Cisco Routing

Routing I (Cisco)

Routing TCP/IP, Volume I by Jeff Doyle

Static Routing

show ip route
ip route prefix mask{address|interface} [distance][permanent] #Administrative Distance can be used for Floating Static Routes
Fast switching significantly reduces the adverse effects of recursive lookups by limiting the recursive lookups to the first packet to each destination.

Dynamic Routing Protocols

Metrics: Hop Count, Bandwidth, Load, Delay, Reliability, Cost, Convergence, Load Balancing
Distance Vector Routing Protocols: RIP, IGRP
Link State Routing Protocols: EIGRP, OSPF, Integrated IS-IS

RIP

The metric for RIP is hop count. The RIP process operates from UDP port 520.

IGRP

From a high-altitude view, IGRP shares many operational characteristics with RIP. It is a classful distance vector protocol that periodically broadcasts its entire routing table—with the exception of routes suppressed by split horizon—to all its neighbors.

RIPv2

A Classless Routing Protocol

EIGRP

A Basic EIGRP Configuration

Earhart:  
router eigrp 15  
  network 172.20.0.0  
Cochran:  
router eigrp 15   
  network 172.20.0.0  
  network 192.168.17.0  
Lindbergh:  
router eigrp 15 
  network 172.20.0.0  
  network 192.168.16.0

Commands

auto-summary
bandwidth
debug eigrp packets
debug ip eigrp neighbor ?
delay
ip authentication ?
ip summary-address eigrp ?
metric weights tos k1 k2 k3 k4 k5 (bandwidth, delay, load, reliability, MTU)
network
passive-interface
router eigrp
show ip eigrp topology ?
variance

OSPF

Neighbors and Adjacencies

show ip ospf neighbor
Router ID—better numerically highest IP address associated with a loopback interface.
The Hello Protocol — establishing neighbor, keepalive, electing DR and BDR.
ip ospf hello-interval
ip ospf dead-interval

Network Types

1. Point-to-point networks
2. Broadcast networks
3. Non-broadcast Multi-access
4. Point-to-multpoint networks
5. Virtrual Links

Transit and stub networks

DR: A multi-access network can be considered a “pseudonode” or a virtual router, and DR represents the pseudonode. Only the DR will send LSAs to the rest of the internetwork. A router might be a DR on one of its atatched multi-access networks and it might not be the DR on another of its attached multi-access networks.

An OSPF router becomes active and discovers its neighbors, it checks for an active DR and BDR.

All routers multicast Hellos to the AllSPFRouters address 224.0.0.5 so that they can track neighbors, but DRothers multicast update packets to the AllDRouters address 224.0.0.6. Only the DR and BDR will listen to this address; in turn, the DR will flood the updates to the DRothers on 224.0.0.5.

show ip ospf interface
Components of an interface data structure include IP Addresss and Mask, Area ID, Router ID, Network Type, Cost, InfTransDelay, State, Router Priority, DR, BDR, HelloInterval, RouterDeadInterval, WaitTimer, RxmtInterval, Hello Timer, Neighboring Routers, AuType, Authentication Key,

ospf auto-cost reference-band width
ip ospf priority
ip ospf hello-interval
ip ospf dead-interval
ip ospf retransmit-interval

Interface State Machine
Down, Point-to-Point, Waiting, DR, Backup, DRother, Loopback

OSPF Neighbors
show ip ospf neighbor
Neighbor Data Structure: Neighbor ID, Neighbor IP Address, Area ID, Interface, Neighbor Priority, State, PollInterval, Neighbor Options, Inactivity Timer, Designated Router, Backup Designated Router, Master/Slave, DD Sequence Number, Last Received DD packet, Link State Retransmission List, Database Summary List, Link State Request List

Neighbor State Machine
Down, Attempt, Init, 2-way, Exstart, Exchange, Loading, Full.

The adjacency building process uses three OSPF packet types: Database Description packets, Link State Request packets, Link State Update packets.

debug ip ospf adjacency

Flooding is the process by which a change is sent throughout the network. It uses two packet types: Link State Update packets, Link State Acknowledgement packets.

Reliable Flooding: Sequencing, Checksums, and Aging.

If the present sequence number is MaxSequenceNumber and a new instance of the LSA must be created, the router must first flush the old LSA from all databases. This is done by setting the age of the existing LSA to MaxAge (defined later in this section) and reflooding it over all adjacencies. As soon as all adjacent neighbors have acknowledged the prematurely aged LSA, the new instance of the LSA with a sequence number of InitialSequenceNumber may be flooded.

show ip ospf database

Areas

An OSPF area is a logical grouping of OSPF routers. Each area is described by its own link state database, and each router must maintain a database only for the area to which it belongs.

Area ID 0 (or 0.0.0.0) is reserved for the backbone. The backbone is responsible for summarizing the topographies of each area to every other area.

A stub area is an area into which AS External LSAs are not flooded.

