A

Filtering by AS_PATH 219-224 filtering by NLRI 211-218 filtering with route maps 224-226 bracketing 817 community lists 276 delineation 816 regular expressions negation 817 wildcards 817 accounting 756 IP accounting 756-757 NetFlow switching 757-765 accuracy of summarization 63 active gateways EGP 10 Active state (BGP) 97 adding multicast addresses to CAM table 421 address family ipv4 command 617 Address Length field (CBT messages) 469 address translation table clearing entries 387 NAT 335...

Note on Load Balancing

The principal benefits of multihoming are redundancy and, to a lesser extent, increased bandwidth. Increased bandwidth does not mean that both links are used with equal efficiency. You should not expect the traffic load to be balanced 50 50 across the two links one of the ISPs will almost always be better connected than the other ISP. The ISP itself or its upstream provider might have better routers, better physical links, or more NAP connections than the other ISP, or one ISP might just be...

Accounting

Sometimes it proves useful to collect statistics on traffic flows, to account for network usage. This process may be useful for traffic engineering, as well as for billing network users based on usage. You can enable basic IP accounting on router interfaces. Packet source and destination are listed, as well as the number of bytes and packets transmitted between the two nodes. NetFlow offers a more thorough accounting functionality. In addition to source, destination, packet, and byte count,...

Address Resolution

Address resolution is performed by nodes looking for a link layer address associated with a known IP address. The address resolution process uses Neighbor Solicitation and Neighbor Advertisement. A node with packets to send to a destination IP address first checks its neighbor cache to see whether an entry already exists. If it does not, the node creates an entry for the IP address, with a state of INCOMPLETE. The node then sends a Neighbor Solicitation to the solicited-node multicast address...

Address Size

What is the appropriate size for an address that is so widely used Should the address size be fixed or variable Too small of an address limits scalability. Too large of an address creates too large of a header, making it difficult for routers (and people) to manage. Variable-length addresses increase software complexity and can slow down packet processing. One proposal for the next generation of IP (IPng) suggested using network service access point (NSAP) addresses, which could vary between 1...

Address Type Allocation

Before CIDR, the high-order bits in an IPv4 address defined its type Class A, B, C, D, or E. The type identified a fixed-length network portion and a host portion that the owner of the address was free to use as he pleased. This was the only defined structure in an IPv4 address. IPv6 addresses have more structure defined. The structure is discussed fully in the later section Address Structure. The high-order bits define IPv6 address types. The variable-length field comprising these bits is...

Addressing Semantics Removed

Addressing semantics have been removed from OSPFv2 packets and LSAs, thus creating n network-protocol-independent core within OSPFv3. This leads the way for a future multi protocol OSPF Many OSPFv2 packets and LSAs contain IPv4 addresses, representing router IDs, area IDs, or LSA link state IDs. OSPFv3 router IDs, area IDs, and LSA link state IDs are still expressed using 32 bits, so they cannot be represented by an IP address (although they can be represented by a portion of the address)....

Advanced IP Routing Issues

Introduction to IP Multicast Routing Configuring and Troubleshooting IP Multicast Routing This chapter covers the following key topics Operation of NAT This section discusses the basics of network address translation, including fundamental concepts and terminology, and typical NAT applications. NAT Issues This section examines some potential problems that you might encounter with NAT. Solutions to many of the problems, either through Cisco IOS Software functionality or through design...

Advertising Aggregate and More Specific Routes

Advertising both the aggregate and the more-specific routes makes no sense in the simple topology of Figure 3-10. But Figure 3-11 shows a scenario in which such a scheme can be desirable. Here, AS 100 is multihomed to AS 200. AS 200 needs the full routes from AS 100 to set routing policy, but it must send only the aggregate to AS 300. Although the more-specific routes of AS 100 are advertised, they are sent to AS 200 with a COMMUNITY attribute of NO_EXPORT. As Chapter 2 discusses, routes...

Aggregatable Global Address Format

The aggregatable global addresses will be used to connect to the public Internet and for any other purpose that requires global uniqueness and routability. The address structure supports today's provider-based aggregation and a new type, exchange-based aggregation. Exchange-based aggregation allocates address space to exchanges that then subdivide the space and allocate it to their customers. An exchange is another name for a NAP, as discussed in Chapter 2. It is a Layer 2 switch that...

Aggregation Using Static Routes

Example 3-47 demonstrates a configuration for Stowe using a static entry aggregate address advertised with the network command. Example 3-47 Creating an Aggregate Address Under BGP Using a Static Entry Advertised with the network Command router eigrp 100 network 192.168.199.0 router bgp 100 network 192.168.192.0 mask 255.255.248.0 neighbor 192.168.1.253 remote-as 200 ip route 192.168.192.0 255.255.248.0 Null0 The static route is pointed at the Null interface because the aggregate itself is not...

Answer to Chapter 1 Troubleshooting Exercise

1 In Figure 117 router RTG has been added to the internetwork Figure 117 The Internetwork for Troubleshooting Exercise 1 Figure 117 The Internetwork for Troubleshooting Exercise 1 Although it is peering with RTB and exchanging reachability information, there is a configuration error. Based on the information in Example 1-29, what is the error9 Example 1-29 The EGP Tables of RTB and RTG in Figure 1-17 Answer* The EGP configuration of RTG is router egp 65505 rather than router egp 65531.

