A

Filtering by AS_PATH 219-224 filtering by NLRI 211-218 filtering with route maps 224-226 bracketing 817 community lists 276 delineation 816 regular expressions negation 817 wildcards 817 accounting 756 IP accounting 756-757 NetFlow switching 757-765 accuracy of summarization 63 active gateways EGP 10 Active state (BGP) 97 adding multicast addresses to CAM table 421 address family ipv4 command 617 Address Length field (CBT messages) 469 address translation table clearing entries 387 NAT 335...

Address Size

What is the appropriate size for an address that is so widely used Should the address size be fixed or variable Too small of an address limits scalability. Too large of an address creates too large of a header, making it difficult for routers (and people) to manage. Variable-length addresses increase software complexity and can slow down packet processing. One proposal for the next generation of IP (IPng) suggested using network service access point (NSAP) addresses, which could vary between 1...

Address Type Allocation

Before CIDR, the high-order bits in an IPv4 address defined its type Class A, B, C, D, or E. The type identified a fixed-length network portion and a host portion that the owner of the address was free to use as he pleased. This was the only defined structure in an IPv4 address. IPv6 addresses have more structure defined. The structure is discussed fully in the later section Address Structure. The high-order bits define IPv6 address types. The variable-length field comprising these bits is...

Administrative Scoping

Administrative scoping, described in RFC 2365,7 takes a different approach to bounding multicast traffic Rather than filter on TTL values, a range of Class D addresses is reserved for scoping Filtering on these group addresses can then set boundaries The reserved range of multicast addresses is 239 0 0 0-239 255 255 255 The administratively scoped address space can be further subdivided in a hierarchical manner For example, RFC 2365 suggests using the range 239 255 0 0 16 for local or site...

Advanced IP Routing Issues

Introduction to IP Multicast Routing Configuring and Troubleshooting IP Multicast Routing This chapter covers the following key topics Operation of NAT This section discusses the basics of network address translation, including fundamental concepts and terminology, and typical NAT applications. NAT Issues This section examines some potential problems that you might encounter with NAT. Solutions to many of the problems, either through Cisco IOS Software functionality or through design...

Advertising Aggregate and More Specific Routes

Advertising both the aggregate and the more-specific routes makes no sense in the simple topology of Figure 3-10. But Figure 3-11 shows a scenario in which such a scheme can be desirable. Here, AS 100 is multihomed to AS 200. AS 200 needs the full routes from AS 100 to set routing policy, but it must send only the aggregate to AS 300. Although the more-specific routes of AS 100 are advertised, they are sent to AS 200 with a COMMUNITY attribute of NO_EXPORT. As Chapter 2 discusses, routes...

Aggregation Using Static Routes

Example 3-47 demonstrates a configuration for Stowe using a static entry aggregate address advertised with the network command. Example 3-47 Creating an Aggregate Address Under BGP Using a Static Entry Advertised with the network Command router eigrp 100 network 192.168.199.0 router bgp 100 network 192.168.192.0 mask 255.255.248.0 neighbor 192.168.1.253 remote-as 200 ip route 192.168.192.0 255.255.248.0 Null0 The static route is pointed at the Null interface because the aggregate itself is not...

Answer to Chapter 1 Troubleshooting Exercise

1 In Figure 117 router RTG has been added to the internetwork Figure 117 The Internetwork for Troubleshooting Exercise 1 Figure 117 The Internetwork for Troubleshooting Exercise 1 Although it is peering with RTB and exchanging reachability information, there is a configuration error. Based on the information in Example 1-29, what is the error9 Example 1-29 The EGP Tables of RTB and RTG in Figure 1-17 Answer* The EGP configuration of RTG is router egp 65505 rather than router egp 65531.

Answers to Chapter 1 Review Questions

2 What is an EGP interior neighbor An EGP 3 What is the primary difference between an EGP stub gateway and an EGP < 4 Why does EGP use the concept of a core, or backbone, AS' EGP has no i 6 What is the purpose of an EGP Poll message Answers to Chapter 2 Review Questions 2 What two problems was CIDR developed to alleviate CIDR was developed to alleviate the explosion of Internet routing tables 3 What is the difference between classful and classless IP 5 Given the addresses 172 17 208 0 23 172...

Answers to Chapter 7 Review Questions

1 In the section Multicast Scoping a sample configuration is given for administrative scoping The boundary at interface E0 blocks organization local packets (destination addresses whose prefixes match 239 192 0 0 14) but passes packets with global scope Will a packet with a group address 224 0 0 50 pass this boundary Answer Packets with a destination address of 224 0 0 50 pass this boundary only if the local router originates them Although 224 0 0 50 is permitted by access list 10 it is in the...

Answers to Chapter 8 Review Questions

1 Which of the following are valid representations for the address 200A 0000 0000 0C00 0000 0000 0000 0000 with a 60 bit prefix Answer B C E A is not a complete address D is ambiguous with two sets of F doesn t expand to the correct address 2 For what is the address 0 0 0 0 0 0 0 0 used Answer This is the unspecified address It represents the absence of an address If this is the source address of a packet the interface has not yet been assigned an address It is attempting to discover whether...

Answers to Chapter 9 Configuration Exercises

1 Configure a router to accept polls from management stations 172 16 1 2 and 172 16 1 3 only Do not allow write access to the stations Allow the stations to read information about the SNMP MIB II interface entries only Allow station 172 16 1 4 to read any MIB variable and allow it to load and save configuration files via SNMP Send logging information at the Notification level via SNMP to 172 16 1 4 access list 1 permit 172 16 1 2 0 0 0 1 access list 2 permit 172 16 1 4 snmp server view...

