Data Network L2,L3 - Level 2

By : Yogesh Nikam
Mohammed Yaseen Majid
Sunil Padwal
•1
Content

 Bridging and Switching, Transparent bridging, Source routing

and Provider Bridging.
 STP
 RSTP
 MSTP
 VLAN
 LACP / LAG/ MC-LAG.
 RIP
 OSPF
 BGP

•2 •Confidential © Tech Mahindra 2012

•2
 Bridges

 Divide larger networks into smaller sections

 Check MAC address, forward or block the data
 Learning bridge builds list of MAC address by watching the traffic on the
network.

 Two issues to consider:

 Placement 80/20 rule
 Bridging loops
• IEEE 802.1d Spanning tree protocol

 Types of bridges
 Transparent bridge
 Source route bridge
 Translational bridge

•3 •Confidential © Tech Mahindra 2012

•3
Bridges
 Source Route Bridge
 Used in Token Ring networks.
 The entire path (ring number and bridge
number) is embedded within Packet
• Search frame
• Route discovery frame

 Translational bridge
 Used to convert one networking data
format to another.
• For example, from Token Ring to Ethernet
and vice versa.

•4 •Confidential © Tech Mahindra 2012

•4
Bridges

 Transparent Bridging

• Most LAN switches use transparent bridging to create address lookup tables
• Transparent bridging is a technology that allows a switch to learn everything
it needs to know about the location of nodes on the network within the
network administrator having to do anything. Has five parts:
 Learning
 Flooding
 Filtering
 Forwarding
 Aging
Overall design goal: Complete transparency
• “Plug-and-play”
• Self-configuring without hardware or software changes
• Bridges should not impact operation of existing LANs

•5 •Confidential © Tech Mahindra 2012

•5
(1) Frame Forwarding

 Assume a MAC frame arrives on port x.

Port x
Is MAC address of
destination in forwarding Bridge 2
database for ports A, B, or C ? Port A Port C
Port B

Not
Found? found ?

Flood the frame,

Forward the frame on the i.e.,
appropriate port send the frame on all
ports except port x.

•6 •Confidential © Tech Mahindra 2012

•6
(2) Address Learning (Learning Bridges)

 Routing tables entries are set automatically with a simple heuristic:

The source field of a frame that arrives on a port tells which hosts are
reachable from this port.

Src=x, Dest=y Src=x, Dest=y

Src=x,
Src=y, Dest=x
Dest=y
Port 1 Port 4
Src=x, Dest=y Src=x, Dest=y
x is at Port 3
y is at Port 4
Port 2 Port 5

Src=x, Dest=y
Src=x,
Src=y, Dest=x
Dest=y
Port 3 Port 6

•7 •Confidential © Tech Mahindra 2012

•7
(2) Address Learning (Learning Bridges)

Algorithm:
 For each frame received, the source stores the source field in the forwarding
database together with the port where the frame was received.
 All entries are deleted after some time (default is 15 seconds).

Src=y, Dest=x
Port 1 Port 4
x is at Port 3
y is at Port 4
Port 2 Port 5

Src=y, Dest=x
Port 3 Port 6

•8 •Confidential © Tech Mahindra 2012

•8
Example

•Consider the following packets:

(Src=A, Dest=F), (Src=C, Dest=A), (Src=E, Dest=C)

•What have the bridges learned?

Bridge 2 Bridge 2

Port1 Port2 Port1 Port2

LAN 1 LAN 2 LAN 3

A B C D E F

•9 •Confidential © Tech Mahindra 2012

•9
Danger of Loops

 Consider the two LANs that are connected by

two bridges.
 Assume host n is transmitting a LAN 2
frame F with unknown destination.
What is happening? F F
 Bridges A and B flood the frame
to LAN 2. Bridge A Bridge B
 Bridge B sees F on LAN 2 (with F F
unknown destination), and copies
the frame back to LAN 1 LAN 1
 Bridge A does the same. F
 The copying continues
Where’s the problem? What’s the solution ?
host n

•10 •Confidential © Tech Mahindra 2012

•10
Switches
 Forward only to the port that connects to the destination device
 knows MAC address
 Match the MAC address in the data it receives.
 Fully switched network, a dedicated segment for each device is connected
to switch. Expensive.
 Allow full duplex Ethernet
 Nodes only communicate with switch, never directly to each other
 Use twisted pair or fiber optic cabling, using separate conductors for
sending and receiving data.
• collision pair is used to transmit data
• It was half duplex before – one device can transmit at one given
time,
 double the capacity, 100Mbps become 200Mbps
 Most LAN are mixed with hubs and switches.

•11 •Confidential © Tech Mahindra 2012

•11
Switch routing method
Packet-based switches use one of the following method to route packet.
 Cut-through
 Forward as soon as it received the destination MAC – first 14 bytes
 Can cause propagation of error
 Store-and-forward
 Error checked before being forwarded
 Errors are not propagated through network
• Bad frames are discarded
 Error checking takes time.
 Considerably slower
 Fragment Free
 Take the advantage of both.
 Check errors by reading the first 64byte of packets where collision most
likely happens
 Offer near cut-through switching performance

•12 •Confidential © Tech Mahindra 2012

•12
Switch physical design
LAN switches vary in their physical design
 Shared-memory
 Common buffer for all ports
 Matrix
 Internal grid with input port and output crossing each other
 First check MAC, then switch makes a connection where two ports
(input/output) intersect
 Bus-architecture
 Common-bus
 Dedicated buffer for each port and a circuit to control the bus access

•13 •Confidential © Tech Mahindra 2012

•13
Switch

•14 •Confidential © Tech Mahindra 2012

•14
Switch

•15 •Confidential © Tech Mahindra 2012

•15
STP overview
 The IEEE 802.1D Spanning Tree Protocol (STP) runs on bridges and switches
that are
 802.1D-compliant. STP prevents loops in the network by providing
redundant links. If a primary link fails, the backup link is activated and
network traffic is not affected. Without STP running on the switch or
bridge, a link failure can result in a loop.
 When the spanning tree algorithm is run, the network switches transform
the real network topology into a spanning tree topology in which any LAN in
the network can be reached from any other LAN through a unique path.
The network switches recalculate a new spanning tree topology whenever
there is a change to the network topology.
 With STP, data traffic is allowed only on those ports that are part of the
spanning tree topology.
 Ports that are not part of the spanning tree topology are put in a blocking
(inactive) state. They are

•16 •Confidential © Tech Mahindra 2012

•16
STP (Cont..)

 kept in the blocking state until there is a break in the spanning tree
topology, at which time they are activated to provide a new path.
 The STP interface states for every Layer 2 interface running STP are as
follows:
• Blocking—The interface does not forward frames.
• Listening—The first transitional state after the blocking state when the
spanning tree determines that the interface should participate in frame
forwarding.
 Learning—The interface prepares to participate in frame forwarding.
• Forwarding—The interface forwards frames.
 Learning—The interface prepares to participate in frame forwarding.
• Forwarding—The interface forwards frames.
 Disabled—The interface is not participating in spanning tree because of a
shutdown port, no
 link on the port, or no spanning-tree instance running on the port.

•17 •Confidential © Tech Mahindra 2012

•17
STP (Cont..)

 A port participating in spanning tree moves through these states:

 From initialization to blocking.
 From blocking to listening or to disabled.
 From listening to learning or to disabled.
 From learning to forwarding or to disabled.
 From forwarding to disabled.
 The process of configuring a spanning tree topology, is as follows:
1.Specify a switch as the root switch. The root switch should be centrally
located and not in a “disruptive” location. Backbone switches typically serve
as the root switch because they often do not connect to end stations. After
you decide which switch is going to be the root switch, you must set the
bridge priority. If the switch has a bridge priority that is lower than all the
other switches, the other switches automatically select the switch as the
root switch.
 All other decisions in the network, such as which port to block and which
port to put in forwarding mode, are made from the perspective of the root
switch.
•18 •Confidential © Tech Mahindra 2012
•18
STP (Cont..)

 Bridge protocol data units (BPDUs) carry the information exchanged

between switches. When all the switches in the network are powered up,
they start the process of selecting the root switch.
 Each switch transmits a BPDU to directly connected switches on a per-VLAN
basis.
 Each switch compares the received BPDU to the BPDU that the switch sent.
In the root switch selection process, if switch 1 advertises a root ID that is a
lower number than the root ID that switch 2 advertises, switch 2 stops the
advertisement of its root ID, and accepts the root ID of switch 1. The switch
with the lowest bridge priority becomes the root switch.
 NOTE: Because each VLAN is in a separate broadcast domain, each VLAN
must have its own root switch.

•19 •Confidential © Tech Mahindra 2012

•19
What do the BPDUs do?
With the help of the BPDUs, bridges can:
 Elect a single bridge as the root bridge.
 Calculate the distance of the shortest path to the root bridge
 Each LAN can determine a designated bridge, which is the bridge closest to
the root. The designated bridge will forward packets towards the root
bridge.
 Each bridge can determine a root port, the port that gives the best path to
the root.
 Select ports to be included in the spanning tree.

