Professional Documents
Culture Documents
1. 2. 3. 4. 5. 6. 7. 8. 9.
Cisco Catalyst 6500 Architecture IP Fundamentals : Layered approach : OSI/TCP-IP model IP Address and subnetting Layer 2 : SWITCHING Switch and Routers Basic Administration IP Routing Access-List RIP and IGRP Border Gateway Protocol BGP
WS-X6704-10GE: an 8 port 10 Gigabit Ethernet X2 optic based line card supporting 2 x 20Gbps
4
5 6 7 8 9
WS-X6704-10GE
WS-SUP720-3B WS-X6748-GE-TX WS-X6748-GE-TX WS-X6748-SFP WS-X6704-10GE
Cisco Switches :
1. User information is converted to data for transmission on the network. 2. Data is converted to segments and a reliable connection is set up between the transmitting and receiving hosts. 3. Segments are converted to packets or datagrams, and a logical address is placed in the header so each packet can be routed through an internetwork. 4. Packets or datagrams are converted to frames for transmission on the local network. Hardware (Ethernet) addresses are used to uniquely identify hosts on a local network segment. 5. Frames are converted to bits, and a digital encoding and clocking scheme is used.
Soc Classification level 13 Nokia Siemens Networks Presentation / Author / Date Created by Krantikumar Sherkhane NSN
ARP Request :
Reverse ARP
binary-to-decimal conversions :
00000000 10000000 11000000 11100000 11110000 11111000 11111100 11111110 11111111 = = = = = = = = = 0 128 192 224 240 248 252 254 255
5. What is the broadcast address for each subnet? Broadcast address is all host bits turned on, which is the number immediately preceding the next subnet.
Soc Classification level 20 Nokia Siemens Networks
Private IP Addresses :
Address Class Class A Class B Class C Reserved Address Space 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255
These addresses can be used on a private network, but theyre not routable through the Internet. It conveniently saves valuable IP address space. If every host on every network had to have real routable IP addresses, we would have run out of IP addresses. But by using private IP addresses, ISPs, corporations, and home users only need a relatively tiny group of IP addresses to connect their networks to the Internet. This is also economical. To accomplish this task, the ISP and the corporation need to use something called Network Address Translation (NAT), which basically takes a private IP address and converts it for use on the Internet.
Soc Classification level 22 Nokia Siemens Networks Presentation / Author / Date Created by Krantikumar Sherkhane NSN
Subnetting example :
Network Given : 16 . 20 . 20 . 0 / 24
Turbhe
Vashi
30 Users
24 Users
28 Users
12 Users
16.20.20.2/27
16.20.20.98/27
30 Users
16.20.20.129/27
Andheri
Vashi
16.20.20.226/27 16.20.20.66/27 16.20.20.225/27
16.20.20.130/27
16.20.20.34/27
Dadar
16.20.20.161/27
Worly
16.20.20.193/27
16.20.20.162/27
24 Users
28 Users
16.20.20.194/27
12 Users
16.20.20.2/30
16.20.20.13/30
30 Users
Andheri
Vashi
16.20.20.226/27 16.20.20.9/30 16.20.20.225/27
Dadar
16.20.20.161/27
Worly
16.20.20.193/27
16.20.20.162/27
24 Users
28 Users
16.20.20.194/27
VLSM Example
Network Given : 192.168.10.0 /25
Block 32 16 8 4
Hosts 30 14 6 2
Network Given was: 192.168.10.0 /25 (total 128 hosts) We have utilized 32+32+16+8+4+4+4+4 = 104 hosts 192.168.10.8 to 192.168.10.111
Layer-2 Switching
Layer-2 switching is uses the MAC address from the hosts NIC cards to filter the network. Layer-2 switching provides the following:
Hardware-based bridging (MAC) Wire speed Low latency Low cost
What makes layer-2 switching so efficient is that there is no modification to the data packet, only to the frame encapsulating the packet. Since no modification of the data packet is performed, the switching process is faster and less error-prone than routing.
