Professional Documents
Culture Documents
0 (2012-14)
Contents
EIGRP
OSPF
CONTROLLING ROUTING UPDATES
BGP
BRANCH OFFICE
IPv6
APPENDIXES
1
27
81
117
150
167
203
EIGRP
EIGRP Basics
EIGRP Packets
EIGRP Stuck In Active
EIGRP Timers
EIGRP Metric
EIGRP Tables
EIGRP Over NBMA
EIGRP Configurations
EIGRP Verification and Tshooting
EIGRP BASICS
TYPE
ALGORITHM
INTERNAL AD
EXTERNAL AD
SUMMARY AD
STANDARD
PROTOCOLS
TRANSPORT
AUTHENTICATION
MULTICAST IP
Distance
Vector
DUAL
90
170
Cisco
IP
IPX
AppleTalk
RTP:IP:88
MD5
224.0.0.10
TIMERS
HELLO: 5 / 60
HOLD: 15 / 180
The following conditions have to be met for two routers to form a neighbor relationship:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
EIGRP PACKETS
PACKET
HELLO
OVERVIEW
COMMENTS
UPDATE
Contains:
QUERY
sent when a specific information is required from one / all of its neighbors
normally sent as multicast but can be retransmitted as unicast in certain cases
reliable (delivery acknowledged by the recipient)
if all outstanding QUERIES are not replied within the ACTIVE timer, the neighbor that failed to
reply is removed from the neighbor table
Also used when a router loses its successor and cant find a feasible
successor for a route - in such case DUAL places the router in active
state and start sending multicasts in search for a successor.
REPLY
ACK
GOODBYE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
EIGRP STUCK-IN-ACTIVE
a situation that may take place when the successor is lost and a FS does not exist
when the successor to a network is lost, QUERIES are sent to all the neighbors asking for an alternative route (note: the inactive link is not queried)
if REPLIES are not received, the route is put into an ACTIVE state
by default, the router will wait 180 sec. to receive replies to queries sent any adjacency that hasnt replied by then will be reset
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
EIGRP TIMERS
TIMER
OVERVIEW
COMMENTS
Works independently in each direction neighbors dont need to use the same
HELLO timer values
specifies the time interval at which the HELLO packets are retransmitted
To adjust:
HELLO
specifies the time interval during which a router will consider a neighbor alive without receiving a HELLO from that neighbor
by default equals to 3 x HELLO timer
To adjust:
HOLD
ACTIVE
specifies the time interval the router waits after sending a QUERY before declaring the route stuck in active (SIA) and
resetting the neighbor relationship
To adjust:
BANDWITDH
EXAMPLE LINK
60 sec.
180 sec.
T1, Ethernet
5 sec.
15 sec.
ACTIVE
180 sec.
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
EIGRP METRIC
FULL (ALL K VALUES USED)
( +
+ )
+
( + )
bw = 107 / minimum bandwidth in kbps (if the result is not a whole number the value is rounded down)
delay = sum of delays of outgoing interfaces in secs / 10
256 = multiplier used for compatibility with IGRP (EIGRP uses 32 bit metric while IGRP uses 24)
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
METRIC COMPONENTS
COMPONENT
OVERVIEW
BANDWIDTH
COMMENTS
Default values for:
To modify:
DELAY
To modify:
LOAD
RELIABILITY
a measure of probability that the link will fail i.e. how often the link has experienced errors
calculated on a 5 min. basis
MTU
not used anywhere in the metric calculation but sent for prefixes
K VALUES
Defaults:
To modify:
<Router(config)# router eigrp (1-65535)>
<Router(config-router)#metric weights (tos 0-8) (k1 0-255) (k2 0-255) (k3 0-255) (k4 0-255) (k5 0-255)>
TSHOOT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
( + )
,,
,+
( (
) + (
)
( + )
,,
+,+
( (
) + (
)
(6476.6839 = 6476)
256 * (1 *
256 * (6476 + 2500)
256 * 8976
2297856
+1*
(2500)
(6476.6839 = 6476)
256 * (1 *
256 * (6476 + 2510)
256 * 8986
2300416
+ 1 * (2510)
*Not a Feasible Successor since AD equals (needs to be less) than Feasible Distance of the
current Successor (via s1/1 - 172.1.34.1)
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
EIGRP TABLES
TABLE
NEIGHBOR TABLE
OVERVIEW
COMMENTS
list of directly connected routers running EIGRP with which adjacencies are formed
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
TOPOLOGY TABLE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
10
ROUTING TABLE
list of all best routes from EIGRP topology table and other routing processes
the best route to a destination (successor) is chosen by comparing all FDs to that
destination and selecting the route with the lowest FD - which becomes the routers
metric shown in the table
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
11
by default multicasts and broadcasts are denied on NBMA networks which requires special consideration for protocols such as EIGRP that rely on multicasts to establish and maintain
neighbor relationships
in point-to-multipoint topologies, split horizon enabled on the hub may prevent updates from being propagated across all network
pseudo broadcast must be enabled on the frame-relay interface OR EIGRP neighbors need to be statically configured if the pseudo broadcast cannot be used or is not supported
EXAMPLE:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
12
CONFIGURATIONS
CONFIGURE FR INTERFACES
--->
COMMENTS
R1(config)#interface s1/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#ip address 172.16.124.1 255.255.255.0
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#no arp frame-relay
R1(config-if)#bandwidth 128
R1(config-if)#ip bandwidth percent eigrp 1 40
R2(config)#interface s1/0
R2(config-if)#encapsulation frame-relay
R2(config-if)#ip address 172.16.124.2 255.255.255.0
R2(config-if)#no frame-relay inverse-arp
R2(config-if)#no arp frame-relay
R2(config-if)#bandwidth 64
R4(config)#interface s1/0
R4(config-if)#encapsulation frame-relay
R4(config-if)#ip address 172.16.124.3 255.255.255.0
R4(config-if)#no frame-relay inverse-arp
R4(config-if)#no arp frame-relay
R4(config-if)#bandwidth 64
--->
broadcast (aka. pseudo broadcast) emulated broadcast acts as broadcast but the packets are sent as unicast
messages
ENABLE EIGRP
--->
R1(config)#router eigrp 1
R1(config-router)#no auto-summary
R1(config-router)#network 10.0.0.0
R1(config-router)#network 172.16.0.0
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
13
R2(config)#router eigrp 1
R2(config-router)#no auto-summary
R2(config-router)#network 10.0.0.0
R2(config-router)#network 172.16.0.0
R4(config)#router eigrp 1
R4(config-router)#no auto-summary
R4(config-router)#network 10.0.0.0
R4(config-router)#network 172.16.0.0
SUMMARISE UPDATES
--->
R1(config)#interface s1/0
R1(config)#ip summary-address eigrp 1 10.1.0.0 255.255.0.0
R2(config)#interface s1/0
R2(config)#ip summary-address eigrp 1 10.2.0.0 255.255.0.0
R4(config)#interface s1/0
R4(config)#ip summary-address eigrp 1 10.3.0.0 255.255.0.0
DISABLE SPLIT-HORIZON
--->
R1(config)#interface s1/0
R1(config-if)#no ip split-horizon eigrp 1
May be used as first solution or when the Frame Relay cloud does
not support pseudo broadcast. Changes the EIGRP packets
propagation mechanism from multicast to unicast.
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
14
EIGRP CONFIGURATIONS
ACTIVATION
STEP #
COMMANDS
<Router(config)#router eigrp (Autonomous System; 1-65535)>
AUTOMATIC
SUMMARIZATION
<Router#show ip protocols>
OR
ADD NETWORKS
<Router(config-router)#no auto-summary>
To verify:
HARDCODE ROUTER ID
<Router(config-router)#auto-summary>
COMMENTS
<Router(config-router)#neighbor A.A.A.A>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
15
To verify:
PASSIVE INTERFACES
<Router#show ip protocols>
PROPAGATE DEFAULT
GATEWAY
<Router(config-router)#network 0.0.0.0>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
16
TUNING
FEATURE
COMMANDS
COMMENTS
Globally:
<Router(config-router)#distance eigrp (internal (1-255)) (external (1-255))>
ADJUST AD
Per routes:
<Router(config-router)#distance (AD 1-255) (source A.A.A.A W.W.W.W) (*1-99 | 13001999 | ACL name)>
ADJUST K VALUES
TIMERS
<Router(config-router)#metric weights (tos; 0-8) (k1; 0-255) (k2; 0-255) (k3; 0-255) (k4;
0-255) (k5 0-255)>
HELLO
To verify:
<Router#show ip eigrp interfaces detail>
<Router(config-if)#ip hold-timer eigrp (1-65535 sec)>
HOLD
To verify:
<Router#show ip eigrp interfaces detail>
<Router#show ip eigrp neighbors>
ACTIVE
BANDWIDTH LIMIT
SPLIT-HORIZON
To verify:
<Router#show ip eigrp interface detail>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
17
Load balancing is the ability to forward traffic over all its network
ports that are the same metric from the destination address.
<Router(config-router)#maximum-paths (1-32)>
To verify:
LOAD BALANCING
<Router#show ip protocols>
STUB ROUTING
<Router#show ip protocols
The stub router still receives all routing updates from its
neighbours. Only the outgoing packets undergo control.
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
18
MANUAL
SUMMARIZATION
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
19
AUTHENTICATION
STEP #
COMMANDS
COMMENTS
DEFINE KEYS
To verify:
<Router#show key chain>
<Router#debug eigrp packet>
<Router(config)#interface (interface)>
ACTIVATE
AUTHENTICATION
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
20
REDISTRIBUTION
To set a default-metric (NOTE: this command does not affect the metric of directly connected networks)
<Router(config-router)#default-metric (bandwidth kb; 1-4294967295) (delay 10-microsec; 0-255) (reliability; 0-255) (load; 0-255) (MTU; 1-65535)>
ROUTING PROTOCOLS
PULL ROUTES FROM:
RIP
COMMANDS
COMMENTS
Example:
OSPF
BGP
<Router(config-router)#redistribute bgp (AS #) (*metric (bandwidth) (delay) (reliability) (load) (MTU) (*routemap (route map name))>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
21
COMMENTS
<Router(config-router)#redistribute connected (*metric (bandwidth) (delay) (reliability) (load) (MTU) (*route-map (route map name))>
STATIC ROUTES
COMMANDS
COMMENTS
<Router(config-router)#redistribute static (*metric (bandwidth) (delay) (reliability) (load) (MTU) (*route-map (route map name))>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
22
VERIFIES / DISPLAYS
EXAMPLE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
23
EIGRP router-id
successors, feasible distances, feasible successors, advertised distances
networks states
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
24
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
25
show ip protocols
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL N=DSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
26
OSPF
OSPF Basics
OSPF Routers
OSPF Packets
OSPF Tables
OSPF Metric
OSPF Areas
OSPF Virtual Links
OSPF Timers
OSPF Routers ID
OSPF Link ID
OSPF DR / BDR
OSPF Adjacencies States
OSPF Networks
OSPF Over NMBA
OSPF Configurations
OSPF Verification and Tshooting
OSPF BASICS
TYPE
ALGORITHM
AD
Link State
Dijkstra
110
STANDARD
PROTOCOLS
TRANSPORT
IP
IP:89
RFC 2328
RFC 2740
AUTHENTICATION
plain text
MD5
DROHTERS
DR/BDR
224.0.0.5
224.0.0.6
TIMERS
10/40
30/120
The following conditions have to be met for two routers to form a neighbor relationship:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
28
OSPF ROUTERS
To view a router type:
show ip protocols
ROUTER
INTERNAL
BACKBONE
ABR
OVERVIEW
COMMENTS
routers that have all their interfaces in the same area and have identical LSDBs
routers that sit on the perimeter of the backbone area and have at least one interface connected to
Area 0
maintain OSPF routing information using the same algorithms and rules as the internal routers
ASBR
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
29
OSPF PACKETS
OVERVIEW
COMMENTS
Sent to:
DROTHER - 224.0.0.5
DR/BDR - 224.0.0.6
HELLO
DBD
LSR
Link-State Request
requests specific link-state records from a router
LSU
Link-State Update
sends specifically requested link-state records
all LSUs are acknowledged
LSAck
Link-State Acknowledgement
send to acknowledge the receipt of the other packets
LSA
Link-State Advertisement
11 types
all have 20-byte headers
the LSA includes a link ID field that identifies (by network number and mask) the object that this link
connects to
sequence number
each router link is defined as an LSA type
Database Description
contains LSA headers only and describes the content of the entire link-state database
each DBD has a sequence number which can be incremented only by the master (which in turn is
explicitly acknowledged by the slave)
Each LSA has their own age timer and waits 30 min before
requiring an update.
