ccie rs lab prep
TRANSCRIPT
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 1
CCIE Routing and Switching
2
Techtorial Session Topics
Session 1
Session 2
CCIE Program Overview/ Roadmap
Core Knowledge
Session 3 Multilayer Switching/Frame-Relay
Session 4 IP Routing Concepts/OSPF
Session 5 IP Version 6
Session 6 IP Routing BGP
Session 7 MPLS/VPN
Session 8 IP Multicast
Session 9 Quality of Service
Session 10 Troubleshooting
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 3
Program Overview and Roadmap
4
www.cisco.com/go/learnnetspace
CCNACCENT
CCNP
CCIE
Cisco CCIE Certification
CCIE R&S: Configure and troubleshoot complex converged networks
CCIE Security: Configure complex, end-to-end secure networks, troubleshoot environments, and anticipate and respond to network attacks
CCIE Service Provider: Configure and troubleshoot advanced technologies to support service provider networks
CCIE Storage: Configure and troubleshoot storage area networks over a variety of interfaces
CCIE Voice: Configure complex, end-to-end telephony, as well as network, troubleshoot, and resolve VoIP-related problems
CCIE Wireless: Plan, design, implement, operate, and troubleshoot wireless network and mobility infrastructure
5
Certification Process
CCIEs must pass two exams
The written qualification exam uses simulations and multiple-choice questions
The lab exam is what makes this certification different; the full-day, hands-on lab exam tests the ability to configure and troubleshoot equipment
Not all lab exams are offered at all lab locations
6
Process: Step 1 The Written Exam
Available worldwide at Pearson VUE for $350 USD, adjusted for exchange rate and local taxes where applicable
Two-hour exam uses simulations and multiple-choice questions
Closed book; no outside reference materials allowed
Pass/fail results available immediately; passing score set by statistical analysis and subject to periodic change
Waiting period of five calendar days to retake the exam
Candidates must wait minimum of six months before retaking the same number exam
Must take first lab exam attempt within 18 months of passing written, or written exam expires
7
Process: Step 2 The Lab Exam
Available in select Cisco locations for $1,400 USD, adjusted for exchange rates and local taxes where applicable, not including travel and lodging
Eight-hour exam requires working configurations and troubleshooting to demonstrate expertise
Cisco documentation available via Cisco Web; no personal materials of any kind allowed in lab
Minimum score of 80% to pass
Scores generally can be viewed online within 48 hours; failing score reports indicate areas where additional study may be useful
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 8
CCIE Routing and Switching
9
CCIE Routing and Switching
Most popular track, over 80% of CCIE candidates attempt R&S first
Expert-level knowledge of LAN and WAN interfaces, Routing Protocols, and variety of routers and switches
Expert-level in troubleshoot to solve complex connectivity problems and apply solutions to increase bandwidth, improve response times, maximize performance, improve security, and support global applications
10
Recent Changes to CCIE R&S
Reflect growth of network as a service platform
Aligning to job tasks of expert-level network engineers and expectations of employers
New certification standards released on May 5, 2009
New areas include: –planning and evaluating network changes
–MPLS and VPN networking
–implementing performance routing and optimized edge routing
–filtering and route distribution
–EIGRPv6
–IPv6 multicast
11
CCIE R&S v4.0 Certification
Written and lab exams refreshed with new questions
Adding coverage of MPLS and VPN
Written exam adding simulations
Lab exam adding hands-on troubleshooting
Exam durations and pricing remain same
V4.0 exams scheduled for release October 18, 2009 and will immediately replace v3.0 exams
Last day to take v3.0 exam is October 17, 2009
12
CCIE Exam Development Process
Job role and career development survey
Cisco business unit/ technology groups
Cisco Technical Support team
Comprehensive Job Task Analysis, performed by external and internal network experts
Customer Advisory Groups
Certification Standards
Exam Design
Development Inputs • Cisco content
advisory team
• CCIE program managers
• Customer validation survey
• Alpha review
• Beta test and statistical analysis
Validation and Feedback
Clearly defined and ISO-reviewed process ensures exams are relevant and valid.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 13
CCIE Routing and Switching Written Exam
14
CCIE R&S Written Exam
Covers networking theory related to:
Evaluate proposed changes to a Network
General networking*
Bridging and LAN switching (Implement Layer 2 Technologies)
IP and IP routing (Implement IPv4)
QoS (Implement Quality of Service)
WAN (Implement Layer 2 Technologies)
IP multicast (Implement IP Multicast)
Security (Implement Network Security)
IPv6 (Implement IPv6)
MPLS (Implement MPLS Layer 3 VPNs)
Implement Network Services
Troubleshoot a Network
Optimize the Network
Written lays foundation to the Lab Exam
Black = v3.0 blueprint
Red= v4.0 blueprint
* = removed fromv4.0
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 15
CCIE Routing and Switching Lab Exam
16
R&S Lab LocationsTokyo
Sydney
Sao Paulo
Beijing
San Jose
RTP
Dubai
Brussels
Hong Kong
Permanent CCIE R&S Lab Locations
Bangalore
Upcoming Mobile Labs:
Moscow, Russia May 4-8, 2009Singapore, Singapore June 8-12, 2009Riyadh, Saudi Arabia June 20-24, 2009
17
Introduction
Candidates build a network to a series of supplied specifications
The point values for each question are shown on the exam
Some questions depend upon completion of previous parts of the network
Report any suspected equipment issues to the proctor as soon as possible; adjustments cannot be made once the exam is over
18
R&S Lab Exam: Topics Evaluate proposed changes to a Network
Bridging and Switching (Implement Layer 2 Technologies)
IP IGP Routing (which includes IPv6) (Implement IPv4 – includes BGP)
BGP
Implement IPv6
Implement MPLS Layer 3 VPNs
IP and Cisco IOS Features (Implement Network Services)
Implement MPLS Layer 3 VPNs
IP Multicast (Implement IP Multicast)
QoS (Implement Quality of Service)
Security (Implement Network Security)
Troubleshoot a Network
Optimize the Network
Black = v3.0 blueprint
Red= v4.0 blueprint
19
Introduction
Each candidate has his/her own PC and rack of equipment
Equipment rack may or may not be with candidates desk and PC
Equipment requires no HW or Cabling configuration by candidate
If the candidate feels that a HW or cabling intervention is needed the CCIE lab proctor must be involved
Check the CCIE web page for the latest equipment list and IOS versions
20
Rack Access
The Comm Server is pre-configured
The Candidate PC has the terminal emulator pre-configured to access all routers and switches (in general SecureCRT), browsers and any other needed application
Comm ServerCandidate PC
Exam Routers
Ethernet
Rack Connection Method
21
Passwords
All routers and switches have a startup configuration: hostnames, passwords, line setup, and IP addresses for primary interfaces are already configured; since all tests require the router to be accessible via the VTY and AUX ports, do not change these established configurations
22
Standard Restrictions
Static routes (of any kind)
Default routes
**Dynamic routes to null are permitted
Unless Specified within the exam you are NOT allowed to use
23
R&S Lab Exam: Sample Topology
R1
R5
R4
R3
R2
Frame Relay
SW1
SW2
FA0/0-10.11/24 S0/0-11.1/24 S0/0-11.2/24
FA0/0-33.1/24
FA0/0-50.1/24
FA0/0-50.1/24
FA0/0-22.1/24
FA0/0-22.5/24
Lo0-1.1/24Lo1-172.16.1.1Lo2-172.16.2.2Lo3-172.16.3.3Lo4-172.16.4.4
Lo0-2.2/24
Lo0-5.5/24
R6 Lo0-4.4/24
Network Addressing 125.10.0.0
Frame Relay
24
R&S Lab Exam: Sample Question
Configure RIPv2 on R1, R2, and R5
Redistribute between RIP and OSPF on R5
All routes should be visible on all routers
Score: 2 Points
Section: 2.5 RIP
25
R&S Lab Exam: Sample Answer
R4 must have all routes on its routing tableR4#show ip route <-> 172.16.0.0/24 is subnetted, 4 subnetsO E2 172.16.4.0 [110/20] via 125.10.50.1, 22:34:38, Ethernet0/0O E2 172.16.1.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0O E2 172.16.2.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0O E2 172.16.3.0 [110/20] via 125.10.50.1, 22:34:58, Ethernet0/0 125.0.0.0/8 is variably subnetted, 8 subnets, 2 masksC 125.10.50.0/24 is directly connected, Ethernet0/0O E2 125.10.22.0/24 [110/20] via 125.10.50.1, 22:44:39, Ethernet0/0C 125.10.4.0/24 is directly connected, Loopback0O E2 125.10.2.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.1.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O 125.10.5.5/32 [110/11] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.11.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.10.0/24 [110/20] via 125.10.50.1, 22:44:44, Ethernet0/0R4#
Verification—1
26
R&S Lab Exam: Grading
Proctors grade all lab exams
Automatic tools aid proctors with simple grading tasks
Automatic tools are never solely responsible for lab exam grading
Proctors complete grading of the exam and submit the final score within 48 hours
Partial credit is not awarded on questions
Points are awarded for working solutions only
Some questions have multiple solutions
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 27
Q and A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 28
Session 2:
Core Knowledge
29
Agenda
What is the Core Knowledge questions
How many questions?
Structure through the lab exam
Sample questions
30
Core Knowledge Consists of four and computer-delivered short-answer
questions is being added to the lab exam in all global lab locations.
Candidates will be required to type out their answers, which typically require five words or less.
This section covers core concepts from the CCIE R&S exam objectives.
When candidates complete the Core Knowledge section, they may move immediately to the lab configuration portion of the exam.
You must be completed before the candidate moves to the lab configuration scenarios.
31
Core Knowledge Sample Question - 1
Refer to the diagram below. On which routers can you enable summarization in OSPF?
(Answer: Any ABR router)
32
Core Knowledge Sample Question - 2
What protocol do the following statements describe?
Integral to IPv6
Every node that implements IPv6 must fully implement this protocol.
Many IPv6 functions utilize this protocol e.g. MTU path discovery, and neighbor discovery, etc.
(Answer: ICMPv6)
33
Core Knowledge Sample Question - 3
What device is used to dynamically announce the RP address to all routers in a PIM environment ?
Which open standard BGP attribute is used first in the BGP Best Path selection algorithm?
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 34
Session 3:
Multilayer Switching and Frame Relay
35
Agenda
LAN Switching
MLS Concepts
Layer 2 Protocols
Layer 2 Features
Layer 3 Features
Troubleshooting Tips
Frame Relay
Concepts
Configuration Options
Troubleshooting Tips
36
MLS Concepts
Layer 1:
Collision domain: Hub
Layer 2:
Broadcast domain: Vlan
VTP domain
STP domain
Layer 3 and 4: MLS
Wire-rate forwarding based on upper layer info
IP (address or TOS)
TCP/UDP ports
37
Layer 2 VLAN’s
Broadcast domains spanning multiple switches
Default Vlan 1
Normal-range: 1 to 1005
Extended-range: 1006 to 4094
Deprecated vlan-database > vlan config-mode
Minimal port config once the Vlan is known:
switchport mode access
switchport access vlan X
38
Layer 2 FeaturesVerify VLAN Configuration
switch#sh vlan brief
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5 Fa0/7, Fa0/8, Fa0/9, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/21 Fa0/22, Fa0/24, Gi0/1, Gi0/211 VLAN_BB1 active Fa0/1012 VLAN_BB2 active 13 VLAN_BB3 active 21 VLAN_A active 22 VLAN_B active 23 VLAN_C active 55 vlan_test active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup switch#switch#s run int f0/10!interface FastEthernet0/10 switchport access vlan 11 switchport mode accessend
39
Most LAN topologies consist of multiple VLANs
How to carry multiple VLANs on a single physical link, while maintaining isolation?
Trunking Protocols:IEEE 802.1q
4 bytes tag with Vlan ID
Supports Native Vlan (not tagged, must match on L2 links)
ISL (Cisco Proprietary)
30 bytes header (26 + 4) true encapsulation
No Native concepts, ALL frames encapsulated
Layer 2 Ethernet Trunk
X
10 VLANS
?
40
Sample Question
Create trunking among the four switches meeting the following requirements:
Trunking will be formed unconditionally
Use ISL encapsulation
Choose the encapsulation and create a trunk between R6 and Sw2. Only VLAN_BB3 and VLAN_B must be allowed in the trunk
Implicit: refer to the diagrams to determine IP addresses
Score: 2 Points
41
Sample Questions
You have multiple diagrams and have to figure out which ports to configure
Diagrams
FR FR
Sw1 Sw2
Fa0/19Fa0/20Fa0/21Fa0/22
Fa0/19Fa0/20Fa0/21Fa0/22
sw1
sw1
sw1
sw1
Fa0/1
Fa0/2
Fa0/3
Fa0/4
g0/0
g0/0
g0/0
g0/0
sw1 Fa0/10
g0/1
g0/2
g0/3
g0/4
Fa0/1
Fa0/2
Fa0/3
Fa0/4
Fa0/10
sw2
sw2
sw2
sw2
sw2BB1 BB2
R1
R2
R3
R4
42
Sample Question—Solution
On switch-switch links, use ‘interface-range’ to speed up and minimize missed/wrong configConfig)#interface range fa0/19-20switchport trunk encapsulation islswitchport mode trunk
On switch-router, with the IOS running, only dot1Q is supported!
Router’ subinterface:-if)#encapsulation dot1q [vlanID]-if)#ip address [asPerDiagram…]
Switch port:-if)#switchport encapsulation dot1q-if)#switchport trunk allowed vlan 13,22-if)#switchport mode trunk
43
Sample Question—Verification
switch#s int f0/x trunk
Port Mode Encapsulation Status Native vlanFa0/x on isl trunking 1
Port Vlans allowed on trunkFa0/x 1-4094
Port Vlans allowed and active in management domainFa0/x 1,11-13,21-23,55
Port Vlans in spanning tree forwarding state and not prunedFa0/x 1,11-12,21-23,55
44
Layer 2 Protocols
CDP
Useful to discover L2 topology and detect weird forwarding issues (cdp neighbors appear where they shouldn’t)
switch3#sh cdp neigh
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
bb3-sw Fas 0/10 130 S I WS-C3550-4Fas 0/8
Switch4 Fas 0/24 178 R S I WS-C3560-2Fas 0/24
Switch4 Fas 0/23 178 R S I WS-C3560-2Fas 0/23
45
Sample Question
Configure the amount of time a neighbor should hold CDP information sent by Sw2 before discarding it to 2 minutes
Score: 2 Points
46
Sample Question—Solution
Sw2
Config)#cdp holdtime 120
Verification:
switch2#sh cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 120 seconds
Sending CDPv2 advertisements is enabled
47
Layer 2 ProtocolsDTP (Dynamic Trunking Protocol)
Negotiate trunking encapsulation, enabled by default
Some basic error checking
48
Sample Written Question
What trunk mode combination would not produce an operational ISL trunk?
Local: auto Remote: auto
Local: on Remote: auto
Local: nonegociate Remote: on
Local: nonegociate Remote: nonegociate
Local: auto Remote: desirable
Solution: AIf both sides are set to Auto, trunk will never come up
49
Sample Lab Question
Completely disable DTP traffic on all Fast Ethernet ports on all switches
Score: 2 Points
50
Sample Lab Question—Solution
if)#switchport mode access
if)#switchport nonegociate
Verification :
show interfaces switchport
Name: FaX/Y
Negotiation of Trunking: Off
51
VLAN Trunk Protocol (VTP)
Same VTP domain, version (1 or 2) and password
3 modes: server—client—transparent
Pruning
Switch-1 Switch-2
VTP Domain is CCIE
VLAN 10
Switch-1(config-if)#vlan 10
52
VTP CLI
sh vtp statusmost info comes out of this
sh vtp countersto see, whether pruning joins are received/transmitted
sh int pruningto see, which vlans are pruned and which vlans we request from upstream
sh int trunkto see, which vlans are (not) pruned and are forwarding
debug sw-vlan vtp <events|packets|xmit|pruning>
53
Layer 2 FeaturesVTP Verification
3550# show vtp countersVTP statistics:Summary advertisements received : 734Subset advertisements received : 0 Request advertisements received : 0Summary advertisements transmitted : 2199…
3550# show vtp statusVTP Version : 2Configuration Revision : 16Maximum VLANs supported locally : 1005Number of existing VLANs : 9VTP Operating Mode : ServerVTP Domain Name : ciscoVTP Pruning Mode : EnabledVTP V2 Mode : Disabled…
54
Layer 2 FeaturesEtherChannels
A logical aggregation of similar links (up to 8) 10/100/1000/10GE ports
Channel always point-to-point and viewed as one logical link by other protocols
Two flavors: Cisco’s PAgP and IEEE 802.3ad LACP
Each defines an “active” and “passive” side
55
EtherChannels
Can aggregate L2 Access Ports, L2 Trunks or L3 Links
Load-balancing algorithm (default is src-mac)
Operates between switches, routers, and certain vendors’ NICs
56
Sample Question
Create EtherChannels among Sw1 and Sw2 so that it will be formed unconditionally NOT using any protocol negotiation
Score: 2 Points
57
Sample Question—Solution
Use interface range
Config)#int range FastEthernet0/x-y
Config)#channel-group z mode on
Verification
sh etherchannel z port-channel
sh etherchannel [sum|load]
sh pagp|lacp [[port-chan#] neigh|count|internal]
58
Layer 2 FeaturesEtherChannel Verification
Rack08Sw2#sh etherchannel sum
...
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+--------------------------------------------
12 Po12(SU) - Fa0/23(P) Fa0/24(P)
switch#sh ether 12 port
Ports in the group:
-------------------
Port: Fa0/23
------------
Port state = Up Mstr In-Bndl
Channel group = 12 Mode = On/FEC Gcchange = -
Port-channel = Po12 GC = - Pseudo port-channel = Po12
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 00d:00h:00m:17s
59
Layer 2 FeaturesEtherChannel Verification [2]
switch#sh int port-channel 12
Port-channel12 is up, line protocol is up (connected)
Members in this channel: Fa0/23 Fa0/24
switch#sh pagp ?
<1-64> Channel group number
counters Traffic information
internal Internal information
neighbor Neighbor information
switch#sh lacp ?
<1-64> Channel group number
counters Traffic information
internal Internal information
neighbor Neighbor information
sys-id LACP System ID
60
Spanning Tree
Provide loop free topology while physical redundant links/trunks are allowed between switches
Elects a root bridge and defines roles to the ports based on least cost path to the root
One Root port per bridge and one Designated port per segment
Blocks other ports to break loops(PDU still passes through)
61
Spanning Tree
Port States
Blocking: No user traffic allowed, only BPDUs
Listening: Receives BPDUs and wait for convergence of BPDUs
Learning: Learn source MAC from user traffic to build CAM
Forwarding: Normal mode, forward user traffic AND BPDUs
Disabled: Port is shut (/admin or not)...