Appendix B A Regular Expression Tutorial 815

Delineation Matching the Start and End of Lines 816 Bracketing Matching a Set of Characters 816 Negating Matching Everything Except a Set of Characters 817 Wildcard Matching Any Single Character 817 Alternation Matching One of a Set of Characters 817 Optional Characters Matching a Character That May or May Not Be There 818 Repetition Matching a Number of Repeating Characters 818 Putting It All Together A Complex Example 819

As 509

Notice that the advertising router and the receiving router do not share a common data link, but the IBGP TCP connection is passed through an IGP-speaking router. This is discussed in more detail in the section Internal BGP for now, the important point is that the receiving router must perform a recursive route lookup (recursive lookups are discussed in Routing TCP IP, Volume I) to send a packet to the advertised destination. First, it looks up the destination 172.16.5.30 that route indicates a...

B

Backdoor routes filtering multiple routes to the same destination 234-241 bandwidth multicast load sharing 568-575 bar (I) in regular expressions 817 best routes (BGP) selection process 114 BGP 55 See also large scale BGP MBGP administrative weight 110 aggregation based on more specific routes 202-204 case study 185-202 loss of path information 199-200 suppressing more specific routes 187-188 AS_PATH prepending 252-256 ASs physical links 79 assessing need for 75-77 assigning unique router IDs...

Basing an Aggregate on Selected More Specific Routes

In some situations, you might want to advertise an aggregate with the AS_SET but do noi want the aggregate to inherit all the attributes of all the aggregated routes. In Figure 3-14, Sugarbush receives all the routes from AS 100 and AS 500 and advertises an aggregate to Burke. Figure * 14 lor Sugarbush to Advertise the Aggregate with an AS_SET, the Aggregate Must Not Inherit the NO_EXPORT COMMUNITY Attribute from 192.168.197.0 24 Figure * 14 lor Sugarbush to Advertise the Aggregate with an...

BGP Hazards

Creating a BGP peering relationship involves an interesting combination of trust and mistrust. The BGP peer is in another AS, so you must trust the network administrator on that end to know what he or she is doing. At the same time, if you are smart, you will take every practical measure to protect yourself in the event that a mistake is made on the other end. When you're implementing a BGP peering connection, paranoia is your friend. Recall the earlier description of a route advertisement as a...

Bibliography

Monitoring the Router and Network Cisco Systems - Documentation Web page June 1998 www cisco 13ed l 13ed_cr fun_c fcprt4 fcmonitr htm Accessed 24 Oct 2000 Troubleshooting the Router Cisco Systems - Documentation Web page October 2000 www cisco 13ed l 13ed_cr fun_c fcprt4 fctroubl htm Accessed 24 Oct 2000 Synchronizing Clocks with the NTP Service Cisco Systems - Documentation Web page December 1997 www cisco 11 adguide ntp htm Performing Basic System Management Cisco Systems - Documentation Web...

C

CAM (content addressable memory) table 421 423 Candidate RP Advertisement messages 516-517 Capabilities field (DVMRP Probe messages) 447 IP multicast packets 547 packets 741 carets (A) in regular expressions 817 case studies aggregate routes 185-202 applying route maps 224-226 BGP configuring 149-152 routes injecting 161-167 dynamic NAT configuring 364-368 EBGP multihop 182 184-185 IBGP over an IGP 174 176 179-182 injecting IGP routes 155-161 ISP multihoming with NAT 374-379 load balancing 381...

Case Study A Network Merger

NAT is useful for preventing possible address conflicts between internetworks. The previous two case studies demonstrate the connection of internetworks using private address space to an internetwork using public addresses. The publicly addressed internetwork might be some other enterprise, or it might be the Internet. The bottom line is that the private RFC 1918 addresses must be translated because they are not unique. Across the Internet, many enterprises use the same addresses in their...

Case Study Aggregate Routes

Autonomous system 100 in Figure 3-10 contains eight Class C network addresses, all of which can be summarized with the aggregate address 192.168.192.0 21. Stowe is learning the internal networks via EIGRP and is advertising the aggregate to Sugarbush via EBGP. There are two ways to create an aggregate address under BGP. The first is to create a static entry in the routing table for the aggregate address and then advertise it with the network command. The second way is to use the...

Case Study BGP Peer Groups

The preceding case study presented a BGP topology in Figure 3-24 in which an autonomous system is multihomed to several other autonomous systems. Suppose, however, that the router Colorado has 150 EBGP peers rather than five. In addition to the standard configuration, each neighbor connection has an outgoing and an incoming route filter. So for each neighbor, there are five BGP configuration statements A neighbor remote-as statement A neighbor ebgp-multihop statement, because the connections...

Case Study Configuring AutoRP

In a stable PIM domain, static configuration of the RP is straightforward. As new routers are added, they are configured with the location of the RP or RPs. Static RP configuration becomes a problem under two circumstances The address of the RP must be changed, either on the existing RP or because a new RP is being installed. The network administrator must change the static configurations on all PIM routers, which in a large domain can involve significant downtime. The RP fails. A statically...

Case Study Converging at the Speed of Syrup

A distinct characteristic of EGP is that nothing happens quickly. The neighbor acquisition process is slow, and the advertisement of network changes is almost glacial. As a result, you might sometimes mistakenly assume that there is a problem where none exists (except for the problematic nature of EGP itself). For example, suppose users in AS 65503 of Figure 1-13 complain that they cannot reach network 172.17.0.0 in AS 65502. When you examine Groucho's routing table, there is a route to...

