Ethernet Basics

It's no surprise that the concepts, protocols, and commands related to Ethernet are a key part of the CCIE Routing and Switching written exam. Almost all campus networks today are built using Ethernet technology. Also, Ethernet technology is moving into the WAN with the emergence of metro Ethernet. Even in an IT world, where technology changes rapidly, you can expect that ten years from now, Ethernet will still be an important part of the CCIE Routing and Switching written and lab exams. For...

Access Lists and Traffic Filtering

Cisco IOS has the same traffic filtering and related concepts for IPv6 as for IPv4. Access lists serve the same purposes in IPv6 as in IPv4, including traffic filtering and access control for interface logins. You should be aware of a few key differences between access-list behavior for the two network layer protocols, however y Because Neighbor Discovery is such a key protocol in IPv6, access lists implicitly permit ND ( traffic. This is necessary to avoid breaking ND's ARP-like functionality....

Acknowledgments

Maurilio, Rodney, and Paul each did a nice job tech editing the book and finding the technical errors that can creep into a manuscript. Additionally, Maurilio helped tremendously with one of the most difficult challenges with this book choosing what to cover and in what depth and what to not cover. Rodney gave us added perspective on the big picture and on keeping the audience in mind every step of the journey. Paulie helped (again) on the MPLS chapter and kept us on the straight and narrow....

Adding eBGP Routes to the IP Routing Table

Cisco IOS software uses simple logic when determining which eBGP routes to add to the IP routing table. The only two requirements are as follows The eBGP route in the BGP table is considered to be a best route. If the same prefix has been learned via another IGP or via static routes, the AD for BGP external routes must be lower than the ADs for other routing source(s). By default, Cisco IOS considers eBGP routes to have AD 20, which gives eBGP routes a better (lower) AD than any other dynamic...

Administrative Distance

A single router can learn routes using multiple IP routing protocols, as well as via connected and static routes. When a router learns a particular route from multiple sources, the router cannot use the metrics to determine the best route, because the metrics are based on different units. So, the router uses each route's administrative distance (AD) to determine which is best, with the lower number being better. Table 10-6 lists the default AD values for the various routing sources. The...

ARP and Proxy ARP

You would imagine that anyone getting this far in their CCIE study would already have a solid understanding of the Address Resolution Protocol (ARP, RFC 826). However, proxy ARP (RFC 1027) is often ignored, in part because of its lack of use today. To see how they both work, Figure 5-1 shows an example of each, with Fred and Barney both trying to reach the web server at IP address 10.1.2.200. Figure 5-1 Comparing ARP and Proxy ARP Figure 5-1 Comparing ARP and Proxy ARP Fred follows a normal ARP...

Authentication and Encryption

One area in which OSPFv3 is simpler than OSPFv2, at the protocol operation level, is that it uses Key IPv6's native authentication support rather than implementing its own authentication mechanisms. TopiC OSPFv3 uses Authentication Header (AH), beginning with Cisco IOS Release 12.3(4)T, and Encapsulating Security Payload (ESP) protocols for authentication, beginning with Cisco IOS Release 12.4(9)T. Both of these features require a Crypto feature set in the router. To enable IPv6 OSPF...

Automatic 6to4 Tunnels

Unlike the previous two tunnel types we have discussed, automatic 6to4 tunnels are inherently point-to-multipoint in nature. These tunnels treat the underlying IPv4 network as an NBMA cloud. In automatic 6to4 tunnels, the tunnel operates on a per-packet basis to encapsulate traffic to the i c correct destination thus its point-to-multipoint nature. These tunnels determine the appropriate destination address by combining the IPv6 prefix with the globally unique destination 6to4 border router's...

Automatic IPv4Compatible Tunnels

This type of tunnel uses IPv4-compatible IPv6 addresses for the tunnel interfaces. These addresses are taken from the 96 address space. That is, the first 96 bits of the tunnel interface addresses are all 0s, and the remaining 32 bits are derived from an IPv4 address. These addresses are written as 0 0 0 0 0 0 A.B.C.D, or A.B.C.D, where A.B.C.D represents the IPv4 address. The tunnel destination for an IPv4-compatible tunnel is automatically determined from the low-order 32 bits of the tunnel...

B C and D

Modified EUI-64 format has two elements the addition of 0xFFFE in the center of the host's MAC address and the flipping of the U L bit in the MAC address. In routers with no Ethernet interfaces, Cisco IOS determines the interface ID from a pool of MAC addresses associated with the router. IPv6 neighbor discovery, and a number of other functions in IPv6, uses ICMPv6. IGMP's functions in IPv4 are handled in IPv6 by Multicast Listener Discovery (MLD). OSPFv3 itself provides no authentication...

Backdoor Routes

Having a low default AD (20) for eBGP routes can cause a problem in some topologies. Figure 11-6 shows a typical case, in which Enterprise 1 uses its eBGP route to reach network 99.0.0.0 in Enterprise 2. However, the two enterprises want to use the OSPF-learned route via the leased line between the two companies. Figure 11-6 The Need for BGP Backdoor Routes R1 uses its eBGP route to reach 99.0.0.0 because eBGP has a lower AD (20) than OSPF (110). One solution would be to configure the distance...

Basic IPv6 Functionality Protocols

IPv6 uses a number of protocols to support it. Because IPv6 is fundamentally similar to IPv4, some of these protocols will be familiar to you and are covered in other parts of this book for example, ICMP, CDP, and DHCP. However, some aspects of IPv6 operation, and indeed some of its greatest strengths, require functional support from protocols not included in the IPv4 protocol suite. Key among them is Neighbor Discovery Protocol, which provides many functions critical in IPv6 networks. Other...

