Routing Enterasys

7/25/2019 Routing Enterasys

1/100

7/2

2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential

A Siemens Enterprise Communications Company

There is nothing more important than our customers

Enterprise Routing

Course Overview

Version 4.04

2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 2

Enterprise Routing Course OverviewCourse Description

This course is designed to educate participants about Enterasys

routing products, including their features, functions andconfiguration.

The course includes technology summaries, product introduction

and overview, as well as, hands-on application via lab exercises.

During this course, you will learn how to setup and configureEnterasys Switches for various network topologies, explore different

router operating modes such as RIP, OSPF, PIM-SM, IGMP, LS-NAT,and VRRP, and gain experience in troubleshooting the Enterasysrouting product line.


2/100

7/2



Enterprise Routing Course OverviewCourse Outline

Day One

Module #1: Enterasys Routing Products Overview

Module #2: Basic Routing Configuration- Lab #1-Direct Routes, Static Routes, RIP,

DHCP/BootP Relay (IP-Helper)

Module #3: OSPF

- Lab #2-OSPF Basic and Advanced Configurations

Day Two

Module #4: LS-NAT

- Lab #3- LS-NAT Configuration

Module #5: TWCB

Module #6: ACLs

- Lab#4-ACL Lab

Day Three

Module #7: Multicast Routing

- Lab #5- PIM-SM Multicast Routing Configuration

Module #8: VRRP

- Lab #6- VRRP Configuration

Module #9: Troubleshooting

- Lab #7- System Troubleshooting


Enterprise Routing Course OverviewCourse Prerequisites

Student prerequisite knowledge/skills

Experienced PC user

Operational knowledge of

- Ethernet

- 802.1D standard

- 802.1Q standard

Understanding of TCP/IP protocol

Understanding of various types of routing andmulticast protocols, with specific knowledgein the following:

- OSPF

- PIM-SM- IGMP

- VRRP

- LS-NAT

- TWCB

Topics not covered in this course

In depth discussion of :

802.1D (STP)

TCP/IP

Network design

Wireless

NetSight NMS

Dragon

In depth discussion of the following Protocols,OSPF, PIM-SM, IGMP, and VRRP or otherrouting protocols.


3/100

7/2



Enterprise Routing Course Overview

Course Objectives

Enterasys Routing Products Overview

- Explain the differences and similarities between the B3/B5/C2/C3/C5, G-Series, N-Series DFEs, and S-Series routers forrouting.

Basic Router Overview

- Direct Routes

- Static Routes

- Rip Routing

- DHCP/BootP Relay (IP Helper)

OSPF

- Verify that basic OSPF network is configured correctly via various show commands. If not correct troubleshoot network.

- Configure static routes for redistribution into OSPF and verify network changes correctly, troubleshoot network if incorrect.

- Configure OSPF Areas for stub areas and NSSA, Authentication, and Summarization. Then verify network changes are correct,

troubleshoot network if in correct.

LS-NAT

- Configure LSNAT on routers/switches. Verify that the network is configured correctly via various show commands, troubleshootif incorrect.

- Implementation, send and Receive data traffic using LSNAT setup. Verify that traffic is being received and properly load

balanced over available servers, troubleshoot if incorrect

TWCB

- Review Transparent Web Cache Balancing feature on N & S-Series products, Discuss configuration related parameters forimplementing feature.


Enterprise Routing Course Overview

Course Objectives (continued)

ACLs

- Configuration

- Implementation

PIM-SM

- Configure PIM-SM & IGMP on routers/switches and verify that the multicast network is configured correctly via various show

commands, troubleshoot if incorrect.

- Send and Receive multicast traffic throughout the network, verify that traffic is being received over correct links and joins arecomplete, troubleshoot if incorrect.

- Stop receiving multicast, verify that prunes have halted traffic correctly, and troubleshoot if incorrect.

VRRP

- Configure a basic VRRP network and verify that it is configured correctly via various show commands. If not correcttroubleshoot network.

- Configure VRRP Critical IP; verify VRRP is configured correctly, if not troubleshoot.

- Disable Critical IP interface, verify VRRP switches to new master correctly, if not troubleshoot. Added multiple VRRP instancesto network, with load sharing of clients between instances. Verify that VRRP is correctly configured.

Troubleshooting

- Examine the commands and tools most commonly used to determine if a reported problem within a routed environment, isactually a network related issue.

- Implement the mechanisms used to isolate a problem down to a specific category.


4/100

7/2



Getting Started & Introductions

Sign the Attendance Form

Class Hours- 9:00 am to 5:00 pm

Instructor

- Nicols Martnez

Attendees

- Name?

- Company?

- Job Description?

- What is your experience with routing?

- Are you currently using Enterasys routing products? (Which?)

- What do you hope to learn about routing from this course?



Enterprise RoutingRouting Products Overview

Version 4.03


5/100

7/2


2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.

Enterprise Routing Routing Products Overview

Routing Review- OSI Model

Application

Presentation

Session

Transport

Data Link

Physical

Application

Presentation

Session

Transport

PhysicalPhysical Physical

Router

Source System Destination System

Data LinkData Link Data Link

Routing FunctionNetwork Network

9



Routing Review

Routers / Layer 3 Switching:- Switch packets between different physical networks, based

upon Network-layer addressing

- Do not flood MAC-layer broadcasts from one attachednetwork to another

- Are protocol dependent (e.g., IPv4 routed to IPv4; IPv6routed to IPv6).

- Support packet fragmentation

- Support multiple Physical- and Mac-layer packetencapsulation types, and have the ability to t ranslate fromone type to another

Layer 2 Switching:- Switch frames within the same physi cal network, based

upon Data Link-layer (MAC) addressing

- Flood all MAC-layer broadcasts out all attached ports inthe same physical network

- Are protocol transparent (i.e. -- unaware of IP, IPX, etc.,protocols embedded in the datagrams)

- Do not support packet fragmentation

- Support multiple Physical- and Mac-layer packetencapsulation types, and have the ability to t ranslate fromone type to another

10


6/100

7/2



Enterprise Routing Routing Products Overview WhenShould Routing be Implemented?

When communication is needed between VLANs

When MAC-layer multicast/broadcast traffic is adversely effectingnetwork performance

When packet switching based upon upper-layer protocols such as IPis desired

Where multiple active paths between systems is required

11


Enterprise Routing Routing Products Overview RouterAdvantages

Isolation of MAC-layer broadcast traffic. Routers allow VLANs tocommunicate but prevent the flow of broadcast traffic from one

physical LAN to another

Path Selection. Routers can use the best path which physicallyexists between source and destination systems. Some routers

allow for load balancing over redundant paths

Flexibility. Routers can support any desired network topology

The total size of the network interconnected with routers is, for all

practical purposes, unlimited

12


7/100

7/2



Enterprise Routing Routing Products Overview RouterDisadvantages

Protocol Dependence. Routers operate at the OSI Network layer andmust be aware of the protocol(s) they are configured to route. Arouter will ignore traffic it is not configured to handle

Configuration complexity, routers require more extensive setup and

provisioning

Cost, routers are typically more complex devices than switches andcan be more expensive

13


Enterprise Routing Routing Products OverviewEnterasys Routing Support

The following Enterasys switch products support both Layer 2 (theData Link layer of the OSI model) switching and Layer 3 (the network

layer) IP routing functionality:

- B3/B5/C2/C3/C5

- G Series

- N-Series DFE

- Gold

- Platinum

- Diamond

- S Series


8/100

7/2



Enterprise Routing Routing Products OverviewB3/B5/C2/C3/C5

B3/B5 supports only basic IP routing functionality (i.e., directlyconnected routes, RIP routes, static routes, and standard ACLs)

C2/C3/C5 Series supports basic IP routing functionality (i.e., directlyconnected routes, RIP routes, static routes, and standard ACLs)

Additionally, via an optional advanced routing license (L3-LIC, Layer3 Routing License), the C2/C3/C5 supports- OSPF, PIM, DVMRP, VRRP and Extended ACLs.- License will need to be re-entered if configuration is cleared on C2

- License will NOT need to be re-entered if configuration is cleared C3/C5- Optional license C3 IPv6-LIC (IPv6 licenses) enables IPv6 functionality on the C3- IPv6 functionality is included in the advanced routing licenses for the C5.- Requires the purchase and activation of a advance routi ng license for each unit in a stack.

