Routing Protocol in detail

Block-II Routing

Objectives Introduction of EIGRP, Features of EIGRP, Tables of EIGRP, Metric of EIGRP

Configuration of EIGRP, Summarization with EIGRP

EIGRP unequal cost load balancing, Variance, Authentication

EIGRP stub router, Configure EIGRP Stub Network.

EIGRP Summary

Understanding OSPF Fundamentals, Configuring OSPF within Single Area, Cost

Understanding the differences between OSPF Network Types, Using OSPF Across Multiple Area- Features, Router Types

Configure OSPF virtual Link & Summarization

"Link- State Advertisements, Different Types Of Areas, Propagation of LSAs, Special OSPF Area"

Configure OSPF Stub Areas & Authentication

OSPF Summary

Introduction to BGP, Context for the BGP, BGP Route Stability, BGP Operation Basics, When to use BGP, BGP States

Configuring Default Routing with BGP, Configure BGP using AS_PATH attribute

"BGP Attributes, Controlling BGP Route Selection using the Weight, Local-Preference, MED"

Configure IBGP and EBGP using Local Preference & MED attributes.

WorkShop

Understanding EIGRP Terminology and Operation

EIGRP is a Cisco-proprietary distance-vector protocol with link-state features.

EIGRP features include:

• Fast convergence

• Partial updates

• Multiple network layer support

• Use of multicast and unicast communication

• Variable-length subnet masking (VLSM) support

• Seamless connectivity across all data link layer protocols and topologies

• By default, it performs automatic route summarization at major network boundaries

(can be disabled) but can also be configured to summarize on interfaces.

EIGRP Features

Neighbor table

Topology table

Routing table

Advertised Distance (AD)

Feasible Distance (FD)

Successor

Feasible successor (FS)

Passive Versus Active Routes

EIGRP Terminology

Neighbor table

• Contains EIGRP neighbor addresses and the interface through which they can be reached.

Topology table

• Contains all destinations advertised by neighboring routers.

Routing table

• Contains EIGRP successor routes.

EIGRP Tables


• Advertised distance (AD), also referred to as the Reported Distance, is the cost between the next-hop router and the destination.

Feasible Distance (FD)

• Feasible distance (FD) is the cost between the local router and the next-hop router plus the next-hop router’s AD to the destination network.

AD versus FD

Successor

◦ A successor is a neighboring router that has a least-cost path to a destination (the lowest FD) that is guaranteed not to be part of a routing loop.

◦ Successor routes are offered to the routing table to be used for forwarding packets.

◦ Multiple successors can exist if they have the same FD.

Feasible successor (FS)

◦ A feasible successor is a neighbor that is closer to the destination, but it is not the least-cost path.

◦ A feasible successor ensures a loop-free topology because it must have an AD less than the FD of the current successor route.

◦ Feasible successors are selected at the same time as successors but are kept in the topology table as backups to the successor routes.

◦ The topology table can maintain multiple feasible successors for a destination.

Successor and Feasible Successor

Passive Route

• A route is considered passive when the router is not performing recomputation on that route.

• Passive is the operational, stable state.

Active route

• A route is active when it is undergoing recomputation.

Passive versus Active Routes

Reliable Transport Protocol (RTP)

◦ Responsible for guaranteed, ordered delivery of EIGRP packets to all neighbors.

Neighbor discovery/recovery mechanism

◦ Enables EIGRP routers to dynamically learn when their neighbors become unreachable or inoperative by periodically sending small hello packets.

Protocol-dependent modules (PDMs)

◦ Responsible for network layer protocol-specific requirements such as IP, IPv6, AppleTalk, and Novell NetWare.

DUAL finite-state machine

◦ Diffusing Update Algorithm (DUAL) is the routing algorithm that tracks all routes advertised by all neighbors and uses distance information, known as the composite metric, to select efficient, loop-free paths to all destinations.

Key EIGRP Technologies

EIGRP cannot use the services of UDP or TCP since IPX and Appletalk do not use the TCP/IP protocol suite.

Reliable Transport Protocol (RTP) is the Transport layer protocol uniquely used by EIGRP for the delivery and reception of EIGRP packets.

• RTP is similar to TCP but is a Cisco proprietary.

RTP provides reliable or unreliable service as the situation warrants.

• Reliable packets (Update, Query, Reply) require explicit acknowledgement while unreliable packets (Hello, ACK) do not.

Reliable Transport Protocol

EIGRP routers actively establish relationships with their neighbors.

Adjacencies are established using small Hello packets which are sent every 5 or 60 seconds.

• If a neighbor misses 3 consecutive Hello packets then the route is considered invalid.

• Default = 15 seconds or 180 seconds.

Neighbor Discovery / Recovery

Various routed protocols are supported through its PDMs.

• Provides independence from routed protocols.

• PDMs are modular, scalable and adaptable.

• EIGRP can adapt to new or revised routed protocols.

• PDMs protect EIGRP from painstaking revision.

Each PDM is responsible for all functions related to its specific routed protocol.

Protocol-Dependent Modules

EIGRP maintains individual tables for each routed protocol.

DUAL uses the Neighbor and Topology tables to calculate route information.

When a link fails, DUAL looks for a feasible successor in its Neighbor and Topology tables.

• It compares all routes advertised by neighbors by using a composite metric for each route.

• Lowest-cost paths are then inserted into the routing table.

DUAL finite-state machine

EIGRP Packet

Frame Header

Frame Payload

CRCIP

HeaderProtocol Number

(EIGRP = 88)

EIGRP

Header

EIGRP

Message

On a LAN, the EIGRP

packet is encapsulated

in an Ethernet frame

with a destination

multicast MAC address:

01-00-5E-00-00-0A

The destination IP address is

set to the multicast 224.0.0.10

and the EIGRP protocol field

is 88.

The EIGRP

header identifies

the type of EIGRP

packet and

autonomous

system number.

The EIGRP

message

consists of

the Type /

Length /

Value (TLV).

EIGRP uses these 5 packet types to maintain its various tables and establish complex relationships with neighbor routers:

• Hello

• Acknowledgment

• Update

• Query

• Reply

EIGRP Header

EIGRP Packet

EIGRP relies on Hello packets to discover, verify, and rediscover neighbor routers.

EIGRP Hello packets are multicast to 224.0.0.10.

Hello packets are always sent unreliably and therefore do not require acknowledgment.

Hello Packets

Hellos are sent at a fixed (and configurable) interval, called the Hello interval.

• Hello/Hold timers do not need to match.

• To reset the Hello interval: no ip hello-interval eigrp as#

Hello interval depends on the interface’s bandwidth.

• High bandwidth = 5 seconds

• Default interval on point-to-point serial links, multipoint circuits with bandwidth greater than T1, and LANs.

• Low Bandwidth = 60 seconds

• Default interval on T1 or less multipoint WAN circuits.

On hearing Hellos, a router creates a neighbor table and the continued receipt of Hellos maintains the table.

Hold time is the maximum amount of allowed time that Hellos are not heard from a neighbor.

• Three times the Hello Interval:

• Low Bandwidth (3 x 60 sec.) = 180 seconds

• High bandwidth (3 x 5 sec.) = 15 seconds

Hello Packets

Hello Packets

T3

Are used to indicate receipt of any EIGRP packet during a "reliable" (i.e., RTP) exchange.

• To be reliable, a sender's message must be acknowledged by the recipient.

Acknowledgment packets are:

• Dataless Hello packets.

• Unicast.

Acknowledgement Packets

After the local router discovers a new neighbor, update packets are sent to the new neighbor.

Update packets are also used when a router detects a topology change.

• The router sends a multicast Update packet to all neighbors, alerting them to the change.

All Update packets are sent reliably.

Update Packets

Update packet• Initially sent after a new neighbor is discovered.• Sent when a topology change has been detected.

Query and Reply packets are sent when a destination has no feasible successors.

Both packet types are sent reliably.

A Query packet is multicasted to other EIGRP routers during the route re-computation process.

• Query packets are always multicast.

A Reply packet is used to respond to a query to instruct the originator not to recompute the route because feasible successors exist.

• Reply packets are always unicast.

Query and Reply Packets

EIGRP Message

Packet Types

Packet Type Use

Hello Used to discover other EIGRP routers in the

network.

Acknowledgement Used to acknowledge the receipt of any EIGRP

packet.

Update Convey routing information to known destinations.

Query Used to get specific information from a neighbor

router.

Reply Used to respond to a query.

Initial Route Discovery

EIGRP selects primary (successor) and backup (feasible successor) routes and injects those into the topology table.

The primary (successor) routes are then moved to the routing table.

EIGRP Operations

IP EIGRP Neighbor Table

Neighbor IP Address Local router exit

interface to neighbor

IP EIGRP Topology Table

Destination 1 FD / AD via each neighbor

IP Routing Table

Destination 1 Best route

List of directly connected adjacent EIGRP neighbor routers and the local interface to exit to reach it.

List of all routes learned from each EIGRP neighbor and identifies successor routes and feasible successor routes.

List of the best (successor) routes from the EIGRP topology table and other routing processes.

Example: EIGRP Tables

Router C’s tables:

R1# show ip eigrp neighbors

IP-EIGRP neighbors for process 100

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 192.168.1.102 Se0/0/1 11 00:07:22 10 2280 0 5

R1#

EIGRP Neighbor Table

Lists the order in which a peering session was established with the specified neighbor, starting with 0.

Neighbor’s IP address

Local interface receiving EIGRP Hello packets.

Seconds remaining before declaring neighbor down.

The current hold time and is reset to the maximum hold time whenever a Hello packet is received.

SRTT (Smooth Round Trip Timer) and RTO (Retransmit Interval) are used by RTP to manage reliable EIGRP packets.

SRTT indicates how long it takes for this neighbor to respond to reliable packets.

RTO indicates how long to wait before retransmitting if no ACK is received.

Queue count should always be zero otherwise there’s congestion on the link.

The sequence number of the last update, query, or reply packet that was received from this neighbor.

Amount of time since this neighbor was added to the neighbor table.

R1# show ip eigrp topology

IP-EIGRP Topology Table for AS(100)/ID(192.168.1.101)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status

P 172.17.0.0/16, 1 successors, FD is 40514560

via 192.168.1.102 (40514560/28160), Serial0/0/1

R1#

EIGRP Topology Table

Indicates if the route is in passive or active state.

Destination network. Number of successors

Next-hop address for successor.

Outbound interface to reach the network.

Feasible distance (FD) to the destination

Feasible distance (FD) to the destination

Advertised distance (AD) from the successor

EIGRP Routing Table

EIGRP route

Destination network

R1# show ip route

<output omitted>

Gateway of last resort is not set

D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:02:22, Serial0/0/1

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

D 172.16.0.0/16 is a summary, 00:31:31, Null0

C 172.16.1.0/24 is directly connected, FastEthernet0/0

R1#

Administrative distance

Feasible distance

Next-hop address to reach the network

Time indicating the last update packet received

Local router exit interface to destination network

Summary route automatically created as the result of the default classful behavior of EIGRP.

EIGRP default administrative distances

EIGRP Administrative Distance (AD)

Routes manually

summarized.

Routes redistributed into

EIGRP.

DUAL Example

(1)

10.1.1.0 /24

A

C

B

E

D

(2) (2) (1)

(1)

(1)

EIGRP FD AD Topology

10.1.1.0 /24 3 ***** Passive *****

via B 3 1 Successor

via D 4 2 Feasible Successor

via E 4 3

Router C


10.1.1.0 /24 3 ***** Passive *****

via D 3 2 Successor

via C 4 3

Router E


10.1.1.0 /24 2 ***** Passive *****

via B 2 1 Successor

via C 5 3

Router D

DUAL Example

(1)

10.1.1.0 /24

A

C

B

E

D

(2) (2) (1)

(1)

(1)


10.1.1.0 /24 3 ***** Passive *****

via B 3 1 Successor


via E 4 3

Router C


10.1.1.0 /24 3 ***** Passive *****

via D 3 2 Successor

via C 4 3

Router E


10.1.1.0 /24 2 ***** Passive *****

via B 2 1 Successor

via C 5 3

Router D

DUAL Example

(1)

10.1.1.0 /24

A

C

B

E

D

(2) (2) (1)

(1)


10.1.1.0 /24 3 ***** Passive *****

via B 3 1 Successor


via E 4 3

Router C


10.1.1.0 /24 3 ***** Passive *****

via D 3 2 Successor

via C 4 3

Router E


10.1.1.0 /24 -1 ***** ACTIVE ******

via E (Q) Query

via C 5 3 (Q) Query

Router D

QQ Q = Query

DUAL Example

(1)

10.1.1.0 /24

A

C

B

E

D

(2) (2) (1)

(1)


10.1.1.0 /24 3 ***** Passive *****

via B 3 1 Successor

via D

via E 4 3

Router C


10.1.1.0 /24 -1 ***** ACTIVE ******

via D

via C 4 3 (Q) Query

Router E


10.1.1.0 /24 -1 ***** ACTIVE ******

via E (Q) Query

via C 5 3

Router D

R

Q

Q = Query

R = Reply

DUAL Example

(1)

10.1.1.0 /24

A

C

B

E

D

(2) (2) (1)

(1)


10.1.1.0 /24 3 ***** Passive *****

via B 3 1 Successor

via D

via E

Router C


10.1.1.0 /24 4 ***** Passive *****

via C 4 3 Successor

via D

Router E


10.1.1.0 /24 -1 ***** ACTIVE ******

via E (Q) Query

via C 5 3

Router D

R

Q = Query

R = Reply

DUAL Example

(1)

10.1.1.0 /24

A

C

B

E

D

(2) (2) (1)

(1)


10.1.1.0 /24 3 ***** Passive *****

via B 3 1 Successor

via D

via E

Router C


10.1.1.0 /24 4 ***** Passive *****

via C 4 3 Successor

via D

Router E


10.1.1.0 /24 5 ***** Passive *****

via C 5 3 Successor

via E 5 4 Successor

Router D

R

Q = Query

R = Reply

DUAL Example

(1)

10.1.1.0 /24

A

C

B

E

D

(2) (2) (1)

(1)


10.1.1.0 /24 3 ***** Passive *****

via B 3 1 Successor

via D

via E

Router C


10.1.1.0 /24 4 ***** Passive *****

via C 4 3 Successor

via D

Router E


10.1.1.0 /24 5 ***** Passive *****

via C 5 3 Successor

via E 5 4 Successor

Router D

EIGRP uses a composite metric which can be based on the following metrics:

◦ Bandwidth

◦ Delay

◦ Reliability

◦ Load

Only Bandwidth and Delay are used by default.

Note: It is often incorrectly stated that EIGRP can also use the smallest MTU in the path. In actual fact, the MTU is included in the EIGRP routing update, but is not actually used in the metric calculation.

EIGRP Metric Calculation

EIGRP uses the slowest bandwidth (BW) in its metric calculation.

• Calculated BW = reference BW / slowest BW (kbps)

The value of the bandwidth may or may not reflect the actual physical bandwidth of the interface.

• For example, most serial interfaces use the default bandwidth value of 1.544 Mbps but this may not accurately reflect the links actual bandwidth.

Because both EIGRP and OSPF use bandwidth in default metric calculations, a correct value for bandwidth is very important to the accuracy of routing information.

◦ If the actual bandwidth of the link differs from the default bandwidth value, then the bandwidth value should be modified.

To modify the bandwidth value, use the bandwidth interface command.

Note: The bandwidth command does NOT change the physical bandwidth of the link.

EIGRP Bandwidth

EIGRP Delay

Delay is a measure of the time it takes for a packet to traverse a route.

• EIGRP uses the cumulative sum of all outgoing interfaces.

• Calculated Delay = the sum of outgoing interface delays / 10

The delay (DLY) metric is a static value based on the type of link to which the interface is connected and is expressed in microseconds.

Reliability (not a default EIGRP metric) is a measure of the likelihood that a link will fail.

• Measure dynamically & expressed as a fraction of 255.

• The higher the fraction the better the reliability

Load (not a default EIGRP metric) reflects how much traffic is using a link

• Number is determined dynamically and is expressed as a fraction of 255

• The lower the fraction the less the load on the link

These optional criteria can be used but are not recommended, because they typically result in frequent recalculation of the topology table.

Other EIGRP Metrics

EIGRP Composite Metric Calculation

The EIGRP composite metric formula consists of values K1 through K5, known as EIGRP metric weights.

• By default, only K1 (bandwidth) and K3 (delay) are set to 1.

• K2 (load), K4 (reliability), and K5 (MTU) are set to 0.

K values can be changed with the EIGRP router command:

Router(config-router)# metric weights tos k1 k2 k3 k4 k5

EIGRP neighbors cannot use mismatched metric values.

• All EIGRP neighbors must use the same metrics.

• Metrics can be altered using the metric weights command.

Mismatched K Values

EIGRP Metric Calculation Example

Slowest bandwidth:

Plus the sum of the delays

Bandwidth = 10,000,000 / 1024 = 9765 * 256 = 2499840

EIGRP Bandwidth Calculation Example

Delay = 20,000 / 10 + (100 / 10) * 256 = 514560

EIGRP Delay Calculation Example

EIGRP Metric = 2499840 + 514560 = 3014400

EIGRP Metric Calculation Example

Planning EIGRP Routing Implementations

Prior to deploying an EIGRP routing solution, the following should be considered:

• IP addressing plan

• Network topology

• EIGRP traffic engineering

Once the requirements have been assessed, the implementation plan can be created.

Planning to Deploy EIGRP

The information necessary to implement EIGRP routing includes the following:

• The IP addresses to be configured on individual router interfaces

• The EIGRP AS number, used to enable EIGRP.

• A list of routers and interfaces on which EIGRP is to be enabled.

• Metrics that need to be applied to specific interfaces, or EIGRP traffic engineering.

In the implementation plan, EIGRP the tasks include the following:

• Enabling the EIGRP routing protocol.

• Configuring the proper network statements.

• Optionally configuring the metric to appropriate interfaces.

Implementing EIGRP

After implementing EIGRP, verification should confirm proper deployment on each router.

Verification tasks include verifying:

• The EIGRP neighbor relationships.

• That the EIGRP topology table is populated with the necessary information.

• That IP routing table is populated with the necessary information.

• That there is connectivity in the network between routers and to other devices.

• That EIGRP behaves as expected in a case of a topology change, by testing link failure and router failure events.

Verifying EIGRP

After a successful EIGRP deployment, the solution and verification process and results should be

documented for future reference.

Documentation should include:

• A topology map

• The IP addressing plan

• The AS number used

• The networks included in EIGRP on each router

• Any special metrics configured

Documenting

Configuring and Verifying EIGRP

Enable EIGRP Routing

Define EIGRP as the IP routing protocol.

Router(config)#

router eigrp autonomous-system-id

To exchange routing updates, EIGRP routers must have the same autonomous system ID.

Identify EIGRP Networks

Define EIGRP networks to advertise to EIGRP neighbors.

Router(config-router)#

network network [mask]

The network parameter can be a network, a subnet, or the address of a directly connected interface.

The mask is a wildcard mask (inverse mask) used to determine how to interpret the address.

• The mask has wildcard bits, where 0 is a match and 1 is “don’t care.”

• For example, 0.0.255.255 indicates a match in the first 2 octets.

Most EIGRP references state that the wildcard mask is required.

However, since IOS 12.0(4)T, the mask argument can actually be configured using wild card bits or a regular subnet mask.

For example, either format could be used to configure the 10.10.10.0 network:

network 10.10.10.0 0.0.0.3

or

network 10.10.10.0 255.255.255.252

Note on EIGRP Masks

Define the Interface Bandwidth

Defines the interface’s bandwidth (optional).

Router(config-if)#

bandwidth kilobits

The kilobits parameter indicates the intended bandwidth in kbps.

For example, to set the bandwidth to 512,000 bps, use the bandwidth 512 command.

The configured bandwidth is used by routing protocols in the metric calculation.

The command does not actually change the speed of the interface.

Enable / Disable Automatic Summarization

By default, EIGRP automatically summarizes subnets.


auto-summary

This makes EIGRP behave like a classful routing protocol and therefore summarizes subnets on the

classful boundary.

Automatic summarization can be disabled using the no auto-summary router configuration command.

Configuring EIGRP Example: Classful

R1(config)# interface Fa0/0

R1(config-if)# ip address 172.16.1.1 255.255.255.0

R1(config-if)# no shut

R1(config-if)# interface S0/0/0


R1(config-if)# bandwidth 64


R1(config-if)# exit

Classful configuration example:












R2(config-if)# exit

Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

EIGRP AS 100

Internet

192.168.1.0 /27

S0/0/1

172.17.2.0 /24

S0/0/0S0/0/0

64 kbps

192.168.1.96 /27

.101

.102 .1

.1.1

Configuring EIGRP Example: Classful

R1(config)# router eigrp 100

R1(config-router)# network 192.168.1.96


R1(config-router)#





*Jul 26 10:02:25.963: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.101 (Serial0/0/0) is

up: new adjacency 172.17.2.0

R2(config-router)#

R2#

Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

EIGRP AS 100

Internet

192.168.1.0 /27

S0/0/1

172.17.2.0 /24

S0/0/0S0/0/0

64 kbps192.168.1.96 /27

.101

.102 .1

.1.1

Verifying EIGRP Example

R1# show running-config | section router eigrp

router eigrp 100

network 172.16.0.0

network 192.168.1.0

auto-summary

R1# show ip route

<output omitted>


D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:24:02, Serial0/0/0





C 192.168.1.96/27 is directly connected, Serial0/0/0

D 192.168.1.0/27 [90/41024000] via 192.168.1.102, 00:16:56, Serial0/0/0


R1#


Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

EIGRP AS 100

Internet

192.168.1.0 /27

S0/0/1

172.17.2.0 /24

S0/0/0S0/0/0

64 kbps192.168.1.96 /27

.101

.102 .1

.1.1



router eigrp 100

network 172.17.0.0

network 192.168.1.0

auto-summary

R2# show ip route

<output omitted>





D 172.16.0.0/16 [90/40514560] via 192.168.1.101, 00:13:26, Serial0/0/0





R2#


Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

EIGRP AS 100

Internet

192.168.1.0 /27

S0/0/1

172.17.2.0 /24

S0/0/0S0/0/0

64 kbps192.168.1.96 /27

.101

.102 .1

.1.1


R2# show ip protocols

Routing Protocol is "eigrp 100"

<output omitted>

Automatic network summarization is in effect

Automatic address summarization:

192.168.1.0/24 for FastEthernet0/0

Summarizing with metric 40512000

172.17.0.0/16 for Serial0/0/0, Serial0/0/1


Maximum path: 4

Routing for Networks:

172.17.0.0

192.168.1.0

Routing Information Sources:

<output omitted>

R2#


Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

EIGRP AS 100

Internet

192.168.1.0 /27

S0/0/1

172.17.2.0 /24

S0/0/0S0/0/0

64 kbps192.168.1.96 /27

.101

.102 .1

.1.1

Configuring EIGRP Example: Classless

Classless configuration example:

R2(config)# no router eigrp 100


R2(config-router)# network 192.168.1.96 0.0.0.31


R2(config-router)# end

R2# show run | section router eigrp

router eigrp 100

network 172.17.2.0 0.0.0.255

network 192.168.1.96 0.0.0.31

auto-summary

R2#

Fa0/0Fa0/0

172.17.2.0 /24

R1 R2

172.16.1.0 /24

EIGRP AS 100

Internet

192.168.1.0 /27

64 kbps192.168.1.96 /27

.101

.102S0/0/1

S0/0/0S0/0/0

.1

.1.1

R1(config)# no router eigrp 100





R1# show run | section router eigrp

router eigrp 100

network 172.16.1.0 0.0.0.255

network 192.168.1.96 0.0.0.31

auto-summary

R1#




<output omitted>





172.17.0.0/16 for Serial0/0/0


Maximum path: 4


172.17.2.0/24

192.168.1.96/27


Gateway Distance Last Update

(this router) 90 00:00:06


192.168.1.101 90 00:00:26

Distance: internal 90 external 170


Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

EIGRP AS 100

Internet

192.168.1.0 /27

S0/0/1

172.17.2.0 /24

S0/0/0S0/0/0

64 kbps192.168.1.96 /27

.101

.102 .1

.1.1

Verifying EIGRP: show ip protocols



<output omitted>

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

EIGRP maximum hopcount 100

EIGRP maximum metric variance 1

Redistributing: eigrp 100

EIGRP NSF-aware route hold timer is 240s





172.16.0.0/16 for Serial0/0/0


Maximum path: 4


172.16.1.0/24

192.168.1.96/27



(this router) 90 00:08:56


192.168.1.102 90 00:07:59

Distance: internal 90 external 170

Verify routing protocol information on the router.