OSPF designers should consider the number of links in an area, the stability of the topology, the memory and horsepower of the routers, the use of summarization, and the number of summary LSAs entering the area.

Router Types

All OSPF routers can be classified as an Internal Router, a Backbone Router, an Area Border Router (ABR), or an Autonomous System Boundary Router (ASBR). Note that any of the first three router types may also be an ASBR.

A virtual link is a link to the backbone through a non-backbone area. It should be used only as a temporary fix to an unavoidable topology problem.

The Link State Database

show ip ospf database
show ip ospf database database-summary

LSA types

1 Router LSA, 2 Network LSA, 3 Netwrok Summary LSA, 4 ASBR Summary LSA, 5 AS External LSA, 7 NSSA External LSA
show ip ospf database router
show ip ospf database network
show ip ospf database summary (originated by ABRs)
show ip ospf database asbr-summary (originated by ABRs)
show ip ospf database external (originated by ASBRs)
show ip ospf database nssa-external

Destination Types

show ip route
show ip ospf border-routers

Path Types

intra-area (O), inter-area (O IA), type 1 external (E1), type 2 external (E2)
If multiple equal-cost, equal-path-type routes exist in the final set, OSPF will utilize them.
maximum-paths

Authentication

Null, simple passwords or MD5 checksums

OSPF Packet Formats

OSPF packet types: Hello, Databse Description, Link State Request, Link State Update, Link State Acknowledgment

Configuring OSPF

Basic Configuration Example

router ospf 40 
 network 192.168.10.2 0.0.0.0 area 0 
 network 192.168.10.33 0.0.0.0 area 1

show ip ospf 40

Setting Router IDs with Loopback Interfaces

OSPF does not have to be running on an interface for its IP address to be used as the Router ID.

Stub Areas

router ospf 20 
 network 192.168.30.0 0.0.0.255 area 1
 network 192.168.20.0 0.0.0.255 area 0 
 area 1 stub [no-summary]

NSSA

router ospf 40 
 redistribute rip metric 10 
 network 192.168.10.2 0.0.0.0 area 192.168.10.0 
 network 192.168.10.33 0.0.0.0 area 192.168.10.0 
 area 192.168.10.0 nssa [no-summary]
 !
router rip 
 network 172.19.0.0  

Address Summarization

Inter-area summarization configured on ABR and External route summarization configured on ASBR

router ospf 1  
 network 10.0.0.0 0.7.255.255 area 15
 network 10.8.0.0 0.7.255.255 area 0  
 area 15 range 10.0.0.0 255.248.0.0

Authentication

When authentication is configured, it must be configured for an entire area.

interface Ethernet0  
 ip address 10.8.1.1 255.255.255.0  
 ip ospf message-digest-key 5 md5 santafe
router ospf 1  
 network 10.8.0.0 0.0.255.255 area 0  
 network 172.20.0.0 0.0.255.255 area 25
 area 25 range 172.16.0.0 255.240.0.0 
 area 0 authentication message-digest

Virtual Link

area [transit area] virtual-link [remote ABR router-id]
show ip ospf virtual-link

OSPF on NBMA

Troubleshooting OSPF

debug ip ospf adjacency
show logging
show ip ospf database database-summary
show ip ospf database
show ip ospf border-routers
show ip ospf neighbor
show ip ospf database
show ip route
show ip ospf interface

Integrated IS-IS

OSPF and IS-IS have many features in common:
They both maintain a link state database from which a Dijkstra-based SPF algorithm computes a shortest-path tree.
They both use Hello packets to form and maintain adjacencies.
They both use areas to form a two-level hierarchical topology.
They both are classless protocols.
They both elect a designated router to represent broadcast networks.
They both have authentication capabilities.

IS-IS area borders are on links.
An intermediate system can be a level 1 (L1) router, a level 2 (L2) router, or both (L1/L2). L1 routers are analogous to OSPF nonbackbone Internal Routers, L2 routers are analogous to OSPF backbone routers, and L1/L2 routers are analogous to OSPF ABRs. L1/L2 routers must maintain both a level 1 link state database and a level 2 link state database.

Unlike OSPF ABRs, L1/L2 routers do not advertise L2 routes to L1 routers. Therefore, an L1 router has no knowledge of destinations outside of its own area. When an L1/L2 router sends its level 1 LSP into an area, it signals other L1 routers that it can reach another area by setting a bit known as the Attached (ATT) bit in the LSP.

Both the Area ID and the System ID are defined on an IS-IS router by a single address, the Network Entity Title (NET).