Answers to Chapter 1 Review Questions

2 What is an EGP interior neighbor An EGP 3 What is the primary difference between an EGP stub gateway and an EGP < 4 Why does EGP use the concept of a core, or backbone, AS' EGP has no i 6 What is the purpose of an EGP Poll message Answers to Chapter 2 Review Questions 2 What two problems was CIDR developed to alleviate CIDR was developed to alleviate the explosion of Internet routing tables 3 What is the difference between classful and classless IP 5 Given the addresses 172 17 208 0 23 172...

Answers to Chapter 7 Review Questions

1 In the section Multicast Scoping a sample configuration is given for administrative scoping The boundary at interface E0 blocks organization local packets (destination addresses whose prefixes match 239 192 0 0 14) but passes packets with global scope Will a packet with a group address 224 0 0 50 pass this boundary Answer Packets with a destination address of 224 0 0 50 pass this boundary only if the local router originates them Although 224 0 0 50 is permitted by access list 10 it is in the...

Answers to Chapter 8 Review Questions

1 Which of the following are valid representations for the address 200A 0000 0000 0C00 0000 0000 0000 0000 with a 60 bit prefix Answer B C E A is not a complete address D is ambiguous with two sets of F doesn t expand to the correct address 2 For what is the address 0 0 0 0 0 0 0 0 used Answer This is the unspecified address It represents the absence of an address If this is the source address of a packet the interface has not yet been assigned an address It is attempting to discover whether...

Answers to Chapter 9 Configuration Exercises

1 Configure a router to accept polls from management stations 172 16 1 2 and 172 16 1 3 only Do not allow write access to the stations Allow the stations to read information about the SNMP MIB II interface entries only Allow station 172 16 1 4 to read any MIB variable and allow it to load and save configuration files via SNMP Send logging information at the Notification level via SNMP to 172 16 1 4 access list 1 permit 172 16 1 2 0 0 0 1 access list 2 permit 172 16 1 4 snmp server view...

Answers to Chapter 9 Review Questions

1 Explain the difference between SNMP polls and traps Answer A management station requesting information from a router is polling the router. A router that sends unsolicited information about an event that occurred sends a trap 2 If you specify the severity level of messages logged to be Errors what other levels of messages are logged 3 You look at a router interface and see that there are unusual traffic patterns Normally all traffic is inbound but now there is outbound traffic How can you...

Anycast Addresses

Anycast routing is a mechanism for addressing multiple interfaces, usually on different nodes, with the same IP address. Traffic destined to the address gets routed to the nearest node. The anycast functionality is discussed later, in the section The Anycast Process. Tin anycast address has the same format as a unicast address. No special FP defines an anycasi address. Anycast addresses are assigned from the unicast address space. In fact, the addresses are taken from the Interface ID field....

Appendix B A Regular Expression Tutorial 815

Delineation Matching the Start and End of Lines 816 Bracketing Matching a Set of Characters 816 Negating Matching Everything Except a Set of Characters 817 Wildcard Matching Any Single Character 817 Alternation Matching One of a Set of Characters 817 Optional Characters Matching a Character That May or May Not Be There 818 Repetition Matching a Number of Repeating Characters 818 Putting It All Together A Complex Example 819

As 509

Notice that the advertising router and the receiving router do not share a common data link, but the IBGP TCP connection is passed through an IGP-speaking router. This is discussed in more detail in the section Internal BGP for now, the important point is that the receiving router must perform a recursive route lookup (recursive lookups are discussed in Routing TCP IP, Volume I) to send a packet to the advertised destination. First, it looks up the destination 172.16.5.30 that route indicates a...

Asset

The AS_PATH attribute has been presented so far as consisting of an ordered sequence of AS numbers that describes the path to a particular destination. There are actually two types of AS_PATH AS_SEQUENCE This is the ordered list of AS numbers, as previously described. AS_SET This is an unordered list of the AS numbers along a path to a destination. These two types are distinguished in the AS_PATH attribute with a type code, as described in the section BGP Message Formats. NOTE There are, in...

Autoconfiguration

Because network manageability is so crucial to the success of any network, processes to facilitate it need to be built in to the protocol. Networks with hosts that have static configurations, manually entered, are difficult to manage when changes are necessary. Many tools ease the management burden of IPv4 networks, such as DHCP to minimize the amount of static configuration, but they are not required elements to the protocol. IPv6 nodes can automatically configure themselves, with or without...

B

Backdoor routes filtering multiple routes to the same destination 234-241 bandwidth multicast load sharing 568-575 bar (I) in regular expressions 817 best routes (BGP) selection process 114 BGP 55 See also large scale BGP MBGP administrative weight 110 aggregation based on more specific routes 202-204 case study 185-202 loss of path information 199-200 suppressing more specific routes 187-188 AS_PATH prepending 252-256 ASs physical links 79 assessing need for 75-77 assigning unique router IDs...

Basing an Aggregate on Selected More Specific Routes

In some situations, you might want to advertise an aggregate with the AS_SET but do noi want the aggregate to inherit all the attributes of all the aggregated routes. In Figure 3-14, Sugarbush receives all the routes from AS 100 and AS 500 and advertises an aggregate to Burke. Figure * 14 lor Sugarbush to Advertise the Aggregate with an AS_SET, the Aggregate Must Not Inherit the NO_EXPORT COMMUNITY Attribute from 192.168.197.0 24 Figure * 14 lor Sugarbush to Advertise the Aggregate with an...

BGP Hazards

Creating a BGP peering relationship involves an interesting combination of trust and mistrust. The BGP peer is in another AS, so you must trust the network administrator on that end to know what he or she is doing. At the same time, if you are smart, you will take every practical measure to protect yourself in the event that a mistake is made on the other end. When you're implementing a BGP peering connection, paranoia is your friend. Recall the earlier description of a route advertisement as a...