•20 •Confidential © Tech Mahindra 2012

•20
Configuration BPDUs

Set to 0 Set to 0
protocol identifier Set to 0
Destination
MAC address version
Source MAC message type lowest bit is "topology change bit (TC bit)
address
flags
ID of root Cost of the path from the
root ID
bridge sending this
Cost
Configuration message
Message bridge ID
port ID ID of bridge sending this message
message age
priority of configurable interface
maximum age (used for loop detection)
Time between hello time
Time between
BPDUs from the root forward delay time since root sent a
recalculations of the
(default: 1sec) message on
spanning tree
which this message is based
(default: 15 secs)

•21 •Confidential © Tech Mahindra 2012

•21
Concepts
 Each bridge as a unique identifier:
Bridge ID = <MAC address + priority level>
Note that a bridge has several MAC addresses
(one for each port), but only one ID (port ID).
 Each port within a bridge has a unique identifier
 Root Bridge: The bridge with the lowest identifier is the root of the
spanning tree.
 Root Port: Each bridge has a root port which identifies the next hop from a
bridge to the root.
 Root Path Cost: For each bridge, the cost of the min-cost path to the root.
Assume it is measured in #hops to the root

•22 •Confidential © Tech Mahindra 2012

•22
Concepts
 Designated Bridge, Designated Port: Single bridge on a LAN that provides
the minimal cost path to the root for this LAN:
- if two bridges have the same cost, select the one
with highest priority
- if the min-cost bridge has two or more ports on the
LAN, select the port with the lowest identifier
 Note: We assume that “cost” of a path is the number of “hops”.

•23 •Confidential © Tech Mahindra 2012

•23
Steps of Spanning Tree Algorithm

1. Determine the root bridge

2. Determine the root port on all other bridges
3. Determine the designated port on each LAN

 Each bridge is sending out BPDUs that contain the following information:

root ID cost bridge ID/port ID

root bridge (what the sender thinks it is)

root path cost for sending bridge
Identifies sending bridge

•24 •Confidential © Tech Mahindra 2012

•24
Determine the Root Bridge

 Initially, all bridges assume they are the root bridge.

 Each bridge B sends BPDUs of this form on its LANs:

B 0 B
 Each bridge looks at the BPDUs received on all its ports and its own transmitted
BPDUs.
 Root bridge is the smallest received root ID that has been received so far
(Whenever a smaller ID arrives, the root is updated)

•25 •Confidential © Tech Mahindra 2012

•25
Calculate the Root Path Cost Determine the
Root Port

 At this time: A bridge B has a belief of who the root is, say R.
 Bridge B determines the Root Path Cost (Cost) as follows:
• If B = R : Cost = 0.
• If B ≠ R: Cost = {Smallest Cost in any of BPDUs that were
received from R} + 1
 B’s root port is the port from which B received the lowest cost path to R (in
terms of relation “<<“).
 Knowing R and Cost, B can generate its BPDU (but will not necessarily send it
out):

R Cost B

•26 •Confidential © Tech Mahindra 2012

•26
Calculate the Root Path Cost Determine the
Root Port

 At this time: B has generated its BPDU

R Cost B
 B will send this BPDU on one of its ports, say port x, only if its BPDU is lower
(via relation “<<“) than any BPDU that B received from port x.
 In this case, B also assumes that it
is the designated bridge for the
LAN to which the port connects. Port x

Bridge B
Port A Port C
Port B

•27 •Confidential © Tech Mahindra 2012

•27
Selecting the Ports for the Spanning Tree
 At this time: Bridge B has calculated the root, the root path cost, and the
designated bridge for each LAN.
 Now B can decide which ports are in the spanning tree:
• B’s root port is part of the spanning tree
• All ports for which B is the designated bridge are part of the
spanning tree.
 B’s ports that are in the spanning tree will forward packets (=forwarding
state)
 B’s ports that are not in the spanning tree will not forward packets
(=blocking state)

•28 •Confidential © Tech Mahindra 2012

•28
Building the Spanning Tree

 Consider the network on the

right.
LAN 2
 Assume that the bridges have
d
D

calculated the designated ports Bridge Bridge

(D) and the root ports (P) as R
D R

indicated.
Bridge LAN 5
R

Bridge
 What is the spanning tree? D
LAN 1
R

D
Bridge
D

LAN 3 LAN 4
•29 •Confidential © Tech Mahindra 2012
•29
STP (Cont..)

1. Each switch calculates the path with the minimal cost to the root switch
and chooses a root port, which is a port from which the root switch may
be reached with the minimal cost.
2. For each LAN, the switches that attach to the LAN choose a single switch
that is the closes switch to the root switch. The closest switch is the switch
through which the root switch can be reached with the minimal cost. This
switch is called a designated switch and it is responsible for forwarding all
traffic to and from the LAN. The port on the designated switch that
connects to the LAN is called the designated port.
3. The switches decide which of their ports will be part of the spanning tree.
A port is included in the spanning tree if it is a root port or a designated
port.
4. he following ports must be set to forwarding mode:
- All ports of the root switch
- The root port
- The designated port

•30 •Confidential © Tech Mahindra 2012

•30
STP (Cont..)

6. All other switch ports in the network, that connect to other switches and
bridges, must be placed in blocking mode. This does not apply to ports
connected to workstations or PCs; these ports remain in the forwarding
state.
 When the spanning tree topology is completed, the network switches send
and receive data only on the ports that are part of the spanning tree. Data
received on ports that are not part of the spanning tree is blocked.
 A summary of the steps required to configure STP on the Brocade 8000 CEE
switch follows:
1. Specify the root switch using the bridge-priority priority command.
2. Enable PortFast on switch ports using the spanning-tree portfast {bpdu-
filter bpdu-guard} command. PortFast only needs to be enabled on ports
that connect to workstations or PCs. Do not enable PortFast on ports that
connect to other switches.

•31 •Confidential © Tech Mahindra 2012

•31
RSTP overview
 NOTE: RSTP is designed to be compatible and interoperate with STP.
However, the advantages of the RSTP fast reconvergence are lost when it
interoperates with switches running STP. The IEEE 802.1w Rapid Spanning
Tree (RSTP) standard is an evolution of the 802.1D STP standard. It
provides rapid reconvergence following the failure of a switch, a switch
port, or a LAN. It provides rapid reconvergence of edge ports, new root
ports, and ports connected through point-to-point links.
 The RSTP interface states for every Layer 2 interface running RSTP are as
follows:
 Learning—The interface prepares to participate in frame forwarding.
 Forwarding—The interface forwards frames.
 Discarding—The 802.1D disabled, blocking, and listening states are
merged into the RSTP discarding state. Ports in the discarding state do not
take part in the active topology and do not learn MAC addresses.

•32 •Confidential © Tech Mahindra 2012

•32
RSTP (Cont..)
 With RSTP, the port roles for the new interface states have also changed.
RSTP differentiates explicitly between the state of the port and the role it
plays in the topology. It has adapted the STP root port and designated port
roles but has split the blocked port role into backup port and alternate port
roles:
• Backup port—Provides a backup for the designated port and can only exist
where two or more ports of the switch are connected to the same LAN; the
LAN where the bridge serves as a designated switch.
• Alternate port—Serves as an alternate port for the root port providing a
redundant path towards the root bridge.
 Only the root port and the designated ports are part of the active topology;
the alternate and backup ports do not participate in it.
 When the network is stable, the root and the designated ports are in the
forwarding state, while the the alternate and backup ports are in the
discarding state. When there is a topology change, the new RSTP port roles
allow a faster transition of an alternate port into the forwarding state.

•33 •Confidential © Tech Mahindra 2012

•33
MSTP overview
 The IEEE 802.1s Multiple STP (MSTP) helps create multiple loop-free active
topologies on a single physical topology. MSTP enables multiple VLANs to
be mapped to the same spanning-tree instance (forwarding path) which
reduces the number of spanning-tree instances needed to support a large
number of VLANs. Each MSTP instance has a spanning-tree topology
independent of other spanning-tree instances. With MSTP you can have
multiple forwarding paths for data traffic. A failure in one instance does not
affect other instances. With MSTP, you are able to more effectively utilize
the physical resources present in the network and achieve better load
balancing of VLAN traffic.
 NOTE: In MSTP mode, RSTP is automatically enabled to provide rapid
convergence.
 Multiple switches must be configured consistently with the same MSTP
configuration to participate in multiple spanning tree (MSTP) instances. A
group of interconnected switches that have the same MSTP configuration is
called an MSTP region.

•34 •Confidential © Tech Mahindra 2012

•34
MSTP (Cont..)
 NOTE: We support 16 MSTP instances and one MSTP region.
 MSTP introduces a hierarchical way of managing switch domains
using regions. Switches that share common MSTP configuration
attributes belong to a region. The MSTP configuration determines the
MSTP region where each switch resides. The common MSTP
configuration attributes are as follows:
 Alphanumeric configuration name (32 bytes)
 Configuration revision number (2 bytes)
 4096-element table that maps each of the VLANs to an MSTP instance
 Region boundaries are determined based on the above attributes. A
multiple spanning tree instance is an RSTP instance that operates inside an
MSTP region and determines the active topology for the set of VLANs
mapping to that instance. Every region has a common internal spanning
tree (CIST) that forms a single spanning tree instance that includes all the
switches in the region.

