alcatel-lucent interior routing protocols and high availability student guide v1-2

Interior Routing Protocols and High Availability v1.2 Module 0 – page 1

Alcatel-Lucent Interior Routing Protocolsand High Availability

Module 0 — Introduction

Alcatel-Lucent C

onfidential for internal use only -- Do N

ot Distribute


Alcatel-Lucent Interior Routing Protocols and High Availability Module 0 | 2 All rights reserved © 2006-2007 Alcatel-Lucent

Module Objectives

Course timelineCourse objectivesCourse prerequisitesCourse introduction

Alcatel-Lucent Interior Routing Protocols and High Availability

This course is part of the Alcatel-Lucent Service Routing Certification (SRC) Program. For more information on the theSRC program, see www.alcatel-lucent.com/src

To locate additional information relating to the topics presented in this manual, refer to the following:

Technical Practices for the specific product

Internet Standards documentation such as protocol standards bodies, RFCs, and IETF drafts

Technical support pages of the Alcatel-Lucent website located at: http://www.alcatel-lucent.com/support

Alcatel-Lucent C


ot Distribute



Course Timeline

Day 1Module 0 – Course IntroductionModule 1 – Basic Networking ReviewModule 2 – Static Routing and Default Routes

Day 2Module 3 – Routing Information ProtocolModule 4 – Link-State Protocols

Day 3Module 5 – Open Shortest Path First

Alcatel-Lucent C


ot Distribute



Course Timeline (continued)

Day 4Module 5 – Open Shortest Path First (continued) Module 6 – Intermediate System–to–Intermediate System

Day 5Module 7 – Filters and PoliciesModule 8 – IPv6

Alcatel-Lucent C


ot Distribute



Course Objectives

After successful completion of this course, you should be familiar with:

Review of basic networking concepts and terms The details of the protocol operation of RIPImplementing RIP in an Alcatel-Lucent environmentThe details of the protocol operation of IS-ISImplementing IS-IS in an Alcatel-Lucent environmentThe details of the protocol operation of OSPFImplementing OSPF in an Alcatel-Lucent environmentThe details and operation of router redundancyImplementing router redundancy in an Alcatel-Lucent environment

Alcatel-Lucent C


ot Distribute



Course Objectives (continued)

The details and operation of filtersImplementing filters in an Alcatel-Lucent environmentThe basic ideas and concepts of IPv6

Alcatel-Lucent C


ot Distribute



Course Prerequisites and Follow-On

Suggested prerequisitesTo fully appreciate the concepts presented in this course, it isstrongly recommended that the Alcatel-Lucent Scalable IP Networks course have already been taken.

Suggested follow-on coursesBased on the material covered in this course, it is recommended that the this course be followed with the Border Gateway Protocol course.

Alcatel-Lucent IGP examTo ensure full comprehension of the material covered in this course, it is recommended that the student register for and take the Alcatel-Lucent IGP exam following successful completion of this course.

Alcatel-Lucent C


ot Distribute



Course Introduction

Provide the participants with a foundation knowledge of interior routing protocols and their implementation in an Alcatel-Lucent environment.

Alcatel-Lucent C


ot Distribute



Administration

RegistrationFacility informationRestroomsCommunicationsMaterialsScheduleIntroductions

Name and companyExperienceFamiliarity with IGP

Questions

Alcatel-Lucent C


ot Distribute



Server Customer site 1 GenericRouter/CE

Network Cloud

Workstation Pipe ServiceOr tunnel

Switch

Customer site 2

MTU

User

CLI Syntax: config>service# epipe service-id [customer customer-id] [vpn vpn-id]description description-stringno shutdown

Command Syntax display

Prefix Origin AS Path next-hop

10.1.1.1

Routing Update

(showing attribute)

Physical link

Graphical Symbols and Icons

Alcatel-Lucent C


ot Distribute

www.alcatel-lucent.com

3HE-02771-AAAA-WBZZA Edition 01

Alcatel-Lucent C


ot Distribute

Alcatel-Lucent C


ot Distribute

Module 1 - page1Interior Routing Protocols and High Availability v1.2

Alcatel-Lucent Interior Routing Protocolsand High Availability [AIRP]

Module 1 — Basic Networking Review

Alcatel-Lucent C


ot Distribute



Module Objectives

After completion of this module, you should understand:Network and addressing review

OSI model and network layeringNetwork topologiesForwarding of IP datagramsIP addressing

Introduction to IP Routing Review of IP forwardingControl plane vs. data plane functionsCommon Layer 3 Routing Protocols SubnettingPrivate IP addresses







Alcatel-Lucent C


ot Distribute


Basic Networking Review

Section 1 — Network and Addressing Review

Alcatel-Lucent C


ot Distribute



Section Objectives

Network and addressing reviewOSI model and network layeringLayer 2 addressing Network topologiesForwarding of IP datagramsIP addressingIP subnetting

Section 1 — Networking and Addressing ReviewThis section provides an overall review of networking fundamentals. In this section, students will review the OSI model, basic network flow, and flow of a packet through an Alcatel-Lucent 7750 SR chassis. The section will also review concepts relating to classful and classless protocols and the differences between distance vector and link-state protocols. These concepts are a necessary prerequisite to the discussion on routing protocols that will follow.

Alcatel-Lucent C


ot Distribute



OSI Model

Application

Presentation

Transport

Network

Data Link

Session

Physical

ISO has created a template of network functions to describe the complexities of networking and to have a basis by which to compare different networks. This template is called the OSI model. The OSI model defines seven different layers. Each layer provides services to the layer above it and in turn requests services from the layer below it.

The benefits of using the OSI model are numerous, including:

The complexity of network design is eased by breaking each operation down into specific functions.

Design engineers can focus on specific functions and layers rather than the overall movement of data.

Because each layer performs a specific function, different vendors can create different layer devices and applications that will coexist.

The Networked OSI ModelEach layer of the OSI model is designed to communicate with its peer layer. Each layer requests services from the layer below it and honors requests from the layer above. No layer can bypass another layer. For example, the session layer cannot go directly to the network layer, bypassing the transport layer. Instead, the session layer must go through the transport layer to get to the network layer.

Alcatel-Lucent C


ot Distribute



OSI Model — Encapsulation

Application

Presentation

Transport

Network

Data Link

Session

Physical

Segments

Packets

Frames

Bits

Application, Presentation and Session LayersThese layers are generally not a concern to network engineers because they usually reside on the end devices and not in the network equipment that moves the data. The application layer provides an interface for the networked application to access lower-layer communication services. There must be a unique interface for each end-user application (e.g., database, transaction processing, and file transfer).

The presentation layer is responsible for converting application data into a common format for transmission and reversing the conversion for received data. It is here that code conversion, data compression, and encryption are performed for an application. Presentation defines syntax and context.

The session layer is responsible for establishing and terminating data streams between end systems. It is responsible for coordinating connections between network applications. The control of the direction of data flow is also handled at this layer (one-way, two-way simultaneous, or two-way, one way at a time).

Transport Layer The transport layer is responsible for establishing and maintaining end-to-end connections between applications across the network. It insures that data is transferred correctly over the Internet and it provides reliable transfer with acknowledgments. The verification of the number of data packets sent and received is a function of this layer. Therefore, this layer may optionally provide error recovery for lost or mismatched data. The format of data at this layer and above is called a segment. This function is performed primarily in end systems (hosts). There is also a communication option at this layer that provides no reliability. There is no common network equipment used at this layer. However, routers have the capability to filter based on transport layer headers and the port numbers that are used in those headers.

Alcatel-Lucent C


ot Distribute



OSI Model — Addresses

Application

Presentation

Transport

Network

Data Link

Session

Physical

Port numbers

IP Address

MAC or WAN address

Network Layer The network layer is responsible for formatting data into packets before passing them to the data link layer. It is also referred to as the routing layer. Protocols at this layer send packets over router-selected paths. The network layer’s primary function is routing, or moving traffic from one segment in a network to another segment (which could be a great distance away). The most common protocol in use today at this layer is IP. For hardware, the router is used at this layer. Data at this layer is called a packet.

Data Link Layer The data link layer usually works closely with the physical layer; it describes how data is formatted and passed on to the physical layer for transmission. It also is responsible for error detection and possibly error correction. Data is formatted into characters, frames, or cells. In LANs the combinations of the link and physical layers usually define the standard, such as the very common 802.3 (Ethernet) standard. WANs at the link layer usually work independently from the physical layer. Examples include HDLC, frame relay, and PPP. Hardware at this layer includes NICs, switches, and bridges. Data at this layer is called a frame.

Alcatel-Lucent C


ot Distribute



OSI Model — Devices

Application

Presentation

Transport

Network

Data Link

Session

Physical

Routers

Switches and bridges

Cables, hubs, CSUs, modems

Physical Layer The physical layer is concerned with the mechanical and electrical procedures needed to represent data in the form of signals over a network. The physical layer defines the electrical and physical characteristics of the media. The universal name for data at this level is the bit stream.

Common cabling standards such as V.35, RS-232, Cat 5, and Cat 6, define the type and number of wires within the cable as well as voltage and signal characteristics. In addition, some physical devices are modems, CSU/DSUs, regenerative repeaters, amplifiers, and hubs. Data at this layer is called bits.

Alcatel-Lucent C


ot Distribute



TCP/IP Suite vs. OSI

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Suite

Application

Presentation

Transport

Data Link

OSI

Session

Network

Physical

The TCP/IP suite differs from the OSI model in that the TCP/IP suite uses four protocol layers and the OSI model uses seven layers. The slide above roughly shows the protocol layer relationship between the two models.

Network Interfaces — This layer is used to define the interface between hosts and contains the functionality of both the physical and data link layer of the OSI model. Protocols such as Ethernet describe both the framing of data (layer 2) and the physical transmission of the frame over the media (layer 1). This layer is often referred to as layer 2 or L2 because it provides OSI layer 2-type services to the IP layer.

Internet Protocol — The IP layer provides a universal and consistent forwarding service across a TCP/IP network. IP provides services comparable to the OSI network layer and is sometimes referred to as a layer 3 (or L3) protocol. The OSI protocol CLNP corresponds most closely to IP.

Transport — The transport layer is made up of two main protocols, TCP and UDP. These transport protocols provide similar services to OSI transport protocols. TCP is very similar to the OSI transport protocol, TP4. TCP and UDP may be referred to as layer 4 protocols.

Application Services — The application services provide end-user access to the Internet. Any of the services of the upper three OSI protocols that are required are incorporated into the application protocols. There are a number of Internet protocols that provide services similar to these OSI layers although they do not follow the layering or service definitions of OSI. For example, TLS provides session-like services to Internet applications and MIME provides presentation-like services to SMTP and HTTP. Application layer protocols are sometimes referred to as layer 7 protocols.

Alcatel-Lucent C


ot Distribute



Application Encapsulation

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers

From: [email protected]: [email protected]

Message Body

When a network application wants to communicate with another application across the network, it must first prepare its data in the specific format defined by the protocol to be used by the receiving application. A specific protocol is used so that the receiving application will know how to interpret the data it receives.

In the case of a mail message, the message consists of two parts, the message header and the body. The message header contains the sender’s and receiver’s addresses as well as other information such as the urgency of the message and the nature of the message body. The format of the header and the nature of the addresses is defined by the application protocol. In the case of a mail message, the protocol is SMTP.

In addition to defining the format of the message, the protocol also specifies how the applications are expected to interact with each other, including the exchange of commands and the expected responses.

To accomplish the transfer of the application’s data, the application uses the services of the transport layer.

Alcatel-Lucent C


ot Distribute



Transport Encapsulation

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers


Message Body

Source: 1223Destination: 25

Message BodyHeader Body

The transport layer provides a service to transfer data between applications across a network. There are two transport protocols used on the Internet: TCP and UDP. For exchanging e-mail across the Internet, an e-mail application uses SMTP. SMTP uses TCP to accomplish the transfer. TCP provides a reliable transfer service so that the application does not have to be concerned about whether all data is properly transferred. UDP provides a simple, unreliable datagram delivery service (much like IP).

TCP treats all application data as a simple byte stream, including both the message header and the message body. TCP accepts the application’s data and breaks it into segments for transmission across the network as required. To accomplish this reliable transfer, TCP packages the application data with a TCP header. On the receiving end of the connection, TCP removes the TCP header and reconstructs the application data stream exactly as it was received from the application on the sender’s side of the network.

The TCP and UDP headers carry source and destination addresses that identify the sending and recipient applications because a single host system may support multiple applications. These addresses are known as port numbers. The TCP units of data are known as segments; UDP data is called a datagram.

To transmit its segments of data across the network, TCP uses the services of the IP layer.

Alcatel-Lucent C


ot Distribute



IP Encapsulation

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers


Message Body



Source:138.120.191.122Dest.: 197.199.45.12

Header Header Body

The IP layer provides a common addressing scheme across the network as well as a simple, unreliable datagram forwarding service between nodes in the network.

Data from the transport layer is packaged in IP datagrams for transfer over the network. Each datagram travels independently across the network. The intermediate routers forward the datagram on a hop-by-hop basis based on the destination address.

Each datagram contains source and destination addresses that identify the end nodes in the network. Every node in an IP network is expected to have a unique IP address.

IP uses the services of the underlying network interfaces to accomplish the physical transfer of data.

Alcatel-Lucent C


ot Distribute



Data Link Encapsulation

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers


Message Body



Source:138.120.191.122Dest.: 197.199.45.12

Header Header Body

DA: 00-D0-F6-A4-26-5CSA: 00-20-60-37-BB-5F

Hdr FCS

Hdr Hdr Body

The data link layer is the term used to describe the network interfaces used by IP for physically transmitting the data across the network. The units of data transmitted at the data link layer are usually known as frames. IP datagrams must always be encapsulated in some type of data link frame for transmission.

A typical data link frame contains a header, usually containing some type of address. The frame also often carries a trailer that contains some type of checksum to verify the integrity of the transmitted data. There are many types of technology used as network interfaces by IP, and they each have their own specific format and rules of operation. The common characteristic is that the technologies are all capable of carrying IP datagrams.

Most protocols at this layer also use some type of addressing. The address identifies the two endpoints of a data exchange to the data link protocol. For example, the slide above shows the addressing of an Ethernet frame. Some point-to-point protocols such as PPP may not use addresses if there is only one possible destination for the data.

Alcatel-Lucent C


ot Distribute



Layer 1 — Physical Layer

Application

Presentation

Transport

Network

Data Link

Session

Physical

Alcatel-Lucent C


ot Distribute



Layer 2 — Data Link Layer

Application

Presentation

Transport

Network

Data Link

Session

Physical

Alcatel-Lucent C


ot Distribute



Layer 2 Overview

LAN standards were developed by ITU-T and IEEE.Typically broken into two major parts:

MAC — Framing, error checking, and modulation of the signalLLC — presentation of data to correct upper layer

Switches and bridges are the networking equipment used to interconnect end stations to each other on a LAN.Other standards are defined for WANs.

The IEEE, working in cooperation with ISO and ITU-T, developed specifications for LANs beginning in February 1980 (hence, 802.X). The datalink layer was subdivided into the MAC portion and the LLC portion. A brief description of some of the IEEE 802.X standards is listed below.

802.1 — Overview of the IEEE 802 standards for LANs and WANs (includes spanning tree)

802.1q — Operation of virtual LAN trunking

802.2 — LLC operation

802.3 — Ethernet protocol and CSMA/CD access

802.3u —802.3 version for 100BASE-X fast Ethernet

802.3z — Gigabit Ethernet operation

802.3ae — 10-gigabit Ethernet standard

802.5 — Token ring operation

802.9 — ISDN

802.11 — Wireless networks

The MAC part is responsible for framing, FCS, and modulation of the signal based on the specific type of LAN in use. Ethernet uses canonical, Manchester-coded signalling and modulation whereas token ring uses non-canonical, differential Manchester coding.

LLC is responsible for interacting with the network layer. LLC must ensure that the received data is presented to the correct upper layer protocol. For example, one frame might be destined for IP and the next frame for IPX on the same device. LLC is responsible for ensuring that each frame is presented to appropriate network layer protocol.

Alcatel-Lucent C


ot Distribute



Layer 2 — Ethernet MAC Addressing

Vendor Code Serial Number

24 Bits 24 Bits

1234.56 78.9ABC

RAM (Active address)

ROM (Burned-in address)

The MAC address on each NIC is 48 bits long, expressed as 12 hexadecimal digits, and is "burned in" to ROM by the manufacturer of the card. It is sometimes called the burned-in address (BIA). When the NIC initializes, the address is copied into RAM and can be changed by upper-layer software at that time.

The first 24 bits (6 hex characters) are assigned by the IEEE to the manufacturer of the card. This is known as the organizationally unique identifier (OUI) or vendor code. The last 24 bits (the 6 remaining hex characters) are the equivalent of the serial number of the card. Each NIC therefore has a unique MAC address that identifies it compared to any other device connected to the LAN segment.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Give some examples of network devices used at each of the three lower levels of the OSI model.

2. What is meant by a Layer 2 broadcast domain?3. Name some commonly used Layer 2 protocols and state

whether each is primarily a WAN or LAN protocol.4. Imagine that you had the packet capture from a Telnet

session that occurred on an Ethernet connection. Describe the protocol headers you would see in the stream of bits that were transmitted over the cable.

Alcatel-Lucent C


ot Distribute



Learning Assessment (Answers)

1. Give some examples of network devices used at each of the three lower levels of the OSI model.

Level 1 and 2 – Ethernet NIC, switch or hub, modem or ATM switch

Level 3 – IP router

2. What is meant by a broadcast Layer 2 environment?

In a broadcast environment, there are potentially many recipients listening to the data transmission. Therefore, some form of Layer 2 addressing is required to identify the intended recipient. Examples include multiple Ethernet stations connected to a single cable or hub and wireless networking technologies.

3. Name some commonly used Layer 2 protocols and state whether each is primarily a WAN or LAN protocol.

Ethernet – primarily LAN, now more frequently used as a WAN protocol

ATM – primarily WAN, occasionally used as a LAN protocol

Frame Relay – WAN protocol

PPP – WAN protocol, used over a variety of layer 1 technologies

Token Ring, ARCnet – once frequently used LAN protocols, rare today

4. Imagine that you had the packet capture from a Telnet session that occurred on an Ethernet connection. Describe the protocol headers you would see in the stream of bits that were transmitted over the cable.

The first stream of bits you would see are the preamble bits and start of frame delimiter of the Ethernet frame.

This is followed by the Ethernet header (destination address, source address and type/length field).

The Ethernet header is followed by the IP header (typically 20 bytes long)

The IP header is followed by the TCP header (20 – 24 bytes long).

The TCP header is followed by the Telnet data (if any). Often the Telnet data is only one character!

The Telnet data is followed by any padding required to make the minimum size 64 byte Ethernet frame.

This is followed by the Ethernet frame check sequence.

Alcatel-Lucent C


ot Distribute



Layer 3 — Network Layer

Application

Presentation

Transport

Network

Data Link

Session

Physical

Alcatel-Lucent C


ot Distribute



Movement of Data

1.1.1.2 2.2.2.2

1.1.1.1 2.2.2.1

3.3.3.1 3.3.3.2

IP Source IP Dest. MAC

S

MA

C D

1.1.1.2 2.2.2.2 A BFCS

Data

Data

IP Source IP Dest. WAN

1.1.1.2 2.2.2.2 PPPFCS

(MAC address = A)

(MAC address = B) (MAC address = C)

(MAC address = D)

Data 1.1.1.2 2.2.2.2 C DFCS

IP Source IP Dest. MAC

S

MA

C D

The basic flow of a packet of data through a network is as follows:

Device A (1.1.1.2) wants to send data to server D (2.2.2.2). Because device A is not located on the same segment as that of device D, it must use the default gateway for the segment. This default gateway is seen as IP address 1.1.1.1 in the slide above. Device A will ARP the 1.1.1.1 address to learn the MAC address of the gateway. The router responds with the MAC address of “B”. Device A is now able to encapsulate the data, as shown in the top block diagram. Note that the source and destination IP addresses identify the overall source and destination devices whereas the frame source and destination addresses identify the path across the Ethernet segment only.

When the data arrives at the left router (router B), the router removes the L2 header and trailer, checks its routing table, and determines that the data needs to be sent to the right router (router C). To accomplish this, router B encapsulates the data in a PPP frame of data and forwards it.

Router C removes the PPP frame and consults its routing table. Seeing that the destination IP network is directly connected to its Ethernet port, router C creates the frame of data and forwards it to device D.

Note that the IP addressing did not change throughout this movement of data. However, the L2 framing changed over each segment that the packet traversed. It can be surmised that the IP address identifies a device in the entire network topology whereas the L2 address identifies a device on that segment only.

Alcatel-Lucent C


ot Distribute



Packet Forwarding

When a router receives a packet, it:Compares the destination IP address of the packet to the FIBLooks for the longest (most specific) match

If no match is found, the packet is dropped.If the packet is to be forwarded, the next hop and egress interface must be known.If a match is found, the packet is sent to the next-hop address via the interface specified in the FIB.

The next-hop is the next router in the path toward the destination.The egress interface is required for encapsulation.

When a router receives a packet that is to be forwarded, the basic forwarding rules are as follows.

First, the router compares the destination IP address in the received packet to the entries in the FIB, commonly called the routing table. The router performs a bit-by-bit comparison of the destination IP address to these entries, searching for the entry that matches with the most common bits. This is called longest-match or most-specific-match routing.

If no entries match any bits, the packet is discarded, and in most cases an ICMP-unreachable message is generated back to the source.

When a matching entry is located, the router requires 2 elements from the matching entry in the FIB to forward the packet. The egress or outbound interface for the packet must be known, so the router may encapsulate the packet in the appropriate frame for forwarding toward the destination. Secondly, the next-hop IP address must be known so that the frame may be addressed and forwarded to the next router (unless the packet destination is local to the router, in which case the frame is addresses to the destination itself).

The egress interface is usually listed in the FIB associated with any route entry, based on the interface on which the route was learned. The IP next hop may also be located in the FIB or may be stored in the router’s memory. The next hop is usually derived from the source IP address of the routing update received because neighbor routers in the IGP world are directly connected.

This process traditionally occurred for each packet received by the router, independently from the next packet. In today's advanced hardware, there are many optimizations designed into the router hardware and software to streamline the lookup procedure.

Alcatel-Lucent C


ot Distribute



IP Addressing Review

IP addresses are divided into classes: A, B, C, and D

Class A: 0XXXXXXX.0.0.0

Class B: 10XXXXXX.Y.0.0

Class C: 110XXXXX.Y.Y.0

Class D: 1110XXXX.Y.Y.Y

1-126.0.0.0*

128.0.0.0 to191.255.0.0

192.0.0.0 to 223.255.255.0

224.0.0.0-239.255.255.255

* Note: 127.0.0.0 is reserved for loopback

IP addresses are divided into five different classes or ranges.

Class A — The high-order bit of the high-order byte will always be a binary “0”. This means that the decimal range of the first byte is limited to a range from 0 to 127. “0” is never used, and the “127” is reserved for loopback. An example of the loopback would be when a client application is located on the same device that the server application is residing on. When a Class A address is used, the first byte is the only byte used to identify the network part of the address.

Class B — The high-order two bits of the high-order byte will always be “10”. This means that the decimal range of the first byte is limited to a range from 128 to 191. When a Class B address is used, the second byte is also used to identify the network.

Class C — The high-order three bits of the high-order byte will always be “110”. This means that the decimal range of the first byte is limited to a range from 192 to 223. When a Class C address is used, the second and third bytes are also used to identify the network.

Class D — This address range is used for multicast traffic. A class D address is never used as the source address of an IP packet. The high-order four bits of the high-order byte will always be “1110”. This means that the decimal range of the first byte is limited to a range from 224 to 239. When a Class D address is used, all four bytes are used to identify the multicast address.

Class E — This address range is used for research and development.

Alcatel-Lucent C


ot Distribute



IP Addressing Review (continued)

127.0.0.0/8 — Loopback IP addressNetwork 127.0.0.0/8 is reserved for IP traffic local to the host.All IP network equipment uses this address for internal communications. There is only one address used: 127.0.0.1

Usually, address 127.0.0.1 is assigned to a special interface on your host, the loopback interface, which acts like a closed circuit. An IP packet handed to this interface from TCP or UDP is returned to them as if it had just arrived from some network. This allows you to develop and test networking software without ever using a real network. The loopback network also allows you to use networking software on a standalone host. This may not be as uncommon as it sounds. For example, many Alcatel-Lucent products use the 127.0.0.1 IP address for accessing internal operations of the equipment. Another example is that, for proper operation on Linux, INN requires the loopback interface.

Alcatel-Lucent C


ot Distribute



IP Addressing Review (continued)

IP addresses are broken into classes: A, B, C, and D

Class A: 255.0.0.0 or /8 Network Host Host Host

Network Network Host Host

Network Network Network Host

Multicast Multicast Multicast Multicast

Class B: 255.255.0.0 or /16

Class C: 255.255.255.0 or /24

Class D: 255.255.255.255 or /32

An IP address is 32 bits long and has two parts:

• Network number

• Host number

The address format is known as dotted-decimal notation.

• Example address: 64.14.128.30

• The minimum value for an octet is 0; it contains all 0s.

• The maximum value for an octet is 255; it contains all 1s.

IP addressing is divided into five ranges. Classes A, B, and C are unicast IP addressing ranges. This means that they are used to identify only a single device. Class D addressing is used for multicast traffic (from one source to multiple destination devices, but not all devices). Class E addressing is used for research and development.

An easy way to remember how many bytes (octets) are used to identify the classful network portion of an IP address is the following. Because “A” is the first letter in the alphabet, only the first byte (high-order byte) is used to identify the network. The remaining 3 bytes are used to identify the clients. Because “B” is the second letter in the alphabet, the first two bytes identify the network and the remaining two bytes identify the clients in the network. “C” is the third letter in the alphabet; therefore, the first three bytes identify the network and the fourth byte identifies the hosts in the networks. “D” is the fourth letter in the alphabet; this means that all four bytes (all 32 bits) are used to identify the multicast stream of data being sent.

Alcatel-Lucent C


ot Distribute



IP Addressing — Basic Subnetting

Subnetting allows a network to be subdivided into smaller networks with routing between them.With basic subnetting, each segment uses the same subnet mask.

Potential for wasting IP addresses on links that do not require high client densityEasiest to implementRequired for classful routing protocols

VLSM allows the use of different subnet masks for different parts of the network.

Basic subnetting allows for each segment to have an identical subnet mask. This means that both the topology’s Ethernet segments and the point-to-point WAN segments must use the same subnet mask. Using this method, administrators tend to waste many usable IP addresses as they are lost on the WAN interfaces. Basic subnetting is not a recommended implementation of the allocation of IP networks in a topology. However, if the routing protocol in question is classful, there is no choice but to use basic subnetting. An example is on the following page.

Alcatel-Lucent C


ot Distribute



IP Addressing — Basic Subnetting (continued)

10.1.1.0/24 10.1.4.0/24

10.1.2.0/24

10.1.6.0/24 10.1.9.0/24

10.1.7.0/24

10.1.3.0/24

10.1.5.0/24

10.1.8.0/24

Subnetting allows a given network address to be used to identify more than one network. With subnets, the use of network addresses is more efficient. There is no change to how the outside world sees the network, but in the organization, there is additional structure. In the example above, network 10.0.0.0 is subdivided into multiple subnets ranging from 10.1.1.0 to 10.1.9.0. Routers determine the destination network by using the subnet address. Subnets are an extension of the network number. Bits are "borrowed" from the host field. This reduces the number of hosts per subnet and increases the number of subnets available. Network devices use subnet masks to identify which part of the address is considered network and which remaining part to leave for host addressing.

In basic subnetting, all segments use the same subnet mask. This can result in wasting IP addresses on segments that do not require as many hosts as some of the other segments. In the example, the serial links have the same mask as those of the Ethernets. Because the serial links are point-to-point, they only require two host bits, but each segment has up to 254 host addresses available. This results in wasting quite a few IP addresses.

Classful routing protocols such as RIPv1 allow only FLSMs. When a mask is selected to support a bit boundary, no other mask can be used for that network number. These routing protocols do not support manual summarization; they always summarize to a classful A, B, or C boundary. This results in inefficient use of the address space.

Alcatel-Lucent C


ot Distribute



IP Addressing — VLSM

Different subnet masks per network Routing protocols must advertise the subnet mask with updatesMore efficient use of IP addressing than basic subnettingRequires a good understanding of subnettingRFC 1878 defines VLSMRouting protocols that support VLSM are:

RIPv2OSPFIS-ISBGP

VLSM allows for each network in a major network to use a different subnet mask. As an update is sent by a routing protocol, it includes the subnet mask with the network advertisement. This allows the receiving router to forward traffic based on the longest-matching IP network entry compared to the destination IP address in the packet being forwarded.

When a VLSM network is being designed, it is important to keep in mind that the high-order bits cannot be reused after they are allocated. This requires that the network administrator have a good understanding of IP subnetting.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. State the prefix values for a Class A, Class B, and Class C network.

2. You are subnetting a Class C network and need to create 6 subnets that each support 6 hosts. What subnet mask (prefix) would you use?

3. You are subnetting a Class B network and need 20 subnets that support at least 100 hosts. What subnet mask would you use?

4. If you assigned each of the following to an interface on the Alcatel-Lucent 7750 SR, what would be the network and broadcast interfaces in the network that you create?

— 172.16.43.37/26— 64.92.18.221/14— 148.46.181.32/20— 138.120.222.46/31— 43.17.141.42/17— 142.13.146.58/6

Alcatel-Lucent C


ot Distribute




1. State the prefix values for a Class A, Class B, and Class C network.

Class A – 1.0.0.0/8 through 126.0.0.0/8

Class B – 128.0.0.0/16 through 191.0.0.0/16

Class C – 192.0.0.0/24 through 223.0.0.0/24

2. You are subnetting a Class C network and need to create 6 subnets that each support 6 hosts. What subnet mask (prefix) would you use?

Possible answers are 255.255.255.224 (/27), 255.255.255.240 (/28), or 255.255.255.248 (/29)

3. You are subnetting a Class B network and need 20 subnets that support at least 100 hosts. What subnet mask would you use?

Possible answers are all subnet masks from 255.255.248.0 (/21) to 255.255.255.128 (/25)

4. If you assigned each of the following to an interface on the Alcatel-Lucent 7750 SR, what would be the network and broadcast interfaces in the network that you create?

• 172.16.43.37/26

— 172.16.43.0 and 172.16.43.63

• 64.92.18.221/14

— 64.92.0.0 and 64.95.255.255

• 148.46.181.32/20

— 148.46.176.0 and 148.46.191.255

• 138.120.222.46/31

— There is no network or broadcast address for a /31 subnet. The two host addresses on the subnet are 138.120.222.46 and 138.120.222.47

• 43.17.141.42/17

— 43.17.128.0 and 43.17.255.255

• 142.13.146.58/6

— 140.0.0.0 and 143.255.255.255

Alcatel-Lucent C


ot Distribute



Lab 1.1 — Initial Lab Topology Configuration

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

Alcatel-Lucent C


ot Distribute



Section Summary

In this section, the following topics were discussed:OSI model and network layeringLayer 2 addressing Network topologiesForwarding of IP datagramsIP addressingIP subnetting

Alcatel-Lucent C


ot Distribute


Basic Networking Review

Section 2 — Introduction to IP Routing

Alcatel-Lucent C


ot Distribute



Section Objectives

Introduction to IP routing Review of IP forwardingControl plane vs. data plane functionsCommon layer 3 routing protocols

— Distance vector— Link state

Classful and classless addressingVariable length subnet masking Classless interdomain routingPrivate IP addressesNetwork address translation (NAT/PAT)

Section 2 — Introduction to IP Routing

This section provides an overall review of Networking Fundamentals. Within this section students will review the OSI model, basic Network Flow, and flow of a packet through an Alcatel-Lucent 7750 SR chassis. It will also review concepts relating to Classful and Classless protocols and the differences between Distance Vector and link-state protocols. These concepts are a necessary prerequisite to the discussion on routing protocols that will follow.

Alcatel-Lucent C


ot Distribute



Movement of Data

1.1.1.2 2.2.2.2

1.1.1.1 2.2.2.1

3.3.3.1 3.3.3.2

Data

Source Dest. S D

1.1.1.2 2.2.2.2 A BFCS

Data

Source Dest. WAN

1.1.1.2 2.2.2.2 PPPFCS

Data

Source Dest. S D

1.1.1.2 2.2.2.2 C DFCS

(MAC address = A)

(MAC address = B) (MAC address = C)

(MAC address = D)

The basic flow of a packet of data through a network is as follows:

Device A (1.1.1.2) wants to send data to server D (2.2.2.2). Because device A is not located on the same segment as that of device D, it must use the default gateway for the segment. This default gateway is seen as IP address 1.1.1.1 in the slide above. Device A will ARP the 1.1.1.1 address to learn the MAC address of the gateway. The router responds with the MAC address of “B”. Device A is now able to encapsulate the data, as shown in the top block diagram. Note that the source and destination IP addresses identify the overall source and destination devices whereas the frame source and destination addresses identify the path across the Ethernet segment only.

When the data arrives at the left router (router B), the router removes the L2 header and trailer, checks its routing table, and determines that the data needs to be sent to the right router (router C). To accomplish this, router B encapsulates the data in a PPP frame of data and forwards it.

Router C removes the PPP frame and consults its routing table. Seeing that the destination IP network is directly connected to its Ethernet port, router C creates the frame of data and forwards it to device D.

Note that the IP addressing did not change throughout this movement of data. However, the L2 framing changed over each segment that the packet traversed. It can be surmised that the IP address identifies a device in the entire network topology whereas the L2 address identifies a device on that segment only.

Alcatel-Lucent C


ot Distribute



Packet Forwarding

When a router receives a packet, it:Compares the destination IP address of the packet to the FIBLooks for the longest (most specific) match

If no match is found, the packet is dropped.If the packet is to be forwarded, the next hop and egress interface must be known.If a match is found, the packet is sent to the next-hop address via the interface specified in the FIB.

The next-hop is the next router in the path toward the destination.The egress interface is required for encapsulation.

When a router receives a packet that is to be forwarded, the basic forwarding rules are as follows.

First, the router compares the destination IP address in the received packet to the entries in the FIB, commonly called the routing table. The router performs a bit-by-bit comparison of the destination IP address to these entries, searching for the entry that matches with the most common bits. This is called longest-match or most-specific-match routing.

If no entries match any bits, the packet is discarded, and in most cases an ICMP-unreachable message is generated back to the source.

When a matching entry is located, the router requires 2 elements from the matching entry in the FIB to forward the packet. The egress or outbound interface for the packet must be known, so the router may encapsulate the packet in the appropriate frame for forwarding toward the destination. Secondly, the next-hop IP address must be known so that the frame may be addressed and forwarded to the next router (unless the packet destination is local to the router, in which case the frame is addresses to the destination itself).

The egress interface is usually listed in the FIB associated with any route entry, based on the interface on which the route was learned. The IP next hop may also be located in the FIB or may be stored in the router’s memory. The next hop is usually derived from the source IP address of the routing update received because neighbor routers in the IGP world are directly connected.

This process traditionally occurred for each packet received by the router, independently from the next packet. In today's advanced hardware, there are many optimizations designed into the router hardware and software to streamline the lookup procedure.

Alcatel-Lucent C


ot Distribute



Control Plane and Data Plane

A typical IP router has two distinct functional components:Control plane functionalityData plane functionality

The 7750 SR physically separates the two functions:Control plane functions are performed by the CPM.Data plane functions are performed by the IOMs.

Control planeSupports the operation and management of the routerSupports dynamic routing protocols to communicate with other routersBuilds the FIB and distributes to the data plane

Data planeResponsible for processing and forwarding packets received on the physical interfaces

A modern IP router can be seen as having two distinct functions: the control plane and data plane capabilities. In the Alcatel-Lucent 7750 SR family of routers, these functions are performed separately in different hardware components. The CPM handles control plane functions and the IOMs perform data plane functions.

Control plane functions are those having to do with the overall operation and management of the router. This includes the user interface and the configuration and management tools on the router. The control plane also supports the dynamic routing protocols. This allows the router to communicate with other routers to exchange routing information about the network. The control plane uses this information to build the routing table, which is distributed to the IOMs as the FIB.

The data plane is responsible for the processing and forwarding of packets that arrive at the physical interfaces. The data plane must process each incoming packet, make the appropriate forwarding decision, and prepare the packet for transmission out the appropriate interface. Forwarding decisions are made based on the contents of the FIB. Aside from providing the forwarding table, the control plane is not directly involved in the forwarding performed by the data plane.

Alcatel-Lucent C


ot Distribute



Routing and the Network Layer

Routers are designed as network layer devices.The most common network layer protocol is IP.Common routing protocols supporting IP are:

RIPv1RIPv2OSPFIS-ISBGP

Routers are the most common devices at layer 3 (network) of the OSI model. Routers use a layer 3 protocol (e.g., IP) address to make a decision for forwarding the packet. Routers do not forward layer 2 broadcast frames unless they are configured to do so for a specific reason. Routers allow the building of a “mesh” network with alternate paths; bridges use a spanning tree to block an alternate path so that a loop is not created. Bridges via a spanning tree may unblock an alternate path if the primary path fails. Routers do not need to block alternate paths. Modern routers operate at layer 2 switching speeds and are sometimes called:

• Layer 3 switches

• Multilayer switches

The most popular routed protocol used today is IP. To allow routers to learn the location of IP networks, routers must use a common routing protocol language. There are several commonly accepted protocols that can be used by the Alcatel-Lucent 7750 SR: RIPv1, RIPv2, OSPF, IS-IS, and BGP. All of these, except BGP, are discussed in this course.

Alcatel-Lucent C


ot Distribute



Distance Vector Protocols

Distance = How far awayVector = What direction (interface)RIPv1, RIPv2, and BGP are distance vector protocols

Int 1/1/2IP – 1.1.1.1

Int 1/1/2IP – 2.2.2.1

IP – 3.3.3.1 IP – 3.3.3.2

Routing Table:1.1.1.0 – Direct 1/1/23.3.3.0 – Direct 1/1/1

2.2.2.0 – 1 hop via 1/1/1

Routing Table:2.2.2.0 – Direct 1/1/23.3.3.0 – Direct 1/1/1

1.1.1.0 – 1 hop via 1/1/1

Int 1/1/1 Int 1/1/1

Distance vector routing algorithms (Bellman-Ford) pass periodic copies of a routing table from router to router. Regular (timed-interval) updates between routers communicate topology changes. With distance vector routing protocols, no routing table is transmitted beyond the immediate neighbor. The distance vector algorithm allows network metrics to accumulate and maintains a table showing the next hop for all destinations listed in the table.

To begin the distance vector routing process, the router must be configured with two items of information: first, the IP addresses of all directly connected networks that the router needs to communicate about. These addresses become permanent entries in the routing table. Second, the router must be configured with the name of the routing protocol being used to send and receive updates (RIPv1 or RIPv2). The basic operation is as follows:

Each router sends its entire routing table to each of its adjacent neighbors. This table includes reachable addresses, a value that represents the distance metric, and the IP address of the first router on the path to each network that it knows about.

As each router receives an update from its neighbor, it calculates a new routing table and transmits that to each of its neighbors at the next timed interval. In a very large network with many routers, this can take quite a while.

Convergence is the state that occurs when all routers in an internetwork have been updated after a topology change and normal routing operations have resumed.

The time to reach convergence is a major factor in internetwork performance.

Fast convergence is preferred and is a prime criterion in evaluating a routing protocol.

Alcatel-Lucent C


ot Distribute



Link-State Protocols

Link = An interfaceState = Active or inactive interfaceOSPF and IS-IS are link-state protocolsMore complex than distance vectorFaster convergenceTriggered updatesThree databases:

Adjacency — Neighbor databaseTopology — Link-state databaseRouting — Forwarding database

Link-state, also known as SPF, maintains a complex database of topology information. Whereas distance vector has nonspecific information about distant networks and no knowledge of distant routers, link-state maintains full knowledge of distant routers and how they interconnect. OSPF and IS-IS are examples of link-state routing protocols.

LSPs are used to transmit the information necessary to build a topological database, which is used by the SPF algorithm to construct a SPF tree, and finally, a routing table of paths and ports to each network. When a link-state topology changes, the routers must become aware of the change and send information to other routers or to a designated router that all other routers can use for updates. This involves the propagation of common routing information to all routers in the network. To achieve convergence, each router does the following:

Keeps track of its neighbors

Constructs an LSP that lists neighbor router names and link metrics (cost). This includes new neighbors, changes metrics, and links to neighbors that have gone down.

Sends out this LSP so that all routers receive it

When it receives an LSP, records the LSP in its database so that it can store the most recent LSP received

Using accumulated LSP data to construct a complete network topology, proceeds from the common starting point for the SPF algorithm and compute routes to every network

Each time an LSP causes a change to the link-state database, the link-state algorithm recalculates the best paths and updates the routing table.

Alcatel-Lucent C


ot Distribute



Link-State Protocols (continued)

Adjacency database

Direct links of RTR-ADirect links of RTR-BDirect links of RTR-C

Link-state databaseForwarding database

Adjacency DatabaseRTR-B – on 1/1/1RTR-C – on 1/1/2

Routing Table:2.2.2.0/24 – via 1/1/1

LSDB

RTR - A

RTR - C

RTR - B

Network2.2.2.0/24

1/1/1

1/1/2

Link-state protocols keep three databases in the routers:

The Adjacency database, sometimes called the neighbor database, keeps track of all other routers that are directly attached and passing link-state routing information.

The LSDB has all the learned paths to all the destination networks. It is this database that is used to create the SPF tree that ultimately creates the routing table.

The routing table, sometimes called the forwarding database, is used by the router to accurately forward IP packets to the destination network.

Alcatel-Lucent C


ot Distribute



Routing Table Management

Each routing protocol populates its routes into its RIB.Each protocol independently selects its best routes based on the lowest metric.The best routes from each protocol are sent to the RTM.

RTMRIPRIB

OSPFRIB

When a routing protocol learns routes from neighbors, it populates these routes into its RIB. The protocol’s RIB is where each protocol stores the routes it has learned from its neighbors.

For each destination in the RIB, the routing protocol selects the best route based on the lowest metric. These best routes are sent to the RTM.

Multiple routes for the same destination can be learned by the router. If these routes are learned from the same routing protocol, the metric for the protocol is used as a selection criterion. The route with the lowest metric is selected as the best route and is sent to the RTM.

If there are multiple routing protocols in use, each protocol independently selects its best route based on the lowest metric from its RIB. There are now multiple best routes (one from each protocol), and each protocol sends its best route to the RTM.

The RTM can select only one of these best route as there can only be one best route in the routing table for each destination.

Alcatel-Lucent C


ot Distribute



Preference

The RTM may have a best route from multiple protocols.Selection is based on lowest preference value.The RTM sends its best route to the FIB.This route is the active route and is used for forwarding.

OSPF

BGP

RTM FIB

RIPRIB

OSPFRIB

OSPFBGPRIB

Because metrics from different protocols are not comparable, the RTM uses preference to select from all the best routes it receives. The lower the protocols preference, the more likely that the best or active route will be selected from that protocol.

Different protocols should not be configured with the same preference. If this occurs, the tie-breaker is based on the default preference table, shown on the next page.

If multiple routes are learned with an identical preference, using the same protocol and with equal metrics, the best-route decision is determined by the configuration of ECMP in the config>router context.

The best routes from the RTM are placed in the FIB, also commonly referred to as the routing table.

The FIB is distributed to the various line cards on the Alcatel-Lucent 7750 SR.

Alcatel-Lucent C


ot Distribute



Default Preference Table

Yes100RIP

Yes170BGP

Yes165IS-IS Level 2 external

Yes160IS-IS Level 1 external

Yes150OSPF external

Yes18IS-IS Level 2 internal

Yes15IS-IS Level 1 internal

Yes10OSPF internal

Yes5Static

No0Direct attached

ConfigurablePreferenceRoute type

The slide above shows the default preference values assigned to each routing protocol on the Alcatel-Lucent 7750 SR.

All preference values except direct attached are configurable, so preferences other than the default may be used.

Alcatel-Lucent C


ot Distribute



IP Addressing — Classful Addressing

Classful routing protocols do not include the IP subnet mask in the updates that are generated to peers.All subnet masks must be identical in the same major network.Automatic summarization occurs on major network boundaries.VLSM and CIDR are not supported.RIPv1 is a classful routing protocol.

Classful routing protocols are considered legacy compared to classless routing protocols. RIPv1 cannot support VLSM or CIDR. Within a topology, RIPv1 must have all subnets in a major network assigned to the same subnet mask. This is because the routing protocol does not advertise the mask in updates. Each router must assume that all subnets learned use the same subnet mask. When an advertisement is sent from an interface that is configured for a dissimilar major network, the router automatically summarizes on the major network boundary. This will be shown in a later slide.

Alcatel-Lucent C


ot Distribute



IP Addressing — Classless Addressing

Each network advertised includes the subnet mask associated to the network.VLSM and CIDR are supported.Automatic summarization does not exist. Manual summarization is required.RIPv2, OSPF, IS-IS, and BGP support classless routing updates.

With classless routing protocols, each network or subnet is advertised with its associated subnet mask. This allows for more granularity and supports non-contiguous networks. Because all networks advertise the associated mask, these protocols support VLSM and CIDR advertisements. Unlike classful routing protocols, classless protocols do not provide automatic summarization. This allows the administrator to manually summarize based on network design and administrative policies. Common routing protocols that support classless routing are RIPv2, OSPF, IS-IS, and BGP.

Alcatel-Lucent C


ot Distribute



IP Addressing — Classful and Classless

10.1.1.0/24

Routing Table:12.1.0.0 – direct 1/1/2192.1.1.0 – direct 1/1/1

10.0.0.0 – 1 hop via 1/1/1

12.1.0.0/16

192.1.1.0/24 10.1.2.0/24

10.1.1.0 10.0.0.0

10.1.1.0/24

Routing Table:12.1.0.0/16 – direct 1/1/2

192.1.1.0 /24 – direct 1/1/110.1.1.0/24 – 2 hops via 1/1/110.1.2.0/24 – 1 hop via 1/1/1

12.1.0.0/16

192.1.1.0/24 10.1.2.0/24

10.1.1.0/24

10.1.1.0/2410.1.2.0/24

Classful

Classless

Classful routing protocols such as RIPv1 allow only FLSMs. When a mask is selected to support a bit boundary, no other mask can be used for that network number. These routing protocols do not support manual summarization but always summarize to a classful A, B, or C boundary. Inefficient use of the address space results from this type of addressing scheme.

Classless routing protocols such as OSPF and IS-IS may use VLSMs and also support manual summarization. RIPv2 also allows VLSM. This results in more efficient use of the IP addresses. Routing is also more efficient with classless routing protocols because a mask is always sent along with the routing update to avoid confusion. This also allows for manual route summarization to take place based on the network administrator’s needs and not based on IP address network boundaries.

Alcatel-Lucent C


ot Distribute



IP Addressing — VLSM

Different subnet masks per network Routing protocols must advertise the subnet mask with updates.High-order bits are not reusable.Routing decisions are made based on the longest match.A more efficient use of IP addressing than basic subnettingRequires a good understanding of subnettingRFC 1878 defines VLSM.Routing protocols that support VLSM are:

RIPv2OSPFIS-ISBGP

VLSM allows each network in a major network to use a different subnet mask. As an update is sent by a routing protocol, it includes the subnet mask with the network advertisement. This allows the receiving router to forward traffic based on the longest-matching IP network entry compared to the destination IP address in the packet that is being forwarded.

When a VLSM network is designed, it is important to keep in mind that the high-order bits cannot be reused once they are allocated. This requires that the network administrator have a good understanding of IP subnetting.

Alcatel-Lucent C


ot Distribute



IP Addressing — VLSM Example

172.16.0.0 – 10101100.00010000.00000000.00000000 – Reserved for WAN segments172.16.1.0 – 10101100.00010000.00000001.hhhhhhhh – First Ethernet segment….172.16.254.0 – 10101100.00010000.11111110.hhhhhhhh – Last Ethernet segment255.255.255.0 – 11111111.11111111.11111111.00000000 – Ethernet mask

172.16.0.4 – 10101100.00010000.00000000.000001 hh – First WAN segment172.16.0.252 – 10101100.00010000.00000000.111111 hh – Last WAN segment255.255.255.252 – 11111111.11111111.11111111.111111 00 – WAN mask

In the example above, classful network 172.16.0.0 has been assigned for use in the network topology. It has been determined that each Ethernet segment must support up to 250 clients. In addition, all serial links are point-to-point; therefore they only require IP addressing to support 2 hosts per WAN segment.

Considering that the number of bits required to identify 250 host addresses is 8 bits, it can be determined that the entire last byte must be allocated for host identification on all Ethernet networks in the topology. Considering that the given address is a Class B address and that only 8 bits must be used for the host field, it can be determined that the entire third byte can be used for identifying the subnets. Keep in mind that there is also the requirement to support the WAN links.

The first available subnet is that of 172.16.0.0/24. This subnet could easily be confused with the overall classful network of 172.16.0.0/16, so this first subnet is reserved for future use with the WAN interfaces. That leaves networks 172.16.1.0/24 to 172.16.254.0/24 for allocation to the Ethernet segments. Each of these subnets can support up to 254 host addresses. Keep in mind that the routers and switches connected to these subnets typically require an IP address too.

The 172.16.0.0/24 subnet that was reserved now comes into play. Considering that each WAN link only requires 2 hosts, there is only a need to have 2 host bits. This means that the subnet mask can be further expanded from a /24 mask to a /30 mask. The WAN subnet ranges are from 172.16.0.4/30 (hosts 5 and 6, directed broadcast 7) to 172.16.0.252/30 (hosts 253 and 254, directed broadcast 255).

Keep in mind that with the WAN subnetting, the higher-order bits were not reused. All that was accomplished was the borrowing of more bits from the host field. The maximum number of bits that can be borrowed is 30 because there must always be at least 2 bits remaining to support the hosts on a segment.

Alcatel-Lucent C


ot Distribute



IP Addressing — VLSM Example (continued)

172.16.1.0/24 172.16.2.0/24

172.16.0.4/30

172.16.4.0/24 172.16.3.0/24

172.16.0.16/30

172.16.0.8/30

172.16.0.12/30

172.16.0.20/30

Traditional routing and IP addressing rely on the first octet rule, which allows routers to determine the portion of the 32-bit address that is allocated to the network. Subnets have local significance and are not advertised by routers to their neighbors by classful routing protocols. Therefore, one subnet mask must be used per network. With advanced routing protocols, the first octet rule is discarded and a prefix is added after the address to indicate the network portion of the IP address. The prefix replaces the subnet mask, and this is called a classless address. The importance of this for address administration is that it allows the assignment of more than one subnet mask (prefix) to one address. This allows scarce addressees to stretch to the maximum.

In the example, classless address 172.16.0.0/16 represents the entire network. With VLSM, an advanced routing protocol such as OSPF is required. To avoid wasting address space on the serial links shown in the slide above, 172.16.0.X/30 (255.255.255.252) has been assigned between the routers. All normal IP addressing rules apply. In general, all 0s and all 1s cannot be used as the host address although the Alcatel-Lucent 7750 SR allows the use of a /31 prefix on point-to-point links. VLSM is the process of subnetting a preexisting subnet.

Classless routing protocols such as OSPF and IS-IS may use VLSM and also support manual summarization. RIPv2 also allows VLSM.

Alcatel-Lucent C


ot Distribute



IP Addressing — CIDR Review

Violates classic network boundariesWorks the mask into the network fieldOnly supported by classless routing protocolsUsed to condense routing tablesRFCs defining CIDR are: 1517, 1518, 1519, 1520, and 2050Routing protocols that support CIDR are:

RIPv2OSPFIS-ISBGP

CIDR allows for the summarization of contiguous block ranges of IP networks. This is accomplished by working the subnet mask into the network field. When done correctly, this can dramatically reduce the amount of overhead sent between routers, reduce the memory used to maintain the routing protocol and the routing table, ease decision-making in the router because there are fewer entries to examine, and subsequently increase the movement of client traffic.

For CIDR to work, a classless routing protocol must be in use. RIPv2, OSPF, IS-IS, and BGP all support CIDR.

Alcatel-Lucent C


ot Distribute



IP Addressing — CIDR Review (continued)

172.16.0.0/12

172.16.0.0/16….172.31.0.0/16 Internet

172.16.0.0 – 10101100.0001 0000.00000000.00000000172.17.0.0 – 10101100.0001 0001.00000000.00000000….172.31.0.0 – 10101100.0001 1111.00000000.00000000255.255.0.0 – 11111111.1111 1111.00000000.00000000

172.16.0.0 – 10101100.0001 0000.00000000.00000000255.240.0.0 – 11111111.1111 0000.00000000.00000000

In the example above, the left cloud has a contiguous range of IP addresses from 172.16.0.0/16 to 172.31.0.0/16. Prior to implementing CIDR, each network would be advertised as a single entry. As shown in the slide above, the range of IP addresses has the identical first 12 bits of the IP address. The remaining 4 bits in the second byte cover the entire range from all 0s to all 1s. This means that all 16 networks can be condensed without falsely advertising networks that are not under the left cloud’s administrative control. After the CIDR block is created, only it is advertised to the rest of the world. This reduces the number of network entries from 16 to 1. As long as at least of one of the more explicit networks is active, the summary CIDR block is advertised.

Alcatel-Lucent C


ot Distribute



IP Addressing — Private Addressing

Private IP address ranges are:

Class A: 10.0.0.0 to 10.255.255.255

Class B: 172.16.0.0 to 172.31.255.255

Class C: 192.168.0.0 to 192.168.255.255

Class D: 239.0.0.0 to 239.255.255.255*

* = Class D This address range is called limited-scope addressing and is only used locally.

To communicate over the public Internet, globally unique IP addresses assigned by IANA must be used. However, these addresses are in short supply. An option exists to use RFC 1918-defined private addresses within the enterprise and to translate from the private to public addresses at the enterprise edge. This range is not allowed to be advertised to the Internet. However, it is actively used in a company’s private network topology. Devices such as firewalls actively use these private ranges as one method of providing security.

The reserved private IP address range for a Class A address is 10.0.0.0 to 10.255.255.255.

The reserved private IP address range for a Class B address is 172.16.0.0 to 172.31.255.255.

The reserved private IP address range for a Class C address is 192.168.0.0 to 192.168.255.255.

The reserved private IP address range for a Class D address is 239.0.0.0 to 239.255.255.255. This range is called limited scope and is the reserved multicast IP range for private use. An example would be a video conference from the CEO of a company that is sent across the company’s network to all locations in the company topology.

Alcatel-Lucent C


ot Distribute



IP Addressing — NAT/PAT

Translates private IP addresses into public rangesNAT — One-to-one address translationNAT — Does not monitor transport-layer port numbersPAT — Many-to-one address translationPAT —Monitors transport layer port numbersDefined in RFCs 2663 and 3022NAT/PAT — Not currently supported on the Alcatel-Lucent 7750 SR

It is important to note that the Alcatel-Lucent 7750 SR does not currently support NAT or PAT. The Alcatel-Lucent 7750 SR is not an enterprise router, and this feature is generally found in enterprise routers. The Alcatel-Lucent 7750 SR is not generally placed at that level of a network. There are currently no plans for the Alcatel-Lucent 7750 SR to support NAT or PAT. The reason that NAT and PAT are mentioned in this review is that they are currently commonly seen in the network infrastructure, and network experts should have a generic understanding of their purpose.

NAT and PAT were created to alleviate the stresses of IP allocation in the world. Working closely with the private IP address ranges, NAT and PAT allow for private IP addresses to be translated into IP addresses. This translation can be in one of two forms.

The first form of translation is one-to-one; we call this NAT. A single private IP address is translated to a single public IP address. In this form, the transport-layer port numbers are not monitored or modified. This allows for all applications to function normally without any change to the upper layers. The disadvantage of this form of translation is that there must be a pool of available addresses to support all the private IP-addressed clients. If all addresses in the pool are in use, and a new NAT requirement emerges, it will fail as there is no available address in the pool of public addresses.

The second form of translation is many-to-one; we call this PAT. A single public IP address supports multiple private IP addresses simultaneously. To accomplish this, the router must not only map the IP address of the client device, it must also map the port number in use by the client. As translation occurs, the IP address is changed to a single public address. To keep track of the multiple streams of traffic from client devices, the port numbers are mapped into the database. If a client’s random port number is already mapped by a different active client, the router not only changes the IP address, it also changes the client’s port number.

Alcatel-Lucent C


ot Distribute



IP Addressing — NAT

NAT Table:Public pool: 192.1.1.1 to 192.1.1.254 /24

Internal <> External10.1.1.1 <> 192.1.1.210.1.1.2 <> 192.1.1.310.1.1.3 <> 192.1.1.4

192.1.1.0/24

NAT router

10.1.1.0/24

Internet

10.1.1.2

10.1.1.3

10.1.1.1 192.1.1.1

In the NAT example above, the range of public IP addresses is from 192.1.1.2 to 192.1.1.254. Each client that sends traffic through the router will be mapped to a single IP address in the pool. If 253 clients are actively sending traffic through the router, the pool of available public IP addresses is saturated. When the 254th client tries to send traffic out the router, it will time out because there are no available public IP addresses to use for NAT. Although this limits the number of clients who can simultaneously use this NAT router, it does not limit the types of applications that each client can be using.

Alcatel-Lucent C


ot Distribute



IP Addressing — PAT

PAT Table:Public pool: 192.1.1.5/32 (Int. 1/1/1)

Internal <> External10.1.1.1:1101 <> 192.1.1.5:140010.1.1.2:1212 <> 192.1.1.5:140110.1.1.3:1212 <> 192.1.1.5:1402

192.1.1.4/30

NAT router

10.1.1.0/24

Internet

10.1.1.2

10.1.1.3

10.1.1.1 1/1/1 = 192.1.1.5

PAT stands for port address translation, even though it is really a form of network address translation. This is because the NAT router uses source port numbers to keep track of the connections that it maintains.

Because only one public address is allocated to the translation pool, all source IP addresses must be translated to the one public address. To keep track of the different connections, the NAT router replaces the original source port number with a unique port number that it uses for the connection to the external system. The NAT router maintains a table of the port numbers that it uses to allow it to identify the appropriate internal system to receive incoming data. When the NAT router receives a packet from an external source, it looks up the correct destination IP address and port number for the internal system based on the destination port number of the packet that it has received.

This port change is not reflected to the client and is therefore transparent to the client. Most modern applications do not have a problem with the change of port. However, some applications (mostly legacy ones) require specific source and destination port numbers. If the router modifies the source port to one different than the application expects or requires, the application may not function properly.

Alcatel-Lucent C


ot Distribute



Lab 1.2 — Initial Lab Topology Configuration

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. How does a router handle a packet when there is no entry in the routing table for the packet’s destination?

2. What are the functions of the control plane of an IP router?

3. What is the metric used by a distance vector protocol?4. What is the purpose of a link-state database?5. If the RTM has more than one route to a destination from

multiple sources, how does it decide which one to use?6. What is the main advantage of VLSM?7. What is the main advantage of CIDR?8. What is the CIDR for 193.45.32.0/24 to 193.45.47.0/24?


The packet is dropped and an ICMP Destination Unreachable message is returned


The control plane is responsible for running the dynamic routing protocol processes and communicating with other routers to build its route table. The control plane also includes the management functions of the router.

3. What is the metric used by a distance vector protocol?

Distance vector protocols use hop count as their metric.

4. What is the purpose of a link-state database?

The link-state database collects all the link state information from all routers in the router domain. This is used to build the SPF tree and the forwarding database.

5. If the RTM has more than one route to a destination from multiple sources, how does it decide which one to use?

The choice is made based on the protocol preference. The route from the protocol with the lowest preference value is chosen by the RTM for installation in the forwarding table.

6. What is the main advantage of VLSM?

VLSM allows different subnet masks to be used on the same network. This allows for much more efficient use of the IP address space.

7. What is the main advantage of CIDR?

CIDR allows multiple networks to be summarized as one entry. This conserves memory resources in the router’s route table and reduces the size of routing updates.

8. What is the CIDR for 193.45.32.0/24 to 193.45.47.0/24?

The CIDR summary is 193.45.32.0/20. See the next page for a detailed explanation.

Alcatel-Lucent C


ot Distribute



Learning Assessment (answers)


The packet is dropped and an ICMP Destination Unreachable message is returned


The control plane is responsible for running the dynamic routing protocol processes and communicating with other routers to build its route table. The control plane also includes the management functions of the router.

3. What is the metric used by a distance vector protocol?

Distance vector protocols use hop count as their metric.

4. What is the purpose of a link-state database?

The link-state database collects all the link state information from all routers in the router domain. This is used to build the SPF tree and the forwarding database.

