Professional Documents
Culture Documents
2200 1303_06_2000_c2
Agenda
Background Host Interaction Too Much Information Multi-Routing-Protocol Redistribution Policy Routing Internet
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Background
2200 1303_06_2000_c2
CCIE Credo
2200 1303_06_2000_c2
Router Functions
Routing = building maps and giving directions Switching = forwarding packets between interfaces Routers are packet relays or switches Path determination is overhead
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Routing Protocols
Routers are packet switches that forward traffic based on Layer 3 logical addresses Routing protocol updates are exchanged by routers to learn about paths to other logical networks Each routing protocol offers features that can make it desirable as part of an internetwork design
I Know About: Network A Network B Network C I Know About: Network X Network Y Network Z
A B C
2200 1303_06_2000_c2
Routing Update
X Y
Z
7
Proprietary Function Updates Metric No No Yes Yes No No No Interior Interior Interior Interior Interior Interior Exterior 30 Sec 30 Sec 90 Sec Trig Trig Trig Incr Hops Hops Comp Comp Cost Cost N/A
Network #
198.113.181.0/24 198.113.178.0/26 192.168.96.0/24 192.150.42.178/25
Dist/Metric
[170/304793] [110/9936] [120/3]
Next Hop
Age
Interface
Ethernet0 Ethernet0 Ethernet0 Ethernet0
Populated by
Hardware State Configuration Routing Protocols
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
IOS
Src Src
D D O O R R C C
Network Network# #
198.113.181.0/24 198.113.181.0/24 198.113.178.0/26 198.113.178.0/26 192.168.96.0/24 192.168.96.0/24 192.150.42.178/25 192.150.42.178/25
Dist/Metric Dist/Metric
Age Age
Interface Interface
[170/304793] [170/304793] 192.150.42.177 192.150.42.177 [110/9936] [110/9936] [120/3] [120/3] 192.150.42.177 192.150.42.177 192.150.42.177 192.150.42.177 Direct Direct Connect Connect
02:03:50 02:03:50 Ethernet0 Ethernet0 02:03:50 02:03:50 Ethernet0 Ethernet0 00:00:20 00:00:20 Ethernet0 Ethernet0 Ethernet0 Ethernet0
10
Host Interaction
2200 1303_06_2000_c2
11
Using tables:
Search table for longest match use next hop Local is a special case, next hop is DA If no match use default route for next hop Get L2 data of next hop via arp and transmit
12
Note: Simplified
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Proxy ARP
10.1.1.2/16
10.1.1.1/24
Router responds to ARPs for off subnet addresses if it has a route Enabled by default RFC 1027
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
13
ICMP Redirects
Cisco routers send ICMP redirects when:
The input interface is the output interface and the (sub)network of the source IP address is the same (sub)network of the next-hop IP address of the routed packet and the datagram is not source-routed and the system is configured to send redirects. (On by default) You can use the interface subcommand no ip redirects to disable ICMP redirects.)
Note: ICMP redirects are disabled by default if HSRP is configured on the interface
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
14
10.1.1.4/16
10.1.1.1/24
10.1.1.2/24
IRDPICMP Router Discovery Protocol, RFC 1256 Routers periodically announce via ICMP that they are default Clients can solicit routers as well
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
15
IRDP on Routers
Announcements have a lifetime and preference Configured per interface; off by default Can advertise via all systems multicast (224.0.0.1) Preference level can be set
ip irdp [ multicast holdtime seconds (3X max) maxadvertinterval seconds (600) minadvertinterval seconds (3/4X max) preference number (0) address address [number]]
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
16
IRDP on Hosts
in.rdisc in Solaris (multicast only) gated in Linux, HP-UX and AIX
routerdiscovery client yes | no | on | off ;
WinSock2 in Windows
NT 4.0 KB Article Q223756
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\adaptername\Parameters\Tcpip\
DHCP option 31
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
17
10.1.1.33
10.1.1.3 00:10:7B:04:88:BB
default-gw = 10.1.1.1
Transparent failover of default router Phantom router created One router is active, responds to phantom L2 and L3 addresses
Others monitor and take over phantom addresses
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
18
HSRPRFC 2281
HSR multicasts hellos every 3 sec with a default priority of 100 HSR will assume control if it has the highest priority and preempt configured after delay (default=0) seconds HSR will deduct 10 from its priority if the tracked interface goes down
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Standby Standby
Primary
19
HSRP
Hot Standby Router Protocol
Router1:
interface ethernet 0/0 bandwidth 128 ip address 169.223.10.1 255.255.255.0 standby 10 ip 169.223.10.254
Router Router 1 1 Router Router 2 2
Router2:
interface ethernet 0/0 bandwidth 1500 ip address 169.223.10.2 255.255.255.0 standby 10 priority 150 preempt delay 10 standby 10 ip 169.223.10.254 standby 10 track serial 0 60
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Server Systems
20
router rip network 172.16.0.0 redistribute eigrp 1 subnets router eigrp 1 network 172.16.0.0
21
IP Broadcast Control
Subnet or directed broadcast->w.x.y.255 All net broadcast->255.255.255.255 IP directed broadcasts are dropped by default ip helper-address forwards ip forward-protocol packets ip directed-broadcast floods ip forward-protocol packets To be forwarded:
The packet must be a MAC-level broadcast. The packet must be an IP-level all or major network broadcast. The packet must be a TFTP, DNS, Time, NetBIOS, ND, or BOOTP packet, or a UDP protocol specified by the ip forward-protocol udp global configuration command. The time-to-live (TTL) value of the packet must be at least two.
