1 1 Routing and Route Policies

Section 1 Routing and MPLS on the 7450

Module 1 Routing and Route Policies

Routing and Route Policies Section 1 Module 1 Page 2

7450 ESS Services Implementation Alcatel University

Alcatel Proprietary, all rights reserved 2006, Alcatel

Routing and Route Policies Alcatel Proprietary, all rights reserved 2006, Alcatel

7450 ESS Services Implementation




Module ObjectivesUpon successful completion of this module, the student will understand: Main features of the supported 7450 routing protocols Basic route policy support on the 7450





> Features Support for both RIP v1 and v2 Supported on all IP interfaces, including network and access

interfaces Able to specify what RIP version will be sent to RIP neighbors

and what version of RIP updates will be accepted and processed.

Supports simple password (plain text) or message digest (MD5) authentication

Metrics - uses split horizon with poison reverse to protect against counting to infinity problems

Non-stop routing (NSR)

RIP on the 7450 ESS

RIP Standards Support

RFC 1058 RIP Version 1RFC 2082 RIP-2 MD5 AuthenticationRFC 2453 RIP Version 2

Further details about configuring RIP on the 7450 can be found in the 7450 ESS OS Routing Protocols Guide





RIP CLI Command Structure

RIP Configuration Flow





> Features Supports OSPF-TE Supports simple password (plain text) or message digest

(MD5) authentication 16 equal-cost paths per destination Non-stop routing (NSR)

OSPF on the 7450 ESS

OSPF Standards Support

RFC 1765 OSPF Database OverflowRFC 2328 OSPF Version 2RFC 2370 Opaque LSA SupportRFC 3101 OSPF NSSA OptionRFC 3630 Traffic Engineering (TE) Extensions to OSPF Version 2

Further details about configuring OSPF on the 7450 can be found in the 7450 ESS OS Routing Protocols Guide





OSPF CLI Command Structure

OSPF Configuration Flow





IS-IS on the 7450 ESS> Features:

Router can be configured as Level 1, Level 2, or Level 1/2 (default) Support for simple text password or MD5 authentication Support for route leaking (RFC 2966), ie. L1 to L2 16 equal-cost paths per destination IS-IS IPv4 route summarization supports:

Level 1, Level 1-2, and Level 2 Route summarization for the IPv4 routes redistributed from other

protocols Metric used to advertise the summary address will be the smallest metric

of all the more specific IPv4 routes

Supports the ability to suppress IS-IS authentication on a per-message type and per-level basis. Improves interoperability with non-7450 IS-IS implementations.

Non-stop routing (NSR)

IS-IS Standards Support

RFC 1142 OSI IS-IS Intra-domain Routing ProtocolRFC 1195 Use of OSI IS-IS for routing in TCP/IP & dual environmentsRFC 2763 Dynamic Hostname Exchange for IS-ISRFC 2966 Domain-wide Prefix Distribution with Two-Level IS-ISRFC 2973 IS-IS Mesh GroupsRFC 3373 Three-Way Handshake for Intermediate System toIntermediate System (IS-IS) Point-to-Point Adjacenciesdraft-ietf-isis-hmac-0x.txtdraft-ietf-isis-traffic-0x.txtISO 10589

Further details about configuring IS-IS on the 7450 can be found in the 7450 ESS OS Routing Protocols Guide





IS-IS CLI Command Structure

IS-IS Configuration Flow




Proxy ARP and Local Proxy ARP

Address Resolution Protocol (ARP) was designed to be used by devices that are directly connected on a local network. Normally, if devices are separated by a router, they would not be considered local to each other.

There may be a situation in some networks where there are two physical network segments connected by a router that are in the same IP network or subnetwork. In other words device A and device D (shown in the diagram on the opposite page) might be on different networks at the data link layer level, but on the same IP network or subnet. When this happens, A and D will each think the other is on the local network when they look to send IP datagrams.

Suppose that A wants to send a datagram to D. It doesn't have D's hardware address in its cache, so it begins an address resolution (ARP). When it broadcasts the ARP Requestmessage to get D's hardware address it will have a problem since D is not on A's local network. The router between them will not pass A's broadcast onto D's part of the network, because routers don't pass hardware-layer broadcasts. D will never get the request and A will not get a reply containing Ds hardware address.

The solution to this situation is called Proxy ARP. This technique allows the router that sits between the local networks to be configured to respond to device A's broadcast on behalf of device D. The router does not send back to A the hardware address of device D. Since they are not on the same network, A cannot send directly to D. The router sends Athe hardware address of the interface that received the ARP request. A then sends data to the router, which forwards the data to D on the other network. The router also does the same thing on A's behalf for D, and for every other device on both networks, when a broadcast is sent that targets a device not on the same actual physical network as the ARP initiator.

Typical routers only support proxy ARP for directly attached networks. The 7450 supports proxy ARP for all known networks in the routing instance where the virtual interface proxy ARP is configured.