5. If the RTM has more than one route to a destination from multiple sources, how does it decide which one to use?

The choice is made based on the protocol preference. The route from the protocol with the lowest preference value is chosen by the RTM for installation in the forwarding table.

6. What is the main advantage of VLSM?

VLSM allows different subnet masks to be used on the same network. This allows for much more efficient use of the IP address space.

7. What is the main advantage of CIDR?

CIDR allows multiple networks to be summarized as one entry. This conserves memory resources in the router’s route table and reduces the size of routing updates.

8. What is the CIDR for 193.45.32.0/24 to 193.45.47.0/24?

The CIDR summary is 193.45.32.0/20. See the next page for a detailed explanation.

Alcatel-Lucent C


ot Distribute



Learning Assessment — Question 8 Answer

1. What is the CIDR for 193.45.32.0/24 – 193.45.47.0/24?

193.45.32.0/24193.45.47.0/24193.45.??.0/?

32 = 0010000047 = 00101111

0010 00000010 11110010 0000

00100000 = 32

Subnet = 193.45.32.0 1111 0000 = 240New subnet mask 3rd byte

New subnet mask = 255.255.240.0 or /20

Summary address = 193.45.32.0/20

What is the CIDR for 193.45.32.0/24 to 193.45.47.0/24?

To obtain the answer to this question, first identify the byte that is discernibly different in each given network. In this case, it is the third byte.

Now convert the lowest and highest decimal value in that byte. In this case, we convert 32 to 00100000 and 47 to 00101111.

Determine where the similarities exist and where the dissimilarities are. Ensure that in the dissimilar field, every possible value from all 0s to all 1s exists. This becomes the summary boundary.

Convert the new binary value into decimal format: 00100000 = 32

The new decimal value is the value that will be used in the byte identified in step 1.

Calculate the new mask by using the same boundary identified in step 3.

Create the mask accordingly.

The summary CIDR block is created.

Alcatel-Lucent C


ot Distribute



Section Summary

This section covered:Review of IP forwardingControl plane vs. data plane functionsCommon layer 3 routing protocols

— Distance vector— Link state

Classful and classless addressingVLSMCIDRPrivate IP addressesNAT/PAT

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute


Alcatel-Lucent Interior Routing Protocolsand High Availability [AIRP]

Module 2 — Static Routing and Default Routes

Alcatel-Lucent C


ot Distribute


Alcatel-Lucent Interior Routing Protocols and High Availability Module 2 | 2 All rights reserved © 2006 Alcatel-Lucent

After successful completion of this module, you should be able to:

Define the use of static routesConfigure static routes Identify when to use default routesConfigure default routes

Host-to-router configurationsRouter-to-router configurations

Troubleshooting static and default routes

Module Objectives







Alcatel-Lucent C


ot Distribute


Static Routing and Default Routes

Section 1 — Static Routes

Alcatel-Lucent C


ot Distribute



Section Objectives

Static route overviewImplementation examplesConfiguration of static routesTroubleshooting static routes

Show commandsClear commandsPing commands

Section 1 — Static Routes

This section will cover the configuration of static routes on the Alcatel-Lucent 7750 SR. In addition, a general discussion about where best to incorporate static routes in an architecture will be provided. Configuration and show commands will be discussed.

Alcatel-Lucent C


ot Distribute



Static vs. Dynamic Routes

Static routesConfigured by an administrator and not dynamically learned using routing protocols. These entries do not change dynamically as the topology changes.

Dynamic routesEntries are created from the exchange of data between routers that use a common routing protocol. These entries can automatically change as the topology changes.

Static routes are configured by an administrator and are not dynamically learned using routing protocols. These entries do not change dynamically as the topology changes. There are several scenarios in which static routes are very useful and preferred over dynamic routing protocols. We will examine those scenarios in the next few slides.

In comparison, dynamic routes are created from the exchange of data between routers that use a common routing protocol. These entries can automatically change as the topology changes. Dynamic routes will be covered in more depth in the following modules. Good examples of dynamic routing protocols are RIP, OSPF, IS-IS, and BGP.

Alcatel-Lucent C


ot Distribute



Characteristics of Static Routes

Administratively definedThe command allows for three options:

Next-hop — The device is adjacent to the router.Indirect — The next hop is not directly adjacent to the router.Black hole — Packets to this destination will be discarded.

Newer commands will overwrite preexisting commands.Use the “show router static-route” command to verify the static route.

Static routes are administratively defined using the CLI.

Alcatel-Lucent supports three places to point a static route:

next-hop — Specifies the directly connected next-hop IP address used to reach the destination. If the next hop isover an unnumbered interface, the ip-int-name of the unnumbered interface (on this node) can be configured. The ip-addr configured here can be either on the network side or the access side of this node. The address must be associated with a network that is directly connected to a network configured on this node.

indirect — Specifies that the route is indirect and specifies the next-hop IP address that is used to reach the destination. The configured ip-addr is not directly connected to a network configured on this node. The static route remains valid as long as the address configured as the indirect address remains a valid entry in the routing table. Indirect static routes cannot use an ip-prefix/mask to another indirect static route. The ip-addr configured can be either on the network or the access side and is normally at least one hop away from this node.

black-hole — Specifies that the route is a black-hole route. If the destination address on a packet matches this static route, it will be silently discarded.

If an identical command is entered (with the exception of either the indirect or black-hole parameters), this static route will be replaced with the newly entered command, and unless specified, the respective defaults for preference and metric will be applied.

You can verify that a static route is configured on your router by using the “show router static-route” command.

Alcatel-Lucent C


ot Distribute



• Routers need to know where networks are located and how best to access them.

• This can be accomplished statically with administrative commands.

What a Router Needs to Know

1.1.1.1 2.2.2.1

3.3.3.1 3.3.3.2

Routing Table:1.1.1.0/24 – Direct 3.3.3.0/30 – Direct

2.2.2.0/24 – static via 3.3.3.2

Routing Table:2.2.2.0/24 – Direct 3.3.3.0/30 – Direct

1.1.1.0/24 – static via 3.3.3.1

R1 R2

2.2.2.0/241.1.1.0/24

3.3.3.0/30

A router’s primary purpose is to forward data from one location to another. Routers do this by learning the location of networks in a topology. There are two ways this can be accomplished. First, a router can communicate with other routers via a dynamic routing protocol. The second is to have an administrator program in a static route. Static routes are manually configured entries in the router that define a network and the path to take to access the network. Alcatel-Lucent routers support static routes. The command structure is simple and easily understood.

In the example above, both the R1 and R2 routers have routing tables. Both routers automatically know about the networks they are directly connected too. This is accomplished by configuring the IP address and mask on the interfaces. In addition, both have been configured with static routes to the remote Ethernet segments. The routing table reflects this configuration with route entries.

Alcatel-Lucent C


ot Distribute



Default Preference Table

Yes100RIP

Yes170BGP

Yes165IS-IS level 2 external


Yes150OSPF external

Yes18IS-IS level 2 internal


Yes10OSPF internal

Yes5Static

No0Direct attached


The table above shows the default preference values assigned to each routing protocol on the Alcatel-Lucent 7750 SR. The lower the preference value, the more preferred the route. If a router learns a route from two or more different sources, it uses the source with the lowest preference value.

All preference values except “direct attached” are configurable, so preferences other than the default may be used.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the difference between a static route and a dynamic route?

2. A router has two different static routes to 10.0.0.0/8 and 10.10.0.0/16. A packet with destination 10.10.10.10 is received by the router. Which route is used?

3. A router has a static route to 10.0.0.0/8 and a route to 10.10.0.0/16 learned from RIP. Which route is used for a packet with destination address 10.10.10.10?

Alcatel-Lucent C


ot Distribute




1. What is the difference between a static route and a dynamic route?

A static route is manually programmed into the router. A dynamic route is dynamically learned from other routers through a dynamic routing protocol such as RIP, OSPF or IS-IS

2. A router has two different static routes to 10.0.0.0/8 and 10.10.0.0/16. A packet with destination 10.10.10.10 is received by the router. Which route is used?

The route to 10.10.0.0/16 is more specific (longer match since it matches 16 bits), therefore it will be used.

3. A router has a static route to 10.0.0.0/8 and a route to 10.10.0.0/16 learned from RIP. Which route is used for a packet with destination address 10.10.10.10?

The route to 10.10.0.0/16 learned from RIP is more specific, therefore it will be used. Although the static route has a higher preference value than the RIP route, it is a different prefix. Preference is only relevant for prefixes that are exactly the same.

Alcatel-Lucent C


ot Distribute



Static Route Configuration

The command below shows how to configure static routes in the routing table.

Context: config>router>

Syntax: [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] [next-hop ip-address | ip-int-name]

[no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] indirect ip-address

[no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] black-hole

Example: config>router> static-route 10.1.1.0/24 next-hop 10.2.2.2

Syntax

[no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] [next-hop ip-address | ip-int-name]

[no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] indirect ip-address

[no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] black-hole

Context config>router

Description This command creates static route entries for both the network and access routes. When a static route is configured, next-hop, indirect, or black-hole must be configured.

ip-prefix — The destination address of the static route, in dotted-decimal notation

mask — The mask associated with the network address

Preference preference — The preference of this static route compared to other routes

Metric metric — The cost metric for the static route, expressed as a decimal integer

next-hop [ip-addr | ip-int-name] — Specifies the directly connected next-hop IP address

black-hole — Specifies that the route is a black-hole route

Alcatel-Lucent C


ot Distribute



Static Routes — Basic Static Routes

• Configuration of static routes between stub networks and corporate locations

2.2.2.0/24

3.3.3.1 3.3.3.2

Corporate Headquarters

static-route 2.2.2.0/24 next-hop 3.3.3.2

static-route 0.0.0.0/0 next-hop 3.3.3.1

R1 R2

In the figure above, the corporate router has an explicit static route that points to the branch site’s stub Ethernet segment. The branch site has a default static route that points to the corporate headquarters. With this configuration, there is no need to have a dynamic routing protocol running between the two routers. This reduces overhead and configuration requirements in the two routers.

The branch router will have only three entries in its routing table: the two directly connected networks and the static route. The corporate router will have all routes in the corporate topology as well as the static route that points to the branch site’s stub Ethernet.

Alcatel-Lucent C


ot Distribute



Static Routes — Configuration Example

2.2.2.0/24

3.3.3.1 3.3.3.2


config>router> static-route 0.0.0.0/0 next-hop 3.3.3.1


R1 R2

In the figure above, the corporate router has an explicit static route that points to the branch site’s stub Ethernet segment. The branch site has a default static route that points to the corporate headquarters. With this configuration, there is no need to have a dynamic routing protocol running between the two routers. This reduces overhead and configuration requirements in the two routers.

The branch router will have only three entries in its routing table: the two directly connected networks and the static route. The corporate router will have all routes in the corporate topology as well as the static route that points to the branch site’s stub Ethernet.

Alcatel-Lucent C


ot Distribute



Default Routes — Basic Default Route

3.3.3.1 3.3.3.2

Corporate Headquarters 2.2.2.0/24

A:R2# show router route-table

===============================================================================

Route Table (Router: Base)===============================================================================

Dest Prefix Type Proto Age Pref

Next Hop[Interface Name] Metric

-------------------------------------------------------------------------------

3.3.3.0/24 Local Local 04h02m53s 0

to-r1 0

2.2.2.0/24 Local Local 04h02m53s 0

to-lan 0

0.0.0.0/0 Remote Static 00h47m10s 5

3.3.3.1 1-------------------------------------------------------------------------------

No. of Routes: 3

===============================================================================

R1 R2

The above show command from the R2 router lists the entries for the directly connected networks and the static default route. When traffic arrives on the branch Ethernet interface with a destination unknown to the router, the router forwards the traffic to the corporate router because that is defined as the default route.

The routing table shows the two directly connected networks (2.2.2.0 and 3.3.3.0) as well as the default static route that points to corporate headquarters.

Alcatel-Lucent C


ot Distribute



Static Routes — Floating Static Routes

2.2.2.0/24

3.3.3.1 3.3.3.2

Primary pathCorporate Headquarters

Backup

1.1.1.1

1.1.1.2

config>router> static-route 2.2.2.0/24 next-hop 3.3.3.2config>router> static-route 2.2.2.0/24 next-hop 1.1.1.2 preference 200

• Configuration of a floating static route between stub networks and corporate locations

R1 R2

1.1.2.1

In the example above, the R1 router has two static routes configured. The top static route points all traffic destined to the branch site’s Ethernet segment out the primary path. Because there is no preference setting explicitly stated on this line of the configuration, the default preference value of 5 is used. On the next line, the R1 router has configured a second static route to the branch site’s Ethernet segment. However, in this case the preference value is set to 200.

The static route with the lowest preference value is the preferred route. As a result, all traffic will use the primary path as long as it is operational. Should that link fail, the static route that points out the interface will be removed and the static route across the backup link will be added to the routing table and become operational. This secondary path, when configured with static routes, is commonly called a floating static route.

For this to work, there needs to be a route for the opposite direction. Therefore, the branch router also needs the following static routes configured:


config>router> static-route 0.0.0.0/0 next-hop 1.1.2.1 preference 200

Note: If the interface connections are connected to an intermediate third device such as a switch or hub, one router interface could fail while the router at the other end still has an active interface. When that happens, traffic may flow in one direction only, making it impossible to establish a connection over this link.

Alcatel-Lucent C


ot Distribute



Static Route Verification — Show Command

The command below shows static routes configured including the floating static route

A:R1# show router static-route

===============================================================================Static Route Table (Router: Base)===============================================================================Prefix Tag Met Pref Type Act

Next Hop Interface-------------------------------------------------------------------------------2.2.2.0/24 0 1 5 NH Y

3.3.3.2 to-r22.2.2.0/24 0 1 200 NH N

1.1.1.2 n/a-------------------------------------------------------------------------------No. of Static Routes: 2===============================================================================

This command shows the static routes that have been configured on the router including both the active route and the backup route that was configured as a floating static route. Note the preference of 200 for the backup route and the fact that the route is indicated as "not active".

The "show router route-table" command shows only the routes that have been installed in the route table. These are the routes that will be used for forwarding, so the backup route is not shown. If the active route becomes unavailable, then the backup route will appear in the routing table.

Alcatel-Lucent C


ot Distribute



Static Route Verification — Show Command (continued)

2.2.2.0/24

3.3.3.1 3.3.3.2


A:R1# show router route-table 2.2.2.0/24

===============================================================================Route Table (Router: Base)===============================================================================Dest Prefix Type Proto Age Pref

Next Hop[Interface Name] Metric-------------------------------------------------------------------------------2.2.2.0/24 Remote Static 00h47m14s 5

3.3.3.2 1-------------------------------------------------------------------------------No. of Routes: 1===============================================================================

R1 R2

The example above shows the use of the “show router static-route” command as applied to the corporate router. Only the static routes are shown in the example. Note that the command specified the static route to network 2.2.2.0, so no other networks are shown.

Alcatel-Lucent C


ot Distribute



Static Routes — Ping Command

2.2.2.2

2.2.2.0/24

3.3.3.1 3.3.3.2Corporate Headquarters

R1# ping 2.2.2.2 detail

PING 2.2.2.2 56 data bytes

64 bytes from 2.2.2.2: icmp_seq=1 ttl=64 time<10ms.





---- 2.2.2.2 PING Statistics ----

5 packets transmitted, 5 packets received, 0.00% packet loss

round-trip min < 10ms, avg < 10ms, max < 10ms, stddev < 10ms

R1#

R1# ping 2.2.2.2 detail

PING 2.2.2.2 56 data bytes






---- 2.2.2.2 PING Statistics ----

5 packets transmitted, 5 packets received, 0.00% packet loss

round-trip min < 10ms, avg < 10ms, max < 10ms, stddev < 10ms

R1#

R1 R2

Syntaxping {ip-address | dns-name} [rapid | detail] [ttl time-to-live] [tos type-of-service] [sizebytes] [pattern pattern] [source ip-address] [interval seconds] [{next-hop ip-address} |

{interface interface-name} | bypass-routing] [count requests] [do-not-fragment] [router[router-name | service-id]

Context <GLOBAL>

Description This command is the TCP/IP utility to verify IP reachability.

Parameters ip-address | dns-name — The remote host to ping. ttl time-to-live — The IP TTL value to include in the ping request. The range is from 1 to 128.tos type-of-service — The ToS bits in the IP header of the packets. The range is from 0 to 255. size bytes — The size of the ping request packets in bytes. The default is 56 bytes.pattern pattern — A 16-bit pattern string to include in the ping packet, expressed as a decimal integer. source ip-address — The source IP address to use in the ping requests. The default is the egress interface.interval seconds — The interval in seconds between consecutive pings requests. The default is 1 second.next-hop ip-address — This option disregards the routing table and will send this packet to the specified next-hop address. interface interface-name — Specifies the interface name.bypass-routing — Send the ping request to a host in a directly attached network, bypassing routing.count requests — The number of pings sent to the remote host. The default is 5.do-not-fragment — Specifies that the request frame should not be fragmented.router router-name — Specifies the alphanumeric character string up to 32 characters.router service-id — Specifies a numeric string that identifies the service.

Note: The source IP address used for the ping command is the interface IP address when pinging a directly connected interface. The source is the system interface when pinging IP addresses that are multiple hops away. You can specify the source address when using the ping command to change this behavior.

Alcatel-Lucent C


ot Distribute



Static Routes — Traceroute Command

2.2.2.0/24

3.3.3.1 3.3.3.2


R1# traceroute 2.2.2.2

traceroute to 2.2.2.2, 30 hops max, 40 byte packets

1 3.3.3.2 <10 ms <10 ms <10 ms

2 2.2.2.2 <10 ms <10 ms <10 ms

R1# traceroute 2.2.2.2

traceroute to 2.2.2.2, 30 hops max, 40 byte packets

1 3.3.3.2 <10 ms <10 ms <10 ms

2 2.2.2.2 <10 ms <10 ms <10 ms

2.2.2.2

R1 R2

Syntax

traceroute {ip-address | dns-name} [ttl ttl] [wait milliseconds] [no-dns] [source ip-address] [tos type-of-service]

Context <GLOBAL>

Description This command is the TCP/IP traceroute utility to determine the route to a destination address. Note that cancelling a traceroute with the <Ctrl-C> command could require issuing a second <Ctrl-C> command before the prompt is returned.

Parameters ip-address | dns-name — The remote address to traceroute. The IP address or DNS name (if DNS name resolution is configured) can be specified.

ttl ttl — The maximum TTL value in the traceroute request. The range is from 1 to 255.

wait milliseconds — The time to wait for a response to a probe, in milliseconds. The range is from 1 to 60000.

no-dns — When specified, a DNS lookup for the specified host name is not performed.

source ip-address — The source IP address to use as the source of the probe packets.

tos type-of-service — The ToS bits in the IP header of the probe packets.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Do static routes have a higher or lower preference value than dynamic routes?

2. What is the command syntax to create a static route in the Alcatel-Lucent 7750 SR?

3. A router has a default route, a static route to 10.10.8.0/24, and a route to 10.8.0.0/14 learned from RIP. Which route is used for a packet with destination address 10.10.10.10?

Alcatel-Lucent C


ot Distribute




1. Do static routes have a higher or lower preference value than dynamic routes?

Static routes have a lower preference value (5 by default) than routes learned from any dynamic routing protocol. Therefore they are preferred.

2. What is the command syntax to create a static route in the Alcatel-Lucent 7750 SR?

configure router static-route 10.0.0.0/8 next-hop 172.16.43.28

3. A router has a default route, a static route to 10.10.8.0/24, and a route to 10.8.0.0/14 learned from RIP. Which route is used for a packet with destination address 10.10.10.10?

10.10.8.0/24 is the most specific entry, but does not match the destination. 10.8.0.0/14 matches the entire range from 10.8.0.0 through 10.11.255.255, therefore this route will be used. The default route is only used if no other route matches, since it is the least specific.

Alcatel-Lucent C


ot Distribute



Lab 2 — Configuration of Static and Default Routes

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

Alcatel-Lucent C


ot Distribute



Section Summary

This section covered:The reasons for using static and default routesConfiguration of static and default routesConfiguration of floating static routesVerification of a configured static route

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute

Module 3 – page 1Interior Routing Protocols and High Availability v1.2


Module 3 — Routing Information Protocol

Alcatel-Lucent C


ot Distribute



Module Objectives


Define how RIPv1 and RIPv2 workExplain the use of split horizon, poison reverse, and triggered updatesConfigure RIPv1 and RIPv2

Configure authentication for RIPv2Verify proper operation

Troubleshoot RIP routingShow commandsClear commandsPing and trace commands







Alcatel-Lucent C


ot Distribute


Routing Information Protocol (RIP)

Section 1 — Distance Vector Overview

Alcatel-Lucent C


ot Distribute



Section Objectives

Distance vector overviewSplit horizonRoute poisoningPoison reverseHold-down timers

Section 1 — Distance Vector Overview

This section discusses the attributes of a distance vector routing protocol. Specifically, the topics covered are:

Split horizon

Route poisoning

Poison reverse

Hold-down timers

Alcatel-Lucent C


ot Distribute



Distance Vector Overview

100 Mb/s

1 Gb/s

1 Gb/s 1 Gb/s

RTR-A RTR-B

RTR-C RTR-D

Routers send periodic updates to physically adjacent neighborsUpdates contain the distance (how far) and vectors (direction) for networks

Distance vector routing algorithms (Bellman-Ford) pass periodic copies of a routing table from router to router. Regular (timed-interval) updates between routers communicate topology changes.

Each router receives a routing table from its direct neighbor.

In the figure above, RTR-B receives information from RTR-A.

RTR-B uses the information received from RTR-A to recalculate its routing table.

RTR-B then sends its routing table to RTR-D.

This same step-by-step process occurs in all directions between neighboring routers.

Note: With distance vector, no routing table is transmitted beyond the immediate neighbor. In the example, RTR-D will never see a routing update sent directly from RTR-A.

The distance vector algorithm allows network metrics to accumulate and maintains a table showing the next hop for all destinations listed in the table.

Alcatel-Lucent C


ot Distribute



Distance Vector Overview (continued)

The router processes and compares the information contained in the routing update received with what is in its routing table.

Update from neighbor

Process

and compare

with routing

table

Periodic update

Sent to neighbor

routers

The figure above shows the step-by-step process with distance vector for updating all routers in an internet when a topology change occurs.

Each router sends its entire routing table to each of its adjacent neighbors. This table includes reachable addresses, values that represent the distance metric, and the IP address of the first router on the path to each network that it knows about.

As each router receives an update from its neighbor, it calculates a new routing table and transmits it to each of its neighbors at the next timed interval. In a very large network with many routers, this can take quite a while.

Alcatel-Lucent C


ot Distribute



Split Horizon

An adjacent router does not advertise networks back to the source of the network information.

RTR-A RTR-B RTR-CX

10.0.0.010.0.0.0 – 1 hop10.0.0.0 – 2 hops

Routing Table:10.0.0.0 – 1 hop

via 1/1/1

Routing Table:10.0.0.0 – 0 hops

via 1/1/1


via 1/1/1

Split horizon is a loop-avoidance technique for physically adjacent devices. In simplistic terms, split horizon states that an adjacent router will not re-advertise learned networks to the router that originally advertised the network.

Without this policy, routers would be susceptible to routing loops. If RTR-C lost network 10.0.0.0 and if RTR-B did not block re-advertisements to RTR-C, RTR-C might think that network 10.0.0.0 was accessible via RTR-B. This would cause a loop and a major disruption in traffic flow. To ensure that does not happen, all routers that run a distance vector protocol support split horizon.

Alcatel-Lucent C


ot Distribute



Route Poisoning

When a network goes away, the sourcing router sets the hop value to infinity and sends a triggered update to its neighbors.

RTR-A RTR-B RTR-C

10.0.0.010.0.0.0 – 16 hops10.0.0.0 – 16 hops


via 1/1/1


via 1/1/1


via 1/1/1

X


via 1/1/1

Routing Table:10.0.0.0 – 1 hop

via 1/1/1


via 1/1/1

Route poisoning is used to speed up convergence. When used in conjunction with triggered updates, the network converges more quickly. Route poisoning is performed by the router directly connected to the network that goes away. When it determines that the network is not accessible, the router sets the hop count to infinity (16 hops for RIP) and sends a message to all directly attached neighbors. These neighbors change their routing tables and forward the message to their neighbors on all other links. Keep in mind that split horizon still applies when a route poison advertisement is forwarded.

In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry and forwards the change to RTR-A. This ensures that all routers learn of the topology change, and by keeping the route in the routing table, decreases the possibility of creating a false path to network 10.0.0.0.

Alcatel-Lucent C


ot Distribute



Poison Reverse

Poison reverse is the only time that split horizon is violated. This helps to avoid loop creation when a network fails.

RTR-A RTR-B RTR-C

10.0.0.010.0.0.0 — 16 hops10.0.0.0 — 16 hops

X

10.0.0.0 — 16 hopsPoison reverse


Routing Table:10.0.0.0 — 16 hops

via 1/1/1


via 1/1/1


via 1/1/1Routing Table:

10.0.0.0 — 0 hopsvia 1/1/1

Routing Table:10.0.0.0 — 1 hop

via 1/1/1


via 1/1/1

Poison reverse is the only time that split horizon is violated in a distance vector routing protocol environment. The idea of poison reverse is to confirm to the preceding device that the update about a network going away has been recorded. This response to the originator also ensures that a loop-free topology is created.

In the example above, RTR-C’s link to network 10.0.0.0 fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry and forwards the change to RTR-A. RTR-B also sends a poison reverse message back out the interface that RTR-C’s message came in on. This ensures a loop-free topology. When RTR-A gets the route poisoning message from RTR-B, it too sends a poison reverse message back on the interface that the message was received on.

Alcatel-Lucent C


ot Distribute



Routing Table:10.0.0.0 – 16 hop –

Via 1/1/1


via 1/1/1


Via 1/1/0


via 1/1/1


Via 1/1/1


via 1/1/1

Hold-Down Timers

Hold-down timers provide time for other routers to converge and reduce loops from being created when a network fails.

RTR-A RTR-B RTR-C

10.0.0.010.0.0.0 — 16 hops10.0.0.0 — 16 hops

X

Hold-down timer180 seconds



Hold-down timers keep the failed network in the routing table, with the hop count set to infinity, for a predetermined interval (usually 180 seconds for RIP). This allows time for the other routers in the network to receive the topology change update without causing loops.

In the example above, RTR-C’s link to network 10.0.0.0 fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry by changing the metric to infinity, and it starts its hold-down timer. It does not remove the route until the hold-down timer has expired. This ensures that all routers learn of the topology change without causing a loop during convergence. Keeping the route in the routing table decreases the possibility of creating a false path to network 10.0.0.0.

Alcatel-Lucent C


ot Distribute




Via 1/1/0


via 1/1/1


Via 1/1/1


via 1/1/1


Via 1/1/0


via 1/1/1

Combined Loop Avoidance Techniques

Combined, all attributes function as follows:

RTR-A RTR-B RTR-C

10.0.0.010.0.0.0 — 16 hops10.0.0.0 — 16 hops

X






When combined, the mixture of route poisoning, poison reverse, triggered updates, and hold-down timers provides a robust loop avoidance technique for when routes fail in a network.

In the example above, RTR-C’s link to network 10.0.0.0 fails. RTR-C sets its routing entry to infinity, sets the hold-down timer, and sends an update to RTR-B. RTR-B changes its routing table entry, sets the hold-down timer, and forwards the change to RTR-A. RTR-B also sends a poison-reverse message back out the interface that RTR-C’s message came in on. When RTR-A gets the route-poisoning message from RTR-B, it also sends a poison-reverse message back on the interface that message was received on. In addition, RTR-A modifies the routing entry by setting it to infinity and invokes its hold-down timer.

Alcatel-Lucent C


ot Distribute



Exercise — Distance Vector Operation

rtr1

rtr3

rtr6rtr2

10.10.2.0/30

10.10.3.0/30

10.10.4.0/30

10.10.5.0/30

.2.2

.2

.2.1

.1

.1 .1

10.20.0.0/16

Show the RIP database and forwarding table for rtr2 after it has exchanged updates with its neighbors.

Alcatel-Lucent C


ot Distribute



Section Summary

This section discussed the following:Distance vector operationDistance vector terminology:

— Split horizon— Route poisoning— Poison reverse— Hold-down timers

Alcatel-Lucent C


ot Distribute



Section 2 — Basic RIP Configuration

Alcatel-Lucent C


ot Distribute



Section Objectives

RIP overviewComparison of RIPv1 and RIPv2Basic configuration of RIPVerification of operation

Section 2 — Basic RIP Configuration

This section discusses the basic operation of RIP and how to configure it on the Alcatel-Lucent 7750 SR. Following configuration, the commands for verification of operation are discussed.

Alcatel-Lucent C


ot Distribute



RIP Overview

Uses a hop-count metricSends updates of the routing table to neighborsMaximum of 15 hops; 16 hops equals infinity30-second advertisement interval by defaultAuthentication is available in RIPv2VLSM is supported by RIPv2

RIPv1 was originally outlined in June 1988 and is defined in RFC 1058.

RIP is an interior gateway protocol that uses a distance vector algorithm to determine the best route to a destination, using hop count as the metric. A hop is a network layer device, such as a router. For the protocol to provide complete information about routing, every router in the domain must participate in the protocol. RIP is a routing protocol based on a distance vector (Bellman-Ford) algorithm, which advertises network reachability by advertising the prefix/mask and the metric (also known as hop count or cost).

RIPv1 uses broadcast updates to advertise the networks. In the updates, the maximum number of networks that can be advertised per packet is 25. Therefore, if a router needs to advertise 30 networks to its peers, it sends 2 packets every 30 seconds. The first contains 25 network entries and the second contains the remaining 5 network entries. Alcatel-Lucent supports modification of this parameter to a maximum of 255 network entries per packet.

By default, RIP advertises all RIP routes to each peer every 30 seconds. In RIP, the hop metric is limited to a maximum value of 15 hops. Another way to look at this is that networks can be no more than 15 routers away. To indicate that a network is unreachable, the hop value is set to 16, which equates to infinity for RIP. Each router along the path increments the hop-count value by 1. The maximum number of hops in a path is 15. If a router receives a routing update with a metric of 15 and that contains a new or modified entry, increasing the metric value by 1 will cause the metric to increment to 16 (infinity), resulting in the destination being considered unreachable. The Alcatel-Lucent 7750 SR implementation of RIP uses split horizon with poison reverse to avoid such problems as “counting to infinity”. Split horizon with poison reverse means that routes learned from a neighbor through a given interface are advertised in updates out of the same interface but with a metric of 16 (infinity).

RIPv1 does not support any security or authentication mechanism. However, RIPv2 does support authentication.

The Alcatel-Lucent 7750 SR software supports RIPv1 and RIPv2. RIPv1 is a classful routing protocol. It assumes the following netmask information for non-local routes, based on the class the route belongs to:

Class A – 8-bit mask

Class B – 16-bit mask

Class C – 24-bit mask

Alcatel-Lucent C


ot Distribute



RIP Overview (continued)

100 Mb/s

1 Gb/s

1 Gb/s 1 Gb/s

RTR-A RTR-B

RTR-C RTR-D

RIP always chooses the path that has the fewest hops. Recall that a hop is a network-layer device. RIP does not take into account the bandwidth of the links or delays within the network-layer equipment.

In the example above, RTR-A will choose the path across the 100 Mb/s link because the number of hops is lower than taking the path via RTR-C. Although the path chosen is dramatically slower than the path via RTR-C, RIP is only concerned with the fewest hops to a destination network. If the link between RTR-A and RTR-B fails, the alternate link via RTR-C would then be taken.

RIP, a UDP-based protocol, sends updates to its directly attached neighbors, update their neighbors, and so on. Any router that runs RIP has a routing process that sends and receives RIP updates periodically on UDP port 520. A RIPv1 update can contain a maximum of 25 route advertisements and RIPv2 supports up to 255 routes per update. The format of RIPv1 and RIPv2 updates is slightly different. Additionally, RIPv1 updates are sent to a broadcast address whereas RIPv2 updates can be sent to either a broadcast or multicast address (224.0.0.9).

RIP is supported on all IP interfaces, including both network and access interfaces.

Alcatel-Lucent C


ot Distribute



RIPv1 vs. RIPv2

Multicast or broadcast updatesBroadcast updates

Supports authenticationDoes not support authentication

Manual route summarizationNo manual route summarization

Supports VLSM and CIDRDoes not support VLSM

Sends subnet mask in updatesNo subnet mask in updates

Classless routing protocolClassful routing protocol

Defined in RFCs 1721, 1722, and 2453Defined in RFC 1058

RIPv2RIPv1

RIPv2 is defined in RFCs 1721, 1722, and 2453.

Like RIPv1, RIPv2 is an IGP that uses a distance vector algorithm to determine the best route to a destination, using hop count as the metric. RIP is a routing protocol, based on a distance vector (Bellman-Ford) algorithm, that advertises network reachability by advertising the prefix/mask and the metric (also known as hop count or cost).

RIPv2 was written after CIDR was developed and transmits netmask information with every route. Because of the support for CIDR routes and other enhancements in RIPv2, such as triggered updates, multicast advertisements, and authentication, most production networks now use RIPv2.

RIPv2 supports subnet masks, a feature that was not available in RIPv1. A network address of 0.0.0.0 is considered a default route. A default route is used when it is not convenient to list every possible network in the RIP updates, and when one or more closely connected gateways in the system are prepared to handle traffic to the networks that are not listed explicitly. These gateways create RIP entries for the address 0.0.0.0 as if it were a network to which they are connected.

RIPv2 updates can be sent to a broadcast or multicast address (224.0.0.9). The Alcatel-Lucent 7750 SR defaults to using the broadcast address.

RIPv2 supports the use of a secure authentication mechanism to obtain table updates. The Alcatel-Lucent 7750 SR OS implementation enables the use of a simple password (plain-text) or MD5 authentication.

The Alcatel-Lucent 7750 SR OS allows you to specify the RIP version that is sent to RIP neighbors and RIP updates that are accepted and processed.

Alcatel-Lucent C


ot Distribute



RIP — Configuration and Implementation

Start

Configure RIP groupparameters

Turn up

Configure global RIPparameters

Configure policy statements (optional)

Configure router interfaces (assumed)

Configure RIP neighborparameters

RIP is configured in the config>router>rip context. The minimum RIP configuration must define one group and one neighbor. The parameters configured on the global level are inherited by the group and neighbor levels. Parameters can be modified and overridden on a level-specific basis. The RIP command hierarchy consists of three levels:

Global

Group

Neighbor

Many of the hierarchical RIP commands can be modified on different levels. The most specific value is used (i.e., commands and parameters configured on the global level are inherited by the group and neighbor levels although parameters configured on the group and neighbor levels take precedence over global configurations).

RIP — RIP is the global context for configuring a RIP protocol instance. When a RIP instance is created, the protocol is enabled by default.

Group — RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.

Neighbor — Specify an existing interface name of a neighbor to configuring a RIP neighbor interface. The local router imports all routes by default from the neighbor and does not advertise routes. This command can be issued multiple times to create multiple neighbor associations.

Alcatel-Lucent C


ot Distribute



RIP – Major Component Configuration

RouterInterface (assumed to be already complete)Route policies

RIPGroupNeighbor

RIP configuration commands have three primary configuration levels: rip for global configuration, group group-name for RIP group configuration, and neighbor ip-int-name for RIP neighbor configuration. Within the different levels, the configuration commands are identical. For the repeated commands, the command that is most specific to the neighboring router is in effect (i.e., neighbor settings have precedence over group settings, which have precedence over RIP global settings).

For a router to accept RIP updates, in the config>router>rip context, you must define at least one group and one neighbor. The Alcatel-Lucent 7750 SR ignores updates received from routers on interfaces that are not configured for RIP. Configuring other RIP commands and parameters is optional. By default, the local router imports all routes from this neighbor and does not advertise routes. The router receives both RIPv1 and RIPv2 update messages, with 25 to 255 route entries per message. This section provides information about configuring RIP and examples of common configuration tasks.

Unlike other IGP protocols supported in the Alcatel-Lucent 7750 SR series, RIP does not automatically redistribute routing information to its neighbors. To ensure that the local IP addresses are in the local database, you must configure a routing policy and apply it as a RIP export policy. However, if the intent is to pass RIP updates through a router and not to advertise the directly connected networks, policy configuration can be bypassed.

Interface — A logical IP routing interface. After this interface has been created, attributes such as IP address, port, link aggregation group, or system can be associated with the IP interface.

RIP — The context for configuring a RIP protocol instance. When a RIP instance is created, the protocol is enabled by default.

Group — RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.

Neighbor — Specify an existing interface name of a neighbor to configure a RIP neighbor interface. By default, the local router imports all routes from the neighbor and does not advertise routes. This command can be issued multiple times to create multiple neighbor associations.

Alcatel-Lucent C


ot Distribute



Creating a Routing Policy

To create a policy option for RIP, use the following command:

Context: config>router

Syntax: [no] policy-options

Example: config>router# policy-options

policy-options

Syntax [no] policy-options


Description This command enables the context for configuring routing policies. Routing policies are applied to the routing protocol. The no form of the command deletes the routing policy configuration.

Default none

Alcatel-Lucent C


ot Distribute



Creating a Routing Policy (continued)

To enter the edit mode for creating a policy option, use the following command:

Context: config>router>policy-options

Syntax: begin

Example: config>router>policy-options# begin

begin

Syntax begin

Context config>router>policy-options

Description This command is required to enter the mode to create or edit routing policies.

Default none

The begin command allows you to enter the edit syntax of the policy-options environment. This command is required to configure the specific attributes of the policy.

Alcatel-Lucent C


ot Distribute




To name the routing policy, use the following command:

Context: config>router>policy-options

Syntax: [no] policy-statement name

Example: config>router>policy-options# policy-statement “export rip”

policy-statement

Syntax [no] policy-statement name


Description This command creates the context for configuring a routing policy statement. Routing policy statements control the flow of routing information to and from a specific protocol or set of protocols or to a specific BGP neighbor. The policy-statement is a logical grouping of match and action criteria. A single policy-statement can affect routing in one or more protocols and/or one or more protocols’ peers (neighbors). A single policy-statement can also affect both the importing and exporting of routing information. The no form of the command deletes the policy statement.

Default no policy-statement — No routing policy statements are defined.

Parameters name — The routing policy statement name. The name can be any string up to 32 characters, composed of printable, 7-bit ASCII characters and excluding double quotation marks. If the string contains spaces, use double quotation marks to delimit the start and end of the string.

Alcatel-Lucent C


ot Distribute




Policy options are created as entries in the policy.To edit routing policy entries, use the following command:

Context: config>router>policy-options>policy-statement

Syntax: [no] entry entry-id

Example: config>router>policy-options>policy-statement# entry 10

entry

Syntax [no] entry entry-id

Context config>router>policy-options>policy-statement name

Description This command creates the context for editing routing policy entries in the routing policy statement. Multiple entries can be created using unique entries. The Alcatel-Lucent 7750 SR OS exits the filter when the first match is found and executes the specified action. For this reason, entries must be sequenced correctly from most to least explicit. An entry does not require matching criteria to be defined (in which case, everything matches) but must at least define an action to be considered complete. Entries without an action are considered incomplete and are rendered inactive. The no form of the command removes the specified entry from the routing policy statement.

Default none

Parameters entry-id – The entry ID, expressed as a decimal integer. An entry-id uniquely identifies match criteria and the corresponding action. It is recommended that multiple entries be given entry-ids in staggered increments. This allows users to insert a new entry in an existing policy without renumbering all existing entries.

Values 1 to 65535

Alcatel-Lucent C


ot Distribute




To define the routing protocol being advertised, use the following command:

Context: config>router>policy-options>policy-statement>entry

Syntax: [no] from protocol {protocol}

Example: config>router>policy-options>policy-statement>entry# from protocol direct

protocol

Syntax [no] protocol {protocol}

Context config>router>policy-options>policy-statement>entry>from

Description This command configures a routing protocol as a match criterion for a routing policy statement entry. This command is used for both import and export policies, depending how it is used. If no protocol criterion is specified, any protocol is considered a match. The no form of the command removes the protocol match criterion.

Default no protocol — Matches any protocol.

Parameters protocol — The protocol name to match on.

Valuesaggregate — Matches aggregated routes

bgp — Matches BGP routes

direct — Matches direct routes

isis — Matches IS-IS routes

ospf — Matches OSPF routes

rip — Matches RIP routes

static — Matches static routes

Alcatel-Lucent C


ot Distribute




The purpose of the policy is to accept routes into RIP. To define the action to be taken by the policy, use the following command:

Context: config>router>policy-options>policy-statement>entry

Syntax: [no] action {accept | next-entry | next-policy | reject}

Example: config>router>policy-options>policy-statement>entry# action accept

action

Syntax [no] action {accept | next-entry | next-policy | reject}

Context config>router>policy-options>policy-statement>entry

Description This command creates the context to configure actions to take for routes matching a routing policy statement entry. This command is required and must be entered for the entry to be active. A routing policy entry without the action command is considered incomplete and is rendered inactive. The no form of the command deletes the action context from the entry.

Default no action — No action is defined.

Parameters accept — Specifies that routes that match the entry match criteria will be accepted and propagated.

next-entry — Specifies that the specified actions will be made to the route attributes, and then policy evaluation will continue with the next policy entry (if any others are specified).

next-policy — Specifies that the specified actions will be made to the route attributes, and then policy evaluation will continue with the next routing policy (if any others are specified).

reject — next-policy — Specifies that the specified actions will be made to the route attributes, and then policy evaluation will continue with the next routing policy (if any others are specified).

Alcatel-Lucent C


ot Distribute




To save the configured policy-option, use the following command:

Context: config>router>policy-options#

Syntax: commit

Example: config>router>policy-options# commit

commit

Syntax commit


Description This command is required to save changes made to a routing policy.

Default none

Alcatel-Lucent C


ot Distribute



Configuring RIP

To access the RIP protocol instance, use the following command:


Syntax: [no] rip

Example: config>router# rip

NoteBefore RIP neighbor parameters can be configured, router interfaces must be configured.

RIP must be explicitly created for each router interface. There are no default RIP instances on the Alcatel-Lucent 7750 SR.

Rip

Syntax [no] rip


Description This command creates the context for configuring the RIP protocol instance.

When a RIP instance is created, the protocol is enabled by default.

Default no rip — No RIP protocol instance is defined.

Alcatel-Lucent C


ot Distribute



Applying a Routing Policy

When a policy has been created, use the following command to apply it to the RIP protocol for the advertisement of networks:

Context: config>router>rip

Syntax: [no] export policy-name [policy-name … up to a maximum of 5]

Example: config>router>rip# export “export rip”

export

Syntax [no] export policy-name [policy-name …up to a maximum of 5]

Context config>router>rip

config>router>rip>group group-name

config>router>rip>group group-name>neighbor ip-int-name

Description This command specifies the export routing policies that are used to determine which routes are exported to RIP. If no export policy is specified, non-RIP routes are not exported from the RTM to RIP. RIP-learned routes are exported to RIP neighbors. If multiple policy names are specified, the policies are evaluated in the order that they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered overrides the previous command. A maximum of five policy names can be specified.

The no form of the command removes all policies from the configuration.

Default no export — No export routing policies are specified.

Alcatel-Lucent C


ot Distribute



Configuring RIP (continued)

To define the group name, use the following command:


Syntax: [no] group group-name

Example: config>router>rip# group IGP

NoteBefore RIP neighbor parameters can be configured, router interfaces must be configured.

RIP must be explicitly created for each router interface. There are no default RIP instances on the Alcatel-Lucent 7750 SR.

Group

Syntax [no] group group-name


Description This command creates the context for configuring a RIP group of neighbor interfaces. RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces. The no form of the command deletes the RIP neighbor interface group. Deleting a group also removes the RIP configuration of all neighbor interfaces currently assigned to the group.

Default no group — No group of RIP neighbor interfaces is defined.

Parameters group-name — The RIP group name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters and excluding double quotation marks. If the string contains spaces, use double quotation marks to delimit the start and end of the string.

Alcatel-Lucent C


ot Distribute



Configuring RIP (continued)

To associate RIP with an interface, use the following command:

Context: config>router>group group-name

Syntax: [no] neighbor ip-int-name

Example: config>router>group# neighbor igp-4

neighbor

Syntax [no] neighbor ip-int-name

Context config>router>rip>group group-name

Description This command creates the context for configuring a RIP neighbor interface. By default, interfaces are not activated in an interior gateway protocol such as RIP unless they are explicitly configured. The no form of the command deletes the RIP interface configuration for the interface. The shutdown command in the config>router>rip>group group-name>neighbor ip-int-name context can be used to disable an interface without removing the configuration for the interface.

Default no neighbor — No RIP interfaces are defined.

Parameters ip-int-name — The IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters, composed of printable, 7-bit ASCII characters and excluding double quotation marks. If the string contains spaces, use double quotation marks to delimit the start and end of the string. If the IP interface name does not exist or does not have an IP address configured, an error message will be returned.

Alcatel-Lucent C


ot Distribute



Sample Configuration for RIP

Below is a sample configuration for invoking RIP:

config>router# policy-optionsconfig>router>policy-options# beginConfig>router>policy-options# policy-statement “export rip”Config>router>policy-options>policy-statement$ entry 10Config>router>policy-options>policy-statement>entry$ from protocol directConfig>router>policy-options>policy-statement>entry# action acceptConfig>router>policy-options>policy-statement>entry>action# exitconfig>router>policy-options# commitConfig>router# ripConfig>router>rip# export “export rip”Config>router>rip# group “IGP”Config>router>rip>group$ neighbor igp-4

In the sample configuration above, the router is configured with a policy for exporting all directly connected networks. The name of the policy is “export rip”. When the policy has been configured, the RIP process is initiated and the policy is associated with the process.

The next step is to associate the RIP process with a group and then associate the group with an interface.

By default, RIPv2 is enabled and the updates sent from the router are in RIPv2 format. Received routes can be RIPv1 or RIPv2 unless the router is specifically configured to accept only RIPv2 updates.

Alcatel-Lucent C


ot Distribute



Verifying RIP Operation

To view the RIP database, use the following command:

Context: show>router>rip

Syntax: database [ip-prefix [/mask] [longer] [peer ip-address]

Example: ALA-A# show router rip database

===============================================================================RIP Route Database===============================================================================Destination Peer Interface Met TTL Valid-------------------------------------------------------------------------------172.17.100.0/24 172.31.14.1 to-pe1 2 175 No172.17.100.0/24 172.31.24.2 to-pe2 1 173 Yes172.17.100.0/24 172.31.34.3 to-pe3 2 175 No172.17.200.0/24 172.31.14.1 to-pe1 3 175 No172.17.200.0/24 172.31.24.2 to-pe2 2 173 Yes172.17.200.0/24 172.31.34.3 to-pe3 3 175 No-------------------------------------------------------------------------------No. of Routes: 6===============================================================================

database

Syntax database [ip-prefix [/mask] [longer] [peer ip-address]

Context show>router>rip

Description This command lists all routes in the RIP database.

Output RIP Route Database output — The following table describes the RIP route database output fields:

Label DescriptionDestination The RIP destination for the route

Peer The router ID of the peer router

NextHop The IP address of the next hop

Metric The hop count to rate the value of different hops

Tag The value to distinguish between internal routes (learned by RIP) and external routes (learned from other protocols)

TTL How many seconds the specific route will remain in the routing table. When an entry reaches 0, it is removed from the routing

table

Valid Whether the route is valid or invalid

Alcatel-Lucent C


ot Distribute



Verifying of RIP Operation (continued)

To view RIP group information use the following command:


Syntax: group [group-name] [detail]

Example: ALA-A# show router rip group===========================================================================RIP Groups===========================================================================Group Adm Opr Send Recv Metric

Mode Mode In---------------------------------------------------------------------------Igp Up Up RIPv1 Both 1===========================================================================ALA-A#

group

Syntax group [group-name] [detail]


Description This command lists RIP group information.

Parameters group-name — Lists RIP group information for the specified group

detail — Lists detailed RIP group information

Output Standard RIP Groups Output — The following table describes the standard command output fields for a RIP group.

Label DescriptionGroup The RIP group nameAdm Down The RIP group is administratively down.Up The RIP group is administratively up.Opr Down The RIP group is operationally down.Up The RIP group is operationally up.Send Mode Bcast Specifies that RIPv2 is sent to the broadcast addressMcast Specifies that RIPv2 is sent to the multicast addressNone Specifies that no RIP messages are sent RIPv1 Specifies that RIPv1 is sent to the broadcast addressRecv Mode Both Specifies that all RIP updates will be acceptedNone Specifies that RIP updates will not be acceptedMetric In The metric value added to routes received

Alcatel-Lucent C


ot Distribute



Verifying RIP Operation (continued)

To view RIP neighbor information, use the following command:


Syntax: neighbors [ip-addr | ip-int-name] [advertised-routes | detail]

Example: ALA-A# show router rip neighbor===============================================================================RIP Neighbors===============================================================================Interface Adm Opr Primary IP Send Recv Metric

Mode Mode In-------------------------------------------------------------------------------to-ce4 Up Up 172.19.10.4 BCast Both 1to-pe1 Up Up 172.31.14.4 BCast Both 1to-pe2 Up Up 172.31.24.4 BCast Both 1to-pe3 Up Up 172.31.34.4 BCast Both 1-------------------------------------------------------------------------------No. of RIP Neighbors: 4===============================================================================

neighbors

Syntax neighbors [ip-addr | ip-int-name] [advertised-routes | detail]


Description This command lists RIP neighbor interface information.

Parameters ip-addr | ip-int-name — Lists information for the specified IP interface

Default all neighbor interfaces

advertised-routes — Lists the routes advertised to RIP neighbors. If no neighbors are specified, all routes advertised to all neighbors are displayed. If a neighbor is specified, only routes advertised to the given neighbor/interface are displayed.

Default display RIP information

Output Standard RIP Neighbors Output — The same options that apply to inbound packets also apply to outbound packets.

Alcatel-Lucent C


ot Distribute



Clear Commands for RIP

To clear the RIP database of routes, use the following command:

Context: clear>router>rip

Syntax: database

Example: ALA-A# clear router rip database

To clear the RIP statistics for neighbors, use the following command:

Context: clear>router>rip

Syntax: statistics [neighbor {ip-addr | ip-int-name}

Example: ALA-A# clear router rip statistics

There are only two clear commands for RIP.

database

Syntax database

Context clear>router>rip

Description This command clears all routes from the RIP database.

statistics

Syntax statistics [neighbor {ip-addr | ip-int-name}]

Context clear>router>rip

Description This command clears statistics for RIP neighbors.

Parameters neighbor {ip-addr | ip-int-name} – Clears statistics for the specified RIP interface.

Default clears statistics for all RIP interfaces

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the maximum hop count for RIP?

2. What must be configured along with RIP for updates to be sent by the Alcatel-Lucent 7750 SR?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the maximum hop count for RIP?

1. The maximum hop count is 15. 16 is considered infinity

2. What must be configured along with RIP for updates to be sent by the Alcatel-Lucent 7750 SR?

1. A routing policy is required. Otherwise local routes will not be advertised.

Alcatel-Lucent C


ot Distribute



Section Summary

This section discussed:Basic RIP operationBasic RIP configuration requirementsConfiguration of RIPv1Verification of RIP operation

Alcatel-Lucent C


ot Distribute



LAB 3.1 — Basic RIP Configuration

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

RIP

Alcatel-Lucent C


ot Distribute



Section 3 — Additional RIP Configuration

Alcatel-Lucent C


ot Distribute



Section Objectives

RIPv1 and RIPv2 specific parametersConfiguration of authenticationOther configuration parameters

Section 3 — Additional RIP Configuration

This section covers additional aspects of RIP configuration. The Alcatel-Lucent 7750 SR uses RIPv2 and sends updates to the broadcast address by default; these actions can be changed with configuration commands.

The configuration of authentication for RIPv2 is covered in this section. RIP timers can be reset, timer values modified, and policies defined to control the distribution of routes. These and other parameters that affect the operation of RIP are also covered in this section.

Alcatel-Lucent C


ot Distribute



Configuring RIP

To specify RIPv1, use the following command:


Syntax: [no] send {broadcast | multicast | none | version-1}

Example: config>router>group# send version-1

By default, RIPv2 updates are sent.

By default, the Alcatel-Lucent 7750 SR sends RIPv2 updates. To enable RIPv1, you must specifically run RIPv1 on a group or interface.

send

Syntax send {broadcast | multicast | none | version-1}no send


config>router>rip>group group-nameconfig>router>rip>group group-name>neighbor ip-int-name

Description This command specifies the type of RIP messages that are sent to RIP neighbors.

If version-1 is specified, the router need only listen for and accept packets that are sent to the broadcast address. This control can be issued at the global, group, or interface level. The no form of the command reverts to the default value.

Default send broadcast — RIPv2 formatted messages are sent to the broadcast address.

Parameters broadcast — Specifies that RIPv2 formatted messages are sent to the broadcast address

multicast — Specifies that RIPv2 formatted messages are sent to the multicast address

none — Specifies not to send any RIP messages (i.e., silent listener)

version-1 — Specifies that RIPv1 formatted messages are sent to the broadcast address

Alcatel-Lucent C


ot Distribute



Using Multicast

To use multicast for RIP updates, use the following command:




Syntax: [no] send {broadcast | multicast | none | version-1}

Example: config>router>rip# send multicast

By default, RIP updates are broadcast.

send

Syntax [no] send {broadcast | multicast | none | version-1}




Description This command specifies the type of RIP messages sent to RIP neighbors. If version-1 is specified, the router need only listen for and accept packets that are sent to the broadcast address. This control can be issued at the global, group, or interface level. The no form of the command reverts to the default value.

Default send broadcast — RIPv2 formatted messages are sent to the broadcast address.

Parameters

broadcast — Specifies that RIPv2 formatted messages are sent to the broadcast address

multicast — Specifies that RIPv2 formatted messages are sent to the multicast address

none — Specifies not to send any RIP messages (i.e., silent listener)

version-1 — Specifies that RIPv1 formatted messages are sent to the broadcast address

Alcatel-Lucent C


ot Distribute



RIPv2 Updates Only

To accept only RIPv2 updates, use the following command:




Syntax: [no] receive {both | none | version-1 | version-2}

Example: config>router>rip# receive version-2

By default, the Alcatel-Lucent 7750 SR processes both RIPv1 and RIPv2.

receive

Syntax [no] receive {both | none | version-1 | version-2}




Description This command configures the type of RIP updates that will be accepted and processed. If both or version-2 is specified, the RIP instance listens for and accepts packets that are sent to the broadcast and multicast (224.0.0.9) addresses. If version-1 is specified, the router only listens for and accepts packets that are sent to the broadcast address. This control can be issued at the global, group, or interface level. The default behavior is to accept and process both RIPv1 and RIPv2 messages. The no form of the command reverts to the default value.

Default receive both

Parameters

both — Specifies that RIP updates in version 1 or version 2 format will be accepted

none — Specifies that RIP updates will not be accepted

version-1 — Specifies that RIP updates in version 1 format only will be accepted

version-2 — Specifies that RIP updates in version 2 format only will be accepted

Alcatel-Lucent C


ot Distribute



RIP Message Size



Syntax: [no] message-size max-num-of-routes

Example: config>router>rip# message-size 200

The default message size is 25 networks per packet (maximum supported by RIPv1).Up to 255 networks per packet can be configured (maximum supported by RIPv2).

To modify the number of networks per packet, use the following command:

message-size

Syntax [no] message-size max-num-of-routes




Description This command configures the maximum number of routes per RIP update message. The no form of the command reverts to the default value.

Default message-size 25 — A maximum of 25 routes per RIP update message

Parameters max-num-of-routes — The maximum number of RIP routes per RIP update message, expressed as a decimal integer

Values 25 to 255

Alcatel-Lucent C


ot Distribute



Authentication

To configure authentication, use the following command (RIPv2 only):




Syntax: [no] authentication-type {none | password | message-digest}

Example: config>router>rip# authentication-type password

When you configure authentication, ensure that all devices that use RIP are configured with the same type of authentication and the same authentication key. Case sensitivity is important when you configure authentication keys.

authentication-type

Syntax [no] authentication-type {none | password | message-digest}




Description This command sets the type of authentication to be used between RIP neighbors. The type and password must match exactly for the RIP message to be considered authentic and processed.

Default no authentication-type — No authentication is enabled.

Parameters none — The none parameter explicitly disables authentication at a given level (global, group, or neighbor). If the command does not exist in the configuration, the parameter is inherited.

password — Specify password to enable simple password (plain-text) authentication.

message-digest — Configures MD5 authentication in accordance with RFC 1321. If this option is configured, at least one message-digest-key must be configured.

Alcatel-Lucent C


ot Distribute



Authentication (continued)

To configure authentication, use the following command:

Context: config>router>ripconfig>router>rip>group group-name


Syntax: [no] authentication-key [authentication-key | hash-key] [hash | hash2]

Example: config>router>rip# authentication-key Alcatel

When you configure authentication, ensure that all devices that use RIP are configured with the same type of authentication and the same authentication key. Case sensitivity is important when you configure authentication keys.

authentication-key

Syntax [no] authentication-key [authentication-key | hash-key] [hash | hash2]

Context config>router>ripconfig>router>rip>group group-nameconfig>router>rip>group group-name>neighbor ip-int-name

Description This command sets the authentication password to be passed between RIP neighbors. The authentication type and authentication key must match exactly for the RIP message to be considered authentic and processed. The no form of the command removes the authentication password from theconfiguration and disables authentication.

Default no authentication-key – No authentication key is configured.Parametershash — Specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear-text form.

hash2 — Specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.

Alcatel-Lucent C


ot Distribute



Split Horizon



Syntax: [no] split-horizon {enable | disable}

Example: config>router>rip# split-horizon disable

The default is for split-horizon to be enabled, causing the router to send a poisoned entry out the interface the route was learned onThe disable parameter removes poison reverse on split horizon so the router does not advertise the routes out the interface they were learned from.

To disable split horizon poison reverse, use the command:

split-horizon

Syntax [no] split-horizon {enable | disable}




Description This command enables or disables poison reverse with split horizon. (Perhaps the command should have been called “poison-reverse” instead of “split-horizon”). The split-horizon disable command enables split horizon without poison reverse. This allows routes to be re-advertised on interfaces other than the interface that learned the route, with the advertised metric equal to an increment of the metric-in value. This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group), or neighbor level (only applies to the specified neighbor interface).

Default enabled

Parameters enable — Specifies that split horizon and poison reverse are enabled. A poisoned entry for the route (metric 16) will be advertised out the interface the route was learned on.

disable — Specifies that split horizon poison reverse is disabled meaning routes will not be advertised out the interface on which they were learned.

Alcatel-Lucent C


ot Distribute



Update Timers

To modify RIP timers, use the following command:



Syntax: [no] timers update timeout flush

Example: config>router>rip# timers 30 180 120

The defaults are 30 (update), 180 (timeout), and 120 (flush). All routers should have the same timers set to ensure proper communication.

timers

Syntax [no] timers update timeout flush




Description This command configures values for the update, timeout, and flush RIP timers. The RIP update timer determines how often RIP updates are sent. If the router is not updated by the time the RIP timeout timer expires, the route is declared invalid. A route is also considered invalid if a poison update is received from a neighbor. The RIP flush timer determines how long a route is maintained in the RIP database after it has been declared invalid.

Default timers 30 180 120 — The RIP update timer is set to 30 seconds, the timeout timer is set to 180 seconds, and the flush timer is set to 120 seconds.

Parameters update — The RIP update timer value in seconds, expressed as a decimal integer

Values 1 to 600

timeout — The RIP timeout timer value in seconds, expressed as a decimal integer

Values 1 to 1200

flush — The RIP flush timer value in seconds, expressed as a decimal integer

Values 1 to 1200

Alcatel-Lucent C


ot Distribute



Setting the Preference Value

To change the preference value for RIP, use the following command:



Syntax: [no] preference preference

Example: config>router>rip# preference 100

The default preference value for RIP is 100. Changing the preference alters how the router determines which path to take if multiple protocols are running simultaneously.

preference

Syntax [no] preference preference




Description This command configures the preference for RIP routes. A route can be learned by the router from different protocols, in which case the costs are not comparable. When this occurs, the preference is used to decide which route will be used. If multiple routes are learned with an identical preference using the same protocol, the lowest-cost route is used.

Default preference 100 — The preference value is 100 for RIP routes.

Parameters preference — The preference for RIP routes, expressed as a decimal integer. Defaults for different route types are listed on the next page.

