You are on page 1of 362

10101010101010101101010101010101011010101010101010110101010101010101010101010101011010101010101010 11010101010101010110101010101010101010101010101011010101010101010110101010101010101101010101010101

01010101010101011010101010101010110101010101010101101010101010101010101010101010110101010101010101 10101010101010101101010101010101010101010101010110101010101010101101010101010101011010101010101010 10101010101010101101010101010101011010101010101010110101010101010101010101010101011010101010101010 11010101010101010110101010101010101010101010101011010101010101010110101010101010101101010101010101 01010101010101011010101010101010110101010101010101101010101010101010101010101010110101010101010101 10101010101010101101010101010101010101010101010110101010101010101101010101010101011010101010101010 10101010101010110101010101010101101010101010101011010101010101010101010101010101101010101010101011 01010101010101011010101010101010101010101010101101010101010101011010101010101010110101010101010101 01010101010101101010101010101011010101010101010110101010101010101010101010101011010101010101010110 10101010101010110101010101010101010101010101011010101010101010110101010101010101101010101010101010 10101010101011010101010101010110101010101010101101010101010101010101010101010110101010101010101101 01010101010101101010101010101010101010101010110101010101010101101010101010101011010101010101010101 01010101010110101010101010101101010101010101011010101010101010101010101010101101010101010101011010 10101010101011010101010101010101010101010101101010101010101011010101010101010110101010101010101010 10101010101101010101010101011010101010101010110101010101010101010101010101011010101010101010110101 01010101010110101010101010101010101010101011010101010101010110101010101010101101010101010101010101 01010101011010101010101010110101010101010101101010101010101010101010101010110101010101010101101010 10101010101101010101010101010101010101010110101010101010101101010101010101011010101010101010101010 10101010110101010101010101101010101010101011010101010101010101010101010101101010101010101011010101 01010101011010101010101010101010101010101101010101010101011010101010101010110101010101010101010101 01010101101010101010101011010101010101010110101010101010101010101010101011010101010101010110101010 10101010110101010101010101010101010101011010101010101010110101010101010101101010101010101010101010 10101011010101010101010110101010101010101101010101010101010101010101010110101010101010101101010101 01010101101010101010101010101010101010110101010101010101101010101010101011010101010101010101010101 01010110101010101010101101010101010101011010101010101010101010101010101101010101010101011010101010 10101011010101010101010101010101010101101010101010101011010101010101010110101010101010101010101010 10101101010101010101011010101010101010110101010101010101010101010101011010101010101010110101010101 01010110101010101010101010101010101011010101010101010110101010101010101101010101010101010101010101 01011010101010101010110101010101010101101010101010101010101010101010110101010101010101101010101010 10101101010101010101010101010101010110101010101010101101010101010101011010101010101010101010101010 10110101010101010101101010101010101011010101010101010101010101010101101010101010101011010101010101 01011010101010101010101010101010101101010101010101011010101010101010110101010101010101010101010101 01101010101010101011010101010101010110101010101010101010101010101011010101010101010110101010101010 10110101010101010101010101010101011010101010101010110101010101010101101010101010101010101010101010 11010101010101010110101010101010101101010101010101010101010101010110101010101010101101010101010101 01101010101010101010101010101010110101010101010101101010101010101011010101010101010101010101010101 10101010101010101101010101010101011010101010101010101010101010101101010101010101011010101010101010 11010101010101010101010101010101101010101010101011010101010101010110101010101010101010101010101011 01010101010101011010101010101010110101010101010101010101010101011010101010101010110101010101010101 10101010101010101010101010101011010101010101010110101010101010101101010101010101010101010101010110 10101010101010110101010101010101101010101010101010101010101010110101010101010101101010101010101011 01010101010101010101010101010110101010101010101101010101010101011010101010101010101010101010101101 01010101010101101010101010101011010101010101010101010101010101101010101010101011010101010101010110 10101010101010101010101010101101010101010101011010101010101010110101010101010101010101010101011010 10101010101011010101010101010110101010101010101010101010101011010101010101010110101010101010101101 01010101010101010101010101011010101010101010110101010101010101101010101010101010101010101010110101 01010101010110101010101010101101010101010101010101010101010110101010101010101101010101010101011010 10101010101010101010101010110101010101010101101010101010101011010101010101010101010101010101101010 10101010101101010101010101011010101010101010101010101010101101010101010101011010101010101010110101 01010101010101010101010101101010101010101011010101010101010110101010101010101010101010101011010101 01010101011010101010101010110101010101010101010101010101011010101010101010110101010101010101101010 10101010101010101010101011010101010101010110101010101010101101010101010101010101010101010110101010 10101010110101010101010101101010101010101010101010101010110101010101010101101010101010101011010101 Copyright © INE, Inc. All rights reserved. 01010101010101010101010110101010101010101101010101010101011010101010101010101010101010101101010101 01010101101010101010101011010101010101010101010101010101101010101010101011010101010101010110101010

*/&
CCNP Bootcamp

E x p e r t s a t M a k i n g Yo u a n E x p e r t

CCNP Bootcamp Introduction

Instructor Introduction • Brian McGahan, CCIE #8593
• • • • MCSE NT 4.0, CCNA, CCNP CCIE Routing and Switching - 2002 CCIE Service Provider - 2006 CCIE Security - 2007

– bmcgahan@ine.com

Copyright © www.INE.com

Asking Questions
• Cisco NDA Agreement • Questions In Class
– Participation is key

• Offline Questions
– Blog
• http://blog.INE.com

– Online Community
• http://www.IEOC.com • Web forum / mailing lists
Copyright © www.INE.com

Class Timing • • • • Start daily at 9am 10 minute break ~ every 50 minutes 1 hour lunch break at noon Class ends ~ 5pm

Copyright © www.INE.com

Class Objectives
• CCNP “validates the ability to plan, implement, verify and troubleshoot local and wide-area enterprise networks and work collaboratively with specialists on advanced security, voice, wireless and video solutions.” • Class goal not just pass the test, but to understand the technologies!

Copyright © www.INE.com

CCNP Prerequisites
• Valid CCNA Certification • Basic knowledge of…
– OSI model – TCP/IP – Layer 2 technologies
• Ethernet, Frame Relay, PPP, WIFI

– Layer 3 technologies
• IP Routing, RIPv2, EIGRP, OSPF

– Misc.
• DHCP, DNS, ACLs, etc.
Copyright © www.INE.com

CCNP Exam Blueprint
• www.cisco.com/go/ccnp • Exam Topics • Exam Tutorial
– Review type of exam questions

Copyright © www.INE.com

Class Schedule
• SWITCH
– – – – – – – – – – – Campus Network Design VLANs Trunking VTP Spanning-Tree Protocol EtherChannel Inter-VLAN Routing First Hop Redundancy Protocols Wireless Layer 2 Security Layer 2 VoIP

Copyright © www.INE.com

Class Schedule (cont.)
• ROUTE
– – – – – – – – IP Routing Overview EIGRP OSPF Routing Features BGP IPv6 Routing Redistribution VPN/GRE

Copyright © www.INE.com

Class Schedule (cont.) • TSHOOT
– Troubleshooting Tools – LAN Troubleshooting – IGP Troubleshooting – BGP Troubleshooting – IPv6 Troubleshooting – IP Services & Security Troubleshooting
Copyright © www.INE.com

Recommended Readings
• General networking
– TCP/IP Illustrated, Volume 1: The Protocols – Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture – Interconnections: Bridges, Routers, Switches, and Internetworking Protocols

• CCNP specific
– Authorized self study – Exam certification guide

• Cisco in depth
– Cisco LAN Switching – Routing TCP/IP Volumes I & II – Cisco documentation
Copyright © www.INE.com

CCNP Hardware • Building a home lab • Renting rack time • Dynamips/PEMU/GNS3

Copyright © www.INE.com

INE.com .General Q&A Copyright © www.

Inc www.Internetwork Expert’s CCNP Bootcamp Hierarchical Campus Network Design Overview http://www.com .com Copyright © 2010 Internetwork Expert www. and troubleshoot by promoting deterministic traffic patterns. understand.INE.com Hierarchical Campus Network Design Overview • Per Cisco. The modular design makes the network easy to scale.INE.INE. a three layer “hierarchical model to design a modular topology using scalable ‘building blocks’ that allow the network to meet evolving business needs.” • The building blocks are… – Access layer – Distribution layer – Core (backbone) layer Copyright © 2010 Internetwork Expert.

Inc www.com Why Building Blocks? • Easy to replicate. fault isolation. Inc www.INE.Campus Network Example Copyright © 2010 Internetwork Expert.com . redesign.INE.INE. and management Copyright © 2010 Internetwork Expert. and expand • No need to redesign entire network when a block is added or removed • Can be added and removed without impacting the rest of the network • Eases troubleshooting.com Copyright © 2010 Internetwork Expert www.

g. etc. etc.) Security (802.The Access Layer • Point of entry for end nodes into the network – e.com .1x.3ad) – Load balancing – Topology summarization Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www. IP phones. printers. Inc www. DAI. etc.INE. port security.) Multicast traffic management (IGMP Snooping) Inline power Copyright © 2010 Internetwork Expert.INE. but can also be Layer 3 Switches • Multiple connections to Distribution Layer for redundancy • Offers services such as… – – – – – Broadcast domain segmentation (VLANs) QoS (marking. Inc www. policing. desktops. • Typically comprised of Layer 2 Switches.INE.com The Distribution Layer • Aggregates access layer switches • Typically comprised of Layer 3 Switches • Multiple connections to upstream to Core and downstream to Access • Offers services such as – Gateway redundancy (HSRP/VRRP/GLBP) – Bandwidth aggregation (EtherChannel/802.

com Copyright © 2010 Internetwork Expert www.INE. Inc www.INE.The Core Layer • Backbone of the network – Must be fast and reliable as all other blocks depend on it • Typically hardware accelerated Layer 3 Switches • Offers services such as – Wire speed forwarding – Fast convergence around a link or node failure – Efficient bandwidth utilization Copyright © 2010 Internetwork Expert.com . we must understand what role different devices play in the network • Devices such as… – Hubs/Repeaters – Layer 2 Bridges/Switches – Layer 3 Routers – Layer 3/Layer 4 Switches Copyright © 2010 Internetwork Expert.com Network Device Roles • To understand how the layers interact.INE. Inc www.

e.com .e. Ethernet CSMA/CD Half-Duplex transmission – Broadcast domain Copyright © 2010 Internetwork Expert.INE. “multiport repeater” • Typically unintelligent and unmanaged – Does not inspect frame at all before forwarding – Accepts no user-defined configuration • Devices connected to a hub are in the same… – Collision domain • i.Hubs & Repeaters • Work at layer 1 of OSI model • When a frame is received it is sent back out all ports – i.INE. Inc www. “frames” are forwarded based on destination layer 2 MAC address – “CAM” table used for decisions – Other types of switches such as Frame Relay & ATM use similar logic • Does not rewrite anything in the frame when forwarding • Switches are hardware accelerated bridges – ASICs for specific forwarding jobs • Devices connected to a bridge/switch are… – in the same broadcast domain – not in the same collision domain • i.com Copyright © 2010 Internetwork Expert www.com Layer 2 Bridges & Switches • Work at layer 2 of OSI model • Can be managed or unmanaged • For Ethernet.e.INE. Full-Duplex transmission Copyright © 2010 Internetwork Expert. Inc www.

INE.INE.com Copyright © 2010 Internetwork Expert www.FFFF) is received.com Layer 2 Switching Design Problems • Ethernet networks used to have scalability limitations based on the collision domain size – Half-Duplex CSMA/CD – Physical network delay vs.FFFF. Inc www.INE. it is sent out all ports in the “broadcast domain” except the one it came in on • Unmanaged bridges/switches – All ports in the same broadcast domain • Managed switches – Uses Virtual LANs (VLANs) to group ports into different broadcast domains – Frames within the same VLAN are Layer 2 switched – Packets between VLANs must be Layer 3 routed Copyright © 2010 Internetwork Expert. FFFF.com . Inc www.Layer 2 Broadcast Domains • Defines which devices can communicate directly at layer 2 • When a broadcast frame (i. collision detection window • Layer 2 switches segment the collision domain on a per-port basis to solve this • Layer 2 switches still have scalability issues based on total hosts in the network and hosts per broadcast domain Copyright © 2010 Internetwork Expert.e.

FFFF • Larger the broadcast domain.000 MAC addresses per CAM per switch • Even access layer switches! • When CAM is full. are directly addressable via FFFF.com Broadcast Domain Limitations • Devices in the same VLAN.CAM Table Limitations • Switches use the MAC address (CAM) table to do destination based switching • CAM table cannot be summarized like IP routing – 50.g. more likelihood of a “broadcast storm” – So much broadcast traffic network is unusable • Can happen for legitimate or illegitimate reasons – e.INE. Inc www.INE.com .com Copyright © 2010 Internetwork Expert www. Fraggle attack • Limiting hosts per VLAN limits broadcast domain size – Usually one VLAN per /24 IP subnet is a good rule Copyright © 2010 Internetwork Expert. Inc www. or everyone in a flat network. 50. ARP storm vs. switch acts like a hub – Forwards all new frames like broadcasts – Used in flooding attacks such as macof • Layer 3 routing segments the MAC flooding domain Copyright © 2010 Internetwork Expert.FFFF.000 hosts in the network.INE.

packet routed between Ethernet and HDLC • Normally does not modify layer 3 packet header – Exceptions such as NAT • All router links are in separate collision and broadcast domains • Software based forwarding Copyright © 2010 Internetwork Expert. IPv4 address.INE. Inc www.com .com Copyright © 2010 Internetwork Expert www.com Layer 3 Switches • The same as Layer 3 Routers.g.INE. Inc www.g.Layer 3 Routers • Work at layer 3 of OSI model • “Packets” are forwarded based on destination layer 3 address – e. but layer 2 packet rewrite is hardware accelerated with ASICs • Rewrite process is called “switching path” – Process switching • CPU interrupt based (slowest) – Fast switching • Flow based rewrite cache – Netflow switching • Previously called Multi-Layered Switching (MLS) – Cisco Express Fowarding (CEF) switching • Pre-built adjacency table (fastest) • Layer 3 Switching & MLS today is effectively hardware based CEF Copyright © 2010 Internetwork Expert. IPv6 address – routing table used for decisions • Rebuilds layer 2 frame header at every hop – e.INE.

Layer 3/Layer 4 Switches • Layer 3 devices make decision based only on destination layer 3 address • In some cases where multiple equal-cost paths are available.g.INE.com Copyright © 2010 Internetwork Expert www.com .com/web/gohttps://www.scribd.com/designzone – Previously SRNDs • Enterprise Campus 3.com Further Reading • Cisco Validated Design program – http://www. Inc www. HTTP flow vs. Inc www.INE.cisco.INE. but adds more optimal resource utilization Copyright © 2010 Internetwork Expert.0 Architecture: Overview and Framework • Campus Network for High Availability Design Guide • High Availability Campus Recovery Analysis Design Guide Copyright © 2010 Internetwork Expert. some paths are underutilized – AKA “CEF polarization” • Layer 4 switching adds TCP/UDP src/dst port information into CEF input in order to vary output – e. FTP flow between same 2 hosts can follow different forwarding path • Still hardware accelerated for performance.

com .com Copyright © 2010 Internetwork Expert www.INE. Trunking. & VTP http://www.INE. Inc www.INE.com VLANs Overview • Virtual Local Area Network • Hosts in the same VLAN share the same broadcast domain – Switches create a separate CAM table per VLAN – Traffic inside the VLAN is layer 2 switched – Traffic to outside or between VLANs must be layer 3 routed • Can span multiple physical switches – “VLAN Trunks” or simply “Trunks” carry traffic for multiple VLANs between switches on uplinks Copyright © 2010 Internetwork Expert.Internetwork Expert’s CCNP Bootcamp VLANs.

sales. etc.1Q standard • Normal VLANs 1-1005 – 1 – Default Ethernet VLAN – 1002/1004 – Default FDDI VLANs – 1003/1005 – Default Token Ring VLANs • Extended VLANs 1006-4094 – More on this later… Copyright © 2010 Internetwork Expert.g. • In newer designs. hosts in the same VLAN were grouped by role.INE. not physical location – e. Inc www.INE. VLAN definitions should typically exist based on physical location – e.com Copyright © 2010 Internetwork Expert www.com VLAN Numbering • VLAN membership defined by number • 12-bit field (0-4095) – 0 & 4095 reserved per 802. accounting.VLAN Design Recommendations • Previously. one VLAN per subnet per access switch • Old 80/20 rule is really more 20/80 rule now Copyright © 2010 Internetwork Expert.g. Inc www.com .INE.

com Creating VLANs in Database Mode SW1#vlan database % Warning: It is recommended to configure VLAN from config mode.dat • VLANs can be added. SW1# Copyright © 2010 Internetwork Expert. Inc www.com . Exiting.. Inc www.com Copyright © 2010 Internetwork Expert www.INE. SW1(vlan)#vlan 10 name ACCOUNTING VLAN 10 added: Name: ACCOUNTING SW1(vlan)#exit APPLY completed.INE.Creating VLANs • Cisco IOS based switches store VLAN information in flash in the VLAN database – vlan. deleted. as VLAN database mode is being deprecated... and modified in two ways – Exec mode VLAN database mode • Being deprecated but still supported on some platforms – Global configuration Copyright © 2010 Internetwork Expert.INE. Please consult user documentation for configuring VTP/VLAN in config mode.

INE. Fa0/4 Fa0/5.50-55 SW1(config-vlan)#end SW1# End with CNTL/Z.INE.------------------------------1 default active Fa0/1.com Copyright © 2010 Internetwork Expert www. one per line. Fa0/12 Fa0/13. Gi0/2 10 ACCOUNTING active 20 SALES active 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 51 VLAN0051 active 52 VLAN0052 active 53 VLAN0053 active 54 VLAN0054 active 55 VLAN0055 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Copyright © 2010 Internetwork Expert. Fa0/11. Fa0/2. Fa0/15.40. Fa0/10. Fa0/22 Fa0/23. Fa0/6. Fa0/8 Fa0/9. Fa0/7.-------------------------------.INE. Inc www. Gi0/1.--------. Inc www. Fa0/24. Fa0/3. Copyright © 2010 Internetwork Expert. Fa0/14. SW1(config)#vlan 20 SW1(config-vlan)#name SALES SW1(config-vlan)# SW1(config-vlan)#exit SW1(config)#vlan 30.Creating VLANs in Global Config SW1#config t Enter configuration commands.com VLAN Verification SW1#show vlan brief VLAN Name Status Ports ---.com .

INE.3/24 Fa0/0 Fa0/0 R1 R3 Copyright © 2010 Internetwork Expert.INE. Inc www. Inc www.com . membership is assigned at the port level • Layer 2 “switchports” generally fall into three categories – Access Switchports • One VLAN per port – Trunk Switchports • Multiple VLANs per port – Dynamic Switchports • Automatically choose access or trunk Copyright © 2010 Internetwork Expert.INE.1/24 10.0.com Copyright © 2010 Internetwork Expert www.VLAN Membership • Once VLANs are created.0.0.0.com Access Ports Example SW1 Fa0/1 VLAN 10 Fa0/3 10.

Fa0/24 Gi0/1. Fa0/9. Fa0/6 Fa0/7.1 255.255.0.-------------------------------. Fa0/12.INE. Fa0/13.255.3 255.0.com . Fa0/5.--------.255. Fa0/23.INE. Inc www.255.0 SW1# interface FastEthernet0/1 switchport access vlan 10 switchport mode access ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access Copyright © 2010 Internetwork Expert. Fa0/14 Fa0/15. Gi0/2 10 ACCOUNTING active Fa0/1.INE. Fa0/22. Fa0/3 20 SALES active 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 51 VLAN0051 active 52 VLAN0052 active 53 VLAN0053 active 54 VLAN0054 active 55 VLAN0055 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Copyright © 2010 Internetwork Expert. Fa0/8.0 R3# interface FastEthernet0/0 ip address 10.com Copyright © 2010 Internetwork Expert www.0.0.com Access Port Verification SW1#show vlan brief VLAN Name Status Ports ---. Fa0/10 Fa0/11.------------------------------1 default active Fa0/2. Inc www. Fa0/4.Basic Access Port Configuration R1# interface FastEthernet0/0 ip address 10.

) SW1#show interfaces Fa0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 10 (ACCOUNTING) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert.1Q headers are added to include this information Copyright © 2010 Internetwork Expert.INE.INE. Inc www.com .Access Port Verification (cont. but can also be… – Switch to router – Switch to server • Traffic sent over a trunk link receives special trunking encapsulation – Normal Ethernet header does not have a field for VLAN number – ISL or 802. Inc www.com VLAN Trunks • Trunk links are used to transport traffic for multiple VLANs between devices • Typically between two switches.com Copyright © 2010 Internetwork Expert www.INE.

1Q • IEEE standard • 4-byte tag except for “native” VLAN • Modifies original frame – See Inter-Switch Link and IEEE 802.INE.com ISL Trunking • Inter-Switch Link • Cisco proprietary • 30-byte encapsulation overhead – 26-byte header – 4-byte trailer (FCS) • Supports Ethernet.1Q Frame Format for more info Copyright © 2010 Internetwork Expert.INE. Inc www. and FDDI – Legacy now but originally important • Becoming deprecated from many newer platforms Copyright © 2010 Internetwork Expert. Token Ring.com Copyright © 2010 Internetwork Expert www.1Q accomplish the same goal of encoding VLAN number in frame header to separate traffic • The key differences are… – ISL • Cisco proprietary • 30-byte encapsulation for all frames • Does not modify original frame – 802.com .Trunking Encapsulations • Both ISL and 802. Inc www.INE.

0.0.802.2/24 VLAN 10 R4 Fa0/0 10.0.INE.com .3/24 Fa0/0 Fa0/0 R1 Copyright © 2010 Internetwork Expert.0. Inc www.1Q Trunking • AKA “dot1q” • IEEE standard • 4-byte tag overhead – Inserts 4-byte tag between src/dst MAC and len/ethertype fields – Rebuilds trailer (FCS) since frame is modified • “Native” VLAN support – Sent as normal untagged Ethernet frames • QinQ support – Multiple tags on a single frame – Used for layer 2 VPNs in Metro Ethernet – Similar logic to how MPLS VPNs work • Generally more preferred because of interoperability Copyright © 2010 Internetwork Expert.1/24 10. Inc www.com Trunking Example R2 Fa0/0 10.0.0.INE.com R3 Copyright © 2010 Internetwork Expert www.0.0.4/24 Fa0/2 Fa0/4 SW2 Fa0/13 Fa0/13 SW1 Fa0/1 VLAN 10 Fa0/3 10.INE.

0.0.INE.10 SW1#show interface Fa0/13 switchport Name: Fa0/13 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.255.4 255.255.com ISL Trunking Verification SW1#show interface trunk Port Fa0/13 Port Fa0/13 Port Fa0/13 Port Fa0/13 Mode on Encapsulation isl Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1.INE.0.3 255.255.0 R4# interface FastEthernet0/0 ip address 10.0. Inc www.255.com .0 R3# interface FastEthernet0/0 ip address 10.0.1 255.255.10 Vlans in spanning tree forwarding state and not pruned 1.2 255.INE.0.255.ISL Trunking Configuration R1# interface FastEthernet0/0 ip address 10. Inc www.0.255.0 SW1# interface FastEthernet0/1 switchport access vlan 10 switchport mode access ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport trunk encapsulation isl switchport mode trunk SW2# interface FastEthernet0/2 switchport access vlan 10 switchport mode access ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport trunk encapsulation isl switchport mode trunk Copyright © 2010 Internetwork Expert.255.0 R2# interface FastEthernet0/0 ip address 10.0.

1 255.com Copyright © 2010 Internetwork Expert www.255.0.INE.0.2 255.INE.255.0.0 R3# interface FastEthernet0/0 ip address 10.3 255.255.255.1Q Trunking Configuration R1# interface FastEthernet0/0 ip address 10.255.0.255.255.0.0 R2# interface FastEthernet0/0 ip address 10.4 255.0.802.255.0.0.0 R4# interface FastEthernet0/0 ip address 10. Inc www.0 SW1# interface FastEthernet0/1 switchport access vlan 10 switchport mode access ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk SW2# interface FastEthernet0/2 switchport access vlan 10 switchport mode access ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk Copyright © 2010 Internetwork Expert.com 802.com .INE.10 Vlans in spanning tree forwarding state and not pruned none SW1#show interfaces fa0/13 switchport Name: Fa0/13 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert.1Q Trunking Verification SW1#show interfaces trunk Port Fa0/13 Port Fa0/13 Port Fa0/13 Port Fa0/13 Mode on Encapsulation 802.1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1. Inc www.

INE.INE.1Q trunk – Access port • Configured as switchport mode dynamic [auto|desirable] • Disabled with switchport nonegotiate or switchport mode access Copyright © 2010 Internetwork Expert.com Dynamic Trunking Config & Verification SW1# interface FastEthernet0/13 switchport mode dynamic desirable SW2# interface FastEthernet0/13 switchport mode dynamic auto SW1#show interfaces trunk Port Fa0/13 Port Fa0/13 Port Fa0/13 Port Fa0/13 Mode desirable Encapsulation n-isl Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1. in order… – ISL trunk – 802.INE.com Copyright © 2010 Internetwork Expert www. Inc www. Inc www.Dynamic Switchports • Dynamic switchports automatically choose whether to run in access or trunking mode • Runs Dynamic Trunking Protocol (DTP) to negotiate.com .10 Vlans in spanning tree forwarding state and not pruned none SW2#show interfaces trunk Port Fa0/13 Port Fa0/13 Port Fa0/13 Port Fa0/13 Mode auto Encapsulation n-isl Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1.10 Vlans in spanning tree forwarding state and not pruned none Copyright © 2010 Internetwork Expert.

com Copyright © 2010 Internetwork Expert www. Inc www. Inc www.com Dynamic Trunking Verification (cont.) SW2#show interfaces fa0/13 switchport Name: Fa0/13 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: trunk Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: isl Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert.INE.) SW1#show interfaces fa0/13 switchport Name: Fa0/13 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: trunk Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: isl Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert.com .INE.Dynamic Trunking Verification (cont.INE.

INE.com Allowed List Example Copyright © 2010 Internetwork Expert.INE. Inc www.Trunk Port VLAN Membership • By default.com .com Copyright © 2010 Internetwork Expert www. Inc www. trunk ports carry traffic for all VLANs – Called trunk “allowed list” • VLANs can be manually filtered off the trunk by removing from the allowed list • Used to reduce… – Broadcast transmission – Unknown unicast/multicast transmission – Spanning-Tree overhead • More on this later… Copyright © 2010 Internetwork Expert.INE.

Inc www.Allowed List Configuration SW1# interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10 switchport mode trunk ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20 switchport mode trunk SW2# interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10 switchport mode trunk SW3# interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20 switchport mode trunk Copyright © 2010 Internetwork Expert.com .1q Status trunking trunking Native vlan 1 1 Vlans allowed on trunk 10 20 Vlans allowed and active in management domain 10 20 Vlans in spanning tree forwarding state and not pruned 10 20 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.1q 802.com Allowed List Verification SW1#show interfaces trunk Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Mode on on Encapsulation 802. Inc www.INE.INE.INE.

managing VLAN numbers and trunk allowed lists involves large administrative overhead • VTP solves this administration problem Copyright © 2010 Internetwork Expert. name.INE. VLAN numbers must be consistent and inter-switch links must run trunking • As layer 2 network size grows.com . removal.com Copyright © 2010 Internetwork Expert www. etc.INE.VLAN Administration • In order for devices to be in the same broadcast domain.com VTP Overview • VLAN Trunk Protocol • Cisco proprietary • Used to dynamically… – Advertise addition.INE. modification of VLAN properties • Number. Inc www. – Negotiate trunking allowed lists • “VTP Pruning” • Does not affect actual VLAN assignments – Still manually needed with switchport access vlan [vlan] Copyright © 2010 Internetwork Expert. Inc www.

com Copyright © 2010 Internetwork Expert www.INE. Inc www.How VTP Works • VTP Domain – To exchange information.INE.INE. Inc www.com . switches must belong to the same domain • VTP Mode – Controls who can advertise new/modified information – Modes are… • Server • Client • Transparent • VTP Revision Number – Sequence number to ensure consistent databases – Higher revision indicates newer database Copyright © 2010 Internetwork Expert.com VTP Domains • VTP domain name controls which devices can exchange VTP advertisements • VTP domain does not define broadcast domain – Switches in different VTP domains that share same VLAN numbers hosts’ are still in the same broadcast domain • Configured as vtp domain [name] • Defaults to null value – Switch inherits VTP domain name of first advertisement it hears Copyright © 2010 Internetwork Expert.

INE. Inc www.INE. remove. installs them. and passes them on • Configured as vtp mode client Copyright © 2010 Internetwork Expert.VTP Server Mode • Default mode • Allows addition.com VTP Client Mode • Cannot add. and modification of VLAN information • Changes on server overwrite the rest of the domain • Configured as vtp mode server Copyright © 2010 Internetwork Expert.INE.com . or modify VLAN information • Listens for advertisements originated by a server.com Copyright © 2010 Internetwork Expert www. deletion. Inc www.

VTP Transparent Mode • Keeps a separate VTP database from the rest of the domain • Does not originate advertisements • “Transparently” passes received advertisements through without installing them • Needed for some applications like Private VLANs • Configured as vtp mode transparent
Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Security • VTP susceptible to attacks or misconfiguration where VLANs are deleted
– Access ports in a VLAN that does not exist cannot forward traffic

• MD5 authentication prevents against attack
– vtp password [password]

• Does not prevent against misconfiguration
– VTP transparent mode recommendation
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Example

Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Configuration
SW1# vtp mode server vtp domain CISCO vtp password VTPPASS vlan 10,20,30,40,50-55 SW2# vtp mode client vtp domain CISCO vtp password VTPPASS SW3# vtp mode client vtp domain CISCO vtp password VTPPASS SW4# vtp mode client vtp domain CISCO vtp password VTPPASS

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Verification
SW1#show vtp status VTP Version : 2 Configuration Revision : 7 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xB0 0x6D 0xC8 0xD8 0x1C 0x45 0xD8 0x60 Configuration last modified by 0.0.0.0 at 3-1-93 13:30:42 Local updater ID is 0.0.0.0 (no valid interface found) SW2#show vtp status VTP Version : 2 Configuration Revision : 7 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xB0 0x6D 0xC8 0xD8 0x1C 0x45 0xD8 0x60 Configuration last modified by 0.0.0.0 at 3-1-93 13:30:42

Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Verification (cont.)
SW3#show vtp status VTP Version : 2 Configuration Revision : 7 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xB0 0x6D 0xC8 0xD8 0x1C 0x45 0xD8 0x60 Configuration last modified by 0.0.0.0 at 3-1-93 13:30:42 SW4#show vtp status VTP Version : 2 Configuration Revision : 7 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xB0 0x6D 0xC8 0xD8 0x1C 0x45 0xD8 0x60 Configuration last modified by 0.0.0.0 at 3-1-93 13:30:42

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Verification (cont.)
SW1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/14, Fa0/15 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 VLAN0010 active Fa0/1, Fa0/3 20 VLAN0020 active 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 51 VLAN0051 active 52 VLAN0052 active 53 VLAN0053 active 54 VLAN0054 active 55 VLAN0055 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Verification (cont.)
SW4#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2 10 VLAN0010 active 20 VLAN0020 active 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 51 VLAN0051 active 52 VLAN0052 active 53 VLAN0053 active 54 VLAN0054 active 55 VLAN0055 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Transparent Configuration
SW1# vtp mode server vtp domain CISCO no vtp password vlan 10,20,30,40,50-55 SW2# vtp mode client vtp domain CISCO no vtp password SW3# vtp mode transparent vtp domain CISCO no vtp password no vlan 10,20,30,40,50-55 vlan 3,33,333,3333 SW4# vtp mode client vtp domain CISCO no vtp password

Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Transparent Verification
SW1#show vtp status VTP Version : 2 Configuration Revision : 9 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xD3 0x41 0xF1 0x21 0x12 0xF7 0x11 0xBF Configuration last modified by 0.0.0.0 at 3-1-93 13:35:59 Local updater ID is 0.0.0.0 (no valid interface found) SW2#show vtp status VTP Version : 2 Configuration Revision : 9 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xD3 0x41 0xF1 0x21 0x12 0xF7 0x11 0xBF Configuration last modified by 0.0.0.0 at 3-1-93 13:35:59

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Transparent Verification (cont.)
SW3#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Transparent VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x15 0x07 0xC0 0x68 0xA7 0xCD 0xCC 0xD2 Configuration last modified by 0.0.0.0 at 3-1-93 13:30:42 SW4#show vtp status VTP Version : 2 Configuration Revision : 9 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xD3 0x41 0xF1 0x21 0x12 0xF7 0x11 0xBF Configuration last modified by 0.0.0.0 at 3-1-93 13:35:59

Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Transparent Verification (cont.)
SW1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/14, Fa0/15 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 VLAN0010 active Fa0/1, Fa0/3 20 VLAN0020 active 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 51 VLAN0051 active 52 VLAN0052 active 53 VLAN0053 active 54 VLAN0054 active 55 VLAN0055 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Transparent Verification (cont.)
SW3#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 3 VLAN0003 active 33 VLAN0033 active 333 VLAN0333 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup 3333 VLAN3333 active

Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Pruning
• Broadcasts and unknown unicast/multicast frame are flooded everywhere in the broadcast domain
– Includes trunk links

• Editing allowed list limits this flooding, but large administrative overhead • VTP pruning automates this procedure
– Switches advertise what VLANs they need – All other VLANs are pruned (removed) off the trunk link

• Does not work for transparent mode
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

com . Inc www.com VTP Pruning Configuration SW1# vtp domain CISCO vtp mode server vtp pruning vlan 10.20.INE.INE.com Copyright © 2010 Internetwork Expert www.30 ! interface FastEthernet0/1 switchport mode access switchport access vlan 10 ! interface FastEthernet0/3 switchport mode access switchport access vlan 20 ! interface FastEthernet0/5 switchport mode access switchport access vlan 30 ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport mode trunk SW2# vtp domain CISCO vtp mode client ! interface FastEthernet0/2 switchport mode access switchport access vlan 10 ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk SW3# vtp domain CISCO vtp mode client ! interface FastEthernet0/3 switchport mode access switchport access vlan 20 ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk SW4# vtp domain CISCO vtp mode client ! interface FastEthernet0/4 switchport mode access switchport access vlan 30 ! interface FastEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk Copyright © 2010 Internetwork Expert.INE.VTP Pruning Example VLAN 30 VLAN 10 Fa0/13 VLAN 20 SW1 Fa0/16 Fa0/13 Fa0/13 VLAN 20 SW2 VLAN 10 SW3 Fa0/19 Fa0/19 SW4 VLAN 30 Copyright © 2010 Internetwork Expert. Inc www.

0. Inc www.0.0.) SW3#show vtp status VTP Version : 2 Configuration Revision : 12 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xF6 0x11 0xDA 0x50 0x99 0x7B 0x17 0x0F Configuration last modified by 0.0.0 at 3-1-93 13:45:40 SW4#show vtp status VTP Version : 2 Configuration Revision : 12 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xF6 0x11 0xDA 0x50 0x99 0x7B 0x17 0x0F Configuration last modified by 0.0 at 3-1-93 13:45:40 Copyright © 2010 Internetwork Expert. Inc www.INE.0.) SW1#show vtp status VTP Version : 2 Configuration Revision : 12 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xF6 0x11 0xDA 0x50 0x99 0x7B 0x17 0x0F Configuration last modified by 0.com Copyright © 2010 Internetwork Expert www.0 at 3-1-93 13:45:40 Local updater ID is 0.INE.0.0 (no valid interface found) SW2#show vtp status VTP Version : 2 Configuration Revision : 12 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xF6 0x11 0xDA 0x50 0x99 0x7B 0x17 0x0F Configuration last modified by 0.0 at 3-1-93 13:45:40 Copyright © 2010 Internetwork Expert.0.0.com VTP Pruning Verification (cont.com .0.VTP Pruning Verification (cont.0.INE.

30 Vlans in spanning tree forwarding state and not pruned 1.10 1.30 SW2#show interfaces trunk Port Fa0/13 Port Fa0/13 Port Fa0/13 Port Fa0/13 Mode on Encapsulation 802.10.30 Vlans in spanning tree forwarding state and not pruned 1.10.20.30 SW4#show interfaces trunk Port Fa0/19 Port Fa0/19 Port Fa0/19 Port Fa0/19 Mode on Encapsulation 802.INE.com .10.10.30 1.10.com VTP Pruning Verification (cont.30 Copyright © 2010 Internetwork Expert.30 Vlans in spanning tree forwarding state and not pruned 1.) SW1#show interfaces trunk Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Mode on on Encapsulation 802.10.10.INE.30 1.1q 802.20.20.VTP Pruning Verification (cont.1q Status trunking trunking Native vlan 1 1 Vlans allowed on trunk 1-4094 1-4094 Vlans allowed and active in management domain 1.20.20.20.com Copyright © 2010 Internetwork Expert www.10.30 Copyright © 2010 Internetwork Expert.1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1.20.20.1q 802.20.30 1.20.1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1. Inc www.10.1q Status trunking trunking Native vlan 1 1 Vlans allowed on trunk 1-4094 1-4094 Vlans allowed and active in management domain 1.) SW3#show interfaces trunk Port Fa0/13 Fa0/19 Port Fa0/13 Fa0/19 Port Fa0/13 Fa0/19 Port Fa0/13 Fa0/19 Mode on on Encapsulation 802.30 Vlans in spanning tree forwarding state and not pruned 1. Inc www.INE.

20.10.30 Vlan traffic requested of neighbor 1.10.INE.20 Vlan traffic requested of neighbor 1.INE.INE.10 Copyright © 2010 Internetwork Expert.) SW1#show interfaces Fa0/13 pruning Port Fa0/13 Port Fa0/13 Vlans pruned for lack of request by neighbor 20.20. Inc www. Inc www.com .30 SW4#show interfaces Fa0/19 pruning Port Fa0/19 Port Fa0/19 Vlans pruned for lack of request by neighbor none Vlan traffic requested of neighbor 1.) SW3#show interfaces Fa0/13 pruning Port Fa0/13 Port Fa0/13 Vlans pruned for lack of request by neighbor none Vlan traffic requested of neighbor 1.20.VTP Pruning Verification (cont.com VTP Pruning Verification (cont.10.30 Copyright © 2010 Internetwork Expert.30 SW1#show interfaces Fa0/16 pruning Port Fa0/16 Port Fa0/16 Vlans pruned for lack of request by neighbor 10 Vlan traffic requested of neighbor 1.com Copyright © 2010 Internetwork Expert www.30 SW2#show interfaces Fa0/13 pruning Port Fa0/13 Port Fa0/13 Vlans pruned for lack of request by neighbor none Vlan traffic requested of neighbor 1.30 SW3#show interfaces Fa0/19 pruning Port Fa0/19 Port Fa0/19 Vlans pruned for lack of request by neighbor 10.20.

com Copyright © 2010 Internetwork Expert www.com .INE.VLANs. & VTP Q&A Copyright © 2010 Internetwork Expert.INE. Trunking. Inc www.

Internetwork Expert’s CCNP Bootcamp Spanning-Tree Protocol (STP) http://www.com .com Copyright © 2010 Internetwork Expert www.INE.com Switching Logic Review • Layer 2 switches use the CAM table to switch traffic based on destination MAC address • To populate the CAM table the following logic is used – – – – – – A frame from X going to Y is received on port 1 Insert X into the CAM table via port 1 Flood the frame out all ports in the VLAN except 1 A return frame from Y going to X is received on port 2 Insert Y into the CAM table via port 2 Subsequent traffic does not require flooding Copyright © 2010 Internetwork Expert.INE. Inc www.INE.

Floods frame out port SW4 floods frame out followed by port 3 SW2 adds HostA via port 22 then overrides to port 3 SW1 adds HostA via port ports 1 and 2 SW1 now knows HostA via Floods frame out port 1& Floods frame out ports 1 incorrect port & process3 continues A via Fa0/1 A via Fa0/2 A via Fa0/1 A via Fa0/2 A via Fa0/1 A via Fa0/2 A via Fa0/3 Copyright © 2010 Internetwork Expert. CAM population logic breaks down and frames are switched out the wrong interfaces • Looping frames. Inc www.INE. especially broadcasts. can quickly overwhelm all links with 100% utilization Copyright © 2010 Internetwork Expert.INE.Switching Loop Problems • When redundant paths exist in the layer 2 network.com .com Copyright © 2010 Internetwork Expert www.INE. Inc www.com Switching Loop Example HostA sends a frame SW1 adds HostA via port 11 SW2 adds HostA via port to HostB SW3 adds HostA via port Floods frame out frame ports 2 & 31 2 SW4 receives in port Floods frame out port 22 SW4 adds HostA via port 2.

com Copyright © 2010 Internetwork Expert www. Inc www.1D Copyright © 2010 Internetwork Expert. layer 2 network can reconverge around network failures • Standards based per 802.com . Inc www.INE.INE.com Switching Loop Prevention Example HostA sends a frame SW1 adds HostA via port 11 SW2 adds HostA via port to HostB SW3 adds HostA via port Floods frame out frame ports 2 & 31 2 SW4 receives in port Floods frame out port 22 SW4’s port 3 is blocking so Floods frame out port SW4 adds HostA via port 2 followed by port 3 frame isframe discarded and floods out port 1 No looping occurs A Fa0/1 Fa0/2 SW1 A via Fa0/1 Fa0/3 Fa0/1 A via Fa0/1 Fa0/1 SW2 SW3 Fa0/2 A via Fa0/1 Fa0/2 Fa0/2 A via Fa0/2 Fa0/3 SW4 B Fa0/1 Copyright © 2010 Internetwork Expert.INE.Spanning-Tree Protocol Overview • STP solves the looping problem by “blocking” redundant paths – Blocked links cannot forward traffic or use the CAM table – Same effect as removing or shutting down the link • Since STP is dynamic.

INE. Inc www.INE.INE. Inc www.com .com How STP Works • • • • Exchange bridge and link attributes Elect one Root Bridge Elect one Root Port per bridge Elect Designated Ports Copyright © 2010 Internetwork Expert.How STP Loop Prevention Works • All devices agree on a reference point in the network – Called the “root bridge” • Device directly downstream of the root bridge performs the following… – Select one upstream facing port to forward traffic towards the root bridge • Called the “root port” – All other upstream facing ports are disabled • Called “blocking” ports – All downstream facing ports are called “designated” ports • Next downstream device performs the same. selecting one upstream facing root port • Repeat until entire loop-free tree is built Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.

61440 in increments of 4096 – System ID Extension • 12 low order bits • 0 – 4095 • Lowest BID in the network becomes everyone’s Root ID (RID) in their BPDUs Copyright © 2010 Internetwork Expert.0000) • Used to advertise bridge and link attributes – – – – – Root ID Root Path Cost Bridge ID Port ID Timers • Two types of BPDUs – Configuration BPDUs – Topology Change Notification (TCN) BPDUs Copyright © 2010 Internetwork Expert.com Root Bridge Election • Based on the lowest Bridge ID (BID) in the network • BID is an 8-byte field that contains – Bridge Priority • 0-65535 • Defaults to 32768 – MAC Address • New standard splits Bridge Priority into two fields – AKA “MAC address reduction” feature – Bridge Priority • 4 high order bits • 0 .INE.com Copyright © 2010 Internetwork Expert www.INE.STP Advertisements • Uses Bridge Protocol Data Units (BPDUs) – Sent as multicast frames between adjacent bridges (0180.C200.com .INE. Inc www. Inc www.

INE. Inc www. elected based on… – Lowest Root Path Cost – Lowest BID – Lowest Port ID • All other ports go into “blocking” mode – Receives BPDUs – Discards all other traffic – Cannot send traffic • Blocking ports are the key to the loop free topology Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www. higher bandwidth.INE.INE. lower cost • Not linear • If tie in cost… – Choose lowest upstream BID – Choose lowest upstream Port ID Copyright © 2010 Internetwork Expert.e.Root Port Election • Port closest to the Root Bridge – Root is always upstream • Elected based on lowest Root Path Cost – Cumulative cost of all links to get to the root – Cost based on inverse bandwidth • i. Inc www.com .com Designated Port Election • Ports downstream facing away from Root Bridge • Like Root Port.

com Copyright © 2010 Internetwork Expert www. Inc www.INE.STP Path Selection Example SW1 Fa0/13 Fa0/16 Fa0/13 Fa0/13 SW2 Fa0/19 SW3 Fa0/19 Fa0/16 Fa0/19 SW4 Copyright © 2010 Internetwork Expert.a380 Cost 38 Port 18 (FastEthernet0/16) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 0019.com STP Path Selection Verification (SW1) SW1#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0009.15 128.INE.4e80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Altn Root Sts --BLK LRN Cost --------19 19 Prio.com .18 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/16 Copyright © 2010 Internetwork Expert.Nbr -------128.INE.56c8.433c. Inc www.

f4f3.com STP Path Selection Verification (SW3) SW3#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0009.19 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 Copyright © 2010 Internetwork Expert. Inc www.INE.com Copyright © 2010 Internetwork Expert www.433c.13 128.aa7e.Nbr -------128.Nbr -------128.STP Path Selection Verification (SW2) SW2#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0009.15 128.a380 Cost 19 Port 21 (FastEthernet0/19) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 0019.com .INE.e780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Root Sts --FWD FWD Cost --------19 19 Prio.INE.a380 Cost 19 Port 19 (FastEthernet0/19) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 000a.433c.21 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 Copyright © 2010 Internetwork Expert. Inc www.ea00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Root Sts --FWD FWD Cost --------19 19 Prio.

Designated root has priority 32769. forward delay 15 Current root has priority 32769. Designated root has priority 32769. forward delay 0.com Copyright © 2010 Internetwork Expert www. Port priority 128.56c8.13.ea00 Designated port id is 128.18.Nbr -------128.4e80 Configured hello time 2.433c.a380 Designated bridge has priority 32769.a380 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 0009.STP Path Selection Verification (SW4) SW4#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0009.e780 Designated port id is 128. notification 2 hello 2. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 2. hold 0 Number of transitions to forwarding state: 0 Link type is point-to-point by default BPDU: sent 6. address 0009.INE.a380 Root port is 18 (FastEthernet0/16).f4f3. sysid 1. designated path cost 19 Timers: message age 2. Port Identifier 128. cost of root path is 38 Topology change flag not set. address 0009.a380 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Desg Sts --FWD FWD Cost --------19 19 Prio. forward delay 0.INE. received 111 Copyright © 2010 Internetwork Expert. address 0009.com STP Verification Detail (SW1) SW1#show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768. address 0019. topology change 0.com . aging 300 Port 15 (FastEthernet0/13) of VLAN0001 is blocking Port path cost 19. designated path cost 19 Timers: message age 2.433c.433c.19 Type -------------------------------P2p P2p Interface ---------------Fa0/16 Fa0/19 Copyright © 2010 Internetwork Expert.15. address 0019. topology change 35.16 128. forward delay 15 Timers: hello 0. max age 20.433c. Inc www. Port priority 128.15. Inc www. notification 0.a380 Designated bridge has priority 32769. received 116 Port 18 (FastEthernet0/16) of VLAN0001 is forwarding Port path cost 19. address 000a. max age 20.aa7e.INE. detected flag not set Number of topology changes 1 last change occurred 00:03:34 ago from FastEthernet0/13 Times: hold 1.433c. Port Identifier 128.

Port priority 128. address 0019. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 3. forward delay 15 Timers: hello 0. designated path cost 0 Timers: message age 1. max age 20. topology change 35. received 2 Port 19 (FastEthernet0/19) of VLAN0001 is forwarding Port path cost 19.e780 Designated port id is 128. sysid 1. forward delay 0. forward delay 15 Current root has priority 32769.ea00 Designated port id is 128. aging 300 Port 15 (FastEthernet0/13) of VLAN0001 is forwarding Port path cost 19. notification 2 hello 2. designated path cost 0 Timers: message age 1. notification 0.a380 Designated bridge has priority 32769.STP Verification Detail (SW2) SW2#show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768.INE. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 114.a380 Root port is 19 (FastEthernet0/19).21. address 000a.13. forward delay 15 Timers: hello 0.433c. max age 20. max age 20. received 118 Copyright © 2010 Internetwork Expert.a380 Root port is 21 (FastEthernet0/19).com STP Verification Detail (SW3) SW3#show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768.13. address 0009. address 0019.433c. detected flag not set Number of topology changes 3 last change occurred 00:03:12 ago from FastEthernet0/19 Times: hold 1.15. forward delay 0. Port priority 128.INE. address 0009.a380 Designated bridge has priority 32769.com .ea00 Configured hello time 2. Designated root has priority 32769. forward delay 0.19. max age 20. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 3.com Copyright © 2010 Internetwork Expert www. cost of root path is 19 Topology change flag not set.a380 Designated bridge has priority 32769. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 117. Designated root has priority 32769. address 0009. address 0009. received 114 Copyright © 2010 Internetwork Expert. address 0009.19. notification 0. detected flag not set Number of topology changes 2 last change occurred 00:03:19 ago from FastEthernet0/19 Times: hold 1. Port Identifier 128.a380 Designated bridge has priority 32769. cost of root path is 19 Topology change flag not set.433c. forward delay 15 Current root has priority 32769.aa7e.a380 Designated port id is 128. forward delay 0. address 0009.a380 Designated port id is 128.INE.433c. address 0009. received 6 Port 21 (FastEthernet0/19) of VLAN0001 is forwarding Port path cost 19. address 0009. Designated root has priority 32769.e780 Configured hello time 2. Port priority 128. Port Identifier 128.f4f3. Port priority 128. Designated root has priority 32769.433c. notification 2 hello 2. sysid 1. designated path cost 19 Timers: message age 0. Inc www. Inc www.433c.16. topology change 0.433c.f4f3.15. Port Identifier 128.433c.aa7e. address 000a. topology change 35. designated path cost 19 Timers: message age 0. aging 300 Port 13 (FastEthernet0/13) of VLAN0001 is forwarding Port path cost 19. Port Identifier 128. topology change 0.

a380 Designated port id is 128. aging 300 Port 16 (FastEthernet0/16) of VLAN0001 is forwarding Port path cost 19. max age 20.STP Verification Detail (SW4) SW4#show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768.com Copyright © 2010 Internetwork Expert www.com STP Port States • When a bridge boots up.19. Port priority 128. shutdown – Listening • Exchanging BPDUs with adjacent bridges – Learning • Building the CAM table – Forwarding • Normal loop-free traffic forwarding – Blocking • Receiving BPDUs but not forwarding • Normal progression between states is either… – Disabled → Listening → Learning → Forwarding – Blocking → Listening → Learning → Forwarding Copyright © 2010 Internetwork Expert. the initial STP convergence time is based on how long the device takes to transition through different port states • STP port states are… – Disabled • e. forward delay 15 Timers: hello 1. Designated root has priority 32769. Port priority 128.g. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 122. Port Identifier 128.433c. address 0009. Designated root has priority 32769. notification 0. topology change 35. forward delay 0. address 0009. address 0009. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 116.a380 Designated bridge has priority 32769.INE.16.INE. Inc www. received 3 Port 19 (FastEthernet0/19) of VLAN0001 is forwarding Port path cost 19.a380 Designated bridge has priority 32769. sysid 1. detected flag not set Number of topology changes 1 last change occurred 00:03:47 ago from FastEthernet0/19 Times: hold 1.com .INE.19. forward delay 15 We are the root of the spanning tree Topology change flag not set.433c. Port Identifier 128. max age 20. designated path cost 0 Timers: message age 0. address 0009. notification 2 hello 2.16.433c. designated path cost 0 Timers: message age 0. Inc www.a380 Configured hello time 2.a380 Designated port id is 128. received 3 Copyright © 2010 Internetwork Expert. topology change 0. address 0009. forward delay 0.433c.433c.

