Tuesday, August 31, 2010

CCNP - ENTERPRISE - Manipulating Routing updates

So, this evening I've been battling Distribution lists and the appropriate application of them and for some reason I just couldn't get that external EIGRP route to be filtered out when redistributing in to OSPF.

After a bit of reading around I've figured out I was approaching it from the wrong end. Assume you have R1, R2, and R3. R1 is running EIGRP, R2 is performing redistribution in to EIGRP and OSPF, and OSPF is running on R3.

My error was that I was working on R2 and wondering why it was that I had configured my access-list to deny my chosen route, applied the cmd - #distribution-list 1 out ospf 1 within the #router ospf 1 process, and nothing had happened.

The problem I was encountering was that in order for OSPF to properly calculate the shortest path, all the Link-State Databases through out your area must be synchronised. As such you can't simply deny your chosen network on the redistributing router as the network would not then be in synch.

The solution was to log on to R3, the router I wanted to have the route filtered from. Create the access list to deny the chosen route (then permit any - remember the implicite deny that would otherwise take affect). I then entered #distribution-list 1 in, from within the ospf routing process and job done! My desired route if filtered out and the rest remain.

Configuration:
R3(config)#access-list 4 deny   172.16.4.0 0.0.0.255
R3(config)#access-list 4 permit any
!
R3(config)#router ospf 1
R3(config-router)#network 10.10.0.0 0.0.255.255 area 0
R3(config-router)#network 192.168.12.0 0.0.0.255 area 0
R3(config-router)# distribute-list 4 in
!

CCNP - ENTERPRISE - Routing Protocol Metrics

Continuing the theme of grouping together common attributes/characteristics (see my posts on Summarisation and Authentication), in this article I'm going to set out the Metric for each routing protocol tested on the BSCI.


RIPv2 :  Distance Vector protocol
Metric = Hop count, 1-15, with 16 being 'infinity' or unreachable


EIGRP: Advanced Distance Vector protocol
Metric = Calculation based on Bandwidth (K1), Load(K2), Delay(K3), Reliability(K4), MTU (K5) although MTU is tracked through the path to find the smallest MTU - it is NOT used in the metric calculation.


Calculation is:  Metric = 256*([K1*Bw + K2*Bw/(256-Load) + K3*Delay]*[K5/(Reliability + K4)])


Where:
 [K5/(Reliability + K4)] is disregarded if K5 = 0


Default K-values in use are K1 and K3 therefore is you use the default settings the default metric is based on Bandwidth and Delay.


OSPF: Link-State routing protocol
Metric = Cost where cost is calculated by - cost= 10000 0000/bandwith in bps

  • The Cost is an indication of the overhead required to send a packet over a specified interface. 
  • Cost is inversely affected by the bandwidth, the greater the bandwidth the lower the cost
  • The Cost of the outbound interface is used
  • To change the Cost of a given interface and therefore influence path selection you apply the command #ip ospf cost [cost value] to the outbound interface concerned
IS-IS: Link-State routing protocol
Metric = Arbitrary value between 0 -63, you decide what it means. Default value is 10

  • To fine tune IS-IS you manually assign a metric value to each interface configured for IS-IS
  • Similar to the OSPF bandwidth
  • use the cmd #isis metric [metric] [level1| level2] to change the metric and assign it the appropriate routing level.
BGP: Distance Vector exterior routing protocol
Metric - is the Multi-Exit Discriminator value.
  • the Lower the MED the better
  • Used to decided how to enter an AS
  • Default is 0
  • Optional, Non-transitive
  • Usually only shared between 2 AS's that have multiple eBGP connections with each other




Monday, August 30, 2010

CCNP - ENTERPRISE - Manipulating Routing Updates - Routing Table Codes

I got caught out during some practice questions on routing table codes. So I thought it might be an idea to list the out put from #sh ip route and just set down what they are.