Values 1 to 255

Alcatel-Lucent C


ot Distribute



Default Preference Values

Route preference defaults by route type:



Yes150OSPF external

Yes100RIP



Yes10OSPF internal

Yes5Static

No0Direct


The slide above lists the default preference values used by the Alcatel-Lucent 7750 SR. Note that RIPv1 and RIPv2 share the same default preference of 100. The lower the preference, the more trusted the information is considered to be.

Like all supported protocols, RIP allows for the preference value to be modified. When modified, the route selection process and subsequent path selection for the routing table are affected. Use caution when using this command so that suboptimal routing does not occur.

Alcatel-Lucent C


ot Distribute



Altering Inbound Metrics

To alter the inbound metric, use the following command:




Syntax: [no] metric-in metric

Example: config>router>rip# metric-in 12

The default is to add a value of 1 hop to received routes.This allows for increasing the value to a higher number for engineering reasons.

metric-in

Syntax [no] metric-in metric




Description This command configures the metric that is added to routes received from a RIP neighbor. When an export policy is applied to a RIP configuration, the policy overrides the metric values determined using calculations that involve the metric-in and metric-out values. The no form of the command reverts to the default value.

Default metric-in 1 — Add 1 to the metric of routes received from a RIP neighbor.

Parameters metric — The value added to the metric of routes received from a RIP neighbor, expressed as a decimal integer

Values 1 to 16

Alcatel-Lucent C


ot Distribute



Altering Outbound Metrics

To alter the outbound metric, use the following command:




Syntax: [no] metric-out metric

Example: config>router>rip# metric-out 12

The default is to add a value of 1 hop to non-RIP routes exported via RIP.This allows for increasing the value to a higher number for engineering reasons.

metric-out

Syntax [no] metric-out metric




Description This command configures the metric that is assigned to routes exported into RIP and advertised to RIP neighbors. When an export policy is applied to a RIP configuration, the policy overrides the metric values determined using calculations that involve the metric-in and metric-out values. The no form of the command reverts to the default value.

Default metric-out 1 — Routes exported from non-RIP sources are assigned a metric of 1.

Parameters metric — The value added to the metric for routes exported into RIP and advertised to RIP neighbors, expressed as a decimal integer

Values 1 to 16

Alcatel-Lucent C


ot Distribute



Import Command

To apply import filters, use the following command:



Syntax: [no] import policy-name [policy-name …up to a maximum of 5]

Example: config>router>rip# import internal

The default is that no import policies are applied.Using this command filters updates from neighbors as they are received.

import

Syntax [no] import policy-name [policy-name …up to a maximum of 5]




Description This command configures import routing policies to determine which routes are accepted from RIP neighbors. If no import policy is specified, RIP accepts all routes from configured RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics. If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered overrides the previous command. A maximum of five policy names can be specified. The no form of the command removes all policies from the configuration.

Default no import — No import route policies are specified.

Parameters policy-name — The import routing policy name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters and excluding double quotation marks. If the string contains spaces, use double quotation marks to delimit the start and end of the string.

Alcatel-Lucent C


ot Distribute



Export Command

To apply export filters, use the following command:



Syntax: [no] export policy-name [policy-name …up to a maximum of 5]

Example: config>router>rip# export outbound

The default is that no export policies are applied.Using this command filters updates to neighbors as they are sent out.

export

Syntax [no] export policy-name [policy-name …up to a maximum of 5]




Description This command specifies the export routing policies that are used to determine which routes are exported to RIP. If no export policy is specified, non-RIP routes are not exported from the RTM to RIP. RIP-learned routes are exported to RIP neighbors. If multiple policy names are specified, the policies are evaluated in the order that they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered overrides the previous command. A maximum of five policy names can be specified. The no form of the command removes all policies from the configuration.

Default no export – No export routing policies are specified.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the default number of network entries per packet in a RIP update?

2. By default, does RIPv2 send multicast or broadcast updates?

3. What is the default version of RIP on the Alcatel-Lucent 7750 SR?

4. If one authentication password is configured at the rip level and another at the group level, what effect does this have on the exchange of updates with other routers?

Alcatel-Lucent C


ot Distribute



Learning Assessment (answers)

1. What is the default number of network entries per packet in a RIP update?

The default is 25 network entries per packet. This can be set to a value between 1-255.

2. By default, does RIPv2 send multicast or broadcast updates?

By default RIPv2 sends broadcast updates. However, this can be changed to multicast .

3. What is the default version of RIP on the Alcatel-Lucent 7750 SR?

By default, the 7750 sends RIPv2 updates and receives both RIPv1 and RIPv2.

4. If one authentication password is configured at the rip level and another at the group level, what effect does this have on the exchange of updates with other routers?

The password configured at the group level will be used in updates sent on those interfaces. The password configured at the rip level will be used for the remaining interfaces.

Alcatel-Lucent C


ot Distribute



Module Summary

This section discussed:How RIPv1 and RIPv2 workThe purpose and operation of split horizon, poison reverse, and triggered updatesHow to configure RIPv1 and RIPv2How to troubleshoot RIP routing

Alcatel-Lucent C


ot Distribute



Lab 3.2 — Additional RIP Configuration

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

RIP

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute



Module 4 – Link-State Protocols

Alcatel-Lucent C


ot Distribute



Module Objectives

This module will discuss the basic concepts of link-state protocols and their attributes:

Comparison between distance vector and link stateCommon attributes of link-state protocolsPropagation of updates in a link-state environmentDefinition of the types of databases that are created in link-state protocols







Alcatel-Lucent C


ot Distribute



Distance vectorDistance vector Link stateLink state

•Views the network topology from the neighbor’s perspective

•Adds distance vectorsfrom router to router

•Frequent, periodic updates:slow convergence

•Passes copies of the routingtable to neighbor routers

•Views the network topology from the neighbor’s perspective

•Adds distance vectorsfrom router to router

•Frequent, periodic updates:slow convergence

•Passes copies of the routingtable to neighbor routers

•Has a common view of theentire network topology

•Calculates the shortestpath to other routers

•Event-triggered updates:faster convergence

•Passes link-state routingupdates to other routers

•Has a common view of theentire network topology

•Calculates the shortestpath to other routers

•Event-triggered updates:faster convergence

•Passes link-state routingupdates to other routers

Distance Vector vs. Link State

Link state and distance vector can be compared in several key areas:

Distance vector views and learns everything as "next hop“. Link state obtains a wide view of the entire internetwork topology by accumulating information about all links in the network.

Distance vector determines the best path by adding to the metric value that it receives as tables move from router to router. With link state, each router calculates its own shortest path to destinations.

Distance vector is a daisy chain of tables that are passed using periodic table updates. This leads to slow convergence, particularly in large networks.

With link state, updates are triggered by topology changes. Relatively small LSPs are passed to all other routers or to a multicast group of routers, which usually results in faster time to converge.

Alcatel-Lucent C


ot Distribute



Link State Overview

Classless routing protocol

Sends subnet mask in update

Supports VLSM, CIDR, and manual route summarization

Supports authentication

Maintains multiple databases

Sends updates using multicast addressing

Link state-driven updates, periodic hellos

Link-state protocols have the following common attributes:

Link-state protocols trigger an update when a link (interface) changes state. The router connected to the link initiates a triggered update to its neighbors, notifying them of the topology change. If the network is stable and no changes in links are detected, the routers send periodic hello messages to maintain connectivity without having to consume excessive bandwidth.

A common attribute shared by link-state protocols is that they are classless and support all the common attributes of a classless routing protocol.

Because link-state protocols are classless, updates contain the subnet mask of each network being advertised. This allows for more optimum network design and accurate path selection.

VLSM and CIDR are supported in all link-state protocols.

Due to the classless aspects of link-state protocols, manual summarization is actively supported. This allows network administrators to have much more control of where and how the summarization takes place.

All modern link-state protocols support authentication of the updates that are sent between the routers. This ensures that accurate network topologies are created without false information or errors.

Link-state protocols maintain three common databases: topology (link-state DB), neighbor (adjacency DB), and routing table (forwarding DB).

Modern link-state protocols use a multicast address to convey updates and hellos to their neighbor link-state routing peers. This reduces processing on devices in the network that are not running the link-state protocol.

Alcatel-Lucent C


ot Distribute



Link State Overview (continued)

Link = An interfaceState = Active or inactive interface, costIS-IS and OSPF are link-state protocolsMore complex than distance vectorFaster convergenceTriggered updatesThree databases:

Adjacency – neighbor databaseTopology – link-state databaseRouting – forwarding database

Link-state, also known as SPF, maintains a complex database of topology information. Whereas distance vector has nonspecific information about distant networks and no knowledge of distant routers, link state maintains full knowledge of distant routers and how they interconnect. OSPF and IS-IS are examples of link-state routing protocols.

LSPs are used to transmit the information necessary to build a topological database, which is used by the SPF algorithm to construct an SPF tree, as well as a routing table of paths and ports for each network. When a link-state topology changes, the routers must become aware of the change and send information to other routers or to a designated router that all other routers can use for updates. This involves the propagation of common routing information to all routers in the network. To achieve convergence, each router does the following:

Keeps track of its neighbors

Constructs an LSP that lists neighbor router names and link metrics (cost) (this includes new neighbors, change metrics, and links to neighbors that have gone down)

Sends out the LSP so that all routers receive it

When it receives an LSP, records the LSP in its database so that it can store the most recent LSP received

Using the accumulated LSP data to construct a complete network topology, proceeds from the common starting point for the SPF algorithm and compute routes to every network

Each time an LSP causes a change to the link-state database, the link-state algorithm recalculates the best paths and updates the routing table.

Alcatel-Lucent C


ot Distribute




Adjacency database

Direct links of RTR-ADirect links of RTR-BDirect links of RTR-C

Link-state databaseForwarding database

Adjacency databaseRTR-B – on 1/1/2RTR-C – on 1/1/1

Forwarding Database2.2.2.0/24 via 1/1/2

LSDB

RTR - A

RTR - C

RTR - B

Network2.2.2.0/24

1/1/2

1/1/1

Link-state protocols keep three databases in the routers:

The adjacency database, sometimes called the neighbor database, keeps track of all other routers that are directly attached and passing link-state routing information. The adjacency database is maintained with periodic hello messages.

The LSDB has all learned paths to all the destination networks. This database is used to create the SPF tree that ultimately creates the routing table.

The routing table, sometimes called the forwarding database, is used by the router to accurately forward IP packets to the destination network.

Alcatel-Lucent C


ot Distribute




Routing table10.0.0.0/8 via 2.2.2.1

…

Routing table10.0.0.0/8 via 2.2.2.1

…

Rtr-1 link infoRtr-2 link infoRtr-3 link info

…

Rtr-1 link infoRtr-2 link infoRtr-3 link info

…

Step 1 – Updates received from peers

Step 2 – Topology databasecreated

Step 3 – SPF algorithm determines the best

path to destination networksStep 4 – Routing

table created

10.0.0.0/8Via 2.2.2.1 Cost 10 – BEST

Via 3.3.3.1 Cost 20 …

10.0.0.0/8Via 2.2.2.1 Cost 10 – BEST

Via 3.3.3.1 Cost 20 …

10.0.0.0/8

3.3.3.0/30

.1.2

2.2.2.0/30

.2.1

A link-state protocol, also known as SPF, maintains a complex database of topology information.

A distance-vector protocol has nonspecific information about distant networks and no knowledge of distant routers, whereas a link-state protocol maintains full knowledge of distant routers and how they interconnect.

Alcatel-Lucent C


ot Distribute



Exchanging Link-State Information

A B C D

R1 Link-state packetR1 Link-state packet

AA 1010

BB 1010

R1 R2 R3


BB 1010

CC 1010


CC 1010

DD 1010

Routers exchange LSPs with each other. Each begins with directly connected networks for which it has direct link-state information.

Network discovery for link-state routing uses the following processes:

Routers exchange LSPs with each other. Each router begins with directly connected networks for which it has direct link-state information. The router floods its link-state information to other routers in the network.

Alcatel-Lucent C


ot Distribute



Building a Topological Database

A B C DR1 R2 R3


AA 1010

BB 1010


BB 1010

CC 1010


CC 1010

DD 1010


AA 1010

BB 1010


BB 1010

CC 1010


CC 1010

DD 1010


AA 1010

BB 1010


BB 1010

CC 1010


CC 1010

DD 1010

Network discovery for link-state routing uses the following processes (continued):

Each router constructs a topological database that consists of the link-state information from the other routers in the network.

Alcatel-Lucent C


ot Distribute



Calculating the SPF Tree and Populating the Routing Table

A B C DR1 R2 R3


AA 1010

BB 1010


BB 1010

CC 1010


CC 1010

DD 1010

SPF tree

SPF

R1Routing

table

R1Routing

table

1

2

3

Network discovery for link-state routing uses the following processes (continued):

1.The SPF algorithm computes network reachability by determining the shortest path to the other networks in the link-state network.

2.The router constructs this logical topology of shortest paths as a tree with itself as root.

3.The router lists its best paths and the ports for these destination networks in the routing table. It also maintains additional topology elements and status information.

When these processes are complete, normal routing of packets can begin.

Alcatel-Lucent C


ot Distribute



SPF Algorithm

R1

10.0.0.0/8 (net1)

5

10

100

R3

R2

R1, R2, 5R1, R3, 10R2, R1, 5R2, R3, 100R3, R1, 10R3, R2, 100R3, net1, 0

R1 LSDB

In an OSPF network such as the one above, all routers exchange link-state information and collect the information about every router’s links in the link-state database. From this database, the SPF calculation is made to populate the routing table.

Alcatel-Lucent C


ot Distribute



SPF Algorithm (continued)

R1

10.0.0.0/8 (net1)

5

10

100

R3

R2 R1, R1, 0R1, R2, 5R1, R3, 10

10R3, net1, 05

R1, R1, 0R1, R2, 5R1, R3, 10R3, net1, 0

——6

R1, R1, 0R1, R2, 5

10105

R1, R3, 10R2, R3, 100

4

R1, R1, 0R1, R2, 5

10R1, R3, 103

R1, R1, 0510

R1, R2, 5R1, R3, 10

2

R1, R1, 0——1

SPF treeCost to rootCandidateStep

From the link-state database shown on the previous slide, the SPF calculation is used to construct the SPF tree, which contains the shortest path to each destination in the network. The creation of the routing table from the SPF tree is straightforward.

The steps for calculating the SPF tree on R1 are as follows:

R1 puts itself as the root of the SPF tree.

Neighbors of R1 that are not already in the SPF tree are added to the candidate list.

The candidate neighbor {R1, R2, 5} with the lowest cost to the root (R2) is added to the SPF tree.

Neighbors of R2 that are not in the SPF tree are added to the candidate list. {R2, R3, 100} is removed from the candidate list because the cost to this destination is higher than the cost for another candidate in the list.

The candidate neighbor {R1, R3, 10} with the lowest cost is moved to the SPF tree. All this candidate’s neighbors are moved to the list.

The lowest-cost candidate is moved to the SPF tree. Because there are no more candidates in the list, the algorithm is terminated. The SPF tree is complete.

Alcatel-Lucent C


ot Distribute



Exercise – SPF

rtr4

rtr2

rtr1

rtr3

rtr5

805

20

20

20

10

Given the topology above, show the LSDB for rtr1. Using this LSDB, perform the SPF calculation for the network.

Alcatel-Lucent C


ot Distribute



Link State – Topology Change

Run SPFUpdateroutingtable






Topologychange

Topologychange

Link-state updates are driven by topology changes.

Link-state information

When a router recognizes a topology change (link down, neighbor down, new link, or new neighbor), it must notify its neighbors. To do this, each link-state router does the following:

The router that recognizes the change sends out new link-state information that reflects the change.

When a router receives new link-state information, it populates the information in its topological database and passes it on to its neighbors.

The SPF algorithm is run against the new topological database to update the routing table with the new information.

Every time there is a topology change that causes an update to the topological database, the SPF algorithm must be run.

Alcatel-Lucent C


ot Distribute



Flooding

Link-state information is flooded to other routers in the network.

Link-state information

Link-state information is sent during topology changes and periodically to insure topological database synchronization.

LSAs are sourced by the router that is connected to the link that changes.

LSAs are flooded by all other routers.

LSAs are transmitted at each link-state change.

Topological database synchronization relies on the flooding of link-state information throughout the link-state domain.

This must be a reliable procedure.

Routers must also have a way to determine if the link-state information they are receiving is more recent than the information that is already in the database. There must also be a mechanism to determine if the link-state information should be forwarded to neighbors or dropped. Without such a mechanism in place, the link-state information could be flooded indefinitely.

Alcatel-Lucent C


ot Distribute



Acknowledgments

Routers must receive ACKs that updates are received by their neighbors. If an ACK is not received, the link-state information is retransmitted.

ACKLink-state information

ACKs make the flooding procedure reliable, which helps to ensure that the topological database is synchronized.

Alcatel-Lucent C


ot Distribute



Sequence Numbers

Sequence numbers must be included in the link-state information.

Without sequence numbers, the link-state information could be flooded indefinitely. The sequence number remains the same, router-to-router, during the flooding process.

In a link-state environment, routers use the sequence numbers for the following decisions when they receive link-state updates:

If the sequence number is lower than the one in the database, the link-state information is discarded.If the sequence number is the same as the one in the database, an ACK is sent. The link-state information is then discarded.If the sequence number is higher, the link-state information is populated in the topological database, an ACK is sent, and the link-state information is forwarded to its neighbors.

Alcatel-Lucent C


ot Distribute



Sequence Numbers (continued)

A B C D


Seq=2Seq=2

R1 R2 R3


Seq=1Seq=1R1 Link-state packetR1 Link-state packet

Seq=1Seq=1

A B C D


Seq=2Seq=2

R1 R2 R3


Seq=2Seq=2R1 Link-state packetR1 Link-state packet

Seq=1Seq=1

R1 generates new link-state information for network A. It increments the sequence number and sends the link-state information to its neighbor. On receiving the link-state information, R2 checks the sequence number and sees that it is newer. R2 populates is topological database and floods the link-state information to its neighbor.

Alcatel-Lucent C


ot Distribute



Sequence Numbers (continued)

B C

D

R2 R3

A

F E

R5 R4R6

R1

Z

R1 receives 2 copies of the link-state information for network Z.

— R1 must decide what to do with the second copy of the link-state information it receives.

Cost 20 Cost 20

Cost 10Cost 10

Cost 10 Cost 10

R1 receives link-state information via R2 first. It populates its topological database with the newly received link-state information. Link-state information is then received from R6. R1 must compare the link-state information with the information it already has in its database. R1 can see that the sequence numbers are the same. It therefore discards the link-state information and does not forward it to R2.

This process stops the link-state information from being flooded indefinitely.

In the same example, if network Z comes up immediately after it goes down, the sequence number is incremented again. For some reason, the link-state information about network Z going down, with a sequence number of 2, is delayed via R4-R3-R2-R1. The link-state information for network Z being available, with a sequence number of 3, arrives at R1 via R4-R5-R6-R1 first. When the delayed link-state information with a sequence number of 2 arrives, R1 compares it with the link-state information it has in its topological database. R1 determines that the link-state information is older and therefore discards it.

Alcatel-Lucent C


ot Distribute



Link-State Information Aging

Link-state information includes an age field.The age of newly created link-state information is set to 0 for OSPF and 1200 for IS-IS. It is incremented by every hop during the flooding procedure for OSPF and is decremented for IS-IS. The link-state age is also incremented for OSPF and decremented for IS-IS as it is held in the topological database.

Maximum ageWhen the link-state information reaches its maximum age, it is no longer used for routing. The link-state information is flooded to the neighbors with the maximum age, and the link-state information is removed from the topological database.

Alcatel-Lucent C


ot Distribute



Link State Packet Processing

A router deals with topology changes as follows:

LSU/LSPIs entry in

LSDB?

Sequence No.

same?Send ACK

End

No No

No

Yes Yes

Yes

Add to LSDB

Send ACK

Flood LSU

Run SPF

Is sequence number higher

than one inLSDB?

Send LSU back with newer information

Alcatel-Lucent C


ot Distribute



Hierarchy in Link-State Networks

Scalability issues exist for link-state networks:The size of the link-state database increases exponentially with the size of the network.The complexity of the SPF calculation also increases exponentially.A topology change requires complete recalculation of the forwarding table on every router.

Hierarchy allows a large routing domain to be split into several smaller routing domains.IS-IS and OSPF both implement hierarchy but use different techniques.Hierarchy results in suboptimal routing.Hierarchy is less common than in the past due to the increased capacity of routers.

Scalability issues exist for link-state networks:

The size of the link-state database increases exponentially with the size of the network. Every router must add and keep track of any new destination reachable in the network. A large database increases the consumption of router resources.

The complexity of the SPF calculation also increases exponentially.

A topology change requires complete recalculation of the forwarding table on every router. The increased overhead in calculating new routing information can overwhelm a router if it has insufficient resources.

Hierarchy allows a large routing domain to be split into several smaller routing domains. Routing happens within the smaller routing domains and between the domains, simplifying the SPF calculation.

IS-IS and OSPF both implement hierarchy but use different techniques. They both define areas and route within and between areas.

Hierarchy results in suboptimal routing. The best path to leave the area may not be the best route to the final destination.

Hierarchy is less common than in the past due to the increased capacity of routers. Many large networks are now configured as a single area, which simplifies configuration and optimizes routing. Modern routers have the ability to handle hundreds of nodes.

Alcatel-Lucent C


ot Distribute



IS-IS – Hierarchical View

Backbone (Level 2) linksLevel 1 links

L1 Level 1L2 Level 2L1/L2 Level 1/Level 2

Area 1

Area 2

Area 3

L1 L2

L1/L2

L1/L2

Integrated IS-IS Network

L1

L1/L2 L1

The IS-IS hierarchy is organized as follows:

ISO standard 10589, subsequently RFC 1142

Link-state

Highly scalable (1000 routers per area)

Areas are connected by level 2 routers in a mesh.

The network between level 2 routers must be highly available.

Alcatel-Lucent C


ot Distribute



OSPF – Hierarchical View (continued)

OSPF Hierarchical Routing

Area 0.0.0.0

Area 0.0.0.1 Area 0.0.0.2

The OSPF environment is organized using two primary elements:

Area – An area is a grouping of OSPF routers. OSPF areas are logical subdivisions of the OSPF autonomous systems. The topology of each area is invisible to entities in other areas, and each area maintains its own topological database.

Autonomous System – A group of networks and network equipment under common administration

For each autonomous system, the central area is defined as area 0 and is called the backbone area. All other areas must connect to area 0.

The backbone area distributes routing information between areas.

All other areas communicate through the backbone area.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Describe the main differences between distance vector and link-state protocols.

2. What are the three databases maintained by a link-state protocol?

3. All routers in a routing domain will have identical LSDBs. True or false?

4. What is the purpose of the sequence number in a link-state update?

5. What is the main advantage and the main disadvantage of the approach to hierarchy in link-state protocols?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Describe the main differences between distance vector and link-state protocols.

In a distance vector protocol, a routers view of the network topology is based on updates received from its neighbors, while link-state protocols have a view of the entire topology of the network. Distance vector protocols use hop count as a metric, while link-state protocols use link cost to find the shortest path to a destination. Convergence in a link-state network is faster than for a distance vector protocol. Link-state protocols send updates less frequently, generally when triggered by a topology change. Distance vector protocols periodically send a copy of their route table to their neighbors.

2. What are the three databases maintained by a link-state protocol?

Adjacency, topology and forwarding databases.

3. All routers in a routing domain will have identical LSDBs. True or false?

True.

4. What is the purpose of the sequence number in a link-state update?

The sequence number is used to determine the relative age of an update. When a router receives an update with a higher sequence number, it knows that it contains newer information than that in its database.

5. What is the main advantage and the main disadvantage of the approach to hierarchy in link-state protocols?

The main advantage of hierarchy is to increase the scalability of a link-state routing protocol by reducing the size of the topological database and the effects of topology changes in the network. The main disadvantage is that sub-optimal routing paths may occur in the network between areas.

Alcatel-Lucent C


ot Distribute



Module Summary

This module covered the following topics:Basic link-state functionalityComparison between link state and distance vectorTypes of link-state databasesCharacteristics of link-state protocols

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute



Module 5 — Open Shortest Path First

Alcatel-Lucent C


ot Distribute



Module Objectives

This module will discuss the basic concepts that OSPF uses for communication, operation, and routing:

Explain the benefits of OSPFDescribe the types of networks that OSPF usesDefine the 5 types of packets used by OSPFIdentify OSPF areas and how they interoperateTypes of databases used by OSPFExplain the different types of LSAs for OSPFDescribe the OSPF high-availability features on the Alcatel-Lucent 7750 SRExplain the parameters used to configure OSPF on the Alcatel-Lucent 7750 SR







Alcatel-Lucent C


ot Distribute


Open Shortest Path First (OSPF)

Section 1 — OSPF Overview

Alcatel-Lucent C


ot Distribute



Section Objectives

This section introduces the basic characteristics of OSPF:Pertinent RFCsComparison with other routing protocolsUnique featuresPath Selection

Alcatel-Lucent C


ot Distribute



OSPF v1RFC 1131defined


OSPF v2Updated

RFC 1583

OSPF v2Updated

RFC 1583

OSPF v2Updated

RFC 2328

OSPF v2Updated

RFC 2328

OSPF for IPv6

RFC 2740

OSPF for IPv6

RFC 2740

OSPF — RFC History

OSPFworkgroup

formed

OSPFworkgroup

formed



OSPFwork in progress

OSPFwork in progress

OSPF v2Updated

RFC 2178

OSPF v2Updated

RFC 2178

1987

1998

1997

1994

1991

1989

Present

1999

Over the course of OSPF’s existence, multiple RFCs have been created and commonly accepted. The slide above lists the RFCs that explicitly define the characteristics of basic OSPF.

1. In 1987, a work group headed by John Moy started outlining and creating the first RFC for OSPF.

2. RFC 1131 is the first RFC for OSPF. It defined the basic operation and common characteristics of OSPF. This was the OSPFv1 specification that was first released for public use.

3. In 1991, RFC 1247 was released. This RFC incorporated additional features and modifications to the original RFC.

4. During the next seven years, OSPF was updated to support a variety of features that the industry wanted. This included multicast OSPF, support for CIDR, packet authentication for updates, and point-to-multipoint network support. The currently accepted RFC is 2328, and it supersedes all other RFCs mentioned on this page.

5. In December 1999, RFC 2740 was released. This was an update to the OSPF standard to support IPv6.

6. Some of the other RFCs related to OSPF are listed below:

• RFC 1131: Original version 1 spec, Oct. 1989

• RFC 1247: Original version 2 spec, July 1991

• RFC 1584: Multicast extensions, March 1994

• RFC 1586: OSPF over frame relay, March 1994

• RFC 1587: NSSA extension, March 1994

• RFC 1745: OSPF/BGP interaction, Dec. 1994

• RFC 1793: Demand circuits, April 1995

• RFC 1850: OSPF MIB definition, Nov. 1995

• RFC 2328: Latest version 2 update, April 1998

Alcatel-Lucent C


ot Distribute



OSPF — Protocol Overview


Subnet mask sent in update

Support for VLSM, CIDR, and manual route summarization

Support for authentication

Maintenance of multiple databases

Multicast addressing – 224.0.0.5 and 224.0.0.6

Link state-driven updates, periodic hellos

Link-state protocols have the following common attributes:

Link-state protocols trigger an update when a link (interface) changes state. The router connected to the link initiates a triggered update to its neighbors, notifying them of the change in the topology. If the network is stable and no changes in links are detected, the routers send periodic hello messages to maintain connectivity without consuming excessive bandwidth.

A common attribute shared by link-state protocols is that they are classless and support all the common attributes of a classless routing protocol.

Because link-state protocols are classless, updates contain the subnet mask of each network being advertised. This allows for more optimal network design and accurate path selection.

VLSM and CIDR are supported in all link-state protocols.

Due to the classless aspects of link-state protocols, manual summarization is actively supported. This allows network administrators to have much more control of where and how the summarization takes place.

All modern link-state protocols support authentication of the updates that are sent between routers. This ensures that accurate network topologies are created without false information or errors and protects the network against DoS attacks.



Alcatel-Lucent C


ot Distribute



OSPF — Key Features

Key OSPF features are:Backbone areasStub areasNSSAsVirtual linksAuthenticationSupport for VLSM and CIDRRoute redistributionRouting interface parametersOSPF-TE extensions

OSPF is a hierarchical link-state protocol. OSPF is an IGP used in large autonomous systems (ASs). OSPF routers exchange state, cost, and other relevant interface information with neighbors. The information exchange enables all participating routers to establish a network topology map. Each router applies the Dijkstra (SPF) algorithm to calculate the shortest path to each destination in the network. The resulting OSPF forwarding table is submitted to the RTM to calculate the routing table.

When a router is started with OSPF configured, OSPF, along with the routing-protocol data structures, is initialized and waits for indications from lower-layer protocols that its interfaces are functional.

Alcatel-Lucent’s implementation of OSPF conforms to the OSPFv2 specifications presented in RFC 2328, OSPF Version 2. Routers that run OSPF can be enabled with minimal configuration. All default and command parameters can be modified.

Alcatel-Lucent C


ot Distribute



OSPF — Protocol Comparison

Feature

Updates

Update type

Transport

Authentication

Metric

Metric type

VLSM / CIDR support

Topology size

Convergence

RIPv2

Periodic, full

Broadcast/Multicast

UDP

Simple and MD5

Hop count

Distance vector

Yes

Small/Medium

Slow

OSPFTriggered, incrementalL3 Multicast

IP

Simple and MD5

Link cost

Link-state

Yes

Large

Fast

The table above shows the differences and similarities of RIPv2, OSPF, and IS-IS. All three protocols are supported on the Alcatel-Lucent 7750 SR. RIPv1 is not listed as it is not the default implementation of RIP when configured on the Alcatel-Lucent 7750 SR.

OSPF and IS-IS are very similar in ability and operation. The major difference is in how they are configured and optimized. Both support the IP protocol; however, OSPF was designed around IP and IS-IS was adapted to support IP. OSPF updates are encapsulated in an IP header. IS-IS does not use IP to exchange its updates, it uses the data-link layer directly. OSPF does not use an upper-layer protocol, such as TCP or UDP. Instead, OSPF has a reserved IP-header protocol number 89 that identifies the received traffic as destined for the OSPF process in the router. This is unlike RIP, which uses UDP and port 520.

Alcatel-Lucent C


ot Distribute



OSPF — Path Determination

OSPF uses SPF for path determination.SPF uses cost values to determine the best path to a destination.

RTR-A

RTR-C

RTR-B

Cost 0 Cost 10

Cost 125 Cost 125

Cost 125

RTR-A10.0.0.0 – Cost 260 via RTR C

*10.0.0.0 – Cost 135 via RTR B

* = Best path

10.0.0.0

Metrics

In OSPF, all interfaces have a cost value or routing metric used in the OSPF link-state calculation. A metric value is configured based on bandwidth to compare different paths through an AS. OSPF uses cost values to determine the best path to a particular destination: the lower the cost value, the more likely the interface will be used to forward data traffic.

To calculate the cost of a link a reference bandwidth is set. The reference bandwidth is referenced in kilobits per second and provides a reference for the default costing of interfaces based on their underlying link speed.

The default interface cost is calculated as follows:

The default reference-bandwidth is 100 000 000 kb/s or 100 Gb/s, so the default auto-cost metrics for various link speeds are as as follows:

10-Mb/s link default cost of 10 000

100-Mb/s link default cost of 1000

1-Gb/s link default cost of 100


The reference-bandwidth command assigns a default cost to the interface based on the interface speed. To override this default cost on a particular interface, use the metric metric command in the config>router>ospf>area>interface ip-int-name context.

Alcatel-Lucent C


ot Distribute



Calculating Link Cost

Cost = reference-bandwidth ÷ bandwidthThe default reference-bandwidth is 100 000 000 kb/s or 100 Gb/s.The default auto-cost metrics for various link speeds are as follows:

— 10-Mb/s link default cost of 10 000— 100-Mb/s link default cost of 1000— 1-Gb/s link default cost of 100— 10-Gb/s link default cost of 10

The cost is configurable.

Alcatel-Lucent C


ot Distribute



Configuration Basics

All OSPF routers must have unique router IDBy default, system interface is used on the 7750

Interfaces must be configured in an OSPF area.By default, interfaces in an area are advertised by OSPF.Routes received through OSPF are advertised by OSPF.No other routes are advertised by default.

Verify that adjacencies are formed with neighbors.Verify that routes are in the routing table.

Alcatel-Lucent C


ot Distribute



OSPF — Configuration and Implementation

Start

Define interfaces

Define one or moreAreas

Configure the router ID*

Turn up

Configure virtual links*

Define NSSAs*

Define stub areas*

* Denotes optional configuration attribute

Before OSPF can be configured, the router ID must be configured.

The basic OSPF configuration includes at least one area and an associated interface.

All default and command parameters can be modified.

OSPF defaults

By default, a router has no configured areas.

An OSPF instance is created in the administratively enabled state.

Alcatel-Lucent C


ot Distribute



Lab 4.1 — Configuring OSPF in a Single Area

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

OSPF

Alcatel-Lucent C


ot Distribute



Section Summary

This section defined the basic characteristics of OSPF:Pertinent RFCsProtocol comparisonUnique featuresPath selection

Alcatel-Lucent C


ot Distribute



Section 2 — OSPF Packet Types

Alcatel-Lucent C


ot Distribute



Section Objectives

This section describes the operation of OSPF:OSPF packet typesCommunication with other routersForming adjacenciesElection and purpose of the designated routerTopology changes

Alcatel-Lucent C


ot Distribute



OSPF — Multicast Addressing

OSPF uses class D multicast addresses in the range 224.0.0.0 to 239.255.255.255.Specially reserved addresses for OSPF:

224.0.0.5: All routers that speak OSPF on the segment224.0.0.6: All DR/BDRs on the segment

IP multicast addresses use the lower 23 bits of the IP address as the low-order bits of the MAC multicast address 01-005E-XX-XX-XX.

224.0.0.5 = MAC 01-00-5E-00-00-05224.0.0.6 = MAC 01-00-5E-00-00-06

OSPF uses IP multicast addressing to communicate with routing peers. This reduces the overhead of other devices on the same segment that are not running OSPF.

OSPF has two reserved multicast IP addresses. The first is 224.0.0.5 and is used to communicate with all OSPF speakers. The second is 224.0.0.6 and is used in multi-access broadcast topologies in which a DR/BDR is required for proper OSPF operations.

When an OSPF update is sent on an Ethernet topology, the destination MAC address is modified to use the reserved multicast range. The range has the first 24 bits of the MAC address, normally reserved for the manufacturer code, set to 01-00-5E. In the remaining 24 bits of the MAC address, the first bit is set to 0 (to indicate a multicast address) and the remaining 23 bits are the lower 23 bits of the IP multicast address.

With OSPF, the relationship between the IP multicast address and the MAC address is as follows:

224.0.0.5 and 01-00-5E-00-00-05: Any OSPF speaker

224.0.0.6 and 01-00-5E-00-00-06: Any DR/BDR

Alcatel-Lucent C


ot Distribute



OSPF — Generic Packet

OSPF packets use protocol number 89 in the IP header.OSPF is its own transport layer.

Link header IP header OSPF packet types Link trailer

IP header protocolID 89 = OSPF

OSPF updates are sent using the IP header at the network layer. However, unlike RIP, OSPF does not use a transport-layer protocol. Instead, all OSPF updates are sent directly from the IP layer to the OSPF process. To accomplish this, reserved protocol number 89 in the IP header is allocated to identify OSPF traffic.

Alcatel-Lucent C


ot Distribute



OSPF — Packet Header

The OSPF packet is divided into the following fields.Each field is always present in any OSPF packet sent.

Version number Type Packet

length Router ID

Area ID Check-sum

Authen-tication

typeAuthen-tication Data

The OSPF header breaks down into the following fields:

1. Version number — Identifies the version of OSPF that this packet pertains to. Alcatel-Lucent only supports OSPFv2.

2. Type — The type of packet that is being received. There are five different types of packet, described on the next page.

3. Packet length — The overall size of the packet. This does not include the IP header but does include all bytes in the OSPF update.

4. Router ID — The Router ID of the sending router.

5. Area ID — The area the router is sending the packet. All routers connected to a network must agree on which area the network resides in.

6. Checksum — The CRC (similar to FCS) for the OSPF header.

7. Authentication type — All OSPF protocol exchanges can be authenticated. This means that only trusted routers can participate in autonomous system routing. Alcatel-Lucent’s implementation of OSPF supports simple password (plain-text) and MD5 authentication).

8. Authentication — When packets are sent with authentication invoked, this field is used to convey the authentication information. MD5 allows one authentication key to be configured per network. Routers in the same routing domain must be configured with the same key. When the MD5 hashing algorithm is used for authentication, MD5 is used to verify data integrity by creating a 128-bit message digest from the data input. The message digest is unique to that data. Alcatel-Lucent’s implementation of MD5 allows the migration of an MD5 key by using a key ID for each unique key.

9. Data — This field varies depending on the type of OSPF packet being sent.

Alcatel-Lucent C


ot Distribute



OPSF — Packet Types

OSPF hello OSPF database description OSPF link-state request OSPF link-state update OSPF link-state ACK

OSPF uses 5 different types of packets to establish and maintain router connectivity and network convergence.

1. Hello packet — This packet is used to establish adjacencies with other routers that speak OSPF. It is also used to maintain neighbor connectivity by being propagated periodically, typically every 10 seconds. However, this value can be modified from 0 to 65 535 seconds.

2. Database description — This packet conveys a summary of all networks in the router’s database. Typically this is the classless network, the router’s cost to access, and the sequence number associated with the network entry.

3. Link-state request — When a neighbor router receives a database description packet, it compares the entry in its current link-state database with the information received. If a received network is not in the database or if the sequence number for a network is higher, the router generates a link-state request for more information about the network.

4. Link-state update — When it receives a link-state request, the router responds with the complete link-state database entry. To accomplish this, the router generates a type 4 (link-state update) packet and forwards it back to the requesting router.

5. Link-state ACK — Each newly received LSA must be acknowledged. This is usually done by sending link-state ACK packets. Many ACKs may be grouped together in a single link-state ACK packet.

Alcatel-Lucent C


ot Distribute



OSPF — Link Topology Types

Multi-accessMulti-access

Point-to-pointPoint-to-point

OSPF supports several types of network topology:

Multi-access (broadcast) — This topology is commonly an Ethernet segment in which multiple routers are connected and are actively exchanging OSPF updates. A multi-access network, a DR and BDR must be elected. This type of network will be described in upcoming sections.

Point-to-point — RFC 2328 defines a point-to-point connection as a connection in which the neighbor router isfully adjacent. This typically means that there are only two devices on the link.

Point-to-multipoint — Also defined in RFC 2328, this configuration is typically used in an NBMA environment such as frame-relay or ATM, in which a full mesh is not physically configured.

Non-broadcast multi-access — A typical implementation is in an NBMA environment that has full-mesh connectivity at the physical layer.

Alcatel-Lucent C


ot Distribute



OSPF — Router ID

Each router must have a router ID, the ID by which the router is known to OSPF.

The default RID is the last 32 bits of the chassis MAC address.Configuring a system interface overrides the default.

— Using a system interface is easier to document.

The RID uniquely identifies the router in the routing domain. Unless defined otherwise, it is set to the system-interface address. A RID can be derived by:

Defining the value in the config>router router-id context

Defining the system interface in the config>router>interface ip-int-name context (used if the router ID is not specified in the config>router router-id context)

Inheriting the last four bytes of the MAC address

When a new RID is configured, protocols are not automatically restarted with the new RID. The next time a protocol is initialized or reinitialized, the new RID is used. A delay can occur when different protocols use different RIDs. To force the new RID, issue the shutdown and no shutdown commands for each protocol that uses the RID, or restart the entire router.

By default, the system uses the system-interface address, which is also the loopback address. If a system-interface address is not configured, the last 32 bits of the chassis MAC address are used.

Alcatel-Lucent C


ot Distribute



OSPF — Authentication

OSPF supports three types of authentication:No authentication (default)Simple authenticationMD5 authentication

There are three types of authentication supported by OSPF. They are:

No authentication — The default and least secure

Simple authentication — The first level of secure communications between OSPF speakers, yet not very secure

MD5 authentication — The most secure communications between OSPF speakers and highly recommended

Information about how to configure security is provided in the OSPF configuration section.

Alcatel-Lucent C


ot Distribute



OSPF — Hello Packet Overview

Hello

Hello packet informationRouter ID Area ID*

Authentication and password*Network mask*

Hello and dead intervals *Stub area flag*Priority value

DR IP addressBDR IP address

Neighbors

Hello packet informationRouter ID Area ID*

Authentication and password*Network mask*

Hello and dead intervals *Stub area flag*Priority value

DR IP addressBDR IP address

Neighbors

* These aspects of the hello packet must match for all neighbor routers on the segment.

The hello packet aids in establishing adjacencies.

A router uses the OSPF hello protocol to discover neighbors. A neighbor is a router that is configured with an interface to a common network. The router sends hello packets to a multicast address and receives hello packets in return.

In broadcast networks, a DR and a BDR are elected. The DR is responsible for sending LSAs that describe the network, which reduces the amount of network traffic.

The routers attempt to form adjacencies. An adjacency is a relationship formed between a router and the DR or BDR. For point-to-point networks, no DR or BDR is elected. An adjacency must be formed with the neighbor.

To significantly improve adjacency formation and network convergence, a network should be configured as point-to-point if only two routers are connected, even if the network is a broadcast media such as Ethernet.

When the link-state databases of two neighbors are synchronized, the routers are considered to be fully adjacent. When adjacencies are established, pairs of adjacent routers synchronize their topological databases. Not every neighboring router forms an adjacency. Routing-protocol updates are only sent to and received from adjacencies. Routers that do not become fully adjacent remain in the 2-way neighbor state.

Alcatel-Lucent C


ot Distribute



OSPF — Hello Packet Format

Checksum

Router ID

Area ID

AuType

Version# 1 Packet length

Authentication

Authentication

Network mask

Hello interval Options Rtr Pri

Router dead interval

Designated router

Backup designated router

Neighbor

0 31

The hello packet consists of the following fields:

1. Header — The standard OSPF header is identical for all five types of packets. The only modification is that the type field has the value of “1” to signify that this is a hello packet.

2. Network mask — The network mask field contains the network mask for the interface that the packet is being sent on.

3. Hello interval — The hello interval must match for all neighbors on the segment. By default, Alcatel-Lucent uses a 10-second hello interval. This can be modified to a value between 0 and 65 535.

4. Options — The options field contains a number of flags, including the E bit. The E bit is set to indicate the router interface is not in a stub area. It is 0 (cleared) if the interface is in a stub area.

5. RTR Pri — The router priority field denotes the priority value seeded on the router for use in electing a DR and BDR. The default for Alcatel-Lucent routers is a priority of 1. A priority of 0 means that the router can never be a DR or BDR in the network connected to this interface.

6. Router dead interval — The default value is 40 seconds, or four times the update interval. If a neighbor does not send a hello packet within this interval, the router assumes that the neighbor is not active and purges all information that the neighbor has conveyed.

7. Designated router — This field denotes the elected DR.

8. Backup designated router — This field denotes the elected BDR.

9. Neighbor — This field varies depending on the number of neighbors the router has learned of on the interface. The neighbor’s RID is conveyed in this field. Routers on this interface look for their RID, to ensure that the router that is sending the hello sees them.

Note: In the diagram above, the white fields are common to all OSPF packets. The shaded fields are specific to the OSPF Hello packet

Alcatel-Lucent C


ot Distribute



OSPF — Adjacencies

Establishing an adjacency:

1.1.1.1 1.1.1.2

(1)

(2)

(3)

(1) Hello, RID=1.1.1.1No neighbors known

(2) Hello, RID= 1.1.1.2I see neighbor 1.1.1.1

2-Way

Hello

(4) Hello, RID=1.1.1.1I see neighbor 1.1.1.2

In the figure above, the two routers have not formed an adjacency. The following steps describe how the adjacency is created and the actions that are required.

1. Both routers are in a down state: neither router has sent any OSPF-related packets.

2. The router on the left sends a hello packet with the standard header. In the hello information, the router inserts its RID and leaves the neighbor field blank because it does not know of any other router on the Ethernet segment.

3. The right-side router responds with its own hello. However, this router’s hello contains not only its RID, but also the RID of the left router. When each router sees that the other router acknowledges its existence, the state changes from down to 2-way.

Alcatel-Lucent C


ot Distribute



Checksum

Router ID

Area ID

AuType


Authentication

Authentication

Interface MTU Options

DD sequence number

LSA header

00 00 0 M MS

OSPF — Database Description Packet Format

0 31

The DBD packet advertises a summary of all networks that the advertising router knows about. Along with the networks, the router advertises the associated subnet mask and sequence number.

The receiving router compares the network, subnet mask, and sequence number with its existing topology database entries.

If the advertised network is unknown or if the network is known but the advertised sequence is higher, the receiving router requests more information about the network so that it can add the network to its database.

If the network is already known and the sequence number is lower, the receiving router sends back an LSU with more up-to-date information.

If the network is already in the database and the sequence numbers are identical, then the receiving router discards the information.

Note: In the diagram above, the white fields are common to all OSPF packets. The shaded fields are specific to the OSPF Database Description packet

Alcatel-Lucent C


ot Distribute



OSPF — Adjacencies (continued)


1.1.1.1 1.1.1.21/1/1 1/1/1

(1)

(2)

(3)

(4)

(1) DBD: RID = 1.1.1.1

(2) DBD: RID = 1.1.1.2

Exchange

Exstart

(4) DBD: Summary of all networks known

(3) DBD: Summary of all networks known

(Lower RID begins)

In the figure above, the two routers have not formed an adjacency. The following steps describe how the adjacency is created and the actions that are required.

1. The neighboring routers establish a master/slave relationship. During this step, the initial DBD sequence number is determined for the exchange state. The router with the highest RID becomes the master, and its initial sequence number is used.

2. This is part of step 1.

3. The slave (left-side) router sends its DBD packet, describing its link-state database. The sequence number negotiated in step 1 is used.

4. The master (right-side) router increments the sequence number and sends the DBD packet, describing its link-state database.

Alcatel-Lucent C


ot Distribute



OSPF — Link-State Request Packet Format

Checksum

Router ID

Area ID

AuType


Authentication

Authentication

LS type

Advertising router

Link-state ID

0 31

When it receives a DBD (type 2) packet, the router determines which networks it needs to add to its database. The receiving router then generates an LSR for these networks. The LSR identifies the networks for which the router wants full information.

Note: In the diagram above, the white fields are common to all OSPF packets. The shaded fields are specific to the OSPF Link-State Request packet

Alcatel-Lucent C


ot Distribute



OSPF — Link-State Update Packet Format

Checksum

Router ID

Area ID

AuType


Authentication

Authentication

No. of Advertisements

List of LSAs

0 31

When it receives an LSR (type 3) packet, the receiving router sends back the full topology database entry for the requested networks. The size of this packet varies depending on the interface MTU and administrator settings. By default, the Alcatel-Lucent 7750 SR sends as much information as the network link can support. The size of the packet is limited by the interface MTU.

Note: In the diagram above, the white fields are common to all OSPF packets. The shaded fields are specific to the OSPF Link-State Update packet

Alcatel-Lucent C


ot Distribute



OSPF — LSR and LSU Exchange


1.1.1.1 1.1.1.2E0 E0

(1)

(2)

(3)

(4)

(1) LSR: Send information for theFollowing networks…

(2) LSR: Send information for the following networks…

(3) LSU: Here is what you requested

(4) LSU: Here is what you requested

Loading

The adjacency continues to be created with the following steps:

1. Each router is responsible for maintaining a bit of reliability. Each responds to the DBD with an ACK packet. This ensures that each knows the other has received the information without error.

2. In the example, the right side router asks for explicit information with the use of an LSR. Both routers would actually be sending LSRs. When the LSR is sent, the exchange state changes to the loading state.

3. Each router responds to the LSR with one or more LSU packets. These packets contain explicit details about the requested networks.

Alcatel-Lucent C


ot Distribute



OSPF — Completing the Exchange of Information


1.1.1.1 1.1.1.2E0 E0

(1)

(2)

(3)

(4)

(1) ACK: Thanks for the information

(2) ACK: Thanks for the information

(3) Hello

(4) Hello

Full adjacency

PeriodicHellos

The final steps for creating the adjacency are described below:

1. The LSUs are sent and acknowledged by each router.

2. After all LSUs have been received and ACKs sent, each router now has an identical link-state database. The state changes from loading to full. This means that each router is fully converged with the other’s database.

3. To maintain the adjacency, the routers send periodic hellos to each other. The default interval is 10 seconds. If something changes, then only that change in the database is sent to the neighbor.

Alcatel-Lucent C


ot Distribute



Lab 4.2 — Broadcast and Point-to-Point Links

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

OSPF

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the default cost assigned by OSPF to a 100Mbps link?

2. What transport protocol is used by OSPF?3. What is the purpose of the OSPF hello packet?4. What is the purpose of the DBD packet?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the default cost assigned by OSPF to a 100Mbps link?

The default cost is 100,000,000,000 / 100,000,000 = 1000

2. What transport protocol is used by OSPF?

OSPF does not use a transport protocol. Instead, OSPF packets are encapsulated in raw IP packets.

3. What is the purpose of the OSPF Hello packet?

The Hello packet is used to discover OSPF neighbors and initiate the exchange of packets to establish a full adjacency. The Hello packet is also used as a keepalive between neighbors after the adjacency is established.

4. What is the purpose of the DBD packet?

The DBD packet is used between neighbors to inform each other of the LSAs contained in their database along with their sequence numbers. The router can then request an update for any missing or out of date LSA from its neighbor.

Alcatel-Lucent C


ot Distribute



On point-to-point links, there is no need for a DR or BDR.All packets are sent via IP multicast address 224.0.0.5.Usually a leased-line (i.e., HDLC, PPP) segmentCan be configured on point-to-point Ethernets

RTR - A

RTR - C

RTR - B

Network2.2.2.0/24

OSPF — Point-to-Point Segments

When the connection between two OSPF routers is a point-to-point link, there is no need for a DR or BDR. All packets are sent using the 224.0.0.5 IP multicast address. This implementation is typically used on serial interfaces; however, it can also be configured on point-to-point Ethernet segments, in which only two routers are connected.

Alcatel-Lucent C


ot Distribute



OSPF — LAN Communication

Election of the DR and BDR in multi-access networks:

C1.1.1.1

D1.1.1.2

E1.1.1.3

A1.1.1.5

B1.1.1.4

Each router sends hellos.The router with the highest priority is the DR.If all priorities are the same, the DR is the router with the highest RID.DR is non-preemptive (DR does not change once decided)

RTR-AHas the highestRID, so it will bethe DR

RTR-BHas the second highestRID, so it will be the BDR

A router uses the OSPF hello protocol to discover neighbors. A neighbor is a router that is configured with an interface to a common network. The router sends hello packets to a multicast address and receives hello packets in return.

In broadcast networks, a DR and a BDR are elected. The DR is responsible for sending LSAs that describe the network, which reduces the amount of network traffic.

The routers attempt to form adjacencies. An adjacency is a relationship that is formed between a router and the DR or BDR. For point-to-point networks, no DR or BDR is elected. An adjacency must be formed with the neighbor.

To significantly improve adjacency formation and network convergence, a network should be configured as point-to-point if only two routers are connected, even if the network is a broadcast media such as Ethernet.

In the example above, RTR-A is the DR and RTR-B is the BDR. Routers C, D, and E will only form adjacencies with RTR-A and RTR-B, not with each other. Not every neighboring router forms an adjacency.

Routing protocol updates are only sent to and received from adjacencies. Routers that do not become fully adjacent remain in the 2-way neighbor state.

Alcatel-Lucent C


ot Distribute



OSPF — Exchanging Updates in a LAN

Election of the DR and BDR in multi-access networks:

RTR-C1.1.1.1

D1.1.1.2

E1.1.1.3

RTR-A (DR)1.1.1.5

RTR-B (BDR)1.1.1.4

Routers use the 224.0.0.6 IP address to send updates to the DRs.The BDR monitors the DR to ensure that it sends updates.The DR uses 224.0.0.5 to send updates to all OSPF routers.

RTR-C sends update toAll DRs using IP address224.0.0.6

RTR-A sends update toAll OSPF routers using IP address 224.0.0.5

In the example above, RTR-C has a topology change that needs to be conveyed. The following steps occur:

1. RTR-C sends its update to the DRs using IP multicast address 224.0.0.6.

2. Both DRs receive the update. The BDR monitors to see if the DR sends out updates to all other routers, including the BDR.

3. The DR takes the update from RTR-C and floods the change to all other routers on the segment, using IP multicast address 224.0.0.5.

Note: DR and BDR election is not required in point-to-point networks.

Alcatel-Lucent C


ot Distribute



DR BDR

New router

* The new router uses IP address 224.0.0.5 to send a hello. All routers will see the hello.

OSPF — Adding a Router to a LAN

Hello, RID = 1.1.1.3I see no others

RID – 1.1.1.3

RID – 1.1.1.1RID – 1.1.1.2

When a new router becomes active in a multi-access broadcast topology, it generates a hello (type 1) packet. The multicast address used is 224.0.0.5, which is the “all OSPF devices” address.

The new router’s hello does not contain any neighbor RIDs because it has not yet seen any neighbors on the link.

Alcatel-Lucent C


ot Distribute



OSPF – Learning Which Is the DR/BDR in a LAN

DR BDR

New router

* The new router waits to see if any other router speaks OSPF. If so, it checks to see if a DR and BDR are present.

Hello, RID = 1.1.1.2I see 1.1.1.1 and 1.1.1.3

RID – 1.1.1.3

RID – 1.1.1.1RID – 1.1.1.2

One of the already active routers generates a periodic hello. This hello also uses the IP multicast address 224.0.0.5. The new router not only sees its RID in the hello, but it also learns of the other devices on the segment based on their RIDs. In addition, the hello packet identifies the active DR and BDR for the link.

Alcatel-Lucent C


ot Distribute



OSPF — Advertising a New Network

DR BDR

New router

* The new router sends LSAs about networks to the DR and BDR via the 224.0.0.6 (all DRs) multicast address.

LSA224.0.0.6LSA

224.0.0.6

RID – 1.1.1.3

RID – 1.1.1.1RID – 1.1.1.2

Because a DR and BDR already exist, the new router now advertises its networks to the DRs by using the IP multicast address 224.0.0.6 (all DRs). The routers, that are not DRs, ignore this update because they are only listening for the 224.0.0.5 IP multicast address.

Alcatel-Lucent C


ot Distribute



OSPF — Updating Peers about a Network Change

DR BDR

LSA224.0.0.5LSA

224.0.0.5

* The DR sends an update to all routers about the new network learned. It waits for an ACK from all routers.

RID – 1.1.1.3

RID – 1.1.1.1RID – 1.1.1.2

New router

When the DR receives the update and determines that the advertised network is a new entry in its topological database, it generates a message about the change to all devices on the segment. To send this update, the DR uses the IP multicast address 224.0.0.5 (all OSPF devices). The BDR does not send an update because the DR has performed its job by sending the update already. All routers, except the DR, send a type 5 (ACK) packet back to the DR to acknowledge receipt of the topology change; this includes the BDR and the new router that generated the update to start with.

Alcatel-Lucent C


ot Distribute



DR BDR

* The DR sends an update to all routers about the network change. It waits for an ACK from all routers.

OSPF — Network Change Flow

LSALSA

11

2233

LSA224.0.0.6LSA

224.0.0.6

LSA224.0.0.5LSA

224.0.0.5

A step-by-step example of a failing network is shown above.

1. As soon as the router detects the failure of a link (a link-state change), it immediately sends an update to the DRs using the IP multicast address of 224.0.0.6.

2. The DR compares the update received with its topology database and sees that there is a change. It generates an LSU and sends it to all OSPF speakers on the segment, using the IP multicast address of 224.0.0.5.

3. All devices, including the BDR and the originating router, acknowledge the LSU.

4. Any router that is connected to other networks forward the LSU packet to its downstream neighbors on those networks.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What function does the DR perform in an OSPF network?2. What happens when a new router joins the network with a

higher priority than the existing DR?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What function does the DR perform in an OSPF network?

The DR transmits a Type 2 (Network) LSA on behalf of all the routers attached to a broadcast network.

2. What happens when a new router joins the network with a higher priority than the existing DR?

On an OSPF network, there is no effect. The existing DR continues to act as the DR.

Alcatel-Lucent C


ot Distribute



Section Summary

OSPF packet typesOSPF communicationsOSPF addressingUse of the DR and BDRProcessing of an update

Alcatel-Lucent C


ot Distribute



Section 3 — Adjacency Case Study

Alcatel-Lucent C


ot Distribute



Section Objectives

This section describes the packets exchanged and the states in the formation of an OSPF adjacency:

Neighbor discovery2-way stateExstartExchangeFull adjacency

Alcatel-Lucent C


ot Distribute



Adjacency between rtr4 and rtr5

rtr5 rtr4

5.5.5.5 4.4.4.410.10.0.0/30.1 .2

10.10.1.0/30.1

2.2.2.2

pt-to-ptbroadcast

Alcatel-Lucent C


ot Distribute



rtr5 Neighbor Discovery

OSPF Version : 2 Router Id : 5.5.5.5 Area Id : 0.0.0.0 Checksum : f198 Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : HELLO Packet Length : 44

Network Mask : 255.255.255.252 Hello Interval : 10 Options : 02 Rtr Priority : 1 Dead Interval : 40 Designated Router : 0.0.0.0 Backup Router : 0.0.0.0 "

rtr5 rtr4

5.5.5.5 4.4.4.410.10.0.0/30.1 .2

10.10.1.0/30.1

1

1

In the example above, rtr5 is reset. When it comes up, it sends an OSPF hello packet. The RID is set to 5.5.5.5. There are no neighbors in this hello packet because it does not yet know of any neighbors on the segment.

Alcatel-Lucent C


ot Distribute



Adjacency — 2-Way State

rtr5 rtr4

5.5.5.5 4.4.4.410.10.0.0/30.1 .2

10.10.1.0/30.1

OSPF Version : 2 Router Id : 5.5.5.5 Area Id : 0.0.0.0 Checksum : e98c Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : HELLO Packet Length : 48

Network Mask : 255.255.255.252 Hello Interval : 10 Options : 02 Rtr Priority : 1 Dead Interval : 40 Designated Router : 0.0.0.0 Backup Router : 0.0.0.0 Neighbor-1 : 4.4.4.4 "

3

OSPF Version : 2 Router Id : 4.4.4.4 Area Id : 0.0.0.0 Checksum : e98c Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : HELLO Packet Length : 48


2

23

The next packet is an OSPF hello packet sent by rtr4. The RID is set to 4.4.4.4, and because rtr4 has seen a hello packet from rtr5, it populates the neighbor with RID 5.5.5.5. rtr5 does the same when it receives the hello from rtr4. When both routers have sent a hello packet with the neighbor address populated, the adjacency state is changed to 2-way.

Alcatel-Lucent C


ot Distribute



DR Election

rtr5

5.5.5.5 4.4.4.410.10.0.0/30.1 .2

10.10.1.0/30.1

12

OSPF Version : 2 Router Id : 5.5.5.5 Area Id : 0.0.0.0 Checksum : d575 Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : HELLO Packet Length : 48


OSPF Version : 2 Router Id : 4.4.4.4 Area Id : 0.0.0.0 Checksum : d576 Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : HELLO Packet Length : 48


1 2

rtr4

Both router priorities are the same. In this case, the router with the highest RID will be the DR. In the example above, rtr4 sends a hello packet with both the DR and BDR set to 10.10.0.1. The hello packet sent from rtr5 has the DR set to 10.10.0.1 and the BDR set to 10.10.0.2.

Alcatel-Lucent C


ot Distribute



Adjacency — Exstart State

rtr5 rtr4

5.5.5.5 4.4.4.410.10.0.0/30.1 .2

10.10.1.0/30.1

1

OSPF Version : 2 Router Id : 5.5.5.5 Area Id : 0.0.0.0 Checksum : 7c0e Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : DB_DESC Packet Length : 32

Interface MTU : 1500 Options : 000042 Flags : 7 Sequence Num : 77793 "

OSPF Version : 2 Router Id : 4.4.4.4 Area Id : 0.0.0.0 Checksum : 865e Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : DB_DESC Packet Length : 32

Interface MTU : 1500 Options : 000042 Flags : 7 Sequence Num : 75667 "

1 2

2

The router with the higher RID becomes the master, and its sequence number (i.e., 77793 in this example) will be used.

