bit bucket summaries install static to the null use statics to null as a very fast ACL use to create stable static routes (BGP)
67
Multiprotocol
Running Multiple Routing Processes in the Same Box
2200 1303_06_2000_c2
68
Running Multiple IGPs
Different protocols use different metrics Metrics are difficult to compare algorithmically Therefore, a collating sequence
Which protocol do you believe the most? Then decide which metric is the best
2200 1303_06_2000_c2
69
Use Distance to Implement Routing Policy

Take route with lowest distance; Compare metrics only if distance Is equal
RIP Router Network A IGRP Router
Distance distinguishes sources of IP routing information

2200 1303_06_2000_c2
70
Default Administrative Distances

Route Source Connected Interface Static Route Enhanced IGRP Summary Route External BGP Internal Enhanced IGRP IGRP OSPF IS-IS RIP EGP External Enhanced IGRP Internal BGP Unknown, Discard Route
2200 1303_06_2000_c2
Default Distance 0 1 5 20 90 100 110 115 120 140 170 200 255
71
Modifying Default Distance
distance weight [address mask [access-list-number] address and mask specify the source access list applies to content ip route dest next-hop distance Remember the floating static route?
2200 1303_06_2000_c2
72
Using Distance
192.31.7.0
.2
.1
.2
128.88.1.0
.1
.3
router rip network 192.31.7.0 network 128.88.0.0 distance 225 Barely believe anyone distance 90 128.88.1.3 0.0.0.0 Believe the other router distance 120 192.31.7.0 0.0.0.255 Default for the top net
2200 1303_06_2000_c2
73
Importance of Prefix Lengths

Multiple protocols, router gets:
EIGRP (internal): 192.168.32.0/26 RIP: 192.168.32.0/24 OSPF: 192.68.32.0/19
Which one goes in the table?

Best distance? Shortest prefix?
They all will be!

They are different routes
2200 1303_06_2000_c2
74
What Is the Next Hop?

Dest = 192.168.32.1
next hop = 10.1.1.1 falls within the 192.168.32.0/26 network longest prefix 26 > 24 > 19
From previous slide:
Dest = 192.168.32.100
next hop = 10.1.1.2 falls within the 192.168.32.0/24 longest prefix 24 > 19
router#show ip route D 192.168.32.0/26 [90/25789217] via 10.1.1.1 R 192.168.32.0/24 [120/4] via 10.1.1.2 O 192.168.32.0/19 [110/229840] via 10.1.1.3
2200 1303_06_2000_c2
75
IP Classless
Only affects the forwarding process, not the routing process Does not affect the way the table is built Without ip classless the router will not forward to supernets Became the default with IOS 11.3
Class A
2200 1303_06_2000_c2
Class B
Class C
76
No IP Classless
Dest = 172.30.32.1
next hop = 10.1.1.1 longest prefix match
Dest = 192.168.10.1
next hop = 10.1.1.3 uses default route
Dest = 172.30.33.1
next hop = 10.1.1.2 longest prefix match
Dest = 172.30.254.1
is dropped unknown subnet of a known major network
router#show ip route 172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.30.32.0/20 [90/4879540] via 10.1.1.2 D 172.30.32.0/24 [90/25789217] via 10.1.1.1 S* 0.0.0.0/0 [1/0] via 10.1.1.3
2200 1303_06_2000_c2
77
IP Classless
10.1.2.0/24 10.x.x.x
Remote site No routing protocol Internet is reachable 10.0.0.0/8 is not accessible

10.1.1.0/24
interface Serial 0 ip address 10.1.2.2 255.255.255.0 ! interface Ethernet 0 ip address 10.1.1.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 10.1.2.1 ! no ip classless
78
2200 1303_06_2000_c2
Redistribution
Hops = Bandwidth = Compound = AS-PATH ?
2200 1303_06_2000_c2
79
Route Redistribution
RIP Updates OSPF Updates
OSPF Domain
Router runs multiple routing protocols Router exchanges routes internally Exchange can be filtered
2200 1303_06_2000_c2
80
Redistributing Routes
Under a router xxx command, redistribute:
a source protocol: bgp | igrp | isis | ospf | static | connected | rip a value for the destination protocol: metric a route map for filtering: route-map scope of redistribution: subnets as well as some protocol specific parameters
OSPF
RIP
2200 1303_06_2000_c2
81
Default Metrics
The first, or seed, metric for a route is derived from being directly connected to a router interface
Re-distributed routes are not physically connected default-metric establishes the seed metric for the route Once a compatible metric is established, the metric can increment just like any other route Set default metric bigger than the biggest native metric
2200 1303_06_2000_c2
82
Configuring Default Metrics