•35 •Confidential © Tech Mahindra 2012

•35
MSTP (Cont..)
 The difference between the CIST instance and the MSTP instance is that the
CIST instance operates across the MSTP region and forms a loop free
topology across regions, while the MSTP instance operates only within a
region. The CIST instance can operate using RSTP if all the switches across
the regions support RSTP. However, if any of the switches operate using
802.1D STP, the CIST instance reverts to 802.1D. Each region is viewed
logically as a single STP/RSTP bridge to other regions.
 After enabling MSTP using the global protocol spanning-tree mstp
command, you configure the following from MSTP mode:
 Name of the region—Specify the region name using the region
region_name command.
 Revision number—Specify the revision number using the revision number
command.

•36 •Confidential © Tech Mahindra 2012

•36
MSTP (Cont..)
 MSTP VLAN-to-instance assignment map—Map a VLAN to an MSTP
instance using the instance instance_id {vlan vlan_string | vlan_id [priority
priority_id]} command.
 Hop count—Specify the maximum hops for a BPDU to prevent the
messages from looping indefinitely on the interface using the max-hops hop
count command.

•37 •Confidential © Tech Mahindra 2012

•37
STP, RSTP, and MSTP configuration guidelines
and restrictions
 Follow these configuration guidelines and restrictions when configuring
STP, RSTP, and MSTP.
• You have to disable one form of xSTP before enabling another.
• LAGs are treated as normal links and by default are enabled for STP.
• You can have 16 MSTP instances and one MSTP region.
• Create VLANs before mapping them to MSTP instances.
• The switch supports up to 65 MSTP instances.
• For load balancing across redundant paths in the network to work, all VLAN-
to-instance mapping assignments must match; otherwise, all traffic flows
on a single link.
 When you enable MSTP by using the global protocol spanning-tree mstp
command, RSTP is automatically enabled.
 For two or more switches to be in the same MSTP region, they must have
the same VLAN-to-instance map, the same configuration revision number,
and the same name.

•38 •Confidential © Tech Mahindra 2012

•38
VLAN overview
 IEEE 802.1Q Virtual LANs (VLANs) provide the capability to overlay the
physical network with multiple virtual networks. VLANs allow you to isolate
network traffic between virtual networks and reduce the size of
administrative and broadcast domains.
 A VLAN contains end stations that have a common set of requirements that
are independent of physical location. You can group end stations in a VLAN
even if they are not physically located in the same LAN segment.
 VLANs are typically associated with IP sub networks and all the end stations
in a particular IP subnet belong to the same VLAN. Traffic between VLANs
must be routed. VLAN membership is configurable on a per interface basis.

•39 •Confidential © Tech Mahindra 2012

•39
VLAN configuration guidelines and restrictions

 Follow these VLAN configuration guidelines and restrictions when

configuring VLANs.
• A unique MAC address is assigned per interface.
• A unique MAC address is used as the Brocade 8000 CEE switch MAC address
and is used as the Bridge ID in Layer 2 control protocols such as STP.
• In an active topology, MAC addresses can be learned, per VLAN, using
Independent VLAN Learning (IVL) or Shared VLAN Learning (SVL). Currently
the switch only supports IVL.
• A MAC address ACL always overrides a static MAC address entry. In this case,
the MAC address is the forwarding address and the forwarding entry can be
overwritten by the ACL.
 There is support for a configurable maximum transmission unit (MTU) per
CEE interface.
 If a VLAN is designated as an FCoE VLAN, you can enforce permit/deny
policies for FCoE traffic on that VLAN.

•40 •Confidential © Tech Mahindra 2012

•40
VLAN configuration guidelines and restrictions
(Cont..)
• There is a configurable default priority per Layer 2 interface (the default
priority is 0).
• There is a system-wide default priority for packets that do not contain
priority. A default priority per interface is also supported that inherits the
global default priority if a user-specified default priority is not specified. For
QoS configuration details, see “Configuring QoS using the CEE CLI” The
Brocade CEE switch supports Ethernet DIX frames and 802.2 LLC SNAP
encapsulated frames.
• In addition to the standard protocol-based VLANs, there is an application
type classification
feature that allows you to create VLAN classification rules that are based on
application types.
 The application type values can specify FCoE or FIP

•41 •Confidential © Tech Mahindra 2012

•41
Link aggregation overview
 Section Covered
 LAGs
 LACP
 Dynamic link aggregation
 Static link aggregation
 Brocade-proprietary aggregation
 LAG distribution process

•42 •Confidential © Tech Mahindra 2012

•42
Link aggregation (Cont..)
 Link aggregation allows you to bundle multiple physical Ethernet links to
form a single logical trunk providing enhanced performance and
redundancy. The aggregated trunk is referred to as a Link
 Aggregation Group (LAG). The LAG is viewed as a single link by connected
devices, the spanning tree protocol, IEEE 802.1Q VLANs, and so on. When
one physical link in the LAG fails, the other links stay up and there is no
disruption to traffic.
 To configure links to form a LAG, the physical links must be the same speed
and all links must go to the same neighboring device. Link aggregation can
be done by manually configuring the LAG or by dynamically configuring the
LAG using the IEEE 802.3ad Link Aggregation Control Protocol (LACP).
 NOTE: The LAG or LAG interface is also referred to as a port-channel.

•43 •Confidential © Tech Mahindra 2012

•43
General View

•44 •Confidential © Tech Mahindra 2012

•44
Link aggregation (Cont..)
 The benefits of link aggregation are summarized as follows:
 Increased bandwidth. The logical bandwidth can be dynamically changed as
the demand changes.
 Increased availability.
 Load sharing.
 Rapid configuration and reconfiguration.
 The Brocade 8000 CEE switch supports the following trunk types:
 Static, standards-based LAG.
 Dynamic, standards-based LAG using LACP.
 Static, Brocade-proprietary LAG.
 Dynamic, Brocade-proprietary LAG using proprietary enhancements to
LACP.

•45 •Confidential © Tech Mahindra 2012

•45
LAGs
 You can configure a maximum of 24 LAGs with up to 16 links per standard
LAG and four links per Brocade-proprietary LAG. Each LAG is associated
with an aggregator. The aggregator manages the Ethernet frame collection
and distribution functions.
 On each port, link aggregation control:
 Maintains configuration information to control port aggregation.
 Exchanges configuration information with other devices to form LAGs.
 Attaches ports to and detaches ports from the aggregator when they join or
leave a LAG.
 Enables or disables an aggregator’s frame collection and distribution
functions.
 Each link in the Brocade 8000 CEE switch can be associated to a LAG; a link
cannot be associated to more than one LAG. The process of adding and
removing links to and from a LAG is controlled either statically, dynamically,
or through LACP.

•46 •Confidential © Tech Mahindra 2012

•46
LAGs (Cont..)
 Each LAG consists of the following components:
 A MAC address that is different from the MAC addresses of the LAG’s
individual member links.
 An interface index for each link to identify the link to neighboring
devices.
 An administrative key for each link. Only links having the same
administrative key value can be aggregated into a LAG. On each link
configured to use LACP, LACP automatically configures an
administrative key value equal to the port-channel identification
number.

•47 •Confidential © Tech Mahindra 2012

•47
LACP

 LACP is an IEEE 802.3ad standards-based protocol that allows two partner

systems to dynamically negotiate attributes of physical links between them
to form logical trunks. LACP determines whether a link can be aggregated
into a LAG. If a link can be aggregated into a LAG, LACP puts the link into the
LAG. All links in a LAG inherit the same administrative characteristics. LACP
operates in two modes:
• Passive mode—LACP responds to Link Aggregation Control Protocol Data
Units (LACPDUs) initiated by its partner system but does not initiate the
LACPDU exchange.
 Active mode—LACP initiates the LACPDU exchange regardless of whether
the partner system sends LACPDUs.

•48 •Confidential © Tech Mahindra 2012

•48
LACP (Cont..)

 Dynamic link aggregation

 Dynamic link aggregation uses LACP to negotiate which links can be added
and removed from a LAG. Typically, two partner systems sharing multiple
physical Ethernet links can aggregate anumber of those physical links using
LACP. LACP creates a LAG on both partner systems andidentifies the LAG by
the LAG ID. All links with the same administrative key and all links that
areconnected to the same partner switch become members of the LAG.
LACP continuously exchanges LACPDUs to monitor the health of each
member link.
 Static link aggregation
 In static link aggregation, links are added into a LAG without exchanging
LACPDUs between the partner systems. The distribution and collection of
frames on static links is determined by the operational status and
administrative state of the link.

•49 •Confidential © Tech Mahindra 2012

•49
LACP (Cont..)

 Brocade-proprietary aggregation
 Brocade-proprietary aggregation is similar to standards-based link
aggregation but differs in how the traffic is distributed. It also has additional
rules that member links must meet before they are aggregated:
 The most important rule requires that there is not a significant difference in
the length of the fiber between the member links, and that all member
links are part of the same port-group. The ports that belong to port-group
1, port-group 2, and port-group 3 are te0/0 to te0/7, te0/8 to te0/15, and
te0/16 to te0/23, respectively.
 A maximum of four Brocade LAGs can be created per port-group.

•50 •Confidential © Tech Mahindra 2012

•50
LACP (Cont..)

 LAG distribution process

 The LAG aggregator is associated with the collection and distribution of
Ethernet frames. The collection and distribution process is required to
guarantee the following:
 Inserting and capturing control PDUs.
 Restricting the traffic of a given conversation to a specific link.
 Load balancing between individual links.
 Handling dynamic changes in LAG membership.