Alcatel-Lucent C


ot Distribute



Adjacency — Exchange State

rtr5 rtr4

5.5.5.5 4.4.4.410.10.0.0/30.1 .2

10.10.1.0/30.1

OSPF Version : 2 Router Id : 4.4.4.4 Area Id : 0.0.0.0 Checksum : bfff Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : DB_DESC Packet Length : 192

Interface MTU : 1500 Options : 000042 Flags : 0 Sequence Num : 77793 Link ID : 4.4.4.4 LSA Type : RTR

Area ID : 0.0.0.0 Router ID : 4.4.4.4 Seq. Num : 8000003f Age : 0 Length : 72 Checksum : 4c64 Option Bits Set: E 02

...

rtr4 sends its DBD with the sequence number set by rtr5, including the DB summary.

Alcatel-Lucent C


ot Distribute



Adjacency — Exchange State (continued)

rtr5 rtr4

5.5.5.5 4.4.4.410.10.0.0/30.1 .2

10.10.1.0/30.1

OSPF Version : 2 Router Id : 5.5.5.5 Area Id : 0.0.0.0 Checksum : 93f9 Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : DB_DESC Packet Length : 52

Interface MTU : 1500 Options : 000042 Flags : 1 Sequence Num : 77794

Link ID : 5.5.5.5 LSA Type : RTR Area ID : 0.0.0.0 Router ID : 5.5.5.5 Seq. Num : 80000003 Age : 8 Length : 48 Checksum : 51b5 Option Bits Set: E 02

...

rtr5 sends its DBD; the sequence number is incremented and the DB summary is included.

Alcatel-Lucent C


ot Distribute




OSPF Version : 2 Router Id : 5.5.5.5 Area Id : 0.0.0.0 Checksum : 7af8 Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : LS_REQ Packet Length : 120

LS Type : 1 Link State Id : 4.4.4.4 Advt Router : 4.4.4.4

...

rtr5 rtr4

5.5.5.5 4.4.4.410.10.0.0/30.1 .2

10.10.1.0/30.1

rtr5 sends an LSR to rtr4 for any LSA that it does not have. rtr4 does the same.

Alcatel-Lucent C


ot Distribute




rtr5

5.5.5.5 4.4.4.410.10.0.0/30

.1 .2

10.10.1.0/30

.1

OSPF Version : 2 Router Id : 4.4.4.4 Area Id : 0.0.0.0 Checksum : 1e65 Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : LS_UPD Packet Length : 100

Num of LSAs : 1 Link ID : 4.4.4.4 LSA Type : RTR Area ID : 0.0.0.0 Router ID : 4.4.4.4 Seq. Num : 80000040 Age : 1 Length : 72 Checksum : f99c Option Bits Set: E 02

# Links : 4 Flags: 1 Link Type : P2P Link Nbr Rtr ID : 2.2.2.2

I/F Addr : 10.10.1.1 Metric-0 : 1000 2 Link Type : Stub Net Network : 10.10.1.0

Mask : 255.255.255.252 Metric-0 : 1000 3 Link Type : Stub Net Network : 4.4.4.4

Mask : 255.255.255.255 Metric-0 : 0 4 Link Type : Transit DR IP Addr : 10.10.0.1

I/F Addr : 10.10.0.2 Metric-0 : 1000

2.2.2.2pt-to-ptbroadcast

rtr4 responds with an LSU for the requested LSAs. At the same time, rtr5 responds to rtr4’s request.

Alcatel-Lucent C


ot Distribute



Adjacency — Full Adjacency State

rtr5 rtr4

5.5.5.5 4.4.4.410.10.0.0/30.1 .2

10.10.1.0/30.1

OSPF Version : 2 Router Id : 5.5.5.5 Area Id : 0.0.0.0 Checksum : 678d Authentication : Null Authentication Key: 00 00 00 00 00 00 00 00 Packet Type : LS_ACK Packet Length : 44

Link ID : 4.4.4.4 LSA Type : RTR Area ID : 0.0.0.0 Router ID : 4.4.4.4 Seq. Num : 80000040 Age : 1 Length : 72 Checksum : f99c Option Bits Set: E 02

...

rtr5 responds with an LS ACK. rtr4 acknowledges the LSU received from rtr5. The adjacency state is now full. rtr4 and rtr5 continue to exchange hellos to maintain the adjacency.

Alcatel-Lucent C


ot Distribute



Lab 4.3 — Router Adjacency Study

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

OSPF

Alcatel-Lucent C


ot Distribute



Section Summary

This section described the packets exchanged and the states in the formation of an OSPF adjacency:

Neighbor discovery2-wayExstartExchangeFull adjacency

Alcatel-Lucent C


ot Distribute



Section 4 — OSPF Areas, Networks, and LSAs

Alcatel-Lucent C


ot Distribute



Section Objectives

This section describes OSPF areas and related concepts:Area border routersLink-state advertisementsAutonomous system border routersStub areas and NSSAsStub areas with summaries and no summariesOpaque LSAsVirtual links

Alcatel-Lucent C


ot Distribute



OSPF — Area Overview

Area 0

Area 1 Area 2

Autonomous System

Areas allow for summarizationReduced flooding of topology changes

Hierarchical topology design

RTR-A

RTR-B RTR-C

RTR-D RTR-E

The OSPF environment is organized using two primary elements:

Area — A grouping of contiguous OSPF networks and hosts. OSPF areas are logical subdivisions of OSPF autonomous systems. The topology of each area is invisible to entities in other areas, and each area maintains its own topological database.

Autonomous System — A group of networks and network equipment under a common administration.

Backbone area

The OSPF backbone area, area 0.0.0.0, must be contiguous and all other areas must be connected to it. The backbone distributes routing information among areas. If it is not practical to connect an area to the backbone, the ABRs must be connected via a virtual link.

Stub area

A stub area is a designated area that does not allow external route advertisements. Routers in a stub area do not maintain external routes. A single default route to an ABR replaces all external routes. This OSPF implementation supports the optional summary route (type 3) advertisement suppression from other areas into a stub area. This feature further reduces topological database sizes as well as OSPF protocol traffic, memory usage, and CPU route-calculation time.

NSSA

Another OSPF area type is called an NSSA. NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF areas. External routes learned by OSPF routers in the NSSA are advertised as type 7 LSAs within the NSSA area and are translated by ABRs into type 5 external route advertisements for distribution into other areas of the OSPF domain. An NSSA cannot be designated as the transit area of a virtual link.

Alcatel-Lucent C


ot Distribute



OSPF — Types of Routers

Area 0

Area 1 Area 2

Autonomous System

RTR-A, RTR-B and RTR-C are backbone routersRTR-B and RTR-C are ABRsRTR-D and RTR-E are intra-area routers

RTR-A

RTR-B RTR-C

RTR-D RTR-E

There are several terms used to define the function of the routers in an OSPF topology. The following functions are based on where the router is placed and not on the size or model of the router:

1. Backbone router — A router that has at least one interface in Area 0 (backbone area) Backbone routers may be intra-area routers (only area 0) or ABRs.

2. Area border router — Any router that has interfaces configured to support more than one area. Typically, this is between the backbone area and one more area; however, it is not uncommon that an ABR supports access between the backbone area and several other areas. When this type of configuration exists, care must be taken to ensure that the memory and CPU are not over-taxed.

3. Intra-area router — A router that only communicates with other routers in its area. This can include other intra-area routers or ABRs.

4. Autonomous system boundary router — A router that connects the OSPF routing domain with other network protocols, static routes, or interfaces that are not participating in the OSPF process.

Alcatel-Lucent C


ot Distribute



OSPF — Link-State Advertisement Types

Link-state type

1

2

3

4

5

7

8

9, 10, 11

OSPF function

Router link states

Network link states

Summary link states

ASBR link state

External link advertisement

NSSA external link state

External attributes for BGP

Opaque LSA

LSAs describe the state of a router or network, including router interfaces and adjacency states. Each LSA is flooded throughout an area. The collection of LSAs from all routers and networks form the protocol's topological database.

The distribution of topology database updates takes place along adjacencies. A router sends LSAs when its state changes and according to the configured interval. The packets include information about the router's adjacencies, which allows the routers to construct their topological databases.

When a router discovers a routing table change or detects a change in the network link state, information is advertised to other routers to maintain identical routing tables. Router adjacencies are reflected in the contents of LSAs. The relationship between adjacencies and the link states allows the protocol to detect non-operating routers. LSAs flood the area. The flooding mechanism ensures that all routers in an area have the same topological database. The database consists of the collection of LSAs received from each router that belongs to the area.

OSPF sends LSAs for only the links that have changed and only when a change has taken place. From the topological database, each router constructs a tree of shortest paths, with itself as root. From this tree, OSPF can determine the best route to every destination in the network. The SPF tree is used to construct the routing table.

Alcatel-Lucent C


ot Distribute



OSPF — Type 1 (Router) LSA

Each router in an area generates a router LSA for each area it belongs to.

— — Lists directly attached links— — Advertised with the IP prefix and mask assigned to link

Sourced by the RID of the originating routerFlooded within the area only; does not leave the areaAdvertised by all OSPF routers

Type 1 (router) LSAs are generated by each router, no matter what area they reside in. Type 1 updates are not forwarded between areas by ABRs.

The link-state ID is the advertising router’s RID.

Alcatel-Lucent C


ot Distribute



Type 1 (Router) LSA Format

1Link-state ID

Advertising router LS sequence number

Length# Links

Link ID Link data

metric …

ToS metric Link ID

Link data …

LSA age Option

LS checksum 0 V E B 0

# ToSType

0 ToS

Alcatel-Lucent C


ot Distribute



E Bit and B Bit

The E and B bits are used to indicate whether the router is an ABR or an ASBR.

1Link-state ID


Length# Links

Link ID Link data

metric …

ToS metric Link ID

Link data …

LSA age Option


# ToSType

0 ToS

The B bit is set when the router is attached to two or more areas.

The E bit is set if the router is an ASBR. A router that belongs to a stub area should never set the E bit (stub areas cannot contain ASBRs).

When the appropriate bits are set in router LSAs, paths to these types of routers are saved in the routing table, for later processing of summary LSAs and AS external LSAs.

Alcatel-Lucent C


ot Distribute



V Bit

The V bit is set if the router is an endpoint to a fully adjacent neighbor over a virtual link.

1Link-state ID


Length#Links

Link ID Link Data

metric …

ToS metric Link ID

Link data …

LSA age Option


# ToSType

0 ToS

Note: A virtual link is a special case in OSPF and will be covered later in this module..

Alcatel-Lucent C


ot Distribute



Link ID and Link Type Fields

The router LSA describes the router's working links to the area.Each link is classified according to the type of attached network.

1Link-state ID


Length# Links

Link ID Link data

metric …

ToS metric Link ID

Link data

LSA age Option


# ToSType

0 ToS

Alcatel-Lucent C


ot Distribute



Link ID and Link Type Fields (continued)

Neighbor router ID Virtual link4

IP network number Link to stub network3

Interface address of DRLink to transit network2

Neighbor router ID Point-to-point link1

Link IDDescriptionLink type

Each link is labeled with its link ID. The link ID names the entity that is on the other end of the link.

An OSPF network type can be either a transit network or stub network. Do not confuse a stub network with a stub area.

Transit networks are capable of carrying data traffic that is not locally originated or locally destined.

Stub networks have only one attached router. Traffic in a stub network is either locally originated or locally destined.

Alcatel-Lucent C


ot Distribute



Link Data Field

The link data field contains the IP interface address of the associated router interface or the stub network's IP address mask.

1Link-state ID


Length# Links

Link ID Link Data

metric …

ToS metric Link ID

Link data

LSA age Option


# ToSType

0 ToS

For links to transit networks, numbered point-to-point links, and virtual links, the link data field contains the IP interface address of the associated router interface. For links to stub networks, the field contains the stub network's IP address mask. For unnumbered point-to-point links, the link data field is set to the unnumbered interface's ifIndex value.

Alcatel-Lucent C


ot Distribute



Metric Field

The cost of using this link. This is a configurable value. Stub networks can have a cost of 0. All other networks must have a cost of non-0.

1Link-state ID


Length# Links

Link ID Link data

metric …

ToS metric Link ID

Link data

LSA age Option


# ToSType

0 ToS

Alcatel-Lucent C


ot Distribute



Links to Include in a Router LSA

If a router in area 1 wants to generate a router LSA for area 1:Interfaces that are not in area 1 or that are down are not included.Operational interfaces, including the system and loopback interfaces, are included.

If a router in area 1 wants to generate a router LSA for area 1:

The router examines its interfaces.

If the link does not belong to area 1, the link is not added to the router LSA.

If the link is down, the link is not added to the router LSA.

If the interface is a loopback, a type 3 link (stub network) is added as long as this is not an interface to an unnumbered point-to-point network. The link ID is set to the IP interface address, the link data field is set to the mask /32 (indicating a host route), and the cost is set to 0.

All other link descriptions added to the router LSA depend on the OSPF interface type.

Alcatel-Lucent C


ot Distribute



Describing a Point-to-Point Interface

For point-to-point interfaces, one or more link descriptions are added to the router LSA as follows:

If the neighboring router is fully adjacent, a type 1 link (point-to-point) is added. As long as the state of the interface is point-to-point, a type 3 link (stub network) is added.

If the neighboring router is fully adjacent, a type 1 link (point-to-point) is added. The link ID is set to the RID of the neighboring router. For numbered point-to-point networks, the link data field specifies the IP interface address. For unnumbered point-to-point networks, the link data field specifies the interface's ifIndex value. The cost is set to the output cost of the point-to-point interface.

In addition, as long as the state of the interface is point-to-point, a type 3 link (stub network) is added. There are two forms that the stub link can take:

Assuming that the neighboring router's IP address is known, set the link ID of the type 3 link to the neighbor's IP address, the link data field to the mask /32 (indicating a host route), and the cost to the interface's configured output cost.

If a subnet has been assigned to the point-to- point link, set the link ID of the type 3 link to the subnet's IP address, the link data field to the subnet mask, and the cost to the interface's configured output cost.

Alcatel-Lucent C


ot Distribute



Describing Broadcast and NBMA Interfaces

For operational broadcast interfaces, a single link description is added as follows:

If the state of the interface is waiting, add a type 3 link (stub network). If a DR has been elected, add a single type 2 link (transit network).

If the state of the interface is waiting, add a type 3 link (stub network), with the link ID set to the IP network number of the attached network, the link data field set to the attached network's address mask, and the cost equal to the interface's configured output cost.

If DR has been elected for the attached network:

If the router is fully adjacent to the DR, or if the router itself is the DR and is fully adjacent to at least one other router, add a single type 2 link (transit network), with the link ID set to the IP interface address of the attached network's DR (which may be the router itself), the link data field set to the router's own IP interface address, and the cost equal to the interface's configured output cost.

Otherwise, add a link as if the interface state were waiting (see above).

Alcatel-Lucent C


ot Distribute



Describing Virtual Links

Add a type 4 link (virtual link)

For virtual links, a link description is only added to the router LSA when the virtual neighbor is fully adjacent. In this case, add a type 4 link (virtual link) with the link ID set to the RID of the virtual neighbor, the link data field set to the IP interface address associated with the virtual link, and the cost set to the cost calculated for the virtual link during the routing table calculation.

Alcatel-Lucent C


ot Distribute



OSPF – Type 2 (Network) LSA

One LSA for each broadcast or NBMA network in an areaLists the subnet mask of the link and all attached routers

Advertised by the DRFlooded within the area only; becomes a type 3 LSA on exit

DR

Type 2 (network) LSAs are generated by DRs in multi-access networks, such as Ethernet or NBMA topologies. Type 2 LSAs are not forwarded by ABRs.

The DR for the network originates the LSA. The DR originates the LSA only if it is fully adjacent to at least one other router in the network. The network LSA is flooded throughout the area that contains the transit network, and no further. The network LSA lists those routers that are fully adjacent to the DR; each fully adjacent router is identified by its OSPF RID. The DR includes itself in this list.

The link-state ID for a network LSA is the IP interface address of the DR. This value, masked by the network's address mask (which is also contained in the network LSA) yields the network's IP address.

Alcatel-Lucent C


ot Distribute



Type 2 (Network) LSA Format

Network mask field— The IP address mask for the network. For example, a class A

network has the mask /8.

Attached router field — The RIDs of all routers attached to the network. Actually, only

those routers that are fully adjacent to the DR are listed. The DR includes itself in the list. The number of routers included can be deduced from the LSA header's length field.

2Link-state ID


LengthNetwork mask

Attached router…

LSA age Option

LS checksum

Alcatel-Lucent C


ot Distribute



Lab 5.1 –Multi-Area OSPF

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

OSPF

Alcatel-Lucent C


ot Distribute



Floods summary network information to other areasStates the network number and mask Advertised by the originating area ABRGoes to all areas within the autonomous system

OSPF – Type 3 (Summary) LSA

Area 1 Area 0

Type 3 (summary) LSAs are generated by ABRs to advertise networks in one area to another area. By default, a Type 3 LSA is generated for every network the router knows. By design, the summary LSA should be a true summary network advertisement not just for the individual networks that it knows about. This requires manual summarization configuration on the router by the network administrator.

Alcatel-Lucent C


ot Distribute



Type 3 (Summary) LSA Format

Network mask— Indicates the destination network’s IP mask

Metric— The cost to reach this network

3Link-state ID


LengthNetwork mask

MetricToS metric

LSA Age Option

LS checksum

0ToS

…

By default, a type 3 (summary) LSA is generated with the link-state ID set to the network’s address and the metric equal to the network’s routing table cost.

When summarization is configured, a summary LSA is generated with the link-state ID set to the range’s address. The metric is set to the highest cost of the component networks.

Alcatel-Lucent C


ot Distribute



Advertises the location of the ASBR to all other areas in the ASGenerated by the ABR of the originating areaFlooded throughout the autonomous systemContains the RID of the ASBR only

OSPF – Type 4 (ASBR) LSA

Area 1 Area 0

Non-OSPFEnvironmentSuch as RIP

ASBR

Type 4 (ASBR) LSAs are sourced by the ABR that is connected to an area that contains an ASBR. A type 4 LSA does not advertise the networks that are generated by the ASBR. Instead, it advertises the location of the ASBR to the rest of the OSPF autonomous system.

Alcatel-Lucent C


ot Distribute



Type 4 (ASBR) LSA Format

The link-state ID is set to the RID of the ASBR.The network mask field is not meaningful to a type 4 LSA and must be 0.The metric is equal to the cost in the routing table.

4Link-state ID


LengthNetwork mask

MetricToS Metric

LSA age Option

LS checksum

0ToS

…

Alcatel-Lucent C


ot Distribute



Advertises networks from other autonomous systemsSent by the originating ASBRFlooded throughout the entire ASThe ASBR ID is unchanged throughout the ASNeeds a type 4 LSA to find the ASBR

OSPF – Type 5 (External) LSA

Area 1 Area 0


ASBR

Type 5 (External) LSAs advertise the networks that are being redistributed to OSPF from an external source. These LSAs are generated by the ASBR and are flooded throughout the OSPF autonomous system.

Alcatel-Lucent C


ot Distribute



Type 5 (External) LSA Format

5Link-state ID


LengthNetwork mask

MetricForwarding address

LSA age Option

LS checksum

0

External route tag

E

ToS metricToSEForwarding addressExternal route tag

The link-state ID is set to the destination network’s IP address.

The Network mask is set to the advertised network mask.

There are 2 types of metrics that can be advertised:

• If the E bit is set, the metric specified is a type 2 (external) metric. This means that the metric is considered to be larger than any link-state path.

• If the E bit is not set, the metric specified is a type 1 (external) metric. This means that the metric is expressed in the same units as the link-state metric.

The forwarding address is set to the address of the ASBR.

The external route tag is a 32-bit value assigned to the external route. It is not used by OSPF itself. The tag can be used to communicate information between ASBRs.

Alcatel-Lucent C


ot Distribute



Lab 5.2 – Routes from Non-OSPF Areas

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

OSPF

Alcatel-Lucent C


ot Distribute



OSPF – Stub and Stub, No Summary

Stub area (a single area that is a dead end):The ABR blocks all type 4 and 5 LSAs and sends the default route.RFC-based implementation

Stub area, no summary;The common industry term is “totally stubby”.The ABR blocks all type 3, 4, and 5 LSAs and sends the default route.

Area 0

Area 2Stub

No type 3, 4, or 5 LSA;default route instead

No type 4 or 5 LSA5; default route instead

Area 1Stub, no summaries

Stub areas must conform to the following attributes:

The area must be a dead end. In the example above, the only reason to enter Area 2 is to access networks within Area 2. Traffic would not pass through Area 2 to get to any other location.

Virtual links are not supported.

Type 4 and type 5 LSAs are blocked by the ABR, and a default route is advertised instead into the area. However, type 3 LSAs are still advertised.

Stub area, no summary must conform to the following attributes:

All attributes of a stub area are the same.

By adding “no summary”, the ABR blocks type 3, 4 and 5 LSAs; instead it advertises a default route. The ABR originates a type 3 LSA into the stub area. The link-state ID is 0.0.0.0, and the network mask is set to 0.0.0.0.

The industry term is “totally stubby”.

Alcatel-Lucent C


ot Distribute



Labs 5.3 and 5.4 – OSPF Stub Areas

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

OSPF

Alcatel-Lucent C


ot Distribute



Only advertises within the NSSA areaSent by the originating ASBRConverted to a type 5 LSA at the ABR of the NSSA area

OSPF – Type 7 (NSSA) LSA

Area 1NSSA

Area 0

Non-OSPFenvironmentsuch as RIP

Type 7 LSA Type 5 LSAASBR

Type 7 (NSSA) LSAs are only advertised within the NSSA area. They are generated by the advertising ASBR and identify the external networks that are being redistributed into OSPF.

At the NSSA area’s ABR, all type 7 LSAs are converted into type 5 LSAs as they are advertised into the rest of the OSPF autonomous system. Because the Type 5 LSA is originated by the ABR, no Type 4 LSA is required.

NSSA areas are treated just like stub areas by the ABR. However, they are not dead ends because traffic can traverse the NSSA to access a non-OSPF part of the network.

Alcatel-Lucent C


ot Distribute



OSPF – NSSA Details

NSSA – access area and small external network:Inbound acts like a stub area. Must specify originate-default-route to generate default route

NSSA, no summaries – same as stub, no summaries inbound:Inbound acts like a totally stubby area.The common industry term is “totally NSSA”.Must specify originate-default-route to generate default route

Area 1NSSA

Area 0


Type 7 LSA Type 5 LSA

As in the stub topology, all inbound type 5 LSA traffic is blocked. The difference between a stub and NSSA is that an NSSA contains external routes from within the area. Also, the ABR does not automatically inject a default route as it does for a stub network. In order to inject a default route as a Type 3 LSA, use the command “originate-default-route”. Some older implementations expect a type 7 LSA default route in which case, use the parameter “type-7” on the command.

Alcatel-Lucent C


ot Distribute



Lab 5.5 – OSPF NSSA

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

OSPF

Alcatel-Lucent C


ot Distribute



OSPF – LSA Summary

Area 0

Area 1Area 2

Backbone

Area 3

Normal Area Stub Area

NSSA

LSA MenuType 1 =Type 2 =Type 3 =Type 4 =Type 5 =Type 7 = X

ASBR

X

The figure above shows where the different LSA types would travel in a typical network configuration using all four types of areas.

Note that the type 7 LSA is only advertised within the NSSA. The ABR of that area converts the type 7 LSAs into type 5 LSAs as they are advertised into the backbone area.

Type 1 and 2 LSAs are only sent within the area from which they originate.

Type 3 and 4 LSAs are generated by the ABRs and cross between areas.

Type 5 LSAs are originated by the ASBR.

Alcatel-Lucent C


ot Distribute



Type 9 — Local-link LSA, advertised by an intra-area routerType 10 — Intra-area LSA, advertised by an intra-area routerType 11 — Network LSA, advertised by an ABR

OSPF — Type 9, 10 and 11 (Opaque) LSAs

Area 1Area 0

LSA-11LSA-10

LSA-9&10

These LSAs are used to support OSPF extensions for traffic engineering and resource information. They are used by protocols such as MPLS-TE to calculate the best path to a destination based on traffic engineering criteria.

Type 9 (local-link) LSAs are not flooded beyond the local link on which they are created.

Type 10 (intra-area) LSAs are flooded throughout the area, but are not forwarded by the ABR beyond the area in which they are created.

Type 11 (network) LSAs are flooded throughout the entire OSPF routing domain.

Alcatel-Lucent C


ot Distribute



OSPF — Show opaque-database Command

Monitoring opaque LSAs:

Context: show>router>ospf>

Syntax: opaque-database [link link-id | area area-id |as]

[adv-router router-id] [ls-id] [detail]

Example: show>router>ospf# show router ospf opaque-database


Syntax: opaque-database [link link-id | area area-id |as]

[adv-router router-id] [ls-id] [detail]

Example: show>router>ospf# show router ospf opaque-database

opaque-database

Syntax opaque-database [link link-id | area area-id |as] [adv-router router-id] [ls-id] [detail]

Context show>router>ospf

Description This command lists OSPF opaque database information.

Output OSPF Opaque Link-State Database Output – The following table describes the output fields:

Label DescriptionArea Id A 32-bit integer that uniquely identifies an area. Area ID 0.0.0.0 is used for the OSPF backbone.

Type NSSA This area is configured as an NSSA.

Area This area is configured as a standard area (not NSSA or stub).

Stub This area is configured as an NSSA.

Link State Id An LSA type specific field that contains either an RID or an IP address; it identifies the piece ofthe routing domain being described by the advertisement.

Adv Rtr Id The RID of the router that is advertising the LSA.

Age The age of the LSA, in seconds.

Sequence The signed 32-bit integer sequence number.

Cksum The 32-bit unsigned sum of the LSA’s LS checksums.

Alcatel-Lucent C


ot Distribute



OSPF — Show opaque-database Example

ALA-A# show router ospf opaque-database

=============================================================================

OSPF Opaque Link State Database (Type : All)

=============================================================================

Area Id Type Link State Id Adv Rtr Id Age Sequence Cksum

-----------------------------------------------------------------------------

0.0.0.0 Area 1.0.0.1 180.0.0.2 205 0x8000007e 0xb1b2

0.0.0.0 Area 1.0.0.1 180.0.0.5 617 0x80000084 0xb1a6

0.0.0.0 Area 1.0.0.1 180.0.0.8 1635 0x80000081 0xc391

0.0.0.0 Area 1.0.0.1 180.0.0.9 1306 0x80000082 0xc58c

-----------------------------------------------------------------------------

No. of Opaque LSAs: 4

=============================================================================

ALA-A#

ALA-A# show router ospf opaque-database

=============================================================================

OSPF Opaque Link State Database (Type : All)

=============================================================================


-----------------------------------------------------------------------------

0.0.0.0 Area 1.0.0.1 180.0.0.2 205 0x8000007e 0xb1b2

0.0.0.0 Area 1.0.0.1 180.0.0.5 617 0x80000084 0xb1a6

0.0.0.0 Area 1.0.0.1 180.0.0.8 1635 0x80000081 0xc391

0.0.0.0 Area 1.0.0.1 180.0.0.9 1306 0x80000082 0xc58c

-----------------------------------------------------------------------------

No. of Opaque LSAs: 4

=============================================================================

ALA-A#

Alcatel-Lucent C


ot Distribute



OSPF — LSA Sequence Numbers

Each sequence number is a 32-bit value represented as a hex number. The sequence number -N (0x80000000) is reserved (and unused). This leaves — N + 1 (0x80000001) as the smallest number (oldest information).Sequence numbers increment each time an LSA is flooded for that specific network.The higher the sequence number, the more trusted the information.The counters roll over when the maximum value is reached.

The sequence number field is a 32-bit integer referenced hex notation. It is used to detect old and duplicate LSAs. The larger the sequence number, the more recent the LSA.

The sequence number starts at 0x80000000; however, this value is reserved and unused. This leaves 0x80000001 as the smallest value possible. This sequence number is referred to as the constant InitialSequenceNumber. A router uses InitialSequenceNumber the first time it originates an LSA. Afterward, the LSA's sequence number is incremented each time the router originates a new instance of the LSA.

When an attempt is made to increment the sequence number past the maximum value of 0x7fffffff (also referred to as MaxSequenceNumber), the current instance of the LSA must first be flushed from the routing domain. This is done by prematurely aging the LSA and re-flooding it. As soon as this flood has been acknowledged by all adjacent neighbors, a new instance can be originated with the sequence number InitialSequenceNumber.

Sequence numbers increment any time that an LSA is sent around about a specific network. This can be due to a change in the state of the network or because the 30-minute timer has expired and a refresh is necessary.

Alcatel-Lucent C


ot Distribute



OSPF — Packet Processing

Dealing with topology changes in a router:

LSU/LSAIs entry in

LSDB?

Sequence No.

same?Send ACK

End

No No

No

Yes Yes

Yes

Add to LSDB

Send ACK

Flood LSA

Run SPF

Is sequence number higher

than inLSDB?

Send LSU back with newer information

It is common for a router to receive self originated LSAs via the flooding procedure.

A self-originated LSA is detected when either:

The LSA's advertising router is equal to the router's own RID

The LSA is a network LSA and its link-state ID is equal to one of the router's own IP interface addresses

If the received self-originated LSA is newer than the last instance that the router actually originated, the router must take special action. The reception of such an LSA indicates that there are LSAs in the routing domain that were originated by the router before the last time it was restarted. In most cases, the router must then advance the LSA's LS sequence number one past the received LS sequence number and originate a new instance of the LSA.

Alcatel-Lucent C


ot Distribute



Virtual links and OSPF:Designed for non-contiguous areasOvercomes the requirement that all areas directly connect to Area 0Not a good permanent fix to a problem

OSPF — Defining Virtual Links

Area 1 Area 0Area 4

RID1.1.1.1

RID2.2.2.2

Virtual link

The backbone area in an OSPF AS must be contiguous, and all other areas must be connected to the backbone area. Sometimes this is not practical or is unreasonably expensive to implement. Virtual links can be used to connect to the backbone through a non-backbone area.

The figure above shows routers A and B as the start and endpoints of the virtual link and Area 0.0.0.1 as the transit area. To configure virtual links, the router must be an ABR. Virtual links are identified by the RID of the other endpoint, another ABR. These two endpoint routers must be attached to a common area, called the transit area. The area through which the virtual link is configured must have full routing information.

Transit areas pass traffic from an area adjacent to the backbone or to another area. The traffic does not originate in, nor is it destined for, the transit area. The transit area cannot be a stub area or an NSSA.

Virtual links are part of the backbone and behave as if they were unnumbered point-to-point networks between the two routers. A virtual link uses the intra-area routing of its transit area to forward packets.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the reason for having multiple areas in an OPSF network?

2. A type 1 LSA contains flags that indicate if it originated from an ABR or ASBR. True or false?

3. Type 3 (summary) LSAs automatically summarize networks that are being advertised to neighboring areas. True or false?

4. An OSPF network that has type 5 LSAs always has type 4 LSAs as well. True or false?

5. In a stub area, the ABR filters all type 3, 4, and 5 LSAs and advertises a default route. True or false?

6. Type 7 LSAs are found only in an NSSA. True or false?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the reason for having multiple areas in an OPSF network?

Having multiple smaller areas instead of one large area increases the scalability of the OSPF protocol. Each area has its own topological database and the SPF calculation is performed individually in each area. This decreases the size of the topology database, the flooding of updates and the effects of change in one part of the network.

2. A type 1 LSA contains flags that indicate if it originated from an ABR or ASBR. True or false?

True. The B bit indicates that the update originated from an ABR. The E bit indicates that the update originated from an ASBR.

3. Type 3 (summary) LSAs automatically summarize networks that are being advertised to neighboring areas. True or false?

False. Since OSPF is a classless protocol, all network summaries must be manually configured.

4. An OSPF network that has type 5 LSAs always has type 4 LSAs as well. True or false?

False. (Usually but not always) Any time an ABR floods a type 5 LSA from one area to another it will also originate a type 4 LSA to provide the path to the ASBR that originated the type 5 LSA. However, if the ABR is converting a Type 7 LSA to a Type 5 LSA, it will not originate a Type 4 LSA since it is not required. Also, if the network is a single area network there may be Type 5 LSAs but not Type 4 since there are no ABRs.

5. In a stub area, the ABR filters all type 3, 4, and 5 LSAs and advertises a default route. True or false?

False. In a stub area, only type 5 LSAs are filtered. Type 3 and type 4 LSAs are filtered in a totally stubby area (stub area with no summaries). In any stub area the ABR advertises a default route. This is advertised using a Type 3 LSA and is the only type 3 LSA in a totally stubby area.

6. Type 7 LSAs are found only in an NSSA. True or false?

True. The type 7 LSAs are converted to type 5 LSAs by the ABR.

Alcatel-Lucent C


ot Distribute



Section Summary

This section covered:Types of link-state advertisementsTypes of OSPF areas:

BackboneStandardStubNSSA

Alcatel-Lucent C


ot Distribute



Section 5 — OSPF Case Study

Alcatel-Lucent C


ot Distribute



Section Objectives

This section examines the different types of LSAs:Type 1 and type 2 LSAsStandard areas without summarizationNetwork summarizationType 3 LSAsType 5 LSAsStub areas and NSSAsType 7 LSAs

Alcatel-Lucent C


ot Distribute



Single-Area Topology

Area 0

rtr5

rtr4

rtr1

rtr3

rtr6rtr2

10.10.0.0/30

10.10.1.0/30

10.10.2.0/30

10.10.3.0/30

10.10.4.0/30

10.10.5.0/30

.2.2

.2

.2

.2

.2

.1

.1

.1

.1

.1

.1

1.1.1.1

2.2.2.2

3.3.3.3

6.6.6.6

5.5.5.5

4.4.4.4

Note: Ethernet is used between all routers.

Alcatel-Lucent C


ot Distribute



rtr1 Configuration

rtr1 interface Config#------------------------------------------echo "IP Configuration"#------------------------------------------

interface "system"address 1.1.1.1/32

exitinterface "to-rtr2"

address 10.10.2.2/30port 1/1/1


address 10.10.3.1/30port 1/1/3

exit

1.1.1.1

10.10.3.0/30

10.10.2.0/30

.1

rtr1.2

rtr1 OSPF Config#------------------------------------------echo "OSPF Configuration"#------------------------------------------

ospfarea 0.0.0.0

interface "system"exitinterface "to-rtr2"exitinterface "to-rtr3"exit

exitexit

Note: By default, OSPF interface types are broadcast.

Alcatel-Lucent C


ot Distribute



rtr1 OSPF Neighbors

A:rtr1# show router ospf neighbor

===============================================================================OSPF Neighbors===============================================================================Nbr IP Addr Nbr Rtr Id Nbr State Priority RetxQ Len Dead Time -------------------------------------------------------------------------------10.10.2.1 2.2.2.2 Full 1 0 31 10.10.3.2 3.3.3.3 Full 1 0 33 -------------------------------------------------------------------------------No. of Neighbors: 2===============================================================================

rtr1

rtr310.10.2.0/30

10.10.3.0/30

10.10.5.0/30

rtr2

1.1.1.1

3.3.3.3

2.2.2.2

.1

.1 .1

.2.2

.2

Alcatel-Lucent C


ot Distribute



rtr1 OSPF Interface

A:rtr1# show router ospf interface

===============================================================================OSPF Interfaces===============================================================================If Name Area Id Designated Rtr Bkup Desig Rtr Adm Oper-------------------------------------------------------------------------------system 0.0.0.0 1.1.1.1 0.0.0.0 Up DR to-rtr2 0.0.0.0 10.10.2.2 10.10.2.1 Up DR to-rtr3 0.0.0.0 10.10.3.2 10.10.3.1 Up BDR -------------------------------------------------------------------------------No. of OSPF Interfaces: 3===============================================================================

rtr1

rtr310.10.2.0/30

10.10.3.0/30

10.10.5.0/30

rtr2

1.1.1.1

3.3.3.3.1

.1 .1

.2.2

.2

2.2.2.2

Alcatel-Lucent C


ot Distribute



rtr1 OSPF Database

A:rtr1# show router ospf database

===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.0 1.1.1.1 1.1.1.1 953 0x8000004c 0xc2e0 Router 0.0.0.0 2.2.2.2 2.2.2.2 1281 0x8000002f 0x2069 Router 0.0.0.0 3.3.3.3 3.3.3.3 646 0x80000045 0xd885 Router 0.0.0.0 4.4.4.4 4.4.4.4 1004 0x8000002a 0x3e6c Router 0.0.0.0 5.5.5.5 5.5.5.5 383 0x80000026 0x5c6e Router 0.0.0.0 6.6.6.6 6.6.6.6 593 0x80000025 0xf0c6 Network 0.0.0.0 10.10.0.2 4.4.4.4 1482 0x80000023 0x27c9 Network 0.0.0.0 10.10.1.1 4.4.4.4 1035 0x80000002 0xd14c Network 0.0.0.0 10.10.2.2 1.1.1.1 918 0x80000025 0x6aa6 Network 0.0.0.0 10.10.3.2 3.3.3.3 563 0x80000008 0x6fb1 Network 0.0.0.0 10.10.4.1 3.3.3.3 613 0x80000024 0x31bf Network 0.0.0.0 10.10.5.2 3.3.3.3 1107 0x80000002 0x9789 -------------------------------------------------------------------------------No. of LSAs: 12===============================================================================

There are 6 routers in Area 0. The database contains a type 1 (router) LSA for each router in the areas that it belongs to.

The interface type between the routers is broadcast. The database contains a type 2 (network) LSA for each network.

Alcatel-Lucent C


ot Distribute



rtr1 Type 1 (Router) LSA

A:rtr1# show router ospf database 1.1.1.1 detail

===============================================================================OSPF Link State Database (Type : All) (Detailed)===============================================================================-------------------------------------------------------------------------------Router LSA for Area 0.0.0.0-------------------------------------------------------------------------------Area Id : 0.0.0.0 Adv Router Id : 1.1.1.1 Link State Id : 1.1.1.1 LSA Type : Router Sequence No : 0x8000004b Checksum : 0xc4df Age : 936 Length : 60 Options : E Flags : None Link Count : 3 Link Type (1) : Transit Network DR Rtr Id (1) : 10.10.2.2 I/F Address (1) : 10.10.2.2 No of TOS (1) : 0 Metric-0 (1) : 1000 Link Type (2) : Stub Network Network (2) : 1.1.1.1 Mask (2) : 255.255.255.255 No of TOS (2) : 0 Metric-0 (2) : 0 Link Type (3) : Transit Network DR Rtr Id (3) : 10.10.3.2 I/F Address (3) : 10.10.3.1 No of TOS (3) : 0 Metric-0 (3) : 1000 ===============================================================================

Type 1 (router) LSA for rtr1 in Area 0:Link State Id is set to RID 1.1.1.1.

Number of links is 3; these include the system interface, interface to-rtr1, and interface to-rtr3.

The interface type between the routers is broadcast.

Description of the link between rtr1 and rtr2:There is an adjacency; therefore add a type 2 (transit network) link.

Link ID is set to the IP address of the DR (10.10.2.2).

The link data field is set to the router’s own address (10.10.2.2); rtr1 is the DR for this network and is responsible for generating type 2 (network) LSAs.

The cost is equal to 1000.

Description of the system interface:This is a loopback interface; therefore add a type 3 (stub network) link.

Link ID is set to the IP interface address (1.1.1.1).

The link data field is the IP interface subnet mask (255.255.255.255).

The cost is set to 0.

Description of the link between rtr1 and rtr3:There is an adjacency; therefore add a type 2 (transit network) link.

Link ID is set to the IP address of the DR (10.10.3.2).

The link data field is set to the router’s own address (10.10.3.1); rtr3 is the DR for this network and is responsible for generating type 2 (network) LSAs.

Options value E indicates that the originating router is in a backbone or non-stub area. Routers in a stub area do not have this value set.

Alcatel-Lucent C


ot Distribute



Type 2 (Network) LSA Advertised by rtr1


===============================================================================OSPF Link State Database (Type : All) (Detailed)===============================================================================-------------------------------------------------------------------------------Network LSA for Area 0.0.0.0-------------------------------------------------------------------------------Area Id : 0.0.0.0 Adv Router Id : 1.1.1.1 Link State Id : 10.10.2.2 LSA Type : Network Sequence No : 0x80000026 Checksum : 0x68a7 Age : 124 Length : 32 Options : E Network Mask : 255.255.255.252 No of Adj Rtrs : 2 Router Id (1) : 1.1.1.1 Router Id (2) : 2.2.2.2 ===============================================================================

rtr1 Type 2 (network) LSA for network 10.10.2.0/30:rtr1 is the DR for this segment and is therefore responsible for generating the network LSA.

Link-state ID is set to the DR’s IP address.

Network mask is set to the IP address mask 255.255.255.252.

The network LSA also contains the number of adjacent routers and lists the RID of each router.

The number of adjacent routers on this segment is 2.

The RIDs are 1.1.1.1 and 2.2.2.2.

The route is derived from the link-state ID and the network mask.

Alcatel-Lucent C


ot Distribute



All OSPF Interface Types Set to Point-to-Point

1.1.1.1

10.10.3.0/30

10.10.2.0/30

.1

rtr1.2

rtr1 OSPF Config

A:rtr1>config>router>ospf# info ----------------------------------------------

area 0.0.0.0interface "system"

interface-type point-to-pointexitinterface "to-rtr2"


interface-type point-to-pointexit

exit

Note: All routers are configured in the same way as shown in the slide above.

Alcatel-Lucent C


ot Distribute



rtr1 OSPF Database

There are no longer any type 2 (Network) LSAs. On point-to-point interfaces, there is no DR election.The router follows the rules for describing the point-to-point interface in the type 1 (router) LSA.


===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.0 1.1.1.1 1.1.1.1 215 0x80000055 0x397 Router 0.0.0.0 2.2.2.2 2.2.2.2 206 0x80000039 0x5725 Router 0.0.0.0 3.3.3.3 3.3.3.3 209 0x8000004e 0xa44 Router 0.0.0.0 4.4.4.4 4.4.4.4 224 0x80000031 0x1684 Router 0.0.0.0 5.5.5.5 5.5.5.5 269 0x8000002b 0x18a7 Router 0.0.0.0 6.6.6.6 6.6.6.6 240 0x8000002a 0xa00f -------------------------------------------------------------------------------No. of LSAs: 6===============================================================================

Alcatel-Lucent C


ot Distribute



rtr1 Router LSA


===============================================================================OSPF Link State Database (Type : All) (Detailed)===============================================================================-------------------------------------------------------------------------------Router LSA for Area 0.0.0.0-------------------------------------------------------------------------------Area Id : 0.0.0.0 Adv Router Id : 1.1.1.1 Link State Id : 1.1.1.1 LSA Type : Router Sequence No : 0x80000055 Checksum : 0x397Age : 506 Length : 84 Options : E Flags : None Link Count : 5 Link Type (1) : Point To Point Nbr Rtr Id (1) : 2.2.2.2 I/F Address (1) : 10.10.2.2 No of TOS (1) : 0 Metric-0 (1) : 1000 Link Type (2) : Stub Network Network (2) : 10.10.2.0 Mask (2) : 255.255.255.252 No of TOS (2) : 0 Metric-0 (2) : 1000 Link Type (3) : Stub Network Network (3) : 1.1.1.1 Mask (3) : 255.255.255.255 No of TOS (3) : 0 Metric-0 (3) : 1 Link Type (4) : Point To Point Nbr Rtr Id (4) : 3.3.3.3 I/F Address (4) : 10.10.3.1 No of TOS (4) : 0 Metric-0 (4) : 1000 Link Type (5) : Stub Network Network (5) : 10.10.3.0 Mask (5) : 255.255.255.252 No of TOS (5) : 0 Metric-0 (5) : 1000 ===============================================================================

Type 1 (router) LSA for rtr1 in Area 0:Link-state Id is set RID 1.1.1.1.

Number of links is 5; these include the system interface, interface to-rtr1, and interface to-rtr3. When describing point-to point-interfaces, a type 3 link is added.

The description for the system interface is the same (no adjacency on the system interface); therefore, a type 1 point-to-point link is not added.

Description of the interface between rtr1 and rtr2:There is an adjacency on this interface; therefore add a type 1 (point-to-point) Link.

Link ID is set to the RID of the neighboring router (2.2.2.2).

The link data field is set to the IP interface address (10.10.2.2).

The metric is set to the cost of the link: 1000.

In addition, as long as the interface is point-to-point, add a type 3 stub network link.

If a subnet is assigned, set the Link ID to the subnet’s IP address.

The link data field is set to the IP subnet mask (255.255.255.252).

The metric is set to 1000.

Alcatel-Lucent C


ot Distribute



Standard Areas, No Summarization

Area 1

Area 0

Area 2

rtr5

rtr4

rtr2

rtr1

rtr3

rtr6

1.1.1.1

5.5.5.5

4.4.4.4

2.2.2.2

3.3.3.3

6.6.6.6

10.10.0.0/30

.1.2

.110.10.1.0/30 .2

10.10.5.0/3010.10.2.0/30

10.10.3.0/30

10.10.4.0/30.2

.2

.2

.2.1.1

.1

.1

rtr5 has other links to the following networks:172.10.1.0/24172.10.2.0/24172.10.3.0/24

Alcatel-Lucent C


ot Distribute



rtr1OSPF Database


===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.0 1.1.1.1 1.1.1.1 460 0x8000009c 0x74de Router 0.0.0.0 2.2.2.2 2.2.2.2 615 0x80000074 0xf975 Router 0.0.0.0 3.3.3.3 3.3.3.3 208 0x80000091 0x69dc Summary 0.0.0.0 4.4.4.4 2.2.2.2 761 0x80000002 0xb2a4 Summary 0.0.0.0 5.5.5.5 2.2.2.2 824 0x80000002 0xb7af Summary 0.0.0.0 6.6.6.6 3.3.3.3 1982 0x80000001 0x3a12 Summary 0.0.0.0 10.10.0.0 2.2.2.2 473 0x80000002 0x87e3 Summary 0.0.0.0 10.10.1.0 2.2.2.2 1323 0x80000002 0x490d Summary 0.0.0.0 10.10.4.0 3.3.3.3 401 0x80000002 0xa45 Summary 0.0.0.0 172.10.1.0 2.2.2.2 423 0x80000002 0x566d Summary 0.0.0.0 172.10.2.0 2.2.2.2 744 0x80000002 0x4b77 Summary 0.0.0.0 172.10.3.0 2.2.2.2 2114 0x80000001 0x4280 -------------------------------------------------------------------------------No. of LSAs: 12===============================================================================

The database contains only the router LSAs that are in Area 0. All other LSAs are summary LSAs. By default, there is no summarization done by the ABR. If the entire 172.10.0.0/16 prefix is in Area 1, an area range could be configured on rtr2, which is the ABR. This will be shown in a later example.

Alcatel-Lucent C


ot Distribute



rtr2 ABR OSPF Database


===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.0 1.1.1.1 1.1.1.1 570 0x8000009c 0x74de Router 0.0.0.0 2.2.2.2 2.2.2.2 723 0x80000074 0xf975 Router 0.0.0.0 3.3.3.3 3.3.3.3 317 0x80000091 0x69dc Summary 0.0.0.0 4.4.4.4 2.2.2.2 870 0x80000002 0xb2a4 Summary 0.0.0.0 5.5.5.5 2.2.2.2 933 0x80000002 0xb7af Summary 0.0.0.0 6.6.6.6 3.3.3.3 100 0x80000002 0x3813 Summary 0.0.0.0 10.10.0.0 2.2.2.2 582 0x80000002 0x87e3 Summary 0.0.0.0 10.10.1.0 2.2.2.2 1432 0x80000002 0x490d Summary 0.0.0.0 10.10.4.0 3.3.3.3 510 0x80000002 0xa45 Summary 0.0.0.0 172.10.1.0 2.2.2.2 532 0x80000002 0x566d Summary 0.0.0.0 172.10.2.0 2.2.2.2 853 0x80000002 0x4b77 Summary 0.0.0.0 172.10.3.0 2.2.2.2 2223 0x80000001 0x4280 Router 0.0.0.1 2.2.2.2 2.2.2.2 922 0x80000004 0x9d82 Router 0.0.0.1 4.4.4.4 4.4.4.4 1118 0x80000007 0x6a5a Router 0.0.0.1 5.5.5.5 5.5.5.5 605 0x8000000d 0xcfb0 Summary 0.0.0.1 1.1.1.1 2.2.2.2 870 0x80000005 0x3729 Summary 0.0.0.1 2.2.2.2 2.2.2.2 1225 0x80000003 0xd871 Summary 0.0.0.1 3.3.3.3 2.2.2.2 1111 0x80000003 0xde7b Summary 0.0.0.1 6.6.6.6 2.2.2.2 541 0x80000002 0x89d9 Summary 0.0.0.1 10.10.2.0 2.2.2.2 856 0x80000005 0x381a Summary 0.0.0.1 10.10.3.0 2.2.2.2 890 0x80000003 0x6403 Summary 0.0.0.1 10.10.4.0 2.2.2.2 313 0x80000002 0x5b0c Summary 0.0.0.1 10.10.5.0 2.2.2.2 998 0x80000003 0x1b36 -------------------------------------------------------------------------------No. of LSAs: 23===============================================================================

rtr2 is an ABR for Area 0 and Area 1, so its database contains LSAs for both areas that it belongs to.

Alcatel-Lucent C


ot Distribute



rtr4 OSPF Database


===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.1 2.2.2.2 2.2.2.2 801 0x80000005 0x9b83 Router 0.0.0.1 4.4.4.4 4.4.4.4 1016 0x80000008 0x685b Router 0.0.0.1 5.5.5.5 5.5.5.5 15 0x8000000e 0xcdb1 Summary 0.0.0.1 1.1.1.1 2.2.2.2 98 0x80000006 0x352a Summary 0.0.0.1 2.2.2.2 2.2.2.2 626 0x80000004 0xd672 Summary 0.0.0.1 3.3.3.3 2.2.2.2 676 0x80000004 0xdc7c Summary 0.0.0.1 6.6.6.6 2.2.2.2 1897 0x80000002 0x89d9 Summary 0.0.0.1 10.10.2.0 2.2.2.2 24 0x80000006 0x361b Summary 0.0.0.1 10.10.3.0 2.2.2.2 581 0x80000004 0x6204 Summary 0.0.0.1 10.10.4.0 2.2.2.2 1669 0x80000002 0x5b0c Summary 0.0.0.1 10.10.5.0 2.2.2.2 992 0x80000004 0x1937 -------------------------------------------------------------------------------No. of LSAs: 11===============================================================================

The database for rtr4 only contains router LSAs from Area 1 and summary LSAs from other areas.

Alcatel-Lucent C


ot Distribute



Summary LSA


===============================================================================OSPF Link State Database (Type : All) (Detailed)===============================================================================-------------------------------------------------------------------------------Summary LSA for Area 0.0.0.1-------------------------------------------------------------------------------Area Id : 0.0.0.1 Adv Router Id : 2.2.2.2 Link State Id : 1.1.1.1 LSA Type : Summary Sequence No : 0x80000008 Checksum : 0x312c Age : 84 Length : 28 Options : E Network Mask : 255.255.255.255 Metric-0 : 1001 ===============================================================================

The link-state ID is set to IP address 1.1.1.1.The network mask is set to 255.255.255.255.The cost is set to 1001.

The route is derived from the link-state ID and network mask.

Alcatel-Lucent C


ot Distribute



rtr2 Configured to Summarize Area 1

Area 1

Area 0

rtr5

rtr4

rtr2

rtr1

rtr3

1.1.1.1

5.5.5.5

4.4.4.4

2.2.2.2

10.10.0.0/30

.1.2

.110.10.1.0/30 .2

10.10.5.0/3010.10.2.0/30

10.10.3.0/30

.2.2

.2

.1.1

.1






exitarea 0.0.0.1

area-range 172.10.0.0/16 advertiseinterface "to-rtr4"


exit----------------------------------------------

Alcatel-Lucent C


ot Distribute



rtr1 OSPF Database


===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.0 1.1.1.1 1.1.1.1 533 0x8000009f 0x6ee1 Router 0.0.0.0 2.2.2.2 2.2.2.2 756 0x80000077 0xf378 Router 0.0.0.0 3.3.3.3 3.3.3.3 410 0x80000094 0x63df Summary 0.0.0.0 4.4.4.4 2.2.2.2 1414 0x80000005 0xaca7 Summary 0.0.0.0 5.5.5.5 2.2.2.2 7 0x80000006 0xafb3 Summary 0.0.0.0 6.6.6.6 3.3.3.3 104 0x80000005 0x3216 Summary 0.0.0.0 10.10.0.0 2.2.2.2 661 0x80000005 0x81e6 Summary 0.0.0.0 10.10.1.0 2.2.2.2 1171 0x80000005 0x4310 Summary 0.0.0.0 10.10.4.0 3.3.3.3 65 0x80000005 0x448 Summary 0.0.0.0 172.10.0.0 2.2.2.2 1796 0x80000002 0x6163 -------------------------------------------------------------------------------No. of LSAs: 10===============================================================================

The 3 summary LSAs for 172.10.1.0, 172.10.2.0, and 172.10.3.0 have now been summarized and advertised with a single summary LSA of 172.10.0.0. When summarizing, the link-state ID is the configured area-range.

The networks that are in Area 1 but are not included in the area-range statement continue to be advertised.

Alcatel-Lucent C


ot Distribute



Type 3 (Summary) LSA


===============================================================================OSPF Link State Database (Type : All) (Detailed)===============================================================================-------------------------------------------------------------------------------Summary LSA for Area 0.0.0.0-------------------------------------------------------------------------------Area Id : 0.0.0.0 Adv Router Id : 2.2.2.2 Link State Id : 172.10.0.0 LSA Type : Summary Sequence No : 0x80000003 Checksum : 0x5f64 Age : 289 Length : 28 Options : E Network Mask : 255.255.0.0 Metric-0 : 2001 ===============================================================================

The route from this LSA is derived from the link-state ID and network mask.

Alcatel-Lucent C


ot Distribute



rtr4 Provides Routing to a Non-OSPF Environment

Area 1

Area 0

Area 2

rtr5

rtr4

rtr2

rtr1

rtr3

rtr6

1.1.1.1

5.5.5.5

4.4.4.4

2.2.2.2

3.3.3.3

6.6.6.6

10.10.0.0/30

.1

.2

.1

10.10.1.0/30

.2

10.10.5.0/3010.10.2.0/30

10.10.3.0/30

10.10.4.0/30.2

.2

.2

.2.1.1

.1

.1


Non-OSPFASBR

Alcatel-Lucent C


ot Distribute



rtr4 Configured as an ASBR

Area 1

rtr5

rtr4

rtr2

5.5.5.5

4.4.4.410.10.0.0/30

.1

.2

.1

10.10.1.0/30

.2

Non-OSPFASBR


asbrexport "redist"area 0.0.0.1

interface "system"interface-type point-to-point



exit----------------------------------------------

When routes are redistributed from another protocol into OSPF, the router must be configured as an ASBR and an export policy must be defined.

Export Policy Contents:

policy-statement "redist"

entry 10

from

protocol isis

exit

action accept

metric set 2000

exit

exit

exit

Alcatel-Lucent C


ot Distribute



rtr4 OSPF Database


===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.1 2.2.2.2 2.2.2.2 29 0x80000003 0x9f81 Router 0.0.0.1 4.4.4.4 4.4.4.4 23 0x80000002 0x8177 Summary 0.0.0.1 1.1.1.1 2.2.2.2 43 0x80000002 0x3d26 Summary 0.0.0.1 2.2.2.2 2.2.2.2 43 0x80000002 0xda70 Summary 0.0.0.1 3.3.3.3 2.2.2.2 43 0x80000002 0xe07a Summary 0.0.0.1 6.6.6.6 2.2.2.2 43 0x80000002 0x89d9 Summary 0.0.0.1 10.10.2.0 2.2.2.2 43 0x80000002 0x3e17 Summary 0.0.0.1 10.10.3.0 2.2.2.2 43 0x80000002 0x6602 Summary 0.0.0.1 10.10.4.0 2.2.2.2 43 0x80000002 0x5b0c Summary 0.0.0.1 10.10.5.0 2.2.2.2 43 0x80000002 0x1d35 AS Ext n/a 5.5.5.5 4.4.4.4 27 0x80000001 0xeaeb AS Ext n/a 172.10.1.0 4.4.4.4 27 0x80000001 0x89a9 AS Ext n/a 172.10.2.0 4.4.4.4 27 0x80000001 0x7eb3 AS Ext n/a 172.10.3.0 4.4.4.4 27 0x80000001 0x73bd -------------------------------------------------------------------------------No. of LSAs: 14===============================================================================

rtr4 is now advertising type 5 (external) LSAs for the routes that it is redistributing into OSPF.

Alcatel-Lucent C


ot Distribute



Type 5 (External) LSA


===============================================================================OSPF Link State Database (Type : All) (Detailed)===============================================================================-------------------------------------------------------------------------------AS Ext LSA for Network 5.5.5.5-------------------------------------------------------------------------------Area Id : N/A Adv Router Id : 4.4.4.4 Link State Id : 5.5.5.5 LSA Type : AS Ext Sequence No : 0x80000001 Checksum : 0xeaeb Age : 231 Length : 36 Options : E Network Mask : 255.255.255.255 Fwding Address : 0.0.0.0 Metric Type : Type 2 Metric-0 : 2000 Ext Route Tag : 0 ===============================================================================

The link-state ID is set to the network IP address (5.5.5.5).

The network mask is set to IP network mask 255.255.255.255.

The metric is set to type 2. This is the default metric type (i.e., when a router gets this LSA, it installs the route in the routing table with a cost of 2000). The router does not take into account the cost to get to the ASBR. If the metric is set to type 1, the cost to reach the ASBR would be added to the cost of 2000.

Alcatel-Lucent C


ot Distribute



rtr1 OSPF Database and Type 4 LSA Originated from rtr2


===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.0 1.1.1.1 1.1.1.1 717 0x800000de 0xef21 Router 0.0.0.0 2.2.2.2 2.2.2.2 745 0x800000b4 0x79b5 Router 0.0.0.0 3.3.3.3 3.3.3.3 913 0x800000d1 0xe81d Summary 0.0.0.0 4.4.4.4 2.2.2.2 721 0x80000001 0xb4a3 Summary 0.0.0.0 6.6.6.6 3.3.3.3 1298 0x80000002 0x3813 Summary 0.0.0.0 10.10.1.0 2.2.2.2 1408 0x80000034 0xe43f Summary 0.0.0.0 10.10.4.0 3.3.3.3 935 0x80000033 0xa776 AS Summ 0.0.0.0 4.4.4.4 2.2.2.2 722 0x80000001 0x9cbb AS Ext n/a 5.5.5.5 4.4.4.4 729 0x80000001 0xeaeb AS Ext n/a 172.10.1.0 4.4.4.4 729 0x80000001 0x89a9 AS Ext n/a 172.10.2.0 4.4.4.4 729 0x80000001 0x7eb3 AS Ext n/a 172.10.3.0 4.4.4.4 729 0x80000001 0x73bd -------------------------------------------------------------------------------No. of LSAs: 12===============================================================================

The type 5 (external) LSAs originated by rtr4 are flooded into the backbone. rtr2 (the ABR between Area 1 and Area 0) is responsible for originated a type 4 (ASBR) LSA.

Alcatel-Lucent C


ot Distribute



Type 4 (ASBR) LSA


===============================================================================OSPF Link State Database (Type : All) (Detailed)===============================================================================-------------------------------------------------------------------------------AS Summ LSA for Area 0.0.0.0-------------------------------------------------------------------------------Area Id : 0.0.0.0 Adv Router Id : 2.2.2.2 Link State Id : 4.4.4.4 LSA Type : AS Summ Sequence No : 0x80000001 Checksum : 0x9cbb Age : 1011 Length : 28 Options : E Network Mask : N/A Metric-0 : 1000 ===============================================================================

The link-state ID is set to the ASBR IP address (4.4.4.4).

The network mask is N/A for type 4 (ASBR) LSAs.

The metric is set to the cost between the ABR and ASBR.

Alcatel-Lucent C


ot Distribute



Stub Areas and NSSAs

Area 1

Area 0

Area 2

rtr5

rtr4

rtr2

rtr1

rtr3

rtr6

1.1.1.1

5.5.5.5

4.4.4.4

2.2.2.2

3.3.3.3

6.6.6.6

10.10.0.0/30

.1.2

.110.10.1.0/30 .2

10.10.5.0/3010.10.2.0/30

10.10.3.0/30

10.10.4.0/30.2

.2

.2

.2.1.1

.1

.1


NSSA

Stub

Alcatel-Lucent C


ot Distribute



rtr2 OSPF Area Configuration

rtr5

rtr4

rtr2

5.5.5.5

4.4.4.4

2.2.2.2

10.10.0.0/30

.1.2

.110.10.1.0/30 .2






exitarea 0.0.0.1

area-range 172.10.0.0/16 advertisenssaexitinterface "to-rtr4"


exit----------------------------------------------

rtr4 and rtr5 must be configured as nssa.