Neighbors and Adjacencies

isis hello-interval
show clns is-neighbors
The Circuit ID is concatenated with the System ID of the network’s Designated Router, and the complete number is known as the LAN ID.

show isis database
show isis database detail
which-route

PDU Formats

Hello: Level 1, Level 2, Point-to-point
LSP: Level 1 LSP, Level 2 LSP
Sequence Number PDUs: Level 1 CSNP, Level 2 CSNP, Level 1 PSNP, Level 2 PSNP

Configuring Integrated IS-IS

Basic Configuration

interface Serial0  
  ip address 10.1.255.5 255.255.255.252  
  ip router isis
router isis  
  net 00.0001.0000.3090.6756.00
  is-type level-1
  summary-address 172.16.16.0 255.255.248.0
  default-information originate
ip route 0.0.0.0 0.0.0.0 Null0

show ip route
show clns is-neighbors
show isis database

Route Redistribution

In the routing protocol configuration that is to receive the redistributed routes, use the redistribute command to specify the source of the routes.
Specify the metric to be assigned to the redistributed routes.

Configuration

router igrp 1 
  redistribute ospf 1 metric 10000 100 255 1 1500 
  passive-interface Ethernet1 
  network 172.20.0.0

The metric portion of the command assigns IGRP metrics to the routes. In order, the numbers specify: Bandwidth, Delay, Reliability, Load, MTU

router ospf 1 
  redistribute igrp 1 metric 30 metric-type 1 subnets 
  network 172.20.112.2 0.0.0.0 area 0  

router igrp 1 
  redistribute ospf 1 
  redistribute rip metric 50000 500 255 1 1500 
  redistribute eigrp 2 
  default-metric 10000 100 255 1 1500
  passive-interface Ethernet1 
  network 172.20.0.0

router eigrp 1 
  redistribute ospf 1 metric 1000 100 1 255 1500 
  redistribute eigrp 2 
  passive-interface Ethernet0 
  network 192.168.3.0
!
router eigrp 2 
  redistribute ospf 1 metric 1000 100 1 255 1500 
  redistribute eigrp 1 
  network 192.168.4.0 network 172.16.0.0
!
router ospf 1 
  summary-address 192.168.3.128 255.255.255.128
  redistribute eigrp 1 metric 50 [subnets]
  redistribute eigrp 2 metric 100 [subnets]
  network 192.168.3.33 0.0.0.0 area 0  

The command summary-address specifies a summary address and mask to an OSPF process. this command is used only to summarize external routes at ASBR.

interface Ethernet1 
  ip address 192.168.3.129 255.255.255.224
  ip summary-address eigrp 1 192.168.3.0 255.255.255.128 
  ip summary-address eigrp 1 172.16.0.0 255.255.0.0 
  ip summary-address eigrp 1 192.168.4.0 255.255.255.0  

The command ip summary-address eigrp process-id specifies the summary address and mask and the EIGRP process into which the summary is to be advertised.

router isis 
  summary-address 10.2.0.0 255.255.0.0 level-1 
  redistribute rip metric 0 metric-type external level-1 
  net 01.0001.0000.0c76.5432.00
!
router rip 
  redistribute isis level-1-2 metric 1 
  passive-interface Ethernet0 
  network 10.0.0.0

Routes may be redistributed into IS-IS as either internal or external routes (internal is the default) and as either level 1 or level 2 routes (level 2 is the default).

redistribute connected
redistributeprotocol [process-id]{level-1|level-1-2|level-2}[metric metric-value][metric-type type-value][match{internal|external 1|external 2}][tag tag-value] [route-map map-tag][weight weight][subnets]
summary-address address mask {level-1|level-1-2|level-2} prefix mask [not-advertise] [tag tag]

Default Routes

The default-information originate command is a specialized form of the redistribute command, causing a default route to be redistributed into OSPF or IS-IS. And like redistribute, the default-information originate command informs an OSPF router that it is an ASBR, or an IS-IS router that it is an interdomain router. Also like redistribute, the metric of the redistributed default can be specified, as can the OSPF external metric type and the IS-IS level.

router ospf 1 
  network 172.16.0.0 0.0.255.255 area 0
  default-information originate metric 10 metric-type 1
!
ip route 0.0.0.0 0.0.0.0 10.1.1.2

The default-information originate command also will redistribute into OSPF or IS-IS a default route that has been discovered by another routing process.

default-information originate [always][metric metric-value] [metric-type type-value]{level-1|level-1-2|level-2}[route-map map-name]
ip route prefix mask {address|interface}[distance][tag tag][permanent]

Route Filtering

Configuration

Filtering Specific Routes

router rip 
  version 2 
  network 192.168.75.0 
  distribute-list 1 in Serial1 
access-list 1 permit 0.0.0.0  

router ospf 25 
  redistribute rip metric 100 
  network 172.16.1.254 0.0.0.0 area 25
  distribute-list 3 in Ethernet0/0
access-list 3 permit 172.16.0.0 0.0.127.255  

distance
distribute-list {access-list-number|name} in [interface-name]
distribute-list {access-list-number|name} out [interface-name|routing-process|autonomous-system-number]
redistribute protocol [process-id]{level-1|level-1-2|level-2}[metric metric-value][metric-type type-value][match{internal|external 1|external 2}][tag tag-value] [route-map map-tag][weight weight][subnets]

Route Maps

Unlike access lists, route maps can add to each “match” criterion a “set” criterion that actually changes the packet in a specified manner, or changes route information in a specified manner.