62
Spanning-Tree Algorithm
A BPDU Is Superior than Another if it Has:
1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID
63
A Root
C Peer
D Peer
1
2
2
1
2
21
RP
DP
DP
RP
DP
DP
RP
NDP
1Core
Distribution
B Peer
Spanning Tree
32768:000000000003
8192:000000000001
32768:000000000004
32768:000000000002
Designated Ports: PortsSelected for Forwarding
Direction ofBPDU Flow
Root Ports: Port with LeastCost Path to the Root Bridge
Nondesignated Ports:Ports in Blocking
64
Spanning Tree—RSTP—802.1w
switch(config)#spanning-tree mode ? mst Multiple spanning tree mode pvst Per-Vlan spanning tree mode rapid-pvst Per-Vlan rapid spanning tree mode
Mechanism of handshake to bypass listening/ forwarding state of the designated port if all bridges on a segment recognized this port as the designated
‘Disabled’+’Blocking’+’Listening’ states are merged into ‘Discarding’ state
65
Spanning Tree—MST—802.1s
Enhances STP scalability (preserves CPU power)
Flexible load-balancing
Complex interoperability with other STP flavors
66
Spanning Tree—MST—802.1s
MST Configuration: Identical for all switches in the same region
Digest of the config is sent in the MST BPDU
spanning-tree mode mst
spanning-tree mst configuration
name MST < up to 32bytes
revision 1
instance 1 vlan 20, 40, 60
instance 2 vlan 30, 50, 70
67
Spanning Tree Features
Portfast
Bpduguard
Bpdufilter
Uplinkfast
Backbonefast
Rootguard
68
Sample Lab Question
The 3550 switches in your topology are pre-cabled as shown in the diagram above. VLANs have already been assigned to the switches. Configure Sw1 and Sw2 to have the following behavior:
Only ODD VLANs should be forwarded on Fa0/23 during normal operationOnly EVEN VLANs should be forwarded on Fa0/24 during normal operationInterfaces should begin forwarding traffic within eight seconds of link-upDO THIS WITH EXACTLY WITH TWO COMMANDS PER SWITCH
Fa0/24
Fa0/23
Fa0/24
Fa0/23
Score: 3 Points
Sw2Sw1
69
Sample Lab Question: Analysis
Analyze the Initial Status
Sw#sh vlan brief ; Sw1#sh int trunk
Only Vlan 1 and Vlan 2 are active
Fa0/23 and Fa0/24 are trunk ports on both sides
Sw#sh span vl [1 | 2]
Sw1 is the root for both Vlans, as per lower sys MAC
Sw2 is Forwarding both Vlans out of Fa0/23 as per lower port ID Sw2Sw1
Desg FWDRoot FWD
Altn BLK
70
Vlan 1
Sw2Sw1
Sample Lab Question: Design
Think About It…
Vlan 2
Initial : Vlan 1 + 2
Possible Solution?
No, Because This Doesn’t Answer the “Exactly 2 Commands Per Switch” !
spanning-tree vlan 1 forward-time 4spanning-tree vlan 2 forward-time 4-if)#spanning-tree vlan 2 port-priority 112
Desg FWDRoot FWD
Altn BLK
Sw2Sw1
Sw2Sw1
71
Sample Lab Question: Solution
So We Need Sw2 to Become Root for One Vlan!
spanning-tree vlan 1 forward-time 4spanning-tree vlan 2 priority 61440
spanning-tree vlan 2 forward-time 4-if)#spanning-tree vlan 2 port-priority 112
Desg FWDRoot FWD
Altn BLK
Vlan 1
Sw2Sw1
Vlan 2
Sw2Sw1
72
Sample Lab Question: Verification
Sw1#s span vlan 1VLAN001 Spanning tree enabled protocol ieee Root ID Priority 32779 Address 0009.e8e2.6200 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 4 sec. . .
Sw1#s span vlan 2VLAN002 Spanning tree enabled protocol ieee Root ID Priority 32780 Address 0015.6286.7400 Cost 19 Port 24 (FastEthernet0/24) Hello Time 2 sec Max Age 20 sec Forward Delay 4 sec
Bridge ID Priority 61452 (priority 61440 sys-id-ext 2) Address 0009.e8e2.6200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300
Interface Role Sts Cost Prio.Nbr Type---------------- ---- --- --------- -------- --------------------------------Fa0/23 Altn BLK 19 128.23 P2p Fa0/24 Root FWD 19 128.24 P2p
73
Layer 3 FeaturesSwitched Virtual Interface (SVI)
Software-based virtual interface
Configure SVIs for any VLANs for which you want to route traffic
SVI VLAN1 is created by default
3.0.0.1
5.0.0.4
5.0.0.1
Fa0/5
Fa0/1VLAN10
Fa0/2
Fa0/33.0.0.83.0.0.6
SVI
vlan10
74
Layer 3 FeaturesRouted Ports
Acts like a port on a router
Not associated with a particular VLAN
Put the interface into Layer 3 mode with the no switchport interface configuration command
Routed Port
3.0.0.1
5.0.0.4
5.0.0.1
Fa0/5
Fa0/1VLAN10
Fa0/2Fa0/3
3.0.0.83.0.0.6
SVI 10
75
Layer 3 FeaturesSVI/Routed Port Configuration
Routed Port
!interface Vlan10 ip address 3.0.0.1 255.0.0.0end
!interface FastEthernet0/5 no switchport ip address 5.0.0.1 255.0.0.0end
SVI
3.0.0.1
5.0.0.4
5.0.0.1
Fa0/5
Fa0/1VLAN10
Fa0/2Fa0/3
3.0.0.83.0.0.6
SVI 10
76
Layer 2/Layer 3Troubleshooting Discussion
R1 R2E0/0
Fa0/1 Fa0/2
Fa0/0
Ping from R1 to R2 FailsHow Do You Troubleshoot?
77
References
Cisco LAN Switching, Kennedy Clark, Cisco Press®
Interconnections, 2nd edition, Radia Perlman
Cisco Catalyst 3550 configuration guide CCOhttp://www.cisco.com/univercd/cc/td/doc/product/lan/c3550
Cisco Catalyst 3560 configuration guide CCOhttp://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/index.htm
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 78
Q and A
79
Frame Relay
Concepts
Implementation Options
Troubleshooting Tips
80
Frame Relay Concepts
DLCI—Data-link connection identifier
LMI—Local Management Interface
PVC—Permanent Virtual Circuit
Frame RelaySwitchLMI
PVC
DLCI DLCI
LMI
81
Frame Relay: CCIE Lab FR Switch
Sample Configuration!frame-relay switching!interface Serial1/0 no ip address encapsulation frame-relay clockrate 1007616 frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 102 interface Serial1/2 201 frame-relay route 103 interface Serial2/0 301 frame-relay route 104 interface Serial2/2 401
FR-SWR1 R2
The Frame Relay Switch Is Pre-Configured
82
NBMA—Hub and SpokeTypical Exam Scenario
R2
R3
Frame Relay R1
172.16.1.2/24
172.16.1.3/24
172.16.1.1/24
201
301
102
103
83
Frame-Relay Inverse ARP
interface Serial0
ip address 172.16.1.1 255.255.255.0
encapsulation frame-relay
interface Serial1
ip address 172.16.1.2 255.255.255.0
encapsulation frame-relay
Dynamic L3 to L2 Address Mapping Uses Frame Relay Inverse ARP to Request the Next Hop Protocol Address for a Specific
Connection (DLCI)
Rtr A Rtr BS0 S1
140 401
84
Frame-Relay Verification
RtrA# show frame-relay map
Serial0 (up): ip 172.16.1.2 dlci 140(0x8C,0x20C0), dynamic, broadcast,, status defined, active
RtrA# show frame-relay pvc
DLCI = 140, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0 input pkts 83 output pkts 87 in bytes 8144 out bytes 8408 dropped pkts 0 in FECN pkts0 in BECN pkts 0 out FECN pkts 0 out BECN pkts0 in DE pkts 0 out DE pkts 0 out bcast pkts 41 out bcast bytes 3652 pvc create time 01:31:50, last time pvc status changed 01:28:28
Rtr A Rtr BS0 S1
140 401
85
Frame-Relay Static Mapping
interface Serial0
ip address 172.16.1.1 255.255.255.0
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay map ip 172.16.1.2 140 broadcast
interface Serial1
ip address 172.16.1.2 255.255.255.0
encapsulation frame-relay
No frame-relay inverse-arp
Frame-relay map ip 172.16.1.1 401 broadcast
Manually Disable Inverse ARP!
Rtr A Rtr BS0 S1
140 401
86
Hub and Spoke—Multipoint
R1interface Serial1 ip address 172.16.1.1 255.255.255.0 frame-relay map ip 172.16.1.2 102 broadcast frame-relay map ip 172.16.1.3 103 broadcast no frame-relay inverse-arp
R3interface Serial1 ip address 172.16.1.3 255.255.255.0 frame-relay map ip 172.16.1.1 301 broadcast frame-relay map ip 172.16.1.2 301 no frame-relay inverse-arp
R2
R3
Frame Relay R1
172.16.1.2/24
172.16.1.3/24
172.16.1.1/24
201
301
102
103
87
Hub and Spoke—Point-to-Point
R2
R3
Frame Relay R1
172.16.1.2/24
172.16.1.3/24
172.16.1.1/24
201
301
102
103
R1interface Serial1 ip address 172.16.1.1 255.255.255.0 frame-relay map ip 172.16.1.2 102 broadcast frame-relay map ip 172.16.1.3 103 broadcast no frame-relay inverse-arp
R2interface Serial1.201 point-to-point ip address 172.16.1.2 255.255.255.0frame-relay interface dlci 201
88
Frame Relay Troubleshooting
show interfaceshow frame-relay mapshow frame-relay lmishow frame-relay pvc
Rtr A Rtr BS0 S1
114 411
89
Frame Relay Troubleshootingshow interface
R1#show interfaces s0/0/1
Serial0/0/1 is up, line protocol is up
…
Encapsulation FRAME-RELAY, loopback not set
Keepalive set (10 sec)
LMI enq sent 147, LMI stat recvd 147, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE
FR SVC disabled, LAPF state down
…
DCD=up DSR=up DTR=up RTS=up CTS=up
90
Frame Relay Troubleshooting show frame-relay lmi
R1#show frame-relay lmi
LMI Statistics for interface Serial0/0/1 (Frame Relay DTE) LMI TYPE = ANSI
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 183 Num Status msgs Rcvd 183
Num Update Status Rcvd 0 Num Status Timeouts 0
Last Full Status Req 00:00:24 Last Full Status Rcvd 00:00:24
91
Frame Relay Troubleshootingshow frame-relay pvc
R1#show frame-relay pvc
PVC Statistics for interface Serial0/0/1 (Frame Relay DTE) Active Inactive Deleted StaticLocal 1 0 0 0Switched 0 0 0 0Unused 0 0 0 0
DLCI = 114, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/1
input pkts 20 output pkts 11 in bytes 1310
out bytes 1004 dropped pkts 0 in pkts dropped 0 out pkts dropped 0 out bytes dropped 0 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 2 out bcast bytes 68 5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/secpvc create time 00:32:30, last time pvc status changed 00:32:20
92
Frame Relay Default Behavior
Multipoint
LMI type is “cisco”
Inverse ARP is enabled
Split Horizon is disabled
93
References
Frame Relay Configuration Guide CCO
http://www.cisco.com/en/US/tech/tk713/tk237/technologies_tech_note09186a008014f8a7.shtml
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 94
Q and A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 95
Session 4:
IP Routing Concepts
96
IP Routing Concepts
Policy-based Routing
Administrative Distance
Passive Interfaces
97
Policy-Based Routing
Configured on the receiving (ingress) interface
Packets are routed based on a configured policy specified in a route map
The route map statements can be marked as permit or deny
If a matching statement is marked as a deny, packets are sent back through the normal forwarding channels
Packets that not match any route map statements are sent back through the normal forwarding channels
If it is desired to drop packets that do not match the specified criteria, interface Null 0 should be specified as the last interface in the list
98
Policy-Based Routing—Configuration
Configuration Steps
Define a sequenced Policy (route-map)route-map policyName [permit|deny]
[seq#]
Identify which traffic to policy-routematch…
Specify the policy for that traffic set…
Apply the policy to an interface-if)#ip policy route-map policyName
99
Verification
R3#trace ip 140.10.1.1
Type escape sequence to abort.
Tracing the route to YY.YY.10.7
1 136.15.1.5 0 msec 0 msec 0 msec It goes to R5 than
2 140.10.1.1 20 msec 16 msec 16 msec it goes to R2 (not to R1)
PBR Sample Lab Question
Configure only R5 so that any received IP traffic that is sourced from 135.12.1.0 is forwarded to R2.
R2 R5
R3R1
135.12.1.0/24
140.10.1.1/24
R4
136.15.1.5/24
150.2.2.0/24
100
Administrative Distance
A router with more than one IP routing protocol enabled will use the administrative distance to select a route if the route is learned from more than one protocol; a lower admin distance is preferred
Connected 0
Static 1
eBGP 20
EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
Ext EIGRP 175
iBGP 200
Unknown 255 Not Believed
101
Passive Interfaces
To disable sending routing updates out an interface, use the passive-interface command
Used in router configuration mode
Configuration Examples:
passive-interface gi0/0/0 no updates sent out interface gi0/0/0
passive-interface default no updates sent out any interfaces use no passive-interface on specified interfaces to send updates
** Note: A passive interface does not send routing protocol information. It does receive and process updates on the interface.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 102
EIGRP
103
Disclaimer—Reminder
With the time allocated, we can only review the cornerstones of the most important IGPs
EIGRP and OSPF
104
EIGRP
Introduction and Review
Neighbor Relationships
Summarization
Load Balancing
105
Advantages of EIGRP
Uses multicast instead of broadcast
Utilize composite metric (bandwidth, delay, load, reliability)
Unequal cost paths load balancing
More flexible than OSPF
Full support of distribute list
Manual summarization can be done in any interface at any router within network
106
EIGRP
Introduction and Review
Neighbor Relationships
Load Balancing
Summarization
107
EIGRP Packets
Hello: Establish neighbor relationships
Update: Send routing updates
Query: Ask neighbors about routing information
Reply: Response to query about routing information
Ack: Acknowledgement of a reliable packet
108
EIGRP Neighbor Relationship
Two routers become neighbors when they see each other’s hello packet (see later for details)
Hello address = 224.0.0.10
Hellos sent once every five seconds on the following links:
Broadcast Media: Ethernet, Token Ring, FDDI, etc.
Point-to-point serial links: PPP, HDLC, point-to-point frame relay/ATM sub-interfaces
Multipoint circuits with bandwidth greater than T1: ISDN PRI, SMDS, Frame Relay
109
EIGRP Neighbor Relationship
Hellos sent once every 60 seconds on thefollowing links:
Multi-point circuits with bandwidth less than T1: ISDN BRI, Frame Relay, SMDS, etc.
Neighbor declared dead when no EIGRP packets are received within hold interval
Not only Hello can reset the hold timer
Hold time by default is three times the hello time
Config-if)#ip hold-time eigrp as-number seconds
110
EIGRP Neighbor Relationship
EIGRP will form neighbors even though hello time and hold time don’t match
EIGRP sources hello packets from primary address of the interface
EIGRP will not form neighbor if K-values are mismatched
EIGRP will not form neighbor if AS numbers are mismatched
111
Neighbor Process—Review
Used for establishing and maintaining neighbors
Multicast hellos (by default)
224.0.0.10 (0100.5e00.000a)
Neighbor timers
Default Hello Interval—5 or 60 sec.
Default Hold time—15 or 180 sec.
A
B
Hello
112
Checking Neighbor Status
Hold—How long to wait for an EIGRP packet before declaring this neighbor dead
Uptime—How long since last time this neighbor was discovered
RTRA#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 2 10.1.1.1 Et0 12 6d16h 20 200 0
233 1 10.1.4.3 Et1 13 2w2d 87 522 0 452 0 10.1.4.2 Et1 10 2w2d 85 510 0 3
113
Checking Neighbor Status
EIGRP log-neighbor-changes is on by default since 12.1(3)
Don’t turn it off in the lab
Best to send to logs to console in the lab
RouterA(config) # router eigrp 100
RouterA(config-router) # eigrp log-neighbor-changes
RouterA(config) # logging console
114
Log-Neighbor-Changes Messages
Common neighbor change messages
(Hint: Peer restarted means you have to check the peer; it’s the one that restarted)
Neighbor 10.1.1.1 (Ethernet0) is down: peer restarted
Neighbor 10.1.1.1 (Ethernet0) is up: new adjacency
Neighbor 10.1.1.1 (Ethernet0) is down: holding time expired
Neighbor 10.1.1.1 (Ethernet0) is down: retry limit exceeded
Neighbor 10.1.1.1 (Ethernet0) is down: route filter changed
115
What Causes Neighbor Instability?
Holding time expired
Retry limit exceeded
Manual changes
Physical link instability
Stuck-in-active routes
116
Holding Time Expired
Holding time expires when an EIGRP packet is not seen for the duration of the hold time
Usually caused by missing multicast hello packets
Typically caused by congestion, physical errorsor even routing issue
A
B
Hello
Neighbor 10.1.1.1 (Ethernet0) Is Down: Holding Time Expired
117
Ping the multicast Address (224.0.0.10) from the Other Router
Ping 224.0.0.10
Note: If There Are Many Interfaces/Neighbors on Router B, You Should Use Extended Ping and Specify the Source Address/Interface of the Multicast Ping
Troubleshooting Holding Time Expiration
A
B
Neighbor 10.1.1.1 (Ethernet0) Is Down: Holding Time Expired
118
Troubleshooting Holding Time Expiration
RouterA# debug eigrp packet hello
EIGRP Packets debugging is on (HELLO)
19:08:38.521: EIGRP: Sending HELLO on Serial1/1
19:08:38.521: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
19:08:38.869: EIGRP: Received HELLO on Serial1/1 nbr 10.1.6.2
19:08:38.869: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
19:08:39.081: EIGRP: Sending HELLO on FastEthernet0/0
19:08:39.081: AS 100, Fags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
Remember—Any Debug Can Be Hazardous
on a Live Network; It’s Ok in CCIE Lab Though
119
Retry Limit Exceeded
EIGRP sends unreliable and reliable packets
Hellos and Acks are unreliable
Updates, Queries, and Replies are reliable
Reliable packets are sequenced and require an Acknowledgement
Reliable packets are retransmitted up to 16 times if not acknowledged
120
Retry Limit Exceeded (Cont.)
Reliable packets are re-sent after Retransmit Time Out (RTO)
Typically 6 x Smooth Round Trip Time (SRTT)
Minimum RTO is 200 ms
Maximum RTO is 5000 ms (5 seconds)
16 retransmits takes between 50 seconds and 80 seconds
121
A
B
Retry Limit Exceeded (Cont.)
If a reliable packet is not acknowledged before 16 retransmissions and the Hold Timer duration has passed, re-initialize the neighbor
UpdateAck
XXXXXXXXXXXXXX
Neighbor 10.1.1.1 (Ethernet0) Is Down: Retry Limit Exceeded
122
Manual Changes
Some manual configuration changes also reset EIGRP neighbors:
Summary changes (manual and auto)
Route filter changes
This is normal behavior
Metric change does not reset neighbors
123
Physical Link State Changes
Interface drivers tell EIGRP when a link goes down or comes up
EIGRP removes neighbors from the neighbor table when the interface used to reach them goes down
EIGRP (re)-initializes neighbors when a link comes up (and Hellos received)
Normal, but not nice
124
EIGRP
Introduction and Review
Neighbor Relationships
Summarization
Load Balancing
125
EIGRP Summarization
Purpose: Smaller routing tables, smaller updates
Auto summarization:
On major network boundaries, networks are summarized to the major networks
Auto summarization is turned on by default
150.150.X.X
150.150.X.X
151.151.X.X
126
Manual Summarization
Configurable on per interface basis in any router within the network
When summarization is configured on an interface, the router immediate creates a route pointing to null zero with administrative distance of five
Loop prevention mechanism
When the last specific route of the summary goes away, the summary is deleted
The minimum metric of the specific routes is used as the metric of the summary route
127
150.2.0.0/16
150.3.0.0/16
150.2.0.0/15
interface s0ip address 150.1.1.1 255.255.0.0ip summary-address eigrp 100 150.2.0.0 255.254.0.0
S0
AS 100
EIGRP Summarization
Manual Summarization Command:ip summary-address eigrp <as number> <address> <mask>
128
Deploying Summarization
Summarization is simply a way to hide topological detail while maintaining reachability
But sometimes you have to be creative to summarize
10.1.1.0/24 10.1.3.0/24
10.1.0.0/22
A
B
C
129
Deploying Summarization
For instance, can you still summarize here?