•51 •Confidential © Tech Mahindra 2012

•51
LACP configuration guidelines and restrictions

 Follow these LACP configuration guidelines and restrictions when

configuring LACP.
 NOTE : This section applies to standards-based and Brocade-proprietary
LAG configurations except where specifically noted otherwise.
 An LACP-enabled link is assigned an administrative key and all local links on
the switch that share the same administrative key can potentially be
aggregated. A system ID and the administrative key are combined to form a
unique identifier for neighboring devices.
 Layer 2 control protocols such as Spanning Tree Protocol (STP), Rapid STP
(RSTP), and Multiple STP (MSTP) are transparent to the operation of LACP.
These protocols see a LAG as a logical interface. When an STP bridged
protocol data unit (BPDU) needs to be transmitted, the LAG has the
responsibility of choosing one of its operationally active member links to
transmit it.

•52 •Confidential © Tech Mahindra 2012

•52
LACP configuration guidelines and restrictions (Cont..)

 VLANs
- Before being aggregated, links cannot be members of a VLAN.
- A VLAN sees a LAG as a logical interface.
- All LAG member links are configured with the same VLAN ID.
 QoS
 In the Fabric OS version 6.1.2_cee release, QoS commands for a LAG need
to be specified on each LAG member link, instead of on the logical LAG
interface (port-group). Additionally, the QoS commands specified on each
LAG member link need to be the same on each link.
 Brocade-proprietary LAGs only
 All LAG member links need to be part of the same port-group.
 Switch port Interfaces configured as “switch port” interfaces cannot be
aggregated into a LAG. However, a LAG can be configured as a switchport.

•53 •Confidential © Tech Mahindra 2012

•53
LACP configuration guidelines and restrictions (Cont..)

 LAG interface statistics and individual link statistics

 LAG statistics and individual link statistics comply with standard RMON and
MIB2 interface statistics. Cumulative statistics of all the LAG member links
are maintained for the LAG. Individual link statistics are also maintained.
The statistical counters of a LAG member link start when the link becomes a
member of the LAG and stop when the link goes out of the LAG.
 To retain the history of individual links, individual link statistical counters
keep generating individual link statistics even when the link is part of a LAG.
 IEEE 802.3ad specifies that an LACP-enabled link can be configured as either
active or passive. However, if both sides of the link are configured as
passive, the LACP protocol is not initiated and the LAG is not formed.

•54 •Confidential © Tech Mahindra 2012

•54
Default LACP configuration
 LACP enables the exchange of the system ID and administrative keys across
member links to directly-connected neighboring devices. Included in the
information exchange is the following:
- Actor port/partner port.
- Actor system ID/partner system ID.
- Actor administrative key/partner administrative key.
- Actor state/partner state—Contained in both actor state and partner state
are the following: LACP activity, LACP timeout, aggregability,
synchronization, collecting, and distributing.
 Essentially all ports get aggregated if they have the following:
- The same actor system ID and actor administrative key.
- The same partner system ID and partner administrative key.

•55 •Confidential © Tech Mahindra 2012

•55
Default LACP configuration (Cont..)
 LACP exchanges the aggregator states with its neighbors, which decide the
rate at which the LACPDU flow (slow or fast).
 After aggregation, a link can be part of a LAG but does not need to
participate in the distribution of traffic.
 When control protocols such as STP, RSTP, and MSTP see the deletion of a
LAG or the addition of a new LAG interface, they reevaluate the topology
and determine the port state and port role (root, designated, or blocked)
based on BPDUs.
 Dynamically adding a new link to an existing LAG is done by configuring the
existing LAG administrative key (port-channel number) to the new link.
LACP conveys this new link and its administrative key to the neighbor. If the
neighbor also decides to accept the new link, then the link is associated to
the existing local aggregator and LAG. The Layer 2 protocols see that the
physical link is now part of the LAG.

•56 •Confidential © Tech Mahindra 2012

•56
Default LACP configuration (Cont..)
 Dynamically deleting a link from an existing LAG is done by removing the
channel-group configuration (no channel-group command) for the link to be
deleted.
 Physical link failure—the physical failure of a link causes the removal of the
link from the LAG.

•57 •Confidential © Tech Mahindra 2012

•57
Introduction to RIP, OSPF & BGP
Introduction to RIP

 RIP1 (RFC 1058) and (RFC 1388) RIP2

· distance-vector protocol using hop-count as metric
· infinity value is 16 hops
· announces (distance vectors) sent to neighbors every
30 seconds; time out in 180 sec every
· split horizon with poisoned reverse
· encapsulated in UDP: Well known port 520

•59 •Confidential © Tech Mahindra 2012

 Included in RIP-maintained routing table:
• - address of (net/subnet/host) destination
• - metric associated with destination 2
• - address of next hop router
• - recently-updated flag-upd
• - several timers several timers FC

•60 •Confidential © Tech Mahindra 2012

RIP-1 Message Format

•Supposed to support a
variety of protocols. But
in practice only TCP/IP
uses it.
•Figure Response message

•61 •Confidential © Tech Mahindra 2012

RIP-2
 compatible upgrade to RIP v1 including subnet routing, authentication,
CIDR aggregation, route tags and multicast transmission t
 RFC 2453 includes background and protocol definition
 Subnet Support
 RIP-1 supports subnet routes only within the subnetted network (suing
single subnet mask)
 RIP-2 includes subnet mask in the messages. This allows for subnet•Distinguish
knowledge outside subnet multiple
domains
 More convenient partitioning using variable-length subnets running on
the same
wire/subnet

•62 •Confidential © Tech Mahindra 2012

Routing per subnet

•10.1.0.0 •A •B

•(255.255.0.0) • 10.0.0.0

•C • (255.0.0.0)

•D

•E •F
•10.2.0.0

•(255.255.0.0)

•63 •Confidential © Tech Mahindra 2012

 Next Hop

 Authentication

• RIP-1 is completely not secure; anyone can act as a router just

by sending RIP-1 messages (e.g. advertise cost 0 and everyone
will use that route)

• RIP-2 supports generic notion of authentication, but only

“password” is defined so far. Still not very secure.

• At least prevents some “accidents” reasonably well

•64 •Confidential © Tech Mahindra 2012
•Authentica
tion

•65 •Confidential © Tech Mahindra 2012

•Variable-length subnetting

•66 •Confidential © Tech Mahindra 2012

 Multicasting
• Broadcast on a local link will be sent to all nodes including hosts
• RIP-2 uses 224.0.0.9 – Multicast address to routers only
• 3 modes:
o Send RIP-1 packets in broadcast mode - When most routers
are not yet upgraded)
o Send RIP-2 packets in broadcast mode - When some
routers are still RIP-1)
o Send RIP-2 packets in multicast mode – When all routers
are upgraded to RIP-2

 RIPng for IPv6

 Almost the same as IPv6 except
• The use of Ipv6 security instead of RIPv2 authentication entries
• Change in the packet formats in order to carry the longer Ipv6
addresses
•67 •Confidential © Tech Mahindra 2012
RIP Security
•Issue: Sending bogus routing
updates to a router

•RIPv1: No protection
IP header UDP header RIPv2 Message
•RIPv2: Simple authentication
scheme
Command Version Set to 00.00

0xffff Authentication Type

Authetication
Password (Bytes 0 - 3)
Password (Bytes 4 - 7)

Password (Bytes 8- 11)

Password (Bytes 12 - 15)

Up to 24 more routes (each 20 bytes)

32 bits
•68 •Confidential © Tech Mahindra 2012
RIP Problems

 RIP takes a long time to stabilize

• Even for a small network, it takes several

minutes until the routing tables have settled
after a change
 RIP has all the problems of distance vector algorithms, e.g.,
count-to-Infinity
• RIP uses split horizon to avoid count-to-
infinity
 The maximum path in RIP is 15 hops

•69 •Confidential © Tech Mahindra 2012

OSPF

 Basic Elements of OSPF

 OSPF in Service Provider Networks
 Best Common Practices in OSPF – Network Aggregation
 OSPF Command Reference

•70 •Confidential © Tech Mahindra 2012

Basic Elements of OSPF
•OSPF

 Open Shortest  Variable length netmasks

Path First  Non-contiguous subnets
 Link State or SPF  No need for periodic updates
technology  Route authentication
 Developed by the IETF’s  OSPF is defined in RFC2328
OSPF working group (RFC
1247)
 Designed for TCP/IP
 Fast Convergence

•72 •Confidential © Tech Mahindra 2012

•Link-State

•Z’s Link-state
•Q’s Link-state
•Z

•A •Q •2
•B •Z •13
•Q •Y
•C •X •13

•Topology
•X information is
•X’s Link-state stored in a DB
separate from the
routing table
•73 •Confidential © Tech Mahindra 2012
Link-State Routing

 Neighbor discovery
 Construct a Link State Packet (LSP)
 Distribute the LSP
 Link State Announcement – LSA
 Route calculation
 If a link fails
 Flood new LSPs
 All routers recalculate their routing tables