Basics

Policy routes forward a packet to a specified next hop based on the source of the packet. Policy routes can also be linked to extended IP access lists so that routing may be based on such things as protocol types and port numbers.

Configuring Route Maps

Match and set commands can be used with redistribution; match and set commands can be used with policy routing.

route-map Hagar permit 10  
  match ip address 110  
  set metric 100
!
route-map Hagar permit 20  
  match ip address 111  
  set metric 50

route-map Sluggo permit 10  
  match ip route-source 1  
  set next-hop 192.168.1.5
!
route-map Sluggo permit 20  
  match ip route-source 2  
  set next-hop 192.168.1.10

An implicit deny exists at the end of every route map. Routes that pass through a redistribution route map without a match are not redistributed, and packets that pass through a policy route map without a match are sent to the normal routing process.

No match statement is to match everything. Multiple match statements execute ‘and’ operation.

Policy Routing

ip policy route-map: The command is configured on an interface and affects incoming packets only.

interface Serial0
ip address 172.16.5.1 255.255.255.0
ip policy route-map Sally
!
access-list 1 permit 172.16.6.0 0.0.0.255
access-list 2 permit 172.16.7.0 0.0.0.255
!
route-map Sally permit 10
match ip address 1
set ip next-hop 172.16.4.2
!
route-map Sally permit 15
match ip address 2
set ip next-hop 172.16.4.3

interface Ethernet0  
  ip address 172.16.1.4 255.255.255.0  
  ip policy route-map Rerun
!
access-list 105 permit tcp 172.16.1.0 0.0.0.255 eq ftp any
access-list 105 permit tcp 172.16.1.0 0.0.0.255 eq ftp-data any
access-list 106 permit tcp 172.16.1.0 0.0.0.255 eq telnet any
!
route-map Rerun permit 10  
  match ip address 105  
  set ip next-hop 172.16.2.1
!
route-map Rerun permit 20  
  match ip address 106  
  set ip next-hop 172.16.3.1

Route Maps for Redistribution

router ospf 1  
  redistribute isis level-1 metric 20 subnets route-map Griffy  
  network 172.16.10.2 0.0.0.0 area 5
!
router isis 
  redistribute ospf 1 metric 25 route-map Toad metric-type internal level-2 
  net 47.0001.1234.5678.9056.00
!
access-list 1 permit 192.168.2.0


access-list 1 permit 192.168.4.0
access-list 1 permit 192.168.6.0
access-list 2 permit 172.16.1.0
access-list 2 permit 172.16.3.0
access-list 2 permit 172.16.5.0
access-list 2 permit 172.16.7.0
access-list 2 permit 172.16.9.0
!
route-map Griffy deny 10
  match ip address 1
!
route-map Griffy permit 20
!
route-map Toad permit 10
  match ip address 2

Route Tagging

router ospf 1
  network 10.100.200.2 0.0.0.0 area 0
!
router rip 
  redistribute ospf 1 match external 2 route-map Daisy 
  passive-interface Ethernet0 
  passive-interface Serial1 
  network 10.0.0.0 
  default-metric 5
!
router igrp 1 
  redistribute ospf 1 match external 2 route-map Herb 
  passive-interface Ethernet0 
  passive-interface Serial0 
  network 10.0.0.0 
  default-metric 10000 1000 255 1 1500
!
route-map Daisy permit 10 
  match tag 2
!
route-map Herb permit 10 
  match tag 1

redistribute protocol [process-id]{level-1|level-1-2|level-2}[metric metric-value][metric-type type-value][match{internal|external 1|external 2}][tag tag-value] [route-map map-tag][weight weight][subnets]

Access Lists

Standard IP Access Lists

access-list access-list-number {deny|permit} source [source-wildcard]

access-list 1 deny 172.22.0.0 0.0.255.255
access-list 1 permit 0.0.0.0 255.255.255.255

Extended IP Access Lists

access-list access-list-number {deny|permit} protocol source source-wildcard destination destination-wildcard [precedence precedence][tostos][log]

access-list-number 100-199
protocol: eigrp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, tcp, or udp.

access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255  

access-list access-list-number {deny|permit} tcp source source-wildcard [operator port [port]] destination destination-wildcard [operator port [port]] [established][precedence precedence][tostos][log]

access-list 110 permit tcp 10.0.0.0 0.255.255.255 172.22.114.0 0.0.0.255 eq 23

access-list access-list-number {deny|permit} icmp source source-wildcard destination destination-wildcard [icmp-type[icmp-code]][precedence precedence][tostos][log]

access-list 111 deny icmp 172.22.0.0 0.0.255.255 any 0
access-list 111 deny icmp 172.22.0.0 0.0.255.255 any 3 9
access-list 111 deny icmp 172.22.0.0 0.0.255.255 any 3 10
access-list 111 permit ip any any  