Note that A has a component which is part of 10.1.0.0/22 behind it
10.1.1.0/24 10.1.3.0/24
10.1.0.0/22
10.1.2.0/24
A
B
C
130
Deploying Summarization
Sure
Routers always route to the longest prefix
Destinations within 10.1.2.0/24 will be routed towards A, while destinations within 10.1.1.0/24 and 10.1.3.0/24 will be routed towards C
10.1.1.0/24 10.1.3.0/24
10.1.0.0/22
10.1.2.0/24
A
B
C
10.1.2.0/24
10.1.0.0/22
131
EIGRP
Introduction and Review
Neighbor Relationships
Summarization
Load Balancing
132
EIGRP Load Balancing
Routes with equal metric to the minimum metric, will be installed in the routing table (equal cost load balancing)
There can be up to six entries in the routing table for the same destination (default = 4)
ip maximum-paths <1-6>
133
EIGRP UnequalCost Load Balancing
EIGRP offers unequal cost load balancing feature with the command:
Variance <multiplier>
Variance command will allow the router to include routes with a metric smaller than multiplier times the minimum metric route for that destination, where multiplier is the number specified by the variance command
134
10
20
10
10
20
25
A
B
C
D
E
Variance 2
Variance Example
Router E will choose router C to get tonet 172.16.10.0/24 FD=20
With variance of 2, router E will also choose router B to get to net 172.16.10.0/24
Router D will not be used to get to net 172.16.10.0/24
Net 172.16.10.0.24
135
EIGRP Sample Lab Question Configure EIGRP 100 on VLAN_30.
Make mutual redistribution between OSPF and EIGRP on R2 only.
At this point, you must be able to ping between EIGRP 100 subnets and the OSPF subnets, and the Backbone 3 router IP address 100.3.1.254.
Backbone 3
R1
R2
R5
VLAN_30
EIGRP 100
Frame Relay
R1
OSPF Area 0
Verification
R5#ping 100.3.1.254
<..>
!!!!!
R5#ping YY.YY.14.4
<…>
!!!!!
R5#sh ip route
D EX YY.YY.12.0/30
D EX YY.YY.14.0/24
D EX YY.YY.20.0/24
D EX YY.YY.40.0/24
D EX YY.YY.50.0/24
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 136
Q and A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 137
OSPF
138
OSPF
Review
Dealing with NBMA
Commands
Preparing for OSPF
139
OSPF
Review
Dealing with NBMA
Commands
Preparing for OSPF
140
OSPF Areas
OSPF uses a two-level hierarchical model
Backbone area
All other areas
Areas defined with 32 bit number
Defined in IP address format
Can also be defined using single decimal value (i.e., Area 0.0.0.0, or Area 0)
0.0.0.0 reserved for the backbone area
Area boundaries are at the routers
Each link is in one and only one area
Area 0
Area 1
Area 2
Area 3
141
OSPF LSAs
Router and network LSA’s within an area
Summary LSA Type 3 outside the area
Summary LSA Type 4and Type 5 forredistributed routes
Area 0
Area 1
Area 2
Area 3
142
OSPF LSAs
143
OSPF Virtual Links
Allow areas to connect to areas other than 0
Repair a discontinuousarea 0
Backup purposeArea 0
Area 1
Area 2
Area 3
X
X
Can Be Useful for Several Purposes
144
OSPF Router Types
A router with at least one interface in area 0 and 1 or more interfaces in one or more non-backbone areas
OSPF routes can only be summarized on an ABR
Area Border Router—ABR
Area 0Area 51
ABR
145
OSPF Router Types
A router with at least one interface in an OSPF area that is redistributing routes from another protocol into OSPF; external routes can be summarized on an ASBR
ASBR
BGPRIPIGRPEIGRPStaticConnected
Area 0Area 51
ABR
Autonomous System Boundry Router—ASBR
146
OSPF Area Types
Area 0Area 1Stub Redistribute
Connected
A B C10.1.1.1/30
S0/1S0
S010.1.1.2/30
S1
10.1.1.5/3010.1.1.6/30 192.168.3.3/32
Stub AreaRedistributed Routes (OSPF External Routes or Type 5) are not advertised into a Stub Area; OSPF Inter-Area Routes are advertised into a Stub Area; the ABR will advertise a default into the Stub Area
RTR-A(config-router)# area 1 stub
RTR-B(config-router)# area 1 stubconfigure on all routers in the area
ABR ASBR
Default RouteOSPF Inter-Area Routes (10.1.1.4)
OSPF External Routes (192.168.3.3) X
147
Area 0Area 1Totally Stubby
S0/1S0
S0S1
10.1.1.5/30
OSPF Area Types
Default RouteOSPF Inter-Area Routes (10.1.1.4)
OSPF External Routes (192.168.3.3) XX
ABR ASBR
Totally Stubby AreaRedistributed Routes (OSPF External Routes or Type 5) andOSPF Inter-Area Routes are Not Advertised Into a Totally Stubby Area; the ABR will Advertise a Default into the Stub AreaRTR-A(config-router)# area 1 stubRTR-B(config-router)# area 1 no-summary
configure no-summary on the ABR
A B C
RedistributeConnected
10.1.1.1/30 10.1.1.2/30
10.1.1.6/30 192.168.3.3/32
148
OSPF Area Types
Redistributed Routes (OSPF External Routes) are advertised as Type 7 at the ASBR; the ABR converts them toType 5; the ABR will not advertise a default into the NSSA AreaRTR-B(config-router)# area 1 nssaRTR-C(config-router)# area 1 nssa
configure on all routers in the area
S1S0
Area 0
ASBR
RedistributeRIP
A B C10.1.1.1/30
S0/1S0
S010.1.1.2/30S1
10.1.1.5/3010.1.1.6/30
10.1.1.10/3010.1.1.9/30
RIP V2 172.26.32.1/24
172.26.33.1/24D
Not So Stubby Area—NSSA
OSPF Inter-Area Routes (10.1.1.0) Type 3
OSPF External RoutesType 5
X
Area 1NSSA
ABR
OSPF Type 5Routes
OSPF Type 7 Routes toOSPF Type 5 Routes
RIP Routes toOSPF Type 7 Routes
149
OSPF Area Types
S1S0
Area 1Totally Stubby
NSSAABR
RedistributeRIP
B C10.1.1.1/30
S0/1S0
S010.1.1.2/30S1
10.1.1.5/3010.1.1.6/30
10.1.1.10/3010.1.1.9/30
RIP V2 172.26.32.1/24
172.26.33.1/24
OSPF Type 5Routes
OSPF Type 7 Routes toOSPF Type 5 Routes
RIP Routes toOSPF Type 7 Routes
OSPF Inter-Area Routes (10.1.1.0) Type 3
OSPF External RoutesType 5
XX
OSPF Inter-Area Default Route
DA
Totally Stubby NSSA
Area 0
ASBR
Redistributed Routes (OSPF External Routes) are advertised as Type 7 at the ASBR; the ABR converts them back to Type 5; OSPF Inter-Area Routes are not advertised into the Totally Stub Not So Stubby Area; the ABR Will Advertise a Default Route into the Totally Stubby NSSARTR-B(config-router)# area 1 nssa no summary
RTR-C(config-router)# area 1 nssa
configure no-summary on the ABR
150
Designated Routers
On a multi-access network, the DR is responsible for distributing LSAs to other attached OSPF routers; DR is selected by highest priority (default = 1), highest loopback address, or highest IP address assigned to a physical interface
Always configure a loopback interface before configuring OSPF—stable OSPF Router ID
DR
Designated Router—DR
151
Designated Routers
The BDR will assume the DR role if the DR fails
Listens and learns all information that the DR learns—a “hot standby”
BDRDR
Backup Designated Router—BDR
152
Designated Routers
All other routers on the multi-access network segment
DROTHER DROTHERBDRDR
DROTHER—Not the DR or BDR
153
Designated Routers
On a multi-access network, all OSPF routers will become adjacent with the DR and BDR
Full2-Way
DROTHER DROTHERBDRDR
Adjacency
154
Broadcast and Non-Broadcast Multi-Access
Full—Router and network LSAs exchanged, databases are fully synchronized; normal state
2-Way—Bi-directional communications have been established; normal state between DROTHER routers
Full2-Way
DROTHER DROTHERBDRDR
Adjacency
155
Designated Routers
A router stuck in any other state has a problem
router# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.5.1 1 INIT/- 00:00:34 172.16.1.1 Serial0
router#
Full2-Way
DROTHERBDRDR
Adjacency
156
OSPF Domain RIP Domain
RIP Cost = 5OSPF Cost = 10
Type 1 Cost = 15 Type 2 Cost = 5
External CostsExternal Routes
158
OSPF
Review
Dealing with NBMA
Commands
Preparing for OSPF
159
Point-to-Point Media
Serial links
Multicast used
No DR or BDR
160
Frame Relay
Non-Broadcast Multi-Access Media (NBMA)
Several possibilities: Point-to-point, broadcast, point-to-multipoint, or nonbroadcast
Frame Relay (Multipoint), X.25
161
Dealing with NBMA
Benefits: Individual costs can be configured; can be simple, treated like standard point-to-point links
Drawbacks: Complex to configure if the NBMA network is big or redundant; wastes address space
Point-to-Point Model
162
Dealing with NBMA
Benefits: Simple to configure; treated like a multi-access network
Drawbacks: Must maintain an L2 full-mesh at all times; one metric for all VCs
Broadcast Model
163
Dealing with NBMA
Benefits: Only one IP subnet used
Drawbacks: Complex to configure and scale; need to manually configure each neighbor
Non-Broadcast (NBMA) Model
164
Dealing with NBMA
Point-to-multipoint model:
Benefits: Simple to configure; no neighbor configuration (unless you want individual costs); no requirement for a full mesh at L2
Drawbacks: Compared to other choices—none
This is the recommended method of dealing with NBMA networks
165
OSPF
Review
Dealing with NBMA
Commands
Preparing for OSPF
166
OSPF Commands—Router
The router-id command is used to explicitly specify the router ID OSPF will use
If the OSPF process already has neighbors, this command will not take effect until the next reload or manual restart of the OSPF process
clear ip ospf
Order of determining the RID
Manually configured RID
Highest loopback interface IP address (if available)
Highest active interface IP address
router-id
167
OSPF Commands—Router
The network command is used to determine which interfaces will be enabled for OSPF
network 10.2.1.1 0.0.0.0 area 0
network 10.2.2.1 0.0.0.0 area 1
network 10.2.3.1 0.0.0.0 area 2
network
10.2.1.1/24 10.2.3.1/24
10.2.2.1/24
168
OSPF Commands—Router
network 10.2.1.0 0.0.0.255 area 0
network 10.2.2.0 0.0.0.255 area 1
network 10.2.3.0 0.0.0.255 area 2
network
10.2.1.1/24 10.2.3.1/24
10.2.2.1/24
169
OSPF Commands—Router
network 10.2.0.0 0.0.255.255 area 0or in this example
Network 0.0.0.0 255.255.255.255 area 0is the equivalent
Do you know why?
10.2.1.1/24 10.2.3.1/24
10.2.2.1/24
network
170
OSPF Commands—Router
By default, redistributed routes have external metric type 2; Type 2 routes have a cost which consists of the external cost only; Type 1 routes include the cost of traversing the OSPF domain
ASBR(config-router)#redistribute rip metric-type? 1 Set OSPF External Type 1 metrics 2 Set OSPF External Type 2 metrics
ASBR(config-router)#redistribute rip metric-type 1
redistribute metric-type
171
OSPF Commands—Router
Addresses can be summarized into OSPF on an ASBR
ASBR(config-router)# summary-address 10.1.0.0 255.255.252.0
OSPF Domain10.1.0.0/22
RIP Domain10.1.0.0/2410.1.1.0/2410.1.2.0/2410.1.3.0/24ASBR
summary-address
172
OSPF Commands—Router
Addresses can be summarized on an ABR into area 0 or from area 0
Area 110.2.0.0/2410.2.1.0/2410.2.2.0/2410.2.3.0/24
10.1.0.0/22
Area 010.1.0.0/2410.1.1.0/2410.1.2.0/2410.1.3.0/24
10.2.0.0/22
ABR
OSPF Does Not Allow Summarizing Anywhere Else (Only ASBR and ABR)
area range
ABR(config-router)# area 1 range 10.2.0.0 255.255.252.0
ABR(config-router)# area 0 range 10.1.0.0 255.255.252.0
173
OSPF Commands—Router
All routers in the area must be configured as stub
Add no-summary at the ABR and the area becomes totally stubby
Area 1 Area 0
ABR
area stub
RTR(config-router)# area 1 stubABR(config-router)# area 1 stub [no summary]
174
OSPF Commands—Router
All routers in the area must be configured as NSSA
Add no-summary at the ABR and the area becomes totally stubby NSSA
Area 0
RTR(config-router)# area 1 nssaABR(config-router)# area 1 nssa [no summary]
ABR
RIP Domain
ASBR
Area 1
area nssa
175
OSPF Commands—Router
Area 0Area 1Transit
AreaArea 51
Virtual Link
Rtr ARID=10.10.254.254
Rtr BRID = 10.11.254.254
Rtr A Rtr B
router ospf 1 router ospf 1 area 1 virtual-link 10.11.254.254 area 1 virtual-link 10.10.254.254
area virtual-link
176
OSPF Commands—Router
Designate neighbors on non-broadcast networks
Must be the primary address of the neighbor’s interface
RTR(config-router)# neighbor ip-address [additional optional
keywords]
neighbor
Frame Relayor
X.25
177
Commands—Interface
Pvcs Can Be on Same Subnet or on Different SubnetsPractice and Understand the Effect of OSPF Network Types
RTR(config-if)# ip ospf network point-to-multipoint (Hello = 30, Dead = 120)RTR(config-if)# ip ospf network point-to-point (Hello = 10, Dead = 40)RTR(config-if)# ip ospf network broadcast (Hello = 10, Dead = 40)
Non-Broadcast Multi-Access (NBMA) Network
Frame Relayor
X.25
178
OSPF Commands—Interface
OSPF interfaces have a cost equal toref-bw / bandwidth (defined by the bandwidth statement)
ref-bw = 100,000,000 by defaultFastEthernet = 100,000,000 / 100,000,000 = 1Ethernet = 100,000,000 / 10,000,000 = 10T1 = 100,000,000 / 1,544,000 = 64
The auto-cost command is used to change the reference value, which changes the cost of every OSPF interface on the router
Rtr(config-router)#auto-cost reference-bandwidth ref-bw
ref-bw <1-4294967> in Mbits per second
auto-cost
179
OSPF Commands—Interface
ip ospf cost interface-cost
Specify the cost of sending a packet on the interface
ip ospf hello-interval seconds
Specify the interval between hello packets sent on the interface
ip ospf dead-interval seconds
Specify the interval during which at least one hello packet is received before declaring the neighbor down
The default dead-interval is the hello-interval * 4
ip ospf priority
Set the router priority for DR / BDR selection (highest wins)
ip ospf keyword(s)
180
OSPF Commands—Security
Authentication requires router and/or interface commands; the router command is used to enable authentication for an area and the interface command is used to enable authentication on an interface and set the authentication password
Area 0
Rtr A Rtr BS0 S0
Rtr A Rtr Binterface serial 0 interface serial 0 ip ospf authentication ip ospf authentication ip ospf authentication-key cisco ip ospf authentication-key cisco! !router ospf 1 router ospf 1 area 0 authentication area 0 authentication
Authentication—Clear Text
181
OSPF Commands—Security
Rtr A Rtr Binterface serial 0 interface serial 0 ip ospf authentication message-digest ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cisco ip ospf message-digest-key 1 md5 cisco! !router ospf 1 router ospf 1 area 0 authentication message-digest area 0 authentication message-digest
Authentication—Message Digest
Area 0
Rtr A Rtr BS0 S0
182
OSPF Commands—Security
Area 0Area 1Transit
AreaArea 51
Virtual Link
Rtr ARID=130.10.254.254
Rtr BRID = 130.11.254.254
Rtr Arouter ospf 1 area 1 virtual-link 130.11.254.254 authentication-key cisco area 0 authentication
Rtr Brouter ospf 1 area 1 virtual-link 130.10.254.254 authentication-key cisco area 0 authentication
Authentication—Clear Text—Virtual Link
183
OSPF Commands—Security
Interface
ip ospf authenticationip ospf authentication-key password
ip ospf authentication message-digestip ospf message-digest key-id md5 password
ip ospf authentication null
Virtual Link
area area-id virtual-link router-id authentication authentication-key password
area area-id virtual link router-id authentication message–digestarea area-id virtual link router-id message-digest-key key-id md5 password
area area-id virtual-link router-id authentication null
Authentication—Can Be Applied per Interface or Virtual Link
184
OSPF Commands—Monitoring
Show ip ospf Neighbor
Neighbor ID Pri State Dead Time Address Interface
10.1.1.254 1 2WAY/DROTHER 00:00:35 10.1.2.1 Ethernet0
10.1.3.254 1 FULL/BDR 00:00:39 10.1.2.2 Ethernet0
10.1.4.254 1 FULL/DR 00:00:37 10.1.2.3 Ethernet0
10.1.5.254 1 FULL/--- 00:00:36 10.1.6.1 Serial0
Show IP OSPF Neighbor
DR BDR DROTHER DROTHER
185
OSPF Commands—Monitoring
DR BDR DROTHER DROTHER
RTR# show ip ospf interface s0/0 Internet Address 10.255.255.201/30, Area 0 Process ID 1, Router ID 10.255.254.3, Network Type NON_BROADCAST, Cost: 400 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 10.255.254.4, Interface address 10.255.255.202 Backup Designated router (ID) 10.255.254.3, Interface address 10.255.255.201 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 Hello due in 00:00:14 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 3 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 10.255.254.4 (Designated Router) Suppress hello for 0 neighbor(s)
show ip ospf interface
186
OSPF
Review
Dealing with NBMA
Commands
Preparing for OSPF
187
Preparation Suggestions
Practice every OSPF command
Both Rtr(config-router)# & Rtr(config-if)# commands
Practice OSPF over Frame Relay
Point-to-point, point-to-multipoint, broadcast, non-broadcast
DR & BDR, Wildcard masks
Virtual link
Authentication
Redistribution and route feedback filtering
VERIFY YOUR CONFIGURATION WITH SH CMD!
188
OSPF Sample Lab Question Area 0 covers the serial link
between R1 and R4.
Area 1 covers the serial link between R1 and R2.