Sequence numbers if the seq. in the update is:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
30
LSAs
advertised by the DR
generated for every transit broadcast and NBMA network within the area (intra-area)
flooded to all routers within the transit network area (does not cross ABR)
lists each of the attached routers that make up the transit network (including the DR itself +
subnet mask used on the link)
advertised by the ABR (but only when ASBR exist within an area)
used to advertise an ASBR to all other routers in the AS (router ID and route to it)
flooded throughout a single area only but are regenerated by ABRs to flood into other areas
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
31
OSPF TABLES
TABLE
NEIGHBOUR TABLE
OVERVIEW
COMMENTS
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
32
TOPOLOGY TABLE
Link ID - name given to the entity on the links far end (see page 46)
ADV Router - advertising router ID
Age - the time that has passed since the last link update
Seq# - link-state sequence number (detects old/duplicate LSAs)
Checksum - fletcher checksum of the complete contents of the LSA
Link count - number of interfaces detected for router
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
33
ROUTING TABLE
For the same prefix/prefix length, OSPF always prefers routes in the
following order:
O
IA
E1
E2
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
34
OSPF METRIC
()
COST
defaults to 100Mbps
To modify:
<Router(config-router)#auto-cost reference (bandwidth in Mbps)>
To verify:
<Router#show ip ospf interface (interface)>
Interface Type
Bandwidth
COST
Loopback
8,000,000,000
Serial
56,000
1785
T1
1,544,000
64
Ethernet
10,000,000
10
Fast Ethernet
100,000,000
Gigabit Ethernet
1,000,000,000
REFERENCE BANDWIDTH
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
35
OSPF AREAS
an area is a logical collection of OSPF networks, routers, and links that share area ID
a router within a given area maintains a topological database only for the area to which it belongs
an router does not have detailed information about network topology beyond of the area it belongs to
OSPF uses 2-layer hierarchy: transit and regular (the underlying physical connectivity must map to the two-layer area structure with all non-backbone areas directly attaching to Area 0)
the purpose of dividing networks into sub-domains is to restrict the propagation of routes and reduce the amount of resources required by each router to maintain its link database
recommended maximum number of routers in an OSPF area: 50
AREA
BACKBONE (AREA 0)
OVERVIEW
COMMENTS
a standard area that has been designated to as the central point to which all areas connect
all traffic moving from one area to another area must traverse the backbone
all characteristics of the STANDARD area apply also to AREA 0
STANDARD
To create:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
36
TOTALLY STUBBY
contains LSA Type: 1/2 and 3 (LSA Type 3 is only used to advertise 0.0.0.0/0)
contains route types: O
E1/2 external routes are not allowed
a default route (via Type 3 LSA) is injected by the ABR (0.0.0.0/0 via ABR)
because LSA Type 4 and 5 are not permitted, STUBBY and TOTALLY STUBBY areas cannot
contain ASBR
only the ABR configuration needs to be modified to transform STUBBY to TOTALLY STUBBY area
To create NSSA with totally stub functionality (allows N1/2 external routes + injects default route
(Type 3 LSA with 0.0.0.0/0 via ABR):
<Router(config-router)#area (area ID) nssa no-summary>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
37
DEFAULT ROUTE
R1
n/a
n/a
1/2, 3, 4, 5
R2: AREA 0
n/a
n/a
1/2, 3, 4, 5
R2: AREA 23
n/a
n/a
1/2, 3, 4, 5
R3
n/a
n/a
1/2, 3, 4, 5
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
38
DEFAULT ROUTE
R1
n/a
n/a
1/2, 3, 4, 5
R2: AREA 0
n/a
n/a
1/2, 3, 4, 5
R2: AREA 23
n/a
n/a
1/2, 3
R3
n/a
1/2, 3
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
39
DEFAULT ROUTE
R1
n/a
n/a
1/2, 3, 4, 5
R2: AREA 0
n/a
n/a
1/2, 3, 4, 5
R2: AREA 23
n/a
n/a
R3
n/a
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
40
DEFAULT ROUTE
R1
n/a
1/2, 3, 4, 5
R2: AREA 0
n/a
1/2, 3, 4, 5
R2: AREA 23
n/a
1/2, 3, 7
R3
n/a
1/2, 3, 7
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
41
DEFAULT ROUTE
R1
n/a
1/2, 3, 4, 5
R2: AREA 0
n/a
1/2, 3, 4, 5
R2: AREA 23
n/a
1/2, 3, 7
R3
1/2, 3, 7
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
42
DEFAULT ROUTE
n/a
1/2, 3, 4, 5
R2: AREA 0
n/a
1/2, 3, 4, 5
R2: AREA 23
n/a
R3
R1
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
43
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
44
COMMENTS
<Router(config-router)#area (transit area ID) virtual-link (router ID of the far end router) (*hello-interval (sec.)) (*dead-interval (sec.))>
To verify:
EXAMPLE:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
45
OSPF TIMERS
TIMER
OVERVIEW
COMMENTS
specifies the time interval at which the HELLO packets are retransmitted
To adjust:
HELLO
specifies the time interval during which a router will consider a neighbour alive without receiving a
HELLO from that neighbour
by default equals to 4 x HELLO timer
To adjust:
DEAD
ip ospf dead-interval minimal hello-multiplier sets the dead interval to 1 sec. with HELLOs sent at
the rate of multiplier per second
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
46
OSPF ROUTER ID
if the router-id cannot be determined (no IP addresses assigned to interfaces) the OSPF process will not start (router-id = 0.0.0.0) and the following error will be generated:
flood war - an error message generated when a router in a different area has the same router ID as the one the message is displayed on and is advertising a network that the local router
isnt advertising
OSPF LINK ID
Link ID is a name given to the entity that is on the other end of the link
LINK TYPE
DESCRIPTION
LINK ID
Point-to-point
Neighbor Router ID
IP network number
Virtual link
Neighbor Router ID
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
47
OSPF DR / BDR
on a Multipoint Broadcast networks routers form adjacencies with DR (Designated Routers) and BDR (Backup Designated Router)
a router that is neither DR nor BDR is called DROTHER
DROTHERs only form FULL adjacencies with DR and BDR
DROTHERS form 2-WAY adjacencies with themselves
adjacencies have synchronized LSDBs
BDR does not perform any DR functions when the DR is operating
BDR receives all information, but it is the DR that performs LSA forwarding and LSDB synchronization
a router can have interface belonging to different networks behaving as both DR and BDR
DROTHERS listen on 224.0.0.5
DR & BDR listen on 224.0.0.6
the DR/BDR improve network functionality by reducing routing update traffic
COMMENTS
routers view the OSPF priority value of the other routers during HELLO exchange
the router with the highest priority becomes the DR
the router with the second highest priority becomes the BDR
router ID acts as a tie breaker
the only time DR/BDR change is when one of them is out of service
adding routers with higher priority than current BD/BDR does not preempt current selection
BDR uses the wait timer to determine whether the DR is out of service (if the DR is not confirmed to be forwarding LSAs
before the timer expires it is consider down)
should the DR fail the BDR becomes the new DR and new BDR is elected
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
48
when an adjacencies are formed the routers go through several state changes before they become fully adjacent
STATE
OVERVIEW
COMMENTS
HELLO packets have been sent but none have been received
DOWN
ATTEMPT
The router sends unicast HELLO packets every poll interval to the neighbor from which HELLO packets have
not been received within the DEAD interval
INIT
2-WAY
EXSTART
EXCHANGE
the router has received HELLO packet from its neighbor, but the receiving routers ID was not included in
the incoming HELLO packet
one-way HELLO
a bi-directional communication has been established between two routers (each router has seen the
other routers HELLO packet)
at this stage it is decided whether two routers should become neighbors (based on whether the required
conditions have been met)
on broadcast and non-broadcast multi-access networks DROTHERS form only 2-WAY relationship with
each other and FULL relationship with DR/BDR
routers and their DR/BDR establish a master/slave relationship and choose the initial sequence number
for adjacency formation
the router with the highest router ID becomes the master and starts the exchange (it also is the only
router that can increment the sequence number)
master/slave election takes place on a per-neighbor basis
routers exchange DBD (Database Description) packets in this state
each DBD packet has a sequence number which can be only incremented by master (slave explicitly
acknowledges it)
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
49
LOADING
FULL
routers are fully synchronized with each other (all the router and network LSAs are exchanged and the
routers databases are fully synced)
ready to run SPF (Shortest Path First) algorithm and individually figure out the best routes to networks
from their own perspective
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
50
OSPF NETWORKS
NETWORK
OVERVIEW
COMMENTS
MULTI-ACCESS BROADCAST
The DR/BDR concept is at the link level i.e. router can have different interface
belonging to different areas acting as DR, BDR or DROTHER
POINT-TO-POINT
NON-BROADCAST MULTIACCESS
LOOPBACK
VIRTUAL LINK
the default OSPF network type for a loopback interface, causing the
OSPF to advertise host routers instead of actual network masks
the LOOPBACK network type is a CISCO proprietary extension that is not
configurable but present on a loopback interface by default
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
51
MODE
OVERVIEW
BROADCAST
COMMENTS
CISCO proprietary
HELLO / DEAD = 10/40 sec.
DR/BDR elected
single subnet
neighbors are automatically discovered
acts like a LAN environment
preferred topology: full mesh
CONFIGURATIONS:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
52
NON-BROADCAST
Also, the spokes should never become BDR because they have no full
connectivity with the rest of the networks
In full mesh its acceptable for the DR/BDR election to automatically
elect DR/BDR
CONFIGURATIONS:
Adding neighbors:
POINT-TO-MULTIPOINT
BROADCAST
CONFIGURATIONS:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
53
POINT-TO-MULTIPOINT
NONBROADCAST
CISCO extension
HELLO / DEAD = 30/120 sec.
DR/BDR not elected
single subnet
neighbors are statically configured
used when multi / broadcasts are not allowed on the virtual circuits
preferred topology: partial | star
CONFIGURATIONS:
POINT-TO-POINT
CISCO proprietary
HELLO / DEAD = 10/40 sec.