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
22
IP Helper Address
Specified on the input interface Indicates direction toward broadcast destination Forwards ip forward-protocol broadcast packets, specifically:
TFTP, DNS, bootp, DHCP, TACACS, time, NetBIOS name and datagram servers
Router A: interface ethernet 0 ip helper-address 10.2.1.3
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
e0
A
IP Forward Protocol
Flooded UDP packets have destination address changed to ip broadcast-address ip forward-protocol spanning-tree
uses spanning tree database for flooding
ip forward-protocol turbo-flood
speed-up if using spanning tree flooding
Example:
ip forward-protocol spanning-tree bridge 1 protocol dec access-list 201 deny 0x0000 0xFFFF interface ethernet 0 bridge-group 1 bridge-group 1 input-type-list 201
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
24
Feed network provides data TIC servers UDP broadcast data Feed network connected to routers for management
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Feed Network
200.200.200.0
e0
e0 B
164.53.7.0 .62
164.53.8.0
164.53.9.0
164.53.10.0
Trader Networks
25
Helper Addresses
IP helper added to router interfaces on TIC network Each router sees the other routers broadcasts Each station receives multiple copies of data
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Feed Network
200.200.200.0
164.53.7.0 .62
164.53.8.0
164.53.9.0
164.53.10.0
Trader Networks
26
Feed Network
200.200.200.0
164.53.7.0 .62
Trader Networks
27
Router A Configuration
ip forward-protocol spanning-tree ip forward-protocol udp 111 ! interface ethernet 0 ip address 200.200.200.61 255.255.255.0 ip broadcast-address 200.200.200.255 ! interface ethernet 1 ip address 164.53.7.61 255.255.255.192 ip broadcast-address 164.53.7.63 ip irdp preference 100 bridge-group 1 bridge-group 1 input-type-list 201 ! bridge 1 protocol dec bridge 1 priority 255 access-list 201 deny 0xFFFF 0x0000
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
28
Router B Configuration
ip forward-protocol spanning-tree ip forward-protocol udp 111 ! interface ethernet 0 ip address 200.200.200.62 255.255.255.0 ip broadcast-address 200.200.200.255 ! interface ethernet 1 ip address 164.53.7.62 255.255.255.192 ip broadcast-address 164.53.7.63 ip irdp preference 90 bridge-group 1 bridge-group 1 path-cost 50 bridge-group 1 input-type-list 201 ! bridge 1 protocol dec bridge 1 priority 255 access-list 201 deny 0xFFFF 0x0000
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
29
Secondary Addresses
More than one IP address on an interface Every router on the broadcast media must be part of all networks For RIP and IGRP, each address will broadcast routing tables Also called multinetting
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
30
Secondary Addressing
172.16.1.1 172.17.2.1 172.16.1.64 172.16.1.2 172.17.2.2 172.17.2.21
31
2200 1303_06_2000_c2
32
Static Routes
Routes configured manually Useful when few or just one route exist Can be administrative burden Frequently used for default route Two formats:
Outbound interface Explicit next hop (not always adjacent)
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
33
Redistributed if so configured
router xxxx redistribute static
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
34
35
2200 1303_06_2000_c2
36
Default Routes
Route used if no match is found in forwarding table Can be carried by routing protocols Two models
Special network number: 0.0.0.0 Flagged in routing protocol
CITY
WORLD
37
2200 1303_06_2000_c2
38
Default Subnet
Two defaults
For unknown networks For unknown subnets
Controlled by ip classless
172.16.1.0
s0 172.16.0.0
s1 Internet
2200 1303_06_2000_c2
39
RIP Example
10.64.0.2/24
10.1.0.0/24 172.68.0.0/24
10.64.0.1/24
Gateway of last resort is 10.64.0.2 to network 0.0.0.0 R C C R* 172.68.0.0/16 [120/1] via 10.64.0.2, Ethernet0/1 10.0.0.0/24 is subnetted, 2 subnets 10.1.0.0 is directly connected, Ethernet0/0 10.64.0.0 is directly connected, Ethernet0/1 0.0.0.0/0 [120/1] via 10.64.0.2, Ethernet0/1