Bgp

This chapter covers what might be the single most important topic on both the CCIE Routing and Switching written and lab exams Border Gateway Protocol (BGP) Version 4. This chapter focuses on how BGP accomplishes its fundamental tasks 1. Forming neighbor relationships 2. Injecting routes into BGP from some other source 3. Exchanging those routes with other routers 4. Placing routes into IP routing tables All of these BGP topics have close analogies with those of BGP's IGP cousins, but of course...

BGP Messages and Neighbor States

The desired state for BGP neighbors is the established state. In that state, the routers have formed a TCP connection, and they have exchanged Open messages, with the parameter checks having passed. At this point, topology information can be exchanged using Update messages. Table 11-3 lists the BGP neighbor states, along with some of their characteristics. Note that if the IP addresses mismatch, the neighbors settle into an active state. BGP uses four basic messages. Table 11-4 lists the...

Bidirectional PIM

PIM-SM works efficiently with a relatively small number of multicast senders. However, in cases with a large number of senders and receivers, PIM-SM becomes less efficient. Bidirectional PIM addresses this relative inefficiency by slightly changing the rules used by PIM-SM. To appreciate bidirectional PIM, a brief review of PIM-SM's normal operations is useful. While many variations can occur, the following general steps can be used by PIM-SM 1. The RP builds a shared tree, with itself as the...

Blueprint topics covered in this chapter

This chapter covers the following subtopics from the Cisco CCIE Routing and Switching written exam blueprint. Refer to the full blueprint in Table I-1 in the Introduction for more details on the topics covered in each chapter and their context within the blueprint. Bridge Protocol Data Unit (BRDU) Guard STP Port Roles, Failure Propagation, and Loopguard Operation Rapid Spanning Tree Protocol (RSTP)

Building the BGP Table

The BGP topology table, also called the BGP Routing Information Base (RIB), holds the network layer reachability information (NLRI) learned by BGP, as well as the associated PAs. An NLRI is simply an IP prefix and prefix length. This section focuses on the process of how BGP injects NLRI into a router's BGP table, followed by how routers advertise their associated PAs and NLRI to neighbors. NOTE Technically, BGP does not advertise routes rather, it advertises PAs plus a set of NLRI that shares...

Building the IP Routing Table

So far, this chapter has explained how to form BGP neighbor relationships, how to inject routes into the BGP table, and how BGP routers choose which routes to propagate to neighboring routers. Part of that logic relates to how the BGP decision process selects a router's best route to each prefix, with the added restriction that the NEXT_HOP must be reachable before the route can be considered as a best route. This section completes the last step in BGP's ultimate goal adding the appropriate...

CB Policing Concepts

CB Policing is enabled for packets either entering or exiting an interface, or those entering or exiting a subinterface. It monitors, or meters, the bit rate of the combined packets when a packet pushes the metered rate past the configured policing rate, the policer takes action against that packet. The most aggressive action is to discard the packet. Alternately, the policer can simply re-mark a field in the packet. This second option allows the packets through, but if congestion occurs at...

CB Shaping to a Peak Rate

The shape average command has been used in all the examples so far. However, the command shape peak mean-rate is also allowed, which implements slightly different behavior as compared with shape average for the same configured rate. The key actions of the shape peak mean-rate command are summarized as follows It calculates (or defaults) Bc, Be, and Tc the same way as the shape average command. It refills Bc + Be tokens (instead of just Bc tokens) into the token bucket for each time interval....

Chapter

BGP neighbors must reach the established state, a steady state in which Update messages can be sent and received as needed. Although eBGP neighbors often share a common link, there is no requirement that neighbors must be connected to the same subnet. BGP sets TTL to 1 only for messages sent over eBGP connections, so the ebgp-multihop option is required only in that case. (The ibgp-multihop command does not exist.) The BGP router ID can be set to any syntactically valid number, in the format of...

Checks Before Becoming BGP Neighbors

Similar to IGPs, BGP checks certain requirements before another router may become a neighbor, reaching the BGP established state. Most of the settings are straightforward the only tricky part relates to the use of IP addresses. The following list describes the checks that BGP performs when forming neighbor relationships . 1. The router must receive a TCP connection request with a source address that the router finds Topic in a BGP neighbor command. 2. A router's ASN (on the router bgp asn...

CIDR Private Addresses and NAT

The sky was falling in the early 1990s in that the commercialization of the Internet was rapidly depleting the IP Version 4 address space. Also, Internet routers' routing tables were doubling annually (at least). Without some changes, the incredible growth of the Internet in the 1990s would have been stifled. To solve the problems associated with this rapid growth, several short-term solutions were created, as well as an ultimate long-term solution. The short-term solutions included classless...

Cisco 3550 and 3560 Switch Ingress Queueing

Cisco 3550 and 3560 switches perform both ingress and egress queuing. The 3550 uses a single FIFO ingress queue as a place to hold frames waiting to be forwarded to the egress interface, so the details are not terribly interesting. The 3560, on the other hand, has two ingress queues, one of which can be configured as a priority queue. This section addresses the details of these features. The 3560 packet scheduler uses a method called shared round-robin (SRR) to control the rates at Topic which...

Cisco 3550 Congestion Avoidance

Catalyst 3550 Gigabit interfaces support a mutually exclusive choice of either WRED or tail-drop logic for managing drops in egress queues. The 3550 Fast Ethernet interfaces do not use WRED or tail drop, but rather use a switch-specific method of managing internal buffers (which is not covered in this book). Cisco 3550 WRED has the same overall strategy as WRED as implemented in Cisco routers but with many differences in implementation details. The key features of Cisco 3550 WRED are as...