Case Study Default Routes

EGP can be configured to advertise a default route in addition to more specific routes. If an AS has only a single exterior gateway, a default route is usually more efficient than a full list of exterior routes. Memory and processing cycles are conserved on the router, and bandwidth is saved on the link. To advertise a default route into AS 65502, as illustrated previously in Figure 1-13, you configure Stan as demonstrated in Example 1-20. Example 1-20 Advertising a Default Route router egp 0...

Case Study Static NAT

In Figure 4-15, the inside network is addressed out of the 10.0.0.0 address space. Two of the devices, hosts A and C, must be able to communicate with the outside world. Those two devices are translated to the public addresses 204.15.87.1 24 and 204.15.87.2 24. Example 4-4 shows the configuration to implement NAT at Mazatlan. figure 4-15 The Inside Local Addresses of Devices A and C Are Statically Translated to Inside Global Addresses by the NAT Process in Router Mazatlan 10.1.2.2 24 Translated...

Case Study Statically Configuring the RP

Figure 6-3 is the same internetwork you have been observing in this chapter, but now the routers are configured to run PIM-SM. Stetson has been chosen as the RP, and all routers are statically configured with that information. The illustration shows that Stetson's RP address is 10.224.1.1. This address can exist on any interface, as long as it is advertised by the unicast routing protocol so that the other routers know how to reach it. In practice, you should use the loopback interface. A minor...

Case Study TCP Load Balancing

Figure 4-26 shows a topology similar to the one in the PAT case study. Here the three inside devices are not hosts, however, but are identical servers with mirrored content. The intent is to create a virtual server with an address of 199.198.5.1 that is, from the outside there appears to be a single server at that IG address. In reality, the router Barbados is configured to perform round-robin translations to the three IL addresses. Figure 4-26 The Three Inside Devices Are Identical Servers...

CBT Designated Routers

CBT uses HELLO messages to elect a designated router on multiaccess networks The rationale for using a CBT DR is the same as that for DVMRP-designated forwarders and MOSPF DRs Because CBT does not use an RPF check when forwarding packets, a DR is especially important for preventing loops when there are multiple upstream paths to the core, as in Figure 5-39 Each CBT interface is configured with a preference value between 0 and 255, and this value is carried in the HELLO message A value between 1...

Cbt Hello Message Format

HELLOs, the format of which is illustrated in Figure 5-43, are used to elect designated routers on multiaccess networks They also are sent by a DR every 60 seconds as a keepalive Figure 5-43 The CBT HELLO Message Format The fields for the CBT HELLO message are defined as follows Preference is a value between 0 and 255 Values from 1 to 254 indicate the degree of eligibility of the originating router to become the DR The lower the preference value, the higher the eligibility An advertised value...

CGMP Packet Format

The source MAC address of frames carrying CGMP packets is the MAC address of the originating router, and the destination MAC address is the reserved multicast address 0100 Ocdd dddd Only routers originate CGMP packets Within the frame, the packet is encapsulated in a SNAP header The OUI field of the SNAP header is 0x00000c, and the type field is 0x2001 Figure 5-17 shows the format of the CGMP packet The fields of the CGMP packet are defined as follows Version is always set to 0x1 to signify...

Change Management

A network without change management policies is likely to be a network m chaos. Change management policies state when changes can be made, who can make them, how to document and publish upcoming changes, and how and where to document completed changes. The change management policy specifies the procedure to use when any network or system change is going to take place. This includes router configuration changes, new design implementations, IOS upgrades, or even the implementation of new network...

Changing the Attributes of the Aggregate

Yet another option that you can use with the aggregate-address command is the attribnu map option. This option enables you to change the attributes of the aggregate route. Nof u in Example 3-57, for instance, that all the more-specific routes have an ORIGIN attribui of Incomplete, because the routes are redistributed into BGP from EIGRP. The aggregair have an origin of IGP, however, because they originated within the BGP processes of Sum. and Mammoth. Suppose the administrator wants AS 200 to...

Chapter Bibliography

Kent, IP Authentication Header, RFC 2402, November 1998. Atkinson, R., and S. Kent, IP Encapsulating Security Payload (ESP), RFC 2403, November 1998. Atkinson, R., and S. Kent, Security Architecture for the Internet Protocol, RFC 2401, November 1998. Bates, T., R. Chandra, D. Katz, and Y. Rekhter, Multiprotocol Extensions for BGP-4 RFC 2283, February 1998. Coltun, R., D. Ferguson, and J. Moy, OSPF for IPv6, RFC 2740, December 1999 Conta, A., and S. Deenng, Generic Packet...

Cilea

Mi m are given m QbtJ, stAftTi 01 mb 99 ' OB i Oil-fitffc 3i 23s 00 TITLE LIVE Webcast From MacWorld expo XW York 99' START 19 Jul 99 12 OB END 2* Jul 99 12 00 iiOJJEs fir s*nt 4 By Mac 30 pot Com Contact . cam 45th iBXf Unter& et Engineering Task Force Meeting) Q l , Norway URL http www.ietf.org meetxngs Contact _ There are also tools that utilize such protocols as Session Description Protocol (SDP) and Session Advertisement Protocol (SAP) to describe multicast events and advertise those...

Cisco Group Membership Protocol CGMP

I Building C, 2nd floor 48 ports I Building C, 2nd floor 48 ports Just as broadcast frames are forwarded to every port within a broadcast domain, so too are frames carrying IP multicast packets After all, a broadcast domain is nothing more than a multicast group to which all hosts belong Figure 5-14 illustrates the problem Three group members are attached to a 24-port switch An IGMP Membership Report is sent to the router, and the router begins forwarding the appropriate multicast session onto...