INE. TCN.INE.g.INE.com Copyright © 2010 Internetwork Expert www. Blocking →Designated • TCN is sent up to Root Bridge – – – – – – TCN sent out Root Port Upstream switch sends TCAck in Configuration BPDU back Upstream switch sends TCN out Root Port Next upstream switch sends TCAck in Configuration BPDU back Next upstream switch sends TCN out Root Port Process continues until Root Bridge receives TCN • When Root Bridge receives TCN. it replies with TCN out all ports • Result is that CAM aging time is reduced to Forward Delay – Default of 5 minutes reduced to 15 seconds Copyright © 2010 Internetwork Expert. Inc www. is used to quickly age out the CAM table in case of a port state change – e. Inc www.com STP Reconvergence • The second BPDU type.STP Timers • Timers that affect the transition between port states are… – Hello timer • How often configuration BPDUs are sent • Defaults to 2 seconds – MaxAge timer • How long to wait in blocking state without hearing a BPDU • Defaults to 20 seconds – Forward Delay • How long to wait in each the listening and learning phases • Defaults to 15 seconds Copyright © 2010 Internetwork Expert.com . Forwarding→Down.

STP Q&A Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert www.INE.com . Inc www.

INE. UplinkFast. etc.com Cisco STP Enhancements • Common Spanning-Tree (CST) – Originally defined in 802.INE.com Copyright © 2010 Internetwork Expert www. Inc www.com . – PVST+ interoperates with CST • Complex tunneling outside our scope • See INE Blog’s PVST+ Explained for details Copyright © 2010 Internetwork Expert.Internetwork Expert’s CCNP Bootcamp Advanced Spanning-Tree Protocol (STP) http://www.1D – One STP instance for all VLANs • Does not allow complex layer 2 traffic engineering • Per-VLAN Spanning-Tree (PVST) – Cisco proprietary extensions – One STP instance per VLAN • Layer 2 traffic engineering per VLAN – New features to reduce convergence time • PortFast.INE.

Inc www.INE.com . Inc www.com Per-VLAN Path Selection Example SW1 Fa0/13 Fa0/16 Fa0/13 VLAN 10 Root Fa0/13 SW2 Fa0/19 SW3 Fa0/19 VLAN 20 Root Fa0/16 Fa0/19 SW4 Copyright © 2010 Internetwork Expert.INE.INE.com Copyright © 2010 Internetwork Expert www.PVST/PVST+ Path Selection • One Root Bridge election per VLAN – Bridge priority per VLAN configurable as spanningtree vlan [vlan] [priority|root] • Separate Root Port & Designated Port elections per VLAN – Port cost per VLAN configurable as interface spanning-tree vlan [vlan] cost [cost] – Port priority per VLAN configurable as interface spanning-tree vlan [vlan] priority [priority] Copyright © 2010 Internetwork Expert.

aa7e.INE.aa7e.aa7e.ea00 Cost 24 Port 13 (FastEthernet0/13) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32778 (priority 32768 sys-id-ext 10) Address 000a.21 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 SW3#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 16394 Address 0019.e780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Root Altn Sts --FWD BLK Cost --------5 19 Prio.ea00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Desg Sts --FWD FWD Cost --------19 19 Prio. Inc www.Nbr -------128.com .ea00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 16394 (priority 16384 sys-id-ext 10) Address 0019.f4f3.INE.INE.15 128.13 128.com Per-VLAN Path Selection Verification SW2#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 16394 Address 0019.Per-VLAN Path Selection Configuration SW2# spanning-tree vlan 10 priority 16384 ! interface FastEthernet0/19 spanning-tree vlan 20 cost 5 SW3# spanning-tree vlan 20 priority 16384 ! interface FastEthernet0/13 spanning-tree vlan 10 cost 5 Copyright © 2010 Internetwork Expert.Nbr -------128.19 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www. Inc www.

21 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 SW3#show spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 16404 Address 000a. Inc www.com Cisco’s 802.ea00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Altn Root Sts --BLK FWD Cost --------19 5 Prio.e780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Desg Sts --FWD FWD Cost --------19 19 Prio.com Copyright © 2010 Internetwork Expert www.15 128.INE.Per-VLAN Path Selection Verification (cont.Nbr -------128.1D Convergence Enhancements • PortFast – End hosts need not be subject to Forwarding Delay • UplinkFast – Direct Root Port failure should reconverge immediately if Alternate Port available • BackboneFast – Indirect failures should start recalculating immediately Copyright © 2010 Internetwork Expert.13 128.e780 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 16404 (priority 16384 sys-id-ext 20) Address 000a.e780 Cost 24 Port 21 (FastEthernet0/19) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32788 (priority 32768 sys-id-ext 20) Address 0019.19 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 Copyright © 2010 Internetwork Expert. Inc www.aa7e.f4f3.com .INE.f4f3.) SW2#show spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 16404 Address 000a.INE.f4f3.Nbr -------128.

Inc www.1D uses… – – – – – Disabled Blocking Listening Learning Forwarding • 802. Inc www.INE.INE.com RSTP Port States • 802.INE.1w simplifies this to… – Discarding • Dropping frames – Learning • Dropping frames but building the CAM – Forwarding • Normal forwarding Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.RSTP • Rapid Spanning-Tree Protocol • New standard per IEEE 802.com .1D enhancements • Builds the same STP as regular STA • Simplifies port states • Rapid convergence based on sync process Copyright © 2010 Internetwork Expert.1w • Faster convergence than Cisco’s 802.

INE.e. Inc www. Inc www.RSTP Port Roles • Port Roles are decoupled from states • Root Port & Designated Port – Same as before • Alternate Port – Alternate but less desirable path to the root – Allows the equivalent of UplinkFast • i.INE.INE. remove edge status and generate TCN Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.com RSTP Edge Ports • Equivalent of PVST+ PortFast enabled ports – Immediately transitions to forwarding – Still requires spanning-tree portfast command for backwards compatibility • Maintains edge status as long as no BPDUs are received – If BPDU received.com . fast root path recovery – Operates in discarding state • Backup Port – Backup Designated Port – Activates if the primary Designated Port fails – Operates in discarding state Copyright © 2010 Internetwork Expert.

INE.RSTP Link Types • Non-edge ports fall into two types • Point-to-point – Full-Duplex ports • Shared – Half-Duplex ports • Only point-to-point Designated Ports use the sync process for rapid convergence Copyright © 2010 Internetwork Expert. etc.com Copyright © 2010 Internetwork Expert www.INE. Inc www.) • Downstream bridges review this information – If they don’t have better paths to the root they agree – If they do have it they announce their information Copyright © 2010 Internetwork Expert.INE. cost. Inc www.com .com RSTP Sync Process • Goal is for a bridge to synchronize its root port with the rest of the topology • When a bridge elects a root port it assumes all non-edge ports to be designated – All non-edge ports are discarding at this moment • Bridge sends proposals out all designated ports – Proposal has port role set to designated – Proposal contains root bridge info (priority.

INE.com . Inc www. Inc www. local bridge changes root port • If downstream bridge agrees to upstream proposal. then it – Elects a local root port – Blocks all non-edge designated ports – Starts sync process on all designated ports • Port blocking is essential in preventing transient loops • Sync process ensures all bridges agree on the same root bridge Copyright © 2010 Internetwork Expert. 20 seconds MaxAge Copyright © 2010 Internetwork Expert. it is unblocked • If downstream bridge sends better root information.RSTP Sync Process (cont.INE.1D.) • When designated port receives agreement.com RSTP Fault Detection • In 802. reconvergence begins – 6 seconds vs.INE. each bridge generates BPDU every hello interval – 2 seconds by default • If 3 hellos are missed from a neighbor. BPDUs are only generated by Root Bridge – All other bridges forward them on • In RSTP.com Copyright © 2010 Internetwork Expert www.

com .) • MaxAge is used as hop count – Every bridge sends BPDUs on its own – Age incremented by every bridge – MaxAge also used on shared ports for legacy STP backwards compatibility • Fault could be detected fast by means of physical layer signaling Copyright © 2010 Internetwork Expert.RSTP Fault Detection (cont.INE. Inc www.INE.com Copyright © 2010 Internetwork Expert www. it is selected in place of old Root port – New Root port is then synchronized with downstream bridges • If there are no Alternate ports and no better info – Declare itself as root – Synchronize this decision – Possibly adapt to better information Copyright © 2010 Internetwork Expert.INE.com RSTP Convergence • RSTP needs to re-converge when Root port is lost • If there is an Alternate port. Inc www.

INE.com RSTP Topology Change • Generated when link becomes forwarding • Originated by the switch that detected the event • Uses special BPDU bit to signal topology change • Flooded by all switches using reverse path forwarding • Flushes MAC address tables • Causes temporary excessive unicast traffic flooding • Use Edge Ports as much as possible Copyright © 2010 Internetwork Expert.g.INE.com .RSTP Convergence (cont. depends on topology – Meshy topologies converge slow – Large topologies converge slow • Root bridge failures may cause slow convergence time and temporary loops • To ensure fast convergence – Keep Topology Small (3-5 bridges) – Avoid excessive redundancy (e.INE.com Copyright © 2010 Internetwork Expert www. use ring topologies but not full-mesh) – Rely on physical layer failure detection not the Hello BPDUs Copyright © 2010 Internetwork Expert. Inc www. Inc www.) • Non-deterministic.

com Multiple Spanning-Tree Protocol (cont. Inc www.INE.com Copyright © 2010 Internetwork Expert www.com .INE.) • STP Instances (MSTIs) are separate from VLANs • VLANs are mapped to MSTIs manually • Switches sharing the same region name and mappings form a region • Different regions see each other as virtual bridges • See INE Blog’s Understanding MSTP for more info Copyright © 2010 Internetwork Expert.1s) response to PVST/PVST+ • Pioneered by Cisco as MISTP • Supports multiple user-defined instances of spanning-tree • Not as resource intensive as PVST/PVST+ • Automatically runs RSTP Copyright © 2010 Internetwork Expert.INE.Multiple Spanning-Tree Protocol • IEEE (802. Inc www.

50. 60 ! spanning-tree mode mst SW2# spanning-tree mst configuration name MST_REGION1 revision 1 instance 1 vlan 10. 20. 50. Inc www. 60 ! spanning-tree mode mst spanning-tree mst 2 priority 4096 ! interface FastEthernet0/13 spanning-tree mst 1 cost 50000 SW4# spanning-tree mst configuration name MST_REGION1 revision 1 instance 1 vlan 10. Inc www.30) SW3 Fa0/19 Instance 2 Root (VLANs 40. 20. 30 instance 2 vlan 40. 50.com SW3# spanning-tree mst configuration name MST_REGION1 revision 1 instance 1 vlan 10.20.60) Fa0/19 Fa0/16 Fa0/19 SW4 Copyright © 2010 Internetwork Expert.com MST Configuration SW1# spanning-tree mst configuration name MST_REGION1 revision 1 instance 1 vlan 10. 30 instance 2 vlan 40. 20. 20. 50.MST & RSTP Example Fa0/13 SW1 Fa0/16 Fa0/13 Fa0/13 SW2 Instance 1 Root (VLANs 10.com .INE. 60 ! spanning-tree mode mst spanning-tree mst 1 priority 4096 ! interface FastEthernet0/19 spanning-tree mst 2 cost 50000 Copyright © 2010 Internetwork Expert. 30 instance 2 vlan 40. 30 instance 2 vlan 40.INE. 60 ! spanning-tree mode mst Copyright © 2010 Internetwork Expert www.50.INE.

30 address 0019.MST Verification SW2#show spanning-tree mst 1 ##### MST1 Bridge Root vlans mapped: 10.13 128.ea00 priority address 000a.f4f3.21 32770 (32768 sysid 2) 4098 (4096 sysid 2) 250000 rem hops 18 Interface ---------------Fa0/13 Fa0/19 Type -------------------------------P2p P2p SW3#show spanning-tree mst 2 ##### MST2 Bridge Root vlans mapped: 40.INE.aa7e.com MST Verification (cont.e780 priority address 0019.20.20.50.com Copyright © 2010 Internetwork Expert www.15 128.19 4098 (4096 sysid 2) Interface ---------------Fa0/13 Fa0/19 Type -------------------------------P2p P2p Copyright © 2010 Internetwork Expert.aa7e. Inc www.com .f4f3.INE.Nbr -------128.INE.30 address 000a.13 128.15 128.21 4097 (4096 sysid 1) Interface ---------------Fa0/13 Fa0/19 Type -------------------------------P2p P2p SW3#show spanning-tree mst 1 ##### MST1 Bridge Root vlans mapped: 10.60 address 000a.60 address 0019.e780 priority this switch for MST2 Role ---Desg Desg Sts --FWD FWD Cost --------200000 200000 Prio.f4f3.Nbr -------128.aa7e.19 32769 (32768 sysid 1) 4097 (4096 sysid 1) 250000 rem hops 18 Interface ---------------Fa0/13 Fa0/19 Type -------------------------------P2p P2p Copyright © 2010 Internetwork Expert.Nbr -------128.) SW2#show spanning-tree mst 2 ##### MST2 Bridge Root vlans mapped: 40. Inc www.50.e780 priority port Fa0/19 cost Role ---Altn Root Sts --BLK FWD Cost --------200000 50000 Prio.Nbr -------128.ea00 priority this switch for MST1 Role ---Desg Desg Sts --FWD FWD Cost --------200000 200000 Prio.ea00 priority port Fa0/13 cost Role ---Root Altn Sts --FWD BLK Cost --------50000 200000 Prio.

INE. but uses RSTP enhancements for rapid convergence • Every instance runs RSTP • Configured as spanning-tree mode rapid-pvst Copyright © 2010 Internetwork Expert. Inc www. Inc www.com Other STP Features • BPDU Filter – Interface level • Filter BPDUs inbound/outbound – Global • If BPDU is received revert out of portfast state • BPDU Guard – If BPDU is received shut port down • Root Guard – If superior BPDU is received shut port down • Loop Guard & UDLD – Prevent unidirectional links Copyright © 2010 Internetwork Expert.com .com Copyright © 2010 Internetwork Expert www.INE.Rapid PVST+ • Same as PVST+.INE.

Inc www.INE.INE.Advanced STP Q&A Copyright © 2010 Internetwork Expert.com .com Copyright © 2010 Internetwork Expert www.

“Transparent” bridging • Implies hosts in a VLAN can only reach MACs directly in the CAM table – i.INE. the local broadcast domain • Layer 3 routers/switches perform layer 2 packet rewrite – Remove the layer 2 header and rebuild it • Implies Inter-VLAN traffic must be routed Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.e.INE.com . Inc www.INE.e.com Layer 2 vs Layer 3 Review • Layer 2 switches do not do frame modification – i.Internetwork Expert’s CCNP Bootcamp Inter-VLAN Routing http://www.

254/24 Fa0/1 Fa0/2 VLAN 10 VLAN 20 SW1 Fa0/3 Fa0/4 A 10.0.INE.com .0.INE.1/24 B 20.INE. Inc www.com Switch to Router w/ Multiple Links Example 10.0.0. Inc www.0.0.com Copyright © 2010 Internetwork Expert www.0.254/24 R1 Fa0/1 Fa0/2 20.0.2/24 Copyright © 2010 Internetwork Expert.Switch to Router w/ Multiple Links • One solution for Inter-VLAN routing is to use one physical link per VLAN between the layer 2 switch and layer 3 router • How it works – Frames leaves switch on link 1 in VLAN 10 – Router rewrites frame to MAC in VLAN 20 and sends back on link 2 – Switch uses CAM of VLAN 20 to reach destination Copyright © 2010 Internetwork Expert.

com . Inc www.INE.INE. Inc www.com Router-on-a-Stick Example Copyright © 2010 Internetwork Expert.1Q Trunk • How it works – Frame leaves switch on trunk link with VLAN 10 encapsulation – Router rewrites frame to MAC in VLAN 20 and sends back on the same trunk link with new encapsulation – Switch uses CAM of VLAN 20 to reach destination Copyright © 2010 Internetwork Expert.Router-on-a-Stick • Multiple interfaces work.com Copyright © 2010 Internetwork Expert www.INE. but not scalable because of port density and cost • Alternate solution is to use one physical link between layer 2 switch and layer 3 router running as ISL/802.

com . and easier to manage Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.e.INE. Inc www.Switched Virtual Interfaces (SVIs) • Better solution is to combine the layer 2 switch and layer 3 router together – i. Inc www.INE. more scalable.INE.g RSFC/MSFC • Implemented as interface vlan [vlan] on the layer 3 switch • Faster. layer 3 switch • Switch to router communication and rewrite happens on the backplane/fabric – e.com SVIs Example Copyright © 2010 Internetwork Expert.

0.0/24 20.0. most layer 3 switches can run ports in native layer 3 routed mode – i.254/24 VLAN10 Fa0/3 Fa0/13 Fa0/13 100.0.254/24 VLAN20 Fa0/4 VLAN 10 VLAN 20 A 10.INE.com Native Layer 3 Routed Ports Example 10.INE.1/24 B 20. ACLs.com Copyright © 2010 Internetwork Expert www.Native Layer 3 Routed Ports • In addition to layer 2 switchports.0.2/24 Copyright © 2010 Internetwork Expert.0.0. QoS.0. Inc www.0. etc. no switchport • Native layer 3 ports treated just like an Ethernet port on a router – IP address assignment. • Typically used in designs where uplinks are routed – Access to distribution layer uplinks – Distribution layer to core layer uplinks • Eliminates STP convergence time – Convergence is now a function of layer 3 routing protocol – See High Availability Campus Network Design-Routed Access Layer using EIGRP or OSPF for more info Copyright © 2010 Internetwork Expert.INE.0.com .0.e. Inc www.

Inc www.INE.com Copyright © 2010 Internetwork Expert www.com .Inter-VLAN Routing Q&A Copyright © 2010 Internetwork Expert.INE.

INE. but no loops • Load balancing based on MAC address – More efficient bandwidth utilization than STP traffic engineering Copyright © 2010 Internetwork Expert.Internetwork Expert’s CCNP Bootcamp EtherChannel http://www.com Copyright © 2010 Internetwork Expert www.com EtherChannel • Used to aggregate bandwidth of multiple links together – Sometimes called “NIC Teaming” by other vendors • Fools STP into thinking bonded links are one STP link – Technically redundant paths.INE.com . Inc www.INE.

Inc www.com . Inc www.com Copyright © 2010 Internetwork Expert www. member port configs should be identical Copyright © 2010 Internetwork Expert.EtherChannel Terms • Port-Channel / Channel-Group – Logical EtherChannel interface that represents bonded links • Member interfaces – Physical interfaces that belong to the group – Strict requirements about configuration compatibility between member interfaces • i.INE.INE.e.INE.com Types of EtherChannels • EtherChannel does not directly relate to the underlying type of member interface • Can be used to aggregate both – Switchport • Access switchport • Trunk switchports – Routed ports • Limitations of what and how many interfaces can channel together are per-platform – E.g StackWise vs modular platforms – See individual hardware release notes Copyright © 2010 Internetwork Expert.

negotiation protocol determined by the channel “mode” – Desirable & Auto .com Copyright © 2010 Internetwork Expert www.3ad • In Cisco IOS.com EtherChannel Example Copyright © 2010 Internetwork Expert.com .EtherChannel Negotiation • In order to ensure loop free topology. EtherChannel can be auto-negotiated two ways • Port Aggregation Protocol (PAgP) – Cisco proprietary • Link Aggregation Control Protocol (LACP) – IEEE 802. Inc www.PAgP – Active & Passive – LACP – On – neither • Negotiation must be compatible otherwise loops can occur Copyright © 2010 Internetwork Expert. Inc www.INE.INE.INE.

) SW1#show etherchannel summary Flags: D .in port-channel I .failed to allocate aggregator u .INE.com EtherChannel Verification (cont.down P .com .waiting to be aggregated d . Inc www.in use f .INE.stand-alone s .INE.Hot-standby (LACP only) R . Inc www.unsuitable for bundling w .Layer2 U .suspended H .com Copyright © 2010 Internetwork Expert www.Layer3 S .default port Number of channel-groups in use: 2 Number of aggregators: 2 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------1 Po1(SU) PAgP Fa0/13(P) Fa0/14(P) 2 Po2(SU) LACP Fa0/16(P) Fa0/17(P) Copyright © 2010 Internetwork Expert.EtherChannel Configuration SW1# interface FastEthernet0/13 switchport trunk encapsulation switchport mode trunk channel-group 1 mode desirable ! interface FastEthernet0/14 switchport trunk encapsulation switchport mode trunk channel-group 1 mode desirable ! interface FastEthernet0/16 switchport trunk encapsulation switchport mode trunk channel-group 2 mode active ! interface FastEthernet0/17 switchport trunk encapsulation switchport mode trunk channel-group 2 mode active dot1q SW2# interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode auto ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode auto SW3# interface FastEthernet0/13 switchport trunk encapsulation isl switchport mode trunk channel-group 2 mode passive ! interface FastEthernet0/14 switchport trunk encapsulation isl switchport mode trunk channel-group 2 mode passive dot1q isl isl Copyright © 2010 Internetwork Expert.

) SW3#show etherchannel summary Flags: D .INE.failed to allocate aggregator u .Layer2 U .Hot-standby (LACP only) R .waiting to be aggregated d .in port-channel I .down P . Inc www.suspended H .Hot-standby (LACP only) R .com Copyright © 2010 Internetwork Expert www.stand-alone s .unsuitable for bundling w .Layer3 S .default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------1 Po1(SU) PAgP Fa0/13(P) Fa0/14(P) Copyright © 2010 Internetwork Expert.waiting to be aggregated d .down P .in use f .Layer2 U .INE.suspended H .failed to allocate aggregator u .EtherChannel Verification (cont.in use f .com EtherChannel Verification (cont.unsuitable for bundling w .) SW2#show etherchannel summary Flags: D .stand-alone s .com .default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------2 Po2(SU) LACP Fa0/13(P) Fa0/14(P) Copyright © 2010 Internetwork Expert.in port-channel I .Layer3 S . Inc www.INE.

com .com EtherChannel Verification (cont. Inc www.EtherChannel Verification (cont.Nbr -------128.aa7e.ea00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 10 (priority 0 sys-id-ext 10) Address 0019.com Copyright © 2010 Internetwork Expert www.INE.72 128.4e80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Root Desg Sts --FWD FWD Cost --------12 12 Prio.80 Type -------------------------------P2p P2p Interface ---------------Po1 Po2 Copyright © 2010 Internetwork Expert.) SW1#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 10 Address 0019.72 Type -------------------------------P2p P2p Interface ---------------Fa0/19 Po1 Copyright © 2010 Internetwork Expert.INE.ea00 Cost 12 Port 72 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32778 (priority 32768 sys-id-ext 10) Address 0019.21 128.Nbr -------128.ea00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Desg Sts --FWD FWD Cost --------19 12 Prio.aa7e.) SW2#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 10 Address 0019.56c8.aa7e. Inc www.INE.

INE.com Copyright © 2010 Internetwork Expert www.65 Type -------------------------------P2p P2p Interface ---------------Fa0/19 Po2 Copyright © 2010 Internetwork Expert.com .INE. Inc www.com EtherChannel Q&A Copyright © 2010 Internetwork Expert.19 128.aa7e.EtherChannel Verification (cont. Inc www.Nbr -------128.) SW3#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 10 Address 0019.INE.e780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Altn Root Sts --BLK FWD Cost --------19 12 Prio.ea00 Cost 24 Port 65 (Port-channel2) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32778 (priority 32768 sys-id-ext 10) Address 000a.f4f3.

INE. L3 (IGP) • Redundancy should be planned based on target recovery time – Excessive redundancy slows convergence Copyright © 2010 Internetwork Expert. L2 (STP).com Copyright © 2010 Internetwork Expert www.INE. Inc www.com What is High Availability? • Ability of the network to recover from faults in timely fashion – Service availability time (e.Internetwork Expert’s CCNP Bootcamp Gateway Redundancy Protocols & High Availability http://www.com .) • Layered implementation – Physical layer (SONET).INE. links. 5 nines) • Requires redundancy (nodes. etc.g.

connectivity is lost • First Hop/Gateway Redundancy allows another device to take over for a host’s default gateway if it goes down – Transparent to the end host – No need for dual gateways in DHCP Copyright © 2010 Internetwork Expert.INE.) • Hierarchical design separates network modules – Recovery in one module does not affect other modules • Different technologies could be used – E.com What is Gateway Redundancy? • End hosts typically do not “route” into the network.g.INE. they default to their gateway • If the gateway is down.com Copyright © 2010 Internetwork Expert www.com . Inc www. Inc www.What is High Availability? (cont. FHRP selected GW should be aligned with STP root Copyright © 2010 Internetwork Expert.INE. IGP recovery in core – First Hop Redundancy in Access Layer • Technologies need to be synchronized – E.g.

INE.IP over Ethernet Review • ARP is the glue • When a HostA wants to communicate with HostB via IP… – If HostB is on my subnet… • Check the ARP cache for HostB’s MAC • If no MAC. Inc www. ARP for gateway Copyright © 2010 Internetwork Expert.INE. ARP for HostB – If HostB is not on my subnet • Check the ARP cache for gateway’s MAC • If no MAC. Inc www.com Network Failure and FHRPs Copyright © 2010 Internetwork Expert.INE.com .com Copyright © 2010 Internetwork Expert www.

INE. Inc www. Inc www.How Gateway Redundancy Works • Multiple routers bundled in a group – Group represents virtual gateway – All routers know virtual gateway IP – Active physical router responds to ARP – Virtual MAC used in ARP responses • Hosts configured with default gateway IP equal to virtual IP • Routers exchange keepalive messages • Once active router goes down another one takes it place Copyright © 2010 Internetwork Expert.com .com Gateway Redundancy Protocols • Three protocols – Same major functionality – Difference enhancements – Different behind the scenes communication • Hot Standby Router Protocol (HSRP) • Virtual Router Redundancy Protocol (VRRP) • Gateway Load Balancing Protocol (GLBP) Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.INE.INE.

0.0.com Copyright © 2010 Internetwork Expert www.INE.com VRRP Overview • Virtual Router Redundancy Protocol • Open standard per RFC 3768 – Communication with own multicast transport via IP protocol 112 to 224.0.18 • Uses master/backup routers – Master forwards for virtual MAC – Backup checks to make sure master is up • If down take over the MAC • vrrp interface level command Copyright © 2010 Internetwork Expert.HSRP Overview • Hot Standby Router Protocol • Cisco proprietary – Communication via UDP multicast to 224. Inc www.2 at port 1985 • Uses active/standby routers – Active forwards for virtual MAC – Standby checks to make sure active is up • If down take over the MAC • standby interface level command Copyright © 2010 Internetwork Expert.INE.com .0.INE. Inc www.

com Advanced FHRP Features • • • • Multiple groups per interface Authentication Preemption Interface Tracking and Enhanced Object Tracking – IP SLA integration Copyright © 2010 Internetwork Expert.GLBP Overview • Gateway Load Balancing Protocol • Cisco proprietary – Communication via UDP multicast 224.INE.INE. Inc www.INE.0.0.com .102 at port 3222 • Provides load balancing – One virtual IP address – Multiple virtual MAC addresses • Active Virtual Gateway (AVG) – Responds with virtual MACs • Active Virtual Forwarder (AVF) – Handles particular virtual MAC – AVFs backup each other – AVFs have weights assigned Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert www.

IP SLA Operations.com .) • Tracking object syntax track X – track – track – track – track x x x x interface ip route ip sla list boolean • The command track ip sla links object tracking to IP SLA Operation • IP SLA is mainly used for connectivity tracking with FHRP Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.INE.INE.com Object Tracking (cont. Inc www. Boolean combinations • GLBP supports weighting decrement based on tracking Copyright © 2010 Internetwork Expert.Object Tracking • Allows changing gateway priority based on tracked object state – Select activate gateway based on network conditions • Tracked objects could be – Routes in RIP. Inc www.INE.

) • Linking IP SLA operation FHRP – Create SLA operation • ip sla x – Schedule SLA operations • ip sla schedule x start-time – Create track objects • track x ip sla y – Configure FHRP to use objects (e.2/24 Copyright © 2010 Internetwork Expert www.0.0. HSRP) • standby 1 track x Copyright © 2010 Internetwork Expert.com R2 20.0.g.Object Tracking (cont.0.254/24 VLAN 20 Fa0/13 Fa0/16 Fa 0/1 6 19 / 0 Fa Fa0/16 Fa0/19 SW1 Fa0/0 SW2 Fa0/2 Fa0/0 Fa0/1 R1 10.com FHRP Example SW3 10.INE.0.254/24 VLAN 10 SW4 Fa0/19 Fa0/19 13 0/ Fa Fa 0 /1 6 20.0.0.1/24 Copyright © 2010 Internetwork Expert.INE.com .INE.0. Inc www. Inc www.

com Non-Stop Forwarding (cont) • Stateful Switchover with Redundant RSPs • When active RSP fails.INE. RSP handles IP Routing exchange – Line cards/distributed fabric implement forwarding • RSP failure normally paralyzes data-plane forwarding • Redundant RSPs reduce the risk of failure – Switchover takes time Copyright © 2010 Internetwork Expert.com . CEF is updated based on new information Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.Non-Stop Forwarding • Higher level platforms separate control plane from data plane modules – E. Inc www.INE. Inc www. standby detects it and becomes active – Data-plane State is shared between RSPs – Control Plane need to be restarted in new RSP – Forwarding continues using “old” data-plane information (CEF table) • New RSP initializes and restarts IGP adjacencies • After restart.INE.g.

Non-Stop Forwarding (cont) • Peers should not notice IGP adjacency loss when RSP restarts – Otherwise.INE.com .com Copyright © 2010 Internetwork Expert www. FIB tables are flushed Requires protocol extension to signal restart – Restart bit for EIGRP – Local Link Signaling for OSPF – BGP Graceful Restart Capability • SSO should be enabled per protocol configuration Copyright © 2010 Internetwork Expert.INE. Inc www.

INE.com Attack Mitigation Overview • What are common types of attacks? – Layer 2 attacks? – Layer 3 attacks? – Application attacks? • How do we detect them? • How do we stop them? Copyright © 2010 Internetwork Expert. Inc www.Internetwork Expert’s CCNP Bootcamp Layer 2 Security http://www.com .com Copyright © 2010 Internetwork Expert www.INE.INE.

1Q / ISL tagged frames into switched network in order to hop over VLAN barriers • Two variations – Host runs Dynamic Trunking Protocol (DTP) to actually form a trunk link with the adjacent switch – Host sends frames double tagged with 802. ever! – Unused ports should be assigned to unused non VLAN 1 VLAN – Native VLAN should be changed to new administrative VLAN Copyright © 2010 Internetwork Expert.com .com VLAN Hopping Mitigation • Host facing interfaces should not be dynamic ports – switchport mode access • Don’t use VLAN 1. Inc www.1q headers • Outside header is padding • Inside header is tagged with destination VLAN of victim Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www. Inc www.INE.INE.INE.VLAN Hopping Attack • Attacking host attached to Ethernet network sends 802.

CAM Table Attacks • Switch’s Content Addressable Memory (CAM) table associates destination MAC address with outgoing interface • If CAM table is full all unknown entries are treated like broadcast traffic – Forward out all ports in VLAN except the one it was received on • Attacker floods frames with random source MAC addresses until CAM table fills up • VLAN essentially turns into a hub Copyright © 2010 Internetwork Expert.com .com Copyright © 2010 Internetwork Expert www. Inc www.INE.com CAM Attack Mitigation • Port Security – Limit the amount of source MAC addresses on a port – Limit the specific MAC address allowed on a port – Shut down the port or filter traffic if a violation occurs – Generate a syslog or SNMP trap for notification Copyright © 2010 Internetwork Expert. Inc www.INE.INE.

Inc www.com .com DHCP Starvation Attack • DHCP server has finite IP address scope • Attacker sends flood of DHCP requests with spoofed source MAC addresses • DHCP server leases one IP address per MAC address until pool is depleted • Victim hosts are “starved” of a DHCP lease Copyright © 2010 Internetwork Expert.Man-in-the-Middle (MiM) Attack Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert www.INE.INE.INE.

com .DHCP Starvation Mitigation • Port Security – Limit the amount of source MAC addresses on a port – Limit the specific MAC address allowed on a port – Shut down the port or filter traffic if a violation occurs – Generate a syslog or SNMP trap for notification Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert www.INE. Inc www.INE.same starvation attack result Copyright © 2010 Internetwork Expert.com DHCP Starvation Variation • Port security can be used to limit number of MAC addresses on an interface • Attacker can’t generate DHCP requests with lots of source MAC addresses • Some DHCP implementation don’t use client source MAC address but instead use “Client Hardware Address” inside DHCP request payload • Attacker can keep source MAC address in Ethernet frame the same but change the source MAC address in the DHCP packet • Port security sees only one source MAC address .INE.

com Rogue DHCP Server Attack • DHCP requests are layer 2 broadcasts within the VLAN • By default anyone could reply to a host’s DHCP request • Can facilitate simple DoS.com to phishing website Copyright © 2010 Internetwork Expert.com .INE. or worse. Inc www. Inc www.cisco. MiM attack • For MiM attacker replies to host’s request with… – Itself as default gateway • Sniff all traffic then forward to correct gateway • Transparent from victim perspective – Itself as DNS server • Redirect www.com Copyright © 2010 Internetwork Expert www.DHCP Starvation Mitigation • DHCP Snooping • Listens for DHCP traffic between client and server • Builds IP to MAC mapping on a per interface basis • Additional DHCP requests are dropped on interfaces that already have IP to MAC binding in the snooping table Copyright © 2010 Internetwork Expert.INE.INE.

Rogue DHCP Server Mitigation • DHCP Snooping
– Port connected to DHCP server is in snooping “trust” state – DHCP replies denied in all other ports

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Rogue DHCP Server Mitigation • If switches don’t support snooping…
– DHCP request uses UDP port 67 – DHCP reply users UDP 68 – Filter DHCP replies from all sources except DHCP server

• Can use port ACLs but VACLs would be more efficient

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

ARP Spoofing Attacks • ARP is normally request / reply protocol
– What is 1.2.3.4’s MAC address? – I’m 1.2.3.4, my MAC address is…

• Gratuitous is an unsolicited ARP reply
– Legitimate use is to refresh neighbors’ ARP cache – Illegitimate use is to spoof someone else’s MAC address – Can be used to facilitate MiM attack
Copyright © 2010 Internetwork Expert, Inc www.INE.com

ARP Attack Mitigation • DHCP Snooping & Dynamic ARP Inspection
– DHCP snooping builds IP and MAC binding table – When ARP replies are received the snooping table is checked to see if IP source and MAC address in ARP match – Malformed replies are dropped

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

MAC Spoofing Attack • Attacker simply modifies source MAC and/or IP address to look like someone else • From victim’s perspective it looks like legitimate host

Copyright © 2010 Internetwork Expert, Inc www.INE.com

MAC Spoofing Mitigation • IP Source Guard
– Works like Dynamic ARP Inspection but checks all packets instead of just ARP – Consults DHCP snooping table – If source IP address and MAC don’t match snooping table traffic is dropped

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

MAC Spoofing Mitigation • If switches don’t support IP Source Guard…
– Port security can be used to allow only specific source MAC address or limit number of MAC addresses allowed in the interface

Copyright © 2010 Internetwork Expert, Inc www.INE.com

802.1X Authentication • Used for username / password authentication between client and switch • Uses AAA w/ RADIUS for authentication • Stops illegitimate hosts from joining the network in the first place

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Private VLANs • Allow for layer 2 isolation and access control between ports within the same VLAN • Can span multiple switches • Example:
– Device A, B, C and D are in VLAN 10 – Device A should be allowed to communicate with device B, C, and D – Device B and C should be allowed to communicate with device A and each other – Device D should only be allowed to communicate with device A
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Private VLANs (cont.)
• Private VLANs use “sub-VLANs” within the primary VLAN for the layer 2 isolation
– Community – Isolated

• Sub VLANs contain port types…
– Promiscuous
• Can talk to all ports in the VLAN

– Isolated
• Can talk only to promiscuous ports

– Community
• Can talk to other ports in the same community and to promiscuous ports
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Layer 2 Security Q&A

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Internetwork Expert’s CCNP Bootcamp Layer 2 Voice & Video Support

http://www.INE.com

Power Over Ethernet • Required to centrally power small devices
– IP Phones – Access Point – Surveillance cameras

• PoE reduces Cabling requirements • Centralized power management • PoE compliant switches support power in Ethernet twisted pair
– Injectors could be used with other switches
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Inc www.) • Two incompatible detection methods – Cisco Pre-Standard – IEEE 802. Inc www.INE.com .Power Over Ethernet (cont.com Voice QoS Requirements • VoIP traffic has strict QoS requirements – In terms of Round Trip Time – In terms of Jitter – In terms of packet loss • Packet networks are statistically multiplexed – Oversubscription is possible – Even over engineered network may have traffic bursts over capacity • VoIP deployment requires QoS mechanics Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.INE.1af • Newer devices support both methods • Automatic PoE requirement is detected • Every switch has PoE budget – Plan power usage in ahead • Configuration – Interface: power inline {auto|never} – Exec: show power inline Copyright © 2010 Internetwork Expert.INE.

INE.g. introduces traffic classes – E.INE.com Copyright © 2010 Internetwork Expert www.g. data – Scales with large number of node • Classification is performed at the edge of network – Packet Marking preserves classification decision – All devices must agree on common marking • All devices should implement consistent QoS policy applied to classes Copyright © 2010 Internetwork Expert. ports numbers (via access-lists) – TCP/UDP ports • Could be based on flow characteristics – E.INE.DiffServ QoS Review • Instead of dealing with traffic flows. Inc www.com DiffServ Classification • Could be based on existing marking – Layer 2 (Ethernet CoS) – Layer 3 (IP Precedence & DSCP) • Could be based on traffic characteristic – Protocol. Inc www.com . traffic is metered and exceeding packets are classified as low priority Copyright © 2010 Internetwork Expert. “differentiate” voice vs.

different layer markings should be in sync – E.com Copyright © 2010 Internetwork Expert www.g.INE.INE. Inc www.INE.DiffServ Marking • Marking stores classification decision • To be interpreted by receiving device • Could be encoded differently – Layer 2 CoS – Layer 3 IP DSCP/IPP • To maintain consistency. having CoS 5 with IPP of 0 is not illegal but makes little sense Copyright © 2010 Internetwork Expert. based on marking • Applies to traffic “classes” • Could be of three general types – Assured forwarding (reserves some bandwidth) – Expedited forwarding (priority treatment) – Best-Effort (no guarantees of any type) • Implemented using Cisco’s QoS tools Copyright © 2010 Internetwork Expert.com . Inc www.com DiffServ Per-Hop-Behavior (PHB) • Actual policy implementation.

Trust Boundaries • Accepting existing marking is called “trusting” – Simplest classification method – Saves configuration time and switch resources • Relies on some other device to perform classification – E.g. Inc www.INE.INE.INE. Inc www. IP Phone marking VoIP traffic • Trust boundary typically occurs on network edge • Untrusted ports by default have their marking reset to zero Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.com Trust Boundary Examples Copyright © 2010 Internetwork Expert.com .

Inc www.INE. separate “extension” trust can be defined with switchport priority extend [cos | trust] Copyright © 2010 Internetwork Expert.com Voice VLANs • Voice and Data traffic should be separated – Different Transport Requirements – Different Security Requirements • Same VLAN could be used but normally not recommended • Voice VLAN – AKA Auxiliary VLAN – Automatically Signaled to IP Phone via CDP – Configured using switchport voice vlan Copyright © 2010 Internetwork Expert.Configuring Trust Boundaries • Trust state is configured per-port with the mls qos trust command • Trust can be defined based on… – CoS – IP Precedence – DSCP • Conditional Trust – Based on CDP signaling (cisco-phone) • For ports connected to IP phones.com . Inc www.INE.INE.com Copyright © 2010 Internetwork Expert www.

Voice VLANs (cont. Inc www.INE.1Q trunk encapsulation typically used for this separation • Also allows encoding of CoS value – Regular Ethernet header has no CoS field Copyright © 2010 Internetwork Expert.com Voice VLAN Variations SW1# interface FastEthernet0/1 switchport access vlan 20 switchport voice vlan 10 ! interface FastEthernet0/2 switchport access vlan 20 switchport voice vlan dot1p ! interface FastEthernet0/3 switchport access vlan 20 switchport voice vlan untagged ! interface FastEthernet0/4 switchport access vlan 20 switchport voice vlan none Copyright © 2010 Internetwork Expert.) • A single physical link can connect to a phone and PC at the same time • Voice & data traffic must have some way of being differentiated • 802.com Copyright © 2010 Internetwork Expert www.INE.INE. Inc www.com .

INE.INE. Inc www.INE.Layer 2 AutoQoS • Layer 2 AutoQoS simplifies QoS implementation for VoIP • Effectively a macro that defines… – Trust boundaries – Marking policy – Classification policy – Queueing policy • Configured as port-level auto qos voip [cisco-phone| cisco-softphone | trust] Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www. Inc www.com Q&A Copyright © 2010 Internetwork Expert.com .

com WLANs Overview • WLANs replace Physical (layer 1) and Data Link (layer 2) transports with wireless – Upper layer protocols like IP/TCP/UDP/etc.com Copyright © 2010 Internetwork Expert www.INE.INE.com .Internetwork Expert’s CCNP Bootcamp Wireless LANs http://www.INE. Inc www. are not affected • Similar in many ways to legacy Ethernet – Uses MAC addresses for layer 2 addressing – WLAN is a shared media • • • • Access Point (AP) acts like a hub/repeater Uses same RF for transmit and receive Implies communication is half-duplex Collisions can occur Copyright © 2010 Internetwork Expert.

802. someone is transmitting.11 (WLAN) uses CSMA/CA – Tries to avoid collisions before they happen • Uses Distributed Coordinated Function (DCF) with random Backoff timers to accomplish this – If ACK received. but B & C are not in range of each other • Instead. transmit – Listen for jam signal for Propagation Delay duration • If jam.INE. wait Backoff duration • Else.com Collision Avoidance • In WLANs. transmission assumed successful • AP is responsible for ACKing client data Copyright © 2010 Internetwork Expert.INE. Inc www.Collision Detection • 802.com . collision occurred.com Copyright © 2010 Internetwork Expert www. collisions can’t be detected… – Can’t listen while sending • Implies we can’t hear a jam signal – Possible “hidden terminal” problem • A is in range of B & C. transmission successful Copyright © 2010 Internetwork Expert.INE.3 (Ethernet) uses CSMA/CD – Listen on the wire for Contention Window duration • If. Inc www. wait Backoff duration • Else.

HostC sends next • If ZB = ZC.INE.INE. transmit and advertise duration of frame • i. HostB sends next • If ZC < ZB.com DCF Example • HostA listens on RF and finds it free – Packet sent with Duration X and DIFS Y • HostB listens and hears A sending – HostB must wait X + Y + random Backoff ZB • HostC listens and hears A sending – HostC must wait X + Y + random Backoff ZC • If ZB < ZC. unlikely that stations transmit at the same time Copyright © 2010 Internetwork Expert.com . collision will occur Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert www.e.INE. how many microseconds I need to transmit – Else • Wait for duration heard to expire plus DCF Inter Frame Spacing (DIFS) • Listen again for random Backoff duration – If free. Inc www.Distributed Coordinated Function • DCF is the implementation of collision avoidance • Listen on RF channel – If free. wait for duration to expire plus DIFS plus random Backoff… • Since Backoff is random. transmit and advertise duration – Else.

com Copyright © 2010 Internetwork Expert www. Inc www.com .com SSIDs and Modes • SSIDs fall into three categories and two modes based on who participates in the WLAN • Independent Basic Service Set (IBSS) – Ad hoc mode – Wireless clients without an Access Point • Basic Service Set (BSS) – Infrastructure mode – Wireless clients associated with the same Access Point • Extended Service Set (ESS) – Infrastructure mode – Wireless clients associated with multiple Access Points with the same SSID – Allows for advanced applications like transparent roaming Copyright © 2010 Internetwork Expert.INE. Inc www.WLAN SSIDs • Ethernet LANs define who can talk to each other based on the broadcast domain (VLAN) • With WLANs. stations can receive everyone’s traffic • WLANs are logically separated based on Service Set Identifier (SSID) value – Devices with mismatched SSIDs (generally) ignore each others traffic – Does not affect collision domain Copyright © 2010 Internetwork Expert.g.INE.INE. everyone is in the same collision and broadcast domain – e.

Inc www.com Copyright © 2010 Internetwork Expert www. APs main job is to bridge traffic either… – Wired to wireless – Wireless to wireless • APs can performs different roles such as… – Bridges • Accept traffic in LAN and forward it to client • Used to translate between wired and wireless network • Can be point-to-point (Workgroup Bridge) or point-to-multipoint – Repeaters • Accept RF signal and resend it • Used to extend range of wireless network – Mesh topologies • Combination of both repeating and bridging • Used for fault tolerance. load distribution.com WLAN Topologies • Once association is complete.INE.INE.com . etc.INE. clients perform a negotiation process called “association” • Association steps are… – Client sends “probe request” to find AP – AP responds with “probe response” • AP can also send unsolicited “beacon” – Client starts association – AP accepts/rejects association – If successful. Inc www. transparent roaming. Copyright © 2010 Internetwork Expert.Wireless Association • In order to communicate with an AP. AP installs client’s MAC Copyright © 2010 Internetwork Expert.

WLAN Multipoint Bridging Topology LAN Copyright © 2010 Internetwork Expert.INE. Inc www.com WLAN Point-to-Point Bridging Topology Copyright © 2010 Internetwork Expert. Inc www.INE.com Copyright © 2010 Internetwork Expert www.INE.com .

com WLAN Mesh Topology LAN Copyright © 2010 Internetwork Expert.INE.WLAN Repeaters Topology Copyright © 2010 Internetwork Expert.INE. Inc www.com Copyright © 2010 Internetwork Expert www. Inc www.INE.com .

g.com .INE. VLAN 20 SSID “private” with WPA2 Copyright © 2010 Internetwork Expert. Aironet) can support multiple SSIDs per AP • SSIDs can be mapped to VLANs. and then trunked back to the LAN via 802.INE.INE. VLAN 10 SSID “guest” with open access – E.com Copyright © 2010 Internetwork Expert www. Inc www.g.com WLAN VLAN Topology Copyright © 2010 Internetwork Expert. Inc www.g.1q • Does not separate the broadcast or collision domain.WLAN VLAN Support • Enterprise APs (e. but does create different logical segments – E.

association.INE. authentication. Inc www.com .com Copyright © 2010 Internetwork Expert www. but in large deployment difficult to manage – Each AP requires manual config of parameters such as SSIDs. probes.INE. – WLC • Controls management and non real-time operations – SSIDs. etc. QoS. Inc www. etc. Security. VLANs. VLAN.INE. buffering. etc. • LWAPs are now plug-and-play and require the WLC for operation Copyright © 2010 Internetwork Expert. • CUWS adds scalability by separating the WLAN data plane and control plane into a “split MAC” design with two key components – Lightweight Access Points (LWAPs) – Wireless LAN Controllers (WLCs) Copyright © 2010 Internetwork Expert.com Lightweight WLANs • Split MAC means that LWAP and WLC share functionality that an autonomous AP performs on its own – LWAP • Actual RF transmission • Controls real-time operations – Beacons.Cisco Unified Wireless Solution • Standalone or “autonomous” APs are easy to install.

11 frame and encapsulates inside UDP towards WLC • Implies WLC can be anywhere as long as reachable Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert www. Inc www.INE.LWAP to WLC Communication • All RF traffic an LWAP receives must first go to the WLC – Traffic forwarding paradigm now changes • Even for hosts associated to same AP – Tunneled with the Lightweight Access Point Protocol (LWAPP) • LWAPP tunnel can run in two modes – Layer 2 • LWAP receives 802.com .INE.com Layer 2 LWAPP Topology IP Copyright © 2010 Internetwork Expert.INE.11 frame and encapsulates inside Ethernet towards WLC • Implies LWAP and WLC must be in same VLAN & subnet – Layer 3 • LWAP receives 802.

Inc www.com . Inc www.Layer 3 LWAPP Topology Copyright © 2010 Internetwork Expert.INE.INE.com Copyright © 2010 Internetwork Expert www.com Wireless Q&A Copyright © 2010 Internetwork Expert.INE.

com Internetwork Expert’s CCNP Bootcamp IP Routing Overview http://www. layer 2 packet rewrite Copyright © 2010 Internetwork Expert.INE.com IP Routing Overview • Three main steps – Routing • Find the outgoing interface – Switching • Move the packet between interfaces – Encapsulation • Build the layer 2 header • i.e.com Copyright © 2010 Internetwork Expert .INE.www. Inc www.INE.

7.0.4 via 5.4.3.www.3.0/8 1.6 directly connected.2.INE.com The Routing Process • Step 1: Find the longest match – show ip route 1.1.0.5.INE.0.6. Inc www.0/24 Which route chosen? • Step 2: Perform recursive lookup – 1.2.com Metric vs.8 • 5. Administrative Distance • If there are multiple longest matches from… – the same protocol • Metric used to decide between multiple routes from the same protocol – different protocols • Administrative distance used to decide between multiple routes from different protocols Copyright © 2010 Internetwork Expert.2 – 9.6.1.7.3.0/16 1.8 via 9.com Copyright © 2010 Internetwork Expert .2.5.2.4 • • • • 1.0.INE.6 » 3.4. Inc www.0.2 via 3. FastEthernet0/0 Copyright © 2010 Internetwork Expert.

INE.com Copyright © 2010 Internetwork Expert . Inc www.www.INE. Inc www.com Administrative Distance Reference Connected Static EIGRP Summary External BGP Internal EIGRP IGRP* OSPF IS-IS RIP EGP* ODR External EIGRP Internal BGP Infinite 0 1 5 20 90 100 110 115 120 140 160 170 200 255 *Deprecated Copyright © 2010 Internetwork Expert.com The Switching Process • Move the packet between interfaces • Where load balancing occurs • Switching Paths – Process – Fast – CEF –… Copyright © 2010 Internetwork Expert.INE.

0. Copyright © 2010 Internetwork Expert.0.0 1. Frame Relay.com Copyright © 2010 Internetwork Expert . Inc www. HDLC.2.0 FastEthernet0/0 – No recursive lookup – Resolve layer 2 address for final destination • Ethernet Proxy-ARP • NBMA Mappings Copyright © 2010 Internetwork Expert. layer 2 packet rewrite • Two different types of interfaces – Point-to-point • Only one possible destination • No need for layer 2 addressing • e.INE. etc.e.3.0.g.com The Encapsulation Process • Build the layer 2 header based on the outgoing media – i.0.com Routing to a Next-Hop vs. PPP.1 – No recursive lookup – Layer 2 resolution not required • To multipoint Interface – e. etc.3.0 255.g. ip route 10.0.2.g.0.0.INE.0.0 255. – Multipoint • More than one possible destination • Requires layer 3 to layer 2 resolution • e.INE. Inc www.4 – Recursive lookup required – Resolve layer 2 address of 1.g.0.www. Ethernet.0 Serial0/0.4 • To point-to-point interface – e.g. Interface • To next-hop – e.0. ip route 10.0. ATM.0 255. ip route 10.0.

www.INE.INE. Inc www.com Copyright © 2010 Internetwork Expert .com IP Routing Q&A Copyright © 2010 Internetwork Expert.

com Copyright © 2010 Internetwork Expert .INE. Inc www.com Internetwork Expert’s CCNP Bootcamp Enhanced Interior Gateway Routing Protocol (EIGRP) http://www.INE.com What is EIGRP? • Enhanced Interior Gateway Routing Protocol – Successor to Interior Gateway Routing Protocol (IGRP) • Cisco proprietary “hybrid” protocol – Both Distance Vector and Link State Behavior – Really “Advanced Distance Vector” • “Classless” protocol – Supports VLSM and summarization Copyright © 2010 Internetwork Expert.www.INE.

INE.com Why Use EIGRP? (cont. Inc www.com Copyright © 2010 Internetwork Expert .com Why Use EIGRP? • Guarantees loop-free topology – Diffusing Update Algorithm (DUAL) • Fast convergence – Fastest of all IGP in certain designs • Reliable & Efficient Updating – Forms active neighbor adjacencies – Guarantees packet delivery with Reliable Transport Protocol (RTP) – Supports partial updates • Not all neighbors need all routes Copyright © 2010 Internetwork Expert.www. Inc www.INE. but originally important in nonconverged networks • Granular Metric – Hybrid metric derived from multiple factors • Unequal Cost Load Balancing – Only IGP that supports true load distribution • Control Plane Security – Supports MD5 based authentication Copyright © 2010 Internetwork Expert.) • Multiple routed protocol support – IPv4. IPX.INE. & Appletalk – Legacy now.

www. Inc www.com Step 1 .INE.Discovering EIGRP Neighbors • EIGRP uses multicast “HELLO” packets to discover neighbors on EIGRP enabled attached links – Transport via IP protocol 88 (EIGRP) – Destination address 224.Neighbor and Topology Table Maintenance Copyright © 2010 Internetwork Expert.Exchange Topology Information Step 3 .com Copyright © 2010 Internetwork Expert .10 • Hello packets contain… – – – – Autonomous System Number Hold Time Authentication Metric Weightings (K values) • Neighbors found are inserted into EIGRP “neighbor table” – show ip eigrp neighbors • Neighbors that agree on attributes and exchange updates form active “adjacency” Copyright © 2010 Internetwork Expert. Inc www.INE.0.0.INE.com How EIGRP Works • • • • Step 1 .Choose Best Path via DUAL Step 4 .Discover EIGRP Neighbors Step 2 .