15


Enterasys G Series

- Multi-user policy per port

- Up to eight policy users per port

- Individual policy capabilities identical to C3 Release 1.1 at initial shipment

- Routing features

- Basic routing (RIP v1/v2) included

- Advanced routing option (OSPF, DVMRP, PIM-SM, VRRP)- IPv6 management and IPv6 routing (option)

- Hot swapping of IOMs

- Front panel push button

- Safely remove IOM with power applied with no impact on the rest of the switch

- Install new IOM in any empty slot

- No impact on running switch

- IOM not recognized by the switch until next reboot16


9/100

7/2



Enterprise Routing Routing Products OverviewN-Series Gold/ Platinum

17

The N-Series is a modular design chassis. Four models, the N1, N3, N5, and the N7 with

granular Layer 2/3/4 classification

Support advanced Layer 3 IP routing

Three product lines:Distributed Forwarding Engines (DFEs), Diamond:Significant Processing Enhancements over Platinum DFEs,plus increased Security, Routing & Policy Scalability.DFEs, Platinum: optimized for more features and higherperformance

Designed for wiring closets, server farm

aggregations, and distribution switching.

Platinum DFE modules can support up to 256routing interfaces and can be configured for RIP

and/or OSPF routing protocols

OSPF support on the N-Seriesrequires the purchaseand activation of an advancedrouting license.


Enterprise Routing Routing Products OverviewN DFE Limits

N7 Platinum(su)->show router limits

| Entries | Memory (bytes)

(256 MgB) Resource | Max-InUse=Avail | *Each ~= Max InUse

======== | ===== ===== ===== | ===== ======= =======

Dynamic ARPs * | 32768 3 32765 | 92 3014656 276

Static ARPs * | 1024 0 1024 | 92 94208 0

Routing Table | 12277 7 12270 | 288 3535776 2016

Static Routes | 1024 0 1024 | 44 45056 0

IP Helper | 5120 0 5120 | 12 61440 0

LSA type 1 * | 512 4 508 | 1672 856064 6688

LSA type 2 * | 512 2 510 | 1596 817152 3192

LSA type 3 * | 3000 0 3000 | 248 744000 0LSA type 4 * | 3000 0 3000 | 324 972000 0

LSA type 5 * | 4000 0 4000 | 428 1712000 0

LSA type 7 * | 4000 0 4000 | 444 1776000 0

LSA type 9 * | 512 0 512 | 1548 792576 0

LSA type 10 * | 64 0 64 | 1548 99072 0

LSA type 11 * | 512 0 512 | 1548 792576 0

The show limits command can be used to determine Layer 3related system limits for N-Series routers


11/100

7/2



Enterprise RoutingS-Series Routing Products

The S-Series routing products comes in multiple chassis sizesand standalone

I/O modules with option module slots are available forunparalleled configuration flexibility

- Highest combined port density per rack unit in the industry

Highest performance in its class

- Future proofed to >6 Tbps* Backplane capacity

- 1.28 Tbps, 950 Mpps Load sharing I/O fabric pair

Connectivity

- Triple speed with PoE Gigabit SFP

- 10 Gigabit Ethernet SFP+

- Support for future 40/100 Gigabit Ethernet

Maximum port capacities

- 576 Triple Speed ports, 576- Gigabit SFP ports

- 128 10 Gigabit Ethernet SFP+ ports

Builds upon N Series technology- Flow based switching architecture

- Secure Networks policy embedded with deep packet inspection

- Based on N Series firmware

S8

S4

S3

SSA



Deployment Flexibility

SSA

S4 S8S4

SSA

S3 S8

Edge/AccessEdge/Access CoreCoreDistribution/Data

Center

Distribution/Data

Center

22


12/100

7/2



Enterprise Routing Routing Products OverviewS-Series System Architecture

Fabric-based architecture in S4 and S8

- Load sharing I/O fabric modules provide highly scalable

inter module connectivity while also providing a fullcompliment of front panel connectivity

Fabric-less architecture in S3 chassis

- Backplane uses mesh architecture to interconnect I/O

modules

- I/O modules contain fabric elements for module to modulecommunication

- S3 provides a cost optimized approach to deploying premiumfeatures to the network edge

Multiple host CPUs for maximum resiliency

- Switching and routing applications are distributed

throughout the system providing industry leading scalability

and resiliency

23


Enterprise Routing Routing Products OverviewS4 / S8 Fabric Modules

Load-sharing fabrics

- I/O Fabrics contain the crossbar fabric circuitry

- Provide the data-plane connectivity to all other slots

- An I/O fabric module is required for chassis operation

Crossbar work in unison to provide maximum system throughput

- Fabric pair provides 1.28 Tbps in an S8 chassis and 640 Gbps in an S4 Chassis (Real)

Third fabric capability in S8 chassis for full performance redundancy(N+1)

Full 160Gbps front panel I/O support

All I/O fabric and I/O modules include a high performance host CPU

- Distributed switching and routing across all modules that provides scalability andenhanced resiliency

24


13/100

7/2



Enterprise Routing Routing Products OverviewS Series Limits

The show router limits command can be used to determine Layer 3 related system limitsfor S-Series routers

25

S Chassis(rw-config)->show router limitsChassis limits:Application Limit In use Entry size Total Memory-------------------------------- --------- --------- - ----------- ------------

access-list-entries 5000 0 - -access-lists 1000 0 - -applied-access-lists-ipv4-in 256 0 - -applied-access-lists-ipv4-out 256 0 - -applied-access-lists-ipv6-in 256 0 - -

applied-access-lists-ipv6-out 256 0 - -appsvc-ftp-alg-entries 4000 0 40B 156.3Kappsvc-global-bindings 32768 0 100B 3.1Mbgp-limits 262144 0 1B 25M

dhcp-leases 1000 0 56B 54.7Kdvmrp-limits 26214400 0 1B 25Mentries-per-access-list 5000 0 - -ip-addresses 4373 - - -ip-interfaces 256 - - -

ip-interface-addresses 128 - - -lo-interfaces 8 - - -lpbk-interfaces 21 - - -multicast-flows 4096 0 148B 592K

nat-global-bindings 32768 0 12B 384Knat-ip-addresses 1000 0 36B 35.2Knat-pools 10 0 280B 2.7Knat-portmapped-addresses 10 0 8.6K 85.9Knat-static-rules 500 0 96B 46.9K

nd-dynamic-entries 32768 2 48B 1.5M


Enterprise Routing Routing Products OverviewOverview of Routing Support

Routing Functionality N-series (DiamondPlatinum and Gold)

S Series B3/B5/C2/C3/C5&

G-Series

RIP v1/v2

OSPF * *

BGP ****

IS-IS ****

DVMRP * **** *

PIM-SM * ** *

IPv6 ***

IRDP

VRRP *

LSNAT * **

Standard ACLs

Extended ACLs * *

PBR

DoS Prevention

DHCP Server

* Requires advanced routing license *** Supported only the C3/C5, G-Series & S Series

** Requires extended memory of 256 MB **** 7.21 code release Note: PIM-SM is not supported on B-Series Switches

Summary of routing support on Enterasys platforms:


14/100

7/2



Enterprise Routing Routing Products OverviewStatic and Dynamic Routing Support

Routers use routing protocols to maintain their routing tables. Routing tables can be maintainedeither statically or dynamically.