Cisco 3550 Switch Egress Queuing

For egress, the 3550 supports four queues per interface, with classification into the queues based on CoS. Scheduling is based on weighted round-robin (WRR) logic, with an optional expedited (priority) queue. The Cisco 3550 uses a relatively simple classification scheme, assuming you consider only what happens when the forwarding decision has been made. These switches make most internal QoS decisions based on an internal DSCP setting. The internal DSCP has been determined when the frame is...

Cisco Group Management Protocol

IGMP helps routers to determine how to distribute multicast traffic. However, IGMP works at Layer 3, and switches do not understand IGMP messages. Switches, by default, flood multicast traffic to all the hosts in a broadcast domain, which wastes bandwidth. Figure 16-15 illustrates the problem. Figure 16-15 Switches Flood Multicast Traffic Figure 16-15 Switches Flood Multicast Traffic -> - IGMP Join 226.6.6.6 -> - Multicast to 226.6.6.6 -> - IGMP Join 226.6.6.6 -> - Multicast to...

Cisco Modular QoS CLI

For many years and over many IOS releases, Cisco added QoS features and functions, each of which used its own separate set of configuration and exec commands. Eventually, the number of different QoS tools and different QoS commands got so large that QoS configuration became a big chore. Cisco created the Modular QoS CLI (MQC) to help resolve these problems, by defining a common set of configuration commands to configure many QoS features in a router or switch. MQC is not a totally new CLI,...

Classification and Marking

The goal of classification and marking tools is to simplify the classification process of other QoS tools by performing complicated classification steps as few times as possible. For instance, a classification and marking tool might examine the source IP address of packets, incoming Class of Service (CoS) settings, and possibly TCP or UDP port numbers. Packets matching all those fields may have their IP Precedence (IPP) or DiffServ Code Points (DSCPs) field marked with a particular value....

Classification Marking and Queuing

Just as in IPv4, you must identify the network traffic you want to treat with QoS before configuring it. Once you have done that, the first step is to determine how a router can identify the traffic of interest this is the classification phase, which is done through Cisco IOS class maps. If your network is running the same protocols on IPv4 and IPv6, it makes sense to classify traffic based on IP precedence and DSCP. If not, you can treat them independently using match protocol ip and match...

Classless and Classful Routing

So far this chapter has reviewed the basic forwarding process for IP packets in a Cisco router. The logic requires matching the packet destination with the routing table, or with the CEF FIB if CEF is enabled, or with other tables for the other options Cisco uses for route table lookup. (Those options include fast switching in routers and NetFlow switching in multilayer switches, both of which populate an optimized forwarding table based on flows, but not on the contents of the routing table.)...

Classless Interdomain Routing

CIDR is a convention defined in RFCs 1517 through 1520 that calls for aggregating routes for multiple classful network numbers into a single routing table entry. The primary goal of CIDR is to improve the scalability of Internet routers' routing tables. Imagine the implications of an Internet router being burdened by carrying a route to every class A, B, and C network on the planet CIDR uses both technical tools and administrative strategies to reduce the size of the Internet routing tables....

Clearing the IP Routing Table

The clear ip route * command clears the IP routing table. However, because EIGRP keeps all possible routes in its topology table, a clear ip route * command does not cause EIGRP to send any messages or learn any new topology information the router simply refills the IP routing table with the best routes from the existing topology table. The clear ip eigrp neighbor command clears all neighbor relationships, which clears the entire topology table on the router. The neighbors then come back up,...

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference. The Command Reference describes these conventions as follows Boldface indicates commands and keywords that are entered literally as shown. In actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show command). Italics indicate arguments for which you supply actual values. Vertical bars...

Comparing Queuing Tools

Cisco IOS provides a wide variety of queuing tools. The upcoming sections of this chapter describe several different IOS queuing tools, with a brief summary ending the section on queuing. Table 13-2 summarizes the main characteristics of different queuing tools that you will want to keep in mind while comparing each successive queuing tool. Table 13-2 Key Comparison Points for Queuing Tools Table 13-2 Key Comparison Points for Queuing Tools The ability to look at packet headers to choose the...

Comparison of IGMPv1 IGMPv2 and IGMPv3

Table 16-5 compares the important features of IGMPvl, IGMPv2, and IGMPv3. First Octet Value for the Query Message Destination Address for the General Query Joining multicast group address and source address Is Report Suppression Mechanism Available Can Maximum Response Time Be Configured Can a Host Send a Leave Group Message Destination Address for the Leave Group Message Can a Router Send a Group-Specific Query Can a Host Send Source-and Group-Specific Reports Can a Router Send Source- and...

Comparison of PIMDM and PIMSM

One of the most confusing parts of the PIM-DM and PIM-SM designs is that it appears that if sources keep sending, and receivers keep listening, there is no difference between the end results of the end-user multicast packet flow using these two options. Once PIM-SM completes its more complicated processes, the routers near the receivers have all joined the SPT to the source, and the most efficient forwarding paths are used for each (S,G) tree. Although its underlying operation is a bit more...

Comparisons Between Cisco 3550 and 3560 Switches

Cisco includes the 3550 and 3560 series switches in the CCIE Routing and Switching lab exam. Cisco is not specific about any particular switch models to expect on the CCIE Routing and Switching written exam. As a result, it is useful to compare the QoS features of the two switches that you may encounter in the lab exam. Table 13-9 summarizes the key differences. (The comparisons listed here assume the Enhanced software image is used on both models of switches.) Table 13-9 Comparison of Cisco...