BGP Message Formats

BGP messages are carried within TCP segments using TCP port 179. The maximum message size is 4096 octets, and the minimum size is 19 octets. All BGP messages have a common header (see Figure 2-43). Depending on the message type, a data portion might or might not follow the header. Marker is a 16-octet field that is used to detect loss of synchronization between BGP peers and to authenticate messages when authentication is supported. If the message type is Open or if the Open message contains no...

BGP Message Types

Before establishing a BGP peer connection, the two neighbors must perform the standard TCP three-way handshake and open a TCP connection to port 179. TCP provides the fragmentation, retransmission, acknowledgment, and sequencing functions necessary for a reliable connection, relieving BGP of those duties. All BGP messages are unicast to the one neighbor over the TCP connection. This section describes how these messages are used for a complete description of the message formats and the variables...

Bibliography

Monitoring the Router and Network Cisco Systems - Documentation Web page June 1998 www cisco 13ed l 13ed_cr fun_c fcprt4 fcmonitr htm Accessed 24 Oct 2000 Troubleshooting the Router Cisco Systems - Documentation Web page October 2000 www cisco 13ed l 13ed_cr fun_c fcprt4 fctroubl htm Accessed 24 Oct 2000 Synchronizing Clocks with the NTP Service Cisco Systems - Documentation Web page December 1997 www cisco 11 adguide ntp htm Performing Basic System Management Cisco Systems - Documentation Web...

C

CAM (content addressable memory) table 421 423 Candidate RP Advertisement messages 516-517 Capabilities field (DVMRP Probe messages) 447 IP multicast packets 547 packets 741 carets (A) in regular expressions 817 case studies aggregate routes 185-202 applying route maps 224-226 BGP configuring 149-152 routes injecting 161-167 dynamic NAT configuring 364-368 EBGP multihop 182 184-185 IBGP over an IGP 174 176 179-182 injecting IGP routes 155-161 ISP multihoming with NAT 374-379 load balancing 381...

Case Study A Network Merger

NAT is useful for preventing possible address conflicts between internetworks. The previous two case studies demonstrate the connection of internetworks using private address space to an internetwork using public addresses. The publicly addressed internetwork might be some other enterprise, or it might be the Internet. The bottom line is that the private RFC 1918 addresses must be translated because they are not unique. Across the Internet, many enterprises use the same addresses in their...

Case Study Aggregate Routes

Autonomous system 100 in Figure 3-10 contains eight Class C network addresses, all of which can be summarized with the aggregate address 192.168.192.0 21. Stowe is learning the internal networks via EIGRP and is advertising the aggregate to Sugarbush via EBGP. There are two ways to create an aggregate address under BGP. The first is to create a static entry in the routing table for the aggregate address and then advertise it with the network command. The second way is to use the...

Case Study BGP Peer Groups

The preceding case study presented a BGP topology in Figure 3-24 in which an autonomous system is multihomed to several other autonomous systems. Suppose, however, that the router Colorado has 150 EBGP peers rather than five. In addition to the standard configuration, each neighbor connection has an outgoing and an incoming route filter. So for each neighbor, there are five BGP configuration statements A neighbor remote-as statement A neighbor ebgp-multihop statement, because the connections...

Case Study Configuring AutoRP

In a stable PIM domain, static configuration of the RP is straightforward. As new routers are added, they are configured with the location of the RP or RPs. Static RP configuration becomes a problem under two circumstances The address of the RP must be changed, either on the existing RP or because a new RP is being installed. The network administrator must change the static configurations on all PIM routers, which in a large domain can involve significant downtime. The RP fails. A statically...

Case Study Converging at the Speed of Syrup

A distinct characteristic of EGP is that nothing happens quickly. The neighbor acquisition process is slow, and the advertisement of network changes is almost glacial. As a result, you might sometimes mistakenly assume that there is a problem where none exists (except for the problematic nature of EGP itself). For example, suppose users in AS 65503 of Figure 1-13 complain that they cannot reach network 172.17.0.0 in AS 65502. When you examine Groucho's routing table, there is a route to...

Case Study Default Router Failure and Communication Recovery

A host transfers a file from a remote server using FTP. The host sends the traffic to its on-link default router. The host continues to receive ACKs for data sent, so the host knows that its default router must be reachable. In mid-session, the router fails. The host stops receiving ACKs. The host can no longer verify forward-direction communication through hints from the TCP layer, so it changes the router's state to STALE. It still attempts to send packets, so the state changes to DELAY....

Case Study Default Routes

EGP can be configured to advertise a default route in addition to more specific routes. If an AS has only a single exterior gateway, a default route is usually more efficient than a full list of exterior routes. Memory and processing cycles are conserved on the router, and bandwidth is saved on the link. To advertise a default route into AS 65502, as illustrated previously in Figure 1-13, you configure Stan as demonstrated in Example 1-20. Example 1-20 Advertising a Default Route router egp 0...

Case Study Renumbering a Network

A prefix is advertised with a lifetime of two months. On August 1, it is determined that the prefix must be changed and not used by September 1. The prefix advertisement can be changed so that its lifetime is two weeks, and then made smaller as the date approaches September 1, until the prefix is eventually advertised with a lifetime of zero, thereby invalidating the address. Consider, however, that a host is disconnected from the network on July 31. If it is plugged in again after September 1,...