ip route 0.0.0.0 0.0.0.0 172.68.1.1 would also work
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
40
OSPF Example
Service Provider Running BGP ISP AS 200
10.1.1.0/23
OSPF 19.0.0.0
SO 10.1.1.1 10.1.1.2
ip route 0.0.0.0 0.0.0.0 serial 0 router ospf 1 network 19.0.0.0 0.225.225.225 area 0 default-information originate always
41
EIGRP Example
Service Provider Running BGP ISP AS 200
10.1.1.0/23
EIGRP 19.0.0.0
SO 10.1.1.1 10.1.1.2
ip route 10.0.0.0 0.0.0.0 serial 0 router eigrp 1 network 19.0.0.0 ip default-network 10.0.0.0 The default network of 0.0.0.0 used by RIP cannot be redistributed by IGRP or Enhanced IGRP
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
42
ISIS Example
Service Provider Running BGP
ISIS 19.0.0.0
L1
19.1.1.1 19.1.1.2
L1L2
ISIS
S1 19.0.0.0
43
BGP Example
Service Provider Running BGP IGP 19.0.0.0
iBGP 19.1.1.1 19.1.1.2
eBGP
44
Conditional Default
ip prefix-list cond permit 10.1.1.0/24 ! route-map def-cond permit 10 match ip address prefix-list cond ! router rip default-information originate route-map def-cond
Inserts a default route if the condition in the route map is met In this case, if network (prefix) 10.1.1.0/24 is present, advertise a default
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
45
2200 1303_06_2000_c2
46
172.16.26.0/24
172.16.27.0/24
Routing protocols can summarize addresses of several prefixes into one prefix This helps control resource usage
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
47
Route Summarization
172.16.0/17 172.16.128/17
192.111.107/24
48
The major network is 10.0.0.0 a Class A address space The summary of the major net defines the prefix as implied by the class (A, B, or C) of the address The summary address 10.2.0.0 overrides the autosummary address of 10.0.0.0 10.2.0.0 is advertised out interface E1 10.0.0.0 is not advertised
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
49
128.213.96.0/19 128.213.64.0/19
50
EIGRP Summarization
e1 A 128.213.64..95/24 B e0 C D 128.213.96..127/24 128.213.96.0/19 128.213.64.0/19 B# interface ethernet 0 ip summary-address eigrp 123 128.213.64.0 255.255.224.0 C# interface ethernet 1 ip summary-address eigrp 123 128.213.96.0 255.255.224.0
51
ISIS Summarization
from L1 areas into the L2 backbone, from L2 leaking down into L1 areas, or when redistributing into L2 or L1
router isis summary address 192.1.0.0 255.255.0.0
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
52
BGP Aggregation
Summarization based on specifics from the BGP routing table aggregate-address w.x.y.z mask {as-set} {summary-only} {routemap} Use as-set to include path and community info from specifics summary-only suppresses specifics route-map sets other attributes
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
53
54
2200 1303_06_2000_c2
55
Passive Interface
Prevents routing updates from being transmitted out an interface Dont waste resources generating updates on interfaces that have no need for them (loopback) Can also use passive-interface default
s0
56
Route Filtering
Selectively announce routes, per neighbor
Hide part of the topology/connectivity
Network X
Route filter with distribute-list command Can filter anywhere in distance-vector protocols:
RIP, IGRP, EIGRP, RIPv2 and BGP
Advertise B and Y
Network A
Advertise B and X
Network B
Network Y
57
s0 Partner Network
distribute list 1 in serial 0 access-list 1 permit 129.1.0.0 access-list 1 deny 0.0.0.0 255.255.255.255
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
58
router eigrp 111 network 128.1.0.0 distribute list 1 out serial 0 access-list 1 permit 128.1.0.0 0.0.0.0 ip default network 128.1.0.0
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
59
Precedence of Filters
Filter routing updates in or out bound Interface specific or global Evaluation order: interface, global Example:
access-list 1 deny 1.0.0.0 0.255.255.255 access-list 2 permit 1.2.3.0 0.0.0.255 router rip distribute-list 1 in ethernet 0 distribute-list 2 in
60
ACL Oversights