EIGRP uses complex “composite” metric to choose best path • Composite metric calculated from… – – – – – Administrative Weighting Bandwidth Delay Load Reliability • Path with lowest composite metric is considered best and installed in IP routing table • One or more backup routes can also be pre-calculated per destination • Only best route is advertised to other EIGRP neighbors Copyright © 2010 Internetwork Expert.www.INE.INE.INE.0. Inc www.com Step 3 .10 or as unicast RTP uses sequence numbers and acknowledgements (ACKs) to ensure delivery Update messages describe attributes of a route – – – – – – – – – Prefix + Length Next-Hop Bandwidth Delay Load Reliability MTU Hop Count External Attributes • All routes learned from all neighbors make up the EIGRP “topology table” – show ip eigrp topology Copyright © 2010 Internetwork Expert. Inc www.0. DUAL runs to choose loop-free best path to each destination • Unlike other protocols.Exchanging Topology Information • • • Once neighbors are found.com Copyright © 2010 Internetwork Expert .Choosing The Best Path • Once topology is learned. EIGRP “UPDATE” messages used to exchange routes – Sent as multicast to 224.com Step 2 .

route goes into “active” state and “active timer” starts – Stable routes not in active state are considered “passive” • EIGRP “QUERY” message is reliably sent to remaining neighbors asking if there is an alternate route • QUERY is propagated to all neighbors within EIGRP “query domain” or “flooding domain” – More on this later… • Neighbors respond with EIGRP “REPLY” packet indicating if alternate route is available – If alternate route exists.www. DUAL must run again Copyright © 2010 Internetwork Expert.INE. neighbor declared unreachable • When neighbor is lost… – Paths via that neighbor are removed from topology and routing table – If backup routes exist. they become new best paths and are inserted in routing table • In this case EIGRP can have sub-second convergence – If no backup routes exist.com Step 4 .com DUAL Reconvergence • When best path is lost and no backup routes exist.INE. prefix removed from topology table – If active timer expires and no REPLY received.Neighbor and Topology Table Maintenance • Unlike RIP or IGRP. Inc www. Inc www. route is declared “Stuck-In-Active” (SIA) and removed from topology table Copyright © 2010 Internetwork Expert. active EIGRP neighbor adjacency reduces convergence time in event of network failure • Adjacent neighbors’ hello packets contain “hold time” – If no hello is received within hold time. DUAL recalculates new best path – If no alternate route.INE.com Copyright © 2010 Internetwork Expert .

www. Inc www.com Copyright © 2010 Internetwork Expert .com EIGRP Loop Prevention • EIGRP guarantees loop-free topology through usage of… – Split Horizon • Don’t advertise routes out the link they came in on – DUAL Feasibility Condition • If your metric is lower than mine.com DUAL Terms in Detail • Successor – Best path to a destination • Feasible Distance (FD) – Composite metric of best path • Feasible Successor (FS) – Backup path to a destination • Advertised Distance (AD) – Composite metric learned from neighbor • Local Distance (LD) – Composite metric to reach local neighbor • Feasibility Condition (FC) – Criteria for valid backup paths Copyright © 2010 Internetwork Expert.INE. you are loop-free Copyright © 2010 Internetwork Expert.INE. Inc www.INE.

INE.INE. Inc www.www.com DUAL Example Local Distance Advertised Distance Feasible Distance R1→R2→R5→X = 21 R1→R3→R5→X = 36 R1→R4→R5→X = 36 R1 10 11 R2→R5→X = 11 R2→R3→R5→X = 26 20 16 10 15 11 10 R2 R3→R5→X = 16 R3→R2→R5→X = 21 R3→R4→R5→X = 31 21 21 R4→R5→X = 21 R4→R3→R5→X = 26 16 10 R3 15 16 1 1 20 R4 1 R5 VLAN X 1 R5→X = 1 Copyright © 2010 Internetwork Expert.com DUAL Path Selection in Detail • Once adjacency occurs and update messages are exchanged. path selection begins • Each update includes the metric the upstream router uses to reach destination (AD) • Local router knows the metric to reach each upstream router (LD) • Best path (successor) is chosen based on lowest AD + LD Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert .INE.

path is loop-free and viable backup – e. additional paths are examined for backup routes • Feasibility Condition (FC) finds loop-free backup routes via logic… – If AD < FD.INE.com Copyright © 2010 Internetwork Expert .com Feasibility Condition in Detail • Once best path is chosen.g. Inc www.INE.www.com Feasibility Condition Example Local Distance Advertised Distance Feasible Distance R1→R2→R5→X = 21 R1→R3→R5→X = 36 R1→R4→R5→X = 36 FD = 21 Find routes with AD < 21 R1 X via R3 = 16 R3 is Feasible Successor 10 X via R4 = 21 11 R2→R5→X = 11 R2→R3→R5→X = 26 20 16 10 15 R4 IS NOT Feasible Successor 10 R3→R5→X = 16 R3→R2→R5→X = 21 R3→R4→R5→X = 31 21 R4→R5→X = 21 R4→R3→R5→X = 26 R2 R3 15 R4 10 20 R5 VLAN X 1 R5→X = 1 Copyright © 2010 Internetwork Expert. if your metric is lower than mine.INE. Inc www. you are closer to the destination and loop-free • Paths that meet the FC are Feasible Successors (FS) • Only Feasible Successors can be used for unequal cost load balancing Copyright © 2010 Internetwork Expert.

K3 = 1. Inc www.com Copyright © 2010 Internetwork Expert .INE. K2 = 0. Inc www.com Composite Metric Calculation Example All Links FastEthernet BW = 100.000Kbps DLY = 100µs R1→R2→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 R1→R3→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 R1→R4→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 Advertised Distance Feasible Distance 30720 30720 30720 R3→R5→X = (107 * 256 / 100000BW) + (20DLY * 256) = 30720 R3→R2→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 30720 30720 R3→R4→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 30720 30720 R4→R5→X = (107 * 256 / 100000BW) + (20DLY * 256) = 30720 R4→R3→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 28160 R2→R5→X = (107 * 256 / 100000BW) + (20DLY * 256) = 30720 R2→R3→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 28160 28160 R5→X = (107 * 256 / 100000BW) + (10DLY * 256) R5→X = 28160 Copyright © 2010 Internetwork Expert. K5 = 0 – Implies default composite is bandwidth + delay – Reliability and load typically not used since they are constantly changing Copyright © 2010 Internetwork Expert.com Composite Metric Calculation in Detail • Unlike other IGPs’ hop count or BW-based cost.INE.www. K4 = 0.load) + k3 * delay] – If k5 != 0. EIGRP metric is a hybrid value comprised of… – – – – Inverse lowest bandwidth along path in Kbps scaled by 107 * 256 Cumulative delay along path in tens of microseconds (µs) scaled by 256 Worst load along path Worst reliability along path • Composite metric is computed as… – metric = [k1 * bandwidth + (k2 * bandwidth)/(256 .INE. metric = metric * [k5/(reliability + k4)] • “K” values allow for manual administrative weighting – Must match for adjacency to occur • Default K values are K1 = 1.

INE. controls what interfaces run the protocol Copyright © 2010 Internetwork Expert. Inc www.INE.com Implementing Basic EIGRP • Initialize EIGRP process – router eigrp [asn] • Enable EIGRP on links – network [address] [wildcard] • Network statement does not control what is advertised.com Verifying Basic EIGRP • Verify EIGRP interfaces – show ip eigrp interfaces • Verify EIGRP neighbors – show ip eigrp neighbors • Verify EIGRP topology – show ip eigrp topology • Verify EIGRP routes in routing table – show ip route [eigrp] Copyright © 2010 Internetwork Expert.www. Inc www.com Copyright © 2010 Internetwork Expert .INE.

1.INE.35 10.0 no auto-summary R2#show run | section router eigrp 1 router eigrp 1 network 10.1.5.0.23 R3 Fa0/0.1.0.4.45.255 no auto-summary R3#show run | section router eigrp 1 router eigrp 1 network 10.255.23 Fa0/0.34.INE.0.0.0/24 VLAN 23 10.0 0.1.4 R4 Fa0/0.INE.1.0/24 VLAN 5 Copyright © 2010 Internetwork Expert.1.12.5 10.1.1.0/24 VLAN 35 10.0.23. Inc www.0.255 network 10.0 no auto-summary Copyright © 2010 Internetwork Expert.4 0.0.0.2 R2 Fa0/0.0/24 VLAN 34 10.0 0.35 Fa0/0.4 0.1.1.0/24 VLAN 12 R1 10.255 no auto-summary R4#show run | section router eigrp 1 router eigrp 1 network 10.0/24 VLAN 2 Fa0/0.45 Fa0/0.0/24 VLAN 25 Fa0/0.com Copyright © 2010 Internetwork Expert .12 10.45.4 0.0.35.34.0.1.23.0 no auto-summary R5#show run | section router eigrp 1 router eigrp 1 network 0.1.0. Inc www.0/24 VLAN 1 Fa0/0.0/24 VLAN 4 Fa0/0.0.4.0.45 10.255 network 10.com Basic EIGRP Configuration R1#show run | section router eigrp 1 router eigrp 1 network 10.2.25 Fa0/0.www.1 Fa0/0.0.1.1.0.35.0 network 10.34 Fa0/0.0 0.0 0.0 network 10.1.25.1.1.12 10.com Implementing Basic EIGRP Example 10.34.34 Fa0/0.1.0/24 VLAN 45 R5 Fa0/0.0.0.0.25 Fa0/0.

12.1.12. d=224.1 (local).0. sending broad/multicast.1 0 0/0 Fa0/0.12. sending.12.2 (FastEthernet0/0. proto=88 <output omitted> Copyright © 2010 Internetwork Expert. Inc www.1 (local).10. len 68. d=224. rcvd 3.com EIGRP Interface Verification R1#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Interface Peers Un/Reliable Fa0/0.12. proto=88 IP: s=10.1.12. rcvd 2.12).0.10 (FastEthernet0/0.14 0 0/0 R2#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Interface Peers Un/Reliable Fa0/0.12.0.1.www. R1(config)#router eigrp 1 R1(config-router)#no auto-summary R1(config-router)#network 10.1. proto=88 IP: s=10.12).10.12).5 0 0/0 Fa0/0.1.2 (FastEthernet0/0.12).12).35 1 0/0 Fa0/0. d=224.0.0.12.1.12).12).0. d=10.12).1.2 (FastEthernet0/0.1.0.com Copyright © 2010 Internetwork Expert .0.12) is up: new adjacency IP: tableid=0.10.35 1 0/0 R4#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Interface Peers Un/Reliable Fa0/0.45 1 0/0 R5#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Interface Peers Un/Reliable Fa0/0. d=224.1.25 1 0/0 R3#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Interface Peers Un/Reliable Fa0/0.0.2 (FastEthernet0/0.1.1 (FastEthernet0/0.12 1 0/0 Fa0/0.23 1 0/0 Fa0/0. sending broad/multicast.10 (FastEthernet0/0.1 (FastEthernet0/0.12 1 0/0 Fa0/0.0. proto=88 IP: s=10. Inc www.1.12). d=10.2 (FastEthernet0/0.2 (FastEthernet0/0. routed via RIB IP: s=10. d=10. proto=88 %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.25 1 0/0 Fa0/0. d=224. sending R1(config-routbroad/multicast.12).12).1).34 1 0/0 Fa0/0. one per line. len 60. d=224. proto=88 IP: tableid=0.1.2 (FastEthernet0/0.0. proto=88 IP: s=10.2 0 0/0 Fa0/0.12. len 40.1 (local). sending broad/multicast.12.12.0.0.12).1 (local).45 1 0/0 Mean SRTT 0 8 0 0 Pacing Time Un/Reliable 0/1 0/1 0/1 0/1 Multicast Flow Timer 0 50 0 0 Pending Routes 0 0 0 0 Mean SRTT 0 4 6 9 Pacing Time Un/Reliable 0/1 0/1 0/1 0/1 Multicast Flow Timer 0 50 50 50 Pending Routes 0 0 0 0 Mean SRTT 6 1 8 Pacing Time Un/Reliable 0/1 0/1 0/1 Multicast Flow Timer 50 50 50 Pending Routes 0 0 0 Mean SRTT 1 0 4 Pacing Time Un/Reliable 0/1 0/1 0/1 Multicast Flow Timer 50 0 50 Pending Routes 0 0 0 Mean SRTT 0 13 15 7 Pacing Time Un/Reliable 0/1 0/1 0/1 0/1 Multicast Flow Timer 0 80 80 50 Pending Routes 0 0 0 0 Copyright © 2010 Internetwork Expert.12.34 1 0/0 Fa0/0.INE. len 60.12.1.INE. rcvd 2.12.1. routed via RIB IP: s=10.23 1 0/0 Fa0/0. proto=88 IP: s=10.1 (FastEthernet0/0.INE. len 60. d=224. s=10.12).2 (FastEthernet0/0. len 77.12.0 R1(config-router)#end R1# IP: s=10.12. len 320.10 (FastEthernet0/0.com EIGRP Packet Level Debug R1#debug ip packet detail IP packet debugging is on (detailed) R1#config t Enter configuration commands.1.1.0.12.13 0 0/0 Fa0/0. len 60. s=10.1 (local).12.0.1. End with CNTL/Z. sending broad/multicast. d=224. d=10.4 0 0/0 Fa0/0.1 (FastEthernet0/0.10 (FastEthernet0/0.1. proto=88 IP: s=10.1. len 40.12). d=10.12). rcvd 2. proto=88 IP: s=10.10 (FastEthernet0/0. rcvd 3.0. proto=88 IP: s=10.0. len 320.1 (local).1. len 77.2 (FastEthernet0/0.12).0.

45.1.1.INE.12 P 10.2.34 Hold Uptime SRTT (sec) (ms) 14 01:27:30 122 13 01:27:44 35 RTO 732 210 Q Cnt 0 0 Seq Num 55 86 R5#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface 2 1 0 10.1.INE.3 (33280/30720). 1 successors. FastEthernet0/0.25.25.4. FastEthernet0/0.1.34.25 P 10.35 Fa0/0.35.1.25. U .23 via 10.1.1.0/24.3 Fa0/0.1. 1 successors.25 P 10. 2 successors.Reply.0/24.2 10. FD is 30720 via 10.25 Fa0/0.2 P 10.14. 2 successors. FastEthernet0/0. FastEthernet0/0. FastEthernet0/0.1. r . FD is 28160 via Connected.0/24.1.5 (33280/30720).1.25 P 10.0/24. 2 successors. 1 successors.25.1. FD is 30720 via 10.Update.1.0/24.23 P 10.45 Fa0/0.23 via 10.3 (33280/30720). FD is 30720 via 10. FastEthernet0/0.0/24.com EIGRP Topology Verification R2#show ip eigrp topology IP-EIGRP Topology Table for AS(1)/ID(10. 1 successors.4 Fa0/0.1.1. 1 successors.1 (30720/28160). 1 successors.4 10.25.Query.23 via 10. FD is 28160 via Connected.1.5 (30720/28160).12.5.0/24.23.23. 1 successors.25 P 10.0/24.45.1 10.25.23 Hold Uptime SRTT (sec) (ms) 11 00:03:18 10 10 01:27:25 1 11 01:27:38 1 RTO 200 200 200 Q Cnt 0 0 0 Seq Num 4 54 85 R3#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface 3 1 0 10.25.1. FD is 30720 via 10.1.5 10.1. FD is 28160 via Connected.com EIGRP Neighbor Adjacency Verification R1#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface 0 10.0/24.25 Fa0/0.1.5 (33280/30720).INE.0/24. FD is 28160 via Connected. FastEthernet0/0.2 Fa0/0. FastEthernet0/0. FastEthernet0/0.25.23.23 Fa0/0. s . FD is 30720 via 10.12.34.3 Fa0/0.1.3 (30720/28160).Passive.0/24. FastEthernet0/0. Inc www.23. FastEthernet0/0.3 Fa0/0.12 P 10.1.23 P 10. FastEthernet0/0.23.1.reply Status.5 10.12 Hold Uptime SRTT (sec) (ms) 11 00:03:10 17 RTO 200 Q Seq Cnt Num 0 57 R2#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface 2 1 0 10.23.25 P 10.1. FD is 30720 via 10.12. Inc www.2 10.1. FD is 33280 via 10. Q .1.3 (30720/28160).Active.12 Fa0/0.0/24.1.1.com Copyright © 2010 Internetwork Expert .5 10.25. FastEthernet0/0.23.1.2) Codes: P .23 Copyright © 2010 Internetwork Expert. FastEthernet0/0.1.45.5 (30720/28160). 1 successors.34.34 Hold Uptime SRTT (sec) (ms) 11 01:27:28 42 11 01:27:41 18 10 01:27:41 69 RTO 252 200 414 Q Cnt 0 0 0 Seq Num 56 59 47 R4#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface 2 1 10.sia Status P 10.5 (30720/28160).1.45 Fa0/0.1.1. A .1.13.www. R .12. 1 successors. FD is 33280 via 10.3 (30720/28160).35 Hold Uptime SRTT (sec) (ms) 11 01:27:33 12 13 01:27:33 1 13 01:27:33 5 RTO 200 200 200 Q Cnt 0 0 0 Seq Num 46 58 87 Copyright © 2010 Internetwork Expert.1.1. FastEthernet0/0.23.25 P 10.35.35.1.

25.23.0 is directly connected.23.INE.1.1.3 (FastEthernet0/0.0 [90/30720] via 10.25 10.1.mobile. B .connected. 01:31:20.5. L1 .3.IS-IS level-1. S .5 (FastEthernet0/0.0 [90/30720] via 10. su . FastEthernet0/0.periodic downloaded static route Gateway of last resort is not set 10.3.13.23.1. FastEthernet0/0.per-user static route o .23). Inc www.1.0 IP-EIGRP (AS 1): Topology entry for 10.4. FastEthernet0/0.0 [90/33280] via 10.1.5.0.1.0 [90/30720] via 10.2. E2 . FastEthernet0/0.23.1.25.12 10.com EIGRP Routing Table Verification R2#show ip route Codes: C .1.candidate default.23 10.EIGRP.0/24 is subnetted. M .EIGRP external.5. FastEthernet0/0.ODR.23 10.0 255.23. R .23 10.0.IS-IS level-2 ia .12.25 [90/33280] via 10. P .OSPF.5.25.25 10.1.5.0 is directly connected.IS-IS.0 is directly connected.1.0/24 State is Passive.1.5. 00:19:42.IS-IS summary.25.1.1.35.25 10. FastEthernet0/0.0 [90/30720] via 10.1.com Copyright © 2010 Internetwork Expert .12.1.1. L2 .OSPF external type 2 i .RIP.static.3.1.25. Inc www.1.1. 00:19:41. U .25. 01:31:20. 00:19:41.23.255.5.45. from 10. FastEthernet0/0. IA .0 [90/30720] via 10.IS-IS inter area.1.25 [90/33280] via 10. 00:07:41.5. from 10. Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 300 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 2 Copyright © 2010 Internetwork Expert. O .1.3.23 D D C C D D D C C D D D Copyright © 2010 Internetwork Expert.www.25.14. FastEthernet0/0.1.BGP D .23 10.INE.1. FastEthernet0/0.0 is directly connected. 1 Successor(s). Send flag is 0x0 Composite metric is (33280/30720).1.0 [90/33280] via 10.23.3. FastEthernet0/0. EX .25. 00:19:40.1.23 10.1.1.OSPF NSSA external type 2 E1 .0 [90/30720] via 10. * .INE.2 10.com EIGRP Topology Verification Detail R2#show ip eigrp topology 10.25). FD is 30720 Routing Descriptor Blocks: 10.1. 01:31:20. N2 . Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 200 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 10.OSPF inter area N1 .34.12 10. FastEthernet0/0. Send flag is 0x0 Composite metric is (30720/28160). FastEthernet0/0.5. 01:31:20. 12 subnets 10. 00:19:40.1. FastEthernet0/0.23.255. 01:30:23. FastEthernet0/0. FastEthernet0/0.OSPF external type 1.OSPF NSSA external type 1.25 [90/30720] via 10.3. Query origin flag is 1.1.

5.25 Route metric is 30720. Hops 1 Copyright © 2010 Internetwork Expert.0 Routing entry for 10.INE.com EIGRP Default Routing • EIGRP supports default routing two ways – Candidate default network • ip default-network [network] – Native advertisement of 0.5. minimum MTU 1500 bytes Loading 1/255. metric 30720.www. traffic share count is 1 Total delay is 200 microseconds.1. from 10. via FastEthernet0/0. Inc www.255.5.INE.INE.0/24 Known via "eigrp 1". Inc www. type internal Redistributing via eigrp 1 Last update from 10.25.1. minimum bandwidth is 100000 Kbit Reliability 255/255.com EIGRP Routing Table Verification Detail R2#show ip route 10.1.1.1.0/0 prefix • default-information command in EIGRP does not behave the same as other protocols Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .0 255.0.25.25.5 on FastEthernet0/0. 01:30:53 ago. distance 90.0.25. 01:30:53 ago Routing Descriptor Blocks: * 10.255.5.

25 10.IS-IS level-1. U .1. FastEthernet0/0.2 10.1 255.23.IS-IS level-2 ia .23 10.5.periodic downloaded static route Gateway of last resort is 10.1.0 [90/30720] via 10.INE. FastEthernet0/0.1.25. L2 .0 [90/30720] via 10.23. 00:20:11. O .4.BGP D .1.12 10.static.0 [90/30720] via 10.0 [90/33280] via 10.1. 00:31:28.23.12.OSPF.0. su . FastEthernet0/0.25.0.5. Inc www.1.1.0 [90/30720] via 10.0.candidate default.0.OSPF NSSA external type 2 E1 . 00:31:29. 00:01:43. EX . FastEthernet0/0.com IP Default-Network Example R1# interface Loopback0 ip address 1.0 R2#show ip route Codes: C . Inc www. FastEthernet0/0. 00:31:29.mobile. FastEthernet0/0.3.0 is directly connected.0/0 advertisement • Default network must be… – Dynamically learned through EIGRP – Not directly connected – Classful network • Limited application due to these restrictions Copyright © 2010 Internetwork Expert.1.23 Copyright © 2010 Internetwork Expert.1.0. 00:31:29.12.www.23 10. S . IA . N2 .25 [90/33280] via 10. 00:31:29.0.IS-IS. L1 .3.OSPF inter area N1 .25 10.per-user static route o .OSPF NSSA external type 1.1.1.0. 00:31:28.1.23. FastEthernet0/0.OSPF external type 2 i . P . FastEthernet0/0.1.0.com IP Default-Network • Candidate default network is backwards compatible with IGRP – IGRP didn’t support native 0. R .1.connected.5.1.1. FastEthernet0/0.5.INE.35.0/8 [90/156160] via 10.0 is directly connected.1.1.1.25.0.INE. FastEthernet0/0.25 [90/30720] via 10.IS-IS summary. 10 subnets 10.45.25.0/24 is subnetted.34. * .1 to network 1.12 10.25 10.0.0 is directly connected. 00:31:28. FastEthernet0/0.12 10. M .RIP.25.1.12.0.EIGRP.OSPF external type 1.1. B .5.2.0.IS-IS inter area.0 ! router eigrp 1 network 1.0 is directly connected.0.0.EIGRP external.3.23 10. FastEthernet0/0.ODR.12.1.0.0 D* C C D D D C C D D D 1.0 R2# ip default-network 1. E2 .0.1. FastEthernet0/0.com Copyright © 2010 Internetwork Expert .0 [90/30720] via 10.

1.5.OSPF external type 2 i . FastEthernet0/0.0 is directly connected.1.0 [90/30720] via 10.OSPF NSSA external type 2 E1 .34. S .0.com 0.0.12.0.0.25 10.IS-IS summary.0 0.0 [90/30720] via 10.5. P .INE. R .EIGRP external. 00:34:51.1. FastEthernet0/0.1.1.23 0.3. 00:34:50.1.0.0 under EIGRP process – Redistribution from static or another protocol – Summarization Copyright © 2010 Internetwork Expert. FastEthernet0/0. 00:34:51.candidate default.0. L2 .1.0/0 network can be advertised via… – Static default route to an interface + network 0. B .0 [90/33280] via 10.1.23.0 [90/30720] via 10.1 to network 0.1. E2 .2 10. FastEthernet0/0.1.25.0.1.1.0 is directly connected.OSPF external type 1.23 10.0/0 Advertisement Examples R1# router eigrp 1 network 0.12 C C D D D C C D D D D* Copyright © 2010 Internetwork Expert.23 10.EIGRP.www.23.1.35.12. Inc www.mobile. 10 subnets 10.com Copyright © 2010 Internetwork Expert .3.25 [90/30720] via 10.23. FastEthernet0/0.12.0/0 [90/28160] via 10.1.per-user static route o . FastEthernet0/0. 00:01:05.45.0.0.IS-IS level-2 ia . 00:23:33.0.12 10.25.1.0.IS-IS.BGP D .com Native Default Advertisement • Native 0.IS-IS inter area.0 ! ip route 0.1.0 10.periodic downloaded static route Gateway of last resort is 10.0 [90/30720] via 10.OSPF NSSA external type 1. FastEthernet0/0. M .0.connected.25.0.0.25.23.OSPF.1.static.1. Inc www. EX .0 [90/30720] via 10. N2 . 00:34:50.23 10. L1 .ODR.25 10.0.1. FastEthernet0/0.INE.25 [90/33280] via 10.0.0.4.1.25 10.1.5. 00:34:51.3.1.IS-IS level-1. IA .OSPF inter area N1 . FastEthernet0/0.1. O .0 is directly connected.INE.2. FastEthernet0/0. U .0 Null0 R2#show ip route Codes: C .12.25. FastEthernet0/0. * . su .0 is directly connected.0/24 is subnetted.12 10. 00:34:50.5. FastEthernet0/0. FastEthernet0/0.RIP.5.0. 00:34:51.

IS-IS inter area.5. P . O . FastEthernet0/0. L1 .0 0.1. FastEthernet0/0. EX .) R1# interface FastEthernet0/0.OSPF NSSA external type 2 E1 .1. FastEthernet0/0.0.OSPF NSSA external type 2 E1 . * .3.periodic downloaded static route Gateway of last resort is 10.1.25 D 10.25 10.0. 00:36:11.0.ODR.23 10. L2 . IA .5.ODR.0.1.25. 00:38:16.0 Null0 R2#show ip route Codes: C .1. 10 subnets 10. E2 .23. 00:00:27.0.0.25 [90/33280] via 10.INE. FastEthernet0/0.0 5 R2#show ip route Codes: C .0. N2 . 00:38:17. FastEthernet0/0.1.12 10.12 10.23. 00:24:53.1. S .static.1.0 [90/30720] via 10.1.1.0 is directly connected.1.1.OSPF external type 2 i .candidate default.0 [90/30720] via 10.5.OSPF external type 2 i .0. FastEthernet0/0. FastEthernet0/0. FastEthernet0/0.1.0 is directly connected. 00:38:17.1.per-user static route o . Inc www.23 D 10.0. 00:36:11. FastEthernet0/0.mobile.1. 00:00:26.0.0 [90/30720] via 10. 00:36:10.) R1# router eigrp 1 redistribute static metric 100000 100 255 1 1500 ! ip route 0.25 C 10.INE.34.1.0 [90/33280] via 10. FastEthernet0/0.25.23 10.OSPF.IS-IS summary. B .25 [90/30720] via 10.0. FastEthernet0/0.1. R . EX . FastEthernet0/0.OSPF external type 1.0 [90/30720] via 10.23.23.23 D 10. L2 . FastEthernet0/0.0.1.23.25.OSPF NSSA external type 1.3.12 C C D D D Copyright © 2010 Internetwork Expert.12.25.EIGRP.IS-IS level-1.45.12.0.connected. U .5.12.0. FastEthernet0/0.0.1.3.RIP.OSPF.2.static.1. M .RIP. S .25.4. 00:38:16.0.23 10. N2 .5.23.1.25 [90/30720] via 10.23 D*EX 0.2 10. FastEthernet0/0. FastEthernet0/0.0 [90/33280] via 10.1.0.25 10.0 [90/30720] via 10.1 to network 0. 00:38:17. O .1 to network 0.2.1.25 [90/33280] via 10.3.2 10.0/0 [170/53760] via 10.0.INE.5.1.1.5.1.1.5.EIGRP external.IS-IS summary.4.1.connected. L1 . 00:38:16.1. IA .com 0.com Copyright © 2010 Internetwork Expert .BGP D .1. FastEthernet0/0.34.IS-IS level-1.3.1. 00:36:11.www.0 [90/30720] via 10.BGP D . FastEthernet0/0.5. FastEthernet0/0.35. su .0 10.35.12 C C D D C C D D D D* Copyright © 2010 Internetwork Expert.1.0.0 is directly connected.1.5.1.23 0.45. 9 subnets 10.0 10.EIGRP.0 [90/30720] via 10.0 is directly connected.1.OSPF NSSA external type 1. B . FastEthernet0/0.0.0.OSPF inter area N1 .0/0 [90/30720] via 10. * .25.0/24 is subnetted. 00:38:17.1.25 10. 00:36:10.3.0/0 Advertisement Examples (cont.0/24 is subnetted.1.1. FastEthernet0/0.25.mobile.23.0.0 is directly connected. R .1.0 [90/30720] via 10.25.12.IS-IS.0 is directly connected.0.0.0 is directly connected. M .0 [90/30720] via 10.25. 00:36:11.OSPF inter area N1 .12 10.IS-IS.25.23 C 10. P .per-user static route o . 00:36:10.EIGRP external.12. FastEthernet0/0. E2 .12.0/0 Advertisement Examples (cont.1. U .IS-IS level-2 ia .0 0.OSPF external type 1. FastEthernet0/0.12 ip summary-address eigrp 1 0.1. Inc www.12.IS-IS inter area. FastEthernet0/0.1.0 is directly connected. su . FastEthernet0/0.candidate default.periodic downloaded static route Gateway of last resort is 10.com 0.IS-IS level-2 ia .23.25 10.

00:49:15.0 R2#show ip route Codes: C .0.1.12.35.1.0 [90/30720] via 10. Inc www.2 10.0 is directly connected. FastEthernet0/0.connected.0/8 [90/156160] via 10.0.34. M . FastEthernet0/0.RIP.1. 00:00:44.5.23.1. 00:49:16.static.com Copyright © 2010 Internetwork Expert . FastEthernet0/0.com EIGRP Summarization • EIGRP summarization (aggregation) serves two purposes – Minimize routing information needed in topology – Limit EIGRP query domain • More on this later • Process level auto-summary automatically summarizes to classful boundary when passing major network boundaries – On by default • Interface level ip summary-address eigrp [network] [mask] [AD] supports any bit boundary – Automatically suppresses subnet advertisements – Administrative Distance defaults to 5 to allow for floating summaries Copyright © 2010 Internetwork Expert.25.1 ! interface Loopback3 ip address 1.1. 00:02:25.1 ! router eigrp 1 network 1.2.0 is directly connected.0.IS-IS level-1.0 is directly connected. Inc www.candidate default. FastEthernet0/0.1.25 10. FastEthernet0/0.1 ! interface Loopback2 ip address 1.45.3.23 10.0. 00:49:15.INE.23 10.12 10.OSPF NSSA external type 1.23.com EIGRP Auto-Summary Example R1# interface Loopback0 ip address 1.0/24 is subnetted.0.25.mobile.5.255.1.OSPF NSSA external type 2 E1 . R .5.1.1.1.0 is directly connected.0 255.3.25.25 10. P .1.25 [90/33280] via 10.OSPF external type 2 i .0 255.OSPF external type 1.0. E2 . 00:49:16. FastEthernet0/0.23 Copyright © 2010 Internetwork Expert. EX . U .12.1.12 10.25 10.IS-IS.0.5.1.0 [90/30720] via 10. L1 .OSPF. * .255. 00:49:16.0.www.IS-IS inter area. 00:49:15.255.INE. S .0 auto-summary 255. L2 .INE.1. O .per-user static route o .0. IA .12 10.23. 00:49:16.BGP D . FastEthernet0/0.23 10.0 [90/30720] via 10.ODR.4.0 255.255.23.0.5. FastEthernet0/0.0 [90/30720] via 10.0.1.25.IS-IS summary. FastEthernet0/0.0.1.IS-IS level-2 ia . 10 subnets 10.1.3.1. FastEthernet0/0. N2 .1.OSPF inter area N1 .1.25 [90/30720] via 10.EIGRP.1.12.0.0 [90/30720] via 10.EIGRP external. FastEthernet0/0.1.periodic downloaded static route Gateway of last resort is not set D C C D D D C C D D D 1.1 ! interface Loopback1 ip address 1.2.0 [90/33280] via 10. su .25.0. B .3. FastEthernet0/0.1.0. FastEthernet0/0.

255.0 ! interface FastEthernet0/0.INE.0.1.www. FastEthernet0/0. FastEthernet0/0.23.0 [90/30720] via 10.1.0. FastEthernet0/0.1 255.2.0 no auto-summary R2#show ip route eigrp 1.25. 00:09:57. Inc www.25. FastEthernet0/0.25. 00:56:46.0.com EIGRP Manual Summarization Example R1# interface Loopback0 ip address 1.0. FastEthernet0/0.0.1.0 ! interface Loopback3 ip address 1.0.5.0 [90/30720] via 10.5. Inc www.12.0.25 D 10.0.5.1.35.25.1.255.4.0 [90/156160] via 10.23.12 ip summary-address eigrp 1 1.3.1 255.3. FastEthernet0/0.1.INE.1 255.23.0.0/24 is subnetted. load balancing occurs • Only feasible successors are candidate for load balancing • Automatically calculated traffic share count causes links to be used in ratio proportional to their composite metrics Copyright © 2010 Internetwork Expert.0.0.0 [90/30720] via 10.255.1 255. 10 subnets D 10.12. 1 subnets D 1.0 [90/30720] via 10.3. 00:56:46.23 D 10. FastEthernet0/0.34.5.25 [90/30720] via 10.255.0.0.1.0.1.252.0 ! interface Loopback2 ip address 1.1.0.3.0. FastEthernet0/0. 00:56:46.1.com Copyright © 2010 Internetwork Expert .1.0 [90/30720] via 10.5.0 ! interface Loopback1 ip address 1.1.0 255.0 [90/33280] via 10. 00:05:01.0/14 is subnetted. 00:56:46.0. 00:56:46.1. FastEthernet0/0.0.com EIGRP Load Balancing • EIGRP allows load distribution among unequal paths – Not the same as other IGPs load balancing among equal cost paths • Controlled by variance command – If feasible distance * variance > feasible successor.23 Copyright © 2010 Internetwork Expert. 00:56:46.25 [90/33280] via 10.12 D 10.0.1.12 10.1. 00:56:46.0 5 ! router eigrp 1 network 1.45.23 D 10.INE.25 D 10.0.1.1.1.1.

000Kbps DLY = 50µs BW = 100.com EIGRP Unequal Cost Load Balancing R2# router eigrp 1 variance 2 R3# interface FastEthernet0/0.5. from 10.0/24 State is Passive.5 (FastEthernet0/0. FD is 30720 Routing Descriptor Blocks: 10.0 255.INE.23.0 IP-EIGRP (AS 1): Topology entry for 10.1. Send flag is 0x0 Composite metric is (30720/28160). Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 200 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 10.1. Query origin flag is 1.5.3. Send flag is 0x0 Composite metric is (32000/29440). Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 250 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 2 Copyright © 2010 Internetwork Expert.23).255. 1 Successor(s).25. Inc www.23.000Kbps DLY = 100µs Copyright © 2010 Internetwork Expert.5.com EIGRP Unequal Cost Load Balancing BW = 100.1.255.www.INE.25).1.INE.1.1.000Kbps DLY = 100µs BW = 100. Inc www.25.com Copyright © 2010 Internetwork Expert .3 (FastEthernet0/0. from 10.35 delay 5 R2#show ip eigrp topology 10.

traffic share count is 23 Total delay is 250 microseconds. or where WAN link circuit speeds don’t match underlying interface speeds (e.23.1.INE.0 255.1.3.25.23.com Copyright © 2010 Internetwork Expert .com EIGRP Unequal Cost Load Balancing (cont.g. minimum MTU 1500 bytes Loading 1/255. from 10.1. from 10. via FastEthernet0/0. fractional T1) Copyright © 2010 Internetwork Expert. distance 90.25 Route metric is 30720. minimum MTU 1500 bytes Loading 1/255.3 on FastEthernet0/0.INE. Inc www. 00:03:39 ago. Hops 1 10.com EIGRP Link Utilization • EIGRP control plane traffic is allowed to use up to 50% of each interface’s configured bandwidth value • Can be adjusted with interface level ip bandwidth-percent eigrp [asn] [percent] • Can be an important design consideration when bandwidth is modified for routing policy.5. minimum bandwidth is 100000 Kbit Reliability 255/255. QoS.3.25. Hops 2 Copyright © 2010 Internetwork Expert.23. metric 30720.) R2#show ip route 10.255. type internal Redistributing via eigrp 1 Last update from 10.0 Routing entry for 10.5.1.1.www.5. Inc www.5. 00:03:39 ago Routing Descriptor Blocks: * 10.255. traffic share count is 24 Total delay is 200 microseconds.INE.1.23. minimum bandwidth is 100000 Kbit Reliability 255/255.0/24 Known via "eigrp 1".1. via FastEthernet0/0. 00:03:39 ago.23 Route metric is 32000.

2 AS 1. Inc www. Inc www.12 ip authentication mode eigrp 1 md5 ip authentication key-chain eigrp 1 EIGRP-KEY-CHAIN R2# key chain EIGRP-KEY-CHAIN key 1 key-string CISCO ! interface FastEthernet0/0.12 nbr 10. Flags 0x0.com EIGRP Authentication Example R1# key chain EIGRP-KEY-CHAIN key 1 key-string CISCO ! interface FastEthernet0/0.text "CISCO" accept lifetime (always valid) . key id = 1 EIGRP: Received HELLO on FastEthernet0/0.12 ip authentication mode eigrp 1 md5 ip authentication key-chain eigrp 1 EIGRP-KEY-CHAIN R1#show key chain Key-chain EIGRP-KEY-CHAIN: key 1 -. Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 EIGRP: received packet with MD5 authentication.(always valid) [valid now] send lifetime (always valid) .com EIGRP Authentication • Routing control plane security is a must in today’s networks to prevent DoS and other attacks – EIGRP neighbor authentication prevents against malicious route injection attacks or errors in configuration • Configured Key ID and password are combined to generate MD5 hash – If MD5 hash does not match in Hello packets.INE.INE.INE.www. Flags 0x0.12 AS 1.12.1.com Copyright © 2010 Internetwork Expert . adjacency cannot occur • Multiple keys can be configured for manual or automated key rotation – key-chain accept & send lifetime Copyright © 2010 Internetwork Expert.(always valid) [valid now] R1#debug eigrp packet hello EIGRP: Sending HELLO on FastEthernet0/0. Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 Copyright © 2010 Internetwork Expert.

12. Inc www.12) is down: Auth failure R1(config-keychain-key)#do debug eigrp packet hello EIGRP Packets debugging is on (HELLO) R1(config-keychain-key)# EIGRP: pkt key id = 1. but software optimization can reduce convergence time and increase availability through – – – – Modifying hello/hold timers Ensuring Feasible Successors are available Topology reduction through summarization Query domain reduction through summarization & stub routing Copyright © 2010 Internetwork Expert.INE.com EIGRP Authentication Troubleshooting R1#config t Enter configuration commands. Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 EIGRP: pkt authentication key id = 1. Inc www. Flags 0x0. one per line. R1(config)#key chain EIGRP-KEY-CHAIN R1(config-keychain)#key 1 R1(config-keychain-key)#key-string WRONG_PASSWORD %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.INE.INE.1.2 (FastEthernet0/0.12 AS 1. key not defined or not live Copyright © 2010 Internetwork Expert.com EIGRP Scalability • EIGRP Scalability is a combined function of… – – – – Device CPU & memory Protocol timers Number of prefixes in topology Size of query domain • Physical resources are fixed. authentication mismatch <output omitted> R1(config-keychain-key)#do undebug all All possible debugging has been turned off R1(config-keychain-key)#no key 1 R1(config)#key chain EIGRP-KEY-CHAIN R1(config-keychain)#key 2 R1(config-keychain-key)#key-string WRONG_KEY_NUMBER R1(config-keychain-key)#do debug eigrp packet hello EIGRP Packets debugging is on (HELLO) R1(config-keychain-key)# EIGRP: Sending HELLO on FastEthernet0/0. End with CNTL/Z.com Copyright © 2010 Internetwork Expert .www.

the route goes into “active” state and a QUERY message is sent to all neighbors • EIGRP state machine must wait for REPLY messages from all neighbors indicating either a new route or no route for the active prefix • If REPLY is not received before “active timer” expires. “query domain”) through – EIGRP Summarization – EIGRP Stub Copyright © 2010 Internetwork Expert. if QUERY is received for 1. send REPLY and do not generate QUERY Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert . REPLY is sent immediately and new QUERY is not generated • Based on this logic.www.2.0/24.INE.com EIGRP Query Domain and SIA • When an EIGRP route is lost and there are no Feasible Successors. the more likely SIA events are to occur and to cause network downtime • Occurrence of SIA events can be reduced by shrinking where QUERY message must be sent (i. but I have only 1. and EIGRP neighbors are reset and must be re-established • The larger or more overloaded the network is.e.2. Inc www.com EIGRP Summarization and Query Reduction • When a QUERY message is received from an EIGRP neighbor.e.3.0/24.2.INE. a topology lookup occurs for an exact match of the prefix – I. prefix is declared “Stuck-in-Active” (SIA). summarization terminates query domain for subnets of the summary – I.3.e.2. topology is checked for 1.0/16. local device re-generates QUERY to all other neighbors – Process continues until REPLY is sent or SIA occurs • If exact match is not found.0.0/24 exactly • If exact match is found but no Feasible Successors exist. if QUERY is received for 1. Inc www.3.

Flags 0x0.12.1 AS 1.2 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 73-73 EIGRP: Sending QUERY on FastEthernet0/0.25 AS 1.12 nbr 10.5 AS 1. Flags 0x0. R1(config)#interface loopback0 R1(config-if)#shutdown R1(config-if)# EIGRP: Enqueueing QUERY on FastEthernet0/0. Flags 0x0.2 AS 1.12 nbr 10.1.0.12. changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0. REPLY) R2#debug eigrp packet query reply EIGRP Packets debugging is on (QUERY.1 AS 1. one per line.25.1. Seq 58/0 idbQ 0/0 iidbQ un/rely 0/0 serno 77-77 EIGRP: Received REPLY on FastEthernet0/0.1.12 nbr 10. Seq 228/0 idbQ 0/0 iidbQ un/rely 0/0 serno 135-135 EIGRP: Enqueueing QUERY on FastEthernet0/0. Seq 216/53 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 128-128 Copyright © 2010 Internetwork Expert.1. Seq 58/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Enqueueing QUERY on FastEthernet0/0. Seq 229/0 idbQ 0/0 iidbQ un/rely 0/0 serno 135-135 EIGRP: Enqueueing QUERY on FastEthernet0/0.12 iidbQ un/rely 0/1 serno 73-73 EIGRP: Enqueueing QUERY on FastEthernet0/0.3 iidbQ un/rely 0/0 peerQ un/rely EIGRP: Sending QUERY on FastEthernet0/0.1.com EIGRP Query/Reply Verification R1#debug eigrp packet query reply EIGRP Packets debugging is on (QUERY. Seq 231/58 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 R2# EIGRP: Received QUERY on FastEthernet0/0. Flags 0x0.12 iidbQ un/rely 0/1 serno 135-135 EIGRP: Enqueueing QUERY on FastEthernet0/0.25.12.1.1.0.1 iidbQ un/rely 0/1 peerQ un/rely EIGRP: Sending REPLY on FastEthernet0/0. REPLY) R2#debug eigrp packet query reply EIGRP Packets debugging is on (QUERY.1.23 nbr 10. Seq 53/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Enqueueing REPLY on FastEthernet0/0.12 nbr 10.12 nbr 10. End with CNTL/Z.23 nbr 10. Flags 0x0.1.com Copyright © 2010 Internetwork Expert . Seq 231/58 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 136-136 0/0 serno 135-135 0/0 serno 135-135 0/0 serno 135-135 0/0 serno 136-136 Copyright © 2010 Internetwork Expert.5 iidbQ un/rely 0/0 peerQ un/rely EIGRP: Sending QUERY on FastEthernet0/0.12.12 nbr 10.INE.12. Flags 0x0.12 nbr 10. Seq 216/53 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 %LINK-5-CHANGED: Interface Loopback0.12.1.25 nbr 10. Flags 0x0.12.1 AS 1.12 nbr 10. Seq 53/0 idbQ 0/0 iidbQ un/rely 0/0 serno 73-73 EIGRP: Received REPLY on FastEthernet0/0. Seq 248/229 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Enqueueing REPLY on FastEthernet0/0. changed state to down R2# EIGRP: Received QUERY on FastEthernet0/0.12 ip summary-address eigrp 1 1.23.INE.12 iidbQ un/rely 0/1 serno 77-77 EIGRP: Enqueueing QUERY on FastEthernet0/0.12.23 AS 1. Flags 0x0.12 nbr 10.12 AS 1. Inc www.2 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 77-77 EIGRP: Sending QUERY on FastEthernet0/0.1 iidbQ un/rely 0/0 peerQ un/rely EIGRP: Received REPLY on FastEthernet0/0.www.1 AS 1. Inc www.0 255.25 iidbQ un/rely 0/1 serno 135-135 EIGRP: Enqueueing QUERY on FastEthernet0/0. REPLY) R1#config t Enter configuration commands.1 iidbQ un/rely 0/1 peerQ un/rely 0/0 serno 128-128 EIGRP: Sending REPLY on FastEthernet0/0.25 nbr 10.1.1.23 iidbQ un/rely 0/1 serno 135-135 EIGRP: Enqueueing QUERY on FastEthernet0/0. Seq 201/228 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Received REPLY on FastEthernet0/0.com EIGRP Query Reduction and Summarization R1# interface FastEthernet0/0.252. Flags 0x0.12 AS 1.1. Flags 0x0.23. Flags 0x0.0.1.INE.12 nbr 10.12. R1(config)#interface Loopback0 R1(config-if)#shutdown EIGRP: Enqueueing QUERY on FastEthernet0/0.2 AS 1.12.12. one per line.12 nbr 10. Flags 0x0.0 5 R1#debug eigrp packet query reply EIGRP Packets debugging is on (QUERY.1. REPLY) R1#config t Enter configuration commands. End with CNTL/Z.3 AS 1.

INE.com EIGRP Stub and Query Reduction • In certain physical topologies. Inc www.INE.www.INE. Inc www.) • EIGRP Stub is used to inform adjacent neighbors that QUERY messages should not be sent to them • Useful whenever an EIGRP router is not used for transit for the rest of the network – Routes received by a stub router are not advertised to other adjacent neighbors • Process level eigrp stub [connected] [leak-map] [receive-only] [redistributed] [static] [summary] – Arguments control what prefixes can be advertised outbound Copyright © 2010 Internetwork Expert. the query domain extends to portions of the network that can never be used as alternate paths – QUERY/REPLY messages sent into these portions waste network resources and increase convergence time • Hub-and-Spoke Example: Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .com EIGRP Stub and Query Reduction (cont.

IPXSAP.INE. REPLY.4/1. one per line. Flags 0x0.12 nbr 10.com EIGRP Stub Verification R1# router eigrp 1 eigrp stub connected summary R2#show ip eigrp neighbors detail Fa0/0. R1# EIGRP: Received UPDATE on FastEthernet0/0.12. Retrans: 0.12.12.12 nbr 10. Inc www.12 nbr 10. STUB.1. Flags 0x0.1.1. Inc www. ACK. Seq 333/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Enqueueing ACK on FastEthernet0/0. Seq 80/0 idbQ 0/0 iidbQ un/rely 0/0 serno 103-103 EIGRP: Received ACK on FastEthernet0/0.1 Fa0/0.12. Seq 0/80 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 EIGRP: FastEthernet0/0.1.com EIGRP Stub Example EIGRP Stub Router Copyright © 2010 Internetwork Expert.2 AS 1.12 11 00:00:53 7 Version 12.12. Prefixes: 4 Stub Peer Advertising ( CONNECTED SUMMARY ) Routes Suppressing queries RTO 200 Q Seq Cnt Num 0 61 R1#debug eigrp packet terse EIGRP Packets debugging is on (UPDATE. Seq 0/333 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 1/0 EIGRP: Enqueueing QUERY on FastEthernet0/0. REQUEST.2 Ack seq 336 iidbQ un/rely 0/0 peerQ un/rely 1/0 EIGRP: Sending ACK on FastEthernet0/0.2 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 103-103 EIGRP: Sending QUERY on FastEthernet0/0. Flags 0x0.www. R2(config)#interface Fa0/0.2 AS 1.2 AS 1.2.12 nbr 10. SIAQUERY.2 Ack seq 333 iidbQ un/rely 0/0 peerQ un/rely 1/0 EIGRP: Sending ACK on FastEthernet0/0.12 nbr 10.12.12 nbr 10. Seq 336/80 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Enqueueing ACK on FastEthernet0/0. PROBE.12 multicast flow blocking cleared EIGRP: Received REPLY on FastEthernet0/0.1.2 AS 1. Retries: 0.1.2 R2(config-subif)#shutdown End with CNTL/Z.12. QUERY. Flags 0x0. Seq 0/336 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 1/0 Copyright © 2010 Internetwork Expert.12.1.12 AS 1.com Copyright © 2010 Internetwork Expert . Flags 0x0. SIAREPLY) R2#config t Enter configuration commands.1.INE.12 nbr 10.12 IP-EIGRP neighbors for process 1 H Address Interface 0 Hold Uptime SRTT (sec) (ms) 10. Flags 0x0.2 AS 1.INE.1.12 iidbQ un/rely 0/1 serno 103-103 EIGRP: Enqueueing QUERY on FastEthernet0/0.12 nbr 10.12.

www.INE.com

EIGRP Q&A

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Internetwork Expert’s CCNP Bootcamp Open Shortest Path First (OSPF)

http://www.INE.com

What Is OSPF? • Open Shortest Path First • Open Standards Based Interior Gateway Routing Protocol (IGP)
– RFC 2328 “OSPF Version 2”

• Link-State Protocol
– Uses Dijkstra SPF Algorithm

• “Classless” Protocol
– Supports VLSM And Summarization

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Why Use OSPF? • Guarantees Loop-Free Topology
– All routers agree on overall topology – Uses Dijkstra SPF Algorithm for calculation

• Standards Based
– Inter-operability between vendors

• Large Scalability
– Hierarchy through “areas” – Topology summarization

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Why Use OSPF? (cont.) • Fast Convergence
– Actively Tracks Neighbor Adjacencies – Event Driven Incremental Updates

• Efficient Updating
– Uses reliable multicast and unicast updates – Non-OSPF devices do not need to process updates

• Bandwidth Based Cost Metric
– More flexible than static hop count
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Why Use OSPF? (cont.) • Control Plane Security
– Supports clear-text and MD5 based authentication

• Extensible
– Future application support through “opaque” LSA, e.g. MPLS Traffic Engineering

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Distance Vector Routing Review
• RIPv1/v2 & IGRP • Uses Bellman-Ford based algorithm • Routers only know what directly connected neighbors tell them
– “Routing by Rumor”

• Entire routing table periodically advertised on hop-by-hop basis
– Limits scalability

• Loop prevention and convergence time limitations
– Split-horizon, poison reverse, holddown timers, etc.
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Link State Routing Overview • OSPF & IS-IS • Uses Dijkstra Shortest Path First (SPF) based algorithm
– Guarantees loop-free calculation

• Attributes of connected links (link-states) are advertised, not routes
– Routers agree on overall picture of topology before making a decision

Copyright © 2010 Internetwork Expert, Inc www.INE.com

How Link State Routing Works
• Form adjacency relationship with connected neighbors • Exchange link attributes in form of Link State Advertisements (LSAs) / Link State Packets (LSPs) with neighbors • Store copy of all LSAs in Link State Database (LSDB) to form a “graph” of the network • Run Dijkstra algorithm to find shortest path to all links • Since all routers have same LSDB, all SPF calculations are loop-free
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

How OSPF Works • Step 1 – Discover OSPF Neighbors & Exchange Topology Information • Step 2 – Choose Best Path via SPF • Step 3 – Neighbor and Topology Table Maintenance

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Step 1 – Neighbor & Topology Discovery • Like EIGRP, OSPF uses “hello” packets to discover neighbors on OSPF enabled attached links
– Transport via IP protocol 89 (OSPF) – Sent as multicast to 224.0.0.5 or 224.0.0.6, or unicast
• More on this later…

• Hello packets contain attributes that neighbors must agree on to form “adjacency” • Once adjacency is negotiated, LSDB is exchanged
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Negotiating OSPF Adjacencies • OSPF adjacency occurs when connected neighbors use hello packets to agree on unique and common attributes • Not all OSPF neighbors actually form adjacency • Most OSPF configuration problems happen at this stage • Unique attributes include…
– Local Router-ID – Local Interface IP Address
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Negotiating OSPF Adjacencies (cont.) • Common attributes include…
– Interface Area-ID – Hello interval & dead interval – Interface network address – Interface MTU – Network Type – Authentication – Stub Flags – Other optional capabilities
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

INE.INE. stub flags. Inc www.com OSPF Adjacency State Machine • OSPF adjacency process uses 8 states to determine progress of adjacency establishment • Down – No hellos have been received from neighbor • Attempt – Unicast hello packet has been sent to neighbor.com OSPF Hello Packets • OSPF routers periodically send hello packets out OSPF enabled links every hello interval • Hello packet contains – – – – – – – – – – Local Router-ID Local Area-ID Local Interface Subnet Mask Local Interface Priority Hello Interval Dead Interval Authentication Type & Password DR/BDR Addresses Options (e.com Copyright © 2010 Internetwork Expert .www.g. Inc www. but no hello has been received back – Only used for manually configured NBMA neighbors (more on this later…) • Init – I have received a hello packet from a neighbor. but they have not acknowledged a hello from me Copyright © 2010 Internetwork Expert. etc.INE.) Router IDs of other neighbors on the link Copyright © 2010 Internetwork Expert.

