Professional Documents
Culture Documents
refreshing.
I also invite you to join me on
Twitter, Facebook, LinkedIn, and
other social media sites. Im there
live every day and happy to chat
with you there!
Nuff said! Lets get started
and as always, thanks for making
TBA part of your CCNP success
story!
Chris Bryant
CCIE #12933
The Computer Certification
Bulldog
Chris Bryant
CCIE #12933
The Computer Certification
Bulldog
chris@thebryantadvantage.com
Website:
http://www.thebryantadvantage.com/
Twitter:
http://www.twitter.com/ccie12933
Facebook: http://on.fb.me/gPq52d
Blog:
http://thebryantadvantage.blogspot.co
YouTube:
http://www.youtube.com/user/ccie12
YouTube
Computer
http://www.youtube.com/user/ccie12
I hope youll click subscribe
while youre out there - Im adding
new videos AND certifications on a
regular basis, including Security+,
Network+, and a new CCNA
Security course in 2012!
Youll also find links to individual
videos on that channel at the end of
most chapters of this ebook.
http://www.thebryantadvantage.com/C
Be sure to scroll ALL the way
down that page - there are links to
practice exams, tutorials, and Video
Boot Camps!
For future reference, or for review,
here are my pages for the SWITCH
and TSHOOT exams:
SWITCH:
http://www.thebryantadvantage.com/C
TSHOOT:
http://www.thebryantadvantage.com/C
I also have a Video Boot Camp
hosted on Udemy.com -- well,
actually, two of them!
The first is 100% free and is a
tremendous lab and lecture on route
redistribution and multiarea OSPF.
This is must-see material, my
friends and you can watch it
online, or you can download it - or
both!
http://www.udemy.com/ccnp-routeboot-camp-redistribution-and-ospfstub-areas/
Theres also a full hour-long
preview from my CCNP ROUTE
DVD on that site:
http://www.udemy.com/ccnp-routeon-demand-video-boot-camp/
And should you choose to enroll in
that course OR get the DVD, please
remember to use this link and save
yourself $10!
http://www.thebryantadvantage.com/C
When I post new videos or
tutorials, or whenever theres
important news in the computer
certification world, I always post it
on our Facebook and Twitter feeds
as well as the Bulldog Blog.
I urge you to click these links and
join us!
We have some great conversations
and the occasional giveaway out
there -- and if you have a question
or comment, just send it via Twitter
or leave it on Facebook! Im
always happy to hear from you!
Twitter:
http://www.twitter.com/ccie12933
Facebook: http://on.fb.me/gPq52d
Bulldog
Blog:
http://thebryantadvantage.blogspot.co
The CCNP ROUTE exam is a tough
one. Use all of these resources in
addition to this study guide - and
thanks for making TBA part of your
CCNP success story!
Chris Bryant
CCIE #12933
The
Computer
Bulldog
Certification
Dedication
For Suzy and Squeaky
http://www.thebryantadvantage.com/C
I know youll be happy with any
and all of my Video Boot Camp
DVDs.
You have my word and my name on
it.
Chris Bryant
CCIE #12933
The
Computer
Certification
Bulldog
http://www.thebryantadvantage.com/
Copyright Information:
Cisco, Cisco Systems, CCIE,
CCNP, CCNA, Cisco Certified
Network Administrator, Cisco
Certified Network Professional,
and Cisco Certified Internetwork
Expert are registered trademarks of
Cisco Systems, Inc., and/or its
affiliates in the U.S. and certain
countries.
All other products and company
names
are
the
trademarks,
registered trademarks, and service
marks of the respective owners.
Table Of Contents
Introduction:
Free Resources For The
CCNP ROUTE Exam:
Dedication:
DVD Discount Offer:
Legal Notices:
IP Routing Fundamentals:
EIGRP Fundamentals:
EIGRP Intermediate and
Advanced Skills:
Link State Protocols And
Single-Area OSPF:
Multi-Area OSPF And
OSPF Route Redistribution:
BGP:
Remote Workplace: VPNs
and IPSec:
Remote Workplace, Part II
:
IP Version 6:
Route Redistribution:
Bonus Section: Creating A
VLSM Scheme:
More VLSM!:
IP Routing Fundamentals
protocols:
R5#show ip protocols
Routing Protocol is rip
Sending updates every 30 seconds, next
due in 16 seconds Invalid after 180
seconds, hold down 180, flushed after 240
Remember, everything we do on a
router has a cost to that router and
others - a cost in CPU, bandwidth,
and time. Those continual RIP
updates have a high cost and very
little value.
Drawback 2: RIPv1 is a classful
routing protocol, and therefore does
not support VLSM. The only masks
RIPv1 understands are the classful
masks for Class A (255.0.0.0),
Class B (255.255.0.0), and Class C
(255.255.255.0).
Drawback 3: Both versions of RIP
only understand hop count -
table
Uses Bellman-Ford and
default equal-cost load
sharing, max hop count is 15,
updates carry 25 routes max
Supports routing update
authentication (clear-text and
MD5)
EIGRP:
Multicasts to 224.0.0.10
Of
Administrative
AD values to know:
Directly connected route /
Static route using exit
interface: 0
Static route with next-hop IP
address: 1
EIGRP Summary: 5 (if you
know where to look -- more on
that later)
External BGP: 20
Internal EIGRP: 90
OSPF: 110
RIP: 120
External EIGRP: 170
Internal BGP: 200
Unknown network: 255
You may notice some differences
things!) by
protocols.
running
show
ip
Interface
Send
Serial0
Gateway
Distance
172.12.123.3 120
172.12.123.2 120
Distance: (default is 120)
Static Routing
Routing protocols are much more
effective in keeping an accurate
routing table, and adapt to network
changes much more quickly than
static routing - and it takes a lot less
of our time, too.
So why use static routing at all?
If a route has one IP address as the
next-hop address for every single
route in its table, why keep a full
dynamic routing table when a single
static default route will do?
subnets, 2 masks
R
172.12.23.0/27 [120/1] via
172.12.123.2, 00:00:26, Serial0
[120/1] via
172.12.123.3, 00:00:08, Serial0
C
172.12.123.0/24 is directly
connected, Serial0
10.0.0.0/24 is subnetted, 1 subnets
C
10.1.1.0 is directly connected, Ethernet0
S*
0.0.0.0/0 is directly connected, Serial0
R1#
Frame
Network:
172.12.123.0 /24
R1 / R3 Serial
210.1.1.0 /24
R2 / R3 Ethernet
172.12.23.0 /27
Connection:
Network:
172.12.23.0
<1-255>
name
permanent
tag
R1(config)#ip
route
255.255.255.224 210.1.1.3 200
Distance
metric for th
route
Specify
name of the
next hop
permane
route
Set tag fo
this route
172.12.23.0
C
Ethernet0
R1#ping 172.12.23.3
Type escape sequence to abort.
R1#show ip route
< code table removed for clarity >
172.12.0.0/16 is variably subnetted, 2
subnets, 2 masks
R
172.12.23.0/27 [120/1] via
greatest
in
resources.
Propagating A Default Route
With RIP, IGRP, And No IP
Routing
When it comes to default routing,
youve got three choices:
Use the ip route command
with all zeroes for the
destination address and subnet
mask
Use the ip default-network
command
Use the ip default-gateway
command
Youve got the ip route command
down cold at this point, so lets take
a closer look at ip default-network.
Well use the following network.
The common subnet is 172.12.123.0
/24. We want R1 to advertise its
directly
connected
network
100.1.1.0 /24 to R2 and R3 as a
default route.
00:00:12, Serial0
R3#show ip route rip
R*
0.0.0.0/0 [120/1] via 172.12.123.1,
00:00:02, Serial0
TFTP, port 69
NetBIOS name service, port
137
NetBIOS datagram service,
port 138
IEN-116 name service, port 42
Thats going to cover most
scenarios where the ip helper-
forward-protocol
udp ?
<0-65535> Port number
Biff (mail
biff
notification, comsat,
512)
Bootstrap
bootpc
Protocol (BOOTP)
client (68)
Bootstrap
bootps
Protocol (BOOTP)
server (67)
R1(config)#ip
discard
Discard (9)
DNSIX security
dnsix
protocol auditing
(195)
Domain Name
domain
Service (DNS, 53)
echo
Echo (7)
Internet Security
isakmp
Association and
(500)
Key Management
Protocol
Mobile IP
mobile-ip registration (434)
IEN116 name
nameserver service (obsolete,
42)
netbiosNetBios datagram
dgm
service (138)
NetBios name
service (137)
NetBios session
netbios-ss
service (139)
Network Time
ntp
Protocol (123)
pim-autoPIM Auto-RP
rp
(496)
Routing
Information
rip
Protocol (router,
in.routed, 520)
netbios-ns
snmp
Simple Network
Management
Protocol (161)
SNMP Traps
snmptrap
sunrpc
tacacs
talk
tftp
time
who
(162)
Sun Remote
Procedure Call
(111) syslog System
Logger (514)
TAC Access
Control System (49)
Talk (517)
Trivial File
Transfer Protocol
(69)
Time (37)
Who service
(rwho, 513)
X Display
xdmcp
Manager Control
Protocol (177)
<cr>
R1(config)#ip forward-protocol udp 123
R1(config)#no ip forward-protocol udp 137
R1(config)#no ip forward-protocol udp 138
Just click this link for a free hourlong preview AND $10 off the
already low price!
http://bit.ly/A7pLBu
Available for immediate download
and on DVD!
EIGRP Fundamentals
Introduction To EIGRP
Link state protocols (OSPF) and
distance vector protocols (RIP)
have clear-cut differences in the
way the best routes are determined
and what is actually exchanged
between routers. Just as a hybrid
plant has characteristics of more
than one plant, a hybrid routing
protocol has characteristics of both
link state and distance vector
protocols. The hybrid protocol is
Enhanced
Interior
Gateway
Routing Protocol EIGRP.
EIGRP has a lot going for it:
Rapid convergence upon a
change in the network, because
backup routes (Feasible
Successors) are calculated
before theyre actually needed
due to the loss of a primary
route (Successor)
Offers multiprotocol support
(supports IP, IPX, and
AppleTalk)
Supports Variable-Length
Subnet Masking (VLSM) and
Classless Inter-Domain
Routing (CIDR)
The one little problem with EIGRP
is that its Cisco-proprietary,
making it unsuitable for a
multivendor environment.
EIGRP is the enhanced version of
the original Interior Gateway
Routing Protocol (IGRP), which is
no longer supported by new Cisco
IOSes and is no longer a part of
Hello packets
224.0.0.10) to
weights.
Changing the metric weights is
covered in the Advanced EIGRP
section; for now, know that these
metric weights must be the same on
each router or the neighbor
relationship will not be established.
As with OSPF, once the neighbor
relationship is present, it is the
Hello packets that keep it alive. If
the Hellos are no longer received
by a router, the neighbor
relationship will eventually be
terminated.
The Successor
Successor
and
Feasible
R1#conf t
R1(config)#router eigrp 100
R1(config-router)#no auto-summary
R1(config-router)#network
172.12.123.0
0.0.0.255
R2#conf t
R2(config)#router eigrp
router)#no auto-summary
R2(config-router)#network
0.0.0.255
100
R2(config172.12.123.0
172.12.0.0
00000000
00000000
11111111 = 0.0.0.255
Using wildcard masks takes some
getting used to, and just make sure
to be careful on your exam:
Subnet masks begin with
strings of consecutive 1s
Wildcard masks begin with
strings of consecutive 0s and
are required in OSPF network
statements, but not EIGRP
network statements
Now lets get back to our EIGRP
deployment!
D
172.23.23.0 [90/2195456] via
172.12.123.2, 00:01:01, Serial0
[90/2195456] via
172.12.123.3, 00:01:01, Serial0
R2#show ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D
1.1.1.1 [90/2297856] via
172.12.123.1, 00:01:33, Serial0
3.0.0.0/32 is subnetted, 1 subnets
D
3.3.3.3 [90/409600] via 172.23.23.3,
00:01:35, Ethernet0
R3#show ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D
1.1.1.1 [90/2297856] via
172.12.123.1, 00:01:46, Serial0
2.0.0.0/32 is subnetted, 1 subnets
D
2.2.2.2 [90/409600] via 172.23.23.2,
00:01:49, Ethernet0
Table
for
AS(100)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q Query, R - Reply,
r - reply Status, s - sia Status
P 3.3.3.3/32, 1 successors, FD is 2297856
via 172.12.123.3 (2297856/128256),
Serial0
via 172.12.123.2 (2323456/409600),
Serial0
P 2.2.2.2/32, 1 successors, FD is 2297856
via 172.12.123.2 (2297856/128256),
Serial0
via 172.12.123.3 (2323456/409600),
Serial0
P 1.1.1.1/32, 1 successors, FD is 128256
via Connected, Loopback0
P 172.23.23.0/27, 2 successors, FD is 2195456
via 172.12.123.3 (2195456/281600),
Serial0
via 172.12.123.2 (2195456/281600),
Serial0
P 172.12.123.0/24, 1 successors, FD is 2169856
via Connected, Serial0
via
via
via
via
R2:
router eigrp 100
network 20.1.0.0 0.0.255.255
R3:
router eigrp 100
network 20.3.0.0 0.0.255.255
network 20.4.0.0 0.0.255.255
network 172.12.0.0
auto-summary
information.