default-metric bandwidth delay reliability loading mtu Used for IGRP and Enhanced IGRP redistribution default-metric number Used for OSPF, RIP, ISIS, and BGP redistribution
2200 1303_06_2000_c2
83
Offset Lists
Increases incoming and outgoing metric (hops or delay) Add 10 to the delay component of routes matching access list 21 when outbound
router igrp offset-list 21 out 10 access-list 21 ..
Add 5 to routes learned from interface Ethernet 0

router rip offset-list in 5 ethernet 0
2200 1303_06_2000_c2
84
Filtering Redistribution with Access Lists

Filter routing updates in or out bound Interface specific or global or redistribution Evaluation order: interface, redistribution, global Example
access-list 1 deny 10.0.0.0 0.255.255.255 access-list 2 permit 10.2.3.0 0.0.0.255 router rip default-metric 1 redistribute igrp 20 distribute-list 1 out igrp 20 distribute-list 2 out
2200 1303_06_2000_c2
85
Route Maps
Command match... matches as-path community-list ip address metric ip next-hop tag interface ip route-source route-type
2200 1303_06_2000_c2
a BGP AS path access list. a BGP community list. a standard access list. the specified metric. a next-hop against ACLs. the specified tag value. a next-hop route to interfaces. the source of route against ACL the specified route type.
86
Route Maps
Command set community dampening sets BGP COMMUNITIES attribute BGP route dampening factors BGP weight for the routing table BGP origin code BGP autonomous system path address of the next hop automatic computing of tag table routes advertised into the specified metric value to give the redistributed routes metric type an associated tag value
local-preference a value to a local BGP path weight origin as-path next-hop automatic-tag level metric metric-type tag
2200 1303_06_2000_c2
87
Conditional Default Origination

A route map is referenced by the default-information router configuration command This type of reference is called conditional default origination OSPF will
Originate the default route (network 0.0.0.0) With a Type 2 metric of 5 If 140.222.0.0 is in the routing table
2200 1303_06_2000_c2
route-map ospf-default permit match ip address 1 set metric 5 set metric-type type-2 ! access-list 1 140.222.0.0 0.0.255.255 ! router ospf 109 default-information originate route-map ospf-default
88
Route Maps for Filtering Example
Redistribute RIP routes with a hop count equal to 1 into OSPF These routes will be redistributed into OSPF as external LSAs with
a metric of 5, metric type of Type1 a tag equal to 1.
router ospf 109 redistribute rip route-map rip-to-ospf ! route-map rip-to-ospf permit match metric 1 set metric 5 set metric-type type1 set tag 1
2200 1303_06_2000_c2
89
Redistribution Example
128.103.88.1 gw1 gw1 128.103.36.1 128.103.36.2 RIP /24 gw2 gw2 128.103.35.33 OSPF /28 128.103.35.17
OSPF has a longer mask than RIP gw2 is redistributing RIP and OSPF RIP wont advertise routes learned from OSPF Solution:
ip route 128.103.35.0 255.255.255.0 null0 router rip redistribute static default metric 1
128.103.35.34
128.103.35.18
gw8 gw8 128.103.35.65
gw6 gw6 128.103.35.66
2200 1303_06_2000_c2
90
128.103.88.1 gw1 gw1 128.103.36.1 128.103.36.2 RIP /28 gw2 gw2 128.103.35.33 e0/0 128.103.35.34 OSPF /24 128.103.35.17 e0/1 128.103.35.18
RIP has a longer mask than OSPF gw2 is redistributing RIP and OSPF RIP wont advertise routes learned from OSPF Solution:
ip route 128.103.35.32 255.255.255.248 E0/0 ip route 128.103.35.16 255.255.255.248 E1/0 router rip redistribute static default metric 1
91
gw8 gw8 128.103.35.65
gw6 gw6 128.103.35.66
2200 1303_06_2000_c2
Redist Static Into OSPF