Inc www.INE. where master has higher Router-ID – Master chooses the starting sequence number for the Database Descriptor (DBD) packets that are used for actual LSA exchange Copyright © 2010 Internetwork Expert.INE.) • Exchange – Local link state database is sent through DBD packets – DBD sequence number is used for reliable acknowledgement/retransmission • Loading – Link State Request packets are sent to ask for more information about a particular LSA • Full – Neighbors are fully adjacent and databases are synchronized Copyright © 2010 Internetwork Expert.www.) • 2-Way – I have received a hello packet from a neighbor and they have acknowledged a hello from me – Indicated by my Router-ID in neighbor’s hello packet • ExStart – First step of actual adjacency – Master & slave relationship is formed.com OSPF Adjacency State Machine (cont.INE.com Copyright © 2010 Internetwork Expert . Inc www.com OSPF Adjacency State Machine (cont.

let’s use DBD Sequence Number “X” No.2. GigabitEthernet) Copyright © 2010 Internetwork Expert. Here’s my Link State Database.0. my Router-ID is higher than yours. etc. I’m R2 with these attributes: Area-ID 0.0.2. I’m R1 with these attributes: Area-ID 0. Inc www.com Copyright © 2010 Internetwork Expert .g. Copyright © 2010 Internetwork Expert. but per RFC it is arbitrary – Default Cisco Cost = 100Mbps / Link Bandwidth – Reference bandwidth can be modified to accommodate higher speed links (e. Router-ID 1.INE. I’m the Master. I’m Slave. Let’s use DBD Seq “Y” Here’s my Link State Database.2.0.com OSPF Adjacency Example Hello.0. Let’s use DBD Seq “Y” Okay.www. path selection begins • Each router’s LSAs include a “cost” attribute for each described link • Best path to that link is lowest end-to-end cost • Cisco’s implementation uses bandwidth based cost. LSA information complete.0. Inc www.INE. etc. I’m the Master. I’m still waiting for info on LSA “A” Here’s LSA “A’s” information.com Step 2 – Choose Best Path via SPF • Once databases are synchronized. Router-ID 2. State = Exchange R2 acknowledges R1’s hello State = Loading DBD Seq Number is State = negotiated Full Database Descriptor Packets areto exchanged Send Link State Request get more info Adjacency Established & packets Databases Synchronized Hello R1.1.1.1.0.INE. State = Down State =2-Way Init State = No hellos sent or received State = ExStart R1 sends hello to R2yet.

com SPF Calculation Overview • To find the SPT. Inc www.INE. including your neighbor’s unused paths • Dijkstra’s SPF algorithm ensures that all routers agree on the same routing path.com Why SPF is Needed • With distance vector routing.INE.www. even though they make independent decisions • Result of SPF is called the Shortest Path Tree (SPT) Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . Inc www. you know all paths. SPF uses three internal data sets: – Link State Database • All paths discovered from all neighbors – Candidate Database • Links possible to be in the Shortest Path Tree – Tree Database • Actual SPT once calculation is complete Copyright © 2010 Internetwork Expert.INE. you only know your neighbor’s best path • With link-state routing.

where Rn is every node in the topology – i.INE.www. calculate the shortest path from R1 to everywhere Copyright © 2010 Internetwork Expert.com SPF Calculation Logic • Step 1 – Start by setting the local router as the “root” of the SPT. with a cost of zero to itself • Step 2 – Find the links to all local neighbors and add them to the Candidate database • Step 3 – Take the lowest cost branch from the Candidate database and move it to the Tree database Copyright © 2010 Internetwork Expert.10) • R1’s ultimate goal is to build tree with entries (R1. Inc www.com Copyright © 2010 Internetwork Expert .Rn.g.) • Entries in the Candidate and Tree databases describe individual branches of the tree between two nodes • Denoted as (Router ID. Neighbor ID.INE.com SPF Calculation Overview (cont. the branch between R1 and R2 with a cost of 10 is denoted as (R1.INE. Inc www. Cost) – e.R2.cost).e.

10) (R2.30 R2.R1.R2. go to Step 3.R5.10 R3.10 R3.R5.20 R1.10 R1.R1.R1.25 R4.R3.R5. otherwise SPF is complete and the Tree database contains the SPT Copyright © 2010 Internetwork Expert.) • Step 4 – For the branch just moved to the Tree database do the following – Find the remote node’s links connecting to other neighbors – Move all these links to the Candidate database. (R4.5 R3.R3. Complete. List Reach List For Discard Discard List Itself. To Resulting Cost.R3.R3.30 R4.R4.R2.10 R4.5 R3.10 R2.INE.10 Copyright © 2010 Internetwork Expert.20 R1.R4. Costs Tree.10 R1.INE. Cost With to Discard Candidate Candidate Of Lower to View 0 Candidate Them. (R1.40 R3.R3.10 R3.10 R2.30 R2.40 R5.10 Cost 10 20 30 15 50 25 40 35 R1.R5.5) (R3.5 R3.R5.10 R4. Inc www.5 R2.0 R1.R3.20) With Not Not Higher Already Already to Already R1 SPF to Already To Tree Tree As Cost Candidate Already Calculation In Exists Root. Tree.R4.10) In Tree.com SPF Calculation in Detail Tree R1.R2.R4.R5. Candidate R1.10 Cost 0 10 15 25 35 Shortest Step 12 11 9 1 14 3 5 8 6 10 2 4 7 13 –– Lowest Next Add Find Move Path All Find Candidates Move of Candidates All R2’s R3’s R4’s Lowest Tree Lowest R5’s R5’s Lowest Candidate OfNeighbors Initializes R1’s Neighbors Neighbors Candidate List Candidate Candidate Neighbors Have Empty.R3. with the exception of any links that go to a neighbor already in the Tree database • Step 5 – If the Candidate database is not empty.R5. (R1.20 R4.com Copyright © 2010 Internetwork Expert .25 R5.R3.R5.R2.40 R5.com SPF Calculation Logic (cont.R4. Inc www.R2.R4.R2. Than Candidate.R3.R4.10) In Than Tree Tree In In R1 List and Has Move Move Tree and Check Tree.www.R1.INE.25 R2. It It Lower From FromCandidate.

INE.www. OSPF state machine tracks neighbor and topology changes • Hello packets used to track neighbor changes • LSA fields used to track topology changes Copyright © 2010 Internetwork Expert.INE.INE.com Step 3 – Neighbor & Topology Maintenance • Once adjacencies established and SPT built. Inc www. Inc www.com Tracking Neighbor Changes • Hello packets continue to be sent on each OSPF enabled link every hello interval – 10 or 30 seconds by default depending on interface type • If a hello packet is not received from a neighbor within dead interval. the neighbor is declared down – Defaults to 4 times hello interval – Can be as low as 1 second for fast convergence Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .

link up/down event vs.www.com Tracking Topology Changes • When a new LSA is received it is checked against the database for changes such as… – Sequence number • Used to track new vs old LSAs – Age • Used to keep information new and withdraw old information • Periodic flooding occurs after 30 minutes – “paranoid” update • LSAs that reach maxage (60 minutes) are withdrawn – Checksum • Used to avoid transmission & memory corruption Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .INE.g.INE. Inc www. seq number change – See RFC 2328 “13. The Flooding Procedure” for details Copyright © 2010 Internetwork Expert.INE. Inc www.com LSA Flooding • When change is detected new LSA is generated and “flooded” (sent) out all links – OSPF does not use split horizon • Not all LSA changes require SPF to recalculate – e.

Inc www. Frame Relay vs. Inc www.g.com OSPF Media Dependencies • Unlike EIGRP.INE.INE.com Copyright © 2010 Internetwork Expert .INE. PPP • OSPF defines different “network types” to deal with different media characteristics • OSPF network types control… – How updates are sent – Who forms adjacency – How next-hop is calculated Copyright © 2010 Internetwork Expert.www. OSPF behavior changes depending on what type of media it is configured on – e. Ethernet vs.com OSPF Network Types • • • • • • Broadcast Non-Broadcast Point-to-Point Point-to-Multipoint Point-to-Multipoint Non-Broadcast Loopback Copyright © 2010 Internetwork Expert.

com Copyright © 2010 Internetwork Expert .0.www.INE.com OSPF Network Broadcast • ip ospf network broadcast • Default on multi-access broadcast medias – Ethernet – Token Ring – FDDI • Sends hellos and updates as multicast – 224.INE.0.5 (AllSPFRouters) – 224.0.INE. Inc www.com DR / BDR Overview • Designated Router (DR) – Used on broadcast links to • Minimize adjacencies • Minimize LSA replication • Backup Designated Router (BDR) – Used for redundancy of DR • DROthers – All other routers on link – Form full adjacency with DR & BDR – Stop at 2-Way adjacency with each other • DR / BDR chosen through election process Copyright © 2010 Internetwork Expert.0.6 (AllDRouters) • Performs Designated Router (DR) & Backup Designated Router (BDR) Election Copyright © 2010 Internetwork Expert. Inc www.

INE.com Copyright © 2010 Internetwork Expert . Inc www.INE.com Adjacency Without DR/BDR Without DR/BDR Adjacency Needs are n(n-1)/2 Copyright © 2010 Internetwork Expert.INE. Inc www.www.com Adjacency With DR/BDR With DR/BDR Adjacency Needs are n+(n-1) DR BDR Copyright © 2010 Internetwork Expert.

5 • Prevents constant forwarding of unneeded LSAs on the segment • BDR does not forward LSUs.0. Inc www. only waits for DR to fail Copyright © 2010 Internetwork Expert.com LSA Replication Without DR/BDR R3’s Single LSA Advertisement is Received 4 Times On Each Router Copyright © 2010 Internetwork Expert.www.0.com Copyright © 2010 Internetwork Expert .INE. Inc www.0.0.6 • DR forwards LSUs to DROthers via multicast 224.com LSA Replication with DR/BDR • DROthers send LSUs to DR/BDR via multicast 224.INE.INE.

5 224. Inc www.0.INE.INE.0.www.6 Copyright © 2010 Internetwork Expert. Inc www.0.INE.com DR / BDR Election • Election based on interface priority and Router-ID – Priority • 0 – 255 • Higher better • 0 = never – Router-ID • Highest loopback / interface IP • Can be statically set • Higher better • No preemption unlike IS-IS’s DIS Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .com LSA Replication With DR/BDR R3’s LSA Advertisement is Minimized with Use of DR/BDR DR BDR 224.0.

com OSPF Network Non-Broadcast • ip ospf network non-broadcast • Default on multipoint NBMA medias – Frame Relay / ATM • Sends hellos as unicast – Manually defined addresses with neighbor command • Performs DR/BDR Election • Originally designed for legacy networks that didn’t support broadcast transmission – i. Inc www.0. X.INE.0.com Copyright © 2010 Internetwork Expert .INE. Inc www.www.com OSPF Network Point-to-Point • ip ospf network point-to-point • Default on point-to-point medias – HDLC / PPP • Sends hellos as multicast – 224.e.5 • No DR/BDR Election • Supports only two neighbors on the link Copyright © 2010 Internetwork Expert.INE.25 Copyright © 2010 Internetwork Expert.

com Point-to-Multipoint Non-Broadcast • ip ospf network point-tomultipoint non-broadcast • Same as point-to-multipoint.0.www.INE. but sends hellos as unicast • Sends hellos as unicast – Manually defined addresses with neighbor command • No DR/BDR Election • Special next-hop processing Copyright © 2010 Internetwork Expert.INE.0. Inc www. Inc www.5 • No DR/BDR Election • Special next-hop processing • Usually best design option for partial mesh NBMA networks Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .com OSPF Network Point-to-Multipoint • ip ospf network point-to-multipoint • Treats network as a collection of point-to-point links • Sends hellos as multicast – 224.INE.

Inc www.com OSPF Network Loopback • Special case for Loopback and Loopedback interfaces • Advertises link as /32 stub host route • ip ospf network point-to-point used to disable this behavior Copyright © 2010 Internetwork Expert.www.INE.com Implementing Basic OSPF • Enable the OSPF process – router ospf [process-id] • Process-id locally significant • Must be an “up/up” interface running IP to choose Router-ID from • Enable the interface process – Process level • network [address] [wildcard] area [area-id] – Interface level • ip ospf [process-id] area [area-id] Copyright © 2010 Internetwork Expert.INE. Inc www.INE.com Copyright © 2010 Internetwork Expert .

3.2.3. Inc www.255 area 0 0.0.com Verifying Basic OSPF • Verify OSPF interfaces – show ip ospf interface • Verify OSPF neighbors – show ip ospf neighbors • Verify OSPF topology – show ip ospf database • Verify OSPF routes in routing table – show ip route [ospf] Copyright © 2010 Internetwork Expert.INE.255 area 3 0.0.2.255.0.0.0.255.4 255.com Copyright © 2010 Internetwork Expert .INE.255.0 1.0 area 4 • Source of common confusion.0 1.INE.0.255 area 1 0.0 1. enables OSPF on the interface • Wildcard mask does not relate to subnet mask • Most specific match wins – – – – – network network network network network 0.255.com OSPF Network Statement • Like EIGRP.0.www.0.2.255.0.0 1. Inc www. new versions support interface level enabling as alternative Copyright © 2010 Internetwork Expert.255 area 2 0.0.

1.INE.1.4 0.1.0 255.245.1.0 area 0 network 10.1.0.0.0.0 0.1. Inc www.255 area 0 R2# router ospf 1 network 10.0.0 0.0.0.0/24 VLAN 6 40 5 5 20 Copyright © 2010 Internetwork Expert.146.0.0 0.255 area 0 network 10.INE.60.255 area 0 network 10.255 area 0 R3# router ospf 1 network 10.0.0.255.0.255.1.0.www.245.0.0 0.4 0.255 area 0 neighbor 10.0.1.1.0 area 0 network 10.255.255 area 0 R4# router ospf 1 network 10.com OSPF Configuration Example 10.2 neighbor 10.255.1.4 R6# interface Loopback0 ip ospf 1 area 0 ! interface FastEthernet0/0 ip ospf 1 area 0 ! interface FastEthernet0/1 ip ospf 1 area 0 Copyright © 2010 Internetwork Expert. Inc www.4 0.4.com Copyright © 2010 Internetwork Expert .0.INE.146.0.0.com Basic OSPF Configuration R1# router ospf 1 network 10.0.13.0 0.1.0 area 0 R5# router ospf 1 network 0.0.255.245.

5/24 10.1.1/24.2/24 10.2/24 10. State DROTHER.146.INE.50.1.6 Backup Designated router (ID) 10.1/24 Cost 1 64 1 State DROTH P2P LOOP Nbrs F/C 2/2 1/1 0/0 IP Address/Mask 10.245.146. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:05 Supports Link-local Signaling (LLS) Index 3/3. Interface address 10.245.6/24 10. Area 0 Process ID 1.com Copyright © 2010 Internetwork Expert .1.4/24 10.1.146.1.146.1.6.4. Cost: 1 Transmit Delay is 1 sec.1. Wait 40.1.INE.146.INE.23.1.1.4/24 Cost 1 64 1 State LOOP BDR BDR Nbrs F/C 0/0 1/1 2/2 IP Address/Mask 10.com Verifying OSPF Interfaces R1#show ip ospf interface brief Interface PID Area Fa0/0 1 0 Se0/1 1 0 Lo0 1 0 R2#show ip ospf interface brief Interface PID Area Lo0 1 0 Se0/0 1 0 Fa0/0 1 0 R3#show ip ospf interface brief Interface PID Area Lo0 1 0 Se1/2 1 0 Fa0/0 1 0 R3# R4#show ip ospf interface brief Interface PID Area Lo0 1 0 Se0/0 1 0 Fa0/0 1 0 R5#show ip ospf interface brief Interface PID Area Lo0 1 0 Se0/0 1 0 Fa0/0 1 0 R6#show ip ospf interface brief Interface PID Area Lo0 1 0 Fa0/1 1 0 Fa0/0 1 0 IP Address/Mask 10.1.6 (Designated Router) Suppress hello for 0 neighbor(s) Copyright © 2010 Internetwork Expert.1.1.1.13.4.1.3/24 10.3/24 Cost 1 781 1 State LOOP P2P DR Nbrs F/C 0/0 1/1 1/1 IP Address/Mask 10. Inc www. Adjacent neighbor count is 2 Adjacent with neighbor 10.245.23. Network Type BROADCAST.1. Hello 10. Inc www.4.1.1.60.www.1.4.1.1.1.13. Priority 1 Designated Router (ID) 10.1/24 10.5.6/24 10.1.1/24 10. line protocol is up Internet Address 10. Router ID 10.5/24 10. maximum is 2 Last flood scan time is 4 msec. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1.5/24 Cost 1 64 1 State LOOP DR DR Nbrs F/C 0/0 2/2 0/0 IP Address/Mask 10.1.6/24 Cost 1 1 1 State LOOP DR DR Nbrs F/C 0/0 0/0 2/2 Copyright © 2010 Internetwork Expert.1.4 (Backup Designated Router) Adjacent with neighbor 10.6.1.com Verifying OSPF Broadcast Interface Detail R1#show ip ospf interface Fa0/0 FastEthernet0/0 is up. Dead 40.3. maximum is 8 msec Neighbor Count is 2.6.4 Timer intervals configured.1.2/24 Cost 1 64 1 State LOOP BDR BDR Nbrs F/C 0/0 1/1 1/1 IP Address/Mask 10.4/24 10.1.6.2.146. Interface address 10.1.3/24 10.

4 (Backup Designated Router) Suppress hello for 0 neighbor(s) Copyright © 2010 Internetwork Expert.1.4.4 Timer intervals configured.1.3 Suppress hello for 0 neighbor(s) Copyright © 2010 Internetwork Expert.1.1. Router ID 10.245. Wait 120. Area 0 Process ID 1.com Verifying OSPF Point-to-Point Int Detail R1#show ip ospf interface Serial0/1 Serial0/1 is up. State DR. maximum is 0 msec Neighbor Count is 2. Inc www.2.1. Interface address 10. Network Type POINT_TO_POINT.4.1. Dead 40.1.4.1. maximum is 1 Last flood scan time is 4 msec. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1.1/24. Adjacent neighbor count is 1 Adjacent with neighbor 10.1. Wait 40.INE.5. maximum is 4 msec Neighbor Count is 1. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:02 Supports Link-local Signaling (LLS) Index 2/2. Cost: 64 Transmit Delay is 1 sec.245.1. Dead 120.5 Backup Designated router (ID) 10. Router ID 10.INE.5.1.5/24. Area 0 Process ID 1.com Copyright © 2010 Internetwork Expert . Interface address 10. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1. Hello 30. Inc www. Retransmit 5 oob-resync timeout 120 Hello due in 00:00:24 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 2/2.INE. Adjacent neighbor count is 2 Adjacent with neighbor 10.5. Priority 1 Designated Router (ID) 10. line protocol is up Internet Address 10. Hello 10.com Verifying OSPF Non-Broadcast Int Detail R5#show ip ospf interface Serial0/0 Serial0/0 is up. maximum is 6 Last flood scan time is 0 msec. Timer intervals configured.3.1.1. Cost: 64 Transmit Delay is 1 sec.2 Adjacent with neighbor 10.www.13. State POINT_TO_POINT.5. Network Type NON_BROADCAST.245. line protocol is up Internet Address 10.

5.1. proto=89 Copyright © 2010 Internetwork Expert.4 (FastEthernet0/0). len 84. Area 0 Process ID 1. Cost: 1 Loopback interface is treated as a stub Host Copyright © 2010 Internetwork Expert.146. Inc www.INE.1. rcvd 0.1.0. Inc www. len 80. len 84.1/24.com Copyright © 2010 Internetwork Expert . d=224.com Verifying OSPF Loopback Int Detail R1#show ip ospf interface Loopback0 Loopback0 is up.1. d=224.INE.13.5 (FastEthernet0/0). rcvd 0.1.com OSPF Packet Level Debug R1#debug ip packet detail IP packet debugging is on (detailed) IP: s=10.1. sending broad/multicast. d=224.1.0. line protocol is up Internet Address 10. proto=89 IP: s=10.0. len 84.0.0. proto=89 IP: s=10. Router ID 10.1. Network Type LOOPBACK.0.5.1.146.146.5.0.1 (local).www.6 (FastEthernet0/0). proto=89 IP: s=10. rcvd 0.0.INE.3 (Serial0/1). d=224.

6 1 FULL/DR 10.1.1.245.245.1.1.6.1.1.23.1.4 10.1.1.4.4 1 FULL/BDR 10.4.5 Age 593 582 474 Seq# 0x80000001 0x80000001 0x80000001 Checksum 0x00A340 0x0069DA 0x0043A0 Copyright © 2010 Internetwork Expert.3 0 FULL/ R2#show ip ospf neighbor Neighbor ID Pri State 10.INE.6.5.1.1.5 10.146.6 10.245.1.1.5 10.1.6.6.4.5.2.1 10.2.3.5 ADV Router 10.1 10.1.5.5.3.146.5.1.1.13.6.6 Interface Serial0/0 FastEthernet0/0 FastEthernet0/0 Dead Time 00:01:39 00:01:57 Address 10.1.146.1.5 1 FULL/DR 10.1.2.1.6 ADV Router 10.3.13.1. Inc www.2 10.2 1 FULL/BDR R4#show ip ospf neighbor Neighbor ID Pri State 10.3.1.4 Interface Serial0/0 Serial0/0 Dead Time 00:00:31 00:00:36 Address 10.1.INE.INE.1.3 Interface Serial0/0 FastEthernet0/0 Dead Time 00:00:35 00:00:32 Address 10.1.com Verifying OSPF Adjacency R1#show ip ospf neighbor Neighbor ID Pri State 10.1.1.3 10.1.1) (Process ID 1) Router Link States (Area 0) Link ID count 10.2 10.1 10.2 Interface Serial1/2 FastEthernet0/0 Dead Time 00:01:41 00:00:34 00:00:35 Address 10.1.1 1 FULL/DROTHER 10.4.146.4 Interface FastEthernet0/0 FastEthernet0/0 Copyright © 2010 Internetwork Expert.1. Inc www.1.1.6 10.1.4.1.5 1 FULL/DR 10.5 10.1.com Copyright © 2010 Internetwork Expert .com Verifying OSPF Database (R1) R1#show ip ospf database OSPF Router with ID (10.6 10.1.146.2 10.5 10.1 1 FULL/DROTHER 10.1.1.1.1.1.3 10.1.1.4 1 FULL/BDR Dead Time 00:00:33 00:00:37 00:00:31 Address 10.3.1.1.www.1.4 10.146.3 Interface FastEthernet0/0 FastEthernet0/0 Serial0/1 Dead Time 00:01:45 00:00:33 Address 10.2.4 10.1 10.6 Age 581 474 593 473 474 582 Seq# 0x80000004 0x80000003 0x80000002 0x80000003 0x80000002 0x80000002 Checksum Link 0x003C98 0x002D24 0x0046DE 0x00B98D 0x0069DE 0x0084B7 4 3 4 3 3 3 Net Link States (Area 0) Link ID 10.2 1 FULL/DROTHER 10.4 1 FULL/BDR R6#show ip ospf neighbor Neighbor ID Pri State 10.23.1.245.1.1.1.1.6 1 FULL/DR R5#show ip ospf neighbor Neighbor ID Pri State 10.3 1 FULL/DR R3#show ip ospf neighbor Neighbor ID Pri State 10.3 10.1 0 FULL/ 10.23.146.1 10.3 10.245.1.

1.1.4 10.1.3.255 Number of TOS metrics: 0 TOS 0 Metrics: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 10. Inc www.6 10.3 10.255.1.1.245.2.2) (Process ID 1) Router Link States (Area 0) Link ID count 10.www.com Verifying OSPF Database Detail R1#show ip ospf database router 10.1.5 ADV Router 10.1.1.3 10.1.245.2.5.1.2.6 10.com Copyright © 2010 Internetwork Expert .3.2.com Verifying OSPF Database (R2) R2#show ip ospf database OSPF Router with ID (10.INE.1.6 ADV Router 10.2 OSPF Router with ID (10.23.2 10.1.5 (Link Data) Router Interface address: 10.1.6.1.1. Inc www.245.1.2 Number of TOS metrics: 0 TOS 0 Metrics: 64 Link connected to: a Transit Network (Link ID) Designated Router address: 10.1.1.1) (Process ID 1) Router Link States (Area 0) LS age: 1167 Options: (No TOS-capability. DC) LS Type: Router Links Link State ID: 10.5 10.3 10.1.6.1.2 LS Seq Number: 80000003 Checksum: 0x2D24 Length: 60 Number of Links: 3 Link connected to: a Stub Network (Link ID) Network/subnet number: 10.6.1.1 10.1.4 10.3 (Link Data) Router Interface address: 10.255.23.1.2.1 10.INE.3 10.1.2 Advertising Router: 10.3.4.5.2 Number of TOS metrics: 0 TOS 0 Metrics: 1 Copyright © 2010 Internetwork Expert.5 Age 614 604 493 Seq# 0x80000001 0x80000001 0x80000001 Checksum 0x00A340 0x0069DA 0x0043A0 Copyright © 2010 Internetwork Expert.2.5.2 (Link Data) Network Mask: 255.1.146.1.1.1.2.23.1.1.1.6 Age 603 492 614 495 493 604 Seq# 0x80000004 0x80000003 0x80000002 0x80000003 0x80000002 0x80000002 Checksum Link 0x003C98 0x002D24 0x0046DE 0x00B98D 0x0069DE 0x0084B7 4 3 4 3 3 3 Net Link States (Area 0) Link ID 10.4.2 10.INE.5 10.

4.2.4.BGP D .23.INE.4. Loopback0 10.1.static. O .com Verifying OSPF Routing Table R1#show ip route Codes: C .1.1. 00:10:38.per-user static route o . 00:10:37. 00:10:37.1.OSPF external type 1.146. su .4. Serial0/1 10.EIGRP.1.IS-IS.OSPF inter area N1 .1.4.4. 00:10:36.5. FastEthernet0/0 10.1. FastEthernet0/0 10.RIP. L2 .146.50.1. IA .6.60. E2 . L1 . Serial0/1 10.146.0/24 [110/65] via 10.0/8 is variably subnetted.3. 12 subnets. FastEthernet0/0 C C O O O O O O O O C O Copyright © 2010 Internetwork Expert. M .com Copyright © 2010 Internetwork Expert .1.146.1.1.1.245. FastEthernet0/0 10.IS-IS level-1. R .1.ODR.13.OSPF NSSA external type 1.146.connected.1.3/32 [110/65] via 10.146.0/24 [110/65] via 10. Serial0/1 10. FastEthernet0/0 10.6/32 [110/2] via 10.1. 00:10:36. 00:10:37.EIGRP external.146.IS-IS summary.6.13. FastEthernet0/0 10.6.OSPF external type 2 i . S .2/32 [110/66] via 10.periodic downloaded static route Gateway of last resort is not set 10.5/32 [110/66] via 10. Serial0/1 10. 00:10:36. 2 masks 10.OSPF NSSA external type 2 E1 . FastEthernet0/0 [110/66] via 10. 00:10:36.1.4/32 [110/2] via 10.0.0/24 is directly connected. N2 . EX . 00:10:36.0/24 is directly connected. FastEthernet0/0 10. B .INE.OSPF.3.1.IS-IS inter area.1.1.0/24 [110/66] via 10.IS-IS level-2 ia .13.0.www.1.13. * . 00:10:37.146.1. U .0/24 is directly connected.1.mobile. P .0/24 [110/2] via 10.candidate default.3.3. Inc www.1.

com OSPF Area Types • Backbone area – Area 0 (0.0) – Used to summarize topology information between other areas – Traffic from one area to another must pass through area 0 – Must be contiguous • Non-transit areas – All other areas 1 – 232 (0.0.INE.0. Inc www.INE.1 – 255.www.INE.255.255.com Copyright © 2010 Internetwork Expert .com OSPF Areas Overview • OSPF areas add hierarchy and scalability to the routing domain • An area defines a flooding domain – All devices in the area agree on the topology – Changes inside the area require LSA flooding and full SPF • Routing between areas hides topology details – Inter-area routing similar to distance vector – Changes outside the area don’t always require LSA flooding or SPF – Limits impact on router resources Copyright © 2010 Internetwork Expert.0.0. Inc www.255) – Must use connections to area 0 to reach other areas Copyright © 2010 Internetwork Expert.

etc. – Used to redistribute information to/from other routing domains and OSPF Copyright © 2010 Internetwork Expert. BGP.com Copyright © 2010 Internetwork Expert .INE. Inc www.www.com OSPF Router Types • Backbone routers – At least one link in area 0 • Internal routers – All links in one non-transit area • Area Border Router (ABR) – At least one link in area 0 and one link in a non-transit area – Used to summarize information between area 0 and non-transit area • Autonomous System Boundary Router (ASBR) – At least one link in the OSPF domain – At least one link outside the OSPF domain • EIGRP. Inc www. IS-IS.com OSPF Multi-Area Topology Example Copyright © 2010 Internetwork Expert.INE.INE.

Inc www.INE. Inc www. all inter-area connectivity is lost – This state is called “discontiguous” areas or discontiguous area 0 • Repairs to these broken designs come in the form of virtual area 0 adjacencies called virtual links Copyright © 2010 Internetwork Expert.com Area 0 Continuity • All inter-area traffic must pass through area 0 • If a non-transit area loses connectivity to area 0.www.INE.INE.com Copyright © 2010 Internetwork Expert .com OSPF Virtual Links • Used to connect area 0 over a non-transit area – Virtual area 0 adjacency between two ABRs over a non-transit area – Provides continuity to the OSPF database calculation • Non-transit area must have full routing information – Cannot be a stub area and should not have filtering • Not a “tunnel” in traditional sense – Traffic does not flow over the virtual link itself • Configured under the routing process of the ABRs – area [transit area-id] virtual-link [remote abr router-id] Copyright © 2010 Internetwork Expert.

Inc www. • Different LSA formats used to represent this information – Format is defined by type code – Type 1. etc.INE. different types of advertisements are required – e. Connectivity To Area 0 ASBR EIGRP Copyright © 2010 Internetwork Expert. type 2.g DR.com OSPF LSA Types • With different router types in the OSPF domain. All Inter-Area 2 ABRs Restores Area 3 To Area 1 Routing To Area 3 Is Lost.com Copyright © 2010 Internetwork Expert . • Which LSA types are sent and received depends on – Router’s type – OSPF network type – Area type Copyright © 2010 Internetwork Expert.www. etc. ASBR.INE.INE.com OSPF Virtual-Link Example ABR Area 0 Area 1 ABR Area 3 Virtual-Link ABR Area 2 Traffic Path From Area 3 ABR Loses Connectivity Virtual-Link Adjacency Between Area 3 To Area 1 From New Traffic Path ToArea Area 0. ABR. Inc www.

9.com OSPF LSA Types (cont.com OSPF LSA Types (cont.INE.) • Routes that LSAs describe can be grouped together as… – Intra-Area Routes (O) • LSA Types 1 & 2 – Inter-Area Routes (O IA) • LSA Types 3 & 4 – External Routes • E1/E2 – LSA Type 5 • N1/N2 – LSA Type 7 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . 10 – Opaque LSA • Used for extensibility Copyright © 2010 Internetwork Expert.INE.INE. Inc www.) • LSA types are… – – – – – – Type 1 – Router LSA Type 2 – Network LSA Type 3 – Network Summary LSA Type 4 – ASBR Summary LSA Type 5 – External LSA Type 7 – NSSA External LSA • Other types exist outside our scope – Type 6 – Multicast LSA • Not implemented by Cisco – Types 8. Inc www.www.

com Copyright © 2010 Internetwork Expert .com OSPF LSA Types In Detail (cont. Inc www.) • Type 1 – Router LSA • Generated by every router in the OSPF domain – Not flooded outside the area they originate in • Describes its directly connected links – What are my link costs – Who are my neighbors • Used to build graph for intra-area SPF • show ip ospf database router [Link ID] Copyright © 2010 Internetwork Expert. Inc www.INE.INE.www.INE.) • Type 2 – Network LSA • Generated by DR on broadcast and nonbroadcast network types – Not flooded outside the area they originate in • Describes who is adjacent with DR • Used to reduce redundant information in the database – n*(n-1)/2 and flooding scalability issue • show ip ospf database network [Link ID] Copyright © 2010 Internetwork Expert.com OSPF LSA Types In Detail (cont.

INE. but hides ABR’s actual path to destination • SPF not run to reach inter-area ASBR.com OSPF LSA Types In Detail (cont. instead logic is… – ABR can reach link A via SPT in cost X – I can reach ABR via SPT in cost Y – I can reach link A via SPT in cost X + Y • This is why inter-area routing is considered distance vector • show ip ospf database summary [Link ID] Copyright © 2010 Internetwork Expert.www.com Copyright © 2010 Internetwork Expert . Inc www. but hides ABR’s actual path to destination • SPF not run to reach ABR advertised routes.com OSPF LSA Types In Detail (cont. instead logic is… – ABR can reach ASBR via SPT in cost X – I can reach ABR via SPT in cost Y – I can reach ASBR via SPT in cost X + Y • This is why inter-area external routing is also considered distance vector • show ip ospf database asbr-summary [Link ID] Copyright © 2010 Internetwork Expert. Inc www.) • Type 3 – Network Summary LSA • Generated by ABR – Flooded from area 0 into non-transit area and vice-versa • Describes ABR’s reachability to links in other areas – Includes cost.) • Type 4 – ASBR Summary LSA • Generated by ABR – Flooded from area 0 into non-transit area and vice-versa • Describes ABR’s reachability to ASBRs in other areas – Includes cost.INE.INE.

but could be someone else in some designs – Route Tag • show ip ospf database external [Link ID] Copyright © 2010 Internetwork Expert.) • Type 5 – External LSA • Generated by ASBR – Flooded to all non-stub areas • Describes routes ASBR is redistributing – Metric – Metric Type • Type 1 = E1 • Type 2 = E2 (default) – Forward Address • Who should I route towards to reach the link? • Usually the ASBR itself.INE.com Copyright © 2010 Internetwork Expert .com OSPF LSA Types In Detail (cont. Inc www. then take the cost to the ASBR as well • Type 1 is usually used when there are multiple ASBRs redistributing the same routes into OSPF Copyright © 2010 Internetwork Expert.www. Inc www.INE.INE.com OSPF External Type 1 vs Type 2 • External route type controls how metric for external link is calculated • Type 1 (E1) – Take the cost the ASBR reports in plus the cost to the ASBR • Type 2 (E2) – Take just the cost the ASBR reports in – If there is a tie.

com OSPF LSA Types In Detail (cont.INE.www.com OSPF External Route Calculation • Performs like distance vector routing similar to inter-area calculation • Intra-area externals – ASBR can reach link A in cost X – I can reach ASBR via SPT in cost Y – I can reach link A via SPT in cost X + Y • Inter-area externals – – – – ASBR can reach link A in cost X ABR can reach ASBR via SPT in cost Y I can reach ABR via SPT in cost Z I can reach link A via SPT in cost X + Y + Z Copyright © 2010 Internetwork Expert. Inc www.) • Type 7 – NSSA External LSA • Special type of external route generated by ASBR redistributing routes inside a Not-So-Stubby Area • More on this later… Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert .INE. Inc www.

1.245.0 area 1 R4# router ospf 1 network 10.0.0.1.245.245.146.2 neighbor 10. Inc www.0.5 0.0.0.0.0.0 area 2 network 10.0.0 area 1 network 10.60.23.0.4 redistribute connected subnets R6# router ospf 1 network 10.0.23.1.0 area 2 R2# router ospf 1 network 10.5.1.1.0 area 2 network 10.0.0.60.2 0.13.0.0.3.0.4 0.245.0.0 area 2 network 10.5 0.1.0 area 0 R3# router ospf 1 network 10.com Copyright © 2010 Internetwork Expert .2.13.1. Inc www.1 0.0.0.0.0 area 1 network 10.3 0.1.INE.2 0.2 0.0 area 2 network 10.0 area 2 Copyright © 2010 Internetwork Expert.6 0.0 area 0 R5# router ospf 1 network 10.0.0.0.0.0 area 0 network 10.1.1.4 0.1 0.1.1.0 area 1 network 10.0.245.6 0.1.146.0.0.0 area 1 network 10.1.0.0.0 area 2 network 10.1.1.com Basic OSPF Configuration R1# router ospf 1 network 10.0.4.6 0.3 0.146.0 area 1 network 10.3 0.1.1 0.www.0/24 VLAN 6 40 5 20 5 Copyright © 2010 Internetwork Expert.INE.INE.0.0.com OSPF Inter-Area Routing Example 10.1.1.4 0.0.6.1.0.0 area 0 neighbor 10.1.0.

3/24 10.4 10.1.1 10.1/24 Cost 64 1 1 State P2P DR LOOP Nbrs F/C 1/1 2/2 0/0 IP Address/Mask 10.1.5.23.146.1.6/24 10.13.1.146.2 10.1.6/24 Cost 1 1 1 State LOOP DROTH DR Nbrs F/C 0/0 2/2 0/0 Copyright © 2010 Internetwork Expert.5.1.6.5/24 10.1.2 10.4.1.2.4/24 10.6 Interface Serial0/0 FastEthernet0/0 FastEthernet0/0 Dead Time 00:01:38 00:01:40 Address 10.1.1.1.1.1.1.1. Inc www.3 1 FULL/BDR R3#show ip ospf neighbor Neighbor ID Pri State 10.5 10.3.1.2/24 10.6 1 FULL/DROTHER R2#show ip ospf neighbor Neighbor ID Pri State 10.INE.1 1 FULL/DR 10.1.2 1 FULL/DR 10.5.1.245.3/24 10.3 0 FULL/ 10.146.4 Interface FastEthernet0/0 FastEthernet0/0 Copyright © 2010 Internetwork Expert.1.4 1 FULL/BDR Dead Time 00:00:37 00:00:31 00:00:30 Address 10.4.245.245.1.245.1.1/24 10.INE.146.2/24 Cost 64 1 1 State BDR DR LOOP Nbrs F/C 1/1 1/1 0/0 IP Address/Mask 10.245. Inc www.5 1 FULL/DR 10.4/24 Cost 64 1 1 State BDR LOOP BDR Nbrs F/C 1/1 0/0 2/2 IP Address/Mask 10.2.4.6/24 10.1.13.1 0 FULL/ R4#show ip ospf neighbor Neighbor ID Pri State 10.23.3 Interface Serial0/0 FastEthernet0/0 Dead Time 00:00:36 00:00:39 Address 10.1.com Copyright © 2010 Internetwork Expert .1.1.13.1.23.1.4/24 10.60.com OSPF Neighbor Verification R1#show ip ospf neighbor Neighbor ID Pri State 10.5 1 FULL/DR 10.2 1 FULL/DROTHER 10.www.1 1 FULL/DR 10.2/24 10.1.6 1 FULL/DROTHER R5#show ip ospf neighbor Neighbor ID Pri State 10.3.5 10.1.3.3/24 Cost 1 781 1 State BDR P2P LOOP Nbrs F/C 1/1 1/1 0/0 IP Address/Mask 10.6 Interface Serial0/1 FastEthernet0/0 FastEthernet0/0 Dead Time 00:01:53 00:00:30 Address 10.1.4.245.2.1.1.4 1 FULL/BDR R6#show ip ospf neighbor Neighbor ID Pri State 10.3 10.1.5/24 Cost 1 64 State Nbrs F/C LOOP 0/0 DR 2/2 IP Address/Mask 10.1.1.1.1.13.INE.1.4 1 FULL/BDR 10.1.6.1.146.1.146.245.1.4 Interface Serial0/0 Serial0/0 Dead Time 00:00:37 00:00:39 Address 10.6.1 Interface FastEthernet0/0 Serial1/2 Dead Time 00:01:49 00:00:32 00:00:33 Address 10.146.1.1/24 10.1.1.23.1.146.1 10.1.1.com OSPF Interface Verification R1#show ip ospf interface brief Interface PID Area Se0/1 1 1 Fa0/0 1 2 Lo0 1 2 R2#show ip ospf interface brief Interface PID Area Se0/0 1 0 Fa0/0 1 1 Lo0 1 1 R3#show ip ospf interface brief Interface PID Area Fa0/0 1 1 Se1/2 1 1 Lo0 1 1 R4#show ip ospf interface brief Interface PID Area Se0/0 1 0 Lo0 1 2 Fa0/0 1 2 R5#show ip ospf interface brief Interface PID Area Lo0 1 0 Se0/0 1 0 R6#show ip ospf interface brief Interface PID Area Lo0 1 2 Fa0/0 1 2 Fa0/1 1 2 IP Address/Mask 10.1.146.

0 10.0 ADV Router 10.5 ADV Router 10.2.1.60.5.2.1.1.1 10.1.3.2 10.1.2.1.1.2 Age 1546 1546 1546 1546 1546 1546 1790 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00FDDF 0x00B424 0x009F37 0x00943F 0x007C27 0x00BC91 0x006D7E Summary ASB Link States (Area 2) Link ID 10.4 10.2 ADV Router 10.4.1. Inc www.2 10.1.3.1.2.2 Age 441 Seq# Checksum 0x80000001 0x00894E Type-5 AS External Link States Link ID 10.1.4.1.0 10.2 10.2.1.1.1.23.1.2.4.23.1.INE.1.2.2 10.2 10.4.2 10.2.5 ADV Router 10.1.3.2 10.1.1.1.1.5.4 Age 829 Seq# Checksum 0x80000001 0x006F64 Summary ASB Link States (Area 1) Link ID 10.5.4.6 ADV Router 10.1) (Process ID 1) Router Link States (Area 1) Link ID count 10.5.4.1 10.1.2.1.2 10.4 Age 1520 1522 1522 1522 1522 1775 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00C414 0x00B91C 0x00854D 0x00FCC2 0x00F0D4 0x005394 Summary Net Link States (Area 1) Link ID 10.4 10.6 Age 1773 1773 1776 Seq# Checksum Link 0x80000004 0x00D7E2 2 0x80000003 0x003471 2 0x80000004 0x001E21 3 0x80000003 0x00CD78 2 0x80000006 0x005B4B 2 0x80000005 0x004ED4 4 Net Link States (Area 2) Link ID 10.1 ADV Router 10.3.5.4.1.2.1.1 Age 1773 Seq# Checksum 0x80000003 0x001140 Net Link States (Area 1) Summary Net Link States (Area 2) Link ID 10.1.0 10.1.1.1 10.2 10.2 10.6.2 10.3 Age 1886 1899 1899 Seq# Checksum Link 0x80000003 0x00CD78 2 0x80000006 0x005B4B 2 0x80000005 0x004ED4 4 0x80000003 0x006267 1 0x80000003 0x003A85 1 0x80000005 0x00DBB5 2 Net Link States (Area 1) Link ID 10.50.5.INE.60.2 Age 1899 Seq# Checksum 0x80000002 0x00C025 Net Link States (Area 0) Summary Net Link States (Area 1) Link ID 10.4 10.4 Age 1883 1898 1898 1883 1883 1898 1899 1884 1884 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x0061B8 0x005CC0 0x0051C8 0x0018FC 0x00F718 0x00946F 0x008881 0x00DFFF 0x00206A Summary ASB Link States (Area 1) Link ID 10.1.1.2.1.2.1.3 10.2.1.4.1 10.2.2 Age 330 Seq# Checksum 0x80000001 0x00894E Link ID 10.2.2.2 10.4 10.4 10.1.com OSPF Database Verification (R1) R1#show ip ospf database OSPF Router with ID (10.4.4 10.2.1.50.6.2.23.1.1.5 Age 139 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.1.1.2.1 10.1.com OSPF Database Verification (R2) R2#show ip ospf database OSPF Router with ID (10.2 10.4 10.1.0 ADV Router 10.0 Type-5 AS External Link States ADV Router 10.3 Age 1771 1788 1786 Seq# Checksum Link Router Link States (Area 2) Link ID count 10.6.2 Age 1788 Seq# Checksum 0x80000002 0x00C025 Link ID 10.1.1.2) (Process ID 1) Router Link States (Area 0) Link ID count 10.3 10.1.1 10.1.1.5 Age 1655 1630 444 Seq# Checksum Link Router Link States (Area 1) Link ID count 10.1.1.1.1.1.1.1.146.1.245.4.2.1.1.0 ADV Router 10.4 10.2 10.5 Age 58 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.1.0 10.1.2.4 10.2 Age 1656 1656 1656 1657 1659 1659 1901 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00FDDF 0x00B424 0x009F37 0x00943F 0x007C27 0x00BC91 0x006D7E Summary Net Link States (Area 0) Link ID 10.1.1.1.0 ADV Router 10.1.1.2 10.1.2.1.5 10.0 10.1.1.245.146.1.5 ADV Router 10.1.2 ADV Router 10.1.5.6 10.4.4.4.1.com Copyright © 2010 Internetwork Expert .2.2 10.1.5.1.4.1.1 10.1.1.2.1.1 10.13.2 10.146.0 10.146.13.1.2.1.1.4 10.www.1.2 10.1.1.4 10.4 10.2 10. Inc www.5.1.1.1.6.2 10.5.1.1 10.1.2 10.1.23.1.2 10.3.3 ADV Router 10.4.4 10.1.1.2.2 10.1.5.1.2.1.1.6 10.1.6.5 10.0 10.1.6 10.1.1.1.4.245.0 ADV Router 10.0 10.245.1.5 10.INE.3.5 ADV Router 10.1.5 Age 1631 Seq# Checksum 0x80000002 0x0041A1 Link ID 10.1.4.4 10.1.1.1.5 ADV Router 10.1.60.4 10.1.2.4.3 ADV Router 10.4.0 10.1.2.2.4 10.2.1.2 10.

1.4.1 10.2.1.5 Age 1668 1639 454 Seq# Checksum Link Router Link States (Area 2) Link ID count 10.4.3 10.5.1.2.6 10.60.1.2 10.146.0 10.23.1.2 Age 446 Seq# Checksum 0x80000001 0x00894E Type-5 AS External Link States Link ID 10.2.1.23.2.1.2.1.5 10.1.1.3.4.3.1 10.1.3) (Process ID 1) Router Link States (Area 1) Link ID 10.www.4 10.1.1.1.2 10.4 10.1.1.1.com OSPF Database Verification (R3) R3#show ip ospf database OSPF Router with ID (10.1.2 10.1.5 ADV Router 10.5 10.1.2.1.1 10.4 10.3 ADV Router 10.2 10.3.5.6.3 10.2.2 ADV Router 10.1.1.2 10.2.4 10.INE.0 ADV Router 10.4 10.1.2.245.4 Age 1640 1640 1640 1640 1640 1893 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00C414 0x00B91C 0x00854D 0x00FCC2 0x00F0D4 0x005394 Summary Net Link States (Area 0) Link ID 10.1 10.5 ADV Router 10.1.1.1.3.1.1.3.1.1.5 Age 1641 Seq# Checksum 0x80000002 0x0041A1 Link ID 10.2 10.5 ADV Router 10.0 ADV Router 10.INE.2 10.2.4 10.6.0 ADV Router 10.245.1.4.1.2.2 Age 1905 Seq# Checksum 0x80000002 0x00C025 Summary Net Link States (Area 1) Link ID 10.2 10.2.5.146.0 10.1.2 10.4) (Process ID 1) Router Link States (Area 0) Link ID count 10.60.1.5.1 10.0 10.1.1.com Copyright © 2010 Internetwork Expert .2.6.4.13.4 10.2 10.13.1. Inc www.5 Age 139 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.1.6 10.4.1.1.0 ADV Router 10.4.4.1.1.1.1.5.2.1.23.1.4.4 10.1.50.1.1.1.2.245.4.1.2.1.4.4 10.4.6 ADV Router 10.6.2 10.4.5 ADV Router 10.4.1 Age 1894 Seq# Checksum 0x80000003 0x001140 Net Link States (Area 0) Summary Net Link States (Area 2) Link ID 10.4.1.1.1.5.2 10.4 10.1.1.2.1.1.1.1.1.0 10. Inc www.2.1.0 10.1 ADV Router 10.5.1.4.1.2.1.4 10.4.1.3 Age 1889 1905 1903 Seq# 0x80000003 0x80000006 0x80000005 Checksum 0x00CD78 0x005B4B 0x004ED4 Link count 2 2 4 Net Link States (Area 1) Link ID 10.2 10.1 10.5.1.2 10.6 Age 1894 1893 1897 Seq# Checksum Link 0x80000004 0x00D7E2 2 0x80000003 0x003471 2 0x80000004 0x001E21 3 0x80000003 0x006267 1 0x80000003 0x003A85 1 0x80000005 0x00DBB5 2 Net Link States (Area 2) Link ID 10.4 Age 1892 1910 1910 1892 1892 1910 1911 1893 1893 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x0061B8 0x005CC0 0x0051C8 0x0018FC 0x00F718 0x00946F 0x008881 0x00DFFF 0x00206A Summary ASB Link States (Area 2) Link ID 10.com OSPF Database Verification (R4) R4#show ip ospf database OSPF Router with ID (10.1.2 10.1.0 ADV Router 10.1.1.2 Age 1662 1662 1662 1662 1662 1662 1905 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00FDDF 0x00B424 0x009F37 0x00943F 0x007C27 0x00BC91 0x006D7E Summary ASB Link States (Area 1) Link ID 10.INE.1.4.4 10.146.1.4.1.1.1.4 10.5.0 10.1.1.2 10.0 10.4 10.5 Age 139 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.1.4 Age 449 Seq# Checksum 0x80000001 0x006F64 Type-5 AS External Link States Link ID 10.1.50.1.1.1.4 10.