Calling Access List

ip access-group access-list-number/name {in|out}

Named Access Lists

ip access-list {standard|extended} name
{deny|permit} source [source-wildcard]
{deny|permit} protocol source source-wildcard destination destination-wildcard [precedenceprecedence] [tos tos][log]

show ip access-list
show access-list
show ip accounting access-violations

Routing II (Cisco)

Routing TCP/IP, Volume II by Jeff Doyle

Introduction to BGP-4

CIDR

The Internet

Internet subscribers connect to an Internet service provider (ISP). These local ISPs in turn are the customers of larger ISPs that cover an entire geographic region such as a state or a group of adjacent states. These larger ISPs are called regional service providers. The regional service providers, in turn, connect to large ISPs with high-speed backbones spanning a national or global area. More commonly, these various providers are referred to as Tier III, Tier II, and Tier I providers, respectively.

CIDR

Before CIDR, if your company needed 500 host addresses, a Class C address would not have served your needs. You probably would have requested a Class B address, even though you would be wasting 65,000 host addresses. With CIDR, your needs can be met with a /23 block.

Difficulties with CIDR

Who needs BGP

An important principle to remember when working with inter-AS traffic is that each physical link actually represents two logical links: one for incoming traffic and one for outgoing traffic.

A Single-Homed Autonomous System

Static Routes Are All That Is Needed

Multihoming to a Single Autonomous System

  When the redundant link is used only for backup, there is again no call for BGP. The routes can be advertised just as they were in the single-homed scenario, except that the routes associated with the backup link have the distances set high so that they are used only if the primary link fails.
  If the geographical separation between the two (or more) exit points is large enough for delay variations to become significant, you might have a need for better control of the routing. You might now consider BGP.
  Remember that the incoming route advertisements influence your outgoing traffic. outgoing route advertisements influence your incoming traffic.
  You should use BGP only when you can realize an advantage in traffic control. Consider the incoming and outgoing traffic separately. If it is only important to control your incoming traffic, use BGP to advertise routes to your provider while still advertising only a default route into your AS. On the other hand, if it is only important to control your outgoing traffic, use BGP only to receive routes from your provider. Consider carefully the ramifications of accepting routes from your provider. The table size can be very big. “Taking partial BGP routes” is a compromise. For example, a provider might advertise only routes to its other subscribers, plus a default route to reach the rest of the Internet.

Multihoming to Multiple Autonomous Systems

  The best candidates for multihoming to multiple providers are corporations and ISPs that are large enough to qualify for a provider-independent address space (or who already have one) and a public autonomous system number.
  One option is to use one ISP as a primary Internet connection and the other as a backup only; another option is to default route to both providers and let the routing chips fall where they may. If neither of these solutions is likely to be acceptable, BGP is the preferred option in this scenario. If full routes are accepted from both providers, the best route for every Internet destination is chosen. Another option, full routes can be taken from the preferred provider and partial routes can be taken from the other provider. Yet another option, each provider might send its own customer routes, and the subscriber points default routes to both providers. A fourth option, each ISP might send its customer routes and also the customer routes of its upstream provider.

“Load Balancing”

  Multihoming is for redundancy and increased routing efficiency, not load balancing.

BGP Basics

  BGP rides on TCP with port 179. BGP uses a list of AS numbers through which a packet must pass to reach the destination. BGP is called a path vector routing protocol. The list is called AS_PATH, one of several path attibutes.

  BGP does not show the details of the topologies within each AS. Because BGP sees only a tree of autonomous systems, it can be said that BGP takes a higher view of the Internet than IGP, which sees only the topology within an AS.

show ip bgp

The table shows destination networks, next-hop routers, metric, locprf, weight. Notice that each AS_PATH ends in an i, indicating that the path terminates at an IGP.

BGP Message Types

Open, Keepalive, Update, Notification

BGP States

Idle, Connect, Active, Opensent, Openconfirm, Established,

Path Attributes

ORIGIN Well-known mandatory
AS_PATH Well-known mandatory
NEXT_HOP Well-known mandatory
LOCAL_PREF Well-known discretionary
ATOMIC_AGGREGATE Well-known discretionary
AGGREGATOR Optional transitive
COMMUNITY Optional transitive
MULTI_EXIT_DISC (MED) Optional nontransitive
ORIGINATOR_ID Optional nontransitive
CLUSTER_LIST Optional nontransitive

  If an internal BGP speaker receives multiple routes to the same destination, it compares the LOCAL_PREF attributes of the routes. The route with the highest LOCAL_PREF is selected.

  To influence incoming traffic, the MULTI_EXIT_DISC attribute, known as the MED for short, is used. This optional nontransitive attribute is carried in EBGP updates and allows an AS to inform another AS of its preferred ingress points.

Route Dampening

  Penalty, Suppress limit, Reuse limit, Half-life, Maximum suppress time

IBGP and IGP

  To protect against loops, BGP does not advertise routes that have been learned from an IBGP peer to another IBGP peer.
  The IBGP internetwork must be fully meshed.
  Two tools for controlling the full IBGP mesh requirement, route reflectors and confederations.
  IGP is used for establishing IBGP connectivity.