16.16.16.0/24 area 0 128.213.0.0/16
C
15.1 203.250. 15.2

E
C# interface Ethernet0 ip address 203.250.14.2 255.255.255.0 interface Serial1 ip address 203.250.15.1 255.255.255.252 router ospf 10 redistribute static network 203.250.15.0 0.0.0.255 area 2 network 203.250.14.0 0.0.0.255 area 0 ip route 16.16.16.0 255.255.255.0 Ethernet0 ip route 128.213.0.0 255.255.0.0 Ethernet0
Did not use subnet or metric keywords on redistribute static

2200 1303_06_2000_c2
92

Subnet not used so:
128.13.0.0 is in 16.16.16.0 is not
E# interface Serial0 ip address 203.250.15.2 255.255.255.252 router ospf 10 network 203.250.15.0 0.0.0.255 area 2
metric not used so:

metric is 20
E#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default Gateway of last resort is not set 203.250.15.0 255.255.255.252 is subnetted, 1 subnets C 203.250.15.0 is directly connected, Serial0 O IA 203.250.14.0 [110/74] via 203.250.15.1, 00:02:31, Serial0 O E2 128.213.0.0 [110/20] via 203.250.15.1, 00:02:32, Serial0
2200 1303_06_2000_c2
93

redistribute static metric 50 subnets 16.16.16.0 now appears, the cost to external routes is 50. Since the external routes are of type 2 (E2), the internal cost has not been added
E#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default Gateway of last resort is not set 16.0.0.0 255.255.255.0 is subnetted, 1 subnets 16.16.16.0 [110/50] via 203.250.15.1, 00:00:02, Serial0 203.250.15.0 255.255.255.252 is subnetted, 1 subnets C 203.250.15.0 is directly connected, Serial0 O IA 203.250.14.0 [110/74] via 203.250.15.1, 00:00:02, Serial0 O E2 128.213.0.0 [110/50] via 203.250.15.1, 00:00:02, Serial0 O E2
2200 1303_06_2000_c2
94

redistribute static metric 50 metrictype 1 subnets Note that the type has changed to E1 and the cost has been incremented by the internal cost of S0 which is 64, the total cost is 64+50=114
RTE#sh ip route Codes: C - connected, S - static, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default Gateway of last resort is not set 16.0.0.0 255.255.255.0 is subnetted, 1 subnets 16.16.16.0 [110/114] via 203.250.15.1, 00:04:20, Serial0 203.250.15.0 255.255.255.252 is subnetted, 1 subnets C 203.250.15.0 is directly connected, Serial0 O IA 203.250.14.0 [110/74] via 203.250.15.1, 00:09:41, Serial0 O E1 128.213.0.0 [110/114] via 203.250.15.1, 00:04:21, Serial0 O E1
2200 1303_06_2000_c2
95

128.213.0.0 permitted 16.16.16.0 denied
C# router ospf 10 redistribute static metric 50 metric-type 1 subnets route-map STOPUPDATE access-list 1 permit 128.213.0.0 0.0.255.255 ! route-map STOPUPDATE permit 10 match ip address 1
E#sh ip rou Codes: C - connected, S - static, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default Gateway of last resort is not set 203.250.15.0 255.255.255.252 is subnetted, 1 subnets C 203.250.15.0 is directly connected, Serial0 O IA 203.250.14.0 [110/74] via 203.250.15.1, 00:00:04, Serial0 O E1 128.213.0.0 [110/114] via 203.250.15.1, 00:00:05, Serial0
2200 1303_06_2000_c2
96
Feedback Loops
When crossing a redistribution boundary, information is lost A physical or logical loop causes a route to be advertised back to the redistributing router that first advertised it How does the router know which route to accept?
Answer: it cant know Humans have to re-insert the lost information
2200 1303_06_2000_c2
97
Implementation Considerations
RIP RIP 172.16.0.0 RIP
172.16 172.16
EIGRP
172.16
AS 300 EIGRP
ASBR ASBR
EIGRP
172.16
Routing feedback
Suboptimal path selection Routing loops
Incompatible routing information Inconsistent convergence time