Case Study Static NAT

In Figure 4-15, the inside network is addressed out of the 10.0.0.0 address space. Two of the devices, hosts A and C, must be able to communicate with the outside world. Those two devices are translated to the public addresses 204.15.87.1 24 and 204.15.87.2 24. Example 4-4 shows the configuration to implement NAT at Mazatlan. figure 4-15 The Inside Local Addresses of Devices A and C Are Statically Translated to Inside Global Addresses by the NAT Process in Router Mazatlan 10.1.2.2 24 Translated...

Case Study Statically Configuring the RP

Figure 6-3 is the same internetwork you have been observing in this chapter, but now the routers are configured to run PIM-SM. Stetson has been chosen as the RP, and all routers are statically configured with that information. The illustration shows that Stetson's RP address is 10.224.1.1. This address can exist on any interface, as long as it is advertised by the unicast routing protocol so that the other routers know how to reach it. In practice, you should use the loopback interface. A minor...

Case Study TCP Load Balancing

Figure 4-26 shows a topology similar to the one in the PAT case study. Here the three inside devices are not hosts, however, but are identical servers with mirrored content. The intent is to create a virtual server with an address of 199.198.5.1 that is, from the outside there appears to be a single server at that IG address. In reality, the router Barbados is configured to perform round-robin translations to the three IL addresses. Figure 4-26 The Three Inside Devices Are Identical Servers...

CBT Designated Routers

CBT uses HELLO messages to elect a designated router on multiaccess networks The rationale for using a CBT DR is the same as that for DVMRP-designated forwarders and MOSPF DRs Because CBT does not use an RPF check when forwarding packets, a DR is especially important for preventing loops when there are multiple upstream paths to the core, as in Figure 5-39 Each CBT interface is configured with a preference value between 0 and 255, and this value is carried in the HELLO message A value between 1...

Cbt Flushtree Message Format

The FLUSH_TREE message, the format of which is illustrated by Figure 5-49, is sent downstream to child routers when a CBT router loses connection with a parent router Child routers receiving a FLUSH_TREE clear the forwarding information for all groups listed in the message Figure 5-49 The CBT FLUSH_TREE Message Format Group Address is one or more fields listing the multicast group addresses to which the originating parent router has lost contact and for which the receiving child router should...

Cbt Hello Message Format

HELLOs, the format of which is illustrated in Figure 5-43, are used to elect designated routers on multiaccess networks They also are sent by a DR every 60 seconds as a keepalive Figure 5-43 The CBT HELLO Message Format The fields for the CBT HELLO message are defined as follows Preference is a value between 0 and 255 Values from 1 to 254 indicate the degree of eligibility of the originating router to become the DR The lower the preference value, the higher the eligibility An advertised value...

Cbt Joiislack Message Format

Core routers or on-tree routers in response to JOIN_REQUEST messages send JOIN_ACK messages, the format of which is illustrated by Figure 5-45 They are sent to the originator of the JOIN_REQUEST to indicate a successful join to the group tree Figure 5-45 The CBT JOIN_ACK Message Format The fields for the CBT JOIN_ACK message are defined as follows Group Address is the multicast address of the group being joined Target Router is the address of the router to which the JOIN_ACK is being sent This...

Cbt Quitnotification Message Format

QUIT_NOTIFICATION messages, the format of which is illustrated by Figure 5-46, are sent to parent (directly upstream) routers to request a prune from a particular group tree A router originates a QUIT_NOTIFICATION when it no longer has any downstream interfaces for a particular group, either as the result of received IGMP Leave Group messages, Query timeouts, or QUIT_NOTIFICATION messages received from its own child (directly downstream) routers Figure 5-46 The CBT QUIT_NOTIFICATION Message...

CGMP Packet Format

The source MAC address of frames carrying CGMP packets is the MAC address of the originating router, and the destination MAC address is the reserved multicast address 0100 Ocdd dddd Only routers originate CGMP packets Within the frame, the packet is encapsulated in a SNAP header The OUI field of the SNAP header is 0x00000c, and the type field is 0x2001 Figure 5-17 shows the format of the CGMP packet The fields of the CGMP packet are defined as follows Version is always set to 0x1 to signify...

Change Management

A network without change management policies is likely to be a network m chaos. Change management policies state when changes can be made, who can make them, how to document and publish upcoming changes, and how and where to document completed changes. The change management policy specifies the procedure to use when any network or system change is going to take place. This includes router configuration changes, new design implementations, IOS upgrades, or even the implementation of new network...

Changing the Attributes of the Aggregate

Yet another option that you can use with the aggregate-address command is the attribnu map option. This option enables you to change the attributes of the aggregate route. Nof u in Example 3-57, for instance, that all the more-specific routes have an ORIGIN attribui of Incomplete, because the routes are redistributed into BGP from EIGRP. The aggregair have an origin of IGP, however, because they originated within the BGP processes of Sum. and Mammoth. Suppose the administrator wants AS 200 to...

IP Version 6 643

Design Goals of IPv6 643 Improve Scalability 644 Ease of Configuration 645 Security 645 IPv6 Specification (RFCs) 646 Vendor Support 647 Implementations 647 IPv6 Packet Format 649 The IPv6 Address 649 Address Structure 654 IPv6 Header 667 Enabling IPv6 Capability on a Cisco Router 673 The Anycast Process 708 Multicast 708 Quality of Service 714 Transition from IPv4 to IPv6 715 Dual Stacks 715 DNS 716 Network Address Translation - Protocol Translation 720 End Notes 720 Looking Ahead 721...

