You are on page 1of 362

10101010101010101101010101010101011010101010101010110101010101010101010101010101011010101010101010 11010101010101010110101010101010101010101010101011010101010101010110101010101010101101010101010101

01010101010101011010101010101010110101010101010101101010101010101010101010101010110101010101010101 10101010101010101101010101010101010101010101010110101010101010101101010101010101011010101010101010 10101010101010101101010101010101011010101010101010110101010101010101010101010101011010101010101010 11010101010101010110101010101010101010101010101011010101010101010110101010101010101101010101010101 01010101010101011010101010101010110101010101010101101010101010101010101010101010110101010101010101 10101010101010101101010101010101010101010101010110101010101010101101010101010101011010101010101010 10101010101010110101010101010101101010101010101011010101010101010101010101010101101010101010101011 01010101010101011010101010101010101010101010101101010101010101011010101010101010110101010101010101 01010101010101101010101010101011010101010101010110101010101010101010101010101011010101010101010110 10101010101010110101010101010101010101010101011010101010101010110101010101010101101010101010101010 10101010101011010101010101010110101010101010101101010101010101010101010101010110101010101010101101 01010101010101101010101010101010101010101010110101010101010101101010101010101011010101010101010101 01010101010110101010101010101101010101010101011010101010101010101010101010101101010101010101011010 10101010101011010101010101010101010101010101101010101010101011010101010101010110101010101010101010 10101010101101010101010101011010101010101010110101010101010101010101010101011010101010101010110101 01010101010110101010101010101010101010101011010101010101010110101010101010101101010101010101010101 01010101011010101010101010110101010101010101101010101010101010101010101010110101010101010101101010 10101010101101010101010101010101010101010110101010101010101101010101010101011010101010101010101010 10101010110101010101010101101010101010101011010101010101010101010101010101101010101010101011010101 01010101011010101010101010101010101010101101010101010101011010101010101010110101010101010101010101 01010101101010101010101011010101010101010110101010101010101010101010101011010101010101010110101010 10101010110101010101010101010101010101011010101010101010110101010101010101101010101010101010101010 10101011010101010101010110101010101010101101010101010101010101010101010110101010101010101101010101 01010101101010101010101010101010101010110101010101010101101010101010101011010101010101010101010101 01010110101010101010101101010101010101011010101010101010101010101010101101010101010101011010101010 10101011010101010101010101010101010101101010101010101011010101010101010110101010101010101010101010 10101101010101010101011010101010101010110101010101010101010101010101011010101010101010110101010101 01010110101010101010101010101010101011010101010101010110101010101010101101010101010101010101010101 01011010101010101010110101010101010101101010101010101010101010101010110101010101010101101010101010 10101101010101010101010101010101010110101010101010101101010101010101011010101010101010101010101010 10110101010101010101101010101010101011010101010101010101010101010101101010101010101011010101010101 01011010101010101010101010101010101101010101010101011010101010101010110101010101010101010101010101 01101010101010101011010101010101010110101010101010101010101010101011010101010101010110101010101010 10110101010101010101010101010101011010101010101010110101010101010101101010101010101010101010101010 11010101010101010110101010101010101101010101010101010101010101010110101010101010101101010101010101 01101010101010101010101010101010110101010101010101101010101010101011010101010101010101010101010101 10101010101010101101010101010101011010101010101010101010101010101101010101010101011010101010101010 11010101010101010101010101010101101010101010101011010101010101010110101010101010101010101010101011 01010101010101011010101010101010110101010101010101010101010101011010101010101010110101010101010101 10101010101010101010101010101011010101010101010110101010101010101101010101010101010101010101010110 10101010101010110101010101010101101010101010101010101010101010110101010101010101101010101010101011 01010101010101010101010101010110101010101010101101010101010101011010101010101010101010101010101101 01010101010101101010101010101011010101010101010101010101010101101010101010101011010101010101010110 10101010101010101010101010101101010101010101011010101010101010110101010101010101010101010101011010 10101010101011010101010101010110101010101010101010101010101011010101010101010110101010101010101101 01010101010101010101010101011010101010101010110101010101010101101010101010101010101010101010110101 01010101010110101010101010101101010101010101010101010101010110101010101010101101010101010101011010 10101010101010101010101010110101010101010101101010101010101011010101010101010101010101010101101010 10101010101101010101010101011010101010101010101010101010101101010101010101011010101010101010110101 01010101010101010101010101101010101010101011010101010101010110101010101010101010101010101011010101 01010101011010101010101010110101010101010101010101010101011010101010101010110101010101010101101010 10101010101010101010101011010101010101010110101010101010101101010101010101010101010101010110101010 10101010110101010101010101101010101010101010101010101010110101010101010101101010101010101011010101 Copyright © INE, Inc. All rights reserved. 01010101010101010101010110101010101010101101010101010101011010101010101010101010101010101101010101 01010101101010101010101011010101010101010101010101010101101010101010101011010101010101010110101010

*/&
CCNP Bootcamp

E x p e r t s a t M a k i n g Yo u a n E x p e r t

CCNP Bootcamp Introduction

Instructor Introduction • Brian McGahan, CCIE #8593
• • • • MCSE NT 4.0, CCNA, CCNP CCIE Routing and Switching - 2002 CCIE Service Provider - 2006 CCIE Security - 2007

– bmcgahan@ine.com

Copyright © www.INE.com

Asking Questions
• Cisco NDA Agreement • Questions In Class
– Participation is key

• Offline Questions
– Blog
• http://blog.INE.com

– Online Community
• http://www.IEOC.com • Web forum / mailing lists
Copyright © www.INE.com

Class Timing • • • • Start daily at 9am 10 minute break ~ every 50 minutes 1 hour lunch break at noon Class ends ~ 5pm

Copyright © www.INE.com

Class Objectives
• CCNP “validates the ability to plan, implement, verify and troubleshoot local and wide-area enterprise networks and work collaboratively with specialists on advanced security, voice, wireless and video solutions.” • Class goal not just pass the test, but to understand the technologies!

Copyright © www.INE.com

CCNP Prerequisites
• Valid CCNA Certification • Basic knowledge of…
– OSI model – TCP/IP – Layer 2 technologies
• Ethernet, Frame Relay, PPP, WIFI

– Layer 3 technologies
• IP Routing, RIPv2, EIGRP, OSPF

– Misc.
• DHCP, DNS, ACLs, etc.
Copyright © www.INE.com

CCNP Exam Blueprint
• www.cisco.com/go/ccnp • Exam Topics • Exam Tutorial
– Review type of exam questions

Copyright © www.INE.com

Class Schedule
• SWITCH
– – – – – – – – – – – Campus Network Design VLANs Trunking VTP Spanning-Tree Protocol EtherChannel Inter-VLAN Routing First Hop Redundancy Protocols Wireless Layer 2 Security Layer 2 VoIP

Copyright © www.INE.com

Class Schedule (cont.)
• ROUTE
– – – – – – – – IP Routing Overview EIGRP OSPF Routing Features BGP IPv6 Routing Redistribution VPN/GRE

Copyright © www.INE.com

Class Schedule (cont.) • TSHOOT
– Troubleshooting Tools – LAN Troubleshooting – IGP Troubleshooting – BGP Troubleshooting – IPv6 Troubleshooting – IP Services & Security Troubleshooting
Copyright © www.INE.com

Recommended Readings
• General networking
– TCP/IP Illustrated, Volume 1: The Protocols – Internetworking with TCP/IP Vol.1: Principles, Protocols, and Architecture – Interconnections: Bridges, Routers, Switches, and Internetworking Protocols

• CCNP specific
– Authorized self study – Exam certification guide

• Cisco in depth
– Cisco LAN Switching – Routing TCP/IP Volumes I & II – Cisco documentation
Copyright © www.INE.com

CCNP Hardware • Building a home lab • Renting rack time • Dynamips/PEMU/GNS3

Copyright © www.INE.com

General Q&A Copyright © www.INE.com .

and troubleshoot by promoting deterministic traffic patterns.com Copyright © 2010 Internetwork Expert www. Inc www.Internetwork Expert’s CCNP Bootcamp Hierarchical Campus Network Design Overview http://www. a three layer “hierarchical model to design a modular topology using scalable ‘building blocks’ that allow the network to meet evolving business needs.com .INE.INE.INE.com Hierarchical Campus Network Design Overview • Per Cisco.” • The building blocks are… – Access layer – Distribution layer – Core (backbone) layer Copyright © 2010 Internetwork Expert. understand. The modular design makes the network easy to scale.

Campus Network Example Copyright © 2010 Internetwork Expert. Inc www.INE.INE. and expand • No need to redesign entire network when a block is added or removed • Can be added and removed without impacting the rest of the network • Eases troubleshooting.INE.com .com Copyright © 2010 Internetwork Expert www. fault isolation. and management Copyright © 2010 Internetwork Expert. redesign.com Why Building Blocks? • Easy to replicate. Inc www.

Inc www. desktops. DAI.INE.com Copyright © 2010 Internetwork Expert www.com . etc. but can also be Layer 3 Switches • Multiple connections to Distribution Layer for redundancy • Offers services such as… – – – – – Broadcast domain segmentation (VLANs) QoS (marking.1x. etc. printers.) Multicast traffic management (IGMP Snooping) Inline power Copyright © 2010 Internetwork Expert. etc.3ad) – Load balancing – Topology summarization Copyright © 2010 Internetwork Expert. IP phones. port security. • Typically comprised of Layer 2 Switches.) Security (802.The Access Layer • Point of entry for end nodes into the network – e.INE.g. policing.INE. Inc www.com The Distribution Layer • Aggregates access layer switches • Typically comprised of Layer 3 Switches • Multiple connections to upstream to Core and downstream to Access • Offers services such as – Gateway redundancy (HSRP/VRRP/GLBP) – Bandwidth aggregation (EtherChannel/802.

Inc www.INE. Inc www.com .INE.INE. we must understand what role different devices play in the network • Devices such as… – Hubs/Repeaters – Layer 2 Bridges/Switches – Layer 3 Routers – Layer 3/Layer 4 Switches Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.The Core Layer • Backbone of the network – Must be fast and reliable as all other blocks depend on it • Typically hardware accelerated Layer 3 Switches • Offers services such as – Wire speed forwarding – Fast convergence around a link or node failure – Efficient bandwidth utilization Copyright © 2010 Internetwork Expert.com Network Device Roles • To understand how the layers interact.

INE.INE.com Copyright © 2010 Internetwork Expert www. Ethernet CSMA/CD Half-Duplex transmission – Broadcast domain Copyright © 2010 Internetwork Expert.e.e.com Layer 2 Bridges & Switches • Work at layer 2 of OSI model • Can be managed or unmanaged • For Ethernet. Inc www.com .Hubs & Repeaters • Work at layer 1 of OSI model • When a frame is received it is sent back out all ports – i. “frames” are forwarded based on destination layer 2 MAC address – “CAM” table used for decisions – Other types of switches such as Frame Relay & ATM use similar logic • Does not rewrite anything in the frame when forwarding • Switches are hardware accelerated bridges – ASICs for specific forwarding jobs • Devices connected to a bridge/switch are… – in the same broadcast domain – not in the same collision domain • i. Full-Duplex transmission Copyright © 2010 Internetwork Expert. Inc www. “multiport repeater” • Typically unintelligent and unmanaged – Does not inspect frame at all before forwarding – Accepts no user-defined configuration • Devices connected to a hub are in the same… – Collision domain • i.INE.e.

Layer 2 Broadcast Domains • Defines which devices can communicate directly at layer 2 • When a broadcast frame (i.INE. Inc www. collision detection window • Layer 2 switches segment the collision domain on a per-port basis to solve this • Layer 2 switches still have scalability issues based on total hosts in the network and hosts per broadcast domain Copyright © 2010 Internetwork Expert.com Layer 2 Switching Design Problems • Ethernet networks used to have scalability limitations based on the collision domain size – Half-Duplex CSMA/CD – Physical network delay vs.com . it is sent out all ports in the “broadcast domain” except the one it came in on • Unmanaged bridges/switches – All ports in the same broadcast domain • Managed switches – Uses Virtual LANs (VLANs) to group ports into different broadcast domains – Frames within the same VLAN are Layer 2 switched – Packets between VLANs must be Layer 3 routed Copyright © 2010 Internetwork Expert.FFFF) is received.FFFF.e.com Copyright © 2010 Internetwork Expert www. FFFF.INE. Inc www.INE.

more likelihood of a “broadcast storm” – So much broadcast traffic network is unusable • Can happen for legitimate or illegitimate reasons – e.FFFF • Larger the broadcast domain. 50.INE. or everyone in a flat network. ARP storm vs.com .com Copyright © 2010 Internetwork Expert www.CAM Table Limitations • Switches use the MAC address (CAM) table to do destination based switching • CAM table cannot be summarized like IP routing – 50. Fraggle attack • Limiting hosts per VLAN limits broadcast domain size – Usually one VLAN per /24 IP subnet is a good rule Copyright © 2010 Internetwork Expert.INE. switch acts like a hub – Forwards all new frames like broadcasts – Used in flooding attacks such as macof • Layer 3 routing segments the MAC flooding domain Copyright © 2010 Internetwork Expert.INE.com Broadcast Domain Limitations • Devices in the same VLAN. Inc www.g. Inc www.000 hosts in the network. are directly addressable via FFFF.000 MAC addresses per CAM per switch • Even access layer switches! • When CAM is full.FFFF.

INE. packet routed between Ethernet and HDLC • Normally does not modify layer 3 packet header – Exceptions such as NAT • All router links are in separate collision and broadcast domains • Software based forwarding Copyright © 2010 Internetwork Expert.g.com Copyright © 2010 Internetwork Expert www.com .com Layer 3 Switches • The same as Layer 3 Routers.INE. IPv4 address. Inc www. IPv6 address – routing table used for decisions • Rebuilds layer 2 frame header at every hop – e. Inc www.Layer 3 Routers • Work at layer 3 of OSI model • “Packets” are forwarded based on destination layer 3 address – e.g. but layer 2 packet rewrite is hardware accelerated with ASICs • Rewrite process is called “switching path” – Process switching • CPU interrupt based (slowest) – Fast switching • Flow based rewrite cache – Netflow switching • Previously called Multi-Layered Switching (MLS) – Cisco Express Fowarding (CEF) switching • Pre-built adjacency table (fastest) • Layer 3 Switching & MLS today is effectively hardware based CEF Copyright © 2010 Internetwork Expert.INE.

com Copyright © 2010 Internetwork Expert www. Inc www. HTTP flow vs.INE.cisco. FTP flow between same 2 hosts can follow different forwarding path • Still hardware accelerated for performance.Layer 3/Layer 4 Switches • Layer 3 devices make decision based only on destination layer 3 address • In some cases where multiple equal-cost paths are available. some paths are underutilized – AKA “CEF polarization” • Layer 4 switching adds TCP/UDP src/dst port information into CEF input in order to vary output – e.INE. but adds more optimal resource utilization Copyright © 2010 Internetwork Expert.com Further Reading • Cisco Validated Design program – http://www.g.com . Inc www.INE.com/web/gohttps://www.scribd.com/designzone – Previously SRNDs • Enterprise Campus 3.0 Architecture: Overview and Framework • Campus Network for High Availability Design Guide • High Availability Campus Recovery Analysis Design Guide Copyright © 2010 Internetwork Expert.

Trunking.INE.Internetwork Expert’s CCNP Bootcamp VLANs.INE.INE. & VTP http://www. Inc www.com VLANs Overview • Virtual Local Area Network • Hosts in the same VLAN share the same broadcast domain – Switches create a separate CAM table per VLAN – Traffic inside the VLAN is layer 2 switched – Traffic to outside or between VLANs must be layer 3 routed • Can span multiple physical switches – “VLAN Trunks” or simply “Trunks” carry traffic for multiple VLANs between switches on uplinks Copyright © 2010 Internetwork Expert.com .com Copyright © 2010 Internetwork Expert www.

sales. Inc www.VLAN Design Recommendations • Previously.com VLAN Numbering • VLAN membership defined by number • 12-bit field (0-4095) – 0 & 4095 reserved per 802. one VLAN per subnet per access switch • Old 80/20 rule is really more 20/80 rule now Copyright © 2010 Internetwork Expert. not physical location – e.com . • In newer designs.INE.1Q standard • Normal VLANs 1-1005 – 1 – Default Ethernet VLAN – 1002/1004 – Default FDDI VLANs – 1003/1005 – Default Token Ring VLANs • Extended VLANs 1006-4094 – More on this later… Copyright © 2010 Internetwork Expert.INE.INE.com Copyright © 2010 Internetwork Expert www. hosts in the same VLAN were grouped by role. etc. VLAN definitions should typically exist based on physical location – e.g.g. accounting. Inc www.

. Inc www. Please consult user documentation for configuring VTP/VLAN in config mode. SW1# Copyright © 2010 Internetwork Expert. Exiting. as VLAN database mode is being deprecated.com Copyright © 2010 Internetwork Expert www.com Creating VLANs in Database Mode SW1#vlan database % Warning: It is recommended to configure VLAN from config mode..com ..Creating VLANs • Cisco IOS based switches store VLAN information in flash in the VLAN database – vlan. Inc www.INE. deleted. and modified in two ways – Exec mode VLAN database mode • Being deprecated but still supported on some platforms – Global configuration Copyright © 2010 Internetwork Expert.INE. SW1(vlan)#vlan 10 name ACCOUNTING VLAN 10 added: Name: ACCOUNTING SW1(vlan)#exit APPLY completed.INE.dat • VLANs can be added.

Copyright © 2010 Internetwork Expert.INE.--------. SW1(config)#vlan 20 SW1(config-vlan)#name SALES SW1(config-vlan)# SW1(config-vlan)#exit SW1(config)#vlan 30. Fa0/6. Fa0/15.------------------------------1 default active Fa0/1. Fa0/10.com Copyright © 2010 Internetwork Expert www.INE. Fa0/2.INE.com .Creating VLANs in Global Config SW1#config t Enter configuration commands.com VLAN Verification SW1#show vlan brief VLAN Name Status Ports ---. Fa0/24. Fa0/11. Fa0/12 Fa0/13.50-55 SW1(config-vlan)#end SW1# End with CNTL/Z. Fa0/3. Fa0/4 Fa0/5. Fa0/8 Fa0/9. Gi0/2 10 ACCOUNTING active 20 SALES active 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 51 VLAN0051 active 52 VLAN0052 active 53 VLAN0053 active 54 VLAN0054 active 55 VLAN0055 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Copyright © 2010 Internetwork Expert.40. Gi0/1. Fa0/22 Fa0/23. Fa0/14. one per line.-------------------------------. Fa0/7. Inc www. Inc www.

0.0.INE.INE. Inc www.VLAN Membership • Once VLANs are created.3/24 Fa0/0 Fa0/0 R1 R3 Copyright © 2010 Internetwork Expert. membership is assigned at the port level • Layer 2 “switchports” generally fall into three categories – Access Switchports • One VLAN per port – Trunk Switchports • Multiple VLANs per port – Dynamic Switchports • Automatically choose access or trunk Copyright © 2010 Internetwork Expert. Inc www.INE.1/24 10.com Access Ports Example SW1 Fa0/1 VLAN 10 Fa0/3 10.0.com .0.com Copyright © 2010 Internetwork Expert www.

com .INE. Fa0/9.255.--------.255. Fa0/23.0.255. Fa0/12. Fa0/14 Fa0/15.255. Fa0/3 20 SALES active 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 51 VLAN0051 active 52 VLAN0052 active 53 VLAN0053 active 54 VLAN0054 active 55 VLAN0055 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Copyright © 2010 Internetwork Expert. Fa0/22. Fa0/4. Fa0/5. Inc www.INE. Fa0/8.INE.0.------------------------------1 default active Fa0/2. Inc www.0.3 255.-------------------------------. Fa0/6 Fa0/7.com Copyright © 2010 Internetwork Expert www. Gi0/2 10 ACCOUNTING active Fa0/1.0 R3# interface FastEthernet0/0 ip address 10. Fa0/13.1 255. Fa0/24 Gi0/1. Fa0/10 Fa0/11.0.com Access Port Verification SW1#show vlan brief VLAN Name Status Ports ---.0 SW1# interface FastEthernet0/1 switchport access vlan 10 switchport mode access ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access Copyright © 2010 Internetwork Expert.Basic Access Port Configuration R1# interface FastEthernet0/0 ip address 10.

Access Port Verification (cont. Inc www. Inc www.INE.INE.com VLAN Trunks • Trunk links are used to transport traffic for multiple VLANs between devices • Typically between two switches. but can also be… – Switch to router – Switch to server • Traffic sent over a trunk link receives special trunking encapsulation – Normal Ethernet header does not have a field for VLAN number – ISL or 802.com .1Q headers are added to include this information Copyright © 2010 Internetwork Expert.) SW1#show interfaces Fa0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: static access Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: Off Access Mode VLAN: 10 (ACCOUNTING) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert www.

Trunking Encapsulations • Both ISL and 802.INE. Token Ring. Inc www.1Q • IEEE standard • 4-byte tag except for “native” VLAN • Modifies original frame – See Inter-Switch Link and IEEE 802.1Q Frame Format for more info Copyright © 2010 Internetwork Expert.com .INE. Inc www. and FDDI – Legacy now but originally important • Becoming deprecated from many newer platforms Copyright © 2010 Internetwork Expert.1Q accomplish the same goal of encoding VLAN number in frame header to separate traffic • The key differences are… – ISL • Cisco proprietary • 30-byte encapsulation for all frames • Does not modify original frame – 802.com ISL Trunking • Inter-Switch Link • Cisco proprietary • 30-byte encapsulation overhead – 26-byte header – 4-byte trailer (FCS) • Supports Ethernet.com Copyright © 2010 Internetwork Expert www.INE.

0.0.0.INE.2/24 VLAN 10 R4 Fa0/0 10.INE.4/24 Fa0/2 Fa0/4 SW2 Fa0/13 Fa0/13 SW1 Fa0/1 VLAN 10 Fa0/3 10.0.0.0.0.3/24 Fa0/0 Fa0/0 R1 Copyright © 2010 Internetwork Expert. Inc www. Inc www.1/24 10.0.com R3 Copyright © 2010 Internetwork Expert www.802.INE.com Trunking Example R2 Fa0/0 10.1Q Trunking • AKA “dot1q” • IEEE standard • 4-byte tag overhead – Inserts 4-byte tag between src/dst MAC and len/ethertype fields – Rebuilds trailer (FCS) since frame is modified • “Native” VLAN support – Sent as normal untagged Ethernet frames • QinQ support – Multiple tags on a single frame – Used for layer 2 VPNs in Metro Ethernet – Similar logic to how MPLS VPNs work • Generally more preferred because of interoperability Copyright © 2010 Internetwork Expert.com .

255.0.0.com Copyright © 2010 Internetwork Expert www.0 R4# interface FastEthernet0/0 ip address 10. Inc www.0.2 255.com .255.0.10 SW1#show interface Fa0/13 switchport Name: Fa0/13 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: isl Operational Trunking Encapsulation: isl Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert.0.0 SW1# interface FastEthernet0/1 switchport access vlan 10 switchport mode access ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport trunk encapsulation isl switchport mode trunk SW2# interface FastEthernet0/2 switchport access vlan 10 switchport mode access ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport trunk encapsulation isl switchport mode trunk Copyright © 2010 Internetwork Expert.0.255.255.0 R2# interface FastEthernet0/0 ip address 10.255.255.1 255.3 255.0.0.com ISL Trunking Verification SW1#show interface trunk Port Fa0/13 Port Fa0/13 Port Fa0/13 Port Fa0/13 Mode on Encapsulation isl Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1.10 Vlans in spanning tree forwarding state and not pruned 1.INE.ISL Trunking Configuration R1# interface FastEthernet0/0 ip address 10. Inc www.INE.255.0 R3# interface FastEthernet0/0 ip address 10.INE.4 255.255.

255.0.255.10 Vlans in spanning tree forwarding state and not pruned none SW1#show interfaces fa0/13 switchport Name: Fa0/13 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert.0.0. Inc www.com 802.com .1 255.255.0.3 255.0.0 R2# interface FastEthernet0/0 ip address 10.com Copyright © 2010 Internetwork Expert www.INE. Inc www.255.0 R3# interface FastEthernet0/0 ip address 10.0 SW1# interface FastEthernet0/1 switchport access vlan 10 switchport mode access ! interface FastEthernet0/3 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk SW2# interface FastEthernet0/2 switchport access vlan 10 switchport mode access ! interface FastEthernet0/4 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk Copyright © 2010 Internetwork Expert.255.INE.255.0.255.1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1.0.4 255.255.0.1Q Trunking Verification SW1#show interfaces trunk Port Fa0/13 Port Fa0/13 Port Fa0/13 Port Fa0/13 Mode on Encapsulation 802.802.0 R4# interface FastEthernet0/0 ip address 10.INE.1Q Trunking Configuration R1# interface FastEthernet0/0 ip address 10.2 255.

INE.com Copyright © 2010 Internetwork Expert www.com . Inc www.1Q trunk – Access port • Configured as switchport mode dynamic [auto|desirable] • Disabled with switchport nonegotiate or switchport mode access Copyright © 2010 Internetwork Expert.10 Vlans in spanning tree forwarding state and not pruned none Copyright © 2010 Internetwork Expert.10 Vlans in spanning tree forwarding state and not pruned none SW2#show interfaces trunk Port Fa0/13 Port Fa0/13 Port Fa0/13 Port Fa0/13 Mode auto Encapsulation n-isl Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1.INE.com Dynamic Trunking Config & Verification SW1# interface FastEthernet0/13 switchport mode dynamic desirable SW2# interface FastEthernet0/13 switchport mode dynamic auto SW1#show interfaces trunk Port Fa0/13 Port Fa0/13 Port Fa0/13 Port Fa0/13 Mode desirable Encapsulation n-isl Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1. Inc www.Dynamic Switchports • Dynamic switchports automatically choose whether to run in access or trunking mode • Runs Dynamic Trunking Protocol (DTP) to negotiate. in order… – ISL trunk – 802.INE.

com Dynamic Trunking Verification (cont.) SW1#show interfaces fa0/13 switchport Name: Fa0/13 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: trunk Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: isl Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert.Dynamic Trunking Verification (cont.INE.) SW2#show interfaces fa0/13 switchport Name: Fa0/13 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: trunk Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: isl Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert. Inc www.INE.com . Inc www.com Copyright © 2010 Internetwork Expert www.INE.

Trunk Port VLAN Membership • By default. trunk ports carry traffic for all VLANs – Called trunk “allowed list” • VLANs can be manually filtered off the trunk by removing from the allowed list • Used to reduce… – Broadcast transmission – Unknown unicast/multicast transmission – Spanning-Tree overhead • More on this later… Copyright © 2010 Internetwork Expert.com .INE.INE.INE.com Copyright © 2010 Internetwork Expert www.com Allowed List Example Copyright © 2010 Internetwork Expert. Inc www. Inc www.

INE.1q Status trunking trunking Native vlan 1 1 Vlans allowed on trunk 10 20 Vlans allowed and active in management domain 10 20 Vlans in spanning tree forwarding state and not pruned 10 20 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.INE.INE.1q 802.Allowed List Configuration SW1# interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10 switchport mode trunk ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20 switchport mode trunk SW2# interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10 switchport mode trunk SW3# interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport trunk allowed vlan 20 switchport mode trunk Copyright © 2010 Internetwork Expert.com .com Allowed List Verification SW1#show interfaces trunk Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Mode on on Encapsulation 802. Inc www. Inc www.

name.VLAN Administration • In order for devices to be in the same broadcast domain.com VTP Overview • VLAN Trunk Protocol • Cisco proprietary • Used to dynamically… – Advertise addition. Inc www. Inc www. modification of VLAN properties • Number.com . removal. managing VLAN numbers and trunk allowed lists involves large administrative overhead • VTP solves this administration problem Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert www.INE.INE. – Negotiate trunking allowed lists • “VTP Pruning” • Does not affect actual VLAN assignments – Still manually needed with switchport access vlan [vlan] Copyright © 2010 Internetwork Expert. VLAN numbers must be consistent and inter-switch links must run trunking • As layer 2 network size grows. etc.

Inc www. switches must belong to the same domain • VTP Mode – Controls who can advertise new/modified information – Modes are… • Server • Client • Transparent • VTP Revision Number – Sequence number to ensure consistent databases – Higher revision indicates newer database Copyright © 2010 Internetwork Expert.INE.INE.com VTP Domains • VTP domain name controls which devices can exchange VTP advertisements • VTP domain does not define broadcast domain – Switches in different VTP domains that share same VLAN numbers hosts’ are still in the same broadcast domain • Configured as vtp domain [name] • Defaults to null value – Switch inherits VTP domain name of first advertisement it hears Copyright © 2010 Internetwork Expert.How VTP Works • VTP Domain – To exchange information.com Copyright © 2010 Internetwork Expert www.INE. Inc www.com .

com VTP Client Mode • Cannot add.com .INE.VTP Server Mode • Default mode • Allows addition. and modification of VLAN information • Changes on server overwrite the rest of the domain • Configured as vtp mode server Copyright © 2010 Internetwork Expert. deletion. and passes them on • Configured as vtp mode client Copyright © 2010 Internetwork Expert. Inc www.INE. Inc www.com Copyright © 2010 Internetwork Expert www.INE. remove. or modify VLAN information • Listens for advertisements originated by a server. installs them.

VTP Transparent Mode • Keeps a separate VTP database from the rest of the domain • Does not originate advertisements • “Transparently” passes received advertisements through without installing them • Needed for some applications like Private VLANs • Configured as vtp mode transparent
Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Security • VTP susceptible to attacks or misconfiguration where VLANs are deleted
– Access ports in a VLAN that does not exist cannot forward traffic

• MD5 authentication prevents against attack
– vtp password [password]

• Does not prevent against misconfiguration
– VTP transparent mode recommendation
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Example

Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Configuration
SW1# vtp mode server vtp domain CISCO vtp password VTPPASS vlan 10,20,30,40,50-55 SW2# vtp mode client vtp domain CISCO vtp password VTPPASS SW3# vtp mode client vtp domain CISCO vtp password VTPPASS SW4# vtp mode client vtp domain CISCO vtp password VTPPASS

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Verification
SW1#show vtp status VTP Version : 2 Configuration Revision : 7 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xB0 0x6D 0xC8 0xD8 0x1C 0x45 0xD8 0x60 Configuration last modified by 0.0.0.0 at 3-1-93 13:30:42 Local updater ID is 0.0.0.0 (no valid interface found) SW2#show vtp status VTP Version : 2 Configuration Revision : 7 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xB0 0x6D 0xC8 0xD8 0x1C 0x45 0xD8 0x60 Configuration last modified by 0.0.0.0 at 3-1-93 13:30:42

Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Verification (cont.)
SW3#show vtp status VTP Version : 2 Configuration Revision : 7 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xB0 0x6D 0xC8 0xD8 0x1C 0x45 0xD8 0x60 Configuration last modified by 0.0.0.0 at 3-1-93 13:30:42 SW4#show vtp status VTP Version : 2 Configuration Revision : 7 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xB0 0x6D 0xC8 0xD8 0x1C 0x45 0xD8 0x60 Configuration last modified by 0.0.0.0 at 3-1-93 13:30:42

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Verification (cont.)
SW1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/14, Fa0/15 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 VLAN0010 active Fa0/1, Fa0/3 20 VLAN0020 active 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 51 VLAN0051 active 52 VLAN0052 active 53 VLAN0053 active 54 VLAN0054 active 55 VLAN0055 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Verification (cont.)
SW4#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2 10 VLAN0010 active 20 VLAN0020 active 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 51 VLAN0051 active 52 VLAN0052 active 53 VLAN0053 active 54 VLAN0054 active 55 VLAN0055 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Transparent Configuration
SW1# vtp mode server vtp domain CISCO no vtp password vlan 10,20,30,40,50-55 SW2# vtp mode client vtp domain CISCO no vtp password SW3# vtp mode transparent vtp domain CISCO no vtp password no vlan 10,20,30,40,50-55 vlan 3,33,333,3333 SW4# vtp mode client vtp domain CISCO no vtp password

Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Transparent Verification
SW1#show vtp status VTP Version : 2 Configuration Revision : 9 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xD3 0x41 0xF1 0x21 0x12 0xF7 0x11 0xBF Configuration last modified by 0.0.0.0 at 3-1-93 13:35:59 Local updater ID is 0.0.0.0 (no valid interface found) SW2#show vtp status VTP Version : 2 Configuration Revision : 9 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xD3 0x41 0xF1 0x21 0x12 0xF7 0x11 0xBF Configuration last modified by 0.0.0.0 at 3-1-93 13:35:59

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Transparent Verification (cont.)
SW3#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Transparent VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x15 0x07 0xC0 0x68 0xA7 0xCD 0xCC 0xD2 Configuration last modified by 0.0.0.0 at 3-1-93 13:30:42 SW4#show vtp status VTP Version : 2 Configuration Revision : 9 Maximum VLANs supported locally : 1005 Number of existing VLANs : 15 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xD3 0x41 0xF1 0x21 0x12 0xF7 0x11 0xBF Configuration last modified by 0.0.0.0 at 3-1-93 13:35:59

Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Transparent Verification (cont.)
SW1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/14, Fa0/15 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gi0/1, Gi0/2 10 VLAN0010 active Fa0/1, Fa0/3 20 VLAN0020 active 30 VLAN0030 active 40 VLAN0040 active 50 VLAN0050 active 51 VLAN0051 active 52 VLAN0052 active 53 VLAN0053 active 54 VLAN0054 active 55 VLAN0055 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

VTP Transparent Verification (cont.)
SW3#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 3 VLAN0003 active 33 VLAN0033 active 333 VLAN0333 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup 3333 VLAN3333 active

Copyright © 2010 Internetwork Expert, Inc www.INE.com

VTP Pruning
• Broadcasts and unknown unicast/multicast frame are flooded everywhere in the broadcast domain
– Includes trunk links

• Editing allowed list limits this flooding, but large administrative overhead • VTP pruning automates this procedure
– Switches advertise what VLANs they need – All other VLANs are pruned (removed) off the trunk link

• Does not work for transparent mode
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

INE.20.INE.com VTP Pruning Configuration SW1# vtp domain CISCO vtp mode server vtp pruning vlan 10. Inc www.VTP Pruning Example VLAN 30 VLAN 10 Fa0/13 VLAN 20 SW1 Fa0/16 Fa0/13 Fa0/13 VLAN 20 SW2 VLAN 10 SW3 Fa0/19 Fa0/19 SW4 VLAN 30 Copyright © 2010 Internetwork Expert. Inc www.30 ! interface FastEthernet0/1 switchport mode access switchport access vlan 10 ! interface FastEthernet0/3 switchport mode access switchport access vlan 20 ! interface FastEthernet0/5 switchport mode access switchport access vlan 30 ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/16 switchport trunk encapsulation dot1q switchport mode trunk SW2# vtp domain CISCO vtp mode client ! interface FastEthernet0/2 switchport mode access switchport access vlan 10 ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk SW3# vtp domain CISCO vtp mode client ! interface FastEthernet0/3 switchport mode access switchport access vlan 20 ! interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk SW4# vtp domain CISCO vtp mode client ! interface FastEthernet0/4 switchport mode access switchport access vlan 30 ! interface FastEthernet0/19 switchport trunk encapsulation dot1q switchport mode trunk Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.INE.com .

com VTP Pruning Verification (cont.) SW3#show vtp status VTP Version : 2 Configuration Revision : 12 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xF6 0x11 0xDA 0x50 0x99 0x7B 0x17 0x0F Configuration last modified by 0.0.0.com .0.0 at 3-1-93 13:45:40 Copyright © 2010 Internetwork Expert. Inc www.0.INE.0 at 3-1-93 13:45:40 Local updater ID is 0.0. Inc www.0.0 at 3-1-93 13:45:40 Copyright © 2010 Internetwork Expert.0.0 at 3-1-93 13:45:40 SW4#show vtp status VTP Version : 2 Configuration Revision : 12 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xF6 0x11 0xDA 0x50 0x99 0x7B 0x17 0x0F Configuration last modified by 0.INE.) SW1#show vtp status VTP Version : 2 Configuration Revision : 12 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xF6 0x11 0xDA 0x50 0x99 0x7B 0x17 0x0F Configuration last modified by 0.INE.0.0 (no valid interface found) SW2#show vtp status VTP Version : 2 Configuration Revision : 12 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : CISCO VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xF6 0x11 0xDA 0x50 0x99 0x7B 0x17 0x0F Configuration last modified by 0.com Copyright © 2010 Internetwork Expert www.0.VTP Pruning Verification (cont.0.

20.10.com VTP Pruning Verification (cont.10.20.) SW3#show interfaces trunk Port Fa0/13 Fa0/19 Port Fa0/13 Fa0/19 Port Fa0/13 Fa0/19 Port Fa0/13 Fa0/19 Mode on on Encapsulation 802.30 SW4#show interfaces trunk Port Fa0/19 Port Fa0/19 Port Fa0/19 Port Fa0/19 Mode on Encapsulation 802.1q 802.30 Vlans in spanning tree forwarding state and not pruned 1.10.10.20.1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1.1q Status trunking Native vlan 1 Vlans allowed on trunk 1-4094 Vlans allowed and active in management domain 1.10.20.30 Vlans in spanning tree forwarding state and not pruned 1.VTP Pruning Verification (cont.1q Status trunking trunking Native vlan 1 1 Vlans allowed on trunk 1-4094 1-4094 Vlans allowed and active in management domain 1.20.10.30 Copyright © 2010 Internetwork Expert.10.30 Vlans in spanning tree forwarding state and not pruned 1.30 1.20.30 Vlans in spanning tree forwarding state and not pruned 1.com Copyright © 2010 Internetwork Expert www.INE.1q 802. Inc www.20.20.30 Copyright © 2010 Internetwork Expert.10.30 SW2#show interfaces trunk Port Fa0/13 Port Fa0/13 Port Fa0/13 Port Fa0/13 Mode on Encapsulation 802.10.20.com . Inc www.INE.1q Status trunking trunking Native vlan 1 1 Vlans allowed on trunk 1-4094 1-4094 Vlans allowed and active in management domain 1.20.30 1.) SW1#show interfaces trunk Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Port Fa0/13 Fa0/16 Mode on on Encapsulation 802.30 1.INE.10 1.

20.30 SW1#show interfaces Fa0/16 pruning Port Fa0/16 Port Fa0/16 Vlans pruned for lack of request by neighbor 10 Vlan traffic requested of neighbor 1.20.) SW1#show interfaces Fa0/13 pruning Port Fa0/13 Port Fa0/13 Vlans pruned for lack of request by neighbor 20.10.10. Inc www.com .10.20. Inc www.INE.30 SW2#show interfaces Fa0/13 pruning Port Fa0/13 Port Fa0/13 Vlans pruned for lack of request by neighbor none Vlan traffic requested of neighbor 1.30 SW4#show interfaces Fa0/19 pruning Port Fa0/19 Port Fa0/19 Vlans pruned for lack of request by neighbor none Vlan traffic requested of neighbor 1.com VTP Pruning Verification (cont.20.10 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.VTP Pruning Verification (cont.30 Copyright © 2010 Internetwork Expert.INE.INE.) SW3#show interfaces Fa0/13 pruning Port Fa0/13 Port Fa0/13 Vlans pruned for lack of request by neighbor none Vlan traffic requested of neighbor 1.20 Vlan traffic requested of neighbor 1.30 SW3#show interfaces Fa0/19 pruning Port Fa0/19 Port Fa0/19 Vlans pruned for lack of request by neighbor 10.30 Vlan traffic requested of neighbor 1.

Inc www.com .com Copyright © 2010 Internetwork Expert www. Trunking.INE.VLANs. & VTP Q&A Copyright © 2010 Internetwork Expert.INE.

com Switching Logic Review • Layer 2 switches use the CAM table to switch traffic based on destination MAC address • To populate the CAM table the following logic is used – – – – – – A frame from X going to Y is received on port 1 Insert X into the CAM table via port 1 Flood the frame out all ports in the VLAN except 1 A return frame from Y going to X is received on port 2 Insert Y into the CAM table via port 2 Subsequent traffic does not require flooding Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.com .INE.Internetwork Expert’s CCNP Bootcamp Spanning-Tree Protocol (STP) http://www.INE. Inc www.INE.

com Switching Loop Example HostA sends a frame SW1 adds HostA via port 11 SW2 adds HostA via port to HostB SW3 adds HostA via port Floods frame out frame ports 2 & 31 2 SW4 receives in port Floods frame out port 22 SW4 adds HostA via port 2.INE.INE. Inc www.Switching Loop Problems • When redundant paths exist in the layer 2 network.com . especially broadcasts.INE. CAM population logic breaks down and frames are switched out the wrong interfaces • Looping frames. Floods frame out port SW4 floods frame out followed by port 3 SW2 adds HostA via port 22 then overrides to port 3 SW1 adds HostA via port ports 1 and 2 SW1 now knows HostA via Floods frame out port 1& Floods frame out ports 1 incorrect port & process3 continues A via Fa0/1 A via Fa0/2 A via Fa0/1 A via Fa0/2 A via Fa0/1 A via Fa0/2 A via Fa0/3 Copyright © 2010 Internetwork Expert. can quickly overwhelm all links with 100% utilization Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www. Inc www.

1D Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.INE. Inc www. Inc www. layer 2 network can reconverge around network failures • Standards based per 802.com Switching Loop Prevention Example HostA sends a frame SW1 adds HostA via port 11 SW2 adds HostA via port to HostB SW3 adds HostA via port Floods frame out frame ports 2 & 31 2 SW4 receives in port Floods frame out port 22 SW4’s port 3 is blocking so Floods frame out port SW4 adds HostA via port 2 followed by port 3 frame isframe discarded and floods out port 1 No looping occurs A Fa0/1 Fa0/2 SW1 A via Fa0/1 Fa0/3 Fa0/1 A via Fa0/1 Fa0/1 SW2 SW3 Fa0/2 A via Fa0/1 Fa0/2 Fa0/2 A via Fa0/2 Fa0/3 SW4 B Fa0/1 Copyright © 2010 Internetwork Expert.INE.INE.Spanning-Tree Protocol Overview • STP solves the looping problem by “blocking” redundant paths – Blocked links cannot forward traffic or use the CAM table – Same effect as removing or shutting down the link • Since STP is dynamic.com .

com Copyright © 2010 Internetwork Expert www. selecting one upstream facing root port • Repeat until entire loop-free tree is built Copyright © 2010 Internetwork Expert.INE.com .INE. Inc www.INE.com How STP Works • • • • Exchange bridge and link attributes Elect one Root Bridge Elect one Root Port per bridge Elect Designated Ports Copyright © 2010 Internetwork Expert. Inc www.How STP Loop Prevention Works • All devices agree on a reference point in the network – Called the “root bridge” • Device directly downstream of the root bridge performs the following… – Select one upstream facing port to forward traffic towards the root bridge • Called the “root port” – All other upstream facing ports are disabled • Called “blocking” ports – All downstream facing ports are called “designated” ports • Next downstream device performs the same.

STP Advertisements • Uses Bridge Protocol Data Units (BPDUs) – Sent as multicast frames between adjacent bridges (0180. Inc www.INE.INE.com Root Bridge Election • Based on the lowest Bridge ID (BID) in the network • BID is an 8-byte field that contains – Bridge Priority • 0-65535 • Defaults to 32768 – MAC Address • New standard splits Bridge Priority into two fields – AKA “MAC address reduction” feature – Bridge Priority • 4 high order bits • 0 .C200. Inc www.com .0000) • Used to advertise bridge and link attributes – – – – – Root ID Root Path Cost Bridge ID Port ID Timers • Two types of BPDUs – Configuration BPDUs – Topology Change Notification (TCN) BPDUs Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.61440 in increments of 4096 – System ID Extension • 12 low order bits • 0 – 4095 • Lowest BID in the network becomes everyone’s Root ID (RID) in their BPDUs Copyright © 2010 Internetwork Expert.INE.

INE.com . elected based on… – Lowest Root Path Cost – Lowest BID – Lowest Port ID • All other ports go into “blocking” mode – Receives BPDUs – Discards all other traffic – Cannot send traffic • Blocking ports are the key to the loop free topology Copyright © 2010 Internetwork Expert.com Designated Port Election • Ports downstream facing away from Root Bridge • Like Root Port. Inc www.Root Port Election • Port closest to the Root Bridge – Root is always upstream • Elected based on lowest Root Path Cost – Cumulative cost of all links to get to the root – Cost based on inverse bandwidth • i. Inc www.e.INE. higher bandwidth.com Copyright © 2010 Internetwork Expert www. lower cost • Not linear • If tie in cost… – Choose lowest upstream BID – Choose lowest upstream Port ID Copyright © 2010 Internetwork Expert.INE.

INE.com STP Path Selection Verification (SW1) SW1#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0009.56c8.4e80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Altn Root Sts --BLK LRN Cost --------19 19 Prio.STP Path Selection Example SW1 Fa0/13 Fa0/16 Fa0/13 Fa0/13 SW2 Fa0/19 SW3 Fa0/19 Fa0/16 Fa0/19 SW4 Copyright © 2010 Internetwork Expert.433c.INE.INE.Nbr -------128.18 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/16 Copyright © 2010 Internetwork Expert.com . Inc www.com Copyright © 2010 Internetwork Expert www.a380 Cost 38 Port 18 (FastEthernet0/16) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 0019.15 128. Inc www.

com .ea00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Root Sts --FWD FWD Cost --------19 19 Prio.com Copyright © 2010 Internetwork Expert www.e780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Root Sts --FWD FWD Cost --------19 19 Prio.Nbr -------128.19 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 Copyright © 2010 Internetwork Expert.a380 Cost 19 Port 21 (FastEthernet0/19) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 0019.f4f3.15 128.INE.STP Path Selection Verification (SW2) SW2#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0009. Inc www.a380 Cost 19 Port 19 (FastEthernet0/19) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 000a.21 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 Copyright © 2010 Internetwork Expert.Nbr -------128.433c.INE.13 128.433c.aa7e.INE. Inc www.com STP Path Selection Verification (SW3) SW3#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0009.

15. address 0009.13.INE.a380 Designated bridge has priority 32769.18.15.com .a380 Root port is 18 (FastEthernet0/16). aging 300 Port 15 (FastEthernet0/13) of VLAN0001 is blocking Port path cost 19.19 Type -------------------------------P2p P2p Interface ---------------Fa0/16 Fa0/19 Copyright © 2010 Internetwork Expert. detected flag not set Number of topology changes 1 last change occurred 00:03:34 ago from FastEthernet0/13 Times: hold 1. max age 20.Nbr -------128. Inc www.433c. Designated root has priority 32769.com Copyright © 2010 Internetwork Expert www.433c. forward delay 0.56c8.e780 Designated port id is 128. address 0019. address 0019. designated path cost 19 Timers: message age 2. forward delay 15 Current root has priority 32769. notification 0.a380 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32769 (priority 32768 sys-id-ext 1) Address 0009. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 2. Port priority 128. sysid 1. forward delay 15 Timers: hello 0. cost of root path is 38 Topology change flag not set. address 0009.a380 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Desg Sts --FWD FWD Cost --------19 19 Prio.a380 Designated bridge has priority 32769.433c. Port priority 128.STP Path Selection Verification (SW4) SW4#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0009.433c. forward delay 0.INE. Inc www. Port Identifier 128. hold 0 Number of transitions to forwarding state: 0 Link type is point-to-point by default BPDU: sent 6. received 116 Port 18 (FastEthernet0/16) of VLAN0001 is forwarding Port path cost 19. address 0009. max age 20.4e80 Configured hello time 2.16 128.433c. designated path cost 19 Timers: message age 2.aa7e. topology change 35.com STP Verification Detail (SW1) SW1#show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768. received 111 Copyright © 2010 Internetwork Expert.ea00 Designated port id is 128.f4f3. notification 2 hello 2. Port Identifier 128. topology change 0. Designated root has priority 32769. address 000a.INE.

INE. max age 20.a380 Designated bridge has priority 32769.a380 Designated port id is 128.a380 Root port is 21 (FastEthernet0/19).433c. cost of root path is 19 Topology change flag not set. notification 2 hello 2. received 2 Port 19 (FastEthernet0/19) of VLAN0001 is forwarding Port path cost 19.aa7e. designated path cost 0 Timers: message age 1.a380 Designated port id is 128. received 6 Port 21 (FastEthernet0/19) of VLAN0001 is forwarding Port path cost 19.aa7e. max age 20. address 0009.com . max age 20.15.a380 Designated bridge has priority 32769.13.433c.f4f3. Designated root has priority 32769.e780 Designated port id is 128. forward delay 15 Timers: hello 0.16. address 0019. address 000a. detected flag not set Number of topology changes 3 last change occurred 00:03:12 ago from FastEthernet0/19 Times: hold 1. Port Identifier 128. address 0009. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 3. detected flag not set Number of topology changes 2 last change occurred 00:03:19 ago from FastEthernet0/19 Times: hold 1. Port Identifier 128. address 0019.433c. topology change 35. topology change 35. Port priority 128. Designated root has priority 32769.21. designated path cost 19 Timers: message age 0.433c. aging 300 Port 13 (FastEthernet0/13) of VLAN0001 is forwarding Port path cost 19.13. Port priority 128.INE. address 0009. notification 2 hello 2. forward delay 0. sysid 1. notification 0. forward delay 15 Timers: hello 0. address 0009. aging 300 Port 15 (FastEthernet0/13) of VLAN0001 is forwarding Port path cost 19. forward delay 0.com Copyright © 2010 Internetwork Expert www. Inc www.433c.INE.433c. Designated root has priority 32769. received 118 Copyright © 2010 Internetwork Expert. notification 0.STP Verification Detail (SW2) SW2#show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768. address 0009. address 0009. address 000a. forward delay 15 Current root has priority 32769.ea00 Designated port id is 128. forward delay 0. Port Identifier 128. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 114.15. Designated root has priority 32769. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 117. max age 20.com STP Verification Detail (SW3) SW3#show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768. address 0009. designated path cost 19 Timers: message age 0. designated path cost 0 Timers: message age 1. Port priority 128.e780 Configured hello time 2.a380 Root port is 19 (FastEthernet0/19). cost of root path is 19 Topology change flag not set.a380 Designated bridge has priority 32769.433c. forward delay 0.433c.19. topology change 0. Port Identifier 128.19.a380 Designated bridge has priority 32769. forward delay 15 Current root has priority 32769. received 114 Copyright © 2010 Internetwork Expert. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 3. Port priority 128.ea00 Configured hello time 2. Inc www. topology change 0.f4f3. sysid 1. address 0009.

INE.16. Designated root has priority 32769. notification 0. notification 2 hello 2.g. address 0009. topology change 0.433c. Port priority 128.STP Verification Detail (SW4) SW4#show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768. detected flag not set Number of topology changes 1 last change occurred 00:03:47 ago from FastEthernet0/19 Times: hold 1. Inc www. Port Identifier 128. address 0009. shutdown – Listening • Exchanging BPDUs with adjacent bridges – Learning • Building the CAM table – Forwarding • Normal loop-free traffic forwarding – Blocking • Receiving BPDUs but not forwarding • Normal progression between states is either… – Disabled → Listening → Learning → Forwarding – Blocking → Listening → Learning → Forwarding Copyright © 2010 Internetwork Expert. designated path cost 0 Timers: message age 0.com STP Port States • When a bridge boots up.com .a380 Configured hello time 2.a380 Designated bridge has priority 32769. forward delay 0. max age 20.433c. forward delay 15 Timers: hello 1. address 0009. the initial STP convergence time is based on how long the device takes to transition through different port states • STP port states are… – Disabled • e.com Copyright © 2010 Internetwork Expert www.433c.a380 Designated bridge has priority 32769. max age 20.19.INE. aging 300 Port 16 (FastEthernet0/16) of VLAN0001 is forwarding Port path cost 19. designated path cost 0 Timers: message age 0.INE. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 122.16. forward delay 15 We are the root of the spanning tree Topology change flag not set. forward delay 0. received 3 Copyright © 2010 Internetwork Expert. sysid 1. address 0009. hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 116.433c. received 3 Port 19 (FastEthernet0/19) of VLAN0001 is forwarding Port path cost 19.a380 Designated port id is 128. address 0009.a380 Designated port id is 128. Port Identifier 128.433c. Inc www. Port priority 128. Designated root has priority 32769.19. topology change 35.