Cisco Press Fundamentals

IP Routing Primer Robert Wright CCIE 1-57870 108 2 AVAILABLE NOW Learn how IP routing behaves m a Cisco router environment In addition to teaching the core fundamentals this b ok enhances your ability to troubleshoot IP routing problems yourself, often eliminating the need to call for additional technical support The information is presented in an approachable, workbook type format with dozens of detailed illustrations and real life scenarios integrated throughout Allan Leinwand Bruce Pinsky,...

Cisco Works

Cisco networks can be managed with the assistance of CiscoWorks. CiscoWorks runs on top of a network management platform, such as HP Open View, IBM NetView, or Sun Net Manager. The management platform provides general network diagrams, charts, and graphs, and CiscoWorks adds Cisco-specific entities, such as chassis views and device configuration management. Cisco View is one of the CiscoWorks applications. Cisco View provides real-time views of networked Cisco devices. These views deliver a...

Classless Routing

Classless routing features two aspects Classlessness can be a characteristic of a routing protocol. Classlessness can be a characteristic of a router. Classless routing protocols carry, as part of the routing information, a description of the network portion of each advertised address. The network portion of a network address is commonly referred to as the address prefix. An address prefix can be described by including an address mask, a length field that indicates how many bits of the address...

Command Summary

Table 3-3 provides a list and description of the commands discussed in this chapter. Table 3-3 provides a list and description of the commands discussed in this chapter. aggregate-address address mask as-set Creates an aggregate entry in the BGP routing Enables the automatic summarization of subnets to their major network addresses. Allows the comparison of MED attributes of routes to the same destination but advertised by peers in different autonomous systems. Tells the BGP process to ignore...

Confederations

Confederations are another way to control large numbers of IBGP peers. A confederation is an AS that has been subdivided into a group of subautonomous systems, known as member autonomous systems (see Figure 2-42). The BGP speakers within the confederation speak IBGP to peers in the same member AS and EBGP to peers in other member autonomous systems. The confederation is assigned a confederation ID, which is represented to peers outside of the confederation as the AS number of the entire...

Configuration Exercises

Refer to Figure 4-28 for Configuration Exercises 1-5. Figure 4-28 The Internetwork for Configuration Exercises 1-5 ISP1 in Figure 4-28 has assigned the address block 201.50.13.0 24 to AS 3. ISP2 has assigned the address block 200.100.30.0 24 to AS 3. RTR1 and RTR2 are accepting full BGP routes from the ISP routers but do not transmit any routes to the ISPs. They run IBGP between them and OSPF on all Ethernet interfaces. No routes are redistributed between BGP and OSPF. The addresses of the...

Configuring and Troubleshooting Border Gateway Protocol

Many newcomers to BGP approach the protocol with trepidation. The source of this sentiment is the fact that BGP implementations are much more rare than IGP implementations. Outside of ISPs, most network administrators deal with BGP far less than with IGPs, if at all. Even when BGP is used, the configurations in small ISPs and non-ISP subscribers are usually pretty basic. Because most networking professionals lack in-depth experience with the protocol, it is often viewed as mysterious or...

Controlling Interactive Access

You should control interactive access to the router. You can limit access to specified network numbers by using the following command access-class access-list_1 199_or_1300-2699 in out The access-list argument specifies the source network number allowed to connect to the line (with the keyword in), or the network number to which a connection is permitted (with the keyword out). Ensure that there are no access holes by permitting only the remote access protocol desired, such as the following...

Current State of IPv6

For most organizations, IPv6 has not been much more than a new set of letters and numbers to toss around when talking about networking. Now, however, more of the specifications are becoming finalized, many are IETF draft standards, and many more are proposed draft standards. IANA allocated address space to the regional Internet registries (RIR), and the RIRs have begun allocating address space to Internet providers. Network and end-station equipment vendors have begun releasing software that...

Default Router Selection

A host chooses one router (out of possibly ri ny) from its default router list when the destination is off-link and there is no existing cached entry for the destination or when an existing default router appears to be failing. Normally, a default router is chosen the first time traffic to a particular destination requires it. The information is cached and used for subsequent traffic. The default router selection process uses the default router list and the neighbor cache. Any router that is...

Designing Network Security

Designing Network Security is a practical guide designed to help you understand the fundamentals of securing your corporate infrastructure. This book takes a comprehensive look at underlying security technologies, the process of creating a security policy, and the practical requirements necessary to implement a corporate security policy. EIGRP Network Design Solutions Ivan Pepelnjak, CCIE 1 -57870-165-1 AVAILABLE NOW EIGRP Network Design Solutions uses case studies and real-world configuration...

Dns

One of the core functions of any TCP IP internetwork, and especially of the Internet, is the Domain Name System (DNS). If systems cannot get DNS queries and responses across a NAT, DNS can become complicated. Figure 4-11 shows ways you can implement DNS servers around a NAT that cannot translate DNS packets. The NAT in Figure 4-11 translates in both directions outside hosts are made to appear to the inside as if they are on the 10.0.0.0 network, and inside hosts are made to appear to the...

DVMRP Probe Message Format

DVMRP Probe messages serve four functions They allow routers to locate each other by listing all DVMRP-speaking routers detected by the originating router on the originating interface They provide a means for DVMRP routers to communicate their capabilities to each other They enable the selection of a designated forwarder when there are multiple paths to a downstream group member They provide a keepalive function by being transmitted every 10 seconds If a probe is not heard from a neighbor...