Alcatel-Lucent C


ot Distribute



rtr4 OSPF Database


===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.1 2.2.2.2 2.2.2.2 1024 0x80000003 0xc35d Router 0.0.0.1 4.4.4.4 4.4.4.4 1018 0x80000002 0x9239 Router 0.0.0.1 5.5.5.5 5.5.5.5 995 0x80000006 0xfb8d Summary 0.0.0.1 1.1.1.1 2.2.2.2 1109 0x80000002 0x5b0a Summary 0.0.0.1 2.2.2.2 2.2.2.2 1109 0x80000002 0xf854 Summary 0.0.0.1 3.3.3.3 2.2.2.2 1109 0x80000002 0xfe5e Summary 0.0.0.1 6.6.6.6 2.2.2.2 1045 0x80000001 0xa9bc Summary 0.0.0.1 10.10.2.0 2.2.2.2 1109 0x80000002 0x5cfa Summary 0.0.0.1 10.10.3.0 2.2.2.2 1109 0x80000002 0x84e5 Summary 0.0.0.1 10.10.4.0 2.2.2.2 1047 0x80000001 0x7bee Summary 0.0.0.1 10.10.5.0 2.2.2.2 1109 0x80000002 0x3b19 -------------------------------------------------------------------------------No. of LSAs: 11===============================================================================

The area has been configured as an NSSA, but the ABR has not been configured to filter the summary LSAs.

Alcatel-Lucent C


ot Distribute



rtr3 OSPF Area Configuration

Area 2

rtr3

rtr6

3.3.3.3

6.6.6.6

10.10.4.0/30

.2

.1

Stub






exitarea 0.0.0.2

stubexitinterface "to-rtr6"


exit----------------------------------------------

rtr6 must be configured as a stub.

Alcatel-Lucent C


ot Distribute



rtr6 OSPF Database

A:rtr6>config>router>ospf# show router ospf database

===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.2 3.3.3.3 3.3.3.3 1188 0x80000002 0x10fe Router 0.0.0.2 6.6.6.6 6.6.6.6 1192 0x80000003 0xdcb Summary 0.0.0.2 0.0.0.0 3.3.3.3 1187 0x80000002 0x371a Summary 0.0.0.2 1.1.1.1 3.3.3.3 1187 0x80000002 0x3d24 Summary 0.0.0.2 2.2.2.2 3.3.3.3 1187 0x80000002 0xf4e Summary 0.0.0.2 3.3.3.3 3.3.3.3 1187 0x80000002 0xac98 Summary 0.0.0.2 4.4.4.4 3.3.3.3 1150 0x80000001 0xe782 Summary 0.0.0.2 5.5.5.5 3.3.3.3 1150 0x80000001 0xec8d Summary 0.0.0.2 10.10.0.0 3.3.3.3 1150 0x80000001 0xbcc1 Summary 0.0.0.2 10.10.1.0 3.3.3.3 1187 0x80000002 0x7ceb Summary 0.0.0.2 10.10.2.0 3.3.3.3 1187 0x80000002 0x71f5 Summary 0.0.0.2 10.10.3.0 3.3.3.3 1187 0x80000002 0x331f Summary 0.0.0.2 10.10.5.0 3.3.3.3 1187 0x80000002 0x1d33 Summary 0.0.0.2 172.10.0.0 3.3.3.3 1150 0x80000001 0x9641 -------------------------------------------------------------------------------No. of LSAs: 14===============================================================================

The area has been configured as a stub area but has not been configured to filter summary LSAs. In a stub area, the ABR originates a default summary LSA.

Alcatel-Lucent C


ot Distribute



Stub Area and NSSA, No Summary

Area 1

Area 0

Area 2

rtr5

rtr4

rtr2

rtr1

rtr3

rtr6

1.1.1.1

5.5.5.5

4.4.4.4

2.2.2.2

3.3.3.3

6.6.6.6

10.10.0.0/30

.1.2

.110.10.1.0/30 .2

10.10.5.0/3010.10.2.0/30

10.10.3.0/30

10.10.4.0/30.2

.2

.2

.2.1.1

.1

.1


NSSANo Summary

Stub,No Summary

Alcatel-Lucent C


ot Distribute



rtr2 Configured to Filter Summary LSAs

rtr5

rtr4

rtr2

5.5.5.5

4.4.4.4

2.2.2.2

10.10.0.0/30

.1.2

.110.10.1.0/30 .2






exitarea 0.0.0.1

area-range 172.10.0.0/16 advertisenssa

no summariesoriginate-default-route



exit----------------------------------------------

NSSA,No summary

Area 1

Alcatel-Lucent C


ot Distribute



rtr4 OSPF Database


===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.1 2.2.2.2 2.2.2.2 620 0x80000004 0xc15e Router 0.0.0.1 4.4.4.4 4.4.4.4 1977 0x80000002 0x9239 Router 0.0.0.1 5.5.5.5 5.5.5.5 87 0x80000007 0xf98e Summary 0.0.0.1 0.0.0.0 2.2.2.2 92 0x80000001 0x57fe -------------------------------------------------------------------------------No. of LSAs: 4===============================================================================

The database now contains router LSAs from Area 1 and a default summary LSA originated by the ABR.

Alcatel-Lucent C


ot Distribute



rtr3 Configured to Filter Summary LSAs

Area 2

rtr3

rtr6

3.3.3.3

6.6.6.6

10.10.4.0/30

.2

.1

Stub






exitarea 0.0.0.2

stubno summariesexitinterface "to-rtr6"


exit----------------------------------------------

Alcatel-Lucent C


ot Distribute



rtr6 OSPF Database

A:rtr6>config>router>ospf# show router ospf database

===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.2 3.3.3.3 3.3.3.3 854 0x80000003 0xeff Router 0.0.0.2 6.6.6.6 6.6.6.6 536 0x80000004 0xbcc Summary 0.0.0.2 0.0.0.0 3.3.3.3 9 0x80000004 0x331c -------------------------------------------------------------------------------No. of LSAs: 3===============================================================================

The database now contains router LSAs from Area 2 and a default summary LSA originated by the ABR.

Alcatel-Lucent C


ot Distribute



rtr4 Provides Routing to a Non-OSPF Environment

Area 1

Area 0

Area 2

rtr5

rtr4

rtr2

rtr1

rtr3

rtr6

1.1.1.1

5.5.5.5

4.4.4.4

2.2.2.2

3.3.3.3

6.6.6.6

10.10.0.0/30

.1

.2

.1

10.10.1.0/30

.2

10.10.5.0/3010.10.2.0/30

10.10.3.0/30

10.10.4.0/30.2

.2

.2

.2.1.1

.1

.1


NSSA,No summary

Stub,No summary

Non-OSPFASBR

Alcatel-Lucent C


ot Distribute



rtr4 Configured as an ASBR

Area 1

rtr5

rtr4

rtr2

5.5.5.5

4.4.4.410.10.0.0/30

.1

.2

.1

10.10.1.0/30

.2

NSSA,No summaryNon-OSPF

ASBR


asbrexport "redist"area 0.0.0.1

nssaexitinterface "system"



exit----------------------------------------------

When routes are redistributed from another protocol into OSPF, the router must be configured as an ASBR and an export policy must be defined.

Export Policy Contents:

policy-statement "redist"

entry 10

from

protocol isis

exit

action accept

metric set 2000

exit

exit

exit

Alcatel-Lucent C


ot Distribute



rtr4 OSPF Database


===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.1 2.2.2.2 2.2.2.2 1089 0x8000002a 0x7584 Router 0.0.0.1 4.4.4.4 4.4.4.4 509 0x8000002b 0x4d84 Summary 0.0.0.1 0.0.0.0 2.2.2.2 1136 0x80000026 0xd24 NSSA 0.0.0.1 5.5.5.5 4.4.4.4 398 0x80000001 0x3d81 NSSA 0.0.0.1 172.10.1.0 4.4.4.4 398 0x80000001 0xdb3f NSSA 0.0.0.1 172.10.2.0 4.4.4.4 398 0x80000001 0xd049 NSSA 0.0.0.1 172.10.3.0 4.4.4.4 398 0x80000001 0xc553 -------------------------------------------------------------------------------No. of LSAs: 7===============================================================================

The routes that are redistributed into OSPF are advertised as type 7 LSAs and appear in the database as type NSSA.

Alcatel-Lucent C


ot Distribute



Type 7 (NSSA External) LSA


===============================================================================OSPF Link State Database (Type : All) (Detailed)===============================================================================-------------------------------------------------------------------------------NSSA LSA for Area 0.0.0.1-------------------------------------------------------------------------------Area Id : 0.0.0.1 Adv Router Id : 4.4.4.4 Link State Id : 5.5.5.5 LSA Type : NSSA Sequence No : 0x80000005 Checksum : 0x3585 Age : 362 Length : 36 Options : NP Network Mask : 255.255.255.255 Fwding Address : 4.4.4.4 Metric Type : Type 2 Metric-0 : 2000 Ext Route Tag : 0 ===============================================================================

The link-state ID is set to the network IP address (5.5.5.5).

The network mask is set to IP network mask 255.255.255.255.

The forwarding address is set to the ASBR address (4.4.4.4).

The metric is set to type 2. This is the default metric type (i.e., when a router gets this LSA, it installs the route in the routing table with a cost of 2000. The router does not take into account the cost to get to the ASBR. If the metric is set to Type 1, the cost to reach the ASBR would be added to the cost of 2000.

Alcatel-Lucent C


ot Distribute



rtr2 OSPF Database

A:rtr2>config>router>ospf>area# show router ospf database

===============================================================================OSPF Link State Database (Type : All)===============================================================================Type Id Link State Id Adv Rtr Id Age Sequence Cksum -------------------------------------------------------------------------------Router 0.0.0.0 1.1.1.1 1.1.1.1 176 0x800000dd 0xf718 Router 0.0.0.0 2.2.2.2 2.2.2.2 174 0x800000b1 0x85aa Router 0.0.0.0 3.3.3.3 3.3.3.3 178 0x800000d0 0xea1c Summary 0.0.0.0 4.4.4.4 2.2.2.2 176 0x80000001 0xb4a3 Summary 0.0.0.0 6.6.6.6 3.3.3.3 258 0x80000001 0x3a12 Summary 0.0.0.0 10.10.1.0 2.2.2.2 184 0x80000033 0xe63e Summary 0.0.0.0 10.10.4.0 3.3.3.3 266 0x80000032 0xa975 Router 0.0.0.1 2.2.2.2 2.2.2.2 179 0x8000000f 0xab69 Router 0.0.0.1 4.4.4.4 4.4.4.4 180 0x8000000c 0x8b65 Summary 0.0.0.1 0.0.0.0 2.2.2.2 97 0x80000001 0x57fe NSSA 0.0.0.1 5.5.5.5 4.4.4.4 224 0x80000005 0x3585 NSSA 0.0.0.1 172.10.1.0 4.4.4.4 224 0x80000005 0xd343 NSSA 0.0.0.1 172.10.2.0 4.4.4.4 224 0x80000005 0xc84d NSSA 0.0.0.1 172.10.3.0 4.4.4.4 224 0x80000005 0xbd57 AS Ext n/a 5.5.5.5 2.2.2.2 173 0x80000003 0xebe0 AS Ext n/a 172.10.1.0 2.2.2.2 173 0x80000003 0x8a9e AS Ext n/a 172.10.2.0 2.2.2.2 173 0x80000003 0x7fa8 AS Ext n/a 172.10.3.0 2.2.2.2 173 0x80000003 0x74b2 -------------------------------------------------------------------------------No. of LSAs: 22===============================================================================

Alcatel-Lucent C


ot Distribute



rtr2 Translates Type 7 to Type 5 LSAs

A:rtr2>config>router>ospf>area# show router ospf database 5.5.5.5 detail

===============================================================================OSPF Link State Database (Type : All) (Detailed)===============================================================================-------------------------------------------------------------------------------NSSA LSA for Area 0.0.0.1-------------------------------------------------------------------------------Area Id : 0.0.0.1 Adv Router Id : 4.4.4.4 Link State Id : 5.5.5.5 LSA Type : NSSA Sequence No : 0x80000005 Checksum : 0x3585 Age : 627 Length : 36 Options : NP Network Mask : 255.255.255.255 Fwding Address : 4.4.4.4 Metric Type : Type 2 Metric-0 : 2000 Ext Route Tag : 0 -------------------------------------------------------------------------------AS Ext LSA for Network 5.5.5.5-------------------------------------------------------------------------------Area Id : N/A Adv Router Id : 2.2.2.2 Link State Id : 5.5.5.5 LSA Type : AS Ext Sequence No : 0x80000004 Checksum : 0xe9e1 Age : 117 Length : 36 Options : E Network Mask : 255.255.255.255 Fwding Address : 4.4.4.4 Metric Type : Type 2 Metric-0 : 2000 Ext Route Tag : 0 ===============================================================================

rtr2 contains the same type 7 (NSSA external) LSA that was originated by rtr4.

rtr2 is the ABR between NSSA Area 1 and the backbone. rtr2 must translate the type 7 (NSSA external) LSA to a type 5 (External) LSA to flood it into Area 0.

rtr2 is now the originator of the type 5 LSA; therefore, there is no need for rtr2 to originate a type 4 (ASBR) LSA for rtr4.

Alcatel-Lucent C


ot Distribute



Exercise — LSA Types

Area 0 Normal

Stub

NSSA

Stub(no summaries)

Non-OSPF

Alcatel-Lucent C


ot Distribute



Section Summary

This section examined the different types of LSAs:Type 1 and type 2 LSAsStandard areas without summarizationNetwork summarizationType 3 LSAsType 5 LSAsStub areas and NSSAsType 7 LSAs

Alcatel-Lucent C


ot Distribute



Section 6 — OSPF Resiliency

Alcatel-Lucent C


ot Distribute



Section Objectives

This section examines OSPF high-availability features:Non-stop forwarding and graceful restartNon-stop routingBidirectional forwarding detection

Alcatel-Lucent C


ot Distribute



HA — Non-Stop Forwarding and CPM Switchover

Non-stop forwarding:A control-plane failure does not interrupt the forwarding of packets.

CPM switchover:monitors the control plane to ensure a complete and accurate switchover in the event of a failure or manual intervention.

Non-stop forwardingIn a control-plane failure or forced switchover event, the router continues to forward packets using the existing stale forwarding information. Non-stop forwarding requires clean control-plane and data-plane separation. Usually, the forwarding information is distributed to the IOMs.

Non-stop forwarding is used to notify peer routers to continue forwarding and receiving packets, even if the route processor (control plane) is not working or is in a switchover state. This method of availability has advantages and disadvantages. A backup processor to store information is not required, and there is no need to reboot the router. Non-stop forwarding continues to forward packets using the existing stale forwarding information during a failure. However, this may cause routing loops and black holes and also requires that surrounding routers adhere to separate extension standards for each protocol. Every router vendor must support protocol extensions for interoperability.

CPM switchoverDuring a switchover, system control and routing protocol execution are transferred from the active CPM to the standby CPM. An automatic switchover may occur under the following conditions:

• A fault condition causes the active CPM to crash or reboot.

• The active CPM is declared down (not responding).

• Online removal of the active CPM

A manual switchover may occur under the following conditions:

Users can force switchover from the active CPM to the standby CPM by using the config system switchover-exec CLI command. Note that the admin reboot [now] CLI command does not cause a switchover but a reboot of the entire system.

Alcatel-Lucent C


ot Distribute



HA — Non-Stop Routing

Transparent to routing neighborsNo required protocol extensionsCarrier-class rolloverSupport for all routing protocolsOSPF adjacencies: OSPF neighbors do not see any change after the switchover.

With NSR on the Alcatel-Lucent 7750 SR, routing neighbors are unaware of a routing process fault. If a fault occurs, a reliable and deterministic activity switch to the inactive control complex occurs such that the routing topology and reachability are not affected, even in the presence of routing updates. NSR achieves high availability using parallelization by constantly maintaining up-to-date routing-state information, on the standby route processor. This capability is achieved independently of protocols or protocol extensions, and provides a more robust solution than graceful-restart protocols between network routers. The NSR implementation on the Alcatel-Lucent 7750 SR supports all routing protocols.

No protocol extension is required (i.e., there are no interoperability issues and no need to define protocol extensions for every protocol). Unlike non-stop forwarding and graceful restart, the forwarding information in NSR is always up-to-date, which eliminates possible black holes or forwarding loops. NSR is a relatively new high-availability technique. However, it is regarded as the most promising to ensure that IP packets continue to be forwarded when a route processor fails.

High availability, has traditionally been addressed using non-stop forwarding solutions. With the implementation of NSR, these limitations are overcome by delivering an intelligent, hitless failover solution. This enables the carrier-class foundation for transparent networks that is required to support business IP services backed by stringent SLAs.

The following NSR entities remain intact after a switchover:

OSPF adjacencies: OSPF neighbors do not see any change after the switchover.

Alcatel-Lucent C


ot Distribute



OSPF Graceful Restart

Although graceful restart on redundant Alcatel-Lucent 7750 SR systems is not required due to their NSR capability, graceful restart may be required when other routers that are incapable ofNSR are deployed as routing peers to the Alcatel-Lucent 7750 SR systems.

GR helper mode for OSPF:GR helper mode allows the Alcatel-Lucent 7750 SR to support neighboring routers that are performing graceful restart. The Alcatel-Lucent 7750 SR OS supports OSPF GR helper mode according to RFC 3623.

7750 SR-7

7450 ESS-7

7450 ESS-7

Vendor X

Vendor Y

Graceful-restart helper configuration requiredNo graceful restart required;all nodes are NSR-capable

Graceful restart is a software mechanism that is used to minimize a temporary disruption in the network caused by a reset of the router or by a reset of the routing process on the router. With this capability, a router can keep packets flowing in the network as long as the router that resets is able to recover in a specified amount of time. This recovery time is negotiated between the GR-capable routers prior to the reset of any one of these routers.

Typically, when a routing processor or the routing process of a router goes down, before the redundant routing processor comes up, all routes advertised by the router are withdrawn by its neighbouring router, causing route flaps. Although Alcatel-Lucent supports proprietary non-stop routing functionality, which causes no route flaps, there is still a need to support a subset of graceful restart for interoperability reasons to assist other third-party routers. This subset of graceful restart is known as graceful-restart helper functionality.

Graceful restart functionality is supported for OSPF.

Alcatel-Lucent C


ot Distribute



OSPF Graceful Restart: How Does it Work?

Vendor x Alcatel-Lucent 7750 SR

……

.

LSU = Grace-LSA + RT = 0x3E8

OSPF adjacency

Grace-LSA = Type 9 (opaque local-link)LSU = Link-state updateLSA = Link-state ACKRT = Restart time

LSA = Grace-LSA

Restarting router keeps sending grace-LSAsuntil SPF calc. is finished

Updated LSAs sent+

Max-age Grace-LSA

Alcatel-Lucent C


ot Distribute



Configuring Graceful Restart

Context: config>router>ospf

Syntax: [no] ospf

Example: config>router# ospf graceful-restart

To enable graceful restart, use the following command:

graceful-restart

Syntax [no] graceful-restartContext config>router>ospf

Description This command enables graceful restart for OSPF. When the control plane of a GR-capable router fails, the neighboring routers (GR helpers) temporarily preserve adjacency information, so packets continue to be forwarded through the failed GR router using the last-known routes. If the control plane of the GR router comes back up within the GR timer interval, the routing protocols reconverge to minimize service interruption.

The no form of the command disables graceful restart and removes all graceful restart configurations in the OSPF instance.

Default no graceful-restart

helper-disable

Syntax [no] helper-disableContext config>router>ospf>graceful-restart

Description This command disables helper support for graceful restart.

When graceful restart is enabled, the router can be a helper (i.e., the router is helping a neighbor to restart), a restarting router, or both. The Alcatel-Lucent 7750 SR OS supports only helper mode. This facilitates the graceful restart of neighbors but does not act as a restarting router (i.e., the Alcatel-Lucent 7750 SR OS does help the neighbors to restart).

The no helper-disable command enables helper support and is the default when graceful restart is enabled.

Default disabled

Alcatel-Lucent C


ot Distribute



OSPF Convergence

10.1.1.1 10.1.1.210.1.2.0/24.1 .2

OSPF relies on hellos to maintain an adjacency. The default setting for the hello interval is 10 seconds and for the dead interval is 40 seconds.

With this configuration, routers could take up to 40 seconds to detect that a neighbor has gone down.

S1 S2

R1 R2

R = RouterS = Layer 2 switch

In the figure above, if there is a failure between S1 and S2, the routers could take up to 40 seconds to detect a change in state. The lowest value that can be configured for the dead interval is 2 seconds. There is a requirement to detect link failures more quickly than the hello timers allow. Bidirectional forward detection can accomplish this.

Alcatel-Lucent C


ot Distribute



Bidirectional Forwarding Detection

BFD is intended to provide a lightweight, low-overhead, short-duration detection of failures in the path between 2 systems.If a system stops receiving BFD messages, it is assumed that a failure along the path has occurred, and the associated protocol or service is notified of the failure.

Base BFD Internet draft: draft-ietf-bfd-base-0x.txt Encapsulation according to draft-ietf-bfd-v4v6-1hop-02.txtMIB support according to draft-ietf-bfd-mib-00.txt

Alcatel-Lucent C


ot Distribute



Bidirectional Forwarding Detection (continued)

BFD control packets are sent over UDP with destination port number 3784 and source port number in the range 49 152 to 65 535.

IP TTL = 255 if authentication is not enabled.A path is only declared operational when 2-way communication has been established between the systems.If multiple BFD sessions exist between 2 nodes, the BFD discriminator is used to demultiplex the BFD control packet to the appropriate BFD session.

BFD Modes

The < asynchronous mode > uses periodic BFD control messages to test the path between systems.

Alcatel-Lucent C


ot Distribute



BFD Discriminator at Session Startup

Rx Rx

Tx Tx

I am 0x1CYou are 0x00

I am 0x1BYou are 0x00

I am 0x1CYou are 0x1B

I am 0x1BYou are 0x1C

10.1.1.1 10.1.1.210.10.0.0/30.1 .2

S1 S2

R1 R2

BFD BFD

R2 sends my discriminator 0x1C and your discriminator 0x00.

Tx

R1 sends my discriminator 0x1B and your discriminator 0x00.

R2 sends my discriminator 0x1C and your discriminator 0x1B.

R1 sends my discriminator 0x1B and your discriminator 0x1C.

Bidirectional session is OK now and R2 demultiplexes its message based on the received your discriminator.

Alcatel-Lucent C


ot Distribute



Enabling BFD

To enable BFD on an interface, use the following command:

Context: config>router>interfaceSyntax: bfd [100..100000]* receive [100..100000]* multiplier [3..20]

Example: configure router interface “to-R2"address 10.1.2.1/24port 1/1/1bfd [100..100000]* receive [100..100000]* multiplier [3..20]

exit

bfd <transmit-interval>[receive<receive-interval>][multiplier<multiplier>]

<transmit-interval> : [100..100000] in milliseconds

<receive-interval> : [100..100000] in milliseconds

<multiplier> : [3..20] number of missed packets before interface is brought down

The multiplier specifies the number of consecutive BFD messages that must be missed from the peer

before the BFD session state is changed to down and the upper level protocols (OSPF, IS-IS or PIM)

is notified of the fault. Default value is 3 if the multiplier is not specified.

Default is 100 ms for the transmit and receive interval.

Alcatel-Lucent C


ot Distribute



Enabling BFD for OSPF

Context: config>router>ospf>area>if#

Syntax: [no] enable-bfd

Example:configure router ospf area 0.0.0.0interface "system"exitinterface “to-R1“enable-bfdexit

•To enable BFD for OSPF, use the following command:

Alcatel-Lucent C


ot Distribute



Verifying BFD

A:R1# show router bfd session

====================================================BFD Session====================================================Interface State Tx Intvl Rx Intvl MultRemote Address Protocol Tx Pkts Rx Pkts

----------------------------------------------------To-R2 Up (3) 100 100 3

10.1.2.2 ospf2 3478 3471 ------------------------------------------------------No. of BFD sessions: 1

•To verify BFD, use the following command:

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Why does the Alcatel-Lucent 7750 SR not need to use graceful restart?

2. What is the primary action taken when graceful restart is performed?

3. What improvement does BFD provide over the ability of OSPF to recover from a link failure?

4. What is the purpose of the BFD discriminator?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Why does the Alcatel-Lucent 7750 SR not need to use graceful restart?

1. The Alcatel-Lucent 7750 SR does not need graceful restart because it performs non-stop routing, which results in no disruption of adjacencies with its neighbors.

2. What is the primary action taken when graceful restart is performed?

1. The primary action taken is to inform the neighbor router that a restart is being performed. The neighborwill then increase the hold time on the dead timer for that neighbor so that the adjacency is not ended.

3. What improvement does BFD provide over the ability of OSPF to recover from a link failure?

1. In the event of a soft link failure of forwarding plane failure, BFD allows OSPF to discover the link failure more quickly than waiting for the dead timer to expire. This provides for much faster recovery from these types of link failures.

4. What is the purpose of the BFD discriminator?

1. The BFD discriminator is used to differentiate the routing protocols that may be using BFD (similar to a layer 4 port number).

Alcatel-Lucent C


ot Distribute



Section Summary

This section examined OSPF high-availability features:Non-stop forwarding and graceful restartNon-stop routingBidirectional forwarding detection

Alcatel-Lucent C


ot Distribute



Section 7 — OSPF Configuration

Alcatel-Lucent C


ot Distribute



Section Objectives

This section describes OSPF configuration on the Alcatel-Lucent 7750 SR:

Defining RIDConfiguring area parametersSummarizationShow commands to examine the OSPF configurationConfiguring stub areasOSPF authentication

Alcatel-Lucent C


ot Distribute



OSPF — Configuration Requirements

Before you configure OSPF parameters, ensure that the RID is derived using one of the following methods:

Define the value in the config>router router-id context.Define the system interface in the config>router>interface ip-int-name context (used if the RID is not specified).

A system interface has an IP address with a 32-bit subnet mask. The system interface is used as the router ID by higher-level protocols such as OSPF and IS-IS. If you do not specify the router ID or a system interface, the last 4 bytes of the chassis MAC address are used.

Prior to configuring OSPF, the RID must be available. The RID is a 32-bit number assigned to each router that runs OSPF. This number uniquely identifies the router in an AS.

OSPF routers use the RIDs of the neighbor routers to establish adjacencies. Neighbor IDs are learned when hello packets are received from neighbors.

Before you configure OSPF parameters, ensure that the RID is derived using one of the following methods:

Define the value in the config>router router-id context.

Define the system interface in the config>router>interface ip-int-name context (used if the RID is not specified in the config>router router-id context).

A system interface must have an IP address with a 32-bit subnet mask. The system interface is used as the router identifier by higher-level protocols such as OSPF and IS-IS. The system interface is assigned during the primary router configuration process, when the interface is created in the logical IP interface context.

If you do not specify a RID, the last four bytes of the chassis MAC address are used.

Note: At the BGP level, a BGP RID can be defined in the config>router>bgp router-id context and is only used in BGP.

Alcatel-Lucent C


ot Distribute



OSPF — Configuration and Implementation

Start

Define interfaces

Define one or moreareas

Configure the RID*

Turn up

Configure virtual links*

Define NSSAs*

Define stub areas*

* Denotes optional configuration attribute

Before OSPF can be configured, the RID must be configured.

The basic OSPF configuration includes at least one area and an associated interface.

All default and command parameters can be modified.

OSPF defaults

By default, a router has no configured areas.

An OSPF instance is created in the administratively enabled state.

Alcatel-Lucent C


ot Distribute



OSPF — Major Component Configuration

RouterRouter IDOSPF

— Area– Interface – Stub– NSSA– Virtual Link

ShowRouter

— OSPF

OSPF Configuration ComponentsRouter ID — Specify the RID used with the router instance.

Area — An area is a collection of network segments within an AS that have been administratively grouped together.

Interface — To enable OSPF routing on a router interface, at least one interface must be configured.

Stub — Optional. Specify that the area is a stub area, which does not allow external routing information to be flooded.

NSSA — Optional. Specify that the area is an NSSA, which allows external routes to be flooded within the area and then leaked into other areas.

Virtual link — Optional. If an area cannot be connected to the backbone, ABRs must be connected to the backbone by a virtual link.

Alcatel-Lucent C


ot Distribute



OSPF — Configuring the Router ID

To create a RID for OSPF, use the following command:


Syntax: [no] router-id ip-address

Example: config>router# router-id 1.1.1.1

router-id

Syntax [no] router-id ip-address


Description This command configures the RID for the router instance. The RID is used by both OSPF and BGP routing protocols in this instance of the RTM. IS-IS uses the RID value as its system ID. When a new RID is configured, protocols are not automatically restarted with the new RID. The next time a protocol is initialized, the new RID is used. This can result in an interim interval in which different protocols use different RIDs. To force the new RID to be used, issue the shutdown and no shutdown commands for each protocol that uses the RID, or restart the entire router.

The no form of the command reverts to the default value.

Default The system uses the system interface address, which is also the loopback address. If a system interface address is not configured, use the last 32 bits of the chassis MAC address.

Parameters router-id — The 32-bit RID, expressed in dotted-decimal notation or as a decimal value

Alcatel-Lucent C


ot Distribute



OSPF — Activating OSPF on the Router

To start OSPF, use the following command:


Syntax: [no] ospf

Example: config>router# ospf

ospf

Syntax [no] ospf


Description This command enables access to the context to enable an OSPF protocol instance. When an OSPF instance is created, the protocol is enabled. To start or suspend execution of the OSPF protocol without affecting the configuration, use the no shutdown command. The no form of the command deletes the OSPF protocol instance, removing all associated configuration parameters.

Default no ospf — The OSPF protocol is not enabled.

Alcatel-Lucent C


ot Distribute



OSPF — Defining an Area

To define an area, use the following command:


Syntax: [no] area area-id

Example: config>router>ospf# area 0.0.0.0

area

Syntax [no] area area-id

Context config>router>ospf

Description This command creates the context to configure an OSPF area. An area is a collection of network segments within an AS that have been administratively grouped together. The area ID can be specified in dotted-decimal notation or as a 32-bit decimal integer. The no form of the command deletes the specified area from the configuration. Deleting the area also removes the OSPF configuration of all components, such as interfaces, virtual links, and address ranges, that are currently assigned to the area.

Default no area — No OSPF areas are defined.

Parameters area-id — The OSPF area ID, expressed in dotted-decimal notation or as a 32-bit decimal integer

Values 0.0.0.0 to 255.255.255.255 (dotted-decimal), 0 to 4 294 967 295 (decimal integer)

Alcatel-Lucent C


ot Distribute



OSPF — Activating OSPF on an Interface

To configure the OSPF interface, use the following command:

Context: config>router>ospf>area area-id

Syntax: [no] interface ip-int-name

Example: config>router>ospf>area> interface igp-4

interface

Syntax [no] interface ip-int-name

Context config>router>ospf>area area-id

Description This command creates a context for configuring an OSPF interface. By default, interfaces are not activated in an interior gateway protocol such as OSPF unless they are explicitly configured. The no form of the command deletes the OSPF interface configuration for this interface. The shutdown command in the config>router>ospf>interface context can be used to disable an interface without removing the configuration for the interface.

Default no interface — No OSPF interfaces are defined.

Parameters ip-int-name — The IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters, composed of printable, 7-bit ASCII characters and excluding double quotation marks. If the string contains spaces, use double quotation marks to delimit the start and end of the string. If the IP interface name does not exist or does not have an IP address configured, an error message is returned. If the IP interface exists in a different area, it will be moved to this area.

Alcatel-Lucent C


ot Distribute



OSPF – Configuring the Interface Type

To define the interface type for OSPF, use the following command:

Context: config>router>ospf>area>interface

Syntax: [no] interface-type {broadcast | point-to-point}

Example: config>router>ospf>area>interface# interface-type broadcast

interface-type

Syntax interface-type {broadcast | point-to-point}

Context config>router>ospf>area area-id>interface ip-int-name

Description This command configures the interface type to be either broadcast or point-to-point. Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the broadcast-adjacency maintenance overhead, provided that the link is used as point-to-point. If the interface type is not known when the interface is added to OSPF, and subsequently the IP interface is bound (or moved) to a different interface type, this command must be entered manually. The no form of the command reverts to the default value.

Default point-to-point if the physical interface is SONET

broadcast if the physical interface is Ethernet or unknown

Special Cases Virtual-Link — A virtual link is always regarded as a point-to-point interface and is not configurable.

Parameters broadcast — Configures the interface to maintain this link as a broadcast network. To significantly improve adjacency formation and network convergence, a network should be configured as point-to-point if only two routers are connected, even if the network is a broadcast medium such as Ethernet.

point-to-point — Configures the interface to maintain this link as a point-to-point link

Alcatel-Lucent C


ot Distribute



OSPF — Changing Interface Metrics

To define the interface metric, use the following command:


Syntax: [no] metric metric

Example: config>router>ospf>area>interface# metric 20

metric

Syntax [no] metric metric


Description This command configures an explicit route-cost metric for the OSPF interface that overrides the metrics calculated based on the speed of the underlying link. The no form of the command deletes the manually configured interface metric, so the interface uses the computed metric based on the reference-bandwidth command setting and the speed of the underlying link.

Default no metric — The default reference-bandwidth is 100 000 000 Kb/s or 100 Gb/s, so the default auto-cost metrics for various link speeds are as follows:

10-Mb/s link default cost of 10 000

100-Mb/s link default cost of 1000



Parameters metric — The metric to be applied to the interface, expressed as a decimal integer

Values 1 to 65 535

Alcatel-Lucent C


ot Distribute



OSPF — Seeding the Priority of the Router for DR and BDR

To state the interface priority for DR and BDR elections, use the following command:


Syntax: [no] priority number

Example: config>router>ospf>area>interface# priority 25

priority

Syntax [no] priority number


Description This command configures the priority of the OSPF interface that is used in the election of the DR on the subnet. This command is only used if the interface is of the broadcast type. The router with the highest-priority interface becomes the DR. A router with priority 0 is not eligible to be the DR or BDR. The no form of the command reverts the interface priority to the default value.

Default priority 1

Parameters number — The interface priority, expressed as a decimal integer. A value of 0 indicates that the router is not eligible to be the DR or BDR on the interface subnet.

Values 0 to 255

Alcatel-Lucent C


ot Distribute



OSPF – Configuration Example

ALA-1# configure router

ALA-1>config>router# router-id 138.120.54.73

ALA-1>config>router# ospf

ALA-1>config>router>ospf$ area 0.0.0.0

ALA-1>config>router>ospf>area$ interface toRtr56

ALA-1>config>router>ospf>area>if$ exit

ALA-1>config>router>ospf>area>if# interface-type broadcast

ALA-1>config>router>ospf>area>if# metric 10

ALA-1>config>router>ospf>area>if# priority 25

ALA-1>config>router>ospf>area>if# exit

ALA-1>config>router>ospf>area# interface system

ALA-1# configure router

ALA-1>config>router# router-id 138.120.54.73

ALA-1>config>router# ospf

ALA-1>config>router>ospf$ area 0.0.0.0

ALA-1>config>router>ospf>area$ interface toRtr56

ALA-1>config>router>ospf>area>if$ exit

ALA-1>config>router>ospf>area>if# interface-type broadcast

ALA-1>config>router>ospf>area>if# metric 10

ALA-1>config>router>ospf>area>if# priority 25

ALA-1>config>router>ospf>area>if# exit

ALA-1>config>router>ospf>area# interface system

Alcatel-Lucent C


ot Distribute



OSPF — Configuring a Passive Interface

To configure an interface as passive, use the following command:

Interface will be advertised in OSPFOSPF will not run on the interface (no Hellos, etc.)


Syntax: [no] passive

Example: config>router>ospf>area>interface# passive

passive

Syntax [no] passive


Description This command adds the passive property to the OSPF interface. Passive interfaces are advertised as OSPF interfaces, but they do not run the OSPF protocol. By default, only interface addresses that are configured for OSPF are advertised as OSPF interfaces. While in passive mode, an interface ignores ingress OSPF protocol packets and does not transmit OSPF protocol packets.

The no form of the command removes the passive property from the OSPF interface.

Default Service interfaces defined in config>router>service-prefix are passive. All other interfaces are not passive.

Alcatel-Lucent C


ot Distribute



OSPF — Show Neighbor Command

To list OSPF neighbor information, use the following command:


Syntax: neighbor [ip-addr | ip-int-name | remote ip-addr] [detail]

Example: show>router>ospf# neighbor

neighbor

Syntax neighbor [ip-addr | ip-int-name | remote ip-addr] [detail]


Description This command lists all neighbor information. To reduce the amount of output, you can select the neighbors on a given interface by address or name.

The detail option produces a large amount of data. The use of detail is recommended only when requesting a specific neighbor.

Parameters ip-addr — List neighbor information only for neighbors of the interface identified by the IP address

ip-int-name — List neighbor information only for neighbors of the interface identified by the interface name

remote ip-addr — List neighbor information for the neighbor identified by the specified IP address.

detail — List detailed information for the neighbor

Output Standard OSPF Neighbors Output — The slide on the next page shows the standard command output fields for an OSPF neighbor.

Alcatel-Lucent C


ot Distribute



OSPF — Show Neighbor Example

ALA-A# show router ospf neighbor

=============================================================================

OSPF Neighbors

=============================================================================

Nbr IP Addr Nbr Rtr Id Nbr State Priority RetxQ Len Dead Time

----------------------------------------------------------------------------

180.0.5.2 180.0.0.2 Full 1 0 40

180.0.6.5 180.0.0.5 Full 1 0 33

180.0.7.9 180.0.0.9 Full 1 0 38

180.1.7.15 180.0.0.15 Full 1 0 39

180.2.7.18 180.0.0.18 Full 1 0 38

----------------------------------------------------------------------------

No. of Neighbors: 5

=============================================================================

ALA-A#

ALA-A# show router ospf neighbor

=============================================================================

OSPF Neighbors

=============================================================================

Nbr IP Addr Nbr Rtr Id Nbr State Priority RetxQ Len Dead Time

----------------------------------------------------------------------------

180.0.5.2 180.0.0.2 Full 1 0 40

180.0.6.5 180.0.0.5 Full 1 0 33

180.0.7.9 180.0.0.9 Full 1 0 38

180.1.7.15 180.0.0.15 Full 1 0 39

180.2.7.18 180.0.0.18 Full 1 0 38

----------------------------------------------------------------------------

No. of Neighbors: 5

=============================================================================

ALA-A#

Alcatel-Lucent C


ot Distribute



OSPF — Show Status Command

To show the OSPF status, use the following command:


Syntax: status

Example: show>router>ospf# status

status

Syntax status


Description This command shows the general status of OSPF.

Bad Options The total number of OSPF packets received on all OSPF-enabled interfaces with an option that does not match those configured for the respective interface or area.

Bad Versions The total number of OSPF packets received on all OSPF-enabled interfaces with bad OSPF version numbers.

Output OSPF Status Output Fields — The next page shows the output and describes the OSPF status output fields.

Alcatel-Lucent C


ot Distribute



OSPF — Show Status Example

ALA-A# show router ospf status

===============================================================================

OSPF Status

===============================================================================

OSPF Router Id : 10.13.7.165

OSPF Version : 2

OSPF Admin Status : Enabled

OSPF Oper Status : Enabled

Graceful Restart : Enabled

GR Helper Mode : Disabled

Preference : 10

External Preference : 150

Backbone Router : True

Area Border Router : True

AS Border Router : True

…….

<output omitted>

ALA-A# show router ospf status

===============================================================================

OSPF Status

===============================================================================

OSPF Router Id : 10.13.7.165

OSPF Version : 2

OSPF Admin Status : Enabled

OSPF Oper Status : Enabled

Graceful Restart : Enabled

GR Helper Mode : Disabled

Preference : 10

External Preference : 150

Backbone Router : True

Area Border Router : True

AS Border Router : True

…….

<output omitted>

The remaining output is shown below:

Reference Bandwidth : 100 000 000 kbps

SPF Delay : 2 seconds

SPF Holdtime : The timer that determines the time between two consecutive OSPF Dijkstra calculations in seconds. It is used together with the SPF Delay parameter to optimize CPU utilization by controlling the frequency of the OSPF Dijkstra (SPF) calculations. Note that setting these timers to too high a value can adversely affect network reconvergence times.

Last Ext SPF Run : The time when the external OSPF Dijkstra (SPF) was last run

Ext LSA Cksum Sum : The 32-bit unsigned sum of the LS checksums of the external LSAs contained in the link-state database. This sum can be used to determine if there has been a change in a router's link-state database and to compare the link-state database of two routers.

OSPF Last Enabled : The time when ospfAdminStat was last set to enabled. When ospfAdminStat is set to disabled, the OSPF counters are stopped; when ospfAdminStat is reset to enabled, the counters are reset to 0.

Export Policies : The names of up to five export policies to be used for determining which routes are exported from the routing table to OSPF.

SPF Holdtime : 2 seconds

Last Ext SPF Run : Never

Ext LSA Cksum Sum : 0x2afce

OSPF Last Enabled : 05/23/2005 23:34:36

Export Policies : export-static

===============================================================================

ALA-A#

Alcatel-Lucent C


ot Distribute



OSPF — Configuring Route Summarization

To configure route summarization for an area, use the following command:

Context: config>router>ospf>area

Syntax: [no] area-range ip-prefix/mask [advertise | not-advertise]

Example: config>router>ospf>area# area-range 10.12.0.0/16

area-rangeSyntax [no] area-range ip-prefix/mask [advertise | not-advertise]


• config>router>ospf>area area-id>nssa

Description This command creates ranges of addresses on an ABR for route summarization or suppression. When a range is created, the range is configured to be advertised or not advertised into other areas. The no form of the command deletes the range (non) advertisement.

Default no area-range — No range of addresses is defined.

Special Cases NSSA Context – In the NSSA context, the option specifies that the range applies to external routes (via type 7 LSAs) learned within the NSSA when the routes are advertised to other areas as type 5 LSAs.

Area Context — If this command is not entered in the NSSA context, the range applies to summary LSAs even if the area is an NSSA.

Parameters ip-prefix — The IP prefix in dotted-decimal notation for the range, used by the ABR to advertise the summarized range of addresses into other areas.

Values 0.0.0.0 to 255.255.255.255

mask — The subnet mask for the range, expressed as a decimal-integer mask length or in dotted-decimal notation.

Values 0 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted-decimal)

advertise | not-advertise — Specifies whether to advertise the summarized range of addresses into other areas. The advertise keyword indicates that the range will be advertised, and the not-advertise keyword indicates the range will not be advertised. The default is advertise.

Alcatel-Lucent C


ot Distribute



OSPF — Show Area Command

To show the information for a specified area, use the following command:


Syntax: area [area-id] [detail]

Example: show>router>ospf# area 0.0.0.0

area

Syntax area [area-id] [detail]


Description This command lists configuration information about the specified area. When detail is specified, operational and statistical information is also used.

Parameters area-id — The OSPF area ID, expressed in dotted-decimal notation or as a 32-bit decimal integer

detail — Displays detailed information about the area

Alcatel-Lucent C


ot Distribute



OSPF — Show Area Example

ALA-A# show router ospf area 0.0.0.0=================================================================

OSPF Area : 0.0.0.0

=================================================================

Area Id Type SPF Runs LSA Count LSA Cksum Sum

-----------------------------------------------------------------

0.0.0.0 Standard 109 138 0x4b3553=================================================================

ALA-A#

OSPF Area Standard and Detailed Output Fields

Label DescriptionArea Id A 32-bit integer that uniquely identifies an area

Type:

NSSA This area is configured as an NSSA.

Standard This area is configured as a standard area (not NSSA or stub).

Stub This area is configured as a stub area.

SPF Runs The number of times that the intra-area routing table has been calculated using this area’s link-state database

LSA Count The total number of LSAs in this area’s link-state database, excluding external LSAs

LSA Cksum Sum The 32-bit unsigned sum of the LSAs LS checksums contained in this area’s link-state database.This checksum excludes external LSAs.

No. of OSPF Areas The number of areas configured on the router

Virtual Links The number of virtual links configured through this transit area

Active IFs The total number of interfaces configured in this area

Area Bdr Rtrs The total number of ABRs reachable within this area

AS Bdr Rtrs The total number of ASBRs reachable within this area

Last SPF Run The time when the last intra-area SPF was last run on this area

Type 1 LSAs The total number of OSPF Type 1 LSAs in this area

Alcatel-Lucent C


ot Distribute



OSPF — Show Database Command

To examine the OSPF database, use the following command:


Syntax: database [type {router | network | summary | asbr-summary | external | nssa | all}] [area area-id] [adv-router router-id] [link-state-id] [detail]

Example: show>router>ospf# database

databaseSyntax database [type {router | network | summary | asbr-summary | external | nssa | all}] [area area-id] [adv-router router-id] [link-state-id] [detail]Context show>router>ospf

Description This command lists information about the OSPF link-state database. When no command line options are specified, the command shows a brief output for all database entries.

Parameters type keyword — Specifies that the OSPF LSDB information is filtered based on the type specified by the keyword

type router — List only router (type 1) LSAs in the LSDB.

type network — List only network (type 2) LSAs in the LSDB.

type summary — List only summary (type 3) LSAs in the LSDB.

type asbr-summary — List only ASBR (type 4) LSAs in the LSDB.

type external — List only external (type 5) LSAs in the LSDB .

type nssa — List only NSSA (type 7) LSAs in the LSDB.

type all — List all LSAs in the LSDB. The all keyword is intended to be used with the area area-id or the adv-router router-id [link-state-id] parameters.

area area-id — List LSDB information associated with the specified OSPF area-id.

adv-router router-id [link-state-id] — List LSDB information associated with the specified advertising router. To further narrow the number of items listed, the link-state-id can optionally be specified.

detail — Lists detailed information about the LSDB entries.

Output OSPF Database Output — The slide on the next page shows the standard and detailed command output fields for an OSPF database.

Alcatel-Lucent C


ot Distribute



OSPF — Show Database Example

ALA-A# show router ospf database

=============================================================================

OSPF Link State Database (Type : All)

=============================================================================


-----------------------------------------------------------------------------

0.0.0.0 Router 180.0.0.2 180.0.0.2 1800 0x800000b6 0xf54

0.0.0.0 Network 180.0.53.28 180.0.0.28 149 0x80000083 0xe5cd

0.0.0.0 Summary 180.0.0.15 180.0.0.10 378 0x80000084 0xeba1

0.0.0.1 AS Summ 180.0.0.8 180.0.0.10 824 0x80000084 0x3d07

...

-----------------------------------------------------------------------------

No. of LSAs: 339

=============================================================================

ALA-A#

ALA-A# show router ospf database

=============================================================================

OSPF Link State Database (Type : All)

=============================================================================


-----------------------------------------------------------------------------

0.0.0.0 Router 180.0.0.2 180.0.0.2 1800 0x800000b6 0xf54

0.0.0.0 Network 180.0.53.28 180.0.0.28 149 0x80000083 0xe5cd

0.0.0.0 Summary 180.0.0.15 180.0.0.10 378 0x80000084 0xeba1

0.0.0.1 AS Summ 180.0.0.8 180.0.0.10 824 0x80000084 0x3d07

...

-----------------------------------------------------------------------------

No. of LSAs: 339

=============================================================================

ALA-A#

In the show command above, the following Type fields correspond to specific LSA types:

Type LSA Type• Router 1

• Network 2

• Summary 3/4

• External 5

• NSSA 7

Alcatel-Lucent C


ot Distribute



OSPF — Show Interface Command

To monitor the OSPF interface, use the following command:


Syntax: interface [ip-addr | ip-int-name | area area-id] [detail]

Example: show>router>ospf# interface

interface

Syntax interface [ip-addr | ip-int-name | area area-id] [detail]


Description This command lists information about the OSPF interface, identified by ip-address or ip interface name. When neither is specified, all in-service interfaces are listed.

The detail option produces a great amount of data. It is recommended that detail is used only when a specific interface is requested.

Parameters ip-addr — List only the interface identified by this IP address.

ip-int-name — List only the interface identified by this interface name.

area area-id — List all interfaces configured in this area.

detail — List detailed information about the interface.

Output Standard OSPF Interfaces Output — The slide on the next page shows the standard output fields for an OSPF interface.

Alcatel-Lucent C


ot Distribute



OSPF — Show Interface Example

ALA-A# show router ospf interface

=============================================================================

OSPF Interfaces

=============================================================================

If Name Area Id D Rtr Id BD Rtr Id Adm Oper

-----------------------------------------------------------------------------

system 0.0.0.0 180.0.0.12 0.0.0.0 Up DR

if2/8 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP

lag-1 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP

-----------------------------------------------------------------------------

No. of OSPF Interfaces: 3

=============================================================================

ALA-A#

ALA-A# show router ospf interface

=============================================================================

OSPF Interfaces

=============================================================================

If Name Area Id D Rtr Id BD Rtr Id Adm Oper

-----------------------------------------------------------------------------

system 0.0.0.0 180.0.0.12 0.0.0.0 Up DR

if2/8 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP

lag-1 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP

-----------------------------------------------------------------------------

No. of OSPF Interfaces: 3

=============================================================================

ALA-A#

Alcatel-Lucent C


ot Distribute



OSPF — Configuring Stub Areas

To define an area as a stub, use the following command:


Syntax: [no] stub [no summaries]

Example: config>router>ospf>area# stub

stub

Syntax [no] stub [no summaries]


Description This command enables access to the context to configure an OSPF stub area and adds or removes the stub designation from the area. External routing information is not flooded into stub areas. All routers in the stub area must be configured with the stub command. An OSPF area cannot be both an NSSA and a stub area. Existing virtual links of a non-stub or NSSA are removed when its designation is changed to NSSA or stub.

By default, an area is not a stub area. The no form of the command removes the stub designation and configuration context from the area.

If “no summaries” is added, the ABR blocks LSAs type 3, 4, and 5 from being advertised into the area. Instead a default route is advertised. This dramatically reduces the size of the edge router’s routing table.

Default no stub — The area is not configured as a stub area.

Alcatel-Lucent C


ot Distribute



OSPF — Configuring NSSAs

To define an area as NSSA, use the following command:


Syntax: [no] nssa [no summaries]

Example: config>router>ospf>area# nssa

nssa

Syntax [no] nssa [no summaries]


Description This command creates the context to configure an OSPF NSSA and adds or removes the NSSA designation from the area. NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF areas. The major difference between a stub area and an NSSA is that an NSSA has the capability to flood external routes that it learns throughout its area and, via an ABR, to the entire OSPF domain. Existing virtual links of a non-stub area or NSSA are removed when the designation is changed to NSSA or stub. An area can be designated as stub or NSSA but not both at once.

By default, an area is not configured as an NSSA. The no form of the command removes the NSSA designation and configuration context from the area.

If “no summaries” is added, the ABR blocks LSAs type 3, 4, and 5 from being advertised into the area. Instead a default route is advertised. This dramatically reduces the size of the edge router’s routing table.

Default no nssa — The OSPF area is not an NSSA.

Alcatel-Lucent C


ot Distribute



OSPF — Configuring Virtual Links

To create a virtual link, use the following command:Area 0 must be defined on the router.The command connects the Area 0s.


Syntax: [no] virtual-link router-id transit-area area-id

Example: config>router>ospf>area# virtual-link 1.2.3.4 transit-area 4

virtual-link

Syntax [no] virtual-link router-id transit-area area-id


Description This command configures a virtual link to connect ABRs to the backbone via a virtual link. The backbone area (area 0.0.0.0) must be contiguous, and all other areas must be connected to the backbone area. If it is not practical to connect an area to the backbone, the ABRs must be connected via a virtual link. The two ABRs form a point-to-point-like adjacency across the transit area. A virtual link can only be configured while in the area 0.0.0.0 context. The router-id specified in this command must be associated with the virtual neighbor. The transit area cannot be a stub area or an NSSA. The no form of the command deletes the virtual link.

Default No virtual link is defined.

Parameters router-id — The RID of the virtual neighbor, in IP-address dotted-decimal notation.

transit-area area-id — The area-id specified identifies the transit area that links the backbone area with an area that has no physical connection with the backbone.

Alcatel-Lucent C


ot Distribute



OSPF — Configuring an ASBR Router

To configure a router as an ASBR, use:


Syntax: [no] asbr

Example: config>router>ospf# asbr

asbr

Syntax [no] asbr


Description This command configures the router as an ASBR if the router is to be used to export routes from the RTM into this OSPF instance. When a router is configured as an ASBR, the export policies into this OSPF domain take effect. If no policies are configured, no external routes are redistributed into the OSPF domain. The no form of the command removes the ASBR status and withdraws the routes redistributed from the RTM into this OSPF instance from the link-state database.

Default no asbr — The router is not an ASBR.

Alcatel-Lucent C


ot Distribute



To configure overload on boot, use the following command:During “overload” period, router will participate in the routingprotocol, but is not supposed to be forwarding trafficThe router will set all metrics to their maximum value when in the overload state

OSPF — Configuring Overload on Boot

Context: config>router>ospf>

Syntax: [no] overload-on-boot [timeout seconds]

Example: config>router>ospf# overload-on-boot 60

overload-on-boot

Syntax [no] overload-on-boot [timeout seconds]


Description When a router is in an overload state, the router is used only if there is no other router to reach the destination. This command configures the IGP on startup in the overload state until one of the following events occurs:

The timeout timer expires.

A manual override of the current overload state is entered with the no overload command.

The no overload command does not affect the overload-on-boot function. The no form of the command removes the overload-on-boot functionality from the configuration.

Default no overload-on-boot

Use the show router ospf status and/or show router isis status command to list the administrative and operational states as well as all timers.

Parameters timeout seconds — The interval for each display, in seconds.

Values 60 to 1800

Default 60

Alcatel-Lucent C


ot Distribute



OSPF — Configuring Authentication

To configure an authentication policy, use the following command:


Syntax: [no] authentication-type {password | message-digest}

Example: config>router>ospf>area>interface# authentication-type password

authentication-type

Syntax [no] authentication-type {password | message-digest}


• config>router>ospf>area area-id>virtual-link router-id

Description This command enables authentication and specifies the type of authentication to be used on the OSPF interface. Both simple password and message-digest authentication are supported. By default, authentication is not enabled on an interface. The no form of the command disables authentication on the interface.

Default no authentication — No authentication is enabled on the interface.

Parameters password — This keyword enables simple password (plain-text) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.

message-digest — This keyword enables MD5 authentication in accordance with RFC 1321. If this option is configured, at least one message-digest-key must be configured.

Alcatel-Lucent C


ot Distribute



OSPF — Configuring the Authentication Key

To configure the authentication key, use the following command:



Example: config>router>ospf>area>interface# authentication-key Alcatel

authentication-key

Syntax [no] authentication-key [authentication-key | hash-key] [hash | hash2]


• config>router>ospf>area area-id>virtual-link router-id

Description This command configures the password used by the OSPF interface or virtual link to send and receive OSPF protocol packets on the interface when simple password authentication is configured. All neighboring routers must use the same type of authentication and password for proper protocol communication. If the authentication-type is configured as password, this key must be configured. By default, no authentication key is configured. The no form of the command removes the authentication key.

Default no authentication-key — No authentication key is defined.

Parameters authentication-key — The authentication key. The key can be any combination of ASCII characters up to 8 characters (unencrypted). If spaces are used in the string, enclose the entire string in double quotation marks.

hash-key — The hash key. The key can be any combination of ASCII characters, up to 22 characters (encrypted). If spaces are used in the string, enclose the entire string in double quotation marks. This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash — Specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear-text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.

hash2 — Specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less-encrypted hash form is assumed.

Alcatel-Lucent C


ot Distribute



OSPF — Authentication Configuration Example

AALA-1>config>router# ospf

AALA-1>config>router>ospf# area 0.0.0.0

AALA-1>config>router>ospf>area# interface toRtr56

AALA-1>config>router>ospf>area>if# authentication-type password

AALA-1>config>router>ospf>area>if# authentication-key Alcatel

AALA-1>config>router# ospf

AALA-1>config>router>ospf# area 0.0.0.0

AALA-1>config>router>ospf>area# interface toRtr56

AALA-1>config>router>ospf>area>if# authentication-type password

AALA-1>config>router>ospf>area>if# authentication-key Alcatel

Alcatel-Lucent C


ot Distribute



OSPF — Clear Database Command

To clear the OSPF database, use the following command:

Context: clear>router>ospf

Syntax: database [purge]

Example: AL-4# clear router ospf database

database

Syntax database [purge]

Context clear>ospf

Description This command clears all LSAs received from other nodes, sets all adjacencies that are better than 2-way to 1-way, and refreshes all self-originated LSAs.

Parameters purge — The purge parameter also clears all self-originated LSAs and reoriginates all

Alcatel-Lucent C


ot Distribute



OSPF — Clear Neighbor Command

To clear OSPF neighbors, use the following command:


Syntax: neighbor [ip-int-name | ip-addr]

Example: AL-4# clear router ospf neighbor 1.2.3.4

neighbor

Syntax neighbor [ip-int-name | ip-addr]

Context clear>ospf

Description This command marks the neighbor as dead and reinitiates the affected adjacencies.

Parameters ip-int-name — Clear all neighbors of the interface specified by this interface name

p-addr — Clear all neighbors of the interface specified by this IP address

Alcatel-Lucent C


ot Distribute



OSPF — Clear Statistics Command

To clear the OSPF statistics, use the following command:


Syntax: statistics

Example: AL-4# clear router ospf statistics

statistics

Syntax statistics

Context clear>ospf

Description This command clears all neighbor, router, interface, SPF, and global statistics for the OSPF instance.

Alcatel-Lucent C


ot Distribute



Section Summary

This section described OSPF configuration on the Alcatel-Lucent 7750 SR:

Defining the RIDConfiguring area parametersSummarizationShow commands to examine the OSPF configurationConfiguring stub areasOSPF authentication

Alcatel-Lucent C


ot Distribute



Lab 5.6 (Optional) – Implementing a Virtual Link

Loopback 1

Loopback 2

System Interface

Edge Router

Core Router

System Interface

Loopback 1

Loopback 2

EthernetVirtual Link

Area 0.0.0.1

Area 1.1..1.X

Area 0.0.0.0

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. How does OSPF determine the cost of a segment?2. What are the 3 databases created by OSPF in the router?3. What is an ASBR, ABR, and backbone router?4. What is the purpose of a passive interface in OSPF?5. Which command allows you to view your router’s OSPF

adjacencies?6. Which command resets the topological database?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. How does OSPF determine the cost of a segment?

The default cost of a segment is calculated by dividing the reference bandwidth (100 Gbps on the Alcatel-Lucent 7750 SR) by the bandwidth of the link. The cost of a segment can be administratively modified.

2. What are the 3 databases created by OSPF in the router?

Adjacency, topology and forwarding databases.

3. What is an ASBR, ABR, and backbone router?

ASBR – Autonomous System Border Router connects to external routing domains

ABR – Area Border Router connects OSPF areas

Backbone router – is a router in the backbone area (area 0) that only communicates with other routers in area 0.

4. What is the purpose of a passive interface in OSPF?

A passive interface is included in OSPF so that it is advertised in the OSPF routing domain, but OSPF is not run on that interface.

5. Which command allows you to view your router’s OSPF adjacencies?

show router ospf neighbor

6. Which command resets the topological database?

clear router ospf database

Alcatel-Lucent C


ot Distribute



Module Summary

This module introduced the important concepts for understanding the operation of an OSPF network:

Important RFCs for OSPFBenefits of OSPFTypes of networks used by OSPF5 types of packets used by OSPFOSPF areas and how they interoperateTypes of LSAs for OSPFHigh-availability features in OSPF on the Alcatel-Lucent 7750 SRParameters used to configure OSPF on the Alcatel-Lucent 7750 SR

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute

Module 6 – page1Interior Routing Protocols and High Availability v1.2


Module 6 — Intermediate System–to–Intermediate System

Alcatel-Lucent C


ot Distribute



Module Objectives


Define how IS-IS operatesExplain IS-IS addressingDefine level 1 and level 2 routingIdentify point-to-point topologiesUnderstand broadcast topologiesExplain packet types and communicationProvide examples of level 1 and level 2 routingImplement multi-area IS-IS on the Alcatel-Lucent 7750 SR







Alcatel-Lucent C


ot Distribute


Intermediate System–to– Intermediate System (IS-IS)

Section 1— Routing Using IS-IS

Alcatel-Lucent C


ot Distribute



Section Objectives

This section will discuss the basic concepts that IS-IS uses for communication, operation, and routing. Upon successful completion of this section, you should be able to:

Name the important RFCs for IS-ISExplain the benefits of IS-ISDescribe the types of networks that IS-IS usesDefine the types of packets that IS-IS usesIdentify areas and explain how they interoperateDefine the differences between L1 and L2 updatesExplain the OSI NSAP addressing that IS-IS uses

Section 1 — Routing Using IS-IS

This module will discuss the basic concepts that IS-IS uses for communication, operation, and routing:

RFCs that define IS-IS

Benefits of using IS-IS

Types of networks that IS-IS uses

Types of packets that IS-IS uses

Areas and how they interoperate

Differences between L1 and L2 updates

OSI NSAP addressing that IS-IS uses

IS-IS is a link-state IGP that uses the SPF algorithm to determine routes. Routing decisions are made using the link-state information. IS-IS evaluates topology changes and performs SPF recalculations as necessary.