DR/BDR not elected
one subnet for each point-to-point link
neighbors are automatically formed
preferred topology: partial | star
CONFIGURATIONS:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
54
choosing appropriate OSPF mode over NBMA will depend on particular circumstances such as:
o
o
o
DR/BDR have to have full connectivity with the rest of the nodes (unless the network is fully meshed this process cannot be automatic)
for automatic neighbor discovery use broadcast parameter with FR mapping
for static neighbor hardcoding use neighbor command under OSPR process sub-configuration mode
there is no one right way to configure OSPF over NBMA - technically each mode can be configured over every topology
the aim is to achieve fully network connectivity over the cloud as efficiently as possible - if a mode is working over a suboptimal topology then tuning is essential
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
55
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
56
CONFIGURATIONS
CONFIGURE FR INTERFACES
--->
COMMENTS
R1(config)#interface s1/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#no arp frame-relay
R1(config-if)#ip address 10.1.123.1 255.255.255.0
R1(config-if)#no shutdown
R2(config)#interface s1/0
R2(config-if)#encapsulation frame-relay
R2(config-if)#no frame-relay inverse-arp
R2(config-if)#no arp frame-relay
R2(config-if)#ip address 10.1.123.2 255.255.255.0
R2(config-if)#no shutdown
R4(config)#interface s1/0
R4(config-if)#encapsulation frame-relay
R4(config-if)#no frame-relay inverse-arp
R4(config-if)#no arp frame-relay
R4(config-if)#ip address 10.1.123.3 255.255.255.0
R4(config-if)#no shutdown
--->
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
57
--->
R1(config)#interface s1/0
R1(config)#ip ospf priority 255
R2(config)#interface s1/0
R2(config)#ip ospf priority 0
R4(config)#interface s1/0
R4(config)#ip ospf priority 0
Both DR/BDR rely on full connectivity with all the nodes on the
segment to work properly. Since only the hub (R1) meets this
requirement it has be hardcoded as DR. R1 and R4 only have direct
connection to R1 and not to each other. Therefore neither can
become BDR and none will be elected. Both routers need to be
hardcoded as DROTHERS.
ENABLE OSPF
--->
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.1.123.1 0.0.0.0 area 0
R1(config-router)#network 10.1.1.1 0.0.0.0 area 0
R1(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 10.1.123.2 0.0.0.0 area 0
R2(config-router)#network 10.1.2.1 0.0.0.0 area 0
R4(config)#router ospf 1
R4(config-router)#router-id 3.3.3.3
R4(config-router)#network 10.1.123.3 0.0.0.0 area 0
R4(config-router)#network 10.1.3.1 0.0.0.0 area 0
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
58
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
59
CONFIGURATIONS
CONFIGURE FR INTERFACES
--->
COMMENTS
R1(config)#interface s1/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#no arp frame-relay
R1(config-if)#ip address 10.1.123.1 255.255.255.0
R1(config-if)#no shutdown
R2(config)#interface s1/0
R2(config-if)#encapsulation frame-relay
R2(config-if)#no frame-relay inverse-arp
R2(config-if)#no arp frame-relay
R2(config-if)#ip address 10.1.123.2 255.255.255.0
R2(config-if)#no shutdown
Since broadcasts are not allowed over the FR cloud, building the FR
map should rely on static entries with the dynamic mapping
disabled.
R4(config)#interface s1/0
R4(config-if)#encapsulation frame-relay
R4(config-if)#no frame-relay inverse-arp
R4(config-if)#no arp frame-relay
R4(config-if)#ip address 10.1.123.3 255.255.255.0
R4(config-if)#no shutdown
--->
To confirm FR mappings:
Router#show frame-relay map
--->
R1(config)#interface s1/0
R1(config)#ip ospf priority 255
R2(config)#interface s1/0
R2(config)#ip ospf priority 0
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
60
R4(config)#interface s1/0
R4(config)#ip ospf priority 0
--->
Both DR/BDR rely on full connectivity with all the nodes on the
segment to work properly. Since only the hub (R1) meets this
requirement it has be hardcoded as DR. R1 and R4 only have direct
connection to R1 and not to each other. Therefore neither can
become BDR and none will be elected. Both routers need to be
hardcoded as DROTHERS.
ENABLE OSPF
--->
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.1.123.1 0.0.0.0 area 0
R1(config-router)#network 10.1.1.1 0.0.0.0 area 0
At this stage the adjacencies will not form since OSPF is working in
non-broadcast mode and will not multicast HELLOs.
Neighbors need to be statically configured under the OSPF
process.
R1(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 10.1.123.2 0.0.0.0 area 0
R2(config-router)#network 10.1.2.1 0.0.0.0 area 0
R4(config)#router ospf 1
R4(config-router)#router-id 3.3.3.3
R4(config-router)#network 10.1.123.3 0.0.0.0 area 0
R4(config-router)#network 10.1.3.1 0.0.0.0 area 0
--->
R1(config)#router ospf 1
R1(config-router)#neighbor 10.1.123.2 priority 0
R1(config-router)#neighbor 10.1.123.3 priority 0
R2(config)#router ospf 1
R2(config-router)#neighbor 10.1.123.1 priority 255
R4(config)#router ospf 1
R4(config-router)#neighbor 10.1.123.2 priority 255
Technically, the neighbors only need to be hardcoded on the hub it is the hub that initiates the HELLO exchange process; the spokes
only respond to it - however it is still a good practice to hardcode
all neighbors.
Same case with priority - its already configured on each router on
the FR interface but its a good practice to hardcode it again under
the neighbor statement.
No need for the spokes to become neighbors since all the traffic
has to go through the hub anyways.
The neighbor command causes the HELLOs to be unicasted instead
of multicasted.
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
61
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
62
CONFIGURATIONS
CONFIGURE FR INTERFACES
--->
COMMENTS
R1(config)#interface s1/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#no arp frame-relay
R1(config-if)#ip address 10.1.123.1 255.255.255.0
R1(config-if)#no shutdown
R2(config)#interface s1/0
R2(config-if)#encapsulation frame-relay
R2(config-if)#no frame-relay inverse-arp
R2(config-if)#no arp frame-relay
R2(config-if)#ip address 10.1.123.2 255.255.255.0
R2(config-if)#no shutdown
R4(config)#interface s1/0
R4(config-if)#encapsulation frame-relay
R4(config-if)#no frame-relay inverse-arp
R4(config-if)#no arp frame-relay
R4(config-if)#ip address 10.1.123.3 255.255.255.0
R4(config-if)#no shutdown
--->
--->
63
ENABLE OSPF
--->
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.1.123.1 0.0.0.0 area 0
R1(config-router)#network 10.1.1.1 0.0.0.0 area 0
R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 10.1.123.2 0.0.0.0 area 0
R2(config-router)#network 10.1.2.1 0.0.0.0 area 0
R4(config)#router ospf 1
R4(config-router)#router-id 3.3.3.3
R4(config-router)#network 10.1.123.3 0.0.0.0 area 0
R4(config-router)#network 10.1.3.1 0.0.0.0 area 0
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
64
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
65
CONFIGURATIONS
CONFIGURE FR INTERFACES
--->
COMMENTS
R1(config)#interface s1/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#no arp frame-relay
R1(config-if)#ip address 10.1.123.1 255.255.255.0
R1(config-if)#no shutdown
R2(config)#interface s1/0
R2(config-if)#encapsulation frame-relay
R2(config-if)#no frame-relay inverse-arp
R2(config-if)#no arp frame-relay
R2(config-if)#ip address 10.1.123.2 255.255.255.0
R2(config-if)#no shutdown
Since broadcasts are not allowed over the FR cloud, building the FR
map should rely on static entries with the dynamic mapping
disabled.
R4(config)#interface s1/0
R4(config-if)#encapsulation frame-relay
R4(config-if)#no frame-relay inverse-arp
R4(config-if)#no arp frame-relay
R4(config-if)#ip address 10.1.123.3 255.255.255.0
R4(config-if)#no shutdown
--->
To confirm FR mappings:
Router#show frame-relay map
--->
R1(config)#interface s1/0
R1(config)#ip ospf priority 255
R2(config)#interface s1/0
R2(config)#ip ospf priority 0
R4(config)#interface s1/0
R4(config)#ip ospf priority 0
66
--->
ENABLE OSPF
--->
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.1.123.1 0.0.0.0 area 0
R1(config-router)#network 10.1.1.1 0.0.0.0 area 0
At this stage the adjacencies will not form since OSPF is working in
non-broadcast mode and will not multicast HELLOs.
Neighbors need to be statically configured under the OSPF
process.
R1(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 10.1.123.2 0.0.0.0 area 0
R2(config-router)#network 10.1.2.1 0.0.0.0 area 0
R4(config)#router ospf 1
R4(config-router)#router-id 3.3.3.3
R4(config-router)#network 10.1.123.3 0.0.0.0 area 0
R4(config-router)#network 10.1.3.1 0.0.0.0 area 0
--->
R1(config)#router ospf 1
R1(config-router)#neighbor 10.1.123.2 priority 0
R1(config-router)#neighbor 10.1.123.3 priority 0
R2(config)#router ospf 1
R2(config-router)#neighbor 10.1.123.1 priority 255
R4(config)#router ospf 1
R4(config-router)#neighbor 10.1.123.2 priority 255
Technically, the neighbors only need to be hardcoded on the hub it is the hub that initiates the HELLO exchange process; the spokes
only respond to it - however it is still a good practice to hardcode
all neighbors.
Same case with priority - its already configured on each router on
the FR interface but its a good practice to hardcode it again under
the neighbor statement.
No need for the spokes to become neighbors since all the traffic
has to go through the hub anyways.
The neighbor command causes the HELLOs to be unicasted instead
of multicasted.
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
67
SCENARIO 5: POINT-TO-POINT
MAIN CHARACTERISTICS:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
68
CONFIGURATIONS
CONFIGURE FR INTERFACES
--->
COMMENTS
R1(config)#interface s1/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no shutdown
R1(config-if)#interface s0/0.102 point-to-point
R1(config-if)#ip address 10.1.1.1 255.255.255.252
R1(config-if)#frame-relay interface-dlci 102
R1(config-if)#interface s1/0.103 point-to-point
R1(config-if)#ip add 10.1.1.5 255.255.255.252
R1(config-if)#frame-relay interface-dlci 103
R2(config)#interface s1/0
R2(config-if)#encapsulation frame-relay
R2(config-if)#no shutdown
R2(config-if)#interface s1/0.201
R2(config-if)#ip address 10.1.1.2 255.255.255.252
R2(config-if)#frame-relay interface-dlci 201
Auto discovery can be left on - since there is only one node at each
end there is no risk of mapping to undesired / unknown networks.
When configuring FR sub-interfaces, the FR encapsulation and FR
parameters (LMI type etc.) only need to be configured on the main
interface.
Only the main interface needs to be turned on (no shutdown).
R4(config)#interface s1/0
R4(config-if)#encapsulation frame-relay
R4(config-if)#no shutdown
R4(config-if)#interface s1/0.301
R4(config-if)#ip address 10.1.1.6 255.255.255.252
R4(config-if)#frame-relay interface-dlci 301
ENABLE OSPF
--->
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.1.1.1 0.0.0.0 area 0
R1(config-router)#network 10.1.1.5 0.0.0.0 area 0
No need to hardcode OSPF mode on the interfaces - the point-topoint mode is default for point-to-point interfaces.
At this state the adjacencies will be formed and OSPF will be
operational.