Managing Large-Scale BGP Peering

Route Reflector

  A router reflector and its clients are known collectively as a cluster.
  Route reflectors work by relaxing the rule that IBGP peers cannot advertise routes learned from other IBGP peers. To avoid possible routing loops or other routing errors, the route reflector cannot change the attributes of the routes it receives from clients.
  For redundancy, a cluster can have more than one RR. The clients have physical connections to each of the route reflectors.
  An AS also can have multiple clusters, with each cluster having redundant route reflectors.
  A Route Reflector Can Be the Client of Another Route Reflector. Thus, you can build “nested” route reflection clusters.
  
  To prevent routing loops, route reflectors use two BGP path attributes: ORIGINATOR_ID and CLUSTER_LIST.

Confederations

  A confederation is an AS that has been subdivided into a group of member autonomous systems. A confederation ID is the AS number of the entire confederation.
  Confederations add two more types to the AS_PATH, AS_CONFED_SEQUENCE and AS_CONFED_SET.
  It is common practice to use the reserved range 64512 to 65535 to number the member autonomous systems.

Configuring BGP-4

Basic BGP Configuration

Peering BGP routers

Taos

router bgp 200
 neighbor 192.168.1.226 remote-as 100

Vail

router bgp 100
 neighbor 192.168.1.222 remote-as 100	
 neighbor 192.168.1.225 remote-as 200

  show ip bgp neighbors

  The interface from which the router ID is taken does not have to be running BGP.

  clear ip bgp
  bgp router-id

  “Real-life” IBGP implementations use either the next-hop-self function or run an IGP in passive mode on the external interfaces.

Injecting IGP routes into BGP

  For each prefix specified with the command network, BGP looks into the routing table. If an entry in the table exactly matches the network prefix, that prefix is entered into the BGP table and advertised.

router eigrp 200
 passive-interface Serial0
 network 192.168.1.0
 network 192.168.100.0
!
router bgp 200
 network 192.168.1.216 mask 255.255.255.252
 network 192.168.100.0
 network 192.168.200.0
 neighbor 192.168.1.226 remote-as 100

IBGP Over an IGP

  A single IBGP session can be created between the loopback interfaces of the routers. OSPF takes care of finding the best path for the IBGP session.

  You also can establish EBGP sessions between loopback interfaces, though you rarely do. Neighbor ebgp-multihop command is needed to change the TTL of the EBGP packets to 2. And static routes are necessary so that each router knows how to find the address of its neighbor’s loopback interface to begin the TCP session.

Aggregate Routes

router eigrp 100
 network 192.168.199.0
!
router bgp 100
 network 192.168.192.0 mask 255.255.248.0
 neighbor 192.168.1.253 remote-as 200
!
ip route 192.168.192.0 255.255.248.0 Null0

  Use aggregate-address command

router eigrp 100
 network 192.168.199.0
!
router bgp 100
 aggregate-address 192.168.192.0 255.255.248.0 summary-only
 redistribute eigrp 100
 neighbor 192.168.1.253 remote-as 200

Managing BGP Connections

  neighbor description
  neighbor password
  advertisement-interval
  bgp bestpath as-path ignore
  neighbor maximum-prefix
  neighbor shutdown
  timers bgp

Routing Policies

  No other IP routing protocol offers policy features as powerful as those of BGP, and no other protocol carries as great a potential for getting you into trouble as does BGP.

  clear ip bgp *
  clear ip bgp soft in
  Like a “hard” reset, you can specify a single neighbor, a peer group, or all BGP connections.

Filtering Routes by NLRI

  The first and simplest of the route filters available to BGP are defined by the distribute-list command. This route filter is defined for each neighbor or peer group and points to an access list that defines the prefixes, or NLRI, on which the filter will act.

Filtering Routes by AS_PATH

  ip as-path access-list
  neighbor filter-list

Filtering with Route Maps

  neighbor route-map
  match ip address
  match as-path

Administrative Weights

  neighbor weight

neighbor 10.200.60.1 weight 50000

  neighbor filter-list weight

router bgp 30
  neighbor 10.200.60.1 filter-list 2 weight 60000
!	
ip as-path access-list 2 permit _75$

  neighbor filter-list weight

neighbor 10.200.60.1 filter-list 2 weight 60000

  neighbor route-map

router bgp 30
  neighbor 10.200.60.1 route-map Cervinia in  
!
ip as-path access-list 2 permit _75$
ip as-path access-list 3 permit _50$
!
route-map Innsbruck permit 10
 match as-path 2
 set weight 40000
route-map Innsbruck permit 20
 match as-path 3
 set weight 60000

Local Preference

  Unlike administrative weight, the LOCAL_PREF is not limited to a single router. Rather, it is communicated to IBGP peers. The attribute is not communicated to EBGP peers—hence the name local preference.

  ip default local-preference
  set local-preference

router bgp 30
 neighbor 10.100.65.1 route-map PREF in
!
ip as-path access-list 2 permit _75$
route-map PREF permit 10
 match as-path 2
 set local-preference 300
route-map PREF permit 20

Multi_Exit_Disc

  The MULTI_EXIT_DISC attribute, or MED, is used to influence the routing decisions in neighboring autonomous systems.