In order to support DSLAM and other edge-like environments, 7450 proxy ARP supports policies that allow the provider to configure prefix lists that determine:

for which target networks proxy ARP will be attempted and

for which source hosts proxy ARP will be attempted

In addition, The 7450 proxy ARP implementation supports the ability to respond for other hosts within the local subnet domain (local proxy ARP). This is needed in environments such as DSL where multiple hosts are in the same subnet but can not reach each other directly.





Proxy-ARP

Host AIP add.=IP_A

MAC add.= MAC_A

MAC=MAC_XIP add.=IP_X

RouterMAC=MAC_YIP add.=IP_Y

Subnet 20

Subnet 10

Configurable in: base routerand IES contexts

Host BIP add.=IP_B

MAC add.= MAC_B

Host DIP add.=IP_D

MAC add.= MAC_D

Host CIP add.=IP_C

MAC add.= MAC_C

Interface X

Interface Y

In the network shown above, a single router connects two LANs that are on the same IP network or subnet. The router will not pass ARP broadcasts, but has been configured to act as an ARP proxy.

Device A and device D are trying to send IP datagrams to each other, and so each broadcasts an ARP Request. The router responds to the request sent by Device A as if it were Device D, giving A its own hardware address (without propagating Device As broadcast.) It will forward the message sent by A to D on Ds network. Similarly, it responds to Device D as if it were Device A, giving its own address, then forwarding what D sends to it over to the network where A is located.





Local Proxy-ARP

PC_A

PC_B

ARP query:

Src-MAC : PC_BDst-MAC : ff:ff:ff:ff:ff:ff;

Src-IP:0.0.0.0Dst-IP:PC_A

Local Proxy ARP allows communication between users in different DSLAMs

ARP response:

Src-MAC : ESSDst-MAC : PC_B

Src-IP:PC_ADst-IP:PC_B

7450 responds to ARP request with its own MAC address, so packets for PC_A are sent to the 7450 first.

74507750

IP/MPLS

Internet

Local Proxy ARP allows use of a single subnet for the entire DSLAM

DSLAM

DSLAM

Residential Bridgingin DSLAM blocks direct communication between users on the DSLAM

Configurable in: base router andIES contexts

The Local Proxy ARP feature allows the 7450 to respond to ARP requests for IP addresses within a subnet where normally no routing is required. With the local proxy ARP feature enabled, the 7450 responds to all ARP requests for IP addresses within a subnet and forwards all traffic between hosts in the subnet. This feature is useful on subnets where hosts are intentionally prevented from communicating directly by the configuration on the device (in the case shown above the DSLAM) to which they are connected. In an IES service, the 7450 must allow user-to-user communications, however, the DLSAM blocks direct communication between users.Without proxy ARP you need to provide each customer with their own subnet, and route between subnets using IGP. This leads to inefficient address utilizationThe implementation of Proxy ARP with support for Local proxy ARP allows the 7450 to respond to ARP requests in the subnet assigned to an IES interface. Allowing multiple customers to share the same IP Subnet.





Proxy ARP CLI

config>..>interface[no] local-proxy-arp[no] proxy-arp

[no] policy-statement name

config>router>policy-options> [no] policy statement name

[no] description string[no] default-action { accept | reject }

[no] entry entry-id[no] description string[no] action { accept | reject }[no] to

[no] prefix-list name[no] from

[no] prefix-list name [ [name.]]]] (5)

Specify host source address(es) for which ARP requests can or cannot be forwarded to non-local networks depending on the configured action

The policy statement name defined in the Proxy-ARP statement must exist in the config>router>policy>option construct

Specify network prefixes that ARP requests will or will not be forwarded to depending on the action if a match is found





Proxy ARP Configuration Example - 1

1. Configure a prefix list in the config>router>policy-options>prefix-list context.

config>router>policy-options# beginconfig>router>policy-options# prefix-list prefixlist1config>router>policy-options>prefix-list# prefix 10.20.30.0/24 through 32config>router>policy-options>prefix-list# exitconfig>router>policy-options# prefix-list prefixlist2config>router>policy-options>prefix-list# prefix 10.10.10.0/24 through 32config>router>policy-options>prefix-list# exitconfig>router>policy-options# commit






2. Configure a route policy statement in the config>router>policy-options>policy-statement context.This will apply the prefix lists configured in Step 1.

config>router>policy-options# beginconfig>router>policy-options# policy-statement "ProxyARP"config>..>policy-statement# default-action acceptconfig>..>policy-statement>default-action# exitconfig>..>policy-statement# entry 10config>..>policy-statement>entry# fromconfig>..>policy-statement>entry>from# prefix-list prefixlist1config>..>policy-statement>entry>from# exitconfig>..>policy-statement>entry# toconfig>..>policy-statement>entry>to# prefix-list prefixlist2config>..>policy-statement>entry>to# exitconfig>..>policy-statement>entry# action rejectconfig>..>policy-statement>entry# exitconfig>..>policy-statement# exitconfig>router>policy-options#

Specify network prefixes that ARP requests will or will not be forwarded to depending on the action if a match is found.