EIGRP and RIPv2 do carry subnet
mask information, but the default
autosummarization causes trouble
with this network. R1 is now
receiving the exact same update
from both R2 and R3, and its for
the classful network 20.0.0.0 /8.
min/avg/max = 68/68/68 ms
R1#ping 20.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.4.4.4,
timeout is 2 seconds:
!U!.!
Success rate is 60 percent (3/5), round-trip
min/avg/max = 68/68/68 ms
via
via
via
via
Load
Sharing
And
maximum-paths command
:)
The
Setting maximum-paths
disables load balancing.
DUAL
Queries
And
Passive Is A Good Thing
to
Why
Back To Index
Recommended Video Viewing:
EIGRP Tables and Commands:
http://www.youtube.com/watch?
v=ZndBgShoxl4
Advanced EIGRP Concepts:
http://www.youtube.com/watch?
v=LPuXmiKznEI
Video Practice Exam on Route
Redistribution:
http://www.youtube.com/watch?
v=eY2yyRd0lvM
The Mystery Of The AD 5:
http://www.youtube.com/watch?
v=X9AzQCt7rCM
Free CCNP ROUTE Video Boot
Camp on route redistribution:
http://bit.ly/Arnhjq
Enjoy! -- Chris B.
EIGRP Fundamentals
Lets take a few minutes to review
EIGRP fundamentals and add to
those mentioned in the Basic EIGRP
section.
EIGRP is a Cisco-proprietary
protocol that improves greatly on
the original version of this protocol,
of using EIGRP
routers
form
neighbor
Interface.
An EIGRP neighbor relationship is
declared dead when three hello
packets are missed, meaning the
EIGRP dead time on an ethernet
segment is 15 seconds and 180
seconds on an NBMA interface
such as a Serial interface. If you
change the hello transmission time,
Cisco recommends you change the
hold time as well to keep it to three
times the hello value.
To
verify
EIGRP
neighbor
relationships, run show ip eigrp
neighbors.
found
6d00h: EIGRP: New peer 172.12.123.2
6d00h: EIGRP: New peer 172.12.123.3
EIGRP
Adjacencies
Secondary Addresses
And
R2(config)#interface ethernet0
R2(config-if)#ip
address
255.255.255.0
R2(config-if)#ip
address
255.255.255.0 secondary
172.12.23.2
23.23.23.2
R3(config)#interface ethernet0
R3(config-if)#ip
address
255.255.255.0
R3(config-if)#ip
address
255.255.255.0 secondary
172.12.23.3
23.23.23.3
172.12.23.2
Et0
received.
R1#show ip eigrp traffic
IP-EIGRP Traffic Statistics for process 100
Hellos sent/received: 110457/115367
Updates sent/received: 43/17
Queries sent/received: 4/0
Replies sent/received: 0/4
Acks sent/received: 14/21
Input queue high water mark 2, 0 drops
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0
Table
for
disabled
limit for active state
<cr>
R1(config-router)#timers active-time 5
answered.
The queried routers resources
are unavailable, generally due
to high CPU utilization.
The queried routers memory
is corrupt or otherwise unable
to allow the router to answer
the query.
The link between the two
routers is of low quality,
allowing just enough packets
through to keep the neighbor
like this:
Route 100.1.4.0/24 stuck-in-active state in IPEIGRP-100
Table
for
Table
for
carry the traffic, use the trafficshare command with the min
option. The default is balanced.
R1(config)#router eigrp 100
R1(config-router)#traffic-share ?
balanced Share inversely proportional to
metric
min
All traffic shared among min metric
paths
R1(config-router)#traffic-share min ?
across-interfaces Use different interfaces
for equal-cost paths
R1(config-router)#traffic-share min acrossinterfaces ?
<cr>
R1(config-router)#traffic-share min acrossinterfaces
Path 3: 55000
Sounds like we have two pretty fast
links and one sloooow one. Do you
really want to load balance over
that third path? Probably not. Its
better than having no third link at
all, but I wouldnt include it in load
balancing.
variance is an all-or-nothing
command -- you cant apply it to
just a selected route in the topology
table. In my experience, its a good
idea to keep the variance command
at the lowest value possible to
avoid load balancing over paths
both
equal-cost
and
via
172.12.123.2
(2323456/409600), Serial0
Condition
In
R1 - R4 - R3: FD 40, AD 20
R1 - R2 - R3: FD 70, AD 20
R1 - R5 - R3: FD 115, AD 75
Its very tempting to look at these
metrics and think that we could use
variance to use all three paths for
unequal-cost load balancing. The
problem is that you cant use a path
that doesnt meet the Feasibility
Condition.
In the exam room and in the real
world, make sure any routes you
want to use in unequal-cost load
balancing meet the Feasiblity
R2(config-router)#redistribute connected
R3#show ip route eigrp
2.0.0.0/32 is subnetted, 1 subnets
D EX
2.2.2.2 [170/409600] via 172.23.23.2,
00:00:05, Ethernet0
deployment,
and
autosummarization.
that
is
If
EIGRPs
default
autosummarization is left on, the
hub router is going to get two
advertisements for the major
Many
real-world
EIGRP
deployments have no autosummary configured on every
D
100.4.0.0 [90/2297856] via
00:00:00, Serial0
D
100.5.0.0 [90/2297856] via
00:00:00, Serial0
D
100.6.0.0 [90/2297856] via
00:00:00, Serial0
D
100.7.0.0 [90/2297856] via
00:00:00, Serial0
D
100.1.0.0 [90/2297856] via
00:00:00, Serial0
D
100.2.0.0 [90/2297856] via
00:00:00, Serial0
D
100.3.0.0 [90/2297856] via
00:00:00, Serial0
172.12.123.1,
172.12.123.1,
172.12.123.1,
172.12.123.1,
172.12.123.1,
172.12.123.1,
172.12.123.1,
binary strings.
Loopback7
D
100.0.0.0/13 is a
00:07:32, Null0
C
100.1.0.0/16 is directly
Loopback0
C
100.2.0.0/16 is directly
Loopback2
C
100.3.0.0/16 is directly
Loopback3
summary,
connected,
connected,
connected,
Loopback1
C
Loopback2
Ta da!
Where Should Manual Route
Summarization Be Performed?
20.1.1.1
R1(config)#int s0
R1(config-if)#ip bandwidth-percent eigrp ?
<1-65535> Autonomous system number
R1(config-if)#ip bandwidth-percent eigrp 100 ?
<1-999999> Maximum bandwidth
percentage that EIGRP may use
R1(config-if)#ip bandwidth-percent eigrp 100
300
168.
I know it sounds crazy, so heres the
proof that you can actually do this:
R3(config)#interface serial0
R3(config-if)#bandwidth 56
R3(config-if)#ip bandwidth-percent eigrp ?
<1-65535> Autonomous system number
R3(config-if)#ip bandwidth-percent eigrp 100 ?
<1-999999> Maximum bandwidth
percentage that EIGRP may use
R3(config-if)#ip bandwidth-percent eigrp
100 300
routing.
By default, EIGRP stub routers
advertise information about two
types of routes back to the hub directly connected networks and
summary routes.
Configuring an EIGRP router as
stub is very simple:
R1(config)#router eigrp 100
R1(config-router)#eigrp stub
Just A Reminder
I know you remember this from
your CCNA studies, but Im going
to tell you anyway - EIGRP
assumes that a serial interface is
connected to a T1 line, which runs
at 1544 kbps (or 1.544 mbps). If
this isnt the case in your network,
So
Passive
About
Passive Interface?
On occasion - say, maybe your
CCIE lab date :) - you may want to
advertise a network via EIGRP, but
not want to send EIGRP-related
traffic out the interface youre
advertising.
For example, lets say you want to
advertise our Ethernet segment of
172.23.23.0 /24 to R1, but you
dont want any EIGRP traffic,
Hellos or otherwise, to be sent out
the interfaces on that segment.
Configuring the Ethernet0 interfaces
on R2 and R3 as passive will make
that happen.
When you configure an EIGRPenabled interface as passive, that
interface will not transmit Hello
packets. Since the absence of Hello
packets means no adjacencies, no
other EIGRP packets will go out
those interfaces.
There are two approaches to
configuring passive interfaces:
Option 1: Use the passive-interface
default command to make every
EIGRP-enabled interface on the
router passive, and then use the no
passive-interface command to
indicate the interfaces that should
not be passive.
The following configuration will
first enable EIGRP passive
interface as the default, and the next
command disables that same feature
on Serial0.
R1(config)#router eigrp 100
R1(config-router)#passive-interface ?
BRI
ISDN Basic Rate Interface
Ethernet IEEE 802.3
Loopback Loopback interface
Null
Null interface Serial Serial
default
Suppress routing updates on all
interfaces
<cr>
R1(config-router)#passive-interface default
R1(config-router)#no passive-interface ?
BRI
ISDN Basic Rate Interface
Ethernet IEEE 802.3
Loopback Loopback interface
Null
Null interface
Serial
Serial
default
Suppress routing updates on all
interfaces
<cr>
R1(config-router)#no
passive-interface
serial0
(always or otherwise).
The good news: We can redistribute
a static default route into EIGRP, or
we can indicate a default network
with the ip default-network
command.
To go with the static default option,
just create a static default route
with the ip route command and
follow that with the redistribute
command.
R1(config)#ip route 0.0.0.0 0.0.0.0 ethernet0
R1(config)#router eigrp 100
R1(config-router)#redistribute static ?
metric
Metric for redistributed routes
route-map Route map reference
<cr>
R1(config-router)#redistribute static metric ?
<1-4294967295> Bandwidth metric in Kbits
per second
R1(config-router)#redistribute static metric 1544
?
<0-4294967295> IGRP delay metric, in 10
microsecond units
R1(config-router)#redistribute static metric 1544
10 ?
<0-255> IGRP reliability metric where 255 is
100% reliable
R1(config-router)#redistribute static metric 1544
10 255 ?
<1-255> IGRP Effective bandwidth metric
(Loading) where 255 is 100% loaded
R1(config-router)#redistribute static metric 1544
10 255 1 ?
<1-4294967295> IGRP MTU of the path
R1(config-router)#redistribute static metric 1544
10 255 1 1500
or will I?
Dont try to use the ip defaultnetwork command in the EIGRP
config itself - its a globally
configured command.
R1(config)#ip default-network 20.0.0.0
downstream routers.
R2#show ip route eigrp
100.0.0.0/13 is subnetted, 1 subnets
D
100.0.0.0 [90/2297856] via
172.12.123.1, 00:02:46, Serial0
D*
10.0.0.0/8 [90/2195456] via 172.12.123.1,
00:01:37, Serial0
Authenticating
Neighbors
Our
EIGRP
right now!
First, define the password and any
other options such as start-time and
end-time with the key chain
command. Before setting any
options, though, configure the actual
password with the key-string
command.
R3(config)#key chain ?
WORD Key-chain name
R3(config)#key chain EIGRPNEIGHBOR ?
<cr>
R3(config)#key chain EIGRPNEIGHBOR
R3(config-keychain)#key ?
<0-2147483647> Key identifier
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string ?
<0-7> Encryption type (0 to disable
key-string
Set key string
no
Negate a command or set
its defaults
send-lifetime
Set send lifetime of key
R3(config-keychain-key)#accept-lifetime ?
hh:mm:ss Time to start
local
Specify time in local timezone
R3(config-keychain-key)#accept-lifetime
10:00:00 ?
<1-31> Day of the month to start
MONTH Month of the year to start
R3(config-keychain-key)#accept-lifetime
10:00:00 Jan 1 ?
<1993-2035> Year to start
R3(config-keychain-key)#accept-lifetime
10:00:00 Jan 1 2010 ?
duration Set key lifetime duration
hh:mm:ss Time to stop
infinite
Never expires
R3(config-keychain-key)#accept-lifetime
10:00:00 Jan 1 2010 infinite
R3(config-keychain-key)#send-lifetime 10:00:00
Jan 1 2010 infinite
R3(config-if)#
04:01:46: %DUAL-5-NBRCHANGE:
EIGRP 100: Neighbor 172.23.23.2
(Ethernet0) is down: Auth failure
IP-
100 ?
WORD name of key-chain
R3(config-if)#ip authentication key-chain eigrp
100 EIGRPNEIGHBOR ?
<cr>
R3(config-if)#ip authentication key-chain eigrp
100 EIGRPNEIGHBOR
!
interface Ethernet0
ip address 172.23.23.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100
EIGRPNEIGHBOR
http://www.youtube.com/watch?
v=X9AzQCt7rCM
Video Exam & Boot Camp Includes EIGRP:
http://www.youtube.com/watch?
v=f5_i2yEXj3s
Free CCNP ROUTE Video Boot
Camp on route redistribution:
http://bit.ly/Arnhjq
Enjoy! -- Chris B.
link.
If there is no entry for that link, the
receiving router will make one
*and* flood that LSA out every
OSPF-enabled interface on the
router except the one it came in on.