INE. is used to quickly age out the CAM table in case of a port state change – e. Blocking →Designated • TCN is sent up to Root Bridge – – – – – – TCN sent out Root Port Upstream switch sends TCAck in Configuration BPDU back Upstream switch sends TCN out Root Port Next upstream switch sends TCAck in Configuration BPDU back Next upstream switch sends TCN out Root Port Process continues until Root Bridge receives TCN • When Root Bridge receives TCN.INE.com STP Reconvergence • The second BPDU type.STP Timers • Timers that affect the transition between port states are… – Hello timer • How often configuration BPDUs are sent • Defaults to 2 seconds – MaxAge timer • How long to wait in blocking state without hearing a BPDU • Defaults to 20 seconds – Forward Delay • How long to wait in each the listening and learning phases • Defaults to 15 seconds Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.g. Inc www.com . TCN. Inc www. it replies with TCN out all ports • Result is that CAM aging time is reduced to Forward Delay – Default of 5 minutes reduced to 15 seconds Copyright © 2010 Internetwork Expert.INE. Forwarding→Down.

Inc www.INE.STP Q&A Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.com .INE.

Inc www. etc.INE.INE.com .com Cisco STP Enhancements • Common Spanning-Tree (CST) – Originally defined in 802. UplinkFast.1D – One STP instance for all VLANs • Does not allow complex layer 2 traffic engineering • Per-VLAN Spanning-Tree (PVST) – Cisco proprietary extensions – One STP instance per VLAN • Layer 2 traffic engineering per VLAN – New features to reduce convergence time • PortFast.INE.Internetwork Expert’s CCNP Bootcamp Advanced Spanning-Tree Protocol (STP) http://www. – PVST+ interoperates with CST • Complex tunneling outside our scope • See INE Blog’s PVST+ Explained for details Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.

INE.com Copyright © 2010 Internetwork Expert www.PVST/PVST+ Path Selection • One Root Bridge election per VLAN – Bridge priority per VLAN configurable as spanningtree vlan [vlan] [priority|root] • Separate Root Port & Designated Port elections per VLAN – Port cost per VLAN configurable as interface spanning-tree vlan [vlan] cost [cost] – Port priority per VLAN configurable as interface spanning-tree vlan [vlan] priority [priority] Copyright © 2010 Internetwork Expert.com .com Per-VLAN Path Selection Example SW1 Fa0/13 Fa0/16 Fa0/13 VLAN 10 Root Fa0/13 SW2 Fa0/19 SW3 Fa0/19 VLAN 20 Root Fa0/16 Fa0/19 SW4 Copyright © 2010 Internetwork Expert.INE. Inc www. Inc www.INE.

ea00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Desg Sts --FWD FWD Cost --------19 19 Prio.aa7e.Nbr -------128.aa7e.Nbr -------128.ea00 Cost 24 Port 13 (FastEthernet0/13) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32778 (priority 32768 sys-id-ext 10) Address 000a.e780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Root Altn Sts --FWD BLK Cost --------5 19 Prio.f4f3. Inc www.INE.21 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 SW3#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 16394 Address 0019.15 128.aa7e.19 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 Copyright © 2010 Internetwork Expert.13 128.Per-VLAN Path Selection Configuration SW2# spanning-tree vlan 10 priority 16384 ! interface FastEthernet0/19 spanning-tree vlan 20 cost 5 SW3# spanning-tree vlan 20 priority 16384 ! interface FastEthernet0/13 spanning-tree vlan 10 cost 5 Copyright © 2010 Internetwork Expert.com .com Copyright © 2010 Internetwork Expert www.com Per-VLAN Path Selection Verification SW2#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 16394 Address 0019.ea00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 16394 (priority 16384 sys-id-ext 10) Address 0019.INE.INE. Inc www.

aa7e.Per-VLAN Path Selection Verification (cont.e780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Desg Sts --FWD FWD Cost --------19 19 Prio.21 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 SW3#show spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 16404 Address 000a.f4f3.e780 Cost 24 Port 21 (FastEthernet0/19) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32788 (priority 32768 sys-id-ext 20) Address 0019.) SW2#show spanning-tree vlan 20 VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 16404 Address 000a.Nbr -------128.Nbr -------128.INE.com Cisco’s 802. Inc www.e780 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 16404 (priority 16384 sys-id-ext 20) Address 000a.com Copyright © 2010 Internetwork Expert www.15 128.ea00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Altn Root Sts --BLK FWD Cost --------19 5 Prio.13 128.1D Convergence Enhancements • PortFast – End hosts need not be subject to Forwarding Delay • UplinkFast – Direct Root Port failure should reconverge immediately if Alternate Port available • BackboneFast – Indirect failures should start recalculating immediately Copyright © 2010 Internetwork Expert.INE.19 Type -------------------------------P2p P2p Interface ---------------Fa0/13 Fa0/19 Copyright © 2010 Internetwork Expert.com .INE.f4f3. Inc www.f4f3.

com .1w • Faster convergence than Cisco’s 802. Inc www.INE.INE.INE. Inc www.com Copyright © 2010 Internetwork Expert www.1D uses… – – – – – Disabled Blocking Listening Learning Forwarding • 802.1w simplifies this to… – Discarding • Dropping frames – Learning • Dropping frames but building the CAM – Forwarding • Normal forwarding Copyright © 2010 Internetwork Expert.1D enhancements • Builds the same STP as regular STA • Simplifies port states • Rapid convergence based on sync process Copyright © 2010 Internetwork Expert.com RSTP Port States • 802.RSTP • Rapid Spanning-Tree Protocol • New standard per IEEE 802.

com Copyright © 2010 Internetwork Expert www. remove edge status and generate TCN Copyright © 2010 Internetwork Expert.RSTP Port Roles • Port Roles are decoupled from states • Root Port & Designated Port – Same as before • Alternate Port – Alternate but less desirable path to the root – Allows the equivalent of UplinkFast • i. Inc www.com RSTP Edge Ports • Equivalent of PVST+ PortFast enabled ports – Immediately transitions to forwarding – Still requires spanning-tree portfast command for backwards compatibility • Maintains edge status as long as no BPDUs are received – If BPDU received.INE. Inc www.INE. fast root path recovery – Operates in discarding state • Backup Port – Backup Designated Port – Activates if the primary Designated Port fails – Operates in discarding state Copyright © 2010 Internetwork Expert.com .e.INE.

cost. Inc www. Inc www.com RSTP Sync Process • Goal is for a bridge to synchronize its root port with the rest of the topology • When a bridge elects a root port it assumes all non-edge ports to be designated – All non-edge ports are discarding at this moment • Bridge sends proposals out all designated ports – Proposal has port role set to designated – Proposal contains root bridge info (priority.com .INE.com Copyright © 2010 Internetwork Expert www.) • Downstream bridges review this information – If they don’t have better paths to the root they agree – If they do have it they announce their information Copyright © 2010 Internetwork Expert.INE. etc.INE.RSTP Link Types • Non-edge ports fall into two types • Point-to-point – Full-Duplex ports • Shared – Half-Duplex ports • Only point-to-point Designated Ports use the sync process for rapid convergence Copyright © 2010 Internetwork Expert.

Inc www. it is unblocked • If downstream bridge sends better root information.INE. each bridge generates BPDU every hello interval – 2 seconds by default • If 3 hellos are missed from a neighbor.com RSTP Fault Detection • In 802.INE.1D.RSTP Sync Process (cont.INE. reconvergence begins – 6 seconds vs. 20 seconds MaxAge Copyright © 2010 Internetwork Expert.com . local bridge changes root port • If downstream bridge agrees to upstream proposal. Inc www. BPDUs are only generated by Root Bridge – All other bridges forward them on • In RSTP. then it – Elects a local root port – Blocks all non-edge designated ports – Starts sync process on all designated ports • Port blocking is essential in preventing transient loops • Sync process ensures all bridges agree on the same root bridge Copyright © 2010 Internetwork Expert.) • When designated port receives agreement.com Copyright © 2010 Internetwork Expert www.

INE.RSTP Fault Detection (cont.) • MaxAge is used as hop count – Every bridge sends BPDUs on its own – Age incremented by every bridge – MaxAge also used on shared ports for legacy STP backwards compatibility • Fault could be detected fast by means of physical layer signaling Copyright © 2010 Internetwork Expert. Inc www. it is selected in place of old Root port – New Root port is then synchronized with downstream bridges • If there are no Alternate ports and no better info – Declare itself as root – Synchronize this decision – Possibly adapt to better information Copyright © 2010 Internetwork Expert. Inc www.INE.com Copyright © 2010 Internetwork Expert www.com RSTP Convergence • RSTP needs to re-converge when Root port is lost • If there is an Alternate port.com .INE.

INE. Inc www. use ring topologies but not full-mesh) – Rely on physical layer failure detection not the Hello BPDUs Copyright © 2010 Internetwork Expert.INE.com .com Copyright © 2010 Internetwork Expert www. depends on topology – Meshy topologies converge slow – Large topologies converge slow • Root bridge failures may cause slow convergence time and temporary loops • To ensure fast convergence – Keep Topology Small (3-5 bridges) – Avoid excessive redundancy (e.com RSTP Topology Change • Generated when link becomes forwarding • Originated by the switch that detected the event • Uses special BPDU bit to signal topology change • Flooded by all switches using reverse path forwarding • Flushes MAC address tables • Causes temporary excessive unicast traffic flooding • Use Edge Ports as much as possible Copyright © 2010 Internetwork Expert.RSTP Convergence (cont.g.) • Non-deterministic. Inc www.INE.

com Multiple Spanning-Tree Protocol (cont.1s) response to PVST/PVST+ • Pioneered by Cisco as MISTP • Supports multiple user-defined instances of spanning-tree • Not as resource intensive as PVST/PVST+ • Automatically runs RSTP Copyright © 2010 Internetwork Expert.Multiple Spanning-Tree Protocol • IEEE (802.INE.com Copyright © 2010 Internetwork Expert www.INE.com . Inc www.INE.) • STP Instances (MSTIs) are separate from VLANs • VLANs are mapped to MSTIs manually • Switches sharing the same region name and mappings form a region • Different regions see each other as virtual bridges • See INE Blog’s Understanding MSTP for more info Copyright © 2010 Internetwork Expert. Inc www.

60 ! spanning-tree mode mst Copyright © 2010 Internetwork Expert www.INE. 20. 60 ! spanning-tree mode mst SW2# spanning-tree mst configuration name MST_REGION1 revision 1 instance 1 vlan 10.com . 20. 60 ! spanning-tree mode mst spanning-tree mst 2 priority 4096 ! interface FastEthernet0/13 spanning-tree mst 1 cost 50000 SW4# spanning-tree mst configuration name MST_REGION1 revision 1 instance 1 vlan 10.20. 30 instance 2 vlan 40. 20. 50.MST & RSTP Example Fa0/13 SW1 Fa0/16 Fa0/13 Fa0/13 SW2 Instance 1 Root (VLANs 10.INE. Inc www.INE.com SW3# spanning-tree mst configuration name MST_REGION1 revision 1 instance 1 vlan 10. 50. 50.com MST Configuration SW1# spanning-tree mst configuration name MST_REGION1 revision 1 instance 1 vlan 10. 30 instance 2 vlan 40. 60 ! spanning-tree mode mst spanning-tree mst 1 priority 4096 ! interface FastEthernet0/19 spanning-tree mst 2 cost 50000 Copyright © 2010 Internetwork Expert. 30 instance 2 vlan 40. 50. Inc www.60) Fa0/19 Fa0/16 Fa0/19 SW4 Copyright © 2010 Internetwork Expert. 20. 30 instance 2 vlan 40.50.30) SW3 Fa0/19 Instance 2 Root (VLANs 40.

com MST Verification (cont.Nbr -------128.15 128.e780 priority address 0019.50.INE.ea00 priority address 000a.13 128.INE.Nbr -------128.Nbr -------128.50.13 128.aa7e.e780 priority port Fa0/19 cost Role ---Altn Root Sts --BLK FWD Cost --------200000 50000 Prio.) SW2#show spanning-tree mst 2 ##### MST2 Bridge Root vlans mapped: 40.f4f3.30 address 000a.ea00 priority port Fa0/13 cost Role ---Root Altn Sts --FWD BLK Cost --------50000 200000 Prio.INE.19 32769 (32768 sysid 1) 4097 (4096 sysid 1) 250000 rem hops 18 Interface ---------------Fa0/13 Fa0/19 Type -------------------------------P2p P2p Copyright © 2010 Internetwork Expert.com .aa7e.21 32770 (32768 sysid 2) 4098 (4096 sysid 2) 250000 rem hops 18 Interface ---------------Fa0/13 Fa0/19 Type -------------------------------P2p P2p SW3#show spanning-tree mst 2 ##### MST2 Bridge Root vlans mapped: 40.MST Verification SW2#show spanning-tree mst 1 ##### MST1 Bridge Root vlans mapped: 10.60 address 0019.com Copyright © 2010 Internetwork Expert www.Nbr -------128.20. Inc www.19 4098 (4096 sysid 2) Interface ---------------Fa0/13 Fa0/19 Type -------------------------------P2p P2p Copyright © 2010 Internetwork Expert.f4f3. Inc www.30 address 0019.ea00 priority this switch for MST1 Role ---Desg Desg Sts --FWD FWD Cost --------200000 200000 Prio.e780 priority this switch for MST2 Role ---Desg Desg Sts --FWD FWD Cost --------200000 200000 Prio.20.15 128.aa7e.f4f3.21 4097 (4096 sysid 1) Interface ---------------Fa0/13 Fa0/19 Type -------------------------------P2p P2p SW3#show spanning-tree mst 1 ##### MST1 Bridge Root vlans mapped: 10.60 address 000a.

com . but uses RSTP enhancements for rapid convergence • Every instance runs RSTP • Configured as spanning-tree mode rapid-pvst Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert www.com Other STP Features • BPDU Filter – Interface level • Filter BPDUs inbound/outbound – Global • If BPDU is received revert out of portfast state • BPDU Guard – If BPDU is received shut port down • Root Guard – If superior BPDU is received shut port down • Loop Guard & UDLD – Prevent unidirectional links Copyright © 2010 Internetwork Expert.INE.INE.Rapid PVST+ • Same as PVST+. Inc www. Inc www.

Inc www.Advanced STP Q&A Copyright © 2010 Internetwork Expert.INE.INE.com .com Copyright © 2010 Internetwork Expert www.

com Layer 2 vs Layer 3 Review • Layer 2 switches do not do frame modification – i.Internetwork Expert’s CCNP Bootcamp Inter-VLAN Routing http://www. “Transparent” bridging • Implies hosts in a VLAN can only reach MACs directly in the CAM table – i.INE. the local broadcast domain • Layer 3 routers/switches perform layer 2 packet rewrite – Remove the layer 2 header and rebuild it • Implies Inter-VLAN traffic must be routed Copyright © 2010 Internetwork Expert.e. Inc www.e.com Copyright © 2010 Internetwork Expert www.INE.INE.com .

0. Inc www.INE.INE.0.1/24 B 20.0.com Copyright © 2010 Internetwork Expert www.com .254/24 R1 Fa0/1 Fa0/2 20.0.0.com Switch to Router w/ Multiple Links Example 10.INE.Switch to Router w/ Multiple Links • One solution for Inter-VLAN routing is to use one physical link per VLAN between the layer 2 switch and layer 3 router • How it works – Frames leaves switch on link 1 in VLAN 10 – Router rewrites frame to MAC in VLAN 20 and sends back on link 2 – Switch uses CAM of VLAN 20 to reach destination Copyright © 2010 Internetwork Expert.2/24 Copyright © 2010 Internetwork Expert. Inc www.0.0.254/24 Fa0/1 Fa0/2 VLAN 10 VLAN 20 SW1 Fa0/3 Fa0/4 A 10.0.

Inc www. Inc www.com .com Router-on-a-Stick Example Copyright © 2010 Internetwork Expert.INE.INE.1Q Trunk • How it works – Frame leaves switch on trunk link with VLAN 10 encapsulation – Router rewrites frame to MAC in VLAN 20 and sends back on the same trunk link with new encapsulation – Switch uses CAM of VLAN 20 to reach destination Copyright © 2010 Internetwork Expert.Router-on-a-Stick • Multiple interfaces work. but not scalable because of port density and cost • Alternate solution is to use one physical link between layer 2 switch and layer 3 router running as ISL/802.com Copyright © 2010 Internetwork Expert www.INE.

and easier to manage Copyright © 2010 Internetwork Expert.INE.INE.com .com Copyright © 2010 Internetwork Expert www.e. Inc www.INE. more scalable.g RSFC/MSFC • Implemented as interface vlan [vlan] on the layer 3 switch • Faster. Inc www.Switched Virtual Interfaces (SVIs) • Better solution is to combine the layer 2 switch and layer 3 router together – i. layer 3 switch • Switch to router communication and rewrite happens on the backplane/fabric – e.com SVIs Example Copyright © 2010 Internetwork Expert.

0/24 20.254/24 VLAN20 Fa0/4 VLAN 10 VLAN 20 A 10.INE.com Native Layer 3 Routed Ports Example 10. Inc www.com Copyright © 2010 Internetwork Expert www.0.0. etc. Inc www.2/24 Copyright © 2010 Internetwork Expert.1/24 B 20.INE. QoS.0.0.0. no switchport • Native layer 3 ports treated just like an Ethernet port on a router – IP address assignment.Native Layer 3 Routed Ports • In addition to layer 2 switchports.0.254/24 VLAN10 Fa0/3 Fa0/13 Fa0/13 100.e.0. most layer 3 switches can run ports in native layer 3 routed mode – i.0. • Typically used in designs where uplinks are routed – Access to distribution layer uplinks – Distribution layer to core layer uplinks • Eliminates STP convergence time – Convergence is now a function of layer 3 routing protocol – See High Availability Campus Network Design-Routed Access Layer using EIGRP or OSPF for more info Copyright © 2010 Internetwork Expert.com .0.INE.0. ACLs.

com .Inter-VLAN Routing Q&A Copyright © 2010 Internetwork Expert. Inc www.INE.INE.com Copyright © 2010 Internetwork Expert www.

com .com EtherChannel • Used to aggregate bandwidth of multiple links together – Sometimes called “NIC Teaming” by other vendors • Fools STP into thinking bonded links are one STP link – Technically redundant paths.INE.Internetwork Expert’s CCNP Bootcamp EtherChannel http://www.INE.INE.com Copyright © 2010 Internetwork Expert www. Inc www. but no loops • Load balancing based on MAC address – More efficient bandwidth utilization than STP traffic engineering Copyright © 2010 Internetwork Expert.

INE.g StackWise vs modular platforms – See individual hardware release notes Copyright © 2010 Internetwork Expert.com Types of EtherChannels • EtherChannel does not directly relate to the underlying type of member interface • Can be used to aggregate both – Switchport • Access switchport • Trunk switchports – Routed ports • Limitations of what and how many interfaces can channel together are per-platform – E.com .INE. Inc www.EtherChannel Terms • Port-Channel / Channel-Group – Logical EtherChannel interface that represents bonded links • Member interfaces – Physical interfaces that belong to the group – Strict requirements about configuration compatibility between member interfaces • i.e.INE.com Copyright © 2010 Internetwork Expert www. Inc www. member port configs should be identical Copyright © 2010 Internetwork Expert.

Inc www.INE. negotiation protocol determined by the channel “mode” – Desirable & Auto .PAgP – Active & Passive – LACP – On – neither • Negotiation must be compatible otherwise loops can occur Copyright © 2010 Internetwork Expert.INE. EtherChannel can be auto-negotiated two ways • Port Aggregation Protocol (PAgP) – Cisco proprietary • Link Aggregation Control Protocol (LACP) – IEEE 802. Inc www.EtherChannel Negotiation • In order to ensure loop free topology.com EtherChannel Example Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.3ad • In Cisco IOS.com .INE.

Hot-standby (LACP only) R .default port Number of channel-groups in use: 2 Number of aggregators: 2 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------1 Po1(SU) PAgP Fa0/13(P) Fa0/14(P) 2 Po2(SU) LACP Fa0/16(P) Fa0/17(P) Copyright © 2010 Internetwork Expert.stand-alone s .down P . Inc www.) SW1#show etherchannel summary Flags: D .failed to allocate aggregator u .com .com EtherChannel Verification (cont.com Copyright © 2010 Internetwork Expert www.Layer3 S . Inc www.waiting to be aggregated d .INE.suspended H .INE.Layer2 U .INE.unsuitable for bundling w .in use f .EtherChannel Configuration SW1# interface FastEthernet0/13 switchport trunk encapsulation switchport mode trunk channel-group 1 mode desirable ! interface FastEthernet0/14 switchport trunk encapsulation switchport mode trunk channel-group 1 mode desirable ! interface FastEthernet0/16 switchport trunk encapsulation switchport mode trunk channel-group 2 mode active ! interface FastEthernet0/17 switchport trunk encapsulation switchport mode trunk channel-group 2 mode active dot1q SW2# interface FastEthernet0/13 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode auto ! interface FastEthernet0/14 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode auto SW3# interface FastEthernet0/13 switchport trunk encapsulation isl switchport mode trunk channel-group 2 mode passive ! interface FastEthernet0/14 switchport trunk encapsulation isl switchport mode trunk channel-group 2 mode passive dot1q isl isl Copyright © 2010 Internetwork Expert.in port-channel I .

in use f .com EtherChannel Verification (cont.stand-alone s .unsuitable for bundling w . Inc www.com Copyright © 2010 Internetwork Expert www. Inc www.Layer2 U .Layer3 S .waiting to be aggregated d .Layer2 U .default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------2 Po2(SU) LACP Fa0/13(P) Fa0/14(P) Copyright © 2010 Internetwork Expert.unsuitable for bundling w .com .in port-channel I .INE.failed to allocate aggregator u .down P .waiting to be aggregated d .suspended H .Layer3 S .failed to allocate aggregator u .in use f .INE.EtherChannel Verification (cont.) SW3#show etherchannel summary Flags: D .INE.) SW2#show etherchannel summary Flags: D .Hot-standby (LACP only) R .Hot-standby (LACP only) R .down P .default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------1 Po1(SU) PAgP Fa0/13(P) Fa0/14(P) Copyright © 2010 Internetwork Expert.in port-channel I .suspended H .stand-alone s .

80 Type -------------------------------P2p P2p Interface ---------------Po1 Po2 Copyright © 2010 Internetwork Expert.com .72 128.Nbr -------128.EtherChannel Verification (cont. Inc www.) SW2#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 10 Address 0019.INE.4e80 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Root Desg Sts --FWD FWD Cost --------12 12 Prio.INE.com EtherChannel Verification (cont.) SW1#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 10 Address 0019.72 Type -------------------------------P2p P2p Interface ---------------Fa0/19 Po1 Copyright © 2010 Internetwork Expert.21 128.56c8.aa7e.INE.aa7e.Nbr -------128. Inc www.ea00 Cost 12 Port 72 (Port-channel1) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32778 (priority 32768 sys-id-ext 10) Address 0019.ea00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Desg Desg Sts --FWD FWD Cost --------19 12 Prio.aa7e.ea00 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 10 (priority 0 sys-id-ext 10) Address 0019.com Copyright © 2010 Internetwork Expert www.

Nbr -------128. Inc www.19 128.INE.INE.com EtherChannel Q&A Copyright © 2010 Internetwork Expert.ea00 Cost 24 Port 65 (Port-channel2) Hello Time 2 sec Max Age 20 sec Bridge ID Forward Delay 15 sec Priority 32778 (priority 32768 sys-id-ext 10) Address 000a.65 Type -------------------------------P2p P2p Interface ---------------Fa0/19 Po2 Copyright © 2010 Internetwork Expert.) SW3#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 10 Address 0019.f4f3.e780 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Role ---Altn Root Sts --BLK FWD Cost --------19 12 Prio.EtherChannel Verification (cont.com Copyright © 2010 Internetwork Expert www.aa7e. Inc www.com .INE.

INE. Inc www. links.) • Layered implementation – Physical layer (SONET).com Copyright © 2010 Internetwork Expert www. 5 nines) • Requires redundancy (nodes.INE.com What is High Availability? • Ability of the network to recover from faults in timely fashion – Service availability time (e.INE.g. L3 (IGP) • Redundancy should be planned based on target recovery time – Excessive redundancy slows convergence Copyright © 2010 Internetwork Expert.Internetwork Expert’s CCNP Bootcamp Gateway Redundancy Protocols & High Availability http://www. L2 (STP). etc.com .

INE.com Copyright © 2010 Internetwork Expert www. Inc www.g.INE.What is High Availability? (cont. IGP recovery in core – First Hop Redundancy in Access Layer • Technologies need to be synchronized – E.) • Hierarchical design separates network modules – Recovery in one module does not affect other modules • Different technologies could be used – E.com .g.com What is Gateway Redundancy? • End hosts typically do not “route” into the network. connectivity is lost • First Hop/Gateway Redundancy allows another device to take over for a host’s default gateway if it goes down – Transparent to the end host – No need for dual gateways in DHCP Copyright © 2010 Internetwork Expert. they default to their gateway • If the gateway is down.INE. FHRP selected GW should be aligned with STP root Copyright © 2010 Internetwork Expert. Inc www.

INE. Inc www. ARP for gateway Copyright © 2010 Internetwork Expert.com Network Failure and FHRPs Copyright © 2010 Internetwork Expert. Inc www.IP over Ethernet Review • ARP is the glue • When a HostA wants to communicate with HostB via IP… – If HostB is on my subnet… • Check the ARP cache for HostB’s MAC • If no MAC.com .com Copyright © 2010 Internetwork Expert www.INE.INE. ARP for HostB – If HostB is not on my subnet • Check the ARP cache for gateway’s MAC • If no MAC.

Inc www.How Gateway Redundancy Works • Multiple routers bundled in a group – Group represents virtual gateway – All routers know virtual gateway IP – Active physical router responds to ARP – Virtual MAC used in ARP responses • Hosts configured with default gateway IP equal to virtual IP • Routers exchange keepalive messages • Once active router goes down another one takes it place Copyright © 2010 Internetwork Expert.INE. Inc www.com .INE.INE.com Gateway Redundancy Protocols • Three protocols – Same major functionality – Difference enhancements – Different behind the scenes communication • Hot Standby Router Protocol (HSRP) • Virtual Router Redundancy Protocol (VRRP) • Gateway Load Balancing Protocol (GLBP) Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.

Inc www.INE.2 at port 1985 • Uses active/standby routers – Active forwards for virtual MAC – Standby checks to make sure active is up • If down take over the MAC • standby interface level command Copyright © 2010 Internetwork Expert.com .0.0.com VRRP Overview • Virtual Router Redundancy Protocol • Open standard per RFC 3768 – Communication with own multicast transport via IP protocol 112 to 224.HSRP Overview • Hot Standby Router Protocol • Cisco proprietary – Communication via UDP multicast to 224.18 • Uses master/backup routers – Master forwards for virtual MAC – Backup checks to make sure master is up • If down take over the MAC • vrrp interface level command Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.INE. Inc www.0.0.INE.

0.com .INE.INE. Inc www. Inc www.102 at port 3222 • Provides load balancing – One virtual IP address – Multiple virtual MAC addresses • Active Virtual Gateway (AVG) – Responds with virtual MACs • Active Virtual Forwarder (AVF) – Handles particular virtual MAC – AVFs backup each other – AVFs have weights assigned Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.GLBP Overview • Gateway Load Balancing Protocol • Cisco proprietary – Communication via UDP multicast 224.com Advanced FHRP Features • • • • Multiple groups per interface Authentication Preemption Interface Tracking and Enhanced Object Tracking – IP SLA integration Copyright © 2010 Internetwork Expert.0.INE.

Boolean combinations • GLBP supports weighting decrement based on tracking Copyright © 2010 Internetwork Expert. Inc www.com Object Tracking (cont. IP SLA Operations.) • Tracking object syntax track X – track – track – track – track x x x x interface ip route ip sla list boolean • The command track ip sla links object tracking to IP SLA Operation • IP SLA is mainly used for connectivity tracking with FHRP Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert www.INE.Object Tracking • Allows changing gateway priority based on tracked object state – Select activate gateway based on network conditions • Tracked objects could be – Routes in RIP.INE. Inc www.com .

0. HSRP) • standby 1 track x Copyright © 2010 Internetwork Expert.0.com R2 20.2/24 Copyright © 2010 Internetwork Expert www.) • Linking IP SLA operation FHRP – Create SLA operation • ip sla x – Schedule SLA operations • ip sla schedule x start-time – Create track objects • track x ip sla y – Configure FHRP to use objects (e.com .0. Inc www.g.INE.1/24 Copyright © 2010 Internetwork Expert. Inc www.0.com FHRP Example SW3 10.0.INE.254/24 VLAN 20 Fa0/13 Fa0/16 Fa 0/1 6 19 / 0 Fa Fa0/16 Fa0/19 SW1 Fa0/0 SW2 Fa0/2 Fa0/0 Fa0/1 R1 10.INE.0.0.254/24 VLAN 10 SW4 Fa0/19 Fa0/19 13 0/ Fa Fa 0 /1 6 20.Object Tracking (cont.0.

com Copyright © 2010 Internetwork Expert www.g.INE. RSP handles IP Routing exchange – Line cards/distributed fabric implement forwarding • RSP failure normally paralyzes data-plane forwarding • Redundant RSPs reduce the risk of failure – Switchover takes time Copyright © 2010 Internetwork Expert.com . Inc www. standby detects it and becomes active – Data-plane State is shared between RSPs – Control Plane need to be restarted in new RSP – Forwarding continues using “old” data-plane information (CEF table) • New RSP initializes and restarts IGP adjacencies • After restart.com Non-Stop Forwarding (cont) • Stateful Switchover with Redundant RSPs • When active RSP fails. CEF is updated based on new information Copyright © 2010 Internetwork Expert.Non-Stop Forwarding • Higher level platforms separate control plane from data plane modules – E.INE.INE. Inc www.

com .Non-Stop Forwarding (cont) • Peers should not notice IGP adjacency loss when RSP restarts – Otherwise.com Copyright © 2010 Internetwork Expert www.INE.INE. FIB tables are flushed Requires protocol extension to signal restart – Restart bit for EIGRP – Local Link Signaling for OSPF – BGP Graceful Restart Capability • SSO should be enabled per protocol configuration Copyright © 2010 Internetwork Expert. Inc www.

Inc www.com .INE.com Attack Mitigation Overview • What are common types of attacks? – Layer 2 attacks? – Layer 3 attacks? – Application attacks? • How do we detect them? • How do we stop them? Copyright © 2010 Internetwork Expert.Internetwork Expert’s CCNP Bootcamp Layer 2 Security http://www.com Copyright © 2010 Internetwork Expert www.INE.INE.

com .1q headers • Outside header is padding • Inside header is tagged with destination VLAN of victim Copyright © 2010 Internetwork Expert. Inc www. Inc www.1Q / ISL tagged frames into switched network in order to hop over VLAN barriers • Two variations – Host runs Dynamic Trunking Protocol (DTP) to actually form a trunk link with the adjacent switch – Host sends frames double tagged with 802.INE.INE. ever! – Unused ports should be assigned to unused non VLAN 1 VLAN – Native VLAN should be changed to new administrative VLAN Copyright © 2010 Internetwork Expert.VLAN Hopping Attack • Attacking host attached to Ethernet network sends 802.com Copyright © 2010 Internetwork Expert www.INE.com VLAN Hopping Mitigation • Host facing interfaces should not be dynamic ports – switchport mode access • Don’t use VLAN 1.

com CAM Attack Mitigation • Port Security – Limit the amount of source MAC addresses on a port – Limit the specific MAC address allowed on a port – Shut down the port or filter traffic if a violation occurs – Generate a syslog or SNMP trap for notification Copyright © 2010 Internetwork Expert.INE. Inc www.com Copyright © 2010 Internetwork Expert www.INE.CAM Table Attacks • Switch’s Content Addressable Memory (CAM) table associates destination MAC address with outgoing interface • If CAM table is full all unknown entries are treated like broadcast traffic – Forward out all ports in VLAN except the one it was received on • Attacker floods frames with random source MAC addresses until CAM table fills up • VLAN essentially turns into a hub Copyright © 2010 Internetwork Expert.INE.com . Inc www.

Inc www.INE.INE.INE.com .com Copyright © 2010 Internetwork Expert www.com DHCP Starvation Attack • DHCP server has finite IP address scope • Attacker sends flood of DHCP requests with spoofed source MAC addresses • DHCP server leases one IP address per MAC address until pool is depleted • Victim hosts are “starved” of a DHCP lease Copyright © 2010 Internetwork Expert.Man-in-the-Middle (MiM) Attack Copyright © 2010 Internetwork Expert. Inc www.

com .INE. Inc www.same starvation attack result Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www.DHCP Starvation Mitigation • Port Security – Limit the amount of source MAC addresses on a port – Limit the specific MAC address allowed on a port – Shut down the port or filter traffic if a violation occurs – Generate a syslog or SNMP trap for notification Copyright © 2010 Internetwork Expert.INE.com DHCP Starvation Variation • Port security can be used to limit number of MAC addresses on an interface • Attacker can’t generate DHCP requests with lots of source MAC addresses • Some DHCP implementation don’t use client source MAC address but instead use “Client Hardware Address” inside DHCP request payload • Attacker can keep source MAC address in Ethernet frame the same but change the source MAC address in the DHCP packet • Port security sees only one source MAC address . Inc www.INE.

com Copyright © 2010 Internetwork Expert www.DHCP Starvation Mitigation • DHCP Snooping • Listens for DHCP traffic between client and server • Builds IP to MAC mapping on a per interface basis • Additional DHCP requests are dropped on interfaces that already have IP to MAC binding in the snooping table Copyright © 2010 Internetwork Expert. or worse. Inc www.INE.com to phishing website Copyright © 2010 Internetwork Expert.INE.com Rogue DHCP Server Attack • DHCP requests are layer 2 broadcasts within the VLAN • By default anyone could reply to a host’s DHCP request • Can facilitate simple DoS.cisco. Inc www.INE. MiM attack • For MiM attacker replies to host’s request with… – Itself as default gateway • Sniff all traffic then forward to correct gateway • Transparent from victim perspective – Itself as DNS server • Redirect www.com .

Rogue DHCP Server Mitigation • DHCP Snooping
– Port connected to DHCP server is in snooping “trust” state – DHCP replies denied in all other ports

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Rogue DHCP Server Mitigation • If switches don’t support snooping…
– DHCP request uses UDP port 67 – DHCP reply users UDP 68 – Filter DHCP replies from all sources except DHCP server

• Can use port ACLs but VACLs would be more efficient

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

ARP Spoofing Attacks • ARP is normally request / reply protocol
– What is 1.2.3.4’s MAC address? – I’m 1.2.3.4, my MAC address is…

• Gratuitous is an unsolicited ARP reply
– Legitimate use is to refresh neighbors’ ARP cache – Illegitimate use is to spoof someone else’s MAC address – Can be used to facilitate MiM attack
Copyright © 2010 Internetwork Expert, Inc www.INE.com

ARP Attack Mitigation • DHCP Snooping & Dynamic ARP Inspection
– DHCP snooping builds IP and MAC binding table – When ARP replies are received the snooping table is checked to see if IP source and MAC address in ARP match – Malformed replies are dropped

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

MAC Spoofing Attack • Attacker simply modifies source MAC and/or IP address to look like someone else • From victim’s perspective it looks like legitimate host

Copyright © 2010 Internetwork Expert, Inc www.INE.com

MAC Spoofing Mitigation • IP Source Guard
– Works like Dynamic ARP Inspection but checks all packets instead of just ARP – Consults DHCP snooping table – If source IP address and MAC don’t match snooping table traffic is dropped

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

MAC Spoofing Mitigation • If switches don’t support IP Source Guard…
– Port security can be used to allow only specific source MAC address or limit number of MAC addresses allowed in the interface

Copyright © 2010 Internetwork Expert, Inc www.INE.com

802.1X Authentication • Used for username / password authentication between client and switch • Uses AAA w/ RADIUS for authentication • Stops illegitimate hosts from joining the network in the first place

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Private VLANs • Allow for layer 2 isolation and access control between ports within the same VLAN • Can span multiple switches • Example:
– Device A, B, C and D are in VLAN 10 – Device A should be allowed to communicate with device B, C, and D – Device B and C should be allowed to communicate with device A and each other – Device D should only be allowed to communicate with device A
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Private VLANs (cont.)
• Private VLANs use “sub-VLANs” within the primary VLAN for the layer 2 isolation
– Community – Isolated

• Sub VLANs contain port types…
– Promiscuous
• Can talk to all ports in the VLAN

– Isolated
• Can talk only to promiscuous ports

– Community
• Can talk to other ports in the same community and to promiscuous ports
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Layer 2 Security Q&A

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Internetwork Expert’s CCNP Bootcamp Layer 2 Voice & Video Support

http://www.INE.com

Power Over Ethernet • Required to centrally power small devices
– IP Phones – Access Point – Surveillance cameras

• PoE reduces Cabling requirements • Centralized power management • PoE compliant switches support power in Ethernet twisted pair
– Injectors could be used with other switches
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Inc www.Power Over Ethernet (cont.com Voice QoS Requirements • VoIP traffic has strict QoS requirements – In terms of Round Trip Time – In terms of Jitter – In terms of packet loss • Packet networks are statistically multiplexed – Oversubscription is possible – Even over engineered network may have traffic bursts over capacity • VoIP deployment requires QoS mechanics Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert www.INE.INE.com .1af • Newer devices support both methods • Automatic PoE requirement is detected • Every switch has PoE budget – Plan power usage in ahead • Configuration – Interface: power inline {auto|never} – Exec: show power inline Copyright © 2010 Internetwork Expert. Inc www.) • Two incompatible detection methods – Cisco Pre-Standard – IEEE 802.

com .g. ports numbers (via access-lists) – TCP/UDP ports • Could be based on flow characteristics – E. introduces traffic classes – E. traffic is metered and exceeding packets are classified as low priority Copyright © 2010 Internetwork Expert. data – Scales with large number of node • Classification is performed at the edge of network – Packet Marking preserves classification decision – All devices must agree on common marking • All devices should implement consistent QoS policy applied to classes Copyright © 2010 Internetwork Expert.INE. Inc www.INE. Inc www.DiffServ QoS Review • Instead of dealing with traffic flows.com DiffServ Classification • Could be based on existing marking – Layer 2 (Ethernet CoS) – Layer 3 (IP Precedence & DSCP) • Could be based on traffic characteristic – Protocol.g. “differentiate” voice vs.com Copyright © 2010 Internetwork Expert www.INE.

INE. different layer markings should be in sync – E.g. based on marking • Applies to traffic “classes” • Could be of three general types – Assured forwarding (reserves some bandwidth) – Expedited forwarding (priority treatment) – Best-Effort (no guarantees of any type) • Implemented using Cisco’s QoS tools Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert www.DiffServ Marking • Marking stores classification decision • To be interpreted by receiving device • Could be encoded differently – Layer 2 CoS – Layer 3 IP DSCP/IPP • To maintain consistency.INE.INE.com .com DiffServ Per-Hop-Behavior (PHB) • Actual policy implementation. having CoS 5 with IPP of 0 is not illegal but makes little sense Copyright © 2010 Internetwork Expert. Inc www.

IP Phone marking VoIP traffic • Trust boundary typically occurs on network edge • Untrusted ports by default have their marking reset to zero Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www. Inc www.Trust Boundaries • Accepting existing marking is called “trusting” – Simplest classification method – Saves configuration time and switch resources • Relies on some other device to perform classification – E. Inc www.INE.INE.INE.com .com Trust Boundary Examples Copyright © 2010 Internetwork Expert.g.

Configuring Trust Boundaries • Trust state is configured per-port with the mls qos trust command • Trust can be defined based on… – CoS – IP Precedence – DSCP • Conditional Trust – Based on CDP signaling (cisco-phone) • For ports connected to IP phones.INE. separate “extension” trust can be defined with switchport priority extend [cos | trust] Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www. Inc www.INE. Inc www.com Voice VLANs • Voice and Data traffic should be separated – Different Transport Requirements – Different Security Requirements • Same VLAN could be used but normally not recommended • Voice VLAN – AKA Auxiliary VLAN – Automatically Signaled to IP Phone via CDP – Configured using switchport voice vlan Copyright © 2010 Internetwork Expert.com .INE.

Inc www. Inc www.INE.INE.com Voice VLAN Variations SW1# interface FastEthernet0/1 switchport access vlan 20 switchport voice vlan 10 ! interface FastEthernet0/2 switchport access vlan 20 switchport voice vlan dot1p ! interface FastEthernet0/3 switchport access vlan 20 switchport voice vlan untagged ! interface FastEthernet0/4 switchport access vlan 20 switchport voice vlan none Copyright © 2010 Internetwork Expert.Voice VLANs (cont.) • A single physical link can connect to a phone and PC at the same time • Voice & data traffic must have some way of being differentiated • 802.com .com Copyright © 2010 Internetwork Expert www.1Q trunk encapsulation typically used for this separation • Also allows encoding of CoS value – Regular Ethernet header has no CoS field Copyright © 2010 Internetwork Expert.INE.

Layer 2 AutoQoS • Layer 2 AutoQoS simplifies QoS implementation for VoIP • Effectively a macro that defines… – Trust boundaries – Marking policy – Classification policy – Queueing policy • Configured as port-level auto qos voip [cisco-phone| cisco-softphone | trust] Copyright © 2010 Internetwork Expert.com Q&A Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert www.INE.INE. Inc www.com . Inc www.

com WLANs Overview • WLANs replace Physical (layer 1) and Data Link (layer 2) transports with wireless – Upper layer protocols like IP/TCP/UDP/etc.INE.INE.INE.com Copyright © 2010 Internetwork Expert www. Inc www.com . are not affected • Similar in many ways to legacy Ethernet – Uses MAC addresses for layer 2 addressing – WLAN is a shared media • • • • Access Point (AP) acts like a hub/repeater Uses same RF for transmit and receive Implies communication is half-duplex Collisions can occur Copyright © 2010 Internetwork Expert.Internetwork Expert’s CCNP Bootcamp Wireless LANs http://www.

INE.INE. wait Backoff duration • Else.com Copyright © 2010 Internetwork Expert www. transmission successful Copyright © 2010 Internetwork Expert.3 (Ethernet) uses CSMA/CD – Listen on the wire for Contention Window duration • If.11 (WLAN) uses CSMA/CA – Tries to avoid collisions before they happen • Uses Distributed Coordinated Function (DCF) with random Backoff timers to accomplish this – If ACK received.Collision Detection • 802. someone is transmitting. transmit – Listen for jam signal for Propagation Delay duration • If jam.INE. 802. transmission assumed successful • AP is responsible for ACKing client data Copyright © 2010 Internetwork Expert. but B & C are not in range of each other • Instead.com . collision occurred. Inc www. collisions can’t be detected… – Can’t listen while sending • Implies we can’t hear a jam signal – Possible “hidden terminal” problem • A is in range of B & C.com Collision Avoidance • In WLANs. Inc www. wait Backoff duration • Else.

INE. how many microseconds I need to transmit – Else • Wait for duration heard to expire plus DCF Inter Frame Spacing (DIFS) • Listen again for random Backoff duration – If free.com Copyright © 2010 Internetwork Expert www. collision will occur Copyright © 2010 Internetwork Expert.INE.com DCF Example • HostA listens on RF and finds it free – Packet sent with Duration X and DIFS Y • HostB listens and hears A sending – HostB must wait X + Y + random Backoff ZB • HostC listens and hears A sending – HostC must wait X + Y + random Backoff ZC • If ZB < ZC. transmit and advertise duration – Else. HostC sends next • If ZB = ZC. Inc www.e.INE. Inc www. wait for duration to expire plus DIFS plus random Backoff… • Since Backoff is random.Distributed Coordinated Function • DCF is the implementation of collision avoidance • Listen on RF channel – If free. HostB sends next • If ZC < ZB. unlikely that stations transmit at the same time Copyright © 2010 Internetwork Expert. transmit and advertise duration of frame • i.com .

com Copyright © 2010 Internetwork Expert www.INE.INE.com .com SSIDs and Modes • SSIDs fall into three categories and two modes based on who participates in the WLAN • Independent Basic Service Set (IBSS) – Ad hoc mode – Wireless clients without an Access Point • Basic Service Set (BSS) – Infrastructure mode – Wireless clients associated with the same Access Point • Extended Service Set (ESS) – Infrastructure mode – Wireless clients associated with multiple Access Points with the same SSID – Allows for advanced applications like transparent roaming Copyright © 2010 Internetwork Expert.INE. Inc www. stations can receive everyone’s traffic • WLANs are logically separated based on Service Set Identifier (SSID) value – Devices with mismatched SSIDs (generally) ignore each others traffic – Does not affect collision domain Copyright © 2010 Internetwork Expert.WLAN SSIDs • Ethernet LANs define who can talk to each other based on the broadcast domain (VLAN) • With WLANs.g. Inc www. everyone is in the same collision and broadcast domain – e.

load distribution. clients perform a negotiation process called “association” • Association steps are… – Client sends “probe request” to find AP – AP responds with “probe response” • AP can also send unsolicited “beacon” – Client starts association – AP accepts/rejects association – If successful.INE.com WLAN Topologies • Once association is complete.Wireless Association • In order to communicate with an AP. Inc www.INE.INE. transparent roaming.com Copyright © 2010 Internetwork Expert www. Inc www. etc. Copyright © 2010 Internetwork Expert. APs main job is to bridge traffic either… – Wired to wireless – Wireless to wireless • APs can performs different roles such as… – Bridges • Accept traffic in LAN and forward it to client • Used to translate between wired and wireless network • Can be point-to-point (Workgroup Bridge) or point-to-multipoint – Repeaters • Accept RF signal and resend it • Used to extend range of wireless network – Mesh topologies • Combination of both repeating and bridging • Used for fault tolerance. AP installs client’s MAC Copyright © 2010 Internetwork Expert.com .

Inc www.com WLAN Point-to-Point Bridging Topology Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert www.com . Inc www.WLAN Multipoint Bridging Topology LAN Copyright © 2010 Internetwork Expert.INE.INE.

Inc www.WLAN Repeaters Topology Copyright © 2010 Internetwork Expert.INE. Inc www.INE.com WLAN Mesh Topology LAN Copyright © 2010 Internetwork Expert.com .INE.com Copyright © 2010 Internetwork Expert www.

com Copyright © 2010 Internetwork Expert www.g. and then trunked back to the LAN via 802. VLAN 10 SSID “guest” with open access – E.g. but does create different logical segments – E. Aironet) can support multiple SSIDs per AP • SSIDs can be mapped to VLANs.com .WLAN VLAN Support • Enterprise APs (e.com WLAN VLAN Topology Copyright © 2010 Internetwork Expert.INE. Inc www.g. VLAN 20 SSID “private” with WPA2 Copyright © 2010 Internetwork Expert. Inc www.INE.1q • Does not separate the broadcast or collision domain.INE.

probes.com Lightweight WLANs • Split MAC means that LWAP and WLC share functionality that an autonomous AP performs on its own – LWAP • Actual RF transmission • Controls real-time operations – Beacons. VLANs. Security.com Copyright © 2010 Internetwork Expert www. VLAN. Inc www. authentication.com . etc. association. • CUWS adds scalability by separating the WLAN data plane and control plane into a “split MAC” design with two key components – Lightweight Access Points (LWAPs) – Wireless LAN Controllers (WLCs) Copyright © 2010 Internetwork Expert. etc. buffering. – WLC • Controls management and non real-time operations – SSIDs. etc. QoS. but in large deployment difficult to manage – Each AP requires manual config of parameters such as SSIDs. • LWAPs are now plug-and-play and require the WLC for operation Copyright © 2010 Internetwork Expert.Cisco Unified Wireless Solution • Standalone or “autonomous” APs are easy to install.INE. Inc www.INE.INE.

INE.INE.INE.com .11 frame and encapsulates inside Ethernet towards WLC • Implies LWAP and WLC must be in same VLAN & subnet – Layer 3 • LWAP receives 802.com Layer 2 LWAPP Topology IP Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert www. Inc www.LWAP to WLC Communication • All RF traffic an LWAP receives must first go to the WLC – Traffic forwarding paradigm now changes • Even for hosts associated to same AP – Tunneled with the Lightweight Access Point Protocol (LWAPP) • LWAPP tunnel can run in two modes – Layer 2 • LWAP receives 802.11 frame and encapsulates inside UDP towards WLC • Implies WLC can be anywhere as long as reachable Copyright © 2010 Internetwork Expert. Inc www.

INE.Layer 3 LWAPP Topology Copyright © 2010 Internetwork Expert.INE.INE. Inc www.com Copyright © 2010 Internetwork Expert www. Inc www.com Wireless Q&A Copyright © 2010 Internetwork Expert.com .

INE.INE.com IP Routing Overview • Three main steps – Routing • Find the outgoing interface – Switching • Move the packet between interfaces – Encapsulation • Build the layer 2 header • i.com Copyright © 2010 Internetwork Expert .www. Inc www.com Internetwork Expert’s CCNP Bootcamp IP Routing Overview http://www.e. layer 2 packet rewrite Copyright © 2010 Internetwork Expert.INE.

2.8 • 5.www.0/16 1.4.2.6 directly connected.3. Administrative Distance • If there are multiple longest matches from… – the same protocol • Metric used to decide between multiple routes from the same protocol – different protocols • Administrative distance used to decide between multiple routes from different protocols Copyright © 2010 Internetwork Expert.3.2.2 – 9. FastEthernet0/0 Copyright © 2010 Internetwork Expert.7.4 via 5.6 » 3.5.com Metric vs.com Copyright © 2010 Internetwork Expert .6.com The Routing Process • Step 1: Find the longest match – show ip route 1.INE.2.0.2 via 3.INE.1. Inc www.0.1.5.0/8 1.7.8 via 9.0.INE.4.0/24 Which route chosen? • Step 2: Perform recursive lookup – 1. Inc www.0.3.0.4 • • • • 1.6.

com Copyright © 2010 Internetwork Expert .com The Switching Process • Move the packet between interfaces • Where load balancing occurs • Switching Paths – Process – Fast – CEF –… Copyright © 2010 Internetwork Expert. Inc www. Inc www.INE.com Administrative Distance Reference Connected Static EIGRP Summary External BGP Internal EIGRP IGRP* OSPF IS-IS RIP EGP* ODR External EIGRP Internal BGP Infinite 0 1 5 20 90 100 110 115 120 140 160 170 200 255 *Deprecated Copyright © 2010 Internetwork Expert.INE.www.INE.

g.0.0 Serial0/0.3.0.g. Ethernet.com Routing to a Next-Hop vs.0. Inc www. PPP. Interface • To next-hop – e. ip route 10.0.0 255.g. layer 2 packet rewrite • Two different types of interfaces – Point-to-point • Only one possible destination • No need for layer 2 addressing • e.2.INE. etc. – Multipoint • More than one possible destination • Requires layer 3 to layer 2 resolution • e. HDLC.0 1.0.e.0 FastEthernet0/0 – No recursive lookup – Resolve layer 2 address for final destination • Ethernet Proxy-ARP • NBMA Mappings Copyright © 2010 Internetwork Expert.4 • To point-to-point interface – e.0.com The Encapsulation Process • Build the layer 2 header based on the outgoing media – i. etc.g. Copyright © 2010 Internetwork Expert.www.0.0 255.0.0.0 255.3.1 – No recursive lookup – Layer 2 resolution not required • To multipoint Interface – e.4 – Recursive lookup required – Resolve layer 2 address of 1. ATM.0.0.INE.INE.0. Frame Relay.com Copyright © 2010 Internetwork Expert . ip route 10. ip route 10. Inc www.2.g.

INE. Inc www.com IP Routing Q&A Copyright © 2010 Internetwork Expert.www.INE.com Copyright © 2010 Internetwork Expert .

Inc www.com Copyright © 2010 Internetwork Expert .INE.INE.com What is EIGRP? • Enhanced Interior Gateway Routing Protocol – Successor to Interior Gateway Routing Protocol (IGRP) • Cisco proprietary “hybrid” protocol – Both Distance Vector and Link State Behavior – Really “Advanced Distance Vector” • “Classless” protocol – Supports VLSM and summarization Copyright © 2010 Internetwork Expert.com Internetwork Expert’s CCNP Bootcamp Enhanced Interior Gateway Routing Protocol (EIGRP) http://www.www.INE.

Inc www.INE.www.com Why Use EIGRP? • Guarantees loop-free topology – Diffusing Update Algorithm (DUAL) • Fast convergence – Fastest of all IGP in certain designs • Reliable & Efficient Updating – Forms active neighbor adjacencies – Guarantees packet delivery with Reliable Transport Protocol (RTP) – Supports partial updates • Not all neighbors need all routes Copyright © 2010 Internetwork Expert.) • Multiple routed protocol support – IPv4.com Why Use EIGRP? (cont. but originally important in nonconverged networks • Granular Metric – Hybrid metric derived from multiple factors • Unequal Cost Load Balancing – Only IGP that supports true load distribution • Control Plane Security – Supports MD5 based authentication Copyright © 2010 Internetwork Expert. & Appletalk – Legacy now. IPX. Inc www.INE.com Copyright © 2010 Internetwork Expert .INE.