Verifying EIGRP: show ip eigrp neighbors




(sec) (ms) Cnt Num

0 192.168.1.102 Se0/0/0 11 00:09:17 22 2280 0 5

R1#

EIGRP uses the Neighbor table to list adjacent routers.

Verifying EIGRP: show ip eigrp topology

R1# show ip eigrp topology

IP-EIGRP Topology Table for AS(100)/ID(192.168.1.101)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status


via Connected, Serial0/0/0


via Summary (40512000/0), Null0


via Summary (28160/0), Null0


via 192.168.1.102 (40514560/28160), Serial0/0/0


via Connected, FastEthernet0/0

R1#


Verifying EIGRP: show ip route eigrp

R1# show ip route eigrp

D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:10:18, Serial0/0/0





R1#

R1# show ip route

<output omitted>


D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:10:35, Serial0/0/0







R1#

Verify that the router recognizes EIGRP routes.

Verifying EIGRP: show ip eigrp interfaces

R1# show ip eigrp interfaces

IP-EIGRP interfaces for process 100

Xmit Queue Mean Pacing Time Multicast Pending

Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes

Se0/0/0 1 0/0 22 10/380 468 0

Fa0/0 0 0/0 0 0/1 0 0

R1#

Verify EIGRP configured interfaces.

Verifying EIGRP: show ip eigrp traffic

R1# show ip eigrp traffic

IP-EIGRP Traffic Statistics for AS 100

Hellos sent/received: 338/166

Updates sent/received: 7/7

Queries sent/received: 0/0

Replies sent/received: 0/0

Acks sent/received: 2/2

SIA-Queries sent/received: 0/0

SIA-Replies sent/received: 0/0

Hello Process ID: 228

PDM Process ID: 226

IP Socket queue: 0/2000/1/0 (current/max/highest/drops)

Eigrp input queue: 0/2000/1/0 (current/max/highest/drops)

R1#

Verify EIGRP traffic information.

Verifying EIGRP: debug eigrp packets

R2# debug eigrp packets

*Jul 26 10:51:24.051: EIGRP: Sending HELLO on Serial0/0/0

*Jul 26 10:51:24.051: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

*Jul 26 10:51:24.111: EIGRP: Sending HELLO on FastEthernet0/0


*Jul 26 10:51:26.667: EIGRP: Received HELLO on Serial0/0/0 nbr 192.168.1.101

*Jul 26 10:51:26.667: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/re

ly 0/0







ly 0/0







ly 0/0




Traces transmission and receipt of EIGRP packets.

EIGRP Passive-Interface

Prevent EIGRP updates out a specified router interface.


passive-interface type number [default]

Set a particular interface or all router interfaces to passive.

The default option sets all router interfaces to passive.

For EIGRP, the command:

Prevents neighbor relationships from being established.

Routing updates from a neighbor are ignored.

Allows a subnet on a passive interface to be announced in EIGRP

Passive-Interface Example


R1(config-router)# passive-interface fa0/0

R1(config-router)#



R2(config-router)#

Alternate configuration:


R1(config-router)# passive-interface default

R1(config-router)# no passive-interface S0/0/0




Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

EIGRP AS 100

Internet

192.168.1.0 /27

172.17.2.0 /24

64 kbps192.168.1.96 /27

.101

.102S0/0/1

S0/0/0S0/0/0

.1

.1.1

To propagate a default route in EIGRP, use either the:

ip default-network network-number global configuration command.

Or

ip route 0.0.0.0 0.0.0.0 next-hop | interface router configuration

command.

Once configured, the default route has to be propagated into the EIGRP AS.

Propagating a Default Route

ip default-network Command

Configures a router to advertise a network as the gateway of last resort.

Router(config)#

ip default-network network

Other routers use their next-hop address to the advertised network as their default route.

There is no parameter to specify the subnet mask therefore the command can only be used to advertise a classful network.

The specified network must be reachable before it is configured.

If the specified network is reachable through:

EIGRP, then the default route is propagated automatically to other EIGRP routers in the AS.

A static route, then the static route must be redistributed into EIGRP.

ip default-network Example

R2# show ip route

<output omitted>





D 172.16.0.0/16 [90/40514560] via 192.168.1.101, 02:27:56, Serial0/0/0

192.168.1.0/27 is subnetted, 2 subnets

C 192.168.1.96 is directly connected, Serial0/0/0


R2#

R1# show ip route

<output omitted>


<output omitted>

Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

64 kbps

EIGRP AS 100

Internet

172.31.0.0 /16192.168.1.96 /27

172.17.2.0 /24

.101

.102S0/0/1

S0/0/0S0/0/0

.1

.1.1192.168.1.0 /27

.2


Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

64 kbps

EIGRP AS 100

Internet

172.31.0.0 /16192.168.1.96 /27

172.17.2.0 /24

.101

.102S0/0/1

S0/0/0S0/0/0

.1

.1.1192.168.1.0 /27

.2

R2(config)# ip route 172.31.0.0 255.255.0.0 192.168.1.2

R2(config)# do ping 172.31.0.0

<output omitted>

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms

R2(config)# ip default-network 172.31.0.0


R2(config-router)# redistribute static


R2#


R2# show ip route

<output omitted>

Gateway of last resort is 192.168.1.2 to network 172.31.0.0

<output omitted>

S* 172.31.0.0/16 [1/0] via 192.168.1.2




R2#

Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

64 kbps

EIGRP AS 100

Internet

172.31.0.0 /16192.168.1.96 /27

172.17.2.0 /24

.101

.102S0/0/1

S0/0/0S0/0/0

.1

.1.1192.168.1.0 /27

.2

R1# show ip route

<output omitted>


<output omitted.

D*EX 172.31.0.0/16 [170/41024000] via 192.168.1.102, 00:00:20, Serial0/0/0



R1#

ip route 0.0.0.0 0.0.0.0 next-hop | interface Command

Configures a router to advertise a default route as the gateway of last resort.

Router(config)#

ip route 0.0.0.0 0.0.0.0 interface | next-hop

The choice of parameter affects the next selection of commands.

If the interface parameter is used, then only the network 0.0.0.0

needs to also be entered.

If the next-hop parameter is used, then the network 0.0.0.0 and the redistribute static command must be configured.

ip route 0.0.0.0 0.0.0.0 interface Example

Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

64 kbps

EIGRP AS 100

Internet

172.31.0.0 /16192.168.1.96 /27

172.17.2.0 /24

.101

.102S0/0/1

S0/0/0S0/0/0

.1

.1.1192.168.1.0 /27

.2

R2(config)# ip route 0.0.0.0 0.0.0.0 S0/0/1



R2(config-router)# do show ip route

<output omitted>





D 172.16.0.0/16 [90/40514560] via 192.168.1.101, 03:13:25, Serial0/0/0




S* 0.0.0.0/0 is directly connected, Serial0/0/1

R2(config-router)#

ip route 0.0.0.0 0.0.0.0 next-hop Example

Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

64 kbps

EIGRP AS 100

Internet

172.31.0.0 /16192.168.1.96 /27

172.17.2.0 /24

.101

.102S0/0/1

S0/0/0S0/0/0

.1

.1.1192.168.1.0 /27

.2

R2(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.2



R2(config-router)# redistribute static

R2(config-router)# do show ip route

<output omitted>





D 172.16.0.0/16 [90/40514560] via 192.168.1.101, 02:53:48, Serial0/0/0




S* 0.0.0.0/0 [1/0] via 192.168.1.2

R2(config-router)#

EIGRP automatically summarizes routes at a major network boundary by default.

• Due to the pre-configured auto-summary router configuration command.

• In most cases, auto summarization is a good thing as it keeps routing tables as compact as possible.

• Sometimes it’s not a good thing such as when there is a discontiguous subnetwork.

Typically for routing to work properly, auto-summarization should be disabled using the no

auto-summary router configuration command.

EIGRP Route Summarization

Summarization in Discontiguous Networks

R1 R2

10.10.10.0 /24

EIGRP AS 100

192.168.1.96 /30 10.20.20.0 /24

EIGRP Update: Connected to 10.0.0.0 /8


router eigrp 100

passive-interface FastEthernet0/0

network 10.10.10.0 0.0.0.255

network 192.168.1.96 0.0.0.31

auto-summary



<output omitted>



10.0.0.0/8 for Serial0/0/0


Maximum path: 4


10.10.10.0/24

192.168.1.96/27

Passive Interface(s):

FastEthernet0/0

<output omitted>

Summarization in Discontiguous Networks

R2# show ip route

<output omitted>








S* 0.0.0.0/0 [1/0] via 192.168.1.2

R2#

R1 R2

10.10.10.0 /24

EIGRP AS 100

192.168.1.96 /30 10.20.20.0 /24


R2 ignores the R1 update because it is already

connected to the classful 10.0.0.0/8 network.

Notice that the summarized route (10.0.0.0/8) has an entry pointing to null0.

• Null0 is automatically added to the table and are called summary routes.

• Null 0 is a directly connected, software-only interface.

• The use of the null0 interface prevents the router from trying to forward traffic to other routers in search of a more precise, longer match.

Null 0

R2# show ip route

<output omitted>








S* 0.0.0.0/0 [1/0] via 192.168.1.2

R2#

Disabling Automatic Summarization

R1 R2

10.10.10.0 /24

EIGRP AS 100

192.168.1.96 /30 10.20.20.0 /24



R1(config-router)# no auto-summary

R1(config-router)#

*Jul 26 22:14:07.183: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.102

(Serial0/0/0) is resync: summary configured



Routing Protocol is "eigrp 100“

<output omitted>

Automatic network summarization is not in effect

Maximum path: 4


10.10.10.0/24

192.168.1.96/27

<output omitted>

Disable Automatic Summarization

R1 R2

10.10.10.0 /24

EIGRP AS 100

192.168.1.96 /30 10.20.20.0 /24



R2(config)# no auto-summary

R2(config)# end

R2# show ip route

<output omitted>



C 10.20.20.0 is directly connected, FastEthernet0/0

D 10.10.10.0 [90/40514560] via 192.168.1.101, 00:05:21, Serial0/0/0




S* 0.0.0.0/0 [1/0] via 192.168.1.2

R2#

Earlier distance vector protocols were unable to create summary routes other than the classful boundaries or /8, /16/ or /24.

To address this shortcoming, EIGRP added the ip summary-address eigrp interface

configuration command.

◦ The command is used to create one or more summary routes within a network on any bit boundary (as long as a more specific route exists in the routing table).

IP EIGRP summary routes are given an administrative distance value of 5.

◦ Standard EIGRP routes receive an administrative distance of 90

◦ External EIGRP routes receive an administrative distance of 170.

Summarizing on an Interface

ip summary-address eigrp

Manually create a summary route at an arbitrary bit boundary.

Router(config-if)#

ip summary-address eigrp as-number address mask [admin-distance]

Parameter Description

as-number The number of the EIGRP AS is identified.

addressThe IP address being advertised as the summary

address. This address does not need to be aligned

on Class A, B, or C boundaries.

mask The IP subnet mask used to create the summary

address.

admin-distance (Optional) Administrative distance. A value from 0 to

255.

EIGRP Route Summarization





Fa0/0Fa0/0

R1 R2

10.10.10.0 /24

EIGRP AS 100

WAN

192.168.3.1

S0/0/0

10.10.20.0 /24

10.0.0.0 /8

R3

R3(config)# interface S0/0/0


R3(config-if)# ip summary-address eigrp 1 10.10.0.0 255.255.0.0


R3(config-if)# exit



<output omitted>

Automatic network summarization is not in effect

Address Summarization:

10.10.0.0/16 for Serial0/0/0

<output omitted>

Routes with a metric equal to the minimum metric are installed in the routing table.

• Referred to as “equal-cost load balancing”.

• All IP routing protocols on Cisco routers can perform equal-cost load balancing.

The maximum-paths maximum-path command can be used to allow up to 6 equal-cost paths.

• Default is 4.

• Setting the maximum-path option to 1 disables load balancing.

EIGRP Load Balancing

EIGRP Equal-Cost Load Balancing







R1(config-router)# maximum–paths 3

R1(config-router)#

R1 Topology Table


Network Neighbor AD FD

172.16.2.0/24 R2 20 40

R3 20 40

R4 20 40

R5 20 40

EIGRP can also balance traffic across multiple routes that have different metrics.

• Referred to as unequal-cost load balancing.

The degree to which EIGRP performs load balancing is controlled with the variance

multiplier command.

• The multiplier is a value, between 1 and 128, used for load balancing.

• The default is 1, which means equal-cost load balancing.

• Setting a variance value greater than 1 allows EIGRP to install multiple loop-free routes with unequal cost in the routing table.

• EIGRP will always install successors (the best routes) in the routing table.

• The variance allows feasible successors (and only feasible successor routes) as candidate routes to potentially be installed in the routing table.

Unequal Cost Load Balancing

EIGRP Unequal-Cost Load Balancing


R1(config-router)# variance 2

R1(config-router)#

R1 Topology Table


Network Neighbor AD FD

172.16.2.0/24 R2 10 30

R3 10 20

R4 25 45

R5 10 50

Configuring and Verifying EIGRP Authentication

Many routing protocols support authentication such that a router authenticates the source of each routing update packet that it receives.

Simple password authentication is supported by:

• IS-IS

• OSPF

• RIPv2

MD5 authentication is supported by:

• OSPF

• RIPv2

• BGP

• EIGRP

Router Authentication

Simple password authentication:

• Router sends packet and key.

• Neighbor checks if received key matches its key.

• Is not secure.

MD5 authentication:

• Configure a “key” (password) and key-id; router generates a message digest, or hash, of the key, key-id and message.

• Message digest is sent with packet; key is not sent.

• Is secure.

Simple Password vs. MD5 Authentication

EIGRP supports MD5 authentication.

Router generates and checks every EIGRP packet. Router authenticates the source of each routing update packet that it receives.

Configure a “key” (password) and key-id; each participating neighbor must have same key configured.

EIGRP MD5 Authentication

EIGRP MD5 authentication:

• Router generates a message digest, or hash, of the key, key-id, and message.

• EIGRP allows keys to be managed using key chains.

• Specify key-id (number, key, and lifetime of key).

• First valid activated key, in order of key numbers, is used.

MD5 Authentication

The following key parameters must be defined in enough detail before configuring EIGRP authentication:

◦ The EIGRP AS number

◦ The authentication mode (MD5)

◦ The definition of one or more keys to authenticate EIGRP packets, according to the network security plan.

◦ The keys’ lifetime, if multiple keys are defined.

Once defined, the following steps may be implemented:

1. Configure the authentication mode for EIGRP.

2. Configure the key chain.

3. Optionally configure the keys’ lifetime parameters.

4. Enable authentication to use the key(s) in the key chain.

Planning for EIGRP

Configure the Authentication Mode for EIGRP

Specify MD5 authentication for EIGRP packets.

Router(config-if)#

ip authentication mode eigrp autonomous-system md5

Enable EIGRP packet authentication using key in the key-chain.

Router(config-if)#

ip authentication key-chain eigrp autonomous-system name-

of-chain

Configure the Key Chain

Define the keychain in key chain configuration mode.

Router(config)#

key chain name-of-chain

Identify the key and enter the key-id configuration mode.

Router(config-keychain)#

key key-id

Router(config-keychain-key)#

key-string text

Identify key string (password)

Configure Keys Lifetime Parameters (Optional)

Specify when the key will be accepted for received packets.

Router(config-keychain-key)#

accept-lifetime start-time {infinite | end-time |

duration seconds}

Specify when the key can be used for sending EIGRP packets.Router(config-keychain-key)#

send-lifetime start-time {infinite | end-time |

duration seconds}

Enable Authentication to Use the Key Chain

Enable EIGRP packet authentication using key in the key-chain.

Router(config-if)#

ip authentication key-chain eigrp autonomous-system

name-of-chain

Configuring EIGRP MD5 Authentication

Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

EIGRP AS 100R1# show running-config

!

<output omitted>

!

key chain R1chain

key 1

key-string FIRST-KEY

accept-lifetime 04:00:00 Jan 1 2009 infinite

send-lifetime 04:00:00 Jan 1 2009 04:00:00 Jan 31 2009

key 2

key-string SECOND-KEY


send-lifetime 04:00:00 Jan 25 2009 infinite

!

<output omitted>

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.0

!

interface Serial0/0/0

bandwidth 64

ip address 192.168.1.101 255.255.255.224

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 100 R1chain

!

router eigrp 100

network 172.16.1.0 0.0.0.255

network 192.168.1.0

auto-summary

172.17.2.0 /24

S0/0/0S0/0/0

64 kbps

192.168.1.96 /27

.101

.102

.1.1


Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

EIGRP AS 100

R2# show running-config

!

<output omitted>

!

key chain R2chain

key 1

key-string FIRST-KEY



key 2

key-string SECOND-KEY



!

<output omitted>

!

interface FastEthernet0/0

ip address 172.17.2.2 255.255.255.0

!


bandwidth 64

ip address 192.168.1.102 255.255.255.224

ip authentication mode eigrp 100 md5

ip authentication key-chain eigrp 100 R2chain

!

router eigrp 100

network 172.17.2.0 0.0.0.255

network 192.168.1.0

auto-summary

172.17.2.0 /24

S0/0/0S0/0/0

64 kbps192.168.1.96 /27

.101

.102

.1.1

Verifying MD5 Authentication

R1#

*Apr 21 16:23:30.517: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.102

(Serial0/0/0) is up: new adjacency

R1#




(sec) (ms) Cnt Num

0 192.168.1.102 Se0/0/0 12 00:03:10 17 2280 0 14

R1#

R1# show ip route

<output omitted>


D 172.17.0.0/16 [90/40514560] via 192.168.1.102, 00:02:22, Serial0/0/0







R1#

R1# ping 172.17.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.17.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms


R1# show key chain

Key-chain R1chain:

key 1 -- text “FIRST-KEY"

accept lifetime (04:00:00 Jan 1 2009) - (always valid) [valid now]

send lifetime (04:00:00 Jan 1 2009) - (04:00:00 Jan 31 2009)

key 2 -- text “SECOND-KEY"

accept lifetime (04:00:00 Jan 25 2009) - (always valid) [valid now]

send lifetime (04:00:00 Jan 25 2009) - (always valid) [valid now]

Troubleshooting MD5 Authentication


EIGRP Packets debugging is on

(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)

*Jan 21 16:38:51.745: EIGRP: received packet with MD5 authentication, key id = 1

*Jan 21 16:38:51.745: EIGRP: Received HELLO on Serial0/0/0 nbr 192.168.1.102

*Jan 21 16:38:51.745: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely

0/0




R2#

*Jan 21 16:38:38.321: EIGRP: received packet with MD5 authentication, key id = 2

*Jan 21 16:38:38.321: EIGRP: Received HELLO on Serial0/0/0 nbr 192.168.1.101

*Jan 21 16:38:38.321: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely

0/0


Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

EIGRP AS 100

R1(config-if)# key chain R1chain

R1(config-keychain)# key 2

R1(config-keychain-key)# key-string wrongkey

R1(config-keychain-key)#

172.17.2.0 /24

S0/0/0S0/0/0

64 kbps192.168.1.96 /27

.101

.102

.1.1




*Jan 21 16:50:18.749: EIGRP: pkt key id = 2, authentication mismatch

*Jan 21 16:50:18.749: EIGRP: Serial0/0/0: ignored packet from 192.168.1.101, opcode = 5 (invalid

authentication)

*Jan 21 16:50:18.749: EIGRP: Dropping peer, invalid authentication

*Jan 21 16:50:18.749: EIGRP: Sending HELLO on Serial0/0/0

*Jan 21 16:50:18.749: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

*Jan 21 16:50:18.753: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 192.168.1.101

(Serial0/0/0) is down: Auth failure

R2#



R2#

Optimizing EIGRP Implementations

Quantity of routing information exchanged between peers: without proper route summarization, this can be excessive.

Number of routers that must be involved when a topology change occurs.

Depth of topology: the number of hops that information must travel to reach all routers.

Number of alternate paths through the network.

Factors That Influence EIGRP Scalability

Queries are sent when a route is lost and no feasible successor is available.

The lost route is now in “active” state.

Queries are sent to all neighboring routers on all interfaces except the interface to the successor.

If the neighbors do not have their lost-route information, queries are sent to their neighbors.

If a router has an alternate route, it answers the query; this stops the query from spreading in that branch of the network.

EIGRP Query Process

In a large internetwork EIGRP queries can generate many resources.

Several solutions exist to optimize the query propagation process and to limit the amount of unnecessary EIGRP load on the links, including:

◦ Summarization

◦ Redistribution

◦ EIGRP stub routing feature.

Overwhelming EIGRP Query Process

If a router does not receive a reply to all the outstanding queries within default 3 minutes (180 seconds), the route goes into Stuck-in-Active (SIA) state.

Common SIA reasons:

• A router is too busy to answer the query.

• A router cannot allocate the memory to process the query.

• The circuit between the two routers is not reliable.

• The router has unidirectional links.

SIA solutions:

• Redesign the network to limit the query range by route summarization and the ip

summary-address eigrp command.

• Configure the remote routers as stub EIGRP routers.

Stuck-in-Active

SIA Solution: Summarization

Poorly designed networks can make summarization difficult.

Manually summarize the routes whenever possible to support a hierarchical network design.

The more networks EIGRP summarizes, the lower the number of queries being sent out.

• Ultimately reduces the occurrence of SIA errors.

SIA Solution: Summarization

This network design is better because subnet addresses from individual major networks are

localized within each cloud, allowing summary routes configured using the ip summary-

address eigrp command to be injected into the core.

As an added benefit, the summary routes act as a boundary for the queries generated by a

topology change.

The EIGRP Stub Routing feature:

• Improves network stability

• Reduces resource utilization and

• Simplifies remote router (spoke) configuration

SIA Solution: Stub Networks

Stub routing is commonly used in hub-and-spoke topology.

Stub router sends a special peer information packet to all neighboring routers to report its status as a stub router.

• Any neighbor that receives a packet informing it of the stub status does not query the stub router for any routes.

• Stub routers are not queried and instead, hub routers connected to the stub router answer the query on behalf of the stub router.

Only the remote routers are configured as stubs.

EIGRP Stub Routing

EIGRP Stub

Configure a router as a stub router.Router(config-router)#

eigrp stub [receive-only | connected | static | summary | redistributed]


receive-only

Restricts the router from sharing any of its routes with any other router within an EIGRP AS.

Keyword cannot be combined with any other keyword.

connectedPermits the EIGRP stub routing feature to send connected routes.

This option is enabled by default and is the most widely practical stub option.

staticPermits the EIGRP stub routing feature to send static routes.

Redistributing static routes with the redistribute static command is still necessary.

summary

Permits the EIGRP stub routing feature to send automatically summarized and / or manually summarized routes.

This option is enabled by default.

redistributedPermits the EIGRP stub routing feature to send redistributed routes.

Redistributing routes with the redistribute command is still necessary.

Example: EIGRP Stub Parameters

If stub connected is configured:

• B will advertise 10.1.2.0/24 to A.

• B will not advertise 10.1.2.0/23, 10.1.3.0/23, or 10.1.4.0/24.

If stub summary is configured:



Example: EIGRP Stub Parameters (Cont.)

If stub static is configured:



If stub receive-only is configured:

• B won’t advertise anything to A, so A needs to have a static route to the networks behind B to reach them.

Graceful Shutdown

The chapter focused on the following topics:

Features of EIGRP, including fast convergence, use of partial updates, multiple network layer support, use of multicast and unicast, VLSM support, seamless connectivity across all data link layer protocols and topologies, and sophisticated metric.