  Another term for MED is metric, and another term for metric is distance. So remember “highest preference, shortest distance.”

router bgp 30
 neighbor 10.100.83.1 route-map MED out
!
access-list 1 permit 172.31.0.0
route-map MED permit 10
 match ip address 1
 set metric 100

Prepending the AS_PATH

route-map PATH permit 10
 match ip address 3
 set as-path prepend 30

Route Tagging

  Tags are useful when a route is redistributed from protocol A into protocol B and then redistributed back into protocol A at some other point.

Route Dampening

  Route dampening is enabled under the BGP process configuration with the command bgp dampening. If you want to change the default values, the syntax is bgp dampening half-life reuse suppress max-suppress.

show ip bgp flap-statistics
show ip bgp dampened-paths
clear ip bgp flap-statistics
clear ip bgp dampening

Large-Scale BGP

Private AS Numbers

  AS numbers 64512 to 65535 are reserved for private use.

neighbor remove-private-AS

BGP Confederations

  IBGP is used normally within each member AS, but a special version of EBGP known as confederation EBGP is run between member autonomous systems.

router ospf 65534
 network 10.34.0.0 0.0.255.255 area 65534
 network 10.255.0.0 0.0.255.255 area 0
!
router bgp 65534
 no synchronization
 bgp confederation identifier 1200
 bgp confederation peers 65533 65535
 neighbor Confed peer-group
 neighbor Confed ebgp-multihop 2
 neighbor Confed update-source Loopback
 neighbor Confed next-hop-self
 neighbor MyGroup peer-group
 neighbor MyGroup remote-as 65534
 neighbor MyGroup update-source Loopback0
 neighbor 10.33.255.1 remote-as 65533
 neighbor 10.33.255.1 peer-group Confed
 neighbor 10.34.255.2 peer-group MyGroup
 neighbor 10.35.255.1 remote-as 65535
 neighbor 10.35.255.1 peer-group Confed

  Confederation EBGP is something of a hybrid between normal BGP and IBGP. Specifically, within a confederation, the following applies:
  The NEXT_HOP attribute of routes external to the confederation is preserved throughout the confederation.
  MULTI_EXIT_DISC attributes of routes advertised into a confederation are preserved throughout the confederation.
  LOCAL_PREF attributes of routes are preserved throughout the entire confederation.
  The AS numbers of the member autonomous systems are added to the AS_PATH within the confederation but are not advertised outside of the confederation.
  The confederation AS numbers in an AS_PATH are used for loop avoidance but are not considered when choosing a shortest AS_PATH within the confederation.

  You can design confederations taking cue from OSPF so that all areas interconnect through a single backbone area, eliminating the possibility of inter-area loops.

Route Reflectors

Fortress

router bgp 65533
 no synchronization
 bgp confederation identifier 1200
 bgp confederation peers 65000
 neighbor 10.33.255.1 remote-as 65000
 neighbor 10.33.255.1 ebgp-multihop 2
 neighbor 10.33.255.1 update-source Loopback0
 neighbor 10.33.255.2 remote-as 65533
 neighbor 10.33.255.2 update-source Loopback0
 neighbor 10.33.255.2 route-reflector-client
 neighbor 10.33.255.2 next-hop-self
 neighbor 10.33.255.3 remote-as 65533
 neighbor 10.33.255.3 update-source Loopback0
 neighbor 10.33.255.3 route-reflector-client
 neighbor 10.33.255.3 next-hop-self

Nakiska

router bgp 65533
 no synchronization
 bgp confederation identifier 1200
 network 10.33.5.0 mask 255.255.255.0
 neighbor 10.33.255.4 remote-as 65533
 neighbor 10.33.255.4 update-source Loopback0
 neighbor 10.33.255.4 next-hop-self
 neighbor 172.17.255.1 remote-as 1000
 neighbor 172.17.255.1 ebgp-multihop 2
 neighbor 172.17.255.1 update-source Loopback0

Marmot

router bgp 65533
 no synchronization
 bgp confederation identifier 1200
 network 10.33.4.0 mask 255.255.255.0
 neighbor 10.33.255.4 remote-as 65533
 neighbor 10.33.255.4 update-source Loopback0
 neighbor 10.33.255.4 next-hop-self

  If you configure more than one route reflector in a cluster, you must use the bgp cluster-id command to ensure that all RRs are identifying themselves as members of the same cluster.