Area 2 covers VLAN_C. Frame Relay
FrameRelay
R2
R1
R4
OSPF Backbone
OSPF Area 1
OSPF Area 2
VLAN_C
Verification
R1#show ip ospf virtual-link
Virtual Link OSPF_VL0 to router 2.2.2.2 is up
<…>
R1#show ip route ospf
##.0.0.0/8 is variably subnetted, 19 subnets, 4 masks
O IA 1.1.20.0/24 ... Serial0/0/0
O IA 1.1.40.0/24 ... Serial0/0/1
189
References
Cisco OSPF Command and Configuration Handbook, William R. Parkhurst, Cisco Press
OSPF Network Design Solutions, Thomas M. Thomas, Cisco Press
Cisco Documentation
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 190
Q and A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 191
Route Distribution
192
Metrics
Be aware of metric requirements going from one protocol to another
RIP metric is a value from 1–16
OSPF metric is from 1–65535
EIGRP uses a composite metric based on
bandwidth, delay, reliability, load, & MTU
Two ways to specify a metric
In the redistribution statement
config-router)# redistribute rip subnets metric 10
or specify a default metric
config-router)# redistribute rip subnets
config-router)# default-metric 10
193
Assigning Metrics
You can include a default metric command as a precaution unless specifically told not to
router ospf 1network 10.1.0.0 0.0.255.255 area 0.0.0.0 redistribute rip subnetsredistribute eigrp 100 metric 10Default-metric 120
router eigrp 100network 172.16.0.0 0.0.255.255 redistribute ospf 1Default-metric 10000 100 255 1 1500
router ripnetwork 192.168.1.0 redistribute eigrp 100Default-metric 1
Note: when routes are redistributed into OSPF, only routes that are not subnetted are redistributed if the subnets keyword is not specified
194
Assigning Metrics
OSPF 1
EIGRP 100
RIP
Redistribute OSPF and EIGRP into RIP;Assign Assign all routes a Metric (hop count) of 2
router rip redistribute ospf 1 redistribute eigrp 3 default-metric 2
Redistribute OSPFand EIGRP into RIP; Assign OSPF routes a metric (hop count) of 1 and EIGRP routes a metric of 2
router rip redistribute ospf 1 metric 1 redistribute eigrp 3 default-metric 2
195
Redistribute OSPF and EIGRP into RIP;Assign OSPF routes 172.16.0.0/16 a metric(hop count) of 1, all other OSPF routes ametric of 3; all EIGRP routes a metric of 2
router rip redistribute ospf 1 route-map ospfmetric redistribute eigrp 100 default-metric 2
route-map ospfmetric permit 10 match ip address 1 set metric 1route-map ospfmetric permit 20 set metric 3
access-list 1 permit 172.16.0.0 0.0.255.255
Route RedistributionRoute Maps
OSPF 1
EIGRP 100
RIP
196
Route Maps
Redistribute OSPF and EIGRP into RIP;block redistribution of OSPF routes 172.16.0.0/16, all other OSPF routes are redistributed with a metric of 3, EIGRP routes with a metric of 2
router rip redistribute ospf 1 route-map ospfmetric redistribute eigrp 100 default-metric 2
route-map ospfmetric deny 10 match ip address 1route-map ospfmetric permit 20 set metric 3
access-list 1 permit 172.16.0.0 0.0.255.255
Route Redistribution
OSPF 1
EIGRP 100
RIP
197
R&S Lab Exam: Sample Topology
R1
R5
R4
R3
R2
Frame Relay
SW1
SW2
FA0/0-10.11/24 S0/0-11.1/24 S0/0-11.2/24
FA0/0-33.1/24
FA0/0-50.1/24
FA0/0-50.1/24
FA0/0-22.1/24
FA0/0-22.5/24
Lo0-1.1/24Lo1-172.16.1.1Lo2-172.16.2.2Lo3-172.16.3.3Lo4-172.16.4.4
Lo0-2.2/24
Lo0-5.5/24
R6 Lo0-4.4/24
Network Addressing 125.10.0.0
Frame Relay
198
R&S Lab Exam: Sample Question
Configure RIPv2 on R1, R2, and R5
Redistribute between RIP and OSPF on R5
All routes should be visible on all routers
Score: 2 Points
Section: 2.5 RIP
199
R&S Lab Exam: Sample Answer
R4 must have all routes on its routing tableR4#show ip route <-> 172.16.0.0/24 is subnetted, 4 subnetsO E2 172.16.4.0 [110/20] via 125.10.50.1, 22:34:38, Ethernet0/0O E2 172.16.1.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0O E2 172.16.2.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0O E2 172.16.3.0 [110/20] via 125.10.50.1, 22:34:58, Ethernet0/0 125.0.0.0/8 is variably subnetted, 8 subnets, 2 masksC 125.10.50.0/24 is directly connected, Ethernet0/0O E2 125.10.22.0/24 [110/20] via 125.10.50.1, 22:44:39, Ethernet0/0C 125.10.4.0/24 is directly connected, Loopback0O E2 125.10.2.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.1.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O 125.10.5.5/32 [110/11] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.11.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0O E2 125.10.10.0/24 [110/20] via 125.10.50.1, 22:44:44, Ethernet0/0R4#
Verification—1
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 200
Session 5:
IP Version 6
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 201
IPv6 Addressing, Header and Basic
202
IPv6 Addressing
232 = 4,294,967,296
2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456
2128 = 332 * 296
IPv4 32-bits
IPv6 128-bits
203
IPv6 Addressing
16-bit hexadecimal numbers
Numbers are separated by (:)
Hex numbers are not case-sensitive
Example:
2003:0000:130F:0000:0000:087C:876B:140B
Representation
204
IPv6 Address Representation
16-bit fields in case-insensitive colon hexadecimal representation
2031:0000:130F:0000:0000:09C0:876A:130B
Leading zeros in a field are optional
2031:0:130F:0:0:9C0:876A:130B
Successive fields of 0 represented as (::), but only once in an address
2031:0:130F::9C0:876A:130B
2031::130F::9C0:876A:130B not valid!
205
IPv6 Addressing
Representation of prefix is just like CIDR
In this representation you attach the prefix length
IPv4 address: 198.10.0.0/16
IPv6 address: 3ef8:ca62:12FE::/48
Prefix Representation
206
IPv6 Address Range Reserved or Assigned
2000::/3 (001) is for aggregatable global unicast addresses
FE80::/10 (1111 1110 10) for link-local
FEC0::/10 (1111 1110 11 ) for site-local
FF00::/8 (1111 1111) is for multicast
::/8 is reserved for the “unspecified address”
Other values are currently unassigned (approx. 7/8 of total)
Site-Local Address Deprecated in RFC 3879
Of the Full Address Space
207
Unicast
Unicast addresses are used in a one-to-one context
IPv6 unicast addresses are
Unspecified, loopback, IPv4 mapped, and IPv4 compatible
Link-local
Site-local (deprecated)
Unique-local (IETF draft)
Aggregatable global unicast
208
IPv6 Address Representation
IPv4 mapped
0:0:0:0:0::FFFF:IPv4 = ::FFFF:IPv4
0:0:0:0:0:FFFF:192.168.30.1 = ::FFFF:C0A8:1E01
IPv4 compatible
0:0:0:0:0:0:IPv4 = ::IPv4
0:0:0:0:0:0:192.168.30.1 = ::192.168.30.1 = ::C0A8:1E01
209
FFFF
IPv4 Mapped Addresses
IPv6 application asks DNS for the address of a host
Host is IPv4 only
DNS creates IPv4 mapped address
Kernal uses IPv4 communication
0
32 bits80 bits
0:0:0:0:0:FFFF:192.168.30.1
= ::FFFF:192.168.30.1
= ::FFFF:C0A8:1E01
IPv4 Address
210
IPv4-Compatible Addresses
IPv4 compatible address
Is a way to insert the IPv4 address into an IPv6 address
Enables easy automatic tunneling
96 bits 32 bits
0:0:0:0:0:0:192.168.30.1
= ::192.168.30.1
= ::C0A8:1E01
IPv4 Address0
211
IPv6 Address Representation
Loopback address representation
0:0:0:0:0:0:0:1=> ::1
Same as 127.0.0.1 in IPv4
Identifies self
Unspecified address representation
0:0:0:0:0:0:0:0=> ::
Used as a placeholder when no address available
(Initial DHCP request, Duplicate Address Detection DAD)
212
IPv6 Addressing
IPv6 addressing rules are covered by multiple RFCs
Architecture defined by RFC 3513
Address types are
Unicast: One to one (global, link local, compatible)
Anycast: One to nearest (allocated from unicast)
Multicast: One to many
Reserved
A single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, multicast)
No broadcast address use multicast
213
3
Interface IDSubnet
Aggregatable Global Unicast Addresses
Aggregatable global unicast addresses are
Addresses for generic use of IPv6
Structured as a hierarchy to keep the aggregation
See RFC 3513
64 bits45 bits 16 bits
Provider
LANPrefix Host
001
Global Routing Prefix
214
Link-local addresses
Have a limited scope of the link
Are automatically configured with the interface ID
Link-Local
Interface ID0
128 bits
10 bits
64 bits1111 1110 10
FE80::/10
215
2001::4:
Link-Local
Aggregatable Address
FE80:0:0:0
Link-Local Address204:9AFF:FEAC:7D80
204:9AFF:FEAC:7D80
216
Aggregatable Global Unicast Addresses
Lowest-order 64-bit field of unicast addresses may be assigned in several different ways
Auto-configured from a 64-bit EUI-64, or expanded from a 48-bit MAC address (e.g. Ethernet address)
Auto-generated pseudo-random number (to address privacy concerns)
Assigned via DHCP
Manually configured
217
Aggregatable Global Unicast Addresses
Use the EUI-64 format for stateless auto-configuration
This format expands the 48-bit MAC address to 64 bits by inserting FFFE into the middle 16 bits
To make sure that the chosen address is from a unique Ethernet MAC address, the universal/local (“u” bit) is set to 1 for global scope and 0 for local scope
218
00 90 27 17 FC 0F
00 90 27 17 FC 0F
EUI-64
EUI-64 address is formed by inserting “FFFE” and ORing a bit identifying the uniqueness of the MAC address
00 90 27
02 90 27
17 FC 0F
17 FC 0F
000000X0 Where X=1 = Unique
0 = Not UniqueX = 1
Ethernet MAC Address (48 bits)
64-bit Version
Uniqueness of the MAC
EUI-64 Address FF FE
FF FE
FF FE
219
Anycast
Anycast allows a source node to transmit IP datagrams to a single destination node out of a group of destination nodes with same subnet ID based on the routing metrics
220
Anycast
Is one-to-nearest type of address
Has a current limited use
Anycast Address
111111X111111… 111Prefix
128 bits
7 bits
Anycast ID0 If EUI-64 Format
1 If Non-EUI-64 FormatX =
221
Multicast is used in the context of one-to-many; a multicast scope is new in IPv6
Multicast
Multicast Group ID0
1111 1111
8 bits
Flag
8 bits
ScopeFFFlag =
0 If Permanent
1 If Temporary
Scope =
1 = Node
2 = Link
5 = Site (Deprecated)
8 = Organization
E = Global
128 bits
222
Multicast Mapping over Ethernet
Mapping of IPv6 multicast address to Ethernet address is
33:33:<last 32 bits of the IPv6 multicast address>
IPv6 Multicast Address
Corresponding Ethernet Address
Multicast Prefix for Ethernet
Multicast
FF17 FC0F
FF 17 FC 0F33 33
FF02 0000 0000 0000 0000 0001
223
Expanded Address Space
Address Scope Meaning
FF01::1 Node-Local All Nodes
FF02::1 Link-Local All Nodes
FF01::2 Node-Local All Routers
FF02::2 Link-Local All Routers
FF05::2 Site-Local (Deprecated) All Routers
FF02::1:FFXX:XXXX Link-Local Solicited-Node
Multicast Assigned Addresses (RFC 3306)
224
IPv4 and IPv6 Header Comparison
Version HLType of Service
Total Length
Identification FlagsFragment
Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
VersionTraffic Class
Flow Label
Payload LengthNext
HeaderHop Limit
Source Address
Destination Address
IPv4 Header IPv6 Header
Field’s Name Kept from IPv4 to IPv6
Fields Not Kept in IPv6
Name and Position Changed in IPv6
New Field in IPv6
225
IPv4 and IPv6 Header Comparison
Version: A 4-bit field that contains the number 6 instead of 4 Version Traffic Class Flow Label
Payload Length Next HeaderHop Limit
Source Address
Destination Address
IPv6 Header
226
IPv4 and IPv6 Header ComparisonFields Renamed
Traffic Class: An 8-bit field that is similar to the TOS field in IPv4
It tags the Packet® with a traffic class that can be used in differentiated services
These functionalities are the same as in IPv4
IPv6 Header
VersionTraffic Class
Flow Label
Payload Length Next HeaderHop Limit
Source Address
Destination Address
227
Version Traffic Class Flow Label
Payload Length Next HeaderHop Limit
Source Address
Destination Address
IPv4 and IPv6 Header Comparison Fields Renamed
Payload Length: This is similar to the total length in IPv4, except it does not include the 40-byte header
IPv6 Header
228
IPv4 and IPv6 Header Comparison Fields Renamed
Hop Limit: Like TTL field, decrements by one for each router
IPv6 Header
Version Traffic Class Flow Label
Payload Length Next HeaderHop Limit
Source Address
Destination Address
229
Version Traffic Class Flow Label
Payload LengthNext
HeaderHop Limit
Source Address
Destination Address
IPv4 and IPv6 Header Comparison Fields Renamed
Next Header: Similar to the protocol field in IPv4
The value in this field tells you what type of information follows
e.g. TCP, UDP, extension header
IPv6 Header
230
Version HL Type of Service
Total Length
Identification FlagsFragment
Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
IPv4 and IPv6 Header ComparisonFields Removed
Header Length: IPv6 has a fixed header length (40 bytes)
IPv4 Header
231
IPv4 and IPv6 Header ComparisonFields Removed
Fragmentation: IPv6 does not do fragmentation
If a sending host wants to do fragmentation, it will do it through extension headers
IPv4 Header
Version HLType of Service
Total Length
Identification FlagsFragment
Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
232
IPv4 and IPv6 Header ComparisonFields Removed
Identification: Used to identify the datagram from the source
No fragmentation is done in IPv6 so no need for identification, also no need for flags
IPv4 Header
Version HLType of Service
Total Length
Identification FlagsFragment
Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
233
IPv4 and IPv6 Header ComparisonFields Removed
Checksum not needed because both media access and upper layer protocol (UDP and TCP) have the checksum; IP is best-effort, plus removing checksum helps expedite Packet processing
IPv4 Header
Version HLType of Service
Total Length
Identification FlagsFragment
Offset
Time to Live ProtocolHeader
Checksum
Source Address
Destination Address
Options Padding
234
IPv4 and IPv6 Header Comparison Fields Added
20-bit flow label field to identify specific flows needing special QoS
Each source chooses its own flow label values; routers use source addr + flow label to identify distinct flows
Flow label value of 0 used when no special QoS requested (the common case today)
IPv6 Header
Version Traffic Class Flow Label
Payload Length Next HeaderHop Limit
Source Address
Destination Address
RFC 3697
235
Extension Headers
Extension Headers Are Daisy Chained
TCP Header+ Data
IPv6 HeaderNext Header = Routing
Routing HeaderNext Header = TCP
TCP Header+ Data
IPv6 HeaderNext Header = TCP
IPv6 HeaderNext Header = Routing
Routing HeaderNext Header = Destination
Destination HeaderNext Header = TCP
Fragment of TCP Header+ Data
236
Header Format Simplification IPv6 Extension Headers
Next Header = TCP/UDP or extension header
Extension headers are optional following the IPv6 basic header
Each extension header is 8 octets (64 bits) aligned
IPv6 Basic Header (40 Octets)
Any Number of Extension Headers
Data (Ex. TCP or UDP)
IPv6 Packet
Ext Hdr Data
Ext Hdr LengthNext Header
237
Upper Layer HeaderUser Datagram Protocol (Protocol 17)
Upper layer (UDP, TCP, ICMPv6) checksum must be computed These are the typical headers used inside a Packet to transport data This could be UDP (Protocol 17), TCP (Protocol 6), or ICMPv6
(Protocol 58)
UDP Packet
IPv6 Basic Header (40 Octets)
Any Number of Extension Headers
Data (UDP)
IPv6 Packet
Source Port Destination Port
UDP Data Portion
Length UDP Checksum
238
Upper Layer HeaderICMPv6 (Protocol 58)
ICMPv6 is similar to IPv4: provides diagnostic and error messages
Additionally, it’s used for neighbor discovery, path MTU discovery, and Mcast listener discovery (MLD)
ICMv6 Packet
IPv6 Basic Header
ICMPv6 Packet
ICMPv6 Data
ICMPv6 CodeICMPv6 Type Checksum
239
Header Format Simplification Path MTU Discovery
DefinitionsLink MTU is link’s maximum transmission unitPath MTU is the minimum MTU of all the links in a path between a source and a destination
Minimum link MTU for IPv6 is 1280 octets (68 octets for IPv4)
On links with MTU < 1280, link-specific fragmentation and reassembly must be used
Implementations are expected to perform path MTU discovery to send Packets bigger than 1280 octets
For each destination, start by assuming MTU of first-hop linkIf a Packet reaches a link in which it cannot fit, will invoke ICMP “Packet too big” message to source, reporting the link’s MTU; MTU is cached by source for specific destination
240
Header Format Simplification Path MTU Discovery
Minimum Link MTU for IPv6 is 1280 Octets (Versus 68 Octets for IPv4)
Source Destination
MTU = 1500
MTU = 1500
MTU = 1400
MTU = 1300
Packet with MTU=1500
ICMP Error: Packet Too Big Use MTU = 1400
Packet with MTU=1400
ICMP Error: Packet Too Big Use MTU = 1300
Packet with MTU=1300
Packet ReceivedPath MTU = 1300
241
Header Format SimplificationNeighbor Discovery (RFC 2463)
Uses ICMP messages and solicited-node multicast addresses
Determines the link-layer address of a neighbor on the same link
Finds neighbor routers Verifies the reachability of neighbors Comprised of different message types:
Neighbor Solicitation (NS)/Neighbor Advertisement (NA)
Router Solicitation (RS)/Router Advertisement (RA)
Redirect
Renumbering
Protocol Built on Top of ICMPv6 (RFC 2463) Combination of IPv4 Protocols (ARP, ICMP, IGMP, etc.)
242
Solicited-Node Multicast Address
For each unicast and anycast address configured, there is a corresponding solicited-node multicast
This address has link-local significance only
This is specially used for two purposes: for the replacement of ARP, and DAD
243
Solicited-Node Multicast Address
FF02:0000:0000:0000:0000:0001:FF00:0000/104
FF02::1:FF00:0000/104
Gets the lower 24 bits from the unicast address
244
Solicited-Node Multicast Address
A solicited-node address is:
A multicast address with a link-local scope
Formed by a prefix and the right-most 24 bits of the aggregatable address
128 bits
Prefix
Aggregatable Address
Solicited-Node Multicast Address
FFFF02 Lower 240 1
24 bits
Interface ID
245
Solicited-Node Multicast Address
24 bits
2001:DB8:0:4:
Aggregatable Address 2001:DB8:0:4:204:98FF:FEAC:7D80
Solicited-Node Multicast Address FF02::1:FFAC:7D80
FFFF02 0 1 AC7D80
AC:7D80204:9AFF:FE
246
Neighbor Solicitation and Advertisement
Neighbor Solicitation:ICMP type = 135 Src = A Dst = Solicited-node multicast address of BData = Link-layer address of A Query = What is your link-layer address?