EIGRP’s underlying processes and technologies—neighbor discovery/recovery mechanism, RTP, DUAL finite state machine, and protocol-dependent modules.

EIGRP's tables—neighbor table, topology table, and routing table

EIGRP terminology:

• Advertised distance (the metric for an EIGRP neighbor router to reach the destination; the metric between the next-hop router and the destination)

• Feasible distance (the sum of the AD from the next-hop neighbor, and the cost between the local router and the next-hop router)

• Successor (a neighboring router that has a least-cost loop-free path to a destination, the lowest FD)

• Feasible successor (a neighboring router that has a loop-free backup path to a destination).

• Passive routes, those not undergoing recomputation; active routes, those undergoing recomputation

The five EIGRP packet types: hello, update, query, reply, and acknowledgment.

• Updates, queries, and replies are sent reliably.

Summary

◦ EIGRP initial route discovery process, started by a router sending hello packets. Neighboring

routers reply with update packets, which populate the router's topology table. The router

chooses the successor routes and offers them to the routing table.

◦ The DUAL process including selecting FSs. To qualify as an FS, a next-hop router must have an AD less than the FD of the current successor route for the particular network, to ensure a loop-free network.

◦ The EIGRP metric calculation, which defaults to bandwidth (the slowest bandwidth between the source and destination) + delay (the cumulative interface delay along the path).

◦ Planning EIGRP implementations, including:

IP addressing

Network topology

EIGRP traffic engineering.

◦ The list of tasks for each router in the network include:

Enabling the EIGRP routing protocol (with the correct AS number)

Configuring the proper network statements

Optionally configuring the metric to appropriate interfaces.

Summary

• Basic EIGRP configuration commands.

• Commands for verifying EIGRP operation.

• Configuring a passive-interface.

• Propagating a default route.

• EIGRP summarization.

• EIGRP over Frame Relay.

• EIGRP over MPLS.

• EIGRP load-balancing

• Configuring, verifying, and troubleshooting EIGRP MD5 authentication.

• EIGRP scalability factors, including the amount of information exchanged, the number of routers, the depth of the topology, and the number of alternative paths through the network.

• The SIA state and how to limit the query range to help reduce SIAs.

• Configuring the remote routers as stub EIGRP routers.

• Graceful shutdown, which broadcasts a goodbye message (in a hello packet, with all K values set to 255) when an EIGRP routing process is shut down, to inform neighbors

Summary (continued)

Understanding OSPF Terminology and Operation

OSPF is a standards-based link-state IP routing protocol described in RFC 2328.

◦ It was developed to meet RIP’s inability to scale beyond 15 routers.

◦ Proposed by IETF in 1988 and formalized in 1991.

◦ There are 2 versions; OSPFv2 is for IPv4 and OSPFv3 is for IPv6.

Open Shortest Path First (OSPF)

OSPF features include:

◦ Fast convergence

◦ Supports VLSM

◦ Efficient use of bandwidth - Routing changes trigger routing updates (no periodic updates)

◦ Supports large network size

◦ Routing based on best path selection

◦ Grouping of members into Areas

OSPF Features

With link-state routing protocols, each router has the full picture of the network topology, and can independently make a decision based on an accurate picture of the network topology.

To do so, each link-state router keeps a record of:

◦ Its immediate neighbor routers.

◦ All the other routers in the network, or in its area of the network, and their attached networks.

◦ The best paths to each destination.

Link-State Protocol Characteristics

Respond quickly to network changes.

Send triggered updates when a network change occurs.

Send periodic updates (link-state refresh), at long intervals, such as every 30 minutes.

◦ Uses LSAs to confirm topology information before the information ages out of the link-state database.

Link-State Protocol Advantages

OSPF databases / tables:

◦ OSPF adjacency database = Neighbor table

◦ OSPF link-state database = Topology table

◦ OSPF forwarding database = Routing table

Link-state advertisements (LSAs)

Link-State Database (LSDB)

Shortest-Path First (SPF) Routing Algorithm

◦ Dijkstra algorithm

SPF Tree

OSPF Areas

◦ Backbone (transit) and standard areas.

Types of OSPF routers:

◦ Internal router, backbone router, Area Border Router (ABR), Autonomous System Boundary Router (ASBR)

◦ Designated Router (DR) and Backup Designated Router (BDR)

OSPF Terminology

OSPF Router Tables / Databases

OSPF maintains three databases which are used to create three tables.

Database Table Description

Adjacency

Database

Neighbor

Table

• List of all neighbors routers to which a router has established bidirectional communication.

• This table is unique for each router.• Can be viewed using the show ip ospf neighbor command.

Link-state

Database

Topology

Table

• List of information about all other routers in the network.• The database shows the network topology.• All routers within an area have identical link-state databases.• Can be viewed using the show ip ospf database command.

Forwarding

Database

Routing

Table

• List of routes generated when an algorithm is run on the link-state database.

• Each router’s routing table is unique and contains information on how and where to send packets to other routers.

• Can be viewed using the show ip route command.

Link-State Advertisements (LSAs)

When a change occurs in the network topology, the router experiencing the change creates a link-state advertisement (LSA) concerning that link.

◦ LSAs are also called link-state protocol data units (PDUs).

The LSA is multicasted to all neighboring devices using either 224.0.0.5 or 224.0.0.6.

Routers receiving the LSA immediately forward it to all neighboring routers.

Link-State Database (LSDB)

Routers receiving add the LSA to their link-state database (LSDB).

The LSDB is used to calculate the best paths through the network.

OSPF best route calculation is based on EdsgerDijkstra's shortest path first (SPF) algorithm.

SPF Routing Algorithm

The SPF algorithm accumulates costs along each path, from source to destination.

◦ The accumulated costs is then used by the router to build a topology table.

SPF Tree and Routing Table

The topology table is essentially an SPF tree which contains a listing of all OSPF networks and the costs to reach them.

The resulting best routes are then considered to be added to the routing table.

To minimize processing and memory requirements, OSPF can divide the routing topology into a two-layer hierarchy called areas.

Characteristics of OSPF areas include:

◦ Minimizes routing table entries.

◦ Localizes impact of a topology change within an area.

◦ Detailed LSA flooding stops at the area boundary.

◦ Requires a hierarchical network design.

OSPF Areas

OSPF Two-Layer Hierarchy

Backbone Area

◦ Referred to as Area 0

◦ Also known as the Transit Area.

Regular (Standard) Areas

◦ Also known as a nonbackbone areas.

◦ All regular areas must connect to the backbone area.

◦ Standard areas can be further defined as stub areas, totally stubby areas, and Not-so-stubby areas (NSSAs).

The optimal number of routers per area varies based on factors such as network stability, but Cisco

recommends:

• An area should have no more than 50 routers.

• A router should not be in more than 3 areas.

How OSPF routers exchange information is based on:

◦ The function of the router.

◦ The type of LSAs it can forward.

◦ The type of area it resides in.

OSPF routers may function as either:

◦ Internal router

◦ Backbone router

◦ Area Border Router (ABR)

◦ Autonomous System Boundary Router (ASBR)

Note:

◦ A router can exist as more than one router type.

OSPF Router Types

OSPF Router Types

Internal

Router

Internal

RoutersInternal

Router

All

Backbone

Routers

ABR and

Backbone

Router

ABR and

Backbone

Router

ASBR and

Backbone

Router

Routers that have all their interfaces within the same area.

Internal routers in the same area:

◦ Have identical LSDBs.

◦ Run a single copy of the routing algorithm.

Internal Router

OSPF design rules require that all areas be connected to a single backbone area (Area 0).

◦ Area 0 is also known as Area 0.0.0.0

An Area 0 router is referred to as a backbone router.

◦ Depending on where it resides in Area 0, it may also be called an Internal router, an ABR, or an ASBR.

Backbone Router

Routers with interfaces attached to multiple areas and responsible for:

◦ Joining areas together.

◦ Maintaining separate link-state databases for each area.

◦ Routing traffic destined to/arriving from other areas.

◦ Summarizing information about each area connected and flooding the information through area 0 to the other areas connected.

◦ An area can have one or more ABR.

ABR cannot send LSU’s to other areas until the entire intra-area is synchronized.

Area Border Router (ABR)

Routers that have at least one interface connected to another AS, such as a non-OSPF network.

Routers support redistribution.

◦ They can import non-OSPF network information to the OSPF network.

Should reside in the backbone area.

Autonomous System Boundary Router (ASBR)

OSPF Router Types

Routers A, B, C, D and E are backbone routers.

• Backbone routers make up Area 0.

Routers C, D and E are area border routers (ABRs).

• ABRs attach all other areas to Area 0.

Routers A, B, F, G, and H are internal routers.

• Internal routers are completely within an area and do not interconnect to any other area or autonomous system (AS).

To reduce the amount of OSPF traffic on multiaccess broadcast networks such as Ethernet, OSPF elects:

◦ A Designated Router (DR)

◦ A Backup Designated Router (BDR)

The DR is responsible for updating all other OSPF routers (called DROTHERs) when a change occurs in the multiaccess network.

◦ The BDR monitors the DR and takes over should the DR fail.

A router connected to multiple broadcast networks can be a DR on one segment and a regular (DROTHER) router on another segment.

DR and BDR Routers

OSPF Metric Calculation

The OSPF metric calculation is based on cost.

Cost is an indication of the overhead required to send packets across a certain interface.

The cost of an interface is inversely proportional to the bandwidth of that interface.

◦ A higher bandwidth is attributed a lower cost.

◦ A lower bandwidth is attributed a higher cost.

Bandwidth

High

Low

Lower Cost

Higher Cost

OSPF Cost Formula

Cost = 100,000,000 / Bandwidth (bps)

For example:

• 10BaseT = 100,000,000 / 10,000,000 = 10

• T1 = 100,000,000 / 1,544,000 = 64

OSPF Packets

OSPF packets are used to perform several functions, including:

◦ Neighbor discovery, to form adjacencies.

◦ Flooding link-state information, to facilitate LSDBs being built in each router.

◦ Running SPF to calculate the shortest path to all known destinations.

◦ Populating the routing table with the best routes to all known destinations.

OSPF Packet

OSPF Packet

Frame Header

Frame Payload

CRCIP

HeaderProtocol Number

(OSPF = 89)

OSPF

Header

OSPF

Message

On a LAN, the OSPF

packet is encapsulated in

an Ethernet frame with a

destination multicast MAC

address of either:

• 01-00-5E-00-00-05

• 01-00-5E-00-00-06

The destination multicast IP

address is set to either:

• 224.0.0.5 (All OSPF routers

listen to this address.)

• 224.0.0.6 (All DR and BDR

routers listen to this address.

The OSPF protocol field is 89.

The OSPF header

identifies the type

of OSPF packet,

the router ID and

the area number.

The OSPF

message

contains the

packet type

specific

message

information.

OSPF Header

OSPF Packet Types

OSPF Packet Types

Five packet types make OSPF capable of sophisticated and complex communications.

Type Packet Name Description

1 HelloDiscovers neighbors and builds

adjacencies between them.

2 DBD

Database description

Checks for database synchronization

between routers.

3 LSR

Link-state request

Requests specific link-state records from

another router.

4 LSU

Link-state update

Sends specifically requested link-state

records.

5 LSAckLink-State Acknowledgment

Acknowledges the other packet types.

OSPF Message

Frame

Header

Frame Payload

CRCIP

Header

Protocol

Number(OSPF = 89)

OSPF Header OSPF MessageOSPF Message

The OSPF message contains different information, depending on the packet type:

Packet Type Contains

Type 1 - Hello Contains a list of known neighbors.

Type 2 - DBDContains a summary of the LSDB, which includes all known router IDs and their last sequence number,

among a number of other fields.

Type 3 - LSR Contains the type of LSU needed and the router ID of the router that has the needed LSU.

Type 4 - LSU Contains the full LSA entries. Multiple LSA entries can fit in one OSPF update packet.

Type 5 - LSAck Data field is empty.

Hello packets are used to:

◦ Discover directly connected OSPF neighbors.

◦ Establish and maintain neighbor adjacencies with these directly connected neighbors.

◦ Advertise parameters on which two routers must agree to become neighbors.

◦ Elect the Designated Router (DR) and Backup Designated Router (BDR) on multi-access networks like Ethernet and Frame Relay.

Type 1 - OSPF Hello Packet


Hello packet fields must match on neighboring routers for them to establish an adjacency:

◦ Hello interval

◦ Dead interval

◦ Network type.

◦ Area id

◦ Authentication password

◦ Stub area flag

Two routers on the same network segment may not form an OSPF adjacency if:

◦ They are not in the same area

◦ The subnet masks do not match, causing the routers to be on separate networks.

◦ The OSPF Hello or Dead Timers do not match.

◦ The OSPF network types do not match.

◦ The OSPF network command is missing or incorrect.


By default, OSPF Hello packets are transmitted to 224.0.0.5 (all OSPF routers) every:

◦ 10 seconds (Default on multiaccess and point-to-point networks).

◦ 30 seconds (Default on NBMA networks – Frame Relay).

The Dead interval is the period, expressed in seconds, that the router will wait to receive a Hello packet before declaring the neighbor "down."

◦ If the Dead interval expires before the routers receive a Hello packet, OSPF will remove that neighbor from its link-state database.

◦ The router floods the link-state information about the "down" neighbor out all OSPF enabled interfaces.

Cisco uses a default of 4 times the Hello interval.

◦ 40 seconds (Default on multiaccess and point-to-point networks).

◦ 120 seconds (Default on NBMA networks – Frame Relay).


The Database Description (DBD) packets contain an abbreviated list of the sending router's link-state database and is used by receiving routers to check against the local link-state database.

The link-state database must be identical on all link-state routers within an area to construct an accurate SPF tree.

Type 2 - OSPF DBD Packet

The Link State Request (LSR) packet is used by the receiving routers to request more information about any entry in the DBD.

Type 3 - OSPF LSR Packet

The Link-State Update (LSU) packets are used for OSPF routing updates.

◦ They reply to LSRs as well as to announce new information.

LSUs contain seven different types of Link-State Advertisements (LSAs).

LSUs contains the full LSA entries.

◦ Multiple LSA entries can fit in one OSPF update packet.

Type 4 - OSPF LSU Packet

LSAck - Link-State Acknowledgement Packet:

◦ When an LSU is received, the router sends a LSAck to confirm receipt of the LSU.

◦ The LSAck data field is empty.

Type 5 - OSPF LSAck Packet

When an OSPF router is initially connected to a network it attempts to create adjacencies with neighbors.

To do so, it progresses through these various states using the 5 OSPF packet types.

OSPF States

Down State

Init State

Two-Way State

ExStart State

Exchange State

Loading State

Full State

No Hello packets received = Down

Send Hello Packets

Transit to Init state

Neighbor Discovery – Hello Protocol

Hello packets received from the neighbor and it

contains the initial router’s router ID.

Transit to two-way state

(Optional) DR and BDR election

Transit to ExStart state

Database Synchronization

Negotiate master / slave relationship and DBD

packet sequence number

DBD exchanged as LSAs are requested and sent

Transit to either Loading or Full state after

completing the database description

Newly learned routes are asked for and current

database is being processed

Route Calculations

Router is synchronized with the neighbor and

route calculations using the SPF algorithm begins

More LSAs

required

Yes

No

Neighbor Discovery – Hello Protocol

R1 R2

172.16.5.0 /24

Fa0/0

.1 .2

Fa0/1

Down State

Init State Hello! I’m router ID 172.16.5.1. Is there anyone else on this link?

Hello

Hello! I’m router ID 172.16.5.2 and I see 172.16.5.1.Hello

R2 neighbor list:

172.16.5.1, int Fa0/1Unicast to R1

R1 neighbor list:

172.16.5.2, int Fa0/0

Two-Way State

Attempt State

Database Synchronization & Route Calc

R1 R2

172.16.5.0 /24

Fa0/0

.1 .2

Fa0/1

ExStart State I will start the exchange because I have router ID 172.16.5.1.

Hello

No, I will start the exchange because I have a higher router ID.Hello

Here is a summary of my link-state database.DBD

Here is a summary of my link-state database.

DBD

Exchange State

Thanks for the information!

LSAckLSAck

Loading State

I need more information on the 172.16.6.0 network.

LSR

Here is the entry for 172.16.6.0/24.LSU

Thanks for the information!

LSAck

Full State

Once neighbors adjacencies have been established, the Hello packet continues to be transmitted every 10 seconds (default) between neighbors.

◦ As long as the other routers keep receiving the Hello packets, the transmitting router and its networks reside in the topology database.

After the topological databases are synchronized, updates (LSUs) are sent only to neighbors when:

◦ A change is perceived (Incremental updates)

◦ Every 30 minutes (Condensed version is forwarded).

Adjacent OSPF Neighbors

Each LSA entry has its own aging timer, which the link-state age field carries.

The default aging timer value for OSPF is 30 minutes (1800 seconds).

After an LSA entry ages, the router that originated the entry sends the LSA, with a higher sequence number, in a link-state update (LSU), to verify that the link is still active.

◦ The LSU can contain one or more LSAs.

◦ This LSA validation method saves on bandwidth compared to distance-vector routers, which send their entire routing table at short, periodic intervals.

Link-State Data Structures

Link-State Data Structures

OSPF Administrative Distance

Route Source Administrative Distance

Connected 0

Static 1

EIGRP Summary 5

External BGP 20

Internal EIGRP 90

IGRP 100

OSPF 110

IS IS 115

RIP 120

External EIGRP 170

Internal BGP 200

Planning OSPF Routing Implementations

Prior to deploying an OSPF routing solution, the following should be considered:

◦ IP addressing plan

◦ Network topology

◦ OSPF areas


Planning to Deploy OSPF

The information necessary to implement OSPF routing includes the following:

◦ The IP addresses to be configured on individual router interfaces.

◦ A list of routers on which OSPF is to be enabled, along with the OSPF process number to use and the connected networks that are to run OSPF and that need to be advertised (per individual router).

◦ The area in which each interface is to be configured.

◦ Metrics that need to be applied to specific interfaces, or OSPF traffic engineering.

In the implementation plan, OSPF tasks include the following:

◦ Enabling the OSPF routing protocol, directly on an interface or by using the correct network

command under the OSPF routing process configuration mode.

◦ Assigning the correct area id to the interface, via the OSPF configuration on the interface or under the OSPF routing process configuration mode.

◦ Optionally configuring the metric to appropriate interfaces.

Implementing OSPF

After implementing OSPF, verification should confirm proper deployment on each router.


◦ Verifying that the appropriate OSPF neighbor relationships and adjacencies are established

◦ Verifying that the OSPF LSDB is populated with the necessary information.

◦ Verifying that IP routing table is populated with the necessary information.

◦ Verifying that there is connectivity in the network between routers and to other devices.

◦ Verifying that OSPF behaves as expected in a case of a topology change, by testing link failure and router failure events.

Verifying OSPF

After a successful OSPF deployment, the solution and verification process and results should be

documented for future reference.


◦ A topology map

◦ The IP addressing plan

◦ The area hierarchy

◦ The networks and interfaces included in OSPF on each router

◦ The default and any special metrics configured

◦ The verification results.

Documenting

Configuring and Verifying Basic OSPF

Enable OSPF Routing

Define OSPF as the IP routing protocol.

Router(config)#

router ospf process-id

The process-id is an internally used number that identifies the OSPF routing process.

The process-id does not need to match process IDs on other routers

It can be any positive integer in the range from 1 to 65535.

Identify OSPF Networks

Define OSPF networks to advertise to OSPF neighbors.


network ip-address [wildcard-mask] area area-id

The ip-address parameter can be a network, a subnet, or the address of a directly

connected interface.

The wildcard-mask is an inverse mask used to determine how to interpret the address.

• The mask has wildcard bits, where 0 is a match and 1 is “don’t care.”

• For example, 0.0.255.255 indicates a match in the first 2 octets.

• The area-id parameter specifies the OSPF area to be associated with the address.

Recall that a wildcard mask is the inverse of a subnet mask.

An easy way to calculate the inverse of the subnet mask, is to subtract the subnet mask from255.255.255.255.

For example, the inverse of subnet mask 255.255.255.252 is 0.0.0.3.

The Wildcard Mask

255.255.255.255

– 255.255.255.252

0. 0. 0. 3

Identify OSPF Networks

Optional method to enable OSPF explicitly on an interface.

Router(config-if)#

ip ospf process-id area area-id

The process-id parameter can be a network, a subnet, or the address of a directly

connected interface.

• The area-id parameter specifies the OSPF area to be associated with the address.

• Because this command is configured explicitly for the interface, it takes precedence over thenetwork area command.

Define the Interface Bandwidth

Defines the interface’s bandwidth (optional).

Router(config-if)#

bandwidth kilobits

The kilobits parameter indicates the intended bandwidth in kbps.

For example, to set the bandwidth to 512,000 bps, use the bandwidth 512 command.

The configured bandwidth is used by routing protocols in the metric calculation.

The command does not actually change the speed of the interface.

Configuring Single-Area OSPF Example

R2 R3

OSPF Area 0

S0/0/1S0/0/1

64 kbps

10.2.1.0 /24

.2

.1R1 Fa0/0

.1

Fa0/0

.2

10.64.0.0 /24








R2(config-if)# exit

R2(config)#




R1(config-if)# exit

R1(config)#





R3(config-if)# exit

R3(config)#

Configuring Single-Area OSPF Example

R2 R3

OSPF Area 0

S0/0/1S0/0/1

64 kbps

10.2.1.0 /24

.2

.1R1 Fa0/0

.1

Fa0/0

.2

10.64.0.0 /24

R1(config)# router ospf 1

R1(config-router)# network 10.0.0.0 0.255.255.255 area 0

R1(config-router)#




R2(config-router)#



R3(config-router)#

Configuring Multi-Area OSPF Example

R2 R3

OSPF Area 0

S0/0/1S0/0/1

64 kbps

10.2.1.0 /24

.2

.1R1 Fa0/0

.1

Fa0/0

.2

10.64.0.0 /24

OSPF Area 1



R1(config-router)#




R2(config-router)#



R3(config-router)#

Alternate Multi-Area OSPF Configuration

R2 R3

OSPF Area 0

S0/0/1S0/0/1

64 kbps

10.2.1.0 /24

.2

.1R1 Fa0/0

.1

Fa0/0

.2

10.64.0.0 /24

OSPF Area 1



R1(config-router)#


R2(config-if)# ip ospf 50 area 1

R2(config-if)# exit

R2(config)#



R2(config-router)#



R3(config-router)#

A router is known to OSPF by the OSPF router ID number.

◦ LSDBs use the OSPF router ID to differentiate one router from the next.

By default, the router ID is the highest IP address on an active interface at the moment of OSPF process startup.

◦ However, for stability reason, it is recommended that the router-id command or a

loopback interface be configured.

OSPF Router ID

OSPF Router ID

Router ID

explicitly

configured?

Use that as

the Router-ID

YesNo

Loopback

interface

configured?

Yes

No

Use the highest active

configured IP address

Use the highest

configured loopback IP

address

Define the Router ID

Assign a specific router ID to the router.


router-id ip-address

Any unique arbitrary 32-bit value in an IP address format (dotted decimal) can be used.

If this command is used on an OSPF process that is already active, then the new router ID takes effect:

After the next router reload.

After a manual restarting of the OSPF process using the clear ip ospf process

privileged EXEC command.