Configuring OSPFv3 over Frame Relay

In IPv4 Frame Relay networks, you are likely to be familiar with mapping IP addresses to DLCI numbers. i Topic The configuration of frame-relay map statements is much the same in IPv6, but there is a twist It requires two map statements instead ofjust one. One map statement points to the link-local address, and the other points to the unicast address of the next-hop interface. Only the link-local mapping statement requires the broadcast keyword (which actually permits multicast, as there is no...

Configuring Route Maps with the routemap Command

Route maps provide programming logic similar to the If Then Else logic seen in other programming languages. A single route map has one or more route-map commands in it, and routers process route-map commands in sequential order based on sequence numbers. Each route-map command has underlying matching parameters, configured with the aptly named match command. (To match all packets, the route-map clause simply omits the match command.) Each route-map command also has one or more optional set...

Configuring Shaping by Bandwidth Percent

The shape command allows the shaping rate to be stated as a percentage of the setting of the interface or subinterface bandwidth setting. Configuring based on a simple percentage of the bandwidth command setting seems obvious at first. However, you should keep in mind the following facts when configuring the shape command based on percentage of interface bandwidth . The shape percent command uses the bandwidth of the interface or subinterface under which Topic it is enabled. Subinterfaces do...

Configuring Trunking on Routers

VLAN trunking can be used on routers and hosts as well as on switches. However, routers do not support DTP, so you must manually configure them to support trunking. Additionally, you must manually configure a switch on the other end of the segment to trunk, because the router does not participate in DTP. The majority of router trunking configurations use subinterfaces, with each subinterface being associated with one VLAN. The subinterface number does not have to match the VLAN ID rather, the...

Contents

Do I Know This Already Quiz 5 Foundation Topics 8 Ethernet Layer 1 Wiring, Speed, and Duplex 8 RJ-45 Pinouts and Category 5 Wiring 8 Auto-negotiation, Speed, and Duplex 9 CSMA CD 10 Collision Domains and Switch Buffering 10 Basic Switch Port Configuration 12 Ethernet Layer 2 Framing and Addressing 14 Types of Ethernet Addresses 16 Ethernet Address Formats 17 Protocol Types and the 802.3 Length Field 18 Switching and Bridging Logic 19 Foundation Summary 22 Memory Builders 25 Fill in Key Tables...

Context Based Access Control

In some cases, access-list filtering may be enough to control and secure a router interface. However, as attackers have become more sophisticated, Cisco has developed better tools to deal with threats. The challenge, as always, is to make security features relatively transparent to network users while thwarting attackers. CBAC is one of those features. A function of the firewall feature set in Cisco IOS, CBAC takes access-list filtering a step or two farther by providing dynamic inspection of...

Converged Steady State Operation

Example 7-1 shows a few details of R1's operation while all interfaces in Figure 7-1 are up and working. The example lists the basic (and identical) RIP configuration on all four routers configuration will be covered in more detail later in the chapter. As configured, all four routers are using only RIPv2, on all interfaces shown in Figure 7-1. Read the comments in Example 7-1 for explanations of the output. Example 7-1 Steady-State RIP Operation in Figure 7-1 All routers use the same three...

Convergence Extras

Convergence in Example 7-3 took a little over 4 minutes, but it could be improved in some cases. The RIP timers can be tuned with the timers basic update invalid hold-down flush subcommand under router rip, although care should be taken when changing these timers. The timers should be consistent across routers, and smaller values increase the chance of routing loops being formed during convergence. The clear ip route * command also speeds convergence by removing all routes from the routing...

Converging to a New STP Topology

STP logic monitors the normal ongoing Hello process when the network topology is stable when the Hello process changes, STP then needs to react and converge to a new STP topology. When STP has a stable topology, the following occurs 1. The root switch generates a Hello regularly based on the Hello timer. 2. Each non-root switch regularly (based on the Hello timer) receives a copy of the root's Hello on its RP. 3. Each switch updates and forwards the Hello out its Designated Ports. 4. For each...

D Spanning Tree Protocol

Although many CCIE candidates already know STP well, the details are easily forgotten. For instance, you can install a campus LAN, possibly turn on a few STP optimizations and security features out of habit, and have a working LAN using STP without ever really contemplating how STP does what it does. And in a network that makes good use of Layer 3 switching, each STP instance might span only three to four switches, making the STP issues much more manageable but more forgettable in terms of...

Decimal to Binary Conversion Table

This appendix provides a handy reference for converting between decimal and binary formats for the decimal numbers 0 through 255. Feel free to refer to this table when practicing the subnetting problems in Appendix D, IP Addressing Practice, which is on the CD. Although this appendix is useful as a reference tool, note that if you plan to convert values between decimal and binary when doing subnetting-related exam questions, instead of using the shortcut processes that mostly avoid binary math,...

Default Routes

Routers forward packets using a default route when there are no specific routes that match a packet's destination IP address in the IP routing table. Routing protocols can advertise default routes, with each router choosing the best default route to list as that router's gateway of last resort. This section covers how a router can create a default route and then cause an IGP to advertise the default route. In addition to the advertisement of default routes, each router may use one of two...

Defining and Limiting LLQ Bandwidth

The LLQ priority command provides two syntax options for defining the bandwidth of an LLQ a simple explicit amount or bandwidth as a percentage of interface bandwidth. (There is no remaining bandwidth equivalent for the priority command.) However, unlike the bandwidth command, both the explicit and percentage versions of the priority command can be used inside the same policy map. IOS still limits the amount of bandwidth in an LLQ policy map, with the actual bandwidth from both LLQ classes...