R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 10.1.1.2 0.0.0.0 area 0
R2(config-router)#network 10.1.2.1 0.0.0.0 area 0
R4(config)#router ospf 1
R4(config-router)#router-id 3.3.3.3
R4(config-router)#network 10.1.1.6 0.0.0.0 area 0
R4(config-router)#network 10.1.3.1 0.0.0.0 area 0
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
69
OSPF CONFIGURATIONS
ACTIVATION
STEP #
HARDCODE ROUTER ID
COMMANDS
COMMENTS
<Router(config-router)#router-id A.A.A.A>
<Router(config-router)#network (A.A.A.A) (M.M.M.M | W.W.W.W) area (area ID; 0-4294967295)>
Alternatively:
<Router(config-if)#ip ospf (process ID) area (OSPF area)>
<Router(config-router)#neighbor A.A.A.A>
To verify:
PASSIVE INTERFACES
<Router#show ip protocols>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
70
<Router(config-router)#area (transit area ID) virtual-link (router ID of the far end router) (*hellointerval (seconds)) (*dead-interval (seconds))>
VIRTUAL LINK
PROPAGATE DEFAULT
GATEWAY
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
71
TUNING
FEATURE
COMMANDS
COMMENTS
Globally:
ADJUST AD
<Router(config-router)#distance ospf (external (AD 1-255)) (inter-area (AD 1-255)) (intra-area (AD,
1-255))>
Per routes:
<Router(config-router)#distance (AD, 1-255) (source IP Address) (*1-99 | 1300-1999 | ACL name)>
ADJUST TIMERS
o
HELLO
To verify:
<Router#show ip ospf interface (interface)>
HOLD
ADJUST RETRANSMIT
INTERVAL
ADJUST REFERENCE
BANDWIDTH
Default = 1
To verify:
<Router#show ip ospf interface (interface)>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
72
AUTHENTICATION
TYPE
COMMANDS
COMMENTS
PLAIN TEXT
For an interface:
MD5
SUMMARIZATION
by default, the metric of the summary route is equal to the highest (worst) metric of the component subnet
TYPE
COMMANDS
COMMENTS
INTERNAL ROUTES
EXTERNAL ROUTES
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
73
REDISTRIBUTION
ROUTING PROTOCOLS
To set a default-metric (NOTE: this command does not affect the metric of directly connected networks):
<Router(config-router)#default-metric (1-16777214)>
PULL ROUTES FROM:
COMMANDS
COMMENTS
RIP
Example:
Defaults:
EIGRP
BGP
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
74
COMMENTS
<Router(config-router)#redistribute connected (*metric (0-16777214)) (*metric-type (1-2)) (*nssa-only) (*route-map (route map name)) (*subnets)>
STATIC ROUTES
COMMANDS
COMMENTS
<Router(config-router)#redistribute static (*metric (0-16777214)) (*metric-type (1-2)) (*nssa-only) (*route-map (route map name)) (*subnets)>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
75
VERIFIES
EXAMPLE
neighbor ID
neighbor priority
adjacency state
neighbor IP address
local interface through which the neighbor is accessible
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
76
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
77
OSPF processes
router ID
OSPF areas
show ip ospf
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
78
router ID
networks OSPF is routing for
reference bandwidth
administrative distance
show ip protocols
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
79
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
80
RouterA
RouterB
RouterA(config)#router ospf 1
RouterA(config)#router ospf 1
Highest IP of an active interface (doesnt have to be OSPF enabled but has to be UP:UP)
Already a neighbor:
Router finds itself in the
neighbor field?
YES
NO
Is this a broadcast
network?
NO
YES
Elect DR/BDR
DROTHERS remain in 2WAY
relationship
BD/BDR form FULL
relationship with itself and
with DROTHERS (Go to Step
6)
Controlling
Routing Updates
Administrative Distance
Passive Interfaces
Filtering Routing Updates
Redistribution
Policy Based Routing
IP SLA
ADMINISTRATIVE DISTANCE
PROTOCOL
COMMANDS
COMMENTS
To change AD for all routes coming from all sources (*does not work with EIGRP):
If the updates are coming from EIGRP and RIP, use the
advertising interfaces IP address.
To change AD for specific routes coming from all sources (*does not work with EIGRP):
all
EIGRP
OSPF
<Router(config-router)#distance ospf (external (AD; 1-255)) (inter-area (AD; 1-255)) (intra-area (AD; 1-255))
TSHOOT
show ip protocols
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
82
PASSIVE INTERFACES
PROTOCOL
COMMANDS
<Router(config-router)#passive-interface (default | (interface))>
all
COMMENTS
To verify:
<Router#show ip protocols>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
83
COMMANDS
COMMENTS
(*BGP ONLY)
<Router(config-router)#neighbor A.A.A.A distribute-list (ACL name | #) (in | out)>
Example:
TSHOOT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
84
WITH PREFIX-LISTS
STEP #
COMMANDS
COMMENTS
Basic syntax (checks all the bits starting with the most significant):
<Router(config)#ip prefix-list (list name | #) (*seq (1-4294967294)) permit | deny A.A.A.A/nn>
Description:
<Router(config)#ip prefix-list (list name | #) description (up to 80 characters)>
10.1.7.0/24
10.1.8.0/24
10.1.9.0/24
10.1.10.0/24
10.1.11.0/24
10.1.12.0/30
10.1.12.4/30
10.1.12.8/30
could be: 10.1.0.0/12
The length specified by ge should be longer than
the length of the initial prefix (it is impossible to
match anything smaller than the initial prefix)
TSHOOT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
85
COMMANDS
<Router(config)#route-map (map name) (permit | deny) (10, 0-65535 sequence number)>
COMMENTS
ACL
PREFIX LIST
OUTGOING INTERFACE
SOURCE IP ADDRESS
PACKET LENGTH
TAG
METRIC
ROUTE-TYPE (OSPF)
LOCAL-PREFERENCE (BGP)
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
86
TSHOOT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
87
ROUTE MAPS
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
88
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
89
REDISTRIBUTION
ROUTING PROTOCOLS
ORIGIN
VALUE
RIP ver. 1
all
Infinity
Directly Connected
infinity
all
all
Infinity
same
BGP
all
20
all
RIP ver. 2
EIGRP
OSPF
BGP
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
90
METRIC
let the default behavior set the metric value (see above)
set a default metric for all redistributed routes (*does not affect the metric of directly connected networks) using the default-metric command under the routing process
set metric for all routes redistributed from a given source using the metric parameter under the redistribute command
set metric for specific routes by referencing a route map under the redistribute command
PREVENTING DOMAIN LOOPS WHILE REDISTRIBUTING
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
91
EIGRP
COMMANDS
COMMENTS
Example:
OSPF
BGP
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
92
RIP
COMMANDS
COMMENTS
Example:
OSPF
BGP
<Router(config-router)#redistribute bgp (AS) (*metric (bandwidth kb) (delay) (reliability) (load) (MTU)
(*route-map (route map name))>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
93
COMMANDS
COMMENTS
RIP
<Router(config-router)#redistribute rip (*metric (0-16777214)) (*metric-type (1-2)) (*nssa-only) (*routemap (route map name)) (*subnets)>
Example:
Default behavior:
EIGRP
BGP
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
94
COMMANDS
COMMENTS
RIP
EIGRP
OSPF
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
95
COMMANDS
COMMENTS
<Router(config-router)#redistribute connected (*metric (bandwidth) (delay) (reliability) (load) (MTU)) (route-map (route
map name))>
EIGRP
Static routes:
<Router(config-router)#redistribute static (*metric (bandwidth) (delay) (reliability) (load) (MTU) (route-map (route map
name))>
Directly connected networks:
BGP
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
96
COMMANDS
COMMENTS
TSHOOT
show ip access-list
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
97
WITH PREFIX-LISTS
STEP #
COMMANDS
COMMENTS
Basic syntax (checks all the bits starting with the most significant):
<Router(config)#ip prefix-list (list name | #) (*seq (1-4294967294)) permit | deny A.A.A.A/nn>
Description:
<Router(config)#ip prefix-list (list name | #) description (up to 80 characters)>
TSHOOT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
98
COMMANDS
<Router(config)#route-map (map name) (permit | deny) (sequence number; 10,0-65535)>
ACL
PREFIX LIST
COMMENTS
OUTGOING INTERFACE
SOURCE IP ADDRESS
PACKET LENGTH
TAG
METRIC
ROUTE-TYPE (OSFP)
LOCAL-PREFERENCE (BGP)
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
99
OR
<Router(config-router)#redistribute (source protocol) route-map (route map name)>
TSHOOT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
100
COMMANDS
COMMENTS
ACL
PREFIX LIST
OUTGOING INTERFACE
SOURCE IP ADDRESS
PACKET LENGTH
TAG
METRIC
ROUTE-TYPE (OSFP)
LOCAL-PREFERENCE (BGP)
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
101
Metric
all
Tag
EIGRP
Metric
Tag
OSPF
Metric type
Weight
BGP
Local Preference
ACTIVATE
(*BGP ONLY)
<Router(config-router)#neighbor A.A.A.A route-map (route map name) (in | out)>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
102
VERIFIES:
EXAMPLE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
103
show ip protocols
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
104
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
105
a technique used to make routing decisions based on policies set by the network administrator
overrides the routers normal routing behavior
PBR CONFIGURATIONS
STEP #
COMMANDS
COMMENTS
ACL
PREFIX LIST
OUTGOING INTERFACE
SOURCE IP ADDRESS
PACKET LENGTH
TAG
METRIC
ROUTE-TYPE (OSFP)
LOCAL-PREFERENCE (BGP)
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
106
NEXT HOP
<R1(config-route-map)#set ip next-hop (next hop 1 A.A.A.A) (next hop 2 A.A.A.A) (next hop 3 )>
OUTPUT INTERFACE
set ip next-hop
set interface
SET
To redistributed routes:
APPLY
To an interface:
TSHOOT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
107
VERIFIES
EXAMPLE
show ip policy
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
108
EXAMPLE:
OBJECTIVES
CREATE ACLs
--->
COMMENTS
--->
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
109
ACTIVATE ROUTE-MAP
--->
<R1(config)#interface fa0/0>
<R1(config-if)#ip policy route-map POLICY>
VERIFY
--->
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
110
IP SLA
IP SLA CONFIGURATIONS
COMPONENTS
PROBE
COMMANDS
COMMENTS
To verify:
SCHEDULE
To verify:
<Router#show ip sla configuration>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
111
TRACKING
OBJECTS
To verify:
<Router#show track>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
112
VERIFIES
operation ID
type of operation
start time
latest return code: OK | FAIL
number of successes / failures
operation TTL
type of operation
target address / source interface
schedule
threshold
statistics
EXAMPLE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
113
EXAMPLES:
SCENARIO 1: APPLY IP SLA TO A STATIC ROUTE
OBJECTIVES
COMMENTS
CREATE PROBE
--->
--->
--->
--->
VERIFY
--->
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
114
OBJECTIVES
all traffic generated by the router itself should by default be directed to ISP1
should the path to ISP1 be unavailable the traffic should be directed to ISP2
CONFIGURATIONS
COMMENTS
CREATE PROBE
--->
--->
--->
CREAT ACL
--->
CREATE ROUTE-MAP
--->
ACTIVATE ROUTE-MAP
--->
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
115
VERIFY
--->
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
116
BGP
BGP Basics
BGP Rules
BGP Multihoming
BGP Implementation Flavours
BGP Session Establishment
BGP Packets
BGP Tables
BGP Attributes
BGP Best Path Selection Process
BGP Advanced Features
BGP Configurations
BGP Verification and Tshooting
BGP BASICS
TYPE
PEERING MECHANISM
Path Vector
Manual
AD
STANDARD
eBGP:20
iBGP: 200
Open
PROTOCOLS
TRANSPORT
IPv4
IPv6
TCP:179
AUTHENTICATION
TIMERS
MD5
plain text
Hello:60
16
24
Hold:180
32
Version
My Autonomous System
Hold Time
BGP Identifier
Length
Optional Parameters
Optional Parameters
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
118
BGP RULES
RULE 1: SYNCHRONIZATION RULE
Do not use, or advertise to an eBGP peer, routes learned by iBGP until a match has been learned from an IGP
To enable/disable synchronization:
<Router(config-router)#(no) synchronization>
EXAMPLE:
*no matching IGP routes exist
SYNCHRONIZATION ON
routers A, C, D would not use or advertise the router to 172.16.0.0 until they receive
the matching router via an IGP
router E would not hear about 172.16.0.0
SYNCHRONIZATION OFF
Routes learned through iBGP are never propagated to other iBGP peers
each BGP peer is assumed to have a neighbor statement for all other iBGP speakers in the AS (full mesh BGP)
can be by-passed by using route reflectors or confederations
routers A, C, D would use and advertise the route that they receive via iBGP
router E would hear about 172.16.0.0
when building a packet to a eBGP peer, the IOS sets the TTL value in the IP header to 1 (as per BGP4 specification)
can be by-passed by using the ebgp-multiphop command
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
119
BGP MULTIHOMING
OVERVIEW
DEFAULT ROUTE
COMMENTS
LIMITATIONS:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
120
FULL ROUTES
LIMITATIONS:
powerful routers required with big memory to handle a large amount of routes
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
121
neighbors are not dynamically discovered! --> they need to be manually configured on both ends
keepalives are sent every 60 sec.