Simple question to nail - given the codes [X, Y, Z] which is the least trust worthy. I should have had this down from my CCNA but there you are. You need to first understand what the code is, then cross reference it with a suitable Administrative Distance. (Check my Charts and Table page above if you're unsure of the AD for a given protocol)

Protocol code:

C - connected,
S - static,
R - RIP,
M - mobile
B - BGP
D - EIGRP,
EX - EIGRP external,
O - OSPF,
IA - OSPF inter area
N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2
E1 - OSPF external type 1,
E2 - OSPF external type 2
i - IS-IS,
su - IS-IS summary,
L1 - IS-IS level-1,
L2 - IS-IS level-2
ia - IS-IS inter area,
* - candidate default,
U - per-user static route
o - ODR,
P - periodic downloaded static route

CCNP - ENTERPRISE- BGP - Route Reflectors

A route reflector acts like a DR (for OSPF) or DIS (in IS-IS) where it acts as a central location where multiple BGP routers can peer with it. The Route Reflector is the Server and all other BGP peers are clients.

The benefit of this is that you can by pass the Full Mesh requirement the iBGP requires. Instead a Route Reflector server propagates routes to the peers. A Route Reflector advertises a route learned from one iBGP peer to another iBGP peer. (remember by it's very nature iBGP peers to not forward updates received as it is assumed the network is a Full Mesh. The use of a Route Reflector helps cuts down the admin required for a Full Mesh configuration.

If you had 10 routers, in a full mesh you'd be looking at 100 specific statements across the network. Introducing a Route Reflector cuts this down to 20 statements (11 on the RR and 9 across the remaining 9 routers).

There are rules on how a Route Reflector will propagate routes within the iBGP AS.
1) If a route is received from a non-client peer ( a BGP peer not using a route reflector), reflect to clients only
2) If a route is received from a client peer, refelct to all non-client peers AND client peers, except the originator of the route
3) If a route is received from an eBGP peer, reflect to all client and non-client peers.

Configuration:
Clients require no configuration at all. Process is transparent. Just configure your neighbor statements as usual.

On the Route Reflector:
R1(config)#router bgp 100
R1(config-router)#neighbor 172.16.10.1 route-reflector-client
R1(config-router)#neighbor 172.16.20.1 route-reflector-client
!
Note that when configuring the neighbor as a route reflector client the adjacency will go down and back up.

That's it. R1 will 'reflect' routes to the clients set out in the neighbor statements.

Verify your route reflector clients using:
R1#sh ip bgp neighbor
!
The out put will be quite lengthy but there will be a statement in the output highlighting the 'Route Reflector Client'

Sunday, August 29, 2010

CCNP - ENTERPRISE - OSPF - Network Types - Point-to-Multipoint Non-Broadcast

Point-to-Multipoint Non-Broadcast:

  • Cisco proprietary
  • Single subnet required
  • No DR/BDR elected
  • Neighbors specifically configured - this is the difference between standard and Cisco Point-to-Multipoint
Configuration:
R1(config)#interface Serial0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#ip ospf network point-to-multipoint non-broadcast
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay local-dlci 100
R1(config-if)#frame-relay map ip 192.168.10.2 102
R1(config-if)#frame-relay map ip 192.168.10.3 103
R1(config-if)#frame-relay map ip 192.168.10.4 104
R1(config-if)#no shut
!
R1(config)#router ospf 1
R1(config-router)#network 192.168.10.0 0.0.0.255 area 0
R1(config-router)#neighbor 192.168.10.2
R1(config-router)#neighbor 192.168.10.3
R1(config-router)#neighbor 192.168.10.4
!

On R2:
R2(config)#interface S0/0
R2(config-if)#ip address 192.168.10.2 255.255.255.0
R2(config-if)#encapsulation frame-relay
R2(config-if)#ip ospf network point-to-multipoint non-broadcast
R2(config-if)#frame-relay local-dlci 201
R2(config-if)#frame-relay map ip 192.168.10.1 201
R2(config-if)#no shut
!
R2(config)#router ospf 1
R2(config-routrer)#network 10.0.1.0 0.0.0.255 area 0
!