2200 1303_06_2000_c2
98
Filter to Avoid Redistribution Feedback

IGRP Process RIP Process
172.16.2.0
172.16.1.0
Filter 172.16.1.0 Allow 172.16.2.0
Filter 172.16.2.0 Allow 172.16.1.0
Impose split horizon when redistributing

2200 1303_06_2000_c2
99
172.16.12.1 172.16.3.2 Trans 172.16.2.2
172.16.3.1
T-1
172.16.1.2
172.16.2.1
172.16.1.1
R200
172.16.7.2
CEN 172.16.4.1
172.16.5.1 T-1 Frame Relay 172.16.4.2
64 Kb
REM
172.16.7.1 172.16.5.2 172.16.11.1
64 Kb
R300
172.16.9.1
2200 1303_06_2000_c2
172.16.6.1
172.16.6.2 R100 172.16.10.1
100
Router Cen Under IGRP

CEN
cen#sho ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 11 subnets 172.16.12.0 [100/1188] via 172.16.2.2, 00:00:02, TokenRing0 172.16.9.0 [100/158813] via 172.16.1.1, 00:00:02, TokenRing1 172.16.10.0 [100/8976] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [100/160250] via 172.16.5.2, 00:00:02, Serial0.1 172.16.7.0 [100/158313] via 172.16.1.1, 00:00:02, TokenRing1 172.16.1.0 is directly connected, TokenRing1 172.16.2.0 is directly connected, TokenRing0 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:03, TokenRing1
I I I I C C I I C C I
2200 1303_06_2000_c2
101
Introduce RIP
172.16.12.1 172.16.3.2 Trans 172.16.2.2
172.16.3.1
T-1
172.16.1.2
172.16.2.1
IGRP RIP
172.16.1.1
R200
CEN 172.16.4.1
172.16.5.1 T-1 Frame Relay 172.16.4.2
172.16.7.2
64 Kb
REM
172.16.11.1 172.16.7.1 172.16.5.2
64 Kb
R300
172.16.9.1
2200 1303_06_2000_c2
172.16.6.1
172.16.6.2 R100 172.16.10.1
102
RIP Configs
Router Cen
CEN router rip redistribute igrp 1 passive-interface Serial0.2 passive-interface TokenRing0 passive-interface TokenRing1 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial0.1 network 172.16.0.0 default-metric 10 100 255 1 1500
Router R300
R300
2200 1303_06_2000_c2
router rip network 172.16.0.0

103
RIP Configs
Router R200
R200
router rip redistribute igrp 1 passive-interface Serial0 passive-interface TokenRing0 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial1 network 172.16.0.0 default-metric 10 100 255 1 1500
Router R100
R100
router rip network 172.16.0.0

104
2200 1303_06_2000_c2
Cen Doesnt Look Too Bad

cen#sho ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2 * - candidate default, U - per-user static route Gateway of last resort is not set
CEN
I R R I C C R I C C I
172.16.0.0/24 is subnetted, 11 subnets 172.16.12.0 [100/1188] via 172.16.2.2, 00:00:01, TokenRing0 172.16.9.0 [120/2] via 172.16.5.2, 00:00:01, Serial0.1 172.16.10.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1 172.16.7.0 [100/2688] via 172.16.1.1, 00:00:02, TokenRing1 172.16.1.0 is directly connected, TokenRing1 172.16.2.0 is directly connected, TokenRing0 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:02, TokenRing1
2200 1303_06_2000_c2
105
Not Using the Best Path

r200>sho ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2 * - candidate default, U - per-user static route Gateway of last resort is not set
R200
I I I I I I I C C I C
172.16.0.0/24 is subnetted, 11 subnets 172.16.12.0 [100/1251] via 172.16.1.2, 00:00:37, TokenRing0 172.16.9.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.10.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:37, TokenRing0 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0 172.16.6.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.7.0 is directly connected, Serial1 172.16.1.0 is directly connected, TokenRing0 172.16.2.0 [100/751] via 172.16.1.2, 00:00:37, TokenRing0 172.16.3.0 is directly connected, Serial0
2200 1303_06_2000_c2
106
Use Distance to Correct