Entities in IS-IS include networks, intermediate systems, and end systems. In IS-IS, a network is an autonomous system (routing domain), with end systems and intermediate systems. A router, such as the Alcatel-Lucent 7750 SR, is an intermediate system. End systems are network devices that send and receive PDUs, the OSI term for packets. End systems are typically host computers running an OSI network protocol and are therefore of no further interest in this course. Intermediate systems send, receive, and forward PDUs.

End-system and intermediate-system protocols allow routers and nodes to identify each other. IS-IS periodically sends link-state updates throughout the network so that each router can maintain current network topology information.

IS-IS supports large ASs by using a two-level hierarchy. A large AS can be administratively divided into smaller, more manageable areas. A system only belongs to one area. Level 1 routing is performed within a single area. Level 2 routing is performed between areas. The Alcatel-Lucent 7750 SR can be configured as level 1, level 2, or level 1/2.

Alcatel-Lucent C


ot Distribute



IS-IS — Protocol Overview

Development began prior to that of OSPF.The U.S. government required ISPs to use IS-IS for early stages of the Internet.IS-IS supports IPv6.Many large enterprise networks and ISPs use IS-IS due to the scalability and stability of the protocol.

Development of IS-IS was initiated prior to OSPF, and IS-IS was one of the first routing protocols to scale to the size required to support ISPs. Use of IS-IS became a requirement for ISPs in the early stages of Internet development. This requirement was subsequently dropped as OSPF became a more commonly deployed IGP. However, multiple ISPs still use IS-IS as their backbone routing protocol to support their BGP implementations.

IS-IS is an incredibly stable protocol that also provides very rapid convergence. These features, in combination with its scalability, are prime reasons that some large ISPs use IS-IS as the backbone routing protocol in their networks.

The only real downfall of IS-IS is the lack of engineering support. Although many engineers understand OSPF, very few truly understand IS-IS at a level sufficient to implement, optimize, and troubleshoot quickly and accurately.

Because IS-IS was developed independently from IPv4, modification to IPv6 is easy and fairly seamless. This cannot be said for OSPF or other common routing protocols.

Alcatel-Lucent C


ot Distribute



RFC 1629NSAP and

Internet

RFC 1629NSAP and

Internet

RFC 33509TLV

code points

RFC 33509TLV

code points

IS-IS — RFC History

RFC 1142Original

RFC

RFC 1142Original

RFC1990

2002

…..

1994

1992

1990

RFC 1195TCP/IPsupport

RFC 1195TCP/IPsupport

ISO 10589released

ISO 10589released

PresentIS-IS

work in progress

IS-ISwork in progress

Other IS-ISRFCs

released

Other IS-ISRFCs

released

Over the course of IS-IS’s existence, multiple RFCs have been created and commonly accepted. The slide above lists the RFCs that explicitly define the characteristics of basic IS-IS.

In February 1990, RFC 1142 was released. It was based upon the ISO’s soon-to-be-released standard 10589. The IS-IS standard is closely modeled after DecNet v5 and ISO standard 8473.

In December 1990, RFC 1195 was released. This RFC outlined how to support TCP/IP and OSI systems simultaneously using IS-IS. It is commonly known as Integrated IS-IS.

In 1992, ISO standard 10589:1992 was released. This is the commonly accepted standard for IS-IS, and there are a few minor updates that the ISO has released. However, this document is the key document in understanding IS-IS.

In May 1994, RFC 1629 was released. This document outlined the NSAP addressing to be used in the Internet environment.

Throughout the remainder of the 1990s and into the 2000s, several minor RFCs that dealt with IS-IS were released. Only the major RFCs are highlighted in the slide above.

The most recent major RFC release occurred in August 2002: RFC 3359. This RFC provides a standardized definition of TLV code points and their interpretation in IS-IS.

Alcatel-Lucent C


ot Distribute



IS-IS — Protocol Overview (continued)


Subnet mask sent in update

Support for VLSM, CIDR, and manual route summarization

Support for authentication

Maintenance of multiple databases

Layer 2 multicast addressing

Link-state driven updates, periodic hellos

The IS-IS and OSPF link-state protocols have the following common attributes:

Link-state protocols trigger an update when a link (interface) changes state. The router connected to the link initiates a triggered update to its neighbors, notifying them of the changed topology. If the network is stable and no changes in links are detected, the routers send periodic hello messages to maintain connectivity without consuming excessive bandwidth.

A common attribute shared by the OSPF and IS-IS link-state protocols is that they are classless and support all the common attributes of a classless routing protocol.

Because IS-IS is classless, the updates contain the subnet mask of each network being advertised. This allows for more optimal network design and accurate path selection.

VLSM and CIDR are supported in both OSPF and IS-IS.

The classless nature of these protocols enables the manual summarization of networks. This allows network administrators to have much more control of where and how the summarization takes place.

Both protocols support authentication of the updates that are sent between routers. This ensures that accurate network topologies are created without false information or errors.



Layer 2 multicast addressing for IS-IS is as follows:

• L1 updates use 01-80-C2-00-00-14

• L2 updates use 01-80-C2-00-00-15

Alcatel-Lucent C


ot Distribute



IS-IS — Key Features

Key IS-IS features are:Area hierarchyAuthenticationSupport for VLSM and CIDRRoute redistributionRouting interface parametersIS-IS TE extensions

IS-IS is a link-state IGP that uses the SPF algorithm to determine routes. Routing decisions are made using the link-state information. IS-IS evaluates topology changes and, if necessary, performs SPF recalculations.

Entities in IS-IS include networks, intermediate systems, and end systems. In IS-IS, a network is an AS (routing domain), with end systems and intermediate systems. Intermediate systems send, receive, and forward PDUs. A router, such as the Alcatel-Lucent 7750 SR, is an intermediate system.

End-system and intermediate-system protocols allow routers and nodes to identify each other. IS-IS periodically sends out link-state updates throughout the network so that each router can maintain current network topology information.

IS-IS supports large ASs by using a two-level hierarchy. A large AS can be administratively divided into smaller, more manageable areas. A system only belongs to one area. Level 1 routing is performed within a single area. Level 2 routing is performed between areas. The Alcatel-Lucent 7750 SR can be configured as level 1, level 2, or level 1/2.

Alcatel-Lucent C


ot Distribute



IS-IS — Protocol Comparison

Feature

Updates

Update type

Authentication

Metric

Metric type

VLSM / CIDR support

Topology size

Summarization

Convergence

RIPv2

Periodic

Broadcast/Multicast

Simple and MD5

Hops

Distance vector

Yes

Small

Manual

Slow

OSPF

Incremental

L3 Multicast

Simple and MD5

Link cost

Link-state

Yes

Very large

Manual

Fast

IS-IS

Incremental

L2 Multicast

Simple and MD5

Link cost

Link-state

Yes

Very large

Manual

Fast

The table above shows the differences and similarities of RIPv2, OSPF, and IS-IS. All three protocols are supported on the Alcatel-Lucent 7750 SR. RIPv1 is not listed as it is not the default version and is seldom configured on the Alcatel-Lucent 7750 SR.

IS-IS and OSPF are very similar in ability and operation. Both support the IP protocol; however, OSPF was designed around IP and IS-IS was adapted to support IP. OSPF messages are encapsulated in an IP header whereas IS-IS encapsulates its messages directly in the data link layer. Neither OSPF nor IS-IS uses an upper-layer protocol, such as TCP or UDP. This is unlike RIP, which uses UDP port 520.

Alcatel-Lucent C


ot Distribute



IS-IS — Link-State Protocol Comparison

Feature

Updates

Multicast layer

Authentication

Metric

Metric type

Update types

Area hierarchy

Area boundaries

Convergence

IS-IS

Incremental

Layer 2

Simple and MD5

Default: all ports cost 10

Link-state

L1 and L2

Not required

On segment

Fast

OSPF

Incremental

Layer 3

Simple and MD5

Auto-calculation on interface

Link-state

Multiple types

Backbone area

At interface

Fast

The table above shows some common characteristics of a link-state protocol and how IS-IS and OSPF implement these features.

Updates — Both IS-IS and OSPF use incremental updates. This means that if a link changes state, only that change is conveyed to the respective neighbors. The entire database is not flooded. In addition, periodic updates to ensure LSDB consistency are sent (IS-IS every 20 minutes, OSPF every 30 minutes).

Multicast layer — IS-IS and OSPF use multicast updates to communicate with peers. IS-IS uses layer 2 multicast addresses and OSPF uses layer 3 multicast addresses.

Authentication — Secure communication is supported by both IS-IS and OSPF. By default, neither runs any authentication, but both support simple and MD5 authentication methods.

Metric — IS-IS uses a default cost of 10 for all segments, regardless of the actual capacity of the link. OSPF defaults to an automatic calculation based on a set metric value divided by the bandwidth of the link.

Metric type — Both IS-IS and OSPF use Dijkstra’s SPF link-state algorithm for best-path calculation.

Update types — IS-IS has two major types of link-state updates (L1: intra-area, L2: inter-area). OSPF has multiple types of link-state updates.

Area hierarchy — OSFP requires a backbone area, and all other areas must directly attach to the backbone. In IS-IS, all level 2 routers must be connected in a continuous link, and areas can directly connect to any other area.

Area boundaries — IS-IS area boundaries are on segments. OSPF areas are defined on router interfaces.

Convergence — Because both IS-IS and OSPF use the same Dijkstra algorithm, convergence times are identical.

Alcatel-Lucent C


ot Distribute



IS-IS and OSPF Terminology Comparison

Complete Sequence Number PDU (CSNP)

Database Description packet

Index of Link State DB

Partial Sequence Number PDU (PSNP)

ACKAcknowledgement

Network Service Access Point (NSAP)

Interface address

Designated ISDesignated Router

Link State PDU (LSP)Link State Advertisement (LSA)

Link state updates

CircuitSubnetAttached network

Intermediate systemRouterRouter

End systemHostHost system

IS-IS TermOSPF TermDescription

Alcatel-Lucent C


ot Distribute



IS-IS — Protocol Overview

IS-IS uses SPF for path determination.SPF uses cost values to determine the best path to a destination.

RTR-A

RTR-C

RTR-B

Cost: 10 Cost: 10

Cost: 10 Cost: 10

Cost: 10

RTR-A10.0.0.0: cost 30 via RTR-C*10.0.0.0: cost 20 via RTR-B

* = Best path

10.0.0.0

Packet flow

Metrics

To calculate the lowest cost to reach a given destination, each configured level on each interface must have a cost. The costs for each level on an interface may be different.

In IS-IS, if the metric is not configured, default cost 10 is used. IS-IS does not use a reference-bandwidth as in OSPF. Each link has a set cost value of 10 unless it is manually changed to another value in the range 1 to 16 777 215.

Alcatel-Lucent C


ot Distribute



IS-IS — ISO Network Addressing

Router is known as an “Intermediate System”IS-IS uses unique addressing (OSI NSAP addresses) compared to that of other IP routing protocols.Each address identifies the area, system, and selector.

Routers with common area addresses form L1 adjacencies.Routers with different area addresses form L2 adjacencies, if capable.

2-layer hierarchy:Level 1: Builds the local area topology and forwards traffic to other areas through the nearest L1/L2 routerLevel 2: Exchanges prefix information and forwards traffic between areas

IS-IS uses ISO network addresses. Each address identifies a point of connection to the network, such as a router interface, and is called a network service access point. An end system can have multiple NSAP addresses, in which case the addresses differ only by the last byte (called the n-selector). Each NSAP represents a service that is available at that node. In addition to having multiple services, a single node can belong to multiple areas.

Each network entity has a special network address called a network entity title. Structurally, an NET is identical to an NSAP address but has an n-selector of 00. Most end systems have one NET. Intermediate systems can have up to three area IDs (area addresses).

NSAP addresses are divided into three parts. Only the area ID portion is configurable.

Area ID — A variable-length field between 1 and 13 bytes. This includes the AFI as the most significant byte, and the area ID.

System ID — A 6-byte system ID. This value is not configurable. The system ID is derived from the system or router ID.

Selector ID — A 1-byte selector ID that must contain zeros when a NET is configured. This value is not configurable. The selector ID is always 00.

Of the total 20 bytes that comprise the NET, only the first 13 bytes, the area ID portion, can be manually configured. As few as one byte can be entered or, at most, 13 bytes. If fewer than 13 bytes are entered, the rest of the area ID is padded with zeros.

Routers with common area addresses form level 1 adjacencies. Routers with no common NET addresses form level 2 adjacencies, if they are capable.

Alcatel-Lucent C


ot Distribute



IS-IS — ISO Network Addressing (continued)

Layer 2 multicast addressing is implemented to support IS-IS.On Ethernet, the following multicast addresses are reserved:

L1 updates use 01-80-C2-00-00-14.L2 updates use 01-80-C2-00-00-15.

Alcatel-Lucent C


ot Distribute



IS-IS — Link-State Overview

Backbone (level 2) linkLevel 1 link

L1 Level 1L2 Level 2L1/L2 Level 1/level 2

Area 49.0001

Area 49.0002

Area 49.0003

L1 L2

L1/L2

L1/L2

L1

L1/L2 L1

IS-IS:

ISO standard 10589, subsequently RFC 1142

Link-state

Highly scalable (1000 routers per area)

Areas are connected by level 2 routers in a mesh.

The network between level 2 routers must be highly available.

The routing protocol engine is almost identical to OSPF, except that area boundaries are on links between routers rather than through a border router (an IS-IS router is always in one area only)

All routers in an IS-IS topology are identified as level 1, level 2, or level 1/2.

Level 1 routers exchange topology information for the local area.

Level 2 routers exchange topology information between the different areas.

Level 1/2 routers exchange information between level 1 and level 2 routing domains.

Alcatel-Lucent C


ot Distribute



IS-IS — Level 1 Router

Area 49.0001L1/L2

L1A

L1/L2

L1

Only concerned with paths within the areaLooks for the nearest level 2 routerIdentify paths based on the system ID, not the area IDUses MAC address 01-80-C2-00-00-14

Level 1 routers are only concerned with the networks within their areas. They also determine where the closest level 2 router is located. If a client tries to access a network that is not within the area, the L1 router forwards the packet to the nearest L2 router. If the destination address is located within the same area, the L1 router forwards the packet to the specific L1 router that is advertising the destination network.

Because all L1 routers are within the same area, L1 routers identify the remote L1 routers by their System IDs.

Alcatel-Lucent C


ot Distribute



IS-IS — Level 2 Router

Area 49.0001

Area 49.0002

Area 49.0003

L2L2

L1/L2L1/L2L1/L2

Exchanges routes between areasOnly exchanges with other L2 (L1/L2) routersUses MAC address 01-80-C2-00-00-15An L1/L2 router sets the ATT bit in L1 LSPs to identify itself as an L2 router.

L1

Level 2 routers exchange information about the networks that are available in different areas.

Level 2 routers exchange topology information between the different areas and perform the SPF calculation to find the best route to other areas.

L1/L2 routers set the ATT (attached) bit in their level 1 LSPs (when they have formed an adjacency with at least one other L2 router) so that level 1 routers know that these routers have level 2 capabilities.

Level 1 routers install a default route that points to the nearest L1/L2 router to reach destinations outside their area.

Because the shortest route to the ultimate destination may not be through the nearest L1/L2 router, this hierarchy results in suboptimal routing.

L2 routers identify the remote peers based on the area ID. The closest router for a specific area, based on SPF, is the router that all traffic will be sent to.

Alcatel-Lucent C


ot Distribute



IS-IS — Link-State Overview (continued)

Backbone (level 2) linksLevel 1 links


Area 49.0001

Area 49.0002

Area 49.0003

L1 L2

L1/L2

L1/L2L1

L1/L2 L1

A

B

IS-IS packet flow

Two-layer hierarchy:

Level 1: Builds the local area topology based on system IDs. Forwards traffic to other areas through the nearest L1/L2 router.

Level 2: Exchanges prefix information between areas. Builds a network-level topology based on area IDs. Forwards traffic to the appropriate area using the SPF algorithm.

In the example above, device A, in Area 49.0001, needs to connect to device B in area 49.0003.

To accomplish this task, the end node (A) sends its traffic to the nearest L1 router.

The L1 router looks at the destination address and determines that device B resides in a different area than the one the router is currently located in. This means that the router must send the data to the nearest L1/L2 router.

The nearest L1/L2 router has a database of all network prefixes in all areas and the best path to take to access the appropriate area. After consulting the forwarding table, it forwards the packet to the L1/L2 router in Area 49.0003.

The L1/L2 router in Area 49.0003 identifies device B as residing within its area and forwards the packet according to its L1 database.

Alcatel-Lucent C


ot Distribute



IS-IS — Operation

Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7



The following slides describe how IS-IS routers communicate to exchange their routes to build a complete map of the network topology. The slides show the sequence of events as IS-IS is initialized on rtr2.

Alcatel-Lucent C


ot Distribute



IS-IS — Link-State Initialization

Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

L1 and L2 hello PDUs are transmitted on broadcast linksPoint-to-point hello are transmitted on P2P links

When the router or the IS-IS process is initialized, the router transmits hello PDUs on all interfaces that are included in an IS-IS area. In this topology, the links between areas have been defined as point-to-point links and the links within an area are broadcast links.

Because rtr2 is configured as an L1/L2 router, L1 and L2 hello PDUs are transmitted on all broadcast links (the links to rtr1 and rtr3).

A point-to-point hello PDU is transmitted from rtr2 interface 2 to rtr4 because interface 2 has been configured as a point-to-point link.

Alcatel-Lucent C


ot Distribute



IS-IS — Adjacency Established with rtr1

Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

L1 hello PDU is received from rtr1L1 hello and CSNP are transmittedAdjacency is established

Routers that receive a hello PDU from rtr2 respond with a hello PDU of the appropriate type. If rtr2 sees its own ID in the hello it receives, it transmits another PDU with the ID of its neighbor. The adjacency is now considered to be established.

When the adjacency is established, a CSNP is transmitted. This contains a description of the LSPs known by rtr2 and the sequence numbers it is using for them. This initiates a transmission of LSPs from rtr1.

A similar exchange of packets occurs with rtr3 to establish an adjacency (not shown). The only difference is that rtr3 responds with L2 hello PDUs and an L2 adjacency is established.

Alcatel-Lucent C


ot Distribute




Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

P2P hello PDU is received from rtr4P2P hello and L2 CSNP are transmittedAdjacency is established

At the same time that the adjacency is being established with rtr1 and rtr3 on the broadcast links, rtr2 is also establishing an adjacency with rtr4 on the point-to-point link. When rtr4 receives the hello, it responds with a point to point Hello PDU. This PDU contains the ID of the neighbor (rtr2) that this hello is responding to. The adjacency is now considered to be established.

When the adjacency is established, a CSNP is transmitted. The CSNP contains a description of the LSPs known by rtr2 and the sequence numbers it is using for them. This initiates the transmission of LSPs from rtr4.

Alcatel-Lucent C


ot Distribute



IS-IS — Exchange of LSPs

Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

Based on exchanged CSNPs, neighbor transmits LSPs Router adjusts sequence number and transmits current LSP

After they exchange CSNPs, the routers exchange LSPs. rtr4 transmits LSPs based on the content of its database. rtr2 transmits an LSP with its current information and a higher sequence number.

Alcatel-Lucent C


ot Distribute



IS-IS — Exchange of PSNPs

Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

Routers exchange PSNPs to acknowledge the receipt of new LSPs

When they have exchanged LSPs on a point-to-point link, the routers exchange PSNPs to acknowledge the LSPs they have received.

Alcatel-Lucent C


ot Distribute



IS-IS — Exchange and Flooding of LSPs

Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

rtr3 and rtr1 also transmit LSPsrtr2 provides updated LSPsNew LSPs are flooded to the appropriate neighbors

At the same time as the LSPs are exchanged with rtr4, rtr2 receives LSPs from rtr1 and rtr3. These LSPs are flooded to the appropriate neighbors. (LSPs are not transmitted out the interface they are received on. Level 2 LSPs are not transmitted to level 1 neighbors, and level 1 LSPs are not transmitted to level 2 neighbors.)

Alcatel-Lucent C


ot Distribute



IS-IS — Configuration and Implementation

Start

Modify level capability(Optional)

Configure global parameters

Enable IS-IS

Turn up

Configure interfaceparameters

Specify area address

To operate on the Alcatel-Lucent 7750 SR, IS-IS must be explicitly enabled, and at least one area address and interface must be configured. If IS-IS is enabled, but no area address or interface is defined, the protocol is enabled but no routes are exchanged. When at least one area address and interface are configured, adjacencies can be formed and routes can be exchanged.

To configure IS-IS, perform the following tasks:

• Enable IS-IS.

• If necessary, modify the level capability at the global level (the default is L1/L2).

• Define an area address or addresses.

• Configure the IS-IS interfaces.

Area ID — Identifies the area-ID portion of the NET

Level — Specifies that the router can be configured as an L1, L2, or L1/L2 system

Level capability — Configures the level capability for the IS-IS (global) routing process

Interface — Allows you to customize certain interface-specific IS-IS parameters

Interface level capability — Configures the interface-specific level capability for the IS-IS routing process

Alcatel-Lucent C


ot Distribute



Lab 6.1 — Configuring IS-IS for a Single Area

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

IS-IS

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. IS-IS has many distinctive differences from other IP routing protocols. What is the reason for this?

2. In an IS-IS routing domain, how is the router’s area determined?

3. Unlike OSPF, IS-IS does not require a backbone area to implement hierarchy. True or false?

4. A level 1 router sends traffic destined to other areas to the closest level 2-capable router. True or false?

5. An L1/L2 router maintains a single topological database that contains the entire IS-IS routing domain. True or false?

6. IS-IS does not need to establish an adjacency with its neighbors before it can start exchanging updates. True or false?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. IS-IS has many distinctive differences from other IP routing protocols. What is the reason for this?

The major reason for the distinctive differences of IS-IS is due to its origin as an OSI routing protocol. It was later adapted for routing in an IP network as Integrated IS-IS

2. In an IS-IS routing domain, how is the router’s area determined?

In IS-IS the router’s area is determined from the NSAP.

3. Unlike OSPF, IS-IS does not require a backbone area to implement hierarchy. True or false?

True. Hierarchy is implemented through a contiguous backbone of Level 2 routers.

4. A level 1 router sends traffic destined to other areas to the closest level 2-capable router. True or false?

True. The level 1 router installs a default route to the topologically closest level 2 router.

5. An L1/L2 router maintains a single topological database that contains the entire IS-IS routing domain. True or false?

False. The L1/L2 router maintains to distinct topological databases, one for the level 1 area and one for the level 2 backbone.

6. IS-IS does not need to establish an adjacency with its neighbors before it can start exchanging updates. True or false?

False. IS-IS transmits Hello messages on its links to discover neighbors and forms adjacencies with them before exchanging updates.

Alcatel-Lucent C


ot Distribute



Section Summary

This section explained the following:Basic IS-IS operationComparison of IS-IS to other routing protocolsIS-IS frequently used termsPath determinationIS-IS attributesInteroperation of IS-IS routers to exchange routing updates

Alcatel-Lucent C


ot Distribute


Intermediate System–to– Intermediate System (IS-IS)

Section 2 — IS-IS Addressing and Packet Types

Alcatel-Lucent C


ot Distribute



IS-IS — NSAP Addressing

IDP DSP

AFI System ID SELHigh Order-DSPvariable 6 1

Area ID System AddressNSAP — Network service access point

IDP — Initial domain part DSP — Domain specific part

AFI — Authority and format indicator IDI — Initial domain identifier(e.g., 49 is local assigned, binary)

High Order-DSP — High Order Domain Specific Part

SEL — N-selector (NSEL)

IDI

NSEL

IS-IS uses ISO network addresses. Each address identifies a point of connection to the network, such as a router interface, and is called an NSAP. An end system can have multiple NSAP addresses, in which case the addresses differ only by the last byte (called the n-selector). Each NSAP represents a service that is available at that node. In addition to having multiple services, a single node can belong to multiple areas.

Each network entity has a special network address called an NET. Structurally, an NET is identical to an NSAP address but has an n-selector of 00. Most end systems have one NET. Intermediate systems can have up to three area IDs (area addresses).

NSAP addresses are divided into three parts as follows. Only the area ID portion is configurable:

Area ID — A variable-length field from 1 to 13 bytes. This includes the AFI as the most significant byte, and the area ID. An AFI of 49 specifies that the areas have been assigned by a local authority instead of being assigned by a national or international authority.

System ID — A 6-byte system ID. This value is not configurable. The system ID is derived from the system ID or router ID. Typically, this ID is the MAC address of the device or the RID of the device.

Selector ID — A 1-byte selector ID that must contain zeros when a NET is configured. This value is not configurable. The selector ID is always 00. This is also referred to as the NSEL in some documentation. This value could change on NBMA and multi-access networks when a DIS is created.

Of the total 20 bytes that comprise the NET, only the first 13 bytes (the area ID portion) can be manually configured. As few as 1 byte can be entered, or, at most, 13 bytes. If fewer than 13 bytes are entered, the rest of the area ID is padded with zeros.

Routers with common area addresses form level 1 adjacencies. Routers with no common NET addresses form level 2 adjacencies.

Alcatel-Lucent C


ot Distribute



IS-IS — NSAP Addressing (continued)

Level 1 routing uses the system ID.Level 2 routing uses the area address.2 nodes cannot have the same NSAP address.2 nodes within an area cannot have the same system ID.The minimum NSAP using local authority is 8 bytes (1 for area, 6for system, 1 for SEL).The area ID must be minimum 1 byte.The AFI should be set to 49 for locally administered IS-IS configurations.

Basic rules of NSAP addressing:

Level 1 routers ignore the area ID and communicate using the system ID. Keep in mind that all L1 routers only communicate with other L1 or L1/L2 routers within their area; therefore, the area ID is always the same for all L1 routers within an area. The only way to differentiate one router from another is the system ID.

Level 2 routers communicate with other L2 or L1/L2 routers between areas. L2 routers are concerned with routing between areas instead of within an area. They keep track of their neighbors using the area ID and not the system ID.

No two nodes in the topology can have the same NSAP address — this would cause routing confusion.

No two nodes can have the same system ID as this would also cause routing instability and confusion.

The minimum length of an NSAP address is 8 bytes. Each area ID must be at least 1 byte; the system ID is 6 bytes, and the NSEL is always 1 byte.

The area ID must be minimum 1 byte. This can be extended to 4 bytes (32 bits) if necessary.

The AFI should always be set to 0x49. This indicates that a local administrator configured the topology. The concept is similar to a private IP address.

Alcatel-Lucent C


ot Distribute



IS-IS — NSAP Addressing (continued)

Area 49.0002 Area 49.0003L1

L1/L2

L1/L2L1

49.0002.18B6.0101.0001.00

49.0002.18B6.0101.0AFB.00{49.0003}.{18B6.A345.0BF1}.{00}

49.0003.18B6.A3B5.0BFE.00

NSAP addressing example:Red denotes the locally administered area ID of each router.Blue denotes the system ID of each router.Black denotes the NSEL default of “00”.

{Area-ID} {System-ID} {NSEL}

In the example above, each router is identified by the area it resides in, the system ID (based on the MAC address), and the NSEL.

Note that each address is preceded by the value “49” to indicate that the address structure is defined locally.

Alcatel-Lucent C


ot Distribute



IS-IS — Protocol Characteristics

Item ValueMaximum metric value assignable to a link 16 777 215Maximum metric value for a path 4 261 412 864All L1 IS multicast address 01-80-C2-00-00-14All L2 IS multicast address 01-80-C2-00-00-15SAP for IS-IS on 802.3 LANs FEProtocol discriminator for IS-IS 131NSAP selector for IS-IS 00Size of LSP, which all IS routers must be able to handle 1492Maximum age 1200Zero life age 60Maximum number of area addresses in a single area 3

Originally, the maximum metric for a link was limited to 63 (6 bits), with a total path metric of 1023. This was considered to be not granular enough for modern networks, especially with traffic engineering, so a new “wide metric” was defined. This uses 24 bits to support a link metric of

16 777 215 and a total path metric of 4 261 412 864.

The maximum metric value (narrow metric) for a link is limited to a cost of 63. This is because 6 bits are allocated per link for cost (decimal values from 0 to 63).

For the maximum metric value for a path (narrow metric), the total number of bits allocated for a path is 10, with a range from 0 to 1023. This value is the total cumulative cost to a destination network within the topology. A path that has a greater cost is considered unreachable.

The L1 multicast MAC address is a unique address for all L1 packets sent on an Ethernet.

The L2 multicast MAC address is a unique address for all L2 packets sent on an Ethernet

The LLC DSAP and SSAP ID for IS-IS packets is set to FE. In an 802.3 frame with LLC, the value is FE:FE.

The network-layer header contains hex value 83 (decimal 131). This value is assigned by ISO as the OSI network layer discriminator, but is not used for TCP/IP.

The NSAP defaults to “00” when IS-IS is used for IP network updates.

The sequence modulus has a maximum value of 232.

An LSP must support an MTU of 1492.

The maximum age for a network entry in IS-IS without an update is 1200 seconds (20 minutes).

The zero life age is the time, in seconds, that a network will remain in the LSDB when the maximum life age has expired.

There can be a total of 3 area IDs in a single area. This is useful when changing the topology of your areas, based on network requirements.

Alcatel-Lucent C


ot Distribute



MAC header LLC header

IS-IS — Packet Format

IS-IS packets use layer 2 encapsulation of the media.IS-IS uses Ethernet 802.3/802.2 instead of the Ethernet II used for IP traffic.The TLV identifies the type of information in the IS-IS packet.IS-IS packets are called PDUs.

IS-IS header IS-IS TLV FCS

The basic IS-IS update packet is shown above.

Note that IS-IS does not use IP at the network layer for exchanging messages. IS-IS uses the data link layer directly for framing and transmission over network segments.

The IS-IS header is always the same, yet the TLV varies depending on the type of update being sent.

Alcatel-Lucent C


ot Distribute



IS-IS — Packet Format Details

Ethernet destination address:01-80-C2-00-00-14 – L1 updates01-80-C2-00-00-15 – L2 updates

Ethernet source address: source router interface MAC address802.3 LLC DSAP and SSAP = FE:FELayer 3 protocol discriminator: 131

MAC header LLC header IS-IS header IS-IS TLV FCS

The IS-IS destination MAC addressing varies depending on the type of information being conveyed. L1 and L2 updates use different MAC multicast addressing. Routers only look for the respective MAC addresses based on their configuration. L1/L2 routers listen for both MAC addresses.

The source address in all IS-IS updates is always the interface MAC address of the sender.

In the standard version of Ethernet (802.3), when LLC (802.2) is used, the DSAP and SSAP are set to FE:FE to specify that the frame data is IS-IS traffic.

Alcatel-Lucent C


ot Distribute



IS-IS — Packet Format Details (continued)

IS-IS sends PDUs.PDUs are encapsulated directly into the layer 2 frame.There are 4 types of PDUs:

Hello (ESH, ISH, and IIH) — Maintain adjacenciesLSP (link-state packet) — Information about neighbors and links, generated by all L1 and L2 routersPSNP (Partial Sequence Number PDU) — Specific requests and responses about links, generated by all L1 and L2 routersCSNP — Complete list of LSPs exchanged to maintain database consistency

There are four types of PDUs:

Hello PDU — Generated by all devices running IS-IS. The actual format of the hello varies depending on the levelthe device is configured for. An L1 device sends L1 hellos, an L2 device sends L2 hellos, and an L1/L2 device sends both L1 and L2 hello PDUs, independent of each type.

LSP PDU — Generated by L1 and L2 devices to convey information about neighbors and links. LSPs are used to create the topological database for the L1 and L2 devices in an area.

PSNP PDU — Used to request specific information about a network. A PSNP can contain a subset of LSPs in the database or can be used to acknowledge one or more LSPs in point-to-point subnetworks. In addition, a PSNP can be used to request transmission of a specific LSPs (seq = 0) on broadcast subnetworks.

CSNP PDU — Lists every LSP in the database. CSNPs are multicast periodically by IS-IS routers to maintain database consistency. Several CSNPs can be sent at once when the database is large.

Alcatel-Lucent C


ot Distribute



IS-IS — Hello Packet Format

Used to discover neighbors and elect the DISSent every 9 seconds from L1 and L2 routers, if they are not theDISSent every 3 seconds from the DIS in broadcast multi-access networks3 different formats:

Level 1 and Level 2 in broadcast subnetworksPoint-to-point in general topology subnetworks

Highest priority elects the DIS for both L1 and L2 in broadcast networks

Highest interface MAC address is the tiebreaker if priorities are equalDIS assigns the subnetwork ID (DIS NET + SEL)

The Alcatel-Lucent 7750 SR performs IS-IS routing as follows:

Hello PDUs are sent to IS-IS-enabled interfaces to discover neighbors and establish adjacencies.

IS-IS neighbor relationships are formed if the hello PDUs contain information that meets the criteria for forming an adjacency.

The Alcatel-Lucent 7750 SR can build a link-state PDU based on its local interfaces that are configured for IS-IS and on prefixes that it has learned from other adjacent routers.

The Alcatel-Lucent 7750 SR floods LSPs to adjacent neighbors except for the neighbor from which it has received the same LSP. The link-state database is constructed from these LSPs.

Each IS calculates a shortest path tree and builds the routing table from the SPT.

Alcatel-Lucent C


ot Distribute



Link-State PDU (LSP) Format

Slightly different formats for L1 and L2 LSPsLSP Identifier indicates which router created the LSPSequence number indicates relative age of the LSP

When a router creates a new LSP, the sequence number is incremented.

Reachability information is provided for all local networks from the router that created the LSP:

Network prefixMetricsIP mask

An L1 LSP is flooded to all other L1 routers in the area.An L2 LSP is flooded to all other L2 routers in the network.

An LSP carries all the routing information in an IS-IS network. The LSP identifier identifies the router that created the LSP. When the router creates a new LSP, the sequence number is incremented so that other routers know to replace older LSPs in their LSP databases. The LSP contains information about all the local networks the router is connected to and includes the network prefix, network metric, and IP network mask.

An L1 router creates only L1 LSPs and sends them to all its adjacent L1 neighbors in the same area. These L1 routers in turn flood the LSP to other L1 neighbors.

An L2 router sends L2 LSPs to all its adjacent L2 neighbors. These are in turn flooded to all other L2 routers in the network.

An L1/L2 router sends L1 LSPs to all its L1 neighbors and L2 LSPs to all its L2 neighbors. The L2 LSPs contain information about all reachable networks in the L1 area as well as the L1/L2 router’s own local networks.

Alcatel-Lucent C


ot Distribute



Complete Sequence Number PDU Format

CSNPs used to maintain consistency of link-state databaseContains list of router’s LSPs and their sequence numbers.A router that receives a CSNP that includes out-of-date LSPs will transmit up-to-date LSPs.CSNPs are exchanged at router initialization and periodically afterward to maintain synchronization.

Every 10 seconds on broadcast networkEvery 5 seconds on point-to-point link

For each LSP in its database, the CSNP contains:Remaining life of the LSP, in secondsLSP IDLSP sequence numberChecksum value

Alcatel-Lucent C


ot Distribute



Partial Sequence Number PDU Format

PSNPs are used by routers to request a specific LSP.PSNPs are also used on point-to-point links to acknowledge the receipt of an LSP (but not on a broadcast link).A PSNP is similar to a CSNP except that it is a subset of the LSPs from the database.A PSNP describes one or more LSPs and contains the following information for each:

Remaining life of the LSP, in secondsLSP IDLSP sequence numberChecksum value

Alcatel-Lucent C


ot Distribute



IS-IS — LSP Packet Format

There is a single procedure for the flooding, aging, and updating of LSPs:

LSPs in the LSDB have a remaining lifetime that starts at 1200 seconds.L1 LSPs are flooded within the area.L2 LSPs are flooded throughout the L2 subdomain.Large PDUs are divided into fragments that are independently flooded.Separate databases are maintained for L1 and L2 LSPs.

Alcatel-Lucent C


ot Distribute



IS-IS — LSP Packet Format (continued)

LSP Packet aging:LSPs are stored in the LSDB:

Each entry has a sequence number that starts at 1 and incrementswith each update relative to that entry. This is a 32-bit value. The higher the number, the more current the update.The remaining lifetime starts at 1200 seconds and decrements every second until it reaches 0.A zero-age LSP remains in the LSDB for 60 seconds and is flooded to allneighbors to ensure that the network is still valid.

Checksum errors trigger the immediate expiration of an LSP’slifetime.LSP acknowledgment is performed using PSNPs on point-to-point links.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. In IS-IS, the area ID is derived from the NSAP address. True or false?

2. IS-IS does not use IP to exchange packets with its neighbors. True or false?

3. IS-IS uses 2 different Ethernet multicast addresses: 1 for broadcast networks and another for point-to-point links. True or false?

4. What are the 4 types of packets used by an IS-IS router?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. In IS-IS, the area ID is derived from the NSAP address. True or false?

True.

2. IS-IS does not use IP to exchange packets with its neighbors. True or false?

True. IS-IS transmits its packets directly encapsulated in a Layer 2 protocol. Often this is an Ethernet IEEE 802.3 frame.

3. IS-IS uses 2 different Ethernet multicast addresses: 1 for broadcast networks and another for point-to-point links. True or false?

False. One Ethernet multicast address is used for level 1 interfaces, the other for level 2 interfaces.

4. What are the 4 types of packets used by an IS-IS router?

The 4 main types of packets used by IS-IS are the Hello, LSP, PSNP and CSNP.

Alcatel-Lucent C


ot Distribute



IS-IS — Link-State Database

Contains all LSPs received by the routerUsed as the foundation for the SPF calculation to build the routing table

A:rtr2>show>router>isis# database===============================================================================IS-IS Database===============================================================================LSP ID Sequence Checksum Lifetime Attributes-------------------------------------------------------------------------------Displaying Level 1 database-------------------------------------------------------------------------------rtr1.00-00 0x134 0x1269 1171 L1rtr2.00-00 0x12d 0x633 902 L1L2 ATTrtr2.03-00 0x121 0xbbc2 894 L1L2Level (1) LSP Count : 3Displaying Level 2 database-------------------------------------------------------------------------------rtr2.00-00 0x12a 0x655a 975 L1L2rtr4.00-00 0xa4 0x2a1f 657 L1L2Level (2) LSP Count : 2

LSPs are stored in the link-state database. The table above shows a simple link-state database for an L1/L2 router. An L1/L2 router has two databases: one for the L1 area and one for the L2 area.

The ATT bit is set on LSP rtr2.00-00 to indicate that the LSP was received from an L2 router.

Alcatel-Lucent C


ot Distribute



IS-IS — Network Types

IS-IS only supports:Broadcast for LAN and multipoint WAN topologiesPoint-to-point for all other topologies

When IS-IS implemented in an NBMA network:Broadcast mode assumes fully meshed connectivity.Point-to-point assumes true point-to-point connectivity.

LAN and multipoint WAN topologies require the election of a DIS.

Hellos are used to create adjacencies and determine router priority.The DIS is elected based on the following criteria:

— Only routers with adjacencies are eligible.— Highest interface priority— Highest interface MAC address

Alcatel-Lucent C


ot Distribute



IS-IS — LAN Communication

C1.1.1.1

D1.1.1.2

A1.1.1.4

B1.1.1.3

DIS

Pseudo nodefor LAN, created

by DIS

Note: All routers create adjacencies with the pseudo node and with each other.

DIS — The IS in a LAN that is designated to perform additional duties. In particular, the DIS generates link-state PDUs on behalf of the LAN, and treats the LAN as a pseudo node.

Pseudo node — When a broadcast subnetwork has n connected ISs, the broadcast subnetwork itself is considered to be a pseudo node. The pseudo node has links to each of the n ISs and each of the ISs has a single link to the pseudo node (rather than n-1 links to each of the other ISs). Link-state PDUs are generated on behalf of the pseudo node by the DIS.

Alcatel-Lucent C


ot Distribute



IS-IS – DIS Election for L1 and L2 Routers

L1/L2L1

L1 L1

L2

L2

L1 DIS L2 DIS

L1 and L2 routers can elect separate DIS routers.DIS election is based on priority and/or the highest MAC address and is preemptive.L1 and L2 can have separate priorities set.The DIS creates the pseudo node and floods updates over the LAN.

In broadcast multi-access networks such as Ethernet, a single router is elected as the DIS. There is no backup DIS. The DIS has two tasks:

Create and update the pseudo-node LSP

Conduct flooding over the LAN

In a LAN, one of the routers is elected the DIS. This is based on the interface priority of the router and/or if it has the highest MAC address of all routers in the LAN. The DIS is also called the SNPA. Every IS-IS router interface is assigned both an L1 priority and an L2 priority. If a new router starts up in the LAN and has a higher interface priority, the new router preempts the original DIS and becomes the DIS. The new DIS purges the old pseudo-node LSP and floods a new set of LSPs.

Because different priorities can be set according to L1 or L2 routing, there could be two different routers in an Ethernet that are DIS-designated. One would support all L1 routers, and the other would support all L2 routers on that segment.

The DIS generates the pseudo-node LSP. The DIS reports all LAN neighbors (including itself) in the pseudo-node LSP. All LAN routers communicate with the pseudo node via their LSPs. The pseudo node reduces the number of adjacencies by having all physical devices exchange information with only the pseudo node. Each router listens for updates to the pseudo node and updates their individual topologies according to those updates.

Alcatel-Lucent C


ot Distribute



Lab 6.2 — IS-IS Adjacency Study

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

IS-IS

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. How are LSPs acknowledged on a point-to-point link?2. How are LSPs acknowledged on a broadcast link?3. On broadcast links, a DIS is always required. True or false?4. Unlike OSPF, there is no backup DIS in IS-IS. True or false? 5. In a broadcast network with level 1 and level 2 routers, it

is possible to have 1 router as the level 1 DIS and a different router as the level 2 DIS. True or false?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. How are LSPs acknowledged on a point-to-point link?

LSPs are acknowledged on a point-to-point link with a partial sequence number PDU (PSNP).

2. How are LSPs acknowledged on a broadcast link?

There is no acknowledgement of LSPs on a broadcast link. A CSNP is sent by the DIS every 10 seconds on a broadcast network to ensure that the topology databases are up to date.

3. On broadcast links, a DIS is always required. True or false?

True.

4. Unlike OSPF, there is no backup DIS in IS-IS. True or false?

True. If the DIS fails, another DIS must be elected.

5. In a broadcast network with level 1 and level 2 routers, it is possible to have 1 router as the level 1 DIS and a different router as the level 2 DIS. True or false?

True.

Alcatel-Lucent C


ot Distribute



Section Summary

This section covered the following topics:Different IS-IS hellosIS-IS addressingUse of a pseudo nodeIdentification of the area that an IS-IS router resides in

Alcatel-Lucent C


ot Distribute


Intermediate System–to–Intermediate System

Section 3 — IS-IS Operation

Alcatel-Lucent C


ot Distribute



IS-IS — Standard Packet Header

Length indicator

Version

Protocol discriminator

ID length

Version / Protocol ID ext.

R PDU typeR R

Maximum area addresses

Reserved

= 131

= Header length

= 1

= System ID length

= Type of IS-IS PDU

= 1

= 0 (ignored on receipt)

= # of permitted area addresses

0 31

A standard IS-IS header is shown above. All IS-IS PDUs use this header.

Alcatel-Lucent C


ot Distribute



IS-IS — Hello Packets

Point-to-point hello packet:

PDU length

Common fixed header

Holding timer

Source ID

TLV fields

Local circuit ID

R Circuit typeR R R R R R R = 1 (L1), 2 (L2), 3 (L1/L2)

= Sender’s system ID

= Dead timer

= Length of hello PDU

= Unique circuit name

0 31

Above is an example of an IS-IS point-to-point hello packet as shown in block breakout. Note that the common header shown on the previous page precedes the hello information. The LAN Hello packet is similar, but contains a priority and DIS field in place of the “Local circuit ID”.

Alcatel-Lucent C


ot Distribute



IS-IS — Packet Exchange

L1 and L2 adjacencies use the same procedure.Adjacency is established when a valid IIH is received:

L1 adjacency if area IDs are the same and the circuit is L1L2 adjacency if the circuit is L2

The initial exchange of IIHs establishes the type of adjacency.The 2-way handshake depends on a reliable circuit.

A unique local circuit ID is determined by each IS configuration.The link’s circuit ID is set by the system with the higher source ID.

Concatenation of system ID and local circuit IDBoth sides exchange CSNPs.Update reliability is accomplished by:

Sending PSNP for all new and duplicate LSPsAnswering older LSPs with newer LSPs

Alcatel-Lucent C


ot Distribute



IS-IS — LAN Packet Exchange

Broadcast links are multi-access and support multicasting.IS-IS uses layer 2 multicast.

Different hello PDUs for L1 and L2 adjacencies:L1 IIH (code 15)L2 IIH (code 16)

Separate DIS election for L1 and L2 topologies:L1 DIS originates L1 CSNPsL2 DIS originates L2 CSNPs

The IS neighbor’s TLV identifies the local community of neighbors.

Alcatel-Lucent C


ot Distribute



IS-IS — LSP Packet Exchange

Each IS originates an LSP.The LSP is flooded to all neighbors.Neighbors place a copy of the LSP in their databases.LSP is re-flooded on all IS-IS interfaces except the source.LSPs are acknowledged with PSNPs on point-to-point links.Periodic CSNPs on broadcast links affirm synchronization.Both LSP formats (L1, L2) have an 8-byte identifier composed of:

6-byte system ID, 1st LSP ID 1800.0100.1001.00-001-byte LSP number, excess routes 1800.0100.1001.00-011-byte pseudo-node ID, ckt 4 1800.0100.1001.04-00

LSP IDs are auto-assigned by the originating IS-IS node. The LSP ID consists of three sections. The first 6 bytes are the system ID for the node, followed by 1-byte value for the pseudo node generated by that router, and a fragment byte that starts at zero.

For example, if a router’s system ID is 1800.0000.0029, the first LSP ID is 1800.0000.0029.00-00. If there are too many routes, LSP ID 1800.0000.0029.00-01 is created to contain the excess routes. If the router is the DIS in a broadcast network, a pseudo-node LSP is created. Usually, the internal circuit ID is used to determine the ID assigned to the pseudo node. For example, for circuit 4, an LSP pseudo node with ID 1800.0000.0029.04-00 is created. The Alcatel-Lucent 7750 SR OS learns host names and uses the host name in place of the system ID. Examples of Alcatel-Lucent 7750 SR LSP IDs are:

acc_arl.00-00

acc_arl.00-01

acc_arl.04-00

Alcatel-Lucent C


ot Distribute



IS-IS — Packet Exchange (continued)

Large PDUs are broken into fragments, then flooded.LSPs remain intact during flooding.

L1 LSPs are flooded within an area.L2 LSPs are flooded throughout the L2 subdomain.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. An IS-IS router may be assigned to more than 1 area. True or false?

2. A hello packet transmitted on a point-to-point link is different from a hello packet transmitted on a broadcast link. True or false?

3. Two L1/L2 routers maintain 2 separate adjacencies: 1 for Level 1 and 1 for Level 2. True or false?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. An IS-IS router may be assigned to more than 1 area. True or false?

True. An IS-IS router may be assigned to as many as 3 areas.

2. A hello packet transmitted on a point-to-point link is different from a hello packet transmitted on a broadcast link. True or false?

True.

3. Two L1/L2 routers maintain 2 separate adjacencies: 1 for Level 1 and 1 for Level 2. True or false?

This is true if both routers are in the same area. If they are in different areas, only an L2 adjacency is established.

Alcatel-Lucent C


ot Distribute



IS-IS — Operation

Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

5.5.5.5

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

10.10.1.2

10.10.1.1

10.10.2.1

4.4.4.4

10.10.2.22.2.2.2

10.10.3.1

1.1.1.1

10.10.4.1

10.10.4.210.10.3.23.3.3.3


L1 Level 1L2 Level 2L1/L2 Level 1/Level 2

The following slides provide a detailed analysis of the sequence of events as IS-IS is initialized on rtr2. rtr2 is configured as follows:

A:rtr2>config>router>isis# info----------------------------------------------

area-id 49.0002interface "system"exitinterface "to_rtr4"

interface-type point-to-pointexitinterface "to_rtr1"exit

----------------------------------------------A:rtr2>config>router# info---------------------------------------------#------------------------------------------echo "IP Configuration"#------------------------------------------

interface "system"address 2.2.2.2/32

exitinterface "to_rtr1"

address 10.10.3.1/24port 1/1/2:100


address 10.10.2.2/30port 1/1/1


address 10.10.4.1/24port 1/1/3

exit

#------------------------------------------

Alcatel-Lucent C


ot Distribute



IS-IS — Link-State Initialization

Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

5.5.5.5

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

10.10.1.2

10.10.1.1

10.10.2.1

4.4.4.4

10.10.2.22.2.2.2

10.10.3.1

1.1.1.1

10.10.4.1

10.10.4.210.10.3.23.3.3.3

L1 and L2 hello PDUs transmitted on broadcast linksPoint-to-point hellos transmitted on P2P links

510 2006/12/06 23:08:32.02 UTC - IS-IS"IS-IS: PKTTX L1 LAN HELLO PDU on ifId 3"


509 2006/12/06 23:08:32.02 UTC - IS-IS"IS-IS: PKTTX PTOP HELLO PDU on ifId 2"

When the router or the IS-IS process is initialized, rtr2 transmits hello PDUs on all interfaces that are included in an IS-IS area.

Because rtr2 is configured as an L1/L2 router, L1 and L2 hello PDUs are transmitted on all broadcast links (the links to rtr1 and rtr3). The top box above shows only PDUs transmitted on interface 3, to rtr1. A similar pair of PDUs is transmitted on interface 4 to rtr3.

A point-to-point hello PDU is transmitted on interface 2 to rtr4 because this has been configured as a point-to-point link, as shown in the bottom box above.

A summary of the PDU exchange is shown in the boxes above. Details are provided in the following slides.

Alcatel-Lucent C


ot Distribute



Level 1 Hello PDU

510 2006/12/06 23:08:32.02 UTC MINOR: DEBUG #2001 - IS-IS PKT"IS-IS PKT:TX IS-IS PDU ifId 3 len 59:Proto Disc : 131Header Len : 27Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (0f) Level 1 LAN IS-IS Hello PduCircuit Type : L1L2Source Id : 00 20 02 00 20 02Hold Time : 27Packet length : 42Priority : 64LAN Id : 00 20 02 00 20 02 03Area Addresses:Area Address : (3) 49 00 02

Supp Protocols:Protocols : IPv4

I/F Addresses :I/F Address : 10.10.3.1

The slide above shows the hello PDU transmitted to rtr1 on the broadcast link. Note the Area Address and the Source ID values.

Alcatel-Lucent C


ot Distribute



Point-to-Point Hello PDU

509 2006/12/06 23:08:32.02 UTC MINOR: DEBUG #2001 - IS-IS PKT"IS-IS PKT:TX IS-IS PDU ifId 2 len 59:Proto Disc : 131Header Len : 20Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (11) Point-2-Point IS-IS Hello PduCircuit Type : L1L2Source Id : 00 20 02 00 20 02Hold Time : 27Packet length : 42Circuit Id : 0Area Addresses:Area Address : (3) 49 00 02



3Way Adjacency :State : DOWNExt ckt ID : 5

The slide above shows the point-to-point hello PDU transmitted to rtr4 on the point-to-point link. Note that there is an additional “3Way Adjacency” section. This is an extension to the P2P Hello defined in RFC 3373 that provides a 3 way handshake on a point to point link so that the router knows that its neighbor sees the router itself.

Alcatel-Lucent C


ot Distribute




Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

5.5.5.5

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

10.10.1.2

10.10.1.1

10.10.2.1

4.4.4.4

10.10.2.22.2.2.2

10.10.3.1

1.1.1.1

10.10.4.1

10.10.4.210.10.3.23.3.3.3

L1 hello PDU received from rtr1L1 hello and CSNP transmittedAdjacency is established

512 2006/12/06 23:08:32.05 UTC - IS-IS"IS-IS: PKTRX L1 LAN HELLO PDU on ifId 3"


515 2006/12/06 23:08:32.05 UTC - IS-IS"IS-IS: PKTTX L1 CSNP on ifId 3"

Routers that receive a hello PDU from rtr2 respond with a hello PDU of the appropriate type. If rtr2 sees its own ID in the Hello it receives, it transmits another PDU with the ID of its neighbor. The adjacency is now considered to be established.

When the adjacency is established, a CSNP is transmitted. This contains a description of the LSPs known by rtr2 and the sequence numbers it is using for them. This initiates transmission of LSPs from the neighbor.

Alcatel-Lucent C


ot Distribute



L1 Hello from L1 Neighbor

512 2006/12/06 23:08:32.05 UTC MINOR: DEBUG #2001 - IS-IS PKT"IS-IS PKT:RX IS-IS PDU ifId 3 len 67:Proto Disc : 131Header Len : 27Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (0f) Level 1 LAN IS-IS Hello PduCircuit Type : L1L2Source Id : 00 10 01 00 10 01Hold Time : 27Packet length : 50Priority : 64LAN Id : 00 10 01 00 10 01 02Area Addresses:Area Address : (3) 49 00 02

Neighbors MACs:Neighbor : 00 03 fa 56 6f 6f



Originally, L1 and L2 hello PDUs were transmitted on the interface connected to rtr1. Because rtr1 is an L1 router in the same area, it responds with an L1 hello PDU. Note that this PDU contains the MAC address of its neighbor (rtr2).

rtr2 responds with an L1 hello PDU that contains the MAC address of its neighbor (rtr1).

Alcatel-Lucent C


ot Distribute



CSNP Sent to Neighbor

515 2006/12/06 23:08:32.05 UTC MINOR: DEBUG #2001 - IS-IS PKT"IS-IS PKT:TX IS-IS PDU ifId 3 len 68:Proto Disc : 131Header Len : 33Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (18) Level 1 CSNP PDUPacket length : 51Source Id : 00 20 02 00 20 02 00Start LSP Id : 00 00 00 00 00 00 00 00End LSP Id : ff ff ff ff ff ff ff ffLSP Entries :Remaining Life: 1200LSP ID : 00 20 02 00 20 02 00 00Sequence Num : 00000001Checksum : 519e

The CSNP is used to inform the router’s neighbors of the LSPs it has in its link-state database. In this case, there is only one LSP, which describes the local interfaces on rtr2. Because the router has just initialized, it uses sequence number 1.

Alcatel-Lucent C


ot Distribute




Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

5.5.5.5

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

10.10.1.2

10.10.1.1

10.10.2.1

4.4.4.4

10.10.2.22.2.2.2

10.10.3.1

1.1.1.1

10.10.4.1

10.10.4.210.10.3.23.3.3.3

P2P hello PDU received from rtr4P2P hello and L2 CSNP transmittedAdjacency is established

537 2006/12/06 23:08:36.50 UTC - IS-IS"IS-IS: PKTRX PTOP HELLO PDU on ifId 2"

538 2006/12/06 23:08:36.50 UTC - IS-IS"IS-IS: PKTTX PTOP HELLO PDU on ifId 2"

539 2006/12/06 23:08:36.50 UTC - IS-IS"IS-IS: PKTTX L2 CSNP on ifId 2“

543 2006/12/06 23:08:36.52 UTC - IS-IS"IS-IS: PKTRX L2 CSNP PDU on ifId 2"

At the same time the adjacency is being established with rtr1, rtr2 is also establishing an adjacency with rtr4 on the point-to-point link. When rtr4 receives the hello, it responds with an L2 hello because it is an L1/L2 router in a different area (it does not send an L1 hello). This PDU contains the ID of the neighbor (rtr2) that this hello is responding to. The adjacency is now established.

When the adjacency is established, a CSNP is transmitted. This contains a description of the LSPs known by rtr2 and the sequence numbers it is using for them. This initiates a transmission of LSPs from the neighbor.

Alcatel-Lucent C


ot Distribute



Point-to-Point Hello from L1/L2 Neighbor

537 2006/12/06 23:08:36.50 UTC MINOR: DEBUG #2001 - IS-IS PKT"IS-IS PKT:RX IS-IS PDU ifId 2 len 69:Proto Disc : 131Header Len : 20Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (11) Point-2-Point IS-IS Hello PduCircuit Type : L1L2Source Id : 00 40 04 00 40 04Hold Time : 27Packet length : 52Circuit Id : 0Area Addresses:Area Address : (3) 49 00 01



3Way Adjacency :State : INITExt ckt ID : 4NbrSysID : 00 20 02 00 20 02Nbr ext ckt ID : 5

The slide above shows the hello PDU received from rtr4. It identifies rtr2 as its neighbor. Note that the area address is different (rtr4 is in area 49.0001). When it receives this hello, rtr2 transmits a similar PDU that identifies rtr4 as its neighbor. The adjacency is now established.

Alcatel-Lucent C


ot Distribute



L2 CSNP Sent to L2 Neighbor

539 2006/12/06 23:08:36.50 UTC MINOR: DEBUG #2001 - IS-IS PKTTX IS-IS PDU ifId 2 len 68:Proto Disc : 131Header Len : 33Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (19) Level 2 CSNP PDUPacket length : 51Source Id : 00 20 02 00 20 02 00Start LSP Id : 00 00 00 00 00 00 00 00End LSP Id : ff ff ff ff ff ff ff ffLSP Entries :Remaining Life: 1200LSP ID : 00 20 02 00 20 02 00 00Sequence Num : 00000001Checksum : ff43

The CSNP is used to inform the router’s neighbors of the LSPs in its link-state database. In this case, there is only one LSP, which describes the local interfaces on rtr2. Because the router has just initialized, it uses sequence number 1.

Alcatel-Lucent C


ot Distribute



L2 CSNP Received from L2 Neighbor

543 2006/12/06 23:08:36.52 UTC MINOR: DEBUG #2001 - IS-IS PKTRX IS-IS PDU ifId 2 len 100:Proto Disc : 131Header Len : 33Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (19) Level 2 CSNP PDUPacket length : 83Source Id : 00 40 04 00 40 04 00Start LSP Id : 00 00 00 00 00 00 00 00End LSP Id : ff ff ff ff ff ff ff ffLSP Entries :Remaining Life: 1110LSP ID : 00 20 02 00 20 02 00 00Sequence Num : 00000136Checksum : afb2Remaining Life: 1184LSP ID : 00 40 04 00 40 04 00 00Sequence Num : 00000004Checksum : 99faRemaining Life: 766

The receipt of the CSNP from rtr2 prompts the transmission of a CSNP from rtr4 because it has a higher sequence number for LSP 0020.0200.2002. Receipt of these CSNPs initiates an exchange of the appropriate LSPs to bring all link-state databases up-to-date.

Alcatel-Lucent C


ot Distribute



IS-IS — Exchange of LSPs

Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

5.5.5.5

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

10.10.1.2

10.10.1.1

10.10.2.1

4.4.4.4

10.10.2.22.2.2.2

10.10.3.1

1.1.1.1

10.10.4.1

10.10.4.210.10.3.23.3.3.3

Based on exchanged CSNPs, neighbor transmits LSPs Router adjusts sequence number and transmits current LSP

550 2006/12/06 23:08:36.52 UTC - IS-ISRX L2 LSP 0020.0200.2002.00-00 on ifId 2 len 205 rem life 1110 seqNum 0x88 checksum 0xafb2"

553 2006/12/06 23:08:36.52 UTC - IS-ISRX L2 LSP 0040.0400.4004.00-00 on ifId 2 len 121 rem life 1184 seqNum 0x4 checksum 0x99fa"

566 2006/12/06 23:08:37.51 UTC - IS-ISTX L2 LSP 0020.0200.2002.00-00 on ifId 2 len 178 rem life 1200 seqNum 0x89 checksum 0xa9b7"

After the exchange of CSNPs, the routers exchange LSPs. rtr4 transmits LSPs based on the content of its database, including LSP 0020.0200.2002. rtr2 transmits new LSP 0020.0200.2002 with current information and a higher sequence number.