CCNP - ENTERPRISE - OSPF - Network Types - Broadcast

Broadcast:

  • Cisco proprietary
  • Full mesh required
  • Single subnet required
  • DR/BDR elected
  • Timers = 10 seconds
Configuration:
Lacking a diagram, assume we have 4 routers in a hub and spoke design. R1 is the Hub and R2,R3, and R4 are spoke routers. Frame-relay is in use.

On R1:
R1(config)#router ospf 1
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
!
R1(config)#int s0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#encapsulation frame-relay
R1(config-if)#ip ospf network broadcast
R1(config-if)#ip ospf priority 10
R1(config-if)#frame-relay map ip 192.168.1.2 102 broadcast*
R1(config-if)#frame-relay map ip 192.168.1.3 103 broadcast
R1(config-if)#frame-relay map ip 192.168.1.4 104 broadcast
!
*broadcasts and multi-casts are now forwarded

On R2:
R2(config)#router ospf 1
R2(config-router)#network 192.168.1.0 0.0.0.255 area 0
!
R2(config)#int s0/0
R2(config-if)#ip address 192.168.1.2 255.255.255.0
R2(config-if)#encapsulation frame-relay
R2(config-if)#ip ospf network broadcast
R2(config-if)#ip ospf priority 0
R2(config-if)#frame-relay map ip 192.168.1.1 25 broadcast
R2(config-if)#frame-relay map ip 192.168.1.3 25 broadcast
R2(config-if)#frame-relay map ip 192.168.1.4 25 broadcast
!

On R3:
R3(config)#router ospf 1
R3(config-router)#network 192.168.1.0 0.0.0.255 area 0
!
R3(config)#int s0/0
R3(config-if)#ip address 192.168.1.3 255.255.255.0
R3(config-if)#encapsulation frame-relay
R3(config-if)#ip ospf network broadcast
R3(config-if)#ip ospf priority 0
R3(config-if)#frame-relay map ip 192.168.1.1 35 broadcast
R3(config-if)#frame-relay map ip 192.168.1.2 35 broadcast
R3(config-if)#frame-relay map ip 192.168.1.4 35 broadcast
!

On R4:
R4(config)#router ospf 1
R4(config-router)#network 192.168.1.0 0.0.0.255 area 0
!
R4(config)#int s0/0
R4(config-if)#ip address 192.168.1.4 255.255.255.0
R4(config-if)#encapsulation frame-relay
R4(config-if)#ip ospf network broadcast
R4(config-if)#ip ospf priority 0
R4(config-if)#frame-relay map ip 192.168.1.1 45 broadcast
R4(config-if)#frame-relay map ip 192.168.1.2 45 broadcast
R4(config-if)#frame-relay map ip 192.168.1.3 45 broadcast
!

In the example above you should note that R1 has a priority of 10 manually configured whilst R2, R3, and R4 each have their ospf priority set to 0. This will ensure that regardless of any future configuration R1 will always be the OSPF DR.

CCNP - ENTERPRISE - OSPF - Network Types - Point-to-Point

Point-to-Point:

Uses Sub-Interfaces
Sub-interfaces used to address Split-Horizon issues that can result in using a single physical interface
Separate sub-interfaces require separate subnets
No DR/BDR elections
Neighbors automatically form.

Configuration:
Lacking a diagram, assume we have 4 routers in a hub and spoke design. R1 is the Hub and R2,R3, and R4 are spoke routers. Frame-relay is in use.

On R1:
R1(Config)#router ospf 1
R1(config-router)#network 192.168.0.0 0.0.255.255 area 0
!
R1(config)#int s0/0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no shutdown
!
R1(config)#int s0/0.102 point-to-point
R1(config-if)#description Link_To_R2
R1(config-if)#ip addr 192.168.12.1 255.255.255.252
R1(config-if)#frame-relay interface-dlci 102
!
R1(config)#int s0/0.103 point-to-point
R1(config-if)#description Link_To_R3
R1(config-if)#ip addr 192.168.13.1 255.255.255.252
R1(config-if)#frame-relay interface-dlci 103
!
R1(config)#int s0/0.104 point-to-point
R1(config-if)#description Link_To_R4
R1(config-if)#ip addr 192.168.14.1 255.255.255.252
R1(config-if)#frame-relay interface-dlci 104
!