CEN
Router Cen: router rip redistribute igrp 1 passive-interface Serial0.2 passive-interface TokenRing0 passive-interface TokenRing1 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial0.1 network 172.16.0.0 default-metric 10 100 255 1 1500 distance 130 0.0.0.0 255.255.255.255 1 ! access-list 1 permit 172.16.9.0 access-list 1 permit 172.16.10.0 access-list 1 permit 172.16.6.0
2200 1303_06_2000_c2
107
Use Distance to Correct

R200
Router R200 router rip redistribute igrp 1 passive-interface Serial0 passive-interface TokenRing0 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial1 network 172.16.0.0 default-metric 10 100 255 1 1500 distance 130 0.0.0.0 255.255.255.255 1 ! access-list 1 permit 172.16.9.0 access-list 1 permit 172.16.10.0 access-list 1 permit 172.16.6.0
2200 1303_06_2000_c2
108
R200 Looks Better

r200#sho ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default, U - per-user static route Gateway of last resort is not set I R R I I I R C C I C
R200
172.16.0.0/24 is subnetted, 11 subnets 172.16.12.0 [100/1251] via 172.16.1.2, 00:00:49, TokenRing0 172.16.9.0 [120/1] via 172.16.7.1, 00:00:19, Serial1 172.16.10.0 [120/2] via 172.16.7.1, 00:00:19, Serial1 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:49, TokenRing0 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0 172.16.6.0 [120/1] via 172.16.7.1, 00:00:19, Serial1 172.16.7.0 is directly connected, Serial1 172.16.1.0 is directly connected, TokenRing0 172.16.2.0 [100/751] via 172.16.1.2, 00:00:49, TokenRing0 172.16.3.0 is directly connected, Serial0
2200 1303_06_2000_c2
109
R200s RIP Interface Down

172.16.12.1 172.16.3.2 Trans 172.16.2.2
172.16.3.1
T-1
172.16.1.2
172.16.2.1
IGRP RIP
172.16.1.1
R200
CEN 172.16.4.1
172.16.5.1 T-1 Frame Relay 172.16.4.2
172.16.7.2
64 Kb
172.16.7.1
X
64 Kb
R300
172.16.6.1
REM
172.16.5.2 172.16.6.2 R100 172.16.10.1
110
172.16.9.1
2200 1303_06_2000_c2
Redundant Path Works

r200#sho ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2 * - candidate default, U - per-user static route Gateway of last resort is not set R200 R200 172.16.0.0/24 is subnetted, 10 subnets 172.16.12.0 [100/1251] via 172.16.1.2, 00:00:08, TokenRing0 172.16.9.0 [130/1000163] via 172.16.1.2, 00:00:08, TokenRing0 172.16.10.0 [130/1000163] via 172.16.1.2, 00:00:08, TokenRing0 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:08, TokenRing0 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:08, TokenRing0 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:08, TokenRing0 172.16.6.0 [130/1000163] via 172.16.1.2, 00:00:08, TokenRing0 172.16.1.0 is directly connected, TokenRing0 172.16.2.0 [100/751] via 172.16.1.2, 00:00:08, TokenRing0 172.16.3.0 is directly connected, Serial0
I I I I I I I C I C
2200 1303_06_2000_c2
111
Policy Routing
When Destinations Arent Enough
2200 1303_06_2000_c2
112
Policy Routing
Forwarding decision not based on destination address Selects defined path based on attributes of user packet (source/destination IP address, application port, packet lengths, and so forth) Set next hop or interface Set default next hop or interface
Customer A ISP A
Customer B
2200 1303_06_2000_c2
ISP B
113
How Policy Routing Works