Inc www. Inc www.10 • Hello packets contain… – – – – Autonomous System Number Hold Time Authentication Metric Weightings (K values) • Neighbors found are inserted into EIGRP “neighbor table” – show ip eigrp neighbors • Neighbors that agree on attributes and exchange updates form active “adjacency” Copyright © 2010 Internetwork Expert.Discovering EIGRP Neighbors • EIGRP uses multicast “HELLO” packets to discover neighbors on EIGRP enabled attached links – Transport via IP protocol 88 (EIGRP) – Destination address 224.0.Discover EIGRP Neighbors Step 2 .Choose Best Path via DUAL Step 4 .INE.INE.com Step 1 .Neighbor and Topology Table Maintenance Copyright © 2010 Internetwork Expert.www.Exchange Topology Information Step 3 .0.com Copyright © 2010 Internetwork Expert .com How EIGRP Works • • • • Step 1 .INE.

Exchanging Topology Information • • • Once neighbors are found.10 or as unicast RTP uses sequence numbers and acknowledgements (ACKs) to ensure delivery Update messages describe attributes of a route – – – – – – – – – Prefix + Length Next-Hop Bandwidth Delay Load Reliability MTU Hop Count External Attributes • All routes learned from all neighbors make up the EIGRP “topology table” – show ip eigrp topology Copyright © 2010 Internetwork Expert. EIGRP uses complex “composite” metric to choose best path • Composite metric calculated from… – – – – – Administrative Weighting Bandwidth Delay Load Reliability • Path with lowest composite metric is considered best and installed in IP routing table • One or more backup routes can also be pre-calculated per destination • Only best route is advertised to other EIGRP neighbors Copyright © 2010 Internetwork Expert. Inc www.INE. Inc www.com Step 2 .INE.com Step 3 .0.INE.Choosing The Best Path • Once topology is learned.0. DUAL runs to choose loop-free best path to each destination • Unlike other protocols.www.com Copyright © 2010 Internetwork Expert . EIGRP “UPDATE” messages used to exchange routes – Sent as multicast to 224.

www. Inc www. DUAL recalculates new best path – If no alternate route. they become new best paths and are inserted in routing table • In this case EIGRP can have sub-second convergence – If no backup routes exist. route is declared “Stuck-In-Active” (SIA) and removed from topology table Copyright © 2010 Internetwork Expert.INE.Neighbor and Topology Table Maintenance • Unlike RIP or IGRP. prefix removed from topology table – If active timer expires and no REPLY received.com Copyright © 2010 Internetwork Expert .com Step 4 . DUAL must run again Copyright © 2010 Internetwork Expert. neighbor declared unreachable • When neighbor is lost… – Paths via that neighbor are removed from topology and routing table – If backup routes exist.INE. active EIGRP neighbor adjacency reduces convergence time in event of network failure • Adjacent neighbors’ hello packets contain “hold time” – If no hello is received within hold time.com DUAL Reconvergence • When best path is lost and no backup routes exist. route goes into “active” state and “active timer” starts – Stable routes not in active state are considered “passive” • EIGRP “QUERY” message is reliably sent to remaining neighbors asking if there is an alternate route • QUERY is propagated to all neighbors within EIGRP “query domain” or “flooding domain” – More on this later… • Neighbors respond with EIGRP “REPLY” packet indicating if alternate route is available – If alternate route exists. Inc www.INE.

com Copyright © 2010 Internetwork Expert .INE. Inc www. you are loop-free Copyright © 2010 Internetwork Expert.com EIGRP Loop Prevention • EIGRP guarantees loop-free topology through usage of… – Split Horizon • Don’t advertise routes out the link they came in on – DUAL Feasibility Condition • If your metric is lower than mine.INE.INE.com DUAL Terms in Detail • Successor – Best path to a destination • Feasible Distance (FD) – Composite metric of best path • Feasible Successor (FS) – Backup path to a destination • Advertised Distance (AD) – Composite metric learned from neighbor • Local Distance (LD) – Composite metric to reach local neighbor • Feasibility Condition (FC) – Criteria for valid backup paths Copyright © 2010 Internetwork Expert. Inc www.www.

com DUAL Path Selection in Detail • Once adjacency occurs and update messages are exchanged. path selection begins • Each update includes the metric the upstream router uses to reach destination (AD) • Local router knows the metric to reach each upstream router (LD) • Best path (successor) is chosen based on lowest AD + LD Copyright © 2010 Internetwork Expert.www.INE.INE. Inc www.INE.com Copyright © 2010 Internetwork Expert . Inc www.com DUAL Example Local Distance Advertised Distance Feasible Distance R1→R2→R5→X = 21 R1→R3→R5→X = 36 R1→R4→R5→X = 36 R1 10 11 R2→R5→X = 11 R2→R3→R5→X = 26 20 16 10 15 11 10 R2 R3→R5→X = 16 R3→R2→R5→X = 21 R3→R4→R5→X = 31 21 21 R4→R5→X = 21 R4→R3→R5→X = 26 16 10 R3 15 16 1 1 20 R4 1 R5 VLAN X 1 R5→X = 1 Copyright © 2010 Internetwork Expert.

you are closer to the destination and loop-free • Paths that meet the FC are Feasible Successors (FS) • Only Feasible Successors can be used for unequal cost load balancing Copyright © 2010 Internetwork Expert.INE. additional paths are examined for backup routes • Feasibility Condition (FC) finds loop-free backup routes via logic… – If AD < FD.com Feasibility Condition in Detail • Once best path is chosen.www.g.INE. path is loop-free and viable backup – e. if your metric is lower than mine.INE. Inc www. Inc www.com Feasibility Condition Example Local Distance Advertised Distance Feasible Distance R1→R2→R5→X = 21 R1→R3→R5→X = 36 R1→R4→R5→X = 36 FD = 21 Find routes with AD < 21 R1 X via R3 = 16 R3 is Feasible Successor 10 X via R4 = 21 11 R2→R5→X = 11 R2→R3→R5→X = 26 20 16 10 15 R4 IS NOT Feasible Successor 10 R3→R5→X = 16 R3→R2→R5→X = 21 R3→R4→R5→X = 31 21 R4→R5→X = 21 R4→R3→R5→X = 26 R2 R3 15 R4 10 20 R5 VLAN X 1 R5→X = 1 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .

K3 = 1.INE.INE. K4 = 0. metric = metric * [k5/(reliability + k4)] • “K” values allow for manual administrative weighting – Must match for adjacency to occur • Default K values are K1 = 1.com Composite Metric Calculation Example All Links FastEthernet BW = 100. Inc www.000Kbps DLY = 100µs R1→R2→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 R1→R3→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 R1→R4→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 Advertised Distance Feasible Distance 30720 30720 30720 R3→R5→X = (107 * 256 / 100000BW) + (20DLY * 256) = 30720 R3→R2→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 30720 30720 R3→R4→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 30720 30720 R4→R5→X = (107 * 256 / 100000BW) + (20DLY * 256) = 30720 R4→R3→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 28160 R2→R5→X = (107 * 256 / 100000BW) + (20DLY * 256) = 30720 R2→R3→R5→X = (107 * 256 / 100000BW) + (30DLY * 256) = 33280 28160 28160 R5→X = (107 * 256 / 100000BW) + (10DLY * 256) R5→X = 28160 Copyright © 2010 Internetwork Expert.www. K2 = 0. K5 = 0 – Implies default composite is bandwidth + delay – Reliability and load typically not used since they are constantly changing Copyright © 2010 Internetwork Expert. EIGRP metric is a hybrid value comprised of… – – – – Inverse lowest bandwidth along path in Kbps scaled by 107 * 256 Cumulative delay along path in tens of microseconds (µs) scaled by 256 Worst load along path Worst reliability along path • Composite metric is computed as… – metric = [k1 * bandwidth + (k2 * bandwidth)/(256 .com Copyright © 2010 Internetwork Expert .load) + k3 * delay] – If k5 != 0.INE.com Composite Metric Calculation in Detail • Unlike other IGPs’ hop count or BW-based cost. Inc www.

com Copyright © 2010 Internetwork Expert .www. Inc www.com Verifying Basic EIGRP • Verify EIGRP interfaces – show ip eigrp interfaces • Verify EIGRP neighbors – show ip eigrp neighbors • Verify EIGRP topology – show ip eigrp topology • Verify EIGRP routes in routing table – show ip route [eigrp] Copyright © 2010 Internetwork Expert. controls what interfaces run the protocol Copyright © 2010 Internetwork Expert.INE.INE.INE. Inc www.com Implementing Basic EIGRP • Initialize EIGRP process – router eigrp [asn] • Enable EIGRP on links – network [address] [wildcard] • Network statement does not control what is advertised.

Inc www.34 Fa0/0.4 R4 Fa0/0.1.1.INE.0 network 10.34.0/24 VLAN 35 10.4 0.255 no auto-summary R3#show run | section router eigrp 1 router eigrp 1 network 10.0.1.INE.1.1.35 10.com Basic EIGRP Configuration R1#show run | section router eigrp 1 router eigrp 1 network 10.0.0.1.1.0/24 VLAN 5 Copyright © 2010 Internetwork Expert.255 network 10.34 Fa0/0.0.255 network 10.0/24 VLAN 45 R5 Fa0/0.4 0.25 Fa0/0.1.23.0.45 Fa0/0.4.4 0.1.0.2.35 Fa0/0.5.0/24 VLAN 4 Fa0/0.4.1.1.0/24 VLAN 1 Fa0/0.0.23.0 0.12 10.0/24 VLAN 34 10. Inc www.1.0.0.0 0.0/24 VLAN 25 Fa0/0.35.com Implementing Basic EIGRP Example 10.0 0.0.INE.www.0.255.45.0/24 VLAN 12 R1 10.0.1 Fa0/0.0.0 no auto-summary R2#show run | section router eigrp 1 router eigrp 1 network 10.0.1.1.34.34.23 Fa0/0.0 0.45.0.com Copyright © 2010 Internetwork Expert .12.0.0 network 10.25.0 no auto-summary Copyright © 2010 Internetwork Expert.0.5 10.2 R2 Fa0/0.1.1.0.12 10.35.45 10.1.25 Fa0/0.0/24 VLAN 2 Fa0/0.0 no auto-summary R5#show run | section router eigrp 1 router eigrp 1 network 0.255 no auto-summary R4#show run | section router eigrp 1 router eigrp 1 network 10.0/24 VLAN 23 10.23 R3 Fa0/0.1.

d=10.12. proto=88 IP: s=10.0.12). d=224.14 0 0/0 R2#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Interface Peers Un/Reliable Fa0/0.12). len 68.1.1. sending broad/multicast.12.12). Inc www.www.12. proto=88 IP: s=10. len 40. d=10.com Copyright © 2010 Internetwork Expert .0.5 0 0/0 Fa0/0. len 77. d=224.12).10 (FastEthernet0/0.10.12).1 (local). proto=88 IP: s=10. proto=88 IP: s=10. sending R1(config-routbroad/multicast.1.1. len 60.12.0. s=10.1.12).12 1 0/0 Fa0/0.12.1.1.12. rcvd 2. d=10.12).2 (FastEthernet0/0. routed via RIB IP: s=10. len 320.12).12.1.1.0.12 1 0/0 Fa0/0.1.2 (FastEthernet0/0.1 (FastEthernet0/0.12.0.INE.45 1 0/0 Mean SRTT 0 8 0 0 Pacing Time Un/Reliable 0/1 0/1 0/1 0/1 Multicast Flow Timer 0 50 0 0 Pending Routes 0 0 0 0 Mean SRTT 0 4 6 9 Pacing Time Un/Reliable 0/1 0/1 0/1 0/1 Multicast Flow Timer 0 50 50 50 Pending Routes 0 0 0 0 Mean SRTT 6 1 8 Pacing Time Un/Reliable 0/1 0/1 0/1 Multicast Flow Timer 50 50 50 Pending Routes 0 0 0 Mean SRTT 1 0 4 Pacing Time Un/Reliable 0/1 0/1 0/1 Multicast Flow Timer 50 0 50 Pending Routes 0 0 0 Mean SRTT 0 13 15 7 Pacing Time Un/Reliable 0/1 0/1 0/1 0/1 Multicast Flow Timer 0 80 80 50 Pending Routes 0 0 0 0 Copyright © 2010 Internetwork Expert.1.35 1 0/0 Fa0/0.13 0 0/0 Fa0/0.10 (FastEthernet0/0.2 0 0/0 Fa0/0. rcvd 3.1 (local). routed via RIB IP: s=10. len 60. sending broad/multicast. len 60.1 (local).0.0 R1(config-router)#end R1# IP: s=10.1. d=224.1.4 0 0/0 Fa0/0. proto=88 IP: s=10. Inc www.2 (FastEthernet0/0.0.0.0. proto=88 IP: s=10. proto=88 IP: s=10.1).12. len 320.0.2 (FastEthernet0/0. sending. d=224. len 60.12.10.12).12).INE.2 (FastEthernet0/0.2 (FastEthernet0/0.34 1 0/0 Fa0/0.12). d=224.35 1 0/0 R4#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Interface Peers Un/Reliable Fa0/0. sending broad/multicast.12).12.12.0.12).1 (local). len 40.0.12.1.10 (FastEthernet0/0.0.25 1 0/0 R3#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Interface Peers Un/Reliable Fa0/0.1.1 (FastEthernet0/0.12.1 (FastEthernet0/0. proto=88 IP: s=10.1. proto=88 %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10. proto=88 <output omitted> Copyright © 2010 Internetwork Expert.1. d=224.2 (FastEthernet0/0.12) is up: new adjacency IP: tableid=0.1 (FastEthernet0/0.12). R1(config)#router eigrp 1 R1(config-router)#no auto-summary R1(config-router)#network 10.12).com EIGRP Interface Verification R1#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Interface Peers Un/Reliable Fa0/0.23 1 0/0 Fa0/0. s=10.1 (local).2 (FastEthernet0/0.0. d=224.12. rcvd 2.12. one per line.25 1 0/0 Fa0/0.1 0 0/0 Fa0/0. d=224.0.1.com EIGRP Packet Level Debug R1#debug ip packet detail IP packet debugging is on (detailed) R1#config t Enter configuration commands.0.23 1 0/0 Fa0/0. rcvd 2.0.34 1 0/0 Fa0/0.12). d=10. sending broad/multicast. rcvd 3.12.2 (FastEthernet0/0. proto=88 IP: tableid=0. len 77.1.0.INE. End with CNTL/Z.10.1.45 1 0/0 R5#show ip eigrp interfaces IP-EIGRP interfaces for process 1 Xmit Queue Interface Peers Un/Reliable Fa0/0.1 (local).10 (FastEthernet0/0.10 (FastEthernet0/0.12. d=10.

s . FastEthernet0/0. FastEthernet0/0.0/24.35.1.1.25 Fa0/0. FastEthernet0/0.23 P 10.25.2 P 10.12 P 10.3 (33280/30720).1.23 via 10.1.23.INE.2.1. FD is 33280 via 10.0/24.1.23.25.25.reply Status.0/24. Q .12.25 P 10.5 10.sia Status P 10.com Copyright © 2010 Internetwork Expert . FastEthernet0/0.1.1.34.0/24.1 10.1 (30720/28160).5 (30720/28160).35 Fa0/0. A .1.45 Fa0/0.23.1.2 10.34 Hold Uptime SRTT (sec) (ms) 14 01:27:30 122 13 01:27:44 35 RTO 732 210 Q Cnt 0 0 Seq Num 55 86 R5#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface 2 1 0 10.1.1.Update.5 10.34.23.23 via 10.3 (30720/28160). FD is 33280 via 10.0/24.1.1. 1 successors. FD is 28160 via Connected. FD is 30720 via 10. FD is 28160 via Connected.5 (33280/30720).35 Hold Uptime SRTT (sec) (ms) 11 01:27:33 12 13 01:27:33 1 13 01:27:33 5 RTO 200 200 200 Q Cnt 0 0 0 Seq Num 46 58 87 Copyright © 2010 Internetwork Expert.25 P 10.3 (30720/28160). FastEthernet0/0.1.1.2 Fa0/0. r .3 Fa0/0. U .0/24.INE. FD is 30720 via 10.12 Fa0/0.4 Fa0/0.35. FD is 30720 via 10.23.Reply.25.45.1.1. FastEthernet0/0.25 P 10.23.12 P 10.com EIGRP Topology Verification R2#show ip eigrp topology IP-EIGRP Topology Table for AS(1)/ID(10.25.23.0/24. FD is 28160 via Connected.1.2) Codes: P .12. FastEthernet0/0. 1 successors.25. Inc www. R .1.23 via 10.1.12.www.1. 1 successors. FastEthernet0/0.25. FD is 28160 via Connected.5 (30720/28160).1.12.25 P 10.5. FastEthernet0/0.12 Hold Uptime SRTT (sec) (ms) 11 00:03:10 17 RTO 200 Q Seq Cnt Num 0 57 R2#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface 2 1 0 10.0/24.1.INE.com EIGRP Neighbor Adjacency Verification R1#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface 0 10.14.23 Hold Uptime SRTT (sec) (ms) 11 00:03:18 10 10 01:27:25 1 11 01:27:38 1 RTO 200 200 200 Q Cnt 0 0 0 Seq Num 4 54 85 R3#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface 3 1 0 10.5 (30720/28160).1.13.0/24.0/24.1.3 (30720/28160). FastEthernet0/0.23. 1 successors.35.25.23 Copyright © 2010 Internetwork Expert. 1 successors.1.5 10. FastEthernet0/0.25 Fa0/0.3 (33280/30720).1.25.4 10.0/24.23 P 10.25 P 10.45 Fa0/0.0/24.1. FastEthernet0/0. FastEthernet0/0. 1 successors.1.1.45. 2 successors. 1 successors.2 10.Active.Passive.1. FD is 30720 via 10.34 Hold Uptime SRTT (sec) (ms) 11 01:27:28 42 11 01:27:41 18 10 01:27:41 69 RTO 252 200 414 Q Cnt 0 0 0 Seq Num 56 59 47 R4#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface 2 1 10.1.3 Fa0/0. 1 successors.1. 2 successors. 1 successors.1. FD is 30720 via 10.34. Inc www.23 Fa0/0.4.1.1. FastEthernet0/0. 2 successors. FastEthernet0/0.5 (33280/30720). FD is 30720 via 10.3 Fa0/0.25 P 10.Query.45.

5.1.3. FastEthernet0/0.13.0 [90/30720] via 10. 00:19:41.3 (FastEthernet0/0.25 10.periodic downloaded static route Gateway of last resort is not set 10.255. U .23 10.35. from 10. Send flag is 0x0 Composite metric is (33280/30720).25). 1 Successor(s). R .23 10.com EIGRP Routing Table Verification R2#show ip route Codes: C .25.1. FastEthernet0/0.0 [90/30720] via 10.3. FastEthernet0/0.3.23 10.34.5.25.1.IS-IS level-2 ia . S .25.candidate default. FastEthernet0/0.www.per-user static route o .4.1.25 10.0 [90/30720] via 10.1.23.static. 00:19:42.25 [90/30720] via 10. FastEthernet0/0.com EIGRP Topology Verification Detail R2#show ip eigrp topology 10.1.1.3.23.23). L2 .0 is directly connected.OSPF NSSA external type 1. 01:31:20.2. Inc www.0 IP-EIGRP (AS 1): Topology entry for 10.1.INE.12. L1 .23 10.1.EIGRP.5.25. FastEthernet0/0.25.3.23 10. from 10.45. FastEthernet0/0.1.0.1.IS-IS summary.25 [90/33280] via 10.EIGRP external.connected.0 [90/30720] via 10.INE.23.5. Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 300 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 2 Copyright © 2010 Internetwork Expert.0 [90/30720] via 10.0 255. Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 200 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 10. FastEthernet0/0.BGP D . 01:30:23.1.OSPF inter area N1 .IS-IS inter area.1. 00:19:41.1.0 is directly connected.IS-IS level-1. EX .5.OSPF NSSA external type 2 E1 .1.0 is directly connected.com Copyright © 2010 Internetwork Expert . * . FastEthernet0/0. B .1.1.OSPF external type 2 i . N2 .1. IA . FastEthernet0/0.1.12 10. Query origin flag is 1. FD is 30720 Routing Descriptor Blocks: 10.12. 12 subnets 10.25 10.23.2 10.1. 01:31:20. FastEthernet0/0. Send flag is 0x0 Composite metric is (30720/28160).5.mobile.1.25.3.ODR.14.25.23.5.OSPF external type 1.INE.0.23.23.25.1.0/24 State is Passive. O .RIP.1.5. P .5.1.12 10. FastEthernet0/0. FastEthernet0/0.1.23 D D C C D D D C C D D D Copyright © 2010 Internetwork Expert.0 [90/30720] via 10. 00:19:40. E2 . 00:19:40.0 [90/33280] via 10.OSPF. su .1.1. M .0/24 is subnetted.1.25 [90/33280] via 10.1.IS-IS.0 is directly connected. Inc www. FastEthernet0/0.1.255.23. 01:31:20.5 (FastEthernet0/0. 01:31:20. FastEthernet0/0.0 [90/33280] via 10. 00:07:41.1.

Inc www.0 255.0/0 prefix • default-information command in EIGRP does not behave the same as other protocols Copyright © 2010 Internetwork Expert.1.com EIGRP Routing Table Verification Detail R2#show ip route 10.com Copyright © 2010 Internetwork Expert .255. from 10.0/24 Known via "eigrp 1".5.INE.com EIGRP Default Routing • EIGRP supports default routing two ways – Candidate default network • ip default-network [network] – Native advertisement of 0.5.25.5.1.0. minimum MTU 1500 bytes Loading 1/255.255.5.25.1.www.0 Routing entry for 10.0. 01:30:53 ago Routing Descriptor Blocks: * 10.INE.25.5 on FastEthernet0/0.25.INE.1. via FastEthernet0/0. Hops 1 Copyright © 2010 Internetwork Expert. distance 90.1. metric 30720. Inc www.25 Route metric is 30720. traffic share count is 1 Total delay is 200 microseconds. 01:30:53 ago. minimum bandwidth is 100000 Kbit Reliability 255/255. type internal Redistributing via eigrp 1 Last update from 10.

00:31:29.0. L2 .IS-IS summary.2. 00:31:28.5.1.5.0.0/0 advertisement • Default network must be… – Dynamically learned through EIGRP – Not directly connected – Classful network • Limited application due to these restrictions Copyright © 2010 Internetwork Expert.0.1.3. FastEthernet0/0.5.0 [90/30720] via 10.1.OSPF NSSA external type 2 E1 .1. P .0/8 [90/156160] via 10. FastEthernet0/0.5.com Copyright © 2010 Internetwork Expert .5. 00:31:29.12.1.1. IA .12 10.0 ! router eigrp 1 network 1.1. FastEthernet0/0.45.1.0.1.1. FastEthernet0/0.connected.0 R2# ip default-network 1. 00:31:28. O .EIGRP.BGP D .OSPF external type 1.1.0 [90/30720] via 10.0 D* C C D D D C C D D D 1.OSPF NSSA external type 1.0.0 [90/30720] via 10.ODR.25.23 10.com IP Default-Network • Candidate default network is backwards compatible with IGRP – IGRP didn’t support native 0.1.RIP. FastEthernet0/0. 10 subnets 10.23. FastEthernet0/0.1. FastEthernet0/0.23 Copyright © 2010 Internetwork Expert. FastEthernet0/0.1.candidate default. M .12 10.1 to network 1.IS-IS level-2 ia .0 [90/30720] via 10.0 is directly connected.3. Inc www.25.12.12 10. 00:31:29. * .2 10.INE.1.25.0 [90/33280] via 10.INE.23.25 [90/30720] via 10.1.0.23.25 10.0 is directly connected. FastEthernet0/0.25.1. Inc www.1.0.OSPF.34. L1 .IS-IS.3. su .mobile.0.0/24 is subnetted. FastEthernet0/0.1 255. FastEthernet0/0.INE. N2 .1.23.1.0.IS-IS level-1.23 10.0 R2#show ip route Codes: C . FastEthernet0/0.0.0.per-user static route o .www.static. S .IS-IS inter area.0 [90/30720] via 10. B .1.12. 00:01:43.35.25. U .4.1. R .1.0.25 10.EIGRP external.OSPF inter area N1 .0 is directly connected.OSPF external type 2 i . 00:31:28.periodic downloaded static route Gateway of last resort is 10.25 [90/33280] via 10. FastEthernet0/0.12.23 10. 00:20:11. EX .0.0.0.25 10.com IP Default-Network Example R1# interface Loopback0 ip address 1.0 is directly connected.0. 00:31:29. E2 .

BGP D . FastEthernet0/0.INE.0 is directly connected.1.12.0.1. S . FastEthernet0/0.1 to network 0.IS-IS level-1.0/24 is subnetted.0 is directly connected. 00:34:51.5.25 10.1.ODR.1.35.25.12.0.1. E2 .0. FastEthernet0/0.0 [90/30720] via 10. FastEthernet0/0.25 [90/30720] via 10.5.0 [90/30720] via 10.23 10.5.0.EIGRP external. FastEthernet0/0.RIP. L2 .1. FastEthernet0/0.25 10.mobile.INE. FastEthernet0/0.com Copyright © 2010 Internetwork Expert .23.OSPF.0 Null0 R2#show ip route Codes: C .1.1. FastEthernet0/0.0.IS-IS.0 [90/33280] via 10.0 under EIGRP process – Redistribution from static or another protocol – Summarization Copyright © 2010 Internetwork Expert.23.com 0.0 [90/30720] via 10.0.5. 00:34:51. B .static. 00:34:51.3.1.INE.2. O .25 [90/33280] via 10.IS-IS level-2 ia .1.OSPF inter area N1 .0.1.com Native Default Advertisement • Native 0.12 10.1.0 [90/30720] via 10.25.25.34.1.1.12. R .0 [90/30720] via 10.23. su .connected. Inc www.0.0. 00:23:33.IS-IS summary. FastEthernet0/0.1.0 0. 00:34:50.3.periodic downloaded static route Gateway of last resort is 10.1.45.0.OSPF NSSA external type 1. L1 . FastEthernet0/0. * .25. FastEthernet0/0.12.0 10. FastEthernet0/0.0 is directly connected.5.EIGRP.0.25 10.0/0 network can be advertised via… – Static default route to an interface + network 0.1.per-user static route o .0.0.candidate default.0 is directly connected. N2 .23 0.0.1. U .23 10.OSPF external type 2 i .www.4. P .1. 10 subnets 10.0/0 [90/28160] via 10.OSPF NSSA external type 2 E1 .1. FastEthernet0/0. Inc www.1.23.2 10.0.0.OSPF external type 1.12 C C D D D C C D D D D* Copyright © 2010 Internetwork Expert.3. 00:34:50. 00:01:05.IS-IS inter area.0. EX .25.0 ! ip route 0.0/0 Advertisement Examples R1# router eigrp 1 network 0.1.12 10.1.23 10. IA . M . 00:34:51. 00:34:50.0.

00:38:17.0/0 [170/53760] via 10.BGP D . FastEthernet0/0.25 10. FastEthernet0/0.static. 00:36:10.OSPF NSSA external type 1.BGP D .OSPF external type 1.OSPF external type 1. B .0 [90/30720] via 10.1. S .1. 10 subnets 10.0 0.1.5.12. FastEthernet0/0.INE.IS-IS summary. FastEthernet0/0. FastEthernet0/0.IS-IS.1.23 0.ODR.0. 00:38:16.candidate default.) R1# router eigrp 1 redistribute static metric 100000 100 255 1 1500 ! ip route 0.1. N2 .OSPF.0/24 is subnetted.0 10.1.25.1.1.1. E2 .12. FastEthernet0/0. Inc www.0/0 Advertisement Examples (cont.1.1.0.0 [90/33280] via 10.12.1.IS-IS level-1.1. M .0 is directly connected.5.1.EIGRP external. FastEthernet0/0.0.1. IA .0 Null0 R2#show ip route Codes: C .1.1.0. FastEthernet0/0. 00:38:16. * .0 is directly connected. 00:38:16.12 10.0/0 [90/30720] via 10.25 [90/33280] via 10. N2 .OSPF NSSA external type 2 E1 .1.1.34.0 is directly connected.12 10.per-user static route o .12 C C D D D Copyright © 2010 Internetwork Expert.23 10.1.OSPF inter area N1 . FastEthernet0/0.23 D*EX 0.23 C 10.1.5.IS-IS summary.IS-IS level-2 ia .1.25 [90/33280] via 10.1.OSPF NSSA external type 2 E1 .1. su . U .3. FastEthernet0/0.0 0.12 C C D D C C D D D D* Copyright © 2010 Internetwork Expert.1.25. 00:36:11.0.0 [90/30720] via 10. FastEthernet0/0.0. FastEthernet0/0. O .25 D 10.1 to network 0. P .0 is directly connected.34.mobile.periodic downloaded static route Gateway of last resort is 10. FastEthernet0/0.23.0 is directly connected.0.0. FastEthernet0/0. U .1. 00:36:11.0.3.25.4.25. B .45. FastEthernet0/0.0 [90/30720] via 10.5.25 10.1 to network 0.25 10.1.25.23.0.23.0 [90/30720] via 10. FastEthernet0/0.0 [90/30720] via 10.3. FastEthernet0/0.0 5 R2#show ip route Codes: C .com Copyright © 2010 Internetwork Expert .12.0 10.35. FastEthernet0/0.IS-IS inter area.23 D 10.0.com 0.static. 00:38:17.OSPF external type 2 i .1.0 [90/30720] via 10. FastEthernet0/0.www.0.1.RIP. 00:36:11.INE.1.25.candidate default.EIGRP.45.5. R .25 [90/30720] via 10.ODR. 00:38:17.3.0 [90/30720] via 10. 00:00:26.0.25.0.com 0.0.25 C 10.1.0 is directly connected.1.23 D 10.12. * .mobile.IS-IS level-1. 00:38:17.EIGRP.12 10.OSPF NSSA external type 1.0.0.connected.2 10.0.) R1# interface FastEthernet0/0.0/0 Advertisement Examples (cont. FastEthernet0/0.5.OSPF.1.25.0 [90/30720] via 10. M . 00:36:10.25. S . FastEthernet0/0.12.1.12.0. FastEthernet0/0.0/24 is subnetted.1.4.0 [90/33280] via 10.25.23.0.RIP.IS-IS. IA .1. Inc www.5. L1 .25 [90/30720] via 10.3.1. O . P .23 10.1.0.25 10.1. 00:36:11. FastEthernet0/0.23.per-user static route o .12 ip summary-address eigrp 1 0.0.2.OSPF external type 2 i . EX .IS-IS level-2 ia .2 10. 9 subnets 10.5.23.5. su .23.1.connected. 00:00:27.1.1.periodic downloaded static route Gateway of last resort is 10. 00:36:10. 00:24:53.3.5. L1 .IS-IS inter area. L2 .OSPF inter area N1 .23.0 is directly connected.0 is directly connected. L2 .EIGRP external.0.0 [90/30720] via 10.2. R . FastEthernet0/0. EX . FastEthernet0/0.0.INE. E2 .23 10.35.

0.IS-IS summary.per-user static route o .2.RIP. R .23.23. IA .0 [90/30720] via 10.0.25.0.0 [90/30720] via 10. FastEthernet0/0.5.OSPF external type 1.25.2.1.1. FastEthernet0/0.BGP D . 00:49:16.0 [90/30720] via 10.255. L1 .1.23.5.1.1.255.0.mobile.23 10.com EIGRP Auto-Summary Example R1# interface Loopback0 ip address 1.0.static.1 ! interface Loopback2 ip address 1.0.3. O .periodic downloaded static route Gateway of last resort is not set D C C D D D C C D D D 1.ODR.www.EIGRP external.1.25.1.1 ! interface Loopback1 ip address 1.1.25 [90/30720] via 10.5.0/8 [90/156160] via 10.OSPF inter area N1 .0. FastEthernet0/0.45. FastEthernet0/0.0 255.0. 00:49:16.0.1.INE.3.0 is directly connected. FastEthernet0/0.0.255.255.IS-IS level-1.1 ! router eigrp 1 network 1.0 [90/33280] via 10.1.IS-IS inter area. FastEthernet0/0.0. B . FastEthernet0/0.0.12 10.1. 00:49:15.OSPF.INE.25.12.0 is directly connected. FastEthernet0/0.OSPF NSSA external type 1.1.12 10.0 [90/30720] via 10. 00:49:16.34. su .23 10. FastEthernet0/0.1.12. N2 .0 [90/30720] via 10.23 Copyright © 2010 Internetwork Expert.1.1.0 is directly connected.0 auto-summary 255.0 255.1 ! interface Loopback3 ip address 1.0.23.1.25 [90/33280] via 10.OSPF NSSA external type 2 E1 .1. FastEthernet0/0.1.25 10.3. P .0/24 is subnetted.2 10. L2 .candidate default.25 10.com EIGRP Summarization • EIGRP summarization (aggregation) serves two purposes – Minimize routing information needed in topology – Limit EIGRP query domain • More on this later • Process level auto-summary automatically summarizes to classful boundary when passing major network boundaries – On by default • Interface level ip summary-address eigrp [network] [mask] [AD] supports any bit boundary – Automatically suppresses subnet advertisements – Administrative Distance defaults to 5 to allow for floating summaries Copyright © 2010 Internetwork Expert. U .EIGRP.IS-IS level-2 ia .35. EX . 00:00:44.1. S . FastEthernet0/0. FastEthernet0/0.4.25.12. 00:49:15.1. 00:02:25.12 10.0.0 is directly connected. FastEthernet0/0. 00:49:16. Inc www. 00:49:15.0 255.3.OSPF external type 2 i .IS-IS.com Copyright © 2010 Internetwork Expert .INE. * .1.1.connected. E2 . Inc www.25 10.5.0 R2#show ip route Codes: C . M . 10 subnets 10.1.5.23 10.0.

1.0.1.0.0. Inc www.1.35.3. FastEthernet0/0.12.1.0.1.4.0 [90/33280] via 10.1 255.1.INE.34. 00:56:46.0.1.0.45.0 255. load balancing occurs • Only feasible successors are candidate for load balancing • Automatically calculated traffic share count causes links to be used in ratio proportional to their composite metrics Copyright © 2010 Internetwork Expert. 00:56:46.1.0. 00:05:01.0.www.5.2.com Copyright © 2010 Internetwork Expert . FastEthernet0/0.1 255.25 D 10.com EIGRP Load Balancing • EIGRP allows load distribution among unequal paths – Not the same as other IGPs load balancing among equal cost paths • Controlled by variance command – If feasible distance * variance > feasible successor.0.0. FastEthernet0/0.1.25 [90/33280] via 10. 00:56:46.5.255.0 ! interface Loopback2 ip address 1.INE.12 10.3. FastEthernet0/0. 00:56:46.0 ! interface FastEthernet0/0.0 5 ! router eigrp 1 network 1.1.1 255.23.0. FastEthernet0/0.252.1.5.0. FastEthernet0/0.25.0 [90/30720] via 10.1.25.12.0 no auto-summary R2#show ip route eigrp 1.255.1 255.0.23 D 10.0. FastEthernet0/0.0.25 D 10.23 Copyright © 2010 Internetwork Expert. 00:56:46.0 ! interface Loopback3 ip address 1. 10 subnets D 10.1.INE.1.0 [90/156160] via 10.12 D 10.0.255. FastEthernet0/0. 00:56:46.1.1.1.25.0/24 is subnetted.0 ! interface Loopback1 ip address 1.0 [90/30720] via 10.0 [90/30720] via 10. 00:56:46. FastEthernet0/0.0.3.1.25.1.0.255.0 [90/30720] via 10. 1 subnets D 1.5.0 [90/30720] via 10.23 D 10.25 [90/30720] via 10.3.0/14 is subnetted.0.23. 00:09:57.12 ip summary-address eigrp 1 1.com EIGRP Manual Summarization Example R1# interface Loopback0 ip address 1.0.23.5. Inc www.

25. Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 250 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 2 Copyright © 2010 Internetwork Expert.5 (FastEthernet0/0. 1 Successor(s).3.23.com EIGRP Unequal Cost Load Balancing BW = 100.1. from 10.1.com Copyright © 2010 Internetwork Expert .000Kbps DLY = 100µs Copyright © 2010 Internetwork Expert.1.23.5.000Kbps DLY = 100µs BW = 100.25.5.000Kbps DLY = 50µs BW = 100.INE.0/24 State is Passive.INE.35 delay 5 R2#show ip eigrp topology 10. from 10. Route is Internal Vector metric: Minimum bandwidth is 100000 Kbit Total delay is 200 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1500 Hop count is 1 10. Inc www.255.1. Send flag is 0x0 Composite metric is (30720/28160). Query origin flag is 1.25).1. FD is 30720 Routing Descriptor Blocks: 10.23). Inc www.0 IP-EIGRP (AS 1): Topology entry for 10.www.com EIGRP Unequal Cost Load Balancing R2# router eigrp 1 variance 2 R3# interface FastEthernet0/0.1.INE. Send flag is 0x0 Composite metric is (32000/29440).255.0 255.3 (FastEthernet0/0.5.

1.255.23. from 10.com EIGRP Link Utilization • EIGRP control plane traffic is allowed to use up to 50% of each interface’s configured bandwidth value • Can be adjusted with interface level ip bandwidth-percent eigrp [asn] [percent] • Can be an important design consideration when bandwidth is modified for routing policy. 00:03:39 ago. distance 90. traffic share count is 23 Total delay is 250 microseconds.3. metric 30720.1. via FastEthernet0/0. minimum bandwidth is 100000 Kbit Reliability 255/255.3 on FastEthernet0/0.5.23.25.5. via FastEthernet0/0. Inc www.23.3. or where WAN link circuit speeds don’t match underlying interface speeds (e. fractional T1) Copyright © 2010 Internetwork Expert.1.com Copyright © 2010 Internetwork Expert .com EIGRP Unequal Cost Load Balancing (cont. Hops 2 Copyright © 2010 Internetwork Expert.www. Inc www.0 255.25 Route metric is 30720.0 Routing entry for 10.5. from 10. Hops 1 10.0/24 Known via "eigrp 1".1.23.INE.1.) R2#show ip route 10.23 Route metric is 32000.25. type internal Redistributing via eigrp 1 Last update from 10.INE. 00:03:39 ago.255. traffic share count is 24 Total delay is 200 microseconds.1.g. 00:03:39 ago Routing Descriptor Blocks: * 10. QoS. minimum MTU 1500 bytes Loading 1/255. minimum MTU 1500 bytes Loading 1/255.1. minimum bandwidth is 100000 Kbit Reliability 255/255.5.INE.

key id = 1 EIGRP: Received HELLO on FastEthernet0/0.1.(always valid) [valid now] send lifetime (always valid) . Flags 0x0. Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 EIGRP: received packet with MD5 authentication.12 ip authentication mode eigrp 1 md5 ip authentication key-chain eigrp 1 EIGRP-KEY-CHAIN R2# key chain EIGRP-KEY-CHAIN key 1 key-string CISCO ! interface FastEthernet0/0. Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 Copyright © 2010 Internetwork Expert. adjacency cannot occur • Multiple keys can be configured for manual or automated key rotation – key-chain accept & send lifetime Copyright © 2010 Internetwork Expert.(always valid) [valid now] R1#debug eigrp packet hello EIGRP: Sending HELLO on FastEthernet0/0.INE.www.INE.12 AS 1. Inc www.com EIGRP Authentication Example R1# key chain EIGRP-KEY-CHAIN key 1 key-string CISCO ! interface FastEthernet0/0.2 AS 1.INE. Flags 0x0.12 ip authentication mode eigrp 1 md5 ip authentication key-chain eigrp 1 EIGRP-KEY-CHAIN R1#show key chain Key-chain EIGRP-KEY-CHAIN: key 1 -.com Copyright © 2010 Internetwork Expert .text "CISCO" accept lifetime (always valid) .com EIGRP Authentication • Routing control plane security is a must in today’s networks to prevent DoS and other attacks – EIGRP neighbor authentication prevents against malicious route injection attacks or errors in configuration • Configured Key ID and password are combined to generate MD5 hash – If MD5 hash does not match in Hello packets.12. Inc www.12 nbr 10.

Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 EIGRP: pkt authentication key id = 1.12 AS 1.2 (FastEthernet0/0. Flags 0x0.12) is down: Auth failure R1(config-keychain-key)#do debug eigrp packet hello EIGRP Packets debugging is on (HELLO) R1(config-keychain-key)# EIGRP: pkt key id = 1. Inc www.com EIGRP Authentication Troubleshooting R1#config t Enter configuration commands. End with CNTL/Z.INE. authentication mismatch <output omitted> R1(config-keychain-key)#do undebug all All possible debugging has been turned off R1(config-keychain-key)#no key 1 R1(config)#key chain EIGRP-KEY-CHAIN R1(config-keychain)#key 2 R1(config-keychain-key)#key-string WRONG_KEY_NUMBER R1(config-keychain-key)#do debug eigrp packet hello EIGRP Packets debugging is on (HELLO) R1(config-keychain-key)# EIGRP: Sending HELLO on FastEthernet0/0. Inc www. but software optimization can reduce convergence time and increase availability through – – – – Modifying hello/hold timers Ensuring Feasible Successors are available Topology reduction through summarization Query domain reduction through summarization & stub routing Copyright © 2010 Internetwork Expert.com EIGRP Scalability • EIGRP Scalability is a combined function of… – – – – Device CPU & memory Protocol timers Number of prefixes in topology Size of query domain • Physical resources are fixed.1.INE. one per line.INE.12. R1(config)#key chain EIGRP-KEY-CHAIN R1(config-keychain)#key 1 R1(config-keychain-key)#key-string WRONG_PASSWORD %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.www.com Copyright © 2010 Internetwork Expert . key not defined or not live Copyright © 2010 Internetwork Expert.

2. summarization terminates query domain for subnets of the summary – I.e.0/24.com EIGRP Summarization and Query Reduction • When a QUERY message is received from an EIGRP neighbor. the more likely SIA events are to occur and to cause network downtime • Occurrence of SIA events can be reduced by shrinking where QUERY message must be sent (i. if QUERY is received for 1. topology is checked for 1.0/24 exactly • If exact match is found but no Feasible Successors exist.3.e. “query domain”) through – EIGRP Summarization – EIGRP Stub Copyright © 2010 Internetwork Expert.2.3. a topology lookup occurs for an exact match of the prefix – I. and EIGRP neighbors are reset and must be re-established • The larger or more overloaded the network is.www. REPLY is sent immediately and new QUERY is not generated • Based on this logic.INE.INE.3.2. local device re-generates QUERY to all other neighbors – Process continues until REPLY is sent or SIA occurs • If exact match is not found.e.com EIGRP Query Domain and SIA • When an EIGRP route is lost and there are no Feasible Successors.0/16. prefix is declared “Stuck-in-Active” (SIA).INE.0. Inc www. if QUERY is received for 1. send REPLY and do not generate QUERY Copyright © 2010 Internetwork Expert. the route goes into “active” state and a QUERY message is sent to all neighbors • EIGRP state machine must wait for REPLY messages from all neighbors indicating either a new route or no route for the active prefix • If REPLY is not received before “active timer” expires.0/24.2.com Copyright © 2010 Internetwork Expert . but I have only 1. Inc www.

Seq 216/53 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 128-128 Copyright © 2010 Internetwork Expert.0.1.12.252.1.23 iidbQ un/rely 0/1 serno 135-135 EIGRP: Enqueueing QUERY on FastEthernet0/0.23 nbr 10. R1(config)#interface loopback0 R1(config-if)#shutdown R1(config-if)# EIGRP: Enqueueing QUERY on FastEthernet0/0.1.2 AS 1. REPLY) R2#debug eigrp packet query reply EIGRP Packets debugging is on (QUERY.12 iidbQ un/rely 0/1 serno 73-73 EIGRP: Enqueueing QUERY on FastEthernet0/0.12 nbr 10. Flags 0x0. Flags 0x0.1.12.12.12. Seq 201/228 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Received REPLY on FastEthernet0/0.com EIGRP Query/Reply Verification R1#debug eigrp packet query reply EIGRP Packets debugging is on (QUERY.12 nbr 10. REPLY) R1#config t Enter configuration commands. Flags 0x0.3 iidbQ un/rely 0/0 peerQ un/rely EIGRP: Sending QUERY on FastEthernet0/0.25 nbr 10. Flags 0x0.1. Flags 0x0. Flags 0x0.1.1.12 ip summary-address eigrp 1 1.INE. Seq 58/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Enqueueing QUERY on FastEthernet0/0. Flags 0x0.12 nbr 10.12 nbr 10. REPLY) R1#config t Enter configuration commands.1.23 AS 1.2 AS 1.INE.5 AS 1.1.23.12 nbr 10. Seq 53/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Enqueueing REPLY on FastEthernet0/0.3 AS 1. Seq 229/0 idbQ 0/0 iidbQ un/rely 0/0 serno 135-135 EIGRP: Enqueueing QUERY on FastEthernet0/0. Seq 53/0 idbQ 0/0 iidbQ un/rely 0/0 serno 73-73 EIGRP: Received REPLY on FastEthernet0/0. Flags 0x0. one per line. Seq 231/58 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 R2# EIGRP: Received QUERY on FastEthernet0/0.25 nbr 10. Seq 58/0 idbQ 0/0 iidbQ un/rely 0/0 serno 77-77 EIGRP: Received REPLY on FastEthernet0/0.12 AS 1.www.23 nbr 10. Seq 228/0 idbQ 0/0 iidbQ un/rely 0/0 serno 135-135 EIGRP: Enqueueing QUERY on FastEthernet0/0. Seq 216/53 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 %LINK-5-CHANGED: Interface Loopback0.2 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 73-73 EIGRP: Sending QUERY on FastEthernet0/0. End with CNTL/Z.1.1.2 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 77-77 EIGRP: Sending QUERY on FastEthernet0/0.0 5 R1#debug eigrp packet query reply EIGRP Packets debugging is on (QUERY.0 255.12 nbr 10.12 nbr 10.12. REPLY) R2#debug eigrp packet query reply EIGRP Packets debugging is on (QUERY.1 iidbQ un/rely 0/1 peerQ un/rely EIGRP: Sending REPLY on FastEthernet0/0. changed state to down R2# EIGRP: Received QUERY on FastEthernet0/0.1 AS 1. changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0.12 nbr 10.1 AS 1.12. one per line. Inc www.1. R1(config)#interface Loopback0 R1(config-if)#shutdown EIGRP: Enqueueing QUERY on FastEthernet0/0.1.12 AS 1.1 iidbQ un/rely 0/1 peerQ un/rely 0/0 serno 128-128 EIGRP: Sending REPLY on FastEthernet0/0.12.0.1 AS 1.23.25.25 AS 1.12 iidbQ un/rely 0/1 serno 77-77 EIGRP: Enqueueing QUERY on FastEthernet0/0. Flags 0x0.com EIGRP Query Reduction and Summarization R1# interface FastEthernet0/0.INE. Seq 231/58 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 serno 136-136 0/0 serno 135-135 0/0 serno 135-135 0/0 serno 135-135 0/0 serno 136-136 Copyright © 2010 Internetwork Expert.25 iidbQ un/rely 0/1 serno 135-135 EIGRP: Enqueueing QUERY on FastEthernet0/0.12.12.5 iidbQ un/rely 0/0 peerQ un/rely EIGRP: Sending QUERY on FastEthernet0/0. Seq 248/229 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Enqueueing REPLY on FastEthernet0/0.1 iidbQ un/rely 0/0 peerQ un/rely EIGRP: Received REPLY on FastEthernet0/0.12 iidbQ un/rely 0/1 serno 135-135 EIGRP: Enqueueing QUERY on FastEthernet0/0.1 AS 1.12 nbr 10. Flags 0x0.com Copyright © 2010 Internetwork Expert .1. Flags 0x0.12. Flags 0x0.1. End with CNTL/Z.25. Inc www.12 nbr 10.0.12.12 nbr 10.

INE.) • EIGRP Stub is used to inform adjacent neighbors that QUERY messages should not be sent to them • Useful whenever an EIGRP router is not used for transit for the rest of the network – Routes received by a stub router are not advertised to other adjacent neighbors • Process level eigrp stub [connected] [leak-map] [receive-only] [redistributed] [static] [summary] – Arguments control what prefixes can be advertised outbound Copyright © 2010 Internetwork Expert.com EIGRP Stub and Query Reduction (cont.www.com EIGRP Stub and Query Reduction • In certain physical topologies. Inc www. Inc www. the query domain extends to portions of the network that can never be used as alternate paths – QUERY/REPLY messages sent into these portions waste network resources and increase convergence time • Hub-and-Spoke Example: Copyright © 2010 Internetwork Expert.INE.INE.com Copyright © 2010 Internetwork Expert .

12 AS 1. Retrans: 0. Flags 0x0.2 AS 1.12 nbr 10. IPXSAP. Seq 80/0 idbQ 0/0 iidbQ un/rely 0/0 serno 103-103 EIGRP: Received ACK on FastEthernet0/0. Flags 0x0. Flags 0x0.com EIGRP Stub Verification R1# router eigrp 1 eigrp stub connected summary R2#show ip eigrp neighbors detail Fa0/0. SIAQUERY.12.12.2 AS 1. Inc www.12 nbr 10.2 Ack seq 333 iidbQ un/rely 0/0 peerQ un/rely 1/0 EIGRP: Sending ACK on FastEthernet0/0. REPLY. R1# EIGRP: Received UPDATE on FastEthernet0/0. Flags 0x0. Flags 0x0.INE.12. QUERY.12 nbr 10.4/1. R2(config)#interface Fa0/0.12.12 11 00:00:53 7 Version 12.12 nbr 10.1.1.2 AS 1.1.1. ACK.12 nbr 10. SIAREPLY) R2#config t Enter configuration commands. Prefixes: 4 Stub Peer Advertising ( CONNECTED SUMMARY ) Routes Suppressing queries RTO 200 Q Seq Cnt Num 0 61 R1#debug eigrp packet terse EIGRP Packets debugging is on (UPDATE.2 iidbQ un/rely 0/0 peerQ un/rely 0/0 serno 103-103 EIGRP: Sending QUERY on FastEthernet0/0.2 AS 1.12. PROBE.2. Seq 0/80 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 EIGRP: FastEthernet0/0. STUB.12.2 AS 1.1. one per line. Seq 333/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Enqueueing ACK on FastEthernet0/0. Flags 0x0. Seq 0/336 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 1/0 Copyright © 2010 Internetwork Expert.com EIGRP Stub Example EIGRP Stub Router Copyright © 2010 Internetwork Expert.12 IP-EIGRP neighbors for process 1 H Address Interface 0 Hold Uptime SRTT (sec) (ms) 10.1.12.INE.2 R2(config-subif)#shutdown End with CNTL/Z.com Copyright © 2010 Internetwork Expert .12 iidbQ un/rely 0/1 serno 103-103 EIGRP: Enqueueing QUERY on FastEthernet0/0. Retries: 0. Seq 336/80 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 EIGRP: Enqueueing ACK on FastEthernet0/0.1.1.12 multicast flow blocking cleared EIGRP: Received REPLY on FastEthernet0/0.12.12.www.12 nbr 10. Inc www.2 Ack seq 336 iidbQ un/rely 0/0 peerQ un/rely 1/0 EIGRP: Sending ACK on FastEthernet0/0.1.INE. REQUEST. Seq 0/333 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 1/0 EIGRP: Enqueueing QUERY on FastEthernet0/0.1 Fa0/0.12 nbr 10.12 nbr 10.

www.INE.com

EIGRP Q&A

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Internetwork Expert’s CCNP Bootcamp Open Shortest Path First (OSPF)

http://www.INE.com

What Is OSPF? • Open Shortest Path First • Open Standards Based Interior Gateway Routing Protocol (IGP)
– RFC 2328 “OSPF Version 2”

• Link-State Protocol
– Uses Dijkstra SPF Algorithm

• “Classless” Protocol
– Supports VLSM And Summarization

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Why Use OSPF? • Guarantees Loop-Free Topology
– All routers agree on overall topology – Uses Dijkstra SPF Algorithm for calculation

• Standards Based
– Inter-operability between vendors

• Large Scalability
– Hierarchy through “areas” – Topology summarization

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Why Use OSPF? (cont.) • Fast Convergence
– Actively Tracks Neighbor Adjacencies – Event Driven Incremental Updates

• Efficient Updating
– Uses reliable multicast and unicast updates – Non-OSPF devices do not need to process updates

• Bandwidth Based Cost Metric
– More flexible than static hop count
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Why Use OSPF? (cont.) • Control Plane Security
– Supports clear-text and MD5 based authentication

• Extensible
– Future application support through “opaque” LSA, e.g. MPLS Traffic Engineering

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Distance Vector Routing Review
• RIPv1/v2 & IGRP • Uses Bellman-Ford based algorithm • Routers only know what directly connected neighbors tell them
– “Routing by Rumor”

• Entire routing table periodically advertised on hop-by-hop basis
– Limits scalability

• Loop prevention and convergence time limitations
– Split-horizon, poison reverse, holddown timers, etc.
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Link State Routing Overview • OSPF & IS-IS • Uses Dijkstra Shortest Path First (SPF) based algorithm
– Guarantees loop-free calculation

• Attributes of connected links (link-states) are advertised, not routes
– Routers agree on overall picture of topology before making a decision

Copyright © 2010 Internetwork Expert, Inc www.INE.com

How Link State Routing Works
• Form adjacency relationship with connected neighbors • Exchange link attributes in form of Link State Advertisements (LSAs) / Link State Packets (LSPs) with neighbors • Store copy of all LSAs in Link State Database (LSDB) to form a “graph” of the network • Run Dijkstra algorithm to find shortest path to all links • Since all routers have same LSDB, all SPF calculations are loop-free
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

How OSPF Works • Step 1 – Discover OSPF Neighbors & Exchange Topology Information • Step 2 – Choose Best Path via SPF • Step 3 – Neighbor and Topology Table Maintenance

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Step 1 – Neighbor & Topology Discovery • Like EIGRP, OSPF uses “hello” packets to discover neighbors on OSPF enabled attached links
– Transport via IP protocol 89 (OSPF) – Sent as multicast to 224.0.0.5 or 224.0.0.6, or unicast
• More on this later…

• Hello packets contain attributes that neighbors must agree on to form “adjacency” • Once adjacency is negotiated, LSDB is exchanged
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Negotiating OSPF Adjacencies • OSPF adjacency occurs when connected neighbors use hello packets to agree on unique and common attributes • Not all OSPF neighbors actually form adjacency • Most OSPF configuration problems happen at this stage • Unique attributes include…
– Local Router-ID – Local Interface IP Address
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Negotiating OSPF Adjacencies (cont.) • Common attributes include…
– Interface Area-ID – Hello interval & dead interval – Interface network address – Interface MTU – Network Type – Authentication – Stub Flags – Other optional capabilities
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com Copyright © 2010 Internetwork Expert .com OSPF Hello Packets • OSPF routers periodically send hello packets out OSPF enabled links every hello interval • Hello packet contains – – – – – – – – – – Local Router-ID Local Area-ID Local Interface Subnet Mask Local Interface Priority Hello Interval Dead Interval Authentication Type & Password DR/BDR Addresses Options (e.com OSPF Adjacency State Machine • OSPF adjacency process uses 8 states to determine progress of adjacency establishment • Down – No hellos have been received from neighbor • Attempt – Unicast hello packet has been sent to neighbor.INE. Inc www. but they have not acknowledged a hello from me Copyright © 2010 Internetwork Expert. stub flags.) Router IDs of other neighbors on the link Copyright © 2010 Internetwork Expert.g. etc. Inc www. but no hello has been received back – Only used for manually configured NBMA neighbors (more on this later…) • Init – I have received a hello packet from a neighbor.INE.