If there is an entry, one of three
situations exists. Either the
incoming LSA has a sequence
number that is the same, lower, or
higher than the entry already in the
database.
If the sequence number is the
same, the LSA is ignored and
Flood
Network
RouterC: 172.1.1.3
RouterD: 172.1.1.4
An OSPF configuration on an
Ethernet segment will default to an
OSPF broadcast network, and a DR
and BDR will be elected. If we
wanted one particular router to
become the DR or BDR, we could
use the ip ospf priority command to
rig the election.
On a large segment, its a good idea
to have your more powerful routers
fill these roles - being the DR or
BDR for a segment or segments
does increase the load on the CPU.
As always, everything we do on a
Cisco router has a cost.
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 0 msec, maximum is 4
msec
Neighbor Count is 1, Adjacent neighbor
count is 1
Adjacent with neighbor 8.8.8.8
(Designated Router)
Suppress hello for 0 neighbor(s)
R2(config)#int s0
R2(config-if)#ip ospf priority 0
R3(config)#int s0
R3(config-if)#ip ospf priority 0
Point-To-Multipoint
Types
Network
network
point-to-multipoint
command on R1s serial interface.
There would be no DR or BDR
elected, and no neighbor statements
would be necessary.
The OSPF network type point-tomultipoint now offers both a
broadcast
and
nonbroadcast
option. Well now configure the
frame relay network as point-topoint broadcast and then point-topoint nonbroadcast.
Point-to-Multipoint
Broadcast
Network Configuration
OSPF cost
cost
databasefilter
pollinterval
priority
point-tomultipoint
neighbor
Filter OSPF
LSA during
synchroniza
and floodin
for point-to
multipoint
neighbor
OSPF dead
router polli
interval
OSPF prior
of nonbroadcast
neighbor
<cr>
R1(config-router)#neighbor 172.12.123.2 cost ?
<1-65535> metric
R1(config-router)#neighbor 172.12.123.2 cost
20
Point-to-Multipoint
Nonbroadcast
Configuration
Network
Running
OSPF
Networks
Over
Topologies:
Broadcast
NBMA
Should!
We could have used the ip ospf
network broadcast command on all
the routers connected to the frame
network, and as long as theres a
full mesh, technically the network
should work and the routers would
act as though they were actually
communicating through a LAN.
In the real world, using the OSPF
broadcast network type on an
NBMA segment can lead to
unpredictable results, and I
personally wouldnt do it. Why
spend your time troubleshooting
number of retransmission 1
First 0x2C8F8E(15)/0x0(0) Next
0x2C8F8E(15)/0x0(0)
Last retransmission scan length is 1,
maximum is 1
Last retransmission scan time is 0 msec,
maximum is 0 msec
Link State retransmission due in 3044
msec
yet.
Knowledge destroys fear and panic.
There
are
three
main
misconfigurations that cause 99% of
virtual link configuration issues:
Using the wrong OSPF RID
value
Trying to use a stub area as the
transit area
Failure to configure
authentication on the virtual
Of
Multi-Area
0x06BDFB
Number of opaque link LSA 0.
Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
is:
100,000,000 / Bandwidth in bps
(NOT kbps!)
Youll see some documentation that
lists the first part of that formula as
10 to the 8th power, but I feel its
easier to remember 100,000,000
(one hundred million). If you have
reason to perform this calculation
manually, remember that the
expression for bandwidth here is
bits per second (bps), not thousands
of bits per second (kbps).
Here are some default OSPF
interface costs
interface speeds:
for
common
56 kbps = 1785
T1 line = 64
Ethernet = 10
16 MBPS Token Ring = 6
FDDI and 100 MBPS Ethernet
=1
In your CCNA studies, you learned
that the interface-level bandwidth
command can be used to give
EIGRP a more accurate picture of
the bandwidth of a serial link. This
command can also be used with
OSPF.
For example, if serial1 on a router
was running at 512 kbps rather than
the assumed serial link speed of
1544 kbps, the bandwidth command
can be used to give OSPF a truer
picture of the link speed. OSPF will
recalculate the path cost almost
immediately after using this
command.
The cost of an interface can be seen
with the show ip ospf interface
command. Note that this serial port
is shown with an OSPF cost of 64,
meaning that OSPF is assuming the
OSPF
ospf
ospf
your
Full
The Area ID
Stub area flag setting (on or
off)
Link authentication password
(use is optional, but if used,
both neighbors must agree on
the password)
The process number does not have
to be agreed upon - that value is
locally significant only. (Yeah, I
know I said that before. Im saying
it again. :) )
Adjacency
Behavior
With
Multiple OSPF Routers On A
Broadcast Segment
Youll
hear
about
OSPF
adjacencies stuck in 2-way, and
many people think thats what is
happening here, but its not. The
we
have
the
of OSPF down
OSPF
YouTube
http://www.youtube.com/user/ccie12
Free CCNP ROUTE Video Boot
Traffic going from one nonbackbone area to another nonbackbone area must cross Area 0.
For that reason, Area 0 is generally
going to be found at the center, or
core, of the network. The network
we will build in this section will
have Area 0 at the very center.
Well start by placing the serial0
interface on R1, R2, and R3 into
Area 0. The network 172.12.123.0
/24 is running over the frame, with
each router using its router number
as the 4th octet. The loopback of
each router will be placed into an
R1(config)#router ospf 1
R1(config-router)#network
172.12.123.0
0.0.0.255 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area
1
R1(config-router)#neighbor 172.12.123.2
R1(config-router)#neighbor 172.12.123.3
R2(config)#interface serial0
R2(config-if)#ip ospf priority 0
R2(config-if)#router ospf 1
R2(config-router)#network
172.12.123.0
0.0.0.255 area 0
R2(config-router)#network 2.2.2.2 0.0.0.0 area
2
R3(config)#interface serial0
R3(config-if)#ip ospf priority 0
R3(config-if)#router ospf 1
R3(config-router)#network
172.12.123.0
0.0.0.255 area 0
R3(config-router)#network 3.3.3.3 0.0.0.0 area
3
00:00:00, Serial0
R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O AI
1.1.1.1 [110/65] via 172.12.123.1,
00:00:23, Serial0
3.0.0.0/32 is subnetted, 1 subnets
O AI
3.3.3.3 [110/65] via 172.12.123.3,
00:00:23, Serial0
R3#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O AI
1.1.1.1 [110/65] via 172.12.123.1,
00:01:59, Serial0
2.0.0.0/32 is subnetted, 1 subnets
O AI
2.2.2.2 [110/65] via 172.12.123.2,
00:00:07, Serial0
R2#show ip ospf
Routing Process ospf 1 with ID 2.2.2.2
R3#show ip ospf
Routing Process ospf 1 with ID 3.3.3.3
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an area border router
R3(config)#router ospf 1
R3(config-router)#network
0.0.0.255 area 34
R4(config)#router ospf 1
R4(config-router)#network
172.34.34.0
172.34.34.0
0.0.0.255 area 34
O IA
3.3.3.3 [110/11] via 172.34.34.3,
00:01:03, Ethernet0
172.12.0.0/24 is subnetted, 1 subnets
O IA
172.12.123.0 [110/74] via
172.34.34.3, 00:01:03, Ethernet0
R5(config)#router rip
R5(config-router)#version 2
R5(config-router)#no auto-summary
R5(config-router)#network 5.0.0.0
R5(config-router)#network 6.0.0.0
R5(config-router)#network 7.0.0.0
R5(config-router)#network 15.0.0.0
R1(config)#router rip
R1(config-router)#version
2
R1(configrouter)#no auto
R1(config-router)#network 15.0.0.0
Serial1
subnets
R1(config-router)#redistribute rip subnets
R1(config-router)#router rip
R1(config-router)#redistribute connected metric
1
R1(config-router)#redistribute ospf 1 metric 1
R1#show ip ospf
Routing Process ospf 1 with ID 1.1.1.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an area border and autonomous
system boundary router
Redistributing External Routes from,
connected, includes subnets in
redistribution
rip, includes subnets in redistribution
R5#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 68/68/72 ms
R5#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 68/70/72 ms
R5#ping 172.34.34.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.34.34.4,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 96/100/108 ms
was
originally learned
via
redistribution - the only RIP route
code is R.
Lets take a look at R4s OSPF
routing table, and see if R4 can ping
R5s loopbacks.
R4#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA
1.1.1.1 [110/75] via 172.34.34.3,
00:33:33, Ethernet0
2.0.0.0/32 is subnetted, 1 subnets
O IA
2.2.2.2 [110/75] via 172.34.34.3,
00:33:33, Ethernet0
3.0.0.0/32 is subnetted, 1 subnets
O IA
3.3.3.3 [110/11] via 172.34.34.3,
00:33:33, Ethernet0
5.0.0.0/32 is subnetted, 1 subnets
O E2
5.1.1.1 [110/20] via 172.34.34.3,
00:33:21, Ethernet0
6.0.0.0/32 is subnetted, 1 subnets
O E2
6.1.1.1 [110/20] via 172.34.34.3,
00:33:21, Ethernet0
172.12.0.0/16 is variably subnetted, 2
subnets, 2 masks
O IA
172.12.123.0/24 [110/74] via
172.34.34.3, 00:33:33, Ethernet0
7.0.0.0/32 is subnetted, 1 subnets
O E2
7.1.1.1 [110/20] via 172.34.34.3,
00:33:21, Ethernet0
15.0.0.0/24 is subnetted, 1 subnets
O E2
15.1.1.0 [110/20] via 172.34.34.3,
00:33:32, Ethernet0
R4#ping 5.1.1.1
Type escape sequence to abort.
R4#ping 6.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.1.1.1,
timeout is 2 seconds:!!!!! Success rate is 100
percent (5/5), round-trip min/avg/max = 68/69/76
ms
R4#ping 7.1.1.1
with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#area 34 stub
172.34.34.3,
R4#ping 6.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.1.1.1,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 68/69/72 ms
R4#ping 7.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.1.1.1,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 68/70/72 ms
configured as stub.
R3(config)#router ospf 1
R3(config-router)#area 34 stub no-summary
via
172.34.34.3,
via
172.34.34.3,
Whoops.
14.14.14.14
R3(config)#router ospf 1
R3(config-router)#redistribute
subnets
connected
O IA
33.33.33.33 [110/65] via
172.12.123.3, 00:03:11, Serial0
3.0.0.0/32 is subnetted, 1 subnets
O IA
3.3.3.3 [110/65] via 172.12.123.3,
00:03:11, Serial0
172.34.0.0/24 is subnetted, 1 subnets
O IA
172.34.34.0 [110/74] via
172.12.123.3, 00:03:12, Serial0
14.0.0.0/32 is subnetted, 1 subnets
O E2
14.14.14.14 [110/20] via
172.12.123.3, 00:01:48, Serial0
R4(config-router)#area 34 nssa
01:41:20: %OSPF-5-ADJCHG: Process 1, Nbr
4.4.4.4 on Ethernet0 from LOADING to FULL,
Loading Done
defaultinformationoriginate
Origina
Type 7
default
NSSA a
noredistribution
no-summary
No
redistri
into this
NSSA a
Do not
summar
LSA int
NSSA
<cr>
R3(config-router)#area 34 nssa no-summary
01:43:51: %OSPF-5-ADJCHG: Process 1, Nbr
4.4.4.4 on Ethernet0 from FULL to DOWN,
Neighbor Down: Adjacency forced to reset
01:43:53: %OSPF-5-ADJCHG: Process 1, Nbr
4.4.4.4 on Ethernet0 from LOADING to FULL,
Loading Done
O IA - A route to a destination in
another OSPF area. Before making
Area 34 a total stub area, R4 had a
few of these:
R4#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA
1.1.1.1 [110/75] via 172.34.34.3,
00:01:03, Ethernet0
2.0.0.0/32 is subnetted, 1 subnets
O IA
2.2.2.2 [110/75] via 172.34.34.3,
00:01:03, Ethernet0
3.0.0.0/32 is subnetted, 1 subnets
O IA
3.3.3.3 [110/11] via 172.34.34.3,
00:01:03, Ethernet0
172.12.0.0/24 is subnetted, 1 subnets
O IA
172.12.123.0 [110/74] via
172.34.34.3, 00:01:03, Ethernet0
00:33:32, Ethernet0
R1(config-router)#redistribute
rip
subnets
metric-type ?
1 Set OSPF External Type 1 metrics
2 Set OSPF External Type 2 metrics
R1(config-router)#redistribute
metric-type 1
rip
subnets
Routers
These two definitions are simple,
but similar. An OSPF internal
router is a router that has all its
interfaces in a single area. That
area does not have to be Area 0. In
this network, R4 is an internal
router. If we configure a loopback
on R4 and place it in any area other
than Area 4, R4 would no longer be
an internal router.