All packets received on an interface are considered for policy routing Each packet is passed through a route map Each entry in a route map has match and set clauses Match clauses are conditions to be met If all match clauses conditions are met by the packet, then that route map entry is used and no others are considered An entry can be marked permit or deny If deny, normal forwarding is used If is permit, all set clauses are then applied and the packet is forwarded
2200 1303_06_2000_c2
114
Policy Routing Match Clauses
Match packets against the access lists to permit policy routing of them
match ip address access-list-expressions
If the Layer3 packet length is between min-length and max-length, inclusive, the packet matches Useful for distinguishing interactive versus bulk traffic when access lists will not work
match length min-length max-length
2200 1303_06_2000_c2
115
Policy Routing Set Clauses

set ip next-hop ip-address1 []
Route packets to router at ip-address1

set ip default next-hop ip-address1 []
If there is no explicit route for this destination, then route to this hop Both use the first IP address associated with an up/up interface
2200 1303_06_2000_c2
116

set interface interface1 []
Specifies the output interface for the matched packet

set default interface interface1 []
If there is no explicit route for this destination, then route to this interface If interface1 is down interface2 and subsequent interfaces are tried Setting interface to Null0 creates a policy that drops the packet
2200 1303_06_2000_c2
117

value 0 1 2 3 4 5 6 7 name routine priority immediate flash flash-override critical internet network
value 0 1 2 4 8
name normal min-monetary-cost max-reliability max-throughput min-delay
set ip precedence value
set ip tos value
Set the IP TOS or precedence header field Can use numeric or symbolic value
2200 1303_06_2000_c2
118
Policy Routing Configuration

The set commands are evaluated in the following order:
set ip precedence set ip next-hop set interface set ip default next-hop set default interface
A valid next hop implies the output interface The first combination of next hop and interface is used Router sourced packets are policy routed via ip local route-map foo command
2200 1303_06_2000_c2
119
Policy Routing Example

interface Ethernet0 ip address 192.168.93.10 255.255.255.0 ip policy route-map foo interface Serial1 ip address 11.0.0.2 255.0.0.0 interface BRI0 ip address 10.0.0.2 255.0.0.0
s1 bri0
telnet and ping ftp
route-map foo permit 12 192.168.93.0 set default interface Null0 route-map foo permit 11 match ip address 103 set ip next-hop 10.0.0.1 route-map foo permit 10 match ip address 101 set ip next-hop 11.0.0.1 access-list 101 permit tcp 192.168.93.0 0.0.0.255 any eq telnet access-list 101 permit icmp any any access-list 103 permit tcp 192.168.93.0 0.0.0.255 any eq ftp
2200 1303_06_2000_c2
120
NetFlow Policy Routing (NPR)

Powerful traffic engineering ISP and/or application selection Distributed performance and flow acceleration IP precedencebased QoS
2200 1303_06_2000_c2
Premium ISP
E.g. ERP Application NPR NPR
Standard ISP
E.g.
E-mail
Enterprise Backbone
121
NetFlow Policy Based Routing

No flow acceleration if any match packet-size clause is used
Packet size is not part of a flow definition
If the router is policy routing packets to a next hop and it is down, the router will try unsuccessfully to use ARP (which is down). This behavior will continue forever To prevent this, configure the router to first verify that the next hop(s) of the route map is a CDP neighbor(s) before routing to that next hop set ip next-hop verify-availability is not supported in dCEF since it doesnt support CDP
2200 1303_06_2000_c2
122
NPR Example
Configure CEF, NetFlow, and NetFlow with flow acceleration Configure policy routing to verify that next hop 50.0.0.8 of route map test is a CDP neighbor before the router tries to policy route to it If the first packet is policy routed via route map 10, the packets of the same flow always take the same route map (10), not route map 20, because they all match or pass access list 1 check Policy Routing can be flowaccelerated by bypassing the access-list check
2200 1303_06_2000_c2
ip cef ip flow-cache feature-accelerate interface ethernet0/0/1 ip route-cache flow ip policy route-map test route-map test permit 10 match ip address 1 set ip precedence priority set ip next-hop 50.0.0.8 set ip next-hop verify-availability route-map test permit 20 match ip address 101 set interface Ethernet0/0/3 set ip tos max-throughput
123
Routing to the Internet

To Infinity and Beyond!
2200 1303_06_2000_c2
124
Ingress and Egress Route Filtering
Nobody should be sending or advertising any IP addresses out to the Internet with a source address other then the address allocated to them!
2200 1303_06_2000_c2
125

There are routes that should not be routed on the Internet
RFC 1918 127.0.0.0/8 Multicast blocks Martian Networks
BGP should have filters applied so that these routes are not advertised to or propagated through the Internet
2200 1303_06_2000_c2
126