Verifying the Router-ID

R2 R3

OSPF Area 0

S0/0/1S0/0/1

64 kbps

10.2.1.0 /24

.2

.1R1 Fa0/0

.1

Fa0/0

.2

10.64.0.0 /24

OSPF Area 1

R2# show ip ospf

Routing Process “ospf 50” with ID 10.64.0.2

<output omitted>

Command Description

show ip protocolsDisplays OSPF process ID, router ID, networks

router is advertising & administrative distance

show ip ospf neighbors Displays OSPF neighbor relationships.

show ip route Displays the routing table.

show ip ospf interface Displays hello interval and dead interval

show ip ospf

Displays OSPF process ID, router ID, OSPF area

information & the last time SPF algorithm

calculated

Verifying OSPF

Verifying OSPF: show ip protocols


Routing Protocol is “ospf 1”

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Router ID 10.64.0.1

Number of areas in this router is 1. 1 normal 0 stub 0 nssa

Maximum path: 4


10.0.0.0 0.255.255.255 area 0

Reference bandwidth unit is 100 mbps

<output omitted>


Verifying OSPF: show ip ospf neighbors

R2# show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.64.0.1 1 FULL/DROTHER 00:00:30 10.64.0.1 FastEthernet0/0

10.2.1.1 1 FULL/ - 00:00:34 10.2.1.1 Serial0/0/1

Display OSPF neighbors.

Lists the neighbors

in the order they

were learned.

The OSPF priority

of the interface.

The OSPF state of the interface.

FULL state means that the router

and its neighbor have identical

OSPF link-state databases.

The amount of time remaining that

the router will wait to receive an

OSPF Hello packet from the

neighbor before declaring the

neighbor down.

The IP address of the neighbor's

interface to which this router is

directly connected.

The interface on which

this router has formed

adjacency with the

neighbor.

Verifying OSPF: show ip route ospf

R1# show ip route ospf


O IA 10.2.1.0/24 [110/782] via 10.64.0.2, 00:03:05, FastEthernet0/0

R1#

Verify that the router recognizes OSPF routes.

To clear all routes from the IP routing table, use:

Router# clear ip route *

To clear a specific route from the IP routing table, use:

Router# clear ip route A.B.C.D

Clearing the OSPF Routing Table

Verifying OSPF: show ip ospf interface

R1# show ip ospf interface fastEthernet 0/0

FastEthernet0/0 is up, line protocol is up

Internet Address 10.64.0.1/24, Area 0

Process ID 1, Router ID 10.64.0.1, Network Type BROADCAST, Cost: 1

Transmit Delay is 1 sec, State DROTHER, Priority 0

Designated Router (ID) 10.64.0.2, Interface address 10.64.0.2

No backup designated router on this network

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

oob-resync timeout 40

Hello due in 00:00:04

Supports Link-local Signaling (LLS)

Index 1/1, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 4

Last flood scan time is 0 msec, maximum is 4 msec

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 10.64.0.2 (Designated Router)

Suppress hello for 0 neighbor(s)

Verify OSPF configured interfaces.

Verifying OSPF: show ip ospf

R2# show ip ospf

Routing Process “ospf 50” with ID 10.64.0.2

<output omitted>

Area BACKBONE(0)

Area has no authentication

SPF algorithm last executed 00:01:25.028 ago

SPF algorithm executed 7 times

<output omitted>

Area 1

Number of interfaces in this area is 1

Area has no authentication

SPF algorithm last executed 00:00:54.636 ago

SPF algorithm executed 3 times

<output omitted>

R2#

Verify general OSPF information.

Understanding OSPF Network Types

OSPF defines three types of network:

OSPF Network Types

Network Type Description Example

Broadcast• A multiaccess broadcast network.

• DR / BDR required.All Ethernet networks

Point-to-point• A network that joins a single pair of routers.

• No DR / BDR required.

Serial link using PPP /

HDLC

Nonbroadcast

multiaccess

(NBMA)

• A network that interconnects more than two routers but

that has no broadcast capability.

• DR / BDR may or may not be required.

• There are five modes of OSPF operation available for

NBMA networks:

• RFC-compliant modes:

• non-broadcast

• point-to-multipoint

• Cisco proprietary modes:

• broadcast

• point-to-multipoint non-broadcast

• point-to-point

• The choice of mode depends on the topology of the

NBMA network.

Frame Relay

ATM

X.25

Broadcast

DR /BDR election required since there could be many devices.

• Establishing adjacencies with all routers in a broadcast network would easily overload a router due to the overhead of maintaining those adjacencies.

• Instead, OSPF routers form full adjacencies with the DR and BDR only.

Packets to all OSPF routers are forwarded to 224.0.0.5.

Packets to the DR / BDR are forwarded to 224.0.0.6.

Broadcast Challenge: Multiple Adjacencies

A challenge of broadcast network is the number of adjacencies that would be required.

• One adjacency for every pair of routers.

• This would increase network traffic and load on each router to manage each individual adjacency.

Broadcast Challenge: Extensive LSAs

Another challenge is the increase in network LSAs.

• Every LSA sent out also requires an acknowledgement.

Consequence:

• Lots of bandwidth consumed

• Chaotic traffic

Solution: Designated Router

A designated router (DR) and backup designated router (BDR) solve these challenges because they:

• Reduce routing update traffic

• Manage link-state synchronization

The DR is elected and becomes responsible for maintaining the topology table for the segment.

This DR has two main functions:

◦ To become adjacent to all other routers on the network segment.

◦ To act as a spokesperson for the network.

As spokesperson the DR becomes the focal point for collecting and sending routing information (LSAs).

Designated Router (DR)

For fault tolerance, a second router is elected as the BDR.

◦ The BDR must also become adjacent to all routers on the network and must serve as a second focal point for LSAs.

◦ However, the BDR is not responsible for updating the other routers or sending network LSAs.

The BDR keeps a timer on the DR's update activity to ensure that it is operational.

◦ If the BDR does not detect activity from the DR after the timer expires, the BDR immediately becomes the DR and a new BDR is elected.

Backup Designated Router (BDR)

DRs and BDRs are elected on a per-network basis and therefore each network segment has its own DR and BDR.

◦ For example, a router connected to multiple multiaccess broadcast networks can be a DR on one segment and a regular (DROTHER) router on another segment.

The election process is accomplished dynamically using the Hello protocol.

◦ However, the election can be manually manipulated the ip ospf priority number

interface configuration command.

After a DR and BDR have been selected, any router added to the broadcast network establishes full adjacencies with the DR and BDR only.

DR/BDR

Assigning Router Priority

Assign a specific OSPF priority to the router.

Router(config-if)#

ip ospf priority number

A router interface can have a priority number between 0 - 255:

0 = DROTHER - Router cannot be a DR

1 = Favorable - Default for all routers

255 = Very favorable- Ensures at least of a tie.

The priority must be configured before the election takes place to figure into the election.

To display an interface's priority value and other key information use the show ip ospf interface

command.

1. All neighbors with a priority > 0 are listed.

2. The router with highest priority is elected BDR.

If there is a tie, the highest router IDs are used.

3. If there is no DR, the BDR is promoted as DR.

4. The neighbor with the next highest priority is elected BDR.

The Election of the DR

The DR / BDR maintain these roles until they fail even when more routers with higher priorities show up on the network.

To influence the election of DR & BDR, do one of the following:

◦ Boot up the DR first, followed by the BDR, and then boot all other routers.

OR

◦ Shut down the interface on all routers, followed by a no shutdown on the DR, then the BDR,

and then all other routers.

Manipulating the Election Process

Point-to-Point

Both routers become fully adjacent to each another.

Usually a serial interface running either PPP or HDLC.

• May also be a point-to-point subinterface running Frame Relay or ATM.

No DR /BDR election required since there are only two devices.

OSPF autodetects this type of network.

Packets are sent to 224.0.0.5.

Multi-Protocol Label Switching (MPLS) is an Internet Engineering Task Force (IETF) standard architecture that combines the advantages of Layer 3 routing with the benefits of Layer 2 switching.

A unique feature of MPLS is its capability to perform label stacking, in which multiple labels can be carried in a packet.

The top label, which is the last one in, is always processed first.

◦ Label stacking enables multiple LSPs to be aggregated, thereby creating tunnels through multiple levels of an MPLS network.

OSPF over MPLS

OSPF over Layer 3 MPLS VPN

The customer and provider edge routers are running OSPF.

• However the internal provider routers do not.

The customer has to agree upon OSPF parameters with the service provider (SP) to ensure connectivity.

• These parameters are often governed by the SP.

OSPF over Layer 2 MPLS VPN

The Layer 2 MPLS VPN backbone and the provider routers are not visible to the customer routers.

• A neighbor relationship is established directly between OSPF enabled routers over the MPLS backbone, and behaves in the same way as on an Ethernet broadcast network therefore DR and BDR routers are elected.

Frame Relay, ATM, and X.25 are examples of NBMA networks.

The default OSPF hello and dead intervals on NBMA interfaces are 30 seconds and 120 seconds, respectively.

Although NBMA networks can support more than two routers, they have no inherent broadcast capability.

◦ This can create reachability issues.

To implement broadcasting or multicasting, the router replicates the packets to be broadcast or multicast and sends them individually on each permanent virtual circuit (PVC) to all destinations.

◦ This process is CPU and bandwidth intensive.

Nonbroadcast Multiaccess (NBMA)

By default, OSPF cannot automatically build adjacencies with neighbor routers over NBMA interfaces.

OSPF considers the NBMA environment to function similarly to other multiaccess media such as Ethernet.

◦ However, NBMA networks are usually hub-and-spoke (star) topologies using PVCs or switched virtual circuits (SVCs).

◦ In these cases, the physical topology does not provide the multiaccess capability on which OSPF relies.

The election of the DR becomes an issue in NBMA topologies because the DR and BDR need to have full Layer 2 connectivity with all routers in the NBMA network.

The DR and BDR also need to have a list of all the other routers so that they can establish adjacencies.

DR Election in an NBMA Topology

OSPF over NBMA Topology

Depending on the network topology, several OSPF configuration choices are available for a Frame Relay network.

There are five NBMA topology modes of operation:

◦ Two official OSPF modes described in RFCs

◦ Three customized Cisco modes.

RFC 2328-compliant modes are as follows:

◦ Nonbroadcast (NBMA)

◦ Point-to-multipoint

Cisco modes are as follows:

◦ Point-to-multipoint nonbroadcast

◦ Broadcast

◦ Point-to-point

OSPF NBMA topology modes are configured using the ip ospf network interface


◦ Some modes require that a neighbor be manually configured using the neighbor router


OSPF over NBMA Topology

Assign an NBMA Topology Mode

Define an OSPF network type on an interface.

Router(config-if)#

ip ospf network [{non-broadcast | point-to-multipoint [non-

broadcast] | broadcast | point-to-point}]

The choice of mode depends on the NBMA topology.

The default OSPF mode on a Frame Relay:

◦ Interface is non-broadcast mode.

◦ Point-to-point subinterface is point-to-point mode.

◦ Multipoint subinterface is non-broadcast mode.

NBMA Modes Description

non-broadcast

(RFC-compliant)

• One IP subnet.

• Neighbors must be manually configured.

• DR and BDR are elected.

• DR and BDR need to have full connectivity with all other routers.

• Typically used in a full- or partial-mesh topology.

point-to-multipoint

(RFC-compliant)

• One IP subnet.

• Uses a multicast OSPF hello packet to automatically discover the neighbors.

• DR and BDR are not required. The router sends additional LSAs with more information about

neighboring routers.

• Typically used in a partial-mesh or star topology.

point-to-multipoint

nonbroadcast

(Cisco proprietary)

• If multicast and broadcast are not enabled on the VCs, the RFC-compliant point-to-multipoint

mode cannot be used, because the router cannot dynamically discover its neighboring routers

using the hello multicast packets; this Cisco mode should be used instead.

• Neighbors must be manually configured.

• DR and BDR election is not required.

broadcast

(Cisco proprietary)

• Makes the WAN interface appear to be a LAN.

• One IP subnet.

• Uses a multicast OSPF hello packet to automatically discover the neighbors.

• DR and BDR are elected.

• Full- or partial-mesh topology.

point-to-point

(Cisco proprietary)

• Different IP subnet on each subinterface.

• No DR or BDR election.

• Used when only two routers need to form an adjacency on a pair of interfaces.

• Interfaces can be either LAN or WAN.

NBMA Topology Modes of Operation

Identify a Neighboring Router

Statically define adjacent relationships in NBMA networks.


neighbor ip-address [priority number] [poll-interval

number] [cost number] [database-filter all]


ip-address • Specifies the IP address of the neighboring router.

priority number• (Optional) Specifies priority of neighbor. The default is 0, which

means that the neighboring router does not become the DR or BDR.

poll-interval number

• (Optional) Specifies how long an NBMA interface waits before

sending hellos to the neighbors even if the neighbor is inactive. The

poll interval is defined in seconds.

cost number

• (Optional) Assigns a cost to the neighbor in the form of an integer

from 1 to 65535. Neighbors with no specific cost configured assume the cost of the interface based on the ip ospf cost command.

• For point-to-multipoint interfaces, the cost keyword and the

number argument are the only options that are applicable. This

keyword does not apply to nonbroadcast mode.

database-filter all • (Optional) Filters outgoing LSAs to an OSPF neighbor.

Non-Broadcast Mode Example (Full-Mesh)

Characteristics of the RFC-compliant non-

broadcast parameter include:

◦ A full-mesh topology is typically used therefore the DR and BDR are dynamically elected.

DR / BDR require full connectivity with all other routers.

◦ One IP subnet.

◦ OSPF neighbors must be manually configured.


R1(config-if)# ip ospf network non-broadcast

R1(config-if)# exit



R1(config-router)# neighbor 192.168.1.2

R1(config-router)# neighbor 192.168.1.3

Non-Broadcast Mode Example (Partial-Mesh)

Characteristics of the RFC-compliant non-broadcast

parameter include:

◦ If a partial-mesh topology is used then the DR and BDR are elected manually using the priority

parameter on the hub router.

◦ One IP subnet.



R1(config-if)# ip ospf network non-broadcast

R1(config-if)# exit



R1(config-router)# neighbor 192.168.1.2 priority 0


Point-to-multipoint Mode Example

Characteristics of the RFC-compliant point-to-

multipoint parameter

include:

◦ Used with partial-mesh or hub-and-spoke (star) topology.

◦ One IP subnet.

◦ DR and BDR not required.

◦ Uses multicast OSPF hello packets to dynamically discover neighbors.


R1(config-if)# ip ospf network point-to-multipoint

R1(config-if)# exit



R1(config-router)#

Point-to-multipoint non-broadcast Mode

Characteristics of Cisco’spoint-to-multipoint

non-broadcast parameter

include:



◦ Used in special cases where neighbors cannot be automatically discovered.


R1(config-if)# ip ospf network point-to-multipoint non-broadcast

R1(config-if)# exit



R1(config-router)# neighbor 192.168.1.2 cost 10

R1(config-router)# neighbor 192.168.1.3 cost 20

Broadcast Mode Example

Characteristics of Cisco’sbroadcast parameter include:

◦ DR and BDR are elected and require full connectivity with all other routers.

◦ Can be configured for a full-mesh topology or a static election of the DR based on the interface priority.

◦ One IP subnet.

◦ Uses multicast OSPF hello packets to dynamically discover neighbors.


R1(config-if)# ip ospf network broadcast

R1(config-if)# exit



R1(config-router)#

Point-to-point Mode Example

Characteristics of Cisco’spoint-to-point parameter

include:

◦ Partial mesh or star topology.


◦ Only IP subnet.



R1(config-if)# encapsulation frame-relay

R1(config-if)# ip ospf network point-to-point

R1(config-if)# exit



R1(config-router)#

OSPF can also be run over subinterfaces.

◦ A subinterface is a physical interface that can be split into multiple logical interfaces.

◦ Each subinterface requires an IP subnet.

Subinterfaces can be defined as either a point-to-point or multipoint interface.

◦ A point-to-point subinterface has similar properties to a physical point-to-point interface.

Note:

The ip ospf network command is not required.

Subinterfaces

Define a Subinterface

Define a subinterface.

Router(config)#

interface serial number.subinterface-number {multipoint

| point-to-point}


number.subinterface-

number

Specifies the interface number and subinterface number.

The subinterface number is in the range of 1 to

4294967293.

The interface number that precedes the period (.) is the

interface number to which this subinterface belongs.

multipointSpecifies that the subinterface is multipoint; on multipoint

subinterfaces routing IP, all routers are in the same subnet.

point-to-point

Specifies that the subinterface is point-to-point; on point-to-

point subinterfaces routing IP, each pair of point-to-point

routers is in its own subnet.

Using Point-to-point Subinterfaces

Characteristics:

◦ Same properties as any physical point-to-point physical interface


◦ One IP subnet per subinterface pair.

◦ Used when only 2 routers need to form an adjacency on a pair of interfaces.}



R1(config-if)# interface S0/0/0.1 point-to-point

R1(config-subif)# ip address 10.1.1.1 255.255.255.0

R1(config-subif)# interface S0/0/0.2 point-to-point


R1(config-subif)# router ospf 1



Using Multipoint Subinterfaces

The example has one point-to-point subinterface and one multipoint subinterface.

◦ The multipoint subinterface supports two other routers in a single

Multipoint Frame Relay subinterfaces default to OSPF nonbroadcast mode, which requires neighbors to be statically configured and a DR and BDR election.



R1(config-if)# interface S0/0/0.1 point-to-point


R1(config-subif)# interface S0/0/0.2 multipoint


R1(config-subif)# router ospf 1




OSPF over NBMA Topology Summary

OSPF ModeNBMA

Preferred Topology

Subnet Address Hello Timer Adjacency RFC or

Cisco Example

Non-broadcastFull or partial

meshSame 30 sec

Manual configuration

DR/BDR electedRFC

Frame Relay configured on a serial interface

Point-to-multipoint

Partial mesh or star

Same 30 secAutomatic

No DR/BDRRFC

OSPF over Frame Relay mode that eliminates the need for a DR; used when VCs support multicast and broadcast

Point-to-multipoint

nonbroadcast

Partial mesh or star

Same 30 secManual

configuration

No DR/BDRCisco

OSPF over Frame Relay mode that eliminates the need for a DR; used when VCs do not support multicast and broadcast

BroadcastFull or partial

meshSame 10 sec

Automatic

DR/BDR electedCisco

LAN interface such as Ethernet

Point-to-pointPartial mesh or

star, using subinterfaces

Different for each

subinterface10 sec

Automatic

No DR/BDRCisco

Serial interface with point-to-point subinterfaces

Understanding OSPF LSAs

LSAs are the building blocks of the OSPF LSDB.

◦ Individually, LSAs act as database records.

◦ When combined, they describe the entire topology of an OSPF area.

There are several types of OSPF network LSAs

◦ Not all are in use.

LSAs

LSA Type Description

1 Router LSA

2 Network LSA

3 and 4 Summary LSAs

5 AS external LSA

6 Multicast OSPF LSA

7 Defined for NSSAs

8 External attributes LSA for Border Gateway Protocol (BGP)

9, 10, or 11 Opaque LSAs

LSA Type 1: Router LSA

Generated by all routers in an area to describe their directly attached links (Intra-area routes).

• Floods within its area only and cannot cross an ABR.

• LSA includes list of directly attached links and is identified by the router ID of the originating router

• Routing Table Entry = O

LSA Type 1: Link Types

Link Type Description Link-state ID

1Point-to-point connection to another router

Neighboring router ID

2 Connection to a transit network IP address of DR

3 Connection to a stub network IP network/subnet number

4 Virtual link Neighboring router ID

LSA Type 2: Network LSA

Advertised by the DR of the broadcast network.

• Floods within its area only; does not cross ABR.

• Link-state ID is the DR.

• Routing Table Entry = O

LSA Type 3: Summary LSA

Advertised by the ABR of originating area.

• Regenerated by subsequent ABRs to flood throughout the autonomous system.

• By default, routes are not summarized, and type 3 LSA is advertised for every subnet.

• Link-state ID is the network or subnet advertised in the summary LSA

• Routing Table Entry = O IA

LSA Type 4: Summary LSA

Generated by the ABR of the originating area to advertise an ASBR to all other areas in the autonomous system.

• They are regenerated by all subsequent ABRs to flood throughout the autonomous system.

• Link-state ID is the router ID of the ASBR.

• Routing Table Entry = O IA

LSA Type 5: External LSA

Used by the ASBR to advertise networks from other autonomous systems.

• Type 5 LSAs are advertised and owned by the originating ASBR.

• The Link-state ID is the external network number.

• Routing Table Entry = O E1 or O E2

LSA Type 7: NSSA LSA

Generated by an ASBR inside a Not-so-stubby area (NSSA) to describe routes redistributed into the NSSA.

• LSA 7 is translated into LSA 5 as it leaves the NSSA.

• Routing Table Entry = O N1 or O N2

• Much like LSA 5, N2 is a static cost while N1 is a cumulative cost that includes the cost up to the ASBR.

ABR

Interpreting the OSPF LSDB and Routing Table

Interpreting the OSPF Database

R1# show ip ospf database

OSPF Router with ID (10.0.0.11) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

10.0.0.11 10.0.0.11 548 0x80000002 0x00401A 1

10.0.0.12 10.0.0.12 549 0x80000004 0x003A1B 1

100.100.100.100 100.100.100.100 548 0x800002D7 0x00EEA9 2

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

172.31.1.3 100.100.100.100 549 0x80000001 0x004EC9

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

10.1.0.0 10.0.0.11 654 0x80000001 0x00FB11

10.1.0.0 10.0.0.12 601 0x80000001 0x00F516

<output omitted>

Use the show ip ospf database command to gather link state information.

Each LSA in the LSDB maintains a sequence number.

◦ The sequence numbering scheme is a 4-byte number that begins with 0x80000001 and ends with 0x7FFFFFFF.

OSPF floods each LSA every 30 minutes to maintain proper database synchronization.

◦ Each time the LSA is flooded, the sequence number is incremented by one.

Ultimately, an LSA sequence number will wrap around to 0x80000001.

◦ When this occurs, the existing LSA is prematurely aged to maxage (one hour) and flushed.

When a router encounters two instances of an LSA, it must determine which is more recent.

◦ The LSA having the newer (higher) LS sequence number is more recent.

LSA Sequence Numbering

Route Designator in Routing Table

R1# show ip route

<output omitted>



O IA 172.31.2.0 [110/1563] via 10.1.1.1, 00:12:35, FastEthernet0/0

O IA 172.31.1.0 [110/782] via 10.1.1.1, 00:12:35, FastEthernet0/0


C 10.200.200.13/32 is directly connected, Loopback0


O 10.1.2.0/24 [110/782] via 10.1.3.4, 00:12:35, Serial0/0/0


O 10.1.0.0/24 [110/782] via 10.1.1.1, 00:12:37, FastEthernet0/0

O E2 10.254.0.0/24 [110/50] via 10.1.1.1, 00:12:37, FastEthernet0/0

Route Designator Description

O OSPF intra-area (router LSA) and network LSA

• Networks from within the router’s area.

Advertised by way of router LSAs and

network LSAs.

O IA OSPF interarea (summary LSA)

• Networks from outside the router’s

area but within the OSPF AS.

Advertised by way of summary LSAs.

O E1 Type 1 external routes• Networks from outside the router’s AS,

advertised by way of external LSAs.

O E2 Type 2 external routes• Networks from outside the router’s AS,

advertised by way of external LSAs.

1. All routers calculate the best paths to destinations within their area (intra-area) and add these entries to the routing table.

◦ Includes type 1 and 2 LSAs, noted with a designator of O.

2. All routers calculate the best paths to the other areas.

◦ Includes type 3 and 4 LSAs, noted with a designator of O IA.

3. All routers (except stub areas) calculate the best paths to the external autonomous system (type 5) destinations.

◦ Includes either external type 1 (E1), indicated with an O E1 or external type 2 (E2), indicated with an O E2.

Best Path Calculation

The cost of an external route varies, depending on the external type configured on the ASBR.

An ASBR can be configured to send out two types of external routes into OSPF.

◦ Denoted in the routing table as E1 for Type 1

◦ Denoted in the routing table as E2 for Type 2.

Depending on the type, OSPF calculates the cost of external routes differently.

ASBR – Type 1 and 2 Routes

O E1 Routes

◦ The metric is calculated by adding the external cost to the internal cost of each link that the packet crosses.

Use this packet type when there are multiple ASBRs advertising a route to the same autonomous system.

O E2 Routes

◦ The packet will always have the external cost assigned, no matter where in the area it crosses.

Default setting on ASBRs.

Use this packet type if only one router is advertising a route to the autonomous system.