) • Exchange – Local link state database is sent through DBD packets – DBD sequence number is used for reliable acknowledgement/retransmission • Loading – Link State Request packets are sent to ask for more information about a particular LSA • Full – Neighbors are fully adjacent and databases are synchronized Copyright © 2010 Internetwork Expert. where master has higher Router-ID – Master chooses the starting sequence number for the Database Descriptor (DBD) packets that are used for actual LSA exchange Copyright © 2010 Internetwork Expert.INE.INE.) • 2-Way – I have received a hello packet from a neighbor and they have acknowledged a hello from me – Indicated by my Router-ID in neighbor’s hello packet • ExStart – First step of actual adjacency – Master & slave relationship is formed.INE.com Copyright © 2010 Internetwork Expert . Inc www.com OSPF Adjacency State Machine (cont.com OSPF Adjacency State Machine (cont. Inc www.www.

I’m the Master.com Copyright © 2010 Internetwork Expert . I’m R1 with these attributes: Area-ID 0.INE.1. Here’s my Link State Database. Copyright © 2010 Internetwork Expert.com Step 2 – Choose Best Path via SPF • Once databases are synchronized. path selection begins • Each router’s LSAs include a “cost” attribute for each described link • Best path to that link is lowest end-to-end cost • Cisco’s implementation uses bandwidth based cost. LSA information complete. Inc www. Inc www.www. Router-ID 2.0. Router-ID 1. let’s use DBD Sequence Number “X” No. etc. Let’s use DBD Seq “Y” Here’s my Link State Database. etc.1. GigabitEthernet) Copyright © 2010 Internetwork Expert.0. I’m still waiting for info on LSA “A” Here’s LSA “A’s” information.1.com OSPF Adjacency Example Hello. Let’s use DBD Seq “Y” Okay.0.0.0.2. I’m the Master. but per RFC it is arbitrary – Default Cisco Cost = 100Mbps / Link Bandwidth – Reference bandwidth can be modified to accommodate higher speed links (e. State = Down State =2-Way Init State = No hellos sent or received State = ExStart R1 sends hello to R2yet. State = Exchange R2 acknowledges R1’s hello State = Loading DBD Seq Number is State = negotiated Full Database Descriptor Packets areto exchanged Send Link State Request get more info Adjacency Established & packets Databases Synchronized Hello R1.g. I’m Slave.0. my Router-ID is higher than yours. I’m R2 with these attributes: Area-ID 0.INE.2.INE.2.

Inc www. you know all paths.com Copyright © 2010 Internetwork Expert .INE. including your neighbor’s unused paths • Dijkstra’s SPF algorithm ensures that all routers agree on the same routing path.com SPF Calculation Overview • To find the SPT.com Why SPF is Needed • With distance vector routing. you only know your neighbor’s best path • With link-state routing.INE. Inc www.INE. even though they make independent decisions • Result of SPF is called the Shortest Path Tree (SPT) Copyright © 2010 Internetwork Expert.www. SPF uses three internal data sets: – Link State Database • All paths discovered from all neighbors – Candidate Database • Links possible to be in the Shortest Path Tree – Tree Database • Actual SPT once calculation is complete Copyright © 2010 Internetwork Expert.

Neighbor ID.e.g. with a cost of zero to itself • Step 2 – Find the links to all local neighbors and add them to the Candidate database • Step 3 – Take the lowest cost branch from the Candidate database and move it to the Tree database Copyright © 2010 Internetwork Expert. Cost) – e. Inc www.INE.) • Entries in the Candidate and Tree databases describe individual branches of the tree between two nodes • Denoted as (Router ID.cost). Inc www. the branch between R1 and R2 with a cost of 10 is denoted as (R1.www.com SPF Calculation Logic • Step 1 – Start by setting the local router as the “root” of the SPT.INE.Rn.R2.INE.com Copyright © 2010 Internetwork Expert .10) • R1’s ultimate goal is to build tree with entries (R1. where Rn is every node in the topology – i. calculate the shortest path from R1 to everywhere Copyright © 2010 Internetwork Expert.com SPF Calculation Overview (cont.

R3. (R1.40 R5.5 R3.com SPF Calculation Logic (cont.5 R2. go to Step 3.R4. Inc www.40 R3.10 Cost 10 20 30 15 50 25 40 35 R1.0 R1.20 R4. Cost With to Discard Candidate Candidate Of Lower to View 0 Candidate Them. Candidate R1.R2.R3. (R1. with the exception of any links that go to a neighbor already in the Tree database • Step 5 – If the Candidate database is not empty.40 R5.R3.10) In Tree.10 R1.10 R1.R4.10 R3.20 R1.10) (R2.R4. List Reach List For Discard Discard List Itself. To Resulting Cost.INE.www.5 R3.10 R4.5 R3.R3. otherwise SPF is complete and the Tree database contains the SPT Copyright © 2010 Internetwork Expert.5) (R3.10) In Than Tree Tree In In R1 List and Has Move Move Tree and Check Tree.R5.R5. It It Lower From FromCandidate.10 R4.com Copyright © 2010 Internetwork Expert .25 R5.25 R4.R5.R1.R1.R4.20 R1. (R4.R5. Than Candidate.R1.R5.R5.R2.INE.20) With Not Not Higher Already Already to Already R1 SPF to Already To Tree Tree As Cost Candidate Already Calculation In Exists Root. Complete. Costs Tree.10 R3.R3.R4.R3.R4.INE.R4.R1.R2.30 R2.com SPF Calculation in Detail Tree R1.10 R2. Inc www.) • Step 4 – For the branch just moved to the Tree database do the following – Find the remote node’s links connecting to other neighbors – Move all these links to the Candidate database.30 R2.10 Cost 0 10 15 25 35 Shortest Step 12 11 9 1 14 3 5 8 6 10 2 4 7 13 –– Lowest Next Add Find Move Path All Find Candidates Move of Candidates All R2’s R3’s R4’s Lowest Tree Lowest R5’s R5’s Lowest Candidate OfNeighbors Initializes R1’s Neighbors Neighbors Candidate List Candidate Candidate Neighbors Have Empty.30 R4.R3.R2.10 Copyright © 2010 Internetwork Expert.R3.R2.10 R3.10 R2.R5.25 R2.R2.R3. Tree.R5.

Inc www.INE. the neighbor is declared down – Defaults to 4 times hello interval – Can be as low as 1 second for fast convergence Copyright © 2010 Internetwork Expert.www. OSPF state machine tracks neighbor and topology changes • Hello packets used to track neighbor changes • LSA fields used to track topology changes Copyright © 2010 Internetwork Expert. Inc www.com Tracking Neighbor Changes • Hello packets continue to be sent on each OSPF enabled link every hello interval – 10 or 30 seconds by default depending on interface type • If a hello packet is not received from a neighbor within dead interval.com Copyright © 2010 Internetwork Expert .INE.INE.com Step 3 – Neighbor & Topology Maintenance • Once adjacencies established and SPT built.

com Tracking Topology Changes • When a new LSA is received it is checked against the database for changes such as… – Sequence number • Used to track new vs old LSAs – Age • Used to keep information new and withdraw old information • Periodic flooding occurs after 30 minutes – “paranoid” update • LSAs that reach maxage (60 minutes) are withdrawn – Checksum • Used to avoid transmission & memory corruption Copyright © 2010 Internetwork Expert.INE.com LSA Flooding • When change is detected new LSA is generated and “flooded” (sent) out all links – OSPF does not use split horizon • Not all LSA changes require SPF to recalculate – e.www.INE. The Flooding Procedure” for details Copyright © 2010 Internetwork Expert. Inc www.g. link up/down event vs.com Copyright © 2010 Internetwork Expert . seq number change – See RFC 2328 “13. Inc www.INE.

g.com OSPF Network Types • • • • • • Broadcast Non-Broadcast Point-to-Point Point-to-Multipoint Point-to-Multipoint Non-Broadcast Loopback Copyright © 2010 Internetwork Expert.INE.www. PPP • OSPF defines different “network types” to deal with different media characteristics • OSPF network types control… – How updates are sent – Who forms adjacency – How next-hop is calculated Copyright © 2010 Internetwork Expert. Inc www.com OSPF Media Dependencies • Unlike EIGRP. Inc www.INE. OSPF behavior changes depending on what type of media it is configured on – e. Frame Relay vs.com Copyright © 2010 Internetwork Expert . Ethernet vs.INE.

com Copyright © 2010 Internetwork Expert .5 (AllSPFRouters) – 224. Inc www.com DR / BDR Overview • Designated Router (DR) – Used on broadcast links to • Minimize adjacencies • Minimize LSA replication • Backup Designated Router (BDR) – Used for redundancy of DR • DROthers – All other routers on link – Form full adjacency with DR & BDR – Stop at 2-Way adjacency with each other • DR / BDR chosen through election process Copyright © 2010 Internetwork Expert.www. Inc www.0.0.INE.6 (AllDRouters) • Performs Designated Router (DR) & Backup Designated Router (BDR) Election Copyright © 2010 Internetwork Expert.com OSPF Network Broadcast • ip ospf network broadcast • Default on multi-access broadcast medias – Ethernet – Token Ring – FDDI • Sends hellos and updates as multicast – 224.INE.INE.0.0.

com Adjacency With DR/BDR With DR/BDR Adjacency Needs are n+(n-1) DR BDR Copyright © 2010 Internetwork Expert.www.com Copyright © 2010 Internetwork Expert .INE.INE. Inc www.com Adjacency Without DR/BDR Without DR/BDR Adjacency Needs are n(n-1)/2 Copyright © 2010 Internetwork Expert. Inc www.INE.

com LSA Replication Without DR/BDR R3’s Single LSA Advertisement is Received 4 Times On Each Router Copyright © 2010 Internetwork Expert.5 • Prevents constant forwarding of unneeded LSAs on the segment • BDR does not forward LSUs. Inc www.0.com Copyright © 2010 Internetwork Expert .INE.0.INE.INE.www. Inc www.6 • DR forwards LSUs to DROthers via multicast 224.0.0. only waits for DR to fail Copyright © 2010 Internetwork Expert.com LSA Replication with DR/BDR • DROthers send LSUs to DR/BDR via multicast 224.

0.0.INE. Inc www.INE.6 Copyright © 2010 Internetwork Expert.com DR / BDR Election • Election based on interface priority and Router-ID – Priority • 0 – 255 • Higher better • 0 = never – Router-ID • Highest loopback / interface IP • Can be statically set • Higher better • No preemption unlike IS-IS’s DIS Copyright © 2010 Internetwork Expert. Inc www.0.0.com LSA Replication With DR/BDR R3’s LSA Advertisement is Minimized with Use of DR/BDR DR BDR 224.5 224.com Copyright © 2010 Internetwork Expert .INE.www.

Inc www.25 Copyright © 2010 Internetwork Expert.INE.www.com Copyright © 2010 Internetwork Expert .e.5 • No DR/BDR Election • Supports only two neighbors on the link Copyright © 2010 Internetwork Expert.INE.0.com OSPF Network Point-to-Point • ip ospf network point-to-point • Default on point-to-point medias – HDLC / PPP • Sends hellos as multicast – 224.0.com OSPF Network Non-Broadcast • ip ospf network non-broadcast • Default on multipoint NBMA medias – Frame Relay / ATM • Sends hellos as unicast – Manually defined addresses with neighbor command • Performs DR/BDR Election • Originally designed for legacy networks that didn’t support broadcast transmission – i. X. Inc www.INE.

com Copyright © 2010 Internetwork Expert .0.INE. but sends hellos as unicast • Sends hellos as unicast – Manually defined addresses with neighbor command • No DR/BDR Election • Special next-hop processing Copyright © 2010 Internetwork Expert.INE.com Point-to-Multipoint Non-Broadcast • ip ospf network point-tomultipoint non-broadcast • Same as point-to-multipoint.com OSPF Network Point-to-Multipoint • ip ospf network point-to-multipoint • Treats network as a collection of point-to-point links • Sends hellos as multicast – 224.www.INE.5 • No DR/BDR Election • Special next-hop processing • Usually best design option for partial mesh NBMA networks Copyright © 2010 Internetwork Expert. Inc www.0. Inc www.

com Implementing Basic OSPF • Enable the OSPF process – router ospf [process-id] • Process-id locally significant • Must be an “up/up” interface running IP to choose Router-ID from • Enable the interface process – Process level • network [address] [wildcard] area [area-id] – Interface level • ip ospf [process-id] area [area-id] Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert .INE. Inc www.INE.www.INE.com OSPF Network Loopback • Special case for Loopback and Loopedback interfaces • Advertises link as /32 stub host route • ip ospf network point-to-point used to disable this behavior Copyright © 2010 Internetwork Expert.

255.2.0.255.0.com Copyright © 2010 Internetwork Expert .0. new versions support interface level enabling as alternative Copyright © 2010 Internetwork Expert.0. Inc www.com OSPF Network Statement • Like EIGRP.3.255.0.com Verifying Basic OSPF • Verify OSPF interfaces – show ip ospf interface • Verify OSPF neighbors – show ip ospf neighbors • Verify OSPF topology – show ip ospf database • Verify OSPF routes in routing table – show ip route [ospf] Copyright © 2010 Internetwork Expert.255 area 0 0.0 1.0.INE.www.4 255.3. Inc www. enables OSPF on the interface • Wildcard mask does not relate to subnet mask • Most specific match wins – – – – – network network network network network 0.0 1.0.0.0 1.0 area 4 • Source of common confusion.2.0.255 area 2 0.2.INE.255 area 1 0.255.255.255 area 3 0.INE.0.0 1.

1.0 0.1.0/24 VLAN 6 40 5 5 20 Copyright © 2010 Internetwork Expert.255.255.0 255.INE.0.0.0.0 0.com OSPF Configuration Example 10.255 area 0 R4# router ospf 1 network 10.1.245.255 area 0 R2# router ospf 1 network 10.245.1.0.0.0 0.255.4 0.255 area 0 network 10.0.4.4 R6# interface Loopback0 ip ospf 1 area 0 ! interface FastEthernet0/0 ip ospf 1 area 0 ! interface FastEthernet0/1 ip ospf 1 area 0 Copyright © 2010 Internetwork Expert.255 area 0 neighbor 10.INE.0.0.0 area 0 R5# router ospf 1 network 0. Inc www.0.255.com Copyright © 2010 Internetwork Expert .0.www.1.0.4 0.146.0.0 area 0 network 10.0.com Basic OSPF Configuration R1# router ospf 1 network 10.0.0.INE.1.0 0.1.1.255.2 neighbor 10. Inc www.1.146.0.60.255 area 0 network 10.0.0 area 0 network 10.255 area 0 R3# router ospf 1 network 10.13.1.0.1.245.0 0.4 0.

1.1. Hello 10.6.1.1.1.6/24 Cost 1 1 1 State LOOP DR DR Nbrs F/C 0/0 0/0 2/2 Copyright © 2010 Internetwork Expert.245. Router ID 10.1. Dead 40.1. maximum is 2 Last flood scan time is 4 msec.245.1/24 10.50.1.1.6/24 10.com Verifying OSPF Interfaces R1#show ip ospf interface brief Interface PID Area Fa0/0 1 0 Se0/1 1 0 Lo0 1 0 R2#show ip ospf interface brief Interface PID Area Lo0 1 0 Se0/0 1 0 Fa0/0 1 0 R3#show ip ospf interface brief Interface PID Area Lo0 1 0 Se1/2 1 0 Fa0/0 1 0 R3# R4#show ip ospf interface brief Interface PID Area Lo0 1 0 Se0/0 1 0 Fa0/0 1 0 R5#show ip ospf interface brief Interface PID Area Lo0 1 0 Se0/0 1 0 Fa0/0 1 0 R6#show ip ospf interface brief Interface PID Area Lo0 1 0 Fa0/1 1 0 Fa0/0 1 0 IP Address/Mask 10.6.6 (Designated Router) Suppress hello for 0 neighbor(s) Copyright © 2010 Internetwork Expert.1.1.3/24 Cost 1 781 1 State LOOP P2P DR Nbrs F/C 0/0 1/1 1/1 IP Address/Mask 10.4.1/24 10.3/24 10.4 Timer intervals configured.146.146.2/24 Cost 1 64 1 State LOOP BDR BDR Nbrs F/C 0/0 1/1 1/1 IP Address/Mask 10. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1.13.5. maximum is 8 msec Neighbor Count is 2.1.146.5/24 10.2/24 10.3/24 10.1.4/24 Cost 1 64 1 State LOOP BDR BDR Nbrs F/C 0/0 1/1 2/2 IP Address/Mask 10.4.6.1. Network Type BROADCAST.com Copyright © 2010 Internetwork Expert . State DROTHER.1.5/24 10. line protocol is up Internet Address 10.4.com Verifying OSPF Broadcast Interface Detail R1#show ip ospf interface Fa0/0 FastEthernet0/0 is up.1.1/24. Wait 40.1.23.13.1.146. Area 0 Process ID 1. Cost: 1 Transmit Delay is 1 sec.1.www. Interface address 10.60.146.4.5/24 Cost 1 64 1 State LOOP DR DR Nbrs F/C 0/0 2/2 0/0 IP Address/Mask 10. Inc www.INE.1.1.1. Adjacent neighbor count is 2 Adjacent with neighbor 10.2.3.1.1/24 Cost 1 64 1 State DROTH P2P LOOP Nbrs F/C 2/2 1/1 0/0 IP Address/Mask 10. Priority 1 Designated Router (ID) 10.4/24 10.1.6/24 10.146.4 (Backup Designated Router) Adjacent with neighbor 10.1.1.INE.1.INE. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:05 Supports Link-local Signaling (LLS) Index 3/3. Interface address 10.23.1.245.6 Backup Designated router (ID) 10.4/24 10.1. Inc www.6.2/24 10.

Network Type NON_BROADCAST. Dead 40.1. Wait 40.245. Area 0 Process ID 1. State DR. Wait 120. maximum is 0 msec Neighbor Count is 2.com Verifying OSPF Point-to-Point Int Detail R1#show ip ospf interface Serial0/1 Serial0/1 is up. Interface address 10. maximum is 6 Last flood scan time is 0 msec. Router ID 10. Retransmit 5 oob-resync timeout 120 Hello due in 00:00:24 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 2/2.INE. maximum is 1 Last flood scan time is 4 msec.1/24. Inc www. Timer intervals configured.1.5. Hello 10.1. Priority 1 Designated Router (ID) 10. Router ID 10.5 Backup Designated router (ID) 10.5.1.1. Network Type POINT_TO_POINT. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:02 Supports Link-local Signaling (LLS) Index 2/2.3.5.4. line protocol is up Internet Address 10. Adjacent neighbor count is 1 Adjacent with neighbor 10. Cost: 64 Transmit Delay is 1 sec.4 (Backup Designated Router) Suppress hello for 0 neighbor(s) Copyright © 2010 Internetwork Expert.INE.1.245.4 Timer intervals configured. line protocol is up Internet Address 10. Dead 120. Hello 30. maximum is 4 msec Neighbor Count is 1.1.5.1.2. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1.1.www.3 Suppress hello for 0 neighbor(s) Copyright © 2010 Internetwork Expert. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1. Area 0 Process ID 1.4.13.1.5/24.4.com Verifying OSPF Non-Broadcast Int Detail R5#show ip ospf interface Serial0/0 Serial0/0 is up. Inc www.com Copyright © 2010 Internetwork Expert . Adjacent neighbor count is 2 Adjacent with neighbor 10. Interface address 10. State POINT_TO_POINT.245.1.2 Adjacent with neighbor 10. Cost: 64 Transmit Delay is 1 sec.1.INE.1.

0. Cost: 1 Loopback interface is treated as a stub Host Copyright © 2010 Internetwork Expert.146.www. proto=89 Copyright © 2010 Internetwork Expert. Inc www.INE. d=224.com Verifying OSPF Loopback Int Detail R1#show ip ospf interface Loopback0 Loopback0 is up.146.3 (Serial0/1). proto=89 IP: s=10.INE.1. Inc www.6 (FastEthernet0/0). d=224.com OSPF Packet Level Debug R1#debug ip packet detail IP packet debugging is on (detailed) IP: s=10.5. d=224.0. rcvd 0. rcvd 0. sending broad/multicast.0.5.13.0. len 84. line protocol is up Internet Address 10. proto=89 IP: s=10.com Copyright © 2010 Internetwork Expert .5.0.1. d=224. rcvd 0.146.5 (FastEthernet0/0).1.INE. len 84. Router ID 10. Network Type LOOPBACK.4 (FastEthernet0/0). len 84.0. proto=89 IP: s=10.1.1.0.1 (local).1.1.1. len 80.1/24.1. Area 0 Process ID 1.0.

6 1 FULL/DR 10.6 10.1.1.1.1.3 10.4 1 FULL/BDR Dead Time 00:00:33 00:00:37 00:00:31 Address 10.1.1.3 1 FULL/DR R3#show ip ospf neighbor Neighbor ID Pri State 10.1.5 1 FULL/DR 10.3 10.1.3.1.INE.1.146.146.6.1 10.1.4 Interface Serial0/0 Serial0/0 Dead Time 00:00:31 00:00:36 Address 10.2.4.1.1.146.5 10.1.2 1 FULL/DROTHER 10.1.146.4.1.1.245.2.1.1.3.1.1.1 1 FULL/DROTHER 10.245.1.3 10.146.1.146.com Verifying OSPF Adjacency R1#show ip ospf neighbor Neighbor ID Pri State 10.1.1 1 FULL/DROTHER 10.2 10.6 Age 581 474 593 473 474 582 Seq# 0x80000004 0x80000003 0x80000002 0x80000003 0x80000002 0x80000002 Checksum Link 0x003C98 0x002D24 0x0046DE 0x00B98D 0x0069DE 0x0084B7 4 3 4 3 3 3 Net Link States (Area 0) Link ID 10.1 10.6.3.6.1.com Verifying OSPF Database (R1) R1#show ip ospf database OSPF Router with ID (10.4 Interface FastEthernet0/0 FastEthernet0/0 Copyright © 2010 Internetwork Expert.4 1 FULL/BDR 10.6 1 FULL/DR R5#show ip ospf neighbor Neighbor ID Pri State 10.3 Interface FastEthernet0/0 FastEthernet0/0 Serial0/1 Dead Time 00:01:45 00:00:33 Address 10.2.5 10.1.1.1.5.23.245.2 10.6 Interface Serial0/0 FastEthernet0/0 FastEthernet0/0 Dead Time 00:01:39 00:01:57 Address 10.1.245.INE.INE.2 10.com Copyright © 2010 Internetwork Expert .1 0 FULL/ 10.5 Age 593 582 474 Seq# 0x80000001 0x80000001 0x80000001 Checksum 0x00A340 0x0069DA 0x0043A0 Copyright © 2010 Internetwork Expert.4.4 10.6.245.6 10.5.2.3.1.1.5 ADV Router 10.1.3.13.4 10.5.6 ADV Router 10.1.1.1.5.1.1.1.2 1 FULL/BDR R4#show ip ospf neighbor Neighbor ID Pri State 10.13. Inc www.3 0 FULL/ R2#show ip ospf neighbor Neighbor ID Pri State 10.146.4 10.1.1.1.4.4.1.1.3 Interface Serial0/0 FastEthernet0/0 Dead Time 00:00:35 00:00:32 Address 10.1.23.1.23.1.5 10.6 10.2 Interface Serial1/2 FastEthernet0/0 Dead Time 00:01:41 00:00:34 00:00:35 Address 10.4 1 FULL/BDR R6#show ip ospf neighbor Neighbor ID Pri State 10.1.1) (Process ID 1) Router Link States (Area 0) Link ID count 10.1.6.1.1 10. Inc www.3 10.5 10.5 1 FULL/DR 10.1.www.5.1 10.1.1.1 10.1.

2.146.1.1 10.1 10.2 Number of TOS metrics: 0 TOS 0 Metrics: 64 Link connected to: a Transit Network (Link ID) Designated Router address: 10.1.5 10.2 OSPF Router with ID (10.1.1.5.1.www.6.2.1.2 (Link Data) Network Mask: 255.INE.5 10.1.6.255.1.INE.255.245.1.245.3 10.6.255 Number of TOS metrics: 0 TOS 0 Metrics: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 10.1.1.2.2 10.1.1.4.1.1.3.1.4.1) (Process ID 1) Router Link States (Area 0) LS age: 1167 Options: (No TOS-capability.23.com Verifying OSPF Database Detail R1#show ip ospf database router 10.1.com Copyright © 2010 Internetwork Expert .2 Number of TOS metrics: 0 TOS 0 Metrics: 1 Copyright © 2010 Internetwork Expert.1.6 10.1.1.6 ADV Router 10.com Verifying OSPF Database (R2) R2#show ip ospf database OSPF Router with ID (10.1.2) (Process ID 1) Router Link States (Area 0) Link ID count 10.2.1.1.4 10.4 10.1.2 LS Seq Number: 80000003 Checksum: 0x2D24 Length: 60 Number of Links: 3 Link connected to: a Stub Network (Link ID) Network/subnet number: 10.1.5 (Link Data) Router Interface address: 10.3. DC) LS Type: Router Links Link State ID: 10.2.3 10.5.3 10.1.1.245. Inc www.2.1.23.2 10.5.5 Age 614 604 493 Seq# 0x80000001 0x80000001 0x80000001 Checksum 0x00A340 0x0069DA 0x0043A0 Copyright © 2010 Internetwork Expert.5 ADV Router 10.1.6 10.3 10.2 Advertising Router: 10.1.3.INE.6 Age 603 492 614 495 493 604 Seq# 0x80000004 0x80000003 0x80000002 0x80000003 0x80000002 0x80000002 Checksum Link 0x003C98 0x002D24 0x0046DE 0x00B98D 0x0069DE 0x0084B7 4 3 4 3 3 3 Net Link States (Area 0) Link ID 10.2. Inc www.3 (Link Data) Router Interface address: 10.23.1.

1.4.3.0.OSPF NSSA external type 1.ODR.146. Serial0/1 10.13.1. FastEthernet0/0 10. 00:10:36.0/24 [110/2] via 10.IS-IS level-2 ia .static. 00:10:37.1.INE.1.0/24 [110/65] via 10.OSPF NSSA external type 2 E1 .INE.0/24 is directly connected.0/24 is directly connected.4/32 [110/2] via 10.IS-IS inter area. O .146. * .0. Serial0/1 10. E2 .13.0/24 is directly connected. EX .EIGRP external. FastEthernet0/0 10.146.5.per-user static route o .RIP.mobile.1.connected.5/32 [110/66] via 10. 00:10:36.1.com Verifying OSPF Routing Table R1#show ip route Codes: C .146.OSPF inter area N1 . FastEthernet0/0 [110/66] via 10.3.1. FastEthernet0/0 C C O O O O O O O O C O Copyright © 2010 Internetwork Expert.IS-IS summary.3/32 [110/65] via 10.candidate default.4. IA .1.4. FastEthernet0/0 10.0/24 [110/66] via 10.1. 00:10:36.6.OSPF external type 1.1. 2 masks 10.2/32 [110/66] via 10.6. L2 .1. FastEthernet0/0 10.OSPF external type 2 i .146.4. R .1. B . 12 subnets. 00:10:36.1.3.IS-IS level-1. U .1. 00:10:37. 00:10:38.146.245.146.4.50. N2 .3.1.60.146. FastEthernet0/0 10.0/8 is variably subnetted.23.1. Serial0/1 10. 00:10:37. su . 00:10:37.4. 00:10:36.periodic downloaded static route Gateway of last resort is not set 10.1.OSPF.1. Serial0/1 10.6/32 [110/2] via 10. M .BGP D .13.1. Inc www.0/24 [110/65] via 10.com Copyright © 2010 Internetwork Expert .13.1. L1 .1.1.6.2.www.IS-IS. P . S . FastEthernet0/0 10.EIGRP. Loopback0 10.1.

0. Inc www.1 – 255.com Copyright © 2010 Internetwork Expert .com OSPF Area Types • Backbone area – Area 0 (0.INE. Inc www.INE.255) – Must use connections to area 0 to reach other areas Copyright © 2010 Internetwork Expert.com OSPF Areas Overview • OSPF areas add hierarchy and scalability to the routing domain • An area defines a flooding domain – All devices in the area agree on the topology – Changes inside the area require LSA flooding and full SPF • Routing between areas hides topology details – Inter-area routing similar to distance vector – Changes outside the area don’t always require LSA flooding or SPF – Limits impact on router resources Copyright © 2010 Internetwork Expert.www.INE.0.255.0.0) – Used to summarize topology information between other areas – Traffic from one area to another must pass through area 0 – Must be contiguous • Non-transit areas – All other areas 1 – 232 (0.0.255.

INE. Inc www.INE.www. etc. Inc www.com Copyright © 2010 Internetwork Expert .INE.com OSPF Multi-Area Topology Example Copyright © 2010 Internetwork Expert. IS-IS.com OSPF Router Types • Backbone routers – At least one link in area 0 • Internal routers – All links in one non-transit area • Area Border Router (ABR) – At least one link in area 0 and one link in a non-transit area – Used to summarize information between area 0 and non-transit area • Autonomous System Boundary Router (ASBR) – At least one link in the OSPF domain – At least one link outside the OSPF domain • EIGRP. – Used to redistribute information to/from other routing domains and OSPF Copyright © 2010 Internetwork Expert. BGP.

www.com Copyright © 2010 Internetwork Expert .INE. Inc www. all inter-area connectivity is lost – This state is called “discontiguous” areas or discontiguous area 0 • Repairs to these broken designs come in the form of virtual area 0 adjacencies called virtual links Copyright © 2010 Internetwork Expert.com Area 0 Continuity • All inter-area traffic must pass through area 0 • If a non-transit area loses connectivity to area 0. Inc www.com OSPF Virtual Links • Used to connect area 0 over a non-transit area – Virtual area 0 adjacency between two ABRs over a non-transit area – Provides continuity to the OSPF database calculation • Non-transit area must have full routing information – Cannot be a stub area and should not have filtering • Not a “tunnel” in traditional sense – Traffic does not flow over the virtual link itself • Configured under the routing process of the ABRs – area [transit area-id] virtual-link [remote abr router-id] Copyright © 2010 Internetwork Expert.INE.INE.

Inc www. Inc www.INE.g DR. All Inter-Area 2 ABRs Restores Area 3 To Area 1 Routing To Area 3 Is Lost.com Copyright © 2010 Internetwork Expert . etc. ASBR.com OSPF LSA Types • With different router types in the OSPF domain.com OSPF Virtual-Link Example ABR Area 0 Area 1 ABR Area 3 Virtual-Link ABR Area 2 Traffic Path From Area 3 ABR Loses Connectivity Virtual-Link Adjacency Between Area 3 To Area 1 From New Traffic Path ToArea Area 0. type 2.INE. • Which LSA types are sent and received depends on – Router’s type – OSPF network type – Area type Copyright © 2010 Internetwork Expert. ABR. etc. Connectivity To Area 0 ASBR EIGRP Copyright © 2010 Internetwork Expert. different types of advertisements are required – e. • Different LSA formats used to represent this information – Format is defined by type code – Type 1.www.INE.

Inc www.com Copyright © 2010 Internetwork Expert .INE.com OSPF LSA Types (cont.) • Routes that LSAs describe can be grouped together as… – Intra-Area Routes (O) • LSA Types 1 & 2 – Inter-Area Routes (O IA) • LSA Types 3 & 4 – External Routes • E1/E2 – LSA Type 5 • N1/N2 – LSA Type 7 Copyright © 2010 Internetwork Expert.) • LSA types are… – – – – – – Type 1 – Router LSA Type 2 – Network LSA Type 3 – Network Summary LSA Type 4 – ASBR Summary LSA Type 5 – External LSA Type 7 – NSSA External LSA • Other types exist outside our scope – Type 6 – Multicast LSA • Not implemented by Cisco – Types 8. Inc www.com OSPF LSA Types (cont.INE. 10 – Opaque LSA • Used for extensibility Copyright © 2010 Internetwork Expert.INE. 9.www.

Inc www. Inc www.INE.com OSPF LSA Types In Detail (cont.INE.) • Type 1 – Router LSA • Generated by every router in the OSPF domain – Not flooded outside the area they originate in • Describes its directly connected links – What are my link costs – Who are my neighbors • Used to build graph for intra-area SPF • show ip ospf database router [Link ID] Copyright © 2010 Internetwork Expert.INE.www.com Copyright © 2010 Internetwork Expert .) • Type 2 – Network LSA • Generated by DR on broadcast and nonbroadcast network types – Not flooded outside the area they originate in • Describes who is adjacent with DR • Used to reduce redundant information in the database – n*(n-1)/2 and flooding scalability issue • show ip ospf database network [Link ID] Copyright © 2010 Internetwork Expert.com OSPF LSA Types In Detail (cont.

) • Type 4 – ASBR Summary LSA • Generated by ABR – Flooded from area 0 into non-transit area and vice-versa • Describes ABR’s reachability to ASBRs in other areas – Includes cost.INE. but hides ABR’s actual path to destination • SPF not run to reach ABR advertised routes. instead logic is… – ABR can reach ASBR via SPT in cost X – I can reach ABR via SPT in cost Y – I can reach ASBR via SPT in cost X + Y • This is why inter-area external routing is also considered distance vector • show ip ospf database asbr-summary [Link ID] Copyright © 2010 Internetwork Expert.com OSPF LSA Types In Detail (cont.com OSPF LSA Types In Detail (cont.) • Type 3 – Network Summary LSA • Generated by ABR – Flooded from area 0 into non-transit area and vice-versa • Describes ABR’s reachability to links in other areas – Includes cost.com Copyright © 2010 Internetwork Expert .www. Inc www. instead logic is… – ABR can reach link A via SPT in cost X – I can reach ABR via SPT in cost Y – I can reach link A via SPT in cost X + Y • This is why inter-area routing is considered distance vector • show ip ospf database summary [Link ID] Copyright © 2010 Internetwork Expert.INE. but hides ABR’s actual path to destination • SPF not run to reach inter-area ASBR. Inc www.INE.

INE.www.INE. Inc www. Inc www.com OSPF External Type 1 vs Type 2 • External route type controls how metric for external link is calculated • Type 1 (E1) – Take the cost the ASBR reports in plus the cost to the ASBR • Type 2 (E2) – Take just the cost the ASBR reports in – If there is a tie.) • Type 5 – External LSA • Generated by ASBR – Flooded to all non-stub areas • Describes routes ASBR is redistributing – Metric – Metric Type • Type 1 = E1 • Type 2 = E2 (default) – Forward Address • Who should I route towards to reach the link? • Usually the ASBR itself.com Copyright © 2010 Internetwork Expert . then take the cost to the ASBR as well • Type 1 is usually used when there are multiple ASBRs redistributing the same routes into OSPF Copyright © 2010 Internetwork Expert.INE.com OSPF LSA Types In Detail (cont. but could be someone else in some designs – Route Tag • show ip ospf database external [Link ID] Copyright © 2010 Internetwork Expert.

INE.com OSPF LSA Types In Detail (cont. Inc www.INE.) • Type 7 – NSSA External LSA • Special type of external route generated by ASBR redistributing routes inside a Not-So-Stubby Area • More on this later… Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .www.com OSPF External Route Calculation • Performs like distance vector routing similar to inter-area calculation • Intra-area externals – ASBR can reach link A in cost X – I can reach ASBR via SPT in cost Y – I can reach link A via SPT in cost X + Y • Inter-area externals – – – – ASBR can reach link A in cost X ABR can reach ASBR via SPT in cost Y I can reach ABR via SPT in cost Z I can reach link A via SPT in cost X + Y + Z Copyright © 2010 Internetwork Expert. Inc www.INE.

0.INE.146.1.0 area 0 network 10.1.1.0.4 0.1.146.13.0.0.60.0.com Basic OSPF Configuration R1# router ospf 1 network 10.INE.0.3.13.0.245.0 area 2 network 10.0 area 2 network 10.0.23.1.5.2 0.0.0 area 2 network 10.4 redistribute connected subnets R6# router ospf 1 network 10.0.INE.com Copyright © 2010 Internetwork Expert .23.0.6.0.2 neighbor 10.3 0.1.0.245.0.0/24 VLAN 6 40 5 20 5 Copyright © 2010 Internetwork Expert.0 area 0 neighbor 10.1.146.0.1.1.0.0.0.4.0 area 1 R4# router ospf 1 network 10.0.0.1.1.5 0.0.0.6 0.4 0.1 0.0 area 2 network 10.245.0 area 1 network 10.0 area 1 network 10.0 area 1 network 10.5 0.0.6 0.1.6 0.www.1.3 0.2 0.0 area 1 network 10.0 area 0 R5# router ospf 1 network 10.0 area 2 R2# router ospf 1 network 10. Inc www.0.0 area 2 Copyright © 2010 Internetwork Expert.0 area 2 network 10.0.245.2.0.60.1 0.0.1.0.1. Inc www.0.0.1.0.1.com OSPF Inter-Area Routing Example 10.245.0 area 0 R3# router ospf 1 network 10.0.1.0.1.1.0.4 0.1 0.3 0.2 0.1.0 area 1 network 10.

13.1/24 10.1.3.INE.23.146.6/24 10.5/24 10.1 10.1.13.3. Inc www.4 Interface Serial0/0 Serial0/0 Dead Time 00:00:37 00:00:39 Address 10.4/24 10.3 Interface Serial0/0 FastEthernet0/0 Dead Time 00:00:36 00:00:39 Address 10.4.2 10.3/24 10.1.1.1.1.1.1.245.4/24 Cost 64 1 1 State BDR LOOP BDR Nbrs F/C 1/1 0/0 2/2 IP Address/Mask 10.3/24 Cost 1 781 1 State BDR P2P LOOP Nbrs F/C 1/1 1/1 0/0 IP Address/Mask 10.3 0 FULL/ 10.1.1.4.2/24 10.245.2 1 FULL/DR 10.1/24 10.4.2/24 Cost 64 1 1 State BDR DR LOOP Nbrs F/C 1/1 1/1 0/0 IP Address/Mask 10.INE.1.146.1.4 1 FULL/BDR 10.13.245.1.1.1.1 0 FULL/ R4#show ip ospf neighbor Neighbor ID Pri State 10.6/24 Cost 1 1 1 State LOOP DROTH DR Nbrs F/C 0/0 2/2 0/0 Copyright © 2010 Internetwork Expert.1.1.1.3 10.com OSPF Interface Verification R1#show ip ospf interface brief Interface PID Area Se0/1 1 1 Fa0/0 1 2 Lo0 1 2 R2#show ip ospf interface brief Interface PID Area Se0/0 1 0 Fa0/0 1 1 Lo0 1 1 R3#show ip ospf interface brief Interface PID Area Fa0/0 1 1 Se1/2 1 1 Lo0 1 1 R4#show ip ospf interface brief Interface PID Area Se0/0 1 0 Lo0 1 2 Fa0/0 1 2 R5#show ip ospf interface brief Interface PID Area Lo0 1 0 Se0/0 1 0 R6#show ip ospf interface brief Interface PID Area Lo0 1 2 Fa0/0 1 2 Fa0/1 1 2 IP Address/Mask 10.1.www.60.1.1.3.1.6/24 10.1 10.13.5 10.1.4 Interface FastEthernet0/0 FastEthernet0/0 Copyright © 2010 Internetwork Expert.23.4/24 10.1.1.2.23.1.1.1.6 1 FULL/DROTHER R2#show ip ospf neighbor Neighbor ID Pri State 10.146.1.3/24 10.1.3 1 FULL/BDR R3#show ip ospf neighbor Neighbor ID Pri State 10.5 10.4 10.2/24 10.2.4 1 FULL/BDR Dead Time 00:00:37 00:00:31 00:00:30 Address 10. Inc www.4.1.1.2.com Copyright © 2010 Internetwork Expert .6 1 FULL/DROTHER R5#show ip ospf neighbor Neighbor ID Pri State 10.com OSPF Neighbor Verification R1#show ip ospf neighbor Neighbor ID Pri State 10.146.5.245.1.146.245.1.1.146.1.146.1/24 Cost 64 1 1 State P2P DR LOOP Nbrs F/C 1/1 2/2 0/0 IP Address/Mask 10.1.245.4 1 FULL/BDR R6#show ip ospf neighbor Neighbor ID Pri State 10.1 Interface FastEthernet0/0 Serial1/2 Dead Time 00:01:49 00:00:32 00:00:33 Address 10.1.1.1.1.5.1.5.146.1 1 FULL/DR 10.5 1 FULL/DR 10.6 Interface Serial0/0 FastEthernet0/0 FastEthernet0/0 Dead Time 00:01:38 00:01:40 Address 10.1.5 1 FULL/DR 10.245.INE.1 1 FULL/DR 10.5/24 Cost 1 64 State Nbrs F/C LOOP 0/0 DR 2/2 IP Address/Mask 10.6.6.1.1.2 1 FULL/DROTHER 10.1.23.2 10.6 Interface Serial0/1 FastEthernet0/0 FastEthernet0/0 Dead Time 00:01:53 00:00:30 Address 10.1.6.1.146.1.

245.2.1.4.4 10.1) (Process ID 1) Router Link States (Area 1) Link ID count 10.2.1.2 10.4 10.1.1.1.50.4.5.146.1.5.4.1.1.5.3 Age 1886 1899 1899 Seq# Checksum Link 0x80000003 0x00CD78 2 0x80000006 0x005B4B 2 0x80000005 0x004ED4 4 0x80000003 0x006267 1 0x80000003 0x003A85 1 0x80000005 0x00DBB5 2 Net Link States (Area 1) Link ID 10.1.1.2 10.2.1.5 10.1.4.1.4 10.1 ADV Router 10.1.3.1.0 10.1.1.1 10.1.INE.1.1.1 10.2.1.2.1 10.4.2.6 Age 1773 1773 1776 Seq# Checksum Link 0x80000004 0x00D7E2 2 0x80000003 0x003471 2 0x80000004 0x001E21 3 0x80000003 0x00CD78 2 0x80000006 0x005B4B 2 0x80000005 0x004ED4 4 Net Link States (Area 2) Link ID 10.3 10.1.0 10.2 10.1.4 10.4.2 10.1.5 Age 1655 1630 444 Seq# Checksum Link Router Link States (Area 1) Link ID count 10.4 10.4.2) (Process ID 1) Router Link States (Area 0) Link ID count 10.3 ADV Router 10.4.146.2.2.1.4.2.1.2 Age 1899 Seq# Checksum 0x80000002 0x00C025 Net Link States (Area 0) Summary Net Link States (Area 1) Link ID 10.1.60.1.1.13.INE.3 10.2 Age 441 Seq# Checksum 0x80000001 0x00894E Type-5 AS External Link States Link ID 10.1.2.1.2.1.1.1.1.2 10.0 10.1.1 10.5.4.23.1.1.6.5 10.1.1.4 10.5.0 ADV Router 10.2.2 10.1.1.1 Age 1773 Seq# Checksum 0x80000003 0x001140 Net Link States (Area 1) Summary Net Link States (Area 2) Link ID 10.1.1.50.1.4.4 10.4.1.1.0 10.1.1.2.2 10.1.2 Age 1546 1546 1546 1546 1546 1546 1790 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00FDDF 0x00B424 0x009F37 0x00943F 0x007C27 0x00BC91 0x006D7E Summary ASB Link States (Area 2) Link ID 10.1.23.1.6 10.2.1 10.1.1.2 10.1.1.1.0 ADV Router 10.0 ADV Router 10.2.4.6.2 ADV Router 10.5 ADV Router 10.0 10.13.3 ADV Router 10.1.1.1.1.2 10.4 Age 1520 1522 1522 1522 1522 1775 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00C414 0x00B91C 0x00854D 0x00FCC2 0x00F0D4 0x005394 Summary Net Link States (Area 1) Link ID 10.1 10.1.2.0 10.1.2 10.5 ADV Router 10.4.1.6 ADV Router 10.1.3.5 ADV Router 10.1.1.4 10.5.1.1.1.5.1.2.1.1.4.245.1.4 10.1.1.6.3.4.1.1 10.2 10.1.4 10.1.5 Age 1631 Seq# Checksum 0x80000002 0x0041A1 Link ID 10.245.4.1.2.1.2 10.www.1.1.23.1.2.6 10.com Copyright © 2010 Internetwork Expert .4 10.2 10.0 ADV Router 10.2.5 Age 58 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.1 10.6.2.146.6 10.2 10.1.60.3.245.5.23.0 10.1.6.2 10.2 10.2 10.3.2.60.1.com OSPF Database Verification (R1) R1#show ip ospf database OSPF Router with ID (10.5 ADV Router 10.1.5.0 ADV Router 10.1.2.2 Age 1788 Seq# Checksum 0x80000002 0x00C025 Link ID 10.5 Age 139 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert. Inc www.2.0 10.3 Age 1771 1788 1786 Seq# Checksum Link Router Link States (Area 2) Link ID count 10.1.4 10.1.2 10.4 10.1.com OSPF Database Verification (R2) R2#show ip ospf database OSPF Router with ID (10.1.4 Age 1883 1898 1898 1883 1883 1898 1899 1884 1884 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x0061B8 0x005CC0 0x0051C8 0x0018FC 0x00F718 0x00946F 0x008881 0x00DFFF 0x00206A Summary ASB Link States (Area 1) Link ID 10.2.1.2.2.1.2 10.2 ADV Router 10.4 Age 829 Seq# Checksum 0x80000001 0x006F64 Summary ASB Link States (Area 1) Link ID 10.1.3.2 Age 1656 1656 1656 1657 1659 1659 1901 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00FDDF 0x00B424 0x009F37 0x00943F 0x007C27 0x00BC91 0x006D7E Summary Net Link States (Area 0) Link ID 10.5 10.0 10.4 10.5.4.1.1.146.2 10.2.1.1.5.1.1.1.5 ADV Router 10.4 10.2.2 10.1.1.2.2 10.4.1.1 10.0 Type-5 AS External Link States ADV Router 10.1.2 10.1.2 10.1.2 Age 330 Seq# Checksum 0x80000001 0x00894E Link ID 10.1.1.4 10.2. Inc www.1.INE.1.

6.5.0 10.1.2 10.2 10.3.1.5.1.2 10.4.1.5 10.4 10.4 Age 1640 1640 1640 1640 1640 1893 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00C414 0x00B91C 0x00854D 0x00FCC2 0x00F0D4 0x005394 Summary Net Link States (Area 0) Link ID 10.1.1.1.4.50.4 10.245.5 ADV Router 10.INE.4) (Process ID 1) Router Link States (Area 0) Link ID count 10.5.1.1.2.1.5.4 10.23.1. Inc www.5.1.1.3.4 10.1 10.1 10.0 ADV Router 10.2 10.13.2.1.1.4.4.1.2 10.1 10.5.4 10.1.0 ADV Router 10.1.1.5 ADV Router 10.2.2.5 ADV Router 10.1.4 Age 449 Seq# Checksum 0x80000001 0x006F64 Type-5 AS External Link States Link ID 10.6 10.6 10.146.1.1.0 10.1.1.1.4.1.4 10.2 10.5 Age 1641 Seq# Checksum 0x80000002 0x0041A1 Link ID 10.4.5 Age 139 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.4.1.4.1.4 10.4.1.4.1.1.1.2 Age 1662 1662 1662 1662 1662 1662 1905 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00FDDF 0x00B424 0x009F37 0x00943F 0x007C27 0x00BC91 0x006D7E Summary ASB Link States (Area 1) Link ID 10.1.2.6.1.com OSPF Database Verification (R4) R4#show ip ospf database OSPF Router with ID (10.2.1.1.1.4.3.1.5.2 10.INE.0 10.23.1.1.1.1.1.245.2 10.0 ADV Router 10.1.1.1.2.4.4 10.1.1.1.4 10.1.5.4.2.1.50.13.1.1.2 ADV Router 10.3 10.2 10.1.1.2.2 Age 446 Seq# Checksum 0x80000001 0x00894E Type-5 AS External Link States Link ID 10.1.1.2 10.4.6 Age 1894 1893 1897 Seq# Checksum Link 0x80000004 0x00D7E2 2 0x80000003 0x003471 2 0x80000004 0x001E21 3 0x80000003 0x006267 1 0x80000003 0x003A85 1 0x80000005 0x00DBB5 2 Net Link States (Area 2) Link ID 10.2.1.2 10.245.5 Age 1668 1639 454 Seq# Checksum Link Router Link States (Area 2) Link ID count 10.1.3 10.4 10.0 10.4.0 10.1 ADV Router 10.1.1.2.0 10.2.3.2 10.4 Age 1892 1910 1910 1892 1892 1910 1911 1893 1893 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x0061B8 0x005CC0 0x0051C8 0x0018FC 0x00F718 0x00946F 0x008881 0x00DFFF 0x00206A Summary ASB Link States (Area 2) Link ID 10.1.1.1.com Copyright © 2010 Internetwork Expert .1.1.4 10.4.1.0 ADV Router 10.1.1.2 10.1.3) (Process ID 1) Router Link States (Area 1) Link ID 10.1.1.3 ADV Router 10.4 10.5 ADV Router 10.2 10.146.6 ADV Router 10.4.2.60.2 10.6.0 10.2.1.1.1.146.1.2.2 Age 1905 Seq# Checksum 0x80000002 0x00C025 Summary Net Link States (Area 1) Link ID 10.4.1 Age 1894 Seq# Checksum 0x80000003 0x001140 Net Link States (Area 0) Summary Net Link States (Area 2) Link ID 10.1 10.6.5.4.5 Age 139 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.1.2.1.4 10.2 10.3.1.1.5 10.www.1.2.0 ADV Router 10.4 10.3 Age 1889 1905 1903 Seq# 0x80000003 0x80000006 0x80000005 Checksum 0x00CD78 0x005B4B 0x004ED4 Link count 2 2 4 Net Link States (Area 1) Link ID 10.2.1.INE.23.1 10.4 10.1.1.60.2.com OSPF Database Verification (R3) R3#show ip ospf database OSPF Router with ID (10.1 10.1. Inc www.

