(CCNA)

CREATED BY MUKESH KOTHARI

(CCNA&MCSE CERTIFIED)
CCNA and CCNP for qui! r"f"r"n"
#$% Ci&o in'"rn"'(or!in) r"quir"d*
To sort out the problems in LAN like
Too many hosts in a broadcast domain,
Broadcast Storm
Multiplexing
Low Bandwidth
Routers, Switches, Bridges and ubs are used
Routers are used to break the broadcast domain,
Routers can !ilter the network based on "# Address and !orwards the packet to other network
Switch breaks collision domain $e%ery port is collision domain&, but one broadcast domain
Switches are used to optimi'e the per!ormance o! LAN,
Switch switches !rames !rom one port to another, does not !orward it to other network
More manageable with (LANS, ST# etc) than Bridge
*++s o! ports a%ailable
Bridge breaks collision domain $each port is collision domain like switch&, but one broadcast
domain, same !unction as switch
*, ports maximum
Not manageable like switch
ub does not break any domain) -ne Broadcast domain, one collision domain
Not manageable
Networking basics
A network is, !undamentally, a system o! senders and recei%ers . a common !eature o! any
communication system)
The sender, or source, is a computer which sends in!ormation to another)
The receiver, or destination computer, is the computer to which the in!ormation is sent)
Any machine capable o! communicating on the network is a device or node
"n order to communicate the de%ices must be connected to each other)
Most networks are connected by cable)
/ *
0ables can use either copper or optical !ibre to carry the signals
Radio and microwa%e transmission are becoming increasingly common)
"! two or more networks are connected to each other this is known as an internet work.
A network which co%ers a single !loor, or perhaps an entire building, is known as a Local
Area Network $LAN&)
LANs connected using high speed links across a metropolitan area is known as a MAN)
"! the public switched telephone network is used to connect the networks this is known as a
1ide Area Network, or WAN)
"! a number o! LANs are connected to a larger central network this is known as a Backbone
Network, or BN (eg University of Wolverhampton))
Local Area Networks
Now an essential part o! e%eryday !unctioning in schools, business, go%ernment etc
Sa%es time, resources, allows in!ormation to be held securely and centrally
"mpro%es collaboration between colleagues
May be used !or training . capable o! carrying audio and %ideo
Se%eral de%ices connected %ia cable to a h!
ubs are the most common de%ice !ound on a network
Some organisations will ha%e LANs on each !loor o! a building connected by a !ridge or
roter
All de%ices on the LAN communicate %ia network inter!ace cards $N"#s
0haracteristics include2
3sed in small geographical areas
-!!er high4speed communications $5*+Mbps&
#ro%ide access to many de%ices
3se LAN4speci!ic de%ices such as repeaters, hubs and network inter!ace cards
Metropolitan Area Networks
/ 6
/ 7
Mad" u+ of ,AN& ($i$ ar" in'"ronn"'"d aro&& a -"'ro+o.i'an ar"a
Ha/" 0"o-" inr"a&in).% +o+u.ar1 ") a-on) .oa. )o/"rn-"n'
A..o(& &$arin) of r"&our"&1 +.u& '$" +ro/i&ion of a .ar)"2&a." +ri/a'" +$on" &"r/i"
E3+"n&i/" 'o i-+."-"n'1 +ro/id"& $i)$ &+""d &"r/i" (o-+ar"d 'o WAN &)
R"quir"& u&" of $i)$2+"rfor-an" a0." and "qui+-"n' 'o i-+."-"n' '$"-
A.&o -a% a++"a. 'o r")iona. 0u&in"&&"&
Can &+an u+ 'o 45 -i."&
6i/"& a"&& &+""d& in $undr"d& of -")a0i'& +"r &"ond (or "/"n )i)a0i'& &+""d&)
U&"& a &in)." onn"'ion +oin' 'o onn"' ,AN&
A& (".. a& u&in) rou'"r& (i.. a.&o u&" switches
#id" Ar"a N"'(or!&
"nterconnects two or more LANs or 1ANs
3ses 8slow9 connections leased !rom a Telco
Spans cities, countries or e%en continents
Re:uires co4ordination and expensi%e e:uipment
Speeds may be ;,<bps to *); Mbps $speeds o! =;Mbs are a%ailable&
8Slow9 is comparati%e . !aster speeds are emerging !or use in 1ANs

0haracteristics include2
0o%er large areas . may span the world
0ompared to LANs . slow speed communication
Access to 1ANs is limited . a LAN will access a 1AN through a single point $o!ten a
bottleneck&
1ill use de%ices such as routers, modems and WAN switches
*>?, March *+ . The telephone is in%ented
/ =
*@>6 Aebruary 4 The Mercury consortium recei%ed a licence to build and operate an
independent network to compete across the !ull range o! telecoms ser%ices)
*@>7 April 4 Mercury launched its !irst telecoms ser%ices in the 0ity o! London)
May Licences were granted to 0ellnet and (oda!one to pro%ide national cellular radio
networks)
*@>, May 4 Mercury began o!!ering basic network ser%ices
Barly *@,+s Ad%anced Research #roCects Agency $AR#A& begins work on AR#Anet
Airst nodes connected to 3ni%ersity o! 0ali!ornia
*@?* . 67 nodes now connected
*@?= 4 #ackets and T0# established
*@?, 4 The :ueen sends her !irst email
T0#/"# de!ines !uture communications
*@>, 4 sees ;+++ hosts and 6=* newsgroups
*@>? 4 sees 6>+++ hosts
*@>> 4 "nternet Relay 0hat $"R0& de%eloped
*@>@ 4 Military portion split o!! as DAR#Anet, lea%ing public in!rastructure now known as
E"nternetF
Success o! "nternet due to BSD 3N"G
MaCor American uni%ersities !orm !irst backbone !or the "nternet known as NSANBT
*@>@ 4 hosts now o%er *++ +++
*@@+ 4 Airst "S# EThe 1orldF comes on line
*@@* 4 sees !irst commercial use o! "nternet
*@@* 4 A Briton $Tim Berners4Lee& establishes 1orld 1ide 1eb $released by 0BRN&
*@@= 4 0ommercialisation Begins $7 million hosts, *+ +++ 111 sites, *+ +++ News Hroups
*@@= 4 Airst pi''a !rom #i''a ut online in 3S
*@@; 4 ,); Million hosts, *++ +++ web sites
*@@; 4 Search Bngines
*@@, 4 Microso!t enter) Browser war begins
*@@? 4 6+ Million hosts, * * Million 111 sites
*@@? onwards . growth is EexponentialF I)
The Abilene #roCect $"nternet 6&, @; uni%ersities, *6 regional giga#-#s
/ ;
/ ,
/
Basic LAN Configuration
?
/
This kind Of Cable is looking like a Dish net cable.
Co-axial Cable is a old Technology
It uses BNC connector
BNC Connector
BNC Terminator & BNC Barrell
BNC T Connector
lo! "eed of Transmission
#sed in $ogical and %hysical Bus To"ology
&irst 'eneration Cable
It o(erla"s by T!isted %air cables yet
>
/
There Are Several Kinds of Networking Cables
Co-axial Cable
Twisted Pair
Fiber Optic
These are Soe cables !sing for networking
That eans we can attach ore than two or ore devices in
A network" These are soe g!ided edia"
#!ided $edia % Ph&sical $edia which are !sef!l to co-
!niciate o!r cop!ter
@
/
Coaxial Cable is Devided in four parts.
Inner Conductor is a solid metal wire surrounded by
insulation
A tin tubular piece of metal is surrounds on tat insulation
!creen outer conductor is tere for covered tat cable
"uter #lastic Covering

$innet Coaxial Cable
$ic%net Coaxial Cable
*+

/
$innet Coaxial Cable &
'.()* tic%ness
lengt is +,) meter
flexible- tin- ceap
Baseband !ignal
$ic%net Coaxial Cable
'.)'* tic%ness
lengt is )'' meter
.ard- tic%- expensive
Broadband !ignal
$ese are two different types of
coaxial cable.
**
/
$is is te most popular type of cable wic is also
!ubparts of it. $at is transfer voice in place of data
$is %ind of cable is used for a long time firstly it is
Introduced wit telepone cable tan it is used in
networ%ing of computers.
*6
/
!ielded $wisted #air
/nsielded $wisted #air
$is is unsielded twisted #air Cable type wic is not coverd
By any %ind of !ield tere is only tree parts of tat cable
#vc 0ac%et
1oil
Copper 2ire
But in a !ielded $wisted #air cable
$ere is four parts of cable all tose uppers wit a siels of copper
*7
/
Cat + 3oice only ( #airs4 5wire Dtr 6 ( 7bps
Cat ( 3oice 8 Data only 5 #airs4 ,wire Dtr 6 5 7bps
Cat 9 3oice 8 Data only 5 #airs4 ,wire Dtr 6 , 7bps
Cat 5 3oice 8 Data only 5 #airs4 ,wire Dtr 6 +: 7bps
Cat ) 3oice 8 Data only 5 #airs4 ,wire Dtr 6 +'' 7bps
Cat )e 3oice 8 Data only 5 #airs4 ,wire Dtr & +''' mbps
Cat : 3oice 8 Data only 5 #airs4 ,wire Dtr & +'''mbps
*=
!andeep Aga rwal
Cut- !trip 8 Crimp $ools
7a%e your own
patc cords
Cuts and strips
pairs
;05) end crimped
onto ends of wire
/ *;
/
#atc #anel
$ermination
puncdown in bac%
#atc cord plugin in
front
*,
/
Cabling ;ules
Tr& to avoid r!nning cables parallel to power cables"
'o not bend cables to less than fo!r ties the diaeter of the cable"
(f &o! b!ndle a gro!p of cables together with cable ties )*ip ties+, do not
over-cinch the" -o! sho!ld be able to t!rn the tie with fingers"
Keep cables awa& fro devices which can introd!ce noise into
the" .ere/s a short list0 cop& achines, electric heaters, speakers,
printers, T1 sets, fl!orescent lights, copiers, welding achines,
icrowave ovens, telephones, fans, elevators, otors, electric
ovens, dr&ers, washing achines, and shop e2!ipent"
Avoid stretching 3TP cables )tention when p!lling cables sho!ld not
exceed 45 67S+"
Do not run #T% cable outside of a building. It "resents a (ery
dangerous lightning ha)ard*
'o not !se a stapler to sec!re 3TP cables" 3se telephone wire89:;
coaxial wire hangers which are available at ost hardware stores"
Color Codes
0rosso%er
* 7
6 ,
*?
/
7a%ing Cables


*>
/
$is is advanced type of cable used in modern tecni<ue.
It does not $ransfer te data in a voice format it uses electronic
signal to transmit $e data. It is not so popular because it is
very costly. It*s speed is very 1ast and it is very easy to
access data wit tese media on better transmission speed.
1iber #atc Cords
=9'
>nds are eiter !C
or !$
Connects switces 8
fast bac%bones
*@
/
#unc Down $ool
$erminates wires to
bac% of patc
panels
6+
1hat is the -S" model J
K Open Systems Interconnection model is !undamental to all communications between network
de%ices)
K De%eloped in *@?= by "$% a!ter the American Department o! De!ence began using the
T0#/"# suite o! protocols)
K Ainally adopted in *@??) "t is now the theoretical model !or how communication takes place
between network de%ices
/
2ire $esting ><uipment
$est wire for
correct
termination of ,
wires
$est for speed
capabilities
i.e. 2ave$e%Brand
6*
S!pports the co!nication between
applications over the network
Presents data to the receiver
in a for it recognises
<stablishes a connection and
terinates it when no longer re2!ired
Acknowledges the flow of data
incl!ding re-transission where re2!ired
Adds the appropriate network
addresses to packets
Adds the $AC addresses to packets
Transits the data on the edi!
NOD+ ,
ending De(ice
NOD+ B
-ecei(ing De(ice
$ayer .
Application 6a&er
$ayer /
Presentation 6a&er
$ayer 0
Session 6a&er
$ayer 1
Transport 6a&er
$ayer 2
Network 6a&er
$ayer 3
'ata 6ink 6a&er
$ayer 4
Ph&sical 6a&er
$ayer .
Application 6a&er
$ayer /
Presentation 6a&er
$ayer 0
Session 6a&er
$ayer 1
Transport 6a&er
$ayer 2
Network 6a&er
$ayer 3
'ata 6ink 6a&er
$ayer 4
Ph&sical 6a&er
Bncapsulation
/
Session
#hysical
Transport
Network
Data Link
#resentation
Application
2at are te seven layers ?
Layer ?
Layer,
Layer ;
Layer =
Layer 7
Layer 6
Layer *
66
Appli cat ion
Present at i on
Sessi on
Transport
Net work
Dat a Li nk
Physi cal
DATA
DATA
DATA
DATA
DATA
DATA
Presentat i on Header
Session Header
Transport Header
Network Header
Data Link Header Data Link Trai ler
PH
SH
TH
NH
DLH DLT
PH
PH
PH
PH
SH
SH
SH
TH
TH NH
Bi ts
To Destination Device
,a%"r
Na-"
a.i ,a%"r Fun'ion T%+" of A++.ia'ion 7 Pro'oo.& U&"d
Applicatio
n
3p
per
La
yer
s
#ro%ides a 3ser "nter!ace / !ile,
print, message, database and
application ser%ices
111, B4mail gateways $SMT# or
G)=++&
BD" $Blectronic data interchange . !low
control o! accounting, shipping, in%entory
tracking&
Special "nterest bulleting boards . chat
rooms
"nternet na%igation utilities . Hoogle L
MahooN Search engines, Hopher, 1A"S
Ainancial transaction ser%ices . currency
exchange rates, market
trading,commodities etc)
#resentati
on
#resents Data, andles
processes o! encryption,
compression and translation
ser%ices
#"0T, T"AA, O#BH, M"D", M#BH, RTA,
Puick Time $manages audio and %ideo
applications o! Macintosh programmes&
Session Setting up, managing and
ending up sessions between
presentation layer entities,
<eeps di!!erent applications9
data separate / Dialog 0ontrol
NAS, SPL, R#0, G 1indow $H3" based
protocol . like H3" inter!ace in Linux&,
Apple Talk Session #rotocol $AS#&,
Digital Network Architecture Session
0ontrol #rotocol $DNA S0& . DB0net
session layer protocol
Transport Lo
we
r
La
yer
s
Bnd to Bnd 0onnecti%ity /
#ro%ides reliable or unreliable
deli%er, #er!orms error
correction be!ore retransmit)
<nown as Co--unia'ion
,a%"r also
$T0#/3D#& Alow 0ontrol2 pre%ents bu!!er
!rom o%er!lowing in recei%ing host . no
loss o! data, 0onnection -riented
#rotocol, 1indowing .
Acknowledgement
/ 67
Network Routing / #ro%ides logical
addressing, which routers use
!or path determination
#asses 3ser Data #ackets . routed
protocols $"#/"#G&
#asses Route 3pdate #ackets . routing
protocols $R"#, "HR#, B"HR#, -S#A,
BH#&
Routing Tables 2 #rotocol4speci!ic
network address, Bxit "nter!ace, Metric
$load, reliability, bandwidth, MT3, hop
count . distance&, Access lists, (LAN
0onnections, PoS !or speci!ic network
tra!!ic
Data Link Araming / 0ombines packets
into bytes and bytes into
!rames, #ro%ides access to
media using MA0 address,
#er!orms error detection not
correction
#ro%ides physical transmission o! data and
handles error noti!ication, network
topology and !low control)
MA0 Layer $>+6)7&2 De!ines how packets
are placed on media) #hysical addressing,
logical topologies $signal path through
physical topology&, line discipline, error
noti!ication $not correction&, ordered
deli%ery o! !rames, optional !low control)
LL0 Layer $>+6)6&2 "denti!y the network
layer protocols and then encapsulate them)
Decides where to destined the packed
when !rame recei%ed $"# #rotocol at the
network layer&, !low control and
se:uencing o! control bits)
Layer 6 Switches and Bridges work here)
#hysical #hysical topology / Mo%es bits
between de%ices, speci!ies
%oltage, wire speed and pin4out
o! cables
Sends / recei%es bits) $+s/*s&) Di!!erent
signaling methods !or di!!erent type o!
medias) 1e can identi!y the inter!ace
between DTB $attached de%ice& and D0B
$located at ser%ice pro%ider& DTB can be
accessed through modem or 0S3/DS3)
,a0 Equi+-"n'
Although lab e:uipment is not needed to bene!it !rom this book, ha%ing your own e:uipment is
highly recommended) By being able to !ollow the commands outlined in this book, you will
experience !or yoursel! the process o! con!iguring a network !rom the ground up) "! you choose to
obtain your own e:uipment, Table *47 lists all the needed e:uipment !or this lab network)
Ta0." 829: ,a0 Equi+-"n'
Hard(ar"; <uan'i'%
0atalyst *@++ series switch *
0isco 6;+* 7
0isco 6;+= 6
0isco 6;*= *
/ 6=
Ta0." 829: ,a0 Equi+-"n'
Hard(ar"; <uan'i'%
0isco 6;67 *
0isco 6;** *
Black Box "SDN Simulator *
0ables2
0at ; straight4through cables with RO4=; connectors $!or "SDN ports& 6
0at ; Bthernet cables with RO4=; connectors ,
Token Ring DB@.to.Type * inter!ace cable 6
Standard power cables @
()7; DTB4D0B back4to4back cables $DB,+ to DB,+& =
-ctal cable $Aor terminal ser%er 6;**& *
Miscellaneous2
Bthernet A3".to.RO4=; Transcei%er ,
Token Ring MA3 6
#ower strips
Q*R
SSS
E'$"rn"' N"'(or!in);
A media access method that allows all hosts on a network to share the same bandwidth o! a link
"t is scalable to Aast Bthernet and Higa Bthernet
Basy to implement and troubleshoot
3se Data Link and #hysical layer speci!ications
3ses 0SMA/0D protocol to a%oid collision o! data being trans!erred by two de%ices at the same
time
B!!ect o! 0SMA/0D network sustaining hea%y collision like Delay, Low throughput and
0ongestion
al! Duplex $>+6)7& uses one pair o! wire with a signal running in both directions on the wire
Aull Duplex uses two pairs o! wire and sends and recei%es the data on separate pair makes data
trans!er !aster
Aull Duplex can be used between Switch to host, Switch to Switch, ost to ost
1hen powered on, !irst connects to remote end, negotiate with the other end $called auto detect
mechanism method& which decides the exchange capability $*+/*++/*+++ Mbps&)
E'$"rn"' a' '$" Da'a ,in! ,a%"r ;
MA0 Addressing and data trans!er takes place through the !orm o! !rames like Bthernet "" !rame,
>+6)7 Bthernet !rame, >+6)6 SNA# !rame and >+6)6 SA# !rame)
8= Ba&" > ; *+ Mbps, baseband technology, *>; Mtrs) length, thinnet, supports up to 7+ nodes on a
single segment) 3se BN0 $British Na%al 0onnector& and T4connectors) 3se logical and physical bus
with A3" $*; pins& connectors) $Attachment 3nit "nter!ace allows one bit4at4a4time trans!er to the
physical layer !rom data link media access method)&
/ 6;
8= Ba&" 5 ; *+ Mbps, baseband technology, ;++ Mtrs) length, thicknet, up to *+6= users with 6;++
meters with repeaters) 3se logical and physical bus with A3" connectors)
8= Ba&" T ; *+ Mbps using 0at 7 3T# wiring, each de%ice must connect to hub/switch so one host
per segment or wire) 3ses RO4=; connector $> pin modular connector& with physical star and logical
bus topology)
8== Ba&" T? ; B"A/T"A 0at ;,,,or ? 3T# two4pair wiring) -ne user per segment, up to *++ Mtrs)
long) RO4=; 0onnector with a physical star and a logical bus topology) 3se M"" 44 Media
"ndependent "nter!ace $uses nibble, de!ined as = bits& which pro%ides *++ Mbps throughput)
8== Ba&" F? ; 3se !iber cabling ,6);/*6;4micron multimode !iber) #oint4to4point technology, up to
=*6 Mtrs) long, ST or S0 connector which are M"")
8=== Ba&" C? ; 0opper twisted4pair called twinax $a balanced coaxial pair& that can run up to only
6; meters) HM"" inter!ace)
8=== Ba&" T ; 0at ; 3T# !our pair wiring up to *++ meters long)
8=== Ba&" S? ; MMA using ,6);/;+ micron core, uses >;+ nano4meter laser, and range is !rom 7
<ms to *+ <ms
T$" Ci&o T$r""2,a%"r Hi"rar$ia. Mod".
T$" Cor" ,a%"r @ Ba!0on"
T$" Di&'ri0u'ion ,a%"r @ Rou'in)
T$" A"&& ,a%"r @ S(i'$in)
T$" Cor" ,a%"r;
Responsible !or transporting large amounts o! tra!!ic reliably and :uickly
-nly purpose is to switch tra!!ic as !ast as possible
"! !ailure, e%ery single user will be a!!ected
ADD", Aast Bthernet and ATMs are suitable technologies
Routing protocols with lower con%ergence time
T$" Di&'ri0u'ion ,a%"r;
Re!erred to as 1orkgroup Layer also
0ommunication point between core and access layers
#ro%ides routing, !iltering and 1AN access and how packets access to the core i! needed
#lace where policies are de!ined !or network like 4444
Routing
Access lists, packet !iltering, :ueuing
Security and network policies, including address translation and !irewalls
Redistributing between routing protocols and static routing
Routing between (LANs
De!initions o! broadcast and multicast domains
T$" A"&& ,a%"r;
Also known as Desktop Layer
/ 6,
0ontrols user and workgroup access to inter network resources
Layer where end user directly connects
0ontinued access control and policies !rom distribution layer
0reates separate collision domain
1orkgroup connecti%ity into the distribution layer
DDR and Bthernet Switching technologies
TCP7IP & DoD Mod".
T0#/"# suit was created by the Department o! De!ense to ensure and preser%e data integrity)
DoD Mod". OSI Mod". Pro'oo.&
U&"d
Fun'ion
#rocess/
Application
Application Telnet,
AT#,
L#D, SNM#,
TAT#, SMT#,
NAS, G
1indow
De!ines protocols !or node4to4node
application communication and also
controls user4inter!ace speci!ications)
#resentation
Session
ost4to4
ost
Transport T0#, 3D# De!ines protocols !or transmission ser%ice,
creates reliable end4to4end error !ree
communication, handles packet4se:uencing
and maintains data integrity)
"nternet Network "0M#, AR#,
"# RAR#,
B"HR#,
"HR#, -S#A
Designates the packet !or transmission o%er
network, pro%ides "# addresses to hosts and
handles routing o! packets among multiple
networks)
Network
Access
Data link
#hysical
Bthernet, Aast
Bthernet,
Token Ring,
ADD"
Monitors the data exchange between the
host and the network) -%ersees hardware
addressing and de!ines protocols !or
physical transmission o! data)
TCP H"ad"r For-a'
Bit + Bit *; Bit*, Bit 7*
Source #ort $*,& Destination #ort $*,&
Se:uence Number $76&
Acknowledgement Number $76&
eader
Length
$=&
Reser%ed
$,&
0ode Bits
$,&
1indow $*,&
0hecksum $*,& 3rgent $*,&
-ptions $+ or 76 i! any&
Data $%aries&
The T0# header is 6+ bytes long, or 6= bytes with options)
UDP H"ad"r For-a'
/ 6?
Bit + Bit *; Bit *, Bit 7*
Source #ort $*,& Destination #ort $*,&
Length $*,& 0hecksum $*,&
Data $i! any&
Diff"r"n"&;
TCP UDP
Se:uenced 3n se:uenced
Reliable 3nreliable
0onnection4oriented 0onnectionless
(irtual circuit Low o%erhead
Acknowledgements No acknowledgements
1indowing !low control No windowing or !low control
Por' Nu-0"r&;
T0# and 3D# must use port numbers to communicate with upper layers, because they keeps track o!
di!!erent con%ersations crossing the network simultaneously) Source port numbers are assigned by
the source host dynamically with port starting number *+6=)