Type 2 routes are preferred over Type 1 routes unless two equal cost routes exist to the destination.

ASBR – Type 1 and 2 Routes

E2 Routes

By default, RTA uses a Type 2 metrics to send external routing information.

RTB will receive the external RIP routes, including 9.0.0.0/8 from RTA.

When RTB forwards this route, the metric for the external route remains the same (in this case, 20).

E1 Routes

If RTA is configured to use a Type 1 metric with external routes, OSPF will increment the metric value of the external route according to its standard cost algorithm.

Configuring OSPF LSDB Overload Protection

Limit the processing of LSAs for a defined OSPF process.


max-lsa maximum-number [threshold-percentage] [warning-only]

[ignore-time minutes] [ignore-count count-number] [reset-

time minutes]


maximum-number Maximum number of LSAs that the OSPF process can keep in the OSPF LSDB.

threshold-percentage(Optional) The percentage of the maximum LSA number, as specified by the maximum-

number argument, at which a warning message is logged. The default is 75 percent.

warning-only(Optional) Specifies that only a warning message is sent when the maximum limit for

LSAs is exceeded; the OSPF process never enters ignore state. Disabled by default.

ignore-time minutes(Optional) Specifies the time, in minutes, to ignore all neighbors after the maximum limit

of LSAs has been exceeded. The default is 5 minutes.

ignore-count count-number(Optional) Specifies the number of times that the OSPF process can consecutively be

placed into the ignore state. The default is five times.

reset-time minutes(Optional) Specifies the time, in minutes, after which the ignore count is reset to 0. The

default is 10 minutes.

Configuring and Verifying Advanced OSPF Features

OSPF Passive-Interface

Prevent OSPF updates out a specified router interface.


passive-interface type number [default]

Set a particular interface or all router interfaces to passive.

The default option sets all router interfaces to passive.

For OSPF, the command:

The specified interface appears as a stub network in the OSPF domain

The OSPF routing information is neither sent nor received through the specified router interface.

Prevents neighbor relationships from being established.

Passive-Interface Example



R1(config-router)#



R2(config-router)#

Alternate configuration:








Fa0/0Fa0/0

R1 R2

172.16.1.0 /24

Internet

192.168.1.0 /27

172.17.2.0 /24

64 kbps

192.168.1.96 /27

.101

.102S0/0/1

S0/0/0S0/0/0

.1

.1.1

To propagate a default route in OSPF, use the default-information originate router


◦ A default static rote also needs to be configured on the originating router

Once configured, the default route has to be propagated into the OSPF domain.

Propagating a Default Route

default-information originate Command

Configures a router to generate a default external route into an OSPF routing domain.


default-information originate [always] [metric metric-

value] [metric-type type-value] [route-map map-name]


always(Optional) Specifies that OSPF always advertises the default route regardless of

whether the router has a default route in the routing table.

metric

metric-value

(Optional) A metric used for generating the default route. If you omit a value and do

not specify a value using the default-metric router configuration command, the

default metric value is 1. Cisco IOS Software documentation indicates that the

default metric value is 10; testing shows that it is actually 1.

metric-type

type-value

(Optional) The external link type that is associated with the default route that is

advertised into the OSPF routing domain. It can be one of the following values: 1—

Type 1 external route 2—Type 2 external route. The default is type 2 external route

(indicated by O*E2 in the routing table).

route-map

map-name

(Optional) Specifies that the routing process generates the default route if the route

map is satisfied.

default-information originate Example



R1(config-router)# default-information originate metric 10

R1(config-router)# exit

R1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.2

R1(config)#

R1

R2

OSPF Domain

ISP A.1

172.16.1.0 /24

.2

ISP B

10.1.1.1

10.2.1.1.1

172.17.1.0 /24

.2

0.0.0.0 Cost 10

0.0.0.0 Cost 100



R2(config-router)# default-information originate metric 100


R2(config)# ip route 0.0.0.0 0.0.0.0 172.17.1.2

R2(config)#

Route summarization involves consolidating multiple routes into a single advertisement.

Proper route summarization directly affects the bandwidth, memory and CPU, that are consumed by the OSPF process.

◦ If a network link fails or flaps, the topology change will not be propagated into the backbone or other areas.

◦ It protects routers from needless routing table recalculations.

◦ Because the SPF calculation places a significant demand on the router's CPU, proper summarization is an imperative part of OSPF configuration.

Route Summarization

Using Route Summarization

IA 172.16.16.0 255.255.252.0

IA 172.16.8.0 255.255.248.0

Inter-area summarization

◦ Performed at the ABR and creates Type 3 LSAs.

External summarization

◦ Performed at the ASBR and creates Type 5 LSAs.

Both have the same fundamental requirement of contiguous addressing.

If summarization is not configured correctly and there are multiple ASBRs, or multiple ABRs in an area, suboptimal routing is possible.

◦ For example, summarizing overlapping ranges from two different routers can cause packets to be sent to the wrong destination.

Types of Route Summarization

Intra-Area Summarization

Configure an ABR to summarize routes for a specific area.


area area-id range address mask [advertise | not-

advertise] [cost cost]


area area-id Identifies the area subject to route summarization.

address The summary address designated for a range of addresses.

mask The IP subnet mask used for the summary route.

advertise(Optional) Sets the address range status to advertise and generates a type

3 summary LSA.

not-advertise

(Optional) Sets the address range status to DoNotAdvertise. The type 3

summary LSA is suppressed, and the component networks remain hidden

from other networks.

cost cost

(Optional) Metric or cost for this summary route, which is used during the

OSPF SPF calculation to determine the shortest paths to the destination.

The value can be 0 to 16777215.

Intra-Area Summarization Example




R1(config-router)# area 0 range 172.16.96.0 255.255.224.0


R1(config-router)#






R2(config-router)#

Area 0172.16.96.0 /24 - 172.16.127.0 /24

Area 1172.16.32.0 /24 - 172.16.63.0 /24

Area 2172.16.64.0 /24 - 172.16.95.0 /24

R1 R2

External Summarization

Configure an ASBR to summarize external routes.Router(config-router)#

summary-address ip-address mask [not-advertise] [tag tag]


ip-address The summary address designated for a range of addresses.

mask The IP subnet mask used for the summary route.

not-advertise (Optional) Used to suppress routes that match the address/mask pair.

tag tag(Optional) A tag value that can be used as a “match” value to control

redistribution via route maps.

External Summarization



R1(config-router)# summary-address 172.16.32.0 255.255.224.0

R1(config-router)#

External AS – RIPv2172.16.32.0 /24 – 172.16.63.0 /24

OSPF Area 1172.16.64.0 /24

OSPF Area 0R1 R2

ABR

.1

Virtual Links

Virtual links are used to connect a discontiguous area to area 0.

A logical connection is built between router A and router B.

Virtual links are recommended for backup or temporary connections.

LSAs on Virtual Links

LSAs usually age out after 30 minutes.

• However, LSAs learned across virtual links have the DoNotAge (DNA) option set.

• Required to prevent excessive flooding over virtual links.

To identify an area as a virtual link, use the area area-id virtual-link router


Configuring Virtual Links

Define an OSPF virtual link.


area area-id virtual-link router-id [authentication

[message-digest | null]] [hello-interval seconds]

[retransmit-interval seconds] [transmit-delay

seconds] [dead-interval seconds] [[authentication-

key key] | [message-digest-key key-id md5 key]]


area-id Specifies the area ID of the transit area for the virtual link.

router-id Specifies the router ID of the virtual link neighbor.

authentication (Optional) Specifies an authentication type.

message-digest (Optional) Specifies the use of MD5 authentication.

null (Optional) Overrides authentication if configured.

hello-interval seconds (Optional) Specifies the time between the hello packets (default 10).

retransmit-interval seconds (Optional) Specifies the time between LSA retransmissions (default 5).

transmit-delay seconds (Optional) Specifies the time to send an LSU packet (default 1).

dead-interval seconds (Optional) Specifies the dead-interval time (default 40).

authentication-key key (Optional) Specifies the password for simple password authentication.

message-digest-key key-id md5 key (Optional) Identifies the key ID and key for MD5 authentication.

Virtual-Link Example




R1(config-router)# area 1 virtual-link 10.2.2.2

R1(config-router)#

Area 010.0.0.0

Area 1172.16.0.0

Area 010.0.0.0

R1 R2

Router-ID

10.1.1.1

Router-ID

10.2.2.2




R2(config-router)# area 1 virtual-link 10.1.1.1

R2(config-router)#

Verifying a Virtual-Link Example

Area 010.0.0.0

Area 1172.16.0.0

Area 010.0.0.0

R1 R2

Router-ID

10.1.1.1

Router-ID

10.2.2.2

R1# show ip ospf virtual-links

Virtual Link OSPF_VL0 to router 10.2.2.2 is up

Run as demand circuit

DoNotAge LSA allowed.

Transit area 1, via interface Serial0/0/1, Cost of using 781

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:07

Adjacency State FULL (Hello suppressed)

Index 1/2, retransmission queue length 0, number of retransmission 1

First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

Last retransmission scan length is 1, maximum is 1

Last retransmission scan time is 0 msec, maximum is 0 msec

R1#

Changing the Reference Bandwidth

The reference bandwidth defaults to 108 (100,000,000 bps or 100 Mbps).

• This can be a problem when using interfaces faster than 100 Mbps and higher since they would all have the same OSPF cost of 1.

The reference bandwidth can be modified using the auto-cost reference-bandwidth router configuration command.

Changing the Reference Bandwidth

Change the reference bandwidth for faster interfaces.


auto-cost reference-bandwidth ref-bw

The rf-bw parameter is the reference bandwidth in megabits per

second.

The range is from 1 to 4,294,967.

The default is 100.

Use this command if interfaces are faster than 100 Mbps.

The command must be configured on all OSPF routers to ensure accurate

route calculations.

The cost of a link can be modified using either the:

◦ bandwidth interface command

◦ ip ospf cost interface command

The configured bandwidth value is used by the SPF algorithm to calculate the cost.

◦ For example, configuring the bandwidth 128 command on a serial interface would generate

a cost of 1,562.

Cost = 100,000,000 / 128,000 = 1,562.

Using the ip ospf cost interface command achieves the same result without the calculation.

◦ For example, the interface cost could be statically configured using the ip ospf cost 1562

command.

Modifying the Cost of a Link

Override the Default Interface Cost

Manually define the cost of an interface.

Router(config-if)#

ip ospf cost interface-cost

The interface-cost is an integer from 1 to 65,535.

The lower the number, the better (and more preferred) the link.

Can be used as an alternative to the bandwidth command.

OSPF Two-Layer Hierarchy - Review

Backbone Area

• Referred to as Area 0

• Also known as the Transit Area.

Regular (Standard) Areas

• Also known as a nonbackbone areas.

• All regular areas must connect to the backbone area.

OSPF Special Area Types

The OSPF standard area can be further divided into four types of stub areas:

• Stub area

• Totally stubby area

• NSSA

• Totally stubby NSSA

OSPF Area Types

Area TypeAccepts routes

within area(O)

Accepts routes

from other

areas(O IA)

Accepts

external routes (O E1 and O E2)

Allows ASBRCisco

proprietary

Standard Yes Yes Yes Yes No

Backbone Yes Yes Yes Yes No

Stub Yes YesNo

(uses default route)No No

Totally stubby YesNo

(uses default route)

No(uses default route)

No Yes

NSSA Yes YesNo

(uses default route)Yes No

Totally stubby

NSSAYes



Yes Yes

An area qualifies as stub or totally stubby area if it has the following characteristics:

◦ The area is not the backbone area (area 0).

◦ There is a single exit point from that area.

If there are multiple exits, one or more ABRs should inject a default route into the stub area however suboptimal routing paths might occur.

◦ There is no ASBR inside the area.

◦ The area is not used as a transit area for virtual links.

Stub and Totally Stub Area Characteristics

All OSPF routers inside the stub area, including ABRs, are configured as stub routers using thearea area-id stub router configuration command.

By default, the ABR of a stubby or totally stubby area advertises a default route with a cost of 1.

◦ To change the cost of the default route, use the area area-id default-cost cost

router configuration command.

Stub and Totally Stub Area Characteristics

Configure a Stub Area

Identify an area as a stub network.


area area-id stub

The area-id parameter is the identifier for the stub area and can be

either a decimal value or a value in dotted-decimal format, like an IP

address.

Change the Default Cost

Define the cost of the default route injected into the stub stubby area.


area area-id default-cost cost

The cost parameter is for the default summary route.

The acceptable values are 0 through 16777215.

The default is 1.

If this command has not been configured, the ABR will advertise 0.0.0.0

with a default cost metric of 1 plus any internal costs.

Stub Area

Typically used in a hub-and-spoke network.

Area does not accept external summary routes from non-OSPF sources (e.g., RIP, EIGRP).

• Specifically, it does not accept Types 4 and 5 LSAs.

• A default route (0.0.0.0) is propagated throughout the area to send a packet to an external network.

Configuring a Stub Area

R3(config)# interface FastEthernet0/0


R3(config-if)# interface Serial 0/0/0


R3(config-if)# router ospf 100

R3(config-router)# network 192.168.14.0.0 0.0.0.255 area 0


R3(config-router)# area 2 stub

R3(config-router)#

External AS

R3

ABR

.1

R4

.1 .2

Fa0/0 S0/0/0 S0/0/0

192.168.15.0 /30192.168.14.0 /24

OSPF Area 0 Stub Area 2






R4(config-router)#

Totally Stubby Area

Cisco proprietary solution that is better than stub area.

Area does not accept external AS routes or inter-area routes.

• Specifically, it does not accept Types 3, 4 and 5 LSAs.

• It recognizes only intra-area routes and the default route 0.0.0.0.

• A default route (0.0.0.0) is propagated throughout the area.

Configure a Totally Stubby Area

Identify an ABR as a totally stubby network.


area area-id stub no-summary

Command is only configured on the ABR.

All other routers in the totally stubby area are configured as stub routers.

The area-id parameter is the identifier for the stub area and can be either a decimal

value or a value in dotted-decimal format, like an IP address.

The no-summary parameter stops summary LSAs, in addition to external LSAs, from

flooding into the totally stubby area.

Configuring a Totally Stubby Area

R3(config)# interface FastEthernet0/0







R3(config-router)# area 2 stub no-summary

R3(config-router)#

External AS

R3

ABR

.1

R4

.1 .2

Fa0/0 S0/0/0 S0/0/0

192.168.15.0 /30192.168.14.0 /24

OSPF Area 0 Totally Stubby Area 2






R4(config-router)#

Not-So-Stubby Area (NSSA)

Similar to a Stub Area, except that it is primarily used to connect to ISPs, or when redistribution is required.

• Specifically, it does not accept Types 4 and 5 LSAs.

• Allows the importing of external routes as Type 7 LSAs and converts them to Type 5 LSAs on the ABR.

• Better than creating stub areas and also useful for spokes.

RIP AS

172.16.20.0 /24R2

ABR

R3

192.168.15.0 /30

NSSA Area 1 Area 0

R1

RIP Type 7 LSA : 172.16.20.0/24 Type 5 LSA : 172.16.0.0/16

Configure an NSSA

Define an NSSA area.


area area-id nssa no-redistribution] [default-information-originate] [metric metric-value] [metric-type type-value] [no-summary]


area-id The identifier for the NSSA.

no-redistribution

(Optional) Used when the router is an NSSA ABR and you want the

redistribute command to import routes only into the standard areas, but not

into the NSSA area.

default-information-

originate

(Optional) Used to generate a type 7 default LSA into the NSSA area. This

keyword takes effect only on an NSSA ABR or an NSSA ASBR.

metric metric-value(Optional) Metric that is used for generating the default route. Acceptable

values are 0 through 16777214.

metric-type type-

value

(Optional) OSPF metric type for default routes. It can be one of the following

values: type 1 external route or 2: type 2 external route

no-summary(Optional) Allows an area to be a totally stubby NSSA, which is like an NSSA

but does not have summary routes injected into it.

Configuring a NSSA Area


R1(config-router)# redistribute rip subnets

R1(config-router)# default metric 150


R1(config-router)# area 1 nssa

R1(config-router)#





R2(config-router)# area 1 nssa default-information-originate

R2(config-router)#

RIP AS

172.16.10.0

172.16.11.0R2

ABR

.2

Fa0/0

172.17.0.0 172.17.20.0 /24

NSSA Area 1 Area 0

R1

.1

Fa0/0

0.0.0.0 Default Route

Cisco proprietary solution to NSSA.

Area does not accept external AS routes or inter-area routes.

◦ Specifically, it does not accept Types 3, 4 and 5 LSAs.

◦ It recognizes only intra-area routes and the default route 0.0.0.0.

◦ A default route (0.0.0.0) is propagated throughout the area.

The ABR of a totally stubby NSSA must be configured with the no-summary keyword to prevent

the flooding of summary routes for other areas into the NSSA area.

Totally Stubby NSSA

Configuring a Totally Stubby NSSA Area


R1(config-router)# redistribute rip subnets



R1(config-router)# area 1 nssa

R1(config-router)#





R2(config-router)# area 1 nssa no-summary

R2(config-router)#

RIP AS

172.16.10.0

172.16.11.0R2

ABR

.2

Fa0/0

172.17.0.0 172.17.20.0 /24

NSSA Area 1 Area 0

R1

.1

Fa0/0

0.0.0.0 Default Route

Depends on the type of area.

In a standard area:

◦ Routers do not automatically generate default routes.

◦ The default-information originate command must be used.

In a stub and totally stubby area:

◦ The ABR automatically generates a summary LSA with the link-state ID 0.0.0.0.

◦ The default-information originate command is not required.

◦ This is true even if the ABR does not have a default route.

In an NSSA area:

◦ The ABR generates the default route, but not by default.

◦ To force the ABR to generate the default route, use the area area-id nssa default-

information-originate command.

In a totally stubby NSSA:

◦ The ABR automatically generates a default route.

How Does OSPF Generate Default Routes?

Example OSPF Area Types in a Network

Configuring and Verifying Advanced OSPF Authentication

OSPF Authentication

Purpose is to authenticate routing information.

• This is an interface specific configuration.

• Routers will only accept routing information from other routers that have been configured with the same authentication information.

Router generates and checks each packet and authenticates the source of each update packet it receives

Requires a pre-defined “key” (password)

◦ Note: All participating neighbors must have the same key configured

OSPF supports 2 types of authentication:

◦ Simple password authentication (plain text)

Less secure

◦ MD5 authentication

More secure and recommended

OSPF Authentication Types

The following key parameters must be defined in enough detail before configuring OSPF authentication:

◦ The authentication mode (simple password versus MD5)

◦ The definition of one or more keys to authenticate OSPF packets, according to the network security plan.

Once defined, the following steps may be implemented:

1. Assign a password (key) to be used.

The actual command varies depending on the authentication mode used.

2. Specify the authentication mode (simple password or MD5).

Planning for OSPF

Configure A Key for Simple Authentication

Define a password to use for simple password authentication.

Router(config-if)#

ip ospf authentication-key password

The password parameter can be entered up to 8 bytes in length.

This command is used in conjunction with the ip ospf

authentication command.

Configure the MD5 Key-ID and Key

Define a password to use for MD5 authentication.

Router(config-if)#

ip ospf message-digest-key key-id md5 key

The key-id parameter is an identifier in the range from 1 to 255.

The key parameter can be entered up to 16 bytes in length.

All neighboring routers on the same network must have the samekey-id and the same key value.

This command is used in conjunction with the ip ospf

authentication message-digest command.

Configure the Authentication Mode for OSPF

Specify the authentication type.

Router(config-if)#

ip ospf authentication [message-digest | null]

Before using this command, configure a password.

The command without any parameters specifies that simple password

authentication will be used.

The message-digest parameter specifies that MD5 authentication

will be used.

The null parameter specifies that no authentication is used.

This can be useful for overriding simple password or MD5

authentication.

Configuring Simple Password Authentication


!

<output omitted>

!

interface Fa0/0

ip address 10.1.1.1 255.255.255.0

!

<output omitted>

!


ip address 192.168.1.101 255.255.255.224

ip ospf authentication

ip ospf authentication-key PLAINPAS

!

<output omitted>

!

router ospf 10

log-adjacency-changes

network 10.1.1.1 0.0.0.0 area 0

network 192.168.1.0 0.0.0.255 area 0

!

<output omitted>

Fa0/0Fa0/0

R1 R2

10.1.1.0 /24

Area 0

10.2.2.0 /24

S0/0/1S0/0/1

192.168.1.96 /27

.101

.102

.1.1

Configuring Simple Password Authentication


!

<output omitted>

!

interface Fa0/0

ip address 10.2.2.1 255.255.255.0

!

<output omitted>

!


ip address 192.168.1.102 255.255.255.224

ip ospf authentication

ip ospf authentication-key PLAINPAS

!

<output omitted>

!

router ospf 10


network 10.2.2.1 0.0.0.0 area 0

network 192.168.1.0 0.0.0.255 area 0

!

<output omitted>

Fa0/0Fa0/0

R1 R2

10.1.1.0 /24

Area 0

10.2.2.0 /24

S0/0/1S0/0/1

192.168.1.96 /27

.101

.102

.1.1

Verifying Simple Password Authentication

R1# debug ip ospf adj

OSPF adjacency events debugging is on

R1#

<output omitted>

*Feb 17 18:42:01.250: OSPF: 2 Way Communication to 10.2.2.1 on Serial0/0/1,

state 2WAY

*Feb 17 18:42:01.250: OSPF: Send DBD to 10.2.2.1 on Serial0/0/1 seq 0x9B6 opt

0x52 flag 0x7 len 32

*Feb 17 18:42:01.262: OSPF: Rcv DBD from 10.2.2.1 on Serial0/0/1 seq 0x23ED

opt0x52 flag 0x7 len 32 mtu 1500 state EXSTART

*Feb 17 18:42:01.262: OSPF: NBR Negotiation Done. We are the SLAVE

*Feb 17 18:42:01.262: OSPF: Send DBD to 10.2.2.1 on Serial0/0/1 seq 0x23ED opt


<output omitted>



10.2.2.1 0 FULL/ - 00:00:34 192.168.1.102 Serial0/0/1

Displays adjacency-related events of a successful connection.

Troubleshooting Simple Password Problems

Simple authentication on R1, no authentication on R2:

R1#

*Feb 17 18:51:31.242: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1

: Mismatch Authentication type. Input packet specified type 0, we

use type 1

R2#


: Mismatch Authentication type. Input packet specified type 1, we

use type 0

Troubleshooting Simple Password Problems

Simple authentication on R1 and R2, but different passwords.

R1#


: Mismatch Authentication Key - Clear Text

R2#


: Mismatch Authentication Key - Clear Text

Configuring MD5 Authentication


!

<output omitted>

!

interface Fa0/0

ip address 10.1.1.1 255.255.255.0

!

<output omitted>

!


ip address 192.168.1.101 255.255.255.224

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 SECRETPASS

!

<output omitted>

!

router ospf 10


network 10.1.1.1 0.0.0.0 area 0

network 192.168.1.0 0.0.0.255 area 0

!

<output omitted>

Fa0/0Fa0/0

R1 R2

10.1.1.0 /24

Area 0

10.2.2.0 /24

S0/0/1S0/0/1

192.168.1.96 /27

.101

.102

.1.1



!

<output omitted>

!

interface Fa0/0

ip address 10.2.2.1 255.255.255.0

!

<output omitted>

!


ip address 192.168.1.102 255.255.255.224

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 SECRETPASS

!

<output omitted>

!

router ospf 10


network 10.2.2.1 0.0.0.0 area 0

network 192.168.1.0 0.0.0.255 area 0

!