A B
Neighbor Advertisement:ICMP type = 136 Src = B Dst = A Data = Link-layer address of B
A and B Can Now Exchange Packets on This Link
247
At Boot Time, an IPv6 Host Builds a Link-Local Address,
Then Its Global IPv6 Address(es) from RA
RA Indicates Subnet PrefixAdvertised
IPv6 Auto-Configuration
Stateless (RFC2462)
Router solicitations are sent by booting nodes to request RAs for configuring the interfaces
Host autonomously configures its own link-local address
Stateful
DHCPv6
SUBNET PREFIX + MAC ADDRESS
SUBNET PREFIX + MAC ADDRESS
Subnet Prefix Received + MAC
Address
Subnet Prefix Received + MAC
Address
RA: Router Advertisement
248
IPv6 Auto-Configuration
Host renumbering is done by modifying the RA to announce the old prefix with a short lifetime and the new prefix
Router renumbering protocol (RFC 2894), to allow domain-interior routers to learn of prefix introduction/withdrawal
Renumbering
249
Stateless Auto-Configuration
1. ICMP Type = 133 (RS)
Src = Link-local address (FE80::/10)
Dst = All-routers multicast address (FF02::2)
Query = please send RA
2. RA1. RS
2. ICMP Type = 134 (RA)
Src = Link-local address (FE80::/10)
Dst = All-nodes multicast address (FF02::1)
Data = options, subnet prefix, lifetime, autoconfig flag
Router solicitations (RS) are sent by booting nodes to request RAs for configuring the interfaces
250
Duplicate Address Detection (DAD)
1. Host A boots up and assigns itself
LINK LOCAL ADDRESS (FF80::/10)
2. Host A sends RS (ICMP Type 133)
3. Host A receives RA (ICMP Type 134) with subnet prefix (2001:DB8:410:1/64)
A BRS
RA
251
Duplicate Address Detection (DAD)
Host A wants to assign itself a unique global unicast address 2001:DB8:0410:1::34:123A
Before it does that, it sends out a DAD request to all nodes on the link
NS
A B
252
Duplicate Address Detection (DAD)
4. Host A sends NS (ICMP Type 135) with
Source address (::)
Destination address FF02::1:FF34:123A (solicited-node Mcast address for 2001:DB8:0410:1::34:123A )
5. If Host A does not receive a reply back, it will assign itself 2001:DB8:0410:1::34:123A
NS
A B
253
Redirect
Redirect is used by a router to signal the reroute of a Packet to a better router
Redirect:Src = R2Dst = AData = good router = R12001:DB8:C18:2::/64
R1
R2A B
Src = A Dst IP = 2001:DB8:C18:2::1 Dst Ethernet = R2 (default router)
254
Renumbering
Renumbering—modify the RA to announce the old prefix with a short lifetime and the new prefix
RA
RA Packet definitions:ICMP Type = 138Src = Router link-local addressDst = All-nodes multicast addressData= 2 prefixes:
Current prefix (to be deprecated) with short lifetimeNew prefix (to be used) with normal lifetime
255
Enabling IPv6
To enable IPv6 on a Cisco router, you must
Enable IPv6 traffic forwarding
ipv6 unicast-routing
Enable IPv6 on the interface(s) by configuring an IPv6 address on the interface
ipv6 address <ipv6addr>[/<prefix-length>]
ipv6 enable (can be used, but only for link-local addresses)
256
Cisco IOS Address Configuration
ipv6 address
Enables IPv6 on the interface
Configures the interface link-local and global IPv6 addresses
Syntax:
ipv6 address <ipv6addr>[/<prefix-length>] [link-local]
ipv6 address <ipv6prefix>/<prefix-length> eui-64
ipv6 unnumbered <interface>
ipv6 enable
257
ipv6 unicast-routing
interface Ethernet0/0 ipv6 enable
IPv6 Address Configuration Link Local
MAC address: 0004:9AAC:7D80
router#show ipv6 interface Ethernet 0/0Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 No global unicast address is configured Joined group address(es): FF02::1 (All Nodes Link Local) FF02::2 (All Routers Link Local) FF02::1:FFAC:7D80 (Solicited-Node Multicast) MTU is 1500 bytes
r1#show interface ethernet 0/0Ethernet0/0 is up, line protocol is up Hardware is AmdP2, address is 0004.9aac.7d80 (bia 0004.9aac.7d80)
Ethernet0/0
258
IPv6 Address Configuration Ethernet EUI-64
Ethernet0/0
router# show ipv6 interface Ethernet0/0Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 Global unicast address(es): 2001:DB8:0:4:204:9AFF:FEAC:7D80, subnet is 2001:DB8:0:4::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FFAC:7D80 MTU is 1500 bytes
ipv6 unicast-routing
interface Ethernet0/0 ipv6 address 2001:DB8:0:4::/64 eui-64
Link-Local Automatically Configured
LAN: 2001:DB8:0:4::/64
MAC address: 0004:9AAC:7D80
259
IPv6 Address ConfigurationEthernet (No EUI-64)
LAN: 2001:DB8:0:4::/64
ipv6 unicast-routing
interface Ethernet0/0 ipv6 address 2001:DB8:0:4:1:2:3:4/64
Ethernet0/0
MAC address: 0004:9AAC:7D80
router# show ipv6 interface Ethernet0/0Ethernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80 Global unicast address(es): 2001:DB8:0:4:1:2:3:4, subnet is 2001:DB8:0:4::/64 Joined group address(es): FF02::1 FF02::2
FF02::1:FF03:4 FF02::1:FFAC:7D80 MTU is 1500 bytes
260
R1ipv6 unicast-routing
interface Serial0/0 encapsulation frame-relay ipv6 address 2001:DB8:0:1:1:2:3:1/126 frame-relay map ipv6 FE80::204:C1FF:FE09:1DA1 102 broadcast frame-relay map ipv6 2001:DB8:0:1:1:2:3:2 102 broadcast no frame-relay inverse-arp
R2ipv6 unicast-routing
interface Serial0/0 encapsulation frame-relay ipv6 address 2001::1:1:2:3:2/126 frame-relay map ipv6 FE80::204:9AFF:FEAC:7D80 201 broadcast frame-relay map ipv6 2001:DB8:0:1:1:2:3:1 201 broadcast no frame-relay inverse-arp
IPv6 Address ConfigurationFrame Relay
R1 R2
S0/0 S0/02001:DB8:0:1:1:2:3:0/126
261
R1r1#show ipv6 interface serial 0/0Serial0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::204:C1FF:FE09:1DA1 Global unicast address(es): 2001:DB8:0:1:1:2:3:1, subnet is 2001:DB8:0:1:1:2:3:0/126 Joined group address(es): FF02::1 FF02::2 FF02::9 FF02::1:FF03:2 FF02::1:FF09:1DA1 MTU is 1500 bytes
IPv6 Address Configuration Frame Relay
E0/0 MAC address: 0004:C109:1DA1
R1 R2
S0/0 S0/02001:DB8:0:1:1:2:3:0/126
E0/0
262
r1#ping fe80::204:9aff:feac:7d80Output Interface: serial0/0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to FE80::204:9AFF:FEAC:7D80, timeout is 2 seconds:Packet sent with a source address of FE80::204:C1FF:FE09:1DA1!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
r1#ping 2001:DB8:0:1:1:2:3:2
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001:DB8:0:1:1:2:3:2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
IPv6 Address Configuration Verification
R1 R2
S0/0 S0/02001:DB8:0:1:1:2:3:0/126
E0/0
263
Cisco IOS Neighbor Discovery Parameters
Router Advertisements
Default router
IPv6 network prefix
Lifetime of advertisementAutoconfiguring IPv6 Hosts
264
Cisco IOS Neighbor Discovery Command Syntax
ipv6 nd prefix-advertisement <routing-refix>/<length> <valid-lifetime> <preferred-lifetime> [onlink] [autoconfig]
Valid-Lifetime—the amount of time (in seconds) that the specified IPv6 prefix is advertised as being valid
Preferred-Lifetime—the amount of time (in seconds) that the specified IPv6 prefix is advertised as being preferred
Onlink—indicates that the specified prefix is assigned to the link; nodes sending traffic to such addresses that contain the specified prefix consider the destination to be locally reachable on the link
Autoconfig—indicates to hosts on the local link that the specified prefix can be used for IPv6 auto-configuration
265
Configuring Neighbor Discovery
LAN1: 2001:DB8:c18:1::/64
LAN2: 2001:DB8:c18:2::/64
RA
RA
Ethernet0
Ethernet1
Ethernet0
interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200 onlink autoconfig ipv6 nd ra-lifetime 0
interface Ethernet1 ipv6 nd prefix-advertisement 2001:DB8:c18:2::/64 43200 43200 onlink autoconfig
interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200 onlink autoconfig
Router2
Router1
IPv6 Internet
266
Cisco IOS Prefix Renumbering Scenario
Network Prefix: 2001:DB8:c18:1::/64
interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200 onlink autoconfig
preferred address 2001:DB8:c18:1:260:8ff:fede:8fbe
Router Configuration Before Renumbering
Host ConfigurationAuto-Configuring
IPv6 Hosts
Router Advertisements
Network Prefix: 2001:DB8:c18:1::/64
267
deprecated address 2001:DB8:c18:1:260:8ff:fede:8fbepreferred address 2001:DB8:c18:2:260:8ff:fede:8fbe
interface Ethernet0 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 0 onlink autoconfig ipv6 nd prefix-advertisement 2001:DB8:c18:2::/64 43200 43200 onlink autoconfig
Cisco IOS Prefix Renumbering Scenario
NEW Network Prefix: 2001:DB8:c18:2::/64Deprecated Prefix: 2001:DB8:c18:1::/64
Host Configuration
Router Advertisements
Router Configuration After Renumbering
Auto-Configuring IPv6 Hosts
268
DHCPv6
Client first detects the presence of routers on the link
If found, then examines router advertisements to determine if DHCP can be used
If no router found or if DHCP can be used, then:
DHCP solicit message is sent to the All-DHCP-agents multicast address
Using the link-local address as the source address
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 269
OSPFv3 (RFC 2780)
270
Similarities with OSPFv2
OSPFv3 is OSPF for IPv6 (RFC 2740)
Based on OSPFv2, with enhancements
Distributes IPv6 prefixes
Runs directly over IPv6
OSPFv3 and v2 can be run concurrently, because each address family has a separate SPF (ships in the night)
271
Similarities with OSPFv2
OSPFv3 uses the same basic Packet types as OSPFv2, such as hello, database description blocks (DDB), link state request (LSR), link state update (LSU), and link state advertisements (LSA)
Neighbor discovery and adjacency formation mechanism are identical
RFC-compliant NBMA and point-to-multipoint topology modes are supported; also supports other modes from Cisco, such as point-to-point and broadcast, including the interface
LSA flooding and aging mechanisms are identical
272
Differences from OSPFv2
OSPF Packet type
OSPFv3 will have the same five Packet types, but some fields have been changed
All OSPFv3 Packets have a 16-byte header verses the 24-byte header in OSPFv2
Packet Type Description
1 Hello
2 Database Description
3 Link State Request
4 Link State Update
5 Link State Acknowledgement
Version Type Packet Length
Router ID
Area ID
Checksum Autype
Authentication
Authentication
Version Type Packet Length
Router ID
Area ID
Checksum Instance ID 0
273
Differences from OSPFv2
IPv6 connects interfaces to links
Multiple IP subnets can be assigned to a single link
Two nodes can talk directly over a single even if they do not share a common subnet
The terms “network” and “subnet” are being replaced with “link”
An OSPF interface now connects to a link instead of a subnet
OSPFv3 Protocol Processing Per-Link, Not Per-Subnet
274
Differences from OSPFv2
This allows for separate ASes, each running OSPF, to use a common link; single link could belong to multiple areas
Instance ID is a new field that is used to have multiple OSPFv3 protocol instances per link
In order to have two instances talk to each other, they need to have the same instance ID; by default it is 0, and for any additional instance it is increased
Multiple OSPFv3 Protocol Instances Can Now Run Over a Single Link
275
Differences from OSPFv2
Multicast addressesFF02::5—represents all SPF routers on the link-local scope, equivalent to 224.0.0.5 in OSPFv2FF02::6—represents all DR routers on the link-local scope, equivalent to 224.0.0.6 in OSPFv2
Removal of address semanticsIPv6 addresses are no longer present in OSPF Packet header (part of payload information)Router LSA, Network LSA do not carry IPv6 addressesRouter ID, Area ID, and Link State ID remain at 32 bitsDR and BDR are now identified by their Router ID and no longer by their IP address
Security OSPFv3 uses IPv6 AH and ESP extension headers instead of variety of mechanisms defined in OSPFv2
276
OSPFv3 Configuration Example
IPv6 Prefix2001:DB8:101::/48
OSPFArea 0
Loopback 0Subnet 2
Area 1
Loopback 0Subnet 3
Area 51 Subnet 1
S0/0S0/0
A B
277
OSPFv3 Configuration Example
Router A
ipv6 unicast-routing
interface Loopback0 no ip address ipv6 address 2001:DB8:101:3::/64 eui-64 ipv6 ospf 1 area 51
interface Serial0/0 no ip address encapsulation frame-relay ipv6 address 2001:DB8:101:1::/64 eui-64 ipv6 ospf network point-to-point ipv6 ospf 1 area 0 frame-relay map ipv6 FE80::204:9AFF:FE5C:8B41 602 broadcast frame-relay map ipv6 2001:DB8:101:1:204:9AFF:FE5C:8B41 602 broadcast ipv6 router ospf 1 router-id 10.1.1.1
278
OSPFv3 Configuration Example
Router B
ipv6 unicast-routing
interface Loopback0 no ip address ipv6 address 2001:DB8:101:2::/64 eui-64 ipv6 ospf 1 area 1
interface Serial0/0 no ip address encapsulation frame-relay ipv6 address 2001:DB8:101:1::/64 eui-64 ipv6 ospf network point-to-point ipv6 ospf 1 area 0 frame-relay map ipv6 FE80::204:C1FF:FE09:1DA1 206 broadcast frame-relay map ipv6 2001:DB8:101:1:204:C1FF:FE09:1DA1 206 broadcast ipv6 router ospf 1 router-id 10.1.1.2
279
OSPFv3 Verification
rA#show ipv6 route ospfIPv6 Routing Table - 7 entriesCodes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2OI 2001:DB8:101:2:204:9AFF:FE5C:8B41/128 [110/64] via FE80::204:9AFF:FE5C:8B41, Serial0/0
ra#show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface10.1.1.2 1 FULL/ - 00:00:33 3 Serial0/0
280
OSPFv3 Router Commands
A(config)#ipv6 router ospf 1A(config-rtr)#? area OSPF area parameters auto-cost Calculate OSPF interface cost according to bandwidth compatible OSPF compatibility list default Set a command to its defaults default-information Distribution of default information default-metric Set metric of redistributed routes discard-route Enable or disable discard-route installation distance Administrative distance distribute-list Filter networks in routing updates
281
OSPFv3 Router Commands
exit Exit from IPv6 routing protocol configuration modeignore Do not complain about specific eventlog-adjacency-changes Log changes in adjacency statemaximum-paths Forward packets over multiple pathsno Negate a command or set its defaultspassive-interface Suppress routing updates on an interfaceredistribute Redistribute IPv6 prefixes from another routing protocolrouter-id router-id for this OSPF processsummary-prefix Configure IPv6 summary prefixtimers Adjust routing timers
282
OSPFv3 Router Commands
A(config-rtr)#area 1 ? default-cost Set the summary default-cost of a NSSA/stub area nssa Specify a NSSA area range Summarize routes matching address/mask (border routers only) stub Specify a stub area virtual-link Define a virtual link and its parameters
283
OSPFv3 Interface Commands
r2(config)#int s0/0r2(config-if)#ipv6 ospf ? <1-65535> Process ID cost Interface cost database-filter Filter OSPF LSA during synchronization and flooding dead-interval Interval after which a neighbor is declared dead demand-circuit OSPF demand circuit flood-reduction OSPF Flood Reduction hello-interval Time between HELLO packets mtu-ignore Ignores the MTU in DBD packets neighbor OSPF neighbor network Network type priority Router priority retransmit-interval Time between retransmitting lost link state advertisements transmit-delay Link state transmit delay
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 284
Q and A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 285
Session 6:
IP Routing BGP
286
Topics
Introduction
BGP Path Section
BGP Attributes
Debugging
287
Introduction
What Is BGP?
How Does BGP Work
EBGP and IBGP
What Is a Peer (Neighbor)
288
Configuring BGP
Rtr A Rtr Brouter bgp 1 router bgp 2
10.1.1.1/24 10.1.1.2/24
Rtr A Rtr B
AS 1 AS 2
289
Configuring Peers
*address-family Enter address family command mode
***aggregate-address Configure BGP aggregate entries
*auto-summary Enable automatic network number summarization
*bgp BGP specific commands
default Set a command to its defaults
*default-information Control distribution of default information
*default-metric Set metric of redistributed routes
*distance Define an administrative distance
+++distribute-list Filter networks in routing updates
exit Exit from routing protocol configuration mode
Importance: ***High **Medium *Low+++: Do Not Use with BGP
Use neighbor x.x.x.x distribute-list {in|out}
Rtr(config-router)#?
290
help Description of the interactive help system
*maximum-paths Forward packets over multiple paths
***neighbor Specify a neighbor router
**network Specify a network to announce via BGP
no Negate a command or set its defaults
***redistribute Redistribute information from another routing protocol
*synchronization Perform IGP synchronization
*table-map Map external entry attributes into routing table
*timers Adjust routing timers
Configuring Peers (Cont.)
Rtr(config-router)#?
Importance: ***High **Medium *Low
291
Rtr A Rtr Brouter bgp 1 router bgp 2 neighbor 10.1.1.2 remote-as 2 neighbor 10.1.1.1 remote-as 1
Configuring BGP Peers (Cont.)
10.1.1.1/24 10.1.1.2/24
Rtr A Rtr B
AS 1 AS 2
Neighbor
292
BGP Issue: Synchronization
Rtr B does not know about 172.16.0.0; therefore Rtr C should not advertise 172.16.0.0 to Rtr D
Redistribute 172.16.0.0 into IGP (not recommended); or use a full iBGP mesh and disable synchronization (default)
eBGP eBGP
iBGP
172.16.0.0
Rtr A
Rtr B
Rtr C
Rtr D
12.2(8)T—Default changedto no synchronization
A BGP Router will Not Advertise a Route to an eBGP Neighbor Unless the Route Is Already in the IP Routing Table
293
BGP Path Selection
Ignore a route if the next hop is not known
Ignore external routes with local AS in path
1. Prefer the route with the largest weight
2. Prefer the route with the largest local preference
3. Prefer the route that was locally originated
via network, aggregate or redistribution from an IGP
294
BGP Path Selection (Cont.)
4. Prefer the route with the shortest AS path
If using bgp bestpath as-path ignore then skip this step; when using the as-set option for aggregated routes then the as_set counts as 1 regardless of the number of AS entries in the set; confederation sub AS numbers are not used to determine the AS-path length
5. Prefer the route with the lowest origin(IGP < EGP < Incomplete)
6. Prefer the route with the lowest MED
This comparison is only between routes advertised by the same external AS
7. Prefer eBGP paths to iBGP path
295
BGP Path Selection (Cont.)
8. For iBGP paths, prefer the path with lowest IGP metric to the BGP next hop
9. For eBGP paths, prefer the oldest (most stable) path
10.Prefer the path received from the router with the lowest router ID
296
BGP Attributes: Next Hop
The next hop IP address that is used to reach a destination
For eBGP, the next hop is the IP address specified in the neighbor command
For iBGP, the eBGP next hop information is carried into iBGP
10.1.1.1 10.1.1.2 10.1.20.1 10.1.20.2
AS 1 AS 2
172.16.0.0
172.16.0.0Next Hop = 10.1.1.1
Router C
Does Router C Know How to Get to the Next Hop?
297
BGP Attributes: Weight
A Cisco defined attribute which is used for path selection; the weight is assigned locally and is not propagated in routing updates
Value: 0–65535 Default is 32768 for local routes, 0 for all others
Higher value is preferred
Net 172.16.0.0Weight = 0
Net 172.16.0.0Weight = 80
Preferred
AS 1
AS 2AS 3
172.16.0.0/16
AS 4
298
BGP Attributes: Local Pref
Signals which path is preferred to exit the AS and is exchanged among all BGP speakers in the AS; local preference is not exchanged between ASs
Value: 0–4294967295
Default value: 100
Higher value is preferred
AS 2AS 3
172.16.0.0/16
AS 4
Net 172.16.0.0Loc Pref = 100
Net 172.16.0.0Loc Pref = 800
Preferred
AS 1
299
BGP Attribute: AS Path
10.1.0.0/2410.1.1.1/24
AS 5
^1$
^1$
^1$
^2 1$
^3$
^4 1$
AS 1
AS Path Attribute—the List of AS Numbers That a Route Has Traversed to Reach a Destination
AS 2
AS 3
AS 4
300
BGP Attributes: Origin
IGP—i
Network Layer Reachability Information (NLRI) is interior to the originating AS; network statement or redistribute IGP routes
EGP—e
NLRI is learned via eBGP
Incomplete—?