the following phases are triggered by entering the neighbor statement under a BGP routing process on a router
debug ip bgp all (to view session setup)
PHASE
OVERVIEW
COMMENTS
IDLE
the BGP speaker is waiting for a BGP start event e.g. (re)establishment of a TCP connection
the state is also true when the BGP process is administratively down
the router is looking for the route to the IP address stated in the neighbor statement
the router can transition back to this state from any other BGP state in case of errors
ACTIVE
the router has found the IP address from the neighbor statement and sent an Open packet
the router hasnt received the Open Confirm packet
may cycle between Active and Idle
CONNECT
OPEN SENT
OPEN CONFIRM
ESTABLISHED
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
122
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
123
BGP PACKETS
PACKET
OPEN
o
VERSION
AS
OVERVIEW
the highest common version of the protocol both routers can use
the maximum number of sec. that can elapse between the successive keepalives and update
messages from the sender
HOLD TIME
ROUTER ID
OPTIONAL
COMMENTS
1.
2.
3.
KEEPALIVE
UPDATE
WITHDRAWN
the list displays IP address prefixes for routes that are withdrawn from service (if any)
ATTRIBUTES
L3 REACHABILITY
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
124
NOTIFICATION
ERROR CODE
ERROR SUBCODE
1.
2.
3.
1.
2.
3.
4.
5.
6.
Unsupported Version
Bad Peer AS
Bad BGP Identifier
Unsupported Optional Parameter
Authentication Failure
Unacceptable Hold Time
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
NO SUBCODES
CEASE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
125
BGP TABLES
TABLE
NEIGHBOUR TABLE
OVERVIEW
COMMENTS
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
126
BGP TABLE
<Router#show ip bgp>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
127
ROUTING TABLE
eBGP AD - 20
iBGP AD - 200
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
128
Ignore routers with an inaccessible next-hop address (inaccessible = no entries for that destination in the routing table)
Prefer the path with the highest WEIGHT (local to router) (default = 32768 for directly connected; = 0 for all the other routes)
Prefer the path with the highest LOCAL_PREF (global within AS) (default = 100)
Prefer the path originated by the local router via the network command or redistribution (NEXT HOP = 0.0.0.0)
Prefer the path with the lowest ORIGIN TYPE (IGP > EGP > incomplete)
Prefer the path with the lowest MED (from other AS) (default = 0)
Prefer the path with the lowest IGP METRIC to the next-hop
Determine if multiple paths require installation in the routing table for BGP Multipath
10
When both paths are external, prefer the one that was received FIRST (the oldest one)
11
Prefer the route that comes from the BGP router with the lowest ROUTER ID
12
If the originator or router ID is the same for multiple paths, prefer the path with the minimum CLUSTER LIST LENGTH
13
Prefer the path that comes from the lowest NEIGHBOR ADDRESS
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
129
BGP ATTRIBUTES
CATEGORIES
BGP announces paths and the networks that are reachable at the end of the path
the paths are described by the use of attributes
CATEGORY
OVERVIEW
ATTRIBUTES
WELL KNOWN
MANDATORY
DISCRETIONARY
o
o
AS PATH
ORIGIN (IGP, EGP, UNKNOWN)
NEXT HOP
o
o
LOCAL PREFERENCE
ATOMIC AGGREGATE
o
o
AGGREGATOR
COMMUNITY
o
o
MED
ORIGINATOR ID
CLUSTER LIST
CLUSTER ID
WEIGHT
OPTIONAL
TRANSITIVE
NON-TRANSITIVE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
130
ATTRIBUTES
ATTRIBUTE
OVERVIEW
COMMENTS
AS PATH
NEXT HOP
IGB
ORIGIN
EGP
-
INCOMPLETE
-
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
131
To modify :
LOCAL PREFERENCE
ATOMIC AGGREGATE
informs a router (tags and notifies) that a route has been summarized
OPTIONAL TRANSITIVE
AGGREGATOR
COMMUNITY
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
132
OPTIONAL NON-TRANSITIVE
To modify:
<Router(config-router)#default-metric>
lower is better
default = 0
bgp always-compare-med - if not enabled, the MED
comparison is made only if the neighboring AS is the
same for all routes considered
bgp bestpath med missing-as-worst if MED
attribute is missing in the update its considered the
worst
Other parameters:
MED
<Router(config-router)#bgp always-compare-med>
<Router(config-router)#bgp bestpath med missing-as-worst>
CISCO proprietary
indicates to routers in the AS the preferred path to leave that AS
configured locally and not propagated to other routers
influences AS outbound traffic
used when a single router provides multiple exist from an AS
higher is better
default (paths originated by the router) = 32768
default (other paths) = 0
To modify:
WEIGHT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
133
neighboring routers with the same update policies can be grouped into peer groups
members of a peer group inherit all the configuration options of the peer group (routers can be configured to override selected options)
updates are generated only once per peer group and that update is replicated for each neighbor
peer group name is local to the router it is configured on and it is not passed on to other routers
a router can be a member of a single peer group only
EXAMPLE:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
134
BGP CONFEDERATIONS
allow to partition an AS into sub-AS and avoid having to fully mesh a iBGP network
each confederation has a fully meshed BGP topology between the routers forming the confederation
the behavior between the members of a confederation is more like a eBGP session
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
135
BGP AUTHENTICATION
uses MD5
password must be the same on both ends (if differs, the peering session wont be established)
the digest is made out of the key and the message
router generates and checks the MD5 digest of every segment sent on the TCP connection
the source of each routing update packet received is authenticated
EXAMPLE:
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
136
BGP CONFIGURATIONS
ACTIVATION
STEP #
COMMAND
<Router(config)#router bgp (AS; 1-4294967295>
COMMENTS
ENABLING BGP
ROUTER ID
To verify:
<Router#show ip bgp summary>
<Router(config-router)#auto-summary>
1.
<Router(config-router)#no auto-summary>
NO AUTO-SUMMARY
AUTO-SUMMARY
AUTOMATIC
SUMMARIZATOIN
OR
- a subnet of that classful network exist in the routing table
2.
AUTO-SUMMARY
NO AUTO-SUMMARY
137
<Router(config-router)#no synchronization>
SYNCHRONIZATION
ADDING NEIGHBORS
The IP address is the destination address for all BGP packets going
to this neighboring router.
Internal neighbors dont need to be directly connected.
External neighbors do need to be directly connected.
NETWORK STATEMENT
ADDING NETWORKS
REDISTRIBUTE CONNECTED
To advertise a summary:
<Router(config)#ip route A.A.A.A M.M.M.M null0>
DEFAULT ROUTE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
138
TUNING
<Router(config-router)#neighbor A.A.A.A shutdown>
ADMINISTRATIVE
SHUTDOWN
TIMERS
SOURCE OF UPDATES
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
139
MULTHOPPING
NEXT-HOP
MANIUPLATION
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
140
PEER GROUPS
ROUTE REFLECTORS
To verify:
1-64495
PRIVATE AS RANGE
AUTHENTICATION
Reserved
Assignable by IANA for public use
64496-65511
65512-65534
Private use
65535
PURPOSE
Reserved
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
141
ROUTE AGGREGATION
UPDATE
INFORMATION
STORAGE
NOTE: aggregation only applies to routes that exist in the BGP table
the aggregated route is only forwarded if at least one more
specific route of the aggregation exists!
The summary works for all BGP peers unless suppress maps are
used.
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
142
AS-PATH
SYNTAX
COMMENTS
To verify:
LOCAL PREFERENCE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
143
<Router(config-router)#default-metric (0-4294967295)>
MED
WEIGHT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
144
REDISTRIBUTION
ROUTING PROTOCOLS
To set a default-metric (NOTE: this command does not affect the metric of directly connected networks):
<Router(config-router)#default-metric (1-4294967295)>
PULL ROUTES FROM:
RIP
EIGRP
COMMANDS
COMMENTS
OSPF
COMMENTS
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
145
show ip bgp
show ip bgp A.A.A.A M.M.M.M
show ip bgp summary
show ip bgp neighbors
show ip bgp rib-failure
debug ip bgp all
debug ip bgp updates
clear ip bgp *
clear ip bgp (neighbor address)
clear ip bgp * in
clear ip bgp * out
clear ip bgp * soft
COMMAND
show ip bgp
VERIFIES / ACTION
SCREENSHOT
router ID
local AS number
BGP table version
BGP neighbors
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
146
displays networks which BGP chosen as best but did not end up being
installed in the routing table
explains why networks werent installed
Displays BGP routes learned from a neighbor, before being processed by an inbound filter
Display BGP routes learned from a neighbor, after being process by an inbound filter
Display BGP routes sent to a neighbor, after applying the outbound filter
clear ip bgp *
hard reset
completely resets all BGP adjacencies
closes and re-established TCP connections
entire BGP table is discarded
BGP session makes the transition from established to idle; everything must be re-learned
if the soft-reconfiguration inbound command is used, the stored unfiltered table generates new inbound updates and the results are placed
in the BGP table
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
147
clear ip bgp * in
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
148
ROUTING TABLE
C
L
C
L
C
L
C
L
C
L
C
L
C
L
NETWORK
STATEMENT
NO AUTO-SUMMARY
network 11.0.0.0
11.0.0.0/8
11.0.0.0/8
network 12.1.0.0
not installed
not installed
network 12.0.0.0
12.0.0.0/8
not installed
network 172.16.0.0
172.16.0.0/16
172.16.0.0/16
network 173.1.1.0
not installed
not installed
network 173.1.0.0
network 192.168.1.0
173.1.0.0/16
192.168.1.0/24
not installed
not installed
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
149
Branch Office
NAT
IP Sec
GRE Tunneling
NAT
NAT ADDRESS CLASSIFICATION
INSIDE LOCAL
INSIDE GLOBAL
OUTSIDE LOCAL
OUTSIDE GLOBAL
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
151
NAT CONFIGURATIONS
DYNAMIC TRANSLATION
STEP #
COMMANDS
<Router(config)#ip nat pool (pool name) (start IP address) (end IP address) (netmask (M.M.M.M)) (prefix-length (1-32))>
COMMENTS
<Router(config)#interface (interace)>
DEFINE BOUNDRY
INTERFACES
STATIC TRANSLATION
STEP #
COMMANDS
<Router(config)#ip nat pool inside static (address to be translated) (address to be translated to)>
DEFINE BOUNDRY
INTERFACES
<Router(config)#interface (interace)>
COMMENTS
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
152
VERIFIES
Inside global / local addresses translated to: outside local / global addresses
SCREENSHOT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
153
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
154
IPSec
IPSec CONFIGURATION
IKE PHASE 1
STEP #
ENABLE ISAKMP
COMMANDS
COMMENTS
The peer initiating the negotiation sends all of its policies to the
remote peer, who compares them with the locally configured
until a match is found - the policies with higher priorities are
compared first (thats why the most secure policies should
have lower priorities)
For a match to be found, two policies have to use identical
following protocols:
AUTHENTICATION
ENCRYPTION
HASH
DH LEVEL
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
155
CREATE PSKs
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
156
IKE PHASE 2
STEP #
COMMANDS
COMMENTS
To verify:
<Router#show crypto ipsec transform-set (sets name)>
*TUNE IPSec SA
PARAMETERS
AU AUTHENTICATION (hashing)
ESP AUTHENTICATION (hashing)
ESP ENCRYPTION
COMPRESSION
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
157
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
158
GRE TUNNELING
STEP #
COMMANDS
COMMENTS
CONFIGURE TUNNEL
INTERFACE
*ENABLE ROUTING
PROTOCOL OVER GRE
TUNNEL
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
159
VERIFIES
EXAMPLE
policy number
encryption algorithm
hashing algorithm
authentication method
DH group
lifetime
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
160
DESCRIPTION
MM_NO_STATE
AG_NO_STATE
MM_SA_SETUP
MM_KEY_EXCH
DH has completed.