Static Routes

- Static routes are manually configured and entered into a switchs routing table. Static routes take default precedenceover routes chosen by dynamic routing protocols.

Dynamic Routes

- Dynamic routes are learned when routers send routing table information to each other.

- The two forms of dynamic routing that are most commonly used are Distance Vector and Link State. The specifi cDistance Vector and Link State protocols used on Enterasys products are discussed below.

Switch Router FamilyDynamic Routes Static Routes IP Interfaces

S-Series~262k 1,024 256

N-Series Diamond / Platinum12,276/25,000 1,024 256

N-Series Gold10,117 512 96

C55000 128 48

B3/B5/C2/C3/G-Series2,500 64 24

2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.28

Enterprise Routing Routing Products OverviewInternal Route Precedence

Route Type N S B3/B5/C2/C3/C5 G-Series

Directly connected 0 0 0 0

OSPF 110 110 110 110

ISIS n/a 115 n/a n/a

Static 1 1 1 1

RIP 120 120 120 120

EBGP n/a 20 n/a n/a

IBGP n/a 200 n/a n/a

Internal Route Precedence:


15/100

7/2



Enterprise Routing Routing Products OverviewInternal Route Precedence

N3 (su)->show ip route

Codes: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF interareaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2* - candidate default, U - per user static route

C 1.1.1.1/32 [0/1] directly connected, Loopback 1

O 2.2.2.2/32 [110/10] via 10.1.1.2, Vlan 10C 10.1.1.0/24 [0/1] directly connected, Vlan 10

R 11.1.1.0/24 [120/2] via 10.1.1.2, Vlan 10

S 12.1.1.0/24 [1/0] via 10.1.1.2, Vlan 10



Static and Dynamic Routing Support, ECMP

Equal Cost Multi-Path with load sharing

- The DFE-Diamond/Platinum, and S-Series support up to 8 equal cost paths.- DFE-Gold, C2/C3/C5 and X Series support 4 equal cost paths.

- Round Robin algorithm ensures uniform load balancing across all paths

- Hashing algorithm ensures sequential delivery of all packets

- DFE can use a flow based round robin algorithm to combine features

- Hashing algorithm is the default when both are available

Switch router Family Maximumpaths

RoundRobin

Hashing RIP OSPF Static Routes

S-Series 8

N-Series Platinum/Diamond 8

N-Series Gold 4

C2 /C3/C5/G3 4


16/100

7/2




Enterprise Routing

Basic Routing ConfigVersion 4.03


Enterprise Routing Basic Routing Config

Routing Review

32


17/100

7/2




Pre-routing Considerations: Switching Features

1. Disable Spanning Tree

2. Disable GVRP

C3(su)->set gvrp disable

C3(su)->set gvrp disable

C3(su)->set spantree disable

C3(su)->set spantree portadmin disable

PortString

PortString



Pre-routing Considerations: Switching Features

SwitchedX


18/100

7/2



Enterprise Routing Basic Routing ConfigPre-routing Considerations: VLAN Review

1. Create the VLAN used for IP routing from the switch CLI

C3(su)-> set vlan create 5

2. Assign ports to the VLAN

C3(su)-> set port vlan fe.1.6 5

Then answer Y to add port to the egress list and clear the existing PVID


OR

3. Assign ports to the VLAN


Then answer N to not add port to the egress list and not clear the PVID

4. Assign ports to the VLANs egress list

C3(su)-> set vlan egress 5 fe.1.6 untagged

VLANid

PortString

PortString

VLANid

VLAN id

VLANid

PortString

VLANid

PortString

modify-egress


Enter Router Mode

Enter Router Privileged Mode

Enter Configuration Mode

Enter Interface Configuration Mode

VLAN 5 VLAN 10

As soon as 2 or more Routing interfaces

are created, routing between VLANs isavailable.

(su)->router(Config)# interface vlan 5(su)->router(Config-if(Vlan 5)#ip address 192.168.5.1 255.255.255.0(su)->router(Config-if(Vlan 5))#no shutdown

(su)->router(Config)# interface vlan 10(su)->router(Config-if(Vlan 10)#ip address 192.168.10.1 255.255.255.0(su)->router(Config-if(Vlan10))#no shutdown

(su)->router#configure

(su)->router>enable

C3(su)->router


Router Configuration B,C,G Series


19/100

7/2




Router Configuration S and N-Series Version 7.11

Unified CLI:

Prior to firmware 7.0, when logging in to an NSeries device, the users was first placed in

system or switch command mode of the CLI

This command mode provided access to all nonrouting device configuration (e.g., STP, LACP,VLAN creation, LACP, etc)

Entering a completely different CLI mode was required to configure or monitor routing levelfunctionality

Once in routing mode, switch related configuration and monitoring was no longer available.

Switch and routing configuration and monitoring took place within separate, distinct CLIsubsystems between which there was no communication




Unified CLI (continued):

Each subsystem had its own rules, behaviors, tools, and command history. In release 7.0 orgreater, this is no longer the case

Release 7.0 operates within a single CLI subsystem, and both switch and routing commands areaccessible within the single CLI subsystem

This implementation is described as the unified CLI

In the following CLI example, the configure command enters routing configuration mode and ACL10 is created.

Additionally, while in ACL 10 configuration mode, the date is set to 04/15/2009 using the systemlevel command set time without ever leaving the router ACL configuration command mode.

NChassis(rw)->N Chassis(rw)->configureN Chassis(rw-config)->ip access-list standard 10N Chassis(rw-cfg-std-acl)->set time 04/15/2009N Chassis(rw-cfg-std-acl)->Apr 14 09:07:56 0.0.0.0 System[1]Time and Date set(by user) to: WED APR 15 09:07:56 2009N Chassis(rw-cfg-std-acl)->


20/100

7/2





Create a vlan interface

Enter configuration mode

Enter Router interface and protocol configuration modes

VLAN 10 VLAN 5

As soon as 2 or more Routing interfaces arecreated, routing between VLANs is

available.

N3 (su-config)->interface vlan.0.10

N3(su-config-intf-vlan.0.10)-> no shutdownN3(su-config-intf-vlan.0.10)-> ip forwarding

N3 (su-config)->router ripN3(su-config-rip)->network 192.168.1.0 255.255.255.0

N3 (su)->configure

N3 (su)->set ip address 192.168.1.2 mask 255.255.255.0 interface vlan.0.10


A loopback is an internal interface not associated with any physical port

When creating an IP interface on a loopback the following steps are required:

By default, when IP interfaces on a loopback is created the interface is in a down

state.

- Therefore, no shutdownmust be entered to bring up the loopback.

Loopback interfaces are not associated with any VLAN.

The loopback can be used for remote administration of the router in lieu of the host

interface.

The loopback interface must be reachable via standard routing methods, (i.e.,

through a static, or dynamic route).


Loopback Interface Configuration

N3(su)->config

N3(su-config)->loopback 2

N3(su-config-intf-loop.0.2)->ip address 2.2.2.2 255.255.255.255

N3(su-config-intf-loop.0.2)->no shutdown


21/100

7/2




Static and Dynamic Routing Support

Routers use routing protocols to maintain their routing tables. Routing tables canbe maintained either statically or dynamically.

Static Routes

- Static routes are manually configured and entered into a switchs routing table. Static

routes take default precedence over routes chosen by dynamic routing protocols.

Dynamic Routes

- Dynamic routes are learned when routers send routing table information to each other.