•74 •Confidential © Tech Mahindra 2012

Low Bandwidth Utilization

•FDDI

•LSA •Dual Ring

•X •R1

•LSA

 Only propagate changes

 Use Multicast in multi-access networks

•75 •Confidential © Tech Mahindra 2012

Using the Optimal Path

The optimal path is determined by adding the

costs of the interfaces : Cost = 10^8/(Bandwidth)
•Cost = 1 •Cost = 1

FDDI FDDI •N3

•N2
Dual Ring Dual Ring

•R2

•R3

•N1 •R1 •N5

•Cost = 10
•R4

•N4 •Cost = 10
•76 •Confidential © Tech Mahindra 2012
Fast Convergence

 Detection plus LSA/SPF

•R2

•Alternate Path

•N1
•R1
•X •R3
•N2

•Primary Path
•77 •Confidential © Tech Mahindra 2012
 Fast Convergence

 Finding a new path

 Flood LSAs in the area
 Based in acknowledgements (Ack)
•LSA
 Synchronized topology DB
 Each router calculates its routing table for •N1
each destination network •R1
•X

•78 •Confidential © Tech Mahindra 2012

Uses IP Multicast to Send/Receive changes

 Multi-Access networks
 All routers must accept packets sent to the AllSPFRouters
(224.0.0.5) address
 All DR and BDR routers must accept packets sent to the
AllDRouters (224.0.0.6) address
 Hello packets are sent to the AllSPFRouters address
(Unicast for point-to-point and virtual links)

•79 •Confidential © Tech Mahindra 2012

OSPF Areas

 Group of contiguous
nodes/networks
 Per area topology DB
•Area 2 •Area 3
 Invisible outside the area
 Reduces routing traffic •Area 0
 Backbone Area is contiguous
 All others areas must connect to •Backbone Area
the backbone
 Virtual Links

•Area 1
•Area 4

•80 •Confidential © Tech Mahindra 2012

Router Classification

•IR

•Area 2 •Area 3

•ABR/BR
•Area 0

 Internal Router (IR)

•IR/BR  Area Border Router
•ASBR
(ABR)
•To another AS  Backbone Router (BR)
•Area 1  Autonomous System
Border Router (ASBR)

•81 •Confidential © Tech Mahindra 2012

 OSPF Route Types

•Area 2 •Area 0 •Area 3

•ABR Intra-Area Route

 All routes within an area
•ASBR
Inter-Area Route
•To Another AS  Routes announced from area to
another by an ABR

External Route
 Routes imported into OSPF from
another protocol or Static routes

•82 •Confidential © Tech Mahindra 2012

Inter-Area Route Summarization

 Prefix or all subnets

 Prefix or all networks •R2
 ‘Area range’ command
•FDDI •Backbone
•Dual Ring •Area 0
•With •Network •Next Hop •R1 (ABR)
• Summarization •1 •R1 •Area 1
•Without •Network •Next Hop

•Summarization •1.A •1.B •1.C

•1.A •R1

•1.B •R1

•1.C •R1
•83 •Confidential © Tech Mahindra 2012
External Routes

 Redistributed into OSPF

 Flooded without changes throughout the AS
 OSPF supports two type of external metrics
 Type 1
 Type 2 (Default)

•RIP

•IGRP
•OSPF
•EIGRP
•Redistribute
•BGP

•etc.
•84 •Confidential © Tech Mahindra 2012
External Routes

 Type 1 external metric: metrics are added to

the internal link cost •To N1

•External Cost =
•Cost = 10
•R1
•To N1
•R2
•External Cost = 2
•Cost = 8

•R3
•Network•Type 1 •Next Hop

•N1 •11 •R2 •Selected

Route
•N1 •10 •R3
•85 •Confidential © Tech Mahindra 2012
External Routes

 Type 2 external metric: metrics are compared

without adding the internal link cost •To N1
•External Cost =
•Cost = 10
•R1
•To N1
•R2
•External Cost = 2
•Cost = 8

•R3
•Network•Type 2 •Next Hop
•Selected Route
•N1 •1 •R2

•N1 •2 •R3
•86 •Confidential © Tech Mahindra 2012
Topology/Links-State DB

 A router has a separate DB for each area it

belongs
 All routers within an area have an identical DB
 SPF calculation is done separately for each area
 LSA flooding is limited to the particular area

•87 •Confidential © Tech Mahindra 2012

Protocol Functionality

 Bringing up adjacencies
 LSA Types
 Area Classification

•88 •Confidential © Tech Mahindra 2012

The Hello Protocol

 Responsible to establish and maintain neighbor

relationships
 Elects designated router in multi-access
networks

•Hello

•FDDI

•Hello •Dual Ring •Hello

•89 •Confidential © Tech Mahindra 2012

The Hello Packet

 Router Priority
 Hello Interval •Hello
 Router dead interval
 Network mask •FDDI

 Options: T-bit, E-bit •Hello •Dual Ring •Hello

 List of neighbors

•90 •Confidential © Tech Mahindra 2012

Designated Router (DR)

• One per multi-access network

•Generates network links
advertisements

•Assists in DB synchronization
•Backup
•Designated
•Designated
•Router
•Router

•Designated •Backup

•Router •Designated

•91
•Router•Confidential © Tech Mahindra 2012
Designated Router by Priority

 Configured priority (per interface)

 Otherwise determined by the highest router ID
 The router ID is the loopback interface address, in
configured otherwise is the highest IP address

•131.108.3.2 •131.108.3.3

•DR

•R1 Router ID = 144.254.3.5•R2 Router ID = 131.108.3.3

•144.254.3.5

•92 •Confidential © Tech Mahindra 2012

Neighbor States

 2-way
 The router sees itself in other Hello packets
 DR is selected from neighbors in state 2-way or greater

•2-way

•DR •BDR

•93 •Confidential © Tech Mahindra 2012

Neighbor States

 Full
 Routers are fully adjacent
 DB is synchronized
 Relationship to the DR and
BDR
•Full

•DR •BDR

•94 •Confidential © Tech Mahindra 2012

When to Become Adjacent

 Underlying network is point-to-point

 Underlying network type is virtual link
 The router itself is the DR
 The router itself is the BDR
 The neighboring router is the DR
 The neighboring router is the BDR

•95 •Confidential © Tech Mahindra 2012

LSAs Propagate Along Adjacencies

•DR •BDR

 LSAs acknowledged along adjacencies

•96 •Confidential © Tech Mahindra 2012

Routing Protocol Packets

 Share a common protocol header

 Routing protocol packets are sent with a TOS of 0
 Five types of OSPF routing protocol packets
 Hello – packet type 1
 DB Description – packet type 2
 Link-state request – packet type 3
 Link-state update – packet type 4
 Link-state Acknowledgment – packet type 5

•97 •Confidential © Tech Mahindra 2012

Different Types of LSAs

 Five LSA types

 Type 1 : Router LSA
 Type 2 : Network LSA
 Type 3 y 4: Summary LSA
 Type 5 y 7: External LSA

•98 •Confidential © Tech Mahindra 2012

Router LSA (Type 1)

 Describes the state and cost of the router’s link to

the area
 All the router’s links in an area must be described
in a single LSA
 Flooded throughout the particular area and not
beyond
 Router indicates whether it is an ASBR, ABR, or
the end point of a virtual link

•99 •Confidential © Tech Mahindra 2012

Network LSA (Type 2)

 Generated for every transit broadcast or NBMA

network
 Describes all the routers attached to the
network
 Only the DR originates this type of LSA
 Flooded throughout the area and not beyond

•100 •Confidential © Tech Mahindra 2012

Summary LSA (Type 3 y 4)

 Describes a destination outside the area but

still within the AS
 Flooded throughout a single area
 Originated by an ABR
 Only intra-area routes are advertised into
the backbone (Area 0)
 Type 4 is the information about the ASBR

•101 •Confidential © Tech Mahindra 2012

External LSA (Type 5)

 Defines routes to destinations outside the AS

 Default route is also sent as external
 Two Types of external LSA:
• E1: Considers the total cost of to the external destination
• E2: Considers only the cost of the outgoing interface to the
external destination

•102 •Confidential © Tech Mahindra 2012

Not Summarized: Specific Link

 Specific link LSA advertised out

 Link state changes propagate out
•ASBR •External Links

•Backbone
•1.A •3.A
•Area #0
•1.B •3.B

•1.C •2.A •3.C

•1.D •2.B •3.D

•1.B •1.A •3.B
•3.A
Token
•2.C
Ring
Token
Token •2.B Token
Ring
Ring
Ring
Token
Ring
•1.D Token •3.C •3.D
•1.C Ring
•2.A

•2.C

•103 •Confidential © Tech Mahindra 2012

Summarized: Summary Links

 Only Summary LSA advertised out

 Link State changes do not propagate •External Links
•ASBR

•Backbone

•Area #0
•1 •3

•2

•1.B •1.A •3.B •3.A

Token
Token Ring Token Token
Ring
•2.B Ring Ring
Token
Ring
•3.C •3.D
•1.D Token
•1.C Ring
•2.A

•104 •Confidential © Tech Mahindra 2012

Not Summarized: Specific Links

 Specific Link LSA advertised in

 Links state changes propagate in
•External Links
•ASBR

•1.A
•2.A
•Backboen
•1.A •1.B
•2.B
•Area #0
•1.B •1.C
•2.C

•1.C •1.D
•3.A

•1.D •2.A
•3.B •3.B
•1.B •1.A •3.A
•3.A •2.B
•3.C Token Token
Token Ring Token
Ring
•2.B Ring
Ring
•3.B Token •2.C
•3.D Ring •3.D
•1.D Token •3.C
•1.C •3.C
Ring
•2.A