NLRI is unknown; redistributing static into BGP
301
BGP Attributes: Metric (MED)
Also known as the Multi-Exit-Discriminator (MED); metric is used as a suggestion to other ASs about the preferred path into the AS; exchanged between ASs
Value: 0–4294967295 Default value: 0 Lower value is preferred
AS 1
Net 172.16.1.0Metric = 80
Net 172.16.1.0Metric = 0 Preferred
172.16.1.0
AS 2
302
BGP Path Selection—BGP Table
The best routes to the destination networks are selected from the BGP table
303
BGP Path Selection Summary
Prefer highest weight (local to router)
Prefer highest local preference (global within AS)
Prefer routes that the router originated
Prefer shorter AS paths (only length is compared)
Prefer lowest origin code (IGP < EGP < Incomplete)
Prefer lowest MED
Prefer external (EBGP) paths over internal (IBGP)
For IBGP paths, prefer path through closest IGP neighbor
For EBGP paths, prefer oldest (most stable) path
Prefer paths from router with the lower BGP router-ID
304
Atomic Aggregate—The Route Has Been Summarized and Path Information Is Lost
RouterD# show ip bgpBGP table version is 6, local router ID is 4.4.4.4Status codes: s suppressed, d damped, h history, * valid, > best, i – internalOrigin codes: i - IGP, e - EGP, ? – incomplete Network Next Hop Metric LocPrf Weight Path*> 160.0.0.0/8 4.4.4.1 0 300 i
Other BGP Attributes: Atomic Aggregate
Use of the as-set CommandWhen Aggregating (Router C) Will Propagate the Path Information
305
BGP Attributes: Community
Used to group destinations and apply routing decisions according to community; by default, not sent to any peers
Value: 0–4,294,967,200 or 0:0–65535:65535
Values of all-zeroes and all-ones in the high order 16 bits are reserved
Well known communities
no-export (Do not export to next AS)
no-advertise (Do not advertise to any peer)
Internet (Advertise to all routers)
local-AS (Do not advertise outside local AS)
To send community values to a peer use the send-community keyword
neighbor 1.1.1.1 send-community
306
BGP Attributes: Community (Cont.)
AS 1250 AS 88 AS 51
AS 1
201.3.3.196/26144.8.1.0/24144.9.3.128/2712.1.0.0/16
197.4.3.0/27152.1.1.0/24152.4.5.128/2628.5.0.0/17
201.3.3.196/22144.8.1.0/24144.9.3.128/2312.1.0.0/16
AS 1 Wants to Adjust the BGP Attributes of the Underlined Routes;How Can We Do That? AS-Path? Prefix and Mask?
307
BGP Attributes: Community (Cont.)
Use the Community Attribute
AS 1250 AS 88 AS 51
AS 1
201.3.3.196/26,1:4144.8.1.0/24144.9.3.128/2712.1.0.0/16
197.4.3.0/27152.1.1.0/24, :44152.4.5.128/26,1:428.5.0.0/17
201.3.3.196/22144.8.1.0/24, 1:4144.9.3.128/2312.1.0.0/16, 1:4
308
BGP Attributes: Community (Cont.)
router bgp 51 neighbor 10.1.1.1 remote-as 1 neighbor 10.1.1.1 send-community neighbor 10.1.1.1 route-map setcomm out!access-list 1 permit 144.8.1.0 0.0.0.255access-list 1 permit 12.1.0.0 0.0.255.255!route-map setcomm permit 10 match ip address 1 set community 1:4!route-map setcomm permit 20
Setting the Community Value
309
BGP Attributes: Community (Cont.)
rtrA#sh ip bgp 172.16.1.0BGP routing table entry for 172.16.1.0/24, version 7Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 172.10.2.2 172.10.6.6 254 10.1.1.1 from 10.1.1.1 (199.172.15.254) Origin IGP, metric 0, localpref 100, valid, external, best Community: 65546
Viewing the Community Value—Old Format
310
BGP Attributes: Community (Cont.)
ip bgp-community new-format (global configuration)
rtrA#sh ip bgp 172.16.1.0BGP routing table entry for 172.16.1.0/24, version 7Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 172.10.2.2 172.10.6.6 254 10.1.1.1 from 10.1.1.1 (199.172.15.254) Origin IGP, metric 0, localpref 100, valid, external, best Community: 1:10
Viewing the Community Value—New Format
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 311
Controlling the Flow of BGP Updates
312
Aggregate Addresses
Used to minimize the size of the routing table
Combines characteristics of several routes to allow a single route to be advertised
RTB#
router bgp 200
neighbor 3.3.3.1 remote-as 300
network 160.10.0.0
RTC#
router bgp 300
neighbor 3.3.3.3 remote-as 200
neighbor 2.2.2.2 remote-as 100
network 170.10.0.0
aggregate-address 160.0.0.0 255.0.0.0
313
Aggregate Addresses (Cont.)
aggregate-address address mask advertises the prefix route and all of the more specific routes
aggregate-address address mask summary-only This advertises the prefix only; all the more specific routes are suppressed*
aggregate-address address-mask suppress-map map-nameThis command advertises the prefix route and the more specific routes but it suppresses advertisement according to a route map
314
Example: Aggregate Address
Question: Advertise the aggregate route 132.0.0.0/8 into AS 3. Ensure that the aggregate address and only 132.108.10.0/24 is allowed through to AS 3
315
Example (Cont.): Configuration
r8(config)#router bgp 4
r8(config-router)#aggregate-address 132.0.0.0 255.0.0.0 suppress-map AGGREGATE_MAP1
r8(config-router)#exit
r8(config)#access-list 3 deny 132.108.10.0 0.0.0.255
r8(config)#access-list 3 permit any
r8(config)#route-map AGGREGATE_MAP1 permit 10
r8(config-route-map)#match ip address 3
r8(config-route-map)#end
316
Example (Cont.): Verification
r5#sh ip ro bgp
B 141.108.0.0/16 [200/0] via 142.108.10.6, 2d03h
B 131.108.0.0/16 [20/0] via 162.108.21.8, 00:06:41
B 161.108.0.0/16 [20/0] via 162.108.21.8, 00:06:41
132.108.0.0/16 is variably subnetted, 2 subnets, 2 masks
B 132.108.10.0/24 [20/0] via 162.108.21.8, 00:06:41
B 132.108.0.0/16 [200/0] via 142.108.10.6, 2d03h
B 132.0.0.0/8 [20/0] via 162.108.21.8, 00:06:41
317
BGP Route Filtering
Filter networks in incoming or outgoing BGP updates based on IP address
Rtr A Rtr Brouter bgp 1 router bgp 2 neighbor 10.1.1.2 distribute-list 1 in neighbor 10.1.1.1 distribute-list 2 out
access-list 1 permit 172.16.0.0 0.0.255.255 access-list 2 permit 192.30.8.0 0.0.0.255
Route Filtering
10.1.1.1/24 10.1.1.2/24
Rtr A Rtr B
AS 1 AS 2
Do You See A Problem Here?
318
BGP Route Filtering
Path filtering—filter networks in incoming or outgoing BGP updates based on AS path information
Rtr A Rtr Brouter bgp 1 router bgp 2 neighbor 1.1.1.2 filter-list 1 in neighbor 1.1.1.1 filter-list 2 out… ...ip as-path access-list 1 deny ^2$ ip as-path access-list 2 permit ^$(deny routes belonging to AS 2) (allow routes from this AS only)ip as-path access-list 1 permit .*
Route Filtering
10.1.1.1/24 10.1.1.2/24
Rtr A Rtr B
AS 1 AS 2
Do You See A Problem Here?
319
Route-Map Overview
Route-maps are very complex access-lists:
Access-lists have lines Route-maps contain statements
Access-lists use addresses and masks Route-maps use match conditions
With access-lists, there is an access-list number With route-maps, there is a route-map name
Statements in route-maps are numbered
You can insert and delete statements in a route-map
You can edit match conditions in a statement
Route-map statements can modify matched routes with “set” options
Route Maps
320
Route-Map Overview (Cont.)
The default statement action is “permit”
A route not matched by any statement is dropped
“Permit all” is achieved by specifying “permit” without a “match” clause
Match conditions in one statement are ANDed together
The first matching statement permits or denies the route
Route Maps
321
Route-Map Overview (Cont.)
router bgp 300
network 172.16.0.0
neighbor 2.2.2.2 remote−as 100
neighbor 2.2.2.2 route−map STOPUPDATES out
…
route−map STOPUPDATES deny 10
match ip address 1
route−map STOPUPDATES permit 20
…
access−list 1 permit 170.16.0.0 0.0.255.255
Blocks Advertisement of Network 172.16.0.0 to Neighbor 2.2.2.2
Route Maps
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 322
Debugging BGP
323
Debugging
Test the IP connection between the BGP routers
If you can ping the remote endpoint then you can form a BGP connection
Rtr A#ping 1.1.1.2 Rtr B#ping 1.1.1.1
10.1.1.1/24 10.1.1.2/24
Rtr A Rtr B
AS 1 AS 2
324
Debugging
Rtr A# Rtr B#
router bgp 1 router bgp 2 neighbor 1.1.1.2 remote-as 2 neighbor 1.1.1.1 remote-as 1
10.1.1.1/24 10.1.1.2/24
Rtr A Rtr B
AS 1 AS 2
Start with a Minimum BGP Configuration
325
Debugging
Rtr A#show ip bgp neighbors
BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 1.1.1.2 BGP state = Established, table version = 1, up for 0:12:20 Last read 0:00:20, hold time is 180, keepalive interval is 60 seconds Minimum time between advertisement runs is 30 seconds Received 15 messages, 0 notifications, 0 in queue Sent 15 messages, 0 notifications, 0 in queue Connections established 1; dropped 0Connection state is ESTAB, I/O status: 1, unread input bytes: 0Local host: 10.1.1.7, Local port: 11002Foreign host: 10.1.1.1, Foreign port: 179
IF BGP Stat = Established Then Continue with Your BGP Configuration
326
Further Possible Areas of Study
IBGP—Route Reflector
IBGP—Confederations
EBGP—Neighbor Local-as
BGP Multipath
BGP Conditional Advertisement
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 327
Q and A
328
Recommended Reading
Internet Routing Architectures, Bassam Halabi, Cisco Press
Cisco BGP-4 Command and Configuration Handbook, William Parkhurst, Cisco Press
Available Onsite at the Cisco Company Store
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 329
Session 7:
MPLS/VPN
330
Agenda
MPLS Technology Introduction
MPLS Network Ingredients
Building MPLS Services
MPLS VPNs
MPPS Layer 3 VPNs
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 331
MPLS Technology Introduction
332
What Is MPLS Technology?
Multi Protocol Label Switching is a technology for delivery of IP services MPLS technology switches packets instead of routing, to transport data A highly scalable mechanism that is topology driven rather than
flow driven Single infrastructure architecture supporting multitudes of applications MPLS has evolved long way from its original goal, now serving as a
foundation for value-added services
VPLSTraffic
Engineer
Unicast &multicastL3 VPNs
MPLS
Single Network Infrastructure
IP+OpticalGMPLS
Any TransportOver MPLS
333
Evolving Infrastructures, Growing Requirements
Fast Convergence
Fast Convergence
High Availability
High Availability
RedundancyRedundancy
Resilience Resilience and Scaleand Scale
Resilience Resilience and Scaleand Scale
Next Generation Services Networks Require Next Generation Services Networks Require a Transport that Offers End-to-End:a Transport that Offers End-to-End:
Next Generation Services Networks Require Next Generation Services Networks Require a Transport that Offers End-to-End:a Transport that Offers End-to-End:
ReportReport
MeasureMeasure
Test andVerify
Test andVerify
ProvisionProvision
OAMOAMOAMOAM
Point to Point
Point to Point
Point to MultipointPoint to Multipoint
Service Service FlexibilityFlexibilityService Service
FlexibilityFlexibility
Mutipoint to Multipoint
Mutipoint to Multipoint
Traffic ClassesTraffic Classes
BW GuaranteesBW Guarantees
SLA SLA GuaranteesGuarantees
SLA SLA GuaranteesGuarantees
Traffic PriorityTraffic Priority
334
CustomerA
Remote Users/ Telecommuters
MPLS Backbone
VPN B
PE2
VPN B
Local or Direct
Dial ISP
HQ AHQ A
Internet
ProviderNetworks
Branch OfficeBranch Office
HQ CHQ C
HQ BHQ B
FR/ATM/
Carrier Ethernet
VPN C
MPLS Use Case
P1 P2
VPN A
VPN A
VPN C
VPN BPE3
Mobile Backhaul
Shared/Managed Services
ERP VideoServer
HostedContent
PE4
PE1
Mobile Backhaul
P3 P4
VMVM
VMVM
VMVM
VMVM
Requirements: L2 pt-pt, L2 fully meshed,L3 fully meshed sites through HQ site, all sites
directly access Hosted content and the Internet with SLA
MPLS to MPLS to IPsecIPsec//PEPE
PE5
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 335
MPLS Network Ingredients
336
MPLS Network Ingredients Network devices
P (Provider) routers = label switching routers = core routers
PE (Provider Edge) routers = edge LSR = provider edge device
ProtocolsIGP: core routing protocol, OSPF, EIGRP, IS-IS
Label Distribution Protocol (LDP)
Multiprotocol e/iBGP
Resource reservation (RSVP) protocol
MPLS labelForwarding Equivalence Class (FEC)
MPLS label
MPLS label encapsulation
MPLS planesMPLS control planes
MPLS forwarding planes
337
MPLS Network Devices
P (Provider) routers = label switching routers = core routers
Switch packets from ingress PE to egress PE
PE (Provider Edge) routers = edge LSR = provider edge device
MPLS services are enabled on PE devices. They interconnect customer sites
PE
P
P
P
P
PE
PE
PE
PE
PE
338
P
P
PE
PE
PE
PE
P
P
PE
PE
IGPRSVP
LDP
MPLS Network Protocols
IGP: OSPF, EIGRP, IS-IS on core facing and core links
RSVP and/or LDP on core and/or core facing links
MP-e/iBGP on PE devices
339
Label Distribution Protocol
Defined in RFC 3035 and 3036, LDP-superset of Tag Distribution Protocol
Uses UDP for session discovery and TCP(646) for the rest of the messages
LDP Header:
Uses per-interface or per-platform label space, each needing separate LDP sessions
Label distribution protocols distribute labels for prefixes advertised by unicast routing protocols (OSPF, IS-IS, EIGRP, etc.) using LDP or BGP
Multiple phases to establish a session & allocate labels so that traffic can be switched:
Discovery mechanisms
Session establishment
Label distribution and management
Label binding advertisement (unsolicited or on-demand), distribution, liberal retention
Version (2 Octets)
PDU Length (2 Octets)
LDP ID (6 Octets)
340
MPLS Label and Label Encapsulation
LabelPPP Header Layer 2/L3 PacketPPP Header(Packet over SONET/SDH)
Label MAC Header Layer 2/L3 PacketLAN MAC Label Header
MPLS Label Encapsulation
COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label # – 20bits EXP S TTL-8bits
MPLS Label
341
Forwarding Equivalence Class
FEC Is Used by Label Switching Routers to Determine How Packets Are Mapped to Label Switching Paths (LSP):
IP prefix/host address
Layer 2 circuits (ATM, FR, PPP, HDLC, Ethernet)
Groups of addresses/sites—VPN x
A bridge/switch instance—VSI
Tunnel interface—traffic engineering
342
MPLS Control Plane and Forward Plane
Control plane used to distribute labels and build label-switched paths
Routing Process
MPLS Process
RIB
LIB
Route Updates/Adjacency
Label BindUpdates/Adjacency
Forwarding plane consists of label imposition, swapping, and disposition—no matter what the control plane
Destination-based unicast/multicast
Labels divorce forwarding from IP address
Labels define destination and service
MFI FIB
IP TrafficMPLS Traffic
343
MPLS Control Plane Downstream Unsolicited Mode
Step I: Core Routing Convergence
128.89
171.69
1
01
In Label
Address Prefix
128.89
171.69
…
OutI’face
1
1
…
Out Label
In Label
Address Prefix
128.89
171.69
…
OutI’face
0
1
…
Out Label
In Label
Address Prefix
128.89
…
OutI’face
0
…
Out Label
0
Routing Updates (OSPF, EIGRP, …)
You Can Reach 128.89 Thru Me
You Can Reach 171.69 Thru Me
You Can Reach 128.89 and 171.69 Thru Me
344
Step II: Assigning Labels
MPLS Control PlaneDownstream Unsolicited Mode
1
Use Label 7 for 171.69
Use Label 4 for 128.89 andUse Label 5 for 171.69
128.89
01
0
171.69
In Label
Address Prefix
128.89
171.69
…
OutI’face
1
1
…
Out Label
In Label
Address Prefix
128.89
171.69
…
OutI’face
0
1
…
Out Label
In Label
Address Prefix
128.89
…
OutI’face
0
…
Out Label
4
5
…
-
-
…
9
7
…
4
5
…
-
…
9
…
Use Label 9 for 128.89
Downstream Node Advertise Labels for Prefixes/FEC Reachable via that Device
345
1
0
1
128.89.25.4 Data4128.89.25.4 Data
128.89.25.4 Data
128.89.25.4 Data9
Label Switch Forwards Based on Label
128.890
171.69
In Label
Address Prefix
128.89
171.69
…
OutI’face
1
1
…
Out Label
In Label
Address Prefix
128.89
171.69
…
OutI’face
0
1
…
Out Label
In Label
Address Prefix
128.89
…
OutI’face
0
…
Out Label
4
5
…
-
-
…
9
7
…
4
5
…
-
…
9
…
MPLS Forwarding Plane
Step III: Forwarding Labeled Packets
346
Label Stacking
There may be more than one label in an MPLS packet
As we know labels correspond to forwarding equivalence classesExample—there can be one label for routing the packet to an egress point and another that separates a customer A packet from customer B
Inner labels can be used to designate services/FECs, etc.
e.g. VPNs, fast reroute
Outer label used to route/switch the MPLS packets in the network
Last label in the stack is marked with EOS bit
Allows building services such as MPLS VPNs
Traffic engineering and fast reroute
VPNs over traffic engineered core
Any transport over MPLS
TE Label
LDP Label
VPN Label
Inner Label
Outer Label
IP Header
347
MPLS Core Architecture Summary1a. Existing Routing Protocols (e.g. OSPF, IS-IS) Establish Reachability to Destination Networks
1b. LDP Establishes Label to Destination Network Mappings
2. Ingress Edge LSR Receives Packet, Performs Layer 3 Value-Added Services, and “Labels” Packets 3. LSR Switches Packets
Using Label Swapping
4. Edge LSR at Egress Removes Label and Delivers Packet
!ip cefmpls label protocol ldp!Interface ether0/0mpls ip!
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 348
MPLS VPNs
349
What Is a Virtual Private Network?