Access List
access-list 180 deny ip host deny ip 10.0.0.0 deny ip 127.0.0.0 deny ip 169.254.0.0 deny ip 172.16.0.0 deny ip 192.0.2.0.0 deny ip 192.168.0.0 deny ip 224.0.0.0 permit ip 0.0.0.0 0.255.255.255 0.255.255.255 0.0.255.255 0.15.255.255 0.0.0.255 0.0.255.255 31.255.255.255 any any 255.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255 255.255.0.0 0.0.255.255 255.240.0.0 0.15.255.255 255.255.255.0 0.0.0.255 255.255.0.0 0.0.255.255 224.0.0.0 31.255.255.255 any
2200 1303_06_2000_c2
127
Multiple Sessions to an ISP

Simplest scheme is to use defaults Learn/advertise prefix for better control Use eBGP multi-path to install multiple paths in IP table
maximum-path <number>
D
ISP
F
Load share over the alternate paths

2200 1303_06_2000_c2
AS 201
128
What Is Multihoming?
Connecting to two or more ISPs to increase:

Reliability: one ISP fails, still OK Performance: better paths to common Internet destinations
Customer AS 100
160.10.0.0/16
Three common cases:

Default from all providers Full routes from all
AS 200
D
AS 300
E
Customer+default routes from all
AS 400
C
2200 1303_06_2000_c2
129
Sessions to Multiple ISPs

ISP 1
Difficult to achieve load sharing Point default towards one ISP Learn selected prefixes from second ISP Modify the number of prefixes learned to achieve acceptable load sharing
2200 1303_06_2000_c2
ISP 2
AS 201
130
Default from All Providers

Low memory/CPU/$$$ solution Provider sends BGP default => exit path decided by IGP metrics to reach default Customer sends all local AS routes to provider => inbound path AS 100 160.10.0.0/16 decided by Internet
You can try to influence using AS-path
2200 1303_06_2000_c2
AS 200
D
AS 300
E
0.0.0.0
A B
0.0.0.0
AS 400
C
131
Customer and Default From All Providers

Medium memory and CPU Best pathusually shortest AS-path Use local-preference to override based on prefix, as-path, or community IGP metric to default used for all other destinations
Customer AS 100
160.10.0.0/16
Provider AS 200
D E
Provider AS 300
AS 400
2200 1303_06_2000_c2
C
132
Full Routes from All Providers

Higher memory/CPU/$$$ solution Reach all destinations by best pathUsually shortest AS path Can still manually tune using local-pref and as-path/community/prefix matches
AS 100 AS 500
AS 200
D A B
AS 300
E
AS 400
2200 1303_06_2000_c2
C
133
Gotchas with Multihoming
Asymmetric routing possible

rpf checks Cant control the net
Internet
172.16.0.0/14
X ISP 1
ISP 2
CIDR blocks
Possibly use NAT
AS 201
172.16.0.0/16
2200 1303_06_2000_c2
134
Reverse Path Forwarding

CEF switching must be enabled Source IP packets are checked to ensure that the route back to the source uses the same interface Care required in multihoming situations ip verify unicast reverse-path
2200 1303_06_2000_c2
135
Source Routing
IP has provision to allow source IP host to specify route through Internet All Internet connected routers should turn this off, unless it is specifically required:
no ip source-route
2200 1303_06_2000_c2
136
Conclusion
Be Careful Out There
2200 1303_06_2000_c2
137
Summary Part 1
Under normal operation, there should be exactly one interior routing protocol on any network segment
Use passive-interface as necessary to ensure this
The number of redistribution boundaries should be kept to a minimum Run as few routing protocols as possible
2200 1303_06_2000_c2
138
Summary Part 2
Choose routing protocol based on matching requirements with features Addressing should be contiguous with respect to topology Redistribute routes only as necessary and as few as required Use advanced features for special cases and for fine tuning Test and understand before you implement
2200 1303_06_2000_c2
139
Recommended Reading
IP Routing Protocols : RIP, OSPF, BGP, and Cisco Routing Protocols by Uyless Black, ISBN: 0130142484 EIGRP for IP : Basic Operation and Configuration by Alvaro Retana, Russ White, Don Slice, ISBN: 0201657732 EIGRP Network Design Solutions, by Ivan Pepelnjak, ISBN: 1578701651 OSPF : Anatomy of An Internet Routing Protocol by John T. Moy, ISBN: 0201634724 OSPF Network Design Solutions by Thomas M. Thomas, ISBN: 1578700469 Large-Scale IP Network Solutions : CCIE Professional Development by Khalid Raza, Mark Turner, Salmad Asad, ISBN: 1578700841 Internet Routing Architectures, by Bassam Halabi, Danny McPherson, ISBN: 157870233x Routing in the Internet by Christian Huitema, ISBN: 0130226475 and of course:
http://www.cisco.com
2200 1303_06_2000_c2
140
Thank You!
Recommended sessions:
2205 Deploying OSPF 2208 Deploying EIGRP 2209 Deploying BGP 2202 Deploying MPLS for Traffic Engineering and Backbone VPNs 2218 Introduction and Update for NetFlow 2213 Introduction to IPv6
2200 1303_06_2000_c2
141
Advanced Routing Technologies