Por' Nu-0"r& for TCP and UDP
Application Layer
#ort Numbers
Transport Layer
AT# Telnet Doom DNS TAT# #-#7 News
T0# 3D#
#ort Numbers below *+6= are well4known ports and de!ined in RS 7676
*+6= L abo%e are used by upper layers to set up sessions with other hosts, and by T0# to use as
source and destination addresses in T0# segment
IP H"ad"r
Bit + Bit *; Bit *, Bit 7*
(ersi
on $=&
eader
Length
$=&
#riority and
Type o! Ser%ice
$>&
Total Length
$*,&
"denti!ication $*,& Alags
$7&
Aragment -!!set $*7&
Time to Li%e $>& #rotocol $>& eader 0hecksum $*,&
Source "# Address $76&
Destination "# Address $76&
-ptions $+ or 76 i! any&
Data $%aries i! any&
Pro'oo. fi".d in '$" IP $"ad"r
Transport Layer T0# 3D#
/ 6>
**
@
**
+
,
@
;
7
,,
,
6
7
6
*
*? ,
#rotocol Number
"nternet Layer
"#
"n this example, protocol !ield tells "# header to send the data to either T0# $,& or 3D# $*?& port)
Po&&i0." +ro'oo.& found in +ro'oo. fi".d of '$" IP $"ad"r
Pro'oo. Pro'oo.
Nu-0"r
"0M# *
"HR# @
B"HR# >>
-S#A >@
"p%, =*
HRB =?
"#G in "# ***
Layer 6 Tunnel $L6T#& **;
ICMP
"nternet 0ontrol Message #rotocol works at the Network layer and is used by "# !or many di!!erent
ser%ices) "0M# is a management protocol and messaging ser%ice pro%ider !or "#)
"ts messages are carried as "# datagrams)
E/"n'& of ICMP;
D"&'ina'ion Unr"a$a0."; "! router doesn9t know about the destination !or packet it recei%ed, it will
send and "0M#4Destination 3nreachable message back to the sending station)
Buff"r Fu..; "! a router9s memory bu!!er !or recei%ing incoming datagrams is !ull, it will send the
message until the congestion abates)
Ho+&; Bach "# datagram is allotted a certain number o! routers, called hops, to pass through) "! it
reaches its limit o! hops be!ore arri%ing at its destination, the last router to recei%e that datagram
deletes it)
Pin) (Pa!"' In'"rn"' 6ro+$"r); 3ses "0M# echo messages to check the physical and logical
connecti%ity o! machines on an internetwork)
Tra"rou'"; 3sing "0M# timeouts, traceroute is used to disco%er the path a packet takes as it
tra%erses an internetwork)
ARP (Addr"&& R"&o.u'ion Pro'oo.)
AR# !inds hardware address !rom known "# address
1hen "# has a packet to send, it must in!orm the Network Access #rotocol $Bthernet or Token
Ring& o! the destination9s hardware address on the local network)
"! "# doesn9t !ind the destination host9s hardware address in the AR# cache, it uses AR# to !ind
this in!ormation)
AR# will work as "#9s detecti%e by interrogating the local network by sending out a broadcast
with host9s "# address and asking !or the hardware address)
RARP (R"/"r&" Addr"&& R"&o.u'ion Pro'oo.)
/ 6@
Resol%es MA0 address into "# address
1hen any machine without disks know its MA0 address, not "# address, so it broadcast its MA0
address to get its "# address to communicate to the network)
Then this re:uest go to the RAR# Ser%er through RAR# re:uest and that ser%er will assign one "#
address to the recei%ed MA0 address and thus the sending host will recei%e the MA0 and "# address
!rom the ser%er)
Binar% 'o D"i-a. and H"3ad"i-a. Con/"r&ion
Ni00." Aa.u"& (B 0i'&) @ C B > 8
B%'" Aa.u"& (C 0i'&) @ 8>C DB 9> 8D C B > 8
exa to Binary to Decimal 0hart
exadecimal (alue Binary (alue Decimal (alue
+ ++++ +
* +++* *
6 ++*+ 6
7 ++** 7
= +*++ =
; +*+* ;
, +**+ ,
? +*** ?
> *+++ >
@ *++* @
A *+*+ *+
B *+** **
0 **++ *6
D **+* *7
B ***+ *=
A **** *;
Bxample 2
*& +x,A T $to con%ert hex %alue to binary/decimal, take = bits as a nibble&
exa use nibble $= bits& to represent one character
ere two characters T , and A) $+x is a cisco style to know that they are a hex
%alue, no any special meaning otherwise& So , T +**+ and A T *+*+
Total > bits T +**+*+*+ T binary
And decimal would be the total o! binary, that is T *+,
6& +*+*+*+* T $to con%ert !rom binary to hex %alue, take a byte and break it into nibble&
so it would be two nibble here like +*+* and +*+*
now +*+* T ; $see the table& and other +*+* is also T ;
so hex %alue would be ;; !or +*+*+*+* binary number $?; in binary&
IP Addr"&&in)
An "# address is a numeric identi!ier assigned to each machine on an "# network
"t designates the speci!ic location o! a de%ice on the network
"t is a so!tware $logical& address, not a hardware $physical& address like N"0
/ 7+
"t was designed to allow host on one network to communicate the with a host on other network
regardless o! the types o! LANs the hosts are participating in
IP T"r-ino.o)%
Bi' A bit is one digitU either a * or a +
B%'" A byte is ? or > bits, depending on whether parity is used) Mostly > bits)
O'"' Made up o! > bits, same as byte
N"'(or! addr"&& The designation used in routing to send packets to a remote network
Bxample 2 *+)+)+)+, *?6)*,)+)+ and *@6)*,>)+)+
Broada&' addr"&& The address used by the applications and hosts to send in!ormation to all
nodes on a network is called the !roadcast address.
Bxample 2 6;;)6;;)6;;)6;; which is all networks, all nodes on network
*?6)*,)6;;)6;; which is all subnets, all hosts on network
*?6)*,)+)+
*+)6;;)6;;)6;; which broadcasts to all subnets and hosts on
network *+)+)+)+
T$" $i"rar$ia. IP Addr"&&in) S$"-"
The "# address consists o! 76 bits o! in!ormation which are di%ided into = octets or bytes o! > bits
each) Mou can depict an "# address using one o! the three methods2
*& Dotted4decimal, as in *?6)*,)7+);,
6& Binary, as in *+*+**++)+++*++++)+++****+)++***+++
7& exadecimal, as in A0)*+)*B)7>
All these examples represent the same "# address
The 1indows Registry key is a program that stores machine9s "# address in hex %alues
Maximum =)7 billion $=,6@,=@,,?,6@,&
"t is a structured two4three layer numbering scheme which is based on telephone numbering
system like one large geographical code, then pre!ix, narrows the scope to a local calling area and
then the !inal segment 'ooms with direct customer number)
Same in "# . network and host, or network, subnet and host)
N"'(or! Addr"&&in)
M"dia A"&& Con'ro. addr"&& $MAC addr"&&
E'$"rn"' Hard(ar" Addr"&& $EHA&, $ard(ar" addr"&&, ada+'"r addr"&& or +$%&ia. addr"&& is
a :uasi4uni:ue identi!ier assigned to most network adapters or network inter!ace cards $N"0s& by the
manu!acturer !or identi!ication) "! assigned by the manu!acturer, a MA0 address usually encodes the
manu!acturerVs registered identi!ication number)
Three numbering spaces, managed by the "nstitute o! Blectrical and Blectronics Bngineers $"BBB&,
are in common use !or !ormulating a MA0 address2 MAC2BC, EUI2BC, and EUI2DB) The "BBB
claims trademarks on the names WB3"4=>W and WB3"4,=W, where WB3"W stands !or E3'"nd"d Uniqu"
Id"n'ifi"r)
"n T0#/"# networks, the MA0 address o! a subnet inter!ace can be :ueried with the "# address using
the Address Resolution #rotocol $AR#& !or "nternet #rotocol (ersion = $"#%=& or the Neighbor
/ 7*
Disco%ery #rotocol $ND#& !or "#%,) -n broadcast networks, such as Bthernet, the MA0 address
uni:uely identi!ies each node and allows !rames to be marked !or speci!ic hosts) "t thus !orms the
basis o! most o! the Link layer $-S" Layer 6& networking upon which upper layer protocols rely to
produce complex, !unctioning networks)
The standard $"BBB >+6& !ormat !or printing MA04=> addresses in human4!riendly !orm is six
groups o! two hexadecimal digits, separated by hyphens $-& or colons $:&, in transmission order, e)g)
01-23-45-67-89-ab, 01:23:45:67:89:ab) This !orm is also commonly used !or B3"4,=) -ther less
common con%entions use three groups o! !our hexadecimal digits separated by dots $.&, e)g)
0123.4567.89abU again in transmission order)
Addr"&& d"'ai.&
All three numbering systems use the same !ormat and di!!er only in the length o! the identi!ier)
Addresses can either be Wuni%ersally administered addressesW or Wlocally administered addresses)W
A uni/"r&a..% ad-ini&'"r"d addr"&& is uni:uely assigned to a de%ice by its manu!acturerU these are
sometimes called Wburned4in addressesW $B"A&) The !irst three octets $in transmission order& identi!y
the organi'ation that issued the identi!ier and are known as the -rgani'ationally 3ni:ue "denti!ier
$-3"&)
Q6R
The !ollowing three $MA04=> and B3"4=>& or !i%e $B3"4,=& octets are assigned by that
organi'ation in nearly any manner they please, subCect to the constraint o! uni:ueness) The "BBB
expects the MA04=> space to be exhausted no sooner than the year 6*++U B3"4,=s are not expected
to run out in the !oreseeable !uture
Qcitation neededR
)
A .oa..% ad-ini&'"r"d addr"&& is assigned to a de%ice by a network administrator, o%erriding the
burned4in address) Locally administered addresses do not contain -3"s)
3ni%ersally administered and locally administered addresses are distinguished by setting the second
least signi!icant bit o! the most signi!icant byte o! the address) "n B3"4,= addresses, i! the bit is +, the
/ 76
address is uni%ersally locally administered) "! it is *, the address is locally globally administered) The
bit is + in all -3"s) Aor example, +64++4++4++4++4+*) The most signi!icant byte is +6h) The binary is
++++++8+ and the second least signi!icant bit is *) There!ore, it is a locally administered address)
Q7R
"! the least signi!icant bit o! the most signi!icant byte is set to a +, the packet is meant to reach only
one recei%ing N"0) This is called unicast) "! the least signi!icant bit o! the most signi!icant byte is set
to a *, the packet is meant to be sent only once but still reach se%eral N"0s) This is called multicast)
The !ollowing technologies use the MA04=> identi!ier !ormat2
Bthernet
>+6)** wireless networks
Bluetooth
"BBB >+6); token ring
most other "BBB >+6 networks
ADD"
ATM $switched %irtual connections only, as part o! an NSA# address&
Aibre 0hannel and Serial Attached S0S" $as part o! a 1orld 1ide Name&
The distinction between B3"4=> and MA04=> identi!iers is purely semantic2 MA04=> is used !or
network hardwareU B3"4=> is used to identi!y other de%ices and so!tware) $Thus, by de!inition, an
B3"4=> is not in !act a WMA0 addressW, although it is syntactically indistinguishable !rom one and
assigned !rom the same numbering space)&
The "BBB now considers the label MA04=> to be an obsolete term which was pre%iously used to
re!er to a speci!ic type o! B3"4=> identi!ier used to address hardware inter!aces within existing >+64
based networking applications and should not be used in the !uture) "nstead, the term B3"4=> should
be used !or this purpose)
"t uni:uely identi!ies each network
B%ery machine on the same network shares that network address as part o! its "# address
"n "# address *?6)*,)7+);,, *?6)*, is network number and 7+);, is node number
The networks are classi!ied into three classes
0lass A 2 small number o! networks with large number o! hosts
0lass B 2 between %ery large networks and large hosts
0lass 0 2 numerous networks with small amount o! hosts
0lass A Network ost ost ost
0lass B Network Network ost ost
0lass 0 Network Network Network ost
0lass D Multicast
0lass B Research
De!ined heading bit !or classes to make routing decision !aster
0lass A 2 =1 0lass B 2 8=1 0lass 0 2 88=
$which helps router to decide which class an "# address belongs and make !aster routing decision&
/ 77
R"&"r/"d IP Addr"&&"&
Addr"&& Fun'ion
Network address o! all +s this network or segment
Network address o! all *s All networks
Network *6?)+)+)* Reser%ed !or loopback tests) Designates the local node and
allows that node to send a test packet to itsel! without
generating network tra!!ic
Node address o! all +s Network address or any host on speci!ied network
Node address o! all *s All nodes, on the speci!ied network, !or example,
*6>)6)6;;)6;; means all nodes on network *6>)6 $class B
network&
Bntire "# address set to all +s 3sed by 0isco routers to designate the de!ault root) 0ould
also mean any network
Bntire "# address set to all *s
$same as 6;;)6;;)6;;)6;;&
Broadcast to all nodes on the current networkU sometimes
called an all *s broadcast or limited broadcast
C.a&& A addr"&&"&;
Network.node.node.node
Range : 1.0.0.0 to 127.255.255.254
0lass A (alid ost "Ds
All host bits o!! is the network address2 *+)+)+)+
All host bits on is the broadcast address2 *+)6;;)6;;)6;;
(alid hosts are between the network address and broadcast address2 *+)+)+)* through
*+)6;;)6;;)6;=)
C.a&& B addr"&&"&;
Network.network.node.node
Range: 128.0.0.1 to 191.255.255.254
0lass B (alid ost "Ds
All host bits turned o!! is the network address2 *?6)*,)+)+
All host bits turned on is the broadcast address2 *?6)*,)6;;)6;;
(alid hosts between network and broadcast address2 *?6)*,)+)* through *?6)*,)6;;)6;=
C.a&& C addr"&&"&;
Network.network.network.node
Range: 192.0.0.0 to 223.255.255.254
0lass 0 (alid ost "Ds
All host bits turned o!! is the network "D2 *@6)*,>)*++)+
All host bits turned on is the broadcast address2 *@6)*,>)*++)6;;
(alid hosts between network and broadcast address2*@6)*,>)*++)* through *@6)*,>)*++)6;=
/ 7=
Pri/a'" IP Addr"&&"&
These addresses can be used on a pri%ate network, but they are not routable through the "nternet
This is designed !or the purpose o! creating a measure o! well4needed security, but it also
con%eniently sa%es %aluable "# address space
R"&"r/"d IP Addr"&& S+a"
Addr"&& C.a&& R"&"r/"d Addr"&& S+a"
0lass A *+)+)+)+ through *+)6;;)6;;)6;;
0lass B *?6)*,)+)+ through *?6)7*)6;;)6;;
0lass 0 *@6)*,>)+)+ through *@6)*,>)6;;)6;;
Broada&' Addr"&&"&
Four '%+"& of 0roada&' addr"&&;
,a%"r > 0roada&'& These are sent to all nodes on a LAN) $one to all comm)&
,a%"r 9 0roada&'& These are sent to all nodes on the network) $one to all comm))&
Unia&' These are sent to a single destination host) $one to one comm)&
Mu.'ia&' These are packets sent !rom a single source, and transmitted to many de%ices on
di!!erent networks $sends message to group o! users only . one to many communication&)
Rou'"r Co-+on"n'&
0isco routers ha%e %arious components that are controlled by the 0isco "-S) These components
include such things as memory, inter!aces, and ports) Bach component has a purpose that pro%ides
added !unctionality to a router) A re%iew o! these components will be use!ul in understanding each o!
their roles within a router)
M"-or%
A router contains di!!erent types o! memory, where it can store images, con!iguration !iles, and
microcode) The types o! memory and their purposes are as !ollows2
RAMX -!ten re!erred to as dynamic random4access memory $DRAM&) RAM is the working
area o! memory storage used by the 0#3 to execute 0isco "-S so!tware and to hold the
running con!iguration !ile, routing tables, and AR# cache) The running con!iguration !ile
$running4con!ig& contains the current con!iguration o! the so!tware) "n!ormation in RAM is
cleared when the router is power4cycled or reloaded)
R-MX Sometimes re!erred to as erasable programmable read4only memory $B#R-M&)
R-M is hard4wired read4only memory in the router) R-M contains power4on sel!4test
$#-ST& diagnostics and the bootstrap or boot4loader so!tware) This code allows the router to
boot !rom R-M when it cannot !ind a %alid 0isco "-S so!tware image) This is known as
R-M Monitor mode) This is a diagnostic mode that pro%ides a user inter!ace when the router
cannot !ind a %alid image)
/ 7;
AlashX A%ailable as B#R-Ms, single in4line memory modules $S"MMs&, or #0M0"A cards)
Alash is the de!ault location where a router !inds and boots its "-S image) -n some plat!orms,
additional con!iguration !iles or boot images can be stored in Alash) The contents o! Alash are
retained when the router is power4cycled or reloaded)
N(RAMX Non%olatile random4access memory) N(RAM stores the startup con!iguration
!ile $startup4con!ig&, which is used during system startup to con!igure the so!tware) "n
addition, N(RAM contains the so!tware con!iguration register, a con!igurable setting in
0isco "-S so!tware that determines which image to use when booting the router) The
contents o! N(RAM are retained when the router is power4cycled or reloaded)
Table 64* pro%ides a summary o! these memory types, their !unction, and use!ul 0isco "-S so!tware
commands when managing these di!!erent types o! memory)
Ta0." >28: M"-or% T%+"&
M"-or% T%+" Con'"n'& U&"fu. Ci&o IOS Sof'(ar" Co--and&
RAM Running con!iguration !ile
Routing tables
AR# cache
1orking memory
show running4con!ig
show ip route
show arp
show memory
R-M #-ST
Bootstrap
R-M Monitor mode
Locate and load "-S
X
Alash "-S
Additional con!iguration !iles
Additional "-S images
show !lash
N(RAM Startup con!iguration !ile
0on!iguration register
show startup4con!ig
show %ersion
An understanding o! the di!!erent types o! memory and their !unction within the router helps not only
clari!y where the "-S image and con!iguration !iles are stored, but also pro%es use!ul by allowing the
user to manipulate these con!iguration !iles during the con!iguration process and understand what
area o! memory is being changed)
/ 7,
In'"rfa"& and Por'&
Routers contain di!!erent types o! inter!aces and ports) "nter!aces assist the router in routing packets
and bridging !rames between network segments, and they pro%ide a connection point to di!!erent
types o! transmission media) #orts, on the other hand, pro%ide management access to the router)
Some common inter!ace types are as !ollows2
Serial
Bthernet
Token Ring
Asynchronous
ADD"
The preceding types o! inter!aces are some o! the most commonU howe%er, inter!ace types are in no
way static) "nter!ace types are added as new technologies e%ol%e and methods are needed to
interconnect and integrate network de%ices) An example o! this is the %oice inter!ace a%ailable in the
0isco 6,++ series that connects to a pri%ate branch exchange $#BG& or standard analog phone)
#orts on the router enable a user to connect to the router !or management and con!iguration purposes)
Mou can connect either a terminal $DTB& or a modem $D0B& to these ports) Some o! the common
ports are2
0onsole
Auxiliary $A3G&
The console and auxiliary ports are physical ports on the router that pro%ide management access to
the router) "n addition to these, there are also %ty lines, which are so!tware4de!ined lines that allow
Telnet access to the router) The de!ault %ty con!iguration is %ty lines + through =, allowing !i%e
simultaneous Telnet sessions to the router) #asswords can be con!igured on each %ty line to secure
access to the router)
Co--and2,in" In'"rfa"
0L" is the acronym used by 0isco to denote the command4line inter!ace o! the "-S) 0L" is the
primary inter!ace used to con!igure, manage, and troubleshoot 0isco de%ices) This user inter!ace
enables you to directly execute "-S commands, and it can be accessed through a console, modem, or
Telnet connection) Access by any o! these methods is generally re!erred to as an BGB0 session)
E?EC ,"/".& or Mod"&
Two di!!erent BGB0 sessions exist, user BGB0 le%el and pri%ileged BGB0 le%el) Bach le%el
pro%ides a di!!erent amount o! access to the commands within the "-S) 3ser BGB0 pro%ides access
to a limited number o! commands that allow basic troubleshooting and monitoring o! the router)
#ri%ileged BGB0 le%el allows access to all router commands, such as con!iguration and management
settings) #assword protection to the pri%ileged BGB0 le%el is highly recommended to pre%ent
unauthori'ed con!iguration changes !rom being made to the router) 3pon initiating an BGB0 session
/ 7?
on the router, a user is placed in user BGB0 mode) This is denoted in the router with the 5 promptX
!or example2
Router>
To change to the pri%ileged BGB0 le%el, type in the command enable, as shown2
Router> enable
Password: [enable password
"! an enable password has been set, the router prompts you !or it) 1hen you enter the correct enable
password, the prompt changes !rom Router5 to RouterY) This indicates that you ha%e success!ully
entered into pri%ileged BGB0 mode, as shown2
Router>
Password: [enable password
Router!
T"#
Bnable passwords show up as clear text in the running con!iguration !ile) "! this is undesirable !or
your en%ironment, 0isco "-S so!tware o!!ers another optionXencrypt the enable password using the
enable secret command) 3sing the enable secret command ensures that the password is not displayed
as clear text in the running con!iguration !ile)
IOS C,I Hi"rar$%
0isco "-S so!tware is structured in a hierarchical manner) "t is important to understand this structure
to success!ully na%igate within 0isco "-S so!tware) As mentioned pre%iously, there are two BGB0
modes2 user BGB0 and pri%ileged BGB0) #ri%ileged BGB0 mode is composed o! %arious
con!iguration modes2
Hlobal con!iguration mode
"nter!ace con!iguration mode
Router con!iguration mode
Line con!iguration mode
Aigure 64* pro%ides a %isual breakdown o! the con!iguration modes)
Fi)ur" >28: Ci&o IOS Sof'(ar" C,I Hi"rar$%
1ithin each mode, certain commands are a%ailable !or execution) 3sing the context4sensiti%e help,
you can see a list o! which commands are a%ailable) 1hile na%igating the 0L", the router prompt
changes to re!lect your current position within the 0L" hierarchy) Table 646 summari'es the main
command prompts within the 0L" hierarchy)
/ 7>
Ta0." >2>: C,I Co--and Pro-+'& 0% Mod"
Co--and
Pro-+' Mod"
IOS Co--and 'o En'"r
Co--and Mod" D"&ri+'ion
Router5 3ser BGB0 mode De!ault mode upon login Limited inspection o!
router in!ormation
Router Y #ri%ileged BGB0
mode
Arom Router5, type enable Detailed inspection,
testing, debug, and
con!iguration
commands
Router$con!ig&Y 0on!iguration mode Arom RouterY, type con!ig
terminal
igh4le%el
con!iguration or global
con!iguration changes
Router $con!ig4
i!&Y
"nter!ace le%el
$submenu o!
con!iguration mode&
Arom Router$con!ig&Y, type
inter!ace Qinter!ace nameRX!or
example, Bthernet+
"nter!ace4speci!ic
commands
Router $con!ig4
router&Y
Routing engine le%el
$submenu o!
con!iguration mode&
Arom Router$con!ig&Y, type
router Qrouting protocolRX!or
example, rip, igrp, and so !orth
Routing engine
commands
Router $con!ig4
line&Y
Line le%el $submenu
o! con!iguration
mode&
Arom Router$con!ig&Y, type line
QportRX!or example, aux+,
console+, %ty + =
Line4con!iguration
commands
Con'"3'2S"n&i'i/" H".+
"n both user and pri%ileged BGB0 modes, you can see a listing o! a%ailable commands by typing a
:uestion mark $J& at the Router5 or RouterY prompts) This is re!erred to as context4sensiti%e help)
Bxample 64* shows context4sensiti%e help !rom user BGB0 mode)
E3a-+." >28 Con'"3'2S"n&i'i/" H".+ fro- U&"r E?EC Mod"
Router>"
#$e% %o&&ands:
'1-99> (ess)on nu&ber to resu&e
a%%ess-enable *reate a te&porar+ ,%%ess--)st entr+
%lear Reset .un%t)ons
%onne%t /pen a ter&)nal %onne%t)on
d)sable 0urn o.. pr)1)le2ed %o&&ands
d)s%onne%t 3)s%onne%t an e$)st)n2 networ4 %onne%t)on
enable 0urn on pr)1)le2ed %o&&ands
e$)t #$)t .ro& t5e #6#*
5elp 3es%r)pt)on o. t5e )ntera%t)1e 5elp s+ste&
lat /pen a lat %onne%t)on
lo%4 -o%4 t5e ter&)nal
lo2)n -o2 )n as a part)%ular user
lo2out #$)t .ro& t5e #6#*
&r)n.o Re7uest ne)25bor and 1ers)on )n.or&at)on .ro& a &ult)%ast
router
&stat (5ow stat)st)%s a.ter &ult)ple &ult)%ast tra%eroutes
&tra%e 0ra%e re1erse &ult)%ast pat5 .ro& dest)nat)on to sour%e
na&e-%onne%t)on 8a&e an e$)st)n2 networ4 %onne%t)on
pad /pen a 6.29 P,3 %onne%t)on
p)n2 (end e%5o &essa2es
/ 7@
ppp (tart 9#0: Po)nt-to-Po)nt Proto%ol ;PPP<
--=ore--
Bxample 64* displays the commands a%ailable !or execution !rom user BGB0 mode) 1hen the
number o! commands a%ailable exceed that which can be displayed on the screen, the "-S displays
the 44More44 prompt) #ressing the Spacebar presents the next page o! commands, o!ten !ollowed by
another 44More44 until all remaining commands are displayed and youVre returned to the Router5
prompt, as demonstrated in Bxample 646)
E3a-+." >2> Hi''in) '$" S+a"0ar Con'inu"& '$" Con'"3'2S"n&i'i/" H".+ ,i&'in) and
R"'urn& You 'o '$" U&"r E?EC Mod" Pro-+'
-o2out #$)t .ro& t5e #6#*
&r)n.o Re7uest ne)25bor and 1ers)on )n.or&at)on .ro& a &ult)%ast
router
&stat (5ow stat)st)%s a.ter &ult)ple &ult)%ast tra%eroutes
&tra%e 0ra%e re1erse &ult)%ast pat5 .ro& dest)nat)on to sour%e
na&e-%onne%t)on 8a&e an e$)st)n2 networ4 %onne%t)on
pad /pen a 6.29 P,3 %onne%t)on
p)n2 (end e%5o &essa2es
ppp (tart 9#0: Po)nt-to-Po)nt Proto%ol ;PPP<
resu&e Resu&e an a%t)1e networ4 %onne%t)on
rlo2)n /pen an rlo2)n %onne%t)on
s5ow (5ow runn)n2 s+ste& )n.or&at)on
sl)p (tart (er)al-l)ne 9P ;(-9P<
s+stat 3)spla+ )n.or&at)on about ter&)nal l)nes
telnet /pen a telnet %onne%t)on
ter&)nal (et ter&)nal l)ne para&eters
tn3270 /pen a tn3270 %onne%t)on
tra%eroute 0ra%e route to dest)nat)on
tunnel /pen a tunnel %onne%t)on
w5ere -)st a%t)1e %onne%t)ons
$3 (et 6.3 para&eters on P,3
$re&ote #nter 6Re&ote &ode
Router>
Mou can repeat the same process to get a list o! a%ailable commands !rom pri%ileged BGB0 mode)
The only di!!erence is that more commands are a%ailable within pri%ileged BGB0 mode)
To !ind out what commands are a%ailable that begin with the letter c, you would type the letter c
immediately !ollowed by a J) This is re!erred to as word help, and it is use!ul when you know what
the command begins with, but not the exact syntax) Bxample 647 demonstrates this concept)
E3a-+." >29 U&in) #ord H".+ 'o Find '$" E3a' S%n'a3 of a Co--and
Router!%"
%lear %lo%4 %on.)2ure %onne%t %op+
As more letters are added to the command you need help !or, the context4sensiti%e help !eature
narrows down the a%ailable commands to choose !rom) Bxample 64= demonstrates what you would
see i! you narrowed your search by adding additional letters such as coJ or conJ)
E3a-+." >2B Addin) C$ara'"r& in a Co--and I--"dia'".% Fo..o("d 0% a * H".+& You
Narro( Your Co--and S"ar$
Router!%"
%lear %lo%4 %on.)2ure %onne%t %op+
Router!%o"
/ =+
%on.)2ure %onne%t %op+
Router!%on"
%on.)2ure %onne%t
Suppose that you need more in!ormation on the syntax o! the con!igure command) 0ommand help is
a%ailable to list arguments that are a%ailable with a gi%en command by typing the command,
!ollowed by a space and a J) Aor example, i! you want to !ind out what commands were a%ailable to
use with the con!igure command, you would type con!igure J, as demonstrated in Bxample 64;)
E3a-+." >25 En'"rin) C$ara'"r& in a Co--and Fo..o("d 0% * H".+& You Find '$" E3a'
S%n'a3 of a Co--and
Router!%on.)2ure "
&e&or+ *on.)2ure .ro& 8> &e&or+
networ4 *on.)2ure .ro& a 0:0P networ4 5ost
o1erwr)te-networ4 /1erwr)te 8> &e&or+ .ro& 0:0P networ4 5ost
ter&)nal *on.)2ure .ro& t5e ter&)nal
'%r>
Ainally, the command parser has the capability to distinguish erroneous commands that are entered
incorrectly, as well as prompt you when more speci!ic command arguments are needed) 1hen an
erroneous command is entered, the help !eature returns the output shown in Bxample 64,)
E3a-+." >2D En'"rin) an Erron"ou& Co--and 6"n"ra'"& a M"&&a)" 'o India'" '$" S%n'a3
Error
Router!s5ow rnn)n2-%on.)2
?
@ 9n1al)d )nput dete%ted at A?A &ar4er.
The Z marker indicates where the error in the syntax occurred) 1hen a more speci!ic command
argument is needed to distinguish among multiple possibilities, the help !eature returns [Ambiguous
command2, as shown in Bxample 64?)
E3a-+." >24 En'"rin) a Co--and R"quirin) Mor" S+"ifi Para-"'"r& 6"n"ra'"& an
A-0i)uou& Co--and M"&&a)"
Router!s5ow a%%ess
@ ,&b)2uous %o&&and: Bs5ow a%%essB
This is easily corrected by typing more o! the command so that multiple possibilities no longer exist,
as shown in Bxample 64>)
E3a-+." >2C En'"rin) a Co--and (i'$ '$" R"quir"d Ar)u-"n'& 'o E.i-ina'" '$"
A-0i)uou& Co--and Error
Router!s5ow a%%ess-l)sts
(tandard 9P a%%ess l)st 1
per&)t an+
Bach o! these context4sensiti%e help !eatures is use!ul in helping you determine whether the
command syntax is incorrect)
Ho' K"%&
The 0L" also pro%ides hot keys !or easier na%igation within the "-S and pro%ide shortcuts !or editing
!unctions) Table 647 pro%ides a list o! shortcuts that are a%ailable)
/ =*
Ta0." >29: C,I Ho' K"%& for Ci&o IOS Sof'(ar" Co--and Edi'in) Fun'ion&
K"% S"qu"n" D"&ri+'ion
0trl4A Mo%es the cursor to the beginning o! the current line
0trl4R Redisplays a line
0trl43 Brases a line
0trl41 Brases a word
0trl4\ Bnds con!iguration mode and returns to pri%ileged BGB0 mode
Tab Ainishes a partial command
Backspace Remo%es one character to the le!t o! the cursor
0trl4# or 3p Arrow Allows you to scroll !orward through !ormer commands
0trl4N or Down Arrow Allows you to scroll backward through !ormer commands
0trl4B Mo%es the cursor to the end o! the current line
0trl4A or right arrow Mo%es !orward one character
0trl4B or le!t arrow Mo%es back one character
Bsc]B Mo%es back one word
Bsc]A Mo%es !orward one word
Dir"' A"&& 'o Rou'"r& and S(i'$"& T$rou)$ a Con&o." Por'
Most 0isco de%ices use a rollo%er cable connected to the console port on the router or switch) Aor
exceptions, consult the product documentation to %eri!y whether you should use a straight4through or
rollo%er cable) The cable is then connected to an RO4=;.to.DB4@ or RO4=;.to.DB46; terminal
adapter that is attached to a serial communications port $0-M*, 0-M6, or other 0-M port& on the
#0) Aigure =4* shows how this is done)
Fi)ur" B28: Conn"'in) a D"/i" (i'$ a Con&o." Ca0."
Co-+on"n'& of Rou'in) Da'a
Rou'in) Ta0."&; rou'"rE&$ i+ rou'"
R or I or D 845:>8:=:=78D F8>=78G or F8==785955BCG /ia 8=:8=:8=:81 ==;==;8C1 &"ria.=7=
C 8=:8=:8=:= i& dir"'.% onn"'"d1 &"ria.=7=
1here R means by which the entry was learned on this router) ere it is R"#) I means "HR#, D
means B"HR#
845:>8:=:=78D is the network address and number o! bits in subnet mask o! the destination network
F8>= or 8== is the administrati%e distance o! the route)
78 or 785955BC is the metric o! the route speci!ic to the routing protocol used to determine the route)
R"# uses hops $max)*;& as its metric) A hop is how many routers away the destination network is)
And composite metric $with bandwidth, delay o! line by de!ault plus reliability, load, MT3 in igrp,
eigrp&
/ia 8=:8=:8=:8 is the next hop address !or the route) This is the address the packet will need to be
sent to in order !or the packet to reach its destination)
/ =6
==;==;8C the length o! the time since the route has been updated in the routing table) "n this case the
route was updated *> seconds ago)
S"ria.=7= the inter!ace the route was learned through) This is also the inter!ace the packet will be
switched to " order !or the packet to be !orwarded toward its destination)
S'a'ia..% D"fin"d Rou'"&
A statically de!ined route is one in which a route is manually entered into the router) A static route
can be entered into the router with the !ollowing command in global con!iguration mode2
>5=8(onfi))Ei+ rou'" +r"fi3 -a&! Haddr"&& I in'"rfa"J di&'an"
>5=8(onfi))Ei+ rou'" 8K>:8DC:>=:= >55:>55:>55:= 84>:8D:5=:8
D"fau.' Rou'"; i+ rou'" =:=:=:= =:=:=:= 84>:8D:5=:8
D%na-i Rou'"&; A dynamic routing is a process in which a routing protocol will !ind the best
path in a network and maintain that route) "t will disco%er all the possible routes to one destination,
implement its prede!ined rules, and come up with the best route to the destination)
D%na-i Rou'in) Pro'oo.&
In'"rior 6a'"(a% Pro'oo. (I6P) E3'"rior 6a'"(a% Pro'oo.
(E6P)
Border Hateway #rotocol
Ca'")oriL"d in'o '(o a'")ori"&;
8: C.a&&fu. Rou'in) Pro'oo. C.a&&."&& Rou'in) Pro'oo.
R"#%*, "HR# R"#%6, B"HR#, -S#A, "S4"S, BH#
>: Di&'an"2A"'or Rou'in) Pro'oo. ,in! S'a'" Rou'in) Pro'oo.
R"#, "HR#, BHR# -S#A, "S4"S
Di&'an"2A"'or Co-+ari&on&
C$ara'"ri&'i RIP/8 RIP/> I6RP EI6RP
0ount to in!inity ? ? ?
Split hori'on with poison re%erse ? ? ? ?
old down timer ? ? ?
Triggered update with route
poisoning
? ? ? ?
Load balancing with e:ual paths ? ? ? ?
Load balancing with une:ual paths ? ?
(LSM support ? ?
Automatic Summari'ation ? ? ? ?
Metric Ho+& Ho+& Co-+o&i'" Co-+o&i'"
op count limit 8D 8D >55 (8== 0%
d"f:)
>55 (8== 0%
d"f:)
Support !or si'e o! network M"diu
-
M"diu
-
,ar)" ,ar)"
I6RP & EI6RP ar" '$" on.% Ci&o +ro+ri"'ar% rou'in) +ro'oo.&:
Mo&' di&'an"2/"'or rou'in) +ro'oo.& $a/" fo..o(in) $ara'"ri&'i&;
P"riodi U+da'"&; The length o! time be!ore a router will send out an update) Aor R"#, its 7+
seconds and !or "HR#, its @+ seconds)
/ =7
N"i)$0or&; -ther routers on the same logical, or data link, connection)
Broada&' U+da'"&; 1hen a router becomes acti%e it will send out a message to the broadcast
address stating that it is ali%e) "n return, neighboring routers participating in the same routing
protocol will respond to this broadcast)
Fu.. Rou'in) Ta0." U+da'"&; Most d4% routing protocols will send their entire routing table to their
neighbors) This occurs when the periodic update timer expires)
Rou'in) 0% Ru-or; A router will send its routing table to all o! its directly connected neighbors) "n
return, all o! the neighboring routers will send their routing tables to all o! their directly connected
neighbors) This will continue until all routers running the same distance4%ector routing protocol are
reached)
In/a.id Ti-"r; Determines the length o! time that must elapse $*>+ seconds !or R"#& be!ore a router
determines that a route has become in%alid) "t happens when a router inter!ace not heard any updates
about a particular route !or that period)
S+.i' HoriLon; #re%ents what is known as a re%erse route) A re%erse route occurs when a router
learns a route !rom a neighbor and the router turns around and sends that route back to the neighbor
that the router learned it !rom, causing an in!inite loop) The split hori'on pre%ents this by setting a
rule that a route cannot be ad%ertised out the same inter!ace the route was learned out)
Coun'in) 'o Infini'%; "n networks that are slow to con%erge, another type o! routing loop can occur)
This loop occurs when routers ha%e multiple paths to the same destination) 1hat happens in this case
is the routing table is populated with the best route to the destination e%en though it has two routes to
the e destination) So, when the destination network goes down, the updates about the destination
being unreachable can arri%e at the router at di!!erent times) The router in turn ad%ertises out that it
has another route to the destination) This will continue across the network, incrementing the hop
count at each router it encounters) B%en though the destination network is down, all o! the routers
participating in the routing process think they ha%e an alternate route to the network, causing a loop)
This issue has been corrected by en!orcing maximum hop counts) 1hen a route reaches the
maximum hop count limit, the route is marked as unreachable and remo%ed !rom the router9s routing
table)
Tri))"r"d U+da'"&; "t increases the speed o! con%ergence on a network) "nstead o! the router9s
ha%ing to wait until the periodic update timer expires and sends out an update, a triggered update will
send out an update as soon as a signi!icant e%ent occurs and speeding up con%ergence and cutting
down on the risk o! the network loops due to con%ergence issues)
Ho.d2do(n Ti-"r; "t is used when in!ormation about a route changes) 1hen the new in!ormation is
recei%ed or a route is remo%ed, the router will place that route in a hold4down state) This means that
the router will not ad%ertise, nor will it accept ad%ertisements about this route !or the time period
speci!ied by the hold4down timer) A!ter the time period expires, the router will start accepting and
sending ad%ertisements about the route)
ROUTIN6 INFORMATION PROTOCO, (RIP)
RIP/8 @ C.a&&fu. rou'in) +ro'oo. ((i.. no' &"nd a &u0n"' -a&! in '$" rou'in) u+da'")
RIP/> @ C.a&&."&& rou'in) +ro'oo. ((i.. &"nd a &u0n"' -a&! in '$" rou'in) u+da'")
Authentication o! routing updates through clear text or md; $optional&
Multicast route updates
Next4hop addresses carried with each route entry
Rou'"r(onfi))Erou'"r ri+1 /"r&ion > o--and 'o u&" RIP/>