AG_INIT_EXCH
AG_AUTH
QM_IDLE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
161
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
162
clear crypto sa
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
163
Secure the traffic sent between 172.30.2.0 /24 and 192.168.1.0 /24
IP ADDRESS
LOCAL ID
HOME
REMOTE
98.174.249.99
67.40.69.33
IP ADDRESS
POLICY
NUMBER
AUTHENTICATION
ENCRYPTION
HASHING
DH LVL
LIFETIME
#10
#60
PRE SHARED KEY
AES 128
SHA 1
2
86,400
NAME
ACCEPTED FROM
cbtkey
67.40.69.33
98.174.249.99
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
164
NAME
AH HASHING
N/A
ESP HASHING
ESP-AES 123
ESP ENCRYPTION
COMPRESION
ESP-SHA-1-HMAC
N/A
CRYPTO ACL
NAME
INTERESTING TRAFFIC
S2S-VPN-TRAFFIC
S2S-VPN-TRAFFIC
S2S-VPN
SEQUENCE #
100
200
INTERFACE
s1/0
s1/1
NAME
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
165
COMMANDS
<Router(config)#crypto isakmp enable>
<Rotuer(config)#crypto isakmp policy 10>
<Router(config-isakmp)#authentication pre-share>
<Router(config-isakmp)#encryption aes 128 >
<Router(config-isakmp)#group 2>
<Router(config-isakmp)#hash sha>
<Router(config-isakmp)#lifetime 86400>
VERIFY:
<Router#show crypto isakmp policy>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
166
COMMANDS
<Router(config)#crypto ipsec transform-set CBTVPN esp-aes 128 esp-sha-hmac>
<Router(config)#ip access-list extended S2S-VPN-TRAFFIC
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
167
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
168
IPv6
IPv6 Packet Header
IPv6 Address Format
IPv6 Special Use Ranges
IPv6 Address Assignment
IPv6 L2 Address Discovery
COMPONENT
OVERVIEW
VERSION
version of the IP
always set to 6
TRAFFIC CLASS
FLOW LABEL
PAYLOAD LENGTH
NEXT HEADER
HOP LIMIT
SOURCE ADDRESS
source IP address
DESTINATION ADDDRESS
destination IP address
COMMENTS
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
168
128 bits
divided into 8 x blocks of 4 x HEX characters (each HEX = 4 x bits)
each block is separated by a colon (:)
the slash notation indicates the prefix-length (equivalent to IPv4 subnet mask)
2001:0050:0000:0000:0000:0BA4:1E2E:98AA/64
SHORTENING RULE 1: ELIMINATE GROUP OF CONSECUTIVE ZEROS (ONCE PER ADDRESS)
2001:0050:0000:0000:0000:0BA4:1E2E:98AA/64
2001:0050::0BA4:1E2E:98AA/64
SHORTENING RULE 2: DROP LEADING ZEROS
2001:0050::0BA4:1E2E:98AA/64
2001:50::BA4:1E2E:98AA/64
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
169
OVERVIEW
COMMENTS
UNICAST
64
2000::/3
o
Subnet ID
Interface ID
GLOBAL
prefix = 2000::/3
globally unique, routable addresses
equivalent of the IPv4 public addresses
can be automatically assigned to a node using stateless auto-configuration
10
54
FE80::/10
64
LINK-LOCAL
::
64
EUI-64 Interface ID
FE80::/64 + EUI-64
Example:
MAC: ca00.0a30.0008
EUI-64: C800:AFF:FE30:8
link-local: FE80::C800:AFF:FE30:8
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
170
40
Global ID
16
64
Subnet ID
Interface ID
UNIQUE- LOCAL
equivalent to IPv4 private addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
only routed within an organization
MULTICAST
FF
FLAGS
FF
4 4
F S
112
Group ID
FF02::2
FF02::5
FF02::6
FF02::10
FF02:1::2
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
171
SCOPE
SCOPES:
1
interface-local
link-local
org-local
global
GROUP ID
GROUP IDs:
1
all nodes
all routers
OSPF routers
OSPF DR routers
RIP routers
ANYCAST
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
172
OVERVIEW
COMMENTS
Default Route
Unspecified Address
::/128
Loopback Address
::1/128
Documentation Prefix
2001:DB8::/32
6to4
2000::/16
prefix 2002:
convert IPv4 address of the source interface to hex in
IPv6 notation and append to the prefix
add subnet hex
add host hex
Example:
Tunnel source interface IPv4 address: 172.16.12.1
6to4 Tunnel IPv6 address: 2002:AC10:0C01:1::1/64
Link-local address is created by taking FE80::/96 prefix and
appending the 6to4 tunnels source interface IPv4 address in
hex.
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
173
OVERVIEW
COMMENTS
STATEFUL DHCP
RELEVANT PREFIXES:
SLAAC
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
174
Router Solicitation:
o
o
o
o
o
o
NDP
address auto-configuration
neighbor discovery
MAC discovery
duplicate address detection
finding existing routers / DNS servers
Router Advertisement:
o
o
o
o
o
o
RELEVANT PREFIXES:
EUI-64 Interface ID
FF02::2 - destination IPv6 address (all routers on the link) of the RS messages
FF02::1 - destination IPv6 address (all nodes on the link) of the RA messages
allows for automatic creation of a unique global unicast IP address based on the
local MAC address
To generate on an interface:
<Router(config-if)#ipv6 address (X:X:X::/64) eui-64>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
175
STATELESS DHCP
stateless function of the IPv6 DHCP server supplies the IPv6 address of the DNS
server to the client
does not need to keep track of any state information
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
176
OVERVIEW
NEIGHBOR DATABASE
COMMENTS
NDP
NDP States:
Neighbor Solicitation
ICMPv6 Type 135
sent to a host to request its MAC address
sent as a part of DAD upon an IPv6 address assignment to confirm its uniqueness
multi-casted on the destination hosts solicited node multicast address
RELEVANT PREFIXES:
o
NS MESSAGE
DELETED
INCOMING
REACHABLE
STALE
To create:
prefix FF02::1:FF
add last 6 HEX (digits) of the destination IPv6
address
Example:
Destination IPv6 address: 2002::AACC
Solicited node address: FF02::1:FF00:AACC
The router joins the multicast group for solicited node
address for every address assigned to an interface the
moment the interface is up
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
177
NA MESSAGE
DAD
IND
Neighbor Advertisement
ICMPv6 Type 136
sent in reply to an NS message (unicasted)
multicasted to every local IPv6 node every time a new IPv6 address is assigned and cleared
by DAD
includes local IPv6 | MAC mapping
Duplicate Address Detection
used to make sure there are no duplicate addresses on the link
performed every time a new IPv6 address is assigned to an interface OR when the
interface comes back up after being down for whatever reason
the interface sends an NS message destined to a solicited node multicast address for each
IPv6 address assigned on the router if a NA messages comes from other source than
local than it means theres a duplicate address on the link
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
178
COMMANDS
<R1(config)#interface fa0/0>
<R1(config-if)#ipv6 address 2003::1/64>
ACTION TRIGGERED
RESULT
<R1(config)#ipv6 unicast-routing
FF02::2
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
179
<R1(config)#interface fa0/0>
<R1(config-if)#no shutdown>
<R2(config)#interface fa0/0>
<R2(config-if)#ipv6 address autoconfig>
SLAAC enabled
enables IPv6 on fa0/0
creates EUI-64
creates link-local address based on EUI-64
performs DAD on null0 for link-local address:
o sends NA for FE80::1 [src: :: | dst: ::1]
o address is unique
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
180
<R2(config-if)#ipv6 unicast-routing>
<R2(config-if)#no shut>
FE80::C801:16FF:FE14:8
autoconfigure interface ID
o use prefix / prefix length obtained from R1 RA message
o use EUI-64 to generate interface ID: 2003::C801:16FF:FE17:8
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
181
RIPng CONFIGURATIONS
STEP #
COMMANDS
COMMENTS
<Router(config)#ipv6 unicast-routing>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
182
VERIFIES
SCREENSHOT
RIPng uses link-local address of the next hop router as the next hop
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
183
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
184
EIGRPv6
EIGRPv6 CONFIGURATIONS
STEP #
ASSIGN ROUTER-ID
COMMANDS
COMMENTS
<Router(config)#ipv6 unicast-routing>
<Router(config-rtr)#shutdown>
<Router(config-rtr)#no shutdown>
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
185
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
186
VERIFIES
SCREENSHOT
EIGRPv6 uses link-local address of the next hop router as the next
hop
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
187
timers
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
188
EIGRPv6 database
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
189
OSPFv3
OSPFv3 CONFIGURATIONS
<Router(config)#ipv6 unicast-routing>
<Router(config-rtr)#router id A.A.A.A>
ASSIGN ROUTER-ID
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
190
VERIFIES
SCREENSHOT
neighbor ID
priority
state
Dead Time
Interface ID
Interface
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
191
OSPFv3 interfaces:
costs
state
area
number of neighbors
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
192
IPv6/IPv4 COEXISTANCE
IPv4/IPv6 DUAL STACKING
the host or router use both IPv4 and IPv6 at the same time
nodes can then choose to communicate with IPv4 nodes using IPv4 stack and with IPv6 nodes using IPv6 stack
two implementation approaches:
o
o
NATIVE IPv6: configure IPv6 on most/all routers making all routers use dual stacking
IPv6 TUNNELS: some routers are configured for IPv6 and packets are tunneled over the IPv4 network
TUNNELING
the IPv6 packet is encapsulated inside an IPv4 packet and then routed over IPv4 network
allows for only partial migration between the two protocols
adds extra overhead in form of headers
types:
o point-to-point: two (and only two) devices sit at the end of the tunnel
o point-to-multipoint: allows a router (the point) to use a single user interface to send packets to multiple remote routers
NAT-PT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
193
two flavors:
o manual tunnels
o GRE tunnels
RFC 4213
acts like a virtual point-to-point link
supports IPv6 IGPs
ideal for more permanent tunnels
less overhead than GRE
GRE TUNNELS:
RFC 2784
same characteristics and advantages as manual tunnels
uses an extra stub header between IPv4 and IPv6 headers
can carry multiple passenger protocols
COMMANDS
COMMENTS
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
194
CONFIGURE TUNNEL
DESTINATION
TSHOOT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
195
creates the possibility that new sites can join the tunnel without requiring additional configuration on the existing routers
do not support IGPs requiring the use of either static routes or multiprotocol BGP
the forwarding logic requires more work per packet as compared with point-to-point tunnels (more suited for less traffic)
the incomings packet IPv6 address implies which IPv4 address should be used for encapsulation for transport over the IPv4 network
dynamic multipoint tunnels come in two falvors:
o
o
6to4 Tunnels
IPv6 ISATAP Tunnels
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
196
transition mechanism that enable encapsulation of IPv6 packets into IPv4 packets for transport across an IPv4 network
allows for automatic IPv6-to-IPv4 address translation
treats the underlying IPv4 network as one big logical NBMA network
internal routing protocols cannot be used across the 6to4 tunnels! (because they rely on link-local addresses to form adjacencies and these are not supported across 6to4 tunnels)
6to4 tunnels do not allow IPv4-only hosts to communicate with IPv6-only hosts (they only allows IPv6 hosts to communicate with each other over an IPv4 network)
the tunnel configuration has to be applied on all edge routers on the cloud-facing interfaces
a single tunnel interface is needed per router
6to4 Tunnel addressing:
o
o
2002:/16 prefix
Global Unicast Address
COMMANDS
COMMENTS
prefix 2002:
convert IPv4 address of the source interface to hex
in IPv6 notation and append to the prefix
fill the rest of the bits to make up a total of 128
Example:
Tunnel source interface IPv4 address: 172.16.12.1
6to4 Tunnel IPv6 address: 2002:AC10:0C01:1::1/64
Link-local address is created by taking FE80::/96 prefix and
appending the 6to4 tunnels source interface IPv4 address
(in HEX).