Backbone routers have at least one
interface in Area 0. Thats the only
requirement. Our OSPF network
contains three backbone routers;
Autonomous
Routers
System
Border
now
configure
route
interface Loopback8
ip address 8.1.1.1 255.0.0.0
!
interface Loopback9
ip address 9.1.1.1 255.0.0.0
!
interface Loopback10
ip address 10.1.1.1 255.0.0.0
!
interface Loopback11
ip address 11.1.1.1 255.0.0.0
R1(config)#router ospf 1
R1(config-router)#network
0.255.255.255 area 1
R1(config-router)#network
0.255.255.255 area 1
R1(config-router)#network
0.255.255.255 area 1
R1(config-router)#network
0.255.255.255 area 1
8.0.0.0
9.0.0.0
10.0.0.0
11.0.0.0
O IA
11.1.1.1 [110/65] via 172.12.123.1,
00:02:24, Serial0
00000000
9.0.0.0
00000000
00001001
00000000 00000000
10.0.0.0 00001010
00000000 00000000
00000000
11.0.0.0
00001011
00000000 00000000
00000000
R2#ping 8.1.1.1
Sending 5, 100-byte ICMP Echos to 8.1.1.1,
R2#ping 9.1.1.1
Sending 5, 100-byte ICMP Echos to 9.1.1.1,
timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 68/69/72 ms
R2#ping 10.1.1.1
Sending 5, 100-byte ICMP Echos to 10.1.1.1,
timeout is 2 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 68/69/72 ms
R2#ping 11.1.1.1
4.0.0.0
00000100
00000000 00000000
00000000
5.0.0.0
00000101
00000000 00000000
00000000
6.0.0.0
00000110
00000000 00000000
00000000
7.0.0.0
00000111
00000000 00000000
00000000
4.0.0.0
loopbacks on R5.
R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA
1.1.1.1 [110/65] via 172.12.123.1,
2d03h, Serial0
33.0.0.0/32 is subnetted, 1 subnets
O IA
33.33.33.33 [110/65] via
172.12.123.3, 2d01h, Serial0
3.0.0.0/32 is subnetted, 1 subnets
O IA
3.3.3.3 [110/65] via 172.12.123.3,
2d03h, Serial0
15.0.0.0/24 is subnetted, 1 subnets
O E2
15.1.1.0 [110/20] via 172.12.123.1,
00:16:07, Serial0
O E1 4.0.0.0/6 [110/84] via 172.12.123.1,
00:00:07, Serial0
O IA 8.0.0.0/6 [110/65] via 172.12.123.1,
00:24:22, Serial0
R2#ping 4.1.1.1
Neighbor
OSPF
adjacencies
can
be
authenticated using either clear-text
(simple) or MD5 (MessageDigest 5). I personally never use
clear-text anything unless an exam
makes me do so, but its a great
ospf
authentication-key
R1#show config
interface Serial0
ip address 172.12.123.1 255.255.255.0
encapsulation frame-relay
ip ospf authentication-key ccnptest
R1(config)#int serial0
R1(config-if)#ip ospf authentication ?
message-digest Use message-digest
authentication
null
Use no authentication
<cr>
R1#
00:25:38: %OSPF-5-ADJCHG: Process 1, Nbr
172.12.123.2 on Serial0 from FULL to DOWN,
Neighbor Down: Dead timer expired
R1#
00:25:58: %OSPF-5-ADJCHG: Process 1, Nbr
172.12.123.3 on Serial0 from FULL to DOWN,
Neighbor Down: Dead timer expired
R1#
R2(config)#interface serial0
R2(config-if)#ip
ospf
authentication-key
ccnptest
R2(config-if)#ip ospf authentication
R3(config)#interface serial0
R3(config-if)#ip
ospf
authentication-key
ccnptest
R3(config-if)#ip ospf authentication
Authentication
The two main reasons
authentication fails:
OSPF
Authentication is configured
on only one neighbor
Password is misspelled
Luckily, these problems are both
easy to spot with debug ip ospf adj.
adj is obviously short for
adjacency, but if I had a nickel
for
every time
I entered
adjacency with this command
Id have a lot of nickels. You have
R3(config-if)#
00:52:44: %OSPF-5-ADJCHG: Process 1, Nbr
172.12.23.2 on Ethernet0 from FULL to
DOWN, Neighbor Down: Dead timer expired
Originate
of stub.
We can use the default-information
originate command to send a
default route from R1 to the spoke
routers. Assuming R1 does not have
a default route in its own table,
well need to use the always option.
Heres what happens if we dont do
so:
R1(config-router)#default-information ?
originate Distribute a default route
R1(config-router)#default-information originate
?
always
Always advertise default route
metric
OSPF default metric
metric-type OSPF metric type for default
routes
route-map
<cr>
Route-map reference
R1(config-router)#default-information originate
R2#show ip route ospf
R2#
via
172.12.123.1,
via
172.12.123.1,
YouTube
Videos
http://www.youtube.com/watch?
v=hGrbyb6p4MI
OSPF ABR 3-Minute Boot Camp:
http://www.youtube.com/watch?
v=cZityXoLmgI
Video Practice Exam: Link State
Protocols
http://www.youtube.com/watch?
v=yTBYdICOHGM
OSPF Over Frame Relay: Practice
BGP
Introduction To BGP
BGP is like nothing youve studied
to this point. BGP is an external
routing protocol used primarily by
Internet Service Providers (ISPs).
Unless you work for an ISP today or
in the future, you may have little or
no prior exposure to BGP.
Understanding BGP is a great
addition to your skill set and you
have to know the basics well to
This
additional
BGP
path
information comes in the form of
attributes, and these path attributes
are contained in the updates sent by
BGP routers. Attributes themselves
are broken up into two classes,
well-known and optional.
BGP also keeps a routing table
separate from the IP routing table.
As with any set of design
requirements,
its
almost
impossible to come up with a strict
set of rules as to when to use and
not to use BGP. Having said that,
here are some general Cisco best
A sample eBGP
(different AS):
configuration
activate
advertise-map
advertisementinterval
Enabl
Addre
for thi
Neigh
specif
map fo
condit
adver
Minim
interv
sendin
routin
Accep
allowas-in
defaultoriginate
description
disableconnectedcheck
distribute-list
with m
presen
Origin
route
neighb
Neigh
specif
descri
One-h
EBGP
using
addre
Filter
to/from
neighb
Allow
ebgp-multihop
filter-list
local-as
maximumprefix
next-hop-self
neighb
direct
conne
netwo
Establ
filters
Speci
as num
Maxim
numbe
accep
peer
Disab
hop ca
for thi
Propa
next-hopunchanged
password
peer-group
prefix-list
remote-as
removeprivate-AS
iBGP
next h
uncha
this ne
Set a p
Memb
peer-g
Filter
to/from
neighb
Speci
neighb
Remo
AS nu
outbou
update
route-map
routereflector-client
sendcommunity
shutdown
softreconfiguration
timers
Apply
to neig
Config
neighb
Route
client
Send C
attribu
neighb
Admin
shut d
neighb
Per ne
soft
reconf
BGP p
translateupdate
unsuppressmap
update-source
version
neighb
Transl
Updat
MBGP
Route
select
unsup
suppre
routes
Sourc
routin
Set the
versio
a neig
Set de
weigh
weight
routes
neighb
R1(config-router)#neighbor 172.12.123.3
% Incomplete command.
R1(config-router)#neighbor
remote-as 200
172.12.123.3
172.12.123.1
and received
Received 5 messages, 0 notifications, 0 in
queue
Sent 5 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Default minimum time between
advertisement runs is 30 seconds
Local host: 172.12.123.3, Local port: 179
R1(config)#int loopback1
R1(config-if)#ip
address
1.1.1.1
255.255.255.255
R1(config-if)#router bgp 100
R1(config-router)#no auto
R1(config-router)#no synch
R1(config-router)#neighbor 3.3.3.3 remote-as
200
R1(config-router)#neighbor
3.3.3.3
ebgpmultihop 2
R1(config-router)#neighbor 3.3.3.3 updatesource loopback1
R3(config)#int loopback1
R3(config-if)#ip
address
255.255.255.255
3.3.3.3
we can get the route from an IGP but dont forget about a simple
default route.
Naturally, those static routes have
to stay there; if theyre removed,
the adjacencies will time out. To
demonstrate, I removed the static
route from R3:
R3(config)#no ip route 1.1.1.1 255.255.255.255
serial1
3.3.3.3
mask
33.33.33.33
All is well!
BGP Path Attributes
There are two classes of BGP Path
Attributes,
well-known
and
optional. To truly understand BGP,
you need to know exactly what
these attributes are and how they
affect BGP.
Well-known discretionary:
local preference, atomic
aggregate
There are also optional attributes,
both transitive and non-transitive.
Optional transitive:
aggregator, community
Optional non-transitive: MED
(multi-exit discriminator)
Those three mandatory attributes
AS_PATH, origin, and next-hop
500
R1(config-router)#neighbor
remote-as 100
R1(config-router)#neighbor
remote-as 300
R1(config-router)#network
255.255.255.255
R2(config)#router bgp 100
R2(config-router)#neighbor
remote-as 100
R2(config-router)#neighbor
remote-as 300
R2(config-router)#neighbor
remote-as 300
R2(config-router)#neighbor
remote-as 400
R2(config-router)#network
255.255.255.255
R3(config)#router bgp 300
172.12.123.2
172.12.123.3
1.1.1.1
mask
172.12.123.1
172.12.123.3
172.12.234.3
172.12.234.4
2.2.2.2
mask
R3(config-router)#neighbor
172.12.123.1
remote-as 100
R3(config-router)#neighbor
172.12.123.2
remote-as 100
R3(config-router)#neighbor
172.12.234.2
remote-as 100
R3(config-router)#neighbor
172.12.234.4
remote-as 400
R3(config-router)#neighbor 172.12.34.4 remoteas 400
R3(config-router)#network
3.3.3.3
mask
255.255.255.255
R4(config)#router bgp 400
R4(config-router)#neighbor
172.12.234.3
remote-as 300
R4(config-router)#neighbor
172.12.234.2
remote-as 100
R4(config-router)#neighbor 172.12.34.3 remoteas 300
R4(config-router)#network
4.4.4.4
mask
255.255.255.255
most of them.
300
172.12.234.3 (inaccessible) from
172.12.123.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid,
internal
R1#show ip bgp 4.4.4.4
BGP routing table entry for 4.4.4.4/32, version 7
Paths: (2 available, best #1, table Default-IPRouting-Table)
Advertised to non peer-group peers:
10.1.1.5 172.12.123.2
300 400
172.12.123.3 from 172.12.123.3 (3.3.3.3)
Origin IGP, localpref 100, valid, external,
best
400
172.12.234.4 (inaccessible) from
172.12.123.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid,
internal
The
show
ip
bgp
<network_number>
command
shows us that the paths with a nexthop IP address on the 172.12.234.0
network are shown as valid, and all
paths involved have a local pref of
100.
Never trust the local prefs you see
in the basic show ip bgp command
if something looks strange run this
more network-specific version of
the command.
Two of the routes cant be used,
though, because R1 has no IP
connectivity to any host on the
172.12.234.0 segment.
R1#ping 172.12.234.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
172.12.234.3, timeout is 2 seconds:
..
Success rate is 0 percent (0/5)
to
R1#ping 172.12.234.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos
172.12.234.4, timeout is 2 seconds:
..
Success rate is 0 percent (0/5)
to
cannot be used.
To get around this rule, we can use
the bgp next-hop-self command on
R2. This will force R2 to announce
itself as the next hop of all paths
advertised
to
the
specified
neighbor, in this case R1.
R2(config)#router bgp 100
R2(config-router)#neighbor 172.12.123.1 nexthop-self
The Multi-Exit
(MED)
Discriminator
If we wanted R2 to use R3 as a
next-hop instead, the most efficient
way to do so is to change the local
preference value, shown as
LocPrf in the BGP table.
When the local preference of a path
is changed, all routers in the AS
will learn about it. Always run
show ip bgp followed by the
network number when you want to
examine local preferences:
Route-Target attributes
R1(config-router)#bgp default local-preference
200
R1(config)#router bgp 12
R1(config-router)#no bgp
preference 200
default
local-
R3(config)#router bgp 34
R3(config-router)#network
255.255.255.0
210.1.1.0
mask
R4(config)#router bgp 34
R4(config-router)#network
255.255.255.0
210.1.1.0
mask
After
clearing
R1s
TCP
connections, R2 now has this BGP
table:
as-path
automatic-tag
Prepend
string fo
BGP AS
attribute
Automa
comput
value
set BGP
comm-list
community
dampening
default
extcommunity
commun
list (for
deletion
BGP
commun
attribute
Set BG
route fl
dampen
parame
Set defa
informa
BGP
extende
commun
attribute
Output
interface
ip
level
localpreference
metric
metric-type
interfac
IP spec
informa
Where
import
BGP lo
prefere
path att
Metric
for
destinat
routing
protoco
Type of
metric f
destinat
origin
tag
weight
routing
protoco
BGP or
code
Tag val
destinat
routing
protoco
BGP w
for rout
table
Third-Party Next-Hop
On occasion, you may see a nexthop address that you dont expect,
particularly in a situation like the
next diagram.
R2:
router bgp 2000
neighbor 100.1.1.1 remote-as 1500
neighbor 100.1.1.3 remote-as 2000
interface Ethernet0
ip address 100.1.1.2 255.255.255.0
R3:
router bgp 2000
network 3.3.3.3 mask 255.255.255.255
neighbor 100.1.1.2 remote-as 2000
interface Ethernet0
ip address 100.1.1.3 255.255.255.0
Wrong! :)
routes.