•3.D •2.C

•105 •Confidential © Tech Mahindra 2012

Summarized: Summary Links

 Specific Link LSA advertised in

 Link state changes propagate in •External Links
•ASBR

•Backbone

•Area #0
•2,3 •1,2

•1,3
•1.B •1.A •3.B •3.A
Token
Ring Token
•2.B Token
Ring Ring
Token
Ring •3.D
Token
Ring •1.D •3.C
•1.C
•2.A
Token
Ring

•106 •Confidential © Tech Mahindra 2012

Regular Area (Not a stub)

From area 1’s point of view

 Summary networks from other areas injected
 External networks injected, for example
network X.1 •ASBR •X.1
•External Networks
•1,2
•2,3

•1,3

•1.B •1.A •3.B •3.A

Token
•X.1Token
Ring •2.B •2.A Ring
Token
Ring
•X.1 •1.D
Token
Ring

•1.C •X.1 Token

Ring •3.C
Token
Ring
•2.D

•3.D

•2.C
•107 •Confidential © Tech Mahindra 2012
Normal Stub Area

From area 1’s point of view

 Summary networks from other areas injected
 Default route injected into the area – represent external
links
 Default path to closest ABR
 Define all routers in the area as stub
 area x stub command •External Networks
•ASBR •X.1

•2,3 & Default •1,2

•1,3

•1.B •1.A •3.B •3.A

Token
•X.1Token
Ring •2.B •2.A Ring
Token
Ring
•X.1 •1.D
Token
Ring

•X.1 Token
•3.D
•1.C Token
Ring
•2.D •3.C
Ring

•2.C
•108 •Confidential © Tech Mahindra 2012
Totally Stubby Area

From area 1’s point of view

 Only a default network is injected into the area
 Represents external networks and all inter-area routes
 Default route to the closest ABR
 Define all routers in the area as totally stubby •External Networks
 area x stub no-summary command
•ASBR •X.1

•Default 2&3 •1,2

•1,3

•1.B •1.A •3.B •3.A

Token
•X.1Token
Ring •2.B •2.A Ring
Token
Ring
•X.1 •1.D
Token
Ring

•1.C •X.1 Token

Ring •3.C
Token
Ring
•2.D •3.D

•2.C
•109 •Confidential © Tech Mahindra 2012
Not-So-Stubby Area

 Capable of importing external routes in a limited

fashion
 Type-7 LSAs carry external information within an
NSSA
 NSSA border routers translate selected type-7 •External Networks
LSAs into type -5 external network LSAs
•ASBR •X.1

•Default 2&3 •1,2

•1,3

•1.B •1.A •3.B •3.A

Token Token

•Externa
Ring •2.B •2.A Ring

•X.2
Token
Ring
•X.1 •1.D
Token
Ring
l Token
•X.1, X.2
•1.C Ring •3.C •3.D
Token
Ring
•2.D
•X.1, X.2
•Network
s •2.C
•110 •Confidential © Tech Mahindra 2012
 Addressing

•Area 0

•Network 192.117.49.0

•Range 255.255.255.0

•Area 1 •Area 2 •area 3

•Network 131.108.0.0 •Network 131.108.0.0 •Network 131.108.0.0

•Subnets 17-31 •Subnets 33-47 •Subnets 49-63

•Try to •Range
assign255.255.240.0 •Range 255.255.240.0
contiguous subnet •Range 255.255.240.0
ranges to facilitate summarization

•111 •Confidential © Tech Mahindra 2012

Summary

 Scalable OSPF Network Design

 Area hierarchy
 Stub areas
 Contiguous addressing
 Route summarization

•112 •Confidential © Tech Mahindra 2012

OSPF Design Service Provider Networks
OSPF Areas and Rules

•Area
 Backbone area
(0) must exist •Border
 All other areas •Router
must have •Area 2 •Area 3
connection to
backbone •Area 0 •Ruteador
•Backbone
 Backbone must Interno
be contiguous •Router
 Do not partition •Area 4
area (0) •Area 1

•Autonomous
•Internet
•System (AS)
•114 •Confidential © Tech Mahindra 2012
•Border Router
OSPF Design
 Figure out your addressing first – OSPF and addressing go
together
 The objective is to maintain a small link-state DB
 Create address hierarchy to match the network topology
 Separate blocks for infrastructure, customer interfaces,
customers, etc.

•115 •Confidential © Tech Mahindra 2012

OSPF Design

 Examine the physical topology

 Is it meshed or hub-and-spoke (star)
 Try to use as Stubby an area as possible
 It reduces overhead and LSA counts
 Push the creation of a backbone
 Reduces mesh and promotes hierarchy

•116 •Confidential © Tech Mahindra 2012

OSPF Design

 One SPF per area, flooding done per area

 Try not to overload the ABRs
 Different types of areas do different flooding
 Normal areas
 Stub areas
 Totally stubby (stub no-summary)
 Not so stubby areas (NSSA)

•117 •Confidential © Tech Mahindra 2012

OSPF Design

 Redundancy
 Dual links out of each area – using metrics (cost) for traffic
engineering
 Too much redundancy …
• Dual links to backbone in stub areas must be the same
– otherwise sub-optimal routing will result
• Too much redundancy in the backbone area without
good summarization will affect convergence in the
area0

•118 •Confidential © Tech Mahindra 2012

OSPF for ISPs

 OSPF features you should consider:

 OSPF logging neighbor changes
 OSPF reference cost
 OSPF router ID command
 OSPF Process Clear/Restart

•119 •Confidential © Tech Mahindra 2012

OSPF Best Common Practices – Adding
Networks
•OSPF – Network Aggregation

 BCP – Individual OSPF network

statement for each infrastructure •ISP
link Backbone
 Have separate IP address blocks for
infrastructure and customer links •OC12c
 Use IP unnumbered interfaces or
BGP to carry /30 to customers
 OSPF should only carry
infrastructure routes in an ISP’s
•OC48
network

•OC12c

•Customer Connections

•121 •Confidential © Tech Mahindra 2012

OSPF – Adding Networks

 Redistribute connected subnet

 Works for all connected interfaces on the router but sends
networks as external types-2s – which are not summarized
• router ospf 100
• redistribute connected subnets
 Not recommended

•122 •Confidential © Tech Mahindra 2012

OSPF – Adding Networks

 Specific network statements

 Each interface requires an OSPF network statement.
Interfaces that should not bet broadcasting Hello packets
need a passive-interface statement
• router ospf 100
• network 192.168.1.1 0.0.0.3 area 51
• network 192.168.1.5 0.0.0.3 area 51
• passive interface Serial 1/0

•123 •Confidential © Tech Mahindra 2012

OSPF – Adding Networks

 Network statements - wildcard mask

 Every interface covered by a wildcard mask used in the OSPF
network statement. Interfaces that should not be broadcasting
Hello packets need a passive-interface statement or default
passive-interface should be used
• router ospf 100
• network 192.168.1.0 0.0.0.255 area 51
• default passive-interface default
• no passive interface POS 4/0

•124 •Confidential © Tech Mahindra 2012

OSPF – Adding Networks

 The key theme when selecting which method to use is to keep

the links-state DB as small as possible
 Increases stability
 Reduces the amount of information in the LSAs
 Speeds up convergence time

•125 •Confidential © Tech Mahindra 2012

OSPF – Useful
Features
OSPF Logging Neighbor Changes

 The router will generate a log message whenever an OSPF

neighbor changes state
 Syntax:
• [no] ospf log-adjacency-changes
 A typical log message:
• %OSPF-5-ADJCHG: Process 1, Nbr 223.127.255.223 on
Ethernet0 from LOADING to FULL, Loading Done

•127 •Confidential © Tech Mahindra 2012

Number of State Changes

 The number of state transitions is available via

SNMP (ospfNbrEvents) and the CLI:
 show ip ospf neighbor [type number] [neighbor-id] [detail]
• Detail—(Optional) Displays all neighbors given in detail (list
all neighbors). When specified, neighbor state transition
counters are displayed per interface or neighbor ID

•128 •Confidential © Tech Mahindra 2012

State Changes (Cont.)

 To reset OSPF related statistics, use the clear ip

ospf counters EXEC command.
 clear ip ospf counters [neighbor [<type number>] [neighbor-
id]]

•129 •Confidential © Tech Mahindra 2012

OSPF Cost: Reference Bandwidth

 Bandwidth used in metric calculation

 Cost = 10^8/BW
 Not useful for BW > 100 Mbps but can be changed
 Syntax:
 ospf auto-cost reference-bandwidth <reference-bandwidth>
 Default reference bandwidth is still100Mbps for
backward compatibility

•130 •Confidential © Tech Mahindra 2012

OSPF Router ID

 If the loopback interface exists and has an IP

address, that is used as the router ID in routing
protocols - stability!
 If the loopback interface does not exist, or has no IP
address, the router ID is the highest IP address
configured – danger!
 Subcommand to manually set the OSPF router ID :
 router-id <ip address>

•131 •Confidential © Tech Mahindra 2012

OSPF Clear/Restart

 clear ip ospf [pid] redistribution

This command can clear redistribution based on OSPF routing
process ID. If no PID is given, it assumes all OSPF processes
 clear ip ospf [pid] counters
This command clear counters based on OPSF routing process
ID. If no PID is given, it assumes all OSPF processes
 clear ip ospf [pid] process
This command will restart the specified OSPF process. If no PID
is given, it assumes all OSPF processes. It attempts to keep the
old router-id, except in cases where a new router-id was
configured, or an old user configured router-id was removed. It
requires user confirmation because it will cause network churn.