Soc Classification level 29 Nokia Siemens Networks Presentation / Author / Date Created by Krantikumar Sherkhane NSN
VLANs
VLANs are use to separate different types of user traffic (commonly separated by job function) and to separate it based on the type of traffic. VLAN Membership Can be static or Dynamic.
When you are dealing with static VLANs, you must manually assign a port on a switch to a VLAN. With dynamic VLANs, the switch automatically assigns the port to a VLAN. Dynamic VLANs have one main advantage over static VLANs: they support plug-and-play movability.
Soc Classification level 30 Nokia Siemens Networks
VLAN Connections
switches support two types of switch ports: 1. Access-links 2. Trunks Access-Link Connections : Devices connected to this port will be in the same broadcast domain. Trunk Connections : Trunk connections are capable of carrying traffic for multiple VLANs. Cisco supports two Ethernet trunking methods: Ciscos proprietary InterSwitch Link (ISL) protocol for Ethernet IEEEs 802.1Q, commonly referred to as dot1q for Ethernet
Soc Classification level 31 Nokia Siemens Networks
VTP Modes
EtherChannel Overview :
An EtherChannel is a layer 2 solution that allows you to aggregate multiple layer 2 Ethernet-based connections between directly connected devices. EtherChannels provide these advantages: Redundancy If one connection in the channel fails, you can use other connections in the channel. More bandwidth Each connection can be used simultaneously to send frames. EtherChannel Restrictions: EtherChannel must be configured identically : speed, duplexing, and VLAN setting. In EtherChannels, you can use up to 8 interfaces bundled together:
Soc Classification level 38 Nokia Siemens Networks Presentation / Author / Date Created by Krantikumar Sherkhane NSN
Etherchannel configuration
interface Port-channel1 description "6509-1& 6509-2 connectivity" switchport switchport trunk encapsulation dot1q ! interface GigabitEthernet1/14 description ********* Connectivity with 6509-2 ********** switchport switchport trunk encapsulation dot1q channel-group 1 mode on ! interface GigabitEthernet2/9 description ********* Connectivity with 6509-2 ********** switchport switchport trunk encapsulation dot1q channel-group 1 mode on
Soc Classification level 39 Nokia Siemens Networks Presentation / Author / Date Created by Krantikumar Sherkhane NSN
Switch Functions at Layer 2 There are three distinct functions of layer-2 switching: Address learning Layer-2 switches and bridges remember the source hardware address of each frame received on an interface and enter this information into a MAC database. Forward/filter decisions When a frame is received on an interface, the switch looks at the destination hardware address and finds the exit interface in the MAC database.
STP contd..
Selecting the Root Bridge: Switches running STP exchange bridge ID using Protocol called Bridge Protocol Data Units (BPDUs). The bridge ID is used to determine the root bridge in the network. The bridge ID : Priority (default 32,768) & the MAC address of the device. If two switches have the same priority value, then the Device with Lowest MAC address becomes Root Bridge. Lower Priority value wins.
STP contd..
Root Port is selected on the port with the lowest cost to the root bridge (as determined by a links bandwidth).
STP eg.
You can configure multiple Hot Standby groups on an interface, thereby making fuller use of redundant routers and load sharing. To do so, specify a group number for each Hot Standby command you configure for the interface.
logout : At this point you can type logout to exit the console.
Router>logout
Or you could just type logout or exit from the privileged mode prompt to log out.
Router>en Router#logout
Global configuration Mode: following command is used to enter global configuration mode. Router#configure terminal
Soc Classification level 56 Nokia Siemens Networks
CLI Prompts :
Interfaces : To make changes to an interface, we use the interface command from global configuration mode:
Router(config)#interface fastethernet 0/0 Router(config-if)#
Subinterfaces : Subinterfaces allow you to create virtual interfaces within the router. The prompt then changes to
Router(config-subif)#. Router(config)#int f0/0.? <0-4294967295> FastEthernet interface number Router(config)#int f0/0.1 Router(config-subif)#
show version:The command will provide basic configuration for the system hardware as well as the software version, the names and sources of configuration files, and the boot images.