Adjusting The Weight Attribute
The
R1-R2-R3
network
is
172.12.123.0 /24, and the R2-R3R4 segment is 10.1.1.0 /24. All
final octets are the routers number.
There is no iBGP peering between
R2 and R3. R4 is advertising its
loopback address of 4.4.4.4/32 into
BGP.
All peerings, both iBGP and eBGP,
are shown with dotted lines.
172.12.123.2
172.12.123.3
hop-self
R3(config)#router bgp 123
R3(config-router)#neighbor
172.12.123.1
remote-as 123
R3(config-router)#neighbor 10.1.1.4 remote-as
4
R3(config-router)#neighbor 172.12.123.1 nexthop-self
R4(config)#router bgp 4
R4(config-router)#neighbor 10.1.1.2 remote-as
123
R4(config-router)#neighbor 10.1.1.3 remote-as
123
R4(config-router)#network
4.4.4.4
mask
255.255.255.255
address
Oldest route
Lowest BGP RID
Lowest neighbor IP address (if
theres a tie here, you have a
problem!)
We went all the way down to the
final tiebreaker in this scenario,
because all of the preceding criteria
were the same. If youre in an all-
16.0.0.0
mask
17.0.0.0
mask
18.0.0.0
mask
19.0.0.0
mask
00010000
00010001
00010010
00010011
advertise-
16.0.0.0
Set conditi
map
as-set
attributemap
route-map
summaryonly
to advertise
attribute
Generate A
set path
information
Set attribut
of aggregat
Set
parameters
aggregate
Filter more
specific
routes from
updates
Conditiona
filter more
suppressmap
specific
routes from
updates
Full
Meshes,
Reflectors
and
Route
AS.
3. If the AS is not a transit AS
to begin with.
To do so, simply run the BGP
command no synchronization.
R1(config)#router bgp 100
R1(config-router)#no synchronization
Route Reflectors
BGP route reflectors are the
exception to the BGP Split Horizon
rule. A router configured as a BGP
route reflector can take a route
learned from one iBGP peer and
advertise it to another iBGP peer.
The iBGP peers that will be
sending routes to the route reflector
are referred to as clients. When one
client sends a route to the route
reflector, the RR does just that it
reflects the route to the other
clients.
2.2.2.2
mask
Attribute
BGP Clusters are a combination of
route reflectors and clients that are
sharing information. Note that I said
reflectors, not reflector. There
can be more than one route reflector
in a cluster. When deciding on the
routers that will be the route
reflectors in a cluster, you should
consider
both
the
peering
relationships in place (and the ones
that would need to be added to
make the route reflector work) and
the impact on router resources that
being an RR creates.
peers.
Updates from nonclient peers
are sent to all clients in the
cluster.
Prefix Lists
Once youve got the basic BGP
configuration up and running, its
time to fine-tune the routes being
advertised
or maybe the routes you dont
want advertised.
5.5.5.5/32.
interface Loopback16
ip address 16.1.1.1 255.0.0.0
!
interface Loopback17
ip address 17.1.1.1 255.0.0.0
!
interface Loopback18
ip address 18.1.1.1 255.0.0.0
!
interface Loopback19
ip address 19.1.1.1 255.0.0.0
!
R5(config)#router bgp 5
R5(config-router)#network
255.255.255.255
R5(config-router)#network
255.0.0.0
R5(config-router)#network
5.5.5.5
mask
16.0.0.0
mask
17.0.0.0
mask
255.0.0.0
R5(config-router)#network
255.0.0.0
R5(config-router)#network
255.0.0.0
18.0.0.0
mask
19.0.0.0
mask
and R3.
NO16THROUGH19
NO16THROUGH19
NO16THROUGH19
NO16THROUGH19
NO16THROUGH19
to.
Now to apply this prefix list to the
neighbors R2 and R3.
R1(config)#router bgp 123
R1(config-router)#neighbor 172.12.123.2 prefixlist NO16THROUGH19 out
R1(config-router)#neighbor 172.12.123.3 prefixlist NO16THROUGH19 out
R1#show ip prefix-list
ip prefix-list NO16THROUGH19: 6 entries
seq 2 permit 16.1.0.0/16
seq 5 deny 16.0.0.0/8
seq 10 deny 17.0.0.0/8
seq 15 deny 18.0.0.0/8
seq 20 deny 19.0.0.0/8
seq 25 permit 0.0.0.0/0 le 32
In
other
words,
a
BGP
Confederation is a logical grouping
of logical groups.
Yeah, I know. It makes more sense
when you see a picture
The internal AS numbers are not
known to any BGP speaker outside
the Confederation. Using BGP
Confederations also limits the
number of iBGP peer connections just as with route reflectors, a full
mesh is not needed. In the following
example, R9 is totally unaware that
there is a confederation, and knows
only of the existence of AS 321. R9
Communities
BGP communities allow us to tag a
route or group of routes with a
common value that will follow it
throughout the rest of the network.
(A good way to remember this is
the simple phrase Communities
equal consistency.) Communities
are transitive optional attributes.
Some common community values:
NO-EXPORT: Marking a route with
this community attribute prevents it
from being advertised to an eBGP
peer.
NO-ADVERTISE:
Taking
the
previous community one step
further, this community attribute
prevents the route from being
advertised to ANY other router.
The available communities change
often, with new ones added, so I
recommend you check Ciscos
website
for
the
available
communities for your IOS. Youll
have to master them to become a
CCIE.
Internet Connections And BGP
the
TCP
connection
is
command.
R1(config)#router bgp 1235
R1(config-router)#bgp ?
alwayscompare-med
bestpath
client-toclient
Allow
compar
MED fr
differen
neighbo
Change
default
bestpat
selectio
Configu
client to
client r
reflecti
cluster-id
confederation
dampening
default
deterministicmed
Configu
RouteReflect
Cluster
AS
confede
parame
Enable
flap
dampen
Configu
BGP de
Pick the
MED p
among
adverti
the
fast-externalfallover
log-neighborchanges
redistributeinternal
neighbo
AS
Immedi
reset se
if a link
direct
connec
externa
goes do
Log nei
up/dow
reset re
Allow
redistri
of iBGP
IGPs
(danger
router-id
scan-time
Overri
configu
router
identifi
Configu
backgro
scanner
interva
R1(config-router)#bgp router-id ?
A.B.C.D Manually configured router
identifier
R1(config-router)#bgp router-id 11.11.11.11
R1(config-router)#^Z
R1#show ipbgp
19:50:28: %BGP-5-ADJCHANGE: neighbor
15.1.1.5 Down Router ID changed
19:50:28: %BGP-5-ADJCHANGE: neighbor
absolutely necessary.
R1#clear ip bgp * ?
in
ipv4
out
soft
vpnv4
Soft reconfig
inbound
update
Address
family
Soft reconfig
outbound
update
Soft reconfig
Address
family
<cr>
Running the soft option shown
above is the same as running out -both result in a soft outbound reset.
Now if youre like me - and I mean
no insult by that - youd wonder
why the soft option by itself
doesnt perform both an inbound
and outbound update.
Simply put, the outbound update is
easy on the router memory, and the
inbound update is a memory hog.
The soft inbound reset is fine for
updating the BGP tables without
tearing the adjacencies down, but
its still a bit of a memory hog.
in
ipv4
out
soft
Soft reconfig
inbound
update
Address
family
Soft reconfig
outbound
update
Soft reconfig
vpnv4
Address
family
<cr>
R1#clear ip bgp * in ?
<cr>
A.B.C.D
BGP
neighbor
address
BGP
dampening
events
in
keepalives
out
updates
vpnv4
dampening
BGP
events
BGP
Inbound
informatio
BGP
keepalives
BGP
Outbound
informatio
BGP
updates
VPNv4
NLRI
informatio
<cr>
R1#debug ip bgp keepalives
BGP keepalives debugging is on
R1#
20:30:48:
BGP:
172.12.123.3
sending
KEEPALIVE (io)
20:30:48: BGP: 172.12.123.3 KEEPALIVE rcvd
20:30:49:
BGP:
172.12.123.2
sending
KEEPALIVE (io)
R1#debug ip bgp events
BGP events debugging is on
R1#
20:32:34: %BGP-5-ADJCHANGE: neighbor
172.12.123.3 Down User reset
R1#
20:32:42: BGP: Import timer expired. Walking
from 1 to 1
R1#u all
All possible debugging has been turned off
BGP
route
http://www.youtube.com/watch?
v=6d1P3GWLo_w
Configuring and
troubleshooting
Just click this link for a free hourlong preview AND $10 off the
already low price!
http://bit.ly/A7pLBu
Available for immediate download
and on DVD!
VPN Terminology
Before we get to a more specific
discussion of VPNs, there are some
general terms you should know.
Well review the terms from the
beginning of this section as well.
Data Confidentiality means that
only the devices that should see the
data in an unencrypted form will
see the data that way. Generally,
this is achieved by one endpoint
encrypting the data and sending it
across the link in that fashion, with
the second endpoint unencrypting
the data.
http://en.wikipedia.org/wiki/Advance
Key Encryption Schemes
Symmetric encryption is an
algorithm where the key that is used
for encryption is also used for
decryption. Symmetric encryption is
sometimes called secret key
encryption.
Variations of symmetric encryption
include stream algorithms, where
one
bit
or
byte
is
encrypted/decrypted at a time, and
block algorithms, where blocks of
data are encrypted/decrypted as a
whole. These data blocks are
usually 64 bits in size. Both DES
and
3DES
use
symmetric
encryption.
The drawback to symmetric
encryption is that the key is used for
two purposes, making it that much
easier for an intruder to discover
the key.
In contrast, asymmetric encryption
involves two keys for both the
sender and receiver. This public
key encryption scheme involves a
public and private key for each
user. Before starting the actual
encryption process, the public key
should be certified by a third party
called a Certificate Authority (CA).
If Dan has a public key, the CA
will make sure Dan is who he says
he is, and the CA will then issue a
digital certificate saying just that.
The digital certificate is a
Defined
in
RFC
2402,
Authentication Header (AH) offers
solid security -- it provides data
origin authentication as well as
offering
optional
anti-replay
data integrity
anti-replay
(optional)
AH
does
not
confidentiality.
protection
offer
data
The
Encapsulating
Security
Payload (ESP) does just that - as
you can see from the IPSec packet
illustration, there is an ESP Header
and ESP Trailer surrounding, or
encapsulating, the data. ESP offers
all of the following:
data origin authentication
anti-replay protection
data confidentiality
Comparing AH and ESP, you might
be wondering why youd ever
choose AH over ESP. Here are a
few things to consider:
ESP is more processorintensive than AH. If your data
does not require data
confidentiality, AH may meet
all your requirements.
ESP requires strong
cryptography, which isnt
negotiation)
Data Transfer
Tunnel Termination
IPSec doesnt just start working by
itself - it requires interesting
traffic to be sent by a host. This
interesting traffic initializes the
IPSec process. A crypto access-list
will define interesting traffic for
our VPN. Well configure one later
in this section.
The
initiator
and
recipient
authenticate each other in the third
exchange of Phase I, using an
encrypted form of their IP
addresses. The IKE SA is then
established and Phase II can begin.
number of seconds.
But what if traffic is flowing
through the tunnel at the same time
the tunnels supposed to be torn
down? No fear - a new Security
Association can be agreed upon
while the existing one is still in
place.
Creating An IKE Policy
Before configuring the IKE policy,
make sure ISAKMP is enabled with
the
crypto
isakmp
enable
command. Its supposed to be on by
Global IKE
policy
Default
protection
suite
encryption
algorithm:
DES -
Data Encryption
Standard (56 bit
keys).
hash
algorithm:
authentication
method:
DiffieHellman
group:
lifetime:
Secure Hash
Standard
Rivest-ShamirAdleman Signature
#1 (768 bit)
86400 seconds, no
volume limit
preshare
rsaencr
rsasig
Pre-Shared
Key
RivestShamirAdleman
Encryption
RivestShamirAdleman
Signature
R1(config-isakmp)#authentication pre-share
3des
aes
des
Three key
triple DES
AES Advanced
Encryption
Standard.
ES - Data
Encryption
Standard (56
bit keys).
R1(config-isakmp)#encryption 3des
1
2
5
Diffie-Hellman
group 1
Diffie-Hellman
group 2
Diffie-Hellman
group 5
R1(config-isakmp)#group
R1(config-isakmp)#hash ?
md5 Message Digest 5
sha Secure Hash Standard
R1(config-isakmp)#hash md5
R3(config-isakmp)#authentication pre-share
R3(config-isakmp)#encryption 3des
the
syntax
with
this
R3#
The
IPSec
IPSec SA Lifetimes
The default lifetime of an IPSec SA
is 1 hour, but IOS Help reveals that
the command that changes this value
on a global basis sets the IPSec SA
transmitted.
If inbound Crypto ACLs are
configured, unprotected traffic that
matches the ACL is dropped simply because its unprotected.
The trickiest part of writing Crypto
ACLs for IPSec peers is making
sure theyre symmetrical rather than
identical.
Lets use the following network to
show you what I mean.