Chapter Bibliography

Kent, IP Authentication Header, RFC 2402, November 1998. Atkinson, R., and S. Kent, IP Encapsulating Security Payload (ESP), RFC 2403, November 1998. Atkinson, R., and S. Kent, Security Architecture for the Internet Protocol, RFC 2401, November 1998. Bates, T., R. Chandra, D. Katz, and Y. Rekhter, Multiprotocol Extensions for BGP-4 RFC 2283, February 1998. Coltun, R., D. Ferguson, and J. Moy, OSPF for IPv6, RFC 2740, December 1999 Conta, A., and S. Deenng, Generic Packet...

CIDR Reducing Class B Address Space Depletion

The depletion of Class B addresses was due to an inherent flaw in the design of the IP address classes. A Class C address provides 254 host addresses, whereas a Class B address provides 65,534 host addresses. That's a wide gap. Before CIDR, if your company needed 500 host addresses, a Class C address would not have served your needs. You probably would have requested a Class B address, even though you would be wasting 65,000 host addresses. With CIDR, your needs can be met with a 23 block. The...

Cilea

Mi m are given m QbtJ, stAftTi 01 mb 99 ' OB i Oil-fitffc 3i 23s 00 TITLE LIVE Webcast From MacWorld expo XW York 99' START 19 Jul 99 12 OB END 2* Jul 99 12 00 iiOJJEs fir s*nt 4 By Mac 30 pot Com Contact . cam 45th iBXf Unter& et Engineering Task Force Meeting) Q l , Norway URL http www.ietf.org meetxngs Contact _ There are also tools that utilize such protocols as Session Description Protocol (SDP) and Session Advertisement Protocol (SAP) to describe multicast events and advertise those...

Cisco Group Membership Protocol CGMP

I Building C, 2nd floor 48 ports I Building C, 2nd floor 48 ports Just as broadcast frames are forwarded to every port within a broadcast domain, so too are frames carrying IP multicast packets After all, a broadcast domain is nothing more than a multicast group to which all hosts belong Figure 5-14 illustrates the problem Three group members are attached to a 24-port switch An IGMP Membership Report is sent to the router, and the router begins forwarding the appropriate multicast session onto...

Cisco Press Fundamentals

IP Routing Primer Robert Wright CCIE 1-57870 108 2 AVAILABLE NOW Learn how IP routing behaves m a Cisco router environment In addition to teaching the core fundamentals this b ok enhances your ability to troubleshoot IP routing problems yourself, often eliminating the need to call for additional technical support The information is presented in an approachable, workbook type format with dozens of detailed illustrations and real life scenarios integrated throughout Allan Leinwand Bruce Pinsky,...

Cisco Press Solutions

Residential Broadband, Second Edition This book will answer basic questions of residential broadband networks such as Why do we need high speed networks at home How will high speed residential services be delivered to the home How do regulatory or commercial factors affect this technology Explore such networking topics as xDSL, cable and wireless

Classless Interdomain Routing

The invention of autonomous systems and exterior routing protocols solved the early scalability problems on the Internet in the 1980s. However, by the early 1990s the Internet was beginning to present a different set of scalability problems, including the following Explosion of the Internet routing tables. The exponentially growing routing tables were becoming increasingly unmanageable both by the routers of the time and the people who managed them. The mere size of the tables was burden enough...

Classless Routing

Classless routing features two aspects Classlessness can be a characteristic of a routing protocol. Classlessness can be a characteristic of a router. Classless routing protocols carry, as part of the routing information, a description of the network portion of each advertised address. The network portion of a network address is commonly referred to as the address prefix. An address prefix can be described by including an address mask, a length field that indicates how many bits of the address...

Command Summary

Table 3-3 provides a list and description of the commands discussed in this chapter. Table 3-3 provides a list and description of the commands discussed in this chapter. aggregate-address address mask as-set Creates an aggregate entry in the BGP routing Enables the automatic summarization of subnets to their major network addresses. Allows the comparison of MED attributes of routes to the same destination but advertised by peers in different autonomous systems. Tells the BGP process to ignore...

Confederations

Confederations are another way to control large numbers of IBGP peers. A confederation is an AS that has been subdivided into a group of subautonomous systems, known as member autonomous systems (see Figure 2-42). The BGP speakers within the confederation speak IBGP to peers in the same member AS and EBGP to peers in other member autonomous systems. The confederation is assigned a confederation ID, which is represented to peers outside of the confederation as the AS number of the entire...

Configuration Exercises

Refer to Figure 4-28 for Configuration Exercises 1-5. Figure 4-28 The Internetwork for Configuration Exercises 1-5 ISP1 in Figure 4-28 has assigned the address block 201.50.13.0 24 to AS 3. ISP2 has assigned the address block 200.100.30.0 24 to AS 3. RTR1 and RTR2 are accepting full BGP routes from the ISP routers but do not transmit any routes to the ISPs. They run IBGP between them and OSPF on all Ethernet interfaces. No routes are redistributed between BGP and OSPF. The addresses of the...

Configured Tunnels

A tunnel is created between Cisco routers by creating tunnel interfaces in the routers that border the IPv6 and IPv4 networks The tunnel s endpoints are defined in both routers An IPv6 subnet is created for the tunnel and both routers are assigned IPv6 addresses If an IPv6 dynamic routing protocol is in use such as RIPng or BGP the protocol is enabled on the tunnel interface Figure 8 26 shows two IPv6 networks connected to an IPv4 network A tunnel is configured between the IPv6 networks to...