C$ara'"ri&'i& of RIP
Distance4(ector Routing #rotocol
3se Bellman4Aord algorithm
3se hop count as metric, maximum *;, *, is unreachable
Route update timer, periodic updates is set to 7+ seconds by de!ault
/ ==
Route in%alid timer is set to *>+ seconds) This is the time it will take be!ore a route will be
marked as unreachable)
Route !lush timer is 6=+ seconds) This is the time between the route being marked as
unreachable and the route being remo%ed !rom the routing table) "n the time period between
the in%alid timer and the !lush timer, neighboring routers will be noti!ied about the route9s
unreachable)
,in!2S'a'" Rou'in);
"n link4state routing, each router knows the exact topology o! the network)
This will limit the number o! bad routing decisions that can be made because each router in the
process has an
identical %iew o! the network)
Bach router in the network will report on its state, the directly connected links, and the state o!
each link) The router
will then propagate this in!ormation to all routers in the network)
"t does not pass the entire routing table, on.% '$" $an)"d infor-a'ion or a -"&&a)" of no
$an)" a!ter a gi%en period o! time is passed) This is known as LSA $Link state ad%ertisement&)
Bach LSA will include an identi!ier !or the link, the state o! the link and a metric !or the link)
3se o! LSA will reduce the bandwidth utili'ation)
But more complex to con!igure than distance4%ector routing protocol
-S#A and "S4"S $"ntegrated "ntermediate System to "ntermediate System& LSR protocols
Ho( ,SR (or!&;
1hen router becomes acti%e, it has to !orm adCacency with its directly connected neighbors
A!ter !orming adCacencies, the router then sends out link4state ad%ertisements to each o! its
neighbors) A!ter recei%ing
and copying the in!ormation !rom the LSA, the router !orwards, or !loods, the LSA to each o! its
neighbors)
All o! the routers then store the LSAs in their own database) This means all routers ha%e the same
%iew o! the network
topology)
Bach router then uses the DiCkstra algorithm to compute its best route to a destination)
,in!2S'a'" Co-+ari&on&
B"HR# is a hybrid protocol, contains the characteristics !rom both d4% and l4s routing protocols)
C$ara'"ri&'i OSPF IS2IS EI6RP
ierarchical topology needed ? ?
Retains knowledge o! all possible
routes
? ? ?
Manual route summari'ation ? ? ?
Automatic route summari'ation ?
B%ent4triggered announcement ? ? ?
Load balancing with une:ual paths ?
Load balancing with e:ual paths ? ? ?
(LSM support ? ? ?
Metric Co&' Co&' Co-+o&i'"
op count limit Un.i-i'"d 8=>B 8== 0% d"f:
Support !or si'e o! network ,ar)" A"r% .ar)" ,ar)"
D"fau.' Ad-ini&'ra'i/" Di&'an"
Sour" of Rou'" D"fau.' AD Sour" of Rou'" D"fau.' AD
/ =;
0onnected "nter!ace + "S4"S **;
Static Route * R"# *6+
B"HR# Summary ; BH# *=+
Bxternal BH# 6+ Bxternal B"HR# *?+
B"HR# @+ "nternal BH# 6++
"HR# *++ 3nknown 6;;
-S#A **+
A"rif%in) rou'"&; >5=8M&$ i+ rou'"
T"&'in) and 'rou0."&$oo'in); +in)1 'ra"rou'"
N"'(or! Addr"&& Tran&.a'ion;
NAT $Network Address Translation& and #AT $#ort Address Translation& are used to extend the
current address space by translating one address to another and help to alle%iate shortage)
NAT T"r-ino.o)%;
NAT can be broken into two types, NAT and #AT)
NAT is the one4to4one translation o! "# addresses !rom an inside local "# address to an outside
global "# address that is uni:ue and routable on the "nternet)
#AT is sometimes re!erred to as NA#T $Network Address and #ort Translation&) "t is a many4to4
one translation because it can take multiple inside local "# addresses and translate them to one inside
global "# address)
In&id" .oa.; The inside local address is the "# address used by a host on the pri%ate side o! the
network)
In&id" 6.o0a.; The inside global address is the public "# address into which the inside local address
will be translated) This is typically a globally uni:ue and routable "# address, which hosts on the
outside network would use to communicate with the inside local "# address)
Ou'&id" ).o0a.; The outside global address is the actual "# address o! a host that resides on the
outside public network and is usually a globally uni:ue and routable "# address)
Ou'&id" .oa.; The outside local address is the "# address used to translate an outside global "#
address) This may or may not be a registered "# address, but it must be routable on the inside o! your
network)
Ho( NAT (or!&;
Tra!!ic that is sourced on the inside o! the network !rom inside host $"nside ost&, coming to an
inter!ace marked as inside, will ha%e an inside local address as its source "# address $SA "nside
Local& and an outside local address as the destination "# address $DA -utside Local&)
/ =,
NAT "nter!ace
"nside ost
NAT "nter!ace
-utside ost
SA "nside
Local
DA -utside
Local
SA "nside
Hlobal
DA -utside
Hlobal
DA "nside
Local
SA -utside
Local
DA "nside
Hlobal
SA -utside
Hlobal
NAT
Route
r
1hen that tra!!ic reaches the NAT process and is switched to the outside network, going out an
inter!ace marked as outside, the source "# address will be known as the inside global address $SA
"nside Hlobal& and the destination "# address will be known as the outside global address $DA
-utside Hlobal&)
1hen tra!!ic is sourced on the outside o! the network !rom outside host $-utside ost&, coming to
an inter!ace marked as outside, the source "# address is known as the outside global address $SA
-utside Hlobal&, while the destination "# address is known as the inside global address $DA "nside
Hlobal&)
1hen the tra!!ic reaches the NAT process and is switched to the inside network, going out an
inter!ace marked as an inside, the source "# address will be known as the outside local address $SA
-utside Local& and the destination "# address will be known as the inside local address $DA "nside
Local&)
Ad/an'a)" of NAT;
NAT allows you to incrementally increase or decrease the number o! registered "# addresses
without changing de%ices $hosts, switches, routers etc)& in the network) But sometimes you need to
change the de%ice with NAT)
NAT can be used either statically or dynamically2
Static translations are manually con!igured to translate a single global "# address to a
single local "# address and %ice %ersa) This transaction always exists in the NAT table until it is
manually remo%ed) -ptionally, this translation could be con!igured between a single inside "#
address and port pair to a single outside "# address and port pair using either T0# or 3D#) These
port %alues needn9t be the same %alue)
Dynamic mappings are con!igured on the NAT border router by using a pool o! one or
more registered "# addresses) De%ices on the inside o! the network that wish to communicate with a
host on the outside network can use these addresses in the pool) This allows multiple internal de%ices
to utili'e a single pool o! "# addresses) Mou can also use a single "# address by con!iguring
o%erloading, which will translate both the "# address and port number)
NAT can be con!igured to allow the basic load sharing o! packets among multiple ser%ers
using the T0# load distribution !eature) T0# load distribution uses a single outside "# address, which
is mapped to multiple internal "# addresses) "ncoming connections are distributed in a round .robin
!ashion among the "# addresses in the internal pool) The packets !or each indi%idual connection, or
!low, are sent to the same "# address to ensure proper session communications)
"! you switch "nternet Ser%ice #ro%iders and need to change the registered "# addresses
you are using, NAT makes it so you don9t ha%e to renumber e%ery de%ice in your network) The only
change is the addresses that are being used in the NAT pool)
Mou can con!igure NAT on the border router between your routing domain to translate the
address !rom one network to the other and %ice %ersa)
Di&ad/an'a)" of NAT;
NAT increases latency $delay&
NAT hides end4to4end "# addresses that render some applications unusable)
Since NAT changes "# addresses, there is a loss in the ability to track an "# !low end4to4end)
NAT also makes troubleshooting or tracking down where malicious tra!!ic is coming !rom more
troublesome)
/ =?
A host needs to be accessed !rom the outside network will ha%e two "# addresses, one inside and
one outside, this creates a problem called split DNS) Mou need to setup two DNS ser%ers, one !or
external addresses and one !or internal addresses) This can lead to administrati%e nightmares and
problems i! internal hosts are pointing to the external DNS ser%er)
Su++or'"d NAT Traffi T%+"&;
T0#/3D# tra!!ic that does not carry source and destination "# addresses inside the application
stream
TT#, TAT#, NAS, "0M#, NT# $Network Time #rotocol&, AT# $AT# #-RT and #AS(
command&
Archie, which pro%ides lists o! anonymous AT# archi%es
Ainger, a tool that determines whether a person has an account on a particular computer
Many o! the rS 3nix utilities $rlogin, rsh, rcp&
NetB"-S o%er T0# $datagram, name and session ser%ices&
#rogressi%e Network9s RealAudio, 1hite #ine9s 0usSeeMe, Ging Technologies9 Stream 1orks
DNS A and #TR :ueries
)767 $"-S releases *6)+$*&/*6)+$*&T or later&, (D-Li%e $"-S releases **)7$=&/**)7$=&T or later&
NetMeeting $"-S releases *6)+$*&/*6)+$*&T or later&, (xtreme $"-S **)6$=&/**)7$=&T or later&
"# MulticastXsource address translation only $"-S releases *6)+$*&T or later&
##T# support with #ort Address Translation $#AT& $"-S releases *6)+$6&T or later&
Skinny 0lient #rotocol, "# #hone to 0isco 0allManager $"-S releases *6)+$;&T or later&
Un&u++or'"d Traffi T%+"&;
Routing protocols, DNS 'one trans!ers, B--T# / D0#, Talk, Ntalk, SNM#, Netshow
NAT O+"ra'ion&;
*) Translating inside local addresses
6) -%erloading inside global addresses
7) 3sing T0# load distribution
=) -%erlapping networks
Confi)urin) NAT;
Border$con!ig&Yin'"rfa" "= Border$con!ig&Yin'"rfa" &=
Border$con!ig4i!&Yi+ na' in&id" Border$con!ig4i!&Yi+ na' ou'&id"
Border$con!ig4i!&Y"3i' Border$con!ig4i!&Y"3i'
S'a'i NAT;
Border$con!ig&Yi+ na' in&id" &our" &'a'i 8=:8:>:>5 >==:8:8:>5
Border$con!ig&Y
This creates a permanent entry in the NAT table, and now when tra!!ic is sent to "# address
6++)*)*)6; !rom the outside network, it will be translated to *+)*)6)6; on the inside o! the network
and %ice %ersa)
-ptionally, you can con!igure Cust a certain port to be translated) Adding a protocol and port numbers
to the abo%e command does this)
Border$con!ig&Yi+ na' in&id" &our" &'a'i '+ 8=:8:>:>5 C= >==:8:8:>5 C=
Border$con!ig&Yi+ na' in&id" &our" &'a'i '+ 8=:8:>:>B C= >==:8:8:>5 C8
Border$con!ig&Y
D%na-i NAT;
Dynamic NAT is used to map inside "# addresses to outside "# addresses on the !ly !rom a pool o!
a%ailable "# addresses) Again, you must ha%e "# addresses assigned to the inter!aces on the router
that will be participating in the NAT process)
/ =>
Border$con!ig&Yin' "=
Border$con!ig4i!&Yi+ na' in&id"
Border$con!ig4i!&Y"3i'
Border$con!ig&Yin' &=
Border$con!ig4i!&Yi+ na' ou'&id"
Border$con!ig4i!&Y"3i'
Border$con!ig&Ya"&&2.i&' 8> +"r-i' 8=:8:>:= =:=:=:>55
Border$con!ig&Yi+ na' +oo. ou'0ound >==:8:8:> >==:8:8:>5B +r"fi32 ."n)'$ >B
I+ na' +oo. poo na!e (ou'0ound7in0ound) start ip end ip (>==:8:8:> >==:8:8:>5B)
n"'-a&! net"!ask or +r"fi32."n)'$ ength (+r"fi32 ."n)'$ >B@CIDR7&u0n"' 0i'&)
Border$con!ig&Yi+ na' in&id" &our" .i&' 8> +oo. ou'0ound
Border$con!ig&Y
1hen source wants to send packet to host on the "nternet, the nat border router recei%es a packet
!rom an inter!ace NAT inside)
Then any access lists or policy routing will be applied to the packet) So the routing will take
place)
The next step is to con!igure a pool o! "# addresses that will be allocated to outbound sessions)
Then the router will choose an a%ailable "# address !rom the pool and assign it to the NAT table
entry) Then that same "# will not be allocated to another translation entry until that entry times out or
is manually remo%ed)
Ainally, you need to tie the access list and pool together with the i+ na' in&id" &our" command)
Confi)urin) NAT U&in) O/"r.oadin)
-nce all "# addresses in a pool ha%e been allocated, any new connection attempts will !ail) So i!
your "S# allocated you only *= "# addresses, then only the !irst *= users will be able to access the
"nternet unless any existing user entry expires and release the "# address) This is not %ery e!!icient
manner)
So, con!iguring o%erloading allows the router to reuse each "# address in the pool) Because it
changes not only the "# address but also the port number) This is called Por' Addr"&& Tran&.a'ion
(PAT) or N"'(or! Addr"&& and Por' Tran&.a'ion (NPAT)) The router will add the protocol and
port in!ormation !or each translation entry, which allows more inside "# addresses to access the
outside network than there are "# addresses in the pool)
Border$con!ig&Yi+ na' in&id" &our" .i&' 8> +oo. ou'0ound o/"r.oad
The pool o! addresses can e%en be Cust one "# address in si'e, but it can support approximately
,=,+++ inside users, using a single protocol by %arying the outbound port numbers)
Border$con!ig&Yi+ na' in&id" &our" .i&' 8> in'"rfa" "'$"rn"'8 o/"r.oad (if DHCP u&"d on
ou'0ound in'"rfa")
Confi)urin) TCP ,oad Di&'ri0u'ion
This allows a host that is hea%ily used, such as a web ser%er, be able to handle the load o!
incoming re:uests by spreading the load among se%eral hosts) Destination addresses that match an
access list are replaced with addresses !rom a pool that has been designated as a rotary pool by
adding the '%+" ro'ar% keyword in the command)
Border$con!ig&Yin' "=
Border$con!ig4i!&Yi+ na' in&id"
Border$con!ig4i!&Y"3i'
Border$con!ig&Yin' &=
/ =@
Border$con!ig4i!&Yi+ na' ou'&id"
Border$con!ig4i!&Y"3i'
Border$con!ig&Yi+ na' +oo. ("02$o&'& 8=:8:8:8 8=:8:8:K n"'-a&! >55:>55:>55:= '%+" ro'ar%
Border$con!ig&Ya"&&2.i&' 8> +"r-i' 8=:8:8:>5B
Border$con!ig&Yi+ na' in&id" d"&'ina'ion .i&' 8> +oo. ("02$o&'&
Border$con!ig&Y
Confi)urin) NAT for O/"r.a++in) Addr"&&"&
0on!iguring NAT !or o%erlapping address translation is similar to con!iguring dynamic NAT) The
44di!!erence is that you must create and apply a pool o! "# addresses !or the tra!!ic to the inside o! the
network, as well as a pool !or the outbound tra!!ic)
Mou still need to create an access list to identi!y the tra!!ic to NAT, but you need to create second
pool) Then you need to use the i+ na' ou'&id" &our" command to tie the access list and second pool
to NAT tra!!ic coming !rom the outside inter!ace)
Border$con!ig&Ya"&&2.i&' 8> +"r-i' 8=:8:8:= =:=:=:>55
Border$con!ig&Yi+ na' +oo. in&id"+oo. 8=:8:>:8 8=:8:>:>5B n"'-a&! >55:>55:>55:=
Border$con!ig&Yi+ na' +oo. ou'&id"+oo. >==:8:8:> >==:8:8:>5B +r"fi32 ."n)'$ >B
Border$con!ig&Yi+ na' in&id" &our" .i&' 8> +oo. in&id"+oo.
Border$con!ig&Yi+ na' ou'&id" &our" .i&' 8> +oo. ou'&id"+oo.
Border$con!ig&Y
Trou0."&$oo'in) and A"rif%in) NAT Confi)ura'ion
&$o( i+ na' 'ran&.a'ion& &$o( i+ na' 'ran&.a'ion& /"r0o&"
i+ na' &'a'i&'i& d"0u) i+ na'
I6RP (In'"rior 6a'"(a% Rou'in) Pro'oo.)
"HR# was de%eloped by 0isco to o%ercome the limitations o! R"# in mid4*@>+s)
"nstead o! hop count used by R"#, it uses composite metric o! 0and(id'$1 d".a%1 .oad and
r".ia0i.i'%1 MTU to decide best path)
"HR# does not use hop count as a metric, it only tracks hop count) "t can tra%el up to *++ hops by
de!ault, which can be changed to accommodate up to 6;; hops)
"HR# is 0isco proprietary protocol) "t will not run on other routers)
"HR# is a 0lass!ul distance4%ector routing protocol, not scale well !or large internetworks $does
not support (LSM&
F"a'ur"& and O+"ra'ion;
"HR# sends out periodic broadcasts o! its entire routing table
3pon initiali'ation, "HR# broadcast a re:uest out all "HR#4enabled inter!aces)
Then it per!orms a check on recei%ed update with the pre%ious update and con!irm that it is o!
same subnet
Bach router will then use the learned routes to determine the best route to e%ery destination
network
"HR# recogni'es three types o! routes within its updates2
In'"rior; Network directly connected to a router inter!ace
S%&'"-; Routes ad%ertised by other "HR# neighbors within the same "HR# AS
E3'"rior; Routes learned %ia H"A# !rom a di!!erent "HR# AS, which pro%ides
in!ormation used by the router to set the gateway o! last resort) T$" )a'"(a% of .a&' r"&or' is the
path a packet will take i! a speci!ic route isn9t !ound on the router)
/ ;+
I6RP Ti-"r&; 3pdate Timer T @+ seconds
"n%alid Timer T 6?+ seconds
old down Timer T 6>+ seconds
Alush Timer T ,7+ seconds
I6RP M"'ri&; Metrics are the mathematics used to select a route) 3se B"..-an2Ford
a.)ori'$- to calculate metric) Lower metric route is the desirable route) K /a.u"& ar" -"'ri&:
K8@Band(id'$ (B
"
)1 K>@D".a% (D

)1 K9@R".ia0i.i'%(r )1 KB@,oad (u'i.iLa'ion on +a'$)1

K5@MTU
M"'ri @ FK
8
3 B
#
) N F(K
>
3 B
(
) 7 (>5D O ,oad)G N (K
9
3 D".a%)G N FK
5
7(R". N K
B
)G
B% d"fau.'; K8 @ 81 K> @ =1 K9 @ 81 KB @ =1 K5 @ =:
"! necessary, you can adCust metrics within the router con!iguration inter!ace a!ter enabling "HR# on
a router with the command2 -"'ri ("i)$'& tos &' &( &) &* &+
De!ault metric is *++, you can change it with di&'an" *46;;
D"fau.'2-"'ri !andwidth delay relia!ility load M,U
$bandwidth4+ to =6@=@,?6@; kbps, delayT+4=6@=@,?6@; in *+4microsecond units,
reliabilityT+46;; $6;; is the most reliable&, loadT+46;; $6;; means the link is completely loaded&
MT3 T +4=6@=@,?6@; kbps)
,oad Ba.anin); "t is a way a router can send tra!!ic o%er multiple paths to the same direction)
Ma3i-u-2+a'$& nm!er of paths $"HR#/B"HR# can load balance across une:ual4cost paths&
The une:ual4cost load balancing can occur is because o! a /arian": Aarian" is a multiplier that is
used to determine what the acceptable metric !or a route is !or it to be included in the routing table)
Aarian" mltiplier
The path with the lowest metric is entered into the routing table) The %ariance is then applied to the
lowest metric to determine what other routes can be included in the routing table) Routes with a
lower metric than the product o! the lowest metric and %ariance are known as !easible successor
routes) A f"a&i0." &u"&&or is a predetermined route to use should the optimal path be lost) These
routes are then added to the routing table) -nce the paths ha%e been selected, the tra!!ic is then
di%ided up according to the metric o! each path)
I6RP R"di&'ri0u'ion; "t is a process in which routes known to one routing protocol are shared with
another routing protocol) "! you ha%e Router* with "HR# *++ and Router7 with B"HR# *;+ AS, then
/ ;*
Router6
CCNA C$a+'"r 9 O IP Su0n"''in) and Aaria0." ,"n)'$ Su0n"' Ma&!& (A,SM)

Su0n"''in) Ba&i&;

"! you ha%e one network address $"# address& and wants to create many small networks !rom it,
you would ha%e to do subnetting)
Subnetting allows you to take one large network and breaks it into a bunch o! small networks)

B"n"fi'& of Su0n"''in);

*& R"du"d N7( 'raffi; "t will help reducing the network tra!!ic as router will stop packets
!rom tra%eling to the networks !or which packet does not belongs)
>) O+'i-iL"d N7( +"rfor-an"; Because o! reduced network tra!!ic
9) Si-+.ifi"d Mana)"-"n'; Basy to !ind out and isolate problems in small groups o! network
than one gigantic network
B) Fai.i'a'"d &+annin) of .ar)" )"o)ra+$ia. di&'an"&; 0onnecting multiple smaller
networks makes the system more e!!icient than one big 1AN links which may be slow and
costly)

Ho( 'o r"a'" &u0n"'&
8: D"'"r-in" '$" nu-0"r of r"quir"d n"'(or! ID&
445 -ne !or each subnet 4 all inter!ace o! single router
445 one !or each wide area network connection 44 sc to dcs, dcs to talukas
>: D"'"r-in" '$" nu-0"r of r"quir"d $o&' ID& +"r &u0n"'
445 -ne !or each T0#/"# host
445 -ne !or each router inter!ace

9: Ba&"d on '$" a0o/" r"quir"-"n'1 r"a'" '$" fo..o(in);
445 -ne subnet mask !or your entire network $say 6;;)6;;)6;;)+ !or one entire network with "#
address network o! *+)+)+)+& HS1AN is multiple network proCect) So many "#s like
*+)*@;)*)*/*+)*;+)*)*/*+)*=;)*)*etc with 6;;)6;;)6;;)6=> subnets etc)&
445 A uni:ue subnet "D !or each physical segment 444 all dcs, talukas
445 A range o! host "Ds !or each subnet 4 6;;)6;;)6;;)+ subnet at all dcs and talukas

Und"r&'andin) '$" Po("r& of >

#owers o! 6 are important to understand and memori'e !or use with "# subnetting)

6
*
T 6 6
6
T = 6
7
T > 6
=
T *,
6
;
T 76 6
,
T ,= 6
?
T *6> 6
>
T 6;,

Su0n"' Ma&!&

D"fau.' Su0n"' Ma&!

C.a&& For-a' D"fau.' Su0n"' Ma&!
A Network)node)node)node 6;;)+)+)+
B Network)network)node)node 6;;)6;;)+)+
0 Network)network)network)node 6;;)6;;)6;;)+

C.a&&."&& In'"r2Do-ain Rou'in) (CIDR)

"t9s basically the method that "S#s $"nternet Ser%ice #ro%iders& use to allocate an amount o!
addresses to a company, a homeXa customer) They pro%ide addresses in a certain block si'e with 8/9
notation to understand the subnet mask bits used) $Maximum 76, but can use only 7+ as a mask bit
because u ha%e to keep two bits !or hosts . starting address and broadcast address&

/ ;6
CCNA C$a+'"r 9 O IP Su0n"''in) and Aaria0." ,"n)'$ Su0n"' Ma&!& (A,SM)

Su0n"''in) Ba&i&;

"! you ha%e one network address $"# address& and wants to create many small networks !rom it,
you would ha%e to do subnetting)
Subnetting allows you to take one large network and breaks it into a bunch o! small networks)

B"n"fi'& of Su0n"''in);

*& R"du"d N7( 'raffi; "t will help reducing the network tra!!ic as router will stop packets
!rom tra%eling to the networks !or which packet does not belongs)
>) O+'i-iL"d N7( +"rfor-an"; Because o! reduced network tra!!ic
9) Si-+.ifi"d Mana)"-"n'; Basy to !ind out and isolate problems in small groups o! network
than one gigantic network
B) Fai.i'a'"d &+annin) of .ar)" )"o)ra+$ia. di&'an"&; 0onnecting multiple smaller
networks makes the system more e!!icient than one big 1AN links which may be slow and
costly)

Ho( 'o r"a'" &u0n"'&
8: D"'"r-in" '$" nu-0"r of r"quir"d n"'(or! ID&
445 -ne !or each subnet 4 all inter!ace o! single router
445 one !or each wide area network connection 44 sc to dcs, dcs to talukas
>: D"'"r-in" '$" nu-0"r of r"quir"d $o&' ID& +"r &u0n"'
445 -ne !or each T0#/"# host
445 -ne !or each router inter!ace

9: Ba&"d on '$" a0o/" r"quir"-"n'1 r"a'" '$" fo..o(in);
445 -ne subnet mask !or your entire network $say 6;;)6;;)6;;)+ !or one entire network with "#
address network o! *+)+)+)+& HS1AN is multiple network proCect) So many "#s like
*+)*@;)*)*/*+)*;+)*)*/*+)*=;)*)*etc with 6;;)6;;)6;;)6=> subnets etc)&
445 A uni:ue subnet "D !or each physical segment 444 all dcs, talukas
445 A range o! host "Ds !or each subnet 4 6;;)6;;)6;;)+ subnet at all dcs and talukas

Und"r&'andin) '$" Po("r& of >

#owers o! 6 are important to understand and memori'e !or use with "# subnetting)

6
*
T 6 6
6
T = 6
7
T > 6
=
T *,
6
;
T 76 6
,
T ,= 6
?
T *6> 6
>
T 6;,

Su0n"' Ma&!&

D"fau.' Su0n"' Ma&!