Router#sh version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(8), RELEASE SOFTWARE Copyright (c) 1986-1999 by cisco Systems, Inc. ..
Errors :
1. If you are typing commands and receive this: Router#clock set 10:30:10 % Incomplete command. then you know that the command string is not done
2. Also, if you receive this error:
Router(config)#access-list 110 permit host 1.1.1.1 ^ % Invalid input detected at '^' marker.
notice that the ^ marks the point where you have entered the command incorrectly. 3. If you receive this error:
Router#sh te % Ambiguous command: "sh te"
it means you did not enter all the keywords or values required by this command.
4. Use the question mark to find the command you need.
Router#sh te?
Soc Classification level 60 Nokia Siemens Networks
Hostnames: You can set the hostname of the router with the hostname command. Thisis only locally significant, which means it has no bearing on how the router performs name lookups on the internetwork.
Router#config t Router(config)#hostname xyz xyz(config)#hostname Atlanta
Descriptions: Setting descriptions on an interface is helpful to the administrator and, likethe hostname, only locally significant. This is a helpful command because it can be used to keep track of circuit numbers, for example.
Atlanta(config)#int e0 Atlanta(config-if)#description Sales Lan
Soc Classification level 61 Nokia Siemens Networks
Chapter 6 IP Routing
Types of IP Routing
Static routing Default routing Dynamic routing
Routing
To be able to route packets, a router must know, at a minimum, the following:
Destination address Neighbor routers from which it can learn about remote networks Possible routes to all remote networks The best route to each remote network
The router learns about remote networks from neighbor routers .The router then builds a routing table that describes how to find the remote networks. If the network is directly connected, then the router already knows how to get to the network. If the networks are not attached, the router must learn how to get to the remote network with either static routing, which means that the administrator must hand-type all network locations into the routing table.
Soc Classification level 65 Nokia Siemens Networks Presentation / Author / Date Created by Krantikumar Sherkhane NSN
Administrative Distances :
Default Routing :
Default routing is used to send packets with a remote destination network not in the routing table to the next hop router. You can only use default routing on stub networks, which means that they have only one exit port out of the network.
2501C(Config)#ip route 0.0.0.0 0.0.0.0 172.16.40.1
2501C#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M [output cut] - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o ODR Gateway of last resort is 172.16.40.1 to network 0.0.0.0 172.16.0.0/24 is subnetted, 5 subnets C 172.16.50.0 is directly connected, Ethernet0 C 172.16.40.0 is directly connected, Serial0 S* 0.0.0.0/0 [1/0] via 172.16.40.1.0.0 172.16.40.1
Soc Classification level 71 Nokia Siemens Networks Presentation / Author / Date Created by Krantikumar Sherkhane NSN
Dynamic routing is when protocols are used to find networks and update router A routing protocol defines the set of rules used by a router when it communicates routing information between neighbor routers.ting tables on routers. This is easier than using static or default routing, but itll cost you in terms of router CPU processes and bandwidth on the network links. Two types of routing protocols are used in internetworks: interior gateway protocols (IGPs) and exterior gateway protocols (EGPs). IGPs are used to exchange routing information with routers in the same autonomous system (AS). An AS is a collection of networks under a common administrative domain, which basically means that all routers sharing the same routing table information are in the same AS. EGPs are used to communicate between ASes.
Soc Classification level 73 Nokia Siemens Networks
IGP
RIP V2 RIP V1 IGRP EIGRP OSPF ISIS
EGP
BGP
DV
DV
DV
Adv. DV
LS
LS
DV
============================================================================================================================================================================================================================================================= ============================================================================================
DV = Distance Vector The distance-vector routing algorithm passes complete routing table contents to neighboring routers. This is called routing by rumor. CLASSFULL Routing Protocols Classful routing protocols do not send subnet mask information with their routing updates.
LS = Link State The Link-state routing algorithm passes small event-triggered link-state updates to all other routers after initial flood. CLASSLESS Routing Protocols Classless routing protocols do send the subnet mask with their updates. Thus, Variable Length Subnet Masks (VLSMs) are allowed when using classless routing protocols.