Definitions

Next, take a few moments to write down the definitions for the following terms CST, STP, MST, RSTP, Hello timer, Maxage timer, Forward Delay timer, blocking state, forwarding state, listening state, learning state, disabled state, alternate state, discarding state, backup state, Root Port, Designated Port, superior BPDU, PVST+, RPVST+, UplinkFast, BackboneFast, PortFast, Root Guard, BPDU Guard, UDLD, Loop Guard, LACP, PAgP Refer to the CD-based glossary to check your answers.

Designated Routers on WANs and OSPF Network Types

Using a DR makes good sense on a LAN because it improves LSA flooding efficiency. Likewise, not using a DR on a point-to-point WAN link also makes sense, because with only two routers on the subnet, there is no inefficiency upon which to improve. However, on nonbroadcast multiaccess (NBMA) networks, arguments can be made regarding whether a DR is helpful. So, OSPF includes several options that include a choice of whether to use a DR on WAN interfaces. Cisco router interfaces can be configured...

Dhcp

DHCP represents the next step in the evolution of dynamic IP address assignment. Building on the format of BOOTP protocols, DHCP focuses on dynamically assigning a variety of information and provides flexible messaging to allow for future changes, without requiring predefinition of MAC addresses for each client. DHCP also includes temporary leasing of IP addresses, enabling address reclamation, pooling of IP addresses, and, recently, dynamic registration of client DNS Hey Everybody My MAC...

Differences Between EIGRP for IPv4 and for IPv6

IPv6 EIGRP requires a routing process to be defined and enabled (no shutdown) and a router ID (in 32-bit IPv4 address format) to be manually assigned using the router-id command, both of which must be done in IPv6 router configuration mode before the IPv6 EIGRP routing process can start. These are two of the differences between EIGRP for IPv4 and IPv6. Some others include the following ,_________ Configured on the interface As with OSPFv3 (and RIPng), EIGRP advertises networks based on...

Differences Between OSPFv2 and OSPFv3

OSPFv2 and OSPFv3 share many key concepts, including most of their basic operations and the concepts of neighbor relationships, areas, interface types, virtual links, metric calculations, and many others. However, you should understand the significant differences as well. Key differences between OSPFv2 and OSPFv3 include these Configured using interface commands Cisco IOS enables OSPFv3 using interface Topic subcommands, instead of using the OSPFv2 method (using the network command in router...

Distance Vector Multicast Routing Protocol

RFC 1075 describes Version 1 of DVMRP. DVMRP has many versions. The operation of DVMRP is similar to PIM-DM. The major differences between PIM-DM and DVMRP are defined as Cisco IOS does not support a full implementation of DVMRP however, it does support connectivity to a DVMRP network. DVMRP uses its own distance vector routing protocol that is similar to RIPv2. It sends route updates every 60 seconds and considers 32 hops as infinity. Use of its own routing protocol adds more overhead to DVMRP...

Do I Know This Already Quiz

Table 1-1 outlines the major headings in this chapter and the corresponding Do I Know This Already quiz questions. Table 1-1 Do I Know This Already Foundation Topics Section-to-Question Mapping_ Table 1-1 Do I Know This Already Foundation Topics Section-to-Question Mapping_ Ethernet Layer 1 Wiring, Speed, and Duplex Ethernet Layer 2 Framing and Addressing In order to best use this pre-chapter assessment, remember to score yourself strictly. You can find the answers in Appendix A, Answers to the...

Dynamically Finding RPs and Using Redundant RPs

In a PIM-SM network, every router must somehow learn the IP address of an RP. A PIM-SM router can use one of the following three methods to learn the IP address of an RP The RP address can be statically configured on all the PIM-SM routers with the Cisco IOS global command ip pim rp-addr topology shown in Figure 17-19. Topic global command ip pim rp-address address. This is the method used for the five-router The Cisco-proprietary Auto-RP protocol can be used to designate the RP and advertise...

EIGRP Authentication

EIGRP authentication, much like OSPF authentication, requires the creation of keys and requires authentication to be enabled on a per-interface basis. The keys are used as the secret (private) key used in an MD5 calculation. (EIGRP does not support clear-text authentication.) Multiple keys are allowed and are grouped together using a construct called a key chain. A key chain is simply a set of related keys, each of which has a different number and may be restricted to a time period. By allowing...

EIGRP Automatic Summarization

EIGRP defaults to use automatic summarization, or autosummarization. Autosummarization can Topic be disabled with the no auto-summary command under router eigrp process. Unless you particularly want a router to autosummarize using EIGRP, you should configure the no auto-summary command to disable this feature. (Note that EIGRP autosummarization works the same in concept as autosummarization with RIP, which discussed in the Chapter 7 section titled Enabling RIP and the Effects of...

EIGRP Configuration Example

Example 8-6 lists the configuration for R1, R2, R4, and R5 from Figure 8-4. The routers were configured based on the following design goals Configure K values to ignore bandwidth. Configure R5 as an EIGRP stub router. Ensure that R2's LAN interface uses a Hello and Hold time of 2 and 6, respectively. Configure R4 to allow 75 percent of interface bandwidth for EIGRP updates. Advertise R4's LAN subnet, but do not attempt to send or receive EIGRP updates on the LAN. Example 8-6 Basic EIGRP...

EIGRP Convergence

Once all the EIGRP routers have learned all the routes in the network, and placed the best routes (the successor routes) in their IP routing tables, their EIGRP processes simply continue to send Hellos, expect to receive Hellos, and look for any changes to the network. When those changes do occur, EIGRP must converge to use the best available routes. This section covers the three major components of EIGRP convergence input events, local computation (which includes looking for feasible...