Alcatel-Lucent C


ot Distribute



Received LSP 0020.0200.2002.00-00 (part 1)

550 2006/12/06 23:08:36.52 UTC - IS-IS PKT"IS-IS PKT:RX IS-IS PDU ifId 2 len 205:Proto Disc : 131Header Len : 27Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (14) Level 2 Link State PduPacket length : 188Rem Lifetime : 1110LSP Id : 00 20 02 00 20 02 00 00Sequence Num : 136LSP Checksum : afb2LSP Flags : (00000003) L1Area Addresses:Area Address : (3) 49 00 02


IS-Hostname : rtr2Router ID :Router ID : 2.2.2.2

This LSP is transmitted from rtr4 based on the contents of its LSP database. (The LSP was in the database before IS-IS was reinitialized on rtr2.) Note that LSP sequence numbers in the CSNP are shown in hex notation whereas the LSP packets show the sequence numbers in decimal notation.

Note: In this and the following sample LSPs, some additional traffic engineering fields have been omitted from the PDU. In addition, the link to rtr3 was not turned up, so there are no networks from this direction.

Alcatel-Lucent C


ot Distribute




IS Neighbors :Virtual Flag : 0Default Metric: (I) 10Delay Metric : (I) 0Expense Metric: (I) 0Error Metric : (I) 0Neighbor : 00 40 04 00 40 04 00

Internal Reach:Default Metric: (I) 0Delay Metric : (I) 0Expense Metric: (I) 0Error Metric : (I) 0IP Address : 2.2.2.2IP Mask : 255.255.255.255Default Metric: (I) 10Delay Metric : (I) 0Expense Metric: (I) 0Error Metric : (I) 0IP Address : 10.10.2.0IP Mask : 255.255.255.252Default Metric: (I) 10Delay Metric : (I) 0Expense Metric: (I) 0Error Metric : (I) 0IP Address : 10.10.3.0IP Mask : 255.255.255.0

Default Metric: (I) 10Delay Metric : (I) 0Expense Metric: (I) 0Error Metric : (I) 0IP Address : 1.1.1.1IP Mask : 255.255.255.255

I/F Addresses :I/F Address : 2.2.2.2I/F Address : 10.10.2.2I/F Address : 10.10.3.1

The remainder of the LSP contains the networks that were advertised in the original LSP.

Alcatel-Lucent C


ot Distribute




553 2006/12/06 23:08:36.52 UTC - IS-IS PKT"IS-IS PKT:RX IS-IS PDU ifId 2 len 121:Proto Disc : 131Header Len : 27Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (14) Level 2 Link State PduPacket length : 104Rem Lifetime : 1184LSP Id : 00 40 04 00 40 04 00 00Sequence Num : 4LSP Checksum : 99faLSP Flags : (00000003) L1Area Addresses:Area Address : (3) 49 00 01



This is the second LSP received from rtr4. It describes the networks known by rtr4.

Alcatel-Lucent C


ot Distribute




Internal Reach:Default Metric: (I) 0Delay Metric : (I) 0Expense Metric: (I) 0Error Metric : (I) 0IP Address : 4.4.4.4IP Mask : 255.255.255.255Default Metric: (I) 10Delay Metric : (I) 0Expense Metric: (I) 0Error Metric : (I) 0IP Address : 10.10.2.0IP Mask : 255.255.255.252

I/F Addresses :I/F Address : 4.4.4.4I/F Address : 10.10.2.1

The slide above shows the remaining fields of LSP 0040.0400.4004.

Alcatel-Lucent C


ot Distribute



Transmitted LSP 0020.0200.2002.00-00 (part 1)

566 2006/12/06 23:08:37.51 UTC - IS-IS PKT"IS-IS PKT:TX IS-IS PDU ifId 2 len 178:Proto Disc : 131Header Len : 27Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (14) Level 2 Link State PduPacket length : 161Rem Lifetime : 1200LSP Id : 00 20 02 00 20 02 00 00Sequence Num : 137LSP Checksum : a9b7LSP Flags : (00000003) L1Supp Protocols:Protocols : IPv4


rtr2 transmits a revised LSP with an incremented sequence number.

Alcatel-Lucent C


ot Distribute



Transmitted LSP 0020.0200.2002.00-00 (part 2)



Default Metric: (I) 10Delay Metric : (I) 0Expense Metric: (I) 0Error Metric : (I) 0IP Address : 10.10.3.0IP Mask : 255.255.255.0

I/F Addresses :I/F Address : 2.2.2.2I/F Address : 10.10.2.2I/F Address : 10.10.3.1

The slide above shows the remainder of the LSP transmitted by rtr2. Note that the LSP does not contain the reference to 1.1.1.1 that was included in the LSP from rtr4. rtr2 has not yet received the LSP from rtr1 for 1.1.1.1. When it has received this LSP from rtr1, rtr2 will transmit a new LSP.

Alcatel-Lucent C


ot Distribute



IS-IS — Exchange of PSNPs

Area 49.0001

Area 49.0002

Area 49.0003

L1

L2

L1/L2

L1/L2

L1

L1/L2 L1

rtr1

5.5.5.5

rtr2

rtr3

rtr4

rtr5

rtr6 rtr7

10.10.1.2

10.10.1.1

10.10.2.1

4.4.4.4

10.10.2.22.2.2.2

10.10.3.1

1.1.1.1

10.10.4.1

10.10.4.210.10.3.23.3.3.3

Routers exchange PSNPs to acknowledge receipt of new LSPs

568 2006/12/06 23:08:38.01 UTC - IS-IS"IS-IS: PKTTX L2 PSNP PDU on ifId 2“

571 2006/12/06 23:08:39.50 UTC - IS-IS"IS-IS: PKTRX L2 PSNP PDU on ifId 2"

When they have exchanged LSPs on a point-to-point link, the routers exchange PSNPs to acknowledge the LSPs they have received.

Alcatel-Lucent C


ot Distribute



Transmitted PSNP

568 2006/12/06 23:08:38.01 UTC MINOR: DEBUG #2001 - IS-IS PKT"IS-IS PKT:TX IS-IS PDU ifId 2 len 68:Proto Disc : 131Header Len : 17Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (1b) Level 2 PSNP PduPacket length : 51Source Id : 00 20 02 00 20 02 00LSP Entries :Remaining Life: 1179LSP ID : 00 40 04 00 40 04 00 00Sequence Num : 00000006Checksum : 95fcRemaining Life: 764

The slide above shows the PSNP transmitted to rtr4 by rtr2. The PSNP serves to acknowledge LSP 0040.0400.4004.

Alcatel-Lucent C


ot Distribute



DIS Election in a Broadcast Network

DIS election is performed preemptively in a broadcast network.Routers transmit the LAN ID in LAN hello PDUs to determine which router is the DIS, according to:

Highest priorityHighest interface MAC address

The DIS floods an LSP on behalf of the pseudonode LSP identifies all interfaces on the LAN.

LAN LSPs are not acknowledged.The DIS periodically transmits a CSNP to ensure consistency of the LSDB on all routers.Unlike OSPF, all IS-IS routers on the LAN maintain adjacencies with each other

Alcatel-Lucent C


ot Distribute



LSP in a Broadcast Network (part 1)

592 2006/12/06 23:11:44.90 UTC - IS-IS PKT"IS-IS PKT:RX IS-IS PDU ifId 3 len 153: Proto Disc : 131Header Len : 27Version PID : 1ID Length : 0Version : 1Reserved : 0Max Area Addr : 3PDU Type : (12) Level 1 Link State PduPacket length : 136Rem Lifetime : 1200LSP Id : 00 10 01 00 10 01 00 00Sequence Num : 149LSP Checksum : 52c8LSP Flags : (00000001) L1Area Addresses:Area Address : (3) 49 00 02



The LSPs sent in a broadcast network are similar to point-to-point LSPs; however, the DIS is considered the neighbor for all routers in the LAN (at L1 in the example above).

Alcatel-Lucent C


ot Distribute



LSP in a Broadcast Network (part 2)



I/F Addresses :I/F Address : 1.1.1.1I/F Address : 10.10.3.2

The neighbor shown in this PDU is 0020.0200.2002.0300. This indicates that rtr1 recognizes rtr2 as the DIS for L1 in this LAN. rtr1 will only form an adjacency with rtr2 in the LAN.

Alcatel-Lucent C


ot Distribute



rtr2 after Convergence

A:rtr2>show>router>isis# adjacency===============================================================================IS-IS Adjacency===============================================================================System ID Usage State Hold Interface-------------------------------------------------------------------------------rtr4 L2 Up 20 to_rtr4rtr1 L1 Up 23 to_rtr1-------------------------------------------------------------------------------Adjacencies : 2

A:rtr2>show>router>isis# routes===============================================================================Route Table===============================================================================Prefix Metric Lvl/Typ Ver. Nexthop SysID/Hostname-------------------------------------------------------------------------------1.1.1.1/32 10 1/Int. 1 10.10.3.2 rtr12.2.2.2/32 0 1/Int. 1 0.0.0.0 rtr24.4.4.4/32 10 2/Int. 3 10.10.2.1 rtr410.10.2.0/30 10 1/Int. 1 0.0.0.0 rtr210.10.3.0/24 10 1/Int. 1 0.0.0.0 rtr2-------------------------------------------------------------------------------Routes : 5

The show router isis adjacency command shows that rtr2 has established adjacencies with rtr1 and rtr4.

The show router isis routes command lists the routes in the IS-IS routing table. The routes are used to populate the router’s routing table used for the forwarding of packets (see next slide).

Alcatel-Lucent C


ot Distribute



rtr2 After Convergence (continued)

A:rtr2# show router route-table

===============================================================================Route Table (Router: Base)===============================================================================Dest Address Next Hop Type Proto Age Metric Pref-------------------------------------------------------------------------------1.1.1.1/32 10.10.3.2 Remote IS-IS 01d02h22m 10 152.2.2.2/32 system Local Local 02d00h22m 0 04.4.4.4/32 10.10.2.1 Remote IS-IS 01d02h22m 10 1810.10.2.0/30 to_rtr4 Local Local 02d00h25m 0 010.10.3.0/24 to_rtr1 Local Local 02d00h24m 0 0-------------------------------------------------------------------------------No. of Routes: 5===============================================================================

The show router route-table command lists the actual routes installed in the routing table. The routes are used for forwarding packets across the network.

Alcatel-Lucent C


ot Distribute



rtr2 After Convergence (continued)

A:rtr2>show>router>isis# database

===============================================================================IS-IS Database===============================================================================LSP ID Sequence Checksum Lifetime Attributes-------------------------------------------------------------------------------

Displaying Level 1 database-------------------------------------------------------------------------------rtr1.00-00 0x134 0x1269 1171 L1rtr2.00-00 0x12d 0x633 902 L1L2 ATTrtr2.03-00 0x121 0xbbc2 894 L1L2Level (1) LSP Count : 3

Displaying Level 2 database-------------------------------------------------------------------------------rtr2.00-00 0x12a 0x655a 975 L1L2rtr4.00-00 0xa4 0x2a1f 657 L1L2Level (2) LSP Count : 2===============================================================================

The show router database command lists the LSPs that are stored in rtr2’s link-state database. These LSPs are used to construct the IS-IS routing table.

Note that the ATT bit is set on the rtr2.00-00 LSP to tell L1 routers that this router is L2-capable.

The pseudo-node LSP is rtr2.03-00.

Alcatel-Lucent C


ot Distribute



rtr2 Status after Convergence — L1 LSP Details

A:rtr2>show>router>isis# database detail

Displaying Level 1 database-------------------------------------------------------------------------------LSP ID : rtr1.00-00 Level : L1Sequence : 0x134 Checksum : 0x1269 Lifetime : 1008Version : 1 Pkt Type : 18 Pkt Ver : 1Attributes: L1 Max Area : 3SysID Len : 6 Used Len : 136 Alloc Len : 136

TLVs :Area Addresses :Area Address : (03) 49.0002

Supp Protocols :Protocols : IPv4

IS-Hostname :Hostname : rtr1

IS Neighbors :Virtual Flag : 0Neighbor : rtr2.03 Metric : 10(I)

Internal Reach :IP Prefix : 1.1.1.1/32 (Dir. :Up) Metric : 0 (I)IP Prefix : 10.10.3.0/24 (Dir. :Up) Metric : 10 (I)

I/f Addresses :IP Address : 1.1.1.1IP Address : 10.10.3.2

The slide above shows the details of one of the LSPs from the L1 database. The database contains the directly connected networks of rtr1.

Alcatel-Lucent C


ot Distribute



rtr2 after Convergence — L2 LSP Details

Displaying Level 2 database-------------------------------------------------------------------------------LSP ID : rtr2.00-00 Level : L2Sequence : 0x12a Checksum : 0x655a Lifetime : 733Version : 1 Pkt Type : 20 Pkt Ver : 1Attributes: L1L2 Max Area : 3SysID Len : 6 Used Len : 188 Alloc Len : 1492

TLVs :Area Addresses :Area Address : (03) 49.0002

Supp Protocols :Protocols : IPv4

IS-Hostname :Hostname : rtr2

IS Neighbors :Virtual Flag : 0Neighbor : rtr4.00 Metric : 10(I)

Internal Reach :IP Prefix : 2.2.2.2/32 (Dir. :Up) Metric : 0 (I)IP Prefix : 10.10.2.0/30 (Dir. :Up) Metric : 10 (I)IP Prefix : 10.10.3.0/24 (Dir. :Up) Metric : 10 (I)IP Prefix : 1.1.1.1/32 (Dir. :Up) Metric : 10 (I)

I/f Addresses :IP Address : 2.2.2.2IP Address : 10.10.2.2IP Address : 10.10.3.1

The slide above shows the details of one of the LSPs from the Level 2 database. The database contains the networks that will be advertised by this router to the other L2 routers in the network. The database therefore must contain the prefixes learned from the L1 routers in its area (1.1.1.1/32 in this case).

Alcatel-Lucent C


ot Distribute




A:rtr1# show router isis database===============================================================================LSP ID Sequence Checksum Lifetime Attributes-------------------------------------------------------------------------------Displaying Level 1 database-------------------------------------------------------------------------------rtr1.00-00 0x136 0xe6b 793 L1rtr2.00-00 0x130 0xff36 1013 L1L2 ATTrtr2.03-00 0x124 0xb5c5 986 L1L2Level (1) LSP Count : 3

Displaying Level 2 database-------------------------------------------------------------------------------Level (2) LSP Count : 0

A:rtr1# show router route-tableDest Address Next Hop Type Proto Age Metric Pref-------------------------------------------------------------------------------0.0.0.0/0 10.10.3.1 Remote IS-IS 01d02h50m 10 151.1.1.1/32 system Local Local 02d00h49m 0 02.2.2.2/32 10.10.3.1 Remote IS-IS 01d02h50m 10 1510.10.2.0/30 10.10.3.1 Remote IS-IS 01d02h50m 20 1510.10.3.0/24 to_rtr2 Local Local 02d00h46m 0 0-------------------------------------------------------------------------------No. of Routes: 5

The slide above shows the IS-IS database and the routing table on rtr1 after convergence. Note the default route that points to the closest L2 router (rtr2).

Alcatel-Lucent C


ot Distribute




A:rtr4# show router isis database===============================================================================LSP ID Sequence Checksum Lifetime Attributes-------------------------------------------------------------------------------Displaying Level 1 database-------------------------------------------------------------------------------rtr4.00-00 0xa1 0x5e98 979 L1L2Level (1) LSP Count : 1

Displaying Level 2 database-------------------------------------------------------------------------------rtr2.00-00 0x12d 0x5f5d 1132 L1L2rtr4.00-00 0xa7 0x2422 835 L1L2Level (2) LSP Count : 2

A:rtr4# show router route-tableDest Address Next Hop Type Proto Age Metric Pref-------------------------------------------------------------------------------1.1.1.1/32 10.10.2.2 Remote IS-IS 01d02h49m 20 182.2.2.2/32 10.10.2.2 Remote IS-IS 01d02h49m 10 184.4.4.4/32 system Local Local 02d00h58m 0 010.10.2.0/30 to_rtr2 Local Local 02d00h55m 0 010.10.3.0/24 10.10.2.2 Remote IS-IS 01d02h49m 20 18-------------------------------------------------------------------------------No. of Routes: 5===============================================================================

The slide above shows the contents of the IS-IS database and the routing table on rtr4 after the routers have converged.

Alcatel-Lucent C


ot Distribute



Lab 6.3 — Configuring IS-IS for Multiple Areas

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

IS-IS

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. An IS-IS router considers that an adjacency is established when it sees its RID in a hello packet sent from a neighbor. True or false?

2. A CSNP contains a list of the new LSPs that a router has just discovered. True or false?

3. What does the DIS do to ensure consistency of the LSDB instead of acknowledging every LSP?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. An IS-IS router considers that an adjacency is established when it sees its RID in a hello packet sent from a neighbor. True or false?

True.

2. A CSNP contains a list of the new LSPs that a router has just discovered. True or false?

False. The CSNP contains a list of all LSPs that the router has in its topological database.

3. What does the DIS do to ensure consistency of the LSDB instead of acknowledging every LSP?

The DIS will transmit a CSNP every 10 seconds to ensure consistency of the LSDB.

Alcatel-Lucent C


ot Distribute



Section Summary

This section covered:IS-IS operationIS-IS packet typesOverall communications and packet exchanges in IS-ISProcessing of network information as it is received

Alcatel-Lucent C


ot Distribute


Intermediate System–to–Intermediate System

Section 4 — IS-IS Resiliency

Alcatel-Lucent C


ot Distribute



HA — Non-Stop Forwarding and CPM Switchover

Non-stop forwarding:A control-plane failure does not interrupt the forwarding of packets.May result in routing loops or black holesRequires support of routing protocol extensions

CPM switchover:Monitors the control plane to ensure a complete and accurate switchover in the event of a failure or manual intervention

Non-stop forwardingIn a control-plane failure or forced switchover event, the router continues to forward packets using the existing stale forwarding information. This requires clean control-plane and data-plane separation. Usually, the route processing (control plane) is handled by a central processor and the forwarding information is distributed to the IOMs for forwarding packets (data plane).

In non-stop forwarding, peer routers must be notified to continue forwarding and receiving packets, even if they lose contact with the route processor. The advantage of non-stop forwarding is that the router continues to forward packets during a failure of the control processor. The disadvantage is that this may cause routing loops and black holes. It also requires that surrounding routers from other vendors all support extension standards to each routing protocol to insure interoperability.

CPM switchoverDuring a switchover, system control and routing protocol execution are transferred from the active CPM to the standby CPM. An automatic switchover may occur under the following conditions:

A fault condition causes the active CPM to crash or reboot.

The active CPM is declared down (not responding).

Online removal of the active CPM

A manual switchover may occur under the following conditions:

Users can force a switchover from the active CPM to the standby CPM by using the config system switchover-exec CLI command. Note that the admin reboot [now] CLI command does not cause a switchover but a reboot of the entire system.

Alcatel-Lucent C


ot Distribute



HA — Non-Stop Routing

Transparent to routing neighborsNo required protocol extensionsCarrier-class rolloverSupport for all routing protocolsIS-IS adjacencies: IS-IS neighbors do not see any change after the switchover.

With NSR on the Alcatel-Lucent 7750 SR, routing neighbors are unaware of a routing process fault. If a fault occurs, a reliable and deterministic activity switch to the inactive control complex occurs such that the routing topology and reachability are not affected, even in the presence of routing updates. NSR achieves high availability using parallelization by constantly maintaining up-to-date routing-state information on the standby route processor. This capability is achieved independently of protocols or protocol extensions, and provides a more robust solution than non-stop forwarding extensions and graceful-restart protocols between network routers. The NSR implementation on the Alcatel-Lucent 7750 SR supports all routing protocols.

No protocol extension is required (i.e., there are no interoperability issues and no need to define protocol extensions for every protocol). Unlike non-stop forwarding and graceful restart, the forwarding information in NSR is always up-to-date, which eliminates possible black holes or forwarding loops. NSR is a relatively new high-availability technique. However, it is regarded as the most promising to ensure that IP packets continue to be forwarded when a route processor fails.

High availability has traditionally been addressed using non-stop forwarding solutions. With the implementation of NSR, the limitations of non-stop forwarding are overcome by delivering an intelligent, hitless failover solution. This enables a carrier-class foundation for transparent networks that is able to support business IP services backed by stringent SLAs.

The following NSR entities remain intact after a switchover:

IS-IS adjacencies: IS-IS neighbors do not see any change after the switchover.

Alcatel-Lucent C


ot Distribute



IS-IS Graceful Restart

Although graceful restart on the Alcatel-Lucent 7750 SR systems is not required due to their NSR capability, graceful restart may be required when other routers that are incapable of NSR are deployed as routing peers to the Alcatel-Lucent 7750 SR systems.

GR helper mode for IS-IS:GR helper mode allows the Alcatel-Lucent 7750 SR to support neighboring routers that are performing graceful restart. The Alcatel-Lucent 7750 SR OS supports IS-IS GR helper mode according to RFC 3847.

7750 SR-7

7450 ESS-7

7450 ESS-7

Vendor X

Vendor Y

Graceful-restart helper configuration requiredNo graceful restart required;

all nodes NSR-capable

Graceful restart is a software mechanism that is used to minimize a temporary disruption in the network caused by a reset of the router or by a reset of the routing process on the router. With this capability, a router can keep packets flowing in the network as long as the router that resets is able to recover in a specified amount of time. This recovery time is negotiated between the GR-capable routers prior to the reset of any one of these routers.

Typically, when a routing processor or the routing process of a router goes down, all routes advertised by the router are withdrawn by its neighboring router before the failed routing processor comes up. This can cause significant service interruptions and extensive route flaps.

Alcatel-Lucent supports proprietary non-stop routing functionality, which provides hitless failover and no route flaps. However, there is still a need to support a subset of graceful restart for interoperability reasons to assist other third-party routers. This subset of graceful restart is known as graceful restart helper functionality.

Graceful-restart helper functionality is supported for IS-IS, as described in RFC 3847.

Alcatel-Lucent C


ot Distribute



IS-IS Graceful Restart: How Does it Work?

Vendor x 7750 SRIS-IS P2P adjacency

……

.

Restart time

IIH = IS-IS helloRR = Restart reqRA = Restart ACKHT = Hold time

IIH: RR = 1 RA = 0 HT = 0

IIH: RR = 0 RA = 1 HT = 200

CSNP, LSPs to synchronize

LSP send after LSP recalc and restart time expired

The restarting router transmits an IIH (hello PDU) with the RR bit set to indicate that it wants a graceful restart.

If the adjacent router has an existing adjacency with this router, it refreshes the hold time for this adjacency and sends an IIH with the RA bit set.

The adjacency is maintained for the hold time even though it might normally have been reinitialized. The receiving router transmits a complete CSNP to enable the restarting router to synchronize its link-state database.

Alcatel-Lucent C


ot Distribute



Configuring Graceful Restart

Context: config>router>isis

Syntax: [no] isis

Example: config>router# isis graceful-restart

To enable graceful restart, use the following command:

graceful-restartSyntax [no] graceful-restart

Context config>router>isis

Description This command enables graceful restart for IS-IS. When the control plane of a GR-capable router fails, the neighboring routers (GR helpers) temporarily preserve adjacency information, so packets continue to be forwarded through the failed GR router using the last-known routes. If the control plane of the GR router comes back up within the GR timer interval, the routing protocols reconverge to minimize service interruption.

The no form of the command disables graceful restart and removes all graceful-restart configurations in the IS-IS instance.

Default no graceful-restart

helper-disable

Syntax [no] helper-disable

Context config>router>isis>graceful-restart

Description This command disables helper support for graceful restart.

When graceful restart is enabled, the router can be a helper (i.e., the router is helping a neighbor to restart), a restarting router, or both. The Alcatel-Lucent 7750 SR OS supports only helper mode. This facilitates the graceful restart of neighbors but does not act as a restarting router (i.e., the Alcatel-Lucent 7750 SR OS does not help the neighbors to restart).

The no helper-disable command enables helper support and is the default when graceful restart is enabled.

Default disabled

Alcatel-Lucent C


ot Distribute



IS-IS Reconvergence

10.1.1.1 10.1.1.210.1.1.0/24.1 .2

IS-IS relies on hello PDUs to maintain the adjacency. The default setting for the hello interval is 9 seconds with a holding time of 27 seconds.

— With this configuration, routers could take up to 27 seconds to detect that a neighbor has gone down.

S1 S2

R1 R2

R = RouterS = Layer 2 switch

In the figure above, if there is a failure between S1 and S2, the routers could take up to 27 seconds to detect a change in state. There is a requirement to detect link failures more quickly than the hello timers permit. Bidirectional forward detection can accomplish this.

Alcatel-Lucent C


ot Distribute



Bidirectional Forwarding Detection

BFD is intended to provide a lightweight, low-overhead, short-duration detection of failures in the path between 2 systems.

If a system stops receiving BFD messages, it is assumed that a failure along the path has occurred, and the associated protocol or service is notified of the failure.

Base BFD Internet draft: draft-ietf-bfd-base-0x.txt Encapsulation according to draft-ietf-bfd-v4v6-1hop-02.txtMIB support according to draft-ietf-bfd-mib-00.txt

Alcatel-Lucent C


ot Distribute



Bidirectional Forwarding Detection (continued)

BFD control packets are sent over UDP with destination port number 3784 and source port number in the range 49 152 to 65 535.

IP TTL = 255 if authentication is not enabled.A path is only declared operational when 2-way communication has been established between the systems.If multiple BFD sessions exist between 2 nodes, the BFD discriminator is used to demultiplex the BFD control packet to the appropriate BFD session.

BFD Modes

The < asynchronous mode > uses periodic BFD control messages to test the path between systems.

Alcatel-Lucent C


ot Distribute



Enabling BFD

To enable BFD on an interface, use the following command:

Context: config>router>interfaceSyntax: bfd [100..100000]* receive [100..100000]* multiplier [3..20]

Example: configure router interface “to-R2"address 10.1.2.1/24port 1/1/1bfd [100..100000]* receive [100..100000]* multiplier [3..20]

exit

bfd <transmit-interval>[receive<receive-interval>][multiplier<multiplier>]

<transmit-interval> : [100..100000] in milliseconds

<receive-interval> : [100..100000] in milliseconds

<multiplier> : [3..20]

Alcatel-Lucent C


ot Distribute



Enabling BFD for IS-IS

Context: config>router>isis>interface#

Syntax: [no] enable-bfd

Example:configure router isis area 49.0001interface "system"exitinterface “to-R1“

enable-bfd ipv4exit

•To enable BFD for IS-IS, use the following command:

Alcatel-Lucent C


ot Distribute



Verifying BFD

A:R1# show router bfd session

====================================================BFD Session====================================================Interface State Tx Intvl Rx Intvl MultRemote Address Protocol Tx Pkts Rx Pkts

----------------------------------------------------To-R2 Up (3) 100 100 3

10.1.2.2 isis 3478 3471 ------------------------------------------------------No. of BFD sessions: 1

•To verify BFD, use the following command:

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the process of non-stop forwarding? What advantage does it provide?

2. What is the advantage of non-stop routing?3. If the Alcatel-Lucent 7750 SR is configured for graceful

restart, it acts as a GR helper to any router that unexpectedly reboots. True or false?

4. BFD is a lightweight protocol that uses UDP to determine that a neighboring router has lost the ability to forward packets on a particular link. True or false?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the process of non-stop forwarding? What advantage does it provide?

Routers with a distinct control and forwarding plane can perform non-stop forwarding. In the event of a control plane failure the forwarding plane will continue to forward packets based on the contents of the forwarding database, hence minimizing disruption in the network. However, while the control plane is non-functional the forwarding table is not being updated and hence becomes stale. Also, other routers in the domain will eventually terminate their adjacencies with the router and will cease to forward packets.

2. What is the advantage of non-stop routing?

In non-stop routing, there is a redundant control plane with a complete, up-to-date copy of all routing information. In the event of failure of the active control plane, the standby control plane takes over all routing functions. Other routers in the network do not see any disruption and continue to operate normally.

3. If the Alcatel-Lucent 7750 SR is configured for graceful restart, it acts as a GR helper to any router that unexpectedly reboots. True or false?

True, if the router requests Graceful Restart.

4. BFD is a lightweight protocol that uses UDP to determine that a neighboring router has lost the ability to forward packets on a particular link. True or false?

True.

Alcatel-Lucent C


ot Distribute


Intermediate System–to–Intermediate System (IS-IS)

Section 5 — Basic IS-IS Configuration

Alcatel-Lucent C


ot Distribute



IS-IS — Configuration and Implementation

Start

Modify level capability(Optional)

Configure global parameters

Enable IS-IS

Turn up

Configure interfaceparameters

Specify area address

For IS-IS to operate on the Alcatel-Lucent 7750 SR, IS-IS must be explicitly enabled, and at least one area address andinterface must be configured. If IS-IS is enabled but no area address or interface is defined, the protocol is enabled, but no routes are exchanged. When at least one area address and interface are configured, adjacencies can be formed and routes can be exchanged.

To configure IS-IS, perform the following tasks:

• Enable IS-IS.

• If necessary, modify the level capability at the global level (the default is L1/L2).

• Define an area address or addresses.

• Configure the IS-IS interfaces.

Area ID — Identifies the area-ID portion of the NET

Level — Specifies that the router can be configured as an L1, L2, or L1/L2 system

Level capability — Configures the level capability for the IS-IS (global) routing process

Interface — Allows you to customize certain interface-specific IS-IS parameters

Interface level capability — Configures the interface-specific level capability for the IS-IS routing process

Alcatel-Lucent C


ot Distribute



IS-IS — Major Component Configuration

RouterIS-IS

— Area ID— Level— Level capability— Interface

– Level capability

ShowRouter

— IS-IS

ClearRouter

— IS-IS

GeneralIS-IS must be enabled on each participating Alcatel-Lucent 7750 SR.

There are no default network entity titles.

There are no default interfaces.

By default, the Alcatel-Lucent 7750 SR is assigned an L1/L2 level capability.

Alcatel-Lucent C


ot Distribute



IS-IS — Activating IS-IS

To initiate IS-IS on the router, use the following command:


Syntax: [no] isis

Example: config>router# isis

isis

Syntax [no] isis


Description This command creates the context for configuring the IS-IS protocol instance. The IS-IS protocol instance is enabled with the no shutdown command in the config>router>isis context. Alternatively, the IS-IS protocol instance is disabled with the shutdown command in the config>router>isis context. The no form of the command deletes the IS-IS protocol instance. Deleting the protocol instance removes all configuration parameters for this IS-IS instance.

Default no isis — No IS-IS protocol instance is defined

Alcatel-Lucent C


ot Distribute



IS-IS — Area ID Configuration

To configure the area-ID for IS-IS, use the following command:


Syntax: [no] area-id area-address

Example: config>router>isis# area-id 49.0051

area-idSyntax [no] area-id area-address


Description This command allows you to configure the area ID portion of NSAP addresses. The area ID identifies a point of connection to the network, such as a router interface, and is called a NSAP. A maximum of 3 area addresses can be configured.

NSAP addresses are divided into three parts, as follows. Only the area ID portion is configurable:

• Area ID — A variable-length field from 1 to 13 bytes. This includes the AFI as the most significant byte, and the area ID.

• System ID — The system ID is derived from the system ID or router ID and cannot be configured.

• Selector ID — A 1-byte selector ID that must contain zeros when a NET is configured. This value is not configurable. The selector ID is always 00.

The NET is constructed like an NSAP, but the selector byte contains a 00 value. NET addresses are exchanged in hello and LSP PDUs.

For L1 interfaces, neighbors can have different area IDs, but, they must have at least one area ID (AFI + area) in common.

For L2 (only) interfaces, neighbors can have different area IDs. However, if they have no area IDs in common, they become only L2 neighbors, and L2 LSPs are exchanged.

For L1/L2 interfaces, neighbors can have different area IDs. If they have at least one area ID (AFI + area) in common, they become neighbors. In addition to exchanging L2 LSPs, area merging between potentially different areas can occur.

If multiple area-id commands are entered, the system ID of all subsequent entries must match the first area address.

Default none — No area address is assigned.

Parameters area-address – The 1-byte to 13-byte address. Of the total 20 bytes that comprise the NET, only the first 13 bytes can be manually configured. As few as 1 byte can be entered, or, at most, 13 bytes. If fewer than 13 bytes are entered, the rest is padded with zeros.

Alcatel-Lucent C


ot Distribute



In IS-IS, multiple area IDs are allowable.Up to 3 area-ID addresses may be defined on a router.This configuration can be used for area migration due to administrative reasons.

IS-IS — Configuring Multiple Area IDs in a Single Area

L1/L2 L1/L2

L1/L2 L1/L2

49.000150.000151.0001

49.000153.000154.0001

60.000161.000162.0001

60.000165.000166.0001

Alcatel-Lucent C


ot Distribute



IS-IS — Defining L1 and L2 Attributes

To optionally configure level 1 or level 2 area attributes, or use the following command:


Syntax: [no] level level-number

Example: config>router>isis# level 1

level

Syntax level level-number

Context config>router>isisconfig>router>isis>interface ip-int-name

Description This command creates the context to configure IS-IS L1 or L2 area attributes. A router can be configured as an L1, L2, or L1/L2 system:

• An L1 adjacency can be established if there is at least one area address shared by this router and a neighbor. An L2 adjacency cannot be established over this interface.

• An L1/L2 adjacency is created if the neighbor is also configured as an L1/L2 router and has at least one area address in common.

• An L2 adjacency is established if another router is configured as an L2 or a L1/L2 router.Special CasesGlobal IS-IS Level — The config>router>isis context configures default global parameters for both L1 and L2 interfaces.IS-IS Interface Level — The config>router>isis>interface context configures IS-IS operational characteristics of the interface at L1 and/or L2. A logical interface can

be configured on one level 1 and one level 2. In this case, each level can be configured independently, and parameters must be removed independently.By default, an interface operates in both L1 and L2 modes.

Default level 1 or level 2Parameters level-number – The IS-IS level numberValues 1, 2

Alcatel-Lucent C


ot Distribute



IS-IS — Defining L1/L2 Capabilities

To optionally configure the routing level of the IS-IS instance, use the following command:

Context: config>router>isis>

Syntax: [no] level-capability {level-1 | level-2 | level-1/2}

Example: config>router>isis# level-capability level-1/2

level-capabilitySyntax [no] level-capability {level-1 | level-2 | level-1/2}


config>router>isis>interface ip-int-name

Description This command configures the routing level for an instance of the IS-IS routing process. An IS-IS router and an IS-IS interface can operate at level 1, level 2, or both levels 1 and 2.Global level Interface level Potential adjacencyL 1/2 L 1/2 Level 1 and/or level 2

L 1/2 L 1 Level 1 only

L 1/2 L 2 Level 2 only

L 2 L 1/2 Level 2 only

L 2 L 2 Level 2 only

L 2 L 1 None

L 1 L 1/2 Level 1 only

L 1 L 2 None

L 1 L 1 1 only

Special Cases IS-IS Router — In the config>router>isis context, changing the level-capability performs a restart on the IS-IS protocol instance.

IS-IS Interface — In the config>router>isis>interface context, changing the level-capability performs a restart of IS-IS on the interface.

Default level-1/2Parameters

level-1 — Specifies that router/interface can operate at level 1 only

level-2 — Specifies that router/interface can operate at level 2 only

level-1/2 — Specifies that router/interface can operate at both level 1 and level 2

Alcatel-Lucent C


ot Distribute



IS-IS — Associating an Interface for IS-IS

To access the IS-IS interface, use the following command:


Syntax: [no] interface ip-int-name

Example: config>router>isis# interface igp-4

interface

Syntax [no] interface ip-int-name


Description This command creates the context for configuring an IS-IS interface. When an area is defined, the interfaces belong to that area. Interfaces cannot belong to separate areas. When the interface is a POS channel, the OSINCP is enabled when the interface is created and is removed when the interface is deleted. The no form of the command removes IS-IS from the interface.

The shutdown command in the config>router>isis>interface context administratively disables IS-IS on the interface without affecting the IS-IS configuration.

Default no interface — No IS-IS interfaces are defined.

Parametersip-int-name — Identifies the IP interface name created in the config>router>interface context. The IP interface name must already exist.

Alcatel-Lucent C


ot Distribute



IS-IS — Defining the Interface Type

To define the interface capability for IS-IS, use the following command:

Context: config>router>isis>area>interface

Syntax: [no] interface-type {broadcast | point-to-point}

Example: config>router>isis>area>interface# interface-type broadcast

Alcatel-Lucent C


ot Distribute



IS-IS — Sample IS-IS Configuration

ALA-1>config>router# isis

ALA-1>config>router>isis# area-id 49.0051

ALA-1>config>router>isis# level-capability level-1

ALA-1>config>router>isis# interface system

ALA-1>config>router>isis>if# exit

ALA-1>config>router>isis# interface igp-4




ALA-1>config>router# isis

ALA-1>config>router>isis# area-id 49.0051

ALA-1>config>router>isis# level-capability level-1

ALA-1>config>router>isis# interface system






ALA-A>config>router>isis# info

----------------------------------------------

level-capability level-1

area-id 49.0051

interface "system"

exit

interface “igp-4"

exit

interface “igp-1"

exit

----------------------------------------------

ALA-A>config>router>isis#

Alcatel-Lucent C


ot Distribute



IS-IS — Show Status Command

To show the IS-IS status, use the following command:

Context: show>router>isis

Syntax: status

Example: AL-4# show router isis status

status

Syntax status

Context show>router>isis

Description This command shows information about the IS-IS status.

Alcatel-Lucent C


ot Distribute



IS-IS — Show Status Example

ALA-A# show router isis status

===============================================================================

IS-IS Status

===============================================================================

System Id : 0100.1001.0103

Admin State : Up

Last Enabled : 01/27/2004 23:59:40

Level Capability : L1L2

Authentication Check : False

Authentication Type : Password

Traffic Engineering : Disabled

Graceful Restart : Disabled

LSP Lifetime : 1200

LSP Wait : 5 sec (Max) 0 sec (Initial) 1 sec (Second)

…… <output removed>

ALA-A# show router isis status

===============================================================================

IS-IS Status

===============================================================================

System Id : 0100.1001.0103

Admin State : Up

Last Enabled : 01/27/2004 23:59:40

Level Capability : L1L2

Authentication Check : False

Authentication Type : Password

Traffic Engineering : Disabled

Graceful Restart : Disabled

LSP Lifetime : 1200

LSP Wait : 5 sec (Max) 0 sec (Initial) 1 sec (Second)

…… <output removed>

The remaining output is shown below:

L1 Auth Type : password

L2 Auth Type : md5

L1 Preference : 15

L2 Preference : 18

L1 Ext. Preference : 100

L2 Ext. Preference : 200

L1 Wide Metrics : Disabled

L2 Wide Metrics : Disabled

L1 LSDB Overload : Disabled

L2 LSDB Overload : Disabled

L1 LSPs : 3

L2 LSPs : 3

Last SPF : 01/28/2004 03:09:09

SPF Wait : 10 sec (Max) 1000 ms (Initial) 1000 ms (Second)

Export Policies : isis410

Area Addresses : 47.4001.8000.00a7.0000.ffdd.0007

===============================================================================

ALA-A#

Alcatel-Lucent C


ot Distribute



IS-IS — Show Routes Command

To list IS-IS routes, use the following command:

Context: show>router>isis>

Syntax: routes

Example: show>router>isis# routes

routes

Syntax routes


Description This command lists the routes in the IS-IS routing table.

Output IS-IS Route Table Output — The next page shows the output and describes the IS-IS route table output fields.

Alcatel-Lucent C


ot Distribute



IS-IS — Show Routes Command Example

ALA-A# show router isis routes

===============================================================================

Route Table

===============================================================================

Prefix Metric Lvl/Typ Version Nexthop SysID/Hostname

-------------------------------------------------------------------------------

7.1.0.0/24 40 2/Int. 14 180.0.5.2 core_west

7.2.0.0/24 60 2/Int. 14 180.0.6.5 core_east

180.100.25.4/30 50 2/Int. 14 180.0.6.5 core_east

180.100.25.12/30 70 2/Int. 14 180.0.7.9 asbr_west

-------------------------------------------------------------------------------

Routes : 4

===============================================================================

ALA-A#

ALA-A# show router isis routes

===============================================================================

Route Table

===============================================================================

Prefix Metric Lvl/Typ Version Nexthop SysID/Hostname

-------------------------------------------------------------------------------

7.1.0.0/24 40 2/Int. 14 180.0.5.2 core_west

7.2.0.0/24 60 2/Int. 14 180.0.6.5 core_east

180.100.25.4/30 50 2/Int. 14 180.0.6.5 core_east

180.100.25.12/30 70 2/Int. 14 180.0.7.9 asbr_west

-------------------------------------------------------------------------------

Routes : 4

===============================================================================

ALA-A#

Label DescriptionPrefix Route prefix and mask

Metric Metric for the route

Lvl/Type Level (1 or 2) and route type: internal (Int) or external (Ext)

Version SPF version that generated the route

Nexthop System ID of the next hop, give hostname if possible

Hostname Host name for the specific system-id

Alcatel-Lucent C


ot Distribute



IS-IS — Show Adjacency Command

To examine IS-IS adjacencies, use the following command:


Syntax: adjacency [ip-addr | ip-int-name | nbr-system-id] [detail]

Example: show router isis adjacency

adjacency

Syntax adjacency [ip-addr | ip-int-name | nbr-system-id] [detail]


Description This command lists information about the IS-IS neighbors.

When ip-addr or ip-int-name is specified, only adjacencies with this interface are listed.

When nbr-system-id is specified, only the adjacency with that ID is listed.

When no ip-addr, ip-int-name, or nbr-system-id are specified, all adjacencies are listed.

If the keyword detail is specified, all output is listed in the detailed format.

Output Standard and Detailed IS-IS Adjacency Output — The next page shows the output and describes the standard and detailed command output fields for an IS-IS adjacency.

Alcatel-Lucent C


ot Distribute



IS-IS — Show Adjacency Command Example

ALA-A# show router isis adjacency

=============================================================================

IS-IS Adjacency

=============================================================================

System ID Usage State Hold Interface

-----------------------------------------------------------------------------

asbr_east L2 Up 23 if2/5

dist_oak L1 Up 27 if2/2

-----------------------------------------------------------------------------

Adjacencies : 2

=============================================================================

ALA-A#

ALA-A# show router isis adjacency

=============================================================================

IS-IS Adjacency

=============================================================================

System ID Usage State Hold Interface

-----------------------------------------------------------------------------

asbr_east L2 Up 23 if2/5

dist_oak L1 Up 27 if2/2

-----------------------------------------------------------------------------

Adjacencies : 2

=============================================================================

ALA-A#

Output Standard and Detailed IS-IS Adjacency Output — The following table describes the standard and detailed command output fields for an IS-IS adjacency.

Label DescriptionInterface Interface name that is associated with the neighbor

System ID Neighbor system ID

Level 1-L1 only, 2-L2 only, 3-L1 and L2

State Up, down, new, one-way, initializing, or rejected

Hold Hold time remaining for the adjacency

SNPA Subnetwork point of attachment, MAC address of the next hop

Circuit type Level on the interface: L1, L2, or both

Expires In Number of seconds until the adjacency expires

Priority Priority to become the DR

Up/down transitions Number of times the neighbor state has changed

Event Event that caused the last transition

Last transition Time since the last transition change

Speaks Supported protocols (currently only IP)

IP address IP address of the neighbor

Alcatel-Lucent C


ot Distribute



IS-IS — Show Database Command

To examine the IS-IS database, use the following command:


Syntax: database [system-id | lsp-id ] [detail] [level level]

Example: show>router>isis>area# show router isis database

database

Syntax database [system-id | lsp-id ] [detail] [level level]


Description This command lists the entries in the IS-IS link-state database.

Parameters system-id — Only the LSPs related to this system-id are listed. If no system-id or lsp-id is specified, all database entries are listed.

lsp-id — Only the specified LSP (host name) is listed. If no system-id or lsp-id is specified, all database entries are listed.

detail — All output is displayed in the detailed format.

level level — Only the specified IS-IS protocol-level attributes are displayed.

Output Standard and Detailed IS-IS Adjacency Output — The next page shows the output and describes the standard and detailed command output fields for an IS-IS adjacency

Alcatel-Lucent C


ot Distribute



IS-IS — Show Database Command Example

ALA-A# show router isis database

=============================================================================

IS-IS Database

=============================================================================

LSP ID Sequence Checksum Lifetime Attributes

-----------------------------------------------------------------------------

Displaying Level 1 database

-----------------------------------------------------------------------------

abr_dfw.00-00 0x50 0x164f 603 L1L2

Level (1) LSP Count : 1


-----------------------------------------------------------------------------

asbr_east.00-00 0x53 0xe3f5 753 L2

abr_dfw.00-00 0x57 0x94ff 978 L1L2


=============================================================================

ALA-A#

ALA-A# show router isis database

=============================================================================

IS-IS Database

=============================================================================

LSP ID Sequence Checksum Lifetime Attributes

-----------------------------------------------------------------------------


-----------------------------------------------------------------------------

abr_dfw.00-00 0x50 0x164f 603 L1L2



-----------------------------------------------------------------------------

asbr_east.00-00 0x53 0xe3f5 753 L2

abr_dfw.00-00 0x57 0x94ff 978 L1L2


=============================================================================

ALA-A#


Label DescriptionLSP ID Auto-assigned by the originating IS-IS node.Sequence Sequence number of the LSP just received, to ensure the most recent entryChecksum Checksum of the entire LSP packetLifetime Amount of time, in seconds, that the LSP will remain validAttributes OV The overload bit is set.LSP Count A sum of all configured L1 and L2 LSPsLSP ID Unique ID for each LSP Lifetime Remaining time until the LSP expiresVersion Version/protocol ID extension (always set to 1)Pkt Type PDU type numberPkt Ver Version/protocol ID extension (always set to 1)Max Area Maximum number of area addresses supportedSys ID Len Length of the system ID field (0 or 6 for 6 digits)Use Len Actual length of the PDUAlloc Len Amount of memory space allocated for the LSPArea Address Area addresses to which the router is connectedSupp Protocols Data protocols that are supportedIS-Hostname Name of the router that originated the LSPNeighbor Routers that are running interfaces to which the router is connectedInternal Reach 32-bit metric IP Prefix IP addresses of externally originated devicesMetrics Routing metric used in the IS-IS link-state calculation

Alcatel-Lucent C


ot Distribute



IS-IS — Show Hostname Command

To associate a host name with a system ID in IS-IS, use the following command:


Syntax: hostname

Example: show>router>isis# hostname

hostname

Syntax hostname


Description This command shows the hostname database. There are no options or parameters.

Alcatel-Lucent C


ot Distribute



IS-IS — Show Hostname Command Example

ALA-A# show router isis hostname

=========================================================================

Hosts

=========================================================================

System Id Hostname

-------------------------------------------------------------------------

1800.0000.0002 core_west

1800.0000.0005 core_east

1800.0000.0008 asbr_west

=========================================================================

ALA-A#

ALA-A# show router isis hostname

=========================================================================

Hosts

=========================================================================

System Id Hostname

-------------------------------------------------------------------------

1800.0000.0002 core_west

1800.0000.0005 core_east

1800.0000.0008 asbr_west

=========================================================================

ALA-A#

Alcatel-Lucent C


ot Distribute



IS-IS — Show Interface Command

To monitor the IS-IS interface, use the following command:


Syntax: interface [ip-int-name | ip-addr] [detail]

Example: show>router>isis>area# show router isis interface

interface

Syntax interface [ip-int-name | ip-addr] [detail]


Description This command lists IS-IS interface information.

When ip-addr or ip-int-name is provided, only this specified interface is listed.

When no ip-addr or ip-int-name is specified, all interfaces are listed.

If the keyword detail is specified, all output is given in the detailed format.

Output Standard and Detailed IS-IS Adjacency Output — The next page shows the output and describes the standard and detailed command output fields for an IS-IS adjacency.

Alcatel-Lucent C


ot Distribute



IS-IS — Show Interface Command Example

ALA-A# show router isis interface

=============================================================================

IS-IS Interfaces

=============================================================================

Interface Level CircID Oper State L1/L2 Metric

-----------------------------------------------------------------------------

system L1L2 1 Up 10/10

if2/1 L2 8 Up -/10

if2/2 L1 5 Up 10/-

if2/3 L1 6 Up 10/-

-----------------------------------------------------------------------------

Interfaces : 4

=============================================================================

ALA-A#

ALA-A# show router isis interface

=============================================================================

IS-IS Interfaces

=============================================================================

Interface Level CircID Oper State L1/L2 Metric

-----------------------------------------------------------------------------

system L1L2 1 Up 10/10

if2/1 L2 8 Up -/10

if2/2 L1 5 Up 10/-

if2/3 L1 6 Up 10/-

-----------------------------------------------------------------------------

Interfaces : 4

=============================================================================

ALA-A#


Label DescriptionInterface Interface name

Level Interface level (L1, L2, or L1/L2)

CircID Circuit identifier

Oper State Up: The interface is operationally up.

Down: The interface is operationally down.

L1/L2 Metric Interface metric for level 1 and level 2, if neither level is set to 0

Alcatel-Lucent C


ot Distribute



IS-IS — Show SPF Command

To examine SPF information, use the following command:

Context: show>router>isis

Syntax: spf

Example: AL-4# show router isis spf

spf

Syntax spf [detail]


Description This command displays information about SPF calculation.

Output Standard and Detailed IS-IS Adjacency Output — The next page shows the output and standard and detailed command output fields for an IS-IS adjacency.

Alcatel-Lucent C


ot Distribute



IS-IS — Show SPF Command Example

ALA-A# show router isis spf

=============================================================================

Path Table

=============================================================================

Node Interface Nexthop

-----------------------------------------------------------------------------

acc_msq.03 lag-1 core_east

acc_msq.03 If2/8 core_west

acc_msq.04 if2/5 asbr_east


acc_msq.04 if2/8 core_west

=============================================================================

ALA-A#

ALA-A# show router isis spf

=============================================================================

Path Table

=============================================================================

Node Interface Nexthop

-----------------------------------------------------------------------------


acc_msq.03 If2/8 core_west

acc_msq.04 if2/5 asbr_east


acc_msq.04 if2/8 core_west

=============================================================================

ALA-A#


Label DescriptionNode Route node and mask

Interface Outgoing interface name for the route

Metric Metric for the route

Nexthop System ID or host name of the next hop

SNPA SNPA with which a router is physically attached to a subnetwork

Alcatel-Lucent C


ot Distribute



IS-IS — Configuring Authentication for IS-IS

To create an authentication policy, use the following command:


Syntax: [no] authentication-type {password | message-digest}

Example: config>router>isis# authentication-type password

authentication-type

Syntax [no] authentication-type {password | message-digest}


config>router>isis>level level-number

Description This command enables either simple-password or message-digest authentication in the global IS-IS or IS-IS-level context. Both the authentication key and the authentication type on a segment must match. The authentication-key statement must also be included. Configure the authentication type at the global level in the config>router>isis context. Configure or override the global setting by configuring the authentication type in the config> router>isis>level context. The no form of the command disables authentication.

Default no authentication-type — No authentication type is configured and authentication is disabled.

Parameters password — Specifies that simple password (plain-text) authentication is required

message-digest — Specifies that MD5 authentication in accordance with RFC 2104 is required

Alcatel-Lucent C


ot Distribute



IS-IS — Configuring the Authentication Key

To configure the authentication key, use the following command:



Example: config>router>isis# authentication-key Alcatel

Authentication-key

syntax [no] authentication-key [authentication-key | hash-key] [hash | hash2]


config>router>isis>level level-number

Description This command sets the authentication key used to verify PDUs sent by neighboring routers on the interface. Neighboring routers use passwords to authenticate PDUs sent from an interface. For authentication to work, both the authentication key and the authentication type on a segment must match. The authentication-type statement must also be included. To configure authentication at the global level, configure this command in the config>router>isis context. When this parameter is configured at the global level, all PDUs are authenticated, including the hello PDU. To override the global setting for a specific level, configure the authentication-key command in the config>router>isis>level context. When configured at a specific level, hello PDUs are not authenticated. The no form of the command removes the authentication key.

Default no authentication-key — No authentication key is configured.

Parameters authentication-key — The authentication key. The key can be any combination of ASCII characters, up to 255 characters (unencrypted). If spaces are used in the string, enclose the entire string in double quotation marks.


hash — Specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear-text form.


Alcatel-Lucent C


ot Distribute



IS-IS — Configuring Hello Authentication for IS-IS

To configure hello authentication, use the following command:

Context: config>router>isis>interface

Syntax: [no] hello-authentication-type {password | message-digest}

Example: config>router>isis>interface# hello-authentication-type password

hello-authentication-type

Syntax [no] hello-authentication-type {password | message-digest}

Context config>router>isis>interface ip-int-name

• config>router>isis>interface ip-int-name>level level-number

Description This command enables hello authentication in the interface or level context. Both the hello authentication key and the hello authentication type on a segment must match. The hello authentication-key statement must also be included. To configure the hello authentication type in the interface context, use hello-authentication-type in the config>router>isis>interface context. To configure or override the hello authentication setting for a given level, configure the hello-authentication-type in the config>router>isis>interface>level context. The no form of the command disables hello authentication.

Default no hello-authentication-type — Hello authentication is disabled.

Parameters password — Specifies that simple password (plain-text) authentication is required.

message-digest — Specifies that MD5 authentication in accordance with RFC 2104 is required.

Alcatel-Lucent C


ot Distribute



IS-IS — Configuring the Hello Authentication Key

To configure the hello authentication key, use the following command:

Context: config>router>isis>interface

Syntax: [no] hello-authentication-key [authentication-key | hash-key] [hash | hash2]

Example: config>router>isis>interface# hello-authentication-key Alcatel

hello-authentication-keySyntax [no] hello-authentication-key [authentication-key | hash-key] [hash | hash2]

Description This command configures the authentication key (password) for hello PDUs. Neighboring routers use the password to verify the authenticity of hello PDUs sent from this interface. Both the hello authentication key and the hello authentication type on a segment must match. The hello-authentication-type must be specified. To configure the hello authentication key in the interface context, use the hello-authentication-key in the config>router> isis>interface context. To configure or override the hello authentication key for a specific level, configure the hello-authentication-key in the config>router>isis>interface>level context. If both IS-IS and hello authentication are configured, hello messages are validated using hello authentication. If only IS-IS authentication is configured, it is used to authenticate all IS-IS (including hello) protocol PDUs. When the hello authentication key is configured in the config>router>isis>interface context, it applies to all levels configured for the interface. The no form of the command removes the authentication key from the configuration.

Default no hello-authentication-key — No hello authentication key is configured.

Parameters authentication-key — The hello authentication key (password). The key can be any combination of ASCII characters, up to 254 characters (unencrypted). If spaces are used in the string, enclose the entire string in double quotation marks.


hash — Specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear-text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.


Alcatel-Lucent C


ot Distribute



IS-IS — Authentication Configuration Example

ALA-1# configure router isis

ALA-1>config>router>isis# authentication-type password

ALA-1>config>router>isis# authentication-key Alcatel


ALA-1>config>router>isis>if# hello-authentication-type password

ALA-1>config>router>isis>if# hello-authentication-key Alcatel

ALA-1# configure router isis

ALA-1>config>router>isis# authentication-type password

ALA-1>config>router>isis# authentication-key Alcatel


ALA-1>config>router>isis>if# hello-authentication-type password

ALA-1>config>router>isis>if# hello-authentication-key Alcatel

ALA-A>config>router>isis# info

----------------------------------------------

level-capability level-1

area-id 49.0051

interface "system"

exit

interface “igp-4"

exit

interface “igp-1"

exit

----------------------------------------------

ALA-A>config>router>isis#

Alcatel-Lucent C


ot Distribute



To configure overload on boot command, use the following:During “overload” period, router will participate in the routingprotocol, but is not supposed to be forwarding trafficThe router sets the overload bit in its LSP to indicate the overload state

IS-IS — Configuring Overload on Boot


Syntax: [no] overload-on-boot [timeout seconds]

Example: config>router>isis# overload-on-boot 60

overload-on-boot

Syntax [no] overload-on-boot [timeout seconds]


Description When a router is in an overload state, the router is used only if there is no other router to reach the destination. This command configures the IGP on startup in the overload state until one of the following events occurs:

The timeout timer expires.

A manual override of the current overload state is entered with the no overload command.

The no overload command does not affect the overload-on-boot function. The no form of the command removes the overload-on-boot functionality from the configuration.

Default no overload-on-boot

Use the show router ospf status and/or show router isis status command to list the administrative and operational states as well as all timers.

Parameters timeout seconds — The interval for each display, in seconds.

Values 60 to 1800

Default 60

Alcatel-Lucent C


ot Distribute



To configure summarization for L1 and L2 networks, use the following command:

IS-IS — Configuring Summary Addresses for IS-IS


Syntax: [no] summary-address {ip-prefix/mask | ip-prefix [netmask]} level

Example: config>router>isis# summary-address 10.1.0.0/16 level 2

summary-address

Syntax [no] summary-address {ip-prefix/mask | ip-prefix [netmask]} level


Description This command creates summary addresses.

Default none

Parameters ip-prefix/mask — Specifies information for the specified IP prefix and mask length

netmask – The subnet mask, in dotted-decimal notation

Values 0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

level — Specifies IS-IS L1 or L2 area attributes

Alcatel-Lucent C


ot Distribute



IS-IS — Clear IS-IS Adjacencies Command

To clear IS-IS adjacencies, use the following command:

Context: clear>router>isis

Syntax: adjacency [system-id ]

Example: AL-4# clear router isis adjacency

adjacency

Syntax adjacency [system-id ]

Context clear>router>isis

Description This command clears and resets the entries in the IS-IS adjacency database.

Parameters system-id — When the system ID is entered, only the specified entries are removed from the IS-IS adjacency database.

Alcatel-Lucent C


ot Distribute



IS-IS — Clear IS-IS Database Command

To clear the IS-IS database, use the following command:


Syntax: database [system-id]

Example: AL-4# clear router isis database

database

Syntax database [system-id ]


Description This command removes the entries from the IS-IS link-state databases, which contains information about PDUs.

Parameters system-id — When the system ID is entered, only the specified entries are removed from the IS-IS link-state database.

Alcatel-Lucent C


ot Distribute



IS-IS — Clear Statistics Command

To clear IS-IS statistics, use the following command:


Syntax: statistics

Example: AL-4# clear router isis statistics

statistics

Syntax statistics


Description This command clears and resets IS-IS statistics.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. How does IS-IS determine the cost of a segment?2. What are the 3 databases created by IS-IS on the router?3. What is an L1 and L2 router?4. What command allows you to view your router’s IS-IS

neighbors?5. What command resets the topological database?6. What are the major steps that occur in the establishment

of an adjacency between 2 IS-IS routers?7. Compare the adjacency-establishment steps with the

steps that occur between 2 OSPF routers.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. How does IS-IS determine the cost of a segment?1. By default, the cost of a segment is 10 in IS-IS. The “reference-bandwidth” command can be used to have

IS-IS calculate the costs based on link bandwidth as in OSPF. The metric can also be set manually. 2. What are the 3 databases created by IS-IS on the router?

1. Adjacency, topology and forwarding databases.3. What is an L1 and L2 router?

1. An L1 router maintains a topological database of all links in the Level 1 area and performs the SPF calculation on this topology. An L2 router maintains a topology of the L2 backbone and performs the SPF calculation on this topology.

4. What command allows you to view your router’s IS-IS neighbors?1. show router isis adjacency

5. What command resets the topological database?1. clear router isis database

6. What are the major steps that occur in the establishment of an adjacency between 2 IS-IS routers?1. Routers exchange hellos. Once a router sees its system ID in a Hello packet it considers the adjacency to

be formed2. CSNPs are exchanged to determine what LSPs are required to bring the topology databases up-to-date.3. Routers exchange LSPs to bring their databases up to date.4. On a point-to-point link, PSNPs are exchanged to acknowledge LSPs.5. CSNPs are transmitted periodically to maintain database consistency.

7. Compare the adjacency-establishment steps with the steps that occur between 2 OSPF routers.1. The process is very similar with a few differences2. In OSPF the adjacency is only considered to be partially formed after the successful exchange of Hellos.

Hello parameters must match (timer values, area id, subnet mask, B bit value) to be successful.3. Database Description performs a similar function to the CSNP.4. OSPF routers request the LSAs they need with a Link State Request packet.5. All Link State Update packets are acknowledged with a Link State Acknowledgement.6. The adjacency is considered fully established when both topology databases are up-to-date.