DVMRP Route Report Message Format

Route Report messages, depicted in Figure 5-27, are sent every 60 seconds The Route Report consists of a list of one or more netmasks, & nd for each netmask, a list of one or more source network addresses and associated metrics corresponding to the netmask Although the lengths of the source networks in Figure 5-27 are all 3 octets, in reality the lengths may vary, as described in this section Figure 5-27 DVMRP Route Report Message Format The fields for the DVMRP Route Report Message are...

E

EBGP (External Border Gateway Protocol) confederation EBGP 287-293 multihop configuring 182-185 ECHO_REPLY messages (CBT) 464 472 ECHO_REQUEST messages (CBT) 464 472 EGPs convergence troubleshooting 41-43 core gateway configuring 31 34-35 dead neighbors 13 default routes configuring 38-39 indirect neighbors 15 Error 24-25 header fields 18 Hello interval 9 Neighbor Acquisition 19-20 Neighbor Reachability 21 Poll 21 sequence number 10 Update 22-24 Neighbor Acquisition Protocol 9-11 Neighbor...

Ease of Configuration

IPv6 introduces mechanisms to ease host-to-router communication management and host configuration. These mechanisms are essential to the success of IPv6. As more and more people, schools, and businesses want to connect to the Internet or build their own internetworks, the tasks involved in enabling them must be simplified. Not everyone wants to become a CCIE just so he or she can figure out how to run a network. They just want the networks to work. IPv6 has automatic configuration mechanisms...

EGP Functions

EGP consists of the following three mechanisms Neighbor Acquisition Protocol Neighbor Reachability Protocol Network Reachability Protocol These three mechanisms use ten message types to establish a neighbor relationship, maintain the neighbor relationship, exchange network reachability information with the neighbor, and notify the neighbor of procedural or formatting errors. Table 1-1 lists all of the EGP message types and the mechanism that uses each message type. The following sections...

EGP Topology Issues

EGP messages are exchanged between EGP neighbors, or peers. If the neighbors are in the same AS, they are interior neighbors. If they are in different autonomous systems, they are exterior neighbors. EGP has no function that automatically discovers its neighbors the addresses of the neighbors are manually configured, and the messages they exchange are unicast to the configured addresses. RFC 888 suggests that the time-to-live (TTL) of EGP messages be set to a low number, because an EGP message...

Enabling IPv6 Capability on a Cisco Router

IPv6 (disabled by default) is enabled on the Cisco router by issuing the following global command ipv6 unicast-routing table-count num Cisco's support enables multiple routing tables. One routing table is enabled by default. Multiple tables enable the network administrator to have more control over routing entry lookups. Longest match routing is no longer the only rule. If multiple tables are enabled, the forwarding algorithm searches the routing tables in increasing order until a usable route...

Extended Options Field Format

The Options field, shown in Figure 5-38, is a part of all OSPF Hello and Database Description packets and a part of the header of all LS As The other flags of this field are described in Chapter 9 of Volume , but the pertinent flag for this chapter is the MC bit When set, this bit indicates that the originating router is multicast-capable Figure 5-38 The Options Field Format The MC bit in Hello packets does little more than signal multicast capability Two routers will still become adjacent,...

Extended Router LSA Format

Figure 5-37 shows the format of a Router (type 1) LSA that has been extended to support MOSPF The format is identical to the format shown in Figure 9 55 of Volume , with the exception of the addition of the W bit in the rtype field The W bit is set by inter-area and inter-AS multicast forwarders to indicate to other MOSPF routers in an area that they are wildcard multicast forwarders Figure 5-37 The Router LSA Format, with the W Bit Added to the rtype Field for MOSPF Support

Extension Header Order

A node determines whether it must examine and process an extension header by looking at information that is contained in the preceding header. Therefore, extension headers must be processed in the order that they appear in the packet. If they all exist in a packet, they should be in the order shown in Table 8-8. The table shows the next-header value that identifies this header. The headers should be in the order shown in Table 8-8, but they might not be, except for the hop-by-hop header, which...

Exterior Gateway Protocols

Chapter 2 Introduction to Border Gateway Protocol 4 Chapter 3 Configuring and Troubleshooting Border Gateway Protocol 4 This chapter covers the following key topics The Origins of EGP This section discusses the history of the development of the Exterior Gateway Protocol, presented in RFC 827 (1982). Operation of EGP This section explores the fundamental mechanics of EGP with a focus on EGP topology issues, EGP functions, and EGP message formats. Shortcomings of EGP This section explores some of...

Fault Management

A dependable network requires that a fault management system be in place Potential and existing problems need to be detected as soon as possible so that you can take immediate action to resolve the issues A fault management system detects problems with devices and links hopefully before end users notice the outage An SNMP configured router sends traps to the management station wh n it detects a failure Because SNMP uses UDP to send traps however there is no guarantee that the message describing...

Ftp

The File Transfer Protocol (FTP) is something of an unusual application protocol in that it uses two connections (see Figure 4-13). The control connection is initiated by the host and is used to exchange FTP commands with the server. The data connection is initiated by the server and is used for the actual file transfer. Figure 4-13 An FTP Session Consists of Two Separate TCP Connections the Host Initiates the Control Connection, and the Server Initiates the Data Connection Figure 4-13 An FTP...

Ftwi jmssing More Specific Routes

In a simple topology such as the one in Figure 3-10, this first method normally suffices. As the topology and the routing policies grow more complex, however, the options available with the aggregate-address command make that method more useful. The remainder of this case study examines the aggregate-address command and its options. For the aggregate specified by the aggregate-address command to be advertised, at least one of the more-specific addresses belonging to the aggregate must be...