EIGRP Load Balancing

EIGRP allows for up to six equal-metric routes to be installed into the IP routing table at the same time. However, because of the complex EIGRP metric calculation, metrics may often be close to each other, but not exactly equal. To allow for metrics that are somewhat close in value to be considered equal, and added to the IP routing table, you can use the variance multiplier command. The multiplier defines a value that is multiplied by the lowest metric (in other words, the FD, which is the...

EIGRP Offset Lists

EIGRP offset lists allow EIGRP to add to a route's metric, either before sending an update, or for routes received in an update. The offset list refers to an ACL (standard, extended, or named) to match the routes any matched routes have the specified offset, or extra metric, added to their metrics. Any routes not matched by the offset list are unchanged. The offset list also specifies which routing updates to examine by specifying a direction (in or out) and, optionally, an interface. If the...

EIGRP Route Filtering

Outbound and inbound EIGRP updates can be filtered at any interface, or for the entire EIGRP process. To filter the routes, the distribute-list command is used under router eigrp asn, referencing an IP ACL. The generic command, when creating an EIGRP distribution list that uses an ACL, is distribute-list access-list-number I name in I out interface-type interface-number Example 8-8 shows an inbound distribution list on router R2 (in the example in Figure 8-1), filtering routes in the...

EIGRP Route Summarization

EIGRP provides the easiest and most straightforward rules for summarizing routes as compared with RIPv2, OSPF, and IS-IS. To summarize routes, the ip summary-address eigrp as-number network-address subnet-mask admin-distance command is placed under an interface. If any of the component routes are in that router's routing table, EIGRP advertises the summary route out that interface. The summary is defined by the network-address subnet-mask parameters. One of the more interesting features of the...

EIGRP Updates

RTP allows the Updates to be sent as multicasts. If any neighbors fail to acknowledge receipt of the multicasted update, RTP resends Updates as unicasts just to those neighbors. The steps run as follows, using Figure 8-2 as an example 1. The EIGRP sender (R1 in Figure 8-2) starts a Retransmission Timeout (RTO) timer for each neighbor when sending a reliable message like an Update. (Cisco IOS actually calculates a Smoothed Round-Trip Time, or SRTT, to each neighbor, and derives RTO from the SRTT...

Enabling and Configuring OSPFv3

., Enabling OSPFv3 on a Cisco router is straightforward if you have a good grasp of OSPFv2. Once Kcv Topic basic IPv6 addressing and reachability are configured and working, the OSPFv3 configuration process includes these steps Step 1 Identify the desired links connected to each OSPFv3 router. Step 2 Determine the OSPF area design and the area to which each router link (interface) should belong. Step 3 Identify any special OSPF routing requirements, such as stub areas, address summarization,...

Enabling RIP and the Effects of Autosummarization

Example 7-4 covers basic RIP configuration, the meaning and implication of the RIP network command, and the effects of the default setting for autosummarization. To examine just those functions, Example 7-4 shows the related RIP configuration on R1, R2, and R6, along with some command output. Example 7-4 Basic RIP Configuration on R1, R2, R4, and S1 First, the three lines of configuration are the same on R1 and S1 (Point 1) the version 2 command tells R1 to send and receive only RIPv2 updates,...

External BGP Neighbors

The physical topology between eBGP peers is often a single link, mainly because the connection is between different companies in different autonomous systems. As a result, eBGP peering can simply use the interface IP addresses for redundancy, because if the link fails, the TCP connection will fail because there is no longer an IP route between the peers. For instance, in Figure 11-2, the R1-R6 eBGP peering uses interface IP addresses defined in the neighbor commands. When IP redundancy exists...

Filtering with Distribute Lists and Prefix Lists

Outbound and inbound RIP updates can be filtered at any interface, or for the entire RIP process. To filter the routes, the distribute-list command is used under router rip, referencing an IP ACL or an IP prefix list. Any subnets matched with a permit clause in the ACL make it through any that match with a deny action are filtered. The distribution list filtering can be performed for either direction of flow (in or out) and, optionally, for a particular interface. If the interface option is...

Foundation Summary

This section lists additional details and facts to round out the coverage of the topics in this chapter. Unlike most of the Cisco Press Exam Certification Guides, this Foundation Summary does not repeat information presented in the Foundation Topics section of the chapter. Please take the time to read and study the details in the Foundation Topics section of the chapter, as well as review items noted with a Key Topic icon. Table 1-8 lists the different types of Ethernet and some distinguishing...

Foundation Topics

Link-state routing protocols define the content and structure of data that describes network topology, and define the processes by which routers exchange that detailed topology information. The name link state refers to the fact that the topology information includes information about each data link, along with each link's current operational state. All the topological data together comprises the link-state database (LSDB). Each link-state router applies the Dijkstra algorithm to the database...

Frame Relay Concepts

Frame Relay remains the most commonly deployed WAN technology used by routers. A slow migration away from Frame Relay has already begun with the advent and rapid growth of IP-based VPNs and MPLS. However, Frame Relay will likely be a mainstay of enterprise networks for the fore-seeable future. Frame Relay standards have been developed by many groups. Early on, Cisco and some other companies (called the gang of four) developed vendor standards to aid Frame Relay adoption and product development....

Frame Relay Configuration Basics

Two of the most important details regarding Frame Relay configuration are the association of DLCIs with the correct interface or subinterface, and the mapping of L3 addresses to those DLCIs. Interesting, both features can be configured using the same two commands the frame-relay map and frame-relay interface-dlci commands. Chapter 6 already covered the details of mapping L3 addresses to DLCIs using InARP and static mapping. (If you have not reviewed those Table 15-3 summarizes some of the key...