Access control lists can filter routing updates
RIP RIPv2 IGRP EIGRP OSPF ISIS BGP
2200 1303_06_2000_c2
UDP Port 520 UDP Port 520 IP Protocol Field 9 IP Protocol Field 88 IP Protocol Field 89 SAP 0xFEFE; Protocol 83 TCP Port 179
255.255.255.255 224.0.0.9 (Default) 255.255.255.255 255.255.255.255 224.0.0.10 224.0.0.5 (AllOSPFRouters) 224.0.0.6 (DRRouters) 01:80:C2:00:00:15 Neighbor Address
61
Verifies Signature
62
Signature Generation
Routing Update
Router A
Hash Function
Hash
Signature
Routing Update
Signature
63
Signature Verification
Router B
Signature Routing Update
Routing Update Signature Decrypt Using Preconfigured Key Hash If Hashes Are Equal, Signature Is Authentic
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Hash
64
Authentication in RIPv2
key chain kal key 1 A key-string 234 ! interface Serial2 ip rip authentication mode md5 ip rip authentication key-chain kal ! router rip key chain ka2 version 2 key 1 B key-string 234 ! interface Serial1/0 ip rip authentication mode md5 ip rip authentication key-chain ka2 ! router rip version 2
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
65
Authentication
RIP uses text and MD5
also validate-update-source
(E)IGRP uses MD5 OSPF has text and MD5 per area and intf ISIS has text per area and domain
MD5 authentication is on the way
66
Special Interfaces
Unnumbered
save IP addresses only on p2p interfaces routes with the nexthop via the unnumbered intf show up as interface routes NMSs dont like it pointing to the loopback is a favorite
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Loopback
is always up use with OSPF for a stable routerID use as tunnel endpoint or source make passive for routing protocols
Null
the big black bit bucket summaries install static to the null use statics to null as a very fast ACL use to create stable static routes (BGP)
67
Multiprotocol
Running Multiple Routing Processes in the Same Box
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
68
Different protocols use different metrics Metrics are difficult to compare algorithmically Therefore, a collating sequence
Which protocol do you believe the most? Then decide which metric is the best
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
69
70
Default Distance 0 1 5 20 90 100 110 115 120 140 170 200 255
71
distance weight [address mask [access-list-number] address and mask specify the source access list applies to content ip route dest next-hop distance Remember the floating static route?
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
72
Using Distance
192.31.7.0
.2
.1
.2
128.88.1.0
.1
.3
router rip network 192.31.7.0 network 128.88.0.0 distance 225 Barely believe anyone distance 90 128.88.1.3 0.0.0.0 Believe the other router distance 120 192.31.7.0 0.0.0.255 Default for the top net
2200 1303_06_2000_c2
73
74
Dest = 192.168.32.100
next hop = 10.1.1.2 falls within the 192.168.32.0/24 longest prefix 24 > 19
router#show ip route D 192.168.32.0/26 [90/25789217] via 10.1.1.1 R 192.168.32.0/24 [120/4] via 10.1.1.2 O 192.168.32.0/19 [110/229840] via 10.1.1.3
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
75
IP Classless
Only affects the forwarding process, not the routing process Does not affect the way the table is built Without ip classless the router will not forward to supernets Became the default with IOS 11.3
Class A
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
Class B
Class C
76
No IP Classless
Dest = 172.30.32.1
next hop = 10.1.1.1 longest prefix match
Dest = 192.168.10.1
next hop = 10.1.1.3 uses default route
Dest = 172.30.33.1
next hop = 10.1.1.2 longest prefix match
Dest = 172.30.254.1
is dropped unknown subnet of a known major network
router#show ip route 172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks D 172.30.32.0/20 [90/4879540] via 10.1.1.2 D 172.30.32.0/24 [90/25789217] via 10.1.1.1 S* 0.0.0.0/0 [1/0] via 10.1.1.3
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
77
IP Classless
10.1.2.0/24 10.x.x.x
2200 1303_06_2000_c2
Redistribution
Hops = Bandwidth = Compound = AS-PATH ?