Group Membership LSA Format

The Group Membership LSA carries the standard LSA header and has a type number of 6 Figure 5-36 shows the format for the Group Membership LSA Only MOSPF-designated routers originate Group Membership LSAs Notice in the format that no metric is associated with this LSA Figure 5-36 The MOSPF Group Membership LSA Format The fields for the Group Membership LSA are defined as follows Link State ID carries the address of the multicast group being advertised Advertising Router is always the router ID...

H

Flapping routes 116 route penalties 261 hash function 491 Hash Mask Length field (PIMv2 Bootstrap DVMRP messages 445-446 PIMv2 messages 508-509 IPv6 667 extension headers 669-672 format 667 IPv6 packets 649 Hello interval EGP messages 9 CBT, format, 469-470 PIMv2, 509 hierarchical routing, 64 hierarchical structure of aggregatable addresses, 654 hold time interval, BGP configuration, 208 holdtime, mapping agents, 555 Holdtime field (Candidate-RP-Advertisement messages), 517 hop count, DVMRP,...

Hierarchy

Aggregatable addresses are organized into three levels of hierarchy public, site, and interface. The public topology comprises service providers that offer public Internet transit services, and exchanges. The very top level of the public topology makes up what is called the default-free zone the Internet routers with no default route entry in their routing tables. These sites know explicitly how to reach all other network prefixes. Site topology is local to a site or organization that does not...

Host Functions

Routing Process

Host functions are similar to the host functions of IGMPv2, discussed in Chapter 5, Introduction to IP Multicast Routing. Two types of Report messages are defined When a host first begins listening to a particular multicast address on a link, it should immediately transmit a Report to inform the router that there is a listener on the link. It sends the Report to the address of the multicast group and also includes the address in the MLD Multicast Address field within the Report packet. The...

Multigroup Hsrp With Secondary Ip

172.16.1.100 HSRP grp 1 172.16.1.201 HSRP grp 1 priority 120 Router Monet is configured with an interface IP address 172.16.1.100 and an HSRP group 1 IP address 172.16.1.201. Router Monet advertises an HSRP priority, for HSRP group 1, as 120. This is higher than the default priority of Picasso. Monet, therefore, is the active router for group 1. When Wks 1 wants to send a packet toward its default gateway, it ARPs for the HSRP group 1 address. Monet responds with the HSRP group 1 MAC address....

IGMP Message Format

IGMPv2 uses a single message format, as shown in Figure 5-11 The IP header encapsulating the message indicates a protocol number of 2 Because the IGMP message must not leave the local subnet on which it was originated, the TTL is always set to 1 Additionally, IGMPv2 messages carry the IP Router Alert option that informs routers to examine this packet more closely6 Figure 5-11 The IGMPv2 Message Format The fields for the IGMPv2 message are defined as follows Type describes one of four message...

IGMPv2 Host Functions

Hosts running IGMPv2 use three types of messages Version 1 Membership Report messages Membership Report messages are sent to indicate that a host wants to join a group The messages are sent when a host first joins a group, and sometimes in response to a Membership Query from a local router When a host first learns of a group and wants to join, it does not wait for the local router to send a query As you will learn in the sections on the various multicast routing protocols, the router may not in...

IGMPv2 Router Functions

The only type of IGMP message sent by routers is a query Within IGMPv2, there are two subtypes of queries The General Query is the message with which the router polls each of its subnets to discover whether group members are present and to detect when there are no members of a group left on a subnet By default, the queries are sent every 60 seconds, the default can be changed to any value between 0 and 65,535 seconds with the command ip igmp query-interval As described in the preceding section,...

Info

Example 4-27 shows the configuration for Barbados. Example 4-27 Barbados' NAT Configuration Evenly Distributes the TCP Load to the Three Identical Servers Outside Devices See Only a Single Inside Global Address interface EthernetO ip address 192.168.1.1 255.255.255.0 ip nat inside interface SerialO ip address 207.35.14.82 255.255.255.252 ip nat outside ip nat pool V-Server 192,168.1.2 192.168,1.4 prefix-length 24 type rotary ip nat inside destination list 1 pool V-Server Instead of translating...

InterAs Mospf

RFC 1584 provides for the routing of multicast packets into and out of an MOSPF domain You know from Chapter 9 of Volume I that a router redistributing routes into an OSPF domain from some other routing protocol is called an Autonomous System Boundary Router (ASBR) An ASBR uses AS-External (type 5) LSAs to advertise destinations outside of the OSPF domain and ASBR Summary (type 4) LSAs to advertise their own location These LSAs are flooded into all areas of the OSPF domain, with the exception...

Internetworking Technologies Handbook Second Edition

Kevin Downes CCIE Merilee Ford, Hi Kim Lew Steve Spanier Tim Stevenson This comprehensive reference provides a foundation for understanding and implementing contemporary internetworking technologies providing you with the necessary information needed to make rational networking decisions Master terms concepts technologies and devices that are used in the internetworking industry today You also learn how to incorporate networking technologies into a LAN WAN environment as well as how to apply...

Introduction to Border Gateway Protocol

Border Gateway Protocol (BGP) is a particularly important topic for any CCIE, and you can expect your knowledge of it to be thoroughly challenged in the CCIE lab. You learned in Chapter 1, Exterior Gateway Protocol, that the architects of the ARPANET began recognizing in the early 1980s that autonomous systems, and an inter-AS reachability protocol, were necessary to maintain manageability of the fast-growing Internet. Their original solution, Exterior Gateway Protocol (EGP), was adequate for...