Alcatel-Lucent C


ot Distribute



Section Summary

This section covered configuration of IS-IS:Invoking IS-ISDefining the level of IS-IS on the routerConfiguring the interfaceDefining the level of IS-IS on the interface

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute



Module 7 — Filters and Policies

Alcatel-Lucent C


ot Distribute




Define the use of filtersExplain the configuration commandsDefine route policiesConfigure policies for route redistributionTroubleshoot and verify the operation of route and filter policiesUse show commands

Module Objectives







Alcatel-Lucent C


ot Distribute


Filters and Policies

Section 1 — Filtering Overview

Alcatel-Lucent C


ot Distribute



Section Objectives

Filtering OverviewDefining what filtering accomplishesOperation with Alcatel-Lucent equipmentUsing filters on interfaces

Module 7 — Route and Filter PoliciesThis module discusses the implementation of filtering network updates between routers. This includes the ability to control the redistribution of networks, the propagation of updates out interfaces, and the sending of updates to specific neighbors. In addition, discussion of route policies includes the use of prefix lists and how best to configure the Alcatel-Lucent 7750 SR to support route policies. Hands-on configuration is included to reinforce the learning experience.

Alcatel-Lucent C


ot Distribute



Filters — Filter Policy Overview

Filters are implemented on the Alcatel-Lucent 7750 SR as policies

Sometimes known as ACLs

Applied to interfaces Can be applied on inbound, outbound, or bidirectionallyDefault is that no filter is applied to interfacesSame filter can be used on multiple interfaces

Filter policies, also referred to as access control lists, are templates that are applied to services or network ports to control network traffic into (ingress) or out of (egress) a SAP or network port based on IP and MAC matching criteria. Filters are applied to examine packets that are entering or leaving a SAP or network interface. Filters can be used on several interfaces. The same filter can be applied to ingress traffic, egress traffic, or both. Ingress filters affect only inbound traffic destined for the routing complex, and egress filters affect only outbound traffic sent from the routing complex.

Configuring a service or network port with a filter policy is optional. If a service or network port is not configured with filter policies, all traffic is allowed on the ingress and egress interfaces. By default, no filters are associated with services or interfaces; they must be explicitly created and associated. When you create a new filter, default values are provided although you must specify a unique filter ID for each new filter policy as well as each new filter entry and the associated actions. The filter entries specify the filter matching criteria. Only one ingress filter policy and one egress filter policy can be applied to a SAP or network interface. Filter policies and entries are modifiable.

Network filter policies control the forwarding and dropping of packets based on IP match criteria. Note that non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

Alcatel-Lucent C


ot Distribute



Filters — Operation and Capabilities

Filter Policy OperationTop-down processing is used.Each packet is compared to the entries in the filter.The packet must match each parameter of an entry for the action to happen.Packet is permitted or denied.If the packet does not match the entry, go to the next entry in the filter.If no entries match, execute the default action (deny by default).

A filter policy compares the match criteria specified in a filter entry to packets that are coming through the system, in the order the entries are numbered in the policy. When a packet matches all parameters in the entry, the system takes the specified action to drop or forward. If a packet does not match the entry parameters, the packet continues through the filter process. If the packet does not match any of the entries, the system executes the specified default action. Each filter policy is assigned a unique filter ID.

Each filter policy is defined with:

Scope

Default action

Description

At least one filter entry

Each filter entry contains:

Match criteria

An action

Filter-entry matching criteria can be as general or specific as required, but all conditions in the entry must be met for the packet to be considered a match and the specified entry action performed. The process stops when the first complete match is found and executes the action defined in the entry: to drop or forward packets that match the criteria.

Alcatel-Lucent C


ot Distribute



Filters — IP Matching Criteria

Packet Matching Criteria for IP traffic:Source IP address and maskDestination IP address and maskProtocol number in IP headerSource port, or range of portsDestination port, or range of portsDSCP markingICMP codeICMP typeFragmentation

Up to 65 535 IP and 65 535 MAC filter IDs (unique filter policies) can be defined. Each filter ID can contain up to 65 535 filter entries. As few or as many match parameters can be specified as required, but all conditions must be met for the packet to be considered a match and the specified action performed. The process stops when the first complete match is found and the action that is defined in the entry is executed. IP filter policies match criteria that associate traffic with an ingress or egress SAP. Matching criteria to drop or forward IP traffic include:Source IP address and mask — Source IP address and mask values can be entered as search criteria. Address ranges are configured by specifying network prefix values. The prefix mask length is expressed as an integer (range 0 to 32).Destination IP address and mask — Destination IP address and prefix values can be entered as search criteria. The prefix length is expressed as an integer (range 0 to 32). Address ranges are configured by specifying network prefix values.Protocol — Entering a protocol (e.g., TCP, UDP) allows the filter to search for the protocol specified in this field.Source port/range — Entering the source port number or port range allows the filter to search for matching TCP or UDP port and range values.Destination port/range — Entering the destination port number or port range allows the filter to search for matching TCP or UDP values.DSCP marking — Entering a DSCP marking allows the filter to search for the DSCP marking specified in this field.ICMP code — Entering an ICMP code allows the filter to search for the matching ICMP code in the ICMP header.ICMP type — Entering an ICMP type allows the filter to search for the matching ICMP type in the ICMP header.Fragmentation — When fragmentation matching is enabled, a match occurs if packets have either the more fragment bit set or have the fragment offset field of the IP header set to a non-zero value.

Alcatel-Lucent C


ot Distribute



Filters — Processing a Filter

Order of filter entries:Top-down processingMost explicit at the top, least explicit toward the bottomThe entry ID defines the order of processing: lower number toward the top, larger number toward bottom.Each packet is checked against each filter entry. If all conditions of an entry are met, the entry is considered a match, and “forward” or “drop” of the packet occurs (as specified by the action).The default action is taken if none of the entries matches.

When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Filter matching ceases when a packet matches an entry. The entry action to either drop or forward is performed on the packet. To be considered a match, the packet must meet all conditions defined in the entry.

Packets are compared to entries in a filter policy in an ascending entry ID order. To reorder entries in a filter policy, edit the entry ID value; for example, to reposition entry ID 6 to a more explicit location, change the entry ID 6 value to entry ID 2. When a filter consists of a single entry, the filter executes actions as follows:

If a packet matches all the entry criteria, the entry’s specified action is performed (drop or forward).

If a packet does not match all the entry criteria, the policy’s default action is performed. If a filter policy contains two or more entries, packets are compared in ascending entry ID order (e.g., 1, 2, 3 or 10, 20, 30):

Packets are compared with the criteria in the first entry ID.

If a packet matches all properties defined in the entry, the entry’s specified action is executed.

If a packet does not completely match, the packet continues to the next entry and then to subsequent entries.

If a packet does not completely match subsequent entries, the default action is performed.

Alcatel-Lucent C


ot Distribute



Filters — Applying a Filter

All packets are filtered For inbound packets:

— If permitted, traffic is forwarded— If denied, traffic is dropped

For outbound packets:— If permitted, traffic is transmitted— If denied, traffic is dropped

Applying a Filter to a Network Port

You can apply an IP filter to a network port. Packets received on the interface are checked against the matching criteria in the filter entries. If a packet completely matches all criteria in an entry, checking stops. If permitted, the traffic is forwarded. If the packet does not match, the default action is performed.

Applying a Filter to a SAP

During the SAP creation process, ingress and egress filters are selected from a list of qualifying IP and MAC filters. When ingress filters are applied to a SAP, packets received at the SAP are checked against the matching criteria in the filter entries. If a packet completely matches all criteria in an entry, checking stops. If permitted, the traffic is forwarded. If the packet does not match, the default action is performed.

When egress filters are applied to a SAP, packets received at the egress SAP are checked against the matching criteria in the filter entries. If a packet completely matches all criteria in an entry, checking stops. If permitted, the traffic is transmitted. If the packet does not match, the default action is performed.

Filters can be added to or changed for an existing SAP configuration by modifying the SAP parameters. Filter policies are not operational until they are applied to a SAP and the service is enabled.

Alcatel-Lucent C


ot Distribute



Learning Assessment

Design an IP filter to address each of the following scenarios, and state whether to apply it at the ingress or egress. Remember that the default action on the filter is to drop the packet.

a) An enterprise wants to prevent spoofed packets from leaving their network. Internally, they use private addressing, with all externally accessible services on the internal network using the public Class C 199.147.68.0. Design a filter to prevent any packets leaving the internal network that are not sourced from the public Class C network.

b) An enterprise uses private addressing from Class A network 10.0.0.0 and the 16 Class B networks starting from 172.16.0.0. They need a filter to prevent privately addressed packets from leaving their network.

Alcatel-Lucent C


ot Distribute



Learning Assessment (continued)

c) An organization wants to block all ICMP packets from entering their network, except Type 3 (destination unreachable).

d) An organization wants to put the following restrictions on inbound connections to their network:

1. Web access (port 80) to only the 8 addresses, starting at 199.147.68.48

2. No inbound Telnet (port 23) in entire Class C 199.147.68.03. Inbound SMTP (port 25) to only 199.47.68.21 and .234. All other inbound traffic on other ports is allowed.

Alcatel-Lucent C


ot Distribute



Learning Assessment


a) An enterprise wants to prevent spoofed packets from leaving their network. Internally, they use private addressing, and all external services use Class C 199.147.68.0.

b) An enterprise uses private addressing from Class A network 10.0.0.0 and the 16 Class B networks starting from 172.16.0.0. They need a filter to prevent privately addressed packets from leaving their network.


a) To block spoofed packets Forward packets that match source address 199.147.68.0/24 Drop all packets Apply filter to egress interface to external network

b) To prevent leaking of privately addressed packets Drop packets that match source address 10.0.0.0/8 Drop packets that match source address 172.16.0.0/12 Forward all packets Apply filter to egress interface to external network

c) To block ICMP except Type 3 Forward packets of IP type ICMP and ICMP type 3 Drop all packets of IP type ICMP Forward all packets Apply filter to ingress interface to external network

d) To selectively allow external traffic Forward packets to destination port 80 and destination IP 199.147.68.48/29 Drop all packets to destination port 80 Drop all packets to destination port 23 and destination IP 199.147.68.0/24 Forward packets to destination port 25 and destination IP 199.147.68.21/32 Forward packets to destination port 25 and destination IP 199.147.68.23/32 Drop packets to destination port 25 Forward all packets Apply filter to ingress interface to external network

Alcatel-Lucent C


ot Distribute



Learning Assessment (continued)

c) An organization wants to block all ICMP packets from entering their network, except Type 3 (destination unreachable).

d) An organization wants to put the following restrictions on inbound connections to their network:

1. Web access (port 80) to only the 8 addresses, starting at 199.147.68.48

2. No inbound Telnet (port 23) in entire Class C 199.147.68.03. Inbound SMTP (port 25) to only 199.47.68.21 and .234. All other inbound traffic on other ports is allowed.

Alcatel-Lucent C


ot Distribute



Section Summary

Filters are also known as ACLs and are applied to interfaces in the ingress, egress, or both directions to control traffic flow.IP and MAC filters are supported.Filters consist of one or more entries with match criteria and a corresponding action. Packets are compared to each entry in sequence. If all criteria of an entry are matched, the specified action is applied to the packet. If none of the entries in the filter results in a match, the default action is applied to the packet.There are several IP and MAC matching criteria that can be used, such as IP or MAC source or destination addresses.

Alcatel-Lucent C


ot Distribute



Section 2 — IP Filter Configuration

Alcatel-Lucent C


ot Distribute



Section Objectives

Filter configuration:Create an IP filter.Apply filters to network ports.

Alcatel-Lucent C


ot Distribute



IP Filtering — Configuration Caveats

Caveats:Filter policies are optional.Each filter must have at least 1 entry.The action keyword must be used to activate the entry.

Filter implementation caveats:Creating a filter policy is optional.

A specific filter must be explicitly associated with a specific service for packets to be matched.

Each filter policy must consist of at least one filter entry. Each entry represents a collection of filter match criteria. When packets enter the ingress or egress ports, packets are compared to the criteria specified in the entry or entries.

When you configure a large (complex) filter, it may take a few seconds to load the filter policy configuration and for it to be instantiated.

The action keyword must be entered for the entry to be active. A filter entry without the action keyword is considered incomplete and is rendered inactive.

Alcatel-Lucent C


ot Distribute



IP Filtering — Configuration Overview

Create an IP filter (filter ID) Specify scope, default action, description

Create filter entries (entry ID) Specify action, packet matching criteria

Associate filter ID to port

Turn up

Start

Alcatel-Lucent C


ot Distribute



IP Filtering — Components

Major components of a filter policy:Filter ID:

— Description— Entry— Default action

Entry ID— Description— Action— Matching criteria

Filter (mandatory) — This is the value that identifies the filter.

Description (optional) — The description provides a brief overview of the filter’s features.

Scope (mandatory) — A filter policy must be defined as having an exclusive scope, for one-time use, or a templatescope, which enables the policy’s use with multiple SAPs and interfaces.

Default action (mandatory) — The default action specifies the action to be applied to packets when no action is specified in the IP or MAC filter entries or when the packets do not match the specified criteria.

Entry ID (one or more) — Each entry represents a collection of filter match criteria. Packet matching begins the comparison process with the criteria specified in the lowest entry ID. Entries identify attributes that define matching conditions and actions. All criteria in the entry must match the specified action to be taken. Each entry consists of the following components:

Entry ID (mandatory) — This value determines the order of all entry IDs within a specific filter ID, in which the matching criteria specified in the collection are compared. Packets are compared to entry IDs in ascending order.

Description (optional) — The description provides a brief overview of the entry ID criteria.

Action (mandatory) — An action parameter must be specified for the entry to be active. A filter entry without a specified action parameter is considered incomplete and inactive.

Packet-matching criteria — You can input and select criteria to create a specific template through which packets are compared and either forwarded or dropped, depending on the specified action.

Alcatel-Lucent C


ot Distribute



IP Filtering — Configuring a Descriptor for an IP Filter

To create a context for an IP filter policy, use the following command:

Context: config>filter

Syntax: [no] ip-filter filter-id [create]

Example: config>filter# ip-filter 12 create

Context: config>filter

Syntax: [no] ip-filter filter-id [create]

Example: config>filter# ip-filter 12 create

ip-filter

Syntax [no] ip-filter filter-id [create]

Context config>filter

Description This command creates a configuration context for an IP filter policy. An IP filter policy specifies a forward or drop action for packets, based on the specified match criteria. An IP filter policy, sometimes called an ACL, is a template that can be applied to multiple services or multiple network ports as long as the scope of the policy is template. Changes to the existing policy, using the subcommands, are applied immediately to all services to which this policy applies. For this reason, when many changes to an IP filter policy are required, it is recommended that you copy the policy to a work area. You can modify the work-in-progress policy and then replace the original filter policy withthe revised policy. Use the config filter copy command to maintain policies in this manner.

The no form of the command deletes the IP filter policy. A filter policy cannot be deleted until it is removed from all SAPs or network ports to which it is applied.

Parameters filter-id — IP filter policy ID number

Values 1 to 65 535

create — This keyword is required when the configuration context is first created. After the context has been created, you can navigate into the context without using the create keyword.

Alcatel-Lucent C


ot Distribute



IP Filtering — Creating a Description for an IP Filter

To name an IP filter, use the following command:

Context: config>filter>ip-filter

Syntax: description string

Example: config>filter>ip-filter# description test-filter-list


Syntax: description string

Example: config>filter>ip-filter# description test-filter-list

description

Syntax [no] description string

Context config>filter>ip-filter ip-filter-id

config>filter>ip-filter ip-filter-id>entry entry-id

config>filter>log log-id

config>filter>mac-filter mac-filter-id

config>filter>mac-filter mac-filter-id>entry entry-id

config>filter>redirect-policy

config>filter>redirect-policy>destination

Description This command creates a text description that is stored in the configuration file for a configuration context. The description command associates a text string with a configuration context to help identify the context in the configuration file. The no form of the command removes the description string from the context.

Default — No description is associated with the configuration context.

Parameters string — The description character string. Allowed values are any string up to 80 characters, composed of printable, 7-bit ASCII characters and excluding double quotation marks. If the string contains spaces, use double quotation marks to delimit the start and end of the string.

Alcatel-Lucent C


ot Distribute



IP Filtering — Configuring the Default Action

To define the default action to be taken when none of the entries matches, use the following command:


Syntax: default-action {drop | forward}

Example: config>filter>ip-filter# default-action drop


Syntax: default-action {drop | forward}

Example: config>filter>ip-filter# default-action drop

default-action

Syntax default-action {drop | forward}



Description This command specifies the action to be applied to packets when the packets do not match the specified criteria in all entries of the IP filter. When multiple default-action commands are entered, the last command overwrites the previous command.

Default drop

Parameters drop — Specifies that all packets will be dropped unless there is a specific filter entry that causes the packet to be forwarded.

forward — Specifies that all packets will be forwarded unless there is a specific filter entry that causes the packet to be dropped.

Alcatel-Lucent C


ot Distribute



IP Filtering — Defining an Entry in an IP Filter

To create an entry ID, use the following command:


Syntax: [no] entry entry-id [create]

Example: config>filter>ip-filter# entry 12 create


Syntax: [no] entry entry-id [create]

Example: config>filter>ip-filter# entry 12 create

entry

Syntax [no] entry entry-id [create]



Description This command allows you to create or modify an IP or MAC filter entry. Multiple entries can be created using unique entry ID numbers in the filter. The Alcatel-Lucent 7750 SR implementation exits the filter on the first match found and executes the actions according to the accompanying action command. For this reason, entries must be sequenced correctly from most explicit to least explicit. An entry may not have any match criteria (in which case, everything matches) but must have at least the action keyword for it to be considered complete. Entries without the action keyword are considered incomplete and are rendered inactive. The no form of the command removes the specified entry from the IP or MAC filter.

Default — None

Parameters entry-id — A unique identifier for the match criterion and the corresponding action. It is recommended that multiple entries be given entry IDs in staggered increments. This allows users to add an entry to a policy without renumbering existing entries.

Values 1 to 65 535

create — This keyword is required when the configuration context is first created. After the context has been created, you can navigate into the context without using the create keyword.

Alcatel-Lucent C


ot Distribute



IP Filtering — Configuring Match Criteria

To define a matching criterion, use the following command:

Context: config>filter>ip-filter>entry

Syntax: [no] match [protocol protocol-id]

Example: config>filter>ip-filter>entry# match src-ip 10.1.1.1/32

config>filter>ip-filter>entry# match protocol tcp

config>filter>ip-filter>entry# match src-port gt 1023


Syntax: [no] match [protocol protocol-id]

Example: config>filter>ip-filter>entry# match src-ip 10.1.1.1/32

config>filter>ip-filter>entry# match protocol tcp

config>filter>ip-filter>entry# match src-port gt 1023

When multiple criteria are specified in an entry, all must be met (AND condition)

match

Syntax [no] match [protocol protocol-id]

Context config>filter>ip-filter ip-filter-id>entry entry-id

Description This command enables the context for entering match criteria for the filter entry. When the match criteria have been satisfied, the action associated with the match criteria is executed. If more than one match criterion in a match statement is configured using the AND function, all criteria must be satisfied before the action associated with the match is executed. A match context may consist of multiple match criteria, but multiple match statements cannot be entered per entry. The no form of the command removes the match criteria for the entry ID.

Parameters protocol — The protocol keyword configures an IP protocol to be used as an IP filter match criterion. The protocol type, such as TCP or UDP, is identified by its protocol number.

protocol-id — The decimal value that represents the IP protocol to be used as an IP filter match criterion. Well-known protocol numbers include ICMP (1), TCP (6), and UDP (17). The no form of the command removes the protocol from the match criterion.

Values 1 to 255 (expressed in decimal, hexadecimal, or binary notation); keywords: none, crtp, crudp, egp, eigrp, encap, ether-ip, gre, icmp, idrp, igmp, igp, ip, ipv6, ipv6-frag, ipv6-icmp, ipv6-no-nxt, ipv6-opts, ipv6-route, isis, iso-ip, l2tp, ospf-igp, pnni, ptp, rdp, rsvp, stp, tcp, udp, vrrp

Alcatel-Lucent C


ot Distribute



IP Filtering — Configuring the Action Taken

To define the action taken, use the following command:


Syntax: [no] action [drop | {forward [next-hop

{ip-address | indirect ip-address | interface ip-int-name |

redirect-policy policy-name}]}]

Example: config>filter>ip-filter>entry# action drop


Syntax: [no] action [drop | {forward [next-hop

{ip-address | indirect ip-address | interface ip-int-name |

redirect-policy policy-name}]}]

Example: config>filter>ip-filter>entry# action drop

action

Syntax [no] action [drop | {forward [next-hop {ip-address | indirect ip-address | interface ip-int-name | redirect-policy policy-name}]}]

Context config>filter>ip-filter ip-filter-id>entry entry-id

Description This command allows you to create or modify the drop or forward action associated with the match criteria. The action keyword must be entered for the entry to be active.

Default — No action is specified, thus rendering the entry inactive.

Parameters [drop | forward] — Specifies the forwarding action for packets that match the entry criteria

drop — Specifies that packets matching the entry criteria will be dropped

forward — Specifies that packets matching the entry criteria will be forwarded. If neither drop nor forward is specified, the filter action is No-Op, and the filter entry is rendered inactive.

Default No-Op — Inactive filter entry

Values drop, forward

next-hop ip-addr — IP address of the direct next hop to which to forward matching packets, in dotted-decimal notation

interface ip-int-name — Name of the egress IP interface from which matching packets will be forwarded. This parameter is only valid for unnumbered point-to-point interfaces.

redirect policy-name — Specifies the redirect policy configured in the config>filter>redirect-policy context

indirect ip-addr — IP address of the indirect next hop to which to forward matching packets, in dotted-decimal notation. The direct next-hop IP address and egress IP interface are determined by a routing table lookup.

Alcatel-Lucent C


ot Distribute



IP Filtering — Applying a Filter on an Interface

To apply a filter on the egress or ingress of an interface, use the following command:

Context: config>router>if>ingress

config>router>if>egress

Syntax: [no] filter ip ip-filter-name

Example 1: config>router>if>ingress> filter ip 1

Example 2: config>router>if>egress> filter ip 2

Context: config>router>if>ingress

config>router>if>egress

Syntax: [no] filter ip ip-filter-name

Example 1: config>router>if>ingress> filter ip 1

Example 2: config>router>if>egress> filter ip 2

egress | ingress

Context config>router>interface ip-int-name [egress | ingress]

Description This command enables access to the context for configuring egress/ingress network filter policies for the IP interface. If an egress/ingress filter is not defined, no filtering is performed in that direction on the interface.

filter

Syntax [no] filter ip ip-filter-name

Context config>router>interface ip-int-name>ingressconfig>router>interface ip-int-name>egress

Description This command associates an IP filter policy with an IP interface. Filter policies control packet forwarding and dropping based on IP match criteria. The ip-filter-name must be preconfigured before the filter command is executed. If the filter ID does not exist, an error occurs. Only one filter ID can be specified. The no form of the command removes the filter policy association with the IP interface.

Default — No filter is specified.

Parameters ip-filter-name — The filter name acts as the ID for the IP filter policy, expressed as a decimal integer. The allowed value is an integer, from 1 to 65 535, that corresponds to a previously created IP filter policy. The filter policy must already exist in the created IP filters.

Values 1 to 65 535

Alcatel-Lucent C


ot Distribute



IP Filter — Configuration Example

ALC-A# configure filter

ALC-A>config>filter# ip-filter 1 create

ALC-A>config>filter>ip-filter$ description new-filter

ALC-A>config>filter>ip-filter$ default-action drop

ALC-A>config>filter>ip-filter$ entry 1 create

ALC-A>config>filter>ip-filter>entry$ match src-ip 1.2.3.0/24

ALC-A>config>filter>ip-filter>entry$ match protocol tcp

ALC-A>config>filter>ip-filter>entry>match$ src-port range 666 999

ALC-A>config>filter>ip-filter>entry>match$ exit

ALC-A>config>filter>ip-filter>entry# action forward

ALC-A>config>filter>ip-filter>entry# ^z

ALC-A# configure router interface to-ALC-B

ALC-A>config>router>if# ingress

ALC-A>config>router>if>ingress# filter ip 1

ALC-A>config>router>if>ingress#

ALC-A# configure filter

ALC-A>config>filter# ip-filter 1 create

ALC-A>config>filter>ip-filter$ description new-filter

ALC-A>config>filter>ip-filter$ default-action drop

ALC-A>config>filter>ip-filter$ entry 1 create

ALC-A>config>filter>ip-filter>entry$ match src-ip 1.2.3.0/24

ALC-A>config>filter>ip-filter>entry$ match protocol tcp

ALC-A>config>filter>ip-filter>entry>match$ src-port range 666 999

ALC-A>config>filter>ip-filter>entry>match$ exit

ALC-A>config>filter>ip-filter>entry# action forward

ALC-A>config>filter>ip-filter>entry# ^z

ALC-A# configure router interface to-ALC-B

ALC-A>config>router>if# ingress

ALC-A>config>router>if>ingress# filter ip 1

ALC-A>config>router>if>ingress#

In the sample configuration above, IP filter 1 was created. In the filter, the default action is to drop IP packets that do not meet the more explicit match settings.

In the match settings, the filter is looking for all traffic sourced from IP subnet 1.2.3.0 that uses TCP at the transport layer and specifically uses application ports 666 to 999. If these criteria are met, the packet is forwarded.

After the filter has been created, it must be associated with the ingress or egress of an interface. In the example above, the filter is applied to the ingress.

Alcatel-Lucent C


ot Distribute



IP Filter — IP Configuration Example: Denying a Subnet

RTR-A RTR-B RTR-C

X

1.2.3.0/24

RTR-B# configure filter

RTR-B>config>filter# ip-filter 1 create

RTR-B>config>filter>ip-filter$ default-action forward

RTR-B>config>filter>ip-filter$ entry 1 create

RTR-B>config>filter>ip-filter>entry$ match src-ip 1.2.3.0/24

RTR-B>config>filter>ip-filter>entry# action drop

RTR-B# configure router interface toRTR-C

RTR-B>config>router>if# ingress

RTR-B>config>router>if>ingress# filter ip 1

Other Networks 172.2.15.0/24

In the configuration above, RTR-B is configured to deny traffic from network 1.2.3.0/24 from entering the router on interface toRTR-C. This filter blocks all traffic received from that network from passing through to any other network in the topology.

All other traffic received on the toRTR-C interface is allowed to enter because this is the default action.

Alcatel-Lucent C


ot Distribute



IP Filter — IP Configuration Example: Permitting a Client

RTR-A RTR-B RTR-C

1.2.3.0/24



RTR-B>config>filter>ip-filter$ default-action drop


RTR-B>config>filter>ip-filter>entry$ match src-ip 1.2.3.4/32

RTR-B>config>filter>ip-filter>entry# action forward

RTR-B# configure router interface toRTR-A

RTR-B>config>router>if# egress

RTR-B>config>router>if>egress# filter ip 1

1.2.3.4/24

Other Networks

X

In the example above, the filter has been modified to permit only traffic from host 1.2.3.4 to reach RTR-A, by applying the filter on the egress direction of RTR-B’s interface toRTR-A. All other traffic received from RTR-C will be dropped if it trying to access RTR-A. However, traffic from RTR-C to “Other Networks” will be accepted.

Alcatel-Lucent C


ot Distribute



RTR-A RTR-B RTR-C

172.2.3.0/24



RTR-B>config>filter>ip-filter$ default-action drop


RTR-B>config>filter>ip-filter>entry$ match dst-ip 172.2.3.4/32

RTR-B>config>filter>ip-filter>entry# action forward

RTR-B# configure router interface to-Other-Networks

RTR-B>config>router>if# ingress

RTR-B>config>router>if>ingress# filter ip 1

Other Networks

IP Filter — IP Configuration Example: Permitting Access to a Server

X172.2.5.0/24

172.2.3.4

In the example above, traffic from “Other Networks” can only be sent to server 172.2.3.4. Traffic from “Other Networks” destined to any other address is dropped.

However, traffic from subnet 172.2.5.0/24 behind RTR-A can reach any client/server on subnet 172.2.3.0/24 behind RTR-C.

Alcatel-Lucent C


ot Distribute



Filter — Show Filter IP Command

To examine an IP filter, use the following command:

Context: show>filter

Syntax: ip {ip-filter-id [entry entry-id] [association | counters]}

Example: show filter ip 1

Context: show>filter

Syntax: ip {ip-filter-id [entry entry-id] [association | counters]}

Example: show filter ip 1

ipSyntax ip {mac-filter-id [entry entry-id] [association | counters]}

Context show>filter

Description This command displays IP filter information.

Parameters ip-filter-id — Displays detailed information for the specified filter ID and its filter entries

Values 1 to 65 535

entry entry-id — Displays information about the specified filter entry ID for the specified filter ID only

Values 1 to 9999

associations — Appends information about where the filter policy ID is applied to the detailed filter policy ID output

counters — Displays counter information for the specified filter ID

Output No Parameters Specified — When no parameters are specified, a brief list of IP filters is produced. The following page provides an example and describes the output for the command.

Alcatel-Lucent C


ot Distribute



Filter — Show Filter IP Example

ALA-1# show filter ip 1

===============================================================================

IP Filter

===============================================================================

Filter Id : 1 Applied : Yes

Scope : Template Def. Action : Drop

Entries : 1

Description : new-filter

-------------------------------------------------------------------------------

Filter Match Criteria : IP

-------------------------------------------------------------------------------

Entry : 1

Log Id : n/a

Src. IP : 1.2.3.0/24 Src. Port : 666..999

Dest. IP : 0.0.0.0/0 Dest. Port : None

Protocol : 6 Dscp : Undefined

ICMP Type : Undefined ICMP Code : Undefined

Fragment : Off Option-present : Off

Sampling : Off Int. Sampling : On

IP-Option : 0/0 Multiple Option : Off

TCP-syn : Off TCP-ack : Off

Match action : Forwarded

Ing. Matches : 0 Egr. Matches : 0

===============================================================================

ALA-1# show filter ip 1

===============================================================================

IP Filter

===============================================================================

Filter Id : 1 Applied : Yes

Scope : Template Def. Action : Drop

Entries : 1

Description : new-filter

-------------------------------------------------------------------------------

Filter Match Criteria : IP

-------------------------------------------------------------------------------

Entry : 1

Log Id : n/a

Src. IP : 1.2.3.0/24 Src. Port : 666..999

Dest. IP : 0.0.0.0/0 Dest. Port : None

Protocol : 6 Dscp : Undefined

ICMP Type : Undefined ICMP Code : Undefined

Fragment : Off Option-present : Off

Sampling : Off Int. Sampling : On

IP-Option : 0/0 Multiple Option : Off

TCP-syn : Off TCP-ack : Off

Match action : Forwarded

Ing. Matches : 0 Egr. Matches : 0

===============================================================================

In the sample configuration above, IP filter 1 was created. In the filter, the default action is to drop IP packets that do not meet the more explicit match settings.

In the match settings, the filter is looking for all traffic sourced from IP subnet 1.2.3.0 that uses TCP at the transport layer and specifically uses application ports 666 to 999. If these criteria are met, the packet is forwarded.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. On the Alcatel-Lucent 7750 SR, a filter can be applied on the ingress or egress of an interface. True or false?

2. What is the effect of using multiple match criteria in a match statement?

3. What is the default action in an IP filter?

4. How many IP filters can be assigned per interface?

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. On the Alcatel-Lucent 7750 SR, a filter can be applied on the ingress or egress of an interface. True or false?

True.

2. What is the effect of using multiple match criteria in a match statement?

All criteria must match in order for the match to succeed.

3. What is the default action in an IP filter?

Drop all packets

4. How many IP filters can be assigned per interface?

One ingress filter and one egress filter

Alcatel-Lucent C


ot Distribute



Section Summary

Key configuration components of filters:Default actionEntries

— Matching criteria — Action

An IP interface can have 1 ingress and 1 egress IP filter applied to it.Filter configuration can be verified using the show filter ip command. This command also displays the number of packets that have matched the applied filter.

Alcatel-Lucent C


ot Distribute



LAB 7.1 — Configuring Access Control Filters

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

172.18.0.0/16

172.17.0.0/16172.16.0.0/16

172.19.0.0/16

Alcatel-Lucent C


ot Distribute



Section 3 — Route Redistribution

Alcatel-Lucent C


ot Distribute



Section Objectives

After successful completion of this section, you should be able to:

Discuss the concept of route redistribution

Alcatel-Lucent C


ot Distribute



Redistribution vs. Route Filtering

OSPF 172.16.1.0/24 IS-IS 132.10.1.0/24

ASBR/L2Router

172.16.1.0/24

32.0.1.0/24

Redistribute

112.0.1.0/24Routing tableNetwork Protocol Next-hop32.0.1.0/24 OSPF 10.1.1.2

10.1.1.110.1.1.2

Export route filterMatch: 112.0.2.0/24Action: Deny

Redistribution is the means of applying what is learned by one routing protocol, or maybe static routes, to another protocol.

The top figure above shows a router that is running an instance of OSPF and an instance of IS-IS. This by itself is not enough to connect the two dissimilar networks together. What is required is a route policy that instructs the router to take the information that it has learned from one routing protocol and translate it into a language that is understood by the other protocol. This way, both networks learn about each other and traffic can flow between the two.

Route filtering determines what will be included in the advertisement or what will be accepted. Again, this is not packet filtering but route filtering. The bottom figure shows two routers, which are both running OSPF. The router on the right is connected to two separate networks. However, for whatever reason, it is decided that network 112.0.1.0/24 should not be advertised outside this particular area. To accomplish this, another route policy is created and applied to the export of the OSPF routing process.

A route policy is a means of screening packets or route advertisements for the purpose of altering the contents.

Alcatel-Lucent C


ot Distribute



Redistribution Issues

OSPF172.16.1.0/24

IS-IS132.10.1.0/24

OSPF 172.16.1.0/24IS-IS 172.16.1.0/24

IS-IS 172.16.1.0/24

OSPF 172.16.1.0/24

Redistribution must be done with care. As shown in the figure above, routes advertised from one protocol into another may find their way back into the originating routing domain. This can cause some traffic to take the “scenic” route to its destination. Eventually, split horizon will take care of these issues, but that can take a while.

Another issue to take into account is metrics. All routing protocols use different metrics, so redistributing from one protocol to another is like comparing apples to oranges: the metrics do not match.

Another issue that is becoming less of a concern is redistribution between classless and classful routing protocols (i.e., what to do with the subnet mask information).

Alcatel-Lucent C


ot Distribute



Redistribution Issues — Incompatible Metrics

RIP

OSPF

10.1.1.0/24

10.1.1.0/24

10.1.1.0/24

10.1.1.0/24

10.1.1.0/24

10.1.

1.0/24

Router 1

Router 2 Router 3

Router 4Router 5

Normally, using administrative distances (preferences) takes care of most routing issues. Preferences are the believability of the route. OSPF has a better (lower) preference value than RIP, and therefore a route learned from OSPF is better than a route to the same location but learned through RIP.

In the figure above, Router 1 has advertised its network 10.1.1.0/24 to Router 2 and Router 3. Router 2 has translated the RIP route into OSPF and flooded it through the network. Router 3 has received the route for 10.1.1.0/24 from OSPF.

At this point, if Router 3 sends traffic to 10.1.1.0/24, the traffic would go through Routers 4, 5, 2, and 1, and eventually end up at the destination.

Alcatel-Lucent C


ot Distribute



Default Preferences

• Default preference is the feature used by routers to select the best path when there are 2 or more different routes to the same destination from 2 different routing protocols.

• The smaller the default preference value, the more reliable the protocol.

Protocol Default preferenceDirectly connected 0Static routes 5OSPF internal 10IS-IS level 1 internal 15IS-IS level 2 internal 18RIP 100OSPF external 150IS-IS level 1 external 160IS-IS level 2 external 165BGP 170

Because preferences are used to determine which route to use, the Alcatel-Lucent 7750 SR platform has the default preferences listed above. These preferences not only identify the protocol that the route was learned from but also specify a value if the route was learned by the protocol from an external source.

As the table above shows, a route learned from an external source has a higher preference than a route learned internally by the routing protocol. This resolves the issue discussed on the previous page because the RIP route would have a lower preference than the OSPF external route.

Alcatel-Lucent C


ot Distribute



Section 4 — Route Filtering

Alcatel-Lucent C


ot Distribute



Route Filtering

Route filtering is making the decision to permit or deny certain routing updates from being accepted into or distributed out of the route-selection process:

Permit routes from neighbor routers to be included or deny the routes from being included in the route-selection process.

After determining the route-selection process, permit some routes to be sent or deny some routes from being sent to neighbor routers.

Route filtering is a method of manipulating the entries in the router’s forwarding table. The denial of the import and export of certain routes, in turn, manipulates the way that traffic flows across a network.

Route filtering is not the filtering of packets and should not be confused with traffic filtering. Route filtering strictly pertains to the manipulation of the routing entries for a particular router or network.

Alcatel-Lucent C


ot Distribute



Route Information

32.0.1.0/24

112.0.1.0/24 Route filterDeny export32.0.1.0/24

Router 1

Router 2

Router 3

Router 4

Router 5

RIB

32.0.1.0/24 via Routers 3, 4, 5

112.0.1.0/24 via Router 1

112.0.1.0/24 via Routers 3, 4, 5

As shown in the figure above, the RIB consists of all routes to all destinations learned by all routing protocols that are running on a particular router. Using a combination of both metrics and preferences, the best route to each destination is selected, and it is this information that is populated into the FIB.

The use of route filters manipulates the information that populates the RIB and thereby affects the information that is placed in the FIB, which in turn affects traffic flow through the network.

The use of route filters can affect the content and size of the routing table as well as the information that is advertised to the router’s neighbors.

Alcatel-Lucent C


ot Distribute



Route Policies

Route policies can be created to control:

A protocol to export all active routes learned by the protocol (export policy)Route characteristics: which route is selected to act as the active route to reach a destination and advertise the route to neighbors (export policy)A protocol to import all routes into the routing table. A routing table must learn about particular routes to be able to forward packets and redistribute to other routing protocols (import policy)Redistribution of routes from one protocol to another

An export policy is applied to the egress of a routing protocol. This affects the information that this protocol exchanges with its neighbors.

Controlling the selection of a route to a particular destination is done using a policy. Implementing the policy overrides the default actions in the route-selection process of the routing protocol.

An import policy is applied to the ingress of a routing protocol. This affects the information that the protocol receives from its neighbors.

A redistribution policy overrides the default action of a protocol regarding the acceptance of routes from another protocol (the default action is to deny). A redistribution policy can be viewed as the translation of information from one language to another.

Alcatel-Lucent C


ot Distribute



Policy Statements

Route policies contain policy statements that contain ordered entries, which contain match conditions and actions that you specify. The entries should be sequenced.Policy-based routing dictates where traffic can be routed, through which specific paths, or whether to forward or drop the traffic.The process stops when the first complete match is found and the action defined in the entry is executed.

A policy statement is basically the name of a policy. When the statement has been identified, the next step is to properly sequence the entries.

Each entry contains a match criterion (when the match criterion has been defined) and specifies the action to be taken when a match is made.

When a policy is applied to the routing protocol, the router compares each update against the policy. When the router makes its first match, it carries out the specified action. When it has made its first match, the router does not look at the other entries that may exist in the statement; it is therefore extremely important that the entries be sequenced properly.

If the router goes through the entire statement and does not find a match, it carries out the default action of the statement. If no default action is defined for the statement, the router then carries out the default action of the protocol itself.

Alcatel-Lucent C


ot Distribute



Policy Statements (continued)

Matching criteria may be specified based on:Source IP addressDestination IP addressParticular properties of a routePrefix list (a named list of prefixes)To and from criteria (a route’s source and destination)

Alcatel-Lucent C


ot Distribute



Show Policy Statements

Node_182# show router policy redisentry 10

fromprotocol isis

exitto

protocol ospfexitaction acceptexit

exitentry 20

fromprotocol ospf

exitto

protocol isisexitaction acceptexit

exit

entry 30from

protocol directexitaction acceptexit

exit

The slide above shows a policy statement that is used for redistribution.

Entry 10 specifies that the router is to take the information it has learned from IS-IS and give it to the OSPF routing process. When the OSPF routing process gets the information, its action is to accept it and then advertise it out the OSPF interfaces.

Entry 20 specifies that the router is to take the information it has learned from OSPF and give it to the IS-IS routing process. When the IS-IS routing process gets the information, its action is to accept the information and advertise it out the IS-IS interfaces.

Entry 30 specifies that the router is to take the information from its directly connected (local) routes and advertise it out all routing protocols that this policy is applied to.

Alcatel-Lucent C


ot Distribute



Show Router OSPF Status

Node_182# show router ospf status

===============================================================================OSPF Status===============================================================================OSPF Router Id : 172.0.0.182OSPF Version : 2OSPF Admin Status : EnabledOSPF Oper Status : EnabledPreference : 10External Preference : 150Backbone Router : TrueArea Border Router : FalseAS Border Router : TrueExport Policies : redis

The slide above shows the status of the OSPF routing process on a router that is redistributing routing information from OSPF to IS-IS and from IS-IS to OSPF. There are two things to note in this output. First, the OSPF router is an ASBR, which must be configured manually. Second, the policy that was shown in the previous slide has been applied to the export of OSPF.

Alcatel-Lucent C


ot Distribute



Show Router IS-IS Status

Node_182# show router isis status

===============================================================================ISIS Status===============================================================================System Id : 1720.0000.0182Admin State : UpLast Enabled : 01/19/2002 03:06:42Level Capability : L1L2Export Policies : redisArea Addresses : 49.0001===============================================================================

The slide above shows the status of the IS-IS routing process on a router that is redistributing routing information from OSPF to IS-IS and from IS-IS to OSPF. There are two things to note in this output. First, the IS-IS router has an L2 capability. Second, the policy that was shown in the Show Policy Statements slide has been applied to the export of IS-IS.

It is important to note that this output and the previous Show Router OSPF Status output are from the same router. In this case, node 182 is running both OSPF and IS-IS, and this is where the redistribution must be done.

Alcatel-Lucent C


ot Distribute



Show Router Route Table

ND184# show router route-table

===============================================================================Route Table (Router: Base)===============================================================================Dest Address Next Hop Type Proto Age Metric Pref-----------------------------------------------------------------------------------------------------------------------------------------10.255.12.0/22 management Local Local 15d19h06m 0 0172.0.0.181/32 192.168.1.2 Remote OSPF 00h13m14s 10 150172.0.0.182/32 192.168.1.2 Remote OSPF 00h15m37s 1001 10172.0.0.184/32 system Local Local 19h35m33s 0 0192.168.1.0/30 to182 Local Local 19h39m16s 0 0192.168.1.4/30 192.168.1.2 Remote OSPF 00h10m08s 1 150192.168.1.8/30 to181 Local Local 19h38m39s 0 0-----------------------------------------------------------------------------------------------------------------------------------------No. of Routes: 7===============================================================================

The slide above shows an output of node 184. This router is running only OSPF and is receiving its routing information from a router that is redistributing routing information from another routing protocol into OSPF.

This can be clearly seen by observing the preference value of the routes learned by OSPF. Note that two routes have a preference value of 150. This identifies a route that OSPF has learned from an external source (another routing protocol).

Alcatel-Lucent C


ot Distribute



Default Route Policy Actions

• Internal routes: By default, all active BGP routes are advertised to BGP peers• External routes: By default, all non-BGP learned routes are not advertised to BGP peers.

By default, all routes from BGP peers are accepted and passed to the BGP route-selection process.

BGP

• External routes: By default, all non-RIP learned routes are not advertised to RIP peers.

By default, all RIP-learned routes are accepted.

RIP

• Internal routes: All IS-IS routes are automatically advertised to all neighbors.• External routes: By default, all non-IS-IS learned routes are not advertised to IS-IS peers.

Not applicable. All IS-IS routes are accepted from IS-IS neighbors and cannot be controlled using route policies.

IS-IS

• Internal routes (native): All OSPF routes are automatically advertised to all neighbors.• External routes (Foreign): By default, all non-OSPF learned routes are not advertised to OSPF neighbors.

Not applicable. All OSPF routes are accepted from OSPF neighbors and cannot be controlled using route policies.

OSPF

Export (outgoing)Import (incoming)Protocol Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Route re-distribution and route filtering are the same thing.True or False?

2. OSPF and IS-IS only allow route policies on the export. True or False?

3. When RIP receives a routing information packet and an import policy is applied to the router, the packet will:A. Be compared to all entries of the policy, and the router will

carry out the action of the “best match” entryB. Continue on as usual because routing protocols do not

support import policiesC. Be compared to each entry in sequence; the router will stop

at the first match and carry out the specified action

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Route re-distribution and route filtering are the same thing.True or False?

False. Route re-distribution involves the export of routes to a different routing protocol. Route filtering involves restrictions on routes accepted by the router.

2. OSPF and IS-IS only allow route policies on the export. True or False?

True. Import route policies can not be applied in OSPF and IS-IS

3. When RIP receives a routing information packet and an import policy is applied to the router, the packet will:

The correct answer is C. Be compared to each entry in sequence; the router will stop at the first match and carry out the specified action

Alcatel-Lucent C


ot Distribute



Learning Assessment Answers

1. Route re-distribution and Route Filtering are the same thing.

1. False

2. OSPF and IS-IS only allow route filtering on the export.

1. True

3. When a routing information packet is received and an import policy is applied to the router, the packet will:

A. Be compared to all entries of the policy, and the router will carry out the action of the “best match” entry

B. Continue on as usual because routing protocols do not support import policies

C. Be compared to each entry in sequence; the router will stop at the first match and carry out the specified action

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute



Module 8 — IPv6

Alcatel-Lucent C


ot Distribute



Module Objectives


Summarize the major differences between IPv4 and IPv6Describe IPv6 addressingExplain the different IPv6 address typesDescribe the changes required in OSPF and IS-IS to support IPv6







Alcatel-Lucent C


ot Distribute


IPv6

Section 1 — IPv6 Addressing

Alcatel-Lucent C


ot Distribute



Section Objectives

This section will discuss the basic concepts of IPv6:Main features of IPv6IPv6 addressingOSPF and IS-IS for IPv6 networksICMPv6

Alcatel-Lucent C


ot Distribute



IPv6 Features

Provides a huge address spaceMore than 3.4x10e38 addresses

Hierarchical address allocation provides efficient routingSmall routing table

Supports anycast addresses and eliminates broadcast addressesEfficient IP header: 40-byte header with 8 fields

Fewer fields and simpler forwardingBuilt-in security: IPsec implemented in IPv6

Authentication header and encapsulation security payloadBetter QoS supportFlexible extension header

Daisy chain of next headers

Provides a huge address space

More than 3.4x10e38 addresses (approximately 5x10e50 addresses for EACH person alive today!). Practically an infinite number of addresses ensures no future shortages and provides great flexibility in address allocation.

Hierarchical address allocation provides efficient routing

Small routing table because routes can be summarized due to the hierarchical nature of the address space. This simplifies routing for mobile and other specialized devices.

Support anycast addresses and eliminate broadcast addresses

Efficient IP header: 40-byte header with 8 fields

Fewer fields and simpler forwarding enhances router efficiency

Built-in security: IPsec implemented in IPv6

Authentication header and encapsulation security payload

Better QoS support.

Flexible extension header

Daisy chain of next headers provides flexibility to increase IP functionality without complicating the primary header; used for forwarding

Alcatel-Lucent C


ot Distribute



IPv6 Header

IPv6 header8 fields, 40 bytes Version Traffic class Flow label

Payload length Next header Hop limit

Source address

Destination address

Version

Value is 6

Traffic class

Similar to ToS field in IPv4; supports differentiated services

Flow label

Can be used to identify specific data flows

Payload length

Length of the IP payload. Similar to IPv4 except that it does not include the header length.

Next header

Similar to the protocol field in IPv4. Specific values are used to indicate that extension headers follow the mail header.

Hop limit

Similar to TTL in IPv4, but specifically designated as a hop-count field

Source address

128-bit address of the sending node

Destination address

128-bit address of the intended recipient

Alcatel-Lucent C


ot Distribute



IPv6 Header (continued)

IPv4 vs IPv6 headerIPv4 header: 12 fields, 20 bytesIPv6 header: 8 fields, 40 bytes

Version IHL Type of service Total length

Identification Flags Fragment offset

Time to live Protocol Header checksum

Source address

Destination address

Options Padding

Version Traffic class Flow label


Source address

Destination address

There is no identification or fragment offset field in IPv6 because it does not support packet fragmentation. A minimum MTU of 576 is defined for IPv6 networks, and packets that exceed the MTU are discarded.

There is no header checksum field as there is no checksum at the IP level in IPv6. IPv6 relies on layers 2 and 4 to provide the error-free transmission of data.

Alcatel-Lucent C


ot Distribute




Next header: Same as the IPv4 protocol field8-bit fieldPoints to the next extension headerExtension headers are not usually examined by the intermediate router.The hop-by-hop option header carries information that must be examined by every node along the path.

IPv6 header

Routing header

Fragment header

TCP data

Example

NH = 43

NH = 44

NH = 6



Source address

Destination address

Extension header •1

Extension header •2

Upper layer header and payload

Next header

Next header

The extension header provides the ability to support additional features, such as IPsec and jumbograms, without complicating the main header. Extension headers do not usually need to be examined by the intermediate routers responsible for forwarding.

Alcatel-Lucent C


ot Distribute




Source and destination address:Each address is128 bits.



Source address

Destination address

The size of IPv6 addresses provides an effectively limitless address space and great flexibility in designing a hierarchical address space.

Typically, an IPv6 address is allocated as a 64-bit network part and a 64-bit host part.

Alcatel-Lucent C


ot Distribute



IPv6 Addressing

Defined in RFC 3513Represented by colon-hexadecimal format2001:0211:0000:0000:ab01:0000:0000:0011

Compressed representation:Leading-zero compression

2001:211:0:0:ab01:0:0:11

Multiple successive zero fields can be compressed (only once).2001:211::ab01:0:0:11

Types of addressing:Unicast addressingMulticast addressingAnycast addressing

Represented by colon-hexadecimal format (each digit represents one hex digit)

2001:0211:0000:0000:ab01:0000:0000:0011

Compressed representation:

Leading-zero compression

• 2001:211:0:0:ab01:0:0:11

Multiple successive zero fields can be compressed (only once). “::” represents a number of zeroes, but can only be used once in the string because it would be ambiguous if used more than once.

• 2001:211::ab01:0:0:11

Types of addressing:

Unicast addressing (a single host)

Multicast addressing (a number of hosts)

Anycast addressing (any one of a number of hosts)

Alcatel-Lucent C


ot Distribute



IPv6 Prefixes

Unicast addressing:Link-local FE80::/10Site-local FEC0::/10 (deprecated by IETF) Aggregatable global 2000::/3IPv4-compatible ::/96Unspecified address ::/128 IPv6 loopback address ::1/128

Unicast addressing:

Link-local FE80::/10 — A packet with this address should never be routed outside the local link and is not considered valid.

Site-local FEC0::/10 (deprecated by IETF September 2004; not intended to be supported)

Aggregatable global 2000::/3 — Also known as the “001” format prefix and defined in RFC 3587 to facilitate scalable Internet routing; supports subscriber-based aggregation (current approach in IPv4) as well as exchange-based aggregation

IPv4-compatible ::/96 — Representation of an IPv4 address (96 leading zeros, followed by the IPv4 address (e.g., 192.168.1.1 could be represented as 0000:0000:0000:0000:0000:0000:c0a8:0101). However, it is also acceptable to use the traditional format (::192.168.1.1) in the last 8 hex digits for IPv4-type addresses.

Unspecified address ::/128 — All zeros, considered invalid

IPv6 loopback address ::1/128 — The same as 127.0.0.1 in IPv4

Alcatel-Lucent C


ot Distribute



IPv6 Prefixes (continued)

Aggregatable global IPv6 address:Globally routable and reachable IPv6 addressIANA-assigned aggregatable address: 2000::/3IPv6 addresses are currently being allocated by IANA in this range.Multiple-level hierarchy allows efficient routing aggregation:— Provider topology, site topology, host topology

Global routing prefix Site IPv6 interface ID

48 bits 16 bits 64 bits

RFC 3587 generalizes this format, stating that the global routing prefix can be m bits, and the site component (or subnet value) can be n bits. The interface ID is 128-m-n bits.

Alcatel-Lucent C


ot Distribute



Anycast Addressing

Assigned to multiple interfaces of multiple nodesA packet destined to an anycast address is routed to the nearest one.Unicast addresses with host bits set to zeroCan be used, for example, to select the nearest server and provide redundancy

Alcatel-Lucent C


ot Distribute



Multicast Addressing

Assigned FF00::/8Flag indicates a permanently assigned or transient multicast addressScope is used to limit the multicast groupNo broadcast addressingLarger number of multicast groups

1111 1111 Group ID

8 bits 112 bits

Flags Scope

4bits 4bits

Alcatel-Lucent C


ot Distribute



Multicast Addressing (continued)

Well-known multicast addresses:

All-OSPF routers addressFF02::5

Solicited-node address used in ICMPv6FF02::1:FFxx:xxxx/104

All-OSPF DRs addressFF02::6

All-routers addressFF02::2

All-nodes address FF02::1

Multicast address over Ethernet:Multicast MAC 33:33:dst13:dst14:dst15:dst16

(last 4 digits of multicast address)

Alcatel-Lucent C


ot Distribute



Multicast Addressing (continued)

Solicited-node multicast address:Provides efficient querying for ICMPv6Each unicast address has a corresponding solicited-node multicast address.Multicast messages can be sent to the solicited-node multicast address group to reduce the number of receivers.Format: FF02::1:FFxx:xxxx/104 (xx:xxxx from the last 24 bits of the unicast address)Example: Unicast address 2001:1000:10:C2B4:FFFF:FE01:0203 Solicited-node: address FF02::1:FF01:0203The multicast packet is then sent to Ethernet multicast address 33.33.FF.01.02.03.Replaces ARP from IPv4

Alcatel-Lucent C


ot Distribute



IPv6 Routing Protocols

IPv6 routing protocols:OSPFv3MP-BGPIS-IS for IPv6Static routes

The IPv6 routing table is different from IPv4 routing tables:Same route-selection mechanismLongest prefix match

The router ID should be configured before IPv6 protocols are enabled.

Alcatel-Lucent C


ot Distribute



OSPFv3

OSPFv3 is defined in RFC 2740.The fundamental mechanisms of OSPF remain unchanged:

Area support SPF calculationsLSA floodingDR/BDR election

OSPFv2 and OSPFv3 can run independently on a router.

Alcatel-Lucent C


ot Distribute



OSPFv3 Changes

Run on a per-link basisRemoval of addressing semantic:

No IPv6 address in OSPF packetsRouter ID, area ID, and LSA link-state ID are IPv4 size

3 LSA flooding scopes:Link-local scopeArea scopeAS scope

New LSAs have been introduced to carry IPv6 prefixes.A new link LSA has been introduced.

Alcatel-Lucent C


ot Distribute



OSPFv3 Changes (continued)

Multiple instances per linkA new instance ID is used

Link-local address supportLink LSA

Authentication removedRelies on IP authentication

Packet-format and LSA-format changes

Alcatel-Lucent C


ot Distribute



IS-IS IPv6

IS-IS for IPv6 is defined in Routing IPv6 with IS-IS (draft-ietf-ipv6-05.txt)

3 new TLVs created for IPv6:IPv6 reachability (0xEC)

— Equivalent to IPv4 “IP internal reachability information” and “IP external reachability information”

— IPv6 routing prefix and metric informationIPv6 interface address (0xE8)

— Equivalent to “IP interface address”— Contains 16-octet IPv6 interface address— Hello contains “link-local address”; LSP contains “non-link-

local address”A new network-layer protocol Identifier (0x8E) is used in IS-IS IPv6.

Alcatel-Lucent C


ot Distribute



IS-IS IPv6 (continued)

Single SPF is used for IS-IS IPv4 and IPv6.

Both IS-IS IPv4 and IPv6 can be enabled on the same router:config router isis ipv6-routing nativeconfig router isis ipv4-routing

It is recommended that all IS-IS routers run the same protocol.Mixing IPv4 and IPv6 settings in IS-IS routers could result in a black hole.All routers should have the same IS-IS IPv6/IPv4 routing setting.“Strict-adjacency-check” can be used to prevent a black hole.

Alcatel-Lucent C


ot Distribute



ICMPv6

ICMPv6 is used for IPv6 to handle error and information messages, node discovery, multicast group listeners, and diagnosis.ICMPv6 uses protocol 58 in the IPv6 next header field.The 7750 SR supports:

ICMP error messagesNeighbor discoveryRouter discovery

— Stateless auto-configuration

Duplicated address detectionRouter redirect

Alcatel-Lucent C


ot Distribute



IPv6 over IPv4

IPv6 and IPv4 will coexist for a long time.There are many ways to run IPv6 over IPv4:

Dual stack (router runs IPv4 and IPv6 stacks)Tunneling:

— IPv6 over IPv4 tunnels (RFC 2893)— 6PE— IPv6 over GRE tunnel— IPv6 over MPLS TE tunnel

The 7750 SR implementation of IPv6 over IPv4 is in several phases.

Alcatel-Lucent C


ot Distribute



IPv6 over IPv4 using Static Routing

Phase 1 only allow IPv6 over IPv4 through static routing (RFC 2893)IPv6 over IPv4 packet encapsulation uses IP protocol id 41Source / destination IP address uses the system IP address

Alcatel-Lucent C


ot Distribute



Module Summary

This module covered the following topics:Main features of IPv6IPv6 addressingOSPF and IS-IS for IPv6 networksICMPv6

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute

1


Glossary

Numbers

7750 SR Alcatel 7750 Service Router

A

ABR area border router

ACK acknowledgement

ACL access control list

AFI authority and format indicator

ARP address resolution protocol

AS autonomous system

ASBR autonomous system boundary router

ASCII American Standard Code for Information Interchange

ATM asynchronous transfer mode

B

BDR backup designated router

BFD bidirectional forward detection

BGP border gateway protocol

BIA burned-in address

C

CE customer edge

CIDR classless interdomain routing

CLI command line interface

CLNP connectionless network protocol

CPM control processor module

CRC cyclic redundancy check

CSMA/CD carrier sense multiple access collision detect

CSNP complete sequence number PDU

CSU/DSU channel service unit/data service unit

Alcatel-Lucent C


ot Distribute

2

DDB databaseDBD database descriptorDIS designated ISDNS domain name systemDR designated routerDR/BDR designated router/ backup designated routerDSAP destination service access pointDSP domain specific part

FFCS frame check sequenceFE Fast EthernetFIB forwarding information baseFLSM fixed length subnet mask

GGR graceful restart

HHDLC high-level data link controlHMAC hash-based message authentication codeHTTP hypertext transfer protocol

IIANA Internet Assigned Numbers AuthorityICMP Internet control message protocolIDI initial domain identifierIDP Initial domain partIEEE Institute of Electrical and Electronic EngineersIGP interior gateway protocolIIH ISIS helloIOM input/output moduleIP Internet protocolIPv4 Internet protocol version 4IPv6 Internet protocol version 6IS intermediate systemISDN integrated services digital networkIS-IS Intermediate System to Intermediate SystemISO International Standards OrganizationISP Internet service providerITU-T International Telecommunication Union Telecommunication Standardization Sector

LL# layer (in OSI model)LAN local area networkLLC logical link controlLS link stateLSA link-state advertisementLSDB link state data baseLSP link-state packetLSP link state PDULSR label switch routerLSU link state update

MMAC media access controlMD5 message digest 5MF more fragmentMIME multipurpose internet mail extensionMTU maximum transmission unit

Alcatel-Lucent C


ot Distribute

3

NNAT network address translationNAT/PAT network address translation/port address translationNBMA nonbroadcast multi-accessNET network entity titleNIC network interface cardNSAP network service access pointNSEL N-selectorNSR nonstop routingNSSAs not-so-stubby aareas

OOS operating systemOSI open systems interconnectionOSINCPOSPF open shortest path firstOSPF-TE open shortest path first – traffic engineeringOUI organizationally unique identifier

PP2P point-to-pointPAT port and address translationPDU protocol data unitPOS packet over SONETPPP point to point protocolPSNP partial sequence number PDU

QQoS quality of service

RR# routerRA restart acknowledgementRAM random access memoryRFC request for commentRIB routing information baseRID router IDRIP routing information protocolRIPv1 routing information protocol version 1RIPv2 routing information protocol version 2ROM read-only memoryRR restart requestRTM routing table managerRTR real-time reliable

SSAP service access pointSEL N-selectorSMTP simple mail transfer protocolSNPA subnetwork point of attachmentSONET synchronous optical networkSPF shortest path firstSPT shortest path treeSR service routerSSAP source service access point

TTCP transmission control protocolTCP/IP transmission control protocol/Internet protocolTE traffic engineeringTLS transport layer securityTLV type length valueTOS type of serviceTTL time to live

Alcatel-Lucent C


ot Distribute

4

UUDP user datagram protocol

VVLSM variable-length subnet mask

WWAN wide area network

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute

alcatel-lucent interior routing protocols and high availability student guide v1-2

Documents