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
79
Route Redistribution
RIP Updates OSPF Updates
OSPF Domain
Router runs multiple routing protocols Router exchanges routes internally Exchange can be filtered
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
80
Redistributing Routes
Under a router xxx command, redistribute:
a source protocol: bgp | igrp | isis | ospf | static | connected | rip a value for the destination protocol: metric a route map for filtering: route-map scope of redistribution: subnets as well as some protocol specific parameters
OSPF
RIP
2200 1303_06_2000_c2
81
Default Metrics
The first, or seed, metric for a route is derived from being directly connected to a router interface
Re-distributed routes are not physically connected default-metric establishes the seed metric for the route Once a compatible metric is established, the metric can increment just like any other route Set default metric bigger than the biggest native metric
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
82
83
Offset Lists
Increases incoming and outgoing metric (hops or delay) Add 10 to the delay component of routes matching access list 21 when outbound
router igrp offset-list 21 out 10 access-list 21 ..
84
85
Route Maps
Command match... matches as-path community-list ip address metric ip next-hop tag interface ip route-source route-type
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
a BGP AS path access list. a BGP community list. a standard access list. the specified metric. a next-hop against ACLs. the specified tag value. a next-hop route to interfaces. the source of route against ACL the specified route type.
86
Route Maps
Command set community dampening sets BGP COMMUNITIES attribute BGP route dampening factors BGP weight for the routing table BGP origin code BGP autonomous system path address of the next hop automatic computing of tag table routes advertised into the specified metric value to give the redistributed routes metric type an associated tag value
2000, Cisco Systems, Inc.
local-preference a value to a local BGP path weight origin as-path next-hop automatic-tag level metric metric-type tag
2200 1303_06_2000_c2
87
route-map ospf-default permit match ip address 1 set metric 5 set metric-type type-2 ! access-list 1 140.222.0.0 0.0.255.255 ! router ospf 109 default-information originate route-map ospf-default
88
Redistribute RIP routes with a hop count equal to 1 into OSPF These routes will be redistributed into OSPF as external LSAs with
a metric of 5, metric type of Type1 a tag equal to 1.
router ospf 109 redistribute rip route-map rip-to-ospf ! route-map rip-to-ospf permit match metric 1 set metric 5 set metric-type type1 set tag 1
2200 1303_06_2000_c2
89
Redistribution Example
128.103.88.1 gw1 gw1 128.103.36.1 128.103.36.2 RIP /24 gw2 gw2 128.103.35.33 OSPF /28 128.103.35.17
OSPF has a longer mask than RIP gw2 is redistributing RIP and OSPF RIP wont advertise routes learned from OSPF Solution:
ip route 128.103.35.0 255.255.255.0 null0 router rip redistribute static default metric 1
128.103.35.34
128.103.35.18
2200 1303_06_2000_c2
90
Redistribution Example
128.103.88.1 gw1 gw1 128.103.36.1 128.103.36.2 RIP /28 gw2 gw2 128.103.35.33 e0/0 128.103.35.34 OSPF /24 128.103.35.17 e0/1 128.103.35.18
RIP has a longer mask than OSPF gw2 is redistributing RIP and OSPF RIP wont advertise routes learned from OSPF Solution:
ip route 128.103.35.32 255.255.255.248 E0/0 ip route 128.103.35.16 255.255.255.248 E1/0 router rip redistribute static default metric 1
91
2200 1303_06_2000_c2
C# interface Ethernet0 ip address 203.250.14.2 255.255.255.0 interface Serial1 ip address 203.250.15.1 255.255.255.252 router ospf 10 redistribute static network 203.250.15.0 0.0.0.255 area 2 network 203.250.14.0 0.0.0.255 area 0 ip route 16.16.16.0 255.255.255.0 Ethernet0 ip route 128.213.0.0 255.255.0.0 Ethernet0
92
E#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default Gateway of last resort is not set 203.250.15.0 255.255.255.252 is subnetted, 1 subnets C 203.250.15.0 is directly connected, Serial0 O IA 203.250.14.0 [110/74] via 203.250.15.1, 00:02:31, Serial0 O E2 128.213.0.0 [110/20] via 203.250.15.1, 00:02:32, Serial0
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
93
94
95
E#sh ip rou Codes: C - connected, S - static, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default Gateway of last resort is not set 203.250.15.0 255.255.255.252 is subnetted, 1 subnets C 203.250.15.0 is directly connected, Serial0 O IA 203.250.14.0 [110/74] via 203.250.15.1, 00:00:04, Serial0 O E1 128.213.0.0 [110/114] via 203.250.15.1, 00:00:05, Serial0
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
96
Feedback Loops
When crossing a redistribution boundary, information is lost A physical or logical loop causes a route to be advertised back to the redistributing router that first advertised it How does the router know which route to accept?