- The three forms of dynamic routing that are most commonly used are Distance Vector,Link State and Path vector protocols.- Distance Vector Protocols

- RIPv1 and RIPv2

- DVMRP

- Link State Protocols

- OSPFv2

- IS-IS- Path Vector Protocols

- BGP4


Configuring Static Routes- Static routes are manually configured and entered into a devices routing table

R1(su-config)->ip route 10.10.1.0 255.255.255.0 192.168.5.2


Static Route Provisioning

Destination Prefix Mask Next-Hop

Router 192.168.5.2

10.10.1.1 Network

Router 192.168.5.1

R1 R2

R1(su)->show ip route

Codes: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF interarea

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2

* - candidate default, U - per user static route

C 192.168.5.0/24 [cost 0] directly connected, Vlan 5

S 10.10.1.0/24 [cost 1] via 192.168.5.2, Vlan 5


22/100

7/2




RIP Overview

RIP is a standard-based form of distance-vector routing protocol.

Two versions of RIP are available for routing IPv4:- RIP version 1, defined by RFC 1058 (STD 34) 6/88

- RIP version 2, defined by RFC 2453 (STD 56) 8/99

Routing decision is select shortest path based on hop count.

- Each router is one hop.

- RIP has a 15 hop-count limitation.

RIP updates occur every 30 seconds and sends the entire routing tablecontents.

- IP/UDP port 520

- Up to 25 routes per packet

Subsequent to topology change, convergence time increases significantlywith network size

RIPv2 Differences from RIPv1:

- Includes the network mask which supports variable-length subnet masking.

- Transmits RIPv2 updates as multicast, rather than broadcast (both are supported).

- Provides an authentication mechanism not supported by RIPv1.


Enterprise Routing Basic Routing ConfigRIP Configuration

Steps to configure RIP:

Create IP Interfaces

Add IP Address to IP interfaces

Create RIP Instance

Add RIP Networks

Enable RIP


23/100

7/2




Dynamic Routing (RIPv2)

R1 (su-config)-> router ripR1 (su-config-rip)-> network 192.168.5.0 0.0.0.255R1(su-config-rip)-> network 192.168.10.0 0.0.0.255R1(su-config-rip)-> exit

Note: N & S-series Routers running 7.x firmware run RIPv2by default , therefore, they do not require RIPv2 to be

enabled at the interfacelevel

N Series Config

R2>Router(config)# router ripR2>Router(config-router)# exitR2>Router(config)# interface vlan 4R2>Router(config-if(Vlan4))# ip rip enableR2>Router(config-if(Vlan4))# ip rip receive version 2R2>Router(config-if(Vlan4))# ip rip send version 2R2>Router(config)# interface vlan 5R2>Router(config-if(Vlan5))# ip rip enableR2>Router(config-if(Vlan5))# ip rip receive version 2R2>Router(config-if(Vlan5))# ip rip send version 2

C Series Config

192.168.10.0/24 192.168.4.0192.168.5.0

.1 .2R1 R2

45



Dynamic Routing (RIP)

46


Codes: C - connected, S -static, R - RIP, O - OSPF, IA -OSPF interarea







R 192.168.4.0/24 [cost 1] via 192.168.5.2, Vlan 5

R2(su)->router> show ip route

Codes: C - connected, S - static, R - RIP, O -OSPF, IA - OSPFinterarea

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA externaltype 2


E - EGP, i - IS-IS, L1 - IS-IS level-1, LS -IS-IS level-2




R 192.168.10.0/24 [cost 1] via 192.168.5.1, Vlan 5

192.168.10.0/24 192.168.4.0192.168.5.0

.1 .2R1 R2


24/100

7/2



Routing ConfigurationConnected, Static, & Dynamic Routes









S 10.10.1.0/24 [cost 1] via 192.168.5.2, Vlan 5

R 192.168.4.0/24 [cost 1] via 192.168.5.2, Vlan 5

192.168.10.0/24 192.168.4.0192.168.5.0

.1 .2R1 R2

10.10.1.0

RIPEnabled


Enterprise Routing Basic Routing ConfigDHCP/BootP Relay

DHCP/BOOTP relay functionality is used to assist a host device in obtaining

an IP address.

A typical situation occurs when a host requests an IP address with no DHCP

server located on the directly connected LAN segment.

Using DHCP/BOOTP relay, a router interface can forward the DHCP requestto a server located on another network if, the IP forwardprotocol is enabled

for UDP and the address of the DHCP server is configured as a helper

address ip helper on the receiving interface of the router.

48


25/100

7/2



Enterprise Routing Basic Routing ConfigDHCP/BootP Relay

The DHCP/BOOTP relay function will detect the DHCP request and make the

necessary changes to the IP packet header, replacing the destination IPaddress with the address of the DHCP server, and the source IP address with

the address configured on the receiving interface.

The router then sends the DHCP request to the DHCP server identified by theip helper address.

When the response is returned from the DHCP server, the DHCP/ BOOTP

relay function sends it to the host, allowing the host to obtain its IP address

49


Enterprise Routing Basic Routing ConfigDHCP/BootP Relay Configuration

Use the ip forward-protocol {udp [port]} command to enable UDP broadcastforwarding and specify which protocols will be forwarded. This is a global

level command.

The example below shows how to enable forwarding of UDP datagrams carrying DHCP requests (port 67):

Note: use of the ip forward-protocolcommand is required only on S & N Series Routers NOT on C Series devices.

Use the ip helper-address address command to enable DHCP/BOOTP relay and the

forwarding of local UDP broadcasts. This is an interface level command

The configuration below permits UDP broadcasts from hosts on the 1.35.11.0/24 network to reach a DHCPserver (1.35.0.1) on the 1.35.0.0 network

50

Router(su-config)-> ip forward-protocol udp 67

Router(su-config)-> interface vlan 3511

Router(su-config-intf)-> ip address 1.35.11.254 255.255.255.0

Router(su-config-intf)->ip helper-address 1.35.0.1

Router(su-config-intf)->no shutdown


26/100

7/2



ARP Configuration

- Displaying the ARP cache for host

C2(su)-> show arp

- Displaying the ARP cache for all VLAN IPinterfaces

C2(su)->router> show ip arp

- Adding a static ARP cache entry

C2(su)->router(Config)# arp

- Changing the ARP cache timeout

C2(su)->router(Config)# arp

timeout seconds

- Clearing the ARP cache usually resolvesproblems created with changing ipaddresses

C2(su)->router# clear arp-cache[ ]

Configuration Limits- ARP cache timeout defaults to 4 hours on the N, S, G,

and C2/C3/C5

Enterprise Routing Basic Routing ConfigARP Configuration and Display

C2(su)-> show arp

LINK LEVEL ARP TABLEIP Address Phys Address Flags

Interface------------------------------------------------------10.1.204.17 00-01-f4-5f-49-c5 S host.0.110.1.204.65 00-01-f4-5f-49-c5 S host.0.110.1.204.97 00-01-f4-5f-49-c5 S host.0.110.1.204.98 00-00-00-00-00-00 host.0.110.1.204.2 00-00-00-00-00-00 host.0.110.1.204.15 00-00-00-00-00-00 host.0.110.1.204.17 00-01-f4-5f-49-c5 S host.0.110.1.204.20 00-00-00-00-00-00 host.0.110.1.204.21 00-00-00-00-00-00 host.0.110.1.204.22 00-00-00-00-00-00 host.0.110.1.204.34 00-00-00-00-00-00 host.0.110.1.204.65 00-01-f4-5f-49-c5 S host.0.110.1.204.66 00-00-00-00-00-00 host.0.110.1.204.67 00-00-00-00-00-00 host.0.110.1.204.97 00-01-f4-5f-49-c5 S host.0.110.1.204.98 00-00-00-00-00-00 host.0.1------------------------------------------------------