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
197
CONFIGURE TUNNEL
SOURCE
TSHOOT
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
198
IPv6 CONFIGURATIONS
COMPONENT
COMMANDS
<Router(config)#ipv6 unicast-routing>
COMMENTS
IPv6 ASSIGNMENT
<Router(config)#ipv6 cef>
<Router(config-if)#ipv6 enable>
EUI-64 ADDRESS
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
199
6to4 TUNNEL
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
200
VERIFIES
EXAMPLE
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
201
debug ipv6 nd
ADVANCED ROUTING ver. 1.0 CREATED BY PAWEL PAUL NADSTOGA (PNADSTOGA@GMAIL.COM) 2012-14
202
APPENDIXES
IPv4 Subnetting
RIP
EIGRP
OSPF
IS-IS
BGP
NAT
IPSec
IPv6
IPV4 SUBNETTING
packetlife.net
Subnets
Decimal to Binary
Addresses
Wildcard
Subnet Mask
Wildcard
/32 255.255.255.255
0.0.0.0
0 0000 0000
/31 255.255.255.254
0.0.0.1
1 0000 0001
/30 255.255.255.252
0.0.0.3
3 0000 0011
/29 255.255.255.248
0.0.0.7
7 0000 0111
/28 255.255.255.240
16
0.0.0.15
15 0000 1111
/27 255.255.255.224
32
0.0.0.31
31 0001 1111
/26 255.255.255.192
64
0.0.0.63
63 0011 1111
/25 255.255.255.128
128
0.0.0.127
/24 255.255.255.0
256
0.0.0.255
0 0000 0000
/23 255.255.254.0
512
0.0.1.255
/22 255.255.252.0
1,024
0.0.3.255
/21 255.255.248.0
2,048
0.0.7.255
/20 255.255.240.0
4,096
0.0.15.255
/19 255.255.224.0
8,192
0.0.31.255
/18 255.255.192.0
16,384
0.0.63.255
/17 255.255.128.0
32,768
0.0.127.255
/16 255.255.0.0
65,536
0.0.255.255
/15 255.254.0.0
131,072
0.1.255.255
/14 255.252.0.0
262,144
0.3.255.255
/13 255.248.0.0
524,288
0.7.255.255
/12 255.240.0.0
1,048,576
0.15.255.255
/11 255.224.0.0
2,097,152
0.31.255.255
/10 255.192.0.0
4,194,304
0.63.255.255
/9 255.128.0.0
8,388,608
0.127.255.255
A 0.0.0.0 127.255.255.255
/8 255.0.0.0
16,777,216
0.255.255.255
B 128.0.0.0 - 191.255.255.255
/7 254.0.0.0
33,554,432
1.255.255.255
C 192.0.0.0 - 223.255.255.255
/6 252.0.0.0
67,108,864
3.255.255.255
D 224.0.0.0 - 239.255.255.255
/5 248.0.0.0
134,217,728
7.255.255.255
E 240.0.0.0 - 255.255.255.255
/4 240.0.0.0
268,435,456
15.255.255.255
/3 224.0.0.0
536,870,912
31.255.255.255
/2 192.0.0.0
1,073,741,824
63.255.255.255
/1 128.0.0.0
2,147,483,648
127.255.255.255
/0 0.0.0.0
4,294,967,296
255.255.255.255
Subnet Proportion
/27
/28
/26
/29
/30
/30
/25
Classful Ranges
Reserved Ranges
Terminology
CIDR
Classless interdomain routing was developed to
provide more granularity than legacy classful
addressing; CIDR notation is expressed as /XX
by Jeremy Stretch
VLSM
Variable-length subnet masks are an arbitrary length
between 0 and 32 bits; CIDR relies on VLSMs to define
routes
v2.0
RIP
packetlife.net
RIP Implementations
Attributes
RIPv1
Original RIP implementation, limited to classful routing
(obsolete)
RIPv2
Introduced support for classless routing, authentication,
triggered updates, and multicast announcements (RFC 2453)
RIPng (RIP Next Generation)
Extends RIPv2 to support IPv6 routing (RFC 2080); functions
very similarly to RIPv2 and is subsequently as limited
Protocols Comparison
RIPv1
RIPng
IPv4
IPv6
120
120
520
521
Classless No
Yes
Yes
224.0.0.9
FF02::9
Plain, MD5
None
RIPv2 Configuration
! Enable RIPv2 IPv4 routing
router rip
version 2
! Disable RIPv2 automatic summarization
no auto-summary
Algorithm Bellman-Ford
Admin Distance 120
Metric Hop count (max 15)
Standard RFCs 2080, 2453
Protocols IPv4, IPv6
Transport UDP
Authentication Plaintext, MD5
RIPv2
IP IPv4
Multicast IP 224.0.0.9/FF02::9
Terminology
Split Horizon
A rule that states a router may not advertise a route
back to the neighbor from which it was learned
Route Poisoning
When a network becomes unreachable, an
update with an infinite metric is generated to
explicitly advertise the route as unreachable
Poison Reverse
A router advertises a network as unreachable
through the interface on which it was learned
Timer Defaults
Update 30 sec
Invalid 180 sec
RIPng Configuration
! Enable IPv6 routing
ipv6 unicast-routing
! Enable RIPng IPv6 routing
ipv6 router rip name
Troubleshooting
show ip[v6] protocols
show ip[v6] rip database
! Modify timers
timers basic update invalid hold flush
by Jeremy Stretch
v1.1
EIGRP
packetlife.net
Protocol Header
Attributes
16
Version
24
Opcode
32
Checksum
Algorithm DUAL
Flags
Internal AD 90
Sequence Number
External AD 170
Acknowledgment Number
Summary AD 5
Length
Value
Transport IP/88
Metric Formula
256 * (K1 * bw +
K2 * bw
256 - load
Authentication MD5
+ K3 * delay) *
K5
rel + K4
EIGRP Configuration
Protocol Configuration
! Enable EIGRP
router eigrp <ASN>
! Add networks to advertise
network <IP address> <wildcard mask>
Multicast IP 224.0.0.10
Hello Timers 5/60
Hold Timers 15/180
K Defaults
Packet Types
K1 1
1 Update
K2 0
3 Query
K3 1
4 Reply
K4 0
5 Hello
K5 0
8 Acknowledge
Terminology
Reported Distance
Feasible Distance
Passive Interface
An interface which does not participate in EIGRP but
whose network is advertised
Stub Router
A router which advertises only a subset of routes,
and is omitted from the route query process
Troubleshooting
by Jeremy Stretch
OSPF PART 1
packetlife.net
Protocol Header
8
Attributes
16
Version
24
Type
32
Type Link-State
Length
Algorithm Dijkstra
Router ID
Area ID
Checksum
AD 110
Instance ID
Reserved
Data
Protocols IP
Transport IP/89
Authentication Plaintext, MD5
AllSPF Address 224.0.0.5
AllDR Address 224.0.0.6
Metric Formula
100,000 Kbps*
cost =
* modifiable with
ospf auto-cost reference-bandwidth
Area Types
Internal Router
All interfaces reside within the
same area
Backbone Router
A router with an interface in
area 0 (the backbone)
Standard Area
Default OSPF area type
Stub Area
External link (type 5) LSAs are
replaced with a default route
link speed
Adjacency States
1 Down
5 Exstart
2 Attempt
6 Exchange
3 Init
7 Loading
4 2-Way
8 Full
DR/BDR Election
Virtual Links
Tunnel formed to join two areas
across an intermediate
debug ip ospf []
by Jeremy Stretch
v2.1
OSPF PART 2
packetlife.net
Network Types
Nonbroadcast
(NBMA)
Multipoint
Broadcast
Multipoint
Nonbroadcast
Broadcast
Point-to-Point
No
No
Yes
No
Yes
No
Yes
Yes
30/120
30/120
10/40
10/40
RFC 2328
Cisco
Cisco
Cisco
Any
Any
Full Mesh
Point-to-Point
Configuration Example
WAN
Area 0
Area 9
172.16.0.0/18
Backbone
A
C
Area 1
Area 2
Stub Area
Standard Area
Router B
interface Ethernet0/0
description Area 0
ip address 192.168.0.2 255.255.255.0
ip ospf 100 area 0
!
interface Ethernet0/1
description Area 2
ip address 192.168.2.1 255.255.255.0
ip ospf 100 area 2
! Optional MD5 authentication configured
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 FooBar
! Give B priority in DR election
ip ospf priority 100
!
interface Ethernet0/2
description Area 1
ip address 192.168.1.1 255.255.255.0
ip ospf 100 area 1
!
interface Loopback0
ip address 10.0.34.2 255.255.255.0
!
router ospf 100
! Define area 1 as a stub area
area 1 stub
! Virtual link from area 0 to area 9
area 2 virtual-link 10.0.34.3
by Jeremy Stretch
Router A
interface Serial0/0
description WAN Link
ip address 172.16.34.2 255.255.255.252
!
interface FastEthernet0/0
description Area 0
ip address 192.168.0.1 255.255.255.0
!
interface Loopback0
! Used as router ID
ip address 10.0.34.1 255.255.255.0
!
router ospf 100
! Advertising the WAN cloud to OSPF
redistribute static subnets
network 192.168.0.0 0.0.0.255 area 0
!
! Static route to the WAN cloud
ip route 172.16.0.0 255.255.192.0 172.16.34.1
Router C
interface Ethernet0/0
description Area 9
ip address 192.168.9.1 255.255.255.0
ip ospf 100 area 9
!
interface Ethernet0/1
description Area 2
ip address 192.168.2.2 255.255.255.0
ip ospf 100 area 2
! Optional MD5 authentication configured
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 FooBar
! Give C second priority (BDR) in election
ip ospf priority 50
!
!
!
!
!
!
interface Loopback0
ip address 10.0.34.3 255.255.255.0
!
router ospf 100
! Define area 9 as a totally stubby area
area 9 stub no-summary
! Virtual link from area 9 to area 0
area 2 virtual-link 10.0.34.2
v2.1
IS-IS PART 1
packetlife.net
Protocol Header
4
Attributes
12
IRPD
Packet Length
Version/Protocol ID Extension
ID Length
PDU Type
16
Type Link-State
Algorithm Dijkstra
Metric Default (10)
Version
AD 115
Reserved
Type
Length
Value ...