Configuring and Troubleshooting Border Gateway Protocol

Many newcomers to BGP approach the protocol with trepidation. The source of this sentiment is the fact that BGP implementations are much more rare than IGP implementations. Outside of ISPs, most network administrators deal with BGP far less than with IGPs, if at all. Even when BGP is used, the configurations in small ISPs and non-ISP subscribers are usually pretty basic. Because most networking professionals lack in-depth experience with the protocol, it is often viewed as mysterious or...

Configuring Protocol Independent Multicast Sparse Mode PIMSM

It is probably obvious to you, after seeing the configuration statement for enabling PIM-DM on an interface, how PIM-SM is enabled. It is accomplished, quite simply, by using the ip pim sparse-mode command. This much of the configuration of PIM-SM is uninteresting and requires no standalone examples. The unique requirement of PIM-SM, and the more interesting aspect of its configuration, is the identification of the rendezvous points (RPs). You learned in Chapter 5 that RPs can be statically...

Connect State

In this state, the BGP process is waiting for the TCP connection to be completed. If the TCP connection is successful, the BGP process clears the ConnectRetry timer, completes initialization, sends an Open message to the neighbor, and transitions to the OpenSent state. If the TCP connection is unsuccessful, the BGP process continues to listen for a connection to be initiated by the neighbor, resets the ConnectRetry timer, and transitions to the Active state. If the ConnectRetry timer expires...

Controlling Interactive Access

You should control interactive access to the router. You can limit access to specified network numbers by using the following command access-class access-list_1 199_or_1300-2699 in out The access-list argument specifies the source network number allowed to connect to the line (with the keyword in), or the network number to which a connection is permitted (with the keyword out). Ensure that there are no access holes by permitting only the remote access protocol desired, such as the following...

Current State of IPv6

For most organizations, IPv6 has not been much more than a new set of letters and numbers to toss around when talking about networking. Now, however, more of the specifications are becoming finalized, many are IETF draft standards, and many more are proposed draft standards. IANA allocated address space to the regional Internet registries (RIR), and the RIRs have begun allocating address space to Internet providers. Network and end-station equipment vendors have begun releasing software that...

Default Router Selection

A host chooses one router (out of possibly ri ny) from its default router list when the destination is off-link and there is no existing cached entry for the destination or when an existing default router appears to be failing. Normally, a default router is chosen the first time traffic to a particular destination requires it. The information is cached and used for subsequent traffic. The default router selection process uses the default router list and the neighbor cache. Any router that is...

Delineation Matching the Start and End of Lines

Consider the following AS_PATH filter AS_PATHs are (850) (23 5 850 155) and (3568 310) A match is found whether the string is alone in the attribute one of several AS numbers in the attribute or even a part Suppose, however that you want to match only an AS_PATH that contains the single AS number 850 For this you must be able to delineate the beginning and end of a line A caret (*) matches the beginning of a line and a dollar sign ( ) matches the end of a line So ip as path access list 20...

Designing Network Security

Designing Network Security is a practical guide designed to help you understand the fundamentals of securing your corporate infrastructure. This book takes a comprehensive look at underlying security technologies, the process of creating a security policy, and the practical requirements necessary to implement a corporate security policy. EIGRP Network Design Solutions Ivan Pepelnjak, CCIE 1 -57870-165-1 AVAILABLE NOW EIGRP Network Design Solutions uses case studies and real-world configuration...

Designing Servers to Support Management Processes

Servers supporting management processes should be robust and secure. They have been put in place to collect and process data that is required to maintain the integrity of the network. You should place the servers in physically secure locations where they can run without being interrupted. The operating systems must be secured, and remote access to the servers should be extremely limited. Remember that the management stations have access to all the routers in the network, so the management...

Dns

One of the core functions of any TCP IP internetwork, and especially of the Internet, is the Domain Name System (DNS). If systems cannot get DNS queries and responses across a NAT, DNS can become complicated. Figure 4-11 shows ways you can implement DNS servers around a NAT that cannot translate DNS packets. The NAT in Figure 4-11 translates in both directions outside hosts are made to appear to the inside as if they are on the 10.0.0.0 network, and inside hosts are made to appear to the...

DVMRP Ask Neighbors 2 Message Format

The DVMRP Ask Neighbors 2 message is one of two messages (along with the Neighbors 2 message, discussed in the following section) that are used for troubleshooting The 2 distinguishes the message from the obsolete Ask Neighbors message The Ask Neighbors 2 message, shown in Figure 5-31, is unicast to a specified destination When a router receives an Ask Neighbors 2 message, it should respond by unicasting a Neighbors 2 message to the originator As the figure shows, the message is merely the...

DVMRP Graft Message Format

Figure 5-29 shows the format of the Graft message Figure 5-29 The DVMRP Graft Message Format The fields for the DVMRP Graft message are defined as follows Source Host Address is the IP address of the originating host Group Address is the IP address of the group to be grafted Source Network Mask is the netmask of the source network of the group to be grafted This field is optional, and it is included only if the upstream neighbor has indicated in its Probe messages that it understands netmasks

DVMRP Packet Forwarding

When a router first receives a multicast packet from a particular source, an RPF check is performed, using the routing table, to verify that the packet arrived on the upstream interface for the packet's source If the packet arrived on any other interface, it is dropped If the packet did arrive on the upstream interface, the (S, G) pair is recorded in a forwarding table, and a copy of the packet is forwarded to all downstream dependent neighbors The router also uses IGMP to query for group...

DVMRP Probe Message Format

DVMRP Probe messages serve four functions They allow routers to locate each other by listing all DVMRP-speaking routers detected by the originating router on the originating interface They provide a means for DVMRP routers to communicate their capabilities to each other They enable the selection of a designated forwarder when there are multiple paths to a downstream group member They provide a keepalive function by being transmitted every 10 seconds If a probe is not heard from a neighbor...