50.5 ADV Router 10.4.1.245.4 Age 1900 1916 1916 1900 1900 1916 1916 1900 1900 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x0061B8 0x005CC0 0x0051C8 0x0018FC 0x00F718 0x00946F 0x008881 0x00DFFF 0x00206A Type-5 AS External Link States Link ID 10.6.1.1.5.5 Age 139 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.0 ADV Router 10.2 10.4 Age 1650 1650 1650 1650 1650 1903 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00C414 0x00B91C 0x00854D 0x00FCC2 0x00F0D4 0x005394 Summary ASB Link States (Area 2) Link ID 10.5 ADV Router 10.1 10. Inc www.2 10.1.1.1.1.2.4.1 ADV Router 10.1.5.1.0 10.3.1.2.1 10.6 Age 1904 1903 1905 Seq# 0x80000004 0x80000003 0x80000004 Checksum 0x00D7E2 0x003471 0x001E21 Link count 2 2 3 Net Link States (Area 2) Link ID 10.0 ADV Router 10.0 10.1.4.2.4.1.1.4 10.5.0 10.1. Inc www.4 10.1.6.4 10.1.1.4.4.com OSPF Database Verification (R5) R5#show ip ospf database OSPF Router with ID (10.1.4 10.4.0 10.2.5 10.3.1.146.4.1.4 Age 460 Seq# Checksum 0x80000001 0x006F64 Type-5 AS External Link States Link ID 10.2 10.1.2 10.4 10.4 10.1.5.1.1.4.1.1.5 Age 139 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.5.1.1.4.0 ADV Router 10.4 10.1.13.1.2 10.1.com Copyright © 2010 Internetwork Expert .2.1.23.1.4 10.1.1.1 Age 1904 Seq# Checksum 0x80000003 0x001140 Summary Net Link States (Area 2) Link ID 10.www.1.4 10.5 ADV Router 10.4 10.5 Age 1673 1647 460 Seq# 0x80000003 0x80000003 0x80000005 Checksum 0x006267 0x003A85 0x00DBB5 Link count 1 1 2 Net Link States (Area 0) Link ID 10.2.1.1.5.1.5) (Process ID 1) Router Link States (Area 0) Link ID 10.0 ADV Router 10.1.4.4.4 10.6.4.60.4 10.1.146.0 10.6 10.INE.1 10.6) (Process ID 1) Router Link States (Area 2) Link ID 10.4.2 10.1.4 10.1.1.4 10.1.6.5.com OSPF Database Verification (R6) R6#show ip ospf database OSPF Router with ID (10.1.INE.1.2.4.3 10.2 10.2.1.13.3 10.4.1.4.1.1.23.50.2 10.1.5 Age 1647 Seq# Checksum 0x80000002 0x0041A1 Summary Net Link States (Area 0) Link ID 10.1.1.1.5.6 ADV Router 10.1.INE.1.1.245.

0/24 is directly connected.50.3.EIGRP.1.4/32 [110/2] via 10. 00:22:36.ODR. Serial0/0 10. 00:22:36.1. FastEthernet0/0 10. 00:22:35.1.IS-IS inter area.1.245. 00:22:34.6.OSPF NSSA external type 1.0/24 is directly connected. P .50. E2 . * .OSPF.EIGRP external.3. Serial0/0 10.4.www.1.candidate default.245.0/24 [110/66] via 10.com OSPF Routing Table Verification (R1) R1#show ip route Codes: C . M . E2 .IS-IS summary.OSPF.245.IS-IS.0/24 is directly connected.1.146.5.1.4.60.1.23. 00:22:37. B .6/32 [110/66] via 10.23.EIGRP. EX . O .4.5. IA .static. R .1.1. Serial0/1 10.0.OSPF external type 2 i .1. O .1. 00:22:34.1.1.0/24 is directly connected.3.1. 2 masks 10.IS-IS level-2 ia .245. S .13.0/8 is variably subnetted.245.5.IS-IS level-2 ia . 00:22:35.0. Serial0/0 10.IS-IS level-1.5.13.BGP D .4.1.OSPF inter area N1 .1.23.1/32 [110/66] via 10. 00:22:37.INE. FastEthernet0/0 C C O O IA O O O O O O E2 C O IA Copyright © 2010 Internetwork Expert.periodic downloaded static route Gateway of last resort is not set 10.1.1.IS-IS summary.connected.0/24 [110/20] via 10. FastEthernet0/0 10.OSPF inter area N1 . Serial0/1 10. 00:22:35.1. S .245.OSPF NSSA external type 2 E1 .IS-IS. N2 .146.1.1.4. * .3/32 [110/65] via 10.IS-IS inter area. L1 . 00:22:36.EIGRP external.per-user static route o .1.4.245. B .1.1. FastEthernet0/0 10.3. 00:22:36.1.com Copyright © 2010 Internetwork Expert .1. 00:22:37.OSPF NSSA external type 1.IS-IS level-1. 00:22:36.146.1.146. L1 .periodic downloaded static route Gateway of last resort is not set 10.1. IA .2.1. FastEthernet0/0 10.com OSPF Routing Table Verification (R2) R2#show ip route Codes: C . Serial0/0 10.per-user static route o . Serial0/1 10. FastEthernet0/0 10.13.1.1.INE.1.146.4/32 [110/65] via 10.RIP. Serial0/1 10. FastEthernet0/0 10. 2 masks 10.3.6.2/32 [110/66] via 10.6/32 [110/2] via 10.5/32 [110/66] via 10.1.0/24 [110/65] via 10.0/8 is variably subnetted. 12 subnets.3.1. FastEthernet0/0 10. U .245.4. U .4. Loopback0 10. Serial0/0 10.mobile. 00:22:35. Inc www.0.4.60.0. EX .4. N2 . 00:22:34.1.connected. Inc www.OSPF external type 2 i .static.1. FastEthernet0/0 10.1.1.13.1.0/24 [110/782] via 10.INE.6.0/24 [110/20] via 10.146. L2 . Serial0/0 10.BGP D . su .RIP.2.1. Serial0/0 O C O O O O O C O O O C IA IA IA IA E2 IA Copyright © 2010 Internetwork Expert.candidate default. P . 12 subnets.OSPF external type 1.23.146.245.ODR.0/24 [110/65] via 10.6. 00:22:36.13. 00:22:34.0/24 [110/2] via 10.0/24 is directly connected.0/24 is directly connected.1.OSPF NSSA external type 2 E1 . M .3/32 [110/2] via 10. 00:22:34. Serial0/0 10.1.5/32 [110/65] via 10.OSPF external type 1. su . L2 .146.mobile. R .3.0/24 [110/65] via 10. FastEthernet0/0 10.4. Loopback0 10.1.

connected.1. N2 .OSPF NSSA external type 1.1.1.6/32 [110/2] via 10. U . S .245.13.ODR. R .1.0. 00:22:40.1.1.146.1.0/24 is directly connected. EX . 00:22:38.IS-IS inter area. Serial0/0 10.146.23. N2 .60. Inc www.1.RIP. EX . E2 .EIGRP.INE.245.50.OSPF.candidate default.com OSPF Routing Table Verification (R3) R3#show ip route Codes: C . R .2.0/24 [110/65] via 10.1. 00:22:41. 2 masks 10.IS-IS level-2 ia .6/32 [110/67] via 10. 00:22:38.0/24 [110/846] via 10. su .ODR.0/24 [110/20] via 10.candidate default.connected.OSPF NSSA external type 2 E1 .1.com Copyright © 2010 Internetwork Expert .periodic downloaded static route Gateway of last resort is not set 10.IS-IS.1.23.2.13. 00:22:41.IS-IS. Serial0/0 10.1. P . M .6.1/32 [110/2] via 10. FastEthernet0/0 10.146.IS-IS summary. 12 subnets.BGP D . FastEthernet0/0 10.OSPF external type 2 i .OSPF external type 1. Serial0/0 10.INE.OSPF NSSA external type 2 E1 . L2 .per-user static route o . su .IS-IS level-2 ia . FastEthernet0/0 10.146.5/32 [110/65] via 10.2.3.OSPF inter area N1 .1/32 [110/67] via 10. 00:22:38.mobile.EIGRP external.1.23. FastEthernet0/0 10. P .0/24 [110/2] via 10.3.periodic downloaded static route Gateway of last resort is not set 10. FastEthernet0/0 10. O .1.www. FastEthernet0/0 10. Loopback0 10.1.1.5.0/24 is directly connected.2.0/24 is directly connected. FastEthernet0/0 C C O O O O O C O O O O IA IA IA IA IA E2 IA IA Copyright © 2010 Internetwork Expert.OSPF. Serial0/0 O O O O O O C O O O C C IA IA IA IA E2 Copyright © 2010 Internetwork Expert.0/24 [110/65] via 10.1.1. 00:22:41.23.0.1. Loopback0 10.per-user static route o . FastEthernet0/0 10.4/32 [110/66] via 10.1.146.1.1.2.INE.1. L1 .2.0.1.1.1. Inc www.5.static.23. Serial0/0 10.1.23. FastEthernet0/0 10.0.2.3/32 [110/66] via 10. 2 masks 10.23.0/24 [110/66] via 10. M .0/24 [110/67] via 10.1.1.2.mobile.2/32 [110/2] via 10.2.1.245.2.IS-IS inter area.1.1.1. Serial0/0 10.5.BGP D . S .OSPF NSSA external type 1.2/32 [110/65] via 10.RIP. 00:22:41.50.1. * . 00:22:38.2.1.2. B . 00:22:41.245. L2 . * .6.245. IA .OSPF external type 1.23.IS-IS level-1.1.1. 00:22:40.1.245.0/24 is directly connected.23.0/24 is directly connected. 00:22:38.static. 00:22:41.2.23.IS-IS level-1.OSPF inter area N1 .5/32 [110/66] via 10. Serial0/0 10. 00:22:40. FastEthernet0/0 10.0/8 is variably subnetted.EIGRP.OSPF external type 2 i .1. FastEthernet0/0 10.IS-IS summary. 00:22:41.com OSPF Routing Table Verification (R4) R4#show ip route Codes: C .23.245.245. 00:22:40. B . 00:22:41.0/8 is variably subnetted.60. IA .0/24 is directly connected. U . L1 .6. Serial1/2 10.5.EIGRP external. FastEthernet0/0 10.1. E2 . FastEthernet0/0 10.6.4. O . 12 subnets.1.1. FastEthernet0/0 10.1. 00:22:41.0/24 [110/20] via 10.1.2.1.2.4.

IA . O .4.1.4/32 [110/2] via 10.1.4.1.1.OSPF NSSA external type 1.13.1.0/8 is variably subnetted.1.IS-IS summary.EIGRP.245. 00:22:44.50.146. FastEthernet0/1 10. 12 subnets.ODR. 00:22:44.1.60. 00:22:46. 00:22:44. Serial0/0 IA IA IA IA IA IA O O O O O O C O O C O C Copyright © 2010 Internetwork Expert.IS-IS inter area.1.www. Inc www.1.4. U .ODR. Loopback0 10. EX .0.1. L1 . L1 . Serial0/0 10. N2 .connected.IS-IS summary.1. 00:22:44.245. B .2.60.mobile.4.245.2.1. Inc www.146.candidate default.0/8 is variably subnetted.4.146. 00:22:44.245.OSPF external type 1.per-user static route o .EIGRP external. 00:22:44.com Copyright © 2010 Internetwork Expert . 00:22:45.OSPF.1.com OSPF Routing Table Verification (R6) R6#show ip route Codes: C .0/24 is directly connected.OSPF external type 2 i .0/24 [110/65] via 10.0/24 [110/846] via 10.RIP.OSPF inter area N1 .1.0/24 [110/20] via 10.0/24 is directly connected. 00:22:45. FastEthernet0/0 10. FastEthernet0/0 10.6.245.IS-IS level-1.1.146.IS-IS inter area. su .6.mobile.candidate default.1.6/32 [110/66] via 10.1. FastEthernet0/0 10. 00:22:46.OSPF NSSA external type 2 E1 . FastEthernet0/0 10. * . Loopback0 IA 10. 12 subnets. S .1.IS-IS level-2 ia .1.2/32 [110/65] via 10.1. O .23.3/32 [110/66] via 10.2.1.OSPF.245. Serial0/0 10.1. su . Serial0/0 10.1.0/24 [110/65] via 10.23.2.0/24 [110/66] via 10.4.OSPF external type 1. 00:22:45.1.13. E2 . L2 .IS-IS level-2 ia .INE.INE.5. Serial0/0 10.3.1.0/24 is directly connected.EIGRP.0/24 is directly connected.connected.com OSPF Routing Table Verification (R5) R5#show ip route Codes: C .50.RIP.1. M . L2 . Serial0/0 10.4/32 [110/65] via 10.INE.1.0/24 [110/66] via 10. Serial0/0 10. N2 .1.1. P .3/32 [110/67] via 10. 00:22:44.0/24 is directly connected.OSPF external type 2 i .BGP D .IS-IS.2/32 [110/66] via 10.1. 00:22:44.4.4.1.0/24 [110/847] via 10.OSPF NSSA external type 1.0.1.4.2.EIGRP external. R .5. E2 .0. 00:22:45. FastEthernet0/0 10.245.1.3. 2 masks 10. FastEthernet0/0 10.146. Serial0/0 10.IS-IS.1.periodic downloaded static route Gateway of last resort is not set 10. FastEthernet0/0 10.1/32 [110/66] via 10. S .1.IS-IS level-1.146.1/32 [110/2] via 10.4.1.1.4. M .0/24 is directly connected.245.245.static.146.4.1. B .1. 2 masks 10.1.2.OSPF inter area N1 . Serial0/0 10.146.245.1. 00:22:45.0/24 [110/65] via 10. R . IA . 00:22:44. 00:22:45.4.1.BGP D .146. FastEthernet0/0 O O O O O O C O C O C O IA IA IA IA IA E2 IA Copyright © 2010 Internetwork Expert. U .1.146.static.periodic downloaded static route Gateway of last resort is not set 10.4.per-user static route o . FastEthernet0/0 10. FastEthernet0/0 IA 10.OSPF NSSA external type 2 E1 .4. EX . * . Serial0/0 IA 10.146.1.5/32 [110/66] via 10.245.0. P .1. 00:22:46. FastEthernet0/0 10.

3 LS Seq Number: 80000007 Checksum: 0x4AD6 Length: 72 Number of Links: 4 Link connected to: a Transit Network (Link ID) Designated Router address: 10.3. DC) LS Type: Router Links Link State ID: 10.23.1.3 Copyright © 2010 Internetwork Expert.255.3.3.3.1.3.23.1.1.3.1.com OSPF Type-2 LSA Verification Detail R3#show ip ospf database network 10.1.1.2 OSPF Router with ID (10.1.3 Number of TOS metrics: 0 TOS 0 Metrics: 1 Link connected to: another Router (point-to-point) (Link ID) Neighboring Router ID: 10.3 Advertising Router: 10.2 LS Seq Number: 80000004 Checksum: 0xBC27 Length: 32 Network Mask: /24 Attached Router: 10.com Copyright © 2010 Internetwork Expert .23.255 Number of TOS metrics: 0 TOS 0 Metrics: 1 Copyright © 2010 Internetwork Expert.255. Inc www.1.1.3) (Process ID 1) Net Link States (Area 1) Routing Bit Set on this LSA LS age: 151 Options: (No TOS-capability.1.2 (address of Designated Router) Advertising Router: 10.com OSPF Type-1 LSA Verification Detail R3#show ip ospf database router 10.3. DC) LS Type: Network Links Link State ID: 10.2 (Link Data) Router Interface address: 10.1.1.13.3) (Process ID 1) Router Link States (Area 1) LS age: 142 Options: (No TOS-capability.1.13.0 (Link Data) Network Mask: 255.1.2.INE.3 OSPF Router with ID (10.1.255.INE.1.3 Number of TOS metrics: 0 TOS 0 Metrics: 781 Link connected to: a Stub Network (Link ID) Network/subnet number: 10.www.2 Attached Router: 10. Inc www.3 (Link Data) Network Mask: 255.23.2.INE.1 (Link Data) Router Interface address: 10.255.0 Number of TOS metrics: 0 TOS 0 Metrics: 781 Link connected to: a Stub Network (Link ID) Network/subnet number: 10.

Upward) LS Type: Summary Links(Network) Link State ID: 10.245.1.245.5.www.3. Inc www.1.com OSPF Type-4 LSA Verification Detail R3#show ip ospf database asbr-summary 10.2 LS Seq Number: 80000004 Checksum: 0x6980 Length: 28 Network Mask: /24 TOS: 0 Metric: 64 Copyright © 2010 Internetwork Expert.1.1. Upward) LS Type: Summary Links(AS Boundary Router) Link State ID: 10.2.com Copyright © 2010 Internetwork Expert .2 LS Seq Number: 80000002 Checksum: 0x874F Length: 28 Network Mask: /0 TOS: 0 Metric: 64 Copyright © 2010 Internetwork Expert. DC.0 (summary Network Number) Advertising Router: 10.1.0 OSPF Router with ID (10.INE.com OSPF Type-3 LSA Verification Detail R3#show ip ospf database summary 10.3) (Process ID 1) Summary Net Link States (Area 1) Routing Bit Set on this LSA LS age: 165 Options: (No TOS-capability.INE.2.1.5 OSPF Router with ID (10.5.1.1.5 (AS Boundary Router address) Advertising Router: 10.3) (Process ID 1) Summary ASB Link States (Area 1) Routing Bit Set on this LSA LS age: 671 Options: (No TOS-capability. Inc www. DC.INE.3.

via FastEthernet0/0 Route metric is 2. traffic share count is 1 R3#show ip route 10. from 10.2. metric 65.2 on FastEthernet0/0.23.5. 00:39:06 ago.3.com OSPF Type-5 LSA Verification Detail R3#show ip ospf database external 10.1.245. traffic share count is 1 R3#show ip route 10.1. type intra area Last update from 10. Inc www.50.5.2. traffic share count is 1 Copyright © 2010 Internetwork Expert. via FastEthernet0/0 Route metric is 20.0 OSPF Router with ID (10.1.0/24 Known via "ospf 1". Inc www. distance 110.www.1.INE.2.INE.0 (External Network Number ) Advertising Router: 10.0 Routing entry for 10.2. 00:39:06 ago Routing Descriptor Blocks: * 10.1.1.1. distance 110.23.1.com Copyright © 2010 Internetwork Expert .2.com OSPF Routing Table Verification Detail R3#show ip route 10.23.2.1. metric 2.5. from 10. 00:39:09 ago Routing Descriptor Blocks: * 10.1.2. forward metric 65 Last update from 10.2 on FastEthernet0/0.0.1.23.23.1. metric 20.3) (Process ID 1) Type-5 AS External Link States Routing Bit Set on this LSA LS age: 130 Options: (No TOS-capability.50.1.5 LS Seq Number: 80000002 Checksum: 0x8BC1 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 0.2 on FastEthernet0/0. distance 110. type inter area Last update from 10. from 10. 00:39:09 ago. DC) LS Type: AS External Link Link State ID: 10. 00:39:04 ago.0 External Route Tag: 0 Copyright © 2010 Internetwork Expert.50.1.50.2 Routing entry for 10.0.2/32 Known via "ospf 1". 00:39:04 ago Routing Descriptor Blocks: * 10.1. via FastEthernet0/0 Route metric is 65.245.0/24 Known via "ospf 1".1.1.1.23.0 Routing entry for 10. type extern 2.2.INE.1.2.

1.1.1 10.5 10.4.com Copyright © 2010 Internetwork Expert .1. Traffic Can Connectivity To Area 1 Is Lost.3 10.4 R4# router ospf 1 area 2 virtual-link 10.INE.4.13.1.146.6 Pri 0 0 1 1 State FULL/ FULL/ FULL/BDR FULL/DROTHER Dead Time 00:00:32 00:00:38 00:00:35 Address 10.1.6.146.146.1.www.146.1.146.6 Interface OSPF_VL0 Serial0/1 FastEthernet0/0 FastEthernet0/0 R4#show ip ospf neighbor Neighbor ID 10.1. Inter-Area Between R1All and R4.6 Interface OSPF_VL0 Serial0/0 FastEthernet0/0 FastEthernet0/0 Copyright © 2010 Internetwork Expert.4 10. Inc www.1.3.INE.com OSPF Virtual-Link Example 10. Virtual-Link Copyright © 2010 Internetwork Expert.3 10.1.1.6 Pri 0 1 1 1 State FULL/ FULL/DR FULL/DR FULL/DROTHER Dead Time 00:01:45 00:00:37 00:00:38 Address 10.4.1 10.6.1.1.146.1.4 10.0/24 VLAN 6 R2’s Virtual-Link Link To Area 0 Goes With Configured Down.1.1.1.INE.com OSPF Virtual-Link Configuration R1# router ospf 1 area 2 virtual-link 10.1 R1#show ip ospf neighbor Neighbor ID 10.60.245. Be Rerouted Via Area 2.1.5.1.5 10.4 10.1. Inc www.4 10.1.1.1 10.1 10.

Tracing the route to 10. line protocol is up Internet Address 10.5 on Serial0/0 from FULL to DOWN. Nbr 10. 00:00:03 ago. metric 66. changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0. traffic share count is 1 R3#traceroute 10. Wait 40.4. Area 0 Process ID 1.1.5 1 10.4 16 msec 12 msec 12 msec 3 10. 00:00:03 ago Routing Descriptor Blocks: * 10.1.13.1.23. Inc www.5.1. Inc www. from 10. via FastEthernet0/0 Route metric is 66.5/32 Known via "ospf 1". Retransmit 5 Hello due in 00:00:07 Adjacency State FULL (Hello suppressed) Index 1/4.1.245.1. traffic share count is 1 R3#traceroute 10.13.5. type inter area Last update from 10. Timer intervals configured.2.1. DoNotAge LSA allowed.INE.1. via Serial1/2 Route metric is 847.5. metric 847. from 10. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1.13.146.1.1.5 Routing entry for 10.5.23.1.com OSPF Virtual-Link Verification (cont. type inter area Last update from 10.1. maximum is 1 Last flood scan time is 0 msec. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:06 Supports Link-local Signaling (LLS) Index 1/4.5 1 10.1.2 4 msec 0 msec 4 msec 2 10.1.5/32 Known via "ospf 1". distance 110. Cost: 1 Configured as demand circuit.com Copyright © 2010 Internetwork Expert .5 44 msec * 40 msec Copyright © 2010 Internetwork Expert. Neighbor Down: Interface down or detached %LINK-5-CHANGED: Interface Serial0/0.146.2. End with CNTL/Z. distance 110.INE. Adjacent neighbor count is 1 Adjacent with neighbor 10. retransmission queue length 0.1.2 on FastEthernet0/0. via interface FastEthernet0/0.1. one per line.1.1.2. Network Type VIRTUAL_LINK.1.5.4 is up Run as demand circuit DoNotAge LSA allowed. maximum is 0 msec Neighbor Count is 1. State POINT_TO_POINT. maximum is 0 msec R1#show ip ospf interface OSPF_VL0 is up. Hello 10. number of retransmission 0 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 0.1.1. Tracing the route to 10.4 (Hello suppressed) Suppress hello for 1 neighbor(s) <output omitted> Copyright © 2010 Internetwork Expert.com OSPF Virtual-Link Verification R1#show ip ospf virtual-links Virtual Link OSPF_VL0 to router 10.4.5.1.1 on Serial1/2. Transmit Delay is 1 sec.23.1.1 16 msec 16 msec 16 msec 2 10. maximum is 0 Last retransmission scan time is 0 msec. 00:07:16 ago Routing Descriptor Blocks: * 10.1. Hello 10.5 28 msec * 28 msec R2#config t Enter configuration commands. 00:07:16 ago. Dead 40.1.5.1/24.www.5 Type escape sequence to abort. Router ID 10.1. State POINT_TO_POINT.1. Timer intervals configured. changed state to down R3#show ip route 10.5.1.1.5.5 Type escape sequence to abort. Cost of using 1 Transmit Delay is 1 sec.245. Wait 40. Transit area 2. R2(config)#interface Serial0/0 R2(config-if)#shutdown R2(config-if)# OSPF-5-ADJCHG: Process 1. Run as demand circuit.5 Routing entry for 10.) R3#show ip route 10.INE. Dead 40.

OSPF summarization (aggregation) cannot be performed at arbitrary places in the topology – Internal summarization only on ABRs – External summarization only on ASBRs Copyright © 2010 Internetwork Expert.INE. but they don’t hide reachability information • NLRI can be reduced in OSPF by implementing – Summarization – Stub areas Copyright © 2010 Internetwork Expert. EIGRP.com OSPF Scalability • Less topology info & less routing info means lower resource utilization • OSPF areas add scalability by hiding topology information. and BGP.www. Inc www.INE.com OSPF Summarization • OSPF supports two types of summaries – Internal Summarization (Type-3 LSAs) – External Summarization (Type-5 & 7 LSAs) • Unlike RIPv2.com Copyright © 2010 Internetwork Expert . Inc www.INE.

INE.com OSPF External Summarization • Configured only on ASBRs • Takes routes external to OSPF domain and summarizes them as OSPF external routes (E1/E2/N1/N2) when redistributed • summary-address [network] [mask] • Automatically generates routes to Null0 Copyright © 2010 Internetwork Expert. Inc www.www. Inc www.com Copyright © 2010 Internetwork Expert .com OSPF Internal Summarization • Configured only on ABRs • Takes intra-area (O) routes and summarizes them into inter-area (O IA) routes as they move between areas • area [source area-id] range [network] [mask] • Automatically generates route to Null0 Copyright © 2010 Internetwork Expert.INE.INE.

0.6/24 Fa0/1 R6 Fa0/0 Area 2 Fa0/0 Lo0 10.1.0.0 ip ospf network point-to-point ! router ospf 1 network 10.1.252.1.60.34.6.3 0.3/24 Lo34 10.34.3 255.0.23.1.0 255.0 area 1 Copyright © 2010 Internetwork Expert.com OSPF Internal Summarization Configuration R2# router ospf 1 area 1 range 10.0 area 1 network 10.INE.0.0 area 1 network 10.1.255.1.32.1.255.0 area 1 network 10.255.4.1.0 R3# interface Loopback32 ip address 10.3/24 Lo35 10.2/24 40 5 5 20 504 502 S0/0/0 R5 Lo0 10.5/24 Area 0 R3 Fa0/0 10.50.146.33.255. Inc www.4/24 Lo0 10.INE.com Copyright © 2010 Internetwork Expert .1.35.1.0 ip ospf network point-to-point ! interface Loopback34 ip address 10.3 255.3 255.1.1.1.3/24 Lo0 10.3/24 Lo0 10.0.1.255.1.1.0.0/24 VLAN 5 10. Inc www.0/24 Fa0/0 Lo32 10.1.32.1.3 0.www.1.255.0/24 VLAN 23 Area 1 R2 Fa0/0 S0/0 Copyright © 2010 Internetwork Expert.1.32.32.2.33.3.255.35.0 ip ospf network point-to-point ! interface Loopback33 ip address 10.1.3 255.35.1.0/24 VLAN 6 Lo0 10.3/24 Lo33 10.5.1/24 Fa0/0 10.0 ip ospf network point-to-point ! interface Loopback35 ip address 10.3 0.1.0.33.1.3 0.0/24 VLAN 146 R1 R4 S0/0/0 10.255.0.255.1.34.com OSPF Internal Summarization Example 10.245.INE.

146.4/32 [110/65] via 10.0/8 is variably subnetted.1.4.1.4.245.1.1.245.4.5.1.3/32 [110/67] via 10.4. FastEthernet0/0 O IA 10.32.0/24 [110/2] via 10. 00:05:05.3.0/8 is variably subnetted.1.245.2.1.1.1. Serial0/0 O IA 10. Serial0/0 O IA 10. Serial0/0 R5#show ip route ospf 10.1. FastEthernet0/0 O 10.0/24 [110/2] via 10.1. 3 masks O IA 10.4. 00:05:05.1.2/32 [110/66] via 10.1. FastEthernet0/0 O 10.com Internal Summarization Verification (cont. DC.1. 00:05:05. 00:05:05.32.1.3.1.4.0 OSPF Router with ID (10.1. FastEthernet0/0 Copyright © 2010 Internetwork Expert.4.0 (summary Network Number) Advertising Router: 10.0.1.245.0/22 [110/67] via 10.4.3.1. 00:07:48. 00:07:48.5.1.1. Serial0/0 O IA 10.1.146.1.5.0/24 [110/20] via 10.245.60.4.245. Serial0/0 O E2 10. FastEthernet0/0 O IA 10.23.2 LS Seq Number: 80000002 Checksum: 0x20E2 Length: 28 Network Mask: /22 TOS: 0 Metric: 2 R6#show ip ospf database summary 10. 00:11:12.245.1.1. FastEthernet0/0 O E2 10.1.1.2. 00:05:05. FastEthernet0/0 O IA 10.4.1.4.3. Upward) LS Type: Summary Links(Network) Link State ID: 10. 16 subnets.1. 00:05:05. Serial0/0 O IA 10. Serial0/0 R6#show ip route ospf 10.1.0/8 is variably subnetted.4.245.0.1.1.146.146.1.23.146.1. 00:11:12.3.1.5) (Process ID 1) Summary Net Link States (Area 0) Routing Bit Set on this LSA LS age: 466 Options: (No TOS-capability.32. 3 masks O IA 10.0.4 LS Seq Number: 80000003 Checksum: 0x8637 Length: 28 Network Mask: /22 TOS: 0 Metric: 66 Copyright © 2010 Internetwork Expert.245.245. FastEthernet0/0 O IA 10.1.0 OSPF Router with ID (10. 00:11:12. FastEthernet0/0 O 10.23.5/32 [110/65] via 10.1. 00:05:05. Serial0/0 O 10.1. FastEthernet0/0 O 10. 00:07:48.2.1.23.50.www.1.0/22 [110/66] via 10.1. 00:07:48.1.4.0/24 [110/65] via 10.1. 00:05:10. 00:07:16.0/24 [110/2] via 10.245.146.6/32 [110/66] via 10.4. FastEthernet0/0 O IA 10. 00:05:05.1.1/32 [110/66] via 10.146. 00:09:58.0/24 [110/66] via 10.3.1. FastEthernet0/0 O IA 10.146. 00:07:15.23.2/32 [110/65] via 10. 00:05:05.1.0.1/32 [110/2] via 10.35. Serial0/0 O IA 10. 00:09:48.4. Serial0/0 O 10.2.0/24 [110/66] via 10.0/24 [110/2] via 10. 00:09:48.6.6.3.0/24 [110/66] via 10. 00:05:05.INE.4/32 [110/65] via 10.1. Serial0/0 O IA 10.0/24 [110/65] via 10.245. Serial0/0 O IA 10.4.32.1.3/32 [110/66] via 10.1.1.0/24 [110/65] via 10.146.4.1.3/32 [110/2] via 10.1.1. 00:07:48.34.1.245.INE.1.1.1.1.1.0/22 is a summary.146.INE.32.32.4. Null0 O IA 10.0.146.32.1.1. FastEthernet0/0 O 10. 12 subnets.1/32 [110/66] via 10.com Copyright © 2010 Internetwork Expert . Serial0/0 O IA 10.1.6) (Process ID 1) Summary Net Link States (Area 2) Routing Bit Set on this LSA LS age: 467 Options: (No TOS-capability. DC.23. FastEthernet0/0 O 10. 3 masks O IA 10.23. Inc www.1.1.1. 00:05:05.4.2.5.1.245. Inc www.6.3. 00:07:48.0/24 [110/20] via 10.4.1.0/24 [110/65] via 10.1.) R5#show ip ospf database summary 10. Serial0/0 O IA 10.4.1. 00:07:48.0 (summary Network Number) Advertising Router: 10.2.com Internal Summarization Verification R2#show ip route ospf 10. Serial0/0 O 10.4. 00:05:05.245.5.6/32 [110/66] via 10. Serial0/0 O IA 10. 12 subnets.32.1.245. 00:09:48.1.5/32 [110/66] via 10.1.2.60. 00:05:05.245. Upward) LS Type: Summary Links(Network) Link State ID: 10. 00:07:48.4/32 [110/2] via 10.1.0.33.50.

110.1.4.1 255.1 255.111.3.255.1/24 Lo108 10.1.INE.245.104.104.0 ! interface Loopback108 ip address 10.106.0 ! interface Loopback109 ip address 10.1.com OSPF External Summarization Example 10.107.1 255.1.0 ! interface Loopback105 ip address 10.0/24 VLAN 6 Lo0 10.1.109.6.0/24 VLAN 23 Area 1 R2 Fa0/0 S0/0 Copyright © 2010 Internetwork Expert.105.255.0/24 VLAN 5 10.1.1 255.0 ! interface Loopback106 ip address 10.com OSPF External Summarization Configuration R1# interface Loopback104 ip address 10.1.255.2.255.1.255.3/24 Lo0 10.0 ! interface Loopback110 ip address 10.1.255.106.1.1 255.6/24 Fa0/1 R6 Fa0/0 Area 2 Fa0/0 Lo0 10.0 ! interface Loopback107 ip address 10. Inc www.1/24 Lo105 10.1/24 Lo110 10.255.0 255.1.0/24 Fa0/0 40 5 5 20 504 502 S0/0/0 R5 Lo0 10.1.2/24 Area 0 R3 Fa0/0 10.1.1.104.1.1.248.5/24 Lo0 10.255.255.0 ! router ospf 1 summary-address 10.1 255.23.50.0 ! interface Loopback111 ip address 10.1.www.1.109.1/24 Lo111 10.0 redistribute connected subnets Copyright © 2010 Internetwork Expert.255.1.255.255.1.108.255.1/24 Lo106 10.1.1.1/24 Fa0/0 10.255.1.146.1 255.5.INE.107.111.1.1/24 Lo109 10.1.4/24 Lo0 10.1.1/24 Lo107 10.1. Inc www.255.1 255.108.255.INE.0/24 VLAN 146 R1 Lo104 10.110.255.1/24 R4 S0/0/0 10.60.1.105.com Copyright © 2010 Internetwork Expert .1.

4 masks 10.0/24 [110/66] via 10.4.146. DC) LS Type: AS External Link Link State ID: 10. 00:28:51.0/22 [110/67] via 10.0.0/24 is directly connected.104.5/32 [110/66] via 10.146.3/32 [110/67] via 10.1.1.EIGRP external.1.23.BGP D . Loopback104 10.23.146.1.146.2. Loopback108 10.RIP.245.104. IA .OSPF external type 1.4.0/24 is directly connected.1 LS Seq Number: 80000002 Checksum: 0x48DD Length: 36 Network Mask: /21 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 0.4.108.1. Loopback107 10. 00:28:51.1.111. U .EIGRP.1.1/32 [110/67] via 10.23. P .1. FastEthernet0/0 O IA 10.146.com Copyright © 2010 Internetwork Expert .1.com External Summarization Verification R1#show ip route Codes: C . 00:07:20. 00:12:38. FastEthernet0/0 O IA 10. FastEthernet0/0 10.INE.0/8 is variably subnetted. Inc www. 00:28:51.1. 00:12:37.0/24 [110/66] via 10.1. 00:11:28.IS-IS level-1.6/32 [110/2] via 10.) R3#show ip route ospf 10.3.0 OSPF Router with ID (10.4.0.104.0/24 is directly connected.0/24 is directly connected.periodic downloaded static route Gateway of last resort is not set 10.0/24 is directly connected.5/32 [110/66] via 10.1.50.1.106. FastEthernet0/0 O IA 10.IS-IS inter area.0.2. FastEthernet0/0 O IA 10.104.109. 00:04:25.1.6.2. 00:12:37.1.1.1. FastEthernet0/0 10. Loopback0 10.1.107. FastEthernet0/0 O IA 10.105.0/8 is variably subnetted.1.1.146.146.4. 00:28:51.0/24 [110/65] via 10.4.0 External Route Tag: 0 Copyright © 2010 Internetwork Expert.1.0.1.23.0/24 [110/20] via 10. 00:12:37. * .2.5. 00:28:51.146. S .IS-IS level-2 ia . Loopback111 10.1. EX .connected. FastEthernet0/0 10.1.1.1. Null0 10.4. N2 .OSPF NSSA external type 1.1.www.1.146. FastEthernet0/0 10. FastEthernet0/0 O 10.2. O .OSPF inter area N1 .static. FastEthernet0/0 O IA 10.6.6/32 [110/67] via 10.1. 3 masks O IA 10.5.3) (Process ID 1) Type-5 AS External Link States Routing Bit Set on this LSA LS age: 460 Options: (No TOS-capability.IS-IS. FastEthernet0/0 C O O O O O O O O O C C C C O C C C C C O IA IA IA IA IA E2 IA Copyright © 2010 Internetwork Expert.0. FastEthernet0/0 R3#show ip ospf database external 10. 00:12:37.23.2.INE. Loopback109 10. 00:28:51. R . FastEthernet0/0 O E2 10.4/32 [110/2] via 10.1.1. su .1.6.1.1.1.OSPF.0/24 is directly connected.1.4.3.0/24 [110/67] via 10. 00:12:37.1.146.0/24 is directly connected.IS-IS summary.23. B . FastEthernet0/0 10.23.146.1.4.60.245. 00:12:38. Loopback106 10.0/21 [110/20] via 10. Loopback110 10.1. M .0/21 is a summary. 00:12:38.60. FastEthernet0/0 10.1.1.104.1. 21 subnets.23.4/32 [110/66] via 10.1.per-user static route o .2. L2 .1.2/32 [110/2] via 10.32.candidate default.0 (External Network Number ) Advertising Router: 10.INE. FastEthernet0/0 O E2 10.2.OSPF external type 2 i .0/24 is directly connected. FastEthernet0/0 10. FastEthernet0/0 10. 00:12:38. L1 .2. 16 subnets.2.6.0/24 [110/2] via 10.0. FastEthernet0/0 10.1.ODR. 00:28:51.23.50.1.23.1.mobile.146.1.1.0/24 is directly connected.0/24 [110/65] via 10.4.1.110. FastEthernet0/0 10.1.1.1.0/24 [110/20] via 10.1.1.0/24 is directly connected.1. 00:12:38.OSPF NSSA external type 2 E1 . Inc www.1.23. 00:28:51.com External Summarization Verification (cont. E2 .1.2.2/32 [110/66] via 10.2. Loopback105 10.

com OSPF Stub Areas • Summarization saves resources by taking multiple longer match prefixes and combining them into a smaller amount of shorter matches – e.INE.1. and/or Type-5 filtered depending on stub type • The reachability information removed is then replaced with a default route – Still allows reachability to removed routes (in most cases) Copyright © 2010 Internetwork Expert.com How OSPF Stub Areas Work • Stub areas use the common transit point of the OSPF topology.0. a default route Copyright © 2010 Internetwork Expert.0/16 and 100.0/16 become one route 100.www.INE.0/15 • Using the same logic.0. to stop LSAs from entering the area – Type-3. the ABR.com Copyright © 2010 Internetwork Expert . Inc www.g two routes 100.0.0.INE. Type-4.0. Inc www. OSPF stub areas reduce NLRI by taking prefixes of the same LSA type and combining them into the shortest match possible.

INE.INE. Inc www. Inc www.www. I don’t need the specific external routes • area [area-id] stub on all routers in the area • Result – ABR removes LSAs 4 (ASBR) & 5 (External) – ABR originates default route Copyright © 2010 Internetwork Expert.com OSPF Stub Areas • Stub Area logic – – – – I know how to get to my ABR My ABR knows how to get to the ASBRs The ASBRs knows how to get to the external routes If I default to the ABR.com Copyright © 2010 Internetwork Expert .com OSPF Stub Area Types • Four stub area types control which routes (LSAs) can enter the area • Stub Area – Stops external routes • Totally Stubby Area – Stops inter-area and external routes • Not-So-Stubby Area (NSSA) – Stops external routes but allows local redistribution • Not-So-Totally-Stubby Area – Stops inter-area and external routes but allows local redistribution • All routers in the area must agree on the stub flag Copyright © 2010 Internetwork Expert.INE.

00:00:04. Serial0/0 R3#show ip route ospf 10.1.2.0/24 [110/65] via 10.1.1.1.33.60.0.1.4.1. 00:00:04.1. 00:00:04.0/0 [110/2] via 10. 4 masks O IA 10.1.60.0/24 [110/65] via 10.245.23. Inc www. 00:00:04.0/22 is a summary.1.1.1.1.3.1.1. 00:00:04.23. 00:00:04.4/32 [110/65] via 10.2.0/24 VLAN 6 Stub Area Copyright © 2010 Internetwork Expert.1. 17 subnets. Serial0/0 O 10.1.5. Serial0/0 O 10.4.1. 00:00:04.1. Serial0/0 O E2 10.23.1. Serial0/0 O 10.0.0.0/8 is variably subnetted.23.6/32 [110/67] via 10.INE. FastEthernet0/0 O 10.1.0.2.1.4.5/32 [110/65] via 10.INE. 00:00:19. Serial0/0 O E2 10.1. FastEthernet0/0 O 10.146.1.23.245. 00:00:04.2. FastEthernet0/0 O IA 10.6/32 [110/66] via 10. FastEthernet0/0 Copyright © 2010 Internetwork Expert.2.1.com Stub Area Configuration & Verification R2# router ospf 1 area 1 stub R3# router ospf 1 area 1 stub R2#show ip route ospf 10. FastEthernet0/0 O 10.4.245. 00:00:04. FastEthernet0/0 O 10.23.32.5. Inc www.2.2.1.1.0/8 is variably subnetted. Serial0/0 O IA 10.1. 00:00:04.3.5.4.245.1.146.1.0/24 [110/66] via 10.23. FastEthernet0/0 O 10. FastEthernet0/0 O IA 10. 00:00:04.3.245.1.4/32 [110/66] via 10.3/32 [110/2] via 10.1.34. FastEthernet0/0 O IA 10.5/32 [110/66] via 10.4.1.6.104. FastEthernet0/0 O IA 10. 00:00:04.3.50.4.0/24 [110/20] via 10. 00:00:04.2.1. FastEthernet0/0 O IA 10. 2 masks O IA 10.60.0/24 [110/2] via 10.35.0/21 [110/20] via 10.1.www.23.2.23.5. 00:00:04. FastEthernet0/0 O IA 10.1/32 [110/66] via 10.0/24 [110/66] via 10. 00:00:04.1.245.23.1. 00:00:04.2. Serial0/0 O IA 10.23.1.1.1. Null0 O IA 10. 00:00:04. FastEthernet0/0 O*IA 0.1/32 [110/67] via 10.3.1.245.23.com Copyright © 2010 Internetwork Expert .0/24 [110/67] via 10.32.INE.1.3.245. FastEthernet0/0 O IA 10.1.23. 00:00:04.0/24 [110/2] via 10.1. 14 subnets.4.1.2/32 [110/2] via 10. 00:00:04.com OSPF Stub Area Example 10.245. 00:00:04.1.0.0/24 [110/2] via 10. 00:00:04.1.6.0.23. 00:00:04.1.0/24 [110/2] via 10.

2 10.2 10.1.1.1.2 10.0.1.1 10.60.2.1.1.4 10.5.2 10.1.2.2 Age 110 110 110 110 110 110 110 110 Seq# 0x80000001 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x0035F9 0x001AC4 0x00D009 0x00BB1C 0x00B024 0x00980C 0x00D876 0x008963 Copyright © 2010 Internetwork Expert.0 ADV Router 10.146.com Stub Area Verification (cont.1.4.5.1.4 10.1.1.1.2.3 Age 2333 103 97 Seq# 0x80000002 0x80000005 0x8000000A Checksum 0x00CF77 0x008523 0x00E0C5 Link count 2 2 6 Net Link States (Area 1) Link ID 10.1.2 10.2 10.6 10.2.2 10.2 10.1.23.1.2.2 10.2.1.3.1.2.1.60.104.1.2 10.1. Inc www.0.0.0 10.1.6.0 10.1 10.3 ADV Router 10.1.4 10.1.) R2#show ip ospf database OSPF Router with ID (10.INE.1.5 10.4 10.2 10.1.4 10.2.1 Age 325 105 Seq# Checksum Tag 0x80000002 0x008BC1 0 0x80000003 0x0046DE 0 Summary ASB Link States (Area 0) Link ID 10.1.2 10.1.1.4 10.5.2.1.1.1.1 ADV Router 10.1.2 10.1.3.3 Age 91 Seq# Checksum 0x80000004 0x00BB27 Net Link States (Area 0) Link ID 10.0 10.1.com Stub Area Verification (cont.4.1.0 10.0 10.3 Router Link States (Area 1) ADV Router 10.2.5 ADV Router 10.4 Age 311 307 85 311 311 90 86 312 312 Seq# 0x80000002 0x80000002 0x80000001 0x80000002 0x80000002 0x80000004 0x80000001 0x80000002 0x80000002 Checksum 0x0061B8 0x005CC0 0x0053C7 0x0018FC 0x00F718 0x008483 0x0022E1 0x00DFFF 0x00206A Type-5 AS External Link States Link ID 10.1.1.1.0 10.0 10.2.1.1.1.1.2.4 10.3.1.1.4.1.1.245.1.1.1.2.2.0.1.4 Age 1139 Seq# Checksum 0x80000001 0x004BCF Copyright © 2010 Internetwork Expert.2 10.4.1 10.5 ADV Router 10.5 Age 307 311 322 Seq# Checksum Link count 0x80000003 0x006267 1 0x80000003 0x003A85 1 0x80000003 0x006132 2 Link ID 10.1.4.2 10.1.146.6 10.1.4.1.3 Age 2326 94 91 Seq# Checksum Link count 0x80000002 0x00CF77 2 0x80000005 0x008523 2 0x8000000A 0x00E0C5 6 Net Link States (Area 1) Link ID 10.6.5.www.3.0 ADV Router 10.2 10.2 10.3 Age 97 Seq# Checksum 0x80000004 0x00BB27 Summary Net Link States (Area 1) Link ID 0.1.1.5 10.2.2.0 10.1.4.2 10.1.1 10.2.2 10.3 ADV Router 10.1.2 10.4.1.1.2 10.1.2.1.1.2.4 10.2.2 10.3.0 10.1.2.1.1 10.1.2.1.com Copyright © 2010 Internetwork Expert .1.2) (Process ID 1) Router Link States (Area 0) Link ID 10.2.1.2 Age 102 102 102 102 102 103 103 103 Seq# 0x80000001 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x0035F9 0x001AC4 0x00D009 0x00BB1C 0x00B024 0x00980C 0x00D876 0x008963 Summary Net Link States (Area 0) Link ID 10.1.5.4.1.4.2.0 ADV Router 10.1.245.0 10.6.1.1 10.32.6 10.1.2.245.1.60.5 Age 322 Seq# Checksum 0x80000002 0x0041A1 Summary Net Link States (Area 1) Link ID 0.23.2 10.1.INE.1.5.2 10.1.5 10.3.1 10.1.2.1.3) (Process ID 1) Router Link States (Area 1) Link ID 10.3.2.146.23. Inc www.1.1.3.3 10.2 10.2.1.) R3#show ip ospf database OSPF Router with ID (10.50.1.1.4.4 10.1.1.3 ADV Router 10.1.0 ADV Router 10.INE.

INE. & 5 (External) – ABR originates default route Copyright © 2010 Internetwork Expert.INE.com OSPF Totally Stubby Area Example 10.com OSPF Totally Stubby Areas • Totally Stub Area logic – – – – I know how to get to my ABR My ABR knows how to get to other areas and to the ASBRs The ASBRs knows how to get to the external routes If I default to the ABR.0/24 VLAN 6 Totally Stubby Area Copyright © 2010 Internetwork Expert. Inc www.60.com Copyright © 2010 Internetwork Expert . I don’t need the specific inter-area or external routes • area [area-id] stub on the internal routers in the area • area [area-id] stub no-summary on the ABR(s) of the area • Result – ABR removes LSAs 3 (Inter-Area).INE.1.www. 4 (ASBR). Inc www.

0/0 [110/2] via 10.2.1.1 10. 00:00:16.2.2.4.1.1.146.1.4.1.2.0. Inc www.23. 00:00:16.0/21 [110/20] via 10.1.1. Serial0/0 O E2 10.1.1.0.1.1. Serial0/0 O IA 10. FastEthernet0/0 O 10.INE.4.32.1.23.1.0.3 Age 434 Seq# Checksum 0x80000004 0x00BB27 Net Link States (Area 0) Link ID 10.1.245.3.1.3.4. 4 masks O IA 10.1.35.1.5.1.1. 00:00:06.23.4/32 [110/65] via 10.1.0 10. 00:00:19. 00:00:16. Serial0/0 R3#show ip route ospf 10.34.com Copyright © 2010 Internetwork Expert .33.1.5.2/32 [110/2] via 10. FastEthernet0/0 O 10.23.3 Seq# Checksum 0x80000002 0x0041A1 Link ID 0.5 ADV Router 10.1. 00:00:16.1.23.1.6/32 [110/66] via 10.4.104.1.1.5.0 ADV Router 10.23. 00:00:16.1.3 Age 2668 437 434 Seq# Checksum Link 0x80000002 0x00CF77 2 0x80000005 0x008523 2 0x8000000A 0x00E0C5 6 0x80000003 0x006267 1 0x80000003 0x003A85 1 0x80000003 0x006132 2 Link ID 10.1.4.1 10.3. 00:00:16.com Totally Stubby Area Config & Verification R2# router ospf 1 area 1 stub no-summary R3# router ospf 1 area 1 stub R2#show ip route ospf 10.0.0/24 [110/66] via 10.3.1.5 ADV Router 10.3.1.2.5.0/24 [110/2] via 10.1.5.2 10.) R2#show ip ospf database Router Link States (Area 1) OSPF Router with ID (10.4 10.0 ADV Router 10.6. Serial0/0 O E2 10.2 10.245.2 10.INE. 00:00:16.1.1.0 10. FastEthernet0/0 Copyright © 2010 Internetwork Expert.5 Age 665 Summary Net Link States (Area 1) ADV Router 10.1.3 ADV Router 10. Inc www.1.0/24 [110/2] via 10.1.3.2.0.4 10.1.0.1.1.2.2 10.60.1.1 ADV Router 10. Serial0/0 O 10.1.32.5.0/24 [110/20] via 10.2 10.2.4.0 Checksum 0x0061B8 0x005CC0 0x0053C7 0x0018FC 0x00F718 0x008483 0x0022E1 0x00DFFF 0x00206A Net Link States (Area 1) ADV Router 10.1. Null0 O IA 10.1.0.1.4 10.5. 00:06:05.1.60.1.104. FastEthernet0/0 O IA 10.4 10.1.245.245.1.1. 00:00:16.0/24 [110/2] via 10. 00:00:16. 17 subnets.3 10.6 10.4.1.0/22 is a summary.4. FastEthernet0/0 O 10. FastEthernet0/0 O*IA 0. 2 masks O 10. Serial0/0 O IA 10.32.2 10. 00:00:16.1.1.4 10.2 10.1.1.3/32 [110/2] via 10.3.4 10.4.5 Age 650 654 665 Seq# Checksum Link Link ID count 10.www. FastEthernet0/0 O 10.4.23.1.1.1.1.2.2.23.com Totally Stubby Area Verification (cont.0 10.1.1.4.4 Age 654 650 428 654 654 433 429 655 655 Seq# 0x80000002 0x80000002 0x80000001 0x80000002 0x80000002 0x80000004 0x80000001 0x80000002 0x80000002 Type-5 AS External Link States Link ID 10.50.1 10.2) (Process ID 1) Router Link States (Area 0) Link ID count 10.146.245.1.1.0 10.0/8 is variably subnetted.1.3.1.0/24 [110/2] via 10.1.2.245.1/32 [110/66] via 10. 00:00:16.1.3.5 10.1.1.1 Age 667 84 Seq# Checksum Tag 0x80000002 0x008BC1 0 0x80000004 0x0044DF 0 Summary ASB Link States (Area 0) Link ID 10.245.1.2.4.2 Age 82 Seq# Checksum 0x80000002 0x0033FA Summary Net Link States (Area 0) Link ID 10.1. Serial0/0 O 10.1. Serial0/0 O 10. 00:00:16.1.5/32 [110/65] via 10.6. 7 subnets.4 Age 1483 Seq# Checksum 0x80000001 0x004BCF Copyright © 2010 Internetwork Expert.2.4.0/24 [110/65] via 10. 00:00:16.2.1.1.2 10.245.0/8 is variably subnetted.1.23.245.1.1.1.0.4 10.4.INE.2 10.4.3.50.