Frame Relay Congestion De Becn and FECN

FR networks, like any other multiaccess network, create the possibility for congestion caused by speed mismatches. For instance, imagine an FR network with 20 remote sites with 256-kbps links, and one main site with a T1 link. If all 20 remote sites were to send continuous frames to the main site at the same time, about 5 Mbps of data would need to exit the FR switch over the 1.5-Mbps T1 connected to the main router, causing the output queue on the FR switch to grow. Similarly, when the main...

Frame Relay Data Link Connection Identifiers

To connect two DTEs, an FR service uses a virtual circuit (VC) between pairs of routers. A router can then send an FR frame with the appropriate (typically) 10-bit Data Link Connection Identifier (DLCI) header field that identifies each VC. The intermediary FR switches forward the frame based on its DLCI, until the frame eventually exits the FR service out the access link to the router on the other end of the VC. FR DLCIs are locally significant, meaning that a particular DLCI value only...

Frame Relay Fragmentation

Frame Relay Forum IA 12, or FRF.12, defines a standard method of performing LFI over a Frame Relay PVC. Cisco IOS supports two methods for configuring FRF.12. The legacy FRF.12 configuration requires FRTS to be configured, and requires a queuing tool to be applied to the shaped packets. (Example 14-7 in Chapter 14 shows an FRTS map-class shape-with-LLQ command that shapes and applies LLQ.) Figure 15-5 shows the overall logic of how FRF.12 interleaves packets using LFI, when configured using...

Frame Relay Headers and Encapsulation

Routers create Frame Relay frames by using different consecutive headers. The first header is the ITU Link Access Procedure for Frame-Mode Bearer Services (LAPF) header. The LAPF header includes all the fields used by Frame Relay switches to deliver frames across the FR cloud, including the DLCI, DE, BECN, and FECN fields. The Frame Relay encapsulation header follows the LAPF header, holding fields that are important only to the DTEs on the ends of a VC. For the encapsulation header, two...

Frame Relay Payload Compression

Cisco IOS software supports three options for payload compression on Frame Relay VCs packet-by-packet, data-stream, and Frame Relay Forum Implementation Agreement 9 (FRF.9). FRF.9 is the only standardized protocol of the three options. FRF.9 compression and data-stream compression function basically the same way the only real difference is that FRF.9 implies compatibility with non-Cisco devices. All three FR compression options use LZS as the compression algorithm, but one key difference...

Frame Relay Traffic Shaping Configuration

Frame Relay Traffic Shaping (FRTS) differs from CB Shaping in several significant ways, although the underlying token-bucket mechanics are identical. The following list highlights some of the key similarities and differences FRTS can be used only on Frame Relay interfaces, whereas CB Shaping can be used with any Topic underlying data link protocol. Like CB Shaping, FRTS allows a large number of IOS queuing tools to be used instead of a single FIFO shaping queue. Unlike CB Shaping, FRTS does not...

FRTS with MQC

MQC-based FRTS is another method of configuring the same behaviors that you can configure with the legacy FRTS commands. FRTS integration into the MQC represents the continuing migration toward MQC for its modular characteristics, rather than the many separate tools that MQC replaces, to make configuring QoS features easier. Configuring MQC-based FRTS requires knowledge of a few key rules You must create a default class in the FRTS service policy, under which all FRTS commands are applied. If...

Further Reading

The topics in this chapter tend to be covered in slightly more detail in CCNP Switching exam preparation books. For more details on these topics, refer to CCNP BCMSN Official Exam Certification Guide, Fourth Edition, and Authorized Self-Study Guide Building Cisco Multilayer Switched Networks (BCMSN), Fourth Edition. Cisco LAN Switching, by Kennedy Clark and Kevin Hamilton, covers STP logic and operations in detail. MSTP, PVST+, and Rapid PVST+ (RPVST+) configuration are covered in the...

General Layer 2 Security Recommendations

Recall that the beginning of the Layer 2 Security section outlined the Cisco SAFE Blueprint recommendations for user and unused ports and some general recommendations. The general recommendations include configuring VTP authentication globally on each switch, putting unused switch ports in an unused VLAN, and simply not using VLAN 1. The underlying configuration for each of these general recommendations is covered in Chapter 2. Additionally, Cisco recommends not using the native VLANs on...

Graceful Restart

In steady-state operation, OSPF can react to changes in the routing domain and reconverge quickly. This is one of OSPF's strengths as an IGP. However, what happens when something goes really wrong is just as important as how things work under relatively stable conditions. One of those really wrong things that sometimes happens is that a router requires a restart to its OSPF software process. To prevent various routing problems, including loops, that can take place when an OSPF router suddenly...

Hellos Neighbors and Adjacencies

After a router has been configured for EIGRP, and its interfaces come up, it attempts to find neighbors by sending EIGRP Hellos (destination 224.0.0.10). Once a pair of routers have heard each other say Hello, they become adjacent assuming several key conditions are met. Once neighbors pass the checks in the following list, they are considered to be adjacent. At that point, they can exchange routes and are listed in the output of the show ip eigrp neighbor command. Neighbors should always form...

How WRED Weights Packets

WRED gives preference to packets with certain IPP or DSCP values. To do so, WRED uses different traffic profiles for packets with different IPP and DSCP values. A WRED traffic profile consists of a setting for three key WRED variables the minimum threshold, the maximum threshold, and the MPD. Figure 13-6 shows just such a case, with two WRED traffic profiles (for IPP 0 and IPP 3). As Figure 13-6 illustrates, IPP 3's minimum threshold was higher than for IPP 0. As a result, IPP 0 traffic will be...