•132 •Confidential © Tech Mahindra 2012

OSPF Command Summary
Redistributing Routes into OSPF

 ROUTER OSPF <pid#x>

 REDISTRIBUTE {protocol} <as#y>
 <metric>
 <metric-type (1 or 2)
 <tag>
 <subnets>


•134 •Confidential © Tech Mahindra 2012

OSPF Router Sub-Commands

 NETWORK <n.n.n.n> <mask> AREA <area-id>

 AREA <area-id> STUB {no-summary}
 AREA <area-id> AUTHENTICATION
 AREA <area-id> DEFAULT_COST <cost>
 AREA <area-id> VIRTUAL-LINK <router-id>...
 AREA <area-id> RANGE <address mask>

•135 •Confidential © Tech Mahindra 2012

Interface Sub-Commands

 IP OSPF COST <cost>

 IP OSPF PRIORITY <8-bit-number>
 IP OSPF HELLO-INTERVAL <number-of-seconds>
 IP OSPF DEAD-INTERVAL <number-of-seconds>
 IP OSPF AUTHENTICATION-KEY <8-bytes-of-
password>

•136 •Confidential © Tech Mahindra 2012

Border Gateway Protocol (BGP4)
Border Gateway Protocol (BGP)

 BGP protocol basics

 Exercises
 BGP path attributes
 Best path computation
 Exercises

•138 •Confidential © Tech Mahindra 2012

Border Gateway Protocol (BGP)...

 Typical BGP topologies

 Routing Policy
 Exercises
 Redundancy/Load sharing
 Best current practices

•139 •Confidential © Tech Mahindra 2012

BGP Basics

 Terminology
 Protocol Basics
 Messages
 General Operation
 Peering relationships (EBGP/IBGP)
 Originating routes

•140 •Confidential © Tech Mahindra 2012

Terminology

 Neighbor
 Configured BGP peer
 NLRI/Prefix
 NLRI - network layer reachability information
 Reachability information for a IP address & mask
 Router-ID
 Highest IP address configured on the router
 Route/Path
 NLRI advertised by a neighbor

•141 •Confidential © Tech Mahindra 2012

 Protocol Basics

•Peering

•A •C

•AS 100 •AS 101

•B •D
 Routing protocol used
between ASes
•E
if you aren’t connected to
multiple ASes, you don’t
need BGP :) •AS 102
 Runs over TCP
 Path vector protocol
 Incremental update
•142 •Confidential © Tech Mahindra 2012
 • Each
•BGP Basics ...AS originates a set of
NLRI
• NLRI is exchanged between BGP
peers
• Can have multiple paths for a
given prefix
• Picks the best path and
installs in the IP forwarding
table
• Policies applied (through
attributes) influences BGP
path selection •143 •Confidential © Tech Mahindra 2012
•BGP Peers

•A •C

•AS 100 •AS 101

•220.220.8.0/24 •220.220.16.0/24
•B •D

BGP speakers •E
are called peers
•AS 102
Peers in different AS’s
•220.220.32.0/24
are called External Peers
•eBGP TCP/IP

•Peer Connection •Note: eBGP Peers normally should be directly connected.

•144 •Confidential © Tech Mahindra 2012
•BGP Peers

•A •C

•AS 100 •AS 101

•220.220.8.0/24 •220.220.16.0/24
•B •D

BGP speakers are •E

called peers
•AS 102
Peers in the same AS
•220.220.32.0/24
are called Internal Peers
•iBGP TCP/IP

•Note: iBGP Peers don’t have to be directly connected.

•Peer Connection •145 •Confidential © Tech Mahindra 2012
•BGP Peers

•A •C

•AS 100 •AS 101

•220.220.8.0/24 •220.220.16.0/24
•B •D

BGP Peers exchange •E

Update messages
containing Network Layer •AS 102
Reachability Information •220.220.32.0/24

(NLRI)
•BGP Update

•Messages •146 •Confidential © Tech Mahindra 2012

•Configuring BGP Peers

•AS 100 •eBGP TCP Connection •AS 101

•222.222.10.0/30

•A •.2 •220.220.8.0/24 •.1 •B •.2 •.1 •C •.2 •220.220.16.0/24 •.1 •D

•interface Serial 0 •interface Serial 0

•ip address 222.222.10.2 255.255.255.252 •ip address 222.222.10.1 255.255.255.252

•router bgp 100 •router bgp 101

• BGP Peering sessions are established using the BGP
• network 220.220.8.0 mask 255.255.255.0
“neighbor” configuration command • network 220.220.16.0 mask 255.255.255.0

•– External
neighbor (eBGP) isremote-as
222.222.10.1 configured
101 when AS• numbers are different
neighbor 222.222.10.2 remote-as 100

•147 •Confidential © Tech Mahindra 2012

•Configuring BGP Peers

•AS 100 •AS 101

•iBGP TCP Connection
•222.222.10.0/30

•A •.2 •220.220.8.0/24 •.1 •B •.2 •.1 •C •.2 •220.220.16.0/24 •.1 •D

•interface Serial 1 •interface Serial 1

•ip address 220.220.16.2 255.255.255.252 •ip address 222.220.16.1 255.255.255.252

•router bgp 101 •router bgp 101

• network 220.220.16.0 mask 255.255.255.0 • network 220.220.16.0 mask 255.255.255.0

• BGP Peering sessions are established using the BGP
“neighbor”
• neighborconfiguration command
220.220.16.1 remote-as 101 • neighbor 220.220.16.2 remote-as 101
– External (eBGP) is configured when AS numbers are different
– Internal (iBGP) is configured when AS numbers are same

•148 •Confidential © Tech Mahindra 2012

•Configuring BGP Peers

•AS 100

•B
•A

•iBGP TCP/IP

•Peer Connection •C

•Each iBGP speaker must peer with every other

iBGP speaker in the AS
•149 •Confidential © Tech Mahindra 2012
•Configuring BGP Peers

•AS 100 •215.10.7.2

•215.10.7.1

•B
•A

•215.10.7.3

•iBGP TCP/IP

•Peer Connection •C

•Loopback interface are normally used as

peer connection end-points
•150 •Confidential © Tech Mahindra 2012
•Configuring BGP Peers

•AS 100 •215.10.7.2

•215.10.7.1

•B
•A

•215.10.7.3

•iBGP TCP/IP
• interface loopback 0

• •Peer
ip address 215.10.7.1 255.255.255.255
Connection •C

•router bgp 100

• network 220.220.1.0

• neighbor 215.10.7.2 remote-as 100

•151 •Confidential © Tech Mahindra 2012
•Configuring BGP Peers

•AS 100 •215.10.7.2

•215.10.7.1

•B
•A

•215.10.7.3

•iBGP TCP/IP • interface loopback 0

•Peer Connection • •Cip address 215.10.7.2 255.255.255.255

•router bgp 100

• network 220.220.5.0

• neighbor 215.10.7.1 remote-as 100

•152 •Confidential © Tech Mahindra 2012
•Configuring BGP Peers

•AS 100 •215.10.7.2

•215.10.7.1

•B
•A

•215.10.7.3

•iBGP TCP/IP

•Peer Connection •C
• interface loopback 0

• ip address 215.10.7.3 255.255.255.255

•router bgp 100

• network 220.220.1.0 •153 •Confidential © Tech Mahindra 2012

BGP Updates — NLRI

 Network Layer Reachability Information

 Used to advertise feasible routes
 Composed of:
 Network Prefix
 Mask Length

•154 •Confidential © Tech Mahindra 2012

BGP Updates — Attributes

 Used to convey information associated with NLRI

 AS path
 Next hop
 Local preference
 Multi-Exit Discriminator (MED)
 Community
 Origin
 Aggregator

•155 •Confidential © Tech Mahindra 2012

•AS-Path Attribute

 Sequence of ASes a •AS 200 •AS 100

•170.10.0.0/16 •180.10.0.0/16
route has traversed
 Loop detection •Network Path

•180.10.0.0/16 300 200 100

 Apply policy •AS 300
•170.10.0.0/16 300 200
•AS 400
•150.10.0.0/16

•Network Path
•AS 500 •180.10.0.0/16 300 200 100

•170.10.0.0/16 300 200

•150.10.0.0/16 300 400

•156 •Confidential © Tech Mahindra 2012

•AS-Path Attribute

•AS 300
•AS 200 •192.10.1.0/30 •140.10.0.0/16
•150.10.0.0/16 •C •.1 •.2 •D
•E
•B
•.2
•Network Next-Hop Path

•160.10.0.0/16 192.20.2.1 100

•.1
•Next hop to reach a network
•A
•Usually a local network is th
•AS 100
•160.10.0.0/16
hop in eBGP session

•BGP Update

•Messages •157 •Confidential © Tech Mahindra 2012

•AS-Path Attribute

•AS 300
•AS 200 •192.10.1.0/30 •140.10.0.0/16
•150.10.0.0/16 •C •.1 •.2 •D
•E
•B
•.2 •Network Next-Hop Path

 Next hop to reach 200 a network

•150.10.0.0/16 192.10.1.1
•.1  Usually192.10.1.1
•160.10.0.0/16 a local network
200 100 is the nex
•A hop in eBGP session
•AS 100
•160.10.0.0/16
•Next Hop updated between
eBGP Peers
•BGP Update