Answer: it cant know Humans have to re-insert the lost information
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
97
Implementation Considerations
RIP RIP 172.16.0.0 RIP
172.16 172.16
EIGRP
172.16
AS 300 EIGRP
ASBR ASBR
EIGRP
172.16
Routing feedback
Suboptimal path selection Routing loops
98
172.16.2.0
172.16.1.0
99
Redistribution Example
172.16.12.1 172.16.3.2 Trans 172.16.2.2
172.16.3.1
T-1
172.16.1.2
172.16.2.1
172.16.1.1
R200
172.16.7.2
CEN 172.16.4.1
172.16.5.1 T-1 Frame Relay 172.16.4.2
64 Kb
REM
172.16.7.1 172.16.5.2 172.16.11.1
64 Kb
R300
172.16.9.1
2200 1303_06_2000_c2
172.16.6.1
100
I I I I C C I I C C I
2200 1303_06_2000_c2
101
Introduce RIP
172.16.12.1 172.16.3.2 Trans 172.16.2.2
172.16.3.1
T-1
172.16.1.2
172.16.2.1
IGRP RIP
172.16.1.1
R200
CEN 172.16.4.1
172.16.5.1 T-1 Frame Relay 172.16.4.2
172.16.7.2
64 Kb
REM
172.16.11.1 172.16.7.1 172.16.5.2
64 Kb
R300
172.16.9.1
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
172.16.6.1
102
RIP Configs
Router Cen
CEN router rip redistribute igrp 1 passive-interface Serial0.2 passive-interface TokenRing0 passive-interface TokenRing1 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial0.1 network 172.16.0.0 default-metric 10 100 255 1 1500
Router R300
R300
2200 1303_06_2000_c2
RIP Configs
Router R200
R200
router rip redistribute igrp 1 passive-interface Serial0 passive-interface TokenRing0 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial1 network 172.16.0.0 default-metric 10 100 255 1 1500
Router R100
R100
2200 1303_06_2000_c2
CEN
I R R I C C R I C C I
172.16.0.0/24 is subnetted, 11 subnets 172.16.12.0 [100/1188] via 172.16.2.2, 00:00:01, TokenRing0 172.16.9.0 [120/2] via 172.16.5.2, 00:00:01, Serial0.1 172.16.10.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1 172.16.11.0 [100/8976] via 172.16.4.2, 00:00:02, Serial0.2 172.16.4.0 is directly connected, Serial0.2 172.16.5.0 is directly connected, Serial0.1 172.16.6.0 [120/1] via 172.16.5.2, 00:00:02, Serial0.1 172.16.7.0 [100/2688] via 172.16.1.1, 00:00:02, TokenRing1 172.16.1.0 is directly connected, TokenRing1 172.16.2.0 is directly connected, TokenRing0 172.16.3.0 [100/8539] via 172.16.2.2, 00:00:02, TokenRing0 [100/8539] via 172.16.1.1, 00:00:02, TokenRing1
2000, Cisco Systems, Inc.
2200 1303_06_2000_c2
105
R200
I I I I I I I C C I C
172.16.0.0/24 is subnetted, 11 subnets 172.16.12.0 [100/1251] via 172.16.1.2, 00:00:37, TokenRing0 172.16.9.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.10.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:37, TokenRing0 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:37, TokenRing0 172.16.6.0 [100/1000163] via 172.16.1.2, 00:00:37, TokenRing0 172.16.7.0 is directly connected, Serial1 172.16.1.0 is directly connected, TokenRing0 172.16.2.0 [100/751] via 172.16.1.2, 00:00:37, TokenRing0 172.16.3.0 is directly connected, Serial0
2000, Cisco Systems, Inc.