INE.1.) R3#show ip ospf database OSPF Router with ID (10. Inc www.3 ADV Router 10.1 10.2.0.1.1.com Totally Stubby Area Verification (cont.com Copyright © 2010 Internetwork Expert .3) (Process ID 1) Router Link States (Area 1) Link ID count 10.3 Age 2674 444 439 Seq# Checksum Link 0x80000002 0x00CF77 2 0x80000005 0x008523 2 0x8000000A 0x00E0C5 6 Net Link States (Area 1) Link ID 10.1. but make an exception for local redistribution • This exception requires the new Type 7 LSA (NSSA External) • area [area-id] nssa on all routers in the area • Result – Redistributing router in NSSA generates Type 7 external instead of Type 5 – ABR changes Type 7 into Type 5 as it is sent into area 0 – ABR removes LSAs 4 (ASBR) & 5 (External) from coming into the area – ABR does not originate default route Copyright © 2010 Internetwork Expert.2.com OSPF Not-So-Stubby Areas (NSSA) • NSSA logic – Stub areas block external routes from coming from other areas – What if I want to redistribute directly into the stub area itself? – Filter like a stub area.0.1.1.2 10.1.INE.0 ADV Router 10.1.3.1 10.INE. Inc www.2 Age 89 Seq# Checksum 0x80000002 0x0033FA Copyright © 2010 Internetwork Expert.3 ADV Router 10.1.3 Age 439 Seq# Checksum 0x80000004 0x00BB27 Summary Net Link States (Area 1) Link ID 0.www.23.3.1.2.2 10.3.3.1.1.

com Copyright © 2010 Internetwork Expert .INE. but could be someone else in some designs – Route Tag • show ip ospf database nssa-external [Link ID] Copyright © 2010 Internetwork Expert.www. hold an election – ABR with highest router-id becomes NSSA Translator – Traffic doesn’t necessarily transit the translator • See RFC 3101 “The OSPF Not-So-Stubby Area (NSSA) Option” for details Copyright © 2010 Internetwork Expert. Inc www.INE.com Type 7 LSA Translation • N1/N2 routes exist only inside the NSSA • Changed on ABR to E1/E2 routes as they enter area 0 – ABR called “NSSA Translator” • If multiple ABRs. Inc www.INE.com Type 7 LSA In Detail • Type 7 – NSSA External LSA • Generated by ASBR inside NSSA – Flooded only within NSSA – Changed into Type 5 LSA as it leaves the area • Describes routes ASBR is redistributing – Metric – Metric Type • Type 1 = N1 • Type 2 = N2 (default) – Forward Address • Who should I route towards to reach the link? • Usually the ASBR itself.

0/24 is directly connected.0/24 VLAN 6 Lo0 10. 00:01:38.0/24 is directly connected. L2 . N2 . P .1.connected.1.1.1.4.50.com Copyright © 2010 Internetwork Expert .0/24 [110/2] via 10.6.105. IA . FastEthernet0/0 10. FastEthernet0/0 10.1. Loopback104 10.107. L1 .1. B .1. 00:01:38. Loopback0 10.6/32 [110/2] via 10.1. FastEthernet0/0 10.3/24 Lo0 10.0/24 [110/66] via 10.245.BGP D .1. FastEthernet0/0 10.6.1.1.1.4.1/24 Fa0/0 10. EX .107.1.110.1.2/24 Area 0 R3 Fa0/0 10.0/24 [110/65] via 10.1.1. Loopback111 10.www. FastEthernet0/0 10.111.0/8 is variably subnetted.1.per-user static route o . 3 masks 10.2/32 [110/66] via 10.0/24 Fa0/0 40 5 5 20 504 502 S0/0/0 R5 Lo0 10.OSPF NSSA external type 2 E1 .1.1.INE.1.1.146. Loopback107 10.0/22 [110/67] via 10.4. E2 . O . FastEthernet0/0 10.1.INE.109. Loopback109 10.0. Loopback106 10.OSPF external type 2 i .109.1. Loopback110 10.ODR.6.0/24 is directly connected.1. S .1.1.EIGRP external.4/32 [110/2] via 10.OSPF external type 1.4.146.1/24 R4 S0/0/0 10.111. Loopback108 10.0/24 is directly connected.1.1. R .32.146.mobile.146.245. 00:01:37. FastEthernet0/0 10.146. FastEthernet0/0 C O O O O O O O O C C C C C C C C C O IA IA IA IA IA IA Copyright © 2010 Internetwork Expert. 00:01:37.static.105. U .0/24 is directly connected.4/24 Lo0 10.1.0/24 VLAN 5 10.1.1/24 Lo106 10.0/24 is directly connected.4. 00:01:37.1/24 Lo109 10.3/32 [110/67] via 10.IS-IS level-1.1.146.106. FastEthernet0/0 10.1.1.1.0/24 VLAN 146 R1 Lo104 10.1.0/24 is directly connected.104.4. Inc www.1.1.0/24 VLAN 23 Area 1 R2 Fa0/0 S0/0 Copyright © 2010 Internetwork Expert.108.1.60.0/24 is directly connected.23. 00:01:37.5.5/24 Lo0 10.146. 00:01:38.106.146.146.EIGRP. 00:01:38.4.104. su .IS-IS inter area.1.0/24 is directly connected. Inc www.0/24 is directly connected.1.23.146.1.candidate default.1.1.3.IS-IS summary.RIP.6.110.3.6/24 Not So Stubby Area Fa0/1 R6 Fa0/0 Area 2 Fa0/0 Lo0 10.1/24 Lo108 10.OSPF.1. 00:01:37. 19 subnets.IS-IS.0.108.1/24 Lo110 10. Loopback105 10.4.INE.5/32 [110/66] via 10. * .com OSPF NSSA Config & Verification R1# router ospf 1 area 2 nssa redistribute connected subnets R4# router ospf 1 area 2 nssa R6# router ospf 1 area 2 nssa R1#show ip route Codes: C .1.1.2.com OSPF NSSA Example 10.2.1/24 Lo105 10.periodic downloaded static route Gateway of last resort is not set 10.5.1.146.4.OSPF NSSA external type 1.1.1/24 Lo111 10. M .IS-IS level-2 ia .1/24 Lo107 10.1.60.OSPF inter area N1 . FastEthernet0/0 10.

108.1. 00:01:00.1.1.0/24 [110/65] via 10.109.1.1.146. FastEthernet0/0 O E2 10. 00:00:34.5/32 [110/66] via 10.4.1.32. Serial0/0 O E2 10. 00:00:40.1.146. FastEthernet0/0 R6#show ip route ospf 10.32.107.104.6/32 [110/66] via 10.146.146.5.146. 00:00:50.6.6.106.1.4.1.1.4. FastEthernet0/0 O N2 10. 00:00:34.245.4.1.1. FastEthernet0/0 O N2 10.1.1.245.1.1.1.1. Serial0/0 O E2 10.0/8 is variably subnetted. 00:00:34.0.1.245. 00:01:00.146.1.2/32 [110/65] via 10.0/22 [110/66] via 10. 00:00:50.1.0/24 [110/20] via 10. 00:00:34.245.4. Serial0/0 O IA 10.245.1.245.1.245. 00:00:35. FastEthernet0/0 O N2 10. FastEthernet0/0 O IA 10.146.1.0/24 [110/20] via 10.146. 00:00:34.0/24 [110/66] via 10.1.0/24 [110/20] via 10.) R5#show ip route ospf 10.4.1.146. 00:00:59. Serial0/0 O E2 10.245.108.1.0/24 [110/20] via 10. 3 masks O IA 10.146.111.1. 00:00:50. FastEthernet0/0 O IA 10.1. 00:01:01.3.5.INE.0/8 is variably subnetted. 20 subnets.1.111. 00:00:40.146.1.245.146.4.2/32 [110/66] via 10. Inc www. FastEthernet0/0 O N2 10.245.105.50.4.1. FastEthernet0/0 O N2 10.1.4. 00:00:40.1. 00:00:50.0/24 [110/20] via 10.0/24 [110/20] via 10. Serial0/0 O IA 10.2.0/24 [110/20] via 10.3/32 [110/66] via 10.4.1.1.0/24 [110/20] via 10.com OSPF NSSA Verification (cont. Serial0/0 O IA 10.146.245.3/32 [110/66] via 10.0/24 [110/20] via 10.4. Serial0/0 O E2 10.245.1. Serial0/0 O E2 10.1.0/24 [110/20] via 10. FastEthernet0/0 O N2 10.1.2.4.1.245.1.com Copyright © 2010 Internetwork Expert .1. FastEthernet0/0 O N2 10.0.1.0/24 [110/20] via 10. FastEthernet0/0 O N2 10. FastEthernet0/0 O N2 10.1. 00:01:00.2. FastEthernet0/0 O 10.3.4.1.1.2/32 [110/65] via 10.1.1.0/24 [110/20] via 10.146.146.1.1. 00:00:34.0/24 [110/20] via 10.1.1.0/22 [110/67] via 10. 00:00:34.1. Serial0/0 O IA 10.1.146.2.5.INE.146. 00:01:00.4.0/24 [110/20] via 10.1.1.1.4.107. 00:00:50.1. 00:00:51.1. 00:00:50.146.1.1/32 [110/2] via 10. Serial0/0 O IA 10.0.2. Serial0/0 O 10.146.146.6/32 [110/2] via 10. 00:00:34.245.1.1.com OSPF NSSA Verification (cont.1.109. 00:00:34. Serial0/0 O E2 10.5/32 [110/65] via 10. 3 masks O 10.0/22 [110/66] via 10.1.1. 00:00:50.60. Inc www.3/32 [110/67] via 10.1.110.4/32 [110/65] via 10.0/24 [110/66] via 10.146.1. Serial0/0 O N2 10. Serial0/0 O IA 10.4. FastEthernet0/0 O IA 10.4/32 [110/2] via 10. 00:00:50.1.245. 00:00:50.1.2.1. Serial0/0 O IA 10. FastEthernet0/0 O N2 10. FastEthernet0/0 O 10.108. Serial0/0 Copyright © 2010 Internetwork Expert.23.1.) R4#show ip route ospf 10. FastEthernet0/0 O IA 10.1.146.4. Serial0/0 O 10. FastEthernet0/0 O N2 10. FastEthernet0/0 O IA 10.32.1.1.109. 00:00:50.1.0/24 [110/20] via 10.5.0/24 [110/20] via 10.1.0/24 [110/65] via 10.245.107.1/32 [110/2] via 10. 00:00:40.4.1.1. 00:00:50. Serial0/0 O E2 10.0/24 [110/20] via 10.1. Serial0/0 O IA 10.0.1.1.1.1.2.1.0. 00:00:46.1. 00:00:41.6.4.1.1.146.245.www.110. 00:00:40.1. 00:00:51.245. Serial0/0 O IA 10. 00:00:50.245.110.1/32 [110/66] via 10.0/24 [110/65] via 10.104. FastEthernet0/0 O IA 10.0/24 [110/20] via 10. FastEthernet0/0 O N2 10.245.245.245. FastEthernet0/0 O N2 10. FastEthernet0/0 O 10. 00:00:50.105.1.2.1. FastEthernet0/0 O N2 10.1.1.1.1.2. 00:00:35. 00:00:34.1.1. FastEthernet0/0 Copyright © 2010 Internetwork Expert.1.146.INE.1.1.1.0/24 [110/20] via 10.0/8 is variably subnetted. Serial0/0 O IA 10.146. 20 subnets.6. 00:00:50.1.1. Serial0/0 O E2 10.4.1.1. 00:00:34.4. 00:00:34. 19 subnets.0/24 [110/20] via 10.245.106.0/24 [110/65] via 10. FastEthernet0/0 O N2 10.1.1. 3 masks O IA 10.1.146.1.0/24 [110/20] via 10. 00:00:40.106.105.0/24 [110/20] via 10.2.1.245.111.0/24 [110/20] via 10.1. 00:00:41.23.23.104. 00:01:00.0.1.1.2.0/24 [110/2] via 10.1. 00:00:51.0/24 [110/20] via 10. 00:00:50.3.60.1.1.1.4.1. 00:00:34. Serial0/0 O IA 10.1.1.1.1. 00:00:35.146.146.0/24 [110/20] via 10.

1.4.4.1.1.4.1 10.1.3 10.4 10.5.109.4 10.1 10.1.1.1.146.1 10.0 ADV Router 10.6.1.0 10.2.1.3 10.4 10.6 ADV Router 10.1.0 10.1 10. Inc www.1.6 ADV Router 10.1.23.6) (Process ID 1) Router Link States (Area 2) Link ID 10.1.4 10.1.1.32.1.1.0 10.com Copyright © 2010 Internetwork Expert .5.1.1.5 10.106.1.1.105.1.4.6.1.1.0 ADV Router 10.0 10.1.1.1.1.1.0 10.1.1.104.6.4.4 10.1.111.4 10.1.2 10.1.111.1.1.1.1 10.1.1.com OSPF NSSA Verification (cont.) R6#show ip ospf database OSPF Router with ID (10.com OSPF NSSA Verification (cont.1.INE.4.4.1.108.1.110.INE.1.1.1.1.3.1 10.1. Inc www.1.6 ADV Router 10.6 Age 335 Seq# Checksum 0x80000005 0x000733 Summary Net Link States (Area 2) Link ID 10.6.4.6 Age 358 Seq# Checksum 0x80000005 0x000733 Summary Net Link States (Area 2) Link ID 10.1 10.1.1.1.1.4.0 10.6 ADV Router 10.107.4.0 10.1.www.1 10.1.0 ADV Router 10.1.1.1.1 10.146.1.1.245.4 10.4 10.32.1.4 10.1.0 10.INE.106.2 10.1.1.1 10.1.1 10.4 10.0 10.1.4.0 10.6.0 10.1.1.1.1.1.245.4.1.2.1.) R1#show ip ospf database OSPF Router with ID (10.1 10.1.1 10.1.6.1.3.1.1.1.6 Age 4 158 340 Seq# 0x80000001 0x80000007 0x80000005 Checksum 0x00BBF4 0x00F79C 0x00B77B Link count 2 2 3 Net Link States (Area 2) Link ID 10.4 Age 355 355 355 355 355 355 Seq# 0x80000003 0x80000002 0x80000003 0x80000002 0x80000002 0x80000003 Checksum 0x006869 0x005F70 0x0029A2 0x009629 0x002E8A 0x00F6E9 Type-7 AS External Link States (Area 2) Link ID 10.0 10.1 10.1.1.1.1.4.0 10.110.1.4.1 10.4 10.6 Age 20 181 363 Seq# 0x8000000B 0x80000007 0x80000005 Checksum 0x00A7FE 0x00F79C 0x00B77B Link count 2 2 3 Net Link States (Area 2) Link ID 10.6.4 10.4 Age 378 378 378 378 378 378 Seq# 0x80000003 0x80000002 0x80000003 0x80000002 0x80000002 0x80000003 Checksum 0x006869 0x005F70 0x0029A2 0x009629 0x002E8A 0x00F6E9 Type-7 AS External Link States (Area 2) Link ID 10.1) (Process ID 1) Router Link States (Area 2) Link ID 10.1.0 ADV Router 10.4 10.1.1.1.109.1.1.1.1.4 10.1 10.0 10.1.1 10.104.23.108.107.1.4.0 10.0 10.1 Age 25 25 25 25 25 25 25 25 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.1.105.1.0 10.4.5 10.1 Age 0 0 0 0 0 0 0 0 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.0 10.1 10.

0 10.5.2 10.1.1.1.245.1.4 10.5 ADV Router 10.1.1.www.1.0 10.0 10.1.1.32.32.0 ADV Router 10.1.1.1.INE.1.1.1.1.1.1.0 10.4 Age 1529 39 39 39 39 39 39 39 39 Seq# 0x80000002 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 Checksum 0x008BC1 0x00DB31 0x00D03B 0x00C545 0x00BA4F 0x00AF59 0x00A463 0x00996D 0x008E77 Tag 0 0 0 0 0 0 0 0 0 Router Link States (Area 2) Link ID count 10.4.1.5.111.0 10.5.1.2 10.6 Age 44 204 389 Seq# Checksum Link 0x8000000B 0x00A7FE 2 0x80000007 0x00F79C 2 0x80000005 0x00B77B 3 Net Link States (Area 2) Link ID 10.3.3.1.4 10.146.2 10.0 10.0 10.4.2 10.6.1.5 Age 1550 438 1563 Seq# 0x80000003 0x80000004 0x80000003 Checksum 0x006267 0x003E7E 0x006132 Link count 1 1 2 Net Link States (Area 0) Link ID 10.0 10.1.106.1 10.1.4 10.0 10.104.146.0 10.104.1.1.5 10.2.1.109.23.1.108.4.1. Inc www.110.1.1.5 ADV Router 10.1.109.1.1.1.4.6 10.4 10.4 Age 402 402 402 402 403 403 Seq# 0x80000003 0x80000002 0x80000003 0x80000002 0x80000002 0x80000003 Checksum 0x006869 0x005F70 0x0029A2 0x009629 0x002E8A 0x00F6E9 0x80000003 0x006267 1 0x80000004 0x003E7E 1 0x80000003 0x006132 2 Type-7 AS External Link States (Area 2) Link ID 10.1 10.4.5 10.1.4.106.0 10.5 Age 1527 Seq# Checksum 0x80000002 0x0041A1 Summary Net Link States (Area 0) Link ID 10.5.0 10.1.1.1.2.4 10.com OSPF NSSA Verification (cont.4 10.1.2 10.6 ADV Router 10.4 10.109.4.1.1 10.1.5.1.1.4.4 10.6 Age 384 Seq# Checksum 0x80000005 0x000733 Copyright © 2010 Internetwork Expert.2.1.1.1.1 10.4.4.0 10.4.1.2 10.4 10.1 10.1.4 10.2 10.1 10.1.1.4 10.110.com OSPF NSSA Verification (cont.1 10.1.1.2 10.4 10.1.4 10.1.1.1.4 10.1.1.4.1.1.5.146.5 Age 1563 Seq# Checksum 0x80000002 0x0041A1 Summary Net Link States (Area 0) Link ID 10.2.1.2 10.0 ADV Router 10.4 10.1.1.0 10.4.4.0 10.4 10. Inc www.0 10.5 10.60.) R4#show ip ospf database OSPF Router with ID (10.1.105.110.2 10.0 10.1.1.4.1.1.1.5.6.4.5 ADV Router 10.6.4 10.3.1.2 10.1.4 10.INE.6 ADV Router 10.1.0 10.1.1.104.2.1.0 ADV Router 10.4 10.1.1.60.1.1.1.1.6.1.4.0 10.111.3 10.1.1.0 10.1.4 10.1.4 Age 27 1514 1293 1515 385 1298 1294 387 1517 Seq# 0x80000008 0x80000002 0x80000001 0x80000002 0x80000001 0x80000004 0x80000001 0x80000001 0x80000002 Checksum 0x0055BE 0x005CC0 0x0053C7 0x0018FC 0x00F917 0x008483 0x0022E1 0x00E1FE 0x00206A Type-5 AS External Link States Link ID 10.2 10.1.1.0 10.0 10.1.5.4.2 10.1.0 10.4.1.4.4.4 10.1.5) (Process ID 1) Router Link States (Area 0) Link ID 10.1 10.4.1.1.1 10.1.0 ADV Router 10.3 10.4.1.2.4 Age 1564 75 75 75 75 75 75 75 75 Seq# 0x80000002 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 Checksum 0x008BC1 0x00DB31 0x00D03B 0x00C545 0x00BA4F 0x00AF59 0x00A463 0x00996D 0x008E77 Tag 0 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.5 ADV Router 10.1.1.0 10.1.5.4.4.105.4.0 10.1.1.1.4 10.4 10.4.1.1.4.4.105.50.107.2.4 10.4.4.245.2.1.4 10.2.2.INE.1.4.23.1.50.1.1.4 10.1.4 10.4 10.1.0 10.1.1.5.1.4 10.1.107.1.108.0 10.0 10.5 Age 1514 401 1527 Seq# Checksum Link Summary Net Link States (Area 2) Link ID 10.4) (Process ID 1) Router Link States (Area 0) Link ID count 10.1.1.245.com Copyright © 2010 Internetwork Expert .1.4.1.1.4.2.6 10.2.4.23.1.1.1 Age 49 49 49 49 49 49 49 49 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Net Link States (Area 0) Link ID 10.4 10.1 10.4 Age 65 1550 1328 1553 423 1333 1329 424 1554 Seq# 0x80000008 0x80000002 0x80000001 0x80000002 0x80000001 0x80000004 0x80000001 0x80000001 0x80000002 Checksum 0x0055BE 0x005CC0 0x0053C7 0x0018FC 0x00F917 0x008483 0x0022E1 0x00E1FE 0x00206A Type-5 AS External Link States Link ID 10.2.0 10.1.4 10.0 ADV Router 10.32.4 10.6.4.0 10.1.107.1.108.1.4 10.4 10.1.1.4.4.0 ADV Router 10.1.) R5#show ip ospf database OSPF Router with ID (10.1.1 10.4.4 10.1.1.2 10.3 10.111.0 10.1.4.4.2.1.1.1.106.2 10.2.

1 External Route Tag: 0 Copyright © 2010 Internetwork Expert. Type 7/5 translation.com Copyright © 2010 Internetwork Expert . Inc www.0 (External Network Number ) Advertising Router: 10.1.1.4) (Process ID 1) Type-7 AS External Link States (Area 2) Routing Bit Set on this LSA LS age: 118 Options: (No TOS-capability.0 OSPF Router with ID (10.0 (External Network Number ) Advertising Router: 10.1 LS Seq Number: 80000005 Checksum: 0x669E Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 10.INE. & 5 (External) from coming into the area – ABR originates default route Copyright © 2010 Internetwork Expert. DC) LS Type: AS External Link Link State ID: 10.4 LS Seq Number: 80000001 Checksum: 0xDB31 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 10.1.) R4#show ip ospf database nssa-external 10.INE.1.4.4.www.1.1.104.INE.0 OSPF Router with ID (10.1 External Route Tag: 0 R4#show ip ospf database external 10.4) (Process ID 1) Type-5 AS External Link States LS age: 116 Options: (No TOS-capability.1.104.104.1.1. Inc www.4.104.com OSPF NSSA Verification (cont.1.com OSPF Not-So-Totally Stubby Areas • Not-So-Totally Stubby Area logic – Totally Stubby areas block inter-area and external routes from coming from other areas – What if I want to redistribute directly into the totally stubby area itself? – Combine totally stubby and NSSA behaviors • area [area-id] nssa on all routers in the area • area [area-id] nssa no-summary on ABR(s) in the area • Result – Redistributing router in NSSA generates Type 7 external instead of Type 5 – ABR changes Type 7 into Type 5 as it is sent into area 0 – ABR removes LSAs 3 (Inter-Area). 4 (ASBR). DC) LS Type: AS External Link Link State ID: 10.1.1.1.

1.1.0/24 Fa0/0 40 5 5 504 502 S0/0/0 20 Lo0 10.146. Loopback105 C 10.OSPF inter area N1 .4.5/24 Area 0 R3 Fa0/0 10.connected.60.1/24 Lo111 10.146.0/24 VLAN 146 R1 Lo104 10.0/24 is directly connected.1. 00:00:10.com Not-So-Totally Stubby Config & Verification R1# router ospf 1 area 2 nssa redistribute connected subnets R4# router ospf 1 area 2 nssa no-summary R6# router ospf 1 area 2 nssa R1#show ip route Codes: C . Loopback110 C 10.1.5.1. FastEthernet0/0 O*IA 0. FastEthernet0/0 O 10.108.RIP.1.com Copyright © 2010 Internetwork Expert .0.4.106.109.1/24 Lo110 10. O .1.110.1.6. N2 .BGP D . B .6. FastEthernet0/0 C 10. P .1/24 Fa0/0 10.0/24 is directly connected.146.0/24 is directly connected. Loopback108 C 10. Inc www.3/24 Lo0 10.4/32 [110/2] via 10. Loopback106 C 10.0/24 is directly connected.ODR.1. U .0/8 is variably subnetted.105.0.OSPF external type 2 i .111.109.0/24 is directly connected.static.IS-IS.EIGRP external.1.1.1. 13 subnets.1.IS-IS inter area. L2 .106.6/32 [110/2] via 10.0.0/24 VLAN 6 Lo0 10.0/24 VLAN 5 10.1.0/0 [110/2] via 10. 00:04:43.0/24 is directly connected.104. Loopback111 C 10.105.2/24 R5 Lo0 10.1. Loopback109 C 10.1.periodic downloaded static route Gateway of last resort is 10.candidate default.50.1.mobile.per-user static route o . 2 masks C 10.1/24 Lo107 10.1.INE. E2 .1.OSPF external type 1.IS-IS summary.146.1/24 R4 S0/0/0 10.0/24 is directly connected. L1 . Loopback0 O 10.108.1.1/24 Lo105 10.0/24 VLAN 23 Area 1 R2 Fa0/0 S0/0 Copyright © 2010 Internetwork Expert.0.1/24 Lo108 10. M . Loopback107 C 10.1.110.6.OSPF NSSA external type 2 E1 . FastEthernet0/0 Copyright © 2010 Internetwork Expert.1/24 Lo109 10. 00:04:43.www.com OSPF Not-So-Totally Stubby Example 10. EX . * .OSPF.1.0/24 is directly connected.146.23. su . Loopback104 C 10.111. R .IS-IS level-2 ia .107.6/24 Fa0/1 R6 Fa0/0 Not-So-Totally Stubby Area Area 2 Fa0/0 Lo0 10.6.146.245.1.0.1.0/24 is directly connected.1. Inc www.IS-IS level-1.60.1.0/24 [110/2] via 10.EIGRP.1.1/24 Lo106 10.1.146.OSPF NSSA external type 1.1.4/24 Lo0 10. S .3.4 to network 0.1.1.104.INE.0/24 is directly connected.1.1.2.1.1. 00:04:43.INE.1.107.4.0.1.1.0 10.4. IA .1. FastEthernet0/0 O 10.

1.111. Serial0/0 O E2 10.1. Serial0/0 O IA 10.4.0/24 [110/20] via 10.1. 00:00:20. 00:00:20.0/24 [110/20] via 10.6.245.245.2.1/32 [110/66] via 10.32. 00:00:20.0/24 [110/20] via 10.com Not-So-Totally Stubby Verification (cont.245.0/24 [110/20] via 10.5.245.1.1.1.1.1.1.146. FastEthernet0/0 R4#show ip route ospf 10. 00:06:32.0/24 [110/66] via 10.110.6. Serial0/0 O IA 10.1. 00:12:35.104.146.4.1. 00:04:41.4.0/8 is variably subnetted.0/24 [110/20] via 10.0.0/24 [110/20] via 10.60.1. FastEthernet0/0 O N2 10.3/32 [110/66] via 10.1.3/32 [110/66] via 10.23.111.1. Serial0/0 O E2 10. Serial0/0 O E2 10.1. FastEthernet0/0 O N2 10.146.1.1.1.1. 20 subnets.0/24 [110/20] via 10.5.1.1. 00:00:11.146.1.2.1.146.1. Serial0/0 O E2 10. 00:06:32.0/24 [110/20] via 10.6.4/32 [110/2] via 10.4. 00:12:35.0/24 [110/20] via 10.1. 20 subnets. 00:06:32.107.1. 00:00:11.2. 00:00:11. Serial0/0 O IA 10.1. FastEthernet0/0 O N2 10. Serial0/0 O 10.1.1.0/24 [110/20] via 10.109.1.245.1.2/32 [110/65] via 10. 00:06:32. 00:00:20. Serial0/0 O IA 10. Serial0/0 O E2 10. Serial0/0 O IA 10.4.245.0/24 [110/20] via 10.1.1.1.1. 00:00:20.1.108.1.146. Serial0/0 O IA 10.146.1.0.1. 3 masks O 10.1. 00:00:11.109.245.4.146.1.245.1.1.4/32 [110/65] via 10. Serial0/0 O N2 10.1.1.0/24 [110/20] via 10.108.0/24 [110/65] via 10.245.5. Inc www.0.2.245.) R5#show ip route ospf 10.3.1.1.4. 00:00:20.4.com Not-So-Totally Stubby Verification (cont.106.1. FastEthernet0/0 O N2 10.1. Serial0/0 O IA 10.0/24 [110/20] via 10.1.6/32 [110/2] via 10.2.4. 00:04:41.245.1.1. Serial0/0 O IA 10. FastEthernet0/0 O E2 10.4.1.0/0 [110/2] via 10. FastEthernet0/0 O N2 10.1.4.1.1.1.4. 00:12:45. 00:00:11.1.1.245.146.com Copyright © 2010 Internetwork Expert .0/24 [110/20] via 10.1. 00:00:20. 13 subnets.1. Serial0/0 Copyright © 2010 Internetwork Expert. FastEthernet0/0 Copyright © 2010 Internetwork Expert. Serial0/0 O IA 10.2/32 [110/65] via 10.106. 00:12:45.1. 00:12:46.107. 00:00:20.0.1.1.1.1.4. 00:00:20. Serial0/0 O E2 10.0/24 [110/20] via 10.0/22 [110/66] via 10.0/24 [110/20] via 10. 00:06:32.1.146. 00:06:32.1.2. Inc www.245.INE.1.1.6. 00:00:11.INE. Serial0/0 O E2 10.146.104.1.105.110.0.146. FastEthernet0/0 O N2 10. 00:12:45.1. 00:06:33. 00:00:11. 3 masks O IA 10.1.0/8 is variably subnetted.1.245. FastEthernet0/0 O N2 10.1. FastEthernet0/0 O N2 10.0/24 [110/20] via 10.1.0/24 [110/2] via 10.1.1.146.1. 00:00:22. 00:12:45.1/32 [110/2] via 10.1.111.0/24 [110/20] via 10. 00:00:22.4.146.0/24 [110/20] via 10.110.146.108.www.104.105.146.1.2. 00:00:16.0.1. FastEthernet0/0 O N2 10. FastEthernet0/0 O N2 10.245.0/24 [110/20] via 10. Serial0/0 O IA 10.1.0/24 [110/20] via 10. 00:00:22.1.0/24 [110/20] via 10.245.1. FastEthernet0/0 O 10. 00:00:20.1.146.0/8 is variably subnetted. 00:00:20.1/32 [110/2] via 10.1.105.146.245. Serial0/0 O IA 10. FastEthernet0/0 O N2 10.0/24 [110/20] via 10.1.0/24 [110/20] via 10.0. Serial0/0 O 10. FastEthernet0/0 O N2 10.146.4.1.1.1.3.245.60.23.245.0/24 [110/20] via 10.50. 00:00:11.1.245.146. FastEthernet0/0 O*IA 0. 00:00:20.1. FastEthernet0/0 O N2 10.106.1.1. 2 masks O 10.109.1.1. FastEthernet0/0 O IA 10.4. FastEthernet0/0 O 10.5/32 [110/65] via 10. 00:06:33.0/24 [110/65] via 10.32. 00:06:37.1.0/22 [110/66] via 10. Serial0/0 O E2 10.107.1.1.245.1.1.1.1.) R6#show ip route ospf 10. FastEthernet0/0 O N2 10.1.1.0/24 [110/65] via 10. 00:00:20. FastEthernet0/0 O N2 10.1.2. 00:12:45.245.146.6/32 [110/66] via 10.0.INE.146.146.1. 00:00:20.245.2.1.1.4.2.

1.106.1.6 Age 436 597 779 Seq# 0x8000000B 0x80000007 0x80000005 Checksum 0x00A7FE 0x00F79C 0x00B77B Link count 2 2 3 Net Link States (Area 2) Link ID 10.109.6.1.0 10.0 ADV Router 10.1.1.1.1 10.6 Age 428 591 773 Seq# 0x8000000B 0x80000007 0x80000005 Checksum 0x00A7FE 0x00F79C 0x00B77B Link count 2 2 3 Net Link States (Area 2) Link ID 10.1.1.0 10.1.com Copyright © 2010 Internetwork Expert .6.1.4.4 Age 160 Seq# Checksum 0x80000001 0x00A280 Type-7 AS External Link States (Area 2) Link ID 10.1.1.1.1.1.1.1.1.1.0.1.1 10.1.1 10.1 10.1.1.1.0 10.107.1 10.1.1.1 10.1.6.1.6.1.1.1.110.1.INE.1.0 10.1.6.4 10.6) (Process ID 1) Router Link States (Area 2) Link ID 10.0 10.6.1.1 10.1.1.0 10.4 10.com Not-So-Totally Stubby Verification (cont.146.1.6 ADV Router 10.0.1.4.1.1.INE.1.6.1.6 ADV Router 10.1 10.105.0 10.1 10.4 10.0 ADV Router 10.1.1 10.0 10.www.1.111.146.0 10.4.104.1.1.1.0 ADV Router 10.109.6 ADV Router 10.1.1 10.1. Inc www.1.1 10.1.1 10.4.1 Age 432 432 432 433 433 433 433 433 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.1.1.1.105.6 ADV Router 10.1.1.1.4.1.0 10.110.0 10.1.1 10.1.4.1) (Process ID 1) Router Link States (Area 2) Link ID 10.1.107.1 10.0 10.0 10.111.0.) R6#show ip ospf database OSPF Router with ID (10.6 Age 768 Seq# Checksum 0x80000005 0x000733 Summary Net Link States (Area 2) Link ID 0.4 Age 167 Seq# Checksum 0x80000001 0x00A280 Type-7 AS External Link States (Area 2) Link ID 10.1.) R1#show ip ospf database OSPF Router with ID (10.1.108.4 10.1.INE.1 10.0 ADV Router 10.106.1.1.1.104.1 10.1 Age 440 440 440 441 441 441 441 441 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.6 Age 774 Seq# Checksum 0x80000005 0x000733 Summary Net Link States (Area 2) Link ID 0.108.1. Inc www.1.0 10.1 10.1.1.1.com Not-So-Totally Stubby Verification (cont.0.

com Not-So-Totally Stubby Verification (cont.4.1.3 10.1 Age 449 450 450 450 450 450 450 450 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Summary Net Link States (Area 0) Link ID 10.0 10.1.4 10.2.1.4.106.3.1.4 10.1.2 10.4 10.1 10.1.4.107.1.2.4.146.1.110.1.4 10.4 10.1.1.1.5 ADV Router 10.4 10.2 10.4 10.6 Age 784 Seq# Checksum 0x80000005 0x000733 Summary Net Link States (Area 2) ADV Router 10.32.4 10.1.1.1.5.0 10.4.4.1.1.0 10.1.1.1.1.4.1.1.0 10.4.0 Link ID 10.2.1.0 10.0 10.4 10.1.1.1.4 10.111.4.4 10.1.2.1.107.104.6 10.1.1.1.1.1.1 10.1.4 10.1.106.4.105.109.0 10.4.4.1.4 Age 175 Seq# Checksum 0x80000001 0x00A280 0x80000003 0x006267 1 0x80000004 0x003E7E 1 0x80000003 0x006132 2 Type-7 AS External Link States (Area 2) Net Link States (Area 0) Link ID 10.1 10.4 10.0 10.1.1.2 10.4 Age 428 1915 1693 1916 786 1698 1695 788 1918 Seq# 0x80000008 0x80000002 0x80000001 0x80000002 0x80000001 0x80000004 0x80000001 0x80000001 0x80000002 Checksum 0x0055BE 0x005CC0 0x0053C7 0x0018FC 0x00F917 0x008483 0x0022E1 0x00E1FE 0x00206A Type-5 AS External Link States Link ID 10.0 10.4.5.1.5 Age 1949 837 1962 Seq# 0x80000003 0x80000004 0x80000003 Checksum 0x006267 0x003E7E 0x006132 Link count 1 1 2 Net Link States (Area 0) Link ID 10.1 10.4 10.2 10.4 10.) R5#show ip ospf database OSPF Router with ID (10.2.4 10.1.1.2 10.5 Age 1962 Seq# Checksum 0x80000002 0x0041A1 Summary Net Link States (Area 0) Link ID 10.2.1.1 10.4 10.0 ADV Router 10.0 10.1.0 10.4 10.108.50.1.5 ADV Router 10.2.2.1.5.1.4.4 10.1.1.2.1.1.0 10.1.1.1.2.1.4.1.4 10.1.1 10.1.1.1.0 10.4.1.4.245.1.0 10.5 ADV Router 10.23.1.3.4.1.4.4 Age 1930 439 439 439 439 439 439 440 440 Seq# 0x80000002 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 Checksum 0x008BC1 0x00DB31 0x00D03B 0x00C545 0x00BA4F 0x00AF59 0x00A463 0x00996D 0x008E77 Tag 0 0 0 0 0 0 0 0 0 Router Link States (Area 2) Link ID count 10.1.4 10.1.6 ADV Router 10.6 ADV Router 10.com Not-So-Totally Stubby Verification (cont.6 10.1.4 10.1.109.0 ADV Router 10.0 10.245.146.1.5.104.4.1.4.0 10.0 10.4. Inc www.1.4.6.0 10.1.0 10.107.1.0 ADV Router 10.105.0 10.1.0.1.1.4.0 ADV Router 10.108.1 10.4.5.0 10.2.1.1.5.) R4#show ip ospf database Net Link States (Area 2) OSPF Router with ID (10.1 10.4 10.0 10.1.1.1.4.4.1.1.0 10.4.0 10.2 10.0 10.INE.4.1.4.1.1.1.1.110.5 10.5 10.5 ADV Router 10.4) (Process ID 1) Router Link States (Area 0) Link ID count 10.60.2 10.1.com Copyright © 2010 Internetwork Expert .0 10. Inc www.2 10.4 10.1.1.2 10.6.6.1.1.1.4.www.6 Age 445 605 789 Seq# Checksum Link 0x8000000B 0x00A7FE 2 0x80000007 0x00F79C 2 0x80000005 0x00B77B 3 Copyright © 2010 Internetwork Expert.3 10.1.1.INE.1.50.4.1.0 10.1.5) (Process ID 1) Router Link States (Area 0) Link ID 10.146.1.4 10.1 10.2.1.1.60.1.1.6.2 10.0 10.1 10.1.1.4 10.109.1.0 10.32.1.1.1.1.4 Age 1963 474 474 474 474 474 474 474 474 Seq# 0x80000002 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 Checksum 0x008BC1 0x00DB31 0x00D03B 0x00C545 0x00BA4F 0x00AF59 0x00A463 0x00996D 0x008E77 Tag 0 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.5.110.108.1.2 10.4 10.1.5.1.1.1.2.0 ADV Router 10.2.5 Age 1928 Seq# Checksum 0x80000002 0x0041A1 Link ID 10.1.23.4.6.1.5.4 10.4.111.111.1.4 Age 464 1949 1727 1952 822 1732 1728 823 1953 Seq# 0x80000008 0x80000002 0x80000001 0x80000002 0x80000001 0x80000004 0x80000001 0x80000001 0x80000002 Checksum 0x0055BE 0x005CC0 0x0053C7 0x0018FC 0x00F917 0x008483 0x0022E1 0x00E1FE 0x00206A Type-5 AS External Link States Link ID 10.1.4 10.1 10.105.4.1.104.2 10.1.4.0.2 10.1.1.2 10.106.5 Age 1915 801 1928 Seq# Checksum Link Link ID 0.4 10.INE.1.1.1.

if link to ISP is down.com Copyright © 2010 Internetwork Expert .INE. Inc www.g.com Controlling NSSA Redistribution • What if I redistribute on the ABR of the NSSA itself? – ABR is now also and ASBR • Type 5 sent into area 0 • Type 7 sent into NSSA • Type 7 generation can be suppressed with area [area-id] nssa noredistribution [no-summary] on ABR/ASBR Copyright © 2010 Internetwork Expert.com OSPF Default Routing • OSPF stub areas’ ABR(s) automatically generate a default route into the stub area – NSSA exception • Normal routers can generate a default route with… – Redistribution – default-information originate [always] [routemap name] • If always keyword is omitted.INE. Inc www.www.INE. default must exist in local routing table before being generated – Used in designs where with multiple default exit points • Route-map used for condition checking – e. do not originate default Copyright © 2010 Internetwork Expert.

00:16:26.50.23.3.1.1.0. 00:16:37.32.35.1.1.0.1. 00:00:04.106. 00:16:26. Serial0/0 O E2 10.107.23. 00:10:27.23.4.0/24 [110/20] via 10.1.0/22 is a summary.1. 00:10:24.6.1.1. 00:10:24. Serial0/0 O E2 10. 00:16:36.g.www.245.60.5.0. Serial0/0 O IA 10.1. 00:10:24.INE.4.0/24 [110/20] via 10. Serial0/0 O E2 10. LSU. Serial0/0 O 10.3.245.1. 00:25:49.INE.245.4.0/24 [110/20] via 10.6/32 [110/66] via 10.1.1.5/32 [110/65] via 10. Serial0/0 O E2 10. FastEthernet0/0 O IA 10.1.108.0/8 is variably subnetted.1.4/32 [110/65] via 10.245.4. Serial0/0 O E2 10.0/0 [110/50] via 10. Serial0/0 O E2 10. FastEthernet0/0 O 10.1.0/24 [110/20] via 10.245. LSR • Three types of authentication – Type 0 – Null – Type 1 – Simple Password – Type 2 – Cryptographic (MD5) Copyright © 2010 Internetwork Expert. 00:10:22.245.1.245.4.3.1.3. 00:10:24.23.0/24 [110/2] via 10.1. 24 subnets.1.0/24 [110/20] via 10.4. Serial0/0 Copyright © 2010 Internetwork Expert.1. 00:10:24. OSPF supports adjacency authentication to protect control plane • Every packet header includes authentication information – e. Inc www.4.1.109. Serial0/0 O 10. 00:10:24.33.1. FastEthernet0/0 O 10.0/24 [110/2] via 10.104.245.1.245.0/24 [110/65] via 10.245.1. 00:10:22. FastEthernet0/0 O 10.32.1.1.3/32 [110/2] via 10.5.1.1.1. Inc www.1. FastEthernet0/0 O 10.1.0/24 [110/2] via 10.0. Serial0/0 O 10.1.245.1.0/24 [110/20] via 10.0/24 [110/20] via 10.1.INE.0/24 [110/2] via 10.1. Null0 O IA 10.1.111.146.0/24 [110/20] via 10.4.4. Serial0/0 O IA 10.245.3. 00:25:49. Serial0/0 O*E2 0. 00:25:49.1. 00:25:49.105.1. Serial0/0 O E2 10.23. Hello.1.0/24 [110/20] via 10.4.1.1/32 [110/66] via 10.4. Serial0/0 O E2 10.com Copyright © 2010 Internetwork Expert .245. 00:16:36.com OSPF Authentication • Like EIGRP.3.34.5.110.0/24 [110/66] via 10. Serial0/0 O E2 10. 00:10:22.4.245.4.245. 3 masks O IA 10.5.4. 00:25:49. 00:25:49.1.com OSPF Default Routing Example R5#sh run | s router ospf default-information originate always metric 50 R2#show ip route ospf 10.245.1.

Inc www.1. Interface address 10. Inc www.2. maximum is 4 msec Neighbor Count is 1.3.2 Interface FastEthernet0/0 R3#show ip ospf interface Fa0/0 FastEthernet0/0 is up. Router ID 10.com OSPF Simple Authentication Example R2# interface FastEthernet0/0 ip ospf authentication-key CISCO ! router ospf 1 area 1 authentication R3# interface FastEthernet0/0 ip ospf authentication ip ospf authentication-key CISCO R3#show ip ospf neighbor Neighbor ID 10. Interface address 10.2. State DR.1.com Implementing OSPF Authentication • OSPF authentication can be enabled on… – All local links in the area • area [area-id] authentication [messagedigest] – Per link basis • ip ospf authentication [null|message-digest] • Password always configured on the link – ip ospf authentication-key [password] – ip ospf message-digest-key [key-id] md5 [password] • Key ID’s must match for MD5 authentication Copyright © 2010 Internetwork Expert.2.1.1.23. maximum is 8 Last flood scan time is 0 msec. Network Type BROADCAST.2 Timer intervals configured.23.3.2 (Backup Designated Router) Suppress hello for 0 neighbor(s) Simple password authentication enabled Copyright © 2010 Internetwork Expert. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:07 Supports Link-local Signaling (LLS) Index 3/3.3.3. Cost: 1 Transmit Delay is 1 sec.1.1.23. Priority 1 Designated Router (ID) 10. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0. Adjacent neighbor count is 1 Adjacent with neighbor 10.2 Pri 1 State FULL/BDR Dead Time 00:00:35 Address 10. Hello 10. Dead 40.INE.com Copyright © 2010 Internetwork Expert .1.1. line protocol is up Internet Address 10.3 Backup Designated router (ID) 10. Wait 40.3/24.INE.2. Area 1 Process ID 1.23.1.www.INE.

1 Adjacent with neighbor 10.6/24. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:09 Supports Link-local Signaling (LLS) Index 3/3. Area 2 Process ID 1. Wait 40.1.6.INE. retransmits.1 10.4. run SPF.1. maximum is 14 Last flood scan time is 0 msec.1 10.1. Adjacent neighbor count is 2 Adjacent with neighbor 10.1.1. Interface address 10. Priority 1 Designated Router (ID) 10.6.1.1. faster lookups • Resource needs can be lowered through – Areas for flooding domain segmentation – Summarization – Stub areas • Further optimization through timers – Hello & dead timers • Faster neighbor down detection – Pacing timers • How long do I wait between updates.146. more memory. line protocol is up Internet Address 10.1.1.1. etc. maximum is 4 msec Neighbor Count is 2.com Copyright © 2010 Internetwork Expert .1. etc.4 Interface FastEthernet0/0 FastEthernet0/0 R6#show ip ospf interface Fa0/0 FastEthernet0/0 is up.6 Backup Designated router (ID) 10.4.com OSPF MD5 Authentication Example R1# interface FastEthernet0/0 ip ospf message-digest-key 1 md5 CISCO ! router ospf 1 area 1 authentication message-digest R4# interface FastEthernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 CISCO R6# interface FastEthernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 CISCO R6#show ip ospf neighbor Neighbor ID 10.INE.4 Pri 1 1 State FULL/DROTHER FULL/BDR Dead Time 00:00:17 00:00:39 Address 10.146.6.1. Network Type BROADCAST.146. Router ID 10. Inc www.g.4.4 Timer intervals configured. – Throttling timers • How often do I generate LSAs. Cost: 1 Transmit Delay is 1 sec.1.6.com OSPF Tuning • OSPF database calculation & lookup times a function of hardware – e. Interface address 10.4.INE.4 (Backup Designated Router) Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1 Copyright © 2010 Internetwork Expert.146. Copyright © 2010 Internetwork Expert. Hello 10. State DR.1. Dead 40.146. faster CPU. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0. Inc www.www.

INE.INE. Inc www.com Copyright © 2010 Internetwork Expert .com OSPF Q&A Copyright © 2010 Internetwork Expert.www.

INE.com Copyright © 2010 Internetwork Expert .INE.com Internetwork Expert’s CCNP Bootcamp Border Gateway Protocol (BGP) http://www.INE. Inc www.com What Is BGP? • Border Gateway Protocol Version 4 • Standards based – RFC 4271 “A Border Gateway Protocol 4 (BGP-4)” • Exterior Gateway Protocol (EGP) – Used for inter-domain routing between Autonomous Systems • Path vector routing – Uses multiple “attributes” for routing decision • Classless – Supports VLSM and summarization Copyright © 2010 Internetwork Expert.www.

com Why Use BGP? • Scalability – IGPs can scale to thousands of routes – BGP can scale to hundreds of thousands of routes – Current Global (Internet) BGP table ~ 300.” (RFC 4271) • Like IP address space.0 – 65535. Autonomous System Numbers (ASNs) allocated by Internet Assigned Numbers Authority (IANA) – http://www.INE.000 routes • Stability – Internet routing table never converges – BGP stable enough to handle routing and decision making at the same time • Enforce routing policy – IGP uses link cost for routing decision • Effective traffic engineering nearly impossible with IGP – BGP uses attributes of the route itself • Traffic engineering feasible and simple to implement Copyright © 2010 Internetwork Expert.com Inter-AS Routing and ASNs • Autonomous System (AS) – “…a set of routers under a single technical administration.[0-65535] denote original 2-byte ASNs Copyright © 2010 Internetwork Expert. using an interior gateway protocol (IGP) and common metrics to determine how to route packets within the AS. Inc www. and using an inter-AS routing protocol to determine how to route packets to other ASes.com Copyright © 2010 Internetwork Expert .INE.www.iana.INE.org/numbers/ • BGP ASNs originally 2-byte field – Values 0-65535 • RFC 4893 defines 4-byte ASNs – 0. Inc www.65535 notation – 0.

INE.com Who Needs BGP? • Transit networks – SPs that sell access or transit bandwidth to customers – Need full routing table to make accurate decisions – Should not use default routing • Multihomed networks – Enterprise networks with two or more connections to ISPs – Allows control of inbound and outbound routing policy Copyright © 2010 Internetwork Expert.INE.www.com Example Transit Network Copyright © 2010 Internetwork Expert. Inc www.INE. Inc www.com Copyright © 2010 Internetwork Expert .

com Example Multihomed Network Internet ISP 1 AS 1000 ISP 2 AS 2000 Customer 1 AS 100 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .com When not To Use BGP • Single ISP connectivity – Default routing sufficient • Limited memory and/or CPU resources – Global table needs ~ 1GB of memory just for storage • If you don’t “own” your IPv4 addresses – ISP advertises “their” address space on your behalf – Red tape involved with getting PI address space and BGP ASN Copyright © 2010 Internetwork Expert.INE. Inc www.www.INE. Inc www.INE.

com BGP Data Structure • Like EIGRP/OSPF/IS-IS.www. BGP uses a three table data structure • Neighbor table – List of active adjacencies called “peerings” • BGP table – All prefixes learned from all peers • IP Routing table – The “best” routes from the BGP table actually used for routing Copyright © 2010 Internetwork Expert.INE.com How BGP Works • Establish BGP peerings to build neighbor table • Exchange updates to build BGP table • Choose BGP bestpaths to build routing table Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . Inc www.INE.INE. Inc www.

62.239 Metric LocPrf Weight 0 0 0 368 0 0 0 0 0 0 0 3 0 0 0 0 2500 0 0 0 0 10 0 0 0 0 0 0 0 511 0 0 0 0 0 293 0 0 0 0 0 0 0 0 0 0 0 0 Path 8075 8069 4538 i 3267 6453 9304 80 i 3277 3267 6453 9304 80 i 2914 9304 80 i 3582 4600 11537 15412 9304 80 i 3303 2914 9304 80 i 6079 2914 9304 80 i 16150 15412 9304 80 i 2828 2914 9304 80 i 2905 701 2914 9304 80 i 3333 3356 15412 9304 80 i 3549 2914 9304 80 i 701 2914 9304 80 i 812 6453 9304 80 i 7660 4635 9304 80 i 3257 6453 9304 80 i 6079 2914 9304 80 i 6453 9304 80 i 6453 9304 80 i 852 15412 9304 80 i 1668 6453 9304 80 i 4826 3356 15412 9304 80 i 852 15412 9304 80 i 8075 15412 9304 80 i 2914 9304 80 i 1221 4637 9304 80 i 3356 15412 9304 80 i 7018 2914 9304 80 i 3561 2914 9304 80 i 2497 2914 9304 80 i 286 15412 9304 80 i 7500 2497 2914 9304 80 i 6539 15412 9304 80 i 6939 15412 9304 80 i 5459 15412 9304 80 i Copyright © 2010 Internetwork Expert.7.11 203.32.0.239 4 6453 4064203 44474 14808445 <output omitted> InQ OutQ Up/Down 0 0 4w4d 0 0 4w4d 0 0 2w2d 0 0 never 0 0 1w3d 0 0 7w4d 0 0 3w4d 0 0 3w0d 0 0 3w4d 0 0 4d23h 0 0 4w2d 0 0 14:59:04 0 0 5w3d 0 0 never 0 0 3w4d 0 0 3w4d 0 0 2w1d 0 0 7w4d 0 0 2w1d 0 0 2w0d 0 0 never 0 0 13:53:44 0 0 07:02:15 0 0 7w4d 0 0 3w3d State/PfxRcd 287263 288299 288960 Active 288575 289238 288084 288743 290129 289837 289026 289026 289366 Active 272660 272659 288026 113860 12109 292853 Active 292248 292385 200134 288282 Copyright © 2010 Internetwork Expert.11.225 4 852 3483572 73875 14808442 157.45.244 195.com Copyright © 2010 Internetwork Expert .56 4 3333 9431113 145515 14808445 193.222.219.81 4 1239 0 0 0 154.INE.250.32.1 154. local AS number 6447 BGP table version is 14808442.245 193.228.24.6.253 4 22388 306757 44577 14808445 193.181.130.178.11.85.48 4 1668 2439262 73872 14808442 89.98.113 4 852 3183907 73875 14808442 154.11 4 3303 1396623 44575 14808442 192.10.250.59.11 207. 4650 history paths.186 4.86 66.252.190.EGP.128.232.7.125.0.128.218.85. 13012 dampened paths BGP activity 533254/216360 prefixes.249.185.149.71.1.66.63 206.66.46.32.184.0.232. ? .8 4 3582 3102763 145590 14808442 129.85.116.0.171 4 2914 6505329 145526 14808442 134.113 66.com Example Global BGP Table route-views.INE.11.103.40.0.51.INE.oregon-ix. > best.net>show ip bgp summary BGP router identifier 128.245.221 216.40.31. * valid.internal.134.1 4 286 4507669 452 14808442 144.69.168 89.193 4 3356 2713078 73873 14808442 12.11.102 202.106.232.69.2.222.0 * 3.32.0. 53516863/43920540 paths.0.128.60 65.185.96.0.6.10.11 4 2914 6481745 145499 14808442 129.31.63 4 7018 7838671 44558 14808442 64. S Stale Origin codes: i .0.11.com Example Global BGP Neighbor Table route-views.172.233 4 701 3958967 145494 14808442 164.2 134.252.20 207.56 208.255. main routing table version 14808442 311034 network entries using 41056488 bytes of memory 9577818 path entries using 498046536 bytes of memory 1570690/56881 BGP path/bestpath attribute entries using 232462120 bytes of memory 1359127 BGP AS-PATH entries using 36934358 bytes of memory 20032 BGP community entries using 1333024 bytes of memory 29 BGP extended community entries using 1406 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 809833932 total bytes of memory Dampening enabled.0.0. scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer 4.250.255. d damped.239 154.128.106.178.61 4 812 4340316 65169 14808442 64.11.0.51.4.239 4 5459 2386544 44575 14808445 195.85.oregon-ix.71.87.15 194.103 Status codes: s suppressed.75. e .254 157.0.IGP.199.55 4 3277 5820626 73573 14808445 194.46.0 * * * * * * * * * * * * * * * * * * * * * * *> * * * * * * * * * * <output omitted> Next Hop 207.96.223.172.incomplete Network *> 1.184.8 164.223.248.1 217.1.4.0.223.223.55 129. local router ID is 128.48 114.139 4 2828 3331717 73873 14808442 66.130.219.164 195.0. r RIB-failure.59.7.15 4 3267 4453220 73832 14808445 195.98.241. Inc www.net>show ip bgp BGP table version is 14808445.61 203.225 207.171 128.203.0.233 64.137 4 6461 0 0 0 65.139 196.251.210.1 202.10 207.221 4 6539 2199436 73908 14808442 66.34 129.199.190.223.96. Inc www.253.250.106.193 12.6 4 5511 0 0 0 194.www.10 4 3257 3433546 456 14808442 114.87.34 194. h history.1 4 4826 3203817 73809 14808442 128. i .51.253.149.