Transport Layer 2
Authentication Plaintext, MD5
NSAP Addressing
Interdomain Part
Routing Levels
Domain-Specific Part
AFI
IDI
Condensed
Example
HODSP
Area
47
System ID
SEL
0000.0c00.1234
00
0005.80ff.f800.0000
0001
Point-to-Point
No
Yes
10/30
Troubleshooting
DIS Election
show ip route
show ip protocols
by Jeremy Stretch
v2.0
IS-IS PART 2
packetlife.net
TLV Types
Name
Use
Name
Use
Name
Use
1 Area Addresses
Hello, LSP
6 IS Neighbors
Hello, L2 LSP
LSP
2 IS Neighbors
LSP
8 Padding
Hello
Hello, LSP
3 ES Neighbors
L1 LSP
9 LSP Entries
SNP
131 IDRPI
SNP, L2 LSP
5 Prefix Neighbors
L2 LSP
Hello, LSP
10 Authentication All
Configuration Example
Area 1
Router A2
192.168.1.0/24
interface FastEthernet0/0
description Area 1
ip address 192.168.1.2 255.255.255.0
ip router isis
isis circuit-type level-1
!
router isis
net 49.0001.0000.0000.00a2.00
A3
A2
10
.0.
0
192.168.2.0/24
30
.4/
Area 2
.0
.0
10
.0
/3
0
A1
Area 3
192.168.3.0/24
B2
C2
B1
10.0.0.8/30
C1
B3
C3
Router B2
interface FastEthernet0/0
description Area 2
ip address 192.168.2.2 255.255.255.0
ip router isis
isis circuit-type level-1
!
router isis
net 49.0002.0000.0000.00b2.00
Router A1
interface FastEthernet0/0
description Area 1
ip address 192.168.1.1 255.255.255.0
ip router isis
isis circuit-type level-1
!
interface Serial1/0
no ip address
encapsulation frame-relay
!
interface Serial1/0.1 point-to-point
description To Area 2
ip address 10.0.0.1 255.255.255.252
ip router isis
isis circuit-type level-2-only
! MD5 authentication (keychain not shown)
isis authentication mode md5
isis authentication key-chain <keychain>
frame-relay interface-dlci 101
!
interface Serial1/0.2 point-to-point
description To Area 3
ip address 10.0.0.5 255.255.255.252
ip router isis
isis circuit-type level-2-only
frame-relay interface-dlci 102
!
router isis
net 49.0001.0000.0000.00a1.00
by Jeremy Stretch
Router B1
interface FastEthernet0/0
description Area 2
ip address 192.168.2.1 255.255.255.0
ip router isis
isis circuit-type level-1
!
interface Serial1/0
no ip address
encapsulation frame-relay
!
interface Serial1/0.1 point-to-point
description To Area 1
ip address 10.0.0.2 255.255.255.252
ip router isis
isis circuit-type level-2-only
! MD5 authentication (keychain not shown)
isis authentication mode md5
isis authentication key-chain <keychain>
frame-relay interface-dlci 101
!
interface Serial1/0.2 point-to-point
description To Area 3
ip address 10.0.0.9 255.255.255.252
ip router isis
isis circuit-type level-2-only
frame-relay interface-dlci 103
!
router isis
net 49.0002.0000.0000.00b1.00
v2.0
BGP PART 1
packetlife.net
Attributes
Name
About BGP
Description
2 AS Path
3 Next Hop
6 Atomic Aggregate
8 Community
Route tag
Multiple Exit
Metric for external neighbors to reach the
Discriminator (MED) local AS (default 0)
9 Originator ID
10 Cluster List
13 Cluster ID
Originating cluster
-- Weight
iBGP AD 200
Standard RFC 4271
Protocols IP
Transport TCP/179
Authentication MD5
Terminology
Autonomous System (AS)
A logical domain under the control of a
single entity
Synchronization Requirement
A route must be known by an IGP before
it may be advertised to BGP peers
Packet Types
Attribute
eBGP AD 20
Open
Update
Keepalive
Notification
Neighbor States
Description
Preference
1 Weight
Administrative preference
Highest
2 Local Preference
Highest
3 Self-originated
True
4 AS Path
Minimize AS hops
Shortest
5 Origin
IGP
6 MED
Lowest
7 External
eBGP
8 IGP Cost
Lowest
9 eBGP Peering
Oldest
Tie breaker
Lowest
debug ip bgp []
10 Router ID
BGP PART 2
packetlife.net
Configuration Example
AS 65100
F2/0
A
S1/0
S1/1
172.16.0.0/30
172.16.0.4/30
AS 65200
S1/0
S1/0
F0/0
F0/0
10.0.0.0/30
B
F2/0
C
F2/0
OSPF
interface Serial1/0
description Backbone to B
ip address 172.16.0.1 255.255.255.252
!
interface Serial1/1
description Backbone to C
ip address 172.16.0.5 255.255.255.252
!
interface FastEthernet2/0
description LAN
ip address 192.168.1.1 255.255.255.0
!
router bgp 65100
no synchronization
network 172.16.0.0 mask 255.255.255.252
network 172.16.0.4 mask 255.255.255.252
network 192.168.1.0
neighbor South peer-group
neighbor South remote-as 65200
neighbor 172.16.0.2 peer-group South
neighbor 172.16.0.6 peer-group South
no auto-summary
Router A
Router B
interface FastEthernet0/0
description Backbone to C
ip address 10.0.0.1 255.255.255.252
!
interface Serial1/0
description Backbone to A
ip address 172.16.0.2 255.255.255.252
!
interface FastEthernet2/0
description LAN
ip address 192.168.2.1 255.255.255.0
!
router ospf 100
network 10.0.0.1 0.0.0.0 area 0
network 192.168.2.1 0.0.0.0 area 1
!
router bgp 65200
no synchronization
redistribute ospf 100 route-map LAN_Subnets
neighbor 10.0.0.2 remote-as 65200
neighbor 172.16.0.1 remote-as 65100
no auto-summary
!
access-list 10 permit 192.168.0.0 0.0.255.255
!
route-map LAN_Subnets permit 10
match ip address 10
set metric 100
Router C
interface FastEthernet0/0
description Backbone to B
ip address 10.0.0.2 255.255.255.252
!
interface Serial1/0
description Backbone to A
ip address 172.16.0.6 255.255.255.252
!
interface FastEthernet2/0
description LAN
ip address 192.168.3.1 255.255.255.0
!
router ospf 100
network 10.0.0.2 0.0.0.0 area 0
network 192.168.3.1 0.0.0.0 area 2
!
router bgp 65200
no synchronization
redistribute ospf 100 route-map LAN_Subnets
neighbor 10.0.0.1 remote-as 65200
neighbor 172.16.0.5 remote-as 65100
no auto-summary
!
access-list 10 permit 192.168.0.0 0.0.255.255
!
route-map LAN_Subnets permit 10
match ip address 10
set metric 100
C
C
C
B
B
by Jeremy Stretch
B
C
C
B
C
O
v2.1-r1
packetlife.net
Address Classification
Inside Local
FastEthernet0
10.0.0.1/16
NAT Inside
FastEthernet1
174.143.212.1/22
NAT Outside
Outside Local
Location
interface FastEthernet0
ip address 10.0.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet1
ip address 174.143.212.1 255.255.252.0
ip nat outside
Perspective
Local
Global
Inside
Inside Local
Inside Global
Outside
Outside Local
Outside Global
Terminology
NAT Pool
A pool of IP addresses to be used as inside
global or outside local addresses in translations
Extendable Translation
The extendable keyword must be appended
when multiple overlapping static translations are
configured
Troubleshooting
show ip nat translations [verbose]
show ip nat statistics
clear ip nat translations
NAT Translations Tuning
ip nat translation tcp-timeout <seconds>
ip nat translation udp-timeout <seconds>
ip nat translation max-entries <number>
by Jeremy Stretch
v1.0
IPSEC
packetlife.net
Protocols
Encryption Algorithms
L2
IP
TCP/UDP
Transport
Mode
L2
IP
ESP/AH
Tunnel
Mode
L2
New IP
ESP/AH
Strength
56
Weak
168
Medium
AES Symmetric
128/192/256
Strong
RSA Asymmetric
1024+
Strong
DES Symmetric
3DES Symmetric
Hashing Algorithms
Length (Bits)
MD5 128
Strength
Medium
SHA-1 160
Strong
IKE Phases
TCP/UDP
IP
TCP/UDP
Transport Mode
The ESP or AH header is inserted behind the IP header; the
IP header can be authenticated but not encrypted
Tunnel Mode
A new IP header is created in place of the original; this
allows for encryption of the entire original packet
Configuration
crypto isakmp policy 10
encryption aes 256
hash sha
authentication pre-share
group 2
lifetime 3600
Phase 1
A bidirectional ISAKMP SA is established
between peers to provide a secure management
channel (IKE in main or aggressive mode)
IPsec Modes
Original
Packet
Type
ISAKMP Policy
Phase 2
Two unidirectional IPsec SAs are established for
data transfer using separate keys (IKE quick
mode)
Terminology
Data Integrity
Secure hashing (HMAC) is used to ensure data
has not been altered in transit
Data Confidentiality
Encryption is used to ensure data cannot be
intercepted by a third party
Data Origin Authentication
Authentication of the SA peer
Anti-replay
Sequence numbers are used to detect and
discard duplicate packets
Hash Message Authentication Code (HMAC)
A hash of the data and secret key used to
provide message authenticity
Diffie-Hellman Exchange
A shared secret key is established over an
insecure path using public and private keys
Troubleshooting
show crypto isakmp sa
show crypto isakmp policy
show crypto ipsec sa
show crypto ipsec transform-set
debug crypto {isakmp | ipsec}
by Jeremy Stretch
v2.0
IPV6
packetlife.net
Protocol Header
8
Ver
16
Address Notation
24
Traffic Class
32
Flow Label
Payload Length
Next Header
Hop Limit
Source Address
Global unicast
Global Prefix
Subnet
Interface ID
48
16
64
Destination Address
Link-local unicast
Version (4 bits) Always set to 6
Interface ID
64
Multicast
Flags
Group ID
4 4
112
EUI-64 Formation
64
Scope
MAC
Address Types
EUI-64
Multicast Scopes
1 Interface-local
5 Site-local
2 Link-local
8 Org-local
4 Admin-local
E Global
Special-Use Ranges
Extension Headers
Hop-by-hop Options (0)
Carries additional information which must be examined by every
router in the path
Routing (43)
Provides source routing functionality
::/0
Default route
Fragment (44)
Included when a packet has been fragmented by its source
::/128
Unspecified
::1/128
Loopback
::/96
IPv4-compatible*
::FFFF:0:0/96
IPv4-mapped
2001::/32
Teredo
2001:DB8::/32
Documentation
2002::/16
6to4
FC00::/7
Unique local
FE80::/10
Link-local unicast
FEC0::/10
Site-local unicast*
FF00::/8
Multicast
by Jeremy Stretch
Transition Mechanisms
Dual Stack
Transporting IPv4 and IPv6 across an infrastructure simultaneously
Tunneling
IPv6 traffic is encapsulated into IPv4 using IPv6-in-IP, UDP (Teredo),
or Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Translation
Stateless IP/ICMP Translation (SIIT) translates IP header fields, NAT
* Deprecated Protocol Translation (NAT-PT) maps between IPv6 and IPv4 addresses
v2.0