C.a&& For-a' D"fau.' Su0n"' Ma&!
A Network)node)node)node 6;;)+)+)+
B Network)network)node)node 6;;)6;;)+)+
0 Network)network)network)node 6;;)6;;)6;;)+

C.a&&."&& In'"r2Do-ain Rou'in) (CIDR)

"t9s basically the method that "S#s $"nternet Ser%ice #ro%iders& use to allocate an amount o!
addresses to a company, a homeXa customer) They pro%ide addresses in a certain block si'e with 8/9
notation to understand the subnet mask bits used) $Maximum 76, but can use only 7+ as a mask bit
because u ha%e to keep two bits !or hosts . starting address and broadcast address&

/ ;7
l knows about all the routes in both "HR# *++ and B"HR# *;+) So, we need to able Router* and Route
7 to ha%e all routes o! both the protocol) Aor that, we redistribute "HR# *++ into B"HR
I6RP Confi)ura'ion; Rou'"r I6RP A$-. n"'(or! a.!.c.d. n"i)$0or /./././
Pa&&i/"2in'"rfa"; As "HR# is the 0lass!ul routing protocol, it will ad%ertise the inter!ace status in
the broadcast) 1hen you don9t want to do the same, use this command)
Pa&&i/"2in'"rfa" interface $on router con!iguration mode&
The passi%e4inter!ace command will allow an inter!ace to be ad%ertised in "HR#, but the inter!ace
will not listen to or send "HR# updates itsel!)
Router*5enable
Router*Ycon!ig t
Router*$con!ig&Yrouter "HR# *++
Router*$con!ig4router&Ypassi%e4inter!ace B+
S$ i+ rou'"1 &$ i+ +ro'oo.1 &$ in' &>7=:81 d"0u0 i+ i)r+ "/"n'&1 d"0u) i+ i)r+ 'ran&a'ion&:
EI6RP (En$an"d In'"rior 6a'"(a% Rou'in) Pro'oo.)
B"HR# allows !or incremental routing updates, and !ormal neighbor relationships
3ses D3AL $Di!!using 3pdate Algorithm& !or metric calculation, which allows the !ollowing2
Backup route determination i! one is a%ailable, (LSM support, Dynamic route reco%eries,
Puerying neighbors !or unknown alternate routes, Sending out :ueries !or an alternate route
i! no route can be !ound
a%e !eatures o! both link4state and distance4%ector routing protocol)
3se protocol4dependent modules $#DMs& that is used on layer 7 !or "#, "#G and AppleTalk,
Reliable Transport #rotocol $RT#& which allows !or guaranteed deli%ery in se:uential order o!
B"HR# routing updates&, Neighbor disco%ery/reco%ery, D3AL)
"t reduces bandwidth by sending updates only when a topology change occurs which re:uires a
path or metric change to the routers re:uire to recei%e the updates
0an run only on cisco routers and route switch processors
Rou'" Ta))in); "t is used to distinguish routes learned by the di!!erent B"HR# sessions) 1ith
di!!erent AS number, B"HR# can run multiple sessions on a single router) 1ith same AS numbers
speak to each other and share routing in!ormation, which includes the routes learned and the
ad%ertisement o! topology changes)
N"i)$0or R".a'ion&$i+& and Rou'" Ca.u.a'ion and R"dundan' ,in! Ca.u.a'ion; 3ses ello
multicast message e%ery ; seconds $66=)+)+)*+& $!or x)6;, Arame Relay and ATM with less than
speed o! T*, the hello packet will be unicast e%ery ,+ seconds& $do not broadcast& to establishes and
maintains neighbor relationships with neighboring routers) ello packet will contain B"HR# %ersion
number, the AS number, <4%alues and hold time) To !orm the adCacencies, they must use the same
AS number and <4%alues&) 1hen ello packets are sent out, replies to it will be sent to neighboring
router9s topology table $which is di!! !rom the routing table and can store up to , routes to a
destination network means six redundant route in!ormation) -ut o! these six paths, router will decide
the best path or primary and standby or secondary paths to !orward the data, the path with the lowest
metric will become the successor or the primary path and be added to the routing table) Any route
that has an ad%ertised distance lower than the successor9s !easible distance will become a !easible
successor route&) The path4cost decision will be made with the bandwidth and delay !rom the local
and adCacent routers !rom routing table, using this the composite metric is calculated, the local router
adds its cost to the cost ad%ertised by the adCacent router, the total cost is the metric& and include
/ ;=
each route9s metric in!ormation) Then the Acknowledgement message will be sent out !rom the
recei%ing router and the routing table will be updated) Then this table will be ad%ertised to the new
router which will come online) Then the route calculation process will begin) B"HR# uses 764bit
!ormat !or updates $"HR# uses 6=4bit !ormat&) Then it exchanges route in!ormation) 1hen two new
neighbors start working, they will exchange !ull routing table, a!ter that only updates)
N"i)$0or Ta0."; directly connected neighbors, neighboring router9s "# address, hold time inter%al,
smooth round4trip timer $SRTT& and :ueue in!ormation which helps determine the topology changes
need to be propagated to neighboring routers)
U+da'" and C$an)"&;
An IP fra-" &$o(in) '$" +ro'oo. '%+" 'o 0" EI6RP D5==89D
Arame
eader
"# eader #rotocol
$>>TB"HR#&
#acket #ayload 0R0
Arame #ayload
B"HR# uses RT# and pacing $in order to pre%ent routing updates !rom consuming too much
bandwidth on lower speed links) #acing allows B"HR# to regulate the amount o! tra!!ic it sends to a
portion o! the inter!aces bandwidth) The tra!!ic contains ello packets, routing updates, :ueries,
replies and acknowledgements) The de!ault setting !or pacing in B"HR# is ;+ percent o! the
bandwidth on any gi%en inter!ace) This can be changed on the inter!ace con!ig mode with the
!ollowing command2
I+ 0and(id'$2+"r"n' "i)r+ as0nm!er percent
Diffu&in) U+da'" A.)ori'$-; D3AL is the algorithm by which all computation o! routes !or
B"HR# occurs) "! a !easible successor not !ound, then D3AL will start recalculating to !ind a new
successor)
There are three instances that will cause D3AL to recalculate2
An alternate route is not !ound, the new best route still goes through the original successor,
The new best route doesn9t go through a !easible successor)
EI6RP M"'ri&; B"HR# utili'es se%eral databases or tables o! in!ormation to calculate routes2
The route database $routing table& where the best routes are stored, The topology database
$topology table& where all route in!ormation resides, A neighbor table that is used to house
in!ormation concerning other B"HR# neighbors)
Bach o! these databases exists separately !or "#, "#G and AppleTalk sessions i! all there in router)
"#4B"HR#, "#G4B"HR#, AT4B"HR#
M"'ri @ >5D 3 FK
8
3 B
(
N (K
>
3 B
(
) 7 (>5D O .oad) N K
9
3 D".a%G N FK
5
7 (R". N K
B
)G
T$" on.% diff"r"n" 0"'(""n I6RP and EI6RP -"'ri i& '$" fir&' -u.'i+.ia'ion of >5D for
EI6RP:
EI6RP Tunin); $in router con!ig mode& -"'ri ("i)$'& tos &' &( &) &* &+ $Same command in
"HR# / B"HR#&
By de!ault, administrati%e distance is @+ !or B"HR# you can change it with di&'an" 82>55
command)
Rou'"rA(onfi)2if)Ein' &=
Rou'"rA(onfi)2if)Ei+ $"..o2in'"r/a. "i)r+ A#$ seconds $de!ault hello time T ,+ seconds !or low4
speed NBNA network and ; seconds !or all other networks&
Rou'"rA(onfi)2if)Ei+ $o.d2'i-" "i)r+ A#$ seconds
/ ;;
R"di&'ri0u'ion; "! another routing protocol is being redistributed into B"HR#, B"HR# will accept
routes that ha%e implemented (LSM and routes that ha%en9t implemented (LSM)
Confi)urin) EI6RP
Da..a&M"na0."1 Da..a&Eonfi)ur" '"r-ina.1 Da..a&(onfi))Erou'"r EI6RP 8==
Da..a&(onfi)2rou'"r)En"'(or! 84>:>=:=:=1 Da..a&(onfi)2rou'"r)En"'(or! 8K>:8DC:>B:=
Da..a&(onfi)2rou'"r)Eno au'o2&u--ar% ((i.. &$o( u '$" rou'" infor-a'ion (i'$ &$o( rou'"
o--and1 0% d"fau.'1 au'o &u--ar% i& on &o i' (i.. &$o( u on.% on" rou'")
0an change the summary in!ormation with this command also2
Da..a&(onfi)2rou'"r)Ei+ &u--ar%2addr"&& "i)r+ ASE address !ask
O'$"r Co--and&; sh ip route, sh ip route eigrp, sh ip eigrp topology, sh ip protocols, sh ip eigrp
inter!aces, sh ip eigrp neighbor/detail, debug eigrp neighbors, debug ip eigrp, debug eigrp packets, sh
ip eigrp tra!!ic, sh ip eigrp e%ents)
OSPF O+"ra'ion in a Sin)." Ar"a
-S#A is an open standard link4state routing protocol) "t utili'es DiCkstra9s Shortest #ath Airst $S#A&
algorithm which allows !aster con%ergence) "t is more popular because it supports Multi4#rotocol
Label Switching $M#LS&) $-S#A and "S4"S&) -S#A can be used on multi %endor plat!orms)
Ad/an'a)" of OSPF;
Supports hierarchical network design through the use o! areas
The use o! link4state databases reduces the chances o! routing loops
Aull support o! classless routing beha%ior
Decrease si'e in routing tables through the use o! route summari'ation
Sends the routing in!ormation only when needed, decreasing the use o! the network bandwidth
3tili'ation o! multicast packets decreases the impact on routers not running -S#A and end
stations)
Support o! authentication, which allows the user to implement more secure networks
OSPF T"r-ino.o)%;
N"i)$0or; A neighbor is !ound %ia ello packet, it is a connected $adCacent& router running -S#A
process within the same area)
AdPa"n%; "t is a logical connection between a router and its corresponding designated routers and
backup designated routers)
,in!; "n -S#A, a link re!ers to a network or router inter!ace assigned to any gi%en network) "t is a
synonymous o! inter!ace)
In'"rfa"; "t is a logical or physical inter!ace on a router) -S#A will consider it as a link) -S#A will
build link database on this basis)
,in!2&'a'" Ad/"r'i&"-"n'; LSA is an -S#A data packet containing link4state and routing
in!ormation that is shared among -S#A routers)
D"&i)na'"d Rou'"r; A DR is only used when the -S#A router is connected to a broadcast $multi4
access& network) "t will recei%e and send the in!ormation to the broadcast network or link)
Ba!u+ D"&i)na'"d Rou'"r; A BDR is a hot standby !or the DR on broadcast $multi4access&
networks) "t recei%es all routing updates !rom -S#A adCacent routers but does not !lood LSA
updates)
OSPF Ar"a&; "t is similar to AS o! B"HR#) "t is used to establish hierarchical network) Aour types o!
areas are there)
In'"rna. Rou'"r; An internal router is a router that has all o! its inter!aces participating in one area)
Ar"a Bord"r Rou'"r; "t is a router with multiple area assignments with multiple inter!aces)
/ ;,
Au'ono-ou& S%&'"- Boundar% Rou'"r; ASBR is a router with an inter!ace connected to an
external network or a di!!erent AS like B"HR#) An ASBR is responsible !or inCecting route
in!ormation learned by routing protocol into -S#A)
Non20roada&' Mu.'i A"&&; NBMA networks are networks like Arame Relay, G)6; and ATM)
This network allows !or multi4access but has no broadcast ability like Bthernet)
Broada&' (-u.'i2a"&&); Network such as Bthernet allow multiple4access as well as pro%ide
broadcast ability) A DR and BDR must be elected !or multi4access broadcast network)
Poin'2'o2Poin'; This type o! network connection consists o! a uni:ue NBMA con!iguration) The
network can be con!igured using Arame Relay and ATM to allow point4to4point connecti%ity) This
eliminates the need !or DRs and BDRs)
Rou'"r ID; "t is an "# used to identi!y the router) "! router id is not con!igured, the highest "# address
o! all con!igured loopback inter!aces will be considered as router id) "! no loopback addresses are
con!igured, -S#A will choose the highest "# address o! all con!igured inter!aces)
OSPF O+"ra'ion; (In '$r"" a'")ori"&)
8: Neighbor and adCacency initiali'ation, >: LSA Alooding, 9: S#A Tree calculation)
Be!ore detailed operation, step4by4step short operation is as under2
-S#A routers send ello packets out all inter!aces participating in the -S#A process) "! the router
on the other side o! the connection agrees on the parameters set !orth in the ello packet, both the
routers !orm neighbor relationship)
Some o! the neighbors !orm adCacencies) "t depends upon the ello packets send by the router and
recei%ing router participating in the type o! networks)
The router will send link4state ad%ertisements $LSAs&, which contain description o! the router9s
links and the state o! each link to the adCacent router)
The routers that recei%e the LSAs will add the link4state in!ormation into its database and
!orwards the same to the other connected router which allows all routers ha%e the same %iew o! the
network)
A!ter learning all LSAs, each router will run DiCkstra S#A algorithm to learn the shortest path to
all the known destinations) All routers will use this in!ormation to build their S#A tree and will be
used to populate the routing table)
D"'ai."d infor-a'ion a0ou' a.. a'")ori"&;
8: N"i)$0or and AdPa"n% Ini'ia.iLa'ion;
The ello packets are used to disco%er neighbors and establish adCacencies) ello packets are
multicast out e%ery inter!ace on a *+4second inter%al by de!ault)
OSPF H"..o Pa!"' infor-a'ion
Ori)ina'in) Rou'"r
C$ara'"ri&'i&
D"&ri+'ion
Router "D The con!igured router id -R highest loopback "# -R highest inter!ace
"#
Area "D The area to which the originating router inter!ace belongs
Authentication
"n!ormation
The authentication type and corresponding in!ormation
Network Mask The "# mask o! the originating router9s inter!ace "# address
ello "nter%al The period between ello packets
-ptions -S#A options !or neighbor !ormation
Router #riority An >4bit %alue used to aid in the election o! the DR and BDR $not set on
point4to4point links&
Router Dead "nter%al The length o! time allotted !or which a ello packet must be recei%ed
be!ore considering the neighbor down44!our times the ello packet, i!
/ ;?
not changed
DR The router "D o! the current DR
BDR The router "D o! the current BDR
Neighbor router "Ds A list o! the router "Ds !or all the originating router9s neighbors
N"i)$0or S'a'"&; There are a total o! eight states !or -S#A neighbors2
Do(n; No hello packets ha%e been recei%ed !rom the neighbor
A''"-+'; Neighbors must be con!igured manually) "t applies to the NBMA connections only)
Ini'; A hello packet has been recei%ed !rom another router, but the local router has not seen itsel! in
the other router9s hello packets) Bi4directional communication has not yet been established)
>#a%; ello packets ha%e been recei%ed that include their own Router "D in the neighbor !ield) Bi4
directional communication has been established)
E3S'ar'; Master/Sla%e relationship is established in order to !orm an adCacency by exchanging
Database Description $DD& packets) $The router with the highest router id becomes the master&)
E3$an)"; Routing in!ormation is exchanged using DD and LSR packets)
,oadin); Link4state re:uest packets are sent to neighbors to re:uest any new LSAs that were !ound
while in the Bxchange state)
Fu..; All LSA in!ormation is synchroni'ed among adCacent neighbors)
AdPa"n% R"quir"-"n'&; -nce neighbors ha%e been identi!ied, adCacencies must be established so
that routing $LSA& in!ormation can be exchanged) There are two steps re:uired to change a
neighboring -S#A router into an adCacent -S#A router2
8: Bstablish two4way communication $achie%ed %ia the ello protocol&
>: Bstablish database synchroni'ationXthis consists o! three packet types being exchanged
between routers2
Database Description $DD& packets,
Link4State Re:uest $LSR& packets,
Link4State 3pdate $LS3& packets
-nce the database synchroni'ation has taken place, the two routers are considered adCacent) This is
how adCacency is achie%ed)
"! the link is point4to4point, the two neighbors will become adCacent i! the ello packet
in!ormation !or both routers is con!igured properly)
NBMA neighbors re:uire special con!iguration $e)g), point4to4point subinter!aces& !or adCacency
!ormation
-n broadcast multi4access networks, adCacencies are !ormed only between the -S#A routers on
the network and the DR and BDR) All other routers !orm adCacencies with only DR and BDR)
Rou'"rAM&$o( i+ o&+f n"i)$0or
DR and BDR E."'ion Pro"dur"; 1ith -S#A inter!ace $multi4access only& possesses a
con!igurable Router #riority) The 0isco de!ault is 8) "! you don9t want a router inter!ace to
participate in the DR/BDR election, set the #riority to = using the i+ o&+f +riori'% command in
inter!ace con!iguration mode)
Rou'"rAM&$o( i+ o&+f in'"rfa"
The steps o! DR and BDR election2
8: A list o! eligible routers is created) The criteria !or eligible routers are2
#riority greater than +, -S#A state o! 61ay,
DR and BDR "# address is the same as the participating inter!ace9s "# address
>: A list o! all routers not claiming to be the DR $the DR "# address is the same as the participating
inter!ace9s "# address& is complied !rom the list o! eligible routers)
9: The BDR is chosen !rom the list in Step 6 based on the !ollowing criteria2
/ ;>
The BDR "# address is the same as the participating inter!ace9s "# address
The router with the highest Router #riority becomes the BDR)
"! all Router #riorities are e:ual, the router with the highest Router "D becomes the BDR
-R "! none o! the abo%e criteria hold true, the router with the highest Router #riority is chosen, and
in case o! a tie, the router with the highest Router "D is chosen as BDR)
B: The DR is chosen !rom the remaining eligible routers based on the !ollowing criteria2
The DR !ield is set with the router9s inter!ace "# address
The router with the highest Router #riority is chosen DR) "! all Router #riorities are e:ual, the
router with the highest Router "D is chosen)
-R "! none o! the remaining eligible routers claim to be the DR, the BDR that was chosen in Step 7
becomes the DR) Step 7 would then be repeated to choose another BDR)
The abo%e process occurs when multiple routers become acti%e at the same time on a segment) "! a
DR and BDR already exist on the segment, any new inter!aces accept the DR and BDR regardless o!
their own Router "D or Router #riority)
,SA F.oodin); LSA !looding is the method by which -S#A share routing in!ormation) (ia LS3
packets, LSA in!ormation containing link4state data is shared with all -S#A routers) The network
topology is created !rom the LSA updates) Alooding is used so that all -S#A routers ha%e the
topology map !rom which S#A calculations may be made) B!!icient !looding is achie%ed through the
use o! a reser%ed multicast address, 66=)+)+); $All S#A Routers& $66=)+)+), All DR&
,SA A!no(."d)"-"n' and Aa.ida'ion; "t is sent !rom a router to the originating router to
acknowledge the receipt o! a LSA) There are two di!!erent methods routers can use to acknowledge
receipt o! LSAs2
E3+.ii' a!no(."d)"-"n'; The recipient sends a link4state acknowledgement packet to the
originating inter!ace)
I-+.ii' a!no(."d)"-"n'; A duplicate o! the !looded LSA is sent back to the originator)
Dir"' M"'$od *) A duplicate !looded LSA is recei%ed, 6) LSA age e:uals MaxAge $one hour&)
D".a%"d M"'$od The recipient waits to send the LSA acknowledgement with other LSA
acknowledgements that need to be sent)
SPF Tr"" Ca.u.a'ion; S#A trees are paths through the network to any gi%en destination) A separate
path exists !or each known destination) There are two destination types recogni'ed by -S#A2
network and router) Router destinations are speci!ically !or Area Border Routers $ABRs& and
Autonomous System Boundary Routers $ASBRs&) -nce all the -S#A routers ha%e synchroni'ed
link4state databases, each router is responsible !or calculating the S#A tree using DiCkstra algorithm
!or each known destination, !or this metrics !or each link are re:uired)
OSPF M"'ri&; -S#A uses a metric re!erred to as cost) A cost is associated with e%ery outgoing
inter!ace along an S#A tree) The cost o! the entire path is the sum o! costs o! the outgoing inter!aces
along the path) 0isco uses an e:uation o! *+
>
/ bandwidth) The bandwidth is the con!igured
bandwidth !or the inter!ace) This %alue may be o%erridden by i+ o&+f o&' command) The cost range
is *4,;;7;) Since the cost is assigned to each link, the %alue must be changed on each inter!ace)
NBMA O/"r/i"(; Non4broadcast multi4access $Arame Relay and ATM& presents a special
challenge !or -S#A) "t uses an election process to select a DR and a BDR to represent all -S#A
routers on the network) This election process re:uires the participation o! all routers on the multi4
access network)
NBMA En/iron-"n'; 1ith extended con!igurations on NBMA inter!aces, an administrator can
cause -S#A to beha%e as i! it were running on one o! the !ollowing !our network types2
/ ;@
Broadcast, Non4Broadcast $by de!ault in NBMA network type&, #oint4to4#oint, #oint4to4
multipoint
N"'(or! T%+" H"..o 7 D"ad In'"r/a.& E."'& DR7BDR
Broadcast *+/=+ Mes
Non4Broadcast $0% d"fau.') 7+/*6+ Mes
#oint4to4#oint *+/=+ No
#oint4to4multipoint 7+/*6+ No
Broada&'; elects DR/BDR, must ha%e !ull mesh topology)
This con!iguration guarantees that all routers ha%e connecti%ity
and that all will be able to participate in the DR/ BDR election
process) -nce the DR and BDR ha%e been chosen, the meshed
networks act as a broadcast network) All LSA updates are sent
to the DR and BDR, and the DR !loods the updates out e%ery
inter!ace) To change the network type !or NBMA inter!aces,
you use the i+ o&+f n"'(or! t%pe"o&"network command in
inter!ace con!iguration mode) Make sure that all the inter!aces
ha%e same hello and dead inter%al otherwise they will not
communicate)
Non20roada&'; This en%ironment re:uires that all -S#A neighbors be manually con!igured) This is
the de!ault setting !or router) By manually con!iguring each neighbor, -S#A knows exactly which
neighbors need to participate and which neighbor is identi!ied as the DR) Also, communication
between neighbors is done %ia unicast) This also re:uires the !ull mesh) To elect your DR manually,
enter the n"i)$0or ip address +riori'% 'a(e command in the router con!iguration mode !or the
selected -S#A process)
Poin'2'o2Poin'; This en%ironment uses subinter!aces on the physical inter!ace to create point4to4
point connection with other -S#A neighbors) A !ull mesh not re:uired, DR/BDR not elected,
pro%ides !aster con%ergence) #(0s on the subinter!ace may !ail, but there is still -S#A connecti%ity
to other #(0s on the same physical inter!ace)
Poin'2'o2Mu.'i+oin'; Similar to #oint4to4#oint, no DR/BDR election, all #(0s are treated as point4
to4point links) The only di!!erence between point4to4point and multipoint is that all the #(0s go back
to a single router)
Poin'2'o2Poin' Poin'2'o2Mu.'i+oin'
Confi)urin) OSPF; The basic elements o! -S#A con!iguration are2
Bnabling -S#A, 0on!iguring -S#A !or di!!erent network types, 0on!iguring the -S#A
area,
Route summari'ation, Route redistribution, "nter!ace parameters
/ ,+
R
*
R6
BDR
R
7
D
R
R
=
R8 R>
R9 RB
R8
R9 RB
R>
Broada&'; Rou'"rA(onfi)2if)Erou'"r o&+f 8 (Pro"&& ID)
Rou'"rA(onfi)2rou'"r)En"'(or! 84>:8D:>9=:= =:=:=:>55 ar"a =
Confi)urin) OSPF O Sin)." Ar"a (NBMA En/iron-"n')
Rou'"rAEonfi) '
Rou'"rA(onfi))Ein' &8
Rou'"rA(onfi)2if)Ei+ o&+f n"'(or! 0roada&'
Rou'"rA(onfi)2if)E"na+&u.a'ion fra-"2r".a%
Rou'"rA(onfi)2if)Efra-"2r".a% -a+ i+ 84>:8D:88:> 8=> 0roada&'
Rou'"rA(onfi)2if)Efra-"2r".a% -a+ i+ 84>:8D:88:9 8=9 0roada&'
Rou'"rA(onfi)2if)Efra-"2r".a% -a+ i+ 84>:8D:88:B 8=B 0roada&'
Rou'"rA(onfi)2if)Erou'"r o&+f 8
Rou'"rA(onfi)2rou'"r)En"'(or! 84>:8D:88:= =:=:=:>55 ar"a =
Rou'"rA(onfi)2rou'"r)EQL
Non20roada&' Confi)ura'ion
Rou'"rBEonf '
Rou'"rB(onfi))Ein' &8
Rou'"rB(onfi)2if)Ei+ o&+f n"'(or! non20roada&'
Rou'"rB(onfi)2if)E"na+&u.a'ion fra-"2r".a% i"'f
Rou'"rB(onfi)2if)Efra-"2r".a% -a+ i+ 84>:8D:>5:8= >8= 0roada&'
Rou'"rB(onfi)2if)Efra-"2r".a% -a+ i+ 84>:8D:>5:88 >88 0roada&'
Rou'"rB(onfi)2if)Efra-"2r".a% -a+ i+ 84>:8D:>5:8> >8> 0roada&'
Rou'"rB(onfi)2if)Erou'"r o&+f 8
Rou'"rB(onfi)2rou'"r)En"i)$0or 84>:8D:>5:8= +riori'% 8
Rou'"rB(onfi)2rou'"r)En"i)$0or 84>:8D:>5:88 +riori'% 8
Rou'"rB(onfi)2rou'"r)En"i)$0or 84>:8D:>5:8> +riori'% 8
Rou'"rB(onfi)2rou'"r)En"'(or! 84>:8D:>5:= =:=:=:>55 ar"a =
Rou'"rB(onfi)2rou'"r)EQL
Poin'2'o2Mu.'i+oin' Confi)ura'ion
Rou'"rCEonf '
Rou'"rC(onfi))Ein' &>
Rou'"rC(onfi)2if)Ei+ o&+f n"'(or! +oin'2'o2-u.'i+oin' non20roada&'
Rou'"rC(onfi)2if)E"na+&u.a'ion fra-"2r".a% i"'f
Rou'"rC(onfi)2if)Efra-"2r".a% .oa. d.i 9==
Rou'"rC(onfi)2if)Efra-"2r".a% -a+ i+ 84>:8D:>D:8> 98> 0roada&'
Rou'"rC(onfi)2if)Efra-"2r".a% -a+ i+ 84>:8D:>D:89 989 0roada&'
Rou'"rC(onfi)2if)Erou'"r o&+f 8
Rou'"rC(onfi)2rou'"r)En"i)$0or 84>:8D:>D:8> +riori'% 8
Rou'"rC(onfi)2rou'"r)En"i)$0or 84>:8D:>D:89 +riori'% 8
Rou'"rC(onfi)2rou'"r)En"'(or! 84>:8D:>5:= =:=:=:>55 ar"a =
Rou'"rC(onfi)2rou'"r)EQL
OSPF S$o( Co--and&
Co--and D"&ri+'ion
Show ip osp! Summari'es all relati%e -S#A in!ormation, such as -S#A processes,
Router "D, area assignments, authentication, and S#A statistics)
Show ip osp! process4id Shows the same in!ormation as the show ip osp! command but only !or
the speci!ied process
/ ,*
Show ip osp! border4
routers
Displays the Router "ds o! all ABRs and ASBRs within the AS
Show ip osp! databases Displays the link4state database
Show osp! inter!ace Displays inter!ace -S#A parameters and other -S#A in!ormation speci!ic
to the inter!ace
Show ip osp! neighbor Displays each -S#A neighbor and adCacency states
In'"ronn"'in) OSPF Ar"a&
Ca'")ori"& of Mu.'i2Ar"a Co-+on"n'&;
Sin)." Ar"a OSPF N"'(or! Mu.'i Ar"a OSPF N"'(or!
OSPF Rou'"r Ro."&
In'"rna. Rou'"r Ar"a Bord"r Rou'"r In'"rna. Rou'"r
Au'ono-ou& S%&'"- Boundar% Rou'"r Ba!0on" Rou'"r
Ba!0on" Rou'"r
Ba!0on" Rou'"r; "t is any router that exists $whole or in part& in -S#A Area -
In'"rna. Rou'"r; "t is any router that has all o! its inter!aces as members o! the same area
,in! S'a'" Ad/"r'i&"-"n'&; ,SA T%+"&
T%+" Cod" D"&ri+'ion
/ ,6
Ar"a =
Ar"a = R*
R6 R7
R= R; R, R?
Ar"a 8= Ar"a >=
R*
R6 R7
R= R; R, R?
Ar"a 8= Ar"a =
R 0 R B R A
B"HR#
Autonomous