============================================================================================================================================================================================================================================================= ============================================================================================
Routing Protocols :
There are three classes of routing protocols: Distance vector : The distance-vector routing protocols use a distance to a remote network to find the best path. Each time a packet goes through a router, its called a hop. The route with the least number of hops to the network is determined to be the best route. The vector is the determination of direction to the remote network. Examples : RIP and IGRP. Link state : Typically called shortest path first, the routers each create three separate tables. One of these tables keeps track of directly attached neighbors, one determines the topology of the entire internetwork, and one is used for the routing table. Linkstate routers know more about the internetwork than any distance-vector routing protocol. Example : OSPF. Hybrid : Uses aspects of distance vector and link state, for example, EIGRP.
Soc Classification level 75 Nokia Siemens Networks
OSPF :
Link state protocol generates routing updates only when there is change in network. When there is link changes states, detecting device creates link state advt concerning that link . Each routing device takes a copy of LSA and updates is LSDB and forwards LSA. LSDB calculates best path through the n/w by applying Dijkstras Algo also know as SPF to build SPF tree. Then best path is selected from SPF tree and placed in RT.
OSPF Overview :
OSPF is very popular in many corporate networks today and has many advantages: It is open standard Protocol. It uses the SPF algorithm, developed by Edsger Dijkstra, to provide a loopfree topology. Uses LSA for fast convergence. It has an intelligent metric (cost), which is the inverse of the bandwidth of an interface.
OSPF Overview :
OSPF implements a two-layer hierarchy:
The backbone Areas off the backbone
Metric Structure :
Unlike RIP, which uses hop count. as a metric, OSPF uses cost. Cost is actually the inverse of the bandwidth of a link: The faster the speed of the connection, the lower the cost. The most preferred path is the one with the lowest accumulated cost value. The default measurement that Cisco uses in calculating the cost metric is: cost = 10^8/(interface bandwidth).
OSPF Operation :
Router Identities : Each router in an OSPF network needs a unique ID.
This must be unique not just within an area, but within the entire OSPF network. The router ID is chosen according to one of the following criteria: The highest IP address on the routers active loopback interfaces is used (this is a logical interface on a router). If no loopback interface exists with an IP address, the highest IP address on its active interfaces is used when the router boots up.
Router ID contd..
The router ID is used by the router to announce itself to the other OSPF routers in the network. If no active interface exists, the OSPF process will not start and therefore you will not have any OSPF routes in your routing table. It is highly recommended, therefore, that you use a loopback interface because it is always up and thus the router can obtain a router ID and start OSPF.
Finding Neighbors :
An OSPF router learns about its OSPF neighbors and builds its adjacency and topology tables by sharing link state advertisements (LSAs). OSPF routers will generate LSA hello messages every 10 Sec . When a neighbor is discovered and an adjacency is formed with the neighbor, a router expects to see hello messages from the neighbor. If a neighbors hello is not seen within the dead interval time, which defaults to 40 sec, then the neighbor is declared dead. When this occurs, the router will advertise this information, via an LSA message, to other neighboring OSPF routers. When this adjacency is built, the two routers are called neighbors and then they sync their LSA.
Soc Classification level 84 Nokia Siemens Networks Presentation / Author / Date Created by Krantikumar Sherkhane NSN
OSPF Configuration :
Router(config)# router ospf process_ID Router(config-router)# network IP_address wildcard_mask area area_#
The process_ID is used to differentiate between OSPF processes running on the same router
OSPF Troubleshooting
show ip protocols show ip route show ip ospf show ip ospf interface show ip ospf neighbor debug ip ospf adj debug ip ospf events debug ip ospf packet
Chapter 7 Access-List
Access-list :
ACL commands define specifically which traffic is permitted and denied from thee router interface. Activating an ACL on an interface, you must specify in which direction the traffic should be filtered : Inbound (as the traffic comes into an interface from an external source) Outbound (before the traffic exits an interface to the network) ACLs come in two varieties: numbered and named and standard and extended
ACL types :
ACLs come in two varieties: numbered and named standard and extended A numbered ACL is assigned a unique number among all ACLs, whereas Named ACL is assigned a unique name among all named ACLs. ACLs supports two types of filtering: standard and extended.