<165535>
client
Sequence to
insert into
crypto map
entry
Specify
client
configuration
settings
isakmp
isakmpprofile
localaddress
Specify
isakmp
configuration
settings
Specify
isakmp
profile to
use
Interface to
use for local
address for
this crypto
map
ipsecisakmp
IPSEC
w/ISAKMP
ipsecmanual
IPSEC
w/manual
keying
<cr>
R3(config)#crypto map CCNP 100 ipsec-isakmp
?
dynamic
profile
<cr>
Enable
dynamic
crypto map
support
Enable
crypto map
as a
cryptoprofile
IPSEC(validate_proposal_request):
proposal part #1,
(key eng. msg.) INBOUND local=
172.12.12.3, remote= 172.12.12.1,
protocol= AH, transform= ah-md5-hmac
(Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0,
flags= 0x2
*Jun 6 23:51:17.583: Crypto mapdb :
proxy_match
src addr : 172.12.12.3
dst addr : 172.12.12.1
protocol : 0
src port
: 0
dst port
: 0
*Jun 6 23:51:17.591: IPSEC(key_engine): got a
queue event with 2 kei messages
*Jun 6 23:51:17.591: IPSEC(initialize_sas):,
(key eng. msg.) INBOUND local=
172.12.12.3, remote= 172.12.12.1,
protocol= AH, transform= ah-md5-hmac
(Tunnel),
172.12.12.1
*Jun 6 23:51:17.595: IPSec: Flow_switching
Allocated flow for sibling 80000002
*Jun
6
23:51:17.595:
IPSEC(policy_db_add_ident): src 172.12.12.3,
dest 172.12.
12.1, dest_port 0
*Jun 6 23:51:17.599: IPSEC(create_sa): sa
created,
(sa) sa_dest= 172.12.12.3, sa_proto= 51,
sa_sp
i= 0x91791CF(152539599),
sa_trans= ah-md5-hmac, sa_conn_id=
2001
*Jun 6 23:51:17.599: IPSEC(create_sa): sa
created,
(sa) sa_dest= 172.12.12.1, sa_proto= 51,
sa_spi= 0x945FCBB6(2489306038),
sa_trans= ah-md5-hmac, sa_conn_id=
2002
172.12.123.1,
*Jun 7 00:50:10.090: IPSec: Flow_switching
Deallocated flow for sibling 8000000
weve chosen.
consists
of
the
Xauth
Authentication)
(Extended
began.
This screen has buttons on the lefthand side as well. Naturally, well
select VPN Status.
international
telecommunications standard
that permits the addition of
high-speed data transfer to an
existing Cable TV (CATV)
system. It is employed by many
cable television operators to
provide Internet access over
their existing hybrid fiber
coaxial (HFC) infrastructure.
By using the specific bandwidths
outlined by DOCSIS, the same
cable can be used to deliver cable
television service, transmit data to
the client, and receive data from the
client simultaneously.
Our friends at the cable company
use one of three sets of modulation
standards:
National Television Standards
Committee (NTSC) is used in
primarily in North American
and Japan.
Phase Alternating Line (PAL)
is
used,
well,
almost
everywhere else.
Sequential Color Memory
(SECAM) is used primarily in
France, Africa, and Eastern
Europe.
One step up from the cable modem,
we have Digital Subscriber Line,
or DSL. DSL uses a preexisting
phone line for broadband delivery.
There are several different kinds of
DSL, though
Asymmetrical DSL (ADSL) works
under the assumption that the user
will download more information
than they send, and for the average
Internet user, thats a safe
assumption. The connection speed
from the provider to the user is
going to be 3 - 4 times faster than
Advantages:
Easy to set up, install, and
configure
Offers multiprotocol support
Excellent for
single-user
environments
Disadvantages:
Uses a lot of broadcasts,
which can quickly use most or
all available bandwidth.
Not a scalable solution.
Wide open to intruder attacks,
including ARP spoofing, IP
address
hijacking,
broadcast attacks
and
Ethernet interface
DSLAM (Ethernet 0)
facing
the
int e0
no ip address
pppoe enable
pppoe-client dial-pool-number 1
/24,
with all
other
addresses on the
network available.
210.1.1.0/24
210.1.1.4
Dynamic NAT
Static NAT is fine for a few hosts,
but consider a private network with
150 hosts. It would be an
administrative
nightmare
to
permit
10.5.5.0
R3#conf t
R3(config)#interface ethernet0
R3(config-if)#ip nat inside
R3(config-if)#interface serial0
R3(config-if)#ip nat outside
R3#conf t
R3(config)#ip nat inside source list 1 pool
NATPOOL
-- Inside Source
access-list 1 pool NATPOOL refcount 0
pool NATPOOL: netmask 255.255.255.0
start 200.1.1.2 end 200.1.1.5
type generic, total addresses
allocated 0 (0%), misses 0
4,
IP Version 6
us by IPv6:
Those dreaded broadcasts
were always trying to limit
are a thing of the past - IPv6
doesnt use them.
NAT was developed to help
with the IPv4 address
shortage, and since that will
also be a thing of the past, so
will NAT. (NAT is not a thing
of the past when it comes to
your CCNP ROUTE exam.)
IPv6 was specifically
http://www.cisco.com/web/about/ac1
3/93_ipv6_fig1_lg.jpg
There are eight header fields in
IPv6:
version - This is set to 6 in
IPv6. But you knew that. :)
traffic class - In IPv4, this
was the Type Of Service
(TOS) field. The traffic
class name comes from this
fields ability to allow us to
assign levels of importance to
a packet via QoS.
Header Length
Identification
Flags
Fragment Offset
Header Checksum
The IPv6 Address Format
Typical
IPv4
129.14.12.200
address:
Typical
IPv6
address:
1029:9183:81AE:0000:0000:0AC1:2
IPv6 isnt exactly just tacking two
more octets onto an IPv4 address!
With IPv6, our non-compressed
address has eight sections of four
hex values, separated by a total of
seven colons.
Luckily for us, there are easy ways
to compress these addresses so we
dont have to enter so many
numbers -- and I have a feeling your
ability
to
perform
these
compressions will be a highly
Original
format:
1234:1234:0000:0000:0000:0000:34
Using
zero
compression:
1234:1234::3456:3434
Leading zeroes in any 16-bit field
can be dropped, but each block you
do this with must have at least one
number remaining. If the block is all
zeroes, you have to leave one zero.
1234:0000:1234:0000:1234:0000
We have four different fields with
leading zeroes, making this address
a prime candidate for leading zero
compression.
Original format:
1234:0000:1234:0000:1234:0000
With leading zero compression:
1234:0:1234:0:1234:0:123:1234
Were allowed to use both zero
compression and leading zero
compression in a single address,
and the frequency rules discussed
earlier apply. Using both methods,
we can take this address.
1111:0000:0000:1234:0011:0022
.. and compress it to this:
1111::1234:11:22:33:44
Zero compression uses the doublecolon to replace the second and
third block of numbers, which were
all
zeroes;
leading
zero
compression replaced the 00 at
the beginning of each of the last four
blocks.
Just be careful and take your time
with both zero compression and
leading zero compression and
youll do well on the exam and in
the real world. The key to success
here is remembering that you can
only use zero compression once in a
single address.
Tipoffs that youre looking at an
invalid IPv6 address include seeing
four colons in a row
1111::::2222:3333:4444:5555
or spotting consecutive colons at
multiple points in that same
address.
1111::2222::4444:5555
The key to success with IPv6
compression: practice.
Identifying An Interface In IPv6
00000010
giving us a final interface
identifier of 02-01-02-FF-FE-AABB-CC.
The 8th bit is generally called the g
bit, g standing for group, but
youll occasionally see it called the
i/g bit for individual/group. If this
bit is set to zero, its a unicast
address; if set to one, its a
multicast address.
IPv6 Address Types
You know the drill with IPv4
address types:
Unicast - represents a single
host
Multicast - represents a group
of hosts
Broadcasts - represents all
hosts
We still have unicasts and
multicasts with IPv6, but broadcasts
are gone and now we have anycasts
- an address that represents multiple
interfaces.
Additionally, we have different
types of unicast addresses.
The official name of the first IPv6
unicast address well discuss is
aggregateable global unicast
address.
Quite
a
bit
of
documentation on IPv6 leaves the
aggregateable off, so well refer
to these addresses simply as global
unicast addresses.
This address is equivalent to the
public IPv4 address classes. These
addresses are fully routable and can
(FE80)
::x.x.x.x or
0:0:0:0:0:0:x.x.x.x - IPv4compatible address. Any IPv6
address with the first 96 bits
set to zero is an IPv4compatible address. I used
zero compression in the first
representation of that range,
and leading zero compression
for the second.
Reserved IPv6 Addresses
IPv4 has the reserved address
IP
v6
Loopback:
0000:0000:0000:0000:0000:0000:0
Using Leading Zero Compression
Only: 0:0:0:0:0:0:0:1
Combining Leading Zero and Zero
Compression: ::1
Zero compression looks pretty good
now, doesnt it?
Unique to IPv6 is the unspecified
address. You may be thinking if
IPv6
Unspecified
Address:
0000:0000:0000:0000:0000:0000:00
Using
Zero
Compression:
0:0:0:0:0:0:0:0, or just ::/128.
Since the unspecified address is
::/128, it follows that the default
route for IPv6 is ::/0.
IPv4 - IPv6 Compatible Addresses
To
double-colon
Convert:
is
zero
http://www.iana.org/assignments/ipv
multicast-addresses/ipv6-multicastaddresses.xml
Autoconfiguration
Multiprotocol BGP V4
(MPBGPVer4 or simply
MPBGP)
Before we start with any of these,
we need to enable a Cisco routers
IPv6 routing capabilities with ipv6
unicast-routing.
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 cef
R1(config)#ipv6 router ospf 1
R1(config-rtr)#
R2(config)#ipv6 unicast-routing
R2(config)#ipv6 cef
R2(config)#ipv6 router ospf 1
R2(config-rtr)#
<1-65535>
Process
Enable
authentication
authenti
cost
Interfac
Filter O
LSA du
synchro
and floo
Interval
which a
neighbo
declare
OSPF d
circuit
OSPF F
Reducti
Time be
HELLO
databasefilter
dead-interval
demandcircuit
floodreduction
hello-interval
mtu-ignore
neighbor
network
priority
retransmitinterval
transmitdelay
packets
Ignores
MTU in
packets
OSPF n
Networ
Router
Time be
retransm
lost link
adverti
Link sta
transmi
address FE80::20F:F7FF:FE69:8D21
Backup Designated router (ID) 1.1.1.1,
local address
FE80::20A:41FF:FE64:31C2
Timer intervals configured, Hello 10, Dead
40, Wait 40, Retransmit 5
Hello due in 00:00:08
Index 1/1/1, flood queue length 0 Next
0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 4
Last flood scan time is 0 msec, maximum is
0 msec
Neighbor Count is 1, Adjacent neighbor
count is 1
Adjacent with neighbor 1.1.1.1 (Backup
Designated Router)
Suppress hello for 0 neighbor(s)
R2#show ipv6 ospf database
OSPFv3 Router with ID (2.2.2.2)
(Process ID 1)
[administratively
Serial0/0
[administratively
down/down]
unassigned
FastEthernet0/1
[up/up]
FE80::20F:F7FF:FE69:8D21
5DDE:EEEE:1::1
Serial0/1
[administratively
down/down]
unassigned
hex value is DC
200 = 12 units of 16, 8 units of 1 =
hex value is C8
18 = 1 unit of 16, 2 units of 1 = hex
value is 12
42 = 2 units of 16, 10 units of 1 =
hex value is 2A
The IPv6 address for the tunnel
interface is 2002:DCC8:122A::/48.
R1(config)#int fast 0/1
R1(config-if)#ip
address
255.255.255.0
R1(config-if)#int tunnel0
220.200.18.42
R1(config-if)#ipv6
2002:DCC8:122A::/48
address
Route Redistribution
IGRP automatically
redistributes with EIGRP
when both run the same AS
number.
EIGRP for AppleTalk
automatically redistributes
between EIGRP and RTMP
(Routing Table Management
Protocol, an AppleTalk routing
protocol).
EIGRP for IPX will
automatically redistribute
between IPX for RIP
(Internetwork Packet
Exchange, a networking
protocol used by Novell
NetWare).
Lets look at a much more common
scenario - where we have multiple
EIGRP instances running on a single
router (a border router).
In the following lab, R1 is running
two EIGRP instances with the AS
numbers 50 and 100. R2 is the
neighbor in AS 100, R3 in AS 50.
Both routers are advertising their
loopback via EIGRP.
here.
While
the
command
redistribute static is a complete
command, its not enough to do the
job when redistributing routes into
RIP - we need to plant a seed.
Seed metric, that is.
RIPs sole metric is hop count. If
we redistribute an OSPF route into
RIP that has a cost of 74 - a
common OSPF metric - RIP doesnt
want anything to do with that route,
since RIP considers a metric of 16
to be unreachable.