2200 1303_06_2000_c2
106
Router Cen: router rip redistribute igrp 1 passive-interface Serial0.2 passive-interface TokenRing0 passive-interface TokenRing1 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial0.1 network 172.16.0.0 default-metric 10 100 255 1 1500 distance 130 0.0.0.0 255.255.255.255 1 ! access-list 1 permit 172.16.9.0 access-list 1 permit 172.16.10.0 access-list 1 permit 172.16.6.0
2000, Cisco Systems, Inc.
2200 1303_06_2000_c2
107
Router R200 router rip redistribute igrp 1 passive-interface Serial0 passive-interface TokenRing0 network 172.16.0.0 default-metric 3 ! router igrp 1 redistribute rip passive-interface Serial1 network 172.16.0.0 default-metric 10 100 255 1 1500 distance 130 0.0.0.0 255.255.255.255 1 ! access-list 1 permit 172.16.9.0 access-list 1 permit 172.16.10.0 access-list 1 permit 172.16.6.0
2000, Cisco Systems, Inc.
2200 1303_06_2000_c2
108
R200
172.16.0.0/24 is subnetted, 11 subnets 172.16.12.0 [100/1251] via 172.16.1.2, 00:00:49, TokenRing0 172.16.9.0 [120/1] via 172.16.7.1, 00:00:19, Serial1 172.16.10.0 [120/2] via 172.16.7.1, 00:00:19, Serial1 172.16.11.0 [100/9039] via 172.16.1.2, 00:00:49, TokenRing0 172.16.4.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0 172.16.5.0 [100/8539] via 172.16.1.2, 00:00:49, TokenRing0 172.16.6.0 [120/1] via 172.16.7.1, 00:00:19, Serial1 172.16.7.0 is directly connected, Serial1 172.16.1.0 is directly connected, TokenRing0 172.16.2.0 [100/751] via 172.16.1.2, 00:00:49, TokenRing0 172.16.3.0 is directly connected, Serial0
2000, Cisco Systems, Inc.
2200 1303_06_2000_c2
109
172.16.3.1
T-1
172.16.1.2
172.16.2.1
IGRP RIP
172.16.1.1
R200
CEN 172.16.4.1
172.16.5.1 T-1 Frame Relay 172.16.4.2
172.16.7.2
64 Kb
172.16.7.1
X
64 Kb
R300
172.16.6.1
REM
172.16.5.2 172.16.6.2 R100 172.16.10.1
110
172.16.9.1
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
I I I I I I I C I C
2200 1303_06_2000_c2
111
Policy Routing
When Destinations Arent Enough
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
112
Policy Routing
Forwarding decision not based on destination address Selects defined path based on attributes of user packet (source/destination IP address, application port, packet lengths, and so forth) Set next hop or interface Set default next hop or interface
Customer A ISP A
Customer B
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
ISP B
113
114
Match packets against the access lists to permit policy routing of them
match ip address access-list-expressions
If the Layer3 packet length is between min-length and max-length, inclusive, the packet matches Useful for distinguishing interactive versus bulk traffic when access lists will not work
match length min-length max-length
2200 1303_06_2000_c2
115
If there is no explicit route for this destination, then route to this hop Both use the first IP address associated with an up/up interface
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
116
If there is no explicit route for this destination, then route to this interface If interface1 is down interface2 and subsequent interfaces are tried Setting interface to Null0 creates a policy that drops the packet
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
117
value 0 1 2 4 8
Set the IP TOS or precedence header field Can use numeric or symbolic value
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
118
A valid next hop implies the output interface The first combination of next hop and interface is used Router sourced packets are policy routed via ip local route-map foo command
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
119
s1 bri0
route-map foo permit 12 192.168.93.0 set default interface Null0 route-map foo permit 11 match ip address 103 set ip next-hop 10.0.0.1 route-map foo permit 10 match ip address 101 set ip next-hop 11.0.0.1 access-list 101 permit tcp 192.168.93.0 0.0.0.255 any eq telnet access-list 101 permit icmp any any access-list 103 permit tcp 192.168.93.0 0.0.0.255 any eq ftp
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
120
Premium ISP
E.g. ERP Application NPR NPR
Standard ISP
E.g.