Specify the host source address(es) for which ARP requests can or cannot be forwarded to non-local networks, depending on the specified action.






3. Apply the policy statement to the proxy-arp configuration in the config>router>interface context.

config>router# interface testARPconfig>router>if# address 128.251.10.59/24config>router>if# local-proxy-arpconfig>router>if# proxy-arpconfig>router>if>proxy-arp# policy-statement "ProxyARP"config>router>if>proxy-arp# exitconfig>router>if# exit





Route Policies - Databases

> Routing Databases: Routing Database routes learned by the routing protocols Forwarding Database selected routes used to forward traffic

through the router IGPs such as OSPF and IS-IS also maintain link state

databases

> Route Policies control: The size and content of routing tables Routes that are advertised The best route to take to reach a particular destination

There are no default route policies.





Routing Protocol Import/Export Default Behaviour

External routes: By default all non-RIP learned routes are not advertised to RIP peers.

By default, all RIP-learned routes are accepted.RIP

Internal routes: All IS-IS routes are automatically advertised to all neighbors.

External routes: By default all non-IS-IS learned routes are not advertised to IS-IS peers.

Not applicable, all IS-IS routes are accepted from IS-IS neighbors and cannot be controlled via route policies.

IS-IS

Internal routes: All OSPF routes are automatically advertised to all neighbors.

External routes: By default all non-OSPF learned routes are not advertised to OSPF neighbors.

Not applicable, all OSPF routes are accepted from OSPF neighbors and cannot be controlled via route policies.

OSPF

ExportImportProtocol





Route Policies When to Use Route Policies

> Examples of circumstances of when to use route policies: To control a protocol

allow all routes to be imported into the routing table.

Route redistribution allow a routing protocol to announce active routes learned from another

routing protocol.

To control route characteristics change the route preference, AS path, or community values to

manipulate or control the route selection.





7450 Route Policy Characteristics

> Extensive scaling allowing over 64K policies with over 64K entries per policy

> Control redistribution of routes between all protocols> Prefix lists a named list of IP prefixes

an IP prefix specifies a base IP address and a length (the number of bits applied to the base to determine the network prefix), such as 10.10.10.1/32

> Regular expression matching





Route Policy Match and Set Criteria> Match Criteria

Prefix/mask Neighbor Routing Protocol OSPF area OSPF type metric OSPF Tag IS-IS Route Level External IS-IS route Router Interface

> Set Criteria Route Preference Route Metric Next hop OSPF Route Type OSPF Tag





Route Policy CLI Command Structure

Policy options Define the parameters to configure route policies. Route policies are applied to the routing protocol or the router interface.

Policy statements A policy-statement is a logical grouping of match and action criteria that controls the flow of routing information to and from a given protocol or set of protocols.

Default action The action for routes that do not match any policy entries.

Action The action for routes matching a policy entry.

To Configure policy match criteria based on destination of routes or protocol into which it is advertised.

From Configure policy match criteria based on source of routes or protocol from which it is received.





Policy Statements

> Begin Required in order to enter the mode to create or edit route policies. The begin command puts the node (not just the session) in a route policy

edit mode. Once begin is entered, until a commit is executed, subsequent users

executing the begin command will be warned that a policy configuration is in progress.

> Commit This command is required to save changes made to a route policy. A commit will save all policy configuration in progress on a node. This

includes all sessions that have entered begin without having exited with a commit regardless of the state of the route-policy under configuration.

A commit terminates edit mode for all users that are currently in edit mode.> Abort

The abort command discards changes that have been made to route policies during a session.

config>router>policy-options





Route Policy Example

Assume an IES interface is with an address of 11.1.1.1/24. Customer XYZ has routes that all fall into the range 172.31.248.0/22 or longer. The static route identifies the customer network that needs to be advertised, the exact parameter is used to control exactly what is being advertised.

config routerstatic-route 172.31.248.0/22 next-hop 11.1.1.2ospf

asbrexport "Cust XYZ static range to OSPF

exitpolicy-options

beginprefix-list "Customer XYZ IP Range

prefix 172.31.248.0/22 exactexit





Route Policy Example (continued)

policy-statement "Cust XYZ static range to OSPFdescription "Advertise Cust XYZ route range from the

static route into OSPFentry 10

toprotocol ospf

exitfrom

protocol staticprefix-list "Customer XYZ IP Range

exitaction accept

metric set 100type 2

exitexitdefault-action rejectexit

exitcommit

exit all




Notes

Date post:	25-Nov-2015
Category:	Documents
Upload:	muhammad-syarifuddin
View:	35 times
Download:	0 times

1 1 Routing and Route Policies

Documents