On R2:
R2(Config)#router ospf 1
R2(config-router)#network 192.168.0.0 0.0.255.255 area 0
!
R2(config)#int s0/0
R2(config-if)#encapsulation frame-relay
R2(config-if)#no shutdown
!
R2(config)#int s0/0.25
R2(config-if)#description Link_To_R1
R2(config-if)#ip addr 192.168.12.2 255.255.255.252
R2(config-if)#frame-relay interface-dlci 25
!

On R3:
R3(Config)#router ospf 1
R3(config-router)#network 192.168.0.0 0.0.255.255 area 0
!
R3(config)#int s0/0
R3(config-if)#encapsulation frame-relay
R3(config-if)#no shutdown
!
R3(config)#int s0/0.35
R3(config-if)#description Link_To_R1
R3(config-if)#ip addr 192.168.13.2 255.255.255.252
R3(config-if)#frame-relay interface-dlci 35
!

On R4:
R4(Config)#router ospf 1
R4(config-router)#network 192.168.0.0 0.0.255.255 area 0
!
R4(config)#int s0/0
R4(config-if)#encapsulation frame-relay
R4(config-if)#no shutdown
!
R4(config)#int s0/0.45
R4(config-if)#description Link_To_R1
R4(config-if)#ip addr 192.168.14.2 255.255.255.252
R4(config-if)#frame-relay interface-dlci 45
!

CCNP - ENTERPRISE- OSPF - Network Types - Point-to-Multipoint

Point-to-Multipoint

  • Full mesh not required
  • Allows for NBMA networking
  • No DR/BDR elections
  • Timers = 30 seconds /120 seconds
  • Do not need to manually configure neighbor statements
  • Specific networks advertised through out.
    Configuration:
    Lacking a diagram, assume we have 4 routers in a hub and spoke design. R1 is the Hub and R2,R3, and R4 are spoke routers. Frame-relay is in use.

    On R1:
    R1(config)#router ospf 1
    R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
    !
    R1(config)#int s0/0
    R1(config-if)#ip address 192.168.1.1 255.255.255.0
    R1(config-if)#encapsulation frame-relay
    R1(config-if)#ip ospf network point-to-multipoint
    R1(config-if)#frame-relay map ip 192.168.1.2 102^
    R1(config-if)#frame-relay map ip 192.168.1.3 103
    R1(config-if)#frame-relay map ip 192.168.1.4 104
    !
    ^ maps 192.168.1.2 to DLCI 102 - this is locally significant.

    On R2:
    R2(config)#router ospf 1
    R2(config-router)#network 192.168.1.0 0.0.0.255 area 0
    !
    R2(config)#int s0/0
    R2(config-if)#ip address 192.168.1.2 255.255.255.0
    R2(config-if)#encapsulation frame-relay
    R2(config-if)#ip ospf network point-to-multipoint
    R2(config-if)#frame-relay map ip 192.168.1.1 25
    R2(config-if)#frame-relay map ip 192.168.1.3 25
    R2(config-if)#frame-relay map ip 192.168.1.4 25
    !

    On R3:
    R3(config)#router ospf 1
    R3(config-router)#network 192.168.1.0 0.0.0.255 area 0
    !
    R3(config)#int s0/0
    R3(config-if)#ip address 192.168.1.3 255.255.255.0
    R3(config-if)#encapsulation frame-relay
    R3(config-if)#ip ospf network point-to-multipoint
    R3(config-if)#frame-relay map ip 192.168.1.1 35
    R3(config-if)#frame-relay map ip 192.168.1.2 35
    R3(config-if)#frame-relay map ip 192.168.1.4 35
    !

    On R4:
    R4(config)#router ospf 1
    R4(config-router)#network 192.168.1.0 0.0.0.255 area 0
    !
    R4(config)#int s0/0
    R4(config-if)#ip address 192.168.1.4 255.255.255.0
    R4(config-if)#encapsulation frame-relay
    R4(config-if)#ip ospf network point-to-multipoint
    R4(config-if)#frame-relay map ip 192.168.1.1 45
    R4(config-if)#frame-relay map ip 192.168.1.2 45
    R4(config-if)#frame-relay map ip 192.168.1.3 45
    !