C2(su)->router> show ip arp

Protocol Address Age(min) Hardware Addr Interface---------------------------------------------------Dynamic 10.1.204.2 0m 000D:883C:5A4B VLAN1Dynamic 10.1.204.15 0m 000D:883E:10E3 VLAN1Internet 10.1.204.17 - 0001:F45F:49C5 VLAN1Dynamic 10.1.204.20 0m 0011:1136:6B0B VLAN1Dynamic 10.1.204.21 0m 0009:6B99:814D VLAN1Dynamic 10.1.204.31 141m 00D0:B7B6:6597 VLAN1Dynamic 10.1.204.32 0m 00D0:B7A7:7159 VLAN1Dynamic 10.1.204.34 0m 0006:1BDA:A1A6 VLAN1

Internet 10.1.204.65 - 0001:F45F:49C5 VLAN1Dynamic 10.1.204.66 0m 0010:A4E6:513B VLAN1Dynamic 10.1.204.67 0m 000D:883C:97CC VLAN1Internet 10.1.204.97 - 0001:F45F:49C5 VLAN1Dynamic 10.1.204.98 3m 0002:B32F:B563 VLAN1

Arp entry count = 13.

* - Static


Enterprise Routing Basic Routing ConfigFile Management

write file This command saves the router configuration (N Series 6.12)

The write file command is not required when using 7.xx f irmware


27/100

7/2



Multiple IP Interface Configuration:

On B, C, and G-Series routers, there are two IP subsystems. A system layer IPsubsystem used to configure the single host management IP interface and a

routing layer IP subsystem used to configure routing IP interfaces.

The hostinterface acts as a non-routed management IP interface, and must be

assigned to a VLAN (VLAN 1 is the default).

The hostinterface is always up and utilizes an ARP cache and route table

independent from the ARP cache and route table used by the routing layer IPsubsystem

The C2/C3/C5 host interface address can not be assigned to the same network asthe local routed VLAN interface.

To assign host interface address to a VLAN other than 1, for C-Series, usecommand:


Additional Information

C-Series> set host vlan vlan-id


IP Interface Configuration N & S-Series

In release 7.0 the concept of a system IP address is no longer valid.

The ability to set a unique IP address on each VLAN configured on the switch means that host managementcan be accessed from any VLAN configured with its own IP

The ability to assign an IP subnet to an interface that is separate from a subnet which is passing data throughthe switch allows the network administrator to create an outofband management subnet designed to onlypass network management data

Use the set ip address command to create a nonrouting host management IP interface for a VLAN:

Use the ip forwarding command is used to enable or disable IP forwarding:


Additional Information (continued)

S Chassis(rw)->set ip address 125.100.10.1 mask 255.255.0.0 interface vlan.0.5

N3 Chassis(su)->show running-configinterface vlan.0.5ip address 125.100.10.1 255.255.0.0 primaryno ip proxy-arpno ip forwardingno ipv6 forwardingno shutdown

N3 Chassis(rw-config)->interface vlan.0.5SN3Chassis(rw-config-intf-vlan.0.5)-> ip forwarding


28/100

7/2



Router functionality is enabled by default across the product line

To disable routing, issue the following command on B, C, and G-Series Routers

- RouterA>(config)# no ip routing

On the N & S-series Routers running 7.x firmware, use the clear router all commandto remove all routing configuration from a system

- RouterA>(config)# clear router all

Each VLAN allows the assignment of a primary IP address/mask and a number of

secondary IP addresses/masks

Each routed VLAN interface must be assigned to its own subnet

By default, when VLAN IP interfaces are created on the N, S, & C2/C3/C5, they are

administratively DOWN

- Therefore a, no shutdown command mustbe entered after an IP interface is created- Configuration changes take effect immediately


Additional Information (continued)


Enterprise Routing Basic Routing ConfigRouting Table Overview B,C,G and N-series 6.12

There are two show ip route commands, one in switch mode and one in router

mode

Switch mode- show ip route command shows Host routes:

The host interface maintains a separate routing table from the VLAN interfaces

Each can be separately viewed and maintained

Each can have a separate and distinct default route

C2(su)->show ip route

ROUTE TABLE

Destination Gateway Mask Tos Flags Refcnt Use Interface

-----------------------------------------------------------------------------

default 192.168.0.1 00000000 0 UGC 0 0 host

127.0.0.1 127.0.0.1 00000000 0 UH 0 0 loopback

192.168.0.0 192.168.0.2 ffffff00 0 UC 1 0 host

-----------------------------------------------------------------------------


29/100

7/2



Enterprise Routing Basic Routing ConfigRouting Table overview

Routing Mode- show ip route shows all static and dynamic routes

To see the routing table for the Routed IP interfaces, you must be in router mode

for B, C, and G-Series routers.

C2(su)->router> show ip route










S 192.168.1.0/24 [cost 0] via 172.16.0.51, Vlan 123

S 192.168.100.0/24 [cost 0] via 172.16.0.37, Vlan 123



Enterprise RoutingOSPF Configurations

Version 4.03


30/100

7/2



Enterprise Routing - OSPFOverview of OSPF Routing Protocol

OSPF primary characteristics:

- It is open in that its specification is in the public domain

- It is based on Dijkstras Shortest Path First algorithm

Developed by the Interior Gateway Protocol (IGP) working group of the IETF

(mid-1980s)

- RFC 2328

- RFC 1583

OSPF was created because RIP was increasingly unable to serve large,heterogeneous networks

- Routing loops occurred with sudden topology changes

- Using distance metric to determine reachability resulted in count to Infinity delays

- Slow convergence

Uses the best effort transport mechanism of IP

- Protocol number 89

- Uses both IP Unicast and Multicast addresses

- 224.0.0.5 (AllSPFRouters)

- 224.0.0.6 (AllDRRouters)



Faster convergence than distance vector algorithms

A more descriptive routing metric

- Configurable per outbound interface

- Interface value between 1 and 65,535

Equal-cost multipath

- If multiple equal cost paths to a destination exist, the paths are inserted in routing table

- Load balancing among the routes

- Default path costs are 10

Routing Hierarchy

- Routing domain can be divided into areas for ease of management and control- Support for route summarization and aggregation by area

Security

- Simple or MD5 Authentication


31/100

7/2




Link State Advertisements (LSAs)

- Describe local piece of routing topology

- As accumulated from all routers in area/domain, form a link state database

Link State Database

- Describes complete routing topology

- Identical for all the routers within the same area, when a network has converged

- Distributed, replicated database model

- Routing table is re-computed from database only when topology changes occur

Distribution of LSAs uses reliable flooding

- Link State Updates advertise topology changes and keep entries up-to-date

- Large RIP update packets advertise entire route table every 30 seconds age out in 90 sec

- Individual entries are refreshed every 30 minutes age out after 60 minutes

- Uses multicasting to minimize network disruption- Has its own acknowledgement protocol to ensure reliable packet delivery



The network topology must appear consistent - the link state database must be

identical on all routers

All entities in the routing domain use unique 32 bit numbers for identification

- Routers are assigned a router ID normally based on their IP address

- Networks either use their network id or IP address of a router interface on that network

- Areas are strictly administratively assigned

Routers use OSPF Hello protocol to identify neighbors and maintain neighbor

relationships

Only Routers in an adjacency state of are permitted to exchange link state

information- The necessity of ensuring consistency in the LSDB prohibits simple broadcasting on route

information.

- Flooding information uses a split horizon technique

In multi-access networks, a Designated Router (DR) is elected to ensurereliable distribution of LSAs.