INE.1 10.0 ADV Router 10.1.6 Age 1904 1903 1905 Seq# 0x80000004 0x80000003 0x80000004 Checksum 0x00D7E2 0x003471 0x001E21 Link count 2 2 3 Net Link States (Area 2) Link ID 10.245.1 10.www.4 Age 460 Seq# Checksum 0x80000001 0x006F64 Type-5 AS External Link States Link ID 10.23.1.2 10.1.4 10.0 10.1.1.1.1.4 Age 1900 1916 1916 1900 1900 1916 1916 1900 1900 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x0061B8 0x005CC0 0x0051C8 0x0018FC 0x00F718 0x00946F 0x008881 0x00DFFF 0x00206A Type-5 AS External Link States Link ID 10.5 Age 1673 1647 460 Seq# 0x80000003 0x80000003 0x80000005 Checksum 0x006267 0x003A85 0x00DBB5 Link count 1 1 2 Net Link States (Area 0) Link ID 10.4.146.5 Age 1647 Seq# Checksum 0x80000002 0x0041A1 Summary Net Link States (Area 0) Link ID 10.com Copyright © 2010 Internetwork Expert .2.0 ADV Router 10.0 10.5 Age 139 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.3.4 10.1.1.1.4.5 ADV Router 10.1.1.1.4.4 10.4 10.0 ADV Router 10. Inc www.5 10.5.1.1.4.com OSPF Database Verification (R6) R6#show ip ospf database OSPF Router with ID (10.1.1.1.1.5.1.0 10.4.INE. Inc www.0 ADV Router 10.5 ADV Router 10.4.4.1.2.23.1.2.1.0 10.1.1.1.4.1.6.4 10.4.1 Age 1904 Seq# Checksum 0x80000003 0x001140 Summary Net Link States (Area 2) Link ID 10.3.1.1.5 ADV Router 10.4 10.5.1.1.6 ADV Router 10.6.4 Age 1650 1650 1650 1650 1650 1903 Seq# 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 0x80000002 Checksum 0x00C414 0x00B91C 0x00854D 0x00FCC2 0x00F0D4 0x005394 Summary ASB Link States (Area 2) Link ID 10.6.4 10.2 10.6) (Process ID 1) Router Link States (Area 2) Link ID 10.4.1.4 10.4 10.0 10.5.1.4.4 10.1.2.2 10.1.5 Age 139 Seq# Checksum Tag 0x80000001 0x008DC0 0 Copyright © 2010 Internetwork Expert.4.6 10.1.60.1 10.2.5.1.1.1.13.1.4.INE.1 ADV Router 10.4 10.1.1.2 10.1.5) (Process ID 1) Router Link States (Area 0) Link ID 10.50.1.1.4 10.1.1.1.1.5.4 10.13.4 10.1.1.2.1.1.2 10.2 10.1.2.4.4.6.3 10.1.2 10.2 10.com OSPF Database Verification (R5) R5#show ip ospf database OSPF Router with ID (10.50.1.146.4.2.245.1.1.3 10.5.5.4.

O .1. su .1.ODR. Inc www. * . 00:22:36.146. 00:22:35.1.245.146.245.1. 12 subnets.146. 00:22:36. FastEthernet0/0 10. FastEthernet0/0 10.0/24 [110/782] via 10. 00:22:35. su .0/24 is directly connected.50. M . 00:22:37.1. Serial0/0 10. 00:22:36.146. Serial0/0 10.5.0/24 [110/65] via 10.4/32 [110/2] via 10. 00:22:34.245. S . M .1. O .13. 00:22:34.0/24 is directly connected.INE.IS-IS.1.5.245.23. Inc www.1/32 [110/66] via 10.1.0/24 [110/20] via 10. 00:22:35.0.1.1.0/24 is directly connected.2.1. U .245. 00:22:37. EX .EIGRP.1. N2 .3.IS-IS summary.4.1.candidate default.IS-IS inter area.0/24 [110/2] via 10.EIGRP external.245.0/24 [110/66] via 10. FastEthernet0/0 10.0.RIP.5/32 [110/66] via 10.OSPF.60.6/32 [110/66] via 10.4.13. L1 . FastEthernet0/0 10.1.2/32 [110/66] via 10.0/8 is variably subnetted.1.4.com OSPF Routing Table Verification (R2) R2#show ip route Codes: C .1.IS-IS level-2 ia .5.0.1.IS-IS summary.5/32 [110/65] via 10.static. E2 .0/24 [110/65] via 10.OSPF external type 2 i . Serial0/0 10. 00:22:36.0/24 [110/20] via 10. E2 .1. Serial0/0 10. S .OSPF inter area N1 .2.6.www.146.IS-IS inter area.1.OSPF inter area N1 . FastEthernet0/0 10.3.13.4. R . Loopback0 10.1. FastEthernet0/0 10.IS-IS level-2 ia .245.4/32 [110/65] via 10.1.3.3/32 [110/2] via 10.1. B . FastEthernet0/0 C C O O IA O O O O O O E2 C O IA Copyright © 2010 Internetwork Expert.INE.0/8 is variably subnetted.4. R .1.60.OSPF NSSA external type 2 E1 . N2 . 00:22:34. Serial0/0 10.1.4.OSPF NSSA external type 1.146.3. 00:22:37.OSPF external type 2 i .0/24 is directly connected.23.4.OSPF external type 1.candidate default.1.mobile.per-user static route o . Serial0/0 O C O O O O O C O O O C IA IA IA IA E2 IA Copyright © 2010 Internetwork Expert. Serial0/1 10. Serial0/0 10.6.1.ODR. Serial0/1 10.EIGRP.1.50.1.periodic downloaded static route Gateway of last resort is not set 10.static.5. Serial0/1 10.1.IS-IS. L2 .13. P .connected. IA .IS-IS level-1.4.245.3. FastEthernet0/0 10.4. * .3. Serial0/1 10.connected.OSPF NSSA external type 2 E1 .1.BGP D . 00:22:34.1.4.com Copyright © 2010 Internetwork Expert .1.BGP D .13.3/32 [110/65] via 10.146. L1 .periodic downloaded static route Gateway of last resort is not set 10.1. FastEthernet0/0 10.1.EIGRP external.1.1. 00:22:36.per-user static route o .OSPF external type 1. FastEthernet0/0 10. 12 subnets. 00:22:35.OSPF NSSA external type 1.mobile.23. 2 masks 10.OSPF. IA .RIP.1.1.23. B . U . P .IS-IS level-1.0/24 [110/65] via 10.0/24 is directly connected.1.3.6.com OSPF Routing Table Verification (R1) R1#show ip route Codes: C . Loopback0 10.1. EX .6.146.1. 00:22:34.1.0/24 is directly connected.0. 00:22:36.245.6/32 [110/2] via 10.1. L2 .1. Serial0/0 10. 2 masks 10.INE.4.

12 subnets.2/32 [110/2] via 10.23.1.2.23.1/32 [110/2] via 10.23. 2 masks 10.IS-IS. FastEthernet0/0 10.1. L1 .23.static.1.OSPF. O . FastEthernet0/0 10. L2 .IS-IS level-1. 00:22:40.1.periodic downloaded static route Gateway of last resort is not set 10.3.60. FastEthernet0/0 10.1.BGP D . EX .6.2.OSPF.1.1. 00:22:41.1.2. L2 . 2 masks 10.IS-IS inter area.0/8 is variably subnetted.5.50.3/32 [110/66] via 10. 00:22:38. Serial1/2 10.1.0/24 [110/2] via 10. Serial0/0 10.OSPF NSSA external type 1.5.1. * .com Copyright © 2010 Internetwork Expert .connected.1.ODR.1.EIGRP.0/24 is directly connected.1.2. 00:22:41.0/24 [110/67] via 10. U . S .IS-IS summary.0/24 [110/66] via 10.2.0/24 is directly connected.IS-IS.2. S . 00:22:41. L1 . Inc www.candidate default. Serial0/0 10.IS-IS level-2 ia . Serial0/0 10.146.245. 00:22:40.EIGRP external. 00:22:38. E2 .6.0/8 is variably subnetted. 00:22:38.1.2.OSPF NSSA external type 2 E1 .1.6. O .1.245. FastEthernet0/0 10. N2 .5/32 [110/66] via 10. Inc www.1.0/24 [110/65] via 10.2. Serial0/0 10.1.OSPF external type 1.0/24 [110/65] via 10.static.1. FastEthernet0/0 10.connected.BGP D .0/24 [110/20] via 10.2.2.1.23.6/32 [110/2] via 10. Serial0/0 10. 00:22:41. N2 . IA . FastEthernet0/0 10.245.1.245.23.per-user static route o .1.IS-IS inter area.1. FastEthernet0/0 10.OSPF external type 1.0.60.1.OSPF external type 2 i .0/24 is directly connected.245.2.periodic downloaded static route Gateway of last resort is not set 10.4. su . P .OSPF inter area N1 .EIGRP external. 00:22:38.3.2.146. FastEthernet0/0 10.245.245.5.0/24 is directly connected.4/32 [110/66] via 10.4.0. R .23.INE.IS-IS summary.5/32 [110/65] via 10.IS-IS level-2 ia . 00:22:38.1.INE.IS-IS level-1.1.146.1. su . E2 .OSPF inter area N1 .1.0/24 [110/20] via 10.2.www. M .1. U . Serial0/0 10. FastEthernet0/0 10.OSPF external type 2 i .2/32 [110/65] via 10.per-user static route o .23. 00:22:41. FastEthernet0/0 10.1. B .1. Loopback0 10. Loopback0 10.0. 00:22:41. M . FastEthernet0/0 10.23. 00:22:41.1.1.EIGRP. 12 subnets.1. * .146. IA .1. EX .INE.OSPF NSSA external type 2 E1 .com OSPF Routing Table Verification (R3) R3#show ip route Codes: C .1. FastEthernet0/0 10. 00:22:41.0/24 [110/846] via 10.50. R .0/24 is directly connected.1/32 [110/67] via 10.1.1. B .1.RIP. 00:22:41.23. P .0.mobile.23.1.1.candidate default.5.0/24 is directly connected.1.245. 00:22:40.OSPF NSSA external type 1.2.com OSPF Routing Table Verification (R4) R4#show ip route Codes: C .6.2.13.1.mobile.146. 00:22:40.1.ODR. Serial0/0 O O O O O O C O O O C C IA IA IA IA E2 Copyright © 2010 Internetwork Expert.RIP.13. FastEthernet0/0 C C O O O O O C O O O O IA IA IA IA IA E2 IA IA Copyright © 2010 Internetwork Expert.6/32 [110/67] via 10. FastEthernet0/0 10.1.

IS-IS level-1. EX .3. Serial0/0 IA 10. 2 masks 10.4/32 [110/65] via 10.146. 00:22:45.com OSPF Routing Table Verification (R5) R5#show ip route Codes: C . FastEthernet0/0 10.1.OSPF external type 2 i . Serial0/0 10. R .OSPF external type 1.mobile.0/24 is directly connected.245.EIGRP. 00:22:45.146. su .146.ODR.OSPF external type 1.OSPF NSSA external type 1.1.4/32 [110/2] via 10.50.1.146. 00:22:45. 00:22:46.50. Serial0/0 IA IA IA IA IA IA O O O O O O C O O C O C Copyright © 2010 Internetwork Expert. N2 .4.1.1.www.1.1. FastEthernet0/0 IA 10.OSPF external type 2 i .1.0/24 [110/65] via 10.0/8 is variably subnetted.0.5.IS-IS summary.4.1.4.EIGRP external. 2 masks 10. FastEthernet0/0 10. 00:22:45.2.3/32 [110/67] via 10.OSPF NSSA external type 2 E1 . U .IS-IS summary.146.1.1.1.4.245.4.4. 00:22:44. U . 12 subnets.1.0/24 is directly connected.1. FastEthernet0/0 10. Inc www.1. 00:22:44.RIP. R .0/24 [110/66] via 10. L1 .periodic downloaded static route Gateway of last resort is not set 10. 00:22:46.1. L1 .13.0/24 [110/846] via 10.OSPF inter area N1 .1. Loopback0 10.2/32 [110/65] via 10.23.4. Serial0/0 10.INE.OSPF NSSA external type 2 E1 . L2 . 00:22:44.1. Serial0/0 10.OSPF NSSA external type 1.0/24 is directly connected.1.0/24 [110/65] via 10.INE.4.mobile. 00:22:45.4. E2 . S .RIP.0/24 [110/66] via 10. M .245. P .146.1. IA .245. FastEthernet0/0 10.0/24 is directly connected. Loopback0 IA 10. Serial0/0 10. P .IS-IS inter area.1.0.EIGRP external.146.245.4.1. E2 . FastEthernet0/0 O O O O O O C O C O C O IA IA IA IA IA E2 IA Copyright © 2010 Internetwork Expert.1.5/32 [110/66] via 10. O . 00:22:44.1. Serial0/0 10.1.0/24 [110/65] via 10. su .6/32 [110/66] via 10.static. FastEthernet0/0 10. FastEthernet0/0 10.com OSPF Routing Table Verification (R6) R6#show ip route Codes: C . 00:22:46. B .1.1.0/24 is directly connected. 00:22:44.OSPF.13.EIGRP. 12 subnets. M .IS-IS level-1.BGP D .0/24 is directly connected. FastEthernet0/1 10. EX .ODR.1. 00:22:44. * .1.1.per-user static route o . FastEthernet0/0 10.1.4.0/8 is variably subnetted.candidate default.2.1/32 [110/66] via 10.4.1.1.6.2.IS-IS inter area.0/24 [110/847] via 10.146. 00:22:45.3.3/32 [110/66] via 10.1. 00:22:44. 00:22:44.2.2/32 [110/66] via 10.60.4.146.com Copyright © 2010 Internetwork Expert .connected.245.periodic downloaded static route Gateway of last resort is not set 10.1.245. IA .245.IS-IS level-2 ia .60.2. FastEthernet0/0 10.146.BGP D .245.1. Serial0/0 10. N2 .23.0. B .1.5.6.4.1.1.IS-IS.OSPF inter area N1 .candidate default. S .per-user static route o .1.146.4.0/24 [110/20] via 10.1.245. FastEthernet0/0 10.0.1. Serial0/0 10.2.OSPF.IS-IS. Inc www.245. L2 .1. Serial0/0 10.connected. 00:22:44.IS-IS level-2 ia .1.static. O .INE.1/32 [110/2] via 10.1. * .

www.0 Number of TOS metrics: 0 TOS 0 Metrics: 781 Link connected to: a Stub Network (Link ID) Network/subnet number: 10.3.3 Advertising Router: 10.23.1. Inc www.3 Number of TOS metrics: 0 TOS 0 Metrics: 781 Link connected to: a Stub Network (Link ID) Network/subnet number: 10.2 Attached Router: 10.1.1.2.1.2 (Link Data) Router Interface address: 10.1.1.3.2 LS Seq Number: 80000004 Checksum: 0xBC27 Length: 32 Network Mask: /24 Attached Router: 10.0 (Link Data) Network Mask: 255.1.INE.1.255.1.13.23.255.1.3.3.1 (Link Data) Router Interface address: 10.1.com Copyright © 2010 Internetwork Expert . DC) LS Type: Router Links Link State ID: 10.23. DC) LS Type: Network Links Link State ID: 10.3 Copyright © 2010 Internetwork Expert.23.255.255.1.2.3 Number of TOS metrics: 0 TOS 0 Metrics: 1 Link connected to: another Router (point-to-point) (Link ID) Neighboring Router ID: 10.3 OSPF Router with ID (10.3) (Process ID 1) Net Link States (Area 1) Routing Bit Set on this LSA LS age: 151 Options: (No TOS-capability.1.3) (Process ID 1) Router Link States (Area 1) LS age: 142 Options: (No TOS-capability.1.3 (Link Data) Network Mask: 255.1.INE.13.com OSPF Type-1 LSA Verification Detail R3#show ip ospf database router 10.INE.3.1.1.com OSPF Type-2 LSA Verification Detail R3#show ip ospf database network 10.3.3 LS Seq Number: 80000007 Checksum: 0x4AD6 Length: 72 Number of Links: 4 Link connected to: a Transit Network (Link ID) Designated Router address: 10. Inc www.2 OSPF Router with ID (10.3.255 Number of TOS metrics: 0 TOS 0 Metrics: 1 Copyright © 2010 Internetwork Expert.2 (address of Designated Router) Advertising Router: 10.

1.0 (summary Network Number) Advertising Router: 10.1.2 LS Seq Number: 80000004 Checksum: 0x6980 Length: 28 Network Mask: /24 TOS: 0 Metric: 64 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . DC.1.com OSPF Type-3 LSA Verification Detail R3#show ip ospf database summary 10. Upward) LS Type: Summary Links(Network) Link State ID: 10.0 OSPF Router with ID (10.5 OSPF Router with ID (10. Inc www.2.3) (Process ID 1) Summary ASB Link States (Area 1) Routing Bit Set on this LSA LS age: 671 Options: (No TOS-capability.1.2 LS Seq Number: 80000002 Checksum: 0x874F Length: 28 Network Mask: /0 TOS: 0 Metric: 64 Copyright © 2010 Internetwork Expert.5.1. Upward) LS Type: Summary Links(AS Boundary Router) Link State ID: 10.3) (Process ID 1) Summary Net Link States (Area 1) Routing Bit Set on this LSA LS age: 165 Options: (No TOS-capability.1.5.INE.3.1.245.com OSPF Type-4 LSA Verification Detail R3#show ip ospf database asbr-summary 10.www.INE.5 (AS Boundary Router address) Advertising Router: 10.3. DC.1.INE.245. Inc www.2.

1. type inter area Last update from 10.0. metric 2. traffic share count is 1 R3#show ip route 10.50.www.23.1.23.1.245. type intra area Last update from 10.1.23.2 on FastEthernet0/0.2.2.5 LS Seq Number: 80000002 Checksum: 0x8BC1 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 0.1.5.0.2. via FastEthernet0/0 Route metric is 2. via FastEthernet0/0 Route metric is 65.2.23.com Copyright © 2010 Internetwork Expert .2.3) (Process ID 1) Type-5 AS External Link States Routing Bit Set on this LSA LS age: 130 Options: (No TOS-capability. Inc www. traffic share count is 1 Copyright © 2010 Internetwork Expert.0 (External Network Number ) Advertising Router: 10.com OSPF Type-5 LSA Verification Detail R3#show ip ospf database external 10.1.3.23.0/24 Known via "ospf 1".1.INE.5. via FastEthernet0/0 Route metric is 20.245.0 Routing entry for 10.1. distance 110. 00:39:04 ago.1.INE. from 10.1. metric 20. Inc www.1.2 on FastEthernet0/0.2.0 Routing entry for 10.1. DC) LS Type: AS External Link Link State ID: 10.0 External Route Tag: 0 Copyright © 2010 Internetwork Expert. 00:39:09 ago.2/32 Known via "ospf 1". 00:39:09 ago Routing Descriptor Blocks: * 10.50.0/24 Known via "ospf 1". type extern 2.1.1.2 Routing entry for 10. from 10. distance 110.1.5.1.1.23. metric 65.2. forward metric 65 Last update from 10. 00:39:04 ago Routing Descriptor Blocks: * 10. 00:39:06 ago. 00:39:06 ago Routing Descriptor Blocks: * 10.2.1.com OSPF Routing Table Verification Detail R3#show ip route 10.2 on FastEthernet0/0. from 10. traffic share count is 1 R3#show ip route 10.50.INE.2.1.50.0 OSPF Router with ID (10. distance 110.

1.4.4 10.1.4 10.com Copyright © 2010 Internetwork Expert .1.1 10.INE.1.1.1.5 10.4 R4# router ospf 1 area 2 virtual-link 10.6.www.1.com OSPF Virtual-Link Configuration R1# router ospf 1 area 2 virtual-link 10.1.6 Interface OSPF_VL0 Serial0/1 FastEthernet0/0 FastEthernet0/0 R4#show ip ospf neighbor Neighbor ID 10.5 10.1.146.1.1.0/24 VLAN 6 R2’s Virtual-Link Link To Area 0 Goes With Configured Down.1. Inc www.146.13.1.146.245.1 10.1.1 10. Virtual-Link Copyright © 2010 Internetwork Expert.1.5.4 10.4.1.1.INE.146. Inc www.4.1.6 Pri 0 1 1 1 State FULL/ FULL/DR FULL/DR FULL/DROTHER Dead Time 00:01:45 00:00:37 00:00:38 Address 10. Traffic Can Connectivity To Area 1 Is Lost.1.INE.3 10.1.4 10.1 10. Be Rerouted Via Area 2.3.1.6 Interface OSPF_VL0 Serial0/0 FastEthernet0/0 FastEthernet0/0 Copyright © 2010 Internetwork Expert.1 R1#show ip ospf neighbor Neighbor ID 10. Inter-Area Between R1All and R4.com OSPF Virtual-Link Example 10.3 10.6.60.6 Pri 0 0 1 1 State FULL/ FULL/ FULL/BDR FULL/DROTHER Dead Time 00:00:32 00:00:38 00:00:35 Address 10.146.146.1.

4 16 msec 12 msec 12 msec 3 10. Transmit Delay is 1 sec.5. Inc www.2.5/32 Known via "ospf 1". maximum is 1 Last flood scan time is 0 msec. from 10. Timer intervals configured.2 on FastEthernet0/0.INE.146.1. Neighbor Down: Interface down or detached %LINK-5-CHANGED: Interface Serial0/0.com OSPF Virtual-Link Verification (cont.1. R2(config)#interface Serial0/0 R2(config-if)#shutdown R2(config-if)# OSPF-5-ADJCHG: Process 1. 00:07:16 ago. Cost of using 1 Transmit Delay is 1 sec. Router ID 10.1 on Serial1/2.1.5 1 10.4 is up Run as demand circuit DoNotAge LSA allowed.2 4 msec 0 msec 4 msec 2 10. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1. Run as demand circuit.5 on Serial0/0 from FULL to DOWN. Wait 40. via Serial1/2 Route metric is 847.23. Adjacent neighbor count is 1 Adjacent with neighbor 10.1. number of retransmission 0 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 0.1. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:06 Supports Link-local Signaling (LLS) Index 1/4. Hello 10.5 Routing entry for 10.4 (Hello suppressed) Suppress hello for 1 neighbor(s) <output omitted> Copyright © 2010 Internetwork Expert.5 Type escape sequence to abort.5.1.1.13. Inc www. Tracing the route to 10.13.245. type inter area Last update from 10.1. maximum is 0 msec R1#show ip ospf interface OSPF_VL0 is up.1.245.1.5 Type escape sequence to abort.1 16 msec 16 msec 16 msec 2 10.1.1.23. metric 66. State POINT_TO_POINT.1.1.2.INE.1. via FastEthernet0/0 Route metric is 66.1.5. Cost: 1 Configured as demand circuit. Timer intervals configured. changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0. End with CNTL/Z.5/32 Known via "ospf 1".1.1.4.com OSPF Virtual-Link Verification R1#show ip ospf virtual-links Virtual Link OSPF_VL0 to router 10.1.2.) R3#show ip route 10. via interface FastEthernet0/0.4. changed state to down R3#show ip route 10.1. from 10.com Copyright © 2010 Internetwork Expert .5 28 msec * 28 msec R2#config t Enter configuration commands.5 Routing entry for 10. Retransmit 5 Hello due in 00:00:07 Adjacency State FULL (Hello suppressed) Index 1/4.1. Hello 10. Area 0 Process ID 1. distance 110.146.1. DoNotAge LSA allowed.1/24. type inter area Last update from 10.1. one per line.5.5 44 msec * 40 msec Copyright © 2010 Internetwork Expert. line protocol is up Internet Address 10.5.www. 00:00:03 ago Routing Descriptor Blocks: * 10.5 1 10.5.INE.5.1.5.5.1. Tracing the route to 10. Nbr 10. retransmission queue length 0.1. traffic share count is 1 R3#traceroute 10.1.1.13.1. distance 110.23. Dead 40. maximum is 0 Last retransmission scan time is 0 msec. State POINT_TO_POINT. Network Type VIRTUAL_LINK. maximum is 0 msec Neighbor Count is 1. traffic share count is 1 R3#traceroute 10. metric 847. Transit area 2. Dead 40. Wait 40. 00:07:16 ago Routing Descriptor Blocks: * 10. 00:00:03 ago.

com OSPF Scalability • Less topology info & less routing info means lower resource utilization • OSPF areas add scalability by hiding topology information.www. Inc www. EIGRP.com OSPF Summarization • OSPF supports two types of summaries – Internal Summarization (Type-3 LSAs) – External Summarization (Type-5 & 7 LSAs) • Unlike RIPv2. and BGP. OSPF summarization (aggregation) cannot be performed at arbitrary places in the topology – Internal summarization only on ABRs – External summarization only on ASBRs Copyright © 2010 Internetwork Expert. Inc www.INE. but they don’t hide reachability information • NLRI can be reduced in OSPF by implementing – Summarization – Stub areas Copyright © 2010 Internetwork Expert.INE.INE.com Copyright © 2010 Internetwork Expert .

INE.www.com OSPF Internal Summarization • Configured only on ABRs • Takes intra-area (O) routes and summarizes them into inter-area (O IA) routes as they move between areas • area [source area-id] range [network] [mask] • Automatically generates route to Null0 Copyright © 2010 Internetwork Expert. Inc www.com OSPF External Summarization • Configured only on ASBRs • Takes routes external to OSPF domain and summarizes them as OSPF external routes (E1/E2/N1/N2) when redistributed • summary-address [network] [mask] • Automatically generates routes to Null0 Copyright © 2010 Internetwork Expert. Inc www.INE.INE.com Copyright © 2010 Internetwork Expert .

3 0.com OSPF Internal Summarization Configuration R2# router ospf 1 area 1 range 10.3 255.35.50.1.0 area 1 network 10.3 0.1/24 Fa0/0 10.255.0 area 1 Copyright © 2010 Internetwork Expert.32.0.0 area 1 network 10.32.1.255.1.255. Inc www.0/24 VLAN 6 Lo0 10.0.3/24 Lo0 10.0 255.32.255.1.3/24 Lo34 10.33.6/24 Fa0/1 R6 Fa0/0 Area 2 Fa0/0 Lo0 10.0 R3# interface Loopback32 ip address 10.255.1.2.3 255.34.0.0.3 255.4/24 Lo0 10.3 0.INE.INE.0/24 Fa0/0 Lo32 10.2/24 40 5 5 20 504 502 S0/0/0 R5 Lo0 10.0.1.1.0.0.1.5.1.3/24 Lo35 10.com Copyright © 2010 Internetwork Expert .35.0.1.4.3.1.3/24 Lo0 10.1.3/24 Lo33 10.0 ip ospf network point-to-point ! router ospf 1 network 10.33.INE.6.1.1.60.1.1.1.255.0/24 VLAN 23 Area 1 R2 Fa0/0 S0/0 Copyright © 2010 Internetwork Expert.255. Inc www.1.1.32.255.34.0 ip ospf network point-to-point ! interface Loopback35 ip address 10.1.33.0/24 VLAN 146 R1 R4 S0/0/0 10.0 ip ospf network point-to-point ! interface Loopback34 ip address 10.23.1.1.0 area 1 network 10.35.255.com OSPF Internal Summarization Example 10.34.252.0/24 VLAN 5 10.1.245.146.1.3 0.3 255.1.www.5/24 Area 0 R3 Fa0/0 10.0 ip ospf network point-to-point ! interface Loopback33 ip address 10.

4.0/8 is variably subnetted.4. 12 subnets. FastEthernet0/0 O E2 10.1.1.0 OSPF Router with ID (10. 00:05:05.245.23.1.4.1.0/24 [110/66] via 10. FastEthernet0/0 O 10. FastEthernet0/0 O 10.1.1.1.32.5/32 [110/65] via 10. 00:05:05.6.3. FastEthernet0/0 Copyright © 2010 Internetwork Expert. Serial0/0 O IA 10.1.4/32 [110/65] via 10.0/8 is variably subnetted. Serial0/0 O IA 10.3.6.1.1.4.4.1.5.245. 00:07:48.32.146.245.4/32 [110/65] via 10. 00:05:05. FastEthernet0/0 O 10.1.32. Serial0/0 O IA 10.com Internal Summarization Verification (cont.3.23.146.1.1.146.INE. 00:07:48. 00:05:05.1.0/24 [110/66] via 10.1.5.60.1.1.4. 16 subnets. Serial0/0 O IA 10.1.0 (summary Network Number) Advertising Router: 10. DC.1.146.1.1. Serial0/0 R5#show ip route ospf 10.5.32.5.1.1. 12 subnets. 00:05:05.4.1.33.2/32 [110/66] via 10.0/24 [110/20] via 10. 00:07:48.com Copyright © 2010 Internetwork Expert .) R5#show ip ospf database summary 10.3.245.1.146. 00:09:58.1.1. 00:05:10. 00:07:15. FastEthernet0/0 O 10.1.INE.1. FastEthernet0/0 O 10.32.INE. 00:05:05.4.1.2/32 [110/65] via 10.0.6) (Process ID 1) Summary Net Link States (Area 2) Routing Bit Set on this LSA LS age: 467 Options: (No TOS-capability.0/24 [110/65] via 10.245.0/24 [110/2] via 10.1/32 [110/66] via 10. 00:07:48.4.4.1. 00:11:12.1.146.1.245.0/24 [110/65] via 10.0.0 OSPF Router with ID (10.1.1. 00:07:16.146. FastEthernet0/0 O IA 10.0.4.3.0/24 [110/2] via 10. 00:05:05.4. 3 masks O IA 10.32.60.245.5) (Process ID 1) Summary Net Link States (Area 0) Routing Bit Set on this LSA LS age: 466 Options: (No TOS-capability.1.4.4 LS Seq Number: 80000003 Checksum: 0x8637 Length: 28 Network Mask: /22 TOS: 0 Metric: 66 Copyright © 2010 Internetwork Expert.6/32 [110/66] via 10. 00:05:05.245. 3 masks O IA 10. FastEthernet0/0 O IA 10.0/24 [110/2] via 10.1.1.2 LS Seq Number: 80000002 Checksum: 0x20E2 Length: 28 Network Mask: /22 TOS: 0 Metric: 2 R6#show ip ospf database summary 10.245. Serial0/0 O IA 10. Serial0/0 O IA 10.2. 00:05:05.2. 00:07:48.2.1. Serial0/0 O IA 10. FastEthernet0/0 O IA 10.1.1.4.1/32 [110/66] via 10.50. 00:11:12. 00:07:48.1.5.1.4/32 [110/2] via 10.0/8 is variably subnetted.2.1.6.3. FastEthernet0/0 O 10.1. Serial0/0 O 10.3/32 [110/66] via 10. 00:05:05.1.1.245.3/32 [110/67] via 10.1. 00:05:05. Inc www.0/24 [110/20] via 10.1. Serial0/0 O 10.0/22 [110/67] via 10.1.1.32. DC. Serial0/0 R6#show ip route ospf 10.34.4. FastEthernet0/0 O IA 10.4. Inc www.www.50.1. 3 masks O IA 10. 00:07:48.0.1. 00:11:12.245.0/24 [110/65] via 10.35.23. 00:05:05. Serial0/0 O E2 10.1.1. Serial0/0 O IA 10.0/24 [110/2] via 10.4.2.1.146.32.146.1.1. 00:09:48.0/22 is a summary.245.23.245. FastEthernet0/0 O IA 10.4. 00:07:48.146.3.4.245.1.2.3.23.1.1.245.4.0.com Internal Summarization Verification R2#show ip route ospf 10.1.23.1. 00:05:05.0/24 [110/65] via 10.1.1.1.2.1. Serial0/0 O 10.146.0/22 [110/66] via 10.1.1/32 [110/2] via 10. 00:09:48.1.6/32 [110/66] via 10.0 (summary Network Number) Advertising Router: 10. Null0 O IA 10.3/32 [110/2] via 10.4.0. Upward) LS Type: Summary Links(Network) Link State ID: 10.245.1. 00:09:48.1. FastEthernet0/0 O IA 10.245. Upward) LS Type: Summary Links(Network) Link State ID: 10.5/32 [110/66] via 10.23.4.0/24 [110/66] via 10.1. Serial0/0 O IA 10. Serial0/0 O IA 10.

1.110.110.1.com OSPF External Summarization Configuration R1# interface Loopback104 ip address 10.1/24 Fa0/0 10.com OSPF External Summarization Example 10.1.255.255.255.www.106.2.1.1.6.1 255.0/24 VLAN 23 Area 1 R2 Fa0/0 S0/0 Copyright © 2010 Internetwork Expert.1.1.255.105.105.255.com Copyright © 2010 Internetwork Expert .1.255.1 255.107.109.0 ! router ospf 1 summary-address 10.4.255.INE.50.0 ! interface Loopback107 ip address 10.1 255.1 255.4/24 Lo0 10.109.0 ! interface Loopback106 ip address 10.1. Inc www.1.3/24 Lo0 10.0/24 VLAN 146 R1 Lo104 10.1/24 Lo105 10.111.1.1.1 255.0/24 Fa0/0 40 5 5 20 504 502 S0/0/0 R5 Lo0 10. Inc www.1.1 255.0 ! interface Loopback110 ip address 10.60.255.1.1 255.1.1.1/24 Lo108 10.1/24 Lo106 10.255.111.0/24 VLAN 5 10.INE.5/24 Lo0 10.146.1.108.2/24 Area 0 R3 Fa0/0 10.104.255.0 ! interface Loopback109 ip address 10.255.1/24 Lo111 10.5.0 255.1.1.1.6/24 Fa0/1 R6 Fa0/0 Area 2 Fa0/0 Lo0 10.255.255.107.255.106.3.1.245.1.1/24 R4 S0/0/0 10.104.248.0 ! interface Loopback105 ip address 10.0 redistribute connected subnets Copyright © 2010 Internetwork Expert.255.23.1.1.1/24 Lo109 10.INE.1.1.255.0 ! interface Loopback111 ip address 10.0 ! interface Loopback108 ip address 10.1/24 Lo107 10.1.1/24 Lo110 10.1.1.1 255.0/24 VLAN 6 Lo0 10.255.104.108.

6.1.0/24 is directly connected. FastEthernet0/0 10. 00:04:25.6.1/32 [110/67] via 10.2. FastEthernet0/0 10. 00:11:28. FastEthernet0/0 10.0.1.23.1.mobile.50.1.3.0/24 [110/20] via 10.1.0/24 is directly connected.1.1.candidate default. R .6/32 [110/67] via 10.1.23. su . 00:12:38.1.EIGRP.1.1. L2 . 00:12:38.23. FastEthernet0/0 10. FastEthernet0/0 R3#show ip ospf database external 10.) R3#show ip route ospf 10.1.INE.0/8 is variably subnetted.245.23.0/24 is directly connected.1.2.1.1.0/24 [110/65] via 10.0.1. 00:28:51. O .0/24 [110/2] via 10. Loopback106 10.1.1. Loopback104 10.0/24 is directly connected. Loopback0 10.1.107.4.1. FastEthernet0/0 O IA 10.4.2/32 [110/2] via 10.OSPF.1.2. FastEthernet0/0 10. FastEthernet0/0 10. 00:28:51.0 OSPF Router with ID (10.IS-IS summary.60. N2 . FastEthernet0/0 O IA 10.OSPF NSSA external type 2 E1 . 00:12:38.2.0/24 is directly connected.0 External Route Tag: 0 Copyright © 2010 Internetwork Expert. 00:12:37.3. 16 subnets.1. 00:12:37.1.0.1. 00:28:51.1.1. 00:12:37.104.IS-IS level-1.IS-IS level-2 ia .1.1. FastEthernet0/0 10.23.105.0/21 [110/20] via 10.32. DC) LS Type: AS External Link Link State ID: 10. Loopback110 10.4. 00:28:51.1.OSPF external type 2 i .1. 00:12:38.1 LS Seq Number: 80000002 Checksum: 0x48DD Length: 36 Network Mask: /21 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 0.1.RIP. 00:28:51. Loopback107 10.4/32 [110/2] via 10.60.com External Summarization Verification R1#show ip route Codes: C . Inc www.146.0/24 [110/66] via 10.5.23.146.23. M . FastEthernet0/0 O IA 10.0/21 is a summary.146.3/32 [110/67] via 10.1.1.0/24 is directly connected.1. 00:07:20.2.IS-IS.2.146.IS-IS inter area.23.1.104.OSPF external type 1.INE.1.0/24 [110/65] via 10.108. 4 masks 10.23.5/32 [110/66] via 10.0.5/32 [110/66] via 10.0/24 [110/66] via 10.111. FastEthernet0/0 O IA 10.0/24 is directly connected.0/24 [110/20] via 10.4.1. L1 .1.5.1. FastEthernet0/0 10.ODR.2.23. FastEthernet0/0 O E2 10. FastEthernet0/0 O E2 10. P .periodic downloaded static route Gateway of last resort is not set 10. FastEthernet0/0 O 10.50.1. EX .1.1.146.245.2.1.2.4/32 [110/66] via 10.1.1. IA .4. Loopback108 10.146. 00:28:51.0/24 [110/67] via 10.146.146.0/24 is directly connected. Inc www.1. 21 subnets. Loopback109 10.0 (External Network Number ) Advertising Router: 10.1. FastEthernet0/0 10. FastEthernet0/0 10.2.1.109.6. 00:12:37.EIGRP external.1.1. B .110.0/24 is directly connected.0/24 is directly connected. 00:12:38.146.104.1. S .1. FastEthernet0/0 O IA 10. U . E2 .104.connected.23.0.4.4.www.OSPF NSSA external type 1.0/8 is variably subnetted.1. Loopback105 10.1.6.1.2/32 [110/66] via 10.0.com External Summarization Verification (cont. Loopback111 10.146.static. FastEthernet0/0 C O O O O O O O O O C C C C O C C C C C O IA IA IA IA IA E2 IA Copyright © 2010 Internetwork Expert.0/22 [110/67] via 10. Null0 10. 3 masks O IA 10.com Copyright © 2010 Internetwork Expert .1.146. 00:28:51.104. FastEthernet0/0 O IA 10.6/32 [110/2] via 10.106.OSPF inter area N1 .146. * .3) (Process ID 1) Type-5 AS External Link States Routing Bit Set on this LSA LS age: 460 Options: (No TOS-capability.1.INE. 00:12:37.per-user static route o .4.2.1.4. 00:28:51.4.BGP D .2.

INE. a default route Copyright © 2010 Internetwork Expert.0.0/16 and 100.com OSPF Stub Areas • Summarization saves resources by taking multiple longer match prefixes and combining them into a smaller amount of shorter matches – e. and/or Type-5 filtered depending on stub type • The reachability information removed is then replaced with a default route – Still allows reachability to removed routes (in most cases) Copyright © 2010 Internetwork Expert.INE. Inc www.www. Type-4. to stop LSAs from entering the area – Type-3. Inc www. OSPF stub areas reduce NLRI by taking prefixes of the same LSA type and combining them into the shortest match possible.0.0/16 become one route 100.0/15 • Using the same logic.0.0.com Copyright © 2010 Internetwork Expert .g two routes 100.INE.0.1.com How OSPF Stub Areas Work • Stub areas use the common transit point of the OSPF topology. the ABR.

INE.com Copyright © 2010 Internetwork Expert .com OSPF Stub Areas • Stub Area logic – – – – I know how to get to my ABR My ABR knows how to get to the ASBRs The ASBRs knows how to get to the external routes If I default to the ABR. Inc www.com OSPF Stub Area Types • Four stub area types control which routes (LSAs) can enter the area • Stub Area – Stops external routes • Totally Stubby Area – Stops inter-area and external routes • Not-So-Stubby Area (NSSA) – Stops external routes but allows local redistribution • Not-So-Totally-Stubby Area – Stops inter-area and external routes but allows local redistribution • All routers in the area must agree on the stub flag Copyright © 2010 Internetwork Expert. I don’t need the specific external routes • area [area-id] stub on all routers in the area • Result – ABR removes LSAs 4 (ASBR) & 5 (External) – ABR originates default route Copyright © 2010 Internetwork Expert.www.INE.INE. Inc www.

0/24 [110/2] via 10.23.1.1.1. FastEthernet0/0 O IA 10. 00:00:04. 00:00:04. 00:00:04.245.3. Serial0/0 O IA 10.32.2.6/32 [110/67] via 10.0/22 is a summary.0/21 [110/20] via 10. 00:00:04. FastEthernet0/0 O IA 10.5.23. FastEthernet0/0 O IA 10.4.6.60.1.2.1.1/32 [110/66] via 10. 00:00:04.23.1.1. 00:00:04.1. FastEthernet0/0 O 10.1.1. FastEthernet0/0 O 10.0.com Stub Area Configuration & Verification R2# router ospf 1 area 1 stub R3# router ospf 1 area 1 stub R2#show ip route ospf 10.245.0.0/24 [110/66] via 10.104.1. FastEthernet0/0 O 10.23.1.com OSPF Stub Area Example 10.0.1.www.0/24 [110/66] via 10.245. 00:00:04.23.245.4.5.2.34. Serial0/0 O 10. Serial0/0 O 10.3.1. FastEthernet0/0 O IA 10.60.INE.146. 00:00:19.0/24 [110/2] via 10.1.1.1. 00:00:04.0/24 [110/65] via 10.3.23. FastEthernet0/0 Copyright © 2010 Internetwork Expert.1.1.33. 00:00:04.35.0/8 is variably subnetted.0/24 VLAN 6 Stub Area Copyright © 2010 Internetwork Expert.2.245.1. 00:00:04.23. FastEthernet0/0 O IA 10.2/32 [110/2] via 10.4/32 [110/66] via 10.1.1.245.1.1.4/32 [110/65] via 10.0/24 [110/65] via 10.2.0/24 [110/2] via 10. Inc www. 4 masks O IA 10. FastEthernet0/0 O*IA 0.5/32 [110/65] via 10.INE.1.1.23. 00:00:04.1. Inc www. FastEthernet0/0 O IA 10.1/32 [110/67] via 10.245.2. 00:00:04.245. 00:00:04.0/0 [110/2] via 10.50.0/8 is variably subnetted.2.4.4. FastEthernet0/0 O IA 10.INE. 2 masks O IA 10. Serial0/0 O 10.1.6/32 [110/66] via 10.1.1.3.245.146.1.1.23.1.0.1. FastEthernet0/0 O 10.1.4.6.3/32 [110/2] via 10. 00:00:04. 00:00:04.0/24 [110/20] via 10.0.5.1.60. FastEthernet0/0 O 10.1.1.4.3. Null0 O IA 10.1. 14 subnets. 00:00:04.32.2.23. 00:00:04. Serial0/0 O E2 10.4.3.23.1. 00:00:04.5.0/24 [110/67] via 10. Serial0/0 O IA 10.2.2. Serial0/0 O E2 10.1.1. 17 subnets.0/24 [110/2] via 10. 00:00:04. Serial0/0 R3#show ip route ospf 10.4.1.23.1. 00:00:04. 00:00:04.1.com Copyright © 2010 Internetwork Expert .1. 00:00:04.0.23.23.1.5/32 [110/66] via 10.

4 Age 1139 Seq# Checksum 0x80000001 0x004BCF Copyright © 2010 Internetwork Expert.4.com Stub Area Verification (cont.1.3.4 10.1.1.INE.1.5.2 Age 102 102 102 102 102 103 103 103 Seq# 0x80000001 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x0035F9 0x001AC4 0x00D009 0x00BB1C 0x00B024 0x00980C 0x00D876 0x008963 Summary Net Link States (Area 0) Link ID 10.4.1.1.0 ADV Router 10.2.1.3.1.1.1.1.1.2 10.1.0 ADV Router 10.5 10.1.0 10.1 ADV Router 10.1.1.2 10.1.2.2 10.1.1.1.) R3#show ip ospf database OSPF Router with ID (10.1.1.1 Age 325 105 Seq# Checksum Tag 0x80000002 0x008BC1 0 0x80000003 0x0046DE 0 Summary ASB Link States (Area 0) Link ID 10.4 10.1.1.5.4 10.4.1.32.1.www.1.3.2.60.1.4 10.3 Router Link States (Area 1) ADV Router 10.1.com Copyright © 2010 Internetwork Expert .) R2#show ip ospf database OSPF Router with ID (10.0 10.2 10.1.4.1.6 10.2 10.3 Age 2326 94 91 Seq# Checksum Link count 0x80000002 0x00CF77 2 0x80000005 0x008523 2 0x8000000A 0x00E0C5 6 Net Link States (Area 1) Link ID 10.0 10.50.0 10.2 10.1.1.4.INE.1.245.2 Age 110 110 110 110 110 110 110 110 Seq# 0x80000001 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x0035F9 0x001AC4 0x00D009 0x00BB1C 0x00B024 0x00980C 0x00D876 0x008963 Copyright © 2010 Internetwork Expert.1.3.2.0. Inc www.1.2 10.5 10.5 Age 307 311 322 Seq# Checksum Link count 0x80000003 0x006267 1 0x80000003 0x003A85 1 0x80000003 0x006132 2 Link ID 10.1.1.0 10.1 10.2.2.com Stub Area Verification (cont.2.1.4 10.0 10.2 10.1.2 10.2 10.2 10.4 10.2 10.3.245.146.2.1.1.1.1.INE.4 Age 311 307 85 311 311 90 86 312 312 Seq# 0x80000002 0x80000002 0x80000001 0x80000002 0x80000002 0x80000004 0x80000001 0x80000002 0x80000002 Checksum 0x0061B8 0x005CC0 0x0053C7 0x0018FC 0x00F718 0x008483 0x0022E1 0x00DFFF 0x00206A Type-5 AS External Link States Link ID 10.2 10.1.2 10.2 10.0 10.2.2 10.1.2.2.1.4.2.3 Age 2333 103 97 Seq# 0x80000002 0x80000005 0x8000000A Checksum 0x00CF77 0x008523 0x00E0C5 Link count 2 2 6 Net Link States (Area 1) Link ID 10.1.2.1.0.1.5 ADV Router 10.1.1.3) (Process ID 1) Router Link States (Area 1) Link ID 10.2.1.1.1.0 10.1.0 ADV Router 10.3.0 10.5.1.2 10.1.6 10.1 10.1.1.6.2 10.5 ADV Router 10.3 10.5 10.146.1 10.1.1.0.1.1.23.1.6.2 10.2.1.1.1.1.1.5.4.1.1.4 10.4.1. Inc www.104.4 10.1.3 Age 91 Seq# Checksum 0x80000004 0x00BB27 Net Link States (Area 0) Link ID 10.3 Age 97 Seq# Checksum 0x80000004 0x00BB27 Summary Net Link States (Area 1) Link ID 0.4.3 ADV Router 10.4 10.1.4.5.2.1 10.5 Age 322 Seq# Checksum 0x80000002 0x0041A1 Summary Net Link States (Area 1) Link ID 0.1.2.6 10.1.60.2 10.3 ADV Router 10.146.1 10.1.245.2.2.0.2.1.2.2 10.1.5.0 ADV Router 10.2.1 10.6.2) (Process ID 1) Router Link States (Area 0) Link ID 10.1.1.23.3.2 10.60.1.1.2 10.0 10.2.3.1.1.2.4.1.1 10.3 ADV Router 10.2.2 10.2.1.2 10.2.2.1.23.

Inc www.INE.1.0/24 VLAN 6 Totally Stubby Area Copyright © 2010 Internetwork Expert. Inc www.www. & 5 (External) – ABR originates default route Copyright © 2010 Internetwork Expert.com OSPF Totally Stubby Areas • Totally Stub Area logic – – – – I know how to get to my ABR My ABR knows how to get to other areas and to the ASBRs The ASBRs knows how to get to the external routes If I default to the ABR. I don’t need the specific inter-area or external routes • area [area-id] stub on the internal routers in the area • area [area-id] stub no-summary on the ABR(s) of the area • Result – ABR removes LSAs 3 (Inter-Area).com OSPF Totally Stubby Area Example 10.com Copyright © 2010 Internetwork Expert . 4 (ASBR).INE.60.INE.

4 10.245.33.4 Age 1483 Seq# Checksum 0x80000001 0x004BCF Copyright © 2010 Internetwork Expert.1.23.1.INE.245.1.1.0 10. 00:00:16.2 10.1. 00:06:05.1.2 10.1/32 [110/66] via 10.3.INE. Inc www.4. 00:00:16.32.2. Serial0/0 O 10.5/32 [110/65] via 10.1.4 10.245.1.2. Serial0/0 O E2 10.60.INE. 00:00:16.1.1.4 10.5.1.23.34. 00:00:16.0/22 is a summary.4.4 10.1.245.23.2.4.0/24 [110/2] via 10.3.1.com Copyright © 2010 Internetwork Expert .4.1.1.5 ADV Router 10.1.4 10.4.1.1.2.5.1.2 10.0/24 [110/2] via 10.1. FastEthernet0/0 O IA 10.1.1.2.245.1.5.4/32 [110/65] via 10.3. Null0 O IA 10.1.0 Checksum 0x0061B8 0x005CC0 0x0053C7 0x0018FC 0x00F718 0x008483 0x0022E1 0x00DFFF 0x00206A Net Link States (Area 1) ADV Router 10.0.146. FastEthernet0/0 O 10.50.5 Age 665 Summary Net Link States (Area 1) ADV Router 10.23.1.1.1.0 ADV Router 10.1.6. FastEthernet0/0 O*IA 0.1.2. 00:00:16.6 10.4.2 10.3 Seq# Checksum 0x80000002 0x0041A1 Link ID 0.0/24 [110/66] via 10.0. FastEthernet0/0 O 10.0/8 is variably subnetted.3/32 [110/2] via 10.245.1.146.3.1 10.4.1.1 ADV Router 10.com Totally Stubby Area Config & Verification R2# router ospf 1 area 1 stub no-summary R3# router ospf 1 area 1 stub R2#show ip route ospf 10.0.1.1.1. 7 subnets.1.2 10.1 10. 00:00:16.2 10.1. 00:00:16.4.4.2.35.0/0 [110/2] via 10.4.1.1.2 10.3.23.0. 00:00:16.1 10. 00:00:16.104.23.4.1.1.) R2#show ip ospf database Router Link States (Area 1) OSPF Router with ID (10.1.4.1.2.1.1. Serial0/0 O E2 10.4 10.2.1.245.3 ADV Router 10.1.5 Age 650 654 665 Seq# Checksum Link Link ID count 10.2 10. 00:00:16.1 Age 667 84 Seq# Checksum Tag 0x80000002 0x008BC1 0 0x80000004 0x0044DF 0 Summary ASB Link States (Area 0) Link ID 10.3.1.0 10.0.0.0/24 [110/2] via 10.5.1.0/24 [110/2] via 10.2) (Process ID 1) Router Link States (Area 0) Link ID count 10.3 Age 434 Seq# Checksum 0x80000004 0x00BB27 Net Link States (Area 0) Link ID 10.1. Serial0/0 O 10.60.1.1. Serial0/0 O IA 10.4.2.1.0/8 is variably subnetted.www.1.1.1.0 10.23.32.4.1.3.0/21 [110/20] via 10.5.3.6/32 [110/66] via 10.1.1. 2 masks O 10.1.32. 4 masks O IA 10.5.0.1.245.1.1.0.1.3 Age 2668 437 434 Seq# Checksum Link 0x80000002 0x00CF77 2 0x80000005 0x008523 2 0x8000000A 0x00E0C5 6 0x80000003 0x006267 1 0x80000003 0x003A85 1 0x80000003 0x006132 2 Link ID 10.23.3. Serial0/0 O 10.0 ADV Router 10.2. 00:00:16.23. FastEthernet0/0 Copyright © 2010 Internetwork Expert. FastEthernet0/0 O 10.1.4 Age 654 650 428 654 654 433 429 655 655 Seq# 0x80000002 0x80000002 0x80000001 0x80000002 0x80000002 0x80000004 0x80000001 0x80000002 0x80000002 Type-5 AS External Link States Link ID 10. 00:00:16. 00:00:06.1.0/24 [110/65] via 10.1.4 10.5 10.3 10. FastEthernet0/0 O 10.4.1. Serial0/0 O IA 10. Serial0/0 R3#show ip route ospf 10.50.1.104.1.1. Inc www. 17 subnets.2/32 [110/2] via 10.4.1.1.com Totally Stubby Area Verification (cont.1.6.2 10.0 10.1.2 Age 82 Seq# Checksum 0x80000002 0x0033FA Summary Net Link States (Area 0) Link ID 10.1.1. 00:00:16.0/24 [110/20] via 10.2.1.2. 00:00:19.2.5 ADV Router 10.3.1.5.245.