DVMRP Route Report Message Format

Route Report messages, depicted in Figure 5-27, are sent every 60 seconds The Route Report consists of a list of one or more netmasks, & nd for each netmask, a list of one or more source network addresses and associated metrics corresponding to the netmask Although the lengths of the source networks in Figure 5-27 are all 3 octets, in reality the lengths may vary, as described in this section Figure 5-27 DVMRP Route Report Message Format The fields for the DVMRP Route Report Message are...

Ease of Configuration

IPv6 introduces mechanisms to ease host-to-router communication management and host configuration. These mechanisms are essential to the success of IPv6. As more and more people, schools, and businesses want to connect to the Internet or build their own internetworks, the tasks involved in enabling them must be simplified. Not everyone wants to become a CCIE just so he or she can figure out how to run a network. They just want the networks to work. IPv6 has automatic configuration mechanisms...

EGP Functions

EGP consists of the following three mechanisms Neighbor Acquisition Protocol Neighbor Reachability Protocol Network Reachability Protocol These three mechanisms use ten message types to establish a neighbor relationship, maintain the neighbor relationship, exchange network reachability information with the neighbor, and notify the neighbor of procedural or formatting errors. Table 1-1 lists all of the EGP message types and the mechanism that uses each message type. The following sections...

EGP Topology Issues

EGP messages are exchanged between EGP neighbors, or peers. If the neighbors are in the same AS, they are interior neighbors. If they are in different autonomous systems, they are exterior neighbors. EGP has no function that automatically discovers its neighbors the addresses of the neighbors are manually configured, and the messages they exchange are unicast to the configured addresses. RFC 888 suggests that the time-to-live (TTL) of EGP messages be set to a low number, because an EGP message...

Enabling IPv6 Capability on a Cisco Router

IPv6 (disabled by default) is enabled on the Cisco router by issuing the following global command ipv6 unicast-routing table-count num Cisco's support enables multiple routing tables. One routing table is enabled by default. Multiple tables enable the network administrator to have more control over routing entry lookups. Longest match routing is no longer the only rule. If multiple tables are enabled, the forwarding algorithm searches the routing tables in increasing order until a usable route...

Encapsulating Security Payload

Integrity and confidentiality are provided b the Encapsulating Security Payload (ESP). You can use the Authentication header in conjunction with ESP to provide authentication. ESP encrypts the data to be protected and places the encrypted data into the Data portion of the ESP header. There are two encryption modes Tunnel mode and Transport mode. In Tunnel mode, the ESP header encrypts the entire IPv6 packet, which it places in its encrypted field. The ESP header then gets placed in a new,...

End Notes

Deering, RFC 988 Host Extensions for IP Multicasting, RFC 988, July 1986. This RFC has since been obsoleted the most recent version is RFC 1112. 2Tomas Pusateri, RFC 1469 IP Multicast over Token-Ring Local Area Networks, (Work in Progress). This document actually recommends three methods of supporting IP multicast, but the third is not used. 3Steve Deering, RFC 1112 Host Extensions for IP Multicasting, August 1989. A now-obsolete IGMPvO is described in RFC 988. 4William C. Fenner,...

Extended Options Field Format

The Options field, shown in Figure 5-38, is a part of all OSPF Hello and Database Description packets and a part of the header of all LS As The other flags of this field are described in Chapter 9 of Volume , but the pertinent flag for this chapter is the MC bit When set, this bit indicates that the originating router is multicast-capable Figure 5-38 The Options Field Format The MC bit in Hello packets does little more than signal multicast capability Two routers will still become adjacent,...

Extended Router LSA Format

Figure 5-37 shows the format of a Router (type 1) LSA that has been extended to support MOSPF The format is identical to the format shown in Figure 9 55 of Volume , with the exception of the addition of the W bit in the rtype field The W bit is set by inter-area and inter-AS multicast forwarders to indicate to other MOSPF routers in an area that they are wildcard multicast forwarders Figure 5-37 The Router LSA Format, with the W Bit Added to the rtype Field for MOSPF Support

Extension Header Order

A node determines whether it must examine and process an extension header by looking at information that is contained in the preceding header. Therefore, extension headers must be processed in the order that they appear in the packet. If they all exist in a packet, they should be in the order shown in Table 8-8. The table shows the next-header value that identifies this header. The headers should be in the order shown in Table 8-8, but they might not be, except for the hop-by-hop header, which...

Exterior Gateway Protocols

Chapter 2 Introduction to Border Gateway Protocol 4 Chapter 3 Configuring and Troubleshooting Border Gateway Protocol 4 This chapter covers the following key topics The Origins of EGP This section discusses the history of the development of the Exterior Gateway Protocol, presented in RFC 827 (1982). Operation of EGP This section explores the fundamental mechanics of EGP with a focus on EGP topology issues, EGP functions, and EGP message formats. Shortcomings of EGP This section explores some of...

F

Fast switching multicast packets disabling 533 fault management 766-768 fault tolerance HSRP configuring 785-789 MHSRP configuring 789-790 robustness 782 feasible routes (BGP) Adj RIBs In 113 preference level 114 fields Candidate RP Advertisement messages 517 Assert messages 516 Bootstrap messages 513-515 Update messages BGP 133-135 EGP 24 filtering See also route filtering MEDs between confederations 295-298 SA messages 623 finding routes with specified community attributes 280-282 flapping...