System
* Router LSA
6 Network LSA
7 Network Summary LSA
= ASBR Summary LSA
; AS Bxternal LSA
, Hroup Membership LSA
? NSSA Bxternal LSA
> Bxternal Attributes LSA
@ -pa:ue LSA $link4local scope&
*+ -pa:ue LSA $area4local scope&
** -pa:ue LSA $AS scope&
T%+" 8 ,SA; "t is an ad%ertisement sent by a router to all other routers in its area) "t contains
in!ormation about all o! the router9s links in the area, the status o! each link, and the cost !or each
link) A router, which has connections to multiple areas, will send a Type * LSA to each o! the areas
the router is connected to)
T%+" > ,SA; "t is generated by designated routers $DRs&) Recall that a DR is elected to represent
other routers in its network, and it has established adCacencies with each o! the routers within its
network) The DR uses the Type 6 LSA to send out in!ormation about the state o! other routers that
are part o! the same network) This LSA is sent only to routers that are in the area containing the
speci!ic network)
T%+" 9 and T%+" B ,SA&; These LSAs are generated by ABRs) These ABRs send these LSAs to all
routers within an area) These LSAs ad%ertise intra4area routes, routes within an area, to the backbone
area $Area -& and both intra4area and inter4area routes, routes to other areas, to non4broadcast areas)
Type 7 LSA will ad%ertise networks outside o! an area into an area and Type = LSA will ad%ertise
in!ormation about ASBRs into an area)
T%+" 5 ,SA; These LSAs are sent by ASBRs) These ASBRs use Type ; LSAs to ad%ertise routes
that are external to the -S#A AS or a de!ault route external to the -S#A AS that is reachable through
them)
T%+" 4 ,SA; To o%ercome the limitations o! an ASBR not being able to belong to a stub area, this
LSA used) These LSAs are generated only by an ASBR in a not4so4stubby area $NSSA&) These LSAs
will propagate across the area to the ABR) -nce LSA reaches the ABR, the ABR will con%ert LSA ?
into a LSA ; and propagate it to the backbone) Type LSA ad%ertises routes that are external to the
-S#A autonomous system)
OSPF Ar"a T%+"&; Subdi%ision o! area will reduce the load on router) "t is use!ul when any router
don9t need to ha%e the entire network topology in its link4state databases)
S'u0 Ar"a; Directly connected routers with one inter!ace out in general manner)
Area - $backbone area& cannot be made a stub area)
More than one area must exist)
Since ASBRs inCect external routes, do no make any area containing an ASBR a stub area)
Since routers within a stub area use a de!ault route to get out o! the stub area, typically there is
only one route out o! the stub area) There!ore, a stub area should usually contain only a single area
border router) <eep in mind that since a de!ault route is being used, i! a stub area contains more than
one ABR, a non4optimal path may be used)
"! you decide to make a particular area a stub area, be sure to con!igure all the routers in the area
as stubby) "! a router within a stub area has not been con!igured as stubby, it will not be able to
correctly !orm adCacencies and exchange -S#A routes)
S'u0 Ar"a 7 To'a..% S'u00% Ar"a
/ ,7
Ar"a =
Summary Route
"n!ormation
*)*)*)*/6=
B+
Bxternal Route "n!ormation
R
0
R
D
d
R
B
R
A
Confi)ura'ion;
RouterB$con!ig&Yrou'"r o&+f 8= (Pro"&& ID)
RouterB$con!ig4router&Yn"'(or! 8:=:=:= =:>55:>55:>55 ar"a =
$where *)+)+)+ +)6;;)6;;)6;; is the network and wildcard mask o! a network connected to Router B
and where + is the area that network *)*)*)+/6= is a member o!&
RouterB$con!ig4router&Yn"'(or! 8=:=:=:= =:>55:>55:>55 ar"a >5
$where *+)+)+)+ +)6;;)6;;)6;; is a summary network and wildcard mask o! network connected to
Router B and where 6; is the area that networks *+)*)*)+/6= and *+)*)6)+/6= are member o!&
RouterB$con!ig4router&Yar"a >5 &'u0
$where 6; is the area that we ha%e designated as stubby&
Router0$con!ig&Yrou'"r o&+f 8=
Router0$con!ig4router&Yn"'(or! 8=:=:=:= =:>55:>55:>55 ar"a >5
Router0$con!ig4router&Yar"a >5 &'u0
RouterD$con!ig&Yrou'"r o&+f 8=
RouterD$con!ig4router&Yn"'(or! 8=:=:=:= =:>55:>55:>55 ar"a >5
RouterD$con!ig4router&Yar"a >5 &'u0
the syntax to make a router stubby is ar"a ar"a2id &'u0
All routers that are part o! Area 6; are con!igured as stubby
Area 6; has only one ABR (i:":1 on.% on" +a'$ ou' of '$" ar"a)
The ABR used the ar"a ar"a2id &'u0 command only !or Area 6;, not !or Area &, which is not
stubby)
To'a..% S'u00% Ar"a Confi)ura'ion
Di!!erence between Stubby and Totally Stubby area is that a totally stubby area doesn9t allow
summary routes to be inCected into itU we need to change only Router B con!iguration !rom abo%e
example)
Since Router B is the ABR, it will be the router that will ha%e the responsibility !or blocking
summary routes !rom entering the totally stubby area) So we are going to use the same topology !rom
the pre%ious example and make Area 6; totally stubby area) Same !igure used !rom the pre%ious
example)
RouterB$con!ig&Yrou'"r o&+f 8= (Pro"&& ID)
RouterB$con!ig4router&Yn"'(or! 8:=:=:= =:>55:>55:>55 ar"a =
RouterB$con!ig4router&Yn"'(or! 8=:=:=:= =:>55:>55:>55 ar"a >5
RouterB$con!ig4router&Yar"a >5 &'u0 no2&u--ar%
No'2So2S'u00% Ar"a Confi)ura'ion
/ ,=
Ar"a >5
B+ Summary Route
*+)*)*)6/6= in!ormation
*+)*)*)*/6=
B*
*+)*)*)6/6= B6
B+ *+)*)6)*/6=
De!ault Route "n!ormation
R
D
d
NSSA is use!ul when there is an area that re:uires the inCection o! external routes !rom an ASBR, but
we still want to eliminate the inCection o! Type ; LSAs !rom the ABR) "n !ollowing scenario, we
want to pre%ent Area + !rom inCecting Type ; LSAs into Area *, yet we still need external routes
!rom the R"# routing process to be inCected into Area * and propagated to other -S#A areas) The
solution to these re:uirements is to make Area * an NSSA)
R"# -S#A -S#A
Not4So4Stubby Area
RouterA$con!ig&Yrou'"r o&+f >B
RouterA$con!ig4router&Yn"'(or! 8=:=:=:= =:>55:>55:>55 ar"a =
RouterB$con!ig&Yrou'"r o&+f >B
RouterB$con!ig4router&Yn"'(or! 8=:=:=:= =:>55:>55:>55 ar"a =
RouterB$con!ig4router&Yn"'(or! 8:=:=:= =:=:>55:>55:>55 ar"a 8
RouterB$con!ig4router&Yar"a = ran)" 8=:=:=:= >55:=:=:=
$when *+)+)+)+ 6;;)+)+)+ is the network number and subnet mask o! a network that summari'es the
indi%idual networks within Area +, thus reducing the number o! a router9s routing table&
RouterB$con!ig4router&Yar"a 8 n&&a
$where * is the area that is being designated as a not4so4stubby area&
Router0$con!ig&Yn"'(or! o&+f >B
Router0$con!ig4router&Yr"di&'ri0u'" ri+
$where rip is the routing protocol whose routes are being inCected into the -S#A routing process&
Router0$con!ig4router&Yn"'(or! 8:=:=:= =:>55:>55:>55 ar"a 8
Router0$con!ig4router&Yd"fau.'2-"'ri 8>C
$where *6> is the -S#A metric %alue to be assigned to routes being redistributed into the -S#A
routing process&
Router0$con!ig4router&Yar"a 8 n&&a
Router0$con!ig4router&Yrou'"r ri+ $This enables R"# routing process on the router&
Router0$con!ig4router&Yr"di&'ri0u'" o&+f >B
$1here osp! 6; is the routing process whose routes are being inCected into the R"# routing process&
Router0$con!ig4router&Yn"'(or! 84>:8D:=:=
Router0$con!ig4router&Yd"fau.'2-"'ri 9
$where 7 is the R"# metric %alue $hop count& to be assigned to -S#A routes being redistributed into
the R"# routing process&
Router D is internal to the R"# routing process) There!ore, Router D does not re:uire any NSSA
speci!ic con!iguration2
RouterD$con!ig&Yrou'"r ri+
RouterD$con!ig4router&Yn"'(or! 84>:8D:=:=
/ ,;
Area +
*+)*)6)6/6= B* *+)*)*)*/6=
B+ B+
*+)*)6)*/6= Bthernet
Area *
*)*)*)6/6= B*
B+ *)*)*)*/6=
*?6)*,)6)*/6= *?6)*,)*)6/6=
B*
B* B+
*?6)*,)*)*/6=
Bthernet
R
D
R
A
R B R 0
OSPF Air'ua. ,in!&2 1hen designing a multi4area -S#A network, all areas should be connected to
the backbone area) owe%er, there may be instances when an area will need to cross another area to
reach the backbone area, as shown in the !ollowing) Since, in this example, Area 6+ does not ha%e a
direct link to Area +, we need to create a %irtual link) $through loopback address/inter!ace&
Area + Area *+ Area 6+
Lo+2;););)*/6= Lo+2,),),)*/6=
The syntax !or creating a %irtual link across an area is2
Ar"a area"id /ir'ua.2.in! ro(ter"id
1here area4id is the number o! the transit area, $area *+&, and router4id is the "# address o! the
highest loopback inter!ace con!igured on a router or can be manually set) $3se rou'"r2id id"in")*"
address"&or!at to manually con!igure the router id in router con!iguration mode&
RouterB$con!ig&Yrou'"r o&+f 8=
RouterD$con!ig4router&Yn"'(or! 9:=:=:= =:>55:>55:>55 ar"a =
RouterD$con!ig4router&Yn"'(or! B:=:=:= =:>55:>55:>55 ar"a 8=
RouterD$con!ig4router&Yar"a 8= /ir'ua.2.in! D:D:D:8
$where *+ is the area id o! the transit area and ,),),)* is the highest loopback address o! the ABR
Coining the transit area to Area 6+&
Router0$con!ig&Yrou'"r o&+f 8=
Router0$con!ig4router&Yn"'(or! B:=:=:= =:>55:>55:>55 ar"a 8=
Router0$con!ig4router&Yn"'(or! 4:=:=:= =:>55:>55:>55 ar"a >=
Router0$con!ig4router&Yar"a 8= /ir'ua.2.in! 5:5:5:8
$where *+ is the area id o! the transit area and ;););)* is the highest loopback address o! the ABR
Coining the transit area to the backbone area&
A"rif%in) and Trou0."&$oo'in) OSPF
Rou'" Infor-a'ion; sh ip route, sh ip route osp!, sh ip route *@6)*,>)6=)+
,SA Da'a0a&" Infor-a'ion; sh ip osp! database
Rou'in) Pro'oo. Infor-a'ion; sh ip osp!, sh ip osp! inter!ace
Ai"(in) N"i)$0or Infor-a'ion; sh ip osp! neighbor, sh ip osp! neighbor detail, debug ip osp! adC
Ai"(in) OSPF Pa!"'&; debug ip osp! packet
INTE6RATED INTERMEDIATE SYSTEM TO INTERMEDIATE SYSTEM (IS2IS)
"t is a link4state routing protocol de%eloped bye DB0 as an "S- protocol to route 0onnectionless
Network Ser%ices $0LNS&, which is a network layer protocol o! the -S" suits o! protocols) An
extension to this protocol was added to allow the simultaneous routing o! both "# and 0LNS) This
extension became known as integrated "S4"S) So it can route either in a 0LNS or "# or both the
en%ironment)
Sa-" C$ara'"ri&'i& of IS2IS 7 OSPF
/ ,,
Lo+26)6)6)*/6=
*)*)*)*/6= 7)7)7)*/6=
B+
B+ B*
7)7)7)6/6=
Bthernet
R
A
=)=)=)*/6= B+
B* =)=)=)6/6=
?)?)?)*/6=
B* Bthernet
R
B
0
both are link4state routing protocol
both uses DiCkstra S#A algorithm
both support hierarchical network topology through area
both use ello packets to !orm adCacencies with their network
!or broadcast network, both elects a DR,
both allow (LSM and summari'ation o! areas
both allow authentication to ensure a more secure network
Diff"r"n" 0"'(""n IS2IS 7 OSPF
-nly one "S4"S #rocess can be enabled on a de%ice
-S#A routers can be a part o! multiple areas, whereas an "S4"S router belongs to only one area
"n -S#A, the boundaries o! areas are set in the router) "n "S4"S, the boundaries o! areas are on the
network connections)
"S4"S utili'es 0LNS protocol data units $#D3s& to send in!ormation between routers instead o!
using "# packets, like -S#A does)
"S4"S allows !or the preempting o! DRs, where -S#A does not)
The backbone o! an "S4"S network is designated by the type o! routers in it instead o! being
designated by an area number)
So OSPF i& 0"''"r '$an IS2IS:
IS2IS T"r-ino.o)%;
ES; An Bnd System is a non4routing network de%ice, such as a host
IS; An "ntermediate System is a routing de%ice, in our case a router
ES2IS; Bnd System to "ntermediate System $BS4"S& is the protocol used to enable end systems to
disco%er intermediate systems and %ice %ersa)
SNPA; The Subnetwork #oint o! Attachment is the point at which Subnetwork ser%ices are pro%ided
PDU&; #rotocol data units are the data passed between an -S" layer o! one node to the peer -S"
layer o! another node)
D,PDU; A Data Link !rame is re!erred to as a data link #D3)
NPDU; A packet is re!erred to as a network #D3)
,SP; The Link State #D3 is the "S4"S e:ui%alent o! the -S#A LSA) The main di!!erence between
the two is that the LSA is encapsulated behind the -S#A header and the "# packet, whereas the LS#
is a packet all its own)
,"/". 8 In'"r-"dia'" S%&'"-; "t route within an area) 1hen the destination is outside an area, they
route toward a Le%el 6 system)
,"/". > In'"r-"dia'" S%&'"-; "t route between areas and towards other ASs)
NET; The Network Bntity Title uni:uely de!ines each router on the network) The NBT is a network
address, which contains a System "D and an Area "D)
IS2IS AREAS; OSPF Ar"a&
ABR ABR
IS2IS Ar"a&
/ ,?
Area
*
Area
6
Area +
Area 7
L
*
L
*
L
*
L
6
L
6
L
*
L
6
L
*
L
*
L
*
L
6
L
*
L
*
Notice that the area boundaries !or "S4"S are on the connections, not the routers)
The routers are completely within an area, don9t ha%e inter!aces in di!!erent areas)
Backbone can ha%e any Area "D) Not limited to Area + like -S#A)
,8 Rou'"r&; A Le%el * router is a router in a non4backbone area)
"t knows only about intra4area routes)
These routers know about the de!ault route to the LA/L6 router !or the inter4area)
All routers within a Le%el * area contain the same link4state database)
These routers recei%e link4state #D3s $LS#s& only !rom within the area) Not !rom other areas)
L* router will not recei%e any in!ormation !rom L6 router)
"t is an e:ui%alent o! an "nternal Router o! -SA#)
,> Rou'"r&; A Le%el 6 routers are backbone routers and handle all inter4area tra!!ic)
An L6 router can belong to only backbone area)
An L6 routers will send LS#s to all other L6 routers and to all L*/L6 routers, regardless o! the
area the L*/L6 belongs to)
"t is an e:ui%alent to a backbone router o! the -S#A)
,87,> Rou'"r&; These routers are similar in !unctions o! an -S#A ABR)
These routers will send LS#s to both L* and L6 routers) So L* and L6 router will be able to
maintain their link4state database respecti%ely $le%el * link4state database and le%el 6 link4state
database&)
The L*/L6 router contains two link4state databases, and in!ormation stored in the Le%el 6 link4
state database will not be shared with any L* routers)
An "S4"S le%el * area is similar to -S#A totally stubby area) So all the L* routers within the area
know only about each other, and i! they needed to reach to the remote area or the routers which are
not in their area, they must communicate through L*/L6 routers)
T$r"" diff"r"n' ."/". of rou'in) for IS2IS;
,"/". 8 Rou'in); "t is a routing between intermediate systems within the same area) "t is basically an
intra4area routing and it occurs between all routers contained within the same area)
,"/". > Rou'in); "t is a routing between intermediate systems in di!!erent areas) All le%el 6 routing
will cross the backbone at same point) So it is an inter4area routing and it occurs between routers in
di!!erent "S4"S areas)
,"/". 9 Rou'in); "t is a routing between di!!erent routing domains) This is re:uired when tra!!ic
needs to lea%e the "S4"S routing domain to reach another routing domain) So it is an internetwork
routing)
Sin" IS2IS rou'"r& ar" 'o'a..% -"r)"d in on" ar"a1 '$" Ar"a ID i& a&&oia'"d (i'$ '$" "n'ir"
rou'"r in&'"ad of an in'"rfa" a& in '$" OSPF: IS2IS (i.. a..o( u+ 'o '$r"" Ar"a ID& 'o 0"
a&&oia'"d (i'$ on" rou'"r: T$" -ain u&" of -u.'i+." ar"a& 0"in) onfi)ur"d on a rou'"r i& for
-i)ra'in) fro- on" ar"a 'o ano'$"r: So N"'(or! En'i'% Ti'." (NET) (i.. 0" u&"d 'o r"a'" and
uniqu".% id"n'if% a rou'"r in '$a' ar"a:
/ ,>
N"'(or! En'i'% Ti'." (NET); The main !ocus is to know how "ntegrated "S4"S route "# packets)
An "S4"S is a 0LN# protocol, not a T0#/"# protocol) This means that though the "# routing is
supported, "S4"S still communicates with 0LNS #D3s)
So an "S- addressing scheme $NBT& must be implemented !or "S4"S to !unction) Aor this NBT is
used, Cust like "# address, to uni:uely identi!y a router on the internetwork)
A NBT can be in %arious standard !ormats) Bach o! these !ormats has three common %alues2
Ar"a ID; "t is a one4octet !ield, but can be longer, that preceded the System "D) The Area "D is used
to signi!y the area the router belongs to) The area id can span up to two octets i! need be)
S%&'"- ID; "t is used to identi!y the router) $Similar to router id in -S#A& "t can be up to eight octets
in length) 0isco supports only six octets) The same octet length must be used throughout the routing
domain) Normally, the MA0 addresses o! the router will be set as the System "D and it must be
uni:ue in the "S4"S routing domain)
SE,; The NSAP S"."'or (SE,) is a one4octet !ield that represents the ser%ice being o!!ered at the
network le%el o! the de%ice) Aor our representation o! "S4"S, SBL will always be ++) ++ is represents
the router) $SBL is like an "# protocol number being included with a destination address in an "#
packet) So it tells you what ser%ice is being o!!ered !or the particular address)&
NET an 0" in fo..o(in) for-a'&;
Standard >4octet !ormat $with Area +, System "D, SBL !ield&
-S" NSA# !ormat $Domain, Area "d, System "D, SBL&
H-S"# !ormat $AA", "0D, DA", AA", Reser%ed, RD", Area "D, System "D, SBL&
AA"TAuthority and !ormat identi!ier, "0DT"nternational code Designator, DA"TDomain Speci!ic #art
Aormat "denti!ier, AA"TAdministrati%e Authority "denti!ier, RD"TRouting Domain "denti!ier, SBL&
N"i)$0or and AdPa"n% Ini'ia.iLa'ion;
"S4"S utili'es ello #D3s to disco%er neighbors and !orm adCacencies with them)
A!ter adCacencies, the ello packets are sent out e%ery *+ seconds by de!ault to maintain it)
ello packets contain the in!ormation about router, router9s capabilities and inter!aces through
which hello packets are sent)
"! the two routers agree on their capabilities and parameters set !orth, the routers will !orm
adCacency)
ere the same ello and Dead inter%als are not re:uired like -S#A) Because the ello packet will
contain the hold time set by the neighboring router) The router will use this speci!ic hold time !or
neighbor so it will not be considered dead until the hold time exhausted) This allows di!!erent hello
and dead inter%als to be used by neighboring routers)
AdPa"ni"& ar" '(o '%+"&; ,"/". 8 and ,"/". >
Le%el * adCacency will be !ormed between two L* neighboring routers and L* and L*/L6 routers
in the same area)
Le%el 6 adCacency will be !ormed between two L6 neighboring routers and L6 and L*/L6 routers
"! two L*/L6 routers are neighboring, the both Le%el * and Le%el 6 adCacency will be !ormed
between the two routers)
Bu' an adPa"n% (i.. n"/"r 0" for-"d 0"'(""n ,8 and ,> rou'"r&:
D"&i)na'"d Rou'"r; Aor broadcast networks, "S4"S supports the election o! a DR like -S#A) But
DR in "S4"S is known as D"&i)na'"d IS (DIS):
The D"S will reduce the tra!!ic re:uired to ad%ertise broadcast networks and the amount o! tra!!ic
re:uired to !lood the LS#s)
/ ,@
The D"S ad%ertises a pseudonode) "t is a representation o! the network all the routers are
connected to) The D"S appears in the link4state database as another router) Bach router on that
network will then !orm one adCacency with the pseudonode)
The D"S will assign a one4octet pseudonode "D to the broadcast network, which is then added to
the System "D o! the D"S to create the LAN "D) The LAN "D will be the source o! the LS#s !or the
pseudonode in the link4state database)
Routers in an area will !orm an adCacency with the D"S, but the routers will still !rom adCacencies
with each other) Bach router will multicast LS#s to its neighbors)
The main !unction o! the D"S is to make sure the routers recei%e all the LS#s) This is done by
SN#s $Se:uence number #D3s)&
There can be more than one D"Ss also) "! there is a Le%el * and Le%el 6 adCacencies, there are
Le%el * and Le%el 6 D"Ss also) "! both le%el areas are in the same broadcast network, a D"S will be
elected !or each le%el) But a D"S is not elected !or a point4to4point network) "n this case the same
router will play the role o! L* D"S and L6 D"S) Bach o! the pseudonodes created will be independent
o! each other)
1hile electing the D"S, the router priority is considered) "t may be anywhere between +4*6?) The
router with the + priority will ne%er be elected) The de!ault priority !or cisco de%ices is ,=)The router
with the highest priority $or System "D i! the priorities are same !or more than one router& will win) "!
a router is L*/L6, you can set the priorities !or both the portions di!!erently)
3se i&i& +riori'% 'a(e ."/".28 7 ."/".2> command to set the priority manually)
3se &$o( .n& in'"rfa" command to see the current router priority setting !or an "S4"S inter!ace)
IS2IS PDU&; ello #D3s, Link4State #D3s $LS#&, Se:uence number #D3 $SN#&
H"..o PDU; "t is used to initiali'e and maintain router adCacencies) There are three types o! hello
#D3s)
8: ,"/". 8 ,AN IS2IS H"..o PDU; "t is used by L* routers to !orm adCacencies on broadcast
networks) These #D3s are passed only between Le%el * routers and L*/L6 routers to !orm Le%el *
adCacencies)
>: ,"/". > ,AN IS2IS H"..o PDU; "t is used to !orm le%el 6 adCacencies on broadcast networks) L6
and L*/L6 routers will use these #D3s to !orm Le%el 6 adCacencies)
9: Poin'2'o2Poin' IS2IS H"..o PDU; This #D3s are used on non4broadcast point4to4point
connections to !orm adCacencies) This can be used to !orm a le%el * or le%el 6 adCacency)
An L*/L6 router will use a combination o! these ello #D3s to !orm its le%el * and le%el 6
adCacencies)
,in!2S'a'" PDU (,SP); "t uses in the same way that an -S#A router uses its LSA packets) The LS#
is used to ad%ertise routing in!ormation)
,"/". 8 ,SP; "t is used to ad%ertise le%el * link4state routing in!ormation between le%el * routers) "t
contains data about the routing in!ormation that the ad%ertising le%el * router knows) Le%el * LS#s
are used to !orm the le%el * link4state database)
,"/". > ,SP; "t is used to ad%ertise the link4state routing in!ormation a le%el 6 router knows about)
This in!ormation is used to help !orm the le%el 6 link4state database)
"! a router is L*/L6, it utili'es both these LS#s) "t will use le%el * LS# to help it !orm its le%el *
link4state database and le%el 6 LS# to help it !orm le%el 6 link4state database)
A!ter a router recei%es all o! the LS#s, it will utili'e the S#A algorithm to select the routes to
populate its routing table)
"n a broadcast network, routers will multicast LS#s) Le%el * LS#s are multicast to the MA0
address +*>+)06++)++*=) This MA0 address is known as AllL*"Ss) MA0 address +*>+)06++)++*;,
known as AllL6"Ss, where routers will multicast all Le%el 6 LS#s on a broadcast network) Routers
will use unicast instead o! multicast on point4to4point non4broadcast networks)
/ ?+
S"qu"n" Nu-0"r PDU (SNP); "t is used primarily to ensure that routers ha%e the most up4to4date
LS#s) "t is same as acknowledgement packets)
Co-+."'" S"qu"n" Nu-0"r PDU (CSNP); "t contains most up4to4date list o! all LS#s) 1hen a
link !irst comes up, 0SN#s are used to ensure the routers ha%e the latest LS#s to !orm their link4state
databases) 0SN#s will also be used periodically to ensure routers ha%e the latest in!ormation) Le%el *
and Le%el 6 ha%e their own 0SN#s) "t means le%el * 0SN# will be used only !or le%el * in!ormation
and a le%el 6 0SN# will be used only !or le%el 6 in!ormation)
Par'ia. S"qu"n" Nu-0"r PDU (PSNP); "t contains only the latest se:uence number in!ormation
!or a !ew LS#s) #SN#s are used on point4to4point connections) #SN#s can be used to re:uest LS#
in!ormation) Like 0SN#s, #SN#s are also speci!ic to the le%el they are representing)
Diff"r"n' PDU& ar" u&"d 'o r"a'" a rou'"rR& .in!2&'a'" da'a0a&"
,SP F.oodin); "n order to construct the router9s link4state databases, LS# !looding is utili'ed) "n
order to create le%el * link4state database, le%el * LS#s are !looded throughout the le%el * area)
Alooding le%el 6 LS#s o%er all le%el 6 adCacencies creates a le%el 6 link4state database) The creation
o! these link4state databases would not be possible without the use o! SN#s)
All routers on a broadcast network will recei%e multicast LS#s !rom their neighbors) The D"S
router !or le%el * will multicast address ALL*"Ss) A le%el 6 D"S will do the same except it will
multicast the 0SN# to the AllL6"Ss multicast address) The de!ault time the 0SN# will be multicast
is *+ seconds !or cisco de%ices)
A!ter the D"S has multicast the 0SN#, all o! the routers on that broadcast network will compare
the 0SN# to all the LS#s stored in their link4state database) "! a router detects that it has an LS# that
is missing !rom the 0SN# or i! the router has an LS# that is newer than the 0SN#, the router will
multicast the LS# to all its neighbors) The neighbors could detect the missing LS# in the 0SN#, but
they will not do anything because they will recei%e the missing LS# !rom their neighbor)
A #SN# will be multicast by a router i! the router notices that an LS# contained in the 0SN# is
missing !rom its link4state database) The D"S will then send the LS# to the router that re:uested it)
LS# !looding works di!!erently on point4to4point non4broadcast networks) A router will send an
LS# to its neighbor on the non4broadcast network) The router will then wait !or #SN# to be sent
!rom the neighbor acknowledging the receipt o! the LS#) "! the router doesn9t recei%e the #SN# in a
speci!ied period $; seconds !or cisco de%ices&, it will retransmit the LS# to the neighbor)
-nce a router recei%es all o! the LS#s, it will run the S#A algorithm to select the routes to
populate its routing table)
SPF A.)ori'$-; -nce the router9s link4state database has been created, the router will need to create
the shortest path tree to select the routes to populate the router9s routing table) The "S4"S metric used
!or this by de!ault is, delay, expense and error) $0isco supports only de!ault metric !or "S4"S)&
The de!ault metric %alue can be +4,7) 0isco de!ault %alue is *+) The de!ault metric can be set
di!!erently !or a di!!erent "S4"S inter!ace and a di!!erent le%el) The metric !or an "S4"S route is the
sum o! all outgoing inter!aces in%ol%ed in the path) "S4"S will choose the route with the lowest metric
like -S#A) The maximum %alue "S4"S supports !or a route is *+67)
"S4"S classi!ies routes on their le%el) Le%el * routes are always internal to an "S4"S routing
domain) L6 routes can be !urther classi!ied as internal or external) An L6 external route is a route that
is external to the "S4"S routing domain, whereas an L6 internal route is internal to the "S4"S routing
domain) A le%el * route is always pre!erred o%er an le%el 6 route)
"! multiple routes are !ound to a destination, the route with the best metric will be selected) "!
multiple routes with the same metric are !ound, "S4"S will use all o! the routes) Aor load balancing,
"S4"S supports up to six paths o! e:ual cost)
/ ?*
N"'(or! T%+"&; "S4"S supports only two types o! network instead o! !our in -S#A) These two are
broadcast and point4to4point networks) But these network types are non4con!igurable) Mou can not
change the network types like in -S#A)
To !orm adCacencies on broadcast networks, the router will send out either a le%el * LAN ello
#D3 or a Le%el 6 LAN ello #D3 dependent on the router is an L*, L6 or L*/L6 router) -n point4
to4point networks, routers will send out a point4to4point ello #D3)
The network type o! broadcast is assigned to all broadcast inter!aces on a router) Aor NBMA
networks, broadcast is assigned to multipoint subinter!aces and point4to4point is assigned to all point4
to4point subinter!aces) #hysical inter!aces, which are connected to NBMA networks, are considered
to be multipoint inter!aces, so the broadcast network type is assigned to them also) Because all
multicast 1AN connections are treated by "S4"S as the broadcast LAN connection, the same type o!
ello #D3s are used and a D"S is selected)
-n NBMA Networks2
#hysical inter!aces can connect to other physical inter!ace or to multipoint subinter!aces)
Multipoint subinter!aces can connect to the multipoint subinter!aces or physical inter!aces)
point4to4point subinter!aces can connect only to other point4to4point subinter!aces)
Confi)urin) IS2IS; Mour "-S must supports 0LNS to con!igure "S4"S)
/ ?6
Ba!0on" Ar"a >
S*)* S+)*
)6 )*
*@6)*,>)7+)+/6= *@6)*,>)6+)+/6=
Ar"a 8 S+)* )*
S*)*
)6
*@6)*,>)=+)+/6=
S+)*
B+
)* *@6)*,>);+)+/6=
Bthernet
S*)* Ar"a 9
:6
S+)*
:* *@6)*,>)*+)+/6=
S+)*
:6