<output omitted>

Fa0/0Fa0/0

R1 R2

10.1.1.0 /24

Area 0

10.2.2.0 /24

S0/0/1S0/0/1

192.168.1.96 /27

.101

.102

.1.1


R1# show ip ospf interface

Serial0/0/1 is up, line protocol is up

Internet Address 192.168.1.101/27, Area 0

Process ID 10, Router ID 10.1.1.1, Network Type POINT_TO_POINT, Cost: 64

Transmit Delay is 1 sec, State POINT_TO_POINT

<output omitted>

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 10.2.2.1

Suppress hello for 0 neighbor(s)

Message digest authentication enabled

Youngest key id is 1

<output omitted>

R1#



10.2.2.1 0 FULL/ - 00:00:31 192.168.1.102 Serial0/0/1

R1#


R1# debug ip ospf adj

OSPF adjacency events debugging is on

<output omitted>

*Feb 17 17:14:06.530: OSPF: Send with youngest Key 1

*Feb 17 17:14:06.546: OSPF: 2 Way Communication to 10.2.2.2 on Serial0/0/1,

state 2WAY

*Feb 17 17:14:06.546: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0xB37 opt



*Feb 17 17:14:06.562: OSPF: Rcv DBD from 10.2.2.2 on Serial0/0/1 seq 0x32F

opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART

*Feb 17 17:14:06.562: OSPF: NBR Negotiation Done. We are the SLAVE

*Feb 17 17:14:06.562: OSPF: Send DBD to 10.2.2.2 on Serial0/0/1 seq 0x32F opt



<output omitted>



10.2.2.2 0 FULL/ - 00:00:35 192.168.1.102 Serial0/0/1

Troubleshooting MD5 Authentication

R1#


*Feb 17 17:56:26.502: OSPF: Rcv pkt from 192.168.1.102, Serial0/0/1 : Mismatch

Authentication Key - No message digest key 2 on interface


R2#


*Feb 17 17:55:28.286: OSPF: Rcv pkt from 192.168.1.101, Serial0/0/1 : Mismatch

Authentication Key - No message digest key 1 on interface


MD5 authentication on both R1 and R2, but R1 has key 1 and R2 has key 2, both with the same passwords:


Characteristics of link-state routing protocols.

OSPF's two-tier hierarchical area structure, with a backbone area 0 and regular areas.

How OSPF routers use the Hello protocol to build adjacencies.

The OSPF metric calculation, which is based on the link bandwidth.

The five types of OSPF packets—hello, DBD, LSR, LSU, and LSAck.

The neighbor states that OSPF interfaces may pass through: down, init, two-way, exstart, exchange, loading, and full.

The five fields in the hello packet must match on neighboring routers: hello interval, dead interval, area id, authentication password, and stub area flag.

Planning OSPF implementations, including the IP addressing, network topology, and OSPF areas.

Basic OSPF configuration commands including:

◦ router ospf process-id global configuration command

◦ network ip-address wildcard-mask area area-id interface configuration command

◦ ip ospf process-id area area-id [secondaries none] interface configuration command

◦ bandwidth kilobits interface configuration command

◦ router-id ip-address router configuration command

Summary

Commands for verifying OSPF operation:

◦ show ip protocols

◦ show ip ospf neighbor

◦ show ip route

◦ show ip route ospf

◦ show ip ospf interface

◦ show ip ospf

◦ debug ip ospf events

◦ debug ip ospf adj

◦ debug ip ospf packet

How the OSPF router ID is selected with the router-id ip-address router configuration command, the

highest IP address on any active loopback interface, or the highest IP address of any active physical interface when OSPF starts.

The three types of networks defined by OSPF: point-to-point, broadcast, and NBMA.

How a DR and BDR are selected.

The different types of OSPF routers: internal routers, backbone routers, ABRs, and ASBRs.

The 11 different OSPF LSA types.

The three kinds of OSPF routes: intra-area (O), interarea (O IA), and external (either O E1 or O E2).

Configuring OSPF LSDB overload protection using the max-lsa router configuration command.

Summary (cont.)

Using the passive-interface type number [default] router configuration command.

Propagate an OSPF default route using the default-information originate [always] router


OSPF summarization can be configured on an ABR using the area area-id range address mask

[advertise | not-advertise] [cost cost] router configuration command, and on an ASBR using the summary-address ip-address mask [not-advertise] [tag tag] router configuration

command.

Virtual links are configured with the area area-id virtual-link router-id router configuration command, and verified with the show ip ospf virtual-links command.

The several area types defined in OSPF: standard areas, backbone (transit) areas, stub areas, totally stubby areas, NSSAs, and totally stubby NSSAs.

The types of OSPF authentication: null, simple password authentication (also called plain-text authentication), and MD5 authentication.

The commands to configure OSPF simple password authentication:

◦ ip ospf authentication-key password interface configuration command

◦ ip ospf authentication interface configuration command or the area area-id authentication router configuration command

The commands to configure OSPF MD5 authentication:

◦ ip ospf message-digest-key key-id md5 key interface configuration command

◦ ip ospf authentication message-digest interface configuration command or the area area-id authentication message-digest router configuration command

Summary (cont.)

BGP Terminology,

Concepts, and

Operation

IGP versus EGP

Interior gateway protocol (IGP)

• A routing protocol operating within an Autonomous System (AS).

• RIP, OSPF, and EIGRP are IGPs.

Exterior gateway protocol (EGP)

• A routing protocol operating between different AS.

• BGP is an interdomain routing protocol (IDRP) and is an EGP.

An AS is a group of routers that share similar routing policies and operate within a single administrative domain.

An AS typically belongs to one organization.

◦ A single or multiple interior gateway protocols (IGP) may be used within the AS.

◦ In either case, the outside world views the entire AS as a single entity.

If an AS connects to the public Internet using an exterior gateway protocol such as BGP, then it must be assigned a unique AS number which is managed by the Internet Assigned Numbers Authority (IANA).

Autonomous Systems (AS)

IANA

The IANA is responsible for allocating AS numbers through five Regional Internet Registries (RIRs).

• RIRs are nonprofit corporations established for the purpose of administration and registration of IP address space and AS numbers in key geographic locations.

Regional Internet Registries (RIRs)

RIR Name Geographic Coverage Link

AfriNIC Continent of Africa www.afrinic.net

APNIC

(Asia Pacific Network

Information Centre)

Asia Pacific region www.apnic.net

ARIN

(American Registry for Internet

Numbers)

Canada, the United States,

and several islands in the

Caribbean Sea and North

Atlantic Ocean

www.arin.net

LACNIC

(Latin America and Caribbean

Internet Addresses Registry)

Central and South America

and portions of the Caribbeanwww.lacnic.net

RIPE

(Réseaux IP Européens)

Europe, the Middle East, and

Central Asiawww.ripe.net

AS numbers can be between 1 to 65,535.

◦ RIRs manage the AS numbers between 1 and 64,512.

◦ The 64,512 - 65,535 numbers are reserved for private use (similar to IP Private addresses).

◦ The IANA is enforcing a policy whereby organizations that connect to a single provider use an AS number from the private pool.

Note:

◦ The current AS pool of addresses is predicted to run out by 2012.

◦ For this reason, the IETF has released RFC 4893 and RFC 5398.

◦ These RFCs describe BGP extensions to increase the AS number from the two-octet (16-bit) field to a four-octet (32-bits) field, increasing the pool size from 65,536 to 4,294,967,296 values.

AS Numbers

The Internet is a collection of autonomous systems that are interconnected to allow communication among them.

◦ BGP provides the routing between these autonomous systems.

BGP is a path vector protocol.

It is the only routing protocol to use TCP.

◦ OSPF and EIGRP operate directly over IP. IS-IS is at the network layer.

◦ RIP uses the User Datagram Protocol (UDP) for its transport layer.

BGP version 4 (BGP-4) is the latest version of BGP.

◦ Defined in RFC 4271.

◦ Supports supernetting, CIDR and VLSM .

BGP4 and CIDR prevent the Internet routing table from becoming too large.

◦ Without CIDR, the Internet would have 2,000,000 + entries.

◦ With CIDR, Internet core routers manage around 300,000 entries.

◦ http://bgp.potaroo.net/

BGP Basics

http://bgp.potaroo.net/

# of Current BGP Routes

7 Day BGP Profile: 24-August-2010 00:00 - 30-August-2010 23:59 (UTC+1000)

Number of BGP Update Messages: 1195261

Number of Prefix Updates: 2787149

Number of Prefix Withdrawals: 490070

Average Prefixes per BGP Update: 2.74

Average BGP Update Messages per second: 1.73

Average Prefix Updates per second: 4.74

Peak BGP Update Message Rate per second: 3848 (19:25:51 Mon, 30-Aug-2010)

Peak Prefix Update Rate per second: 66398 (07:07:37 Mon, 30-Aug-2010)

Peak Prefix Withdraw Rate per second: 16512 (19:26:14 Mon, 30-Aug-2010)

Prefix Count: 342962

Updated Prefix Count: 332145

Stable Prefix Count: 10817

Origin AS Count: 35292

Updated Origin AS Count: 34786

Stable Origin AS Count: 506

Unique Path Count: 215660

Updated Path Count: 195814

Stable Path Count: 19846

As of August 30, 2010, there were 332,145 routes in the routing tables of the Internet core routers.

http://bgpupdates.potaroo.net/instability/bgpupd.html

http://bgpupdates.potaroo.net/instability/bgpupd.html

A “BGP peer,” also known as a “BGP neighbor,” is a specific term that is used for BGP speakers that have established a neighbor relationship.

Any two routers that have formed a TCP connection to exchange BGP routing information are called BGP peers or BGP neighbors.

Peers = Neighbors

BGP Operational Overview

When two routers establish a TCP enabled BGP connection, they are called neighbors or peers.

• Peer routers exchange multiple connection messages.

Each router running BGP is called a BGP speaker.

BGP Operational Overview

When BGP neighbors first establish a connection, they exchange all candidate BGP routes.

• After this initial exchange, incremental updates are sent as network information changes.

BGP Use Between AS

BGP provides an interdomain routing system that guarantees the loop-free exchange of routing information between autonomous systems.

BGP works differently than IGPs because it does not make routing decisions based on best path metrics.

◦ Instead, BGP is a policy-based routing protocol that allows an AS to control traffic flow using multiple BGP attributes.

Routers running BGP exchange network attributes including a list of the full path of BGP AS numbers that a router should take to reach a destination network.

BGP allows an organization to fully use all of its bandwidth by manipulating these path attributes.

Comparison BGP with IGPs

Comparing IGPs with BGP

ProtocolInterior or

ExteriorType

Hierarchy

Required?Metric

RIP InteriorDistance

vectorNo Hop count

OSPF Interior Link state Yes Cost

IS-IS Interior Link state Yes Metric

EIGRP Interior

Advanced

distance

vector

No Composite

BGP Exterior Path vector NoPath vectors

(attributes)

Modern corporate IP networks connect to the global Internet.

Requirements that must be determined for connecting an enterprise to an ISP include the following:

◦ Public IP address space

◦ Enterprise-to-ISP connection link type and bandwidth

◦ Connection redundancy

◦ Routing protocol

Connecting Enterprise Networks to an ISP

Public IP addresses are used:

◦ By internal enterprise clients to access the Internet using NAT.

◦ To make enterprise servers accessible from the Internet using static NAT.

Public IP addresses are available from ISPs and RIRs.

◦ Most enterprises acquire their IP addresses and AS number from ISPs.

◦ Large enterprises may want to acquire IP addresses and AS number from a RIR.

Public IP Address Space

Which connection options does the ISP offer?

Which routing options does the ISP offer?

Will the enterprise network be connected to multiple ISPs?

Does the routing need to support one link to an ISP or multiple links, to one or multiple ISPs?

Is traffic load balancing over multiple links required?

How much routing information needs to be exchanged with the ISP?

Does the routing need to respond to the changes in the network topology, such as when a link goes down?

Connection and Routing Questions

Using Static Routes Example

Static routes are the simplest way to implement routing with an ISP.

• Typically a customer has a single connection to an ISP and the customer uses a default route toward the ISP while the ISP deploys static routes toward the customer.

PE(config)# ip route 10.0.0.0 255.0.0.0 serial 0/0/1



Company A

Internet

PER1 S0/0/1

10.0.0.0

172.16.0.0

172.17.0.0

ISP

S0/0/0




R1(config)# ip default-network 0.0.0.0

R1(config)# ip route 0.0.0.0 0.0.0.0 serial 0/0/0

Using Layer 2 Circuit Emulation Example

Service providers may offer Layer 2 MPLS VPN to connect Company A’s sites.

• The VPN provides a Layer 2 service across the backbone and Company A’s edge routers are connected together on the same IP subnet.

• There is no routing exchange between the ISP and Company A.

Using Layer 3 MPLS VPN Example

Service providers may offer Layer 3 MPLS VPN.

• The VPN provides a Layer 3 service across the backbone and Company A’s edge routers are connected to ISP edge routers using different IP subnets.

• Routing between the customer and ISP is required.

BGP can be used to dynamically exchange routing information.

BGP can also be configured to react to topology changes beyond a customer-to-ISP link.

Using BGP

Company A

AS 65010

Internet

PER1 S0/0/1

ISP

AS 65020

S0/0/0

Redundancy can be achieved by deploying redundant links, deploying redundant devices, and using redundant components within a router.

◦ The ISP connection can also be made redundant.

When a customer is connected to a single ISP the connection is referred to as single-homed or dual-homed.

When a customer is connected to multiple ISPs the connection is referred to as multihomed or dual-multihomed.

Connection Redundancy

Connection Redundancy

Dual-multihomedDual-homed

MultihomedSingle-homed

Connecting to Two or more ISPsConnecting to One ISP

Connecting to One ISP: Single-Homed

The connection type depends on the ISP offering (e.g., leased line, xDSL, Ethernet) and link failure results in a no Internet connectivity.

The figure displays two options:

• Option 1: Static routes are typically used with a static default route from the customer to the ISP, and static routes from the ISP toward customer networks.

• Option 2: When BGP is used, the customer dynamically advertises its public networks and the ISP propagates a default route to the customer.

Company A

AS 65010

Internet

PER1S0/0/1

ISP

AS 65020

S0/0/0

Static Route(s)Default Route

BGP

Option 1:

Option 2:

Connecting to One ISP: Dual-Homed

The figure displays two dual-homed options:

• Option 1: Both links can be connected to one customer router.

• Option 2: To enhance resiliency, the two links can terminate at separate routers in the customer’s network.

Company A

Internet

ISPOption 1:

PER1

Company A

Internet

ISPOption 2:

PER1

R2

Connecting to One ISP: Dual-Homed

Routing deployment options include:

• Primary and backup link functionality in case the primary link fails.

• Load sharing using Cisco Express Forwarding (CEF).

Regardless, routing can be either static or dynamic (BGP).

Company A

Internet

ISPOption 1:

PER1

Company A

Internet

ISPOption 2:

PER1

R2

Connecting to Multiple ISPs: Multihomed

Connections from different ISPs can terminate on the same router, or on different routers to further enhance the resiliency.

Routing must be capable of reacting to dynamic changes therefore BGP is typically used.

Company A

Internet

ISP 1

PE

R1

R2ISP 2

PE

Connecting to Multiple ISPs: Multihomed

Multihomed benefits include:

• Achieving an ISP-independent solution.

• Scalability of the solution, beyond two ISPs.

• Resistance to a failure to a single ISP.

• Load sharing for different destination networks between ISPs.

Company A

Internet

ISP 1

PE

R1

R2ISP 2

PE

Connecting Multiple ISPs: Dual-Multihomed

Dual multihomed includes all the benefits of multihomed connectivity, with enhanced resiliency.

The configuration typically has multiple edge routers, one per ISP, and uses BGP.

Company A

Internet

ISP 1

PE

R1

R2ISP 2

PE

When BGP is running between routers in different AS, it is called External BGP (EBGP).

When BGP is running between routers in the same AS, it is called Internal BGP (IBGP).

Using BGP in an Enterprise Network

EBGP

EBGP

IBGP

IBGP

IBGP

EBGP neighbors are in different autonomous systems.

◦ EBGP neighbors need to be directly connected.

External BGP

Define neighbors:

◦ A TCP session (three-way handshake) must be established before starting BGP routing update exchanges.

Reachability:

◦ EBGP neighbors are usually directly connected.

Different AS number:

◦ EBGP neighbors must have different AS numbers.

EBGP Neighbor Relationship Requirements

IBGP neighbors are in the same autonomous systems.

◦ IBGP neighbors do not need to be directly connected.

Internal BGP

Define neighbors:

◦ A TCP session (three-way handshake) must be established before starting BGP routing update exchanges.

Reachability:

◦ IBGP neighbors must be reachable usually by using an IGP.

◦ Loopback IP addresses are typically used to identify IBGP neighbors.

Same AS number:

◦ IBGP neighbors must have the same AS number.

IBGP Neighbor Relationship Requirements

IBGP in a Transit AS

A transit AS is an AS that routes traffic from one external AS to another external AS.

In this example, AS 65102 is a service provider network.

• Only the two edge routers (router B and E) are running BGP and have established an IBGP neighbor relationship using OSPF.

• Although the EBGP routes could be redistributed into OSPF, the potential number of BGP routes may overwhelm OSPF and is therefore not recommended.

IBGP in a Transit AS

A better solution for a provider network would be to have a fully meshed BGP internetwork.

• BGP runs on all internal routers and all routers establish IBGP sessions.

• IBGP routers have complete knowledge of external routes.

A nontransit AS is an AS that does not route traffic from one external AS to another external AS.

◦ Nontransit AS networks are typically enterprise networks.

All routers in a nontransit AS must still have complete knowledge of external routes.

To avoid routing loops within an AS, BGP specifies that routes learned through IBGP are never propagated to other IBGP peers.

◦ It is assumed that the sending IBGP neighbor is fully meshed with all other IBGP speakers and has sent each IBGP neighbor the update.

IBGP in a Nontransit AS

BGP in an Enterprise Example

Enterprise AS 65500 is learning routes from

both ISP-A and ISP-B via EBGP and is also

running IBGP on all of its routers.

◦ If one of the connections to the ISPs goes

down, traffic will be sent through the other

ISP.

An undesirable situation could occur if the

enterprise AS is configured as a transit AS.

◦ For example, AS 65500 learns the

172.18.0.0/16 route from ISP-A.

◦ If router B advertises that route to ISP-B,

then ISP-B may decide to use it.

◦ This undesirable configuration could be

avoided through careful BGP

configuration.

1. Each ISP passes only a default route to the AS.

◦ The default route is passed on to internal routers.

2. Each ISP passes only a default route and provider-owned specific routes to the AS.

◦ These routes may be propagated to internal routers, or all internal routers in the transit path can run BGP to exchange these routes.

3. Each ISP passes all routes to the AS.

◦ All internal routers in the transit path run BGP to exchange these routes.

Three Multihoming Connection Options

Default Routes from All Providers

Default Routes and Partial Updates

Full Routes from All Providers

Internal routing protocols announce a list of networks and the metrics to get to each network.

In contrast, BGP routers exchange network reachability information, called path vectors, made up of path attributes.

The path vector information includes:

◦ A list of the full path of BGP AS numbers (hop by hop) necessary to reach a destination network.

◦ Other attributes including the IP address to get to the next AS (the next-hop attribute) and how the networks at the end of the path were introduced into BGP (the origin code attribute).

BGP Path Vector Characteristics

Most appropriate when the effects of BGP are well-understood and at least one of the following conditions exists:

◦ The AS has multiple connections to other autonomous systems.

◦ The AS allows packets to transit through it to reach other autonomous systems (eg, it is a service provider).

◦ Routing policy and route selection for traffic entering and leaving the AS must be manipulated.

When to Use BGP

Do not use BGP if one or more of the following conditions exist:

◦ A single connection to the Internet or another AS.

◦ Lack of memory or processor power on edge routers to handle constant BGP updates.

◦ You have a limited understanding of route filtering and the BGP path-selection process.

In these cases, use static or default routes instead.

When Not to Use BGP

The BGP synchronization rule states that:

◦ “A BGP router should not use, or advertise to an external neighbor, a route learned by IBGP, unless that route is local or is learned from the IGP.”

◦ If synchronization is enabled, a router learning a route via IBGP waits until the IGP has propagated the route within the autonomous system and then advertises it to external peers.

◦ With the default of synchronization disabled, BGP can use and advertise to external BGP neighbors routes learned from an IBGP neighbor that are not present in the local routing table.

BGP synchronization is disabled by default in Cisco IOS Software Release 12.2(8)T and later.

◦ It was on by default in earlier Cisco IOS Software releases.

BGP Synchronization

BGP keeps its own table for storing BGP information received from and sent to BGP neighbors.

◦ This table is also known as the BGP table, BGP topology table, BGP topology database, BGP routing table, and the BGP forwarding database.

The router offers the best routes from the BGP table to the IP routing table.

Neighbor table

◦ List of BGP neighbors

BGP table (forwarding database)

◦ List of all networks learned from each neighbor

◦ Can contain multiple paths to destination networks

◦ Contains BGP attributes for each path

IP routing table

◦ List of best paths to destination networks

BGP Table

There are four different BGP message types:

BGP Message Types

16 2 1 1 2 2 4 1 7

Marker Length Type Version AS Hold Time BGP IDOptional

LengthOptional

Open Message

Octets

16 2 1 2 Variable 2 Variable Variable

Marker Length TypeUnfeasible Routes

length

Withdrawn

Routes

Attribute

LengthAttributes NLRI

Update Message

Octets

16 2 1 1 1 Variable

Marker Length Type Error CodeError

Sub-code

Diagnostic

Data

Notification Message

Octets

16 2 1

Marker Length Type

Keepalive Message

Octets

All messages begin with the same 3 field headers

BGP Message Header

16 2 1 1 2 2 4 1 7


LengthOptional

Open Message

Octets


Marker Length TypeUnfeasible Routes

length

Withdrawn

Routes

Attribute

LengthAttributes NLRI

Update Message

Octets

16 2 1 1 1 Variable


Sub-code

Diagnostic

Data


Octets

16 2 1

Marker Length Type

Keepalive Message

Octets

Once a TCP connection has been established, the Open message is sent and includes a set of parameters that have to be agreed upon before a full BGP adjacency can be established.

Once both BGP peers have agreed upon mutual capabilities, they can start exchanging routing information by means of BGP Update messages.

Open Message

16 2 1 1 2 2 4 1 7


LengthOptional

Open Message

Octets

Update messages contain all the information BGP uses to construct a loop-free picture of the internetwork.

A BGP update message has information on one path only; multiple paths require multiple update messages.

◦ All the attributes in the update message refer to that path, and the networks are those that can be reached through it.

An update message includes the following information:

◦ Unreachable routes information

◦ Path attribute information

◦ Network-layer reachability information (NLRI)

This field contains a list of IP address prefixes that are reachable by this path.

Update Message


Marker Length TypeUnfeasible

Routes Length

Withdrawn

Routes

Attribute

Length

Path

AttributesNLRI

Octets

Update Message



Routes Length

Withdrawn

Routes

Attribute

Length

Path

AttributesNLRI

Octets

Update Message Unreachable Routes

InformationNLRI

Information

The NLRI is a list of <length, prefix> tuples.

◦ One tuple for each reachable destination.

◦ The prefix represents the reachable destination

◦ The prefix length represents the # of bits set in the subnet mask.

NLRI format

IP Address Subnet Mask NLRI

10.1.1.0 255.255.255.0 24, 10.1.1.0

192.24.160.0 255.255.224.0 19, 192.24.160.0

A BGP notification message is sent when an error condition is detected.

◦ The BGP connection is closed immediately after this is sent.

Notification messages include an error code, an error subcode, and data related to the error.


16 2 1 1 1 Variable


Sub-code

Diagnostic

Data


Octets

Keepalive messages are sent between peers every 60 seconds (by default) to maintain connections.

The message consists of only a message header (19 bytes).

◦ Hold time is three times the KEEPALIVE timer of 60 seconds.

◦ If the periodic timer = 0, no keepalives are sent.

◦ Recommended keepalive interval is one-third of the hold time interval.

Keepalive Message Type

16 2 1

Marker Length Type

Keepalive Message

Octets

Path attributes are a set of BGP metrics describing the path to a network (route).

◦ BGP uses the path attributes to determine the best path to the networks.

◦ Some attributes are mandatory and automatically included in update messages while others are manually configurable.

BGP attributes can be used to enforce a routing policy.

Configuring BGP attributes provides administrators with many more path control options.