    Note - the lack of manually assigned neighbor statements and the fact you still need to configure your frame-relay maps.
    -Also do not forget the ip ospf network point-to-multipoint cmd.

    CCNP - ENTERPRISE - OSPF - Network Types - NBMA

    Non-Broadcast Multi-Access :
    • Typically a full mesh topology (each router has a link to every one router). 
    • Is the default network configuration for Frame Relay/ATM
    • Neighbors are statically configured (see config below)
    • Must use a single subnet to link all the interfaces in the mesh
    • a DR/BDR is elected
    • Hello Timers = 30 seconds Hello/120 seconds hold down
    Note: With Frame Relay, when adding a new network behind one of the branch routers (not a DR router) it will be advertised out via OSPF but not actually pingable.
    - to resolve this issue you need to manually add a Frame-Relay map to the outgoing interface on the router the new network is sat behind and on the DR.

    Configuration:
    Lacking a diagram, assume we have 4 routers in a hub and spoke design. R1 is the Hub and R2,R3, and R4 are spoke routers. Frame-relay is in use.

    On R1:
    R1(config)#router ospf 1
    R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
    R1(config-router)#neighbor 192.168.1.2*
    R1(config-router)#neighbor 192.168.1.3
    R1(config-router)#neighbor 192.168.1.4
    !
    R1(config)#int s0/0
    R1(config-if)#ip address 192.168.1.1 255.255.255.0
    R1(config-if)#encapsulation frame-relay
    R1(config-if)#frame-relay map ip 192.168.1.2 102^
    R1(config-if)#frame-relay map ip 192.168.1.3 103
    R1(config-if)#frame-relay map ip 192.168.1.4 104
    !

    *when you use this cmd with out setting a neighbor priority the default is 1
    ^ maps 192.168.1.2 to DLCI 102 - this is locally significant.

    On R2:
    R2(config)#router ospf 1
    R2(config-router)#network 192.168.1.0 0.0.0.255 area 0
    R2(config-router)#neighbor 192.168.1.1 priority 10* 
    !
    R2(config)#int s0/0
    R2(config-if)#ip address 192.168.1.2 255.255.255.0
    R2(config-if)#encapsulation frame-relay
    R2(config-if)#frame-relay map ip 192.168.1.1 25
    R2(config-if)#frame-relay map ip 192.168.1.3 25
    R2(config-if)#frame-relay map ip 192.168.1.4 25
    !

    *when you use this cmd with the priority cmd the highest will be elected DR.

    On R3:
    R3(config)#router ospf 1
    R3(config-router)#network 192.168.1.0 0.0.0.255 area 0
    R3(config-router)#neighbor 192.168.1.1 priority 10
    !
    R3(config)#int s0/0
    R3(config-if)#ip address 192.168.1.3 255.255.255.0
    R3(config-if)#encapsulation frame-relay
    R3(config-if)#frame-relay map ip 192.168.1.1 35
    R3(config-if)#frame-relay map ip 192.168.1.2 35
    R3(config-if)#frame-relay map ip 192.168.1.4 35
    !

    On R4:
    R4(config)#router ospf 1
    R4(config-router)#network 192.168.1.0 0.0.0.255 area 0
    R4(config-router)#neighbor 192.168.1.1 priority 10
    !
    R4(config)#int s0/0
    R4(config-if)#ip address 192.168.1.4 255.255.255.0
    R4(config-if)#encapsulation frame-relay
    R4(config-if)#frame-relay map ip 192.168.1.1 45
    R4(config-if)#frame-relay map ip 192.168.1.2 45
    R4(config-if)#frame-relay map ip 192.168.1.3 45
    !

    You'll note that on the hub router, R1, each DLCI is different. This is because it is sending packets to 3 different routers. On the spoke routers, R2, R3, R4, the DLCI is the same. This is because they are directing all traffic to R1 for all destinations and therefore use the same outbound link. Resulting in the same DLCI being allocated. (if you follow me?).