*@6)*,>)*)+/6= B
Bthernet
R
0
R
B
R
A
R
D
R
B
RouterAYonfi) '
RouterA$con!ig&Yrou'"r i&i& $to enable isis on router&
RouterA$con!ig4router&Yn"' =8:====:====:===8:== $to set the NBT %alue&
RouterA$con!ig4router&Yi&2'%+" ."/".28 $to con!igure the le%el o! the router&
RouterA$con!ig4router&YZ\
RouterA$con!ig&Yin'"rfa" "=
RouterA$con!ig4i!&Yi+ rou'"r i&i& $to enable isis on inter!ace&
RouterA$con!ig4i!&Y"3i'
RouterA$con!ig&Yin'"rfa" &=:8
RouterA$con!ig4i!&Yi+ rou'"r i&i&
RouterA$con!ig4i!&YZ\
RouterAY
RouterBYonfi) '
RouterB$con!ig&Yrou'"r i&i&
RouterB$con!ig4router&Yn"' =8:====:====:===>:==
RouterB$con!ig4router&Y i&2'%+" ."/".28 ."/".2>
RouterB$con!ig4router&YZ\
RouterB$con!ig&Yin'"rfa" &=:8
RouterB$con!ig4i!&Yi+ rou'"r i&i&
RouterB$con!ig4i!&Y"3i'
RouterB$con!ig&Yin'"rfa" &8:8
RouterB$con!ig4i!&Yi+ rou'"r i&i&
RouterB$con!ig4i!&YZ\
RouterBY
Router0Yonfi) '
Router0$con!ig&Yrou'"r i&i&
Router0$con!ig4router&Yn"' =>:====:====:===9:==
Router0$con!ig4router&Yi&2'%+" ."/".2> on.%
Router0$con!ig4router&YZ\
/ ?7
Router0$con!ig&Yin'"rfa" &=:8
Router0$con!ig4i!&Yi+ rou'"r i&i&
Router0$con!ig4i!&Y"3i'
Router0$con!ig&Yin'"rfa" &8:8
Router0$con!ig4i!&Yi+ rou'"r i&i&
Router0$con!ig4i!&YZ\
Router0Y
RouterDYonfi) '
RouterD$con!ig&Yrou'"r i&i&
RouterD$con!ig4router&Yn"' =9:====:====:===B:==
RouterD$con!ig4router&Y i&2'%+" ."/".28 ."/".2>
RouterD$con!ig4router&YZ\
RouterD$con!ig&Yin'"rfa" &=:8
RouterD$con!ig4i!&Yi+ rou'"r i&i&
RouterD$con!ig4i!&Y"3i'
RouterD$con!ig&Yin'"rfa" &8:8
RouterD$con!ig4i!&Yi+ rou'"r i&i&
RouterD$con!ig4i!&YZ\
RouterDY
RouterBYonfi) '
RouterB$con!ig&Yrou'"r i&i&
RouterB$con!ig4router&Yn"' =9:====:====:===5:==
RouterB$con!ig4router&Yi&2'%+" ."/".28
RouterB$con!ig4router&YZ\
RouterB$con!ig&Yin'"rfa" &=:8
RouterB$con!ig4i!&Yi+ rou'"r i&i&
RouterB$con!ig4i!&Y"3i'
RouterB$con!ig&Yin'"rfa" &8:8
RouterB$con!ig4i!&Yi+ rou'"r i&i&
RouterB$con!ig4i!&YZ\
RouterBY
To "na0." IS2IS for C,NS1 "n'"r '$" .n& rou'"r i&i& o--and in in'"rfa" onfi)ura'ion -od":
A"rif%in) and Trou0."&$oo'in) IS2IS;
Rou'" Infor-a'ion; sh ip route, sh ip route isis
,in!2S'a'" Da'a0a&" Infor-a'ion; sh isis database, sh isis database detail le%el4*/6, debug isis
update4packets
Rou'in) Pro'oo. Infor-a'ion; sh clns protocol, sh clns inter!ace
Ai"(in) N"i)$0or Infor-a'ion; sh clns is4neighbors, debug isis adC4packets
Ai"(in) SPF Infor-a'ion; sh isis sp!4log, debug isis sp!4e%ents, debug isis sp!4triggers,
Debug isis sp!4statistics)
BORDER 6ATE#AY PROTOCO,; BH# is known as the internet routing protocol) "t is an BH#
$Bxterior Hateway #rotocol&) As internet is made up o! numerous autonomous systems, BH# is used
to share routing in!ormation between these di!!erent autonomous systems)
BH# utili'es T0# with port number *?@ to establish connections)
/ ?=
Since, T0# works at Layer = $Transport Layer&, BH# is able to eliminate the need to implement
explicit update !ragmentation, retransmission, acknowledgement and se:uencing)
B6P T"r-ino.o)%;
Au'ono-ou& S%&'"-; $-ld De!inition&2 A set o! de%ices under the same administrati%e control that
used a single "H# !or intra4AS routing and an BH# !or inter4AS routing)
$New De!inition&2 An AS is a set o! de%ices under the same administrati%e control with one or more
"H#s controlling intra4AS routing and an BH# !or inter4AS routing)
I6P S+"a!"r; Any routing de%ice running a BH# routing process is known as a BH# speaker)
P""r&; 1hen two BH# speakers !orm a T0# connection between them, they are known as peers)
EB6P; Bxterior BH# is the routing protocol used to exchange routing in!ormation between BH#
peers in di!!erent ASs)
IB6P; "nternal BH# is the routing protocol used to exchange routing in!ormation between BH#
peers in the same ASs)
In'"r2AS rou'in); "t is a routing occurs between di!!erent ASs)
In'ra2AS rou'in); "t is a routing occurs within the same ASs)
B6P O+"ra'ion;
All BH# speaking de%ices contained within the same AS will use internal BH# to communicate
with each other) All multiple BH# speaking de%ices within the same AS must peer with one another)
So you must con!igure !ull mesh !or "BH# to operate properly) This doesn9t mean all de%ices must
be connected to one anotherXCust they all ha%e layer47 reachablility) "BH# will utili'e the T0#
protocol to !orm the peering sessions between the "BH# peers)
Bxternal BH# is utili'ed between BH# speaking de%ices in di!!erent ASs) Like "BH#, BBH#
peering sessions re:uire the BH# speaking de%ices participating to ha%e layer47 connecti%ity among
themsel%es) T0# will then be utili'ed by BBH# to !orm the peering sessions)
A!ter !orming peers, the BH# speaking de%ices will use the peering in!ormation to create a loop4
!ree map o! the ASs in%ol%ed) This is known as B6P Tr"":
-nce BH# speaking de%ices ha%e !ormed peers and created their BH# tree, they will start
exchanging routing in!ormation) These de%ices will !irst exchange their entire BH# routing table)
Then they exchange incremental updates o! their BH# routing tables and <BB#AL"(B messages to
keep the connection up)
Ho( B6P O+"ra'"&; M"&&a)" H"ad"r For-a'; BH# will process a message when entire message
has been recei%ed) "t re:uires minimum *@ octets to maximum =+@, octets)
Message eader Aormat2
/ ?;
AS
*
AS
6
AS 6+++
AS
@>
AS ;@6*
AS ?
AS
*+
Mar!"r; "t is *, bytes long !ield) "t is used to detect a loss o! synchroni'ation between a set o! BH#
peers and to also authenticate incoming BH# messages) "! an -#BN message does not contain
authentication in!ormation, the Marker must be set to all ones)
,"n)'$; "t is 6 bytes !ield and indicates the length o! the entire message including Marker) The
length %alue can be *@4=+@, octets)
T%+"; This is one byte long !ield and indicates one o! the !our types o! message gi%en below2
*)-#BN message, 6) 3#DATB message, 7) N-T"A"0AT"-N message, =) <BB#AL"(B message)
OPEN -"&&a)"; This is the !irst type o! message a!ter a T0# session has been !ormed) 1hen the
-#BN message is accepted, a <BB#AL"(B message con!irming the -#BN message is returned)
A!ter the <BB#AL"(B message is sent to con!irm the -#BN message, incremental 3#DATB
messages, N-T"A"0AT"-N messages, and <BB#AL"(B messages will be exchanged between the
BH# peers)
-#BN message !ormat2
A"r&ion; * byte long and determines the %ersion o! BH# !or the neighbor to use) The highest %ersion
number o! two BH# neighbor will be negotiated) "! not match, an error message will be sent to the
sender and T0# session will be torn down) Then the session will be established with the lower
%ersion number) This process continues until the common %ersion number is reached)
M% Au'ono-ou& S%&'"-; 6 bytes long and contains the AS number o! the sending BH# speaker)
This will help in creating the BH# speaker9s BH# tree)
Ho.d Ti-"; 6 bytes long and in!orm the recei%ing BH# speaker about the hold time the sending
BH# speaker has) The recei%ing speaker will calculate the lowest o! its con!igured hold time and
keep that %alue in old Time !ield) This will determine the number o! seconds the BH# speaker will
expect between the receipt o! <BB#AL"(B and/or 3#DATB messages) "! one o! these messages is
not recei%ed in the time speci!ied by the hold time, the neighbor will be considered dead) Bach time
one o! the message is recei%ed, the hold time is reset to +)
B6P Id"n'ifi"r; = bytes long and it contains the BH# particular identi!ier o! the sending BH#
speaker) The BH# identi!ier will be highest loopback "# -R highest "# address con!igured !or
physical inter!ace) This is set during the startup process o! BH#) So it will not change unless you
restart the BH# process)
/ ?,
Marker
Length Type
(ersion
My Autonomous System
old Time
BH# "denti!ier
-ptional #arameter
Length
-ptional #arameters
O+'iona. Para-"'"r& ,"n)'$; * byte long and represents the total length o! the -# !ield) + %alue
suggests that no -# ha%e been set)
O+'iona. Para-"'"r&; This is a %ariable4length !ield and contains #arameter Type, #arameter
Length, and #arameter (alue !ields used in the BH# neighbor negotiation)
UPDATE -"&&a)"; A!ter BH# speakers ha%e been peers, they will exchange incremental 3#DATB
messages) "t contains the routing in!ormation !or BH#) This in!ormation is used to construct a loop4
!ree routing en%ironment)
3#DATB message !ormat2
Unf"a&i0." Rou'"& ,"n)'$; 6 bytes long and contains the length o! withdrawn routes !ield) A %alue
o! + signi!ies that 1R !ield is not present in the 3#DATB message)
#i'$dra(n Rou'"&; "t contains a list o! "# address pre!ixes that will be withdrawn) "p address pre!ix
!ormat will contain Length $* byte, + means all "# address pre!ixes& and #re!ix $o! %ariable length,
contains the "# address pre!ix& !ields)
To'a. Pa'$ A''ri0u'"& ,"n)'$; 6 bytes long and contains the length o! the #ath Attributes !ield)
Pa'$ A''ri0u'"&; "t contains a se:uence o! attributes about a path present in the 3#DATB message)
The in!ormation contained in this !ield is used to track route in!ormation and !or routing decisions
and !iltering) Bach path attribute is broken down into an attribute type, attribute length, attribute
%alue triplet)
The attribute type !ield is 6 bytes long and contains the Attribute Alags byte !ollowed by the
Attribute Type 0ode byte)
A''ri0u'" F.a)&; contains the 1ell4known mandatory, 1ell4known discretionary, -ptional
transiti%e and -ptional non4transiti%e attributes)
#"..2!no(n -anda'or%; This attribute must be recogni'ed by all implementations o! BH# and
be present in the 3#DATB message) A BH# session will be terminated i! this is not present in the
3#DATB message)
#"..2!no(n di&r"'ionar%; This attribute must be recogni'ed by all implementations o! BH# but
doesn9t need to be present in the 3#DATB message)
O+'iona. 'ran&i'i/"; This attribute allows !or optional attributes that are not recogni'ed by an
implementation o! BH# to be passed along to a BH# speaker9s peers)
O+'iona. non2'ran&i'i/"; "t is an optional attribute is not recogni'ed by an implementation o!
BH# and the transiti%e !lag is not set, this will not be passed on to the BH# speaker9s peers)
A''ri0u'" T%+" Cod"; This speci!ies the type o! #ath Attribute)
T%+" Cod" A''ri0u'" Na-" Ca'")or%
* -R"H"N 1ell4known mandatory
6 AS^#AT 1ell4known mandatory
7 NBGT^-# 1ell4known mandatory
= M3LT"^BG"T^D"S0 -ptional non4transiti%e
; L-0AL^#RBA 1ell4known discretionary
/ ??
3n!easible routes length $6 bytes&
1ithdrawn Routes $%ariable&
#ath Attributes $%ariable&
Total #ath Attributes Length $6 bytes&
Network Layer Reachability "n!ormation
$%ariable&
, AT-M"0^AHHRBHATB 1ell4known discretionary
? AHHRBHAT-R -ptional transiti%e
> 0-MM3N"TM -ptional transiti%e
@ -R"H"NAT-R^"D -ptional non4transiti%e
*+ 0L3STBR^L"ST -ptional non4transiti%e
** D#A Destination #oint Attribute !or
BH#
*6 Ad%ertiser BH#/"DR# Route Ser%er
*7 R0"D^#AT/0L3STBR^"D BH#/"DR# Route Ser%er
*= Multiprotocol Reachable NLR" -ptional non4transiti%e
*; Multiprotocol 3nreachable
NLR"
-ptional non4transiti%e
*, Bxtended 0ommunities N/A
6;, Reser%ed !or de%elopment N/A
N,RI (N"'(or! ,a%"r R"a$a0i.i'% Infor-a'ion; BH#%= supports (LSM) BH#%= is able to
ad%ertise routes regardless o! 0lass!ul boundaries) "t accomplishes this through the use o! the NLR"
!ield)
NLR" is a %ariable4length !ield, which contains "# address pre!ix o! the route) "t contains * byte long
Length !ield and a %ariable4length #re!ix !ield) Length o! "# address pre!ix) "t is same as subnet
mask) "! the %alue is + o! this !ield, it indicates all "# addresses are included) #re!ix !ield contains the
actual "# address pre!ix)
KEEPA,IAE -"&&a)"; These messages are used to ensure connecti%ity still exists between peers) "t
is made up o! only the !ixed4si'e BH# Message eader) A <BB#AL"(B message will be sent in
order to restart the hold timer) The inter%al at which a <BB#AL"(B message is sent is to be one4
third the hold time %alue) This is why the hold time must be at least 7 seconds i! it is not +) A
<BB#AL"(B message will not be sent i! an 3#DATB message was sent during this period o! time)
"! the hold time is set to +, a <BB#AL"(B message will ne%er be sent)
NOTIFICATION -"&&a)"; 1hene%er an error occurs during a BH# session, the BH# speaker
generates the N-T"A"0AT"-N message) As soon as the BH# speaker generates N-T"A"0AT"-N
message, the session is terminated) The N-T"A"0AT"-N contains error codes and error sub4codes
that allow network administrator to troubleshoot the problem)
N-T"A"0AT"-N message !ormat2
Error
Cod"
Nu-0"r
T%+" Error Su02
Cod"
Nu-0"r
T%+"
* Message eader Brror *
6
7
0onnection Not Synchroni'ed
Bad Message Length
Bad Message Type
6 -#BNmessage Brror *
6
7
=
;
,
3nsupported (ersion Number
Bad #eer AS
Bad BH# "denti!ier
3nsupported -ptional #arameters
Authentication Aailure
3nacceptable old Timer
7 3#DATBmessage Brror * Mal!ormed Attribute List
/ ?>
Data Brror 0ode Brror Sub40ode
6
7
=
;
,
?
>
@
*+
**
3nrecogni'ed 1ell4known
Attribute
Missing 1ell4known Attribute
Attribute Alags Brror
Attribute Length Brror
"n%alid -R"H"N Attribute
AS Routing Loop
"n%alid NBGT^-# attribute
-ptional Attribute Brror
"n%alid Network Aield
Mal!ormed AS^#AT
= old Timer expired
; Ainite State Machine
Brror
, 0ease
N"i)$0or N")o'ia'ion; Be!ore BH# communication can occur, BH# speakers must become
neighbors, or peers)
The !irst step in !orming a peer is to !orm a T0# session using T0# port *?@ with each other) "!
this does not occur, the HB# speakers will ne%er become peers)
A!ter the T0# session has been established, the BH# speakers will send an -#BN message to
each other)
Arom that point !orward the peers will send incremental 3#DATB messages, N-T"A"0AT"-N
messages and <BB#AL"(B messages)
Fini'" S'a'" Ma$in"; The process through which the !orming o! neighbors occurs is known as the
!inite state machine which contains six states)
Id." S'a'"; This is the !irst state a BH# speaker will enter when starting a BH# session)
The BH# speaker is waiting !or the BH# start e%ent $which can be initiated by BH# speaker or
administrator&, will initially re!use all incoming BH# connections)
-nce a start e%ent has occurred, the BH# speaker then start the 0onnectRetry timer, initiate a
T0# connection to the peer, and also listen !or any connection attempt started by other BH# speaker)
"! the session ended, the BH# speaker will wait ,+ seconds be!ore it retry the connection)
Conn"'ion& S'a'"; BH# speaker will clear 0onnectRetry timer, complete initiali'ation and send
an -#BN message to the remote speaker with its -penSent transition a!ter the T0# session has been
!ormed success!ully)
"! any other types o! e%ents cause an error, the BH# speaker will close the T0# connection and
changed state to "dle) All BH# start e%ents will be ignored in the 0onnection state)
A'i/" S'a'"; A!ter abo%e two states, i! the BH# speaker detects another BH# speaker trying to !orm
a T0# session with it and the remote BH# speaker9s "# address is not the expected "# address, the
BH# speaker will reCect the connection, reset the 0onnectRetry timer, continue to listen !or an
attempted connection !rom the remote BH# speaker, and stay in Acti%e state)
"! any other e%ents occur, the BH# speaker will close the T0# connection and transition its state
to "dle) All BH# start e%ents will be ignored in the Acti%e state)
O+"nS'a'" S'a'"; The BH# speaker is waiting to recei%e an -#BN message !rom the remote
BH# speaker and a!ter recei%ing it all the !iled will be checked)
"! an error occurred, it will send a N-T"A"0AT"-N message to the remote BH# speaker and
terminate the T0# connection and will be in "dle state)
"! no error occurred, it sends a <BB#AL"(B message to the remote BH# speaker, set the
keepali%e timer, and set the old timer to the negotiated %alue) The BH# speaker will then negotiate
/ ?@
the hold time and decides whether it will be a "BH# $i! two speakers are in same AS& or BBH# $in
di!!erent AS&, because this will a!!ect the 3#DATB processing) $A %alue o! + mean that the
keepali%e timer and the hold timer will ne%er be reset&
-nce the type o! BH# is determined, the state will be -pen0on!irm)
"! T0# connection disconnected message occur during this state, the BH# speaker will be in the
Acti%e state) "n all other error modes, it will be in the "dle state)
O+"nConfir- S'a'"; BH# speaker will wait !or the <BB#AL"(B message !rom remote speaker)
-nce it is recei%ed, BH# speaker will reset the hold timer and transition to the Bstablished state) At
this point, the peer relationship has been !ormed)
"! a N-T"A"0AT"-N message is recei%ed instead o! <BB#AL"(B message, it will be in "dle
state)
All BH# start e%ents will be ignored in the -pen0on!irm state)
E&'a0.i&$"d S'a'"; "n this state, all o! the neighbor negotiations are complete and all peers will
exchange 3#DATB and <BB#AL"(B messages and reset its hold timer each time it sends a
messages)
"! the hold timer e%er expires be!ore 3/< message recei%ed, the speaker will send a
N-T"A"0AT"-N message to its peer, terminate the T0# session and change its state to "dle)
All BH# start e%ents will be ignored in the Bstablished state)
Rou'" S"."'ion; -nce BH# peers ha%e reached the Bstablished state, they will start exchanging
routing in!ormation) To understand how the routing in!ormation will be recei%ed and process,
Routing "n!ormation Base must be understood)
Rou'in) Infor-a'ion Ba&"&; 1hen a BH# speaker learns a route, that route will need to pass
through the BH# speaker9s R"B) All BH# speaking de%ices contain a R"B) A R"B is broken down
into three parts2
AdP2RIB&2In; -ne AdC4R"B4"n exists !or each peer a BH# speaker has) This R"# is where incoming
BH# routes are stored) A!ter BH# routes ha%e been placed, they are then put through the inbound
policy engine) This is where the routes are !iltered or ha%e their attributes manipulated, based on a
prede!ined policy set by the router9s administrator) "! a BH# route makes it through the inbound
policy !ilter, it is then sent to the Loc4R"B)
,o2RIB; The Loc4R"B is what the router will use to make its own BH# routing decisions) The
router will then send all o! the BH# routes contained in the Loc4R"B to the outbound policy engine)
The -utbound #olicy engine is a prede!ined policy set by the administrator !or the purpose o!
!iltering and manipulating BH# routes be!ore placing them in the AdC4R"Bs4-ut)
AdP2RIB&2Ou'; "! a BH# route makes it through the outbound policy engine, the route will be placed
in the AdC4R"Bs4-ut) This exists !or each peer o! a BH# speaker) The routes that are placed in the
AdC4R"Bs4-ut will be ad%ertised to the BH# speaker9s peers)
A BH# route will continue this routine !or each BH# speaker it is ad%ertised to)
B6P Rou'" Pro"&&in);
8: The BH# speaker recei%es the BH# routes
>: The recei%ed BH# routes are placed in the AdC4R"Bs4"n)
9: The BH# routes are sent to the inbound policy engine
B: The inbound policy engine !ilters and manipulates routes based on the policy set by the
router9s administrator) BH# routes that are !iltered out by the inbound policy engine are
dropped at this point)
/ >+
AdC4R"Bs4"n "nbound
#olicy Bngine
Loc4R"B -utbound
#olicy
Bngine
AdC4R"Bs4
-ut
6
7
=
;
,
?
>
@
*
+ *
*
*
5: The remaining BH# routes are then !orwarded to the Loc4R"B)
D: The BH# speaker stores the routes in the Loc4R"B) The router uses these routes to make BH#
routing decisions)
4: The BH# routes are then !orwarded to the outbound policy engine
C: The outbound policy engine !ilters and manipulates routes based on the policy set by the
router9s administrator) BH# routes that are !iltered out by the outbound policy engine are
dropped at this point)
K: The BH# routes that make it through the outbound policy engine are then !orwarded to the
AdC4R"Bs4-ut)
8=: The recei%ed BH# routes will then be stored in the AdC4R"Bs4-ut)
88: All BH# routes stored in the AdC4R"Bs4-ut are then ad%ertised to all o! the BH# speaker9s
peers)
D"i&ion Pro"&&; This is the actual process that decides what routes the BH# speaker will accept,
the routes it will use locally, and the routes it will ad%ertise to its peers) "t happens with !ollowing
three phases2
P$a&" 8; This phase calculates the degree o! pre!erence !or a route learned !rom a neighboring
AS) 1hene%er a BH# speaker recei%es an 3#DATB message !rom a peer in a neighboring AS, phase
* begin) Then it will lock the AdC4R"B4"n used !or that peer)
The BH# speaker will lea%e the AdC4R"B4"n locked until the completion o! phase *) Aor each
!easible route the BH# speaker recei%es, it will calculate the degree o! pre!erence) The degree o!
pre!erence is the attracti%eness o! a route)
The BH# speaker will calculate the degree o! pre!erence based on the locally pre4con!igured
policy)
P$a&" >; "t is known as Route Selection #hase) During this phase, the BH# speaker will lock all
o! its AdC4R"Bs4"n and unlock them once the phase is complete)
At this point, any routes that ha%e a NBGT^-# attribute set to an address the BH# speaker
doesn9t ha%e a route to should be excluded) The BH# speaker will select a route that is the only route
to a destination to put in the Loc4R"B) "! multiple routes exist to the same destination, the BH#
speaker will select the route with the highest degree o! pre!erence) This route will then be inserted
into the BH# speaker9s Loc4R"B)
"n case that multiple routes exist to the same destination and they ha%e the same degree o!
pre!erence, the !ollowing tie breaking rules will apply2
"! the BH# speaker is con!igured to use the M3LT"^BG"T^D"S0 $MBD& and the MBDs o! the
routes di!!er, the BH# speaker will select the route with the lowest MBD)
"! the BH# speaker is not con!igured to used the MBD or the MBDs do not di!!er, the BH#
speaker will select the route with the lowest cost to the next4hop address)
"! the cost o! the routes does not di!!er, the BH# speaker will select the route that was ad%ertised
by a BH# speaker in a neighboring AS with the lowest BH# identi!ier)
"! the route was not ad%ertised by a BH# speaker in a neighboring AS, the BH# speaker will
select the route with the lowest BH# identi!ier)
P$a&" 9; "t is also knows as the Route Dissemination phase) "t will be initiated when any o! the
!ollowing !our e%ents occur2
#hase 6 completes
1hen routes, stored in the Loc4R"B, to local destinations change)
1hen any locally generated routes, not learned by BH#, change)
1hen a new BH# connection has been established)
During this phase, the routes stored in the Loc4R"B will be passed through the outbound policy
engine) The routes through the policy engine will be placed in the AdC4R"Bs4-ut) Theses are the
/ >*
routes the BH# speaker will ad%ertise to its peers) The BH# speaker can optionally per!orm route
aggregation during this phase)
Ci&o u&"& 8= &'"+& for rou'" &"."'ion;
8: "! the route speci!ies a next hop that is inaccessible, drop the update
>: #re!er the route with the largest weight
9: "! the weights are the same, pre!er the route with the largest local pre!erence)
B: "! the local pre!erences are the same, pre!er the route that was originated by BH# running on
this router)
5: "! no route was originated, pre!er the route that has the shortest AS^#AT)
D: "! all routes ha%e the same AS^#AT length, pre!er the route with the lowest origin type
$where "H# is lower than BH#, and BH# is lower than "ncomplete&)
4: "! the origin codes are the same, pre!er the route with the lowest MBD attribute)
C: "! the routes ha%e the same MBD, pre!er the external route o%er the internal route)
K: "! the routes are still the same, pre!er the route through the lowest metric "H# neighbor)
8=: #re!er the route with the lowest "# address, as speci!ied by the BH# Router "D)
Rou'" Fi.'"rin); The system administrator can a!!ect the routing decisions a BH# speaker makes)
The way this is done is through route !iltering) Route !iltering !or BH# can be used !or many
di!!erent reasons) "t can be used to permit or deny certain routes in the BH# speaker)
In)r"&& fi.'"rin); This is occurs when a route is recei%ed by the BH# speaker and passed to the
inbound policy engine) ere, the administrator can decide the permit and deny policy)
E)r"&& fi.'"rin); This is occurs when a route is passed into the outbound policy engine) The only
di!!erence between the Bgress and "ngress !iltering is that the BH# speaker is making the decisions
on the routes being ad%ertised to its peers and manipulating those routes9 BH# attributes)
The most commonly used techni:ues !or route !iltering are2 Route Maps, Distribute Lists and #re!ix
Lists $!or more detail, see chapter @&
B6P S%n$roniLa'ion;
Tran&i' AS; "t is an AS connected to multiple ASs, allowing the routes learned !rom one AS to be
passed along to another AS)
AS 6++ would be a transit AS) The routes the AS learns !rom AS 7++ will transit AS 6++ and be
recei%ed by AS *++) The same is true !or AS *++) The routes AS 6++ learns !rom AS *++ will transit
the AS and be passed on to AS 7++) "n other words, a transit AS is an AS that allows in!ormation
learned !rom another AS to transit through to another AS)
/ >6
AS
8==
AS
9==
AS >==
R
*
R
6
R
7
R
=
R
,
R
;
S'u0 AS; "t is an AS that does not allow in!ormation to transit through it to another AS) ere, AS
*++ and AS 7++ are both single homed Stub ASs with one entry and exit point)
By de!ault, BH# Synchroni'ation is on) Since "BH# re:uires a !ull mesh, it will be o!! in real world)
3se No &%n$roniLa'ion command to turn o!!)
Rou'" A))r")a'ion; <nown as route summari'ation, is a means by which multiple routes can be
combined into a single consuming less memory) "t occurs during phase 7 o! the BH# decision
process)
"! routes contain the MBD and NBGT^-# attributes, these attributes must be identical in order
!or the routes to be aggregated)
#aths with di!!erent attribute type codes cannot be aggregated together)
#aths with the same attribute type codes can be aggregated together)
#$"n and #$"n No' 'o U&" B6P;
1hen Not to 3se2 De!ault or Static Routes are ad%isable than BH# The routers in your network
don9t ha%e much memory and/or processing power causing the delays in network with the huge
internet routes)
Mour AS is connected to only one other AS and you do not need to en!orce any policies
Mour network doesn9t ha%e enough bandwidth to support the amount o! tra!!ic that BH# must
pass)
1hen to use BH#2 1hen you need to en!orce inbound and/or outbound policies on in!ormation
entering or lea%ing your network)
1hen your network has multiple connections to di!!erent ASs and you want your AS to pass
in!ormation !rom one AS to another AS) "n other words, you want your AS to be a transit AS)
1hen connecting di!!erent "nternet ser%ice pro%iders to one another)
Confi)urin) B6P;
/ >7
AS 8== AS 9==
AS >==
R* R;
R6 R7 R=
Mini-a. B6P Confi)ura'ion;
AS 8== AS 9==
S= S=
:8 8=:8=:8=:=79= >=:>=:>=:=79= :8
AS >==
S= S8
:> :>
R*Ycon! t
R*$con!ig&Yrou'"r 0)+ 8== $to enable BH# on a de%ice . router bgp AS no&
R*$con!ig4router&Yn"i)$0or 8=:8=:8=:> r"-o'"2a& >== $the neighbor to be peers&
R*$con!ig4router&YZ\
R*Y
R6Ycon! t
R6Y$con!ig&Yrou'"r 0)+ >==
R6Y$con!ig4router&Yn"i)$0or 8=:8=:8=:8 r"-o'"2a& 8==
R6Y$con!ig4router&Yn"i)$0or >=:>=:>=:8 r"-o'"2a& 9==
R6Y$con!ig4router&YZ\
R6Y
R7Ycon!ig t
R7Y$con!ig&Yrou'"r 0)+ 9==
R7Y$con!ig4router&Yn"i)$0or >=:>=:>=:> r"-o'"2a& >==
R7Y$con!ig4router&YZ\
R7Y
IB6P & EB6P Confi)ura'ion; The loopback address o! each router participating in "BH# will be
used in the neighbor statement when re!erring to the router) The directly connected inter!ace
addresses will be used !or the BBH# connections) A loopback inter!ace is always up and will ne%er
go down unless administrati%ely shut down) "! an "BH# speaker has multiple paths, it will ne%er go
down i! at least one link is working) 3se the !ollowing command while you use loopback inter!ace
!or BH# sessions without which the BH# speakers will ne%er !orm peers with one another2
N"i)$0or address u+da'"2&our" interface
IB6P AND EB6P N"'(or!;
*+)*+)*+)+/7+ 6+)6+)6+)+/7+
/ >=
R* R7
R6
AS 8==
:8
S=
AS 9==
S= :8
AS >==
:> S= S8 :
>
:8 S8 S= :8
7+)7+)7+)+/7+ =+)=+)=+)+/7+