Enterprise Backbone
121
If the router is policy routing packets to a next hop and it is down, the router will try unsuccessfully to use ARP (which is down). This behavior will continue forever To prevent this, configure the router to first verify that the next hop(s) of the route map is a CDP neighbor(s) before routing to that next hop set ip next-hop verify-availability is not supported in dCEF since it doesnt support CDP
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
122
NPR Example
Configure CEF, NetFlow, and NetFlow with flow acceleration Configure policy routing to verify that next hop 50.0.0.8 of route map test is a CDP neighbor before the router tries to policy route to it If the first packet is policy routed via route map 10, the packets of the same flow always take the same route map (10), not route map 20, because they all match or pass access list 1 check Policy Routing can be flowaccelerated by bypassing the access-list check
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
ip cef ip flow-cache feature-accelerate interface ethernet0/0/1 ip route-cache flow ip policy route-map test route-map test permit 10 match ip address 1 set ip precedence priority set ip next-hop 50.0.0.8 set ip next-hop verify-availability route-map test permit 20 match ip address 101 set interface Ethernet0/0/3 set ip tos max-throughput
123
2200 1303_06_2000_c2
124
Nobody should be sending or advertising any IP addresses out to the Internet with a source address other then the address allocated to them!
2200 1303_06_2000_c2
125
BGP should have filters applied so that these routes are not advertised to or propagated through the Internet
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
126
2200 1303_06_2000_c2
127
ISP
F
AS 201
128
What Is Multihoming?
AS 300
E
AS 400
C
2200 1303_06_2000_c2
129
ISP 2
AS 201
130
AS 200
D
AS 300
E
0.0.0.0
A B
0.0.0.0
AS 400
C
2000, Cisco Systems, Inc.
131
Provider AS 200
D E
Provider AS 300
AS 400
2200 1303_06_2000_c2
C
2000, Cisco Systems, Inc.
132
AS 200
D A B
AS 300
E
AS 400
2200 1303_06_2000_c2
C
2000, Cisco Systems, Inc.
133
Internet
172.16.0.0/14
X ISP 1
ISP 2
CIDR blocks
Possibly use NAT
AS 201
172.16.0.0/16
2200 1303_06_2000_c2
134
135
Source Routing
IP has provision to allow source IP host to specify route through Internet All Internet connected routers should turn this off, unless it is specifically required:
no ip source-route
2200 1303_06_2000_c2
136
Conclusion
Be Careful Out There
2200 1303_06_2000_c2
137
Summary Part 1
Under normal operation, there should be exactly one interior routing protocol on any network segment
Use passive-interface as necessary to ensure this
The number of redistribution boundaries should be kept to a minimum Run as few routing protocols as possible
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
138
Summary Part 2
Choose routing protocol based on matching requirements with features Addressing should be contiguous with respect to topology Redistribute routes only as necessary and as few as required Use advanced features for special cases and for fine tuning Test and understand before you implement
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
139
Recommended Reading
IP Routing Protocols : RIP, OSPF, BGP, and Cisco Routing Protocols by Uyless Black, ISBN: 0130142484 EIGRP for IP : Basic Operation and Configuration by Alvaro Retana, Russ White, Don Slice, ISBN: 0201657732 EIGRP Network Design Solutions, by Ivan Pepelnjak, ISBN: 1578701651 OSPF : Anatomy of An Internet Routing Protocol by John T. Moy, ISBN: 0201634724 OSPF Network Design Solutions by Thomas M. Thomas, ISBN: 1578700469 Large-Scale IP Network Solutions : CCIE Professional Development by Khalid Raza, Mark Turner, Salmad Asad, ISBN: 1578700841 Internet Routing Architectures, by Bassam Halabi, Danny McPherson, ISBN: 157870233x Routing in the Internet by Christian Huitema, ISBN: 0130226475 and of course:
http://www.cisco.com
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
140
Thank You!
Recommended sessions:
2205 Deploying OSPF 2208 Deploying EIGRP 2209 Deploying BGP 2202 Deploying MPLS for Traffic Engineering and Backbone VPNs 2218 Introduction and Update for NetFlow 2213 Introduction to IPv6
2200 1303_06_2000_c2
2000, Cisco Systems, Inc.
141
2200 1303_06_2000_c2
142
2200 1303_06_2000_c2
143
2200 1303_06_2000_c2
144