2.3.com Copyright © 2010 Internetwork Expert .2.1 10.2 10.INE.com OSPF Not-So-Stubby Areas (NSSA) • NSSA logic – Stub areas block external routes from coming from other areas – What if I want to redistribute directly into the stub area itself? – Filter like a stub area. Inc www.1.1.2 Age 89 Seq# Checksum 0x80000002 0x0033FA Copyright © 2010 Internetwork Expert.3.1.3.2. but make an exception for local redistribution • This exception requires the new Type 7 LSA (NSSA External) • area [area-id] nssa on all routers in the area • Result – Redistributing router in NSSA generates Type 7 external instead of Type 5 – ABR changes Type 7 into Type 5 as it is sent into area 0 – ABR removes LSAs 4 (ASBR) & 5 (External) from coming into the area – ABR does not originate default route Copyright © 2010 Internetwork Expert.1.1.3 ADV Router 10.1 10.0 ADV Router 10.www.1.1.com Totally Stubby Area Verification (cont.0.3 ADV Router 10.0.2 10.1.23.3 Age 2674 444 439 Seq# Checksum Link 0x80000002 0x00CF77 2 0x80000005 0x008523 2 0x8000000A 0x00E0C5 6 Net Link States (Area 1) Link ID 10.3) (Process ID 1) Router Link States (Area 1) Link ID count 10.) R3#show ip ospf database OSPF Router with ID (10.INE.1.3.1. Inc www.INE.1.3 Age 439 Seq# Checksum 0x80000004 0x00BB27 Summary Net Link States (Area 1) Link ID 0.1.

INE.com Copyright © 2010 Internetwork Expert .www. hold an election – ABR with highest router-id becomes NSSA Translator – Traffic doesn’t necessarily transit the translator • See RFC 3101 “The OSPF Not-So-Stubby Area (NSSA) Option” for details Copyright © 2010 Internetwork Expert. Inc www.INE. Inc www.INE.com Type 7 LSA Translation • N1/N2 routes exist only inside the NSSA • Changed on ABR to E1/E2 routes as they enter area 0 – ABR called “NSSA Translator” • If multiple ABRs.com Type 7 LSA In Detail • Type 7 – NSSA External LSA • Generated by ASBR inside NSSA – Flooded only within NSSA – Changed into Type 5 LSA as it leaves the area • Describes routes ASBR is redistributing – Metric – Metric Type • Type 1 = N1 • Type 2 = N2 (default) – Forward Address • Who should I route towards to reach the link? • Usually the ASBR itself. but could be someone else in some designs – Route Tag • show ip ospf database nssa-external [Link ID] Copyright © 2010 Internetwork Expert.

107.0/24 [110/66] via 10.4.1.1.4. Loopback106 10.105. su . 00:01:38. E2 .4.0/24 is directly connected. N2 .2/32 [110/66] via 10.0/24 is directly connected.60.6.1.60.1. Inc www.1.146.6.INE. FastEthernet0/0 10.1.0.static.6/24 Not So Stubby Area Fa0/1 R6 Fa0/0 Area 2 Fa0/0 Lo0 10.3.5/24 Lo0 10.1.5. IA .OSPF inter area N1 .1.1.0.0/24 is directly connected.1/24 Fa0/0 10.0/24 VLAN 146 R1 Lo104 10. P . 00:01:37.0/22 [110/67] via 10. FastEthernet0/0 10.1.1.1/24 Lo111 10.32.1/24 Lo108 10.OSPF NSSA external type 2 E1 . FastEthernet0/0 10.1.1.1.1.BGP D .1.146.1.1.1.146. Inc www.1.108.1/24 Lo107 10.245.146.OSPF external type 2 i .1.1. Loopback105 10.3.1. FastEthernet0/0 10.0/24 is directly connected.109.com Copyright © 2010 Internetwork Expert .1/24 Lo106 10.1.www. R .109.2.0/24 Fa0/0 40 5 5 20 504 502 S0/0/0 R5 Lo0 10.146.146.2. 19 subnets.com OSPF NSSA Example 10.146.0/8 is variably subnetted.1.4.6/32 [110/2] via 10. S .1.1. * .INE. 00:01:37.IS-IS level-1. Loopback109 10.0/24 is directly connected.IS-IS. FastEthernet0/0 10.1.1.4/32 [110/2] via 10. FastEthernet0/0 10.EIGRP external.OSPF.4.0/24 is directly connected.107.com OSPF NSSA Config & Verification R1# router ospf 1 area 2 nssa redistribute connected subnets R4# router ospf 1 area 2 nssa R6# router ospf 1 area 2 nssa R1#show ip route Codes: C .146.1.EIGRP.IS-IS summary.6.1/24 R4 S0/0/0 10.1.111. 00:01:37.1.1.5/32 [110/66] via 10.0/24 is directly connected.0/24 [110/65] via 10. FastEthernet0/0 C O O O O O O O O C C C C C C C C C O IA IA IA IA IA IA Copyright © 2010 Internetwork Expert. 00:01:38.periodic downloaded static route Gateway of last resort is not set 10.1.0/24 VLAN 23 Area 1 R2 Fa0/0 S0/0 Copyright © 2010 Internetwork Expert.146.106. B .1.0/24 is directly connected.23.4/24 Lo0 10. Loopback108 10. U .1.ODR.146.IS-IS inter area. M .1/24 Lo105 10.IS-IS level-2 ia .4. Loopback110 10. Loopback0 10.106.OSPF NSSA external type 1.111.1/24 Lo109 10. L2 .4. O .110. FastEthernet0/0 10.1.per-user static route o .1.4. 00:01:38.5.1/24 Lo110 10.0/24 VLAN 6 Lo0 10.4.1.OSPF external type 1.candidate default. 00:01:38.0/24 VLAN 5 10.104.3/24 Lo0 10.1.108. Loopback107 10.6.3/32 [110/67] via 10.0/24 is directly connected.2/24 Area 0 R3 Fa0/0 10. FastEthernet0/0 10.mobile. Loopback104 10. 00:01:37. FastEthernet0/0 10. 00:01:37.1. 3 masks 10.1.245.0/24 [110/2] via 10.105.146.1.1.110.0/24 is directly connected.1.connected.23.1. Loopback111 10. EX . L1 .50.1.1.RIP.1.104.INE.

0/24 [110/20] via 10.1.0/22 [110/66] via 10.1. 3 masks O 10. FastEthernet0/0 O IA 10.1.0/24 [110/20] via 10. 00:00:50.5/32 [110/66] via 10. FastEthernet0/0 O N2 10.104.0/24 [110/20] via 10.1. FastEthernet0/0 O IA 10.1.146.32. FastEthernet0/0 O N2 10.2/32 [110/65] via 10.4. Serial0/0 O IA 10.5/32 [110/65] via 10. 00:01:00.1. 00:00:50.245.245.1.111.1.1. 20 subnets.146.0/24 [110/65] via 10. Serial0/0 O E2 10.1. FastEthernet0/0 O N2 10. 3 masks O IA 10.2. 00:00:34.1.1. 00:00:50.1.4.0/24 [110/2] via 10.146.3/32 [110/67] via 10.1.6/32 [110/2] via 10. FastEthernet0/0 O N2 10.0.1.104.4.107. FastEthernet0/0 O N2 10. 00:00:34. 00:00:50. 00:00:35.245.1.105.2/32 [110/65] via 10.com OSPF NSSA Verification (cont. 00:00:50. FastEthernet0/0 O N2 10.146.60.1.1.4.4.1. 00:00:50.1.1. 00:00:34.1.1.4.0/24 [110/20] via 10.245.1.1.0/24 [110/65] via 10.1.1.) R4#show ip route ospf 10.1. 00:00:50.1. FastEthernet0/0 O N2 10.1/32 [110/2] via 10.245. Serial0/0 O IA 10.1.1.0/24 [110/20] via 10.0/24 [110/20] via 10.1. 00:00:34. Serial0/0 O E2 10.5.0/24 [110/20] via 10.1.245.0/22 [110/67] via 10.1. 00:01:00. Serial0/0 O E2 10. 00:00:34.4. 00:00:40.0/8 is variably subnetted.1.0/24 [110/65] via 10.146.0/24 [110/20] via 10.1.1.4.2.1. FastEthernet0/0 R6#show ip route ospf 10.4.0/24 [110/20] via 10.146.105.1. 00:00:50. 00:01:00. 00:01:00.4.1.146.0/24 [110/66] via 10.146.1. Serial0/0 O IA 10.3/32 [110/66] via 10.1. FastEthernet0/0 O 10.106.1. FastEthernet0/0 O N2 10. FastEthernet0/0 O E2 10.245.4.1. FastEthernet0/0 O N2 10.1. FastEthernet0/0 O IA 10. FastEthernet0/0 O N2 10.1.0/24 [110/20] via 10.1. Serial0/0 O E2 10. 00:00:41. 00:00:46.1.1.1.1.2/32 [110/66] via 10.1.245. Serial0/0 O IA 10.108.1.146.110.146.1. Serial0/0 O IA 10.1. FastEthernet0/0 O N2 10.1.1. 00:00:51. Serial0/0 O IA 10.111.245.6.1. Serial0/0 O IA 10.2.1.0/22 [110/66] via 10.1.0/24 [110/20] via 10.1.107.4.2. Serial0/0 O 10.1. Serial0/0 O E2 10.0. Serial0/0 O E2 10. Serial0/0 Copyright © 2010 Internetwork Expert. FastEthernet0/0 O IA 10.com OSPF NSSA Verification (cont.5.1.3.1.245.146. Inc www.1.245.1.1.245. 00:00:40. 00:00:51. FastEthernet0/0 O N2 10.1.245.1.146.1.0/24 [110/20] via 10. 00:00:34.1. 00:00:40.4/32 [110/2] via 10.5. FastEthernet0/0 O N2 10.23.109.32.245.108. FastEthernet0/0 Copyright © 2010 Internetwork Expert. 00:00:50.6/32 [110/66] via 10.0/24 [110/20] via 10.0/24 [110/65] via 10.109.1. 00:01:01.245.1.104.1.2. Serial0/0 O IA 10.1. 00:00:50.0/24 [110/20] via 10.0/24 [110/20] via 10.INE.146.60. 00:00:40.2.2.245.0.1/32 [110/66] via 10.146. 00:01:00. FastEthernet0/0 O 10.146.23.1. 00:00:34.110.146.109.146.0/8 is variably subnetted.1.1.2. 00:00:40.1.1.4.146.106.6.1.1.105.146.1.www. 3 masks O IA 10.50.1.1.107.1. 00:00:35.INE.146. FastEthernet0/0 O IA 10. 00:00:34.0/8 is variably subnetted. 20 subnets. 00:00:59.146.1. 00:00:34.) R5#show ip route ospf 10.1.245.23.2. 00:00:50.1/32 [110/2] via 10.1.1.1.3.106.1. 00:00:34.1.146.1. FastEthernet0/0 O IA 10. 00:00:34.245.1.0/24 [110/20] via 10. 00:00:40.245. 00:00:41.4.1.1.0/24 [110/20] via 10.1.3.4.146.4.1.1.1.1.0/24 [110/20] via 10.146.4. 00:00:51.110.5.1.1.INE. Serial0/0 O IA 10.146. 00:00:50.1. 00:00:50.0. Serial0/0 O N2 10.1.2.1.0/24 [110/66] via 10.245. Inc www. Serial0/0 O E2 10.0/24 [110/20] via 10.1.1.146.0/24 [110/20] via 10.108.0.1.2. Serial0/0 O 10.6.4.0/24 [110/20] via 10.245. Serial0/0 O E2 10.146.1.1.com Copyright © 2010 Internetwork Expert .4. FastEthernet0/0 O 10.4/32 [110/65] via 10.146.4.1.245. 00:00:50.1.1. 00:00:34.0/24 [110/20] via 10.245.1. 00:00:34. 00:00:50. Serial0/0 O IA 10.0.1.0/24 [110/20] via 10. 19 subnets.1.111.32.0/24 [110/20] via 10.3/32 [110/66] via 10.4. FastEthernet0/0 O N2 10.1.4.245. 00:00:35.0/24 [110/20] via 10.6. Serial0/0 O IA 10. FastEthernet0/0 O N2 10.1.1.

1.4 10.1.1.1.1.1.4 10.6.1.) R1#show ip ospf database OSPF Router with ID (10.6.1.1.146.4.1.1.1.1.1.1.1.1.1.1.1.1.1 10.111.2 10.6 ADV Router 10.0 ADV Router 10.4 10.1.1 10.4 10.1.1.4.1.5.1.1.1.0 10.1.1.1.1.1.6 Age 335 Seq# Checksum 0x80000005 0x000733 Summary Net Link States (Area 2) Link ID 10.4.4.4 10.1 10.0 10.1 10.1.www.0 10.) R6#show ip ospf database OSPF Router with ID (10.1.6 Age 4 158 340 Seq# 0x80000001 0x80000007 0x80000005 Checksum 0x00BBF4 0x00F79C 0x00B77B Link count 2 2 3 Net Link States (Area 2) Link ID 10.4.104.6) (Process ID 1) Router Link States (Area 2) Link ID 10.4 10.23.1.1.1.4 10.1.4 10.1 10.1.0 ADV Router 10.1 10.1.1.1.1 10.1.105.1.0 10.111.1.1 Age 25 25 25 25 25 25 25 25 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.1.1.com OSPF NSSA Verification (cont.com OSPF NSSA Verification (cont.1 Age 0 0 0 0 0 0 0 0 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.1.1.4.4 Age 378 378 378 378 378 378 Seq# 0x80000003 0x80000002 0x80000003 0x80000002 0x80000002 0x80000003 Checksum 0x006869 0x005F70 0x0029A2 0x009629 0x002E8A 0x00F6E9 Type-7 AS External Link States (Area 2) Link ID 10.4 Age 355 355 355 355 355 355 Seq# 0x80000003 0x80000002 0x80000003 0x80000002 0x80000002 0x80000003 Checksum 0x006869 0x005F70 0x0029A2 0x009629 0x002E8A 0x00F6E9 Type-7 AS External Link States (Area 2) Link ID 10.1.106.INE.1.4 10.2.1.1 10.6.32.4.1.1 10.1.107.0 10.1.1.1.1.1.0 10.1.0 10.5 10.1.1.3 10.146.1.1.5 10.1.0 10.245.0 ADV Router 10.1.4.2 10.1.0 10.3 10.1.4 10.4.0 10.108.4 10.6.4 10.1.4.1.1) (Process ID 1) Router Link States (Area 2) Link ID 10.4.23.0 10.108.6.1.1 10.1 10.1.1.6.6 Age 358 Seq# Checksum 0x80000005 0x000733 Summary Net Link States (Area 2) Link ID 10.4.4.109.4.106.32.INE.1 10.1.6 ADV Router 10.1.105.com Copyright © 2010 Internetwork Expert .245.0 10.1.1 10.1 10.1.4 10.1.1 10.1.109.1 10.0 10.INE.1.6 ADV Router 10.1.1.1 10.4 10.110.1 10.1.5.1.0 10.6.1.1.4.3.4.2.1.1.0 10.1.0 ADV Router 10.3.0 10.104.1.1.1.0 10.107.1.0 10.6 Age 20 181 363 Seq# 0x8000000B 0x80000007 0x80000005 Checksum 0x00A7FE 0x00F79C 0x00B77B Link count 2 2 3 Net Link States (Area 2) Link ID 10. Inc www. Inc www.110.1.6 ADV Router 10.

245.4.0 10.4.109.2 10.106.0 ADV Router 10.0 10.4 10.1.108.4) (Process ID 1) Router Link States (Area 0) Link ID count 10.3 10.5.1.1.1.4.0 10.4.1.106.1.2 10.1.1.4.0 ADV Router 10.1.4 Age 1529 39 39 39 39 39 39 39 39 Seq# 0x80000002 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 Checksum 0x008BC1 0x00DB31 0x00D03B 0x00C545 0x00BA4F 0x00AF59 0x00A463 0x00996D 0x008E77 Tag 0 0 0 0 0 0 0 0 0 Router Link States (Area 2) Link ID count 10.1.4.2.1.1 10.6.3 10.0 10.5.4.1.32.5 10.4 10.4 10.5.1.1.5 Age 1527 Seq# Checksum 0x80000002 0x0041A1 Summary Net Link States (Area 0) Link ID 10.146.1.1.4 Age 1564 75 75 75 75 75 75 75 75 Seq# 0x80000002 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 Checksum 0x008BC1 0x00DB31 0x00D03B 0x00C545 0x00BA4F 0x00AF59 0x00A463 0x00996D 0x008E77 Tag 0 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.0 10.1.0 10.6.1.6 Age 44 204 389 Seq# Checksum Link 0x8000000B 0x00A7FE 2 0x80000007 0x00F79C 2 0x80000005 0x00B77B 3 Net Link States (Area 2) Link ID 10.5 ADV Router 10.0 10.1.5.32.4 10.2 10.1 10.0 10.1 10.4 10.0 10.1.1.1.1.1.INE.1.1.1.2.4 10.104.1.1.INE.111.2 10.4 10.4.4 Age 27 1514 1293 1515 385 1298 1294 387 1517 Seq# 0x80000008 0x80000002 0x80000001 0x80000002 0x80000001 0x80000004 0x80000001 0x80000001 0x80000002 Checksum 0x0055BE 0x005CC0 0x0053C7 0x0018FC 0x00F917 0x008483 0x0022E1 0x00E1FE 0x00206A Type-5 AS External Link States Link ID 10.110.1.1 Age 49 49 49 49 49 49 49 49 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Net Link States (Area 0) Link ID 10.2.1 10.1.4.1.6.4.1.1.4 10.5.6.0 10.4 10.1 10.146.4.3.1.4.0 10.105.146.1 10.1.4 10.4 10.4 10. Inc www.6 ADV Router 10.2.1.1.1.0 10.104.1.4.2.1.4.5.1.4.1.4 10.1.4.1.4.2.1.1.1.4 10.4 10.1.2 10.1.2 10.0 10.1.0 10.0 ADV Router 10.0 ADV Router 10.com OSPF NSSA Verification (cont.2 10.1.4 10.1.4 10.1.5 ADV Router 10.1.4 Age 402 402 402 402 403 403 Seq# 0x80000003 0x80000002 0x80000003 0x80000002 0x80000002 0x80000003 Checksum 0x006869 0x005F70 0x0029A2 0x009629 0x002E8A 0x00F6E9 0x80000003 0x006267 1 0x80000004 0x003E7E 1 0x80000003 0x006132 2 Type-7 AS External Link States (Area 2) Link ID 10.1.1.4 10.1.107.1.0 10.0 10.1.1.4.107.5 Age 1514 401 1527 Seq# Checksum Link Summary Net Link States (Area 2) Link ID 10.0 ADV Router 10.1.2.1.1.105.1.1.4 10.0 10.1.1.4 Age 65 1550 1328 1553 423 1333 1329 424 1554 Seq# 0x80000008 0x80000002 0x80000001 0x80000002 0x80000001 0x80000004 0x80000001 0x80000001 0x80000002 Checksum 0x0055BE 0x005CC0 0x0053C7 0x0018FC 0x00F917 0x008483 0x0022E1 0x00E1FE 0x00206A Type-5 AS External Link States Link ID 10.0 10.2.1.1.4.1.108.1.4 10.5 Age 1550 438 1563 Seq# 0x80000003 0x80000004 0x80000003 Checksum 0x006267 0x003E7E 0x006132 Link count 1 1 2 Net Link States (Area 0) Link ID 10.1.6 Age 384 Seq# Checksum 0x80000005 0x000733 Copyright © 2010 Internetwork Expert.4.23.1.5 ADV Router 10.60.4.2 10.5 Age 1563 Seq# Checksum 0x80000002 0x0041A1 Summary Net Link States (Area 0) Link ID 10.23.1.4.2.111.0 10.4.4 10.1 10.2.) R5#show ip ospf database OSPF Router with ID (10.2 10.4.4 10.4 10.3.111.1.0 10.106.2.1.4.1.60.1.1.245.4.4 10.4 10.5 10.1.1.4.1.110.1.0 10.1.0 10.1.1.1.2 10.1 10.4 10.5 10.0 10.1.1.1.1.0 10.4.245.0 10.1.1.1.105.5 ADV Router 10.1.1.4 10.1.1.4.1.104.1.4.1.4 10.1.1 10.1.1.2.0 10.4.6.4.5.1.4 10.4 10.www.4 10.1 10.6 10.0 10.2 10.1.1.4.0 ADV Router 10.1.4.1.com Copyright © 2010 Internetwork Expert .1.1 10.4.23.108.4 10.1.2 10.INE.4 10.1.1.1.4 10.5.3 10.1.107.1.3.1.1. Inc www.0 10.1.110.4.1.1.2 10.6 10.1.2 10.4.5) (Process ID 1) Router Link States (Area 0) Link ID 10.50.4.1.109.1.2.1.2.) R4#show ip ospf database OSPF Router with ID (10.1.4 10.4.1.0 10.1.32.1.1.1.6 ADV Router 10.2 10.2.5.1.1.1.4.0 10.109.4.5.50.0 10.com OSPF NSSA Verification (cont.1.1.1.

4.www.1.INE.104. Inc www.1.104. & 5 (External) from coming into the area – ABR originates default route Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .1 LS Seq Number: 80000005 Checksum: 0x669E Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 10.4) (Process ID 1) Type-5 AS External Link States LS age: 116 Options: (No TOS-capability. DC) LS Type: AS External Link Link State ID: 10.0 OSPF Router with ID (10.1.1.1.4.0 OSPF Router with ID (10.1 External Route Tag: 0 Copyright © 2010 Internetwork Expert.0 (External Network Number ) Advertising Router: 10.4) (Process ID 1) Type-7 AS External Link States (Area 2) Routing Bit Set on this LSA LS age: 118 Options: (No TOS-capability.INE.1.1. 4 (ASBR).104.1.0 (External Network Number ) Advertising Router: 10.com OSPF Not-So-Totally Stubby Areas • Not-So-Totally Stubby Area logic – Totally Stubby areas block inter-area and external routes from coming from other areas – What if I want to redistribute directly into the totally stubby area itself? – Combine totally stubby and NSSA behaviors • area [area-id] nssa on all routers in the area • area [area-id] nssa no-summary on ABR(s) in the area • Result – Redistributing router in NSSA generates Type 7 external instead of Type 5 – ABR changes Type 7 into Type 5 as it is sent into area 0 – ABR removes LSAs 3 (Inter-Area).) R4#show ip ospf database nssa-external 10.104. Type 7/5 translation.1.4 LS Seq Number: 80000001 Checksum: 0xDB31 Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 20 Forward Address: 10.1. Inc www.com OSPF NSSA Verification (cont. DC) LS Type: AS External Link Link State ID: 10.1.1.4.1.INE.1 External Route Tag: 0 R4#show ip ospf database external 10.

1. 00:04:43.60. M .1. FastEthernet0/0 O*IA 0.109.6.6.1.5.1.4.106.1.OSPF external type 2 i .candidate default. 00:00:10.146.146.0.0.1.111. 2 masks C 10. FastEthernet0/0 Copyright © 2010 Internetwork Expert. Loopback104 C 10.0/24 is directly connected.1/24 R4 S0/0/0 10.0/24 is directly connected. Inc www. FastEthernet0/0 O 10.146.1.1. Loopback109 C 10. su .0/24 is directly connected. N2 .0/24 is directly connected.1.1/24 Lo109 10.mobile.1.IS-IS inter area.0/24 VLAN 146 R1 Lo104 10.0. L2 .146.OSPF.IS-IS summary.0/24 VLAN 6 Lo0 10.1.com Copyright © 2010 Internetwork Expert .BGP D .1.4/32 [110/2] via 10.1. FastEthernet0/0 O 10. B .EIGRP.0/24 is directly connected.IS-IS level-2 ia .108.OSPF NSSA external type 2 E1 . Loopback105 C 10.107. P .1.5/24 Area 0 R3 Fa0/0 10.INE.1/24 Lo111 10.INE.0.com Not-So-Totally Stubby Config & Verification R1# router ospf 1 area 2 nssa redistribute connected subnets R4# router ospf 1 area 2 nssa no-summary R6# router ospf 1 area 2 nssa R1#show ip route Codes: C .2.connected.1/24 Lo107 10.1.0/24 [110/2] via 10.OSPF external type 1. O .IS-IS.1.1. FastEthernet0/0 C 10.1.105.4.104.1.107.0/24 Fa0/0 40 5 5 504 502 S0/0/0 20 Lo0 10.1.0.108.245.1.6.0/24 is directly connected. Loopback110 C 10. Inc www.INE.3/24 Lo0 10.0/24 is directly connected. IA .1/24 Lo106 10.104.3.23.111.0/24 VLAN 23 Area 1 R2 Fa0/0 S0/0 Copyright © 2010 Internetwork Expert.1.0/8 is variably subnetted.0/24 is directly connected.1.1.com OSPF Not-So-Totally Stubby Example 10.EIGRP external.60.1. EX . 00:04:43.1. 00:04:43.1/24 Lo105 10. E2 .0 10.1.106.per-user static route o .1.109.0/24 is directly connected.OSPF NSSA external type 1. Loopback111 C 10. R .OSPF inter area N1 . Loopback0 O 10.RIP.1/24 Lo110 10.1. * .4.105.1.0/0 [110/2] via 10.6.146.110.1/24 Lo108 10. S .1.146.0/24 VLAN 5 10.146.www.ODR.1.IS-IS level-1.1. L1 .1.1/24 Fa0/0 10.4/24 Lo0 10.50.1. 13 subnets.1.6/32 [110/2] via 10.periodic downloaded static route Gateway of last resort is 10.0.static.2/24 R5 Lo0 10.4.6/24 Fa0/1 R6 Fa0/0 Not-So-Totally Stubby Area Area 2 Fa0/0 Lo0 10.4 to network 0. Loopback108 C 10.1.1.1. Loopback107 C 10. Loopback106 C 10.110. U .0/24 is directly connected.

245.245.3. FastEthernet0/0 O N2 10.1.6.1.1.1.111.146.106.105.1.1.1. FastEthernet0/0 O*IA 0.6. Serial0/0 O IA 10. 00:00:20.4/32 [110/2] via 10.111. FastEthernet0/0 O N2 10.1.1.0/24 [110/20] via 10. 00:06:32.6/32 [110/2] via 10.1. 00:00:20.0/24 [110/20] via 10.0/24 [110/20] via 10.108.1. Serial0/0 O IA 10.4. Serial0/0 O IA 10.1.1.1.146. 00:06:32.146.1.105.0/8 is variably subnetted.146.146.0/24 [110/20] via 10.4.245.1.1.1. FastEthernet0/0 O N2 10.4.1.106.1. 00:00:20.0/24 [110/20] via 10.1.1.104.245. Serial0/0 O IA 10. Serial0/0 O E2 10.1. 00:04:41.6.4.0/24 [110/20] via 10. 00:00:20. Serial0/0 O E2 10. FastEthernet0/0 O 10. Serial0/0 O IA 10. FastEthernet0/0 O N2 10.1.146.245.146.5.4. 00:04:41.4.1. 00:00:20.1/32 [110/2] via 10.1. Serial0/0 O IA 10. 00:06:33.5.4.4. 00:00:11.1/32 [110/66] via 10. 00:06:37.1.1.0/24 [110/20] via 10. 00:12:45.1.0/24 [110/20] via 10.146.245.146.1. FastEthernet0/0 O IA 10.146.1.146.1.1.1. 00:00:20.0/24 [110/65] via 10.2.0/24 [110/20] via 10. FastEthernet0/0 O N2 10.146. FastEthernet0/0 O N2 10. FastEthernet0/0 O N2 10.245. Serial0/0 O 10. Serial0/0 O E2 10. 00:00:22. FastEthernet0/0 O N2 10.1.1.108.245.245.1.0/8 is variably subnetted. Inc www.INE.3.1.1.1.1.com Not-So-Totally Stubby Verification (cont.1.1.1.4.com Not-So-Totally Stubby Verification (cont.com Copyright © 2010 Internetwork Expert . 00:12:45. 00:06:33.5.104.1.245.1.110. Serial0/0 O E2 10. 00:00:16. Serial0/0 O E2 10.1.) R6#show ip route ospf 10. 3 masks O 10.0/24 [110/20] via 10.2. 00:00:11.1.0.146.1.1.1.245.1.0/24 [110/20] via 10. FastEthernet0/0 O N2 10.105.0/24 [110/20] via 10.1.1.109.1.1.146.0/24 [110/65] via 10.2/32 [110/65] via 10.60. 2 masks O 10.109.0.108. 00:00:11.110.1. 00:06:32. Serial0/0 O E2 10.104. Inc www.1.0. FastEthernet0/0 R4#show ip route ospf 10.0/24 [110/20] via 10.1.4. 00:00:22.110.107.1.1.2.0.146. FastEthernet0/0 O E2 10.2.1.1.245.1.146.1.1. Serial0/0 O 10.0/24 [110/20] via 10.1. 20 subnets.0. 00:12:45.1.INE. Serial0/0 O IA 10.1.0/24 [110/20] via 10. FastEthernet0/0 O N2 10.2.1. 00:00:20. 00:12:46.1.107.1.245.www.0/22 [110/66] via 10. FastEthernet0/0 O N2 10.1.0/24 [110/20] via 10.245.245.1.60.4.1.1.) R5#show ip route ospf 10.1. FastEthernet0/0 Copyright © 2010 Internetwork Expert. 00:00:11. 00:00:11.106. Serial0/0 O IA 10. 3 masks O IA 10.109.1.1.4.146.1.1.0/8 is variably subnetted. Serial0/0 O IA 10.0/24 [110/20] via 10. 20 subnets.23.4.4.0.245.0/0 [110/2] via 10.107.1.2. 00:00:11. 00:00:20.1.245.146.245.146.245. 00:06:32.6/32 [110/66] via 10.4.1. FastEthernet0/0 O N2 10. FastEthernet0/0 O N2 10. Serial0/0 Copyright © 2010 Internetwork Expert.23.3/32 [110/66] via 10.0/24 [110/65] via 10.0/24 [110/20] via 10. Serial0/0 O IA 10.245. Serial0/0 O N2 10.1.1.1. 00:00:20. 00:12:35.245. 00:00:11.1. 00:12:35. 00:00:20.1.1.2/32 [110/65] via 10.32.1.INE.1.2.111. 00:00:20. 00:06:32. FastEthernet0/0 O N2 10.1.1/32 [110/2] via 10.146.0/24 [110/20] via 10.32. 00:06:32.50.0/22 [110/66] via 10.1.1. 00:00:11.0/24 [110/20] via 10.146.1. FastEthernet0/0 O N2 10.0/24 [110/2] via 10. 00:00:20.1.0/24 [110/20] via 10.1.1. 00:00:20.1.1.0/24 [110/20] via 10.0.3/32 [110/66] via 10. 00:00:22.0.1.2. 00:12:45.1. 13 subnets.1.5/32 [110/65] via 10. Serial0/0 O IA 10.4/32 [110/65] via 10.0/24 [110/66] via 10.2. FastEthernet0/0 O 10.146. Serial0/0 O E2 10.0/24 [110/20] via 10.4.0/24 [110/20] via 10.4.1.146.245.1. Serial0/0 O E2 10. 00:00:20.1.1.6. 00:12:45.245.1.1.0/24 [110/20] via 10.2.

1.1 10.1.0.1.1.1 10.1.1.105.1.1.1.1 10.0 10.1 Age 432 432 432 433 433 433 433 433 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.1.6.106.1.109.1.0 10.1.1 10.INE.6.1 10.www.6.1.1.0.1.1.146.) R6#show ip ospf database OSPF Router with ID (10.1 10.0 10.1.1.1.104.111.0 10.4.4 10.6 ADV Router 10.1.104.1.1 10.1.1.0.1.1.0 10.1.6) (Process ID 1) Router Link States (Area 2) Link ID 10.1.1.108. Inc www.0 10.108.com Not-So-Totally Stubby Verification (cont.146.4 10.1 10.6 Age 436 597 779 Seq# 0x8000000B 0x80000007 0x80000005 Checksum 0x00A7FE 0x00F79C 0x00B77B Link count 2 2 3 Net Link States (Area 2) Link ID 10.0 10.6.4.4 10.1.110.1.1.6 ADV Router 10.1.1 10.6 Age 768 Seq# Checksum 0x80000005 0x000733 Summary Net Link States (Area 2) Link ID 0.1) (Process ID 1) Router Link States (Area 2) Link ID 10.0 10.1.107.0 ADV Router 10.0 10.1.1 10.1.0 10.0.0 ADV Router 10.INE.1.1. Inc www.1.1.1.1.105.1.1.1.1.4 Age 167 Seq# Checksum 0x80000001 0x00A280 Type-7 AS External Link States (Area 2) Link ID 10.1.109.1.1.1.1 10.1.6.1.1 10.1.107.1 Age 440 440 440 441 441 441 441 441 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.106.1.6 Age 774 Seq# Checksum 0x80000005 0x000733 Summary Net Link States (Area 2) Link ID 0.4 10.1 10.1 10.1.1.1.) R1#show ip ospf database OSPF Router with ID (10.1.1.4.4.1.1.0 10.com Not-So-Totally Stubby Verification (cont.1 10.1 10.com Copyright © 2010 Internetwork Expert .1.1.1.1.1.0 10.0 ADV Router 10.1.6.111.4 Age 160 Seq# Checksum 0x80000001 0x00A280 Type-7 AS External Link States (Area 2) Link ID 10.6 ADV Router 10.INE.1.110.0 ADV Router 10.6 Age 428 591 773 Seq# 0x8000000B 0x80000007 0x80000005 Checksum 0x00A7FE 0x00F79C 0x00B77B Link count 2 2 3 Net Link States (Area 2) Link ID 10.1.1 10.1.6 ADV Router 10.1 10.1.1.6.0 10.0 10.4.4.1.

4.4.1.1.0 10.4 10.4 10.4.1.4.4.104.2 10.4 10.) R5#show ip ospf database OSPF Router with ID (10.4.1.2.2 10.4 Age 1930 439 439 439 439 439 439 440 440 Seq# 0x80000002 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 Checksum 0x008BC1 0x00DB31 0x00D03B 0x00C545 0x00BA4F 0x00AF59 0x00A463 0x00996D 0x008E77 Tag 0 0 0 0 0 0 0 0 0 Router Link States (Area 2) Link ID count 10.com Not-So-Totally Stubby Verification (cont.4.4 10.4 10.6 Age 784 Seq# Checksum 0x80000005 0x000733 Summary Net Link States (Area 2) ADV Router 10.0 10.5) (Process ID 1) Router Link States (Area 0) Link ID 10.1.2.4 10.4 10.1.1.1.245.1.5 ADV Router 10.0 10.1.6 ADV Router 10.1.4 10.0 10.32.1.1.1.6.4.4 10.2.0 10.4 10.1.1.0 10.4.1.1 10.4.5 10.104.1.1.32.1.1.1.) R4#show ip ospf database Net Link States (Area 2) OSPF Router with ID (10.1 10.1.5.1.0.2 10.108.1 Age 449 450 450 450 450 450 450 450 Seq# 0x80000005 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 0x80000003 Checksum 0x00669E 0x005FA6 0x0054B0 0x0049BA 0x003EC4 0x0033CE 0x0028D8 0x001DE2 Tag 0 0 0 0 0 0 0 0 Summary Net Link States (Area 0) Link ID 10.1.4.0 10.1.4 10. Inc www.4.1.1.5 ADV Router 10.1.1.4 10.4.1 10.5.109.2.4 10.0.0 10.1.4 10.4 10.2 10.0 10.105.1.1.4.105.0 10.1.4 10.1.111.4.0 ADV Router 10.4 10.1.1.1.50.4 10.4.INE.2.2 10.1.1.1.6.1.1.0 10.4.4.6.1.0 10.0 Link ID 10.1.1 10.2 10.4 10.4 Age 1963 474 474 474 474 474 474 474 474 Seq# 0x80000002 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 Checksum 0x008BC1 0x00DB31 0x00D03B 0x00C545 0x00BA4F 0x00AF59 0x00A463 0x00996D 0x008E77 Tag 0 0 0 0 0 0 0 0 0 Copyright © 2010 Internetwork Expert.6.www.1.1.3.106.0 10.0 10.108.0 ADV Router 10.5 ADV Router 10.4 10.1.109. Inc www.1.1.2 10.0 10.4.1.1.146.1 10.146.1.4.1 10.1.4 10.1.4.0 10.0 10.1.1.107.3 10.1.1.4.2 10.1.1.1.0 10.1.INE.1.1 10.1.1.5 Age 1949 837 1962 Seq# 0x80000003 0x80000004 0x80000003 Checksum 0x006267 0x003E7E 0x006132 Link count 1 1 2 Net Link States (Area 0) Link ID 10.106.1.5 10.1.1.1.2 10.1.1.4 Age 464 1949 1727 1952 822 1732 1728 823 1953 Seq# 0x80000008 0x80000002 0x80000001 0x80000002 0x80000001 0x80000004 0x80000001 0x80000001 0x80000002 Checksum 0x0055BE 0x005CC0 0x0053C7 0x0018FC 0x00F917 0x008483 0x0022E1 0x00E1FE 0x00206A Type-5 AS External Link States Link ID 10.1.111.1.1.com Copyright © 2010 Internetwork Expert .4.1.6 ADV Router 10.110.106.0 10.50.4.0 10.23.0 10.6 10.1.0 ADV Router 10.107.23.4 10.1.107.4.105.5.6.1.1.3.1.5 Age 1962 Seq# Checksum 0x80000002 0x0041A1 Summary Net Link States (Area 0) Link ID 10.1.2.4.245.4.1.6 Age 445 605 789 Seq# Checksum Link 0x8000000B 0x00A7FE 2 0x80000007 0x00F79C 2 0x80000005 0x00B77B 3 Copyright © 2010 Internetwork Expert.4 10.0 ADV Router 10.1 10.5 Age 1915 801 1928 Seq# Checksum Link Link ID 0.1 10.1.4.1.60.5.1.4 10.0 10.110.2.111.4.1.1.0 10.1.4.2 10.2.1.1.110.2.1.4.5.1.4 10.5.1.60.1.5 ADV Router 10.4 10.1.1.1 10.2.com Not-So-Totally Stubby Verification (cont.108.1.1.1.1.2 10.2.1.2.2.2 10.0 10.146.1.4.4 10.INE.1.0 10.1.5.1.1.4.4 Age 175 Seq# Checksum 0x80000001 0x00A280 0x80000003 0x006267 1 0x80000004 0x003E7E 1 0x80000003 0x006132 2 Type-7 AS External Link States (Area 2) Net Link States (Area 0) Link ID 10.1.3 10.1.4.1.4 10.6 10.5.4.1.1.0 ADV Router 10.1.1.2 10.1.109.1 10.1.0 10.5 Age 1928 Seq# Checksum 0x80000002 0x0041A1 Link ID 10.1.1.1.0 10.1.4 Age 428 1915 1693 1916 786 1698 1695 788 1918 Seq# 0x80000008 0x80000002 0x80000001 0x80000002 0x80000001 0x80000004 0x80000001 0x80000001 0x80000002 Checksum 0x0055BE 0x005CC0 0x0053C7 0x0018FC 0x00F917 0x008483 0x0022E1 0x00E1FE 0x00206A Type-5 AS External Link States Link ID 10.1.4 10.0 10.1.1.4) (Process ID 1) Router Link States (Area 0) Link ID count 10.1.0 10.4.4 10.2.1.2 10.1.1.5.104.

if link to ISP is down.INE. do not originate default Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .com OSPF Default Routing • OSPF stub areas’ ABR(s) automatically generate a default route into the stub area – NSSA exception • Normal routers can generate a default route with… – Redistribution – default-information originate [always] [routemap name] • If always keyword is omitted.www.com Controlling NSSA Redistribution • What if I redistribute on the ABR of the NSSA itself? – ABR is now also and ASBR • Type 5 sent into area 0 • Type 7 sent into NSSA • Type 7 generation can be suppressed with area [area-id] nssa noredistribution [no-summary] on ABR/ASBR Copyright © 2010 Internetwork Expert.g.INE. Inc www. Inc www.INE. default must exist in local routing table before being generated – Used in designs where with multiple default exit points • Route-map used for condition checking – e.

5.4.0/24 [110/2] via 10. FastEthernet0/0 O 10.5. 00:10:24. Serial0/0 O IA 10.0. Serial0/0 O 10.23.0/0 [110/50] via 10.1. 00:10:22.5.0/24 [110/20] via 10.3. Serial0/0 O E2 10.110. Serial0/0 O E2 10.1.4. Inc www.245.1.33.245.32.1.105.1.3.4. FastEthernet0/0 O 10.0/24 [110/2] via 10.50.1. Serial0/0 O 10. Serial0/0 O*E2 0.245.245.4.0/24 [110/2] via 10. OSPF supports adjacency authentication to protect control plane • Every packet header includes authentication information – e.60.1.245. Hello.4.1. 00:25:49.1.4.4.245. 00:10:22.23.6.0/8 is variably subnetted. 00:25:49. FastEthernet0/0 O 10. Serial0/0 O E2 10.4.1/32 [110/66] via 10. LSU.INE.1.1. FastEthernet0/0 O 10.1. 00:16:26.0. Serial0/0 O E2 10. 00:25:49. 00:16:36.3/32 [110/2] via 10.0.245.1.107.0/24 [110/66] via 10.1.23. 3 masks O IA 10. Null0 O IA 10. Serial0/0 O E2 10.1.245.1.g.4.0/22 is a summary.0/24 [110/2] via 10.1.0/24 [110/20] via 10. 00:10:24.com OSPF Authentication • Like EIGRP.0/24 [110/20] via 10.4.106.1.com OSPF Default Routing Example R5#sh run | s router ospf default-information originate always metric 50 R2#show ip route ospf 10. 00:16:36.1.0/24 [110/20] via 10.1.1. LSR • Three types of authentication – Type 0 – Null – Type 1 – Simple Password – Type 2 – Cryptographic (MD5) Copyright © 2010 Internetwork Expert.109.0/24 [110/20] via 10. 00:16:37.5/32 [110/65] via 10. Serial0/0 O 10.104.245.23.1.0/24 [110/20] via 10.35.3. Serial0/0 O E2 10.245. 00:10:24.3.0/24 [110/65] via 10. Serial0/0 O E2 10.1.108.1.1.1.1.4/32 [110/65] via 10.245.245.1. 00:10:27.3. Serial0/0 Copyright © 2010 Internetwork Expert.23.34. Inc www.1.1.245. 00:16:26.0. 00:10:24.0/24 [110/20] via 10.1.1.1. 24 subnets.245.245.INE. 00:10:22.1.146.0/24 [110/20] via 10.com Copyright © 2010 Internetwork Expert .1. Serial0/0 O IA 10.3. 00:25:49.111. FastEthernet0/0 O IA 10. 00:00:04. 00:25:49.www.0/24 [110/20] via 10.4.4.1.1.INE.4. Serial0/0 O E2 10. 00:10:24.1.1.5. Serial0/0 O E2 10.1.6/32 [110/66] via 10.245. 00:25:49.32.4.1.1.1. 00:10:24.

Cost: 1 Transmit Delay is 1 sec. Router ID 10. State DR.23.com Implementing OSPF Authentication • OSPF authentication can be enabled on… – All local links in the area • area [area-id] authentication [messagedigest] – Per link basis • ip ospf authentication [null|message-digest] • Password always configured on the link – ip ospf authentication-key [password] – ip ospf message-digest-key [key-id] md5 [password] • Key ID’s must match for MD5 authentication Copyright © 2010 Internetwork Expert.1. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0.com OSPF Simple Authentication Example R2# interface FastEthernet0/0 ip ospf authentication-key CISCO ! router ospf 1 area 1 authentication R3# interface FastEthernet0/0 ip ospf authentication ip ospf authentication-key CISCO R3#show ip ospf neighbor Neighbor ID 10.com Copyright © 2010 Internetwork Expert .www.2 Timer intervals configured.3/24. Hello 10.2 Pri 1 State FULL/BDR Dead Time 00:00:35 Address 10.1. Wait 40.2.3. Area 1 Process ID 1.1. Inc www. Network Type BROADCAST.1.2 (Backup Designated Router) Suppress hello for 0 neighbor(s) Simple password authentication enabled Copyright © 2010 Internetwork Expert. maximum is 4 msec Neighbor Count is 1.1.3. Priority 1 Designated Router (ID) 10. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:07 Supports Link-local Signaling (LLS) Index 3/3.INE. maximum is 8 Last flood scan time is 0 msec. Interface address 10.2.23. Inc www.1. line protocol is up Internet Address 10.23.3.1.INE.1.2. Interface address 10. Adjacent neighbor count is 1 Adjacent with neighbor 10.2.23.3.INE. Dead 40.1.3 Backup Designated router (ID) 10.2 Interface FastEthernet0/0 R3#show ip ospf interface Fa0/0 FastEthernet0/0 is up.

1.4.g.com OSPF MD5 Authentication Example R1# interface FastEthernet0/0 ip ospf message-digest-key 1 md5 CISCO ! router ospf 1 area 1 authentication message-digest R4# interface FastEthernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 CISCO R6# interface FastEthernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 CISCO R6#show ip ospf neighbor Neighbor ID 10.6.1. Area 2 Process ID 1. Cost: 1 Transmit Delay is 1 sec. retransmits. line protocol is up Internet Address 10. Wait 40. Inc www.4 Interface FastEthernet0/0 FastEthernet0/0 R6#show ip ospf interface Fa0/0 FastEthernet0/0 is up.1.1. Interface address 10.146.1.146.4 Pri 1 1 State FULL/DROTHER FULL/BDR Dead Time 00:00:17 00:00:39 Address 10. etc.1.com OSPF Tuning • OSPF database calculation & lookup times a function of hardware – e.6/24.1 10. Retransmit 5 oob-resync timeout 40 Hello due in 00:00:09 Supports Link-local Signaling (LLS) Index 3/3.6.4. maximum is 4 msec Neighbor Count is 2.4 (Backup Designated Router) Suppress hello for 0 neighbor(s) Message digest authentication enabled Youngest key id is 1 Copyright © 2010 Internetwork Expert. faster CPU. Dead 40. Hello 10.INE.1. etc.1 10.com Copyright © 2010 Internetwork Expert . Interface address 10.6.4.INE.1.4 Timer intervals configured.4. run SPF.1. Adjacent neighbor count is 2 Adjacent with neighbor 10.INE. Inc www. flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0.6 Backup Designated router (ID) 10.1.www.1 Adjacent with neighbor 10. more memory.146. Router ID 10. Priority 1 Designated Router (ID) 10. maximum is 14 Last flood scan time is 0 msec. State DR.6.1. Copyright © 2010 Internetwork Expert.1. faster lookups • Resource needs can be lowered through – Areas for flooding domain segmentation – Summarization – Stub areas • Further optimization through timers – Hello & dead timers • Faster neighbor down detection – Pacing timers • How long do I wait between updates. – Throttling timers • How often do I generate LSAs. Network Type BROADCAST.146.1.146.1.

INE.INE.com OSPF Q&A Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .www. Inc www.

com Copyright © 2010 Internetwork Expert .INE.INE.com Internetwork Expert’s CCNP Bootcamp Border Gateway Protocol (BGP) http://www.INE.com What Is BGP? • Border Gateway Protocol Version 4 • Standards based – RFC 4271 “A Border Gateway Protocol 4 (BGP-4)” • Exterior Gateway Protocol (EGP) – Used for inter-domain routing between Autonomous Systems • Path vector routing – Uses multiple “attributes” for routing decision • Classless – Supports VLSM and summarization Copyright © 2010 Internetwork Expert. Inc www.www.

65535 notation – 0.INE.INE.0 – 65535.com Why Use BGP? • Scalability – IGPs can scale to thousands of routes – BGP can scale to hundreds of thousands of routes – Current Global (Internet) BGP table ~ 300. Inc www. Autonomous System Numbers (ASNs) allocated by Internet Assigned Numbers Authority (IANA) – http://www.com Copyright © 2010 Internetwork Expert . and using an inter-AS routing protocol to determine how to route packets to other ASes.000 routes • Stability – Internet routing table never converges – BGP stable enough to handle routing and decision making at the same time • Enforce routing policy – IGP uses link cost for routing decision • Effective traffic engineering nearly impossible with IGP – BGP uses attributes of the route itself • Traffic engineering feasible and simple to implement Copyright © 2010 Internetwork Expert. using an interior gateway protocol (IGP) and common metrics to determine how to route packets within the AS.” (RFC 4271) • Like IP address space.[0-65535] denote original 2-byte ASNs Copyright © 2010 Internetwork Expert.org/numbers/ • BGP ASNs originally 2-byte field – Values 0-65535 • RFC 4893 defines 4-byte ASNs – 0.www.com Inter-AS Routing and ASNs • Autonomous System (AS) – “…a set of routers under a single technical administration.INE.iana. Inc www.

INE.INE. Inc www.com Copyright © 2010 Internetwork Expert .INE. Inc www.com Who Needs BGP? • Transit networks – SPs that sell access or transit bandwidth to customers – Need full routing table to make accurate decisions – Should not use default routing • Multihomed networks – Enterprise networks with two or more connections to ISPs – Allows control of inbound and outbound routing policy Copyright © 2010 Internetwork Expert.www.com Example Transit Network Copyright © 2010 Internetwork Expert.

Inc www.INE. Inc www.com When not To Use BGP • Single ISP connectivity – Default routing sufficient • Limited memory and/or CPU resources – Global table needs ~ 1GB of memory just for storage • If you don’t “own” your IPv4 addresses – ISP advertises “their” address space on your behalf – Red tape involved with getting PI address space and BGP ASN Copyright © 2010 Internetwork Expert.www.com Example Multihomed Network Internet ISP 1 AS 1000 ISP 2 AS 2000 Customer 1 AS 100 Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert .INE.

Inc www. BGP uses a three table data structure • Neighbor table – List of active adjacencies called “peerings” • BGP table – All prefixes learned from all peers • IP Routing table – The “best” routes from the BGP table actually used for routing Copyright © 2010 Internetwork Expert.www.com Copyright © 2010 Internetwork Expert .INE.INE.com BGP Data Structure • Like EIGRP/OSPF/IS-IS. Inc www.com How BGP Works • Establish BGP peerings to build neighbor table • Exchange updates to build BGP table • Choose BGP bestpaths to build routing table Copyright © 2010 Internetwork Expert.INE.

239 4 5459 2386544 44575 14808445 195.1.249.193 4 3356 2713078 73873 14808442 12.com Example Global BGP Table route-views. main routing table version 14808442 311034 network entries using 41056488 bytes of memory 9577818 path entries using 498046536 bytes of memory 1570690/56881 BGP path/bestpath attribute entries using 232462120 bytes of memory 1359127 BGP AS-PATH entries using 36934358 bytes of memory 20032 BGP community entries using 1333024 bytes of memory 29 BGP extended community entries using 1406 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 809833932 total bytes of memory Dampening enabled.184.181.85.71.0.130.223.86 66.32.98.96.210.171 4 2914 6505329 145526 14808442 134.75.0.15 194. 4650 history paths.51.56 4 3333 9431113 145515 14808445 193.1 202.32.250.252.255.0.116.0.106.10 4 3257 3433546 456 14808442 114.INE.internal.125.24.221 216.62.0.incomplete Network *> 1.85.oregon-ix.199.10.128.241. r RIB-failure.6.55 4 3277 5820626 73573 14808445 194.222.0 * * * * * * * * * * * * * * * * * * * * * * *> * * * * * * * * * * <output omitted> Next Hop 207.0.11.87.4.15 4 3267 4453220 73832 14808445 195.250.66.56 208.193 12.254 157. scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer 4.40.0 * 3.248.69. h history.INE.11.134.233 64.232.253.66. 53516863/43920540 paths.61 203.87.223.178.245.1. * valid.net>show ip bgp BGP table version is 14808445.34 194.55 129. e .218.233 4 701 3958967 145494 14808442 164.1 217.48 4 1668 2439262 73872 14808442 89.0.11.11.251.232.252.128.61 4 812 4340316 65169 14808442 64. > best.34 129.85.60 65.106.128.11 207.96.250.139 4 2828 3331717 73873 14808442 66.11 4 2914 6481745 145499 14808442 129.253.1 4 4826 3203817 73809 14808442 128.20 207.228.6 4 5511 0 0 0 194.128.103.102 202.98.51.113 66.2 134.net>show ip bgp summary BGP router identifier 128.0.225 4 852 3483572 73875 14808442 157.10 207.149.96.185.81 4 1239 0 0 0 154.63 206. ? .31.IGP.239 4 6453 4064203 44474 14808445 <output omitted> InQ OutQ Up/Down 0 0 4w4d 0 0 4w4d 0 0 2w2d 0 0 never 0 0 1w3d 0 0 7w4d 0 0 3w4d 0 0 3w0d 0 0 3w4d 0 0 4d23h 0 0 4w2d 0 0 14:59:04 0 0 5w3d 0 0 never 0 0 3w4d 0 0 3w4d 0 0 2w1d 0 0 7w4d 0 0 2w1d 0 0 2w0d 0 0 never 0 0 13:53:44 0 0 07:02:15 0 0 7w4d 0 0 3w3d State/PfxRcd 287263 288299 288960 Active 288575 289238 288084 288743 290129 289837 289026 289026 289366 Active 272660 272659 288026 113860 12109 292853 Active 292248 292385 200134 288282 Copyright © 2010 Internetwork Expert.203.7.186 4.4. local AS number 6447 BGP table version is 14808442.164 195.103 Status codes: s suppressed.190.250.223.0.244 195.11 203.8 164.172.11.245 193.32. Inc www.225 207.137 4 6461 0 0 0 65.10.7.com Example Global BGP Neighbor Table route-views.1 154.69.11 4 3303 1396623 44575 14808442 192.7.106. Inc www.222.223.219.149.59.0.6.INE.www.172.178.239 Metric LocPrf Weight 0 0 0 368 0 0 0 0 0 0 0 3 0 0 0 0 2500 0 0 0 0 10 0 0 0 0 0 0 0 511 0 0 0 0 0 293 0 0 0 0 0 0 0 0 0 0 0 0 Path 8075 8069 4538 i 3267 6453 9304 80 i 3277 3267 6453 9304 80 i 2914 9304 80 i 3582 4600 11537 15412 9304 80 i 3303 2914 9304 80 i 6079 2914 9304 80 i 16150 15412 9304 80 i 2828 2914 9304 80 i 2905 701 2914 9304 80 i 3333 3356 15412 9304 80 i 3549 2914 9304 80 i 701 2914 9304 80 i 812 6453 9304 80 i 7660 4635 9304 80 i 3257 6453 9304 80 i 6079 2914 9304 80 i 6453 9304 80 i 6453 9304 80 i 852 15412 9304 80 i 1668 6453 9304 80 i 4826 3356 15412 9304 80 i 852 15412 9304 80 i 8075 15412 9304 80 i 2914 9304 80 i 1221 4637 9304 80 i 3356 15412 9304 80 i 7018 2914 9304 80 i 3561 2914 9304 80 i 2497 2914 9304 80 i 286 15412 9304 80 i 7500 2497 2914 9304 80 i 6539 15412 9304 80 i 6939 15412 9304 80 i 5459 15412 9304 80 i Copyright © 2010 Internetwork Expert.51.46.221 4 6539 2199436 73908 14808442 66.40.EGP.184.223.0.239 154.11.32.0.59.0.31.1 4 286 4507669 452 14808442 144. 13012 dampened paths BGP activity 533254/216360 prefixes. local router ID is 128.130.48 114.255.113 4 852 3183907 73875 14808442 154.45.190.139 196. d damped.253 4 22388 306757 44577 14808445 193.232.63 4 7018 7838671 44558 14808442 64.185.85.oregon-ix.0.71.199.0. S Stale Origin codes: i .0.168 89.46. i .2.8 4 3582 3102763 145590 14808442 129.com Copyright © 2010 Internetwork Expert .171 128.219.