R1#show ip route
< code table removed for clarity >
20.0.0.0/24 is subnetted, 1 subnets
C
20.1.1.0 is directly connected, Serial0
172.12.0.0/24 is subnetted, 2 subnets
O
172.12.34.0 [110/74] via 172.12.13.3,
00:00:12, Serial1
C
172.12.13.0 is directly connected,
Serial1
R1(config)#router rip
R1(config-router)#redistribute ospf 1
R1(config-router)#redistribute connected
R2#
00:13:39: RIP: sending request on Serial0 to
224.0.0.9
00:13:39: RIP: received v2 update from 20.1.1.1
on Serial0
00:13:39:
20.1.1.0/24 via 0.0.0.0 in 1 hops
R1(config)#router rip
R1(config-router)#no redistribute ospf 1
R1(config-router)#no redistribute connected
R1(config-router)#redistribute
ospf
1
metric 2
R1(config-router)#redistribute connected
metric 2
R2#clear ip route *
R2#show ip route rip
172.12.0.0/24 is subnetted, 2 subnets
R
172.12.34.0 [120/2] via 20.1.1.1,
00:00:02, Serial0
R
172.12.13.0 [120/2] via 20.1.1.1,
00:00:02, Serial0
R2#ping 172.12.34.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.34.3,
timeout is 2 seconds:
..
Success rate is 0 percent (0/5)
R2#
R2#ping 172.12.34.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.34.3,
timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 96/99/100 ms
looking at
examples.
several
hands-on
metric
Metric for
redistributed
routes
OSPF/IS-IS
exterior
metrictype
routemap
subnets
tag
metric type
for
redistributed
routes
Route map
reference
Consider
subnets for
redistribution
into OSPF
Set tag for
routes
redistributed
into OSPF
<cr>
R2(config-router)#redistribute eigrp 100 metric
?
<0-16777214> OSPF default metric
R2(config-router)#redistribute eigrp 100 metric
40
% Only classful networks will be
redistributed
R2(config-router)#redistribute eigrp 100 metric
40 subnets
Keyword: eventually
/32,
The
BR
has
the
route
and
11
msec
12
msec
13
14
msec
15
msec
16
msec
17
msec
18
msec
19
msec
20
msec
21
msec
22
msec
23
msec
24
msec
25
msec
26
msec
27
msec
28
msec
29
msec
30
msec
There is no one-size-fits-all
solution
for
routing
loop
prevention. The solution you use
depends on your network topology,
where the routing loop is taking
place,
and
the
preexisting
configuration.
Having said that, were going to
take a look at some routing loop
prevention mechanisms that not only
will Cisco expect you to know to
become a CCNP, but you should
know about each of them in order to
use the proper strategy for your
particular network.
And
Adjusting A
Administrative
to use.
ADs are used only when there is no
longest match in the routing table.
If a router has two routes to the
same destination that have exactly
the same prefix length, theres got to
be a tiebreaker, and AD is that
tiebreaker.
AD is much like split horizon most of the time it does just what
you want it to do, but under certain
circumstances, youve got to make
some changes.
You cant disable AD the way you
Process:
Miniaturization!
(Okay, well use route
redistribution instead.)
As always, our first step is to make
sure our border router has the
routes to be redistributed:
The first step is to make sure R3
sees the RIP route .
R3#show ip route rip
connected
R2s
routing
redistribution:
table
before
R2s
routing
redistribution:
table
after
R2#traceroute 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.1.1
1 30.1.1.3 8 msec 4 msec 20 msec
2 172.12.123.1 36 msec * 36 msec
D
3.3.3.3 [90/409600] via 172.12.23.3,
00:00:28, Ethernet0
4.0.0.0/32 is subnetted, 1 subnets
D
4.4.4.4 [90/409600] via 172.12.23.3,
00:00:28, Ethernet0
5.0.0.0/32 is subnetted, 1 subnets
D
5.5.5.5 [90/409600] via 172.12.23.3,
00:00:28, Ethernet0
180
0.0.0.0
255.255.255.255 ?
<1-99>
<13001999>
WORD
R2(config-router)#distance
255.255.255.255 5
IP Standard
access list
number
IP Standard
expanded
access list
number
Standard
access-list
name
180
0.0.0.0
Originate
R1(config-router)#default-information ?
originate Distribute a default route
R1(config-router)#default-information originate
?
always
metric
metrictype
route-
Always
advertise
default
route
OSPF
default
metric
OSPF
metric type
for default
routes
Route-map
map
<cr>
reference
R1(config-router)#default-information originate
R2#show ip route ospf
R2#
via
172.12.123.1,
via
172.12.123.1,
R2#show ip route
< code table deleted for clarity >
Gateway of last resort is 172.12.123.1 to
network 0.0.0.0
172.12.0.0/24 is subnetted, 1 subnets
C
172.12.123.0 is directly connected,
Serial0
30.0.0.0/24 is subnetted, 1 subnets
C
30.1.1.0 is directly connected,
Ethernet0
R* 0.0.0.0/0 [120/1] via 172.12.123.1,
00:00:25, Serial0
Border
bgp
connected
egp
eigrp
igrp
Gateway
Protocol
(BGP)
Connected
Exterior
Gateway
Protocol
(EGP)
Enhanced
Interior
Gateway
Routing
Protocol
(EIGRP)
Interior
Gateway
Routing
isis
iso-igrp
metric
mobile
odr
ospf
Protocol
(IGRP)
ISO IS-IS
IGRP for
OSI
networks
Metric for
redistribute
routes
Mobile
routes
On Demand
stub Routes
Open
Shortest
Path First
rip
routemap
static
(OSPF)
Routing
Information
Protocol
(RIP)
Route map
reference
Static
routes
<cr>
R1(config-router)#redistribute static metric 1
EIGRP Redistribution
Well keep RIP for the protocol
means defining
settings.
five
different
R
10.1.1.0 [120/1] via 172.12.123.1,
00:00:01, Serial0
R2#show ip route eigrp
R2# (No EIGRP routes to show)
After redistribution:
R2#show ip route rip
10.0.0.0/24 is subnetted, 1 subnets
R
10.1.1.0 [120/1] via 172.12.123.1,
00:00:01, Serial0
R2#show ip route eigrp
R2# (No EIGRP routes to show)
R2(config-router)#distance eigrp ?
<1-255> Distance for internal routes
R2(config-router)#distance eigrp 90 ?
<1-255> Distance for external routes
R2(config-router)#distance eigrp 90 119
With
When
configuring
route
redistribution or changing default
values, you need to run show ip
protocols to make sure you are
getting the results you thought
youd be getting.
Passive Interfaces
Passive interfaces can be a big help
in controlling routing updates and
or/
routing
control
traffic,
depending on which protocol
youre dealing with:
RIP: Passive interfaces do not send
routing updates, but will accept
them. RIP adjacencies arent
affected by passive interfaces since
RIP doesnt have adjacencies in the
first place.
In the following example, R1s
Ethernet0 interface has been
configured as passive. R1s
loopback 10.1.1.1 /24 is advertised
into RIP. The R1-R2-R3 network is
our usual Frame Relay network,
172.12.123.0 /24.
R1s config:
router rip
version 2
passive-interface Ethernet0
network 10.0.0.0
network 30.0.0.0
network 172.12.0.0
no auto-summary
you
perform
route
Ethernet0
8.0.0.0/24 is subnetted, 1 subnets
R
8.1.1.0 [120/1] via 30.1.1.5, 00:00:09,
Ethernet0
9.0.0.0/24 is subnetted, 1 subnets
R
9.1.1.0 [120/1] via 30.1.1.5, 00:00:09,
Ethernet0
10.0.0.0/24 is subnetted, 1 subnets
R
10.1.1.0 [120/1] via 30.1.1.5,
00:00:09, Ethernet0
If we perform redistribution as we
have throughout this section, the
OSPF routers would see all of
those routes - as shown here.
R1(config)#router ospf 1
R1(config-router)#redistribute rip subnets
R1(config-router)#redistribute
connected
subnets
config
R1(config-router)#distribute-list 17 out serial0
% Interface not allowed with OUT for OSPF
Doh!
Filtering routes with OSPF is just a
little tricky, since were not
filtering routes per se as we would
with RIP or EIGRP. We deal with
LSAs in link state protocols, and
we cant start filtering LSAs or our
OSPF databases in an area wont
be synched.
Lets try specifying a protocol there
instead of an interface.
00:02:04, Serial0
R3#show ip route ospf
5.0.0.0/24 is subnetted, 1 subnets
O E2
5.1.1.0 [110/20] via 172.12.123.1,
00:12:17, Serial0
6.0.0.0/24 is subnetted, 1 subnets
O E2
6.1.1.0 [110/20] via 172.12.123.1,
00:12:17, Serial0
7.0.0.0/24 is subnetted, 1 subnets
O E2
7.1.1.0 [110/20] via 172.12.123.1,
00:12:17, Serial0
10.0.0.0/24 is subnetted, 1 subnets
O E2
10.1.1.0 [110/20] via 172.12.123.1,
00:12:17, Serial0
30.0.0.0/24 is subnetted, 1 subnets
O E2
30.1.1.0 [110/20] via 172.12.123.1,
00:12:17, Serial0
Success!
in
out
Filter incoming
routing updates
Filter outgoing
routing updates
R1(config-router)#distribute-list 17 in ?
BRI
ISDN
Basic
Rate
Interface
Ethernet
Loopback
Null
Serial
<cr>
IEEE
802.3
Loopback
interface
Null
interface
Serial
R1(config-router)#distribute-list 17 in ethernet0
R
5.1.1.0 [120/1] via 30.1.1.5, 00:00:00,
Ethernet0
6.0.0.0/24 is subnetted, 1 subnets
R
6.1.1.0 [120/1] via 30.1.1.5, 00:00:00,
Ethernet0
7.0.0.0/24 is subnetted, 1 subnets
R
7.1.1.0 [120/1] via 30.1.1.5, 00:00:00,
Ethernet0
10.0.0.0/24 is subnetted, 1 subnets
R
10.1.1.0 [120/1] via 30.1.1.5,
00:00:00, Ethernet0
And on R5:
R5#show ip route eigrp
2.0.0.0/24 is subnetted, 1 subnets
D
2.2.2.0 [90/2323456] via 30.1.1.1,
00:00:15, Ethernet0
172.12.0.0/24 is subnetted, 1 subnets
D
172.12.123.0 [90/2195456] via
30.1.1.1, 00:01:29, Ethernet0
22.0.0.0/24 is subnetted, 1 subnets
D
22.2.2.0 [90/2323456] via 30.1.1.1,
00:00:10, Ethernet0
explicitly:
R1(config)#access-list 25 deny any
We apply it to the EIGRP process:
R1(config)#router eigrp 100
R1(config-router)#distribute-list 25 ?
in
out
Filter incoming
routing updates
Filter outgoing
routing updates
R1(config-router)#distribute-list 25 out ?
BRI
ISDN
Basic Rate
Interface
IEEE
Ethernet
Loopback
Null
Serial
bgp
connected
egp
802.3
Loopback
interface
Null
interface
Serial
Border
Gateway
Protocol
(BGP)
Connected
Exterior
Gateway
Protocol
(EGP)
Enhanced
eigrp
igrp
ospf
rip
Interior
Gateway
Routing
Protocol
(EIGRP)
Interior
Gateway
Routing
Protocol
(IGRP)
Open
Shortest
Path First
(OSPF)
Routing
Information
Protocol
static
(RIP)
Static
routes
<cr>
R1(config-router)#distribute-list 25 out ethernet0
And we go to R5
R5#show ip route eigrp
2.0.0.0/24 is subnetted, 1 subnets
D
2.2.2.0 [90/2323456] via 30.1.1.1,
00:11:36, Ethernet0
172.12.0.0/24 is subnetted, 1 subnets
D
172.12.123.0 [90/2195456] via
30.1.1.1, 00:12:50, Ethernet0
22.0.0.0/24 is subnetted, 1 subnets
D
22.2.2.0 [90/2323456] via 30.1.1.1,
00:11:31, Ethernet0
R5#
from R2.
R1#show ip route rip
2.0.0.0/24 is subnetted, 1 subnets
R
2.2.2.0 [120/1] via 172.12.123.2,
00:00:52, Serial0
22.0.0.0/24 is subnetted, 1 subnets
R
22.2.2.0 [120/1] via 172.12.123.2,
00:00:52, Serial0
30.1.1.0
in
out
Filter incoming
routing updates
Filter outgoing
routing updates
R1(config-router)#distribute-list 33 out ?
BRI
Ethernet
Null
Serial
bgp
connected
egp
ISDN
Basic Rate
Interface
IEEE
802.3
Null
interface
Serial
Border
Gateway
Protocol
(BGP)
Connected
Exterior
Gateway
eigrp
igrp
ospf
Protocol
(EGP)
Enhanced
Interior
Gateway
Routing
Protocol
(EIGRP)
Interior
Gateway
Routing
Protocol
(IGRP)
Open
Shortest
Path First
rip
static
(OSPF)
Routing
Information
Protocol
(RIP)
Static
routes
<cr>
R1(config-router)#distribute-list 33 out
redistributed.
Sometimes well want to set
different metrics for different
routes, and maybe even change an
OSPF external route type or two and well do that with route maps.