IGMP Version

In October 2002, RFC 3376 defined specifications for IGMPv3, which is a major revision of the protocol and is very complex. To use the new features of IGMPv3, last-hop routers have to be updated, host operating systems have to be modified, and applications have to be specially designed and written. At the time of this writing (mid-2007), a limited number of IGMPv3 applications are available. Therefore, this section does not examine IGMPv3 in detail instead, it summarizes IGMPv3's major...

IGMPv2 Timers

Table 16-4 summarizes important timers used in IGMPv2, their usage, and default values. Table 16-4 Important IGMPv2 Timers A time period between General Queries sent by a router. The maximum response time for hosts to respond to the periodic general Queries. 10 seconds can be between .1 and 25.5 seconds A time period during which, if a router does not receive an IGMP Report, the router concludes that there are no more members of the group on the subnet. A time period during which, if the IGMPv2...

IGMPvl and IGMPv2 Interoperability

IGMPv2 is designed to be backward compatible with IGMPv1. RFC 2236 defines some special interoperability rules. The next few sections explore the following interoperability scenarios IGMPv2 Host and IGMPv1 Routers Defines how an IGMPv2 host should behave in the presence of an IGMPv1 router on the same subnet. IGMPv1 Host and IGMPv2 Routers Defines how an IGMPv2 router should behave in the presence of an IGMPv1 host on the same subnet. When a host sends the IGMPv2 Report with the message type...

IGP Route Redistribution Route Summarization and Default Routing

This chapter covers several topics related to the use of multiple IGP routing protocols. IGPs can use default routes to pull packets toward a small set of routers, with those routers having learned routes from some external source. IGPs can use route summarization with a single routing protocol, but it is often used at redistribution points between IGPs as well. Finally, route redistribution by definition involves moving routes from one routing source to another. This chapter takes a look at...

Input Events and Local Computation

An EIGRP router needs to react when an input event occurs. The obvious input events are when a router learns of new prefixes via newly received routing updates, when an interface fails, or when a neighbor fails. Because EIGRP sends updates only as a result of changed or new topology information, a router must consider the update and decide if any of its routes have changed. When an input event implies that a route has failed, the router performs local computation, a fancy term for a process...

Internal BGP Neighbors

A BGP router considers each neighbor to be either an internal BGP (iBGP) peer or an external BGP (eBGP) peer. Each BGP router resides in a single AS, so neighbor relationships are either with other routers in the same AS (iBGP neighbors) or with routers in other autonomous systems (eBGP neighbors). The two types of neighbors differ only slightly in regard to forming neighbor relationships, with more significant differences in how the type of neighbor (iBGP or eBGP) impacts the BGP update...

Internet Group Management Protocol

IGMP has evolved from the Host Membership Protocol, described in Dr. Steve Deering's doctoral thesis, to IGMPvl (RFC 1112), to IGMPv2 (RFC 2236), to the latest, IGMPv3 (RFC 3376). IGMP messages are sent in IP datagrams with IP protocol number 2, with the IP Time-to-Live (TTL) field set to 1. IGMP packets pass only over a LAN and are not forwarded by routers, due to their TTL field values. The two most important goals of IGMP are as follows To inform a local multicast router that a host wants to...

IP Addressing and Subnetting

You need a postal address to receive letters similarly, computers must use an IP address to be able to send and receive data using the TCP IP protocols. Just as the postal service dictates the format and meaning of a postal address to aid the efficient delivery of mail, the TCP IP protocol suite imposes some rules about IP address assignment so that routers can efficiently forward packets between IP hosts. This chapter begins with coverage of the format and meaning of IP addresses, with...

IP Forwarding

IP forwarding, or IP routing, is simply the process of receiving an IP packet, making a decision of where to send the packet next, and then forwarding the packet. The forwarding process needs to be relatively simple, or at least streamlined, for a router to forward large volumes of packets. Ignoring the details of several Cisco optimizations to the forwarding process for a moment, the internal forwarding logic in a router works basically as shown in Figure 6-1. Figure 6-1 Forwarding Process at...

IP Forwarding Routing

Chapter 6 begins the largest part of the book. This part of the book, containing Chapters 7 through 11, focuses on the topics that are the most important and popular for both the CCIE Routing and Switching written and practical (lab) exams. Chapter 6 begins with coverage of the details of the forwarding plane the actual forwarding of IP packets. This process of forwarding IP packets is often called IP routing, or simply routing. Also, many people also refer to IP routing as the data plane,...

IP Multicast Routing

In Chapter 16, Introduction to IP Multicasting, you learned how a multicast router communicates with hosts and then decides whether to forward or stop the multicast traffic on a subnet. But how does a multicast router receive the group traffic How is the multicast traffic forwarded from a source so that all the group users receive it This chapter provides answers to those questions. This chapter first defines the multicast routing problem by identifying the difference between unicast and...

IP Precedence and DSCP Compared

The IP header is defined in RFC 791, including a 1-byte field called the Type of Service (ToS) byte. The ToS byte was intended to be used as a field to mark a packet for treatment with QoS tools. The ToS byte itself was further subdivided, with the high-order 3 bits defined as the IP Precedence (IPP) field. The complete list of values from the ToS byte's original IPP 3-bit field, and the corresponding names, is provided in Table 12-2. Table 12-2 IP Precedence Values and Names Table 12-2 IP...