Fault Management

A dependable network requires that a fault management system be in place Potential and existing problems need to be detected as soon as possible so that you can take immediate action to resolve the issues A fault management system detects problems with devices and links hopefully before end users notice the outage An SNMP configured router sends traps to the management station wh n it detects a failure Because SNMP uses UDP to send traps however there is no guarantee that the message describing...

Finding the Core

The obvious prerequisite for CBT routers to build trees to the core is for the routers to know what router is the core One way to meet this requirement is for all routers to be precon-figured with the address of the core router for each group This approach may be fine for small multicast internetworks, and it offers good network control, but the administrative requirements certainly do not scale to larger internetworks Another way is to use the bootstrap mechanism Using this method, a set of...

Finding the Rendezvous Point

As you have already learned, a shared tree is rooted at a router somewhere in the multicast internetwork rather than at the source CBT calls this router the core, and PIM-SM calls it the rendezvous point (RP) Before a shared tree can be established, the joining routers must know how to find the RP The router can learn the address of the RP in three ways The RP address can be statically configured on all routers An open-standard bootstrap protocol can be used to designate and advertise the RP...

Format

Figure 8-3 displays the aggregatable global unicast address format. Figure 8-3 The Format of Aggregatable Global Unicast Addresses Public toplogy - Si e -> < -Interface identifier- The fields that make up the public level are the FP, TLA, RES, and NLA. SLA is the site level, and interface ID is the interface level. The network portion of the address makes up the first 64 bits. The node portion is the last 64 bits. The fields of the address are defined as follows FP is the format prefix...

Fragmentation

Recall from the section NAT and Virtual Servers that you can use NAT to translate to different local addresses based on the destination port. A packet with a destination port ol 25 can be translated to a particular IL address, for example, whereas a packet with some other destination port numbers can be translated to other addresses. However, what if the packet destined for port 25 becomes fragmented at some point in the network before it reaches the NAT The TCP or UDP header, containing the...

Ftp

The File Transfer Protocol (FTP) is something of an unusual application protocol in that it uses two connections (see Figure 4-13). The control connection is initiated by the host and is used to exchange FTP commands with the server. The data connection is initiated by the server and is used for the actual file transfer. Figure 4-13 An FTP Session Consists of Two Separate TCP Connections the Host Initiates the Control Connection, and the Server Initiates the Data Connection Figure 4-13 An FTP...

Ftwi jmssing More Specific Routes

In a simple topology such as the one in Figure 3-10, this first method normally suffices. As the topology and the routing policies grow more complex, however, the options available with the aggregate-address command make that method more useful. The remainder of this case study examines the aggregate-address command and its options. For the aggregate specified by the aggregate-address command to be advertised, at least one of the more-specific addresses belonging to the aggregate must be...

G

GARP Multicast Registration Protocol GDA (Group Destination Address) 422-426 General Queries differences in versions 416 General Query messages Max Response Time 413 Generation ID field (DVMRP Probe messages) 447 DVMRP format 450 PIM SM 481 PIMv2 516 Graft Retransmission timer (DVMRP) 445 Graft Ack messages PIMv2 516 GRE (generic route encapsulation) between PIM routers 597 on tunnel interfaces 572-576 Group Address field CBT JOIN.REQUEST messages 470 IGMP messages 418 group membership (IP...

Group Maintenance

The message that a host sends to a router to indicate that it wants to join a group is known as a report A host can use several possible destination addresses when sending a report The report can be unicast to the router that sent the query The problem here is that there may be more than one router attached to the subnet that is tracking the group All concerned routers must hear the report The report can be sent to the all routers on this subnet address of 224 0 0 2 However, you will see...

Group Membership LSA Format

The Group Membership LSA carries the standard LSA header and has a type number of 6 Figure 5-36 shows the format for the Group Membership LSA Only MOSPF-designated routers originate Group Membership LSAs Notice in the format that no metric is associated with this LSA Figure 5-36 The MOSPF Group Membership LSA Format The fields for the Group Membership LSA are defined as follows Link State ID carries the address of the multicast group being advertised Advertising Router is always the router ID...

H

Flapping routes 116 route penalties 261 hash function 491 Hash Mask Length field (PIMv2 Bootstrap DVMRP messages 445-446 PIMv2 messages 508-509 IPv6 667 extension headers 669-672 format 667 IPv6 packets 649 Hello interval EGP messages 9 CBT, format, 469-470 PIMv2, 509 hierarchical routing, 64 hierarchical structure of aggregatable addresses, 654 hold time interval, BGP configuration, 208 holdtime, mapping agents, 555 Holdtime field (Candidate-RP-Advertisement messages), 517 hop count, DVMRP,...

Host Functions

Routing Process

Host functions are similar to the host functions of IGMPv2, discussed in Chapter 5, Introduction to IP Multicast Routing. Two types of Report messages are defined When a host first begins listening to a particular multicast address on a link, it should immediately transmit a Report to inform the router that there is a listener on the link. It sends the Report to the address of the multicast group and also includes the address in the MLD Multicast Address field within the Report packet. The...

Hsrp

172.16.1.100 HSRP grp 1 172.16.1.201 HSRP grp 1 priority 120 Router Monet is configured with an interface IP address 172.16.1.100 and an HSRP group 1 IP address 172.16.1.201. Router Monet advertises an HSRP priority, for HSRP group 1, as 120. This is higher than the default priority of Picasso. Monet, therefore, is the active router for group 1. When Wks 1 wants to send a packet toward its default gateway, it ARPs for the HSRP group 1 address. Monet responds with the HSRP group 1 MAC address....