187.130.89.168.62.OSPF inter area N1 .252.208. 2w0d 205.218.238.EIGRP.119.74.5.170.0/24 [20/0] via 157. E2 .IS-IS inter area. L1 .17.0/24 [20/0] via 207.233.1 to network 0.17.221.17.EIGRP external.0/24 [20/0] via 157.IS-IS summary.7.233.153.BGP D .184.0/24 [20/0] via 4.0.130.51.net>show ip route Codes: C .51.INE.99. * . 4w3d B 194.0/24 [20/0] via 216.221.0.255. EX . 3w1d B 202.IS-IS.0/24 [20/0] via 203. M .102.255.IS-IS level-1. 4w4d 210.0/24 [20/0] via 4. 14:17:04 B 198.17. 2w5d 209.10.37.186.218.OSPF external type 1.184.193.222.69.0/16 is variably subnetted.0/24 [20/0] via 164.OSPF NSSA external type 2 E1 .0 B B B B B B B B B B B B 216.238.164.232.37. 1d12h B 193.159.218.www.46. 4w0d 203.139.164.218.164.0/24 [20/0] via 195.52.221. O .218. 4w1d B 193.34. first step in BGP is to find neighbors to exchange information with • Unlike IGP… – BGP does not have its own transport • Uses TCP port 179 – BGP neighbors are not discovered • Manually configured via neighbor statement – BGP neighbors do not have to be connected • IGP is always on a link-by-link basis • BGP is a logical peering over TCP • Implies that BGP always needs IGP underneath – BGP has different types of neighbors • External BGP vs. 3w4d B 203.candidate default.136.34.210. U .193.91.32.11.238.225.34.128/27 [20/0] via 203.252.0/24 [20/0] via 216.184.164.com Establishing BGP Peerings • Like IGP.186.233.252.240.OSPF.32.252.153.0.0/24 [20/0] via 66. 1d12h 216.69.170.0/24 [20/0] via 157.periodic downloaded static route Gateway of last resort is 128.66. S .59.238.37.INE.IS-IS level-2 ia .0/24 [20/0] via 157. 2w5d B 203.252.17.252.87.181.69.218.128.193.239.132.mobile.184.0/24 [20/0] via 207.252.233.32. 2d12h B 194.0/24 [20/0] via 4.0/24 [20/0] via 4.0/24 [20/0] via 4.34. R .193.252.233.83.0/24 [20/0] via 206. L2 .0/24 [20/3] via 65.204. 1w3d B 194.0/24 is variably subnetted. su .252.68.184. Internal BGP Copyright © 2010 Internetwork Expert.0/24 [20/0] via 216. N2 .215.0/24 [20/0] via 203.164.34. Inc www.243.130.69. 1d09h 204.194.connected. 2w3d B 203.10.69.193.ODR.10. 7w0d 170.97.164.INE.136.per-user static route o .com Example BGP Routing Table route-views. 2w3d B 203.167. B .96/27 [20/0] via 203. 2w4d 203.68.32.1. 2w6d B 194. 2d18h 204.oregon-ix.62.OSPF NSSA external type 1.0/24 [20/0] via 216. 2w5d B 202.10.62. 3 masks <output omitted> Copyright © 2010 Internetwork Expert. 4w4d B 203. 1w4d 210.85. Inc www. 2 masks B 203.34.69.193. 3 subnets. IA . 2w1d 204.221.37. 2w3d B 192.218.51.static.24.0.com Copyright © 2010 Internetwork Expert .1.OSPF external type 2 i .248.0/24 [20/0] via 134.130.102. 1d09h 209.106.RIP.184.46.34.0/24 [20/0] via 207.0/24 [20/0] via 4.134. 4w4d B 202.46.238. 2w1d 204.190.0/24 [20/0] via 216.186. 3 subnets.223.189. P .0/24 [20/0] via 216.

Inc www.com Copyright © 2010 Internetwork Expert .INE.com BGP Packet Formats • Peering establishment and maintenance uses four types of packets – OPEN – KEEPALIVE – UPDATE – NOTIFICATION Copyright © 2010 Internetwork Expert. Inc www.www.INE.INE.com BGP OPEN Message • Used to negotiate parameters for peering • Includes… – BGP version • Should be 4 – Local ASN – Local Router-ID – Hold time • Negotiated to lowest requested value – Options • AKA “capabilities” Copyright © 2010 Internetwork Expert.

keepalives disabled Copyright © 2010 Internetwork Expert.com BGP KEEPALIVE Message • Used for dead neighbor detection • If hold time = 0.INE. Inc www.com BGP UPDATE Message • Used to advertise or withdraw a prefix • Includes – Withdrawn routes • List of routes that should be discarded – NLRI • Route being advertised – Path vector attributes • Attributes of route being advertised • Used for bestpath selection Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .INE.INE.www. Inc www.

com BGP NOTIFICATION Message • Used to convey error messages • After notification sent.INE.com Copyright © 2010 Internetwork Expert . BGP session closed • Examples – Unsupported Version Number – Unsupported Optional Parameter – Unacceptable Hold Time – Hold Timer Expired Copyright © 2010 Internetwork Expert. parameters agreed upon • Established – Peering complete Copyright © 2010 Internetwork Expert.com BGP Peering State Machine • BGP state machine tracks peering establishment • Idle – Waiting to start 3-way handshake • Connect – Waiting to complete 3-way handshake • Active – 3-way handshake failed.INE. OPEN message sent • Open confirm – OPEN message received.www. Inc www. Inc www.INE. try again • Open sent – 3-way handshake complete.

6 went from Connect to OpenSent BGP: 10.146.6 Up Copyright © 2010 Internetwork Expert.6 went from OpenSent to OpenConfirm BGP: 10. length (incl.1.com Copyright © 2010 Internetwork Expert .1.1. length 0 BGP: 10.1.146.6 went from OpenConfirm to Established %BGP-5-ADJCHANGE: neighbor 10.146.INE.6 OPEN has MP_EXT CAP for afi/safi: 1/1 BGP: 10.6 rcvd OPEN w/ optional parameter type 2 (Capability) len 2 BGP: 10.6 OPEN has CAPABILITY code: 128.6 OPEN has ROUTE-REFRESH capability(new) for all address-families BGP: 10. version 4.www.1.INE.146.146.1.146. Inc www.1. header) 45 BGP: 10. R1(config)#router bgp 1 R1(config-router)#neighbor 10.1.146.146.1.6 rcv OPEN w/ OPTION parameter len: 16 BGP: 10.1.146.1. Inc www.1. length 0 BGP: 10.146. header) 26 BGP: 10.146. holdtime 180 seconds BGP: 10.1. holdtime 180 seconds BGP: 10.146.146.6 remote-as 1 R1(config-router)#end %SYS-5-CONFIG_I: Configured from console by console R1# BGP: 10.146.6 rcvd OPEN w/ remote AS 1 BGP: 10.6 OPEN has ROUTE-REFRESH capability(old) for all address-families BGP: 10.146.6 went from Idle to Connect BGP: 10.6 rcvd OPEN w/ optional parameter type 2 (Capability) len 2 BGP: 10.146. my as: 1.146.1.146.1. version 4.com BGP Peering State Machine Debug R1#debug ip bgp BGP debugging is on for address family: IPv4 Unicast R1#config t Enter configuration commands. length (excl.6 rcv message type 1.1.6 OPEN has CAPABILITY code: 1.6 sending OPEN.6 send message type 1.6 rcvd OPEN w/ optional parameter type 2 (Capability) len 6 BGP: 10.146.146.1.1.INE.146.6 rcv OPEN.6 OPEN has CAPABILITY code: 2.com BGP Peering Types • External BGP (EBGP) Peers – Neighbors outside my Autonomous System • Internal BGP (iBGP) Peers – Neighbors inside my Autonomous System • Update and path selection rules change depending on what type of peer a route is being sent to/received from Copyright © 2010 Internetwork Expert.1.1. length 4 BGP: 10. End with CNTL/Z. one per line.1.

com Copyright © 2010 Internetwork Expert . “iBGP full mesh” – n*(n-1)/2 peerings Copyright © 2010 Internetwork Expert.com iBGP Peerings • Peers in the same AS • Many times not directly connected – Implies IGP needed to provide TCP transport • Loop prevention via route suppression – Routes learned from an iBGP peer cannot be advertised on to another iBGP peer • Implies that all routers running BGP within the AS must peer with each other – i. Inc www. discard it Copyright © 2010 Internetwork Expert.g.INE.e.www.com EBGP Peerings • Peers in different ASes • Usually directly connected neighbors – e.INE. Inc www. but TTL defaults to 1 – neighbor [address] ebgp-multihop [ttl] • Uses AS-Path attribute for loop prevention – If I receive an update from an EBGP peer with my own ASN in the AS-Path. DS3 Frame Relay link to ISP • Can be “multihop”.INE.

com BGP Loopback Redundancy Example ISP 1 AS 1000 R1 and R2 Peer Using Their Directly Connected Link Goes R1 and R2 Peer Using Their Directly Link Physical Link Goes Down Down and Connected BGP Peering Is Lost Loopback Interfaces But Peering Is Rerouted ISP 2 AS 2000 R2 R1 AS 100 Copyright © 2010 Internetwork Expert.g.INE.INE.com BGP Peering Redundancy • BGP peering is based on TCP reachability to peer address • If peer address is unreachable.g.com Copyright © 2010 Internetwork Expert . as long as any link is up. Inc www. peering goes down – e. Loopback can be reached • Defined as update-source for TCP session Copyright © 2010 Internetwork Expert. if IP address of Serial link is used for peering and Serial link is down.INE. Inc www.www. peer goes down • Using Loopback addresses for peerings allows rerouting around link failures and adds redundancy – e.

com Basic BGP Configuration • Enable global BGP process – router bgp [ASN] • Establish BGP peers – neighbor [address] remote-as [remote ASN] Copyright © 2010 Internetwork Expert. Inc www.INE.INE.www. Inc www.com Basic BGP Verification • Verify BGP peerings – show ip bgp summary • Verify BGP table – show ip bgp • Verify BGP table detail – show ip bgp [network] [mask] • Verify BGP routing table – show ip route [bgp] Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert .

1.0/24 VLAN 56 R6 Fa0/1 Copyright © 2010 Internetwork Expert.1.4.1.3.1.6.5/24 10.1.5 remote-as 100 remote-as 100 remote-as 100 update-source Loopback0 update-source Loopback0 update-source Loopback0 remote-as 100 remote-as 100 remote-as 100 update-source Loopback0 update-source Loopback0 update-source Loopback0 Copyright © 2010 Internetwork Expert.1.1/24 BGP AS 200 OSPF Area 0 R2 S0/0 10.1.1.com BGP Configuration Topology Fa0/0 10.3 neighbor 10.6 neighbor 10.4.5 update-source Loopback0 neighbor 10.6.1.35.1.1.4.3.24.com Copyright © 2010 Internetwork Expert .5.6 remote-as 100 neighbor 10.3.12.1.56.1. Inc www.1.12.www.1.5.5.1.1.6.1.3.1.1.4 neighbor 10.5.4.5 update-source Loopback0 neighbor 10.4.6.13.3 remote-as 100 R2# router bgp 200 neighbor 10.0/24 VLAN 12 Fa0/0 Lo0 10.1.4 neighbor 10.6.3 neighbor 10.1.4 neighbor 10.4.1.4 remote-as 100 R3# router bgp 100 neighbor 10.INE.1.1 remote-as 200 R4# router bgp 100 neighbor 10.5 remote-as 100 neighbor 10.3.4/24 Fa0/0 Fa0/0 R5 Fa0/1 10. Inc www.3/24 R4 Lo0 10.2 remote-as 200 neighbor 10.5.13.6/24 S0/0 Fa0/0 R3 Lo0 10.1.3.3 neighbor 10.com Basic BGP Peering Configuration R1# router bgp 200 neighbor 10.1.46.6 R6# router bgp 100 neighbor 10.6 update-source Loopback0 neighbor 10.1.0/24 402 S1/2 Fa0/0 BGP AS 100 EIGRP AS 100 10.1.0/24 204 10.13.1.4.3.INE.2/24 R1 S0/1 Lo0 10.1.1.5 neighbor 10.0/24 VLAN 35 Lo0 10.4 neighbor 10.1.1.0/24 VLAN 46 Lo0 10.1 remote-as 200 neighbor 10.4 remote-as 100 neighbor 10.1.4 update-source Loopback0 neighbor 10.2 remote-as 200 R5# router bgp 100 neighbor 10.5.1.6.6 update-source Loopback0 neighbor 10.3 update-source Loopback0 neighbor 10.1.1.5.1.INE.1.12.6.2.6 remote-as 100 neighbor 10.1.24.3 neighbor 10.3 remote-as 100 neighbor 10.1.1.5 remote-as 100 neighbor 10.1.24.

1.6.1.5 10.1.4.1.1.12.13. local AS number 200 BGP table version is 15.1.1. main routing table version 34 Neighbor 10.13.4 V 4 4 AS MsgRcvd MsgSent 200 37 37 100 37 32 TblVer 15 15 InQ OutQ Up/Down State/PfxRcd 0 0 00:26:27 0 0 0 00:24:58 0 R3#show ip bgp summary BGP router identifier 10.com BGP Peering Verification R1#show ip bgp summary BGP router identifier 10.com BGP Peering Verification (cont.3. main routing table version 1 Neighbor 10.3.1.3. local AS number 200 BGP table version is 15.2.www. Inc www. main routing table version 1 Neighbor 10.2 V 4 4 4 4 AS MsgRcvd MsgSent 100 27 27 100 29 28 100 28 27 200 29 28 TblVer 1 1 1 1 InQ OutQ Up/Down State/PfxRcd 0 0 00:24:47 0 0 0 00:25:02 0 0 0 00:24:54 0 0 0 00:25:01 0 R5#show ip bgp summary BGP router identifier 10.1 10.5.1.3 V 4 4 AS MsgRcvd MsgSent 200 37 37 100 38 33 TblVer 15 15 InQ OutQ Up/Down State/PfxRcd 0 0 00:26:26 0 0 0 00:24:59 0 R2#show ip bgp summary BGP router identifier 10.1.5.6 10.4.INE.1.4.1.5 V 4 4 4 AS MsgRcvd MsgSent 100 55 46 100 55 45 100 43 43 TblVer 34 34 34 InQ OutQ Up/Down State/PfxRcd 0 0 00:25:03 0 0 0 00:24:57 0 0 0 00:40:13 0 Copyright © 2010 Internetwork Expert.3.3 10.4 10.INE.1.4.1.1 V 4 4 4 4 AS MsgRcvd MsgSent 100 27 27 100 28 27 100 28 27 200 29 28 TblVer 1 1 1 1 InQ OutQ Up/Down State/PfxRcd 0 0 00:24:45 0 0 0 00:24:59 0 0 0 00:24:59 0 0 0 00:25:02 0 Copyright © 2010 Internetwork Expert.1.INE.3 10. local AS number 100 BGP table version is 34. main routing table version 15 Neighbor 10.2.24.6. Inc www.5.6.6.1.1.5.3.6 10. local AS number 100 BGP table version is 1.com Copyright © 2010 Internetwork Expert .1.) R4#show ip bgp summary BGP router identifier 10.1.6.4 10. main routing table version 34 Neighbor 10.1. main routing table version 15 Neighbor 10. local AS number 100 BGP table version is 1. local AS number 100 BGP table version is 34.1.2 10.5.4.5 10.1.1.4 10.12.1.6 V 4 4 4 AS MsgRcvd MsgSent 100 55 46 100 56 46 100 43 43 TblVer 34 34 34 InQ OutQ Up/Down State/PfxRcd 0 0 00:25:01 0 0 0 00:25:03 0 0 0 00:40:12 0 R6#show ip bgp summary BGP router identifier 10.1.24.1.3 10.

com iBGP Full Mesh Scalability • n*(n-1)/2 doesn’t scale – 10 routers. Inc www. Inc www.INE. 499. 45 peerings – 100 routers.www.com iBGP Full Mesh Example ISP 1 AS 1000 9 Routers = 36 Peerings ISP 2 AS 2000 AS 100 Copyright © 2010 Internetwork Expert.INE. 4950 peerings – 1000 routers.INE.500 peerings • Can be fixed with two exceptions – Route Reflectors • Same logic as DR/DIS – Confederation • Split the AS into smaller Sub-ASes Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .

www. Inc www.com BGP Route Reflectors • Eliminates need for full mesh – Only need peering(s) to the RR(s) • Like OSPF DR & IS-IS DIS. Inc www.INE. discard it Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert . minimizes prefix replication – Send one update to the RR – RR sends the update to its “clients” • Loop prevention through Cluster-ID – If I am a RR and I receive a route with my own Cluster-ID.INE.com Route Reflector Example ISP 1 AS 1000 ISP 2 AS 2000 Route Reflector AS 100 Copyright © 2010 Internetwork Expert.

INE.www.INE.INE.com Copyright © 2010 Internetwork Expert . Inc www. Inc www.com BGP Confederation • Reduces full mesh iBGP need by splitting AS into smaller Sub-ASes – Inside Sub-AS full mesh or RR need remains – Between Sub-AS acts like EBGP • Devices outside the confederation do not know about the internal structure – Sub-AS numbers are stripped from advertisements to true EBGP peers • Typically uses ASNs in private range (64512 – 65535) Copyright © 2010 Internetwork Expert.com BGP Confederation Example Route Reflector Copyright © 2010 Internetwork Expert.

4 peer-group IBGP_PEER_GROUP neighbor 5.2.6.8 peer-group IBGP_PEER_GROUP neighbor 9. Inc www. Inc www.15.INE.3.com BGP Peer Groups • Typically many peers share the same update policy – e.INE.11.INE.g. a route reflector’s clients • BGP Peer Groups reduce configuration and processing overhead by applying a template to the peers • Peer group is assigned parameters such as… – remote-as – route-reflector-client – route-map • Neighbor is specified as a member of the group – Peers in a group must be either all iBGP or all EBGP Copyright © 2010 Internetwork Expert.www.com BGP Peer Group Example router bgp 1 neighbor IBGP_PEER_GROUP peer-group neighbor IBGP_PEER_GROUP remote-as 1 neighbor IBGP_PEER_GROUP update-source Loopback0 neighbor IBGP_PEER_GROUP route-reflector-client neighbor IBGP_PEER_GROUP next-hop-self neighbor 1.7.16 peer-group IBGP_PEER_GROUP Copyright © 2010 Internetwork Expert.12 peer-group IBGP_PEER_GROUP neighbor 13.10.14.com Copyright © 2010 Internetwork Expert .

www. Inc www.INE. BGP Configuration • Modify peering source address – neighbor [address] update-source [interface] • Enabling BGP authentication – neighbor [address] password [password] • Configuring BGP peer group – neighbor [Peer-Group-Name] peer-group – neighbor [Peer-Group-Name] [attrbiutes] – neighbor [address] peer-group [PeerGroup-Name] Copyright © 2010 Internetwork Expert. BGP peer authentication protects control plane against attacks and misconfigurations – Without authentication.com Copyright © 2010 Internetwork Expert . Inc www.INE.com Misc. BGP susceptible to TCP RST attacks • Interesting read: “Slipping in the Window: TCP Reset attacks” • Uses MD5 as defined in RFC 2385 – “Protection of BGP Sessions via the TCP MD5 Signature Option” • Simply configured as neighbor [address] password [password] Copyright © 2010 Internetwork Expert.INE.com BGP Authentication • Like IGP authentication.

www.com Copyright © 2010 Internetwork Expert .INE. prefixes in local routing table learned via OSPF can be advertised with BGP network statement Copyright © 2010 Internetwork Expert. they only have to be in the routing table – e.com Misc.com Building the BGP Table • Once peerings are established. networks do not have to be directly connected to be advertised.) • Enabling Route Reflection – neighbor [address] routereflector-client • Enabling Confederation – Enable global BGP process • router bgp [Sub-ASN] – Define global ASN • bgp confederation-id [ASN] – Define other Sub-ASes • bgp confederation peers [Sub-ASN1] [Sub-ASN2] [Sub-ASNn] Copyright © 2010 Internetwork Expert. BGP Configuration (cont. UPDATE messages are exchanged to advertise NLRI and build the BGP table • Routes local to the AS can be originated either by process level network [network] mask [mask] statement or redistribution • Unlike IGP. Inc www.g.INE. Inc www.INE.

1.0/24 * 10.0/24 *> *> 10. Inc www.4 Metric LocPrf Weight Path 0 32768 i 0 100 0 i 0 0 100 i 0 100 0 100 i 161280 0 100 i 156160 0 100 i 158720 0 100 i 156160 100 0 100 i 0 100 0 i 0 32768 i 0 0 100 i 33280 0 100 i 0 100 0 100 i 30720 0 100 i 30720 100 0 100 i Copyright © 2010 Internetwork Expert.4.255.2.24.0 mask 255.1.56.0 R3# router bgp 100 network 10.1.46.2 0.0 mask 255.4 10.0/24 * *> 10.0 10.0/24 * i Next Hop 0.3 10.255.0 network 10.1.0/24 *> 10.0 mask 255.1.0 mask 255.12.1.255.0 network 10.1.0 network 10.3 10.0 mask 255.1.0 mask 255.0 network 10.1.0 network 10.0.46.0 network 10.1.1.1.13.12.24.1.0 network 10.12.255.3 10.1.0 mask 255.1 Status codes: s suppressed.4 10.56.255.INE.1. i .1.0 network 10.13.1.255.35.255.1.255.0 network 10.1.1.255.internal.3 10.5.0/24 *>i10.3 10.56.1.3 10.255. r RIB-failure. * valid. ? .255.1.0/24 *>i *> 10.255.1.13.255.1.255.255.2.0 network 10.13.0/24 *>i10.com Copyright © 2010 Internetwork Expert .255.3.255.13. e .0 mask 255.1.0 mask 255.0 mask 255.IGP.1.0 R2# router bgp 200 network 10.1.0 network 10.1.6.1.255.1. local router ID is 10.0 network 10.0 network 10.1.1.255.255.255.0.1.1.1.incomplete Network *> 10.1.0 Copyright © 2010 Internetwork Expert.0 10.255.INE. S Stale Origin codes: i .com BGP Table Verification R1#show ip bgp BGP table version is 28.0 mask 255.1.6.6.0 R4# router bgp 100 network 10.3.35.255.1.0/24 * 10. h history.0 mask 255.INE.0 mask 255.13.255.0 network 10.1.255.255.24.0 network 10.1.1.255.255.5.1.2.13.255.www.255.12.0 mask 255.255.1.255.0 mask 255.3 10.255.0 network 10.0 mask 255.255.4.12.46.35.255.0. > best.0. Inc www.0/24 *>i * i10.5.2 10.1.24.1.255.1.4.0 mask 255.com Originating NLRI Configuration R1# router bgp 200 network 10.EGP.1.255.4 10.3.0 mask 255.255.0 mask 255.1. d damped.255.255.0 mask 255.

0/24 *>i *> 10.0/24 *> 10.3.0/24 *> Next Hop 10. local router ID is 10.0.3. * valid.1.1.24.1 10.35.12.4 10.0/24 *> * i10.0/24 *>i10.4 10.www.1.0/24 *> * i10.0.5 Metric LocPrf Weight Path 0 100 0 200 i 0 0 200 i 0 100 0 200 i 0 200 i 161280 100 0 i 0 32768 i 0 100 0 i 161280 32768 i 158720 100 0 i 156160 32768 i 156160 100 0 i 158720 32768 i 0 100 0 200 i 0 0 200 i 33280 100 0 i 0 32768 i 0 100 0 i 33280 32768 i 30720 100 0 i 30720 32768 I Copyright © 2010 Internetwork Expert.4.1.13.4.0.1. S Stale Origin codes: i .46.1.1.0/24 *> * i10.13.0. r RIB-failure. ? .13.1.1.24.0/24 * *> 10.com BGP Table Verification (cont.3 10. i .com Copyright © 2010 Internetwork Expert .35.2.6 0.1. d damped.0/24 *> * i10.13. i .1.1.1.EGP.0/24 * 10.1.4 10.1. > best.0/24 *> * i10.13.46.INE. e .0.3 10.internal.4 Metric LocPrf Weight Path 0 100 0 i 0 32768 i 161280 0 100 i 0 100 0 100 i 0 0 100 i 156160 100 0 100 i 158720 0 100 i 156160 0 100 i 0 32768 i 0 100 0 i 0 100 0 100 i 33280 0 100 i 0 0 100 i 30720 100 0 100 i 30720 0 100 i Copyright © 2010 Internetwork Expert.12.24. h history. e .4 10.1.35.4.INE.0/24 * *> 10.0/24 *> * i10.4 10.1.0.1.0 10.5 10.56.0 10. Inc www.6.1.0.com BGP Table Verification (cont.1.0/24 *> Next Hop 10.2 10.13.internal.0/24 * i10.1.56.INE.1.1.0 10.46.35.2.) R2#show ip bgp BGP table version is 30.1.1 10. local router ID is 10.0/24 *> * i10.0 10.1.2.1.12.IGP.1 10. * valid.1.1.IGP.1 10.24.6 10.3.5 10.1.1.0/24 *> * i10.1.35.1.46.35. r RIB-failure.1. Inc www.4 10.24.0/24 * i *>i10.1.1.5.1.24.1.incomplete Network *>i10.) R3#show ip bgp BGP table version is 11.6 10.1.6 0.0.24.1.4.1.1. S Stale Origin codes: i .1.EGP.1.5 10.1.1.3 10.46.35.2 10.6.1 0.1.3 10.0/24 *> 10.1.24.24.5 10. d damped.46.1.12.24.6 10.1.1. > best.incomplete Network * i10.1.3 Status codes: s suppressed.2 Status codes: s suppressed.1.5.4 10.4 0.1. ? .2 10.46. h history.1.1.0/24 *> * i10.13.

1.0/24 * i * i10.13.35.1.1.46.1.2. d damped.0/24 * i *> 10.46.1.0/24 r>i10.4.0/24 Next Hop 10.5 10.internal.3 0.24.1.5 Metric LocPrf Weight 0 0 100 0 0 100 0 0 0 161280 32768 0 100 0 0 32768 161280 100 0 158720 32768 156160 100 0 156160 32768 158720 100 0 0 100 0 0 0 33280 32768 0 100 0 0 32768 33280 100 0 30720 32768 30720 100 0 Path 200 i 200 i 200 i 200 i i i i i i i i i 200 i 200 i i i i i i i Copyright © 2010 Internetwork Expert.1.24. r RIB-failure.internal.INE.1.0/24 * i * i10.24.EGP.1.1 10.2 10.6 10. i .2.6 10.1.5 10.1.1.0.2 10.1.0/24 * i10.1.46.1 10.13. Inc www.1.5 Status codes: s suppressed.35.1.1.www.13.46.4.1.1 10.46.1.3.1.0/24 *> *> 10.3.0/24 r>i10.1.3.4.1.INE.35.1.1.1.0.incomplete Network *>i10.4.6 10.1.1 10.com BGP Table Verification (cont.EGP.5.0 10.1.35.1.1.) R5#show ip bgp BGP table version is 52.35. * valid.3 0.1.1.56.4 Status codes: s suppressed.0/24 r>i10.6 10.35.1. S Stale Origin codes: i .5 10.24.1.1.1.0/24 * i *> 10.2 10.5 10.1 10.1.1.1. * valid.24.1. e .1 10.INE.13.6 10.3.1.0/24 * i *> 10.46.46.2 10.6 10.1. > best.0/24 * i *> 10.IGP.0/24 *> *> 10.com Copyright © 2010 Internetwork Expert . > best.0.2 10.1.1.3.46.1.24.12. S Stale Origin codes: i .0/24 * i * i10. ? .12.13.46.1.com BGP Table Verification (cont.3 10.6 10.1.4 10. local router ID is 10. h history.56.1.6 Metric LocPrf Weight Path 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 161280 100 0 i 0 100 0 i 0 100 0 i 158720 100 0 i 156160 100 0 i 0 100 0 200 i 0 100 0 200 i 33280 100 0 i 0 100 0 i 0 100 0 i 30720 100 0 i Copyright © 2010 Internetwork Expert. d damped.1. e . i .1.0/24 r>i r>i10.46.1.6.0 10.6 10.0/24 * i *> 10. h history.IGP.1.6. ? .5.35.4.0/24 * i Next Hop 10.0/24 *>i r i10.0.3.13.46.46.1.incomplete Network *> 10.1.1.0/24 *>i r i10.5. local router ID is 10.1. r RIB-failure.4 10.6 10.3 10.) R4#show ip bgp BGP table version is 26. Inc www.1.2 10.0/24 r>i r>i10.1.

35.1. e .1.2) Origin IGP.0/24 r>i10.0/24 r i r>i10.35. Inc www.4 10. h history.1 10.2 (10.1.4 (metric 20) from 10.0/24 * i10.1.1.5 10.1. i .2.3 (10.1 10.com Copyright © 2010 Internetwork Expert .5 10.4 10.1.1. localpref 100. external.35.5 10.12.5 Metric LocPrf Weight Path 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 0 100 0 i 0 100 0 i 161280 100 0 i 156160 100 0 i 158720 100 0 i 0 100 0 200 i 0 100 0 200 i 0 100 0 i 0 100 0 i 33280 100 0 i 30720 100 0 I Copyright © 2010 Internetwork Expert.0 BGP routing table entry for 10. S Stale Origin codes: i . local router ID is 10.4. version 25 Paths: (2 available.0/24.1.1.0/24 *>i r>i10.13.5. best 100 10. > best.1.1.1.56. internal Copyright © 2010 Internetwork Expert.35.3.1. table Default-IP-RoutingTable) Advertised to update-groups: 2 100 10.6.13.1.2 10.3.1.1.46.1.incomplete Network *>i10.6 Status codes: s suppressed.com BGP Table Verification Detail R1#show ip bgp 10.1.IGP.24. r RIB-failure.3 10.EGP.1.56.56.3 10. d damped.35.INE. * valid. valid.4.www.24.1.3 from 10.6.35. Inc www.2 10.2 10.0/24 r i r>i10.1.) R6#show ip bgp BGP table version is 54.1.24. metric 30720. best #1.INE.1.1. ? .13.5 10.1.1.0/24 * i * i10.12.1 10.4.1.2.1.3.0/24 r>i10.0/24 r>i10.1. localpref 100.INE.3) Origin IGP.0/24 Next Hop 10.13.24. metric 30720.1.0/24 *>i r>i10.13.3.internal.1.com BGP Table Verification (cont.1.1. valid.1.

46.0/24 * i10.. * valid. is used to reduce resource requirements needed to process the BGP table – Configured as aggregate-address [network] [mask] [summary-only|as-set|routemap|.1.0/24 *>i10..13.3 10.13. r RIB-failure.1. d damped.3.] • Can be applied at any point in the network – No hierarchy like OSPF/IS-IS • Does not automatically stop subnet advertisements – summary-only argument • Can be used for longest match routing traffic engineering Copyright © 2010 Internetwork Expert.1.0/24 * 10. > best. e .1.com BGP Aggregation Configuration R3# router bgp 100 aggregate-address 10.1.EGP.4.1.0/24 i Next Hop 0.255.0.1.12.1.0/24 * 10.3 10.1.1.1.1.3 10.1. h history.1.1.0 10. like IGP summarization.0 255.5.com BGP NLRI Aggregation • BGP aggregation. Inc www.56.INE.IGP.com Copyright © 2010 Internetwork Expert .0.24.1.1.2 10.24.1.0 10.1.4.4 10.0/24 *> *> 10.2 0.1.2.24.1.4.13.3 10.254.13.4 10.1 Status codes: s suppressed.1.13.1.INE.35.1.24.0/24 *>i * i10.0/24 *>i *> 10.4 10.INE.6.12.1. local router ID is 10.0/24 *> 10. Inc www. S Stale Origin codes: i .incomplete Network *> 10. ? .3 10.0/24 *>i10.4 Metric LocPrf Weight Path 0 32768 i 0 100 0 i 0 0 100 i 0 100 0 100 i 0 100 0 100 i 0 0 100 i 158720 100 0 100 i 158720 0 100 i 156160 100 0 100 i 0 100 0 i 0 32768 i 0 0 100 i 33280 0 100 i 0 100 0 100 i 30720 0 100 i 30720 100 0 100 I Copyright © 2010 Internetwork Expert.4 10.0.4 10.12.internal.1.1.24.3 10.www.0 summary-only R1#show ip bgp BGP table version is 31.13.24.1.0/23 *> *>i10.0. i .1.

www.INE. non-transitive • Transitive passes between EBGP and iBGP neighbors • Non-transitive passes only between iBGP neighbors • Valid combinations are… – – – – Well-known mandatory Well-known discretionary Optional transitive Optional non-transitive Copyright © 2010 Internetwork Expert.com BGP Attribute Types • Attributes fall into different categories… – Well-known vs.INE. Inc www.com BGP Path Vector Attributes • UPDATE includes path vector attributes for a route – Next-hop – AS-Path – Origin – Local preference – Multi-Exit Discriminator (MED) – Atomic aggregate – Aggregator Copyright © 2010 Internetwork Expert. discretionary • Mandatory must be present in update • Discretionary may or may not be present – Transitive vs. Inc www. optional • Well-known must be implemented • Optional may or may not be implemented – Mandatory vs.INE.com Copyright © 2010 Internetwork Expert .

com BGP Next-Hop • Well-known mandatory attribute • If UPDATE comes from EBGP peer – Next-hop is the IP address they use to peer with you • i. their update-source • If UPDATE comes from iBGP peer – Next-hop is the IP address used to peer with the EBGP neighbor they learned it from • i. Inc www.g.INE. “100 1000 2000” (3) vs “100 1000 2000 3000” (4) Copyright © 2010 Internetwork Expert. Inc www.com BGP AS-Path • Well-known mandatory attribute • Defines which Autonomous Systems the route has passed through • When sending an UPDATE to an EBGP neighbor. the next-hop is unmodified – Implies that iBGP neighbors must have an IGP route to the links between EBGP neighbors – Behavior can be changed with neighbor [address] next-hop-self Copyright © 2010 Internetwork Expert.INE.e.INE. the local ASN is “prepended” to the route – Example path “100 1000 2000” • Originated in 2000 • Passed through 1000 • Learned from 100 • Shorter AS-Path length is preferred – e.www.e.com Copyright © 2010 Internetwork Expert .

redistribution • Lower origin code is preferred Copyright © 2010 Internetwork Expert.INE.294.com BGP Origin • Well-known mandatory attribute • Possible values… – 0 – IGP – 1 – EGP – 2 – Incomplete • Defines how prefix was advertised into BGP – IGP – interior to the AS – EGP – the actual protocol “EGP” (deprecated) – Incomplete – some other means • e. Inc www.295 • Only exchanged in iBGP updates • Higher local preference is preferred Copyright © 2010 Internetwork Expert.g.com Copyright © 2010 Internetwork Expert .www.INE. Inc www.967.com BGP Local Preference • Well-known discretionary attribute • 4 byte field – Value of 0 – 4.INE.

294.INE.com BGP Atomic Aggregate and Aggregator • Atomic Aggregate – Well-known discretionary attribute • Aggregator – Optional transitive attribute • Both used when BGP prefixes are summarized (aggregated) together • “Aggregate” prefix has – Atomic Aggregate = TRUE – Aggregator = BGP Router-ID who performed summarization Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .INE. Inc www.INE.www.967. Inc www.295 • Used to choose (discriminate) between multiple exit points out of the AS – Many exceptions to MED comparison – Rarely used in practice • Lower MED is preferred Copyright © 2010 Internetwork Expert.com BGP Multi-Exit Discriminator • AKA MED or simply “metric” • optional non-transitive attribute • 4 byte field – Value of 0 – 4.

INE.com Bestpath Selection Example X1 X2 X3 Three Instances ofBestpath Prefix “X” R1 and R2 run R1 and R2 advertise their best Learned From EBGP Neighbors All Other Routers Run Bestpath Selection.www. On R2.INE. path selection begins • Bestpath selection algorithm compares path vector attributes and elects one route as “best” for each prefix – Denoted by “>” in the show ip bgp output • Like RIPv2 & EIGRP. only best route is sent to the routing table and to other peers Copyright © 2010 Internetwork Expert. R1 With Exception Of R2 X1 X2 X1 X1 X1 X1 X1 X1 X1 Copyright © 2010 Internetwork Expert.INE. Inc www.com Copyright © 2010 Internetwork Expert .com BGP Bestpath Selection • Once updates are exchanged. X2 wins Resulting Traffic Flow Exits Via paths to Selection. XX 1 Wins. Inc www.

Inc www. lowest interface IP address.com Copyright © 2010 Internetwork Expert . lowest Router-ID.INE.g.com BGP Bestpath Selection Order • Algorithm not standardized. • See BGP Best Path Selection Algorithm on cisco.com Manipulating BGP Bestpath Selection • Vector attributes can be manually modified to define different routing policy for different routes – E.INE.INE.com for details Copyright © 2010 Internetwork Expert. Inc www.www. control inbound/outbound traffic flow on a perprefix basis • Attributes typically modified are… – – – – Weight Local-Preference AS-Path MED • Inbound routing policy affects outbound traffic – Change weight or local-pref in to affect traffic out • Outbound routing policy affects incoming traffic – Change AS-Path or MED to affect traffic in Copyright © 2010 Internetwork Expert. etc. Cisco IOS selection order is… – Weight (highest) • Locally significant Cisco proprietary attribute – – – – – – – Local Preference (highest) Locally originated routes AS-Path (shortest) Origin (lowest) MED (lowest) EBGP learned routes over iBGP learned routes Smallest IGP metric to next-hop value • Algorithm runs top down until a deciding match occurs • Other tie-breaking checks occur if no bestpath – Oldest route.

Traffic Flow To X Exits Via R1 paths to X Neighbors.www. R2 Local Pref Affects All Peers.INE. X1 Still Wins.com Manipulating Weight Example ISP 1 AS 1000 X1 Weight 0 (Default) Three Instances of Prefix R2 Modifies Weight Of “X” X3 R1 and R2 run Bestpath Learned From EBGP Neighbors R1 and advertise their best To BeR2 Higher Than X2 Other Weight Does Not Affect Selection. Inc www. R1 X Advertises ToWithdraws Be Higher Than Default 1. wins. X3Flow X3 Wins.com Manipulating Local Preference Example X1 Local Pref 100 (Default) XX 1 3 X2 Local Pref 100 (Default) X3 X3 Local Pref 200 Three Instances of Prefix “X” R2Runs Modifies Local Pref Of X3 R1 Bestpath On X Learned From EBGP Neighbors 1 and X3. X 3 wins. On R2. With Exception Of R2. Including X3 X3 X3 X3 X3 X3 X3 Copyright © 2010 Internetwork Expert. ISP 2 AS 2000 X2 ISP 1 AS 1000 X3 Weight 100 R1 X1 R2X3 X1 X1 X1 X1 X1 X1 X1 AS 100 Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert .INE. Inc www.R1. X 3 All Traffic To X Exits Via R2 To Peers.

INE. Inc www.INE.com Manipulating MED Example ISP 1 AS 1000 MED 100 ISP 1 AS 1000 MED 200 X1 AS 100 Originates Prefix “X” R1 and R2 Set MED for X1Into and X1 Is Preferred Entry Point For BGP Advertises Outbound To AS 1000 XAnd 2 Outbound AS 1000 To Reach X R1 R2 X2 X AS 100 Copyright © 2010 Internetwork Expert.www.com Manipulating AS-Path Example AS-Path 100 100 100 AS-Path 100 (default) AS-Path 100 100 100 X1 AS 100 Originates Prefix “X” Into R1 R2 Prepend Additional Xand Via AS 2000 Is Preferred BGP And Outbound 2 ASNs toAdvertises X X3 Reach Outbound 1 andTo Entry Point X X2 X3 X Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . Inc www.INE.

4 (10.com Modifying BGP Next-Hop Configuration R4# router bgp 100 neighbor 10.4.1.4 10.6.1 10.3 10.1.1.EGP.4.24. * valid.com BGP Weight Configuration R2#show ip bgp 10.1.1) Origin IGP. localpref 100.0/24 r>i10.4 10.0/24 r>i10.4 (10.1.1.0/24 * i * i10. Inc www.4 10.1 10. > best.1.0/24 r>i10.1.4) Origin IGP.1.1 (10.1.1.1.4 Metric LocPrf Weight Path 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 0 100 0 200 i 161280 100 0 i 0 100 0 i 0 100 0 i 158720 100 0 i 156160 100 0 i 0 100 0 200 i 0 100 0 200 i 33280 100 0 i 0 100 0 i 0 100 0 i 30720 100 0 I Copyright © 2010 Internetwork Expert. localpref 100.1.1.3. End with CNTL/Z.3 next-hop-self neighbor 10.4 route-map R4_INBOUND in R2(config-router)#end R2#clear ip bgp * in R2#show ip bgp 10.www.0/24 Next Hop 10.1 10. one per line. weight 100.13.13. metric 0. Inc www. S Stale Origin codes: i .3.4 10.1.4 from 10.1.12.4 10. e .1. best 100 10.0/24 r>i r>i10. h history.1.5 next-hop-self neighbor 10.1.2. d damped.13.5.3.5.1. version 34 Paths: (2 available.4. localpref 100. i . valid.1. best R2#config t Enter configuration commands.1.1. valid.incomplete Network *>i10.4.3.4 10.46.1.INE.1.4.24.1.internal.1.com Copyright © 2010 Internetwork Expert .4 10.12.1.0/24 * i10.1.1. valid.0/24 *>i r i10.0/24. internal.1. best #1.5. best #2.4.3 (metric 20) from 10.6.0/24 r>i r>i10.4 10.1.1.1.3.35.1.3.INE. ? .1. version 28 Paths: (2 available.1.56. local router ID is 10.IGP.1.1. internal Copyright © 2010 Internetwork Expert.0/24.1. localpref 100. r RIB-failure.4. valid.4. external 100 10.4. external.5 Status codes: s suppressed.0 BGP routing table entry for 10.24.1.0/24 *>i r i10.3 10. table Default-IP-Routing-Table) Advertised to update-groups: 1 100 10.24.1. R2(config)#ip prefix-list R3_LOOPBACK permit 10.1.4.4.INE.4 10.1.4 from 10.0 BGP routing table entry for 10.3.4.6 next-hop-self R5#show ip bgp BGP table version is 58.12. metric 0.13.1.1) Origin IGP.1.24. metric 161280.3 (metric 20) from 10.13. metric 161280.4.1.0/24 R2(config)#route-map R4_INBOUND permit 10 R2(config-route-map)#match ip address prefix-list R3_LOOPBACK R2(config-route-map)#set weight 100 R2(config-route-map)#route-map R4_INBOUND permit 100 R2(config-route-map)#router bgp 200 R2(config-router)#neighbor 10.4) Origin IGP.3.1. table Default-IP-Routing-Table) Flag: 0x4940 Advertised to update-groups: 2 100 10.1.1 (10.3.1.

best R4#show ip bgp 10.1.24.1 Type escape sequence to abort.3.1. version 2 Paths: (2 available.1.1.24.1 [AS 200] 28 msec * 28 msec 13 msec Copyright © 2010 Internetwork Expert. Inc www.1.1 1 10.1.13. valid.1.24.2) Origin IGP. localpref 100.1. localpref 100.1 (metric 20519680) from 10.com BGP Local Preference Configuration (cont. localpref 100.2 from 10.1 Type escape sequence to abort.2.2 route-map R2_INBOUND in R4(config-router)#end R4#clear ip bgp * in R4#show ip bgp 10.1.1. localpref 200.13.1.1. table Default-IP-Routing-Table) Advertised to update-groups: 2 200 10.1.1.1.1. internal R3#traceroute 10.1) Origin IGP.24.1.1.1.1.12.4. Tracing the route to 10.1 Type escape sequence to abort.2 28 msec 28 msec 28 msec 2 10.1 (10. valid. table Default-IP-Routing-Table) Flag: 0x800 Advertised to update-groups: 2 200 10. best #1. metric 0.0/24. valid. Tracing the route to 10.1.13.24.2) Origin IGP.1 [AS 200] 32 msec * 28 msec Copyright © 2010 Internetwork Expert.1.1.0 BGP routing table entry for 10.1. localpref 100. external.com Copyright © 2010 Internetwork Expert . metric 0. valid.24. best 200 10. best #2.1 1 10.24.3) Origin IGP.1.1.2 from 10. Inc www.1. End with CNTL/Z. version 28 Paths: (1 available.1.4.2 (10.1.4.3.1.1.1.INE.4) Origin IGP.INE.4 (10.3 (10.1.1. external.1.1.0/24.1. Tracing the route to 10.4 (metric 161280) from 10.1. R4(config)#ip prefix-list R1_LOOPBACK permit 10.1. best R4#traceroute 10.1.1 from 10.1.2.1. external.1.2 28 msec 28 msec 28 msec 2 10. metric 0. internal 200 10.1. one per line.1 12 msec * R4#traceroute 10.1 1 10.0/24.INE.1.13.0 BGP routing table entry for 10.1. table Default-IP-Routing-Table) Advertised to update-groups: 2 200 10.www. best #1. version 3 Paths: (2 available.2 (10.) R4#conf t Enter configuration commands.com BGP Local Preference Configuration R3#show ip bgp 10.1.0 BGP routing table entry for 10.0/24 R4(config)#route-map R2_INBOUND permit 10 R4(config-route-map)#match ip address prefix-list R1_LOOPBACK R4(config-route-map)#set local-pref R4(config-route-map)#set local-preference 200 R4(config-route-map)#route-map R2_INBOUND permit 100 R4(config-route-map)#router bgp 100 R4(config-router)#neighbor 10.1. valid.12.

4.com BGP Local Preference Configuration (cont. internal 200 10.com Copyright © 2010 Internetwork Expert .4) Origin IGP.1. End with CNTL/Z.1 4 msec 4 msec 0 msec 4 msec 4 msec 0 msec 4 msec 4 msec 4 msec 20 msec 20 msec 20 msec [AS 200] 20 msec * 20 msec Copyright © 2010 Internetwork Expert. version 26 Paths: (2 available.5 10.4. metric 0.0 BGP routing table entry for 10. localpref 100.46.4 route-map R4_OUTBOUND out R2(config-router)#end R2#clear ip bgp * out Copyright © 2010 Internetwork Expert.1.1 (10.4.0/24. localpref 100.1.1.4.1 1 2 3 4 5 10. one per line.1.1.4. best #2. external. best 200 10.1. best R4#show ip bgp 10.1.1.INE.2 from 10. version 11 Paths: (2 available. valid. metric 0.4 (metric 161280) from 10.1.2 10.1.1 (10.1.1. external R3#traceroute 10.1 Type escape sequence to abort. localpref 100.0 BGP routing table entry for 10.1. metric 0.3 (10. R2(config)#ip prefix-list R2_LOOPBACK permit 10. metric 0. valid.13.1.4 (10.1.1 from 10.0/24 R2(config)#route-map R4_OUTBOUND permit 10 R2(config-route-map)#match ip address prefix-list R2_LOOPBACK R2(config-route-map)#set as-path prepend 200 200 200 R2(config-route-map)#route-map R4_OUTBOUND permit 100 R2(config-route-map)#router bgp 200 R2(config-router)#neighbor 10.6 10.1.2.2. metric 0. table Default-IP-Routing-Table) Advertised to update-groups: 2 200 10.1. valid.1.1.1.4 10.4 (metric 161280) from 10.4) Origin IGP.13.1.3. internal.INE. table Default-IP-Routing-Table) Advertised to update-groups: 2 200 10.0 BGP routing table entry for 10. valid.) R3#show ip bgp 10. valid.1. external.1.2 (10.3) Origin IGP. table Default-IP-Routing-Table) Flag: 0x940 Advertised to update-groups: 1 200 10. localpref 100.1 (metric 20519680) from 10.INE.1. version 15 Paths: (2 available.24. valid.12. localpref 200.1. internal 200 10.4 (10.35.1.24.1.1. best #2.2.1.1.13.com BGP AS-Path Configuration R3#show ip bgp 10.1.24.www. Tracing the route to 10.1 from 10. Inc www.1.1. best R2#conf t Enter configuration commands. localpref 100.56.2. Inc www.13.0/24.1.2.1.1) Origin IGP.1.4.1. best #1.2.3.1.2) Origin IGP.1) Origin IGP.13.0/24.24.

localpref 100. localpref 100.INE.1.2.1.24.1.4 from 10. one per line. valid. version 25 Paths: (1 available. table Default-IP-Routing-Table) Advertised to update-groups: 1 100 10.1.13. metric 156160.1.1.12.2.13.2 Type escape sequence to abort. external R4#traceroute 10. localpref 100. internal.56.6. valid. metric 158720. best #1.1.2.1. best R3#conf t Enter configuration commands.1.com BGP MED Configuration R1#show ip bgp 10. best #1.0/24 R3(config)#route-map R1_OUTBOUND permit 10 R3(config-route-map)#matc ip address prefix-list R6_LOOPBACK R3(config-route-map)#match ip address prefix-list R6_LOOPBACK R3(config-route-map)#set metric 100 R3(config-route-map)#route-map R1_OUTBOUND permit 100 R3(config-route-map)#router bgp 100 R3(config-router)#neighbor 10.2. external.1. best #1. table Default-IP-Routing-Table) Advertised to update-groups: 2 200 10.3.13.3.24.2 4 msec 4 msec 0 msec 4 msec 4 msec 0 msec 0 msec 4 msec 4 msec 24 msec 24 msec 28 msec [AS 200] 24 msec * 24 msec Copyright © 2010 Internetwork Expert.1.1.INE.6.6. valid.6 10.1. metric 0.2) Origin IGP.2) Origin IGP.1.24.12.1.1.5 10.0 BGP routing table entry for 10. localpref 100.1.1.2 from 10.1 route-map R1_OUTBOUND out R3(config-router)#end R3#clear ip bgp * out Copyright © 2010 Internetwork Expert. valid. version 29 Paths: (2 available. best R2#show ip bgp 10.1.com BGP AS-Path Configuration (cont. Inc www. internal. best R4#show ip bgp 10.1.13.3) Origin IGP. version 27 Paths: (2 available.1.3 (10. valid.2.2 1 2 3 4 5 10.0 BGP routing table entry for 10.1.1.3) Origin IGP.2.4 (10.1 (10.6.com Copyright © 2010 Internetwork Expert . version 11 Paths: (1 available.1. metric 0.1) Origin IGP.4. table Default-IP-Routing-Table) Advertised to update-groups: 2 100 10.2.3 from 10.1.1.1.24.24. End with CNTL/Z. table Default-IP-Routing-Table) Flag: 0x940 Advertised to update-groups: 1 200 10.4 (metric 20) from 10.13.1.13. localpref 100.1. best #2.46. Inc www.) R3#show ip bgp 10.13.3 (10.2 (10.1. valid.1.1.INE. R3(config)#ip prefix-list R6_LOOPBACK permit 10.1 (metric 20519680) from 10.3.3 10. Tracing the route to 10.1.1.4) Origin IGP.2 (10.0/24. external 100 10.0 BGP routing table entry for 10.6.35. external.www.2.0/24.1.0/24.1 from 10.0/24.1 10. localpref 100. metric 156160.1. best 200 200 200 200 10.0 BGP routing table entry for 10.