- Backup Designated Router (BDR) is also elected


32/100

7/2





Enterprise Routing - OSPF

The OSPF Area - Definition

Definition of an OSPF area

- Consists of a collection of network segments and interconnected routers

- Identified by area Id using dotted-decimal format (Ex: 0.0.0.1)

- ID has no association with IPv4 addresses of IPv4 nodes in the area

- When an IPv4 interface is enabled with OSPF, it is associated with an area

- Each routers interface belongs to only 1 area; therefore,

- Each network belongs to only 1 area

- A router may belong to mult iple areas having interfaces in different areas

- Multiple networks and router interfaces may belong to a single area

Example:

10.10.10.1/24

20.30.20.1/24 20.30.20.2/24 50.30.20.2/24

10.10.10.0/24 20.30.20.0/24 50.30.20.0/24

AREA 0.0.0.34 AREA 0.0.0.0

10.10.10.2/24AREA: 0.0.0.34

AREA: 0.0.0.34

AREA: 0.0.0.0 AREA: 0.0.0.0 AREA: 0.0.0.0

88


33/100

7/2



Enterprise Routing - OSPFThe OSPF Area - Implications

OSPF Router Classification:

- Area Border Router (referred to as ABRs)

- Router that has interfaces in at least two different areas

- Autonomous System Border Router (referred to as ASBRs)

- Router that has interface running a different routing protocol

- Internal Router:

- Routers interfaces completed contained within an OSPF area

Example:

10.10.10.1/24AREA: 0.0.0.34 20.30.20.1/24

AREA: 0.0.0.020.30.20.2/24AREA: 0.0.0.0

50.30.20.2/24AREA: 0.0.0.0

10.10.10.0/24

20.30.20.0/24

50.30.20.0/24

OSPF IGP Domain

BGP IGP Domain

AREA 0.0.0.34

10.10.10.2/24

AREA: 0.0.0.34

AREA 0.0.0.0

89



Inter-Area Routing Example

Intra-AreaRoutes

Inter-AreaRoutes

40.0.0.0/24 10.0.0.0/24

30.0.0.0/24 20.0.0.0/24

50.0.0.0/24

60.0.0.0/24

Intra-AreaRoutes

Inter-AreaRoutes

50.0.0.0/24 10.0.0.0/24

60.0.0.0/24 20.0.0.0/24

30.0.0.0/24

40.0.0.0/24

BackboneArea 0.0.0.0

Area 0.0.0.1

Area 0.0.0.2

Area Border Routers

A

B

C D

E

F

G

10.0.0.0/24

20.0.0.0/24

30.0.0.0/24

40.0.0.0/24

50.0.0.0/24

60.0.0.0/24

Intra-AreaRoute

Inter-AreaRoute

10.0.0.0/24 30.0.0.0/24

20.0.0.0/24 40.0.0.0/24

50.0.0.0/24

60.0.0.0/24

Area 0.0.0.2

Area 0.0.0.0

Area 0.0.0.1

66


34/100

7/2



Enterprise Routing - OSPFStub Areas

A dead-end area

There are no other ways to enter

or exit the stub area except via the ABR

The reason for building stub areas is

to further reduce the size of routing tables

AS-external-LSAs are not flooded into Stub Areas

Routing to external designations from Stub Areas are

based on Default Routes originated by a Stub Areas ABR.

Summary LSAs can also use the Default Route for Inter-area routing.

Criteria:

- Stub areas must not have an ASBR- Stub areas should have one ABR

- Or, if more than one, accept non-optimal routing paths to the External AS

- No Virtual Links allowed in a stub area

ASBR

Normal Stub

ASBR

Summaries

from Area

0.0.0.1

Summaries

from Area

0.0.0.0

A

Default

Route

0.0.0.0 0.0.0.1

ABR


Enterprise Routing - OSPFStub Areas

Totally Stubby Area (TSA)

- TSA differ from Stub areas in that there are not even summary routes injected into theTSA.

- The only route that is injected by the ABR is the default route.

- All inter-area routes follow the default for all destinations both internal and external tothe OSPF domain.

Not-So-Stubby Areas (NSSA)

- NSSA is defined in RFC 1587

- Similar to existing OSPF stub area configuration

- Capability to importing AS external routes in a limited fashion

- An ASBR in the NSSA will inject Externals using Type 7 LSA


35/100

7/2



Enterprise Routing - OSPFOSPF Features

Common OSPF Features Supported on

S Series, DFE, C2/C3 /C5, & G3

- ECMP

- Authentication

- Simple

- MD5

- Redistribution

- Static

- Rip

- Direct

- BGP **

- IS-IS **

- OSPF

- Route Administrative Distance

- Specify Neighbor router

- Not supported in C2/C3/C5

- Passive Interface

- Timers

Hello

Dead

Retransmit Interval

Transmit del ay

spf

- Cost

- Priority

- Stub

NSSA

Totally Stub

- Virtual Links

- Summarization

**Supported on the S Series Router 7.21firmwareand above


Enterprise Routing - OSPFOSPF Features

OSPF Equal Cost Multiple Path (ECMP)

- S = 8

- N (Platinum/ Diamond) = 8

- N (Gold) = 4

- G = 4

- C2/C3/C5 = 4


36/100

7/2



Enterprise Routing - OSPFECMP

71


Router#showip route

Codes: C-connected, S-static, R-RIP, B-BGP, O-OSPF, IA-OSPF interarea


E1 - 0SPF external type 1, E2 - 0SPF external type 2

E - EGP, i - IS-IS, L1 - IS-IS level-1, LS -IS-IS level-2

* - candidate default, U - per-user static route, o - ODR

C 1.1.1.0/24 [0/1] directly connected, Vlan 10



O 4.4.4.0./24 [110/20] via 2.2.2.2, Vlan 20

O 5.5.5.0./24 [110/20] via 3.3.3.2, Vlan 30

O 6.6.6.0/24 [110/30] via 3.3.3.2, Vlan 30

via 2.2.2.2, Vlan 20

C 127.0.0.0/24 [0/1] directly connected, Lo

72

Enterprise Routing - OSPFECMP


37/100

7/2



Enterprise Routing - OSPFSimple Configuration Process

OSPF Process

Disable GVRP and spanning tree

Create VLANs and assign ports to VLANs

Configure VLAN interfaces

Create an OSPF instance

Configure OSPF networks and areas

Ensure the advanced routing license is setup

Enable OSPF at VLAN interface level

Create Router ID (must be done before enablingOSPF at global level).

VLAN setup

OSPF

Configuration

C2/C3/C5additional

OSPF steps


Enterprise Routing OSPFOSPF config C2/C3/C5 & G-Series only

From router config mode:

Create an OSPF instance

- router ospf 10

Create a Router ID

- Router id 5.5.5.5

From each vlan interface (C2/C3/C5)

Associate the vlan to an area

- ip ospf areaid 0.0.0.0

Be sure to enable OSPF on each VLAN

- ip ospf enable

Note: The C2/C3/C5 & G3 requires an advanced license to Route OSPF

74


38/100

7/2



Enterprise Routing - OSPFCreate an OSPF Config

N & S Series OSPF configuration

From config mode, create an OSPF instance

- router ospf 10

Use network command and reverse mask to associate subnets with OSPF

instance. Set area that subnet is a part of.