Fortress

router bgp 65533
 no synchronization
 bgp cluster-id 33
 bgp confederation identifier 1200
 bgp confederation peers 65000
 neighbor 10.33.255.1 remote-as 65000
 neighbor 10.33.255.1 ebgp-multihop 2
 neighbor 10.33.255.1 update-source Loopback0
 neighbor 10.33.255.2 remote-as 65533
 neighbor 10.33.255.2 update-source Loopback0
 neighbor 10.33.255.2 route-reflector-client
 neighbor 10.33.255.2 next-hop-self
 neighbor 10.33.255.3 remote-as 65533
 neighbor 10.33.255.3 update-source Loopback0
 neighbor 10.33.255.3 route-reflector-client
 neighbor 10.33.255.3 next-hop-self
 neighbor 10.33.255.5 remote-as 65533
 neighbor 10.33.255.5 update-source Loopback0
 neighbor 10.33.255.5 next-hop-self

Norquay

router bgp 65533
 no synchronization
 bgp cluster-id 33
 bgp confederation identifier 1200
 bgp confederation peers 65000
 neighbor 10.33.255.1 remote-as 65000
 neighbor 10.33.255.1 ebgp-multihop 2
 neighbor 10.33.255.1 update-source Loopback0
 neighbor 10.33.255.2 remote-as 65533
 neighbor 10.33.255.2 route-reflector-client
 neighbor 10.33.255.2 update-source Loopback0
 neighbor 10.33.255.2 next-hop-self
 neighbor 10.33.255.3 remote-as 65533
 neighbor 10.33.255.3 route-reflector-client
 neighbor 10.33.255.3 update-source Loopback0
 neighbor 10.33.255.3 next-hop-self
 neighbor 10.33.255.4 remote-as 65533
 neighbor 10.33.255.4 update-source Loopback0
 neighbor 10.33.255.4 next-hop-self

  The Links Interconnecting Clusters Must Be Between Route Reflectors, Not Between Clients.

  The rule that clients must peer only to their RRs has two exceptions. First, a client itself can be a route reflector for another cluster.The second exception is when there is a full IBGP mesh among the clients.

IP Multicast Routing

Multicast IP Addresses and IGMP

  Class D IP addresses in the Range 224.0.0.0–239.255.255.255 are used as multicast addresses.

  Multicast MAC addresses on Ethernet are created by concatenating the last 23 Bits of the IP address with the first 25 bits of the MAC address 0100.5E00.0000.

  IGMP messages are limited to the local data link.

  Hosts running IGMPv2 use three types of messages: Membership Report messages, Version 1 Membership Report messages, Leave Group messages.

  The local router periodically polls the subnet with queries: General Query or Group-Specifi Query.

  show ip igmp groups

  The primary addition to IGMPv3 is the inclusion of a Group-and-Source-Specific Query.

PIM-SM

  PIM-SM supports both shared and source-based trees.

  PIM-SM uses seven PIMv2 messages: Hello, Bootstrap, Candidate-RP-Advertisement, Join/Prune, Assert, Register, Register-Stop.

The Bootstrap Protocol

The bootstrap protocol is used to designate and advertise the Rendezvous Point.

PIM-SM and Shared Trees

show ip pim rp mapping
show ip mroute

Configuring BGP OSPF ISIS on Cisco

BGP

We love oranges as oranges mean pure refreshment.

Configuration Example

R3
router bgp 100
 network 192.168.1.204 mask 255.255.255.252
 neighbor 192.168.255.251 remote-as 400
 neighbor 192.168.255.251 ebgp-multihop 2
 neighbor 192.168.255.251 update-source Loopback0
 neighbor 192.168.255.254 remote-as 100
 neighbor 192.168.255.254 update-source Loopback0
 neighbor 192.168.255.254 next-hop-self
ip route 192.168.255.251 255.255.255.255 
192.168.1.205
R4
router bgp 400
 network 192.168.50.0
 network 192.168.75.0
 network 192.168.1.200 mask 255.255.255.252
 neighbor 192.168.255.253 remote-as 100
 neighbor 192.168.255.253 ebgp-multihop 2
 neighbor 192.168.255.253 update-source Loopback3
 no auto-summary
ip route 192.168.255.253 255.255.255.255 192.168.1.206

Local Preference || MED

Troubleshooting

Show ip BGP ?

OSPF

Basic

R2(config)#router ospf 1
R2(config-router)#network 10.0.23.3 0.0.0.0 area 0
R3(config)#router ospf 1
R3(config-router)#network 10.0.23.3 0.0.0.0 area 0
R3(config-router)#network 10.1.34.3 0.0.0.0
area 0

default route

router ospf 1
 network 10.0.12.1 0.0.0.0 area 1
 default-information originate always

check ospf information

show ip ospf ?

ISIS

Configuration Example on R2

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip router isis 
!
interface GigabitEthernet0/1
 ip address 10.0.12.2 255.255.255.0
 ip router isis 
!
interface GigabitEthernet0/2
 ip address 10.0.24.2 255.255.255.0
 ip router isis			
!
router isis
 net 49.0001.0000.0000.0004.00
 is-type level-1-2
 log-adjacency-changes

Check ISIS Information

show ip route isis
show isis database ?