    Saturday, August 28, 2010

    CCNP - ENTERPRISE - OSPF - Network types

    OSPF Network types. This is not 'Area types where we are looking at making the OSPF process more efficient'. This is the 'nature of the network that OSPF is running on'.

    There are generally 3 broad types of network that OSPF can be used within:
    1) Broadcast Access - this is a multi-access network. Ethernet.
    2) Point-To-Point - Such as lease lines, T1/T3 connections, ISDN.
    3) Non-Broadcast Multi-Access (NBMA) - Any WAN config represented by a Cloud, Frame-Relay, ATM etc

    In your lab work you'll generally configure either option 1, fastethernet links in to a switch and all your routers connected to the switch resulting in DR/BDR elections. Alternatively you'll have configured option 2, directly connecting your routers using serial cables resulting in there being only one device at either end, thereby eliminating the need for DR/BDR operations.

    It is here that we arrive at our third option and the one I struggle with. Just keep telling yourself 'if it was easy it wouldn't be worth achieving'

    There are 5 modes of NMBA network:
    1) NBMA - RFC 2328 standard
    2) Point-To-Multipoint - RFC 2328 standard
    3) Point-To-Point - Cisco propriortary
    4) Broadcast - Cisco propriortary
    5) Point-To-Multipoint Non-Broadcast - Cisco proprietary

    The next articles cover these network modes.

    CCNP - ENTERPRISE - OSPF - Path Selection

    When OSPF considers which path to take to a destination if there are multiple paths available it will first consider the destination advertised from the lowest LSA (where type1 LSA = Low and type5 LSA =high)

    OSPF will the select the path with the lowest cost.

    CCNP - ENTERPRISE - OSPF - NSSA Totally Stubby Area

    As I was reviewing my posts on OSPF LSA packet types and the Area types they are used in, it struck me that I missed off the last of the 4 area types.

    We have a Stub area, totally stubby area, a Not-So-Stubby-Area, and the last one is NSSA Totally Stubby Area.

    A NSSA Totally Stubby Area works in a similar manner to a Totally Stubby Area (blocking External type5 LSAs, Interarea route type4 LSA's and Summary type 3 LSA's). A single default route replaces all of these.

    To configure a NSSA Totally Stubby Area you do the following:
    On the NSSA ABR (this is the router that now has links to external networks/ Autonomous Systems):
    R5(config)#router ospf 1
    R5(config-router)#area 6 nssa
    !

    On the ABR that links to Area 0 do:
    R4(config)#router ospf 1
    R4(config-router)#area 6 nssa no-summary
    !

    In this situation R4 will automatically generate an O*N2 default route therefore you are not required to enter 'default-information originate'

    Note that this is a Cisco propriortary config.

    Thursday, August 26, 2010

    CCNP - ENTERPRISE - Route Redistribution - #ip helper-address cmd

    If you have DHCP host sat on one side of a router but the DHCP server is sat on the other side of the router then without further configuration the Host will not be able to communicate with the server as routers, by default, do not forward broadcast traffic.

    To get round this you use the #ip helper-address [ip address of DHCP or Broadcast address of network where multiple DHCP reside] cmd.

    Applied to the default gateway interface for the Host do the following:
    R1(config)#int e0
    R1(config-if)#ip helper-address 192.168.5.255
    !
    R1(config)#int e1
    R1(config-if)#ip directed-broadcast

    In the example above the admin knows there are multiple DHCP servers on the 192.168.5.0/24 network connected to int e1. So instead of specifying a single DHCP server the router is configured to pass the DHCP request to the broadcast address of that network.

    On interface e1, the #ip directed-broadcast cmd is used to convert the unicast traffic to a link-layer broadcast. a further explanation is here (taken from www.lansweeper.com):

    An IP directed broadcast is a datagram which is sent to the broadcast address of a subnet to which the sending machine is not directly attached. The directed broadcast is routed through the network as a unicast packet until it arrives at the target subnet, where it is converted into a link-layer broadcast. Because of the nature of the IP addressing architecture, only the last router in the chain, the one that is connected directly to the target subnet, can conclusively identify a directed broadcast