- network 20.1.2.0 0.0.0.255 area 0.0.0.0

- network 20.1.3.0 0.0.0.255 area 1

Note: The N & Series require an advanced license to Route OSPF

75



Examining OSPF Information

Show ip route

Show ip ospf

Show ip ospf interface

Show ip ospf neighbor

Show ip ospf area 0.0.0.0

Show ip ospf database


39/100

7/2




Show ip route

Codes: C-connected, S-static, R-RIP, B-BGP, O-OSPF, IA-OSPF interareaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - 0SPF external type 1, E2 - 0SPF external type 2E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2* - candidate default, U - per-user static route, o - ODR

S 111.1.3.0/24 [20/0] via 10.1.1.2, Vlan 11S 111.1.2.0/24 [20/0] via 10.1.1.2, Vlan 11S 111.1.1.0/24 [20/0] via 10.1.1.2, Vlan 11O IA 30.1.3.0/24 [110/40] via 10.1.2.2, Vlan 12O IA 30.1.2.0/24 [110/40] via 10.1.2.2, Vlan 12O IA 30.1.1.0/24 [110/40] via 10.1.2.2, Vlan 12C 20.1.3.0/24 [0/1] directly connected, Vlan 11C 20.1.2.0/24 [0/1] directly connected, Vlan 11C 20.1.1.0/24 [0/1] directly connected, Vlan 11O IA 10.3.2.0/24 [110/30] via 10.1.2.2, Vlan 12

O IA 10.2.1.0/24 [110/20] via 10.1.2.2, Vlan 12O IA 10.3.1.0/24 [110/40] via 10.1.2.2, Vlan 12C 10.1.2.0/24 [0/1] directly connected, Vlan 12C 10.1.1.0/24 [0/1] directly connected, Vlan 11



Show ip ospf

Routing Process "ospf 10 " with ID 10.1.1.1Supports only single TOS(TOS0) route

It is an internal router.Summary Link update interval is 0 seconds.

External Link update interval is 0 seconds.Redistributing External Routes from,

Number of areas in this router is 1Area 0.0.0.1

Number of interfaces in this area is 2Area has no authenticationSPF algorithm executed 2 times

Area ranges are

Link State Update Interval is 0:30:00 and due in 0:16:38.Link State Age Interval is 0:00:00 and due in 0:00:00.


40/100

7/2




Show ip ospf interface

R1(su)->show ip ospf interface vlan.0.10Internet Address 192.168.1.5 Mask 255.255.255.0, Area 0.0.0.0Router ID 192.168.1.5, Cost: 10 (computed)Transmit Delay is 1 sec, State other-designated-router, Priority 10Designated Router id 192.168.1.1, Interface Addr 192.168.1.5Backup Designated Router id 192.168.1.2,Timer intervals configured, Hello 10, Dead 40, Retransmit 5



Show ip ospf area 0.0.0.0

Router4(su)->router>show ip ospf area 0AreaID 0.0.0.0Link State Age Interval 10External Routing Import External LSAsSpf Runs 10Area Border Router Count 0Area LSA Count 0Area LSA Checksum 0Stub Mode DisableImport Summary LSAs Enable


41/100

7/2




Show ip ospf database

OSPF Router with ID(10.1.1.1)

Displaying Net Link States(Area 0.0.0.1)LinkID ADV Router Age Seq# Checksum10.1.2.2 10.1.2.2 102 0x80000005 0x4ecd

Displaying Router Link States(Area 0.0.0.1)LinkID ADV Router Age Seq# Checksum LinkCount10.1.1.1 10.1.1.1 123 0x80000009 0xa93b 510.1.2.2 10.1.2.2 92 0x80000009 0x53b1 1

Displaying Summary Net Link States(Area 0.0.0.1)LinkID ADV Router Age Seq# Checksum10.3.1.0 10.1.2.2 142 0x80000005 0x62bb10.3.2.0 10.1.2.2 142 0x80000005 0xf234

10.2.1.0 10.1.2.2 142 0x80000005 0xa58d30.1.1.0 10.1.2.2 1114 0x80000005 0x759630.1.2.0 10.1.2.2 1104 0x80000005 0x6aa030.1.3.0 10.1.2.2 1094 0x80000005 0x5faa


Enterprise Routing OSPFAdvanced Configuration Process

Advanced OSPF configuration

Redistribute Routes

Setting the Router ID to the loopback address

Set the Designated Router

Setup Stub Areas

Stub

NSSA

Configure summarization

Setup Authentication

Simple

MD5


42/100

7/2



Enterprise Routing - OSPFAdvanced Configuration Process

Redistribute Routes

New Path Cost

Include all subnets

Router1 (su-config)->Router1 (su-config)-> router ospf 10

Router1 (su-config-ospf-10)-> redistribute static metric 22 subnets

Router1 (su-config-ospf-10)-> redistribute connected subnetsRouter1 (su-config-ospf-10)-> exit

Router1 (su-config)->



Setting the Router ID to the loopback address

Router1 (su-config)->Router1 (su-config)->interface loopback 1Router1 (su-config -intf-loop.0.1)-> ip address 1.1.1.1 255.255.255.255Router1 (su-config -intf-loop.0.1)-> no shutdownRouter1 (su-config -intf-loop.0.1)-> exitRouter1 (su-config)-> Router OSPF 10Router1 (su-config-ospf-10))-> router-id 1.1.1.1

Router1 (su-config)-> show running-configrouter ospf 10

router-id 1.1.1.1log-adjacencyexit


43/100

7/2




Set the Designated Router priority

N & S-Series

C & G Series:

Router2>Router(config)# interface vlan 12Router2>Router(config-if(Vlan 12))#ip ospf priority 100Router2>Router(config-if(Vlan 12))#exit

Router1 (su-config)-> interface vlan 11Router1 (su-config- intf-vlan.0.11)-> ip ospf priority 100Router1 (su-config- intf-vlan.0.11)-> exit



Setup Stub Areas

Stub

Router1 (su-config)-> router ospf 10Router1 (su-config-ospf-10)-> area 0.0.0.1 stubRouter1 (su-config-ospf-10)->exit

NSSA

Router2(su)->Router(config)#router ospf 10Router2(su)->Router(config-router)#area 0.0.0.2 nssa default-information-originateRouter2(su)->Router(config-router)#exit


44/100

7/2



Enterprise Routing - OSPFAdvanced Configuration Process

Summarization

Router1 (su-config)-> router ospf 10Router1 (su-config-ospf-10)-> area 0.0.0.1 range 20.1.0.0 255.255.0.0Router1 (su-config-ospf-10)-> exit



Setup Authentication (Simple)

C2/C3/C5 & G Series

Router2>Router(config)# interface vlan 12Router2>Router(config-if(Vlan 12))#ip ospf authentication-key redsox

S & N SeriesRouter1 (su-config)-> router ospf 10Router1 (su-config-ospf-10)-> area 0.0.0.1 authentication simpleRouter1 (su-config-ospf-10)-> exit

Router1 (su-config) interface vlan 12Router1 (su-config-intf-vlan.0.12) ip ospf authenticationkey redsoxRouter1 (su-config-intf-vlan.0.12) exit


45/100

7/2




Setup Authentication (MD5)

C2/C3/C5 & G Series

Router2(su)->Router(config)#interface vlan 32Router2(su)->Router(config-if(Vlan 32))#ip ospf message-digest-key 22 md5 pats05Router2(su)->Router(config-if(Vlan 32))#exit

S & N-series

Router1(su-config)->router ospf 10Router1 (su-config-ospf-10)->area 0.0.0.2 authentication message-digestRouter1 (su-config-ospf-10)->exit

Router1 (su-config)->interface vlan 32

Router1 (su-config-intf-vlan.0.32)ospf message-digest-key 22 md5 pats05Router1 (su-config-intf-vlan.0.32)->exit



Multi-Area Configuration Example

OSPF Configuration Lab

- Create IP Interfaces

- Add IP Address to IP interfaces

- Add Secondary IP Addresses

- Add Static Routes

- Set the Router ID to Loopback Interface

- Create OSPF Instance

- Add IP OSPF Networks and Areas

- Set the Designated Router

- Redistribute Static Routes

- Setup Summarization

- Setup Authentication

Simple

MD5

RID 1.1.1.1 RID 2.2.2.2

RID 3.3.3.3


46/100

7/2




Enterprise RoutingLSNAT Configuration

Version 4.03


Enterprise Routing LSNAT

LSNAT Overview: What is LSNAT?