ACL contd..
ACLs are processed top-down by the IOS. The IOS will execute one of two actions included with the statement: permit or deny. Implicit Deny Another important aspect of the top-down process is that if the router compares a packet to every statement in the list and does not find a match against the packet contents, the router will drop the packet. This process is referred to as implicit deny. At the end of every ACL is an invisible statement that drops all traffic that doesnt match any of the preceding statements in the ACL.
ACL Configuration :
general syntax. Router(config)# access-list ACL_# permit|deny conditions When dealing with IP addresses in ACL statements, you can use wildcard masks to match on a range of addresses instead of manually entering every IP address that you want to match.
Activating an ACL :
Router(config)# interface type [slot_#]port_# Router(config-if)# ip access-group ACL_# in|out
At the end of the ip access-group command, you must specify which ACL you are activating and in which direction:
In As traffic comes into the interface Out As traffic leaves the interface
Eg: Router(config)# access-list 100 permit tcp any 172.16.0.0 0.0.255.255 Router(config)# access-list 100 deny ip any any ! Router(config)# interface ethernet 0 Router(config-if)# ip access-group 100 !
Named ACLs :
Router(config)# ip access-list standard ACL_name Router(config-std-acl)# permit|deny source_IP_address [wildcard_mask] Router(config)# ip access-list extended ACL_name Router(config-ext-acl)# permit|deny IP_protocol source_IP_address wildcard_mask [protocol_information] destination_IP_address wildcard_mask [protocol_information] Eg: Router(config)# ip access-list extended do_not_enter Router(config-ext-acl)# permit tcp 172.17.0.0 0.0.255.255 host 176.16.1.2 eq telnet ! Router(config)# interface ethernet 0 Router(config-if)# ip access-group do_not_enter in ! Router# show access-lists [ACL_#_or_name] Router# show ip access-list [ACL_#_or_name] Router# show ip interfaces
Soc Classification level 100 Nokia Siemens Networks Presentation / Author / Date Created by Krantikumar Sherkhane NSN
ACL Eg.
ip access-list extended GTV0-block deny udp any eq 3386 host 58.68.12.75 eq 3386 permit ip any any ! ip access-list extended GTV0-block-in deny udp host 58.68.12.75 eq 3386 any eq 3386 permit ip any any ! interface GigabitEthernet8/18 ip access-group GTV0-block out (for packets going from Mum SGSN towards chennai GGSN ) ip access-group GTV0-block-in in (for packets coming from chennai GGSN) exit !
Numbers Assigned by an Internet registry or a service provider. Between 1 and 65,535. 0 - Reserved 1 through 64,495 Assignable for public use 64,512 through 65,535 - Private use This is similar to RFC 1918 IP addresses. 65,535 - Reserved Because of the finite number of available AS numbers, an organization must present justification of its need before it will be assigned an AS number. Soc Classification level 109 109 Nokia Siemens Networks
BGP Basics
Function of BGP is to: Exchange routing information between autonomous systems Guarantee the selection of a loop free path.
BGP Does not use technical metrics. Makes routing decisions based on network policies, or rules (later)
Cisco routers maintain a separate routing table to hold BGP routes. BGP updates are carried using TCP on port 179. Because BGP requires TCP: IP connectivity must exist between BGP peers. TCP connections must also be negotiated between them before updates can be exchanged. BGP inherits those reliable, connection-oriented properties from TCP.
BGP Operation
When BGP neighbors first establish a connection, they exchange all candidate BGP routes. After this initial exchange, incremental updates are sent as network information changes. Network reachability information can change when: A route becomes unreachable A better path becomes available Withdrawn routes are part of the update message. BGP routers keep a table version number Tracks the version of the BGP routing table received from each peer Increments whenever the BGP table changes (later).