0/24 [20/0] via 4.52.168.193.46. 2w4d 203.91.10.0/24 [20/3] via 65. 2d12h B 194.218.153.BGP D .static. EX .51.252.69.193. 1d12h B 193.com Copyright © 2010 Internetwork Expert .186.68.252.10.0/24 [20/0] via 164.34. L1 .0/24 [20/0] via 206.0/24 [20/0] via 207. Inc www. 2w5d 209.223.ODR.190.210. 2w1d 204.0/24 [20/0] via 66.0/24 [20/0] via 157.EIGRP. 4w4d B 203.5.218.83.periodic downloaded static route Gateway of last resort is 128.17.186.17.238. 2w1d 204.218.51.252.17.97.238.252.37.193.170.0/24 [20/0] via 157.222.189.164.IS-IS inter area.69.0/24 [20/0] via 203.184.119.0/24 [20/0] via 207. L2 . Inc www.0/24 [20/0] via 216.32. 1d12h 216.net>show ip route Codes: C .0/24 [20/0] via 4.0/24 [20/0] via 4. 4w4d 210. 2w3d B 192.69.233.130.238.0/24 [20/0] via 207.66.0/16 is variably subnetted.184.46.248. O .0/24 is variably subnetted.0.218.130.233. first step in BGP is to find neighbors to exchange information with • Unlike IGP… – BGP does not have its own transport • Uses TCP port 179 – BGP neighbors are not discovered • Manually configured via neighbor statement – BGP neighbors do not have to be connected • IGP is always on a link-by-link basis • BGP is a logical peering over TCP • Implies that BGP always needs IGP underneath – BGP has different types of neighbors • External BGP vs.IS-IS level-1.OSPF inter area N1 .85.0/24 [20/0] via 195.252.194.62. 3w4d B 203.51.68. 2w3d B 203.EIGRP external.62.IS-IS summary. 1w4d 210.62.46.0/24 [20/0] via 4. P .IS-IS level-2 ia . 7w0d 170.1 to network 0.37.34.130.164. 4w3d B 194.10.99.32.OSPF NSSA external type 1.0.153.255.96/27 [20/0] via 203.186. 2w5d B 202.106.167. 14:17:04 B 198.164.IS-IS.136.com Establishing BGP Peerings • Like IGP.184.17.252. 3 subnets.per-user static route o .218. S . 1d09h 209.34.139.193.34.128. Internal BGP Copyright © 2010 Internetwork Expert.238.221.130.74. E2 .0. 3 masks <output omitted> Copyright © 2010 Internetwork Expert.184. M .164.218.0/24 [20/0] via 216.0. 3 subnets.218.132. R .128/27 [20/0] via 203.233. su .1.17. 4w4d B 202.INE.255.32.136.0/24 [20/0] via 216.240.102.159.7.187. 2d18h 204.1.11. 4w1d B 193.mobile.candidate default.252.59.238.69. 3w1d B 202. 2w0d 205.225.233.connected.0/24 [20/0] via 216.221.69.RIP.221. * . B .170.215. 2w5d B 203.221.0/24 [20/0] via 134.184.69.OSPF NSSA external type 2 E1 . U .OSPF external type 2 i . 1d09h 204.34.164. 2w3d B 203.204.0/24 [20/0] via 157.102. 4w0d 203.181.233.0 B B B B B B B B B B B B 216.OSPF external type 1.www.87.239.134.0/24 [20/0] via 4.37.193.com Example BGP Routing Table route-views.0/24 [20/0] via 203.24.208.34. 2w6d B 194.10.252.OSPF.oregon-ix.164.252.184.32.0/24 [20/0] via 216. N2 . 2 masks B 203. 1w3d B 194.89.0/24 [20/0] via 157.INE.232.34.0/24 [20/0] via 4.243.0/24 [20/0] via 216. IA .37.193.INE.

INE.INE. Inc www.www.com Copyright © 2010 Internetwork Expert .com BGP Packet Formats • Peering establishment and maintenance uses four types of packets – OPEN – KEEPALIVE – UPDATE – NOTIFICATION Copyright © 2010 Internetwork Expert.INE.com BGP OPEN Message • Used to negotiate parameters for peering • Includes… – BGP version • Should be 4 – Local ASN – Local Router-ID – Hold time • Negotiated to lowest requested value – Options • AKA “capabilities” Copyright © 2010 Internetwork Expert. Inc www.

www. Inc www.INE.com BGP UPDATE Message • Used to advertise or withdraw a prefix • Includes – Withdrawn routes • List of routes that should be discarded – NLRI • Route being advertised – Path vector attributes • Attributes of route being advertised • Used for bestpath selection Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .com BGP KEEPALIVE Message • Used for dead neighbor detection • If hold time = 0.INE.INE. Inc www. keepalives disabled Copyright © 2010 Internetwork Expert.

INE. BGP session closed • Examples – Unsupported Version Number – Unsupported Optional Parameter – Unacceptable Hold Time – Hold Timer Expired Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert . Inc www. parameters agreed upon • Established – Peering complete Copyright © 2010 Internetwork Expert.com BGP Peering State Machine • BGP state machine tracks peering establishment • Idle – Waiting to start 3-way handshake • Connect – Waiting to complete 3-way handshake • Active – 3-way handshake failed. try again • Open sent – 3-way handshake complete.www. Inc www. OPEN message sent • Open confirm – OPEN message received.INE.com BGP NOTIFICATION Message • Used to convey error messages • After notification sent.

1.1.146.146.6 Up Copyright © 2010 Internetwork Expert.146.146.com Copyright © 2010 Internetwork Expert . header) 45 BGP: 10.146.1.1.1.6 went from OpenConfirm to Established %BGP-5-ADJCHANGE: neighbor 10.146.146. version 4. holdtime 180 seconds BGP: 10.1. holdtime 180 seconds BGP: 10.com BGP Peering State Machine Debug R1#debug ip bgp BGP debugging is on for address family: IPv4 Unicast R1#config t Enter configuration commands. one per line.146. header) 26 BGP: 10.6 rcvd OPEN w/ remote AS 1 BGP: 10.146.6 OPEN has CAPABILITY code: 1.6 rcv OPEN w/ OPTION parameter len: 16 BGP: 10.6 rcv OPEN.1.146.6 OPEN has ROUTE-REFRESH capability(new) for all address-families BGP: 10. length (incl.1.1.1.146.6 OPEN has MP_EXT CAP for afi/safi: 1/1 BGP: 10.1. version 4.com BGP Peering Types • External BGP (EBGP) Peers – Neighbors outside my Autonomous System • Internal BGP (iBGP) Peers – Neighbors inside my Autonomous System • Update and path selection rules change depending on what type of peer a route is being sent to/received from Copyright © 2010 Internetwork Expert.1.6 went from Connect to OpenSent BGP: 10.146.6 rcvd OPEN w/ optional parameter type 2 (Capability) len 6 BGP: 10. length 0 BGP: 10.6 rcvd OPEN w/ optional parameter type 2 (Capability) len 2 BGP: 10.1. End with CNTL/Z.INE.146.6 OPEN has CAPABILITY code: 128.146.6 send message type 1.1. length 0 BGP: 10. Inc www. Inc www.146.6 sending OPEN.146.1.6 OPEN has ROUTE-REFRESH capability(old) for all address-families BGP: 10.6 OPEN has CAPABILITY code: 2.INE.1.1. my as: 1.146.1.www.6 rcvd OPEN w/ optional parameter type 2 (Capability) len 2 BGP: 10.1. length (excl. length 4 BGP: 10.INE.1. R1(config)#router bgp 1 R1(config-router)#neighbor 10.6 remote-as 1 R1(config-router)#end %SYS-5-CONFIG_I: Configured from console by console R1# BGP: 10.146.146.6 rcv message type 1.6 went from OpenSent to OpenConfirm BGP: 10.146.146.6 went from Idle to Connect BGP: 10.1.

INE.INE. DS3 Frame Relay link to ISP • Can be “multihop”.www.com iBGP Peerings • Peers in the same AS • Many times not directly connected – Implies IGP needed to provide TCP transport • Loop prevention via route suppression – Routes learned from an iBGP peer cannot be advertised on to another iBGP peer • Implies that all routers running BGP within the AS must peer with each other – i.g. discard it Copyright © 2010 Internetwork Expert. “iBGP full mesh” – n*(n-1)/2 peerings Copyright © 2010 Internetwork Expert.com EBGP Peerings • Peers in different ASes • Usually directly connected neighbors – e.e. but TTL defaults to 1 – neighbor [address] ebgp-multihop [ttl] • Uses AS-Path attribute for loop prevention – If I receive an update from an EBGP peer with my own ASN in the AS-Path. Inc www.INE. Inc www.com Copyright © 2010 Internetwork Expert .

if IP address of Serial link is used for peering and Serial link is down. as long as any link is up. Inc www. Inc www.www. peer goes down • Using Loopback addresses for peerings allows rerouting around link failures and adds redundancy – e. Loopback can be reached • Defined as update-source for TCP session Copyright © 2010 Internetwork Expert.g.INE.INE. peering goes down – e.INE.com Copyright © 2010 Internetwork Expert .g.com BGP Peering Redundancy • BGP peering is based on TCP reachability to peer address • If peer address is unreachable.com BGP Loopback Redundancy Example ISP 1 AS 1000 R1 and R2 Peer Using Their Directly Connected Link Goes R1 and R2 Peer Using Their Directly Link Physical Link Goes Down Down and Connected BGP Peering Is Lost Loopback Interfaces But Peering Is Rerouted ISP 2 AS 2000 R2 R1 AS 100 Copyright © 2010 Internetwork Expert.

com Basic BGP Configuration • Enable global BGP process – router bgp [ASN] • Establish BGP peers – neighbor [address] remote-as [remote ASN] Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert .INE.com Basic BGP Verification • Verify BGP peerings – show ip bgp summary • Verify BGP table – show ip bgp • Verify BGP table detail – show ip bgp [network] [mask] • Verify BGP routing table – show ip route [bgp] Copyright © 2010 Internetwork Expert.www. Inc www. Inc www.INE.

1.1.12.5.6 R6# router bgp 100 neighbor 10.6 remote-as 100 neighbor 10.13.1.13.4.4.1.com Basic BGP Peering Configuration R1# router bgp 200 neighbor 10.24.3 remote-as 100 R2# router bgp 200 neighbor 10.1.1.6.1.4 update-source Loopback0 neighbor 10.4 remote-as 100 R3# router bgp 100 neighbor 10.1.6.1.3/24 R4 Lo0 10.6.1.24.1.6 update-source Loopback0 neighbor 10.3.12.5 update-source Loopback0 neighbor 10.6.1.2.1.com BGP Configuration Topology Fa0/0 10.6.5.1.1 remote-as 200 neighbor 10.46.5/24 10.24.4/24 Fa0/0 Fa0/0 R5 Fa0/1 10.3 remote-as 100 neighbor 10.4.6 neighbor 10.2 remote-as 200 neighbor 10.1.4.2 remote-as 200 R5# router bgp 100 neighbor 10.1.4 neighbor 10.INE.0/24 VLAN 12 Fa0/0 Lo0 10.1.1.5 remote-as 100 neighbor 10.0/24 VLAN 46 Lo0 10.1.com Copyright © 2010 Internetwork Expert .0/24 204 10.3 neighbor 10.13.1.4.5.3.3 update-source Loopback0 neighbor 10.1.3.4.3.1. Inc www.0/24 402 S1/2 Fa0/0 BGP AS 100 EIGRP AS 100 10.1.1.5 neighbor 10.5.6.6 remote-as 100 neighbor 10.1.1.56.4 remote-as 100 neighbor 10.1.2/24 R1 S0/1 Lo0 10.5 remote-as 100 neighbor 10.5.1/24 BGP AS 200 OSPF Area 0 R2 S0/0 10.12.www.3 neighbor 10.1.4 neighbor 10.5 update-source Loopback0 neighbor 10.1.4 neighbor 10.3.INE.35.5.1.1.1.1.1.1.6 update-source Loopback0 neighbor 10.1.1.1.1.1.3.3 neighbor 10.5 remote-as 100 remote-as 100 remote-as 100 update-source Loopback0 update-source Loopback0 update-source Loopback0 remote-as 100 remote-as 100 remote-as 100 update-source Loopback0 update-source Loopback0 update-source Loopback0 Copyright © 2010 Internetwork Expert.1.3 neighbor 10.4 neighbor 10. Inc www.6/24 S0/0 Fa0/0 R3 Lo0 10.1 remote-as 200 R4# router bgp 100 neighbor 10.1.6.1.INE.4.5.3.0/24 VLAN 56 R6 Fa0/1 Copyright © 2010 Internetwork Expert.0/24 VLAN 35 Lo0 10.

1. Inc www.1.INE.com BGP Peering Verification R1#show ip bgp summary BGP router identifier 10.1.1.13.5 10.6.2 V 4 4 4 4 AS MsgRcvd MsgSent 100 27 27 100 29 28 100 28 27 200 29 28 TblVer 1 1 1 1 InQ OutQ Up/Down State/PfxRcd 0 0 00:24:47 0 0 0 00:25:02 0 0 0 00:24:54 0 0 0 00:25:01 0 R5#show ip bgp summary BGP router identifier 10.12.4 10.1.4.6.INE.12.1.4 10.1. main routing table version 15 Neighbor 10.3 10.INE.24. Inc www.1 V 4 4 4 4 AS MsgRcvd MsgSent 100 27 27 100 28 27 100 28 27 200 29 28 TblVer 1 1 1 1 InQ OutQ Up/Down State/PfxRcd 0 0 00:24:45 0 0 0 00:24:59 0 0 0 00:24:59 0 0 0 00:25:02 0 Copyright © 2010 Internetwork Expert.6.24.3.1.5.4 10. local AS number 100 BGP table version is 34.1.3. main routing table version 34 Neighbor 10.4. main routing table version 15 Neighbor 10. local AS number 100 BGP table version is 1.3.2.4.6 10.5 V 4 4 4 AS MsgRcvd MsgSent 100 55 46 100 55 45 100 43 43 TblVer 34 34 34 InQ OutQ Up/Down State/PfxRcd 0 0 00:25:03 0 0 0 00:24:57 0 0 0 00:40:13 0 Copyright © 2010 Internetwork Expert.com BGP Peering Verification (cont.1. main routing table version 1 Neighbor 10.1 10.5.1.1.1.2.5.1.1.3 10. local AS number 200 BGP table version is 15. main routing table version 1 Neighbor 10.1. local AS number 200 BGP table version is 15. main routing table version 34 Neighbor 10.1.6.5.www. local AS number 100 BGP table version is 1.3.6 V 4 4 4 AS MsgRcvd MsgSent 100 55 46 100 56 46 100 43 43 TblVer 34 34 34 InQ OutQ Up/Down State/PfxRcd 0 0 00:25:01 0 0 0 00:25:03 0 0 0 00:40:12 0 R6#show ip bgp summary BGP router identifier 10.1.4 V 4 4 AS MsgRcvd MsgSent 200 37 37 100 37 32 TblVer 15 15 InQ OutQ Up/Down State/PfxRcd 0 0 00:26:27 0 0 0 00:24:58 0 R3#show ip bgp summary BGP router identifier 10.1.2 10.4. local AS number 100 BGP table version is 34.1.3 10.3 V 4 4 AS MsgRcvd MsgSent 200 37 37 100 38 33 TblVer 15 15 InQ OutQ Up/Down State/PfxRcd 0 0 00:26:26 0 0 0 00:24:59 0 R2#show ip bgp summary BGP router identifier 10.6.3.1.5.1.4.1.1.1.6 10.1.) R4#show ip bgp summary BGP router identifier 10.com Copyright © 2010 Internetwork Expert .13.5 10.

www.com Copyright © 2010 Internetwork Expert .INE. Inc www.INE.INE.com iBGP Full Mesh Scalability • n*(n-1)/2 doesn’t scale – 10 routers.500 peerings • Can be fixed with two exceptions – Route Reflectors • Same logic as DR/DIS – Confederation • Split the AS into smaller Sub-ASes Copyright © 2010 Internetwork Expert. 4950 peerings – 1000 routers. Inc www. 499.com iBGP Full Mesh Example ISP 1 AS 1000 9 Routers = 36 Peerings ISP 2 AS 2000 AS 100 Copyright © 2010 Internetwork Expert. 45 peerings – 100 routers.

INE.INE. Inc www. discard it Copyright © 2010 Internetwork Expert. Inc www.com Route Reflector Example ISP 1 AS 1000 ISP 2 AS 2000 Route Reflector AS 100 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .com BGP Route Reflectors • Eliminates need for full mesh – Only need peering(s) to the RR(s) • Like OSPF DR & IS-IS DIS.INE. minimizes prefix replication – Send one update to the RR – RR sends the update to its “clients” • Loop prevention through Cluster-ID – If I am a RR and I receive a route with my own Cluster-ID.www.

INE.com Copyright © 2010 Internetwork Expert . Inc www.com BGP Confederation • Reduces full mesh iBGP need by splitting AS into smaller Sub-ASes – Inside Sub-AS full mesh or RR need remains – Between Sub-AS acts like EBGP • Devices outside the confederation do not know about the internal structure – Sub-AS numbers are stripped from advertisements to true EBGP peers • Typically uses ASNs in private range (64512 – 65535) Copyright © 2010 Internetwork Expert. Inc www.com BGP Confederation Example Route Reflector Copyright © 2010 Internetwork Expert.www.INE.INE.

6.10. Inc www.com Copyright © 2010 Internetwork Expert .com BGP Peer Group Example router bgp 1 neighbor IBGP_PEER_GROUP peer-group neighbor IBGP_PEER_GROUP remote-as 1 neighbor IBGP_PEER_GROUP update-source Loopback0 neighbor IBGP_PEER_GROUP route-reflector-client neighbor IBGP_PEER_GROUP next-hop-self neighbor 1.g.15.14.4 peer-group IBGP_PEER_GROUP neighbor 5.3. Inc www. a route reflector’s clients • BGP Peer Groups reduce configuration and processing overhead by applying a template to the peers • Peer group is assigned parameters such as… – remote-as – route-reflector-client – route-map • Neighbor is specified as a member of the group – Peers in a group must be either all iBGP or all EBGP Copyright © 2010 Internetwork Expert.INE.INE.8 peer-group IBGP_PEER_GROUP neighbor 9.7.2.12 peer-group IBGP_PEER_GROUP neighbor 13.INE.com BGP Peer Groups • Typically many peers share the same update policy – e.www.11.16 peer-group IBGP_PEER_GROUP Copyright © 2010 Internetwork Expert.

Inc www.INE. BGP Configuration • Modify peering source address – neighbor [address] update-source [interface] • Enabling BGP authentication – neighbor [address] password [password] • Configuring BGP peer group – neighbor [Peer-Group-Name] peer-group – neighbor [Peer-Group-Name] [attrbiutes] – neighbor [address] peer-group [PeerGroup-Name] Copyright © 2010 Internetwork Expert.INE.INE.com BGP Authentication • Like IGP authentication. BGP susceptible to TCP RST attacks • Interesting read: “Slipping in the Window: TCP Reset attacks” • Uses MD5 as defined in RFC 2385 – “Protection of BGP Sessions via the TCP MD5 Signature Option” • Simply configured as neighbor [address] password [password] Copyright © 2010 Internetwork Expert.www. BGP peer authentication protects control plane against attacks and misconfigurations – Without authentication. Inc www.com Misc.com Copyright © 2010 Internetwork Expert .

INE. UPDATE messages are exchanged to advertise NLRI and build the BGP table • Routes local to the AS can be originated either by process level network [network] mask [mask] statement or redistribution • Unlike IGP. networks do not have to be directly connected to be advertised. prefixes in local routing table learned via OSPF can be advertised with BGP network statement Copyright © 2010 Internetwork Expert.www.com Misc. they only have to be in the routing table – e.com Building the BGP Table • Once peerings are established.g.) • Enabling Route Reflection – neighbor [address] routereflector-client • Enabling Confederation – Enable global BGP process • router bgp [Sub-ASN] – Define global ASN • bgp confederation-id [ASN] – Define other Sub-ASes • bgp confederation peers [Sub-ASN1] [Sub-ASN2] [Sub-ASNn] Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert . BGP Configuration (cont.INE. Inc www.INE.

r RIB-failure.1. e .255.255.0 mask 255.0 network 10.4 10.46.0 mask 255.255.com Copyright © 2010 Internetwork Expert .255.0 network 10.255.255.1.0 network 10.56.12.0 network 10.incomplete Network *> 10.0 network 10.1.0 network 10.1.1.1.255.0/24 *>i *> 10.12.255.com BGP Table Verification R1#show ip bgp BGP table version is 28.13.5.3.1.0/24 *>i10.4.255.1.0 mask 255.255.0 mask 255.46.24.255.IGP.1.1.0 mask 255.3 10.0/24 *>i10.4 10.1.4 Metric LocPrf Weight Path 0 32768 i 0 100 0 i 0 0 100 i 0 100 0 100 i 161280 0 100 i 156160 0 100 i 158720 0 100 i 156160 100 0 100 i 0 100 0 i 0 32768 i 0 0 100 i 33280 0 100 i 0 100 0 100 i 30720 0 100 i 30720 100 0 100 i Copyright © 2010 Internetwork Expert.0 network 10.0 mask 255.0/24 * 10.0 mask 255.0 mask 255.6.13.0 network 10.255.2.1.0.1.EGP.1.1.255.0. > best.255.1.1.3 10.1. Inc www.3 10.3.0 10.255.0 mask 255.0 network 10.1.255.46.6.com Originating NLRI Configuration R1# router bgp 200 network 10. ? .1.24.255.255.0 network 10.24.0/24 * i Next Hop 0.0.255.1.4 10.13.0 mask 255.255.0/24 *> *> 10.255.4.255.12.1.1.1.56.1.4.35.2 0.5.0/24 *> 10. S Stale Origin codes: i .255.1.13. d damped.3 10.24.1.13. h history.255.56.0 mask 255.1.0 R3# router bgp 100 network 10.0 mask 255. * valid.1.255.255.1. Inc www.255.www.1.1.255.35.255.255.0 Copyright © 2010 Internetwork Expert.255.0 network 10.0 R4# router bgp 100 network 10.1.0 network 10.INE.1.1.1.0 network 10.1.1.0 mask 255.0 mask 255.0 network 10.1.1.1.13.1.1.2 10.0/24 *>i * i10.0 mask 255.0 R2# router bgp 200 network 10.1.255.3 10.0 mask 255.255.3 10. i .255.0 mask 255.0 10.internal.13.255.0/24 * *> 10.1.1 Status codes: s suppressed.2.1.255.6.0 network 10.0 mask 255.255.12.5.0 mask 255.255.0/24 * 10.INE.INE.0.255.12.35.0 mask 255.1. local router ID is 10.2.255.3.1.0 network 10.3 10.

0.1.1.1. e .) R2#show ip bgp BGP table version is 30.com Copyright © 2010 Internetwork Expert .incomplete Network * i10. Inc www.1 10.12.com BGP Table Verification (cont.6 0.0 10. r RIB-failure.1.1.1.12.0. * valid.1.5 10.2.4.1.com BGP Table Verification (cont.1.1 10.1.5 Metric LocPrf Weight Path 0 100 0 200 i 0 0 200 i 0 100 0 200 i 0 200 i 161280 100 0 i 0 32768 i 0 100 0 i 161280 32768 i 158720 100 0 i 156160 32768 i 156160 100 0 i 158720 32768 i 0 100 0 200 i 0 0 200 i 33280 100 0 i 0 32768 i 0 100 0 i 33280 32768 i 30720 100 0 i 30720 32768 I Copyright © 2010 Internetwork Expert.1.2.1 10.internal. local router ID is 10.1.13.6 0.internal.1.0/24 *> * i10.0.24.3.0/24 * *> 10.4.3 10.4 10.1.24.1.35.1.1.2 Status codes: s suppressed.1. S Stale Origin codes: i .1. S Stale Origin codes: i . d damped.46.0/24 * 10.13.6 10.0/24 *> * i10.56.6 10.24. h history.0 10.24.46.0 10.0.EGP. h history.1.1.0/24 * i *>i10.5 10.0/24 *> 10.0/24 *> * i10.1.www.1.4 10.1.4 0.1.1.1.1.0/24 *>i10.4.1.1.0.2 10. i .46.1.0/24 *> * i10.1. local router ID is 10.24.4 10. e .INE.1.0/24 *> 10.0.46.1. ? .6 10.1.) R3#show ip bgp BGP table version is 11.1.4.3 10.4 Metric LocPrf Weight Path 0 100 0 i 0 32768 i 161280 0 100 i 0 100 0 100 i 0 0 100 i 156160 100 0 100 i 158720 0 100 i 156160 0 100 i 0 32768 i 0 100 0 i 0 100 0 100 i 33280 0 100 i 0 0 100 i 30720 100 0 100 i 30720 0 100 i Copyright © 2010 Internetwork Expert.1.3.1.5.24.13.12.35.4 10.0/24 * i10.24.1. * valid.3 10.0/24 *> * i10. d damped.1.13.56.4 10.1.1.4 10.13.0/24 *> Next Hop 10.IGP.12.46.0/24 * *> 10.incomplete Network *>i10.6.13.5 10.1.1 0.1.6.24.0/24 *> * i10.13.2 10.1.0/24 *> Next Hop 10.35.EGP.5.1.0/24 *>i *> 10.35.24.1.1.1. r RIB-failure.0.1 10. i .35.0/24 *> * i10. > best.4 10.INE.IGP.35.0.1.46.2 10.46.3 Status codes: s suppressed.INE.35.2.3.1. Inc www. ? .0/24 *> * i10.0/24 *> * i10.0 10.1.1.5 10. > best.3 10.1.1.24.

1.1.1.6 10. d damped.46.1.INE.12.1.56.internal.24.1.com BGP Table Verification (cont. > best.internal.1.3.EGP.13.0/24 * i10.6 10. h history.0.3 0.1.1 10.13.3 10.0.3.1.5 10.0/24 * i * i10.0/24 r>i r>i10.) R4#show ip bgp BGP table version is 26. e .0 10.56. Inc www.0/24 r>i r>i10.1.4.1.com BGP Table Verification (cont.1.2 10. * valid.1.35.46.6.1.0/24 r>i10.2 10.0/24 *>i r i10.46.com Copyright © 2010 Internetwork Expert . local router ID is 10.5 10.3. i .1 10.35.1 10.46.5.2 10.5 10.0/24 * i *> 10.EGP.1.1.4 Status codes: s suppressed.1.1. > best.0/24 * i * i10.INE.46.4.0/24 *> *> 10.35.6 10.5 Status codes: s suppressed.35.0/24 Next Hop 10.6 10.5 10.2 10.1.46.1.1.5.2.35.2.6.24.1.13.5.1.1.IGP.13.24.6 10.24.1. ? .6 10. ? .24.12.3.3 0.1.incomplete Network *>i10.1.35.0/24 * i * i10.13.0/24 * i *> 10.2 10.6 10. r RIB-failure.1.3 10.13.6 10.incomplete Network *> 10.1.1. r RIB-failure.4 10.46.4.3.1 10.1.1.1.4 10.6 Metric LocPrf Weight Path 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 161280 100 0 i 0 100 0 i 0 100 0 i 158720 100 0 i 156160 100 0 i 0 100 0 200 i 0 100 0 200 i 33280 100 0 i 0 100 0 i 0 100 0 i 30720 100 0 i Copyright © 2010 Internetwork Expert.www.6 10. local router ID is 10.1.) R5#show ip bgp BGP table version is 52.1.1. d damped.5 Metric LocPrf Weight 0 0 100 0 0 100 0 0 0 161280 32768 0 100 0 0 32768 161280 100 0 158720 32768 156160 100 0 156160 32768 158720 100 0 0 100 0 0 0 33280 32768 0 100 0 0 32768 33280 100 0 30720 32768 30720 100 0 Path 200 i 200 i 200 i 200 i i i i i i i i i 200 i 200 i i i i i i i Copyright © 2010 Internetwork Expert.1.0. e .0/24 * i *> 10.0/24 * i *> 10.1.0/24 *>i r i10.1 10.1.1.1.1.46.1.46.1.1.46. Inc www.1.35.1.1.46. i .1.4.0/24 * i Next Hop 10.0/24 *> *> 10.0/24 r>i10.4.1.1. h history.1.INE.1. * valid.1.0/24 * i *> 10.0 10.2 10.3.1 10.24.1.46.1. S Stale Origin codes: i .IGP.0.1. S Stale Origin codes: i .0/24 r>i10.

13.0/24 * i * i10.0/24. external.24.13.0 BGP routing table entry for 10.2 (10. local router ID is 10.24.3.35.35.1.3) Origin IGP.1.3 10.0/24 r>i10.2 10. metric 30720.0/24 * i10.24.1.0/24 r i r>i10. i .4.2) Origin IGP.35.3.24.incomplete Network *>i10.1.1.internal. d damped.35.56.1.5.13. metric 30720.www.EGP.1.1.IGP. valid.1 10.0/24 r>i10.1.1. > best.1.1 10.13.1.5 Metric LocPrf Weight Path 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 0 100 0 i 0 100 0 i 161280 100 0 i 156160 100 0 i 158720 100 0 i 0 100 0 200 i 0 100 0 200 i 0 100 0 i 0 100 0 i 33280 100 0 i 30720 100 0 I Copyright © 2010 Internetwork Expert.1.6.1. e . localpref 100.46.1.1.13.12.4.com BGP Table Verification Detail R1#show ip bgp 10.INE.1.6 Status codes: s suppressed.) R6#show ip bgp BGP table version is 54.1.0/24 Next Hop 10.0/24 r>i10.5 10.12.1.2.INE. best #1. Inc www. Inc www.1. S Stale Origin codes: i . h history.3 (10.1.35.5 10.5 10.1.1.1.0/24 *>i r>i10.56.1.INE. table Default-IP-RoutingTable) Advertised to update-groups: 2 100 10.2. * valid.0/24 r i r>i10.3 10.1.0/24 *>i r>i10. valid. localpref 100.com Copyright © 2010 Internetwork Expert .1.1.56.1.3.1.3.4 (metric 20) from 10.1. ? .6. best 100 10.1.4.5 10.1.4 10.2 10.1.1.3 from 10.4 10. version 25 Paths: (2 available.com BGP Table Verification (cont. r RIB-failure.2 10.35.1 10. internal Copyright © 2010 Internetwork Expert.

24.1.0 summary-only R1#show ip bgp BGP table version is 31.1. d damped.0.4 Metric LocPrf Weight Path 0 32768 i 0 100 0 i 0 0 100 i 0 100 0 100 i 0 100 0 100 i 0 0 100 i 158720 100 0 100 i 158720 0 100 i 156160 100 0 100 i 0 100 0 i 0 32768 i 0 0 100 i 33280 0 100 i 0 100 0 100 i 30720 0 100 i 30720 100 0 100 I Copyright © 2010 Internetwork Expert.1.24.24. Inc www.2 10..4.www.13.3.1.4 10.13.12. is used to reduce resource requirements needed to process the BGP table – Configured as aggregate-address [network] [mask] [summary-only|as-set|routemap|.56. i .1.3 10.2 0.3 10.0/23 *> *>i10. local router ID is 10.1.12.internal.12.1.1.INE.24.1.1.1. r RIB-failure.0/24 *>i *> 10.4.0 255.24. Inc www.0/24 i Next Hop 0.0/24 * 10.255.] • Can be applied at any point in the network – No hierarchy like OSPF/IS-IS • Does not automatically stop subnet advertisements – summary-only argument • Can be used for longest match routing traffic engineering Copyright © 2010 Internetwork Expert.0/24 * 10.1.0.13.EGP.0/24 *>i10.1.254.0/24 *> *> 10..0.1.0/24 *>i10.0 10.6.4 10.1.4 10. e .1.1.1.4 10.0/24 *> 10.13.IGP.incomplete Network *> 10.1. h history.4.com BGP Aggregation Configuration R3# router bgp 100 aggregate-address 10.1 Status codes: s suppressed.5.1.INE.1.INE. > best.1.4 10.3 10. like IGP summarization.0/24 * i10.3 10.1.24.0/24 *>i * i10.1.46.3 10.1.13.com BGP NLRI Aggregation • BGP aggregation.1.3 10. * valid.0 10.1.0.1.com Copyright © 2010 Internetwork Expert .35. ? .13. S Stale Origin codes: i .2.1.

INE. non-transitive • Transitive passes between EBGP and iBGP neighbors • Non-transitive passes only between iBGP neighbors • Valid combinations are… – – – – Well-known mandatory Well-known discretionary Optional transitive Optional non-transitive Copyright © 2010 Internetwork Expert.www.com Copyright © 2010 Internetwork Expert .INE. Inc www. optional • Well-known must be implemented • Optional may or may not be implemented – Mandatory vs. discretionary • Mandatory must be present in update • Discretionary may or may not be present – Transitive vs.INE.com BGP Path Vector Attributes • UPDATE includes path vector attributes for a route – Next-hop – AS-Path – Origin – Local preference – Multi-Exit Discriminator (MED) – Atomic aggregate – Aggregator Copyright © 2010 Internetwork Expert. Inc www.com BGP Attribute Types • Attributes fall into different categories… – Well-known vs.

their update-source • If UPDATE comes from iBGP peer – Next-hop is the IP address used to peer with the EBGP neighbor they learned it from • i.com BGP AS-Path • Well-known mandatory attribute • Defines which Autonomous Systems the route has passed through • When sending an UPDATE to an EBGP neighbor.e. the local ASN is “prepended” to the route – Example path “100 1000 2000” • Originated in 2000 • Passed through 1000 • Learned from 100 • Shorter AS-Path length is preferred – e. “100 1000 2000” (3) vs “100 1000 2000 3000” (4) Copyright © 2010 Internetwork Expert.INE.com BGP Next-Hop • Well-known mandatory attribute • If UPDATE comes from EBGP peer – Next-hop is the IP address they use to peer with you • i. Inc www.INE. the next-hop is unmodified – Implies that iBGP neighbors must have an IGP route to the links between EBGP neighbors – Behavior can be changed with neighbor [address] next-hop-self Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert .g. Inc www.e.www.

INE.g.294.967.295 • Only exchanged in iBGP updates • Higher local preference is preferred Copyright © 2010 Internetwork Expert.www. Inc www.com Copyright © 2010 Internetwork Expert .INE. redistribution • Lower origin code is preferred Copyright © 2010 Internetwork Expert.com BGP Local Preference • Well-known discretionary attribute • 4 byte field – Value of 0 – 4.com BGP Origin • Well-known mandatory attribute • Possible values… – 0 – IGP – 1 – EGP – 2 – Incomplete • Defines how prefix was advertised into BGP – IGP – interior to the AS – EGP – the actual protocol “EGP” (deprecated) – Incomplete – some other means • e.INE. Inc www.

Inc www.INE.INE.967. Inc www.294.com Copyright © 2010 Internetwork Expert .INE.com BGP Atomic Aggregate and Aggregator • Atomic Aggregate – Well-known discretionary attribute • Aggregator – Optional transitive attribute • Both used when BGP prefixes are summarized (aggregated) together • “Aggregate” prefix has – Atomic Aggregate = TRUE – Aggregator = BGP Router-ID who performed summarization Copyright © 2010 Internetwork Expert.www.295 • Used to choose (discriminate) between multiple exit points out of the AS – Many exceptions to MED comparison – Rarely used in practice • Lower MED is preferred Copyright © 2010 Internetwork Expert.com BGP Multi-Exit Discriminator • AKA MED or simply “metric” • optional non-transitive attribute • 4 byte field – Value of 0 – 4.

X2 wins Resulting Traffic Flow Exits Via paths to Selection.INE. On R2.com BGP Bestpath Selection • Once updates are exchanged.INE.INE. path selection begins • Bestpath selection algorithm compares path vector attributes and elects one route as “best” for each prefix – Denoted by “>” in the show ip bgp output • Like RIPv2 & EIGRP.com Copyright © 2010 Internetwork Expert . Inc www. XX 1 Wins. only best route is sent to the routing table and to other peers Copyright © 2010 Internetwork Expert.com Bestpath Selection Example X1 X2 X3 Three Instances ofBestpath Prefix “X” R1 and R2 run R1 and R2 advertise their best Learned From EBGP Neighbors All Other Routers Run Bestpath Selection. Inc www. R1 With Exception Of R2 X1 X2 X1 X1 X1 X1 X1 X1 X1 Copyright © 2010 Internetwork Expert.www.

www.INE. • See BGP Best Path Selection Algorithm on cisco. Inc www.com Manipulating BGP Bestpath Selection • Vector attributes can be manually modified to define different routing policy for different routes – E. control inbound/outbound traffic flow on a perprefix basis • Attributes typically modified are… – – – – Weight Local-Preference AS-Path MED • Inbound routing policy affects outbound traffic – Change weight or local-pref in to affect traffic out • Outbound routing policy affects incoming traffic – Change AS-Path or MED to affect traffic in Copyright © 2010 Internetwork Expert.INE. lowest Router-ID. lowest interface IP address.com BGP Bestpath Selection Order • Algorithm not standardized.com Copyright © 2010 Internetwork Expert .com for details Copyright © 2010 Internetwork Expert. Inc www. etc.g. Cisco IOS selection order is… – Weight (highest) • Locally significant Cisco proprietary attribute – – – – – – – Local Preference (highest) Locally originated routes AS-Path (shortest) Origin (lowest) MED (lowest) EBGP learned routes over iBGP learned routes Smallest IGP metric to next-hop value • Algorithm runs top down until a deciding match occurs • Other tie-breaking checks occur if no bestpath – Oldest route.INE.

INE.INE.com Manipulating Weight Example ISP 1 AS 1000 X1 Weight 0 (Default) Three Instances of Prefix R2 Modifies Weight Of “X” X3 R1 and R2 run Bestpath Learned From EBGP Neighbors R1 and advertise their best To BeR2 Higher Than X2 Other Weight Does Not Affect Selection. Traffic Flow To X Exits Via R1 paths to X Neighbors.com Copyright © 2010 Internetwork Expert .INE. wins.R1. X3Flow X3 Wins. On R2.www. Including X3 X3 X3 X3 X3 X3 X3 Copyright © 2010 Internetwork Expert. Inc www. R2 Local Pref Affects All Peers. X 3 wins. X 3 All Traffic To X Exits Via R2 To Peers. X1 Still Wins. ISP 2 AS 2000 X2 ISP 1 AS 1000 X3 Weight 100 R1 X1 R2X3 X1 X1 X1 X1 X1 X1 X1 AS 100 Copyright © 2010 Internetwork Expert.com Manipulating Local Preference Example X1 Local Pref 100 (Default) XX 1 3 X2 Local Pref 100 (Default) X3 X3 Local Pref 200 Three Instances of Prefix “X” R2Runs Modifies Local Pref Of X3 R1 Bestpath On X Learned From EBGP Neighbors 1 and X3. With Exception Of R2. R1 X Advertises ToWithdraws Be Higher Than Default 1. Inc www.

com Manipulating AS-Path Example AS-Path 100 100 100 AS-Path 100 (default) AS-Path 100 100 100 X1 AS 100 Originates Prefix “X” Into R1 R2 Prepend Additional Xand Via AS 2000 Is Preferred BGP And Outbound 2 ASNs toAdvertises X X3 Reach Outbound 1 andTo Entry Point X X2 X3 X Copyright © 2010 Internetwork Expert.com Manipulating MED Example ISP 1 AS 1000 MED 100 ISP 1 AS 1000 MED 200 X1 AS 100 Originates Prefix “X” R1 and R2 Set MED for X1Into and X1 Is Preferred Entry Point For BGP Advertises Outbound To AS 1000 XAnd 2 Outbound AS 1000 To Reach X R1 R2 X2 X AS 100 Copyright © 2010 Internetwork Expert.www.INE.com Copyright © 2010 Internetwork Expert . Inc www.INE.INE. Inc www.

metric 161280.1 (10.5.4.3 (metric 20) from 10. valid.4.6 next-hop-self R5#show ip bgp BGP table version is 58.3.4.1 10.1.IGP.6.4 (10.1.com Modifying BGP Next-Hop Configuration R4# router bgp 100 neighbor 10. table Default-IP-Routing-Table) Advertised to update-groups: 1 100 10.1. Inc www.4.12. valid.0/24 r>i10. version 34 Paths: (2 available.3 (metric 20) from 10.4 Metric LocPrf Weight Path 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 161280 100 0 i 0 100 0 i 0 100 0 i 158720 100 0 i 156160 100 0 i 0 100 0 200 i 0 100 0 200 i 33280 100 0 i 0 100 0 i 0 100 0 i 30720 100 0 I Copyright © 2010 Internetwork Expert. r RIB-failure.1.46.4 10. h history.1.13. e .1.24.0/24 Next Hop 10.INE.1.13.4) Origin IGP.0/24 *>i r i10.4. best #1.0/24 R2(config)#route-map R4_INBOUND permit 10 R2(config-route-map)#match ip address prefix-list R3_LOOPBACK R2(config-route-map)#set weight 100 R2(config-route-map)#route-map R4_INBOUND permit 100 R2(config-route-map)#router bgp 200 R2(config-router)#neighbor 10.1.3.4 10.1.1.3 next-hop-self neighbor 10.1. weight 100.1. best R2#config t Enter configuration commands. R2(config)#ip prefix-list R3_LOOPBACK permit 10. local router ID is 10.EGP.1.3.1.24.24.0/24.1.56. table Default-IP-Routing-Table) Flag: 0x4940 Advertised to update-groups: 2 100 10.1.1.3 10.4. external. valid.INE.0/24 * i * i10. metric 0.24.1.1.1.0/24 r>i r>i10.4 10.INE.24.3.1.0 BGP routing table entry for 10. Inc www.1. best #2.4 10.1. internal Copyright © 2010 Internetwork Expert. external 100 10.internal.4 10.1.2.1. ? .1.3.1. localpref 100.3 10.www.4 10.1) Origin IGP.1 10.1.1.0/24.3. * valid.13.12.4.4. S Stale Origin codes: i .com Copyright © 2010 Internetwork Expert .3.13.1.4 10.1 10.4.4. localpref 100.4.1.1.13. localpref 100.1.1.1.4 10.1.5.5 Status codes: s suppressed.0/24 r>i10. valid.incomplete Network *>i10.1.5.3.0/24 *>i r i10.1.5 next-hop-self neighbor 10.4) Origin IGP. > best.6. End with CNTL/Z. best 100 10.4.4 10.1. i .4 from 10.4 from 10.1.1. d damped.1. metric 161280. internal.1.0 BGP routing table entry for 10.1) Origin IGP.1.1.35.12.com BGP Weight Configuration R2#show ip bgp 10.1.3. one per line.1.1 (10.1.0/24 * i10.0/24 r>i10.0/24 r>i r>i10. localpref 100. metric 0.1.1.4. version 28 Paths: (2 available.4 (10.4 route-map R4_INBOUND in R2(config-router)#end R2#clear ip bgp * in R2#show ip bgp 10.

1.1 1 10.4) Origin IGP.1.13. valid. valid.24.1 1 10. version 28 Paths: (1 available. table Default-IP-Routing-Table) Flag: 0x800 Advertised to update-groups: 2 200 10.1 Type escape sequence to abort.1.13.12.3.0/24. valid.1.1.1.4. best R4#traceroute 10.1.4.1.1. localpref 100. best #2.1. internal 200 10. End with CNTL/Z. Tracing the route to 10.1 Type escape sequence to abort. external.2 from 10. external.2 (10.2. valid.0 BGP routing table entry for 10.1 12 msec * R4#traceroute 10.1.1.3 (10.0/24 R4(config)#route-map R2_INBOUND permit 10 R4(config-route-map)#match ip address prefix-list R1_LOOPBACK R4(config-route-map)#set local-pref R4(config-route-map)#set local-preference 200 R4(config-route-map)#route-map R2_INBOUND permit 100 R4(config-route-map)#router bgp 100 R4(config-router)#neighbor 10.24.4 (10.1.12.1 (metric 20519680) from 10.0 BGP routing table entry for 10.1.1.2.1.3. Tracing the route to 10.1. best #1. localpref 100. version 2 Paths: (2 available.2 from 10.1.24.1.1.com Copyright © 2010 Internetwork Expert .3) Origin IGP. one per line.1.1. Tracing the route to 10. valid.1.24.2 28 msec 28 msec 28 msec 2 10.INE.1. version 3 Paths: (2 available.1. internal R3#traceroute 10.1.com BGP Local Preference Configuration R3#show ip bgp 10.) R4#conf t Enter configuration commands.1.1. best R4#show ip bgp 10.1.1 [AS 200] 32 msec * 28 msec Copyright © 2010 Internetwork Expert. R4(config)#ip prefix-list R1_LOOPBACK permit 10. Inc www.1. localpref 100.1 Type escape sequence to abort.4.13.1.com BGP Local Preference Configuration (cont.24.1 from 10.0/24. best #1.1.1.1.1. best 200 10.2 28 msec 28 msec 28 msec 2 10.24.www.0/24.1.1 [AS 200] 28 msec * 28 msec 13 msec Copyright © 2010 Internetwork Expert. Inc www. metric 0.13.1.1.1.2 (10. metric 0. localpref 200.1.1.2 route-map R2_INBOUND in R4(config-router)#end R4#clear ip bgp * in R4#show ip bgp 10.1.1. localpref 100.INE.INE.1 (10.2) Origin IGP. table Default-IP-Routing-Table) Advertised to update-groups: 2 200 10.1. metric 0.1 1 10.4 (metric 161280) from 10.1. table Default-IP-Routing-Table) Advertised to update-groups: 2 200 10.24.2) Origin IGP.1.1. external.1.0 BGP routing table entry for 10.1) Origin IGP.

13.13. table Default-IP-Routing-Table) Advertised to update-groups: 2 200 10.2.1.0 BGP routing table entry for 10. metric 0.1.1. one per line. version 26 Paths: (2 available. best #2.1.2 from 10. valid.0/24.4 (metric 161280) from 10.1.1.) R3#show ip bgp 10.1.com Copyright © 2010 Internetwork Expert .1. table Default-IP-Routing-Table) Flag: 0x940 Advertised to update-groups: 1 200 10.0 BGP routing table entry for 10.1.1 4 msec 4 msec 0 msec 4 msec 4 msec 0 msec 4 msec 4 msec 4 msec 20 msec 20 msec 20 msec [AS 200] 20 msec * 20 msec Copyright © 2010 Internetwork Expert. valid.0 BGP routing table entry for 10.4 (10.1. valid.1. R2(config)#ip prefix-list R2_LOOPBACK permit 10.4 route-map R4_OUTBOUND out R2(config-router)#end R2#clear ip bgp * out Copyright © 2010 Internetwork Expert.24.1 1 2 3 4 5 10. version 11 Paths: (2 available.3.1.4) Origin IGP.1. external R3#traceroute 10.1.13. version 15 Paths: (2 available.56.1. Tracing the route to 10.2.com BGP Local Preference Configuration (cont.1.4 (10.2. valid.com BGP AS-Path Configuration R3#show ip bgp 10.2 10. external.1. internal.1. internal 200 10.5 10. End with CNTL/Z.3. valid. metric 0. metric 0.1. metric 0.1.1.1.1.INE.1.2) Origin IGP. metric 0. localpref 100.1.2.1. Inc www.4.3) Origin IGP.46.1.1.24. internal 200 10.1.1.0/24.2 (10.4.1 from 10.1.2.1) Origin IGP.1.4. Inc www. localpref 200.1. table Default-IP-Routing-Table) Advertised to update-groups: 2 200 10.1. best #1.0/24.1) Origin IGP.24.13.1 (10. best 200 10. localpref 100.1.www.13.INE.4 10. localpref 100. localpref 100. best #2.4 (metric 161280) from 10.INE.6 10.1.1 (metric 20519680) from 10.4.12. localpref 100.1 (10. best R4#show ip bgp 10.1 from 10.3 (10. valid.0/24 R2(config)#route-map R4_OUTBOUND permit 10 R2(config-route-map)#match ip address prefix-list R2_LOOPBACK R2(config-route-map)#set as-path prepend 200 200 200 R2(config-route-map)#route-map R4_OUTBOUND permit 100 R2(config-route-map)#router bgp 200 R2(config-router)#neighbor 10.1.1 Type escape sequence to abort.4.24. external.1.1. best R2#conf t Enter configuration commands.4) Origin IGP.35.4.2.

1.1. metric 0.2.1.1.24.0/24.1.24. localpref 100.1.3 (10. internal. best #2.1.1. End with CNTL/Z.1 (10.1. localpref 100.0 BGP routing table entry for 10.2 (10.12. R3(config)#ip prefix-list R6_LOOPBACK permit 10. table Default-IP-Routing-Table) Advertised to update-groups: 2 100 10.1.13.1.1. valid.2 from 10.6.13.13. valid.4 (10. table Default-IP-Routing-Table) Flag: 0x940 Advertised to update-groups: 1 200 10.1.2 Type escape sequence to abort.3. localpref 100.3 (10.2 1 2 3 4 5 10. table Default-IP-Routing-Table) Advertised to update-groups: 2 200 10.com BGP AS-Path Configuration (cont.2 4 msec 4 msec 0 msec 4 msec 4 msec 0 msec 0 msec 4 msec 4 msec 24 msec 24 msec 28 msec [AS 200] 24 msec * 24 msec Copyright © 2010 Internetwork Expert.1. table Default-IP-Routing-Table) Advertised to update-groups: 1 100 10. metric 156160.1.2 (10.4.2) Origin IGP. best 200 200 200 200 10. external 100 10.0 BGP routing table entry for 10.1.3.1. one per line.6. external R4#traceroute 10.com Copyright © 2010 Internetwork Expert . external.35.1.2.1) Origin IGP.) R3#show ip bgp 10. best R3#conf t Enter configuration commands. valid. metric 156160.4) Origin IGP.0/24.1.0/24.6. best R4#show ip bgp 10.13.13.13. valid. best #1. metric 158720. localpref 100.1.46.2.INE.2.24.24.1.4 (metric 20) from 10.1 10. best #1.1.1.13.6. valid.56.1.1. internal.INE.3) Origin IGP.1.12.1.2) Origin IGP. localpref 100. Inc www.1.24.3.1.1.1 route-map R1_OUTBOUND out R3(config-router)#end R3#clear ip bgp * out Copyright © 2010 Internetwork Expert.4 from 10.1. version 25 Paths: (1 available.www. Inc www. external.1. version 29 Paths: (2 available. Tracing the route to 10. best #1.2.0/24 R3(config)#route-map R1_OUTBOUND permit 10 R3(config-route-map)#matc ip address prefix-list R6_LOOPBACK R3(config-route-map)#match ip address prefix-list R6_LOOPBACK R3(config-route-map)#set metric 100 R3(config-route-map)#route-map R1_OUTBOUND permit 100 R3(config-route-map)#router bgp 100 R3(config-router)#neighbor 10. best R2#show ip bgp 10.3 from 10.2. version 27 Paths: (2 available.1 (metric 20519680) from 10.0 BGP routing table entry for 10. metric 0.3) Origin IGP.5 10.0/24.1. valid.1.2.1 from 10.6 10.INE. version 11 Paths: (1 available.1.com BGP MED Configuration R1#show ip bgp 10.0 BGP routing table entry for 10.1. localpref 100.2.3 10.6.