Session 2200
2200 1303_06_2000_c2
142
Please Complete Your Evaluation Form

Session 2200
2200 1303_06_2000_c2
143
2200 1303_06_2000_c2
144

Network Routing Protocols - A Brief

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Routing Protocols - A Brief

Uploaded by

Copyright:

Available Formats

2200 1303_06_2000_c2

2000, Cisco Systems, Inc.

Advanced Routing Technologies

2000, Cisco Systems, Inc.

2000, Cisco Systems, Inc.

Just because you can, doesnt mean you should.

2000, Cisco Systems, Inc.

Exchanges Network Knowledge

Internet Routing Protocols

Type DV DV DV Adv DV LS LS Path Vec

VLSM No Yes No Yes Yes Yes Yes

Summ Auto Auto Auto Both Man Auto Auto

2000, Cisco Systems, Inc.

The Forwarding Table

192.150.42.177 02:03:50 192.150.42.177 02:03:50 192.150.42.177 00:00:20 Direct Connect

The Forwarding Table

Next Next Hop Hop

2000, Cisco Systems, Inc.

How Hosts Transmit

ARP for 10.1.2.2 Respond to ARP Packet for 10.1.2.2

Find a Default Router

I am default I am default Are there any routers?

HSRPHot Standby Router Protocol

10.1.1.2 00:10:7B:04:88:CC 10.1.1.1 00:10:7B:04:88:AA

Router Group #1 Primary

Standby Router Group #2

Internet or ISP backbone

Speak RIP to Hosts

Using EIGRP but hosts run RIP Router can:

TFTP server 10.2.1.3

UDP Broadcast Application

TIC Servers .61 A

TIC Servers .61 A B

UDP Forward Protocol

TIC Servers .61 A B

Router A default router

Useful in switched networks

Too Much Information

2000, Cisco Systems, Inc.

Redistributing Static Routes

Floating Static Routes

A static route with a high distance Can be overridden by dynamic info

ip route 172.16.1.0 255.255.255.0 172.16.3.1 140 router rip network 172.16.0.0

Too Much Information

2000, Cisco Systems, Inc.

Protocols support multiple models

Creating a Default Route

2000, Cisco Systems, Inc.

2000, Cisco Systems, Inc.

router rip network 10.0.0.0 network 172.68.0.0 ! ip default-network 10.0.0.0

OSPF default configuration using a static route

ip route 0.0.0.0 0.0.0.0 s1 router isis network 19.0.0.0 default-information originate

router bgp 164 default-information originate

Allows redistribution of 0.0.0.0 Same as adding network 0.0.0.0

Too Much Information

2000, Cisco Systems, Inc.

What Is Route Summarization?

A Routing Table 172.16.25.0/24 172.16.26.0/24 172.16.27.0/24 Routing Table 172.16.0.0/16

Route Summaries 172.16.0.0 255.255.0.0 192.111.107.0 255.255.255.0

By default summaries occur on classful boundariesno auto-summary prevents this

RIP Summarization Example

OSPF Inter-Area Summarization

Summaries sent into backbone