IP Version

Internet or other companies, thereby mitigating the address space problem, allowing a huge number of nodes to access external internetworks. However, NAT is not always easy to implement and maintain. Some applications create excessive processing requirements on the NAT device, and other applications do not work at all. Furthermore, future Internet appliances, such as personal digital assistants, home security systems, or car maintenance computers, might require globally routable addresses so...

Pv6 Specification RFCs

The IPv6 specification is now an approved draft standard. Companies have released (or prereleased) products based on the specifications. Current draft standards include the The IPv6 specification is now an approved draft standard. Companies have released (or prereleased) products based on the specifications. Current draft standards include the IP Version 6 Addressing Architecture An IPv6 Aggregatable Global Unicast Address Format Internet Protocol, Version 6 (IPv6) Specification Neighbor...

Pv6 Tunneled in IPv4

Most IPv6 implementations will be installed alongside IPv4 networks. IPv6 hosts will communicate over mostly IPv4 networks. IPv6 packet encapsulation into IPv4 packets supports this. You can create four types of tunnels IPv6 IPv4 routers can encapsulate IPv6 traffic for transmission over an IPv4 infrastructure. You can use this method for IPv6-only nodes that exist on either side of the routers, or for any communication that requires that this one segment of the end-to-end IPv6 path traverse an...

Large Scale BGP

Large-scale BGP is something of a subjective term. You decide when your BGP topology grows large enough to justify the use of the tools discussed in this section. As a rule, however, peer groups and communities are used in moderate-sized to larger internetworks. Route reflectors can also be found in moderate-sized and larger internetworks, but confederations generally are found only in the largest of BGP topologies, such as that of a large ISP. The following case studies discuss each of these...

Looking Ahead

You have, at this point, invested a sizeable portion of your time to learning not only the ins and outs of IP routing, but also the problems presented by the growing complexity of routing in modern IP networks. Many of the solutions to these problems involve working with (or around) the limitations of IPv4 and its associated routing protocols. The next chapter shows how the newest version of the IP protocol, IPv6, has been created with the lessons of IPv4 firmly in mind. When most people think...

Member and Nonmember Sources

You might have noticed that so far nothing has been said about how sources deliver their traffic to the core In many multicast applications, a sender also is a group member CBT takes advantage of this fact, so a sender that is also a group member a member source can reach the core by virtue of the fact that its directly connected router is on-tree Figure 5-40 illustrates this concept Here, the host labeled SGI is a member source of group 1 Because the host is a group member, its local router...

Minimizing Risks of Denialof Service Attacks

Demal-of-service (DoS) attacks deny access to some resource. Someone can perform a DoS attack in many ways. You can take some actions, however, to minimize the risks of an attack aimed at the router. A limited number of vty ports are available on a router. Once they are all in use, no more remote sessions are permitted to the router, opening up the potential for a DoS attack. An intruder can block all vty ports, denying access to the administrator. Configure a very restrictive access-class...

MOSPF Basics

Figure 5-33 The Local Group Database Records Attached Groups and the Subnets on Which the Group Members Reside The DR then originates a Group Membership LSA for each attached group The LSA specifies the group address and the originating router ID and lists all the router's attached networks on which members of the group reside In some cases, the router itself may run multicast applications that make it a group member The LSA includes a Type field in which the router can indicate that it is...

MSDP Message Formats

MSDP messages are carried in TCP segments. When two routers are configured as MSDP peers, the router with the higher IP address listens on TCP port 639, and the router with the lower IP address attempts an active connect to port 639. The MSDP messages use a TLV (Type Length Value) format and may be one of five types, shown in Table 7-4. The following sections detail the format of each message type.

MTU Path Discovery

The MTU is required to be at least 1280 bytes long on every link in an IPv6 network. However, the recommended size is 1500 bytes or larger. Any link that cannot handle a packet this large is required to provide link-level fragmentation. IP-level fragmentation is performed only by the source node, not by routers along the packet's path. Nodes are not required to implement MTU path discovery, but it is recommended. A node not implement ing MTU path discovery uses an MTU equal to the minimum IPv6...

Multicast Routing

The function of a unicast routing protocol is to find the shortest path to a particular destination This determination might be made from the advertisements of neighboring routers (distance vector) or from a shortest path tree calculated from a topological database (link state) The end result in both cases is an entry in the routing or forwarding table indicating the interface to forward packets out, and possibly a next-hop router The cited interface is, from the perspective of the unicast...

Multicast Routing Issues

Currently, five IP multicast routing protocols are in various stages of development and deployment Distance Vector Multicast Routing Protocol (DVMRP) Protocol-Independent Multicast, Dense Mode (PIM-DM) Protocol-Independent Multicast, Sparse Mode (PIM-SM) The particulars of each of these protocols are examined in subsequent sections, along with their individual advantages and disadvantages Although Cisco IOS Software does not support all five of the protocols, a study of each will help you...

Multicast Scoping

You have seen in the preceding discussions of multicast routing issues that although multicast routing certainly uses fewer network resources than other strategies, such as replicated unicast or simple flooding, it can still be wasteful in some circumstances This is particularly true of broadcast-and-prune protocols when used in sparse topologies In some instances, a multicast source and all group members can be found close together in relation to the size of the entire internetwork In such a...