Load Sharing Network Address Translation

LSNAT is a load balancing routing feature designed to provide load sharingnetwork services between multiple servers grouped into server farms

It can be tailored to an individual server service without requiring any

modification to clients or servers.

Examples of wellknown services are HTTP on port 80, SMTP (email) on

port 25, or FTP on port 21.

92


47/100

7/2




LSNAT Overview: LSNAT Configuration Components

There are three LSNAT configuration components:

- The client that is requesting a service from the server

- The virtual server, configured on the LSNAT router. The virtual server intercepts theservice request from the client and determines the physical (real) server the requestwill be forwarded to

- The server farm which is a logical entity containing the multiple real servers, one ofwhich will service the clients request

93



LSNAT Overview: How Does It Work?

A request for service is sent by the client to the server farm. The destination

address for the service request is the virtual servers unique Virtual IP(VIP)address.

A VIP address can be an IP address or an IP address and port address

combination. The same IP address can be used for multiple virtual servers ifa different port address is used.

The LSNAT configured router recognizes the VIP address and knows thatLSNAT must select a real server to forward the request to.

Before forwarding the request, based upon the server load balancing

process configured, LSNAT selects the real server for this request.

94


48/100

7/2



Enterprise Routing LS-NAT

LSNAT Overview: How Does It Work (continued)?

LSNAT changes the destination IP address from the VIP address to theaddress of the selected real server member of the server farm associatedwith the VIP address.

The packet is then forwarded to the selected real server.

The real server sends a service response back to the client with its addressas the response source address.

At the router, LSNAT sees the real server address and knows it must firsttranslate it back to the VIP address before forwarding the packet on to the

client.

95



LSNAT Overview: How Does It Work (continued)?

96


49/100

7/2




LSNAT Overview: Why Would I Use LSNAT?

Server Load Sharing

- When a single server is not able to cope with the demands of mult iple client sessions

Reliability

- Server reliability is increased by allowing you to take individual servers offline without without ongoing service operations

Redundancy

- Load sharing also provides redundancy in the case of a server failure. LSNATautomatically removes the failed server from the select ion process.

Security

- Security is improved since only the VIP is known, not the real server IP addresses

Performance

- LSNAT improves network performance by leveling traffic over many systems

- Using LSNAT in conjunction with Aggregate Links removes the performance bottleneckconcerns of one physical link to a server by bundling multiple switch to server links

97



Implementing LSNAT

1. Configure one or more server farms by:

- Specifying a server farm name

- Configuring real servers as members of the server farm

- Specifying a load balancing algorithm for each server farm

2. Configure each real server by:

- Enabling the real server for service

- Optionally specifying a round robin weight value for this real server

3. Configure a virtual server by:

- Specifying a virtual server name

- Associating a virtual server with a server farm

- Configuring a virtual server IP address (VIP)

- Enabling a virtual server for service

98


50/100

7/2




LSNAT Configuration Considerations

The following considerations must be taken into account when configuringLSNAT:

- Supported on N & S-Series Routers

- ALL modules in the chassis must have upgraded memory to 256 MB, and must have anadvanced license activated. (N-Series Only)

- A server farm cannot be shared by different virtual servers.

- In order to edit or delete a virtual server or real server (serverfarm) configuration, thedevices must be first configured out of service, using the no inservice command, beforethe changes will be allowed.

99



LSNAT Configuration

100


51/100

7/2




Enterprise RoutingTransparent Web Cache Balancing(TWCB)

Version 4.03


Enterprise Routing TWCB

TWCB Overview: What is TWCB?

Transparent Web Cache Balancing (TWCB)

TWCB provides for the storing of frequently accessed web objects on acache of local servers

Each HTTP request is transparently redirected by an N/SSeries router to a

configured cache server.

When a user first accesses a web object, the object is stored on a cache

server. Each subsequent request for the object uses the cached object,avoiding the need to access the host web site.

102


52/100

7/2




TWCB Overview: Why Would I Use TWCB?

Web caching reduces network traffic and aides in optimizing bandwidth usage by localizing webtraffic patterns

Web caching allows endusers to access web objects stored on local cacheservers with a muchfaster response time than accessing the same objects over an internet connection or through adefault gateway

Transparency, TWCB is transparent to the user, web traffic is automatically rerouted to the web-cache server

Load balancing, TWCB provides for load balancing across all cacheservers of a given serverfarm. The farm can be configured so heavy webusers can be distributed across server resourcesusing a predictor roundrobin algorithm.

Scalability, TWCB provides by the ability to associate up to 128 cacheservers with the web-cache.

103



Implementing TWCB

Implementing TWCB requires a routed network with IP interfaces that allowthe N or SSeries router to send requests for the internet to the correct web

caching device

There are five aspects to TWCB configuration:

1. Creating the Server Farm which is used to cache the web objects and populate themwith cacheservers.

2. Associating heavy webusers with a roundrobin list which caches those users webobjects across all servers associated with the configured server farm.

3. Specifying the hosts whose HTTP requests will or will not be redirected to the

cacheservers.

4. Creating a webcache that the server farms will be associated with

5. Apply the caching policy

104


53/100

7/2




TWCB Configuration

A TWCB configuration is made up of one or more cacheservers that are

logically grouped in a server farm and one or more server farms that areassociated with a webcache

There are four TWCB configuration components:

1. The server farm: Consists of a logical grouping of cacheservers. Each server farmbelongs to a webcache.

2. The cache server: A physical server on which an enduser cache resides. Each cacheserver belongs to a server farm. You can configure up to 128 cache servers perwebcache

3. The webcache: A logical entity in which all server farms reside. The current TWCBimplementation supports a single webcache. You create a webcache by naming it inrouter configuration command mode.

4. The outbound interface: Typically an interface that connects to the internet. It is theinterface that will be used for redirecting web objects from the host web site to thecache server

105



TWCB Configuration (continued)

106


54/100

7/2




TWCB Configuration (continued)

1. Configure one or more Server Farms by:- Specifying a server farm name

- Associating cache servers with the server farm

- Optionally, configuring a predictor round-robin list

2. Configure the Cache Servers by:

- Assigning each server a cache ip-address

- Setting the cache server fail detecti on method

- Placing the cache server in service

3. Configure the Web-Cache by:

- Specifying a web-cache name

- Adding the specified server farm to the web-cache

- Placing the web-cache in service.

4. Configure the Outbound Interface by:- Setting the redirect for outbound HTTP traffic from this outbound interface to the cache servers

107



TWCB Configuration Considerations

The following considerations must be taken into account when configuringTWCB:

- Supported on N & S-Series Routers

- TWCB is an advanced routing feature. It is standard on the S, and requires a license onthe N.

- A minimum of 256 MB of memory is required on all DFE modules in order to enableTWCB. (N-Series Only)

- In order to edit or delete a cache server configuration, the server must be first configuredout of service, using the no inservice command, before the changes will be allowed

- The cacheservers should have a webbased proxy cache running. The Squid applicationis an example of a webbased proxy cache

108


55/100

7/2




Enterprise RoutingACL Configurations

Version 4.03


Access Control Lists filter IP packets based upon specified characteristics

Depending on the product ACLs may be applied to router interfaces as access

groups, either inbound, outbound or both

Enterasys routers support the configurat

Date post:	01-Mar-2018
Category:	Documents
Upload:	fernando-sanchez-ramirez
View:	233 times
Download:	0 times

Routing Enterasys

Documents