1.12.3.0 BGP routing table entry for 10. metric 100.1. best 100 10.6. localpref 100. version 32 Paths: (1 available.INE.1. internal. external.6.1. external Copyright © 2010 Internetwork Expert. Inc www. best R2#show ip bgp 10.1.1. valid.com BGP MED Configuration (cont.1.4.24.13.INE. metric 156160.4 from 10. best #1. table Default-IP-Routing-Table) Flag: 0x4940 Advertised to update-groups: 2 100 10.0 BGP routing table entry for 10. localpref 100.3) Origin IGP.1) Origin IGP.1 (10.1.3 (10.4) Origin IGP.13.6. valid.1. metric 100.1.1.1.com BGP Q&A Copyright © 2010 Internetwork Expert.www.INE.3 (metric 20) from 10. best #1.1.4 (10. version 35 Paths: (2 available.6.3 from 10. Inc www. table Default-IP-Routing-Table) Flag: 0x4940 Advertised to update-groups: 1 100 10.0/24.24.1.com Copyright © 2010 Internetwork Expert .) R1#show ip bgp 10. localpref 100. valid.13.0/24.

OSPF to EIGRP redistribution • Considerations – Metric conversion – Loss of loop prevention – Table instability • e. BGP to IGP redistribution Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .www.INE.g. Inc www.INE.INE.g.com Route Redistribution Overview • Process of exchanging reachability information between routing domains – e.com Internetwork Expert’s CCNP Bootcamp Redistribution & Layer 3 Path Control http://www.

e. Inc www. Inc www.com Copyright © 2010 Internetwork Expert . must be manually specified – Global default-metric – Individual redistribute statements Copyright © 2010 Internetwork Expert. external routes • No default metric for redistribution.com How Redistribution Works • Route redistribution occurs from the routing table.com Redistribution into RIPv2 • Does not distinguish between internal vs.www.INE. not the routing database – i.INE. only currently installed routes are candidate to be redistributed • Most protocols also include connected interfaces running the routing process as candidate – e.g. EIGRP to OSPF then OSPF to RIP does not imply EIGRP to RIP Copyright © 2010 Internetwork Expert. implicit redistribute connected – IPv6 exceptions • Redistribution must be explicit – e.INE.g.

www.INE.com

Redistribution into EIGRP • Does distinguish between internal vs. external routes
– Internal (D) EIGRP AD 90 – External (D EX) EIGRP AD 170

• EIGRP Router-ID tagged in external route
– Automatic loop prevention

• No default metric for redistribution unless going EIGRP to EIGRP
– Global default-metric – Individual redistribute statements
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Redistribution into OSPF • Does distinguish between internal vs. external routes
– E1/E2/N1/N2 – Same AD for all, but can be separately modified

• OSPF Router-ID tagged in external LSA
– Automatic loop prevention

• Default metric of 20 • Default metric type of E2/N2
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

IGP Redistribution into BGP • Redistributed routes get origin code of incomplete
– Denoted as ? in the BGP table – Implies redistributed routes less preferred

• OSPF into BGP only matches internal routes by default
– redistribute ospf 1 match internal external

Copyright © 2010 Internetwork Expert, Inc www.INE.com

BGP Redistribution into IGP • Generally not recommended without strict filtering
– Global routing table ~ 350,000 routes

• BGP into IGP only matches EBGP routes by default
– bgp redistribute-internal – Can result in routing/traffic loops or BGP race condition

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Redistribution & Traffic Engineering
• Traffic engineering (layer 3 path control) can be implemented in redistribution designs with multiple entry/exit points • Seed metric can influence path selection
– ASBR1 reports prefix X with cost 10 – ASBR2 reports prefix X with cost 20

• Route-map, prefix-list, etc. filtering can influence path selection with longest match routing
– ASBR1 reports aggregate X plus subnets X1 & X2 – ASBR2 reports only aggregate X
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Basic Redistribution Example
10.1.1.0/24 VLAN 1

Fa0/0.1
10.1.12.0/24 VLAN 12

R1
10.1.13.0/24 VLAN 13

Fa0/0.12 Fa0/0.13

Fa0/0.12

R2
Fa0/0.23

Fa0/0.24

10.1.24.0/24 VLAN 24 10.1.23.0/24 VLAN 23

Fa0/0.13

Fa0/0.24 Fa0/0.23

R3
Fa0/0.35

R4
Fa0/0.45

10.1.35.0/24 VLAN 35 10.1.45.0/24 VLAN 45

Fa0/0.35

Fa0/0.45

Copyright © 2010 Internetwork Expert, Inc www.INE.com

R5

Copyright © 2010 Internetwork Expert

www.INE.com

Problems with Redistribution
• Routing loops & traffic loops (“blackholes”) generally occur for three reasons
– Reconvergence after a topology change – Metric feedback – Administrative Distance feedback

• Temporary traffic loss during reconvergence is normal • Metric or AD feedback is usually recurring, and happens because of improper design
– E.g. redistribution from higher AD to lower AD and then fed back
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Metric Route Feedback Example
R2 learns prefix via RIP with metric 5 R2 redistributes prefix into OSPF

R2 learns prefix via RIP with metric 1 and loop occurs

R3 redistributes prefix into RIP with metric 1

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

AD Route Feedback Example
R2 learns prefix via RIP with AD 120 R2 learns prefix via OSPF with AD 110

RIP route is withdrawn and loop occurs

R3 redistributes prefix into OSPF

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Fixing Redistribution Problems
• Some redistribution problems can only be solved by changing the topology design or changing where redistribution occurs • Others can be fixed with various IOS tools such as…
– – – – – – Route-map filters Distribute-list filters Prefix-lists Access-lists Passive-interface filters Route tags
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Route-Map Filtering
• Condition based criteria for filtering & modifying redistribution • Like ACLs, ends in implicit deny • Typically matches prefix-list, but can match more
– – – – – ACL Route type Route source Route tag Metric

• Can be used for route tagging & loop prevention
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Distribute-List Filtering • Used to filter routing advertisements…
– Received on an interface – Sent on an interface – Received from a neighbor – Sent to a neighbor

• Calls prefix-list or access-list for actual route matching • Only supported for RIPv2/EIGRP/BGP
– Breaks OSPF/IS-IS LSDB logic
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Prefix-List Filtering
• Used to match route based on both prefix and length
– e.g. ip prefix-list LIST permit 1.2.3.0/24

• Can also match ranges of prefixes or lengths
– e.g. ip prefix-list LIST permit 0.0.0.0/0 le 32

• Uses sequence numbers to allow editing • Preferred use for routing filters, not traffic filters • Can be referenced from distribute-list or route-map
– distribute-list prefix-list LIST in FastEthernet0/0 – match ip address prefix-list LIST
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Access-List Filtering
• Normally used for traffic filtering, but can be used for routing filters • Standard ACLs can only match on prefix, not length
– 1.2.0.0/16 and 1.2.0.0/31 appear the same – Shortcoming as compared to prefix-list

• Extended ACL applies differently based on protocol
– In RIP & EIGRP can filter route based on gateway – In BGP uses legacy prefix-list workaround syntax
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

com Copyright © 2010 Internetwork Expert .INE.INE. Inc www.com Passive-Interface Filtering • Used to disable sending of routing updates on an interface that has the process enabled • For RIPv2. Inc www.www. receive but not send • For OSPF/EIGRP.com Route Tag Filtering • Administrative route tagging can be used to “color” routes based on their origination – Gives visibility to redistribution source router or source protocol in the routing database • Route tag can be used to prevent route feedback in certain designs • Applied through route-map – set tag 1234 – match tag 1234 Copyright © 2010 Internetwork Expert.INE. breaks adjacency forming • Can be per link or all links Copyright © 2010 Internetwork Expert.

then route-map Copyright © 2010 Internetwork Expert. default ip next-hop.INE.com Copyright © 2010 Internetwork Expert .. – If set ip next-hop or interface • Check route-map first.INE. interface.com How PBR Works • Route-map defines match and set criteria – Match incoming interface or ACL – Set ip next-hop. but non-distributed platforms may have performance limitations Copyright © 2010 Internetwork Expert.www.. or default-interface • Route-map applies either to – Incoming traffic on interface with ip policy – Locally generated traffic with ip local policy • Order of operations is. Inc www. then routing table – If set ip default next-hop or default interface • Check routing table first.INE.com Policy Based Routing & Traffic Engineering • Normal routing decision is based on longest match to destination address • Policy Based Routing (PBR) allows routing decision based on… – Source address – Incoming interface – Application – QoS markings • Very flexible. Inc www.

Inc www.com Copyright © 2010 Internetwork Expert . Inc www.INE.INE.com IP SLA & Traffic Engineering • IP Service Level Agreement adds application level awareness to Enhanced Object Tracking • Enhanced Objects can be called from features such as… – FHRPs – Policy-Based Routing – Static Routing Copyright © 2010 Internetwork Expert.com Q&A Copyright © 2010 Internetwork Expert.www.INE.

INE.463.431.com Internetwork Expert’s CCNP Bootcamp Internet Protocol Version 6 (IPv6) http://www. Inc www.com Why IPv6? • Main motivation for IPv6 is lack of IPv4 address space • IPv4 uses 32-bits – 2^32 = 4.607.296 max addresses • IPv6 uses 128-bits – 2^128 = 34.000.463.INE.967.692.77 0.000+ Copyright © 2010 Internetwork Expert.www.028.236.294.com Copyright © 2010 Internetwork Expert .938.374.INE.

2.com Copyright © 2010 Internetwork Expert . Inc www.INE.4 – Each place denotes 1 byte • IPv6 Hexadecimal – XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX – Two characters = one byte Copyright © 2010 Internetwork Expert.com RFC 2373: IP Version 6 Addressing Architecture 2. Inc www.INE.3.4 Address Type Representation The specific type of an IPv6 address is indicated by the leading bits in the address. IPv6 Addressing Format • IPv4 Dotted Decimal – 1.com IPv4 vs. The variable-length field comprising these leading bits is called the Format Prefix (FP).INE. The initial allocation of these prefixes is as follows: Allocation Prefix (binary) -----------------------------------------Aggregatable Global Unicast Addresses 001 Link-Local Unicast Addresses 1111 1110 10 Site-Local Unicast Addresses 1111 1110 11 Multicast Addresses 1111 1111 Fraction of Address Space ------------1/8 1/1024 1/1024 1/256 Copyright © 2010 Internetwork Expert.www.

com Modified EUI-64 Addressing • IPv6 host addresses are generated from interface MAC address • MAC address is 48-bits • IPv6 host address is 64-bits • Extra 16 bits derived as follows: – MAC 1234. Inc www.com Copyright © 2010 Internetwork Expert .INE.com IPv6 Address Space • Four main address types – Global Unicast • 2000… – 3FFF… – Unique Local • FC00… • Deprecates Site Local (FEC0) – Link Local • FE80… – Multicast • FF… Copyright © 2010 Internetwork Expert.5678.9012 – Insert “FFFE” in middle • 1034:56FF:FE78:9012 Copyright © 2010 Internetwork Expert.www.5678.INE. Inc www.INE.9012 – Invert 7th most significant bit • 1034.

INE.www. Inc www.INE.com IPv6 Address Resolution • Ethernet – ICMPv6 ND replaces ARP • NBMA – Static resolution on multipoint interfaces – Inverse Neighbor Discover not yet implemented Copyright © 2010 Internetwork Expert.INE.com ICMPv6 Neighbor Discovery • ICMPv6 ND • Replaces IPv4 ARP • NS – Neighbor Solicitation – Ask for information about neighbor • NA – Neighbor Advertisement – Advertise yourself to other neighbors • RS – Router Solicitation – Ask for information about local routers • RA – Router Advertisement – Advertise yourself as an active router Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . Inc www.

www.com IPv6 Routing Overview • IPv6 unicast routing off by default – ipv6 unicast-routing • Dynamic routing through – – – – – RIPng OSPFv3 EIGRPv6 IS-IS BGP • Dynamic information recurses to remote linklocal address – Layer 3 to layer 2 resolution on multipoint NBMA medias Copyright © 2010 Internetwork Expert.INE.255.INE. Inc www.255.com Copyright © 2010 Internetwork Expert .255 Copyright © 2010 Internetwork Expert.INE.com ICMPv6 Neighbor Discovery • Send neighbor solicitation to solicited node multicast – FF02:0:0:0:0:1:FF00::/104 + 24 low-order bits • If no reply address is unique – Duplicate Address Detection (DAD) • Send unsolicited neighbor advertisement to announce yourself – Sent to all hosts multicast • FF02::1 • Essentially the same as 255. Inc www.

com Copyright © 2010 Internetwork Expert . & EIGRPv6 – Use separate processes • BGP & IS-IS – Use the same process – Different Address families Copyright © 2010 Internetwork Expert. Inc www. OSPFv3.www.INE.com IPv6 Static Routing • Same static routing implications as IPv4 – To next-hop • Resolve next-hop – To multipoint interface • Resolve final destination – To point-to-point interface • No resolution required Copyright © 2010 Internetwork Expert.INE.com IPv6 Routing • RIPng.INE. Inc www.

INE.INE.INE.com RIPng Overview • • • • RFC 2080 . Inc www.com OSPFv3 Overview • RFC 2740 . Inc www.com Copyright © 2010 Internetwork Expert .www.OSPFv3 • Similar in operation to OSPFv2 • Router-id is IPv4 address – Use router-id command if no IPv4 configured • Configuration – Interface level ipv6 ospf [process-id] area [area-id] – Automatically enables global process Copyright © 2010 Internetwork Expert.RIPng Similar in operation to RIPv1 / RIPv2 UDP port 521 multicast to FF02::9 Configuration – Interface level ipv6 rip [process] enable – Automatically enables global process • Split-horizon enabled globally – no split-horizon on multipoint NBMA Copyright © 2010 Internetwork Expert.

Inc www.com EIGRPv6 Overview • Similar in operation to IPv4 EIGRP • IP protocol 88 multicast to FF02::A • Configuration – Interface level ipv6 eigrp [ASN] – Process level no shutdown Copyright © 2010 Internetwork Expert. Inc www.www.com Copyright © 2010 Internetwork Expert .INE.INE.INE.com OSPFv3 Over NBMA • Same network types as OSPFv2 – Broadcast • DR/BDR Election – Non-broadcast • DR/BDR Election • Unicast updates to link-local address – Point-to-point – Point-to-multipoint – Point-to-multipoint non-broadcast • Unicast updates to link-local address Copyright © 2010 Internetwork Expert.

com BGP for IPv6 Overview • Same process for IPv4 and IPv6 – Uses address-family configuration • Normal BGP rules apply – Requires underlying IGP transport – iBGP loop prevention • Don’t advertise iBGP learned routes to other iBGP neighbors • Exception through route-reflection / confederation – EBGP loop prevention • Don’t accept routes with your own AS in the path – Same best-path selection process Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert . Inc www.INE.www. no CLNS transport • Automatic tunnels – 6to4 • Imbeds IPv4 address into IPv6 prefix to provide automatic tunnel endpoint determination – ISATAP • Automatic host to router and host to host tunneling Copyright © 2010 Internetwork Expert.INE.INE.com Tunneling IPv6 over IPv4 • Static tunnels – GRE • Default tunnel mode – IPv6IP • Less overhead.

Inc www.com Copyright © 2010 Internetwork Expert . Inc www.INE.INE.com Automatic 6to4 Tunneling • Derives destination IPv4 router from address imbedded inside IPv6 destination • 2002:border-router-IPv4-address::/48 • Single /48 subnetted amongst site • Only one tunnel needed for all destinations Copyright © 2010 Internetwork Expert.www.245.com IPv6 Examples 2001:0:0:6::/64 VLAN 6 Lo0 2001::6/128 Fa0/1 R6 Fa0/0 Lo0 2001::1/128 Fa0/0 2001:0:0:146::/64 VLAN 146 Fa0/0 Lo0 2001::4/128 R1 2001:0:0:13::0/127 R4 S0/0 2001:0:0:5::/64 VLAN 5 S0/1 10.INE.1.0/24 Fa0/0 40 2001:0:0:13::0/127 5 504 502 5 20 Lo0 2001::3/128 Lo0 2001::2/128 S0/0 R5 Lo0 2001::5/128 S1/2 R3 Fa0/0 2001:0:0:23::/64 VLAN 23 R2 Fa0/0 S0/0 Copyright © 2010 Internetwork Expert.

INE. Inc www.www.com Copyright © 2010 Internetwork Expert .com IPv6 Q&A Copyright © 2010 Internetwork Expert.INE.

INE. It is a logical.INE.com Copyright © 2010 Internetwork Expert . Inc www.INE. systematic search for the source of a problem so that it can be solved. and so the product or process can be made operational again.com Internetwork Expert’s CCNP Bootcamp Troubleshooting Overview http://www.www.” • The key is that troubleshooting is logical and systematic • Fixing a problem by dumb luck does not constitute troubleshooting Copyright © 2010 Internetwork Expert.com What Is Troubleshooting? • Per Wikipedia… “a form of problem solving most often applied to repair of failed products or processes.

• One key way expert-level engineers set themselves apart from average engineers is troubleshooting methodology – average engineer runs around like a chicken with its head cut off – expert engineer keeps a cool head and follows a structured approach Copyright © 2010 Internetwork Expert. troubleshooting VoIP call quality and OSPF neighbor adjacency involves different discrete steps. but logical approach is the same • Structured troubleshooting is closely analogous to the Scientific Method of conducting experiments Copyright © 2010 Internetwork Expert.www. Inc www. Inc www.INE.INE.com Copyright © 2010 Internetwork Expert .INE.com Why Troubleshooting? • Today’s networks are more high-availability minded than ever.g. and downtime means loss of revenue in… – – – – Employee productivity Customer SLA violations Regulatory fines Etc.com Structured Troubleshooting Approach • Defines a logical and systematic method of troubleshooting that can be applied to any case – E.

INE.INE.INE. Inc www.com Copyright © 2010 Internetwork Expert .com Scientific Method Workflow Copyright © 2010 Internetwork Expert.com Structured Troubleshooting Workflow Copyright © 2010 Internetwork Expert. Inc www.www.

INE.INE. more investigation is needed to find the root of the cause Copyright © 2010 Internetwork Expert.com Defining The Problem • Network problems are generally discovered in two ways – Reactive • e. Inc www.g. Inc www.com Gathering Information • Apart from asking users for more information on tickets submitted. testing tools • • • • PING Traceroute Telnet Etc. SNMP reports a linkdown event • In either case. gathering information is in the form of… – show commands – debug commands • Typically not used in real-world unless network-down emergency – Misc. users submit tickets to the help desk that web browsing is slow – Proactive • e.www.com Copyright © 2010 Internetwork Expert .INE.g. • Ultimate goal is to isolate the issue as closely as possible by eliminating unrelated variables Copyright © 2010 Internetwork Expert.

g.e.g.INE.g.com How To Gather Information • Structured troubleshooting involves isolating the operation network into functional layers – E. Inc www.www. if physical layer (i. all layers above it are broken Copyright © 2010 Internetwork Expert.com Top Down Troubleshooting • Most useful for application related issues – E. Inc www. OSI Model or TCP/IP Model • Where to actually start isolating is a personal preference – Common approaches are… • Top-Down • Bottom-Up • Divide and Conquer • Key to remember is that layers have a cascading effect – E. physical switchport is bad (layer 1) Copyright © 2010 Internetwork Expert.g.com Copyright © 2010 Internetwork Expert . user can’t send email – start by checking their email settings • Potentially very time consuming if problem resides in lower layer – E.INE.INE. layer 1) is down.

com Copyright © 2010 Internetwork Expert . go up the stack • If no.www. can be very time consuming depending on where the problem actually lies Copyright © 2010 Internetwork Expert.g. go down the stack Copyright © 2010 Internetwork Expert. Inc www.com Bottom Up Troubleshooting • Verify each layer starting with physical and proceed to the next – Is the link UP/UP? – Are the layer 2 options correct? – IP properly configured? – IGP adjacency exists? – Etc.INE.INE. • Like top-down.com Divide and Conquer • Goal is to reduce search time by picking a layer to start at • Based on results of testing. further verification goes either up or down the stack • E. for troubleshooting email problem… – Can I ping the mail server? • If yes.INE. Inc www.

INE. Inc www.com Copyright © 2010 Internetwork Expert . Inc www.www.com Observing The Results • Depending on the nature of the problem. roll back • Changing too many variables at once can compound the problem even further Copyright © 2010 Internetwork Expert.g.INE. users experienced low VoIP quality.g. now they can. proceed forwards • If no. user said they couldn’t email.INE. verification of the solution can be either straightforward or complicated – E. but only time will tell • Within the scope of TSHOOT exam.com Defining & Implementing The Fix • Ideally up to this point the issue is sufficiently isolated to make an educated guess as to how the problem can be fixed • Proper “Change Control” at this stage is key – Clearly define the proposed fix – Implement the proposed fix – Did it work? • If yes. problem straightforward and solved – E. quality is now good. final observation is your score  Copyright © 2010 Internetwork Expert.

INE.com Copyright © 2010 Internetwork Expert .www. or to trace your steps if the same problem is recurring Copyright © 2010 Internetwork Expert. a further dilemma occurs – Did I misdiagnose the problem in the first place? – Are there significant variables that were overlooked? – Was my fix not appropriate? • Before making further changes.com Reiteration • If the problem was not solved.INE. why not? Copyright © 2010 Internetwork Expert.INE. more information should be gathered – Did the situation change since I implemented a fix? • If yes. Inc www.com Documenting the Fix • All good change control policies should require documentation for all fixes • Documentation allows the development of a “knowledge base” for your particular network topology • KB can be referenced in the future to solve similar problems. for the better or worse? • If not. Inc www.

com Q&A Copyright © 2010 Internetwork Expert. Inc www.INE.com Copyright © 2010 Internetwork Expert .www.INE.

INE.www.INE. Inc www.INE. information must be gathered about a problem to eliminate as many variables as possible • IOS offers both proactive and reactive tools for gathering information • Proactive monitoring can inform you about problems that need more reactive research to isolate Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .com Internetwork Expert’s CCNP Bootcamp Troubleshooting Tools http://www.com Tools for Gathering Information • Before implementing a fix.

INE.com Proactive Monitoring • IOS supports both passive and event driven monitoring to observe the current network status • Examples are… – SNMP – RMON – Syslog – NetFlow – EEM Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .com SNMP • Simple Network Management Protocol • Used to report conditions of managed device to management station (NMS) • Two ways to collect data – Trapping • Managed device reports event to NMS – Polling • NMS asks managed device to report a variable • Management Information Base (MIB) – Variable used to report a network condition • SNMPv2c vs. Inc www.INE.INE.www. SNMP3 Copyright © 2010 Internetwork Expert. Inc www.

Inc www.INE.com SMMP Polling • Define SNMP “Community String” – Password for NMS to poll device • Two types of community strings – Read Only • Information gathering only – Read Write • Gather info and set values • snmp-server community string [ro | rw] [acl] – access-list defines who can poll device Copyright © 2010 Internetwork Expert.www.com SNMP Trapping: Step 1 • Define events to trap – All traps • snmp-server enable traps – Specific traps • snmp-server enable traps [notification-type] Copyright © 2010 Internetwork Expert.InternetworkExpert.InternetworkExpert. Inc www.com Copyright © 2010 Internetwork Expert .

InternetworkExpert.www. Inc www. Inc www.INE.com Copyright © 2010 Internetwork Expert .com RMON • Remote Monitoring • Used to report a MIB value to SNMP NMS or syslog server • Two components – Alarm • Condition that triggers event – CPU exceeds 90% – Free memory drops below 20Mb – Event • Message to send to NMS / syslog – “Help! My CPU is over 90%!” Copyright © 2010 Internetwork Expert.InternetworkExpert.com SNMP Trapping: Step 2 • Define NMS to trap to – All enabled traps • snmp-server host host-addr communitystring – Subset of enabled traps • snmp-server host host-addr communitystring [notification-type] Copyright © 2010 Internetwork Expert.

InternetworkExpert.INE.com RMON • Absolute sampling – Exact value of MIB at time index A • CPU Utilization • Memory Utilization • Used for value that increase and decrease Copyright © 2010 Internetwork Expert. Inc www.InternetworkExpert. Inc www.com Copyright © 2010 Internetwork Expert .com RMON • RMON alarm defines how MIB is sampled • Delta sampling – Difference between MIB value at time index A compared to MIB value at time index B • Packets sent out E0/0 each minute • CRC errors received every hour – Used for values that only increase Copyright © 2010 Internetwork Expert.www.

InternetworkExpert.com RMON Example • Configure RMON to track the five minute CPU average (lsystem.0) • If the utilization is over 90% generate the event “CPU Above 90%” • If the utilization is below 30% generate the event “CPU Below 30%” • Sample the MIB every 60 seconds • Trap the events to the SNMP NMS at 1.4 using the community string CISCO Copyright © 2010 Internetwork Expert.2. Inc www.www.com Logging • IOS can log messages to – Console – Monitor (VTY / AUX) – Buffer – Trap (syslog) • show log to check logging condition Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert .InternetworkExpert.58.3.INE.

InternetworkExpert.com Copyright © 2010 Internetwork Expert .com Logging Severity • Level or “severity” determines what log messages will be sent • Logging at severity 3 means 0.com Syslog Logging • logging [host] global command • Syslog defaults to informational – severity 6 • logging trap debugging to send all messages • Logging “facility” controls format of syslog messages – Used to ease parsing of logs from different devices on the syslog server Copyright © 2010 Internetwork Expert. Inc www. 2.INE. Inc www.www. 1.InternetworkExpert. and 3 Rack1R1(config)#logging console ? <0-7> Logging severity level alerts Immediate action needed critical Critical conditions debugging Debugging messages emergencies System is unusable errors Error conditions guaranteed Guarantee console messages informational Informational messages notifications Normal but significant conditions warnings Warning conditions xml Enable logging in XML <cr> (severity=1) (severity=2) (severity=7) (severity=0) (severity=3) (severity=6) (severity=5) (severity=4) Copyright © 2010 Internetwork Expert.

etc. Cacti.com Copyright © 2010 Internetwork Expert .com NetFlow • Used to collect traffic statistics for inbound or outbound “flows” – Flow defined as an individual session between a source & destination plus protocol/port pairs/markings • Flows data is exported to a collection station for further analysis – E. • Configured with ip flow interface & global command • Local verification by show ip cache flow Copyright © 2010 Internetwork Expert. NetQoS. Cisco NetFlow Collector.InternetworkExpert.g.INE.www.INE.com Logging Timestamps • Log timestamps can be formatted as – Uptime • Time since last reload • service timestamps {debug | log} uptime – Localtime • Clock’s time • service timestamps {debug | log} datetime [msec] [localtime] [showtimezone] [year] • NTP considerations Copyright © 2010 Internetwork Expert. Inc www. Inc www.

g. Wireshare/Ethereal Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . debug ip ospf adj – SPAN/RSPAN packet capture • Requires outside analysis with offline tools.g.INE.INE. Inc www. if CPU exceeds 90% send me an email • Includes several built in “applets” to simplify configuration • Supports Tool Command Language (TCL) shell for advanced programming • External repository hosted at Embedded Event Manager (EEM) Scripting Community Copyright © 2010 Internetwork Expert. show processes cpu history • Uses pipe “|” for redirect options – “debug” commands • E. Inc www.g.com Embedded Event Manager • EEM allows custom event actions to be defined in IOS – E.www.com Reactive Monitoring • Once you are alerted of a problem.g.INE. more research is generally needed • Examples are… – “show” commands • E. e.

www.INE.com Q&A Copyright © 2010 Internetwork Expert.INE. Inc www.com Copyright © 2010 Internetwork Expert .

INE.www.com Ethernet Speed/Duplex Negotiation • Rarely a problem of mis-negotiation Cisco to Cisco switches. but can be a problem of mis-configuration • Speed mismatch causes link to be up/down • Duplex mismatch allows link up/up but typically results in lots of packet loss – CDP detects and logs this by default – “late collisions” in show interface output typically means duplex mismatch Copyright © 2010 Internetwork Expert.INE.com Internetwork Expert’s CCNP Bootcamp LAN Troubleshooting http://www. Inc www.INE.com Copyright © 2010 Internetwork Expert .

Inc www.Modes • VLANs failing to propagate in the topology can have devastating effect on reachability – i. Inc www.com VTP Troubleshooting .INE.com Copyright © 2010 Internetwork Expert .INE.INE. cascading Layers effect • Initially check the VTP modes and the domain – Server – creates and forwards VLANs – Client – receives VLAN information from the server(s) – Transparent – does not sync – it will forward VTP messages in the domain Copyright © 2010 Internetwork Expert.e.www.com VTP Troubleshooting – Domain Name • The VTP domain name is case-sensitive and must match on all switches in the domain – use show vtp status in order to verify mode and name Copyright © 2010 Internetwork Expert.

INE.26.www.INE.com VTP Troubleshooting – show vtp status Rack26SW1#show vtp status VTP Version : running VTP1 (VTP2 capable) Configuration Revision : 16 Maximum VLANs supported locally : 1005 Number of existing VLANs : 16 VTP Operating Mode : Server VTP Domain Name : BCTS VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xE7 0xF2 0xC0 0xF5 0xC3 0xC7 0xF3 0xE3 Configuration last modified by 150.7 on interface Lo0 (first layer3 interface found) Copyright © 2010 Internetwork Expert.7.7 at 10-12-09 06:55:08 Local updater ID is 150.26.7.INE. Inc www.com Copyright © 2010 Internetwork Expert .com VTP Troubleshooting – vtp password • VTP authentication adds security but also complexity • Occasionally password may match through show vtp password but MD5 digests are different in show vtp status Copyright © 2010 Internetwork Expert. Inc www.

Inc www.INE.com VTP Troubleshooting – config rev • Device with highest configuration revision number has most updated copy of the database • When adding switches to the topology errors in config rev.com VTP Troubleshooting . number can overwrite the network • Can be reset to 0 by… – Changing VTP domain – Changing to VTP transparent Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . VTP is broken – Cascading Layers again • Use show interface trunk to confirm functional trunks in the topology Copyright © 2010 Internetwork Expert.Trunks • VTP messages flow over trunk links • If trunks are broken. Inc www.www.INE.INE.

com Access VLAN Troubleshooting • As a safeguard.INE. • Logical topology diagrams provided might hide important Layer 2 aspects of the physical topology – show cdp neighbor to verify physical topology • Misc. use the switchport mode access command in conjunction with switchport access vlan vlan_id – Avoids errors in DTP • Ensure the VLAN exists in the database with show vlan brief • You may need show cdp neighbors to verify interfaces that must participate in the VLAN Copyright © 2010 Internetwork Expert.www.INE. Inc www.INE.com Copyright © 2010 Internetwork Expert . verification through… – show run interface – show interface switchport • Are VLANs allowed over trunk ports? – show interface trunk Copyright © 2010 Internetwork Expert. Inc www.com Access VLAN Troubleshooting – Topo.

Inc www.com Trunking Troubleshooting .DTP • Dynamic Trunk Protocol (DTP) might cause or prevent a trunk from forming • Verification of mode is best accomplished with show interface switchport Copyright © 2010 Internetwork Expert.www.INE.com show interface switchport Rack26SW1#show interface fa0/15 switchport Name: Fa0/15 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert .INE.INE.

INE.www. and sends DTP frames switchport mode access forces the interface to access mode (non-trunk) switchport mode dynamic desirable willing to trunk and sends DTP frames switchport mode dynamic auto willing to trunk but does not send DTP frames switchport nonegotiate used with the ON mode – stops DTP (no frames sent) Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert . Inc www.com Trunking Troubleshooting – DTP Modes • • • • • ON – – – – – – – – – – switchport mode trunk forces the interface to trunk.com OFF DESIRABLE AUTO NONEGOTIATE Trunking Troubleshooting–show int sw Rack26SW1#show interface fa0/15 switchport Name: Fa0/15 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: On Copyright © 2010 Internetwork Expert. Inc www.INE.

.com Copyright © 2010 Internetwork Expert ......1Q trunk links • Must match at each end of link – Both CDP and DTP will detect a mismatch • Verify with show interface switchport or show interface trunk Copyright © 2010 Internetwork Expert..AUTO AUTO .AUTO Copyright © 2010 Internetwork Expert.AUTO NONEGOTIATE ...INE.com Trunking Troubleshooting – DTP Quiz • • • • • In each case – trunk or no trunk? AUTO ..com Trunking Troubleshooting – Native VLAN • Untagged VLAN across 802.. Inc www..DESIRABLE ON .INE.INE....www. Inc www......

30.1q 802.20.INE.30.30.INE.com Copyright © 2010 Internetwork Expert .1q 802.INE.20.999 1-9.999 1-9.www.1q 802.com Trunking Troubleshooting – Encapsulation • Trunking protocol must match at each end of the link • ISL or 802.1Q can be negotiated between the devices with DTP – E.999 1-9. Inc www.20.com Trunking Trouble.1q 802.1q 802.20.30.999 Copyright © 2010 Internetwork Expert.1q Status trunking trunking trunking trunking trunking trunking Native vlan 1 1 1 1 1 1 Vlans allowed on trunk 1-4094 1-4094 1-4094 1-4094 1-4094 1-4094 Vlans allowed and active in management domain 1-9.g.–show interface trunk Rack26SW2#show int trunk Port Fa0/16 Fa0/17 Fa0/18 Fa0/19 Fa0/20 Fa0/21 Port Fa0/16 Fa0/17 Fa0/18 Fa0/19 Fa0/20 Fa0/21 Port Fa0/16 Fa0/17 Fa0/18 Fa0/19 Fa0/20 Mode auto auto auto auto auto auto Encapsulation 802.30. n-isl indicates ISL was negotiated • show interface trunk for confirmation of protocol Copyright © 2010 Internetwork Expert.20. Inc www.999 1-9.

– Member Ports • Member ports in the EtherChannel should be checked for identical configuration – Speed/Duplex – Native VLAN – Trunking State – Allowed VLAN List – etc.com EtherChannel Trouble.INE. Inc www. Copyright © 2010 Internetwork Expert.www. Inc www.INE.com EtherChannel Troubleshooting • Can be Layer 2 or Layer 3 • Used for redundancy and load balancing • Problems with EtherChannel can appear as: – Loss of connectivity due to loop – High CPU utilization due to loop – Interfaces in the Error Disabled state Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .INE.

physical interface changes effect only the physical interface. auto – LACP – active. Inc www.com Copyright © 2010 Internetwork Expert . PAgP • Negotiation protocols for the EtherChannel formation • LACP is open standard.com EtherChannel Trouble.–LACP vs. passive • The keyword on ensures “static” configuration • Proper configuration is critical to avoid mismatches and issues caused with order of operations issues Copyright © 2010 Internetwork Expert.INE. Inc www. while Port Channel interface changes effect the whole EtherChannel Copyright © 2010 Internetwork Expert.com EtherChannel Trouble. PAgP is Cisco proprietary • Keywords are – PAgP – desirable. – Requirements • Other important guidelines: – No interfaces of the bundle can be configured for SPAN – In a Layer 3 EtherChannel IP address must be assigned to logical Port Channel – When channeling.www.INE.INE.

com EtherChannel Trouble.com EtherChannel Verifications • show interface trunk • show etherchannel summary • show etherchannel port-channel Copyright © 2010 Internetwork Expert.INE.INE.21 SW2(config-if-range)#shutdown SW2(config-if-range)#switchport trunk encapsulation dot1q SW2(config-if-range)#switchport mode trunk SW2(config-if-range)#channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 SW2(config-if-range)# SW4: SW4(config)#interface range fastethernet 0/16 . Inc www.INE.com Copyright © 2010 Internetwork Expert . – Layer 2 SW2: SW2(config)#interface range fastethernet 0/19 . Inc www.18 SW4(config-if-range)#switchport trunk encapsulation dot1q SW4(config-if-range)#switchport mode trunk SW4(config-if-range)#channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 SW2: SW2(config-if-range)#no shutdown Copyright © 2010 Internetwork Expert.www.

com STP Troubleshooting • STP failure and subsequent loop can impact the entire network! • Most real world problems result from failures with BPDU propagation Copyright © 2010 Internetwork Expert. Inc www. – Unidirectional Links • Common problem for STP • Unidirectional link means – Both sides of link are up – Local device can send frames to remote – Remote cannot send frames to local device • LoopGuard and Unidirectional Link Detection are both methods to prevent this problem Copyright © 2010 Internetwork Expert.com STP Trouble. Inc www.com Copyright © 2010 Internetwork Expert .INE.www.INE.INE.

--.16 128.-------.Nbr Type ------------------.INE.www.4639.com STP Trouble.19 128. Inc www.INE.--------.ab80 Cost 19 Port 18 (FastEthernet0/16) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0016.INE.com STP Trouble.26 Type --------------------------P2p P2p P2p P2p P2p P2p Shr Interface Role Sts Cost Prio. – show spanning-tree Rack27SW2#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000f.------------------------Po1 Altn BLK 9 128.20 128.9052. Inc www.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface ------------------Fa0/13 Fa0/14 Fa0/15 Fa0/16 Fa0/17 Fa0/18 Fa0/24 Role ---Desg Desg Desg Root Altn Altn Desg Sts --FWD FWD FWD FWD BLK BLK FWD Cost --------19 19 19 19 19 19 100 Prio.com Copyright © 2010 Internetwork Expert .---.56 P2p Copyright © 2010 Internetwork Expert.17 128.18 128.15 128. – The STP Topology • A key to troubleshooting is often to diagram the STP topology • Check placement of the Root Bridge and blocking ports in the topology • Diagramming is done through use of the show spanning-tree command • In the real world – many tools (CiscoWorks LMS) automate this diagramming Copyright © 2010 Internetwork Expert.Nbr -------128.

INE.INE.com Copyright © 2010 Internetwork Expert . Inc www.com Internetwork Expert’s CCNP Bootcamp IPv4 IGP Troubleshooting http://www.www.INE.com IPv4 Routing Workflow • IPv4 routing can be subdivided into three discrete steps – Routing lookup – Switching method – Layer 2 encapsulation • Subdividing these functions gives us a “layered” approach to routing troubleshooting Copyright © 2010 Internetwork Expert.

Inc www.INE.INE.g. show ip cef exact-route… • Troubleshooting considerations – PING result !.! – High CPU utilization Copyright © 2010 Internetwork Expert.INE.!.com IPv4 Switching Method • Goal is to move packets between interfaces • Medthods are… – – – – Process Fast CEF Etc. • Load balancing occurs at this stage – not all hosts use the same routing path – E. Inc www.www.com IPv4 Routing Lookup • Three goals: find the… – Longest match(es) – Outgoing interface(s) – Next-hop(s) • Troubleshooting considerations – Administrative Distance – Metric – Overlapping routes – Policing routing • Can override this step Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .

www. & Inverse-ARP – Subnet mismatches Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .INE.com Layer 2 Encapsulation • Goal is to build layer 2 frame header • Multipoint interfaces require layer 3 to layer 2 resolutions – Point-to-point interfaces do not • Troubleshooting considerations – Routing to interface vs.com Further Reading • Troubleshooting Cisco Express Forwarding Routing Loops • Troubleshooting Incomplete Adjacencies with CEF • Troubleshooting High CPU Utilization in IP Input Process Copyright © 2010 Internetwork Expert.INE.INE. Inc www. Proxy-ARP. Inc www. next-hop – ARP.

com EIGRP Workflow • EIGRP operation can be subdivided into four discrete steps… – Discover EIGRP Neighbors – Exchange Topology Information – Choose Best Path – Neighbor and Topology Table Maintenance Copyright © 2010 Internetwork Expert.www.INE.com Copyright © 2010 Internetwork Expert .0.INE. Inc www.0.com Discovering EIGRP Neighbors • EIGRP neighbors discovered through multicast – Implies bi-directional multicast transport of IP protocol 88 to 224.INE. Inc www.10 is needed – Possible NBMA pseudo-broadcast support issues – Possible filtering issues • If neighbor statement configured. only unicast hellos are accepted – If not agreed upon adjacency cannot continue Copyright © 2010 Internetwork Expert.

com Copyright © 2010 Internetwork Expert . not secondary – ASN – Authentication – K Values (metric weights) Copyright © 2010 Internetwork Expert.INE.INE.com Exchanging EIGRP Topology Info • Topology info exchanged through unicast.com Discovering EIGRP Neighbors (cont.INE. Inc www. not multicast – Implies bi-directional unicast transport of IP protocol 88 needed – Multicast still required unless neighbor statement used • EIGRP only advertises what it installs in routing table – Troubleshooting considerations • • • • • Auto-summary Split-horizon Duplicate Router-IDs for external routes No seed metric for external routes Distribute-list filters Copyright © 2010 Internetwork Expert.) • Attributes that must match to proceed – Common subnet • Must be primary IP address. Inc www.www.

com Common EIGRP Verifications • show ip route • show ip eigrp neighbor • show ip eigrp topology • show ip eigrp topology alllinks • debug eigrp packet hello • debug eigrp packet query reply • More info at Troubleshooting EIGRP Copyright © 2010 Internetwork Expert.INE.com EIGRP Path Selection • Feasible distance must be finite to use and advertise a path – show ip eigrp topology • Unequal cost load balancing only supported for Feasible Successors – IF Advertised Distance < Feasible Distance.www.com Copyright © 2010 Internetwork Expert . Inc www. Inc www.INE.INE. Feasible Successor = TRUE • Modifying bandwidth for path selection can starve EIGRP updates of bandwidth – ip bandwidth percent eigrp Copyright © 2010 Internetwork Expert.

INE.www. Inc www.INE. Inc www.com OSPF Workflow • OSPF operation can be subdivided into four discrete steps… – Discover OSPF Neighbors – Exchange Topology Information – Choose Best Path – Neighbor and Topology Table Maintenance Copyright © 2010 Internetwork Expert.com Troubleshooting EIGRP Advertisement Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert .

com Discovering OSPF Neighbors (cont.INE.0.5) or unicast transport depending on network type – Possible NBMA pseudo-broadcast support issues – Possible filtering issues Copyright © 2010 Internetwork Expert. Inc www. Inc www.0.INE.0.) • Attributes that must be unique to proceed – IP address – Router-ID • Attributes that must match to proceed – – – – – – – Subnet Area Compatible Network Types Timers MTU Stub Flags Authentication Copyright © 2010 Internetwork Expert.0.com Copyright © 2010 Internetwork Expert .INE.5/224.com Discovering OSPF Neighbors • Requires IP protocol 89 multicast (224.www.

Inc www.com Common OSPF Verifications • show ip route • show ip ospf neighbor • show ip ospf database • debug ip ospf adj • More info at Troubleshooting OSPF Copyright © 2010 Internetwork Expert. Inc www. and 5 or 7 – Duplicate router-id issues – NSSA connectivity issues – Forward address issue on translated 7 to 5 LSA Copyright © 2010 Internetwork Expert.INE.www.com Exchanging OSPF Topology Info • Intra-area routes flooded via LSA 1 & LSA 2 – Duplicate router-id issues – DR/BDR on NBMA issues • Inter-area routes flooded via LSA 3 by ABR – Discontiguous area 0 issue • External routes flooded via LSA 4.com Copyright © 2010 Internetwork Expert .INE.INE.

INE.INE.com Copyright © 2010 Internetwork Expert . Inc www.com Internetwork Expert’s CCNP Bootcamp BGP Troubleshooting http://www.com BGP Workflow • BGP operation can be subdivided into five discrete steps… – Establish BGP peerings – Learn BGP table – Choose Best Path – Advertise Best Paths – Routing using BGP Copyright © 2010 Internetwork Expert.www.INE.

Inc www.www.com Establishing BGP Peerings • Requires TCP port 179 transport • Troubleshooting considerations – IGP routing • Default route & initiating peering – Update source – Client/server relationship & filtering – TTL • eBGP Multihop • TTL Security – NAT & Next-Hop Copyright © 2010 Internetwork Expert. Inc www.com Establishing BGP Peerings (cont.INE.) • BGP peers must agree on attributes to establish peering – Peer addresses – Unique RID – ASNs • Hide Local-AS – Authentication (TCP Option) – Capabilities (address-families) Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert .INE.

com Choose BGP Best Path • Valid Next Hop • BGP Synchronization – Router ID Matching • BGP Attributes – Weight.www. etc. distribute-list. MED. AS_PATH filter etc • ORF – Max AS limit – Enforce First AS • Unlikely but possible Copyright © 2010 Internetwork Expert.INE.com Learning the BGP Table • Troubleshooting considerations – AS-Path looping • Allow-AS in • AS-Override (MPLS VPN) – Inbound Filters • Route-map. Local-Preference. Inc www. – Improper Attribute Manipulation • BGP Dampening • Nexthop tracking Copyright © 2010 Internetwork Expert.INE. AS_PATH.INE. Inc www.com Copyright © 2010 Internetwork Expert .

Prefix-List • iBGP Split Horizon Rule – Full Mesh – Route Reflectors – Confederations – Synchronization Copyright © 2010 Internetwork Expert.INE. Distribute-List. Inc www.com Routing using BGP • Installing Best Paths – Nexthop Recursion issues – AD Collisions & Race Condition – Backdoor Networks • eBGP Default AD 20 • BGP Blackholes – Redistribution • iBGP Redistribution – Tunneling Copyright © 2010 Internetwork Expert.INE.com Advertising Best Paths • Advertisement Interval Delays • Outbound Filters – Route-Map.com Copyright © 2010 Internetwork Expert .www.INE. Inc www.

Inc www. and Active States? • Troubleshooting When BGP Routes Are Not Advertised • Troubleshooting Flapping BGP Routes (Recursive Routing Failure) Copyright © 2010 Internetwork Expert.www.INE. Inc www.com Further Reading • Troubleshooting BGP • Why Do BGP Neighbors Toggle Between Idle. Connect.INE.INE.com Common BGP Commands • show ip bgp summary • show ip bgp • show ip bgp neighbor [advertised-routes] • debug ip tcp transaction • debug ip bgp events • debug ip bgp updates Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .

com .INE. Inc www.Internetwork Expert’s CCNP Bootcamp IPv6 Troubleshooting Copyright © 2010 Internetwork Expert. Inc www.INE.com IPv6 Issues Classification • Layer 1/2 Problems: Common to other protocols • Layer 3 Issues • Routing Protocols Issues • IPv6 Tunneling Problems Copyright © 2010 Internetwork Expert.

Layer 3 Issues • Misconfigurations (e. Inc www.g. Inc www. wrong address or prefix length) • NBMA – No Inverse-ARP for Frame-Relay – Manual Mapping Required • Auto-Configuration – RA Not Properly Configured • IPv6 Not Supported in Transit – E.INE.g.INE.com Routing Protocols • Configuration Differs from IPv4 – Different Redistribution – Different Advertisement • Link-Local Addressing – Used by IGP Packets – Needs to be mapped on NBMA Copyright © 2010 Internetwork Expert. No Fallback-Bridging Copyright © 2010 Internetwork Expert.com .

Tunneling • Different Tunnel Types • Firewall Filtering • Tunnel Misconfiguration – 6to4 – ISATAP • Static Routing over the Tunnels – Misconfigurations Copyright © 2010 Internetwork Expert. Inc www.INE.com .

com .com DHCP Troubleshooting • DHCP Pool Not Matched – Wrong Address Range. Inc www. Wrong DNS Servers • DHCP Attributes not Inherited – Subnets don’t overlap – debug ip dhcp server linkage • Centralized DHCP – Wrong Helper Address or unreachable giaddr • Debugging Command: – debug ip dhcp server {event|packet} Copyright © 2010 Internetwork Expert. MAC Address/Client-ID • DHCP Parameters Wrong – Wrong Default GW.INE.INE. Inc www.Internetwork Expert’s CCNP Bootcamp IP Services Troubleshooting Copyright © 2010 Internetwork Expert.

0. Inc www.2:1985 • Debugging Commands – debug standby – debug condition standby <group> Copyright © 2010 Internetwork Expert. Inc www.INE.com .INE.com NTP Troubleshooting • Ensure Layer 3/4 connectivity first • NTP may take long to converge – Manually adjust time • Check stratum placement – Don’t peer different stratums • Authentication – Key IDs must match • Access-Control – Allow master node to peer with itself Copyright © 2010 Internetwork Expert.HSRP Troubleshooting • Misconfigurations – Mismatched Authentication/Group ID – Misconfigured Tracking – Virtual/Physical Address Duplication • Port-Security Problems – Standby use-bia – Allow the Virtual MAC • Access-Lists – Permit UDP 224.0.

) • Effect on Router Traffic – BGP/IGP etc packets • Resource Consumption – Virtual Fragmentation and Reassembly – Application Level Gateways – Extended Translations Take more Memory – NAT Entries Timeout • Debugging Commands – debug ip nat detailed Copyright © 2010 Internetwork Expert.com NAT Troubleshooting (cont.INE.NAT Troubleshooting • Understand NAT Domains – – – – Inside routes before Xlate Outside routes after Xlate Access-List Interaction Outside rule vs Inside rule • Misconfigurations – NAT Pool Range – Interface Domains • Routing for post-NAT addresses – Static Routes or IGP Advertisement – Aliases if post-NAT is directly connected Copyright © 2010 Internetwork Expert.com . Inc www.INE. Inc www.

Switches.com . reflexive) – CBAC – ZBFW • Use Packet Tracing – Traceroute – Access-list Logging Entries – debug ip icmp and ping Copyright © 2010 Internetwork Expert.g. Inc www.INE. Transparent • Understand Firewall Configuration – Access-Lists (regular. FTP) – Router-Originated Traffic (IGP/Management) • Add logging to access-lists – Ensure you rate-limit the logging Copyright © 2010 Internetwork Expert. Inc www.com Troubleshooting Access-Lists • Ensure ACL is applied – Proper Interface and Direction – Proper ACL Name – Check ACL Counters for Matching • Ensure you follow stateless logic – Permit returning flows – Account for additional ports (e.General Layer 3 Security Troubleshooting • Understand Packet Filter Placement – Routers.INE.

com . Inc www.com Layer 2 Security Troubleshooting • Layer 2 Access-Lists – Only work for non IPv4/IPv6 Traffic – May block STP/ARP or other important protocol • STP Security – Root Guard/BPDU Guard – May Cause Connectivity issues – show spanning-tree command • DHCP Snooping – Ensure trusted ports are properly configured – Create static entries for non-dynamic hosts – Look out for DHCP issues (zero giaddr) Copyright © 2010 Internetwork Expert.INE. Inc www.Troubleshooting Stateful Firewall • CBAC – Ensure you inspect proper protocols – Account for router traffic – Ensure there is an ACL in opposite direction – Use debug inspect for engine debugging • ZBFW – Account for Self Zone (router traffic) – Pass returning traffic for non-inspected flows – show policy-map type inspect for statistics – debug inspect for flow-level debugging Copyright © 2010 Internetwork Expert.INE.

Layer 2 Security Troubleshooting • VLAN Access-Lists – Apply to Transit Traffic – Implicitly Deny Traffic – May affect both L2 and L3 connectivity • Port Security – – – – – – – – Sticky addresses are not saved Watch out for hub/switched connected Apply only to access/trunk port show port-security May block legitimate traffic Requires careful flow analysis May block STP BPDUs show storm-control Copyright © 2010 Internetwork Expert. Inc www.com • Storm Control .INE.