6. metric 156160. Inc www.1.0/24. metric 100.com Copyright © 2010 Internetwork Expert .6.1.com BGP MED Configuration (cont.1 (10. valid.1.0/24.24.1.1. Inc www.1. external.6.INE.1. best #1.INE.13.1.12.1.1.1. best #1.1. table Default-IP-Routing-Table) Flag: 0x4940 Advertised to update-groups: 2 100 10.3.3 from 10.13. metric 100.3) Origin IGP. localpref 100. best 100 10. table Default-IP-Routing-Table) Flag: 0x4940 Advertised to update-groups: 1 100 10. best R2#show ip bgp 10.) R1#show ip bgp 10.4 from 10. version 32 Paths: (1 available.4.0 BGP routing table entry for 10.4) Origin IGP.3 (metric 20) from 10. version 35 Paths: (2 available.13.4 (10.1. internal. localpref 100.1. localpref 100.www. valid.24. external Copyright © 2010 Internetwork Expert.6.0 BGP routing table entry for 10. valid.3 (10.com BGP Q&A Copyright © 2010 Internetwork Expert.INE.1) Origin IGP.

BGP to IGP redistribution Copyright © 2010 Internetwork Expert.INE.INE.g.com Copyright © 2010 Internetwork Expert .g. Inc www.com Internetwork Expert’s CCNP Bootcamp Redistribution & Layer 3 Path Control http://www.www.INE. OSPF to EIGRP redistribution • Considerations – Metric conversion – Loss of loop prevention – Table instability • e.com Route Redistribution Overview • Process of exchanging reachability information between routing domains – e.

INE. external routes • No default metric for redistribution.INE. Inc www. must be manually specified – Global default-metric – Individual redistribute statements Copyright © 2010 Internetwork Expert.g.com Copyright © 2010 Internetwork Expert .com How Redistribution Works • Route redistribution occurs from the routing table.www. implicit redistribute connected – IPv6 exceptions • Redistribution must be explicit – e.g.com Redistribution into RIPv2 • Does not distinguish between internal vs. Inc www. EIGRP to OSPF then OSPF to RIP does not imply EIGRP to RIP Copyright © 2010 Internetwork Expert. only currently installed routes are candidate to be redistributed • Most protocols also include connected interfaces running the routing process as candidate – e.e.INE. not the routing database – i.

www.INE.com

Redistribution into EIGRP • Does distinguish between internal vs. external routes
– Internal (D) EIGRP AD 90 – External (D EX) EIGRP AD 170

• EIGRP Router-ID tagged in external route
– Automatic loop prevention

• No default metric for redistribution unless going EIGRP to EIGRP
– Global default-metric – Individual redistribute statements
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Redistribution into OSPF • Does distinguish between internal vs. external routes
– E1/E2/N1/N2 – Same AD for all, but can be separately modified

• OSPF Router-ID tagged in external LSA
– Automatic loop prevention

• Default metric of 20 • Default metric type of E2/N2
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

IGP Redistribution into BGP • Redistributed routes get origin code of incomplete
– Denoted as ? in the BGP table – Implies redistributed routes less preferred

• OSPF into BGP only matches internal routes by default
– redistribute ospf 1 match internal external

Copyright © 2010 Internetwork Expert, Inc www.INE.com

BGP Redistribution into IGP • Generally not recommended without strict filtering
– Global routing table ~ 350,000 routes

• BGP into IGP only matches EBGP routes by default
– bgp redistribute-internal – Can result in routing/traffic loops or BGP race condition

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Redistribution & Traffic Engineering
• Traffic engineering (layer 3 path control) can be implemented in redistribution designs with multiple entry/exit points • Seed metric can influence path selection
– ASBR1 reports prefix X with cost 10 – ASBR2 reports prefix X with cost 20

• Route-map, prefix-list, etc. filtering can influence path selection with longest match routing
– ASBR1 reports aggregate X plus subnets X1 & X2 – ASBR2 reports only aggregate X
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Basic Redistribution Example
10.1.1.0/24 VLAN 1

Fa0/0.1
10.1.12.0/24 VLAN 12

R1
10.1.13.0/24 VLAN 13

Fa0/0.12 Fa0/0.13

Fa0/0.12

R2
Fa0/0.23

Fa0/0.24

10.1.24.0/24 VLAN 24 10.1.23.0/24 VLAN 23

Fa0/0.13

Fa0/0.24 Fa0/0.23

R3
Fa0/0.35

R4
Fa0/0.45

10.1.35.0/24 VLAN 35 10.1.45.0/24 VLAN 45

Fa0/0.35

Fa0/0.45

Copyright © 2010 Internetwork Expert, Inc www.INE.com

R5

Copyright © 2010 Internetwork Expert

www.INE.com

Problems with Redistribution
• Routing loops & traffic loops (“blackholes”) generally occur for three reasons
– Reconvergence after a topology change – Metric feedback – Administrative Distance feedback

• Temporary traffic loss during reconvergence is normal • Metric or AD feedback is usually recurring, and happens because of improper design
– E.g. redistribution from higher AD to lower AD and then fed back
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Metric Route Feedback Example
R2 learns prefix via RIP with metric 5 R2 redistributes prefix into OSPF

R2 learns prefix via RIP with metric 1 and loop occurs

R3 redistributes prefix into RIP with metric 1

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

AD Route Feedback Example
R2 learns prefix via RIP with AD 120 R2 learns prefix via OSPF with AD 110

RIP route is withdrawn and loop occurs

R3 redistributes prefix into OSPF

Copyright © 2010 Internetwork Expert, Inc www.INE.com

Fixing Redistribution Problems
• Some redistribution problems can only be solved by changing the topology design or changing where redistribution occurs • Others can be fixed with various IOS tools such as…
– – – – – – Route-map filters Distribute-list filters Prefix-lists Access-lists Passive-interface filters Route tags
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Route-Map Filtering
• Condition based criteria for filtering & modifying redistribution • Like ACLs, ends in implicit deny • Typically matches prefix-list, but can match more
– – – – – ACL Route type Route source Route tag Metric

• Can be used for route tagging & loop prevention
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Distribute-List Filtering • Used to filter routing advertisements…
– Received on an interface – Sent on an interface – Received from a neighbor – Sent to a neighbor

• Calls prefix-list or access-list for actual route matching • Only supported for RIPv2/EIGRP/BGP
– Breaks OSPF/IS-IS LSDB logic
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

www.INE.com

Prefix-List Filtering
• Used to match route based on both prefix and length
– e.g. ip prefix-list LIST permit 1.2.3.0/24

• Can also match ranges of prefixes or lengths
– e.g. ip prefix-list LIST permit 0.0.0.0/0 le 32

• Uses sequence numbers to allow editing • Preferred use for routing filters, not traffic filters • Can be referenced from distribute-list or route-map
– distribute-list prefix-list LIST in FastEthernet0/0 – match ip address prefix-list LIST
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Access-List Filtering
• Normally used for traffic filtering, but can be used for routing filters • Standard ACLs can only match on prefix, not length
– 1.2.0.0/16 and 1.2.0.0/31 appear the same – Shortcoming as compared to prefix-list

• Extended ACL applies differently based on protocol
– In RIP & EIGRP can filter route based on gateway – In BGP uses legacy prefix-list workaround syntax
Copyright © 2010 Internetwork Expert, Inc www.INE.com

Copyright © 2010 Internetwork Expert

com Copyright © 2010 Internetwork Expert . Inc www.INE. Inc www.www. receive but not send • For OSPF/EIGRP.com Route Tag Filtering • Administrative route tagging can be used to “color” routes based on their origination – Gives visibility to redistribution source router or source protocol in the routing database • Route tag can be used to prevent route feedback in certain designs • Applied through route-map – set tag 1234 – match tag 1234 Copyright © 2010 Internetwork Expert.INE.INE.com Passive-Interface Filtering • Used to disable sending of routing updates on an interface that has the process enabled • For RIPv2. breaks adjacency forming • Can be per link or all links Copyright © 2010 Internetwork Expert.

com Policy Based Routing & Traffic Engineering • Normal routing decision is based on longest match to destination address • Policy Based Routing (PBR) allows routing decision based on… – Source address – Incoming interface – Application – QoS markings • Very flexible.. Inc www.INE.INE. – If set ip next-hop or interface • Check route-map first. but non-distributed platforms may have performance limitations Copyright © 2010 Internetwork Expert. or default-interface • Route-map applies either to – Incoming traffic on interface with ip policy – Locally generated traffic with ip local policy • Order of operations is. Inc www.com How PBR Works • Route-map defines match and set criteria – Match incoming interface or ACL – Set ip next-hop. then routing table – If set ip default next-hop or default interface • Check routing table first.INE.www. default ip next-hop. interface.. then route-map Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .

INE.INE.com Copyright © 2010 Internetwork Expert .com Q&A Copyright © 2010 Internetwork Expert.com IP SLA & Traffic Engineering • IP Service Level Agreement adds application level awareness to Enhanced Object Tracking • Enhanced Objects can be called from features such as… – FHRPs – Policy-Based Routing – Static Routing Copyright © 2010 Internetwork Expert.INE. Inc www. Inc www.www.

000.028.431.236.294.com Why IPv6? • Main motivation for IPv6 is lack of IPv4 address space • IPv4 uses 32-bits – 2^32 = 4.463.000+ Copyright © 2010 Internetwork Expert.692.com Internetwork Expert’s CCNP Bootcamp Internet Protocol Version 6 (IPv6) http://www.967.com Copyright © 2010 Internetwork Expert .INE.INE.296 max addresses • IPv6 uses 128-bits – 2^128 = 34. Inc www.374.607.INE.77 0.938.463.www.

INE.com IPv4 vs.INE. The initial allocation of these prefixes is as follows: Allocation Prefix (binary) -----------------------------------------Aggregatable Global Unicast Addresses 001 Link-Local Unicast Addresses 1111 1110 10 Site-Local Unicast Addresses 1111 1110 11 Multicast Addresses 1111 1111 Fraction of Address Space ------------1/8 1/1024 1/1024 1/256 Copyright © 2010 Internetwork Expert.4 – Each place denotes 1 byte • IPv6 Hexadecimal – XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX – Two characters = one byte Copyright © 2010 Internetwork Expert.4 Address Type Representation The specific type of an IPv6 address is indicated by the leading bits in the address.INE. Inc www.com RFC 2373: IP Version 6 Addressing Architecture 2.3.com Copyright © 2010 Internetwork Expert . The variable-length field comprising these leading bits is called the Format Prefix (FP). Inc www. IPv6 Addressing Format • IPv4 Dotted Decimal – 1.www.2.

INE.5678.INE.com Modified EUI-64 Addressing • IPv6 host addresses are generated from interface MAC address • MAC address is 48-bits • IPv6 host address is 64-bits • Extra 16 bits derived as follows: – MAC 1234. Inc www. Inc www.5678.com IPv6 Address Space • Four main address types – Global Unicast • 2000… – 3FFF… – Unique Local • FC00… • Deprecates Site Local (FEC0) – Link Local • FE80… – Multicast • FF… Copyright © 2010 Internetwork Expert.9012 – Insert “FFFE” in middle • 1034:56FF:FE78:9012 Copyright © 2010 Internetwork Expert.www.INE.9012 – Invert 7th most significant bit • 1034.com Copyright © 2010 Internetwork Expert .

com Copyright © 2010 Internetwork Expert . Inc www.INE.INE.com ICMPv6 Neighbor Discovery • ICMPv6 ND • Replaces IPv4 ARP • NS – Neighbor Solicitation – Ask for information about neighbor • NA – Neighbor Advertisement – Advertise yourself to other neighbors • RS – Router Solicitation – Ask for information about local routers • RA – Router Advertisement – Advertise yourself as an active router Copyright © 2010 Internetwork Expert. Inc www.INE.com IPv6 Address Resolution • Ethernet – ICMPv6 ND replaces ARP • NBMA – Static resolution on multipoint interfaces – Inverse Neighbor Discover not yet implemented Copyright © 2010 Internetwork Expert.www.

com IPv6 Routing Overview • IPv6 unicast routing off by default – ipv6 unicast-routing • Dynamic routing through – – – – – RIPng OSPFv3 EIGRPv6 IS-IS BGP • Dynamic information recurses to remote linklocal address – Layer 3 to layer 2 resolution on multipoint NBMA medias Copyright © 2010 Internetwork Expert.255 Copyright © 2010 Internetwork Expert.INE.255. Inc www.255. Inc www.com ICMPv6 Neighbor Discovery • Send neighbor solicitation to solicited node multicast – FF02:0:0:0:0:1:FF00::/104 + 24 low-order bits • If no reply address is unique – Duplicate Address Detection (DAD) • Send unsolicited neighbor advertisement to announce yourself – Sent to all hosts multicast • FF02::1 • Essentially the same as 255.INE.INE.www.com Copyright © 2010 Internetwork Expert .

com IPv6 Static Routing • Same static routing implications as IPv4 – To next-hop • Resolve next-hop – To multipoint interface • Resolve final destination – To point-to-point interface • No resolution required Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .www.INE. & EIGRPv6 – Use separate processes • BGP & IS-IS – Use the same process – Different Address families Copyright © 2010 Internetwork Expert.com IPv6 Routing • RIPng.INE.INE. Inc www. OSPFv3. Inc www.

www.com OSPFv3 Overview • RFC 2740 .INE. Inc www.OSPFv3 • Similar in operation to OSPFv2 • Router-id is IPv4 address – Use router-id command if no IPv4 configured • Configuration – Interface level ipv6 ospf [process-id] area [area-id] – Automatically enables global process Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .RIPng Similar in operation to RIPv1 / RIPv2 UDP port 521 multicast to FF02::9 Configuration – Interface level ipv6 rip [process] enable – Automatically enables global process • Split-horizon enabled globally – no split-horizon on multipoint NBMA Copyright © 2010 Internetwork Expert.com RIPng Overview • • • • RFC 2080 .INE. Inc www.INE.

com OSPFv3 Over NBMA • Same network types as OSPFv2 – Broadcast • DR/BDR Election – Non-broadcast • DR/BDR Election • Unicast updates to link-local address – Point-to-point – Point-to-multipoint – Point-to-multipoint non-broadcast • Unicast updates to link-local address Copyright © 2010 Internetwork Expert.INE.INE. Inc www.com EIGRPv6 Overview • Similar in operation to IPv4 EIGRP • IP protocol 88 multicast to FF02::A • Configuration – Interface level ipv6 eigrp [ASN] – Process level no shutdown Copyright © 2010 Internetwork Expert.www.com Copyright © 2010 Internetwork Expert . Inc www.INE.

com Copyright © 2010 Internetwork Expert .INE.www.com Tunneling IPv6 over IPv4 • Static tunnels – GRE • Default tunnel mode – IPv6IP • Less overhead.INE. Inc www. no CLNS transport • Automatic tunnels – 6to4 • Imbeds IPv4 address into IPv6 prefix to provide automatic tunnel endpoint determination – ISATAP • Automatic host to router and host to host tunneling Copyright © 2010 Internetwork Expert.com BGP for IPv6 Overview • Same process for IPv4 and IPv6 – Uses address-family configuration • Normal BGP rules apply – Requires underlying IGP transport – iBGP loop prevention • Don’t advertise iBGP learned routes to other iBGP neighbors • Exception through route-reflection / confederation – EBGP loop prevention • Don’t accept routes with your own AS in the path – Same best-path selection process Copyright © 2010 Internetwork Expert. Inc www.INE.

INE.com Automatic 6to4 Tunneling • Derives destination IPv4 router from address imbedded inside IPv6 destination • 2002:border-router-IPv4-address::/48 • Single /48 subnetted amongst site • Only one tunnel needed for all destinations Copyright © 2010 Internetwork Expert.1. Inc www.INE.www.INE.245. Inc www.com IPv6 Examples 2001:0:0:6::/64 VLAN 6 Lo0 2001::6/128 Fa0/1 R6 Fa0/0 Lo0 2001::1/128 Fa0/0 2001:0:0:146::/64 VLAN 146 Fa0/0 Lo0 2001::4/128 R1 2001:0:0:13::0/127 R4 S0/0 2001:0:0:5::/64 VLAN 5 S0/1 10.0/24 Fa0/0 40 2001:0:0:13::0/127 5 504 502 5 20 Lo0 2001::3/128 Lo0 2001::2/128 S0/0 R5 Lo0 2001::5/128 S1/2 R3 Fa0/0 2001:0:0:23::/64 VLAN 23 R2 Fa0/0 S0/0 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .

com IPv6 Q&A Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . Inc www.www.INE.INE.

It is a logical.com Internetwork Expert’s CCNP Bootcamp Troubleshooting Overview http://www. Inc www.” • The key is that troubleshooting is logical and systematic • Fixing a problem by dumb luck does not constitute troubleshooting Copyright © 2010 Internetwork Expert. systematic search for the source of a problem so that it can be solved.INE.INE.com What Is Troubleshooting? • Per Wikipedia… “a form of problem solving most often applied to repair of failed products or processes.www.INE. and so the product or process can be made operational again.com Copyright © 2010 Internetwork Expert .

com Why Troubleshooting? • Today’s networks are more high-availability minded than ever.com Copyright © 2010 Internetwork Expert . troubleshooting VoIP call quality and OSPF neighbor adjacency involves different discrete steps. • One key way expert-level engineers set themselves apart from average engineers is troubleshooting methodology – average engineer runs around like a chicken with its head cut off – expert engineer keeps a cool head and follows a structured approach Copyright © 2010 Internetwork Expert.com Structured Troubleshooting Approach • Defines a logical and systematic method of troubleshooting that can be applied to any case – E.g. and downtime means loss of revenue in… – – – – Employee productivity Customer SLA violations Regulatory fines Etc.INE.INE. but logical approach is the same • Structured troubleshooting is closely analogous to the Scientific Method of conducting experiments Copyright © 2010 Internetwork Expert.www. Inc www.INE. Inc www.

Inc www.com Scientific Method Workflow Copyright © 2010 Internetwork Expert.com Structured Troubleshooting Workflow Copyright © 2010 Internetwork Expert. Inc www.INE.INE.com Copyright © 2010 Internetwork Expert .www.INE.

Inc www. SNMP reports a linkdown event • In either case. more investigation is needed to find the root of the cause Copyright © 2010 Internetwork Expert.com Gathering Information • Apart from asking users for more information on tickets submitted. users submit tickets to the help desk that web browsing is slow – Proactive • e. • Ultimate goal is to isolate the issue as closely as possible by eliminating unrelated variables Copyright © 2010 Internetwork Expert.g. testing tools • • • • PING Traceroute Telnet Etc. Inc www.g.www.com Copyright © 2010 Internetwork Expert .INE. gathering information is in the form of… – show commands – debug commands • Typically not used in real-world unless network-down emergency – Misc.INE.INE.com Defining The Problem • Network problems are generally discovered in two ways – Reactive • e.

INE.g.e. Inc www.g. Inc www. user can’t send email – start by checking their email settings • Potentially very time consuming if problem resides in lower layer – E. all layers above it are broken Copyright © 2010 Internetwork Expert. physical switchport is bad (layer 1) Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .www.INE.g. OSI Model or TCP/IP Model • Where to actually start isolating is a personal preference – Common approaches are… • Top-Down • Bottom-Up • Divide and Conquer • Key to remember is that layers have a cascading effect – E. layer 1) is down. if physical layer (i.com Top Down Troubleshooting • Most useful for application related issues – E.com How To Gather Information • Structured troubleshooting involves isolating the operation network into functional layers – E.INE.g.

INE.www.com Bottom Up Troubleshooting • Verify each layer starting with physical and proceed to the next – Is the link UP/UP? – Are the layer 2 options correct? – IP properly configured? – IGP adjacency exists? – Etc.g. further verification goes either up or down the stack • E. go down the stack Copyright © 2010 Internetwork Expert.INE.INE. for troubleshooting email problem… – Can I ping the mail server? • If yes. • Like top-down. Inc www. go up the stack • If no.com Copyright © 2010 Internetwork Expert . Inc www. can be very time consuming depending on where the problem actually lies Copyright © 2010 Internetwork Expert.com Divide and Conquer • Goal is to reduce search time by picking a layer to start at • Based on results of testing.

INE.INE.com Copyright © 2010 Internetwork Expert .com Defining & Implementing The Fix • Ideally up to this point the issue is sufficiently isolated to make an educated guess as to how the problem can be fixed • Proper “Change Control” at this stage is key – Clearly define the proposed fix – Implement the proposed fix – Did it work? • If yes. final observation is your score  Copyright © 2010 Internetwork Expert.com Observing The Results • Depending on the nature of the problem. but only time will tell • Within the scope of TSHOOT exam. now they can. proceed forwards • If no. Inc www.g. Inc www.g. problem straightforward and solved – E.www. quality is now good. verification of the solution can be either straightforward or complicated – E. users experienced low VoIP quality. user said they couldn’t email.INE. roll back • Changing too many variables at once can compound the problem even further Copyright © 2010 Internetwork Expert.

for the better or worse? • If not.INE.INE. why not? Copyright © 2010 Internetwork Expert.INE. or to trace your steps if the same problem is recurring Copyright © 2010 Internetwork Expert. more information should be gathered – Did the situation change since I implemented a fix? • If yes.www.com Copyright © 2010 Internetwork Expert . a further dilemma occurs – Did I misdiagnose the problem in the first place? – Are there significant variables that were overlooked? – Was my fix not appropriate? • Before making further changes. Inc www.com Reiteration • If the problem was not solved. Inc www.com Documenting the Fix • All good change control policies should require documentation for all fixes • Documentation allows the development of a “knowledge base” for your particular network topology • KB can be referenced in the future to solve similar problems.

Inc www.com Copyright © 2010 Internetwork Expert .INE.INE.com Q&A Copyright © 2010 Internetwork Expert.www.

com Internetwork Expert’s CCNP Bootcamp Troubleshooting Tools http://www.com Tools for Gathering Information • Before implementing a fix.www.INE. information must be gathered about a problem to eliminate as many variables as possible • IOS offers both proactive and reactive tools for gathering information • Proactive monitoring can inform you about problems that need more reactive research to isolate Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert .INE.INE.

Inc www.INE.www.com SNMP • Simple Network Management Protocol • Used to report conditions of managed device to management station (NMS) • Two ways to collect data – Trapping • Managed device reports event to NMS – Polling • NMS asks managed device to report a variable • Management Information Base (MIB) – Variable used to report a network condition • SNMPv2c vs. SNMP3 Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .INE.INE.com Proactive Monitoring • IOS supports both passive and event driven monitoring to observe the current network status • Examples are… – SNMP – RMON – Syslog – NetFlow – EEM Copyright © 2010 Internetwork Expert. Inc www.

com Copyright © 2010 Internetwork Expert .www.com SNMP Trapping: Step 1 • Define events to trap – All traps • snmp-server enable traps – Specific traps • snmp-server enable traps [notification-type] Copyright © 2010 Internetwork Expert. Inc www. Inc www.InternetworkExpert.INE.com SMMP Polling • Define SNMP “Community String” – Password for NMS to poll device • Two types of community strings – Read Only • Information gathering only – Read Write • Gather info and set values • snmp-server community string [ro | rw] [acl] – access-list defines who can poll device Copyright © 2010 Internetwork Expert.InternetworkExpert.

InternetworkExpert. Inc www.INE.InternetworkExpert. Inc www.www.com SNMP Trapping: Step 2 • Define NMS to trap to – All enabled traps • snmp-server host host-addr communitystring – Subset of enabled traps • snmp-server host host-addr communitystring [notification-type] Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .com RMON • Remote Monitoring • Used to report a MIB value to SNMP NMS or syslog server • Two components – Alarm • Condition that triggers event – CPU exceeds 90% – Free memory drops below 20Mb – Event • Message to send to NMS / syslog – “Help! My CPU is over 90%!” Copyright © 2010 Internetwork Expert.

Inc www.InternetworkExpert.com Copyright © 2010 Internetwork Expert .com RMON • Absolute sampling – Exact value of MIB at time index A • CPU Utilization • Memory Utilization • Used for value that increase and decrease Copyright © 2010 Internetwork Expert.www.INE.InternetworkExpert.com RMON • RMON alarm defines how MIB is sampled • Delta sampling – Difference between MIB value at time index A compared to MIB value at time index B • Packets sent out E0/0 each minute • CRC errors received every hour – Used for values that only increase Copyright © 2010 Internetwork Expert. Inc www.

InternetworkExpert.InternetworkExpert.3.4 using the community string CISCO Copyright © 2010 Internetwork Expert.2.com Copyright © 2010 Internetwork Expert .58.com RMON Example • Configure RMON to track the five minute CPU average (lsystem.com Logging • IOS can log messages to – Console – Monitor (VTY / AUX) – Buffer – Trap (syslog) • show log to check logging condition Copyright © 2010 Internetwork Expert. Inc www.www.INE.0) • If the utilization is over 90% generate the event “CPU Above 90%” • If the utilization is below 30% generate the event “CPU Below 30%” • Sample the MIB every 60 seconds • Trap the events to the SNMP NMS at 1. Inc www.

1.INE. 2. Inc www.InternetworkExpert.com Logging Severity • Level or “severity” determines what log messages will be sent • Logging at severity 3 means 0. Inc www.com Copyright © 2010 Internetwork Expert . and 3 Rack1R1(config)#logging console ? <0-7> Logging severity level alerts Immediate action needed critical Critical conditions debugging Debugging messages emergencies System is unusable errors Error conditions guaranteed Guarantee console messages informational Informational messages notifications Normal but significant conditions warnings Warning conditions xml Enable logging in XML <cr> (severity=1) (severity=2) (severity=7) (severity=0) (severity=3) (severity=6) (severity=5) (severity=4) Copyright © 2010 Internetwork Expert.www.InternetworkExpert.com Syslog Logging • logging [host] global command • Syslog defaults to informational – severity 6 • logging trap debugging to send all messages • Logging “facility” controls format of syslog messages – Used to ease parsing of logs from different devices on the syslog server Copyright © 2010 Internetwork Expert.

• Configured with ip flow interface & global command • Local verification by show ip cache flow Copyright © 2010 Internetwork Expert.com Logging Timestamps • Log timestamps can be formatted as – Uptime • Time since last reload • service timestamps {debug | log} uptime – Localtime • Clock’s time • service timestamps {debug | log} datetime [msec] [localtime] [showtimezone] [year] • NTP considerations Copyright © 2010 Internetwork Expert.INE. Inc www.com Copyright © 2010 Internetwork Expert . Cisco NetFlow Collector.g.com NetFlow • Used to collect traffic statistics for inbound or outbound “flows” – Flow defined as an individual session between a source & destination plus protocol/port pairs/markings • Flows data is exported to a collection station for further analysis – E.InternetworkExpert.www. Cacti.INE. Inc www. NetQoS. etc.

g. more research is generally needed • Examples are… – “show” commands • E. Inc www. Inc www.INE. if CPU exceeds 90% send me an email • Includes several built in “applets” to simplify configuration • Supports Tool Command Language (TCL) shell for advanced programming • External repository hosted at Embedded Event Manager (EEM) Scripting Community Copyright © 2010 Internetwork Expert.www.g.g.com Copyright © 2010 Internetwork Expert .com Embedded Event Manager • EEM allows custom event actions to be defined in IOS – E.g. Wireshare/Ethereal Copyright © 2010 Internetwork Expert. show processes cpu history • Uses pipe “|” for redirect options – “debug” commands • E. debug ip ospf adj – SPAN/RSPAN packet capture • Requires outside analysis with offline tools.INE. e.com Reactive Monitoring • Once you are alerted of a problem.INE.

INE.INE.www.com Q&A Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . Inc www.

com Copyright © 2010 Internetwork Expert .com Internetwork Expert’s CCNP Bootcamp LAN Troubleshooting http://www.com Ethernet Speed/Duplex Negotiation • Rarely a problem of mis-negotiation Cisco to Cisco switches.www. but can be a problem of mis-configuration • Speed mismatch causes link to be up/down • Duplex mismatch allows link up/up but typically results in lots of packet loss – CDP detects and logs this by default – “late collisions” in show interface output typically means duplex mismatch Copyright © 2010 Internetwork Expert.INE. Inc www.INE.INE.

Inc www.INE.INE.www.e. cascading Layers effect • Initially check the VTP modes and the domain – Server – creates and forwards VLANs – Client – receives VLAN information from the server(s) – Transparent – does not sync – it will forward VTP messages in the domain Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert .Modes • VLANs failing to propagate in the topology can have devastating effect on reachability – i.com VTP Troubleshooting – Domain Name • The VTP domain name is case-sensitive and must match on all switches in the domain – use show vtp status in order to verify mode and name Copyright © 2010 Internetwork Expert.com VTP Troubleshooting .INE.

com VTP Troubleshooting – vtp password • VTP authentication adds security but also complexity • Occasionally password may match through show vtp password but MD5 digests are different in show vtp status Copyright © 2010 Internetwork Expert.26.26.7.7 at 10-12-09 06:55:08 Local updater ID is 150. Inc www.com Copyright © 2010 Internetwork Expert . Inc www.INE.www.com VTP Troubleshooting – show vtp status Rack26SW1#show vtp status VTP Version : running VTP1 (VTP2 capable) Configuration Revision : 16 Maximum VLANs supported locally : 1005 Number of existing VLANs : 16 VTP Operating Mode : Server VTP Domain Name : BCTS VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0xE7 0xF2 0xC0 0xF5 0xC3 0xC7 0xF3 0xE3 Configuration last modified by 150.INE.INE.7 on interface Lo0 (first layer3 interface found) Copyright © 2010 Internetwork Expert.7.

Inc www.com VTP Troubleshooting . number can overwrite the network • Can be reset to 0 by… – Changing VTP domain – Changing to VTP transparent Copyright © 2010 Internetwork Expert.Trunks • VTP messages flow over trunk links • If trunks are broken. Inc www.com VTP Troubleshooting – config rev • Device with highest configuration revision number has most updated copy of the database • When adding switches to the topology errors in config rev.INE.com Copyright © 2010 Internetwork Expert .www.INE.INE. VTP is broken – Cascading Layers again • Use show interface trunk to confirm functional trunks in the topology Copyright © 2010 Internetwork Expert.

verification through… – show run interface – show interface switchport • Are VLANs allowed over trunk ports? – show interface trunk Copyright © 2010 Internetwork Expert. Inc www. • Logical topology diagrams provided might hide important Layer 2 aspects of the physical topology – show cdp neighbor to verify physical topology • Misc.com Access VLAN Troubleshooting – Topo.com Access VLAN Troubleshooting • As a safeguard.INE. Inc www. use the switchport mode access command in conjunction with switchport access vlan vlan_id – Avoids errors in DTP • Ensure the VLAN exists in the database with show vlan brief • You may need show cdp neighbors to verify interfaces that must participate in the VLAN Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert .INE.INE.www.

DTP • Dynamic Trunk Protocol (DTP) might cause or prevent a trunk from forming • Verification of mode is best accomplished with show interface switchport Copyright © 2010 Internetwork Expert.com Copyright © 2010 Internetwork Expert . Inc www. Inc www.com Trunking Troubleshooting .INE.com show interface switchport Rack26SW1#show interface fa0/15 switchport Name: Fa0/15 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Copyright © 2010 Internetwork Expert.INE.INE.www.

com Copyright © 2010 Internetwork Expert . Inc www.INE.INE. and sends DTP frames switchport mode access forces the interface to access mode (non-trunk) switchport mode dynamic desirable willing to trunk and sends DTP frames switchport mode dynamic auto willing to trunk but does not send DTP frames switchport nonegotiate used with the ON mode – stops DTP (no frames sent) Copyright © 2010 Internetwork Expert.com Trunking Troubleshooting – DTP Modes • • • • • ON – – – – – – – – – – switchport mode trunk forces the interface to trunk.INE. Inc www.com OFF DESIRABLE AUTO NONEGOTIATE Trunking Troubleshooting–show int sw Rack26SW1#show interface fa0/15 switchport Name: Fa0/15 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: On Copyright © 2010 Internetwork Expert.www.

com Trunking Troubleshooting – DTP Quiz • • • • • In each case – trunk or no trunk? AUTO ..INE..DESIRABLE ON .INE.INE........com Copyright © 2010 Internetwork Expert . Inc www....1Q trunk links • Must match at each end of link – Both CDP and DTP will detect a mismatch • Verify with show interface switchport or show interface trunk Copyright © 2010 Internetwork Expert..AUTO AUTO .www..AUTO NONEGOTIATE ..AUTO Copyright © 2010 Internetwork Expert.. Inc www..com Trunking Troubleshooting – Native VLAN • Untagged VLAN across 802....

1q Status trunking trunking trunking trunking trunking trunking Native vlan 1 1 1 1 1 1 Vlans allowed on trunk 1-4094 1-4094 1-4094 1-4094 1-4094 1-4094 Vlans allowed and active in management domain 1-9.1Q can be negotiated between the devices with DTP – E.1q 802.20.1q 802.999 1-9.www.INE.20.com Trunking Troubleshooting – Encapsulation • Trunking protocol must match at each end of the link • ISL or 802.1q 802.INE.30.30.999 1-9.20.20.30. n-isl indicates ISL was negotiated • show interface trunk for confirmation of protocol Copyright © 2010 Internetwork Expert.999 Copyright © 2010 Internetwork Expert.20.g.com Trunking Trouble.com Copyright © 2010 Internetwork Expert .999 1-9.30. Inc www. Inc www.–show interface trunk Rack26SW2#show int trunk Port Fa0/16 Fa0/17 Fa0/18 Fa0/19 Fa0/20 Fa0/21 Port Fa0/16 Fa0/17 Fa0/18 Fa0/19 Fa0/20 Fa0/21 Port Fa0/16 Fa0/17 Fa0/18 Fa0/19 Fa0/20 Mode auto auto auto auto auto auto Encapsulation 802.1q 802.INE.999 1-9.30.1q 802.

INE.INE. – Member Ports • Member ports in the EtherChannel should be checked for identical configuration – Speed/Duplex – Native VLAN – Trunking State – Allowed VLAN List – etc. Copyright © 2010 Internetwork Expert.com EtherChannel Troubleshooting • Can be Layer 2 or Layer 3 • Used for redundancy and load balancing • Problems with EtherChannel can appear as: – Loss of connectivity due to loop – High CPU utilization due to loop – Interfaces in the Error Disabled state Copyright © 2010 Internetwork Expert.www.INE.com Copyright © 2010 Internetwork Expert . Inc www. Inc www.com EtherChannel Trouble.

passive • The keyword on ensures “static” configuration • Proper configuration is critical to avoid mismatches and issues caused with order of operations issues Copyright © 2010 Internetwork Expert.INE.com EtherChannel Trouble.INE. PAgP • Negotiation protocols for the EtherChannel formation • LACP is open standard. – Requirements • Other important guidelines: – No interfaces of the bundle can be configured for SPAN – In a Layer 3 EtherChannel IP address must be assigned to logical Port Channel – When channeling. auto – LACP – active.–LACP vs. Inc www. while Port Channel interface changes effect the whole EtherChannel Copyright © 2010 Internetwork Expert.com EtherChannel Trouble.com Copyright © 2010 Internetwork Expert .INE.www. Inc www. PAgP is Cisco proprietary • Keywords are – PAgP – desirable. physical interface changes effect only the physical interface.

Inc www.21 SW2(config-if-range)#shutdown SW2(config-if-range)#switchport trunk encapsulation dot1q SW2(config-if-range)#switchport mode trunk SW2(config-if-range)#channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 SW2(config-if-range)# SW4: SW4(config)#interface range fastethernet 0/16 .com EtherChannel Trouble.INE.com Copyright © 2010 Internetwork Expert .INE.www. Inc www.18 SW4(config-if-range)#switchport trunk encapsulation dot1q SW4(config-if-range)#switchport mode trunk SW4(config-if-range)#channel-group 1 mode desirable Creating a port-channel interface Port-channel 1 SW2: SW2(config-if-range)#no shutdown Copyright © 2010 Internetwork Expert.com EtherChannel Verifications • show interface trunk • show etherchannel summary • show etherchannel port-channel Copyright © 2010 Internetwork Expert.INE. – Layer 2 SW2: SW2(config)#interface range fastethernet 0/19 .

com STP Trouble.com Copyright © 2010 Internetwork Expert . Inc www. – Unidirectional Links • Common problem for STP • Unidirectional link means – Both sides of link are up – Local device can send frames to remote – Remote cannot send frames to local device • LoopGuard and Unidirectional Link Detection are both methods to prevent this problem Copyright © 2010 Internetwork Expert.www. Inc www.com STP Troubleshooting • STP failure and subsequent loop can impact the entire network! • Most real world problems result from failures with BPDU propagation Copyright © 2010 Internetwork Expert.INE.INE.INE.

Inc www.com STP Trouble.INE.17 128.16 128.com STP Trouble.--------.INE.Nbr -------128.------------------------Po1 Altn BLK 9 128.19 128.26 Type --------------------------P2p P2p P2p P2p P2p P2p Shr Interface Role Sts Cost Prio. – The STP Topology • A key to troubleshooting is often to diagram the STP topology • Check placement of the Root Bridge and blocking ports in the topology • Diagramming is done through use of the show spanning-tree command • In the real world – many tools (CiscoWorks LMS) automate this diagramming Copyright © 2010 Internetwork Expert.www.d580 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface ------------------Fa0/13 Fa0/14 Fa0/15 Fa0/16 Fa0/17 Fa0/18 Fa0/24 Role ---Desg Desg Desg Root Altn Altn Desg Sts --FWD FWD FWD FWD BLK BLK FWD Cost --------19 19 19 19 19 19 100 Prio.20 128.18 128.---.15 128.56 P2p Copyright © 2010 Internetwork Expert.ab80 Cost 19 Port 18 (FastEthernet0/16) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0016.9052.4639.Nbr Type ------------------.-------.--.com Copyright © 2010 Internetwork Expert . Inc www.INE. – show spanning-tree Rack27SW2#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000f.

INE.www.com Copyright © 2010 Internetwork Expert .INE.INE. Inc www.com Internetwork Expert’s CCNP Bootcamp IPv4 IGP Troubleshooting http://www.com IPv4 Routing Workflow • IPv4 routing can be subdivided into three discrete steps – Routing lookup – Switching method – Layer 2 encapsulation • Subdividing these functions gives us a “layered” approach to routing troubleshooting Copyright © 2010 Internetwork Expert.

com IPv4 Routing Lookup • Three goals: find the… – Longest match(es) – Outgoing interface(s) – Next-hop(s) • Troubleshooting considerations – Administrative Distance – Metric – Overlapping routes – Policing routing • Can override this step Copyright © 2010 Internetwork Expert.www.! – High CPU utilization Copyright © 2010 Internetwork Expert.!. show ip cef exact-route… • Troubleshooting considerations – PING result !. Inc www.INE. Inc www.INE.INE.g.com IPv4 Switching Method • Goal is to move packets between interfaces • Medthods are… – – – – Process Fast CEF Etc.com Copyright © 2010 Internetwork Expert . • Load balancing occurs at this stage – not all hosts use the same routing path – E.

com Copyright © 2010 Internetwork Expert .INE. Inc www.www.com Layer 2 Encapsulation • Goal is to build layer 2 frame header • Multipoint interfaces require layer 3 to layer 2 resolutions – Point-to-point interfaces do not • Troubleshooting considerations – Routing to interface vs.INE.INE.com Further Reading • Troubleshooting Cisco Express Forwarding Routing Loops • Troubleshooting Incomplete Adjacencies with CEF • Troubleshooting High CPU Utilization in IP Input Process Copyright © 2010 Internetwork Expert. Proxy-ARP. next-hop – ARP. & Inverse-ARP – Subnet mismatches Copyright © 2010 Internetwork Expert. Inc www.

www.com EIGRP Workflow • EIGRP operation can be subdivided into four discrete steps… – Discover EIGRP Neighbors – Exchange Topology Information – Choose Best Path – Neighbor and Topology Table Maintenance Copyright © 2010 Internetwork Expert.INE. Inc www. Inc www.com Copyright © 2010 Internetwork Expert . only unicast hellos are accepted – If not agreed upon adjacency cannot continue Copyright © 2010 Internetwork Expert.0.10 is needed – Possible NBMA pseudo-broadcast support issues – Possible filtering issues • If neighbor statement configured.INE.com Discovering EIGRP Neighbors • EIGRP neighbors discovered through multicast – Implies bi-directional multicast transport of IP protocol 88 to 224.0.INE.

INE. not secondary – ASN – Authentication – K Values (metric weights) Copyright © 2010 Internetwork Expert. not multicast – Implies bi-directional unicast transport of IP protocol 88 needed – Multicast still required unless neighbor statement used • EIGRP only advertises what it installs in routing table – Troubleshooting considerations • • • • • Auto-summary Split-horizon Duplicate Router-IDs for external routes No seed metric for external routes Distribute-list filters Copyright © 2010 Internetwork Expert.INE.INE.www.) • Attributes that must match to proceed – Common subnet • Must be primary IP address. Inc www. Inc www.com Discovering EIGRP Neighbors (cont.com Exchanging EIGRP Topology Info • Topology info exchanged through unicast.com Copyright © 2010 Internetwork Expert .

INE. Inc www.www.com EIGRP Path Selection • Feasible distance must be finite to use and advertise a path – show ip eigrp topology • Unequal cost load balancing only supported for Feasible Successors – IF Advertised Distance < Feasible Distance.com Copyright © 2010 Internetwork Expert .com Common EIGRP Verifications • show ip route • show ip eigrp neighbor • show ip eigrp topology • show ip eigrp topology alllinks • debug eigrp packet hello • debug eigrp packet query reply • More info at Troubleshooting EIGRP Copyright © 2010 Internetwork Expert.INE. Inc www. Feasible Successor = TRUE • Modifying bandwidth for path selection can starve EIGRP updates of bandwidth – ip bandwidth percent eigrp Copyright © 2010 Internetwork Expert.INE.

com Copyright © 2010 Internetwork Expert . Inc www.www.INE. Inc www.com Troubleshooting EIGRP Advertisement Copyright © 2010 Internetwork Expert.INE.com OSPF Workflow • OSPF operation can be subdivided into four discrete steps… – Discover OSPF Neighbors – Exchange Topology Information – Choose Best Path – Neighbor and Topology Table Maintenance Copyright © 2010 Internetwork Expert.INE.

0.com Discovering OSPF Neighbors • Requires IP protocol 89 multicast (224. Inc www.5/224.5) or unicast transport depending on network type – Possible NBMA pseudo-broadcast support issues – Possible filtering issues Copyright © 2010 Internetwork Expert. Inc www.) • Attributes that must be unique to proceed – IP address – Router-ID • Attributes that must match to proceed – – – – – – – Subnet Area Compatible Network Types Timers MTU Stub Flags Authentication Copyright © 2010 Internetwork Expert.INE.0.0.www.0.INE.com Discovering OSPF Neighbors (cont.INE.com Copyright © 2010 Internetwork Expert .

and 5 or 7 – Duplicate router-id issues – NSSA connectivity issues – Forward address issue on translated 7 to 5 LSA Copyright © 2010 Internetwork Expert. Inc www.com Exchanging OSPF Topology Info • Intra-area routes flooded via LSA 1 & LSA 2 – Duplicate router-id issues – DR/BDR on NBMA issues • Inter-area routes flooded via LSA 3 by ABR – Discontiguous area 0 issue • External routes flooded via LSA 4.INE.www. Inc www.com Copyright © 2010 Internetwork Expert .INE.INE.com Common OSPF Verifications • show ip route • show ip ospf neighbor • show ip ospf database • debug ip ospf adj • More info at Troubleshooting OSPF Copyright © 2010 Internetwork Expert.

www.INE. Inc www.com Internetwork Expert’s CCNP Bootcamp BGP Troubleshooting http://www.com Copyright © 2010 Internetwork Expert .INE.com BGP Workflow • BGP operation can be subdivided into five discrete steps… – Establish BGP peerings – Learn BGP table – Choose Best Path – Advertise Best Paths – Routing using BGP Copyright © 2010 Internetwork Expert.INE.

com Copyright © 2010 Internetwork Expert .com Establishing BGP Peerings • Requires TCP port 179 transport • Troubleshooting considerations – IGP routing • Default route & initiating peering – Update source – Client/server relationship & filtering – TTL • eBGP Multihop • TTL Security – NAT & Next-Hop Copyright © 2010 Internetwork Expert. Inc www.www.com Establishing BGP Peerings (cont.) • BGP peers must agree on attributes to establish peering – Peer addresses – Unique RID – ASNs • Hide Local-AS – Authentication (TCP Option) – Capabilities (address-families) Copyright © 2010 Internetwork Expert. Inc www.INE.INE.INE.

– Improper Attribute Manipulation • BGP Dampening • Nexthop tracking Copyright © 2010 Internetwork Expert. AS_PATH filter etc • ORF – Max AS limit – Enforce First AS • Unlikely but possible Copyright © 2010 Internetwork Expert.INE.com Copyright © 2010 Internetwork Expert . MED.INE. AS_PATH. etc. distribute-list.INE.www. Inc www. Local-Preference.com Learning the BGP Table • Troubleshooting considerations – AS-Path looping • Allow-AS in • AS-Override (MPLS VPN) – Inbound Filters • Route-map. Inc www.com Choose BGP Best Path • Valid Next Hop • BGP Synchronization – Router ID Matching • BGP Attributes – Weight.

Inc www.INE. Distribute-List. Prefix-List • iBGP Split Horizon Rule – Full Mesh – Route Reflectors – Confederations – Synchronization Copyright © 2010 Internetwork Expert.INE.com Routing using BGP • Installing Best Paths – Nexthop Recursion issues – AD Collisions & Race Condition – Backdoor Networks • eBGP Default AD 20 • BGP Blackholes – Redistribution • iBGP Redistribution – Tunneling Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert .www.INE.com Advertising Best Paths • Advertisement Interval Delays • Outbound Filters – Route-Map.

Connect.com Common BGP Commands • show ip bgp summary • show ip bgp • show ip bgp neighbor [advertised-routes] • debug ip tcp transaction • debug ip bgp events • debug ip bgp updates Copyright © 2010 Internetwork Expert.INE. and Active States? • Troubleshooting When BGP Routes Are Not Advertised • Troubleshooting Flapping BGP Routes (Recursive Routing Failure) Copyright © 2010 Internetwork Expert. Inc www.com Copyright © 2010 Internetwork Expert . Inc www.www.INE.INE.com Further Reading • Troubleshooting BGP • Why Do BGP Neighbors Toggle Between Idle.

com .com IPv6 Issues Classification • Layer 1/2 Problems: Common to other protocols • Layer 3 Issues • Routing Protocols Issues • IPv6 Tunneling Problems Copyright © 2010 Internetwork Expert. Inc www.Internetwork Expert’s CCNP Bootcamp IPv6 Troubleshooting Copyright © 2010 Internetwork Expert.INE.INE. Inc www.

wrong address or prefix length) • NBMA – No Inverse-ARP for Frame-Relay – Manual Mapping Required • Auto-Configuration – RA Not Properly Configured • IPv6 Not Supported in Transit – E.INE.Layer 3 Issues • Misconfigurations (e.INE. Inc www.com Routing Protocols • Configuration Differs from IPv4 – Different Redistribution – Different Advertisement • Link-Local Addressing – Used by IGP Packets – Needs to be mapped on NBMA Copyright © 2010 Internetwork Expert. Inc www.g. No Fallback-Bridging Copyright © 2010 Internetwork Expert.g.com .

Tunneling • Different Tunnel Types • Firewall Filtering • Tunnel Misconfiguration – 6to4 – ISATAP • Static Routing over the Tunnels – Misconfigurations Copyright © 2010 Internetwork Expert. Inc www.INE.com .

Inc www. Wrong DNS Servers • DHCP Attributes not Inherited – Subnets don’t overlap – debug ip dhcp server linkage • Centralized DHCP – Wrong Helper Address or unreachable giaddr • Debugging Command: – debug ip dhcp server {event|packet} Copyright © 2010 Internetwork Expert.Internetwork Expert’s CCNP Bootcamp IP Services Troubleshooting Copyright © 2010 Internetwork Expert.INE.com . MAC Address/Client-ID • DHCP Parameters Wrong – Wrong Default GW.com DHCP Troubleshooting • DHCP Pool Not Matched – Wrong Address Range. Inc www.INE.

INE.INE.com .2:1985 • Debugging Commands – debug standby – debug condition standby <group> Copyright © 2010 Internetwork Expert.HSRP Troubleshooting • Misconfigurations – Mismatched Authentication/Group ID – Misconfigured Tracking – Virtual/Physical Address Duplication • Port-Security Problems – Standby use-bia – Allow the Virtual MAC • Access-Lists – Permit UDP 224.0.com NTP Troubleshooting • Ensure Layer 3/4 connectivity first • NTP may take long to converge – Manually adjust time • Check stratum placement – Don’t peer different stratums • Authentication – Key IDs must match • Access-Control – Allow master node to peer with itself Copyright © 2010 Internetwork Expert. Inc www.0. Inc www.

Inc www.com NAT Troubleshooting (cont.INE.NAT Troubleshooting • Understand NAT Domains – – – – Inside routes before Xlate Outside routes after Xlate Access-List Interaction Outside rule vs Inside rule • Misconfigurations – NAT Pool Range – Interface Domains • Routing for post-NAT addresses – Static Routes or IGP Advertisement – Aliases if post-NAT is directly connected Copyright © 2010 Internetwork Expert.) • Effect on Router Traffic – BGP/IGP etc packets • Resource Consumption – Virtual Fragmentation and Reassembly – Application Level Gateways – Extended Translations Take more Memory – NAT Entries Timeout • Debugging Commands – debug ip nat detailed Copyright © 2010 Internetwork Expert.com .INE. Inc www.

INE. reflexive) – CBAC – ZBFW • Use Packet Tracing – Traceroute – Access-list Logging Entries – debug ip icmp and ping Copyright © 2010 Internetwork Expert. FTP) – Router-Originated Traffic (IGP/Management) • Add logging to access-lists – Ensure you rate-limit the logging Copyright © 2010 Internetwork Expert.com . Switches.General Layer 3 Security Troubleshooting • Understand Packet Filter Placement – Routers.com Troubleshooting Access-Lists • Ensure ACL is applied – Proper Interface and Direction – Proper ACL Name – Check ACL Counters for Matching • Ensure you follow stateless logic – Permit returning flows – Account for additional ports (e. Inc www. Transparent • Understand Firewall Configuration – Access-Lists (regular.g. Inc www.INE.

com Layer 2 Security Troubleshooting • Layer 2 Access-Lists – Only work for non IPv4/IPv6 Traffic – May block STP/ARP or other important protocol • STP Security – Root Guard/BPDU Guard – May Cause Connectivity issues – show spanning-tree command • DHCP Snooping – Ensure trusted ports are properly configured – Create static entries for non-dynamic hosts – Look out for DHCP issues (zero giaddr) Copyright © 2010 Internetwork Expert.Troubleshooting Stateful Firewall • CBAC – Ensure you inspect proper protocols – Account for router traffic – Ensure there is an ACL in opposite direction – Use debug inspect for engine debugging • ZBFW – Account for Self Zone (router traffic) – Pass returning traffic for non-inspected flows – show policy-map type inspect for statistics – debug inspect for flow-level debugging Copyright © 2010 Internetwork Expert.INE. Inc www. Inc www.com .INE.

Inc www.com • Storm Control .Layer 2 Security Troubleshooting • VLAN Access-Lists – Apply to Transit Traffic – Implicitly Deny Traffic – May affect both L2 and L3 connectivity • Port Security – – – – – – – – Sticky addresses are not saved Watch out for hub/switched connected Apply only to access/trunk port show port-security May block legitimate traffic Requires careful flow analysis May block STP BPDUs show storm-control Copyright © 2010 Internetwork Expert.INE.