VPN is a set of sites or groups which are allowed to communicate with each other
VPN is defined by a set of administrative policiesPolicies established by VPN customers
Policies could be implemented completely by VPN service providers
Flexible intersite connectivity
Ranging from complete to partial mesh
Sites may be either within the same or in different organizations
VPN can be either intranet or extranet
Site may be in more than one VPN
VPNs may overlap
Not all sites have to be connected to the same service provider
VPN can span multiple providers
350
L2 vs. L3 VPNs
Point-to-Point Layer 2 VPNs Customer endpoints (CPE) connected via Frame Relay DLCI, ATM VC or
point-to-point connection No routing with the provider network. VPN CEs peer with each other,
much better propagation delay Good for point to point L2 connectivity, provider will need to manually fully
mesh end points if any-to-any connectivity is required
Multipoint Layer 2 VPNs Customer endpoints (CPE) connected via Ethernet (VLAN or ethernet) Fully meshed, hub-spoke service possible w/o routing
Layer 3 VPN Any access medium is supported Customer end points peer with providers’ routers @ L3 and exchange
VPN site-routing information Reduced provisioning, Scales
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 351
MPLS L3 VPNs
352
VPN A
VPN B
VPN A
VPN B
VPN CVPN A
VPN C
VPN B
IP L3 vs. MPLS L3 VPNs
Overlay VPN
ACLs, ATM/FR, IP tunnels, IPSec, … etc. requiring n*(n-1) peering points
Transport dependent
Groups endpoints, not groups
Pushes content outside the network
Costs scale exponentially
NAT necessary for overlapping subnets
Limited scaling, QoS Complexity
MPLS-Based VPNs
Point-to-cloud single point of connectivity
Transport independent
Easy grouping of users and services
Enables content hosting inside the network
“Flat” cost curve
Supports private overlapping IP addresses
Scalable to over millions of VPNs
Per VPN QoS
Hosting
Multicast
VoIP
Intranet
Extranet
353
MPLS L3 VPN Control Plane Basics
1. VPN service is enabled on PEs
2. VPN site’s CE1 connects to a VRF enabled interface on a PE1
3. VPN site CE1 distributes routes to PE1
4. PE1 allocates VPN label for each prefix, redistributes routes into MP-iBGP, sets itself as a next hop and relays VPN site routes to PE3
5. PE3 distributes CE1’s routes to CE2
VRF
VRF
VRF
MP-iBGP—VPNv4 Label Exchange
MP-iBGP—VPNv4 iBGP—VPNv4
PE1
PE3
PE2CE1
CE4
CE3
CE2
P1 P2
VRF VRF
P3
Static, EIGRP, OSPF, eBGP
354
How Control Plane Information Is Separated
PE1
P1 P2
PE2
CE2CE1
IPv4 Route Exchange
VPN-IPv4Net=RD:16.1/16NH=PE1Route Target100:1Label=42
16.1/16
IGP/eBGP Net=16.1/16
IGP/eBGP Net=16.1/16
No VPN Routes in
the Core(P)
ip vrf YellowRD 1:100route-target export 1:100route-target import 1:100
Route Distinguisher (RD): 8-byte field—unique value assigned by a provider to each VPN to make different VPN routes unique
VPNv4 address: RD+VPN IP prefix Route Target (RT): 8-byte field, unique value assigned by a provider to define the
import/export rules for the routes from/to each VPN MP-iBGP: facilitates advertisement of VPNv4* prefixes + labels between BGP
peers Virtual Routing Forwarding Instance (VRF): contains VPN site routes Multi-VRF CE: CE device supporting multiple VRFs w/o MP-iBGP & VPN labels
355
PE1 PE2CE1 Forwards IPv4 Packet
MPLS L3 VPN Forwarding PlaneHow Data Plane Is Separated
1. PE1 imposes pre-allocated label for the prefix
2. Core facing interface allocates IGP label
3. Core swaps IGP labels
4. PE2 strips off VPN label and forwards the packet to CE2 as an IP packet
CE2 Receives IPv4 Packet
!Interface S1/0ip vrf forwarding Yellow!
P1 P2
CE2CE1
IPv4 IPv4
IPv4 IPv4 IPv4
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 356
MPLS L3 VPNs Applications
357
CustomerA
Remote Users/ Telecommuters
MPLS Backbone
VPN B
Local or Direct
Dial ISP
HQ Hub
Internet
ProviderNetworks
MPLS to IPsec/PE
Branch Office
Business Partner
FR/ATM/
VPN A
Deployment Example I:
P1 P2
VPN A
VPN A
VPN A
VPN AVMVM
VMVM
VMVMPE2
PE3
Remote Site
VMVM
PE1
MPLS VPN SP Interconnecting VPN Sites for different Access Technologies
358
Deployment Example II: MPLS VPNs in Enterprise Campus
L2 access
Multi-VRF-CE at distribution
BGP/MPLS VPNs in core only
Multi-VRF between core and distribution
Multi-VRF doesn’t require MPLS labels
Layer 3
L2
L2
MP-iBGP
VPN1
VPN2
802.1Q
CE (Multi-VRF)
BGP/MPLS VPN
PE w/VRF
P
359
Remote SitesEnterprise-A
Enterprise-AHub-1-UK Global Backbone
Service Provider AS100
Deployment Example III: End-to-End VPN Services Using Multiple MPLS SPs
Remote SitesEnterprise-A
Enterprise-A Hub-2-US
Enterprise-AHub-3-India
Remote SitesEnterprise-A
Regional SP1
MPLS Core AS1
Regional SP2
MPLS Core AS2
Regional SP3
MPLS CoreAS3
360
MPLS L3 VPNs Summary
SPs can provide Intranet, extranet, hub-spoke, fully-meshed connectivity services
Advanced multicast VPNs, shared hosting, voice, video, Internet and traditional IP services can also be supported over a single infrastructure
SP configured route target can be used to filter/limit import/export of VPN routes
SP configured per VPN route distinguisher segregates VPN control plane traffic
Unique per-VPN labels segregates data plane traffic
Subscribers have several access medium and routing protocol options to connect to the providers
SPs can offer service level guarantees using QoS and traffic engineering applications for MPLS L3 VPNs
MPLS L3VPNs over IP
361
Terminology ReferenceTerminology Description
AC Attachment Circuit. An AC Is a Point-to-Point, Layer 2 Circuit Between a CE and a PE.
AS Autonomous System (a Domain)
CoS Class of Service
ECMP Equal Cost Multipath
IGP Interior Gateway Protocol
LAN Local Area Network
LDP Label Distribution Protocol, RFC 3036.
LER Label Edge Router. An Edge LSR Interconnects MPLS and non-MPLS Domains.
LFIB Labeled Forwarding Information Base
LSP Label Switched Path
LSR Label Switching Router
NLRI Network Layer Reachability Information
P Router An Interior LSR in the Service Provider's Autonomous System
PE RouterAn LER in the Service Provider Administrative Domain that Interconnects the Customer Network and the Backbone Network.
PSN Tunnel Packet Switching Tunnel
362
Terminology ReferenceTerminology Description
Pseudo-WireA Pseudo-Wire Is a Bidirectional “Tunnel" Between Two Features on a Switching Path.
PWE3 Pseudo-Wire End-to-End Emulation
QoS Quality of Service
RD Route Distinguisher
RIB Routing Information Base
RR Route Reflector
RT Route Target
RSVP-TE Resource Reservation Protocol based Traffic Engineering
VPN Virtual Private Network
VFI Virtual Forwarding Instance
VLAN Virtual Local Area Network
VPLS Virtual Private LAN Service
VPWS Virtual Private WAN Service
VRF Virtual Route Forwarding Instance
VSI Virtual Switching Instance
363
MPLS/L3VPN Sample Lab Question
Backbone 1
VLAN_B
Backbone 2
Sw1 Sw2
Sw3Sw4
R2
R5
R3
R1
R4
Fa0/0.25.5/24
Gi0/0.25.2/24
Gi0/1.20.2/24
VLAN_C
VLAN_A
Fa0/1.100.5/24
Gi0/1.100.1/24
Gi0/1.100.3/24
Gi0/0.30.3/24
Fa0/1.50.4/24
Fa0/0150.1.YY.1/24
Gi0/0150.2.YY.1/24
S0/0/0.12.2/30
S0/0/1.12.1/30
S0/0/0.14.4/24
S0/0/0.14.1/24
SVI .30.9/24
VLAN_D
SVI .30.10/24
SVI .50.7/24
SVI .50.8/24
VLAN_E
CE
CE
PE
PE
P P
PE
PE
CE CE
P
PE
P
P
VPN Tunnel
MP-BGP/IGP/MPLS
IGP/MPLS
IGP/MPLS
PECEStatic Route/No MPLS
VPN Tunnel
Static Route/No MPLS
170.1.9.9/24
170.1.7.7/24
364
MPLS/L3VPN Sample Lab Question (Cont.)
MP-BGP should be configured to carry vpnv4 updates.
VRF instance should be named "ccie"
RT & RD values is upon candidates discretion.
Include only the relevant interface in the vrf instance.
Configure the vrf route as appropriate on PEs
You are allowed to use static route from CE to PE for the private traffic.
There is a private network on Sw3 170.1.9.0 and another on Sw1 170.1.7.0. Build a VPN tunnel to carry the private traffic between these two networks using the MPLS core and edge infrastructure.
365
MPLS/L3VPN Sample Lab Question (Cont.)Verification
R3: Verify VPNv4 routes are received from R4(PE):
R3#sh ip route vrf ccie
Routing Table: ccie
170.1.0.0/32 is subnetted, 2 subnets
S 170.1.9.9 [1/0] via 1.1.30.9
B 170.1.7.7 [200/0] via 1.1.4.4, 3d16h---Loopback intf.(Private Network) on Sw1
1.0.0.0/24 is subnetted, 2 subnets
C 1.1.30.0 is directly connected, GigabitEthernet0/0
B 1.1.50.0 [200/0] via 1.1.4.4, 3d16h R4: Verify VPNv4 routes are received from R3(PE):
R3#sh ip route vrf ccie
Routing Table: ccie
170.1.0.0/32 is subnetted, 2 subnets
S 170.1.7.7 [1/0] via 1.1.50.7
B 170.1.9.9 [200/0] via 1.1.3.3, 3d16h---Loopback intf.(Private Network) on Sw3
1.0.0.0/24 is subnetted, 2 subnets
C 1.1.50.0 is directly connected, GigabitEthernet0/1
B 1.1.30.0 [200/0] via 1.1.3.3, 3d16h
366
Further Reading
http://www.cisco.com/go/mpls
http://www.ciscopress.com
MPLS and VPN Architectures—Jim Guichard, Ivan Papelnjak—Cisco Press®
Traffic Engineering with MPLS—Eric Osborne, Ajay Simha—Cisco Press
Layer 2 VPN Architectures— Wei Luo, Carlos Pignataro, Dmitry Bokotey, Anthony Chan—Cisco Press
MPLS QoS—Santiago Alvarez-Cisco Press
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 367
Q and A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 368
Session 8:
IP Multicast
369
Agenda
Multicast Concepts
PIM-SM Configuration and Verification
Multicast Troubleshooting
370
Multicast At-a-Glance
PIM
IGMPP
IMP
IM
IGMP
371
McastSample Written Question
Which of the following is NOT true of IP Multicast Addressing?
1. Multicast Group addresses comprise the range 224.0.0.0–239.255.255.255
2. The Link-Local Address Range is 224.0.0.0–224.0.0.255
3. Administratively Scoped Addresses (239.0.0.0– 239.255.255.255) are assigned to user applications by IANA
4. EIGRP Hello’s to 224.0.0.10 have a TTL = 1
5. Scope Relative Addresses are the top 256 addresses of a scoped address range
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 372
Multicast Forwarding
373
Unicast vs. Multicast Forwarding
Destination IP address directly determines where to forward the packet
Decision based on route table
Hop-by-hop forwarding continues even during routing topology changes
Unicast Forwarding
374
Unicast vs. Multicast Forwarding
Destination IP address doesn’t directly indicate where to forward packet
Forwarding is connection-oriented
Receivers must first “connect” to the source before traffic begins to flow
Connection messages (PIM Joins) follow unicast routing table toward multicast source
Build Multicast Distribution Trees that determine where to forward packets
Distribution Trees rebuilt dynamically in case of network topology changes
Mulitcast Forwarding
375
Reverse Path Forwarding (RPF)
The multicast source address is checked against the unicast routing table
This determines the interface and upstream router in the direction of the source to which PIM Joins are sent
This interface becomes the “Incoming” or RPF interface
A router forwards a multicast datagram only if received on the RPF interface
The RPF Calculation
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 376
PIM Sparse Mode
377
PIM Sparse Mode
Protocol-independent
Supports all underlying unicast routing protocols including: static, RIP, IGRP, EIGRP, IS-IS, BGP, and OSPF
Sparse mode
Uses “pull” model
Traffic sent only to where it is requested
Explicit join behavior
378
PIM-SM Shared Tree Join
Receiver
RP
PIM (*, G) Join(*, G) State Created OnlyAlong the Shared Tree
Shared Tree
IGMP (*, G) Join
379
PIM-SM Sender Registration
Receiver
RP
(S, G) Join
Source
(S, G) Register (unicast)
(S, G) State Created OnlyAlong the Source Tree
Source Tree
Traffic Flow
Shared Tree
380
PIM-SM Sender Registration
Receiver
RPSource
RP Sends a Register-Stop Back to the First-Hop Router to Stop the Register Process
(S, G) Register-Stop (unicast)
(S, G) Register (unicast)
(S, G) Traffic Begins Arriving at the RP Via the Source Tree
Source Tree
Traffic Flow
Shared Tree
381
PIM-SM Sender Registration
Receiver
RPSource
Source Traffic Flows NativelyAlong SPT to RP
From RP, Traffic Flows Downthe Shared Tree to ReceiversSource Tree
Traffic Flow
Shared Tree
382
PIM-SM SPT Switchover
Receiver
RP
(S, G) Join
Source
Last-Hop Router Joins the Source Tree
Source Tree
Traffic Flow
Shared Tree
383
PIM-SM SPT Switchover
Receiver
RPSource
Last-Hop Router Joins the Source Tree
Additional (S, G) State Is Created Along New Part of the Source TreeSource Tree
Traffic Flow
Shared Tree
384
PIM-SM SPT Switchover
Receiver
RPSource
(S, G)RP-bit Prune
Traffic begins Flowing Down the New Branch of the Source Tree
Additional (S, G) State is Created Along the Shared Tree to Prune off (S, G) Traffic
Source Tree
Traffic Flow
Shared Tree
385
PIM-SM SPT Switchover
Receiver
RPSource
Shared Tree
(S, G) Traffic Flow Is Now Pruned off of the Shared Tree and Is Flowing to the Receiver via the Source TreeSource Tree
Traffic Flow
Shared Tree
386
PIM-SM SPT Switchover
Receiver
RPSource
Shared Tree
(S, G) Traffic Flow Is No Longer Needed by the RP So it Prunes the Flow of (S, G) Traffic
(S, G) Prune
Source Tree
Traffic Flow
Shared Tree
387
PIM-SM SPT Switchover
Receiver
RPSource
Source Tree
(S, G) Traffic Flow Is Now Only Flowing to the Receiver via a Single Branch of the Source Tree
Traffic Flow
Shared Tree
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 388
PIM Sparse Mode Configuration and Verification
389
PIM Sparse Mode Static RP
R4 R3
R2
R1
E0/0 10.1.1.1/24ip pim sparse-mode
E0/0 10.1.1.2/24ip pim sparse-mode
S0/1 10.2.2.2/24ip pim sparse-mode
S0/1 10.2.2.3/24ip pim sparse-mode
S0/0 10.2.3.2/24ip pim sparse-mode
On Every RouterGlobal Configuration Command
S0/0 10.2.3.4/24ip pim sparse-mode
ip multicast-routingip pim rp-address 10.1.22.22
LO0 10.1.22.22/32ip pim sparse-mode
390
PIM Sparse Mode Static RP—Verification
R4 R3
R2
R1
E0/0 10.1.1.1/24ip pim sparse-mode
E0/0 10.1.1.2/24ip pim sparse-mode
S0/1 10.2.2.2/24ip pim sparse-mode
S0/1 10.2.2.3/24ip pim sparse-mode
S0/0 10.2.3.2/24ip pim sparse-mode
On Every RouterGlobal Configuration Command
S0/0 10.2.3.4/24ip pim sparse-mode
ip multicast-routingip pim rp-address 10.1.22.22
LO0 10.1.22.22/32ip pim sparse-mode
r3# show ip pim rp mappingGroup(s): 224.0.0.0/4, Static RP: 10.1.22.22 (R2)
391
R4 R3
R2
R1
E0/0 10.1.1.1/24ip pim sparse-mode
E0/0 10.1.1.2/24ip pim sparse-mode
S0/1 10.2.2.2/24ip pim sparse-mode
S0/1 10.2.2.3/24ip pim sparse-mode
S0/0 10.2.3.2/24ip pim sparse-mode
On Every RouterGlobal Configuration Command
S0/0 10.2.3.4/24ip pim sparse-mode
ip multicast-routingip pim rp-address 10.1.22.22
LO0 10.1.22.22/32ip pim sparse-mode
PIM Sparse Mode Static RP—Verification
r2# show ip pim interface Address Interface Ver/ Nbr Query DR DR Mode Count Intvl Prior10.1.1.2 Ethernet0/0 v2/S 1 30 1 10.1.1.210.2.3.2 Serial0/0 v2/S 1 30 1 10.2.3.410.2.2.2 Serial0/1 v2/S 1 30 1 10.2.2.3
392
R4 R3
R2
R1
E0/0 10.1.1.1/24ip pim sparse-mode
E0/0 10.1.1.2/24ip pim sparse-mode
S0/1 10.2.2.2/24ip pim sparse-mode
S0/1 10.2.2.3/24ip pim sparse-mode
S0/0 10.2.3.2/24ip pim sparse-mode
On Every RouterGlobal Configuration Command
S0/0 10.2.3.4/24ip pim sparse-mode
ip multicast-routingip pim rp-address 10.1.22.22
LO0 10.1.22.22/32ip pim sparse-mode
PIM Sparse Mode Static RP—Verification
r2# show ip pim neighborPIM Neighbor TableNeighbor Interface Uptime/Expires Ver DRAddress Priority/Mode10.1.1.1 Ethernet0/0 1d00h/00:01:17 v2 1 / B S10.2.3.4 Serial0/0 1d00h/00:01:44 v2 1 / DR B S10.2.2.3 Serial0/1 1d00h/00:01:44 v2 1 / DR B S
393
PIM Sparse Mode Auto-RP
Routers automatically learn RP address
Only routers that are candidate RPs or mapping agents need to be configured
Makes use of multicast to distribute info
Two specially IANA-assigned groups used
Cisco-Announce—224.0.1.39
Cisco-Discovery—224.0.1.40
Typically dense mode is used forward these groups
Permits backup RP’s to be configured
394
PIM Sparse Mode Auto-RP
ip pim send-rp announce loopback 0 scope 16
On Every RouterGlobal Configuration Command
ip multicast-routing
Interface Configuration Command
ip pim sparse-dense-modeor
ip pim sparse-mode with
Global command: ip pim auto-rp listener
R4
R2
R1
ip pim send-rp-discovery loopback 0 scope 16
R3
RP
MA
395
ip pim send-rp announce loopback 0 scope 16
On Every RouterGlobal Configuration Command
ip multicast-routing
Interface Configuration Command
ip pim sparse-dense-modeor
ip pim sparse-mode with
Global command: ip pim auto-rp listener
R4
ip pim send-rp-discovery loopback 0 scope 16
R3MA
PIM Sparse Mode Auto-RP—Verification
R2
R1
RP
r2# show ip pim rp mappingPIM Group-to-RP MappingsThis system is an RP (Auto-RP) Group(s) 224.0.0.0/4 RP 10.1.22.22 (r2), v2v1 Info source: 10.1.44.44 (R3), via Auto-RP Uptime: 00:02:19, expires: 00:02:38
396
ip pim send-rp announce loopback 0 scope 16
On Every RouterGlobal Configuration Command
ip multicast-routing
Interface Configuration Command
ip pim sparse-dense-modeor
ip pim sparse-mode with
Global command: ip pim auto-rp listener
R4
ip pim send-rp-discovery loopback 0 scope 16
R3MA
PIM Sparse Mode Auto-RP—Verification
R2
R1
RP
r3# show ip pim rp mappingPIM Group-to-RP MappingsThis system is an RP-mapping agent (Loopback0) Group(s) 224.0.0.0/4 RP 10.1.22.22 (r2), v2v1 Info source: 10.1.22.22 (R2), via Auto-RP Uptime: 00:02:55, expires: 00:02:00
397
ip pim send-rp announce loopback 0 scope 16
On Every RouterGlobal Configuration Command
ip multicast-routing
Interface Configuration Command
ip pim sparse-dense-modeor
ip pim sparse-mode with
Global command: ip pim auto-rp listener
R4
ip pim send-rp-discovery loopback 0 scope 16
R3MA
PIM Sparse Mode Auto-RP—Verification
R2
R1
RP
r4# show ip pim rp mappingPIM Group-to-RP Mappings Group(s) 224.0.0.0/4 RP 10.1.22.22 (r2), v2v1 Info source: 10.1.44.44 (R3), via Auto-RP Uptime: 00:24:29, expires: 00:02:17
398
PIM Sparse Mode BSR
ip pim rp-candidate loopback 0
ip pim bsr-candidate loopback 0
On Every RouterGlobal Configuration Command
ip multicast-routing
Interface Configuration Command
ip pim sparse-mode
R4 R3BSR
R2
R1
RP
399
ip pim rp-candidate loopback 0
ip pim bsr-candidate loopback 0
On Every RouterGlobal Configuration Command
ip multicast-routing
Interface Configuration Command
ip pim sparse-mode
R4 R3BSR
PIM Sparse Mode BSR—Verification
R2
R1
RP
r2# show ip pim rp mappingPIM Group-to-RP MappingsThis system is a candidate RP (v2) Group(s) 224.0.0.0/4 RP 10.1.22.22 (?), v2 Info source: 10.1.44.44 (?), via bootstrap Uptime: 00:04:09, expires: 00:02:27
400
ip pim rp-candidate loopback 0
ip pim bsr-candidate loopback 0
On Every RouterGlobal Configuration Command
ip multicast-routing
Interface Configuration Command
ip pim sparse-mode
R4 R3BSR
PIM Sparse Mode BSR—Verification
R2
R1
RP
r2# show ip pim bsr-routerPIMv2 Bootstrap information BSR address: 10.1.44.44 (?) Uptime: 00:06:16, BSR Priority: 0, Hash mask length: 0 Expires: 00:01:55 Next Cand_RP_advertisement in 00:00:39 RP: 10.1.22.22(Loopback0)
401
Anycast RP: Overview
Uses single statically defined RP address
Two or more routers have same RP address
RP address defined as a loopback interface
Loopback address advertised as a host route
Senders and receivers join/register with closest RP
Closest RP determined from the unicast routing table
Can never fall back to dense mode
Because RP is statically defined
MSDP session(s) run between all RPs
Informs RPs of sources in other parts of network
RPs join SPT to active sources as necessary
402
ip pim rp-address 10.1.1.1ip pim rp-address 10.1.1.1
Interface loopback 0 ip address 10.1.1.1 255.255.255.255
Interface loopback 1 ip address 10.0.0.2 255.255.255.255!ip msdp peer 10.0.0.1 connect-source loopback 1ip msdp originator-id loopback 1
Interface loopback 0 ip address 10.1.1.1 255.255.255.255
Interface loopback 1 ip address 10.0.0.1 255.255.255.255!ip msdp peer 10.0.0.2 connect-source loopback 1ip msdp originator-id loopback 1
MSDPB
RP2
A
RP1
X Y
Anycast RP MSDP Configuration
403
References
Developing IP Multicast Networks; Beau Williamson, Cisco Press
Routing TCP/IP Volume II; Jeff Doyle, Cisco Press
ftp://ftpeng.cisco.com/ipmulticast/training/index.html
Available Onsite at the Cisco Company Store
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 404
Session 9:
Quality of Services
405
Quality of Service (QoS)
What Is Qos, Why?