Lets take a look at the mechanics of
route map operation, and then well
apply route maps to our
redistribution labs.
Route maps are somewhat similar
to access-lists. They both come to a
basic decision of permit or
deny. Route lists give us
Sequence
to insert
<065535>
deny
permit
to/delete
from
existing
route-map
entry
Route map
denies set
operations
Route map
permits set
operations
<cr>
R2(config)#route-map CHANGE_NEXT_HOP
permit ?
<0-65535> Sequence to insert to/delete
from existing route-map entry
<cr>
R2(config)#route-map CHANGE_NEXT_HOP
permit 10
R2(config-route-map)#match ip address 17
R2(config-route-map)#set ip next-hop 10.1.1.1
R2(config-route-map)#set ?
as-path
automatic-tag
comm-list
Prepend
string fo
BGP AS
attribute
Automa
comput
value
set BGP
commun
list (for
deletion
BGP
community
dampening
default
extcommunity
interface
ip
commun
attribute
Set BG
route fl
dampen
parame
Set defa
informa
BGP
extende
commun
attribute
Output
interfac
IP spec
informa
level
localpreference
metric
metric-type
Where
import
BGP lo
prefere
path att
Metric
for
destinat
routing
protoco
Type of
metric f
destinat
routing
protoco
BGP or
origin
tag
weight
code
Tag val
destinat
routing
protoco
BGP w
for rout
table
<0-
Sequence
to insert
to/delete
65535>
deny
permit
from
existing
route-map
entry
Route map
denies set
operations
Route map
permits set
operations
<cr>
Route map statements can be given
a sequence number, and this is a
great help when you want to go
back to an existing route map and
ACL.
R1(config)#access-list
2 permit
2.2.2.0
0.0.0.255
R1(config)#
R1(config)#access-list 22 permit 22.2.2.0
0.0.0.255
R1(config)#
R1(config)#access-list 44 permit 222.2.2.0
as-path
Match B
AS path
list
community
extcommunity
interface
ip
length
Match B
commun
list
Match
BGP/V
extende
commun
list
Match f
hop
interfac
route
IP spec
informa
Packet
length
Match
metric o
route
Match
route-ty
of route
Match t
of route
metric
route-type
tag
R1(config-route-map)#match ip ?
address
next-
Match
address of
route or
match
packet
Match nexthop
hop
routesource
address of
route
Match
advertising
source
address of
route
R1(config-route-map)#match ip address ?
<1199>
<13002699>
WORD
IP accesslist number
IP accesslist number
(expanded
range)
IP accesslist name
prefixlist
Match
entries of
prefix-lists
<cr>
R1(config-route-map)#match ip address 2 ?
<1199>
<13002699>
WORD
IP accesslist number
IP accesslist number
(expanded
range)
IP accesslist name
<cr>
R1(config-route-map)#match ip address 2
as-path
automatic-tag
Prepend
string fo
BGP AS
attribute
Automa
comput
value
comm-list
community
dampening
default
extcommunity
set BGP
commun
list (for
deletion
BGP
commun
attribute
Set BG
route fl
dampen
parame
Set defa
informa
BGP
extende
commun
attribute
interface
ip
level
localpreference
metric
Output
interfac
IP spec
informa
Where
import
BGP lo
prefere
path att
Metric
for
destinat
routing
protoco
Type of
metric f
metric-type
origin
tag
weight
destinat
routing
protoco
BGP or
code
Tag val
destinat
routing
protoco
BGP w
for rout
table
+/-<metric>
<04294967295>
Add or
subtrac
metric
Metric
value o
Bandw
in Kbit
per sec
<cr>
R1(config-route-map)#set metric 40
R1(config-route-map)#set metric-type ?
external
IS-IS
external
internal
type-1
type-2
metric
Use IGP
metric as
the MED
for BGP
OSPF
external
type 1
metric
OSPF
external
type 2
metric
<cr>
R1(config-route-map)#set metric-type type-1
map.
R1(config)#router ospf 1
R1(config-router)#redis rip subnets
R3#show ip route ospf
O E2
222.2.2.0/24 [110/20] via 172.13.13.1,
00:00:03, Serial1
2.0.0.0/24 is subnetted, 1 subnets
O E2
2.2.2.0 [110/20] via 172.13.13.1,
00:00:03, Serial1
172.12.0.0/24 is subnetted, 1 subnets
O E2
172.12.123.0 [110/20] via
172.13.13.1, 00:00:03, Serial1
22.0.0.0/24 is subnetted, 1 subnets
O E2
22.2.2.0 [110/20] via 172.13.13.1,
00:00:03, Serial1
30.0.0.0/24 is subnetted, 1 subnets
O
30.1.1.0 [110/74] via 172.13.13.1,
00:00:03, Serial1
R5#show ip route ospf
O E2
222.2.2.0/24 [110/20] via 30.1.1.1,
00:00:15, Ethernet0
2.0.0.0/24 is subnetted, 1 subnets
O E2
2.2.2.0 [110/20] via 30.1.1.1, 00:00:15,
Ethernet0
172.12.0.0/24 is subnetted, 1 subnets
O E2
172.12.123.0 [110/20] via 30.1.1.1,
00:00:15, Ethernet0
172.13.0.0/24 is subnetted, 1 subnets
O
172.13.13.0 [110/74] via 30.1.1.1,
00:00:15, Ethernet0
22.0.0.0/24 is subnetted, 1 subnets
O E2
22.2.2.0 [110/20] via 30.1.1.1,
00:00:15, Ethernet0
too.
R1(config)#router ospf 1
R1(config-router)#redis rip subnets route-map
RIP2OSPF
R1(config-router)#redis conne subnets
O
30.1.1.0 [110/74] via 172.13.13.1,
00:01:56, Serial1
ip address (access-lists): 44
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map RIP2OSPF, permit, sequence 40
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
metric of 20.
Great stuff! Route maps are a very
powerful tool in controlling
redistribution
and
changing
attributes when needed - theyre not
just for BGP configs.
Hey, theres one more thing we
need to test - remember the last
requirement?
All future redistributed routes
-- allow redistribution with
the default seed metric and
OSPF route type.
00:00:02, Serial0
55.0.0.0/24 is subnetted, 1 subnets
R
55.5.5.0 [120/1] via 172.12.123.2,
00:00:02, Serial0
22.0.0.0/24 is subnetted, 1 subnets
R
22.2.2.0 [120/1] via 172.12.123.2,
00:00:02, Serial0
Bingo, baby!
Clause 20 of the route-map had two
set statements - you can also have
multiple match statements in a
clause. If so, both match statements
must match in order for that clause
to be, well, a match.
Ive added a clause 50 to this routemap. For this clause to match, the
external
internal
external
route
(BGP,
EIGRP and
OSPF type
1/2)
internal
route
(including
OSPF
intra/inter
level-1
level-2
local
nssaexternal
<cr>
area)
IS-IS
level-1
route
IS-IS
level-2
route
locally
generated
route
nssaexternal
route
(OSPF type
1/2)
R1(config-route-map)#match
external ?
external
internal
level-1
route-type
external
route
(BGP,
EIGRP and
OSPF type
1/2)
internal
route
(including
OSPF
intra/inter
area)
IS-IS
level-1
route
level-2
local
nssaexternal
type-1
IS-IS
level-2
route
locally
generated
route
nssaexternal
route
(OSPF type
1/2)
OSPF
external
type 1
route
OSPF
external
type-2
type 2
route
<cr>
R1(config-route-map)#match
route-type
external type-2
R1(config-route-map)#set metric 100
Match clauses:
Set clauses:
tag 10
route-map
policy
route-map
Interface
local
Serial0
And heres
remember.
the
Route map
CHANGE_
CHANGE_
big
rule
to
be
the
set
set
as-path
automatic-tag
Prepend
string fo
BGP AS
attribute
Automa
comput
comm-list
community
dampening
default
extcommunity
value
set BGP
commun
list (for
deletion
BGP
commun
attribute
Set BG
route fl
dampen
parame
Set defa
informa
BGP
extende
interface
ip
level
localpreference
metric
commun
attribute
Output
interfac
IP spec
informa
Where
import
BGP lo
prefere
path att
Metric
for
destinat
routing
protoco
metric-type
origin
tag
weight
Type of
metric f
destinat
routing
protoco
BGP or
code
Tag val
destinat
routing
protoco
BGP w
for rout
table
AS-Path
Community
Local Preference
Weight
Bonus Material - Not Covered On
DVD, But Good Reading Anyway!
ip default next-hop vs. ip nexthop
These are two values that can be set
ip host
R2(config)#route-map DEFAULT_NEXT_HOP
permit
R2(config-route-map)#match ip address 150
R2(config-route-map)#set ip default next-hop
100.1.1.3
R2(config)#interface e0
R2(config-if)#ip
policy
DEFAULT_NEXT_HOP
route-map
Redistribution
Null interfaces are seen in the
routing table after manual route
summarization has been configured,
but you can also create a static
route with Null0 as the exit
interface.
Configuring Null0 as the exit
interface means that matching data
will be dropped. You configure
such a route just as you would any
other static route with a specific
exit interface.
R2(config)#ip route 172.12.1.0 255.255.255.0
null0
BGP.
The null0 statement will not impact
your IGP routing, since the morespecific statements in the IGP table
will be used before this null0 route
due to the longest match rule.
Lets work through an example. You
have the IGP routes 150.100.1.0,
150.100.2.0, and 150.100.3.0, all
with a /24 mask. You have a need to
redistribute these routes into BGP.
Instead of redistributing the three
individual routes into BGP, you
summarize them. The result is
another
problem
with
OSPF
metric
Redistribution
OSPF routes
Metric for
redistributed ro
routemap
Route map
reference
match
vrf
VPN
Routing/Forwa
Instance
<cr>
R1(config-router)#redistribute ospf 1 match ?
external
internal
nssa-
Redistribute
OSPF
external
routes
Redistribute
OSPF
internal
routes
Redistribute
OSPF
NSSA
external
external
routes
external
Redistribute
external type
1 routes
Redistribute
external type
2 routes
Redistribute
OSPF
external
routes
internal
match
metric
nssaexternal
routemap
<cr>
Redistribute
OSPF interna
routes
Redistributio
of OSPF
routes
Metric for
redistributed
routes
Redistribute
OSPF NSSA
external
routes
Route map
reference
external
internal
match
metric
Redistribute
OSPF
external
routes
Redistribute
OSPF interna
routes
Redistributio
of OSPF
routes
Metric for
redistributed
routes
Redistribute
nssaexternal
routemap
<cr>
OSPF NSSA
external
routes
Route map
reference
second
R2(config-router)#default-metric 1544 ?
<0-4294967295> Delay metric, in 10
microsecond units
R2(config-router)#default-metric 1544 10 ?
<0-255> Reliability metric where 255 is
100% reliable
R2(config-router)#default-metric 1544 10 255 ?
<1-255> Effective bandwidth metric
(Loading) where 255 is 100% loaded
R2(config-router)#default-metric 1544 10 255 1
?
<1-4294967295> Maximum Transmission
Unit metric of the path
R2(config-router)#default-metric 1544 10 255 1
1500
Route
http://www.youtube.com/watch?
v=ol1boiYUtEk
Video Practice Exam on route
redistribution:
http://www.youtube.com/watch?
v=eY2yyRd0lvM
The Good, The Bad, and The
Redistributed
http://www.youtube.com/watch?
v=GdJOle54whI
Configuring and Troubleshooting
RIP Redistribution:
http://www.youtube.com/watch?
v=pRtZgfLxlbQ
Routing Loops In The Wild:
http://www.youtube.com/watch?
v=pKimoicJCFQ
Free CCNP ROUTE Video Boot
Camp on route redistribution:
http://bit.ly/Arnhjq
Just click this link for a free hourlong preview AND $10 off the
already low price!
http://bit.ly/A7pLBu
Available for immediate download
and on DVD!
Bonus Section:
Creating A VLSM Scheme
which is 254.
The formula for determining the
number of valid subnets looks
similar, but be careful - there are
two major differences.
Number of valid subnets = (2
to the nth power), where n = the
number of subnet bits
In this formula, n equals the
number of subnet bits, not host bits.
Also, you no longer subtract 2 to
determine the number of valid
subnets. Ciscos formula for their
exams used to hold that you should
hostname R1
!
!
ip subnet-zero
Ciscos networking theory now
holds that both of these subnets are
valid, so the 2 is no longer
subtracted. Using the previous
masks, you can see there are eight
subnet bits as well as eight host
bits:
Bonus Section:
How To Develop A VLSM
Scheme
future needs.
Network A: 110 hosts
Network B: 90 hosts
Network C: 65 hosts
Network D: 34 hosts
If we will need up to five hosts per
year for the next five years on each
of these subnets, we need to add 25
to the above values.
Network A: 135 hosts
Network B: 115 hosts
Network C: 90 hosts
Network D: 59 hosts
Now that weve allowed for the
networks future growth, were
going to follow the exact same
procedure as we did for the
previous example. That procedure
starts with the question
What is the smallest subnet that
can be created with all host bits
set to zero?
NW A requires 135 valid host
addresses. Using the above formula,
CCIE #12933
The
Computer
Bulldog
Certification