Multicasting Over Ethernet and FDDI

Ethernet and FDDI interfaces map the lower 23 bits of the group IP address onto the lower 23 bits of the reserved MAC address to form a multicast MAC address, as shown in Figure 5-6 Here, the Class D IP address 235 147 18 23 is used to create the MAC address 0100 5E13 1217 Figure 5-6 Multicast MAC Addresses on Ethernet and FDDI Networks Are Created by Concatenating the Last 23 Bits of the IP Address with the First 25 Bits of the MAC Address 0100 5E00 0000

Multicasting Over Token Ring

Multicast over Token Ring networks is treated differently Token Ring specifies functional or function-dependent MAC addresses to reach stations running such common TR functions as Active Monitor, Ring Parameter Server, and Ring Error Monitor The first bit of the first octet of the TR MAC address is the I G address, which indicates whether the address is unicast (I G 0) or broadcast multicast (I G l) The second bit is the Universal Local (U L) bit, which indicates whether the address is a...

Multiple OSPF Instances per Link

Multiple OSPFv3 protocol processes can run on a single link. This proves useful when multiple areas need to share a single link (see Figure 8-19). The instance ID in OSPFv3 packet headers enables this functionality. Figure 8 19 Two Routers Share a Link and Two Areas Need to Run on the Single Link Multiple OSPF Protocol Processes pet Link Enables This In Figure 8 19 Area 1 has four routers and Area 2 has four routers The two remote routers in Area 1 have primary links to Router A with backup...

Multiple Routers on a Network

The possibility was raised in the preceding section that multiple routers might be attached to a subnet, all of which need to know whether group members are present Figure 5-10 shows an example Two routers are attached to the subnet, both of which receive the same multicast stream from the same source over different routes If one router or route fails, the group members can continue to receive their multicast session from the other router Under normal circumstances, however, it is inefficient...

Multiprotocol Extensions for Bgp Mbgp

RFC 2283 extends BGP for multiprotocol support by defining two new attributes Multiprotocol Reachable NLRI, or MP REACH.NLRI (type 14) Multiprotocol Unreachable NLRI, or MP_UNREACH_NLRI (type 15) NOTE See Chapter 2, Table 2-7, for a more complete list of BGP attribute type codes. Both attributes are optional, nontransitive. Recall from Chapter 2, Introduction to Border Gateway Protocol 4, that this means BGP speakers are not required to support the attributes, and BGP speakers that do not...

N

NA (neighbor advertisement) ND 679 packets 676 name servers 350 NAPs (network access points) 64 MAEs 65 multicast 604 NAPT (network address and port translation) 342 NAT (Network Address Translation) See also PAT address translation table 335 clearing entries 387 address types 334 command summary 388 configuration exercises 389-391 IP address conservation 336-338 ISPs migration 338-340 multihoming case study 374-379 many to one applications 337 network mergers case study 369-374 PAT 342-343...

NAT and IP Address Conservation

The original mission of NAT was to slow the depletion of IP addresses, and this is the focus of RFC 1631. The core assumption of the concept is that only some of an enterprise's host s will be connected to the Internet at any one time. Some devices (print servers and DHCP servers, for example) never require connectivity outside of the enterprise at all. As a result, the enterprise can be addressed out of the private RFC 1918 address space, and a significantly smaller number of uniquely assigned...

Neighbor Discovery

The Neighbor Discovery (ND) protocol addresses many problems related to nodes on a single link. It provides the functionality for serverless automatic configuration, router discovery, prefix discovery, address resolution, neighbor unreachability detection, link MTU discovery, next-hop determination, and duplicate address detection. With IPv4, a combination of many protocols, including DHCP, ICMP router discovery, a routing protocol, and ARP, are required to provide only some of this...

Net Flow

NetFlow switching identifies traffic flows and performs switching and access list processing within a router In addition because the flows are identified statistics regarding the flows can be exported to an accounting server While the flow is active data about the flow is maintained in a NetFlow cache When the flow expires it can be added to an aggregation cache and can be exported to a management station The default size of the NetFlow cache can contain 64 K flow cache entries NOTE NetFlow...

Next Hop Discovery

A host that has a packet to send must first determine what next hop to use. If a packet was previously sent to the destination, the next hop might be stored in a destination cache. If this is the first packet to a destination, the next hop is discovered by comparing the destination address with the host's on-link prefix list. A packet to an on-link destination is sent directly to that destination node. An off-link destination is sent to a default router. An IPv4 node, however, must send all...

Open Sent State

In this state, an Open message has been sent, and BGP is waiting to hear an Open from its neighbor. When an Open message is received, all its fields are checked. If errors exist, a Notification message is sent and the state transitions to Idle. If no errors exist in the received Open message, a Keepalive message is sent and the Keepalive timer is set. The Hold time is negotiated, and the smaller value is agreed upon. If the negotiated Hold time is zero, the Hold and Keepalive timers are not...

Operation of Multicast Source Discovery Protocol MSDP

The purpose of MSDP is, as the name states, to discover multicast sources in other PIM domains. The advantage of running MSDP is that your own RPs exchange source information with RPs in other domains your group members do not have to be directly dependent on another domain's RP. NOTE You will see in some subsequent case studies how MSDP can prove useful for sharing source information within a single domain, too. MSDP uses TCP (port 639) for its peering connections. As with BGP, using...

Operation of NAT

NAT is described in RFC 1631.1 The original intention of NAT was, like classless interdomain routing (CIDR), to slow the depletion of available IP address space by allowing many private IP addresses to be represented by some smaller number of public IP addresses. Since that time, users have found NAT to be a useful tool for network migrations and mergers, server load sharing, and creating virtual servers. This section examines all these applications, but first describes the basics of NAT...