BGP Configuration
IBGP vs EBGP
When BGP runs between autonomous systems, it is called External BGP (eBGP). Border router - Routers that sit on the boundary of an AS and use eBGP to exchange information. When BGP is running inside an AS, it is referred to as Internal BGP (iBGP). Transit router - Routes iBGP. With very few exceptions, interior BGP (iBGP) BGP between peers in the same AS is used only in multihomed scenarios. Doyle
Taos
192.168.100.0/24 192.168.200.0/24 192.168.1.216/30
AS 100 Aspen
192.168.1.222/30 192.168.1.220/30 192.168.1.221/30
Vail
192.168.1.226/30 192.168.1.224/30 192.168.1.225/30
AS 200
Soc Classification level 113 Nokia Siemens Networks
EBGP
RTA(config)#router bgp 100 RTA(config-router)#neighbor 10.1.1.1 remote-as 200 Because the two AS numbers are different, BGP will start an EBGP connection with RTA.
IBGP
RTB(config)#router bgp 200 RTB(config-router)#neighbor 172.16.1.2 remote-as 200 RTB(config-router)#neighbor 172.16.1.2 update-source loopback 0 The remote-as value (200) is the same routers will attempt to establish an IBGP session.
If all paths have the same AS-path length, it will prefer the path with the lowest origin type. Ie IGP is lower than EGP.
If the origin codes are the same, it will prefer the path with the lowest MED attribute.
If the paths have the same MED, it will prefer the external path over the internal path.
If the paths are still the same, it will prefer the path through the closest IGP neighbor If nothing from the above has worked, eventually it will prefer the path with the lowest IP Soc Classification level 115 Nokia Siemens Networks address.
WEIGHT Attribute
WLam Weight Local Preference as path med
The weight attribute is local to the router on which it is assigned, and it is not propagated in routing updates. By default, the weight attribute is 32768 for paths that the router originates and zero for other paths. Routes with a higher weight are preferred when there are multiple routes to the same destination.
116
Local Preference
WLam Weight Local Preference as path med
Local to an AS non-transitive local preference set to 100 when heard from neighbouring AS.
Used to influence BGP path selection determines best path for outbound traffic. Path with highest local preference wins
Configuration of Router B:
router bgp 400 neighbor 120.5.1.1 remote-as 300 neighbor 120.5.1.1 route-map local-pref in ! route-map local-pref permit 10 match ip address prefix-list MATCH set local-preference 800 ! ip prefix-list MATCH permit 160.10.0.0/16
AS_PATH
WLam Weight Local Preference as path med With all else equal shortest AS_PATH is best 10 11 12 13 AS14 99.0.0.0/8 10
We want to make it look as if the 99.0.0.0/8 in AS 14 network can be reached via ISP1 and ISP2. We will add this network to both routers and prepend some AS numbers to make it look like it originated in AS 14 from several ASs away. Sometimes used by ISPs to prepend their own AS number several times to make a path look less desirable. 119
Multi-Exit Discriminator
WLam Weight Local Preference as path med
Inter-AS non-transitive. Used to convey the relative preference of entry points determines best path for inbound traffic Comparable if paths are from same AS bgp always-compared-med allows comparisons of MEDs from different ASes Path with lowest MED wins Absence of MED attribute implies MED value of zero (RFC4271)
Soc Classification level 120 Nokia Siemens Networks
Configuration of Router B:
router bgp 400 neighbor 120.5.1.1 remote-as 200 neighbor 120.5.1.1 route-map set-med out ! route-map set-med permit 10 match ip address prefix-list MATCH set metric 1000 ! ip prefix-list MATCH permit 120.68.1.0/24
BGP Open Message After the TCP session is established, both neighbors send Open messages. This message is used to establish connections with peers. Each neighbor uses this message to identify itself and to specify its BGP operational parameters.
BGP Keepalive Message This message type is sent periodically between peers to maintain connections and verify paths held by the router sending the keepalive. If a router accepts the parameters specified in its neighbors Open message, it responds with a Keepalive. Subsequent Keepalives are sent every 60 seconds by Cisco default or equal to one-third the agreed-upon hold time (180 seconds). If the periodic timer is set to a value of zero (0), no keepalives are sent.