◦ E.g., filter routing information, prefer certain paths, customize BGP’s behavior.

A BGP update message includes a variable-length sequence of path attributes describing the route.

A path attribute consists of three fields:

◦ Attribute type

◦ Attribute length

◦ Attribute value

Path Attributes



Routes Length

Withdrawn

Routes

Attribute

Length

Path

AttributesNLRI

Octets

Update MessagePath Attributes

Information

BGP Attribute Type

• Type code 1 ORIGIN

• Type code 2 AS_PATH

• Type code 3 NEXT_HOP

• Type code 4 MULTI_EXIT_DISC

• Type code 5 LOCAL_PREF

• Type code 6 ATOMIC_AGGREGATE

• Type code 7 AGGREGATOR

• Type code 8 Community (Cisco-defined)

• Type code 9 Originator-ID (Cisco-defined)

• Type code 10 Cluster list (Cisco-defined)

Path Attributes Within Update Message

Wireshark capture of an

update message

indicating the path

attributes to reach

network 172.19.0.0/16.

Attributes

Some attributes are mandatory and automatically included in update messages while others are manually configurable.

Attribute EBGP IBGP

AS_PATH Well-known MandatoryWell-known

Mandatory

NEXT_HOP Well-known MandatoryWell-known

Mandatory

ORIGIN Well-known MandatoryWell-known

Mandatory

LOCAL_PREF Not allowed Well-known Discretionary

ATOMIC_AGGREGATE Well-known Discretionary Well-known Discretionary

AGGREGATOR Optional TransitiveOptional

Transitive

COMMUNITY Optional TransitiveOptional

Transitive

MULTI_EXIT_DISC Optional NontransitiveOptional

Nontransitive

Automatically

included in

update

message

Can be

configured to

help provide

path control.

Path Attributes

There are four different attribute types.

• Not all vendors recognize the same BGP attributes.

Well-Known Mandatory

Attribute is recognized by all implementations of BGP and must appear in a BGP update message.

• If missing, a notification error will be generated.

Well-known mandatory attributes ensures that all BGP implementations agree on a standard set of attributes.

Well-Known Mandatory: AS_PATH

The AS_PATH attribute contains a list of AS numbers to reach a route.

Whenever a route update passes through an AS, the AS number is added to the beginning of the AS_PATH attribute before it is advertised to the next EBGP neighbor.

BGP always includes the AS_PATH attribute in its update.

Well-Known Mandatory: AS_PATH

The NEXT_HOP attribute indicates the IP address that is to be used to reach a destination.

The IP address is the entry point of the next AS along the path to that destination network.

◦ Therefore, for EBGP, the next-hop address is the IP address of the neighbor that sent the update.

Well-Known Mandatory: NEXT_HOP

The ORIGIN attribute defines the origin of the path which could be:

◦ IGP:

The route is interior to the originating AS and normally occurs when a network command

is used to advertise the route via BGP.

An origin of IGP is indicated with an “i” in the BGP table.

◦ EGP:

(Obsolete) The route is learned via EGP which is considered a historic routing protocol and is not supported on the Internet.

An origin of EGP is indicated with an “e” in the BGP table.

◦ Incomplete:

The route’s origin is unknown or is learned via some other means and usually occurs when a route is redistributed into BGP.

An incomplete origin is indicated with a “?” in the BGP table.

Well-Known Mandatory: ORIGIN

Well-Known Mandatory: ORIGIN

R1# show ip bgp

BGP table version is 24, local router ID is 172.16.1.2

Status codes: s suppressed, d damped, h history, * valid, > best, i -

internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 192.208.10.0 192.208.10.5 0 0 300 i

*> 172.16.1.0 0.0.0.0 0 32768 i

<output omitted>

R1# show ip bgp

<output omitted>


*> 10.1.1.0/24 0.0.0.0 0 32768 ?

*> 192.168.1.0/24 10.1.1.2 84 32768 ?

*> 192.168.2.0/24 10.1.1.2 74 32768 ?

<output omitted>

i = Route generated

by the network

command.

? = Route generated

by unknown

method (usually

redistributed).

Well-Known Discretionary

Attribute is recognized by all implementations of BGP but may not be sent in the BGP update message.

The Local Preference attribute provides an indication to the “local” routers in the AS about which path is preferred to exit the AS.

◦ A path with a higher local preference is preferred.

◦ The default value for local preference on a Cisco router is 100.

It is configured on a router and exchanged between IBGP routers.

◦ It is not passed to EBGP peers.

Well-Known Discretionary: LOCAL_PREF

Well-Known Discretionary: LOCAL_PREF

Routers A and B are IBGP neighbors in AS 64520 and both receive updates about network 172.16.0.0 from different directions.

• The local preference on router A is set to 200.

• The local preference on router B is set to 150.

Because the local preference for router A is higher, it is selected as the preferred exit point from AS 64520.

The bgp default local-preference command changes the default local preference

value.

◦ With this command, all IBGP routes that are advertised have the local preference set to the value specified.

◦ If an EBGP neighbor receives a local preference value, the EBGP neighbor ignores it.

Configuring the Default Local Preference

The Atomic Aggregate attribute is used to indicate that routes have been summarized.

◦ Attribute warns that the received information may not necessarily be the most complete route information available.

Attribute is set to either True or False with “true” alerting other BGP routers that multiple destinations have been grouped into a single update.

◦ Router update includes its router ID and AS number along with the supernet route enabling administrators to determine which BGP router is responsible for a particular instance of aggregation.

◦ Tracing a supernet to its original "aggregator" may be necessary for troubleshooting purposes.

Well-Known Discretionary: ATOMIC_AGGREGATE

Optional Transitive

Attribute may or may not be recognized by all BGP implementations.

Because the attribute is transitive, BGP accepts and advertises the attribute even if it is not recognized.

The BGP community attribute can be used to filter incoming or outgoing routes.

◦ BGP routers can tag routes with an indicator (the community) and allow other routers to make decisions based on that tag.

If a router does not understand the concept of communities, it defers to the next router.

◦ However, if the router does understand the concept, it must be configured to propagate the community; otherwise, communities are dropped by default.

Communities are not restricted to one network or one AS, and they have no physical boundaries.

Optional Transitive: Community

Optional Nontransitive

Attribute that may or may not be recognized by all BGP implementations.

Whether or not the receiving BGP router recognizes the attribute, it is nontransitive and is not passed along to other BGP peers.

The Multiple Exit Discriminator (MED) attribute, also called the metric, provides a hint to external neighbors about the preferred path into an AS that has multiple entry points.

◦ Lower MED is preferred over a higher MED!

The MED is sent to EBGP peers and those routers propagate the MED within their AS.

◦ The routers within the AS use the MED, but do not pass it on to the next AS.

◦ When the same update is passed on to another AS, the metric will be set back to the default of 0.

By using the MED attribute, BGP is the only protocol that can affect how routes are sent into an AS.

Optional Nontransitive: MED

Optional Nontransitive: MED

Routers B and C include a MED attribute in the updates to router A.

• Router B MED attribute is set to 150.

• Router C MED attribute is set to 200.

When A receives updates from B and C, it picks router B as the best next hop because of the lower MED.

The Weight attribute is a Cisco proprietary attribute.

Similar in function to the local preference, the weight attribute applies when 1 router has multiple exit points.

◦ Local preference is used when 2+ routers provide multiple exit points.

It is configured locally on a router and is not propagated to any other routers.

◦ Routes with a higher weight are preferred when multiple routes exist to the same destination.

The weight can have a value from 0 to 65535.

◦ Paths that the router originates have a weight of 32768 by default, and other paths have a weight of 0 by default.

Cisco Weight Attribute

Cisco Weight Attribute

Routers B and C learn about network 172.20.0.0 from AS 65250 and propagate the update to router A.

• Therefore Router A has two ways to reach 172.20.0.0.

Router A sets the weight of updates as follows:

• Updates coming from router B are set to 200

• Updates coming from router C are set to 150.

Router A uses router B because of the higher weight.

The BGP best path decision is based on the value of attributes that the update contains and other BGP-configurable factors.

BGP considers only synchronized routes with no AS loops and a valid next-hop address.

BGP Route Selection Process


• Prefer the route with highest

weight.

• Prefer the route with highest

LOCAL_PREF.

• Prefer the locally generated route

(network or aggregate routes).

• Prefer the route with the shortest

AS-PATH.

• Prefer the route with the lowest

ORIGIN (IGP<EGP<incomplete)


MED.

• Prefer the EBGP route over IBGP

route.

• Prefer the route through the closest

IGP neighbor.

• Prefer the oldest EBGP route.


neighbor BGP router ID value.


neighbor IP address.

Configuring BGP

Prior to deploying a BGP routing solution, the following should be considered:

◦ IP addressing plan

◦ Network topology

◦ BGP relationship with service provider(s)


Planning to Deploy BGP

The information necessary to implement BGP routing includes the following:

◦ The AS numbers of enterprise and service provider.

◦ The IP addresses of all the neighbors (peers) involved.

◦ The networks that are to be advertised into BGP

In the implementation plan, basic BGP tasks include the following:

◦ Define the BGP process

◦ Establish the neighbor relationships

◦ Advertise the networks into BGP

Implementing Basic BGP

After implementing BGP, verification should confirm proper deployment on each router.


◦ That the appropriate BGP neighbor relationships and adjacencies are established.

◦ That the BGP table is populated with the necessary information.

◦ That IP routing table is populated with the necessary information.

◦ That there is connectivity in the network between routers and to other devices.

◦ That BGP behaves as expected in a case of a topology change, by testing link failure and router failure events.

Verifying BGP

After a successful BGP deployment, the solution and verification process and results should be documented for future reference.


◦ A topology map

◦ The IP addressing plan

◦ The autonomous system hierarchy

◦ The networks and interfaces included in BGP on each router

◦ The default and any special metrics configured

◦ The verification results.

Documenting

Enable BGP Routing

Define BGP as the IP routing protocol.

Router(config)#

router bgp autonomous-system

The autonomous-system value is either an internally generated number (if not

connecting to a provider network) or obtained from an ISP or RIR.

◦ It is a required parameter.

◦ It can be any positive integer in the range from 1 to 65535.

Only one instance of BGP can be configured on the router at a single time.

On Cisco routers there are two formats used to configure a 4-byte AS number:

◦ asplain: The Cisco implementation.

◦ asdot: The RFC 5396 implementation.

Use the bgp asnotation dot command to configure.

AS numbers must be written using the asdot format, or the regular expression match will fail.

Note: The 4-byte AS number will not be used in this chapter; therefore, all examples use the 2-byte AS numbering format.

4-byte AS numbers

Defining BGP Neighbors

Identify peer router with which to establish a BGP session.


neighbor {ip-address | peer-group-name} remote-as

autonomous-system

The ip-address is the destination address of the BGP peer.

◦ The address must be reachable before attempting to establish the BGP relationship.

The autonomous-system value is used to identify if the session is with internal BGP

(IBGP) peers or with external BGP (EBGP) peers.

◦ If the value is the same as the router’s AS, then an IBGP session is attempted.

◦ If the value is not the same as the router’s AS, then an EBGP session is attempted.

Example: BGP neighbor Command

In BGP, neighbors are often configured with the same update policies.

To simplify configuration and make updating more efficient, neighbors with the same update policies can be grouped into peer groups.

◦ Recommended approach when there are many BGP peers.

Instead of separately defining the same policies for each neighbor, a peer group can be defined with these policies assigned to the peer group.

◦ Individual neighbors are then made members of the peer group.

◦ Members of the peer group inherit all the peer group’s configuration options.

◦ Only options that affect the inbound updates can be overridden.

BGP Peer Groups

Defining a BGP Peer Group

Create a peer group on the local router.


neighbor peer-group-name peer-group

The peer-group-name is the name of the BGP peer group to be created.

The name is local to the router on which it is configured and is not passed to any other router.

Assign Neighbors to the Peer Group

Assign neighbors as part of the peer group.


neighbor ip-address peer-group peer-group-name

The ip-address is the IP address of the neighbor that is to be assigned as a member of

the peer group.

The peer-group-name must already exist.

◦ Note: The clear ip bgp peer-group peer-group-name EXEC command can

be used to reset the BGP connections for all members of a peer group.

Shut Down a BGP Neighbor

To disable an existing BGP neighbor or peer group relationship.


neighbor {ip-address | peer-group-name} shutdown

Useful when making major policy changes to a neighboring router.

The command not only terminates the session, but also removes all associated routing information.

To re-enable the neighbor prepend the no keyword to the command.

BGP does not accept unsolicited updates.

◦ It must be aware of every neighboring router and have a neighbor statement for it.

For example, when a router creates and forwards a packet, the IP address of the outbound interface is used as that packet’s source address by default.

◦ For BGP packets, this source IP address must match the address in the correspondingneighbor statement on the other router or the routers will not establish the BGP session.

◦ This is not a problem for EBGP neighbors as they are typically directly connected.

IBGP Source IP Address Problem

IBGP Source IP Address Problem

When multiple paths exist between IBGP neighbors, the BGP source address can cause problems:

• Router D uses the neighbor 10.3.3.1 remote-as 65102 command to establish a

relationship with A.

• However, router A is sending BGP packets to D via B therefore the source IP address of the packets is 10.1.1.1.

• The IBGP session between A and D cannot be established because D does not recognize 10.1.1.1 as a BGP neighbor.

IBGP Source IP Address Solution

Establish the IBGP session using a loopback interface.


neighbor {ip-address | peer-group-name} update-source

loopback interface-number

Informs the router to use a loopback interface address for all BGP packets.

Overrides the default source IP address for BGP packets.

Typically only used with IBGP sessions.

As an added bonus, physical interfaces can go down for any number of reasons but loopbacks never fail.

IBGP Source IP Address Example

AS 65102AS 65100

R1 R4

Lo0 192.168.2.2

.1

192.168.1.1172.16.1.1

R2 R3

10.1.1.0/24

10.2.2.0/24

.1 .2

.2

Lo0 192.168.3.3

AS 65101

EIGRP

R2(config)# router bgp 65101

R2(config-router)# neighbor 172.16.1.1 remote-as 65100


R2(config-router)# neighbor 192.168.3.3 update-source loopback0





R2(config-router)#









R3(config-router)#

EBGP Dual-Homed Problem

R1 in AS 65102 is dual-homed with R2 in AS 65101.

A problem can occur if R1 only uses a single neighbor statement pointing to

192.168.1.18 on R2 .

• If that link fails, the BGP session between these AS is lost, and no packets pass from one autonomous system to the next, even though another link exists.

A solution is configuring two neighbor statements on R1 pointing to 192.168.1.18 and

192.168.1.34.

• However, this doubles the BGP updates from R1 to R2.

EBGP Dual-Homed Solution

The ideal solution is to:

• Use loopback addresses.

• Configure static routes to reach the loopback address of the other router.

• Configure the neighbor ebgp-multihop command to inform the BGP process that this

neighbor is more than one hop away.

Enable Multihop EBGP

Increase the time-to-live (TTL) for EBGP connections.


neighbor {ip-address | peer-group-name} ebgp-multihop

[ttl]

This command is of value when redundant paths exist between EBGP neighbors.

The default ttl is 1, therefore BGP peers must be directly connected.

◦ The range is from 1 to 255 hops.

Increasing the ttl enables BGP to establish EBGP connections beyond one hop and also

enables BGP to perform load balancing.

Multihop EBGP Example

AS 65102

Lo0 172.17.1.1

R1 R2

EBGP

EBGP

192.168.1.18 /28

Lo0 172.16.1.1

AS 65101

192.168.1. 34 /28

192.168.1.17 /28

192.168.1. 33 /28




R1(config-router)# neighbor 172.16.1.1 ebgp-multihop 2


R1(config)# ip route 172.16.1.1 255.255.255.255 192.168.1.18

R1(config)# ip route 172.16.1.1 255.255.255.255 192.168.1.34

R1(config)#




R2(config-router)# neighbor 172.17.1.1 ebgp-multihop 2


R2(config)# ip route 172.17.1.1 255.255.255.255 192.168.1.17

R2(config)# ip route 172.17.1.1 255.255.255.255 192.168.1.33

R2(config)#

When an EBGP router receives an update from an EBGP neighbor and forwards the update to its IBGP peers, the source IP address will still be that of the EBGP router.

◦ IBGP neighbors will have to be configured to reach that external IP address.

Another solution is to override a router’s default behavior and force it to advertise itself as the next-hop address for routes sent to a neighbor.

◦ To do so, use the neighbor next-hop-self router configuration command

Advertising EBGP Routes to IBGP Peers

neighbor next-hop-self Command

Configure the router as the next hop for a BGP-speaking peer.


neighbor {ip-address | peer-group-name} next-hop-self

The command forces BGP to advertise itself as the source of the routes.

The ip-address identifies the peer router to which advertisements will be sent, with this

router identified as the next hop.

This command is useful in unmeshed networks (such as Frame Relay) where BGP neighbors may not have direct access to all other neighbors on the same IP subnet.

Next Hop Self Example





R2(config-router)# neighbor 192.168.3.3 next-hop-self





R2(config-router)#

AS 65102AS 65100

R1 R4

Lo0 192.168.2.2

.1

192.168.1.1172.16.1.1

R2 R3

10.1.1.0/24

10.2.2.0/24

.1 .2

.2

Lo0 192.168.3.3

AS 65101

EIGRP

Recall that the BGP synchronization rule states that:

◦ “A BGP router should not use, or advertise a route learned by IBGP, unless that route is local or is learned from the IGP.”

By default synchronization is disabled, therefore BGP can use and advertise to an external BGP neighbor routes learned from an IBGP neighbor that are not present in the local routing table.

◦ Use the synchronization router configuration command to enable BGP synchronization

so that a router will not advertise routes in BGP until it learns them in an IGP.

◦ The no synchronization router configuration command disables synchronization.

BGP Synchronization

Two options are available to advertise networks into BGP:

◦ The network command.

◦ Redistributing IGP routes into BGP.

Note: Redistributing is not recommended because it could result in unstable BGP tables.

Defining Networks That BGP Advertises

Identify BGP Networks

Enable BGP to advertise a network if it is present.


network network-number [mask network-mask] [route-map

map-tag]

The BGP network command determines which networks this router advertises.

◦ Unlike IGPs, the command does not start BGP on specific interfaces.

The mask parameter indicates that BGP-4 supports subnetting and supernetting.

◦ If the mask is not specified, this command announces only the classful network

It is also important to note that the prefix must exactly match (address and mask) an entry in the IP routing table.

It is important to understand that any network (both address and mask) must exist in the routing table for the network to be advertised in BGP.

For example, to summarize many networks and advertise a CIDR block 192.168.0.0/16, configure:

network 192.168.0.0 mask 255.255.0.0

ip route 192.168.0.0 255.255.0.0 null0

Now BGP can find an exact match in the routing table and announce the 192.168.0.0/16 network to its neighbors.

◦ The advertised static route would never actually be used since BGP would contain longer prefix matching routes in its routing table.

BGP Route Must Be in IP Routing Table

BGP supports message digest 5 (MD5) neighbor authentication.

◦ MD5 sends a “message digest” (also called a “hash”), which is created using the key and a message.

◦ The message digest is then sent instead of the key.

◦ The key itself is not sent, preventing it from being read by someone eavesdropping on the line while it is being transmitted.

To enable MD5 authentication on a TCP connection between two BGP peers, use the router configuration command:

neighbor {ip-address | peer-group-name} password string

BGP Authentication

Enable MD5 authentication

Enable MD5 authentication between two BGP peers.


neighbor {ip-address | peer-group-name} password

string

This is the only command required to enable MD5 authentication.

The string value is:

◦ Case-sensitive password of up to 25 characters.

◦ The first character cannot be a number.

◦ The string can contain any alphanumeric characters, including spaces.

◦ You cannot specify a password in the format number-space-anything.

◦ The space after the number can cause authentication to fail.




R1(config-router)# neighbor 10.64.0.2 password BGP-Pa55w0rd

R1(config-router)#



R2(config-router)# neighbor 10.64.0.1 password BGP-Pa55w0rd

R2(config-router)#

AS 65500

R1 R2

10.64.0.0 /24.1 .2

AS 65000

If a router has a password configured for a neighbor, but the neighbor router does not have a password configured, the following message will appear on the console screen:

%TCP-6-BADAUTH: No MD5 digest from 10.1.0.2(179) to 10.1.0.1(20236)

Similarly, if the two routers have different passwords configured, the following will appear:

%TCP-6-BADAUTH: Invalid MD5 digest from 10.1.0.1(12293) to

10.1.0.2(179)

MD5 Configuration Problems

When policies such as access lists or attributes are changed, the Cisco IOS applies changes on only those updates received or sent after and not existing routes in the BGP and routing tables.

◦ It can take a long time for the policy to be applied to all networks.

There are three ways to ensure that the policy change is immediately applied to all affected prefixes and paths.

◦ Hard reset

◦ Soft reset (outbound and inbound)

◦ Route refresh

Clearing the BGP Session

Hard Reset of BGP Sessions

Reset all BGP connections with this router.

Router#

clear ip bgp {* | neighbor-address}

Entire BGP forwarding table is discarded.

BGP session makes the transition from established to idle; everything must be relearned.

When the neighbor-address value is used, it resets only a single neighbor and BGP

session. Everything from this neighbor must be relearned.

◦ It is less severe than clear ip bgp *.

Soft Reset Outbound

Resets all BGP connections without loss of routes.

Router#

clear ip bgp {* | neighbor-address} [soft out]

The connection remains established and the command does not reset the BGP session.

◦ Instead the router creates a new update and sends the whole table to the specified neighbors.

This update includes withdrawal commands for networks that the neighbor will not see anymore based on the new outbound policy.

This option is highly recommended when you are changing outbound policy.

Soft Reset Inbound: Method #1

Two commands are required.


neighbor {ip-address} soft-reconfiguration inbound

Use this command when changes need to be made without forcing the other side to

resend everything.

It causes the BGP router to retain an unfiltered table of what a neighbor had sent but can

be memory intensive.

Router#

clear ip bgp {* | neighbor-address} [soft in]

Causes the router to use the stored unfiltered table to generate new inbound updates and

the new results are placed in the BGP forwarding database.

Soft Reset Inbound: Method #2

Also called route refresh.

Router#

clear ip bgp {* | neighbor-address} [soft in | in]

This dynamically soft resets inbound updates.

Unlike method #1, this method requires no preconfiguration and requires significantly less memory.

Command Description

show ip bgp neighbors

{address} received-routes

Displays all received routes (both accepted and

rejected) from the specified neighbor.


{address} routes

Displays all routes that are received and accepted

from the specified neighbor.

This output is a subset of the output displayed by the

received-routes keyword.

show ip bgp Displays entries in the BGP table.


{address} advertised-routes

Displays all BGP routes that have been advertised to

neighbors.

Monitoring Received BGP Routes

BGP Configuration Example #1




R1(config-router)#




R2(config-router)#

AS 65000

R1 R2

10.1.1.0.1 .2

AS 64520

172.17.0.0172.16.0.0

BGP Configuration Example #2



R2(config-router)# network 10.2.2.0 mask 255.255.255.0


R2(config-router)#

AS 65020

R2

10.1.1.0 /24.2

AS 65010

10.2.2.0 /24

R1

.1

R3

10.3.3.0 /24.2

Lo0 10.4.4.4

.1

Lo0 10.5.5.5

BGP Without Peer Group Example



R1(config-router)# neighbor 192.168.24.1 update-source loopback 0


R1(config-router)# neighbor 192.168.24.1 distribute-list 20 out

R1(config-router)#





R1(config-router)#





R1(config-router)#

BGP With Peer Group Example


R1(config-router)# neighbor INTERNAL peer-group

R1(config-router)# neighbor INTERNAL remote-as 65100

R1(config-router)# neighbor INTERNAL update-source loopback 0

R1(config-router)# neighbor INTERNAL next-hop-self

R1(config-router)# neighbor INTERNAL distribute-list 20 out

R1(config-router)# neighbor 192.168.24.1 peer-group INTERNAL



R1(config-router)#

IBGP and EBGP Example









R2(config-router)# no synchronization

R2(config-router)#

172.16.30.0172.16.20.0

Lo0 192.168.2.2 /32

.2R2 R3

192.168.1.0 /24

192.168.4.0 /24

.2 .3

.3

Lo0 192.168.3.3 /32

AS 65000

10.1.1.0 /24.1

R1

AS 64520

.2

172.16.10.0

Verifying and Troubleshooting BGP

Command Description

show ip bgp

Displays entries in the BGP table.