Differentiated Services Architecture
Modular QoS Command Line
Classification/Marking
Queuing
Policing/Shaping
References
406
What Is QoS in Internetworking?
Qos is applicable in many domains outside networking (supermarket, public roads,…)
In networking, we refer to the set of requirements an application imposes along an end to end pipe
Loss rate
Latency, jitter
Bandwidth
How can we control these, in order to offer the requested service?
407
Aggregation Speed Mismatch
10 Mbps
1000 Mbps
LAN to WAN
10 Mbps
64 Kbps
Congestion Points
Example of network node congestion
Points of substantial speed mismatch and points of aggregation
Transmit buffers have the tendency to fill
Buffering reduces loss, but introduces delay
408
IETF QoS Model: Differentiated Services
Specify QoS via a packet header value: DSCP
Network uses the QoS specification to classify, shape, and police traffic, as well as perform intelligent queuing
Enables scalable service discrimination in the Internet without the need for per-flow state and signaling at every hop
Group flows into aggregates—“A collection of packets crossing a link in a particular direction”
409
IPv4 ToS vs. DS-Field(The ToS Byte Is Re-Defined)
410
DiffServ Architecture
411
Assured Forwarding PHB
Guarantees bandwidth
Allow access to extra bandwidth if available
Four standard classes (af1, af2, af3, af4)
DSCP value range: ”aaadd0” where “aaa is a binary value of the class and “dd” is the drop probability
412
Expedited Forwarding PHB
Guarantees bandwidth with prioritized forwarding
Polices bandwidth—(excess traffic is dropped)
Recommended DSCP value is 101110 (46)
Looks like IP Precedence 5 to non-DS-compliant devices
413
DSCP Usage
DSCP selects the per-hop behavior (PHB) throughout the network:
Default PHB 000000
Class Selector PHB—maps to IP Precedence
Assured forwarding PHB (AF)
Expedited forwarding PHB (EF)
414
DSCP ECNDS Field
DSCP
High Priority = EF = 101110 = 46 Best Effort = 000000 = 0
DROP Precedence
Class #1 Class #2 Class #3 Class #4
Low Drop Precedence
AF11(001010)
10
AF21(010010)
18
AF31011010)
26
AF41(100010)
34
Medium Drop Precedence
AF12(001100)
12
AF22(010100)
20
AF32011100)
28
AF42(100100)
36
High Drop Precedence
AF13(001110)
14
AF23(010110)
22
AF33(011110)
30
AF43(100110)
38
415
MQC—3 Steps to Configure a QoS Policy
1. class-map—Define traffic classes. Apply same class-map to different policies
2. policy-map—Associate policies/actions with each class of traffic
3. service-policy—Attach policies to interfaces (logical or physical) either in input or output
Note: MQC does not equate to CBWFQ CBWFQ is a queuing mechanism configurable via MQC
416
Configuring class-map
Creates a named traffic class
Specifies packet-matching criteria that identifies packets belonging to a class
class-map <class-name>
match <match-criteria>
match not <match-criteria>
match class-map <class name>
417
match-any vs match-all
Define classes consisting of multiple match criteria
class-map match-any <class-name>
match <match-criteria-1> …
match <match-criteria-n>
match-any—When only one match criterion must be met for a packet to match the specified traffic class
match-al—When all match criteria must be met for a packet to match the traffic class. Default when not configured
418
class-map match-any Gold match access-group 101 match dscp EFclass-map match-all Silver match access-group 102
access-list 101 permit ip 10.1.0.0 0.0.0.255 anyaccess-list 102 permit ip 10.2.0.0 0.0.0.255 any
Configuration Example: class-map
419
Implicit pre-existing class—No need to be configured
Contains traffic not matching any user-defined class
Features configurable by referencing class-default directly in a policy-map:
policy-map foo class class-default
<feature>
class-default class
420
Understanding policy-map
Named object representing a set of policies that are to be applied to a set of traffic classes
e.g. Police traffic class to some maximum rate
e.g. Guarantee traffic minimum bandwidth
policy-map <map-name> class <class-map-name-1> <policy-1> <policy-n>
class <class-map-name-n> <policy-n>
421
policy-map wan_policy class Gold bandwidth 512 queue-limit 64 random-detect class Silver bandwidth 256 class class-default fair-queue
Configuration Example: policy-map
422
service-policy Command
Used to attach a policy-map and thereby the associated policies to an interface, subinterface, PVC, etc.
Indicate input or output direction
(config-if)#service-policy {[output | input policy-name]}
423
Hierarchical Policies
Parent PolicyClass-default
Shape
Class 2Bandwidth
Class 1Priority
Child Policy
424
Hierarchical Policies
Configure the child or second-level policy
policy-map child class http bandwidth <bw specification> class ftp
Configure the parent or first-level policy
policy-map parent class class-default shape average <CIR> service-policy child
425
Other MQC Features with shape
With MQC you can use several QoS features simultaneously in the same policy-map
bandwidth—minimum bandwidth guarantee
shape—maximum rate limit (with buffering)
Police—limits traffic rate (no buffering)
Set—marking
Priority—configures LLQ
…
Note: Not all combinations are supported and/or make sense
426
Classification/Marking Options
Ip precedence/DSCP Values
Other Values
Layer 2—802.1Q, ISL, CLP Bit, DE Bit
MPLS—Experimental Bits
NBAR— (L4, dynamic ports)
Traditional—ACLs, qos-group
427
Three Bits Used for CoS(User Priority bits)
Three Bits (3 LSB of User Field) Used for CoS
Standard IPV4: Three MSB Called IP PrecedenceDiffServ: Six MSB Called DSCP Plus Two for ECN
Layer 2802.1Q/p
Layer 2ISL
Layer 3IPV4
Marking and Classification
VersionLength Len ID Offset TTL Proto FCS IP-SA IP-DA Data
Encapsulated Frame
FCSDATAPTSADASFDPREAM.
FCS4 Bytes
ISL Header26 Bytes
TAG4 Bytes
ToS1 Byte
428
Marking Options
Marking Can Be Done via
CAR (Committed Access Rate)
CBpolicing
CBmarking
PBR (Policy Based Routing)
QPPB (QoS Policy Propagation via BGP)
429
Classification Options
router(config-cmap)#match ? access-group Access group any Any packets class-map Class map cos IEEE 802.1Q/ISL class of service/uses priority values
destination-address Destination address input-interface Select an input interface to match
ip IP specific values (prec, dscp, rtp)
mpls Multi Protocol Label Switching specific values
not Negate this match result protocol Protocol qos-group Qos-group source-address Source address
430
Queuing
Queuing + Scheduling = Congestion Management
Buffering packets in queues
Scheduling packets out of the queues
Outbound Packets
Scheduler
Packets inVarious Queues
431
Congestion Management—Queuing and Scheduling
Queuing
Congestion management entails the creation of queues, assignment of packets to those queues based on classification
Scheduling
Congestion management controls congestion by determining the order in which packets are sent from different queues out an interface based on packet priorities.
Scheduling policy specifies how packets of different classes are served with respect to each other. Example scheduling policies include FIFO and WFQ
432
Backpressure
‘Backpressure’ is the term used for the mechanism which triggers the congestion management (queuing and scheduling)
Backpressure comes from
tx-ring of an interface is full
Token-bucket of a shaper is empty
Others (platform specific like tofab queuing on GSR)
433
scheduler
What’s a txQ ?
Every interface has 2 sets of queues Software queues ( FIFO, WFQ, …)
Any type of software queuing other than FIFO is also referred to as FANCY Queuing
Hardware queue ( =TxQ ) which is always FIFO!The TxQ, also called tx-ring, is a FIFO queue in between the scheduler and the interface asic
Software Q 1
Software Q n
Tx-ring
Wire Signal
434
CBWFQ—MQC Config Example
policy-map mypolicy
class multimedia
bandwidth 3000
class www
bandwidth 2250
class ftp
bandwidth 1500
class class-default
bandwidth 750
435
#sh policy-map interface e1/1
Ethernet1/1
Service-policy output: mypolicy
Class-map: multimedia (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
Weighted Fair Queueing
Output Queue: Conversation 264
Bandwidth 3000 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
CBWFQ—MQC Verification
436
Low Latency Queueing (LLQ) aka priority Command
Implements both a minimum and maximum bandwidth guarantee
It is a strict priority queue with a specified amount of available bandwidth
During congestion, LLQ cannot use any excess bandwidth. This is achieved with a conditional, built-in policer
437
policy-map wan_policy
class Gold
priority 512
class Silver
bandwidth 256
class class-default
random-detect
Configuration Example:Low Latency Queuing (LLQ)
show policy-map interface
Verification
438
Policing vs. ShapingT
raff
ic
Time
Traffic Rate
Tra
ffic
Time
Traffic Rate
Policing
Tra
ffic
Time
Traffic RateTraffic Rate
Tra
ffic
Time
Shaping
Data Lost
Data Preserved
439
Ways to Limit Throughput
Common mechanism to meter traffic is a Token Bucket
Policing
CAR, CBpolicing: Token bucket(s), NO queue
Conform/exceed actions are configurable
Traffic Shaping
GTS, FRTS, CBshaping: Token bucket + queue
Conform/exceed actions are always transmit/queue
440
Token Bucket
Bc Tokens are Added Every Tc
The Packets are Sent at Access Speed as Long as There are Enough Tokens
Bc + Be: Is the Maximum Number of Token-bits That you Can Store
Tc=Bc/CIR : Time Interval Between 2 Replenishments of Token Bucket (with Bc tokens)
441
Bc = 1M CIR = 1Mbps
Tc—Interval—Hypothetical Example
Time (s)
Rat
e (M
bp
s)
=> TC = 1s
1 2 3
1
2
Bc Bc
If there is continuous traffic, then on average we achieve a shaped rate of 1M (2M during 1/2s, every second = 1Mbps)
interface rate = 2Mbps
Tc1 Tc2 Tc3
442
Be—Excess Burst
Token Bucket Dimensioning:
Every Tc, we add Bc tokens
Allow the token bucket to grow as deep as Be + Bc if not all Bc tokens are used in an interval Bc
Be
443
Class-Based Shaping
Shaping on a class via MQC (shape command)
Classification with extensive MQC match criteria (e.g. NBAR)
Shaping queue is WFQ, CBWFQ, or LLQ
Two forms:
shape average
shape peak
shape {average | peak} [percent percent] [bc] [be]
444
Average vs. Peak
Difference in number of tokens given per Tc and how excess tokens are accrued:
Average—Bc only is added every Tc to the token bucket
Peak—Bc+Be is added every Tc to the token bucket
(To burst at Bc + Be)
Average rate shaper must be idle for some time to build Be with unused tokens added by Bc
Peak rate shaper gets increment of Bc + Be per Tc and does not need to be idle
445
CBShaping: shape average
policy-map SHAPING class AF shape average 241000
Router# show policy interface Serial 3/0
…
Traffic Shaping
Target Byte Sustain Excess Interval Increment Adap
Rate Limit bits/int bits/int (ms) (bytes) Active
241000 1928 7712 7712 32 964 -
Queue Packets Bytes Packets Byte
Depth Delayed Delayed Active
41 3980 978872 3967 975686 yes
446
CBpolicing—Actions
R2(config-pmap-c)#police 30000 conform-action ?
drop drop packet
exceed-action action when rate is within conform and
conform + exceed burst
set-clp-transmit set atm clp and send it
set-discard-class-transmit set discard-class and send it
set-dscp-transmit set dscp and send it
set-frde-transmit set FR DE and send it
set-mpls-exp-imposition-transmit set exp at tag imposition and send it
set-mpls-exp-topmost-transmit set exp on topmost label and send it
set-prec-transmit rewrite packet precedence and send it
set-qos-transmit set qos-group and send it
transmit transmit packet
447
Multi-Action Policers
Two or more set parameters as a conform, exceed or violate action
policy-map QOS class class-default police cir 80000 pir 100000 conform-action transmit exceed-action set-prec-transmit 4 exceed-action set-frde-transmit violate-action set-prec-transmit 2 violate-action set-frde-transmit
448
Hierarchical Policer
Policy Map outer_police Class class-default police cir 110000 bc 5000 be 5000 conform-action transmit exceed-action drop violate-action drop service-policy inner_police
Policy Map inner_police Class ef police cir 10000 bc 1500 conform-action transmit exceed-action drop
449
Trust Boundaries
Trust Boundary
Endpoints Access Distribution CoreWAN
Aggregation
1
2
3
A device is trusted if it correctly classifies packets For scalability, classification should be done as close to the edge as possible The outermost trusted devices represent the trust boundary and are optimal, is acceptable (if the access switch cannot perform classification)1 2 3
450
Catalyst Qos—Gotchas
Understand the concept of (un)trusted ports
‘mls qos’ needs to be enabled first in global config mode
Most catalysts have their own CLI for configuring various features (e.g. queuing)—not always MQC!
Every catalyst model has its own restrictions and qos featureset
Be familiar with 3550 and 3560 specific implementations
Read UCD!
451
WRR Queuing with WRED (Gig Only) or Tail-Drop (Default)
Optional Expedite Queue
Identify and Class Traffic with an Internal DSCP or Trust Existing QoS Value and Map to Internal DSCP
Done on a per Interface Basis
Classification/Reclassification
Policing Marking
Queue/Schedule
Congestion Control
QoS Actions at Ingress
QoS Actions at Egress
Catalyst QoS: Catalyst 3550 Operation
452
QOS—3560 Switch
Packets are assigned an internal QoS label
Queuing is done via SRR (Shaped Round Robin)
Classify
Policer
Policer
Policer
Policer
Marker
Marker
Marker
Marker
IngressQueues
EgressQueues
SRRSRR
453
References
End-to-End QoS Network Design Quality of Service in LANs, WANs, and VPNs, by Tim Szigeti, Christina Hattingh
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/index.htm
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/index.htm
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/index.htm
www.cisco.com/go/qos
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 454
Q and A
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 455
Session 10:
Troubleshooting
456
Agenda
Overview
Troubleshooting approach
Sample scenario
Sample lab question
457
Overview
“The minimally qualified Routing and Switching CCIE can abstract functional elements of a complex network environment, understand how infrastructure components interoperate, grasp subtle issues, perceive problem areas, and quickly resolve problems. The expert’s fluency makes them ideally suited for configuring and validating implementations, troubleshooting critical network issues, and participating in network design teams.”
Definition of a Minimum Qualified R&S CCIE Candidate (from the
Exam Design Session)
458
Troubleshooting Approach
When analyzing a problem you should consider the following facts:
Make sure you have a clear definition of the problem.
Gather all the relevant facts and consider the likely possibilities.
Create and implement an action plan and then observe the results.
If the symptoms do not stop try another action plan and gather additional facts. If you try one thing and it doesn’t work you should take that configuration or feature off. In case you make the situation worse, always keep the basic and get back to a known position.
If the symptoms do stop, document how you fixed the problem.
459
Sample TS Lab Scenario
E0/0
S0/0
Frame Relay
R5
R4
R3
R2
EIGRP 10
OSPF Area 0
R1R6
OSPF Area 3
R8
R7
R9
OSPF Area 1NSSA
OSPFArea 2Stub
E0/0
E0/0
E0/0E0/0
E0/0
E0/0
E1/0
E1/0
E2/0
E2/0
S0/0S0/0
S1/0DCE
S1/0
NetworkYY.YY.0.0/16
.1.49/28.1.50/28
.1.18/29
.1.19/29
.1.17/29
.0.10/30.0.9/30
.1.33/28
.1.34/28
.0.65/28
.0.66/28
E1/0
.0.97/28.0.98/28
.0.112/28
.0.113/28
.0.81/28
.0.82/28
Lo0= .0.4/32
Lo0= .0.1/32
Lo0= .1.3/32
Lo0= .1.2/32
Lo0= .1.1/32
Lo0= .0.3/32
Lo0= .0.2/32
Lo0= .1.5/32
Lo0= .1.4/32
460
Sample TS Lab Scenario (Cont.)
R1R6
R8
Lo0: 2001:404:200::1S2/0: 2001:303:100::1
Lo0: 2001:200:208::8E0/0: 2001:308:806::8
E1/0: 2001:300:608::6
OSPFv3
EIGRPv6
Lo0: 2001:333:600::6S2/0: 2001:303:100::6
IPv6 topology
461
Sample TS Lab Scenario (Cont.)
Incident 8Router R1 cannot ping the IPv6 route 2001:200:208::8. 1 fault - Score: 2 Points
Issue:R1#ping ipv6 2001:200:208::8<…>..... IPv6 ping failsSuccess rate is 0 percent (0/5)Verification:R1#ping ipv6 2001:200:208::8!!!!! IPv6 ping success
Possible cause(s)• Address configuration• Routing protocols configuration• Redistribution configuration• Other?
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicTECCCIE-3000_c3 462
Q and A