S= :> S8 :>
R* R;
R6 R=
R7
1e don9t want BH# to be synchroni'ed with the "H#) So we will use no &%n$roniLa'ion command
on each router in AS 6++) The loopback address o! the R6 router, R7 router and R= router will be
6)6)6)6, 7)7)7)7 and =)=)=)= respecti%ely)
R*Ycon!ig t
R*$con!ig&Yrou'"r 0)+ 8==
R*$con!ig4router&Yn"i)$0or 8=:8=:8=:> r"-o'"2a& >==
R*$con!ig4router&YZ\
R6Ycon!ig t
R6$con!ig&Yrou'"r 0)+ >==
R6$con!ig4router&Yno &%n$roniLa'ion
R6$con!ig4router&Yn"i)$0or 8=:8=:8=:8 r"-o'"2a& 8==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 r"-o'"2a& >==
R6$con!ig4router&Yn"i)$0or B:B:B:B r"-o'"2a& >==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 u+da'"2&our" .o=
R6$con!ig4router&Yn"i)$0or B:B:B:B u+da'"2&our" .o=
R6$con!ig4router&YZ\
R7Ycon!ig t
R7$con!ig&Yrou'"r 0)+ >==
R7$con!ig4router&Yno &%n$roniLa'ion
R7$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& >==
R7$con!ig4router&Yn"i)$0or B:B:B:B r"-o'"2a& >==
R7$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" .o=
R7$con!ig4router&Yn"i)$0or B:B:B:B u+da'"2&our" .o=
R7$con!ig4router&YZ\
R=Ycon!ig t
R=$con!ig&Yrou'"r 0)+ >==
R=$con!ig4router&Yno &%n$roniLa'ion
R=$con!ig4router&Yn"i)$0or >=:>=:>=:8 r"-o'"2a& 9==
R=$con!ig4router&Yn"i)$0or 9:9:9:9 r"-o'"2a& >==
R=$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& >==
R=$con!ig4router&Yn"i)$0or 9:9:9:9 u+da'"2&our" .o=
R=$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" .o=
R=$con!ig4router&YZ\
R;Ycon!ig t
R;$con!ig&Yrou'"r 0)+ 9==
R;$con!ig4router&Yn"i)$0or >=:>=:>=:> r"-o'"2a& >==
R;$con!ig4router&YZ\
EB6P MU,TIHOP CONFI6URATION; 1hen the remote BH# speaker is not directly connected
between the local BH# speaker9s egress inter!ace and the remote BH# speaker9s ingress inter!ace)
/ >;
There is another router in between the local BH# speaker and the remote BH# speaker that cannot
run BH#)
Mou are sourcing the BH# connection !rom a loopback inter!ace on at least one o! the BH#
speakers in%ol%ed)
EB6P MU,TIHOP & INSECTIN6 ROUTES FI6URE
*@6)*,>)6++)+/6=
6+)6+)6+)+/7+
R* Lo+4*)*)*)*
R7 Lo+47)7)7)7
R*Ycon!ig t
R*$con!ig&Yrou'"r 0)+ 8==
R*$con!ig4router&Yn"i)$0or 9:9:9:9 r"-o'"2a& >==
R*$con!ig4router&Yn"i)$0or 9:9:9:9 u+da'"2&our" ,o=
R*$con!ig4router&Yn"i)$0or 9:9:9:9 "0)+2-u.'i$o+
R*$con!ig4router&YZ\
R7Ycon!ig t
R7$con!ig&Yrou'"r 0)+ >==
R7$con!ig4router&Yn"i)$0or 8:8:8:8 r"-o'"2a& 8==
R7$con!ig4router&Yn"i)$0or 8:8:8:8 u+da'"2&our" ,o=
R7$con!ig4router&Yn"i)$0or 8:8:8:8 "0)+2-u.'i$o+
R7$con!ig4router&YZ\
InP"'in) Rou'"& in'o B6P; There are two ways to inCect routes into BH# !or ad%ertisements2
8: Mou could redistribute the "H# into BH#) "t is a process o! inCecting the routing in!ormation
known by one routing protocol into another routing protocol) $i! many routes are there&
>: Mou can manually con!igure the routes !or BH# to ad%ertise) $i! less routes are there&
8: Manua..% inP"'in) rou'"& in'o B6P;
R6Ycon!ig t
R6$con!ig&Yrou'"r 0)+ 8==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 r"-o'"2a& >==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 u+da'"2&our" ,o=
R6$con!ig4router&Yn"i)$0or 9:9:9:9 "0)+2-u.'i$o+
R6$con!ig4router&Yn"'(or! 8=:8=:8=:= -a&! >55:>55:>55:>5>
R6$con!ig4router&Yn"'(or! 8K>:8DC:>B:= -a&! >55:>55:>55:=
R6$con!ig4router&YQT
/ >,
AS 8==
E= S= S8
:8 :8 *+)*+)*+)+/7+ :>
S= :
8
E8 :8
8K>:8DC:>B:=7>B AS >==
S= :>
E= 8K>:8DC:8==:=7>B
:8
R* R6
R7
R6Y
R7Ycon!ig t
R7$con!ig&Yrou'"r 0)+ >==
R7$con!ig4router&Yn"i)$0or >:>:>:>: r"-o'"2a& 8==
R7$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" ,o=
R7$con!ig4router&Yn"i)$0or >:>:>:> "0)+2-u.'i$o+
R7$con!ig4router&Yn"'(or! 8K>:8DC:8==:= -a&! >55:>55:>55:=
R7$con!ig4router&YQT
R7Y
R"di&'ri0u'in) Rou'"& in'o B6P;
R"di&'ri0u'" protocol process0id $the routing protocol to redistribute&$B/"HR#TAS Number,
-S#AT#rocess "d, R"#/"S4"ST#rocess id is not needed&
R6Ycon!ig t
R6$con!ig&Yrou'"r 0)+ 8==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 r"-o'"2a& >==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 u+da'"2&our" ,o=
R6$con!ig4router&Yn"i)$0or 9:9:9:9 "0)+2-u.'i$o+
R6$con!ig4router&Yr"di&'ri0u'" "i)r+ 8==
R6$con!ig4router&YQT
R6Y
R7Ycon!ig t
R7$con!ig&Yrou'"r 0)+ >==
R7$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& 8==
R7$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" ,o=
R7$con!ig4router&Yn"i)$0or >:>:>:> "0)+2-u.'i$o+
R7$con!ig4router&Yr"di&'ri0u'" "i)r+ 8==
R7$con!ig4router&YQT
R7Y
A"rif%in) and Trou0."&$oo'in) '$" O+"ra'ion of B6P;
Rou'" Infor-a'ion; sh ip route, sh ip bgp
Ai"(in) N"i)$0or Infor-a'ion; sh ip bgp summary, sh ip bgp neighbors
D"0u))in) B6P Infor-a'ion; debug ip bgp ip address 1 dampening 1 events 1 keepalives 1 pdates
Debug ip bgp updates, debug ip 6)6)6)6 updates
Ad/an"d Bord"r 6a'"(a% Pro'oo. (AB6P)
As a network grows in si'e, "BH# can cause scalability issues in !ully mesh inside an AS)
"BH# de%ices will not ad%ertise a route they ha%e learned !rom an "BH# neighbor to another
"BH# neighbor which is why "BH# re:uires a !ully meshed network)
The reason !ully meshing an "BH# network causes a problem is the number o! sessions needed to
!ully mesh the network and it will be harder to manage these sessions when more BH# speakers will
be added)
There are a couple o! alternati%es to !ully meshed "BH# networks in use today) Bach o! these
alternati%es can be used by itsel! or together to o%ercome the "BH# scalability issue)
8: Route Re!lection and >: 0on!ederations)
/ >?
Rou'" R"f."'ion; "t allows a BH# speaker, known as a route re!lector, to ad%ertise "BH#4learned
routes to certain other "BH# peers)
Route re!lection is the operation o! a BH# speaker ad%ertising an "BH# learned route to other
"BH# peers)
"t is the BH# speaker that ad%ertises the "BH#4learned route to other "BH# peers)
Re!lected route is a route that has been through the route re!lection operation)
0lient peers are BH# speakers, which will recei%e re!lected routes !rom a route re!lector and
participate in that route re!lector9s cluster)
Non4client peer is a BH# speaker that must be !ully meshed and doesn9t participated in a route
re!lector9s cluster)
0luster is a route re!lector and all o! its client peers)
There are three speci!ic criteria set !or the route re!lection needs to meet)
Si-+.ii'%; An alternati%e to !ully meshed "BH# must be simple to understand and con!igure)
Ea&% 'ran&i'ion; 1hen transitioning !rom a !ully meshed "BH# network, the alternati%e must not
cause a change to the topology or AS) This allows !or easy migration !rom !ully meshed "BH# to
route re!lection)
Co-+a'i0i.i'%; A non4compliant BH# peer must continue to participate in the AS without any loss
o! BH# routing in!ormation)
Rou'" r"f."'ion
EB6P EB6P
If '$" rou'" r"f."'or (a& no' onfi)ur"d and if i' (a& non2-"&$"d IB6P1 '$"n '$" rou'"
infor-a'ion (ou.dnR' $a/" r"a$"d 'o '$" rou'"r 5:
But in this case, the !ollowing process occur2
R* sends the route to R6
R6 recei%es the route and stores it locally
R6 sends the route to R7
R7 recei%es the route and stores it locally
R7 re!lects the route to R=
R= recei%es the route and stores it locally
Depending on the policies in place !or the AS, R= could ha%e sent the route to R;)
There is one maCor disad%antage with route re!lection) "t can create a single point !ailure) A single
point o! !ailure is a point that i! it !ails will cause all in!ormation !or the de%ices below it not to reach
them) To o%ercome this limitations, you can implement multiple re!lectors in the same cluster)
"mplementing redundant route re!lectors !or a cluster will eliminate the single point o! !ailure) Both
route re!lectors will re!lect routes to all o! the clients in the cluster, to each other, and to all other
"BH# peers)1hen one route re!lector in a cluster recei%es a route !rom another route re!lector in the
same cluster, it will ignore the route) This is accomplished by assigning all route re!lectors in the
same cluster the same .u&'"r ID: That way, when a route re!lector recei%es a route !rom a route
re!lector with the same 0luster "D, it knows to ignore the route) This aids in a%oiding routing loops)
"! you don9t con!igure the 0luster "D, the router re!lector9s Router "D will be used)
/ >>
AS8== AS 9==
AS >==
IB6P IB6P
Route Re!lector 0lient Route Re!lector Route Re!lector 0lient
R
*
R
6
R
7
R
=
R
;
Confi)urin) Rou'" R"f."'ion for IB6P
Ba&i Rou'" R"f."'ion;
R* Lo+4*)*)*)*
R6 Lo+46)6)6)6
R7 Lo+47)7)7)7
R= Lo+4=)=)=)=
R*Yonf '
R*$con!ig&Yrou'"r 0)+ 8==
R*$con!ig4router&Yno &%n$roniLa'ion
R*$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& 8==
R*$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" .o=
R*$con!ig4router&Yn"i)$0or 9:9:9:9 r"-o'"2a& 8==
R*$con!ig4router&Yn"i)$0or 9:9:9:9 u+da'"2&our" .o=
R*$con!ig4router&Yn"i)$0or B:B:B:B r"-o'"2a& 8==
R*$con!ig4router&Yn"i)$0or B:B:B:B u+da'"2&our" .o=
R*$con!ig4router&Yn"i)$0or >:>:>:> rou'"2r"f."'or .i"n'
R*$con!ig4router&Yn"i)$0or 9:9:9:9 rou'"2r"f."'or .i"n'
R*$con!ig4router&Yn"i)$0or B:B:B:B rou'"2r"f."'or .i"n'
R*$con!ig4router&YZ\
R*Y
R6Yonf '
R6$con!ig&Yrou'"r 0)+ 8==
R6$con!ig4router&Yno &%n$roniLa'ion
R6$con!ig4router&Yn"i)$0or 8:8:8:8 r"-o'"2a& 8==
R6$con!ig4router&Yn"i)$0or 8:8:8:8: u+da'"2&our" .o=
R6$con!ig4router&YZ\
R6Y
R7Yonf '
R7$con!ig&Yrou'"r 0)+ 8==
R7$con!ig4router&Yno &%n$roniLa'ion
R7$con!ig4router&Yn"i)$0or 8:8:8:8 r"-o'"2a& 8==
R7$con!ig4router&Yn"i)$0or 8:8:8:8: u+da'"2&our" .o=
R7$con!ig4router&YZ\
R7Y
R=Yonf '
R=$con!ig&Yrou'"r 0)+ 8==
R=$con!ig4router&Yno &%n$roniLa'ion
R=$con!ig4router&Yn"i)$0or 8:8:8:8 r"-o'"2a& 8==
R=$con!ig4router&Yn"i)$0or 8:8:8:8: u+da'"2&our" .o=
R=$con!ig4router&YZ\
"t is to be noted that the client9s con!iguration doesn9t change in basic "BH# route re!lection, only the
route re!lector9s con!iguration changes) 1hen con!iguring multiple route re!lectors in a cluster, we
will need to assign each o! the route re!lectors the 0luster "D !or the cluster with the 0)+ .u&'"r2id
clster "2 command)
/ >@
AS 8==
R*
R6 R7 R=
Mu.'i+." rou'" r"f."'or .u&'"r
R* Lo+4*)*)*)*
R6 Lo+46)6)6)6
R7 Lo+47)7)7)7
R= Lo+4=)=)=)=
R; Lo+4;);););
R*Yonf '
R*$con!ig&Yrou'"r 0)+ 8==
R*$con!ig4router&Yno &%n$roniLa'ion
R*$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& 8==
R*$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" .o=
R*$con!ig4router&Yn"i)$0or 9:9:9:9 r"-o'"2a& 8==
R*$con!ig4router&Yn"i)$0or 9:9:9:9 u+da'"2&our" .o=
R*$con!ig4router&Yn"i)$0or B:B:B:B r"-o'"2a& 8==
R*$con!ig4router&Yn"i)$0or B:B:B:B u+da'"2&our" .o=
R*$con!ig4router&Yn"i)$0or 5:5:5:5 r"-o'"2a& 8==
R*$con!ig4router&Yn"i)$0or 5:5:5:5 u+da'"2&our" .o=
R*$con!ig4router&Y0)+ .u&'"r2id 8
R*$con!ig4router&Yn"i)$0or 9:9:9:9 rou'"2r"f."'or .i"n'
R*$con!ig4router&Yn"i)$0or B:B:B:B rou'"2r"f."'or .i"n'
R*$con!ig4router&Yn"i)$0or 5:5:5:5 rou'"2r"f."'or .i"n'
R*$con!ig4router&YZ\
R*Y
R6Yonf '
R6$con!ig&Yrou'"r 0)+ 8==
R6$con!ig4router&Yno &%n$roniLa'ion
R6$con!ig4router&Yn"i)$0or 8:8:8:8 r"-o'"2a& 8==
R6$con!ig4router&Yn"i)$0or 8:8:8:8 u+da'"2&our" .o=
R6$con!ig4router&Yn"i)$0or 9:9:9:9 r"-o'"2a& 8==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 u+da'"2&our" .o=
R6$con!ig4router&Yn"i)$0or B:B:B:B r"-o'"2a& 8==
R6$con!ig4router&Yn"i)$0or B:B:B:B u+da'"2&our" .o=
R6$con!ig4router&Yn"i)$0or 5:5:5:5 r"-o'"2a& 8==
R6$con!ig4router&Yn"i)$0or 5:5:5:5 u+da'"2&our" .o=
R6$con!ig4router&Y0)+ .u&'"r2id 8
R6$con!ig4router&Yn"i)$0or 9:9:9:9 rou'"2r"f."'or .i"n'
R6$con!ig4router&Yn"i)$0or B:B:B:B rou'"2r"f."'or .i"n'
R6$con!ig4router&Yn"i)$0or 5:5:5:5 rou'"2r"f."'or .i"n'
R6$con!ig4router&YZ\
R6Y
R7Yonf '
R7$con!ig&Yrou'"r 0)+ 8==
R7$con!ig4router&Yno &%n$roniLa'ion
R7$con!ig4router&Yn"i)$0or 8:8:8:8 r"-o'"2a& 8==
/ @+
AS 8==
R* R6
R7 R= R;
R7$con!ig4router&Yn"i)$0or 8:8:8:8 u+da'"2&our" .o=
R7$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& 8==
R7$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" .o=
R7$con!ig4router&YZ\
R7Y
R=Yonf '
R=$con!ig&Yrou'"r 0)+ 8==
R=$con!ig4router&Yno &%n$roniLa'ion
R=$con!ig4router&Yn"i)$0or 8:8:8:8 r"-o'"2a& 8==
R=$con!ig4router&Yn"i)$0or 8:8:8:8 u+da'"2&our" .o=
R=$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& 8==
R=$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" .o=
R=$con!ig4router&YZ\
R=Y
R;Yonf '
R;$con!ig&Yrou'"r 0)+ 8==
R;$con!ig4router&Yno &%n$roniLa'ion
R;$con!ig4router&Yn"i)$0or 8:8:8:8 r"-o'"2a& 8==
R;$con!ig4router&Yn"i)$0or 8:8:8:8 u+da'"2&our" .o=
R;$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& 8==
R;$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" .o=
R;$con!ig4router&YZ\
R;Y
Conf"d"ra'ion&; "t allows you to break one AS into multiple mini4autonomous systems) This will
allow "BH# to run only within each mini4AS) The sessions between the mini4ASs will be BBH#
sessions) The outside world will know only about the main AS)
AS con!ederation is a collection o! ASs that appear to the outside world as one AS
AS con!ederation "denti!ier $"D& is an AS number that represents the con!ederation as a whole and
is ad%ertised to other AS)
Member4AS is an AS that is contained within the con!ederation)
Member4AS number is an AS number that represents the particular member4AS)
Mini4AS is also known as the member4AS)
#ri%ate AS is an AS number that should not be ad%ertised to the outside world) The AS number
reser%ed !or pri%ate ASs are ,=,;*6 to ,;,;7;)
#ublic AS is an AS number that must be assigned) The public AS number range is * to ,=,;** and
is assigned by AR"N)
"t is important to note that all BH# speakers participating in a mini4AS must be !ully meshed !or
"BH#) That means the rules are same !or "BH# within normal AS and mini4AS) So the same normal
routing will be per!ormed in the mini4AS) So we can use route re!lectors within the mini4AS to
!urther reduce the !ull mesh issue) The NBGT^-#, MBD and L-0AL^#RBA attributes will be
retained when crossing mini4AS boundaries)
Conf"d"ra'ion;
/ @*
AS>==
EB6P
AS ,;+++
"BH#
AS ,;++*
"BH#
R7 R=
R6
R; R,
R?
R* R>
EB6P
Ho( '$" R8 &"nd '$" da'a 'o R>
8: R* sends the route to R6) R* knows only about AS 6++U it doesn9t know about the mini4ASs)
>: R6 will recei%e the route !rom R* and store it locally)
9: R6 sends the route to its "BH# peers, R7 and R=)
B: R7 and R= will recei%e the route and store it locally
5: R= sends the route to R;) This is an BBH# session) R; will see the route as coming !rom the
mini4AS)
D: R; will recei%e the route and store it locally
4: R; sends the route to "BH# peers, R, and R?)
C: R, and R? will recei%e the route and store it locally
K: R? sends the route to R>) This is an BBH# session) R> will see the route as coming !rom AS
6++) R> will not know anything about the mini4ASs)
ow is this able to happenJ 1hen con!ederations were de%eloped, two new AS^#AT segment
types were also created2
A$3#%N45523$56U5N#5 is an ordered set o! member4AS numbers in the local con!ederation
that the 3#DATB message has tra%ersed) This is an AS^#AT segment Type 7)
A$3#%N45523$5, is an unordered set o! member4AS numbers in the local con!ederation that
the 3#DATB message has tra%ersed) This is an AS^#AT segment Type =)
The step4by4step procedure o! what happens to the AS^#AT as it tra%erses the con!ederation)
8: R6 recei%es the route !rom R*)
>: R6 does nothing to the AS^#AT, since it doesn9t ha%e any BBH# peers to send the route to)
9: R6 send the route to both o! its "BH# peers in the member4AS $R7 and R=&
B: R7 and R= will recei%e the route !rom R6)
5: R7 does nothing to the AS^#AT since it doesn9t ha%e any BBH# peers to send the route to)
D: R= checks to see i! its BBH# peer is part o! the same con!ederation) "n this case it is)
4: R= then checks the AS^#AT to see i! the !irst segment is o! type
AS^0-NABBD^SBP3BN0B) "n this case it is not) So, R= appends an
AS^0-NABBD^SBP3BN0B type with its member4AS number) "! the !irst segment had been o!
type AS^0-NABBD^SBP3BN0B, R= would ha%e Cust added its member4AS number to the
se:uence)
C: R= sends the route to R;)
K: R; recei%es the route !rom R=)
8=: R; does nothing to the AS^#AT, since it doesn9t ha%e any BBH# peers to send the route to)
88: R; sends the route to its "BH# peers
8>: R, and R? will recei%e the rout !rom R;
89: R, does nothing to the AS^#AT, since it doesn9t ha%e any BBH# peers to end the route to)
8B: R? checks to see i! its BBH# peer is part o! the same con!ederation) "n this case it is not part o!
the same con!ederation)
85: R? remo%es the AS^0-NABBD^SBP3BN0B !rom the AS^#AT) R? then adds the
con!ederation "D to the AS^SBP3BN0B) "! an AS^SBP3BN0B had not existed, R? would ha%e
appended an AS^SBP3BN0B to the 0on!ederation "D)
8D: R? sends the route to R>)
/ @6
84: R> recei%es the packet) 1hen R> looks at the AS^#AT, it ne%er sees the member4AS number
since the AS^0-NABBD^SBP3BN0B was remo%ed !rom the AS^#AT by R?) R> sees the
0on!ederation "D in the AS^SBP3BN0B)
Confi)urin) Conf"d"ra'ion; 1hen con!iguring con!ederations, you will !irst need to enable
BH# on the de%ices) The router 0)+ -"-0"r2AS2nu-0"r will accomplish this)
Then a!ter enabling BH#, con!igure all BH# speakers participating in the con!ederation with the
Conf"d"ra'ion ID with command 0)+ onf"d"ra'ion id"n'ifi"r con&ederation )+.
A!ter con!iguring the 0on!ederation "D, you need to speci!y on each o! these BH# speakers what
the member4AS4number are to all member4ASs in the con!ederation) This is done so the BH#
speaker can determine whether its BH# peer is part o! the con!ederation with the 0)+ onf"d"ra'ion
+""r& !e!,er"A# n(!,ers in the router con!iguration mode)
There are a couple o! rules you need to keep in mind while con!iguring con!ederations2
1hen con!iguring n"i)$0or statements !or BH# peers in the con!ederation, use their respecti%e
member4AS numbers)
1hen con!iguring a BH# speaker in a neighboring AS to a peer with a BH# speaker in the
con!ederation, use the 0on!ederation "D in the n"i)$0or statement)
1hen enabling BH# on a BH# speaker in a member4AS, use the member4AS number)
1e will con!igure the abo%e BH# !igured network) 1e need to use the loopback inter!aces o! all
routers !or the BH# sessions) 1e assume that "BH# is already con!igured correctly with loopback
inter!aces)
$Routers loopback addresses are !or R* to R? !rom *)*)*)* to ?)?)?)? respecti%ely&
M"-0"r AS D5=== (IB6P) Confi)ura'ion
R6Yonfi) '
R6$con!ig&Yrou'"r 0)+ D5===
R6$con!ig4router&Yno &%n$roniLa'ion
R6$con!ig4router&Y0)+ onf"d"ra'ion id"n'ifi"r >==
R6$con!ig4router&Y0)+ onf"d"ra'ion +""r& D5==8
R6$con!ig4router&Yn"i)$0or 9:9:9:9 r"-o'"2a& D5===
R6$con!ig4router&Yn"i)$0or 9:9:9:9 u+da'"2&our" ,o=
R6$con!ig4router&Yn"i)$0or B:B:B:B r"-o'"2a& D5===
R6$con!ig4router&Yn"i)$0or B:B:B:B u+da'"2&our" ,o=
R6$con!ig4router&YZ\
R7Yonfi) '
R7$con!ig&Yrou'"r 0)+ D5===
R7$con!ig4router&Yno &%n$roniLa'ion
R7$con!ig4router&Y0)+ onf"d"ra'ion id"n'ifi"r >==
R7$con!ig4router&Y0)+ onf"d"ra'ion +""r& D5==8
R7$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& D5===
R7$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" ,o=
R7$con!ig4router&Yn"i)$0or B:B:B:B r"-o'"2a& D5===
R7$con!ig4router&Yn"i)$0or B:B:B:B u+da'"2&our" ,o=
R7$con!ig4router&YZ\
R=Yonfi) '
R=$con!ig&Yrou'"r 0)+ D5===
R=$con!ig4router&Yno &%n$roniLa'ion
/ @7
R=$con!ig4router&Y0)+ onf"d"ra'ion id"n'ifi"r >==
R=$con!ig4router&Y0)+ onf"d"ra'ion +""r& D5==8
R=$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& D5===
R=$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" ,o=
R=$con!ig4router&Yn"i)$0or 9:9:9:9 r"-o'"2a& D5===
R=$con!ig4router&Yn"i)$0or 9:9:9:9 u+da'"2&our" ,o=
R=$con!ig4router&YZ\
M"-0"r2AS D5==8 (IB6P) Confi)ura'ion
R;Yonfi) '
R;$con!ig&Yrou'"r 0)+ D5==8
R;$con!ig4router&Yno &%n$roniLa'ion
R;$con!ig4router&Y0)+ onf"d"ra'ion id"n'ifi"r >==
R;$con!ig4router&Y0)+ onf"d"ra'ion +""r& D5===
R;$con!ig4router&Yn"i)$0or D:D:D:D r"-o'"2a& D5==8
R;$con!ig4router&Yn"i)$0or D:D:D:D u+da'"2&our" ,o=
R;$con!ig4router&YZ\
R,Yonfi) '
R,$con!ig&Yrou'"r 0)+ D5==8
R,$con!ig4router&Yno &%n$roniLa'ion
R,$con!ig4router&Y0)+ onf"d"ra'ion id"n'ifi"r >==
R,$con!ig4router&Y0)+ onf"d"ra'ion +""r& D5===
R,$con!ig4router&Yn"i)$0or 5:5:5:5 r"-o'"2a& D5==8
R,$con!ig4router&Yn"i)$0or 5:5:5:5 u+da'"2&our" ,o=
R,$con!ig4router&YZ\
A' '$i& +oin' (" $a/" IB6P onfi)ur"d for "a$ of '$" -"-0"r2AS& in AS >==: #" no( n""d 'o
onfi)ur" EB6P 0"'(""n '$" '(o;
R=Yonfi) '
R=$con!ig&Yrou'"r 0)+ D5===
R=$con!ig4router&Yn"i)$0or 5:5:5:5 r"-o'"2a& D5==8
R=$con!ig4router&Yn"i)$0or 5:5:5:5 u+da'"2&our" ,o=
R=$con!ig4router&Yn"i)$0or 5:5:5:5 "0)+2-u.'i$o+
R=$con!ig4router&YZ\
R;Yonfi) '
R;$con!ig&Yrou'"r 0)+ D5==8
R;$con!ig4router&Yn"i)$0or B:B:B:B r"-o'"2a& D5===
R;$con!ig4router&Yn"i)$0or B:B:B:B u+da'"2&our" ,o=
R;$con!ig4router&Yn"i)$0or B:B:B:B "0)+2-u.'i$o+
R;$con!ig4router&YZ\
T$" .a&' i'"- (" n""d 'o onfi)ur" i& '$" onn"'ion& 'o '$" n"i)$0orin) AS;
R*Yonfi) '
R*$con!ig&Yrou'"r 0)+ 8==
R*$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& >==
R*$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" ,o=
R*$con!ig4router&Yn"i)$0or >:>:>:> "0)+2-u.'i$o+
R*$con!ig4router&YZ\
/ @=
R6Yonfi) '
R6$con!ig&Yrou'"r 0)+ D5===
R6$con!ig4router&Yn"i)$0or 8:8:8:8 r"-o'"2a& 8==
R6$con!ig4router&Yn"i)$0or 8:8:8:8 u+da'"2&our" ,o=
R6$con!ig4router&Yn"i)$0or 8:8:8:8 "0)+2-u.'i$o+
R6$con!ig4router&YZ\
R?Yonfi) '
R?$con!ig&Yrou'"r 0)+ 9==
R?$con!ig4router&Yno &%n$roniLa'ion
R?$con!ig4router&Yn"i)$0or D:D:D:D r"-o'"2a& >==
R?$con!ig4router&Yn"i)$0or D:D:D:D u+da'"2&our" ,o=
R?$con!ig4router&Yn"i)$0or D:D:D:D "0)+2-u.'i$o+
R?$con!ig4router&YZ\
R,Yonfi) '
R,$con!ig&Yrou'"r 0)+ D5==8
R,$con!ig4router&Yn"i)$0or 4:4:4:4 r"-o'"2a& 9==
R,$con!ig4router&Yn"i)$0or 4:4:4:4 u+da'"2&our" ,o=
R,$con!ig4router&Yn"i)$0or 4:4:4:4 "0)+2-u.'i$o+
R,$con!ig4router&YZ\
B6P Fi.'"r&; Ailters are a means by which BH# routes can be blocked, permitted or manipulated)
All o! theses help in creating a BH# policy)
Di&'ri0u'" ,i&'&; "t is used to !ilter inbound and outbound ad%ertisements !or a BH# session to a
peer) Those are e!!ecti%e tool in deciding which routes the router will accept or send out) "t is rely on
either standard access list or an extended access list to decide which routers to permit or deny)
Mou need to !ollow the process laid out below2
8: Decide the routes that need to be blocked !rom and/or accepted by the router)
>: Determine whether an inbound !ilter on the router or an outbound !ilter on another de%ice would
be better to use)
9: 0reate an access list to deny the routes to be blocked and to permit the routes that need to be
ad%ertised)
B: Add the distribute list to the appropriate BH# session)
The command is2 n"i)$0or peer address di&'ri0u'"2.i&' access ist n(!,er Fin 7 ou'G
Di&'ri0u'" ,i&';
Now, we will utili'e a DL to !ilter a route with !our steps below2
8: The router *9s Bthernet segment needs to be blocked !rom R7)
>: "n order to pre%ent unnecessary 3#DATB messages !or the route, it would be a better choice
to put an outbound !ilter on R6)
9: 0reate an access list on R62
R6Yonfi) '
R6$con!ig&Ya"&&2.i&' 8 d"n% 8K>:8DC:>B:= =:=:=:>55
/ @;
AS 8==
*@6)*,>)6=)+/6=
AS >==
R* R6 R7
R6$con!ig&Ya"&&2.i&' 8 +"r-i' d"n%
R6$con!ig&YZ\
B: Add the DL to the BH# session on R6 !or R7) The address used by R7 !or the BH# session
is7)7)7)72
R6Yonfi) '
R6$con!ig&Yrou'"r 0)+ >==
R6$con!ig&Yn"i)$0or 9:9:9:9 di&'ri0u'"2.i&' 8 ou'
R6$con!ig&YZ\
That9s all there to con!igure DL) The maCor drawback o! DLs !or BH# !iltering is that they rely on an
access list) Access lists are not !lexible) "! you need to deny a new route or permit a new route, you
will need to delete the access list and recon!igure it with the new in!ormation) That is where the
#re!ix Lists can help)
Pr"fi3 ,i&'&; #re!ix lists were !irst introduced in "-S *6)+) They operate in much the same was as
DLs) #Ls are generally used to !ilter routes) "t can be combined with route maps)
T$" +ro"dura. &'"+& for P,&;
8: Decide which routes need to be blocked !rom and/or accepted by the router
>: Determine whether an inbound !ilter on the router or an outbound !ilter on another de%ice
would be better to use)
9: 0reate a pre!ix list
B: Attach the +r"fi32.i&' command to the n"i)$0or statement)
#Ls are easier to manage as a network grows in si'e) An important item to remember about #Ls is
that they ha%e an implicit d"n% a.. at the end o! them)
DLs are rely on access lists) An access list reads !rom top to bottom, and any new line o! the access
list you add will be placed at the end o! the access list) The problem occurs i! you need to permit or
deny a new route closed to the beginning o! the access list a!ter the access list has been created) "n
order to accomplish this, you would need to remo%e the access list and con!igure a new access list)
#Ls o%ercome this limitation with the use o! se:uence numbers) Aor instance, i! you had a pre!ix list
that had se:uence *+ and *; and you decided you needed to enter a new pre!ix list line be!ore
se:uence *;, you could use se:uence ** to *= to accomplish this) 1hen con!iguring a pre!ix list, i!
you do not speci!y a se:uence number, the !irst line o! the pre!ix list will start at *+ and each
additional line added will increment by ;) To con!igure a pre!ix list, the !ollowing command will
need to be used in global con!iguration mode2
I+ +r"fi32.i&' ist"na!e F&"q se-"'a(eG H+"r-i' 7 d"n%J network . en F)" ge"'a(eG F." e"'a(eG
List4name . the name to use !or the pre!ix list
Se:4%alue . the numeric %alue o! the se:uence) Se: is an optional parameter
Network . the network address
Len . the length o! the subnet mask
He4%alue . the !rom %alue o! the range
Le4%alue . the to %alue o! the range
The ."2/a.u" and the )"2/a.u" can be used to create a range o! addresses to permit or deny !or the
network address entered) Mou can also use the %alues independently o! each other) Aor instance, i!
the network address o! *@6)*,>)6=)+/6= was entered and the )"2/a.u" o! 6> was used, any addresses
within the network address with a subnet mask e:ual to or greater than /6> would be addresses that
would be matched) "! the ."2/a.u" o! /6> had been used instead o! the )"2/a.u", any addresses within
the network address with a mask between /6= and /6> would be the addresses that were matched)
/ @,
Confi)ura'ion of P,;
R*$con!ig&Yi+ +r"fi32.i&' 8 &"q 8= +"r-i' 8K>:8DC:>B:=7>B *
He minimum pre!ix length to be matched
Le maximum pre!ix length to be matched
To permit all or deny all routes, the !ollowing pre!ix list lines can be used2
I+ +r"fi32.i&' na!e +"r-i' =:=:=:=7= ." 9>
I+ +r"fi32.i&' na!e d"n% =:=:=:=7= ." 9>
Name is the name o! the #L) Mou can optionally speci!y the se:uence number) A!ter #L is created,
you will need to apply it to the appropriate BH# session with the !ollowing command2
N"i)$0or peer address +r"fi32.i&' na!e Fin I ou'G
#eer address . address o! the BH# peer you want to apply the !ilter to)
Name . the name o! the pre!ix list to associate)
Pr"fi3 .i&'&;
1e will now apply the !our steps2
8: R*9s Bthernet segment *@6)*,>)6=)+/6= and R69s Bthernet segment *@6)*,>)*++)+/6= should
be ad%ertised to R7) All other BH# routes should)
>: "n order to pre%ent unneeded 3#DATB messages !or the routes, it would be a better choice to
put an outbound !ilter on R6)
9: 0reate the pre!ix list on R62
R6Yonfi) '
R6$con!ig&Yi+ +r"fi32.i&' '"&' &"q 8= d"n% 8K>:8DC:>B:=7>B
R6$con!ig&Yi+ +r"fi32.i&' '"&' &"q 85 d"n% 8K>:8DC:8==:=7>B
R6$con!ig&Yi+ +r"fi32.i&' '"&' &"q >= +"r-i' =:=:=:=7= ." 9>
R6$con!ig&YQT
R6Y
B: Add a pre!ix list to the BH# session on R6 !or R7) The address used by R7 !or the BH#
session is 7)7)7)7)
R6Yonfi) '
R6$con!ig&Yrou'"r 0)+ >==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 +r"fi32.i&' '"&' ou'
R6$con!ig4router&YQT
R6Y
Rou'" Ma+&; Route maps can be used to !ilter as well as manipulate BH# routes) A rote map is
made up o! a se:uence o! conditions) A se:uence in a route map is composed o! the !ollowing
command2
Rou'"2-a+ na!e H+"r-i' I d"n%J Fse-(ence n(!,erG
Name . the name o! the route map) All se:uence in a route map must ha%e the same %alue !or the
name)
Se:uence number . speci!ies the position o! the condition)
/ @?
AS >==