Specify a network number to get more specific information

about a particular network.

show ip bgp neighborsDisplays detailed information about the TCP and BGP

connections to neighbors.

show ip bgp summary Displays the status of all BGP connections.


{address} advertised-

routes

Displays all BGP routes that have been advertised to

neighbors.

show ip bgp rib-failure

Displays BGP routes that were not installed in the routing

information base (RIB), and the reason that they were not

installed.

debug ip bgp [dampening

| events | keepalives |

updates]

Verifying and Troubleshooting BGP

Verifying BGP: show ip bgp

R1# show ip bgp


Status codes: s suppressed, d damped, h history, * valid, > best, i -

internal, r RIB-failure, S Stale



*> 10.1.0.0/24 0.0.0.0 0 32768 i

* i 10.1.0.2 0 100 0 i

*> 10.1.1.0/24 0.0.0.0 0 32768 i

*>i10.1.2.0/24 10.1.0.2 0 100 0 i

*> 10.97.97.0/24 172.31.1.3 0 64998 64997 i

* 172.31.11.4 0 64999 64997 i

* i 172.31.11.4 0 100 0 64999 64997 i

*> 10.254.0.0/24 172.31.1.3 0 0 64998 i

* 172.31.11.4 0 64999 64998 i

* i 172.31.1.3 0 100 0 64998 i

r> 172.31.1.0/24 172.31.1.3 0 0 64998 i

r 172.31.11.4 0 64999 64998 i

r i 172.31.1.3 0 100 0 64998 i

*> 172.31.2.0/24 172.31.1.3 0 0 64998 i

Display the BGP topology database (the BGP table).

The status codes are shown in

the first column of each line of

output.

- * means that the next-hop

address (in the fifth column) is

valid.

- r means a RIB failure and the

route was not installed in the

RIB.

The last column displays the ORIGIN attribute).

- i means the original router probably used a network command to introduce this network

into BGP.

- ? means the route was probably redistributed

from an IGP into the BGP process.

The third column is either blank

or has an “i” in it.

- If it has an i, an IBGP

neighbor advertised this route

to this router.

- If it is blank, BGP learned that

route from an external peer.

A > in the second column

indicates the best path for a

route selected by BGP.

This route is offered to the IP

routing table.

The Path section lists the AS

path. The last AS # is the

originating AS.

If blank the route is from the

current autonomous system.

This section lists three BGP

path attributes: metric (MED),

local preference, and weight.

Verifying BGP: show ip bgp rib-failure

Displays BGP routes that were not installed in the RIB and the reason that they were not installed.

In this example, the displayed routes were not installed because a route or routes with a better administrative distance already existed in the RIB.

R1# show ip bgp rib-failure

Network Next Hop RIB-failure RIB-NH Matches

172.31.1.0/24 172.31.1.3 Higher admin distance n/a

172.31.11.0/24 172.31.11.4 Higher admin distance n/a

Verifying BGP: show ip bgp summary

R1# show ip bgp summary

BGP router identifier 10.1.1.1, local AS number 65001

BGP table version is 124, main routing table version 124

9 network entries using 1053 bytes of memory

22 path entries using 1144 bytes of memory

12/5 BGP path/bestpath attribute entries using 1488 bytes of memory

6 BGP AS-PATH entries using 144 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 3829 total bytes of memory

BGP activity 58/49 prefixes, 72/50 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.1.0.2 4 65001 11 11 124 0 0 00:02:28 8

172.31.1.3 4 64998 21 18 124 0 0 00:01:13 6

172.31.11.4 4 64999 11 10 124 0 0 00:01:11 6

Verify the BGP neighbor relationship.

Verifying BGP: debug ip bgp updates

R1# debug ip bgp updates

Mobile router debugging is on for address family: IPv4 Unicast

R1# clear ip bgp 10.1.0.2

<output omitted>

*May 24 11:06:41.309: %BGP-5-ADJCHANGE: neighbor 10.1.0.2 Up

*May 24 11:06:41.309: BGP(0): 10.1.0.2 send UPDATE (format) 10.1.1.0/24, next 10.1.0.1, metric 0,

path Local

*May 24 11:06:41.309: BGP(0): 10.1.0.2 send UPDATE (prepend, chgflags: 0x0) 10.1.0.0/24, next

10.1.0.1, metric 0, path Local

*May 24 11:06:41.309: BGP(0): 10.1.0.2 NEXT_HOP part 1 net 10.97.97.0/24, next 172.31.11.4

*May 24 11:06:41.309: BGP(0): 10.1.0.2 send UPDATE (format) 10.97.97.0/24, next 172.31.11.4, metric

0, path 64999 64997

*May 24 11:06:41.309: BGP(0): 10.1.0.2 NEXT_HOP part 1 net 172.31.22.0/24, next 172.31.11.4

*May 24 11:06:41.309: BGP(0): 10.1.0.2 send UPDATE (format) 172.31.22.0/24, next 172.31.11.4,

metric 0, path 64999

<output omitted>

*May 24 11:06:41.349: BGP(0): 10.1.0.2 rcvd UPDATE w/ attr: nexthop 10.1.0.2, origin i, localpref

100, metric 0

*May 24 11:06:41.349: BGP(0): 10.1.0.2 rcvd 10.1.2.0/24

*May 24 11:06:41.349: BGP(0): 10.1.0.2 rcvd 10.1.0.0/24


BGP is a state machine that takes a router through the following states with its neighbors:

◦ Idle

◦ Connect

◦ Open sent

◦ Open confirm

◦ Established

The Idle state begins once the neighbor command is configured.

BGP States

VerifyingBGP:show ip bgp neighbors

R1# show ip bgp neighbors

BGP neighbor is 172.31.1.3, remote AS 64998, external link

BGP version 4, remote router ID 172.31.2.3

BGP state = Established, up for 00:19:10

Last read 00:00:10, last write 00:00:10, hold time is 180, keepalive

interval is 60 seconds

Neighbor capabilities:

Route refresh: advertised and received(old & new)

Address family IPv4 Unicast: advertised and received

Message statistics:

InQ depth is 0

OutQ depth is 0

Sent Rcvd

Opens: 7 7

Notifications: 0 0

Updates: 13 38

<output omitted>


Basic BGP Path Manipulation Using Route Maps

In Chapter 4, Policy Based Routing (PBR) was used for redistribution.

◦ Route maps are implemented using the redistribute command.

In Chapter 5, route maps were used to define a routing policy other than basic destination-based routing using the routing table.

◦ Route maps are implemented using the ip policy route-map command.

In this chapter, route maps will be used with BGP to assign or alter BGP attributes.

◦ Route maps are implemented using the neighbor route-map command.

Route Maps and BGP

Sample implementation plan:

Define and name the route map with the route-map command.

◦ Define the conditions to match (the match statements).

◦ Define the action to be taken when there is a match (the set statements).

Define which attribute to alter using the neighbor route-map router configuration

command.

◦ Filters incoming or outgoing BGP routes.

Verify results.

Configuring Route Maps in BGP

neighbor {ip-address | peer-group-name} route-map map-name

{in | out}


Applies the route-map to filter incoming or outgoing BGP routes to a neighbor.

Implementing Route Maps in BGP

route-map map-tag [permit | deny] [sequence-number]

Router(config)#

Defines the route map conditions.

match {criteria}

Router(config-route-map)#

Defines the criteria to match.

set {actions}


Defines the action to be taken on a match.

match Commands Used in BGP

Command Description

match as-path Matches the AS_PATH attribute

match ip addressMatches any routes that have a destination network number address

that is permitted by a standard or extended ACL

match metric Matches routes with the metric specified

match community Matches a BGP community

match interfaceMatches any routes that have the next hop out of one of the interfaces

specified

match ip next-hopMatches any routes that have a next-hop router address that is passed

by one of the ACLs specified

match ip route-sourceMatches routes that have been advertised by routers and access

servers at the address that is specified by the ACLs

match route-type Matches routes of the specified type

match tag Matches tag of a route* Partial list

match as-path Command

Match a BGP autonomous system path access list.


match as-path path-list-number

The path-list-number is the AS path access list.

◦ It can be an integer from 1 to 199.

The value set by this command overrides global values.

match ip-address Command

Specify criteria to be matched using ACLs or prefix lists.


match ip address {access-list-number | name} [...access-

list-number | name] | prefix-list prefix-list-name

[..prefix-list-name]


access-list-number | name

The number or name of a standard or

extended access list to be used to test

incoming packets.

If multiple access lists are specified,

matching any one results in a match.

prefix-list prefix-list-name

Specifies the name of a prefix list to be used

to test packets.

If multiple prefix lists are specified, matching

any one results in a match.

set Commands Used in BGP

Command Description

set weight Sets the BGP weight value

set local-preference Sets the LOCAL-PREF attribute value

set as-path Modifes an AS path for BGP routes

set origin Sets the ORIGIN attribute value

set metric Sets the Multi-Exit_Disc (MED) value

set community Sets the BGP communities attribute

set automatic-tag Computes automatically the tag value

set ip next-hop Indicates which IP address to output packets

set interface Indicates which interface to output packets

set ip default next-

hopIndicates which default IP address to use to output packets

set default interface Indicates which default interface to use to output packets* Partial list

set weight Command

Specify the BGP weight for the routing table.


set weight number

The number is the weight value.

◦ It can be an integer ranging from 0 to 65535.

The implemented weight is based on the first matched AS path.

Weights assigned with this command override the weights assigned using the neighbor weight command.

set local-preference Command

Specify a preference value for the AS path.


set local-preference number-value

The number-value is the preference value.

An integer from 0 to 4294967295.

Default 100.

set as-path Command

Modify an AS path for BGP routes.


set as-path {tag | prepend as-path-string}


tagConverts the tag of a route into an autonomous system path.

Applies only when redistributing routes into BGP.

prepend

Appends the string following the keyword prepend to the AS

path of the route that is matched by the route map.

Applies to inbound and outbound BGP route maps.

as-path-string

AS number to prepend to the AS_PATH attribute.

The range of values for this argument is 1 to 65535.

Up to 10 AS numbers can be entered.

set metric Command

Specify a preference value for the AS path.


set metric metric-value

The metric-value is use to set the MED attribute.

An integer from 0 to 294967295.

Unlike IGPs, BGP was never designed to choose the quickest path.

BGP was designed to manipulate traffic flow to maximize or minimize bandwidth use.

BGP Path Manipulation

BGP Without Routing Policy Example #1

In this example consider that:

• R1 is using 60% of its outbound bandwidth to AS 65004.




Traffic should be diverted using the local preference attribute.

• The weight attribute could not be used in this scenario since there are two edge routers.`

Which traffic should be re-routed?

To determine which path to manipulate, perform a traffic analysis on Internet-bound traffic by examining the most heavily visited addresses, web pages, or domain names.

• Examine network management records or accounting information.

If a heavily accessed traffic pattern is identified, a route map could be used to divert that traffic over the lesser used links

BGP With Routing Policy Example #1

For example, assume that 35% of all traffic from AS 65001 has been going to http://www.cisco.com.

• The administrator does a reverse DNS lookup and obtains the Cisco IP address and AS number.

A route map can be used to change the local preference to manipulate packets destined to Cisco’s network over the less used links.

BGP Routing Policy Example #2

Notice that the inbound load to R3 (75%) is much higher in bandwidth utilization than the inbound load to R1 (10%).

The BGP MED attribute can be used to manipulate how traffic enters autonomous system 65001.

For example, R1 in AS 65001 can announce a lower MED for routes to network 192.168.25.0/24 to AS 65004 than R3 announces.

BGP Routing Policy Example #2

Keep in mind that the MED is considered a recommendation because the receiving autonomous system can override it by manipulating another variable that is considered before the MED is evaluated.

For example, R2 and R4 in AS 65004 could be configured with their own local preference policy which would override the MED recommendation from AS 65001.


1. Prefer highest Weight

2. Prefer highest LOCAL_PREF

3. Prefer locally generated routes

4. Prefer shortest AS_PATH

5. Prefer lowest ORIGIN (IGP < EGP <

incomplete)

6. Prefer lowest MED

7. Prefer EBGP over IBGP

8. Prefer routes through closest IGP neighbor

9. Prefer routes with lowest BGP router ID

10.Prefer routes with lowest neighbor IP address

Change the Weight

The weight attribute is used only when one router is multihomed and determines the best path to leave the AS. ◦ Only the local router is

influenced.

◦ Higher weight routes are preferred.

There are two ways to alter the route weight:◦ To change the weight for all

updates from a neighbor use the neighbor weight router configuration command.

◦ To change the weight of specific routes / as path, use route maps.






5. Prefer lowest ORIGIN (IGP < EGP < incomplete)





10. Prefer routes with lowest neighbor IP address

Changing the Default Weight Example

Assign a default weight to all routes from a peer.


neighbor {ip-address | peer-group-name} weight number

Routes learned through another BGP peer have a default weight of 0 and routes sourced by the local router have a default weight of 32768.

The number is the weight to assign.

◦ Acceptable values are from 0 to 65535.

The route with the highest weight will be chosen as the preferred route when multiple routes are available to a particular network.

Note: The weights assigned with the set weight route-map command override the weights assigned using the neighbor weight command.

Changing Weight with Route Map Example

In this example consider that:

• The routing policy dictates that for any network originated by AS 65020, use the path to AS 65030 as the primary way out of AS 65040.

• If R1 needs to access routes connected to R3, then it goes through R2.

This can be achieved by placing a higher weight (150) on all incoming announcements from AS 65030 (10.0.0.1), which carry the information about the network originated in AS 65020.

Changing Weight with Route Map Example

R1(config)# route-map SET-WEIGHT permit 10

R1(config-route-map)# match as-path 10

R1(config-route-map)# set weight 150

R1(config-route-map)#

R1(config-route-map)# route-map SET-WEIGHT permit 20

R1(config-route-map)# set weight 100

R1(config-route-map)# exit

R1(config)# ip as-path access-list 10 permit _65020$

R1(config)#



R1(config-router)# neighbor 10.0.0.1 route-map SET-WEIGHT in

Configure an Autonomous System ACL

Configure an autonomous system path filter.


ip as-path access-list acl-number {permit | deny}

regexp

Similar to an IP ACL, this command is used to configure an AS path filter using a regular expression .

The acl-number is a value from 1 to 500 that specifies the AS_PATH access list number.

The regexp regular expression defines the AS-path filter.

Atom: A single character.

◦ . matches any single character.

◦ ^ matches the start of the input string.

◦ $ matches the end of the input string.

◦ \ matches the character.

Piece: one of these symbols

◦ * matches 0 or more sequences of the atom.

◦ + matches 1 or more sequences of the atom.

◦ ? matches the atom or the null string.

Branch: 1 or more concatenated pieces.

Range: A sequence of characters within square brackets.

◦ Example is [abcd].

Regular Expression Syntax

Regular Expression Examples

Regular Expression Resulting Expression

a* Expression indicates any occurrence of the letter "a", which

includes none

a+ indicates that at least one occurrence of the letter "a" must be

present

ab?a Expression matches "aa" or "aba".

_100_ Expression means via AS100.

_100$ Expression indicates an origin of AS100.

^100 .* Expression indicates transmission from AS100

^$ Expression indicates origination from this AS

Change the Local Preference

The local preference is used only within an AS (between IBGP speakers) to determine the best path to leave the AS.

◦ Higher values are preferred.

◦ The local preference is set to 100 by default.

There are two ways to alter the local preference:

◦ To change the default local-preference for all routes advertised by the router use the bgp default local-preference

value router configuration command.

◦ To change the local-preference of specific routes / as path, use route maps.






5. Prefer lowest ORIGIN (IGP < EGP < incomplete)





10. Prefer routes with lowest neighbor IP address

Setting Default Local Preference Example

Change the default local preference for outgoing routes.


bgp default local-preference number

The local preference attribute applies a degree of preference to a route during the BGP best path selection process.

◦ The attribute is exchanged only between iBGP peers.

◦ The route with the highest local preference is preferred.

The number is the local preference value from 0 to 4294967295.

◦ Cisco IOS software applies a local preference value of 100.

Note: The local preference assigned with the set local-preference route-map

command override the weights assigned using this command.


The BGP routing policy in this example dictates that:

• The default local preference for all routes on R1 should be set to 200.

• The default local preference for all routes on R2 should be set to 500.


The resulting configuration makes the IBGP routers in AS 65001 send all Internet bound traffic to R2, but the R1 to ISP1 link is underutilized.

• Route maps could be configured to select specific routes to have a higher local preference.


R2(config-router)# bgp default local-preference 500

R2(config-router)#


R1(config-router)# bgp default local-preference 200

R1(config-router)#

Local Preference and Route Map Example

The BGP routing policy results in the following:

• All routes have a weight of 0 and a default local preference of 100.

• BGP uses the shortest AS-path to select the best routes as follows:

• For network 172.16.0.0, the shortest AS-path is through ISP1.




R3# show ip bgp


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r

RIB-failure, S Stale



* i172.16.0.0 172.20.50.1 100 0 65005 65004 65003 i

*>i 192.168.28.1 100 0 65002 65003 i

*>i172.24.0.0 172.20.50.1 100 0 65005 i

* i 192.168.28.1 100 0 65002 65003 65004 65005 i

*>i172.30.0.0 172.20.50.1 100 0 65005 65004 i

* i 192.168.28.1 100 0 65002 65003 65004i


A traffic analysis reveals the following traffic patterns:

• 10% of traffic flows from R1 to ISP1 to network 172.16.0.0.

• 50% of Internet traffic flow from R2 to ISP2 to networks network 172.24.0.0 and network 172.30.0.0.

• The remaining 40 percent is going to other destinations.

A solution is to use route maps to divert traffic to 172.30.0.0 through R1.


R1(config)# access-list 65 permit 172.30.0.0 0.0.255.255

R1(config)#

R1(config)# route-map LOCAL_PREF permit 10

R1(config-route-map)# match ip address 65

R1(config-route-map)# set local-preference 400


R1(config-route-map)# route-map LOCAL_PREF permit 20


R1(config)#








R1(config-router)# neighbor 192.168.28.1 route-map LOCAL_PREF in


R1(config)#


R3# show ip bgp


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r

RIB-failure, S Stale



* i172.16.0.0 172.20.50.1 100 0 65005 65004 65003 i

*>i 192.168.28.1 100 0 65002 65003 i

*>i172.24.0.0 172.20.50.1 100 0 65005 i

* i 192.168.28.1 100 0 65002 65003 65004 65005 i

* i172.30.0.0 172.20.50.1 100 0 65005 65004 i

*>i 192.168.28.1 400 0 65002 65003 65004i

Modifying the AS Path

By default, if no BGP path selection tools are configured to influence traffic flow (i.e. weight, local-preference), BGP uses the shortest AS path, regardless of available bandwidth.

To influence the path selection based on the AS_PATH, configure AS-path prepending.

◦ The AS path is extended with multiple copies of the AS number of the sender making it appear longer.






5. Prefer lowest ORIGIN (IGP <

EGP < incomplete)



8. Prefer routes through closest

IGP neighbor

9. Prefer routes with lowest BGP

router ID

10. Prefer routes with lowest

neighbor IP address

Modifying the AS Path Example


• Traffic entering AS 65040 should be through R6 in AS 65030 and not R4 in AS 65010.

One way to do this is make R1 advertise the AS 65040 networks with a less desirable AS path by configuring AS-path prepending.

Modifying the AS Path Example

R1(config)# route-map SET-AS-PATH permit 10

R1(config-route-map)# set as-path prepend 65040 65040 65040




R1(config-router)# neighbor 172.16.1.1 route-map SET-AS-PATH out


R1(config)#

Setting the MED

MED is used to decide how to enter an AS when

multiple paths exist.

◦ When comparing MED values for the same

destination network in the BGP path-selection

process, the lowest MED value is preferred.

◦ Default is 0.

However, because MED is evaluated late in the

BGP path-selection process, it usually has no

influence.

There are two ways to alter the MED:

◦ To change the MED for all routes use thedefault-metric router configuration

command.

◦ To change the MED of specific routes / as path, use route maps.



2. Prefer highest

LOCAL_PREF

3. Prefer locally generated

routes


5. Prefer lowest ORIGIN (IGP

< EGP < incomplete)



8. Prefer routes through

closest IGP neighbor


BGP router ID


neighbor IP address

Setting the Default MED Example


• The default MED of R1 should be changed to 1001.

• The default MED of R2 should be changed to 99.

Setting the Default MED Example

The results are that the inbound bandwidth utilization on:

• R1 to ISP1 link has decreased to almost nothing except for BGP routing updates.

• R2 to ISP2 link has increased due to all returning packets from AS 65004.

• A better solution is to have route maps configured that will make some networks have a lower MED through R1 and other networks to have a lower MED through R2.



R1(config-router)#



R2(config-router)#

Setting the MED with Route Maps Example



R1(config)#

R1(config)# route-map MED-65004 permit 10


R1(config-route-map)# set metric 100


R1(config-route-map)# route-map MED-65004 permit 100



R1(config)#








R1(config-router)# neighbor 192.168.28.1 route-map MED-65004 out

R1(config-router)#exit



R2(config)#

R2(config)# route-map MED-65004 permit 10




R2(config-route-map)# route-map MED-65004 permit 100



R2(config)#








R2(config-router)# neighbor 172.20.50.1 route-map MED-65004 out


R2(config)#


ISP3# show ip bgp


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale



*>i192.168.24.0 172.20.50.2 100 100 0 65001 i

* i 192.168.28.2 200 100 0 65001 i

* i192.168.25.0 172.20.50.2 200 100 0 65001 i

*>i 192.168.28.2 100 100 0 65001 i

* i192.168.26.0 172.20.50.2 200 100 0 65001 i

*>i 192.168.28.2 100 100 0 65001 i


BGP terminology and concepts, including:

◦ BGP’s use between autonomous systems.

◦ The range of private AS numbers: 64512 to 65535.

◦ Requirements for Enterprise connection to an ISP including public IP address space, link type and bandwidth, routing protocol, and connectivity redundancy.

The four connection link type options: circuit emulation, MPLS VPNs, static routes, and BGP.

The four connection redundancy types: Single-homed, Dual-homed, Multihomed, Dual-multihomed.

BGP neighbor (peer) relationships:

◦ IBGP is when BGP runs between routers in the same AS

◦ EBGP is when BGP runs between routers that are in different autonomous systems; EBGP neighbors are typically directly connected

Multihoming options:

◦ Each ISP passes only a default route to the AS.

◦ Each ISP passes only a default route and provider-owned specific routes to the AS.

◦ Each ISP passes all routes to the AS.

BGP's loop free guarantee, because it does not accept a routing update that already includes its AS number in the path list.

When to use BGP and when not to use BGP.

Summary

BGP’s classification as a path vector protocol and its use of TCP protocol 179.

The use of full-mesh IBGP on all routers in the transit path within the AS.

The BGP synchronization rule.

The three tables used by BGP: the BGP table, IP routing table, and BGP neighbor table.

The four BGP message types: open, keepalive, update, and notification..

BGP attributes: well-known or optional, mandatory or discretionary, and transitive or nontransitive.

The BGP Well-known attributes including: AS-path, next-hop and origin.

The BGP Well-known discretionary attributes including: local-preference, atomic aggregate.

The BGP optional transitive attributes including: aggregator and community.

The BGP optional nontransitive attributes including the MED.

The Cisco specific weight attribute was also discussed.

The 11-step BGP route selection decision process.

BGP configuration commands.

BGP verification commands.

BGP path manipulation commands.

Summary

Date post:	17-Jul-2015
Category:	Education
Upload:	diledastan
View:	94 times
Download:	1 times

Routing Protocol in detail

Education