*@6)*,>)*++)+/6=
AS 8==
*@6)*,>)6=)+/6=
*@6)*,>)6++)+/6=
R6 R7
R*
A!ter this command is entered, you will enter route map con!iguration mode) "n this mode you will
con!igure the speci!ic conditions !or the particular se:uence o! the route map) The conditions consist
o! -a'$ and &"' command) The -a'$ command is used to speci!y the criteria !or the se:uence)
The &"' command speci!ies the action that will occur i! the condition de!ined by the -a'$ statement
is met) A route map can match on any o! the !ollowing -a'$ statements2
Match as4path 3sed to match a BH# AS path access list
Match community4list 3sed to match a BH# community
Match inter!ace 3sed to distribute any routes that ha%e their next hop out one o!
the inter!aces speci!ied
Match ip address 3sed to match any routes that ha%e a destination network
address that is permitted by the speci!ied standard access list,
extended access list, or pre!ix list)
Match ip next4hop 3sed to match any routes that ha%e a next4hop address permitted
by the speci!ied standard access list, extended access list, or
pre!ix list)
Match ip route4source 3sed to match any routes that ha%e been ad%ertised by any
address speci!ied by the speci!ied standard access list, extended
access list, or pre!ix list)
Match metric 3sed to match any routes with the speci!ied metric
Match route4type 3sed to match any routes with the speci!ied type
Match tag 3sed to match any routes with the speci!ied tag
Actions that can be speci!ied with the &"' command are as numerous as those !or -a'$ command2
Set as4path 3sed to modi!y the AS^#AT attribute
Set automatic4tag 3sed to automatically compute the tag %alue
Set comm4list 3sed to set the BH# community list !or deletion
Set community 3sed to set the BH# 0-MM3N"T"BS attribute
Set dampening 3sed to set the parameters !or BH# route !lap dampening
Set de!ault inter!ace 3sed to set the de!ault output inter!ace
Set inter!ace 3sed to set the output inter!ace
Set ip de!ault next4hop 3sed to set the de!ault next4hop address along the path
Set ip next4hop 3sed to set the next4hop address
Set ip precedence 3sed to set the "# #recedence !ield
Set ip tos 3sed to set the "# Type o! Ser%ice !ield
Set le%el 3sed to set where to import the route
Set local4pre!erence 3sed to set the BH# L-0AL^#RBA path attribute
Set metric 3sed to set the metric %alue !or the destination routing protocol
Set metric4type 3sed to set the metric %alue !or the destination routing protocol
Set origin 3sed to set the BH# origin code
Set tag 3sed to set the tag %alue !or the destination routing protocol
Set weight 3sed to set the BH# weight !or the routing table
A!ter con!iguring the route map using the &"' and -a'$ statements, you will need to apply the route
map to the neighbor session you would like to apply the !ilter to with the !ollowing command2
N"i)$0or peer address rou'"2-a+ name Fin I ou'G
Rou'" Ma+ Confi)ura'ion; (#i'$ '$" &a-" fi)ur" of PREFI?2,IST a0o/")
/ @>
Hoal 2 Deny network *@6)*,>)6=)+/6= !rom being ad%ertised to R7) 1e do want R6 to know the
route) The address used by R7 !or the BH# session is 7)7)7)72
R6Yonfi) '
R6$con!ig&Ya"&&2.i&' 8 +"r-i' 8K>:8DC:>B:= =:=:=:>55
R6$con!ig&Yrou'"2-a+ fi.'"r8 d"n% 8=
R6$con!ig4route4map&Y-a'$ i+ addr"&& 8
R6$con!ig4route4map&Yrou'"2-a+ fi.'"r8 +"r-i' >=
R6$con!ig4route4map&Y"3i'
R6$con!ig&Yrou'"r 0)+ >==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 rou'"2-a+ fi.'"r8 ou'
R6$con!ig4router&YQT
R6Y
A route map can also be used with the r"di&'ri0u'" command to a!!ect routes that are being
redistributed into the routing protocol)
0on!iguring route maps to manipulate routes is basically the same as con!iguring them to !ilter
tra!!ic) 1e will use abo%e !igure and instead o! blocking network *@6)*,>)6=)+/6=, we will permit it,
but we will manipulate its local pre!erence)
R6Yonfi) '
R6$con!ig&Ya"&&2.i&' 8 +"r-i' 8K>:8DC:>B:= =:=:=:>55
R6$con!ig&Yrou'"2-a+ fi.'"r8 +"r-i' 8=
R6$con!ig4route4map&Y-a'$ i+ addr"&& 8
R6$con!ig4route4map&Y&"' .oa.2+r"f"r"n" >==
R6$con!ig4route4map&Yrou'"2-a+ fi.'"r8 +"r-i' >=
R6$con!ig4route4map&Y"3i'
R6$con!ig&Yrou'"r 0)+ >==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 rou'"2-a+ fi.'"r8 ou'
R6$con!ig4router&YQT
R6Y
1hat we did was adCust the L-0AL^#RBA o! the route to 6++ !or R7)
There is one other !ilter that can be used !or !iltering routes) This is a !ilter list and it uses AS path
lists to !ilter routes) An AS path list will allow you to !ilter routes based on the ASs they ha%e
tra%ersed) $"t is out o! scope o! this course&
Co--uni'i"&; Ailtering in!ormation based on the "# pre!ix can become tedious in large networks
because o! the number o! potential routes) There is a way to o%ercome this and it is known as
communities) A co!!(nit% is a group o! destinations that ha%e some common attribute)
Destinations can be added to a community by setting their 0-MM3N"TM attribute) Routing policies
can then be en!orced based on using the 0-MM3N"TM attribute to a!!ect routing decisions)
Destinations can be grouped into a single community or multiple communities regardless o! their
physical location and ASs) By de!ault all de%ices belong to the "nternet, well4known community)
There are other well4known communities, besides the "nternet, that a destination can belong to2
NOUE?PORT 2 A route belonging to this community will not be ad%ertised to an BBH# peer)
This includes member4ASs within a con!ederated AS)
NOUADAERTISE 2 A route belonging to this community will not be ad%ertised to any BH# peer
whether it9s "BH# or BBH#)
,OCA,UAS 2 This community was !irst introduced in 0isco "-S *6)+) Routes belonging to this
community will be ad%ertised to other mini4ASs belonging to the same con!ederation) The routes
will not be ad%ertised outside o! the con!ederation)
/ @@
In'"rn"' 2 This is the de!ault community all BH# speakers belong to) No type o! route !iltering is
used)
"n order to add a route to a community, you will need to create a route map and use the &"'
o--uni'% command to add the route to the community) This can occur !or routes being ad%ertised
to the BH# speaker !rom a peer, routes being ad%ertised !rom the BH# speaker to a peer, and routes
being redistributed into BH#)
Aor example, we want to add route *@6)*,>)6++)+/6= to community 6++, and we want to add all other
routes to the N-^BG#-RT community) B"HR# *++ is redistributing the routes into BH#) Below the
con!iguration that would need to occur2
R6Yonfi) '
R6$con!ig&Ya"&&2.i&' 8 +"r-i' 8K>:8DC:>==:= =:=:=:>55
R6$con!ig&Yrou'"2-a+ o--uni'%8 +"r-i' 8=
R6$con!ig4route4map&Y-a'$ i+ addr"&& 8
R6$con!ig4route4map&Y&"' o--uni'% >==
R6$con!ig4route4map&Yrou'"2-a+ o--uni'%8 +"r-i' >=
R6$con!ig4route4map&Y&"' o--uni'% no2"3+or'
R6$con!ig4route4map&Y"3i'
R6$con!ig&Yrou'"r 0)+ >==
R6$con!ig4router&Yn"i)$0or 9:9:9:9 rou'"2-a+ o--uni'% in
R6$con!ig4router&YQT
R6Y
"! community 6++ already existed, the command addi'i/" would ha%e needed to be added to the
end o! the &"' o--uni'% command) "n order to remo%e routes !rom a community, the &"'
o--uni'% non" command would need to be used)
The pre%iously mentioned commands will not !ully con!igure a community) The 0-MM3N"TM
attribute is stripped !rom outgoing BH# updates) "n order to enable the propagating o! community
in!ormation to a peer, the !ollowing command needs to be entered in BH# con!iguration mode2
n"i)$0or peer address &"nd2o--uni'%
-nce communities ha%e been con!igured !or a network, you can use the communities to !ilter and
manipulate the routes belonging to the community) "n order to accomplish this, you will !irst need to
create a community list) The commnity list will contain all o! the communities you want the policy
to a!!ect) "n order to create a community list, use the !ollowing command in global con!iguration
mode2
i+ o--uni'%2.i&' nm!er F+"r-i' I d"n%G commnity nm!er
$number . the number o! community list) Aor a standard community list it will be !rom *4@@) Aor an
extended community list it will be !rom *++ to *@@) 0ommunity number . the number o! the
community !or the community list) "! entering multiple communities separate them with a space)&
-nce you ha%e created your community list, you can then use it within a route map) "n order to
use community list to per!orm the matches !or a route map, you will need to use the -a'$
o--uni'% n(!,er command within the route map, where the nm!er is the community list
number)
(in r"a. (or.d1 %ou (i.. n""d 'o $"! (i'$ %our ISP 'o "n&ur" '$"% (i.. a"+' o--uni'i"&)
P""r 6rou+&; "t is :uite common !or a BH# speaker to use the same update policies !or its peers) An
update policy consists o! the same outbound route maps, distribute lists, !ilter lists, update source and
/ *++
so on) #eer Hroups allow you to group all o! a BH# speaker9s neighbors that will need to use the
same policy into one group) The update policy will then be applied to all members o! that peer group)
Candida'" for +""r )rou+222U+da'" Po.i% O+'ion&;
O+'ion D"&ri+'ion
Ad%ertise4map Speci!ies the route map !or conditional ad%ertisement
Ad%ertisement4inter%al Sets the minimum inter%al between sending BBH# routing updates
De!ault4originate -riginates the de!ault route to this neighbor
Description 0reates a neighbor4speci!ic description
"nbound/outbound distribute4list Ailters updates to/!rom this neighbor
Bbgp4multihop Allows BBH# neighbors not on directly connected networks
"nbound/outbound !ilter4list Bstablishes BH# !ilters
Maximum4pre!ix Sets the maximum number o! pre!ixes accepted !rom this peer
Next4hop4sel! Disables the next4hop calculation !or this neighbor
#assword Sets a password
"nbound/outbound pre!ix4list Applies a pre!ix list to a neighbor
Remote4as Speci!ies a BH# neighbor
Remo%e4pri%ate4AS Remo%es a pri%ate AS number !rom outbound updates
"nbound/outbound route4map Applies a route map to a neighbor
Route4re!lector4client 0on!igures a neighbor as a route re!lector client
Send4community Sends the 0-MM3N"TM attribute to this neighbor
So!t4recon!iguration #er neighbor so!t recon!iguration
Timers Sets BH# per neighbor timers
3nsuppress4map Route map to selecti%ely unsuppress suppressed routes
3pdate4source Source o! routing updates
(ersion Sets the BH# %ersion to match a neighbor
1eight Sets the de!ault weight !or routes !rom this neighbor
P""r 6rou+&;
Routers R7, R= and R; would be a good choice !or a peer group on R6) Because there may be the
update policies !or all o! them are the same) All you would need to do is set up one update policy and
apply it to BH# sessions !or R7, R= and R;)
/ *+*
AS 8==
*@6)*,>)*++)+/6=
*@6)*,>)6++)+/6=
AS >==
R7
R=
R;
R6
R*
An important item to note about the peer groups is that the peers do not all need to belong to the
same AS) Mou can ha%e a peer group that contains BBH# peers and "BH# peers) $like (LAN&
I'R& a '$r""2&'"+ +ro"&&;
*) 0reate the peer group $command 2 n"i)$0or na!e +""r2)rou+&
6) Assign the options to the peer group $command 2 n"i)$0or na!e
option&
7) Assign the respected peers to the peer group $command2 n"i)$0or
peer address +""r2)rou+ na!e&
"! you e%er need to make a modi!ication to the peer group update policy, you can make the
modi!ication once and it will take e!!ect on all o! the BH# sessions with the peers in the peer group)
Aor peers that need more options than are in the update policy !or the peer group, all you will
need to do is speci!y the other options needed) Those peers will still participate in the peer group)
The easiest way to think o! a peer group is to think o! it as a template o! the most common update
policy options among a group o! peers)
"n order !or updated peer group in!ormation to take e!!ect, you will need to clear the BH#
sessions that belong to the peer group)
,oo+0a!; R646)6)6)6, R747)7)7)7, R=4=)=)=)=, R;4;);););)
6oa.; The Bthernet segment on R* with the address o! *@6)*,>)*++)+/6= should not be ad%ertised to
R7, R= and R;) All other routes should be known)
1e will start by con!iguring the route map to block the network *@6)*,>)*++)+/6=
R6Yonfi) '
R6$con!ig&Ya"&&2.i&' 8 +"r-i' 8K>:8DC:8==:= =:=:=:>55
R6$con!ig&Yrou'"2-a+ +""r)rou+fi.'"r d"n% 8=
R6$con!ig4route4map&Y-a'$ i+ addr"&& 8
R6$con!ig4route4map&Yrou'"2-a+ +""r)rou+fi.'"r +"r-i' >=
R6$con!ig4route4map&Y"3i'
R6$con!ig&Y
Now that we ha%e con!igure the route map, we need to create the peer group on R62
R6Yonfi) '
R6$con!ig&Yrou'"r 0)+ >==
R6$con!ig4router&Yn"i)$0or +""r)rou+8 +""r2)rou+
R6$con!ig4router&Y
A!ter creating the peer group, we need to con!igure the update policy2
R6Yonfi) '
R6$con!ig4router&Yn"i)$0or +""r)rou+8 r"-o'"2a& >==
R6$con!ig4router&Yn"i)$0or +""r)rou+8 rou'"2r"f."'or2.i"n'
R6$con!ig4router&Yn"i)$0or +""r)rou+8 u+da'"2&our" .o=
R6$con!ig4router&Yn"i)$0or +""r)rou+8 rou'"2-a+ +""r)rou+fi.'"r ou'
Ainally, we need to add the respecti%e peers to the peer group2
R6$con!ig4router&Yn"i)$0or 9:9:9:9 +""r2)rou+ +""r)rou+8
R6$con!ig4router&Yn"i)$0or B:B:B:B +""r2)rou+ +""r)rou+8
R6$con!ig4router&Yn"i)$0or 5:5:5:5 +""r2)rou+ +""r)rou+8
R6$con!ig4router&YQT
R6Y
That is all that is needed !or the con!iguration on R6) The con!iguration on the peers will not be any
di!!erent than a normal BH# con!iguration2
/ *+6
R7Yonfi) '
R7$con!ig&Yrou'"r 0)+ >==
R7$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& >==
R7$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" .o=
R7$con!ig4router&YQT
R7Y
R=Yonfi) '
R=$con!ig&Yrou'"r 0)+ >==
R=$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& >==
R=$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" .o=
R=$con!ig4router&YQT
R=Y
R;Yonfi) '
R;$con!ig&Yrou'"r 0)+ >==
R;$con!ig4router&Yn"i)$0or >:>:>:> r"-o'"2a& >==
R;$con!ig4router&Yn"i)$0or >:>:>:> u+da'"2&our" .o=
R;$con!ig4router&YQT
R;Y
#eer groups can be used to cut down on the amount o! con!iguration needed in large BH#
networks)
They also can help to eliminate errors that occur when attempting to con!igure multiple update
policies that are supposed to contain the same in!ormation)
Mu.'i2$o-in); "t is the process o! ha%ing more than one connection to one or more ser%ice
pro%iders)
Sin)." S"r/i" Pro/id"r; Multi4homing to a single ser%ice pro%ider pro%ides redundancy !or your
network in case one o! the connections to the ser%ice pro%ider goes down in two ways) The !irst
would be to use the same router in your network !or both connections to the ser%ice pro%ider) The
other way would be to use di!!erent routers in your network to make separate connections to the
ser%ice pro%ider) 1hen multi4homing to a single ser%ice pro%ider you don9t need to use BH# unless
routing policies are re:uired)
Mu.'i+." S"r/i" Pro/id"r; B%en with di!!erent types o! multi4homing that can occur to a single
ser%ice pro%ider, there is still the ser%ice pro%ider itsel! being a single point o! !ailure) Multi4homing
to multiple ser%ice pro%iders o%ercomes this limitations) 1ith multi4homing to multiple ser%ice
pro%iders, you still ha%e the same options o! connecting to it as you do with multi4homing to a single
ser%ice pro%ider) "! you are using BH# to connect to the multiple ser%ice pro%iders and your BBH#
de%ices are running "BH# between themsel%es, there is the possibility o! our AS becoming a transit
AS) This means that the ser%ice pro%iders could end up passing tra!!ic through your AS) Mou could
use the N-^BG#-RT community on routes coming in !rom each o! the pro%iders) This would
allows your local BH# speakers to learn the routes, but the routes would not be propagated to the
other ser%ice pro%ider) Another way would be to create an AS path !ilter that will allow only routes
originated !rom your AS to be ad%ertised out) Mou would then need to apply the !ilters to each o! the
outgoing BH# sessions)
So there are the !ollowing ways to create a multi4homed en%ironment)
D"fau.' &'a'i rou'"&; These are the easiest way to con!igure multi4homing) "t re:uires the
con!iguration o! two de!ault routes2 one pointing to each o! the ser%ice pro%ider9s de%ices) Then you
need to add a metric to the end o! each o! the static routes) Hi%e the lower metric to the route you
/ *+7
want to be your primary connection and the higher metric to the route your want to back up the
primary) The limitation to this is that tra!!ic may end up taking a less optimal path to the destination)
Co--on I6P; Another means to use is a common agreed upon "H#) The ser%ice pro%ider can then
inCect any routes to into the "H#) Mou would then redistribute these routes into your local "H#) By
doing this, you are better able to make routing decisions based on the best metric o! the routes) The
problem with this method is that you do not want too many routes being ad%ertised into your local
"H#) Too many routes in a routing table can cause latency in your network) Another problem with
this method is that you will still recei%e a de!ault route !or all o! the other routes that ha%e not been
inCected into the "H#) That in turn means the tra!!ic you are sending still may not take the best path to
the destination)
B6P; BH# allows !or the greatest control o! the routing decisions by your local de%ices) By enabling
this to the ser%ice pro%ider, you are able to en!orce policies on the routes you are recei%ing) This
enables you better state which paths to take, ensuring that your tra!!ic is taking the best path to the
destination when you are accepting the !ull routing table !rom the ser%ice pro%ider or when you are
recei%ing the partial routing table) $The best path to the destination will not be guaranteed in the
partial routing table&)
Rou'" A))r")a'ion; Route aggregation or route summari'ation, is the process o! ad%ertising a single
route !or multiple routes) This is use!ul in limiting the number o! routes that will be stored in a
routing table, cutting down the amount o! memory and processing power re:uired)
By de!ault, BH# has route summari'ation enabled) This means in BH# when a route is redistributed
!rom an "H# into BH#, only the class!ul portion o! the address is accepted) The problem can arise by
the most optimal paths not being selected)
3se no au'o2&u--ar% command in router con!iguration mode to disable automatic route
summari'ation)
"n order to con!igure an aggregate address manually, enter a))r")a'"2addr"&& address !ask
command) This command will create a summary address in the BH# routing table, i! at least one
more speci!ic route exists) The summari'ed route will ha%e the AT-M"0^AHHRBHATB attribute
set to show that some in!ormation may be missing) Also the summari'ed route will appear as coming
!rom the AS that it was created in) 0reating a summary address in this manner will not stop the
ad%ertisement o! more speci!ic routes)
"! you would like to suppress more speci!ic routes !rom being ad%ertised, enter the a))r")a'"2
addr"&& address !ask &u--ar%2on.% command) This command is use!ul when you need to limit
the si'e o! the routing tables)
The a))r")a'"2addr"&& address !ask a&2&"' command will create a summari'ed route, and
instead o! setting the AT-M"0^AHHRBHATB attribute will ad an AS^SBT type to the AS^#AT
attribute)
SSSSSSSSSSSSSSSSSSSSSS Bnd o! R-3T"NH SSSSSSSSSSSSSSSSSSSSSS
/ *+=