•Messages •158 •Confidential © Tech Mahindra 2012

•AS-Path Attribute

•AS 300
•AS 200 •192.10.1.0/30 •140.10.0.0/16
•150.10.0.0/16 •C •.1 •.2 •D
•E
•B
•.2
•Network Next-Hop Path

•150.10.0.0/16 192.10.1.1  Next200hop not change

•.1
•160.10.0.0/16
between
192.10.1.1 200 100
iBGP peers
•A

•AS 100
•160.10.0.0/16

•BGP Update

•Messages •159 •Confidential © Tech Mahindra 2012

Next Hop Attribute (more)

 IGP should carry route to next hops

 Recursive route look-up
 Unlinks BGP from actual physical topology
 Allows IGP to make intelligent forwarding decision

•160 •Confidential © Tech Mahindra 2012

BGP Updates — Withdrawn Routes

 Used to “withdraw” network reachability

 Each Withdrawn Route is composed of:
 Network Prefix
 Mask Length

•161 •Confidential © Tech Mahindra 2012

•BGP Updates — Withdrawn Routes

•AS 321
•AS 123
•.1 •192.168.10.0/24 •.2
•BGP Update

•Message
•Withdraw Routes

•x
•192.192.25.0/24
•Connectivity lost •192.192.25.0/24

•Network Next-Hop Path

•150.10.0.0/16 192.168.10.2 321 200

•192.192.25.0/24 192.168.10.2 321

•162 •Confidential © Tech Mahindra 2012
•BGP Routing Information Base

•BGP RIB
•Network Next-Hop Path
•*>i160.10.1.0/24 192.20.2.2 i

•*>i160.10.3.0/24 192.20.2.2 i

•router bgp 100

• network 160.10.0.0 255.255.0.0

•D 10.1.2.0/24
• no auto-summary
•D 160.10.1.0/24

•D 160.10.3.0/24
•BGP ‘network’ commands are normally
•R 153.22.0.0/16 used to populate the BGP RIB with routes
•Route Table from the Route Table
•S 192.1.1.0/24

•163 •Confidential © Tech Mahindra 2012

•BGP Routing Information Base

•BGP RIB
•Network Next-Hop Path
•*> 160.10.0.0/16 0.0.0.0 i

•* i 192.20.2.2 i

•s> 160.10.1.0/24 192.20.2.2 i

•s> 160.10.3.0/24 •router bgpi100

192.20.2.2

• network 160.10.0.0 255.255.0.0

•D 10.1.2.0/24 • aggregate-address 160.10.0.0 255.255.0.0 summary-only

•D 160.10.1.0/24 • no auto-summary

•D 160.10.3.0/24
•BGP ‘aggregate-address’ commands
•R 153.22.0.0/16 may be used to install summary routes in
•Route Table the BGP RIB
•S 192.1.1.0/24

•164 •Confidential © Tech Mahindra 2012

BGP Routing
•BGP RoutingInformation Base Base
Information

•BGP RIB
•Network Next-Hop Path
•*> 160.10.0.0/16 0.0.0.0 i

•* i 192.20.2.2 i

•*> 192.1.1.0/24 192.20.2.2 ?

•s> 160.10.1.0/24 192.20.2.2 i

•s> 160.10.3.0/24 •router bgp

192.20.2.2 i 100

• network 160.10.0.0 255.255.0.0

•D 10.1.2.0/24
• redistribute static route-map foo

• no auto-summary
•D 160.10.1.0/24

•D 160.10.3.0/24
•BGP ‘redistribute’
•access-list commands
1 permit 192.1.0.0 0.0.255.255 can
also be
•R 153.22.0.0/16 used to populate the BGP RIB with routes
•Route Table from the Route Table
•S 192.1.1.0/24
•route-map foo permit 10
match ip address 1

•165 •Confidential © Tech Mahindra 2012

BGP Routing
•BGP RoutingInformation Base Base
Information

•IN Process •OUT Process

•BGP RIB
•Network Next-Hop Path

•*>i160.10.1.0/24 192.20.2.2 i
•Update •Update •> 173.21.0.0/16
•* 192.20.2.1 100

•*>i160.10.3.0/24 192.20.2.2 i

•Network Next-Hop Path

•173.21.0.0/16 192.20.2.1 100

• BGP “in” process

•• results
receivesofpath
BGPinformation fromplaced
path selection peers in the BGP table
• “best path” flagged (denoted by “>”)

•166 •Confidential © Tech Mahindra 2012

BGP Routing
•BGP RoutingInformation Base Base
Information

•IN Process •OUT Process

•BGP RIB
•Network Next-Hop Path

•*>i160.10.1.0/24 192.20.2.2 i
•
•*> 173.21.0.0/16 192.20.2.1 100 •Update •Update
•*>i160.10.3.0/24 192.20.2.2 i

•Network Next-Hop Path

•160.10.1.0/24 192.20.2.2 200

•192.20.2.1

• BGP “out” process •160.10.3.0/24 192.20.2.2 200

•173.21.0.0/16 192.20.2.2
•Next-Hop200 100
•• may
buildsmodify
update using based
info from
on RIB
changed
update config
• Sends update to peers

•167 •Confidential © Tech Mahindra 2012

BGP Routing
•BGP RoutingInformation Base Base
Information

•BGP RIB
•Network Next-Hop Path

•*>i160.10.1.0/24 192.20.2.2 i

•*>i160.10.3.0/24 192.20.2.2 i

•*> 173.21.0.0/16 192.20.2.1 100

•D 10.1.2.0/24
• Best paths installed in routing table if:
•D 160.10.1.0/24 • prefix and prefix length are unique
•D
•B 160.10.3.0/24
173.21.0.0/16
• lowest “protocol distance”
•R 153.22.0.0/16
•Route Table
•S 192.1.1.0/24

•168 •Confidential © Tech Mahindra 2012

Types of BGP Messages

 OPEN
 To negotiate and establish peering
 UPDATE
 To exchange routing information
 KEEPALIVE
 To maintain peering session
 NOTIFICATION
 To report errors (results in session reset)

•169 •Confidential © Tech Mahindra 2012

 Internal BGP Peering (IBGP)

•AS 100
•D
•A
•B

•E

 BGP peer within the same AS

 Not required to be directly connected
 Maintain full IBGP mesh or use Route Reflection
•170 •Confidential © Tech Mahindra 2012
 External BGP Peering (EBGP)

•A

•AS 100 •AS 101

•C

•B

 Between BGP speakers in different AS

 Directly connected or peering address is reachable

•171 •Confidential © Tech Mahindra 2012

An Example… •35.0.0.0/8

•A •AS3561

•AS200
•F

•B •AS21
•C

•D
•AS101 •AS675
•E

•Learns about 35.0.0.0/8 from F & D

•172 •Confidential © Tech Mahindra 2012
Basic BGP commands

Configuration commands
router bgp <AS-number>
neighbor <ip address> remote-as <as-number>
Show commands
show ip bgp summary
show ip bgp neighbors

•173 •Confidential © Tech Mahindra 2012

Originating routes...

 Using network command or redistribution

network <ipaddress>
redistribute <protocol name>
 Requires the route to be present in the routing table

•174 •Confidential © Tech Mahindra 2012

Originating routes/Inserting prefixes int BGP

 network command
 network 198.10.4.0 mask 255.255.254.0
 ip route 198.10.0.0 255.255.254.0 serial 0
 matching route must exist in the routing table before network is
announced!
 Origin: IGP

•175 •Confidential © Tech Mahindra 2012

Update message

 Withdrawn routes
 Path Attributes
 Advertised routes

•176 •Confidential © Tech Mahindra 2012

•Stable IBGP peering

 Unlinks IBGP peering from physical topology.

 Carry loopback address in IGP
 router ospf <ID>
 passive-interface loopback0
 Unlink peering from physical topology
 router bgp <AS1>
 neighbor <x.x.x.x> remote-as <AS1>
 neighbor <x.x.x.x> update-source loopback0

•177 •Confidential © Tech Mahindra 2012

BGP4 continued...
BGP Path Attributes: Why ?

 Encoded as Type, Length & Value (TLV)

 Transitive/Non-Transitive attributes
 Some are mandatory
 Used in path selection
 To apply policy for steering traffic

•179 •Confidential © Tech Mahindra 2012

BGP Path Attributes...

 Origin
 AS-path
 Next-hop
 Multi-Exit Discriminator (MED)
 Local preference
 BGP Community
 Others...

•180 •Confidential © Tech Mahindra 2012

AS-PATH

 Updated by the sending router with its AS

number
 Contains the list of AS numbers the update
traverses.
 Used to detect routing loops
 Each time the router receives an update, if it finds its AS
number, it discards the update

•181 •Confidential © Tech Mahindra 2012

AS-Path

•AS 200 •AS 100

•170.10.0.0/16 •180.10.0.0/16

 Sequence of ASes a route

has traversed •180.10.0.0/1

 Loop detection •AS 300 •dropped

•AS 400
•150.10.0.0/16

•180.10.0.0/16 300 200 100

•AS 500 •170.10.0.0/16 300 200

•150.10.0.0/16 300 400

•182 •Confidential © Tech Mahindra 2012

 Next-Hop
•150.10.1.1 •150.10.1.2

•AS 200
•150.10.0.0/16 •AS 300
•A •B

•150.10.0.0/16 150.10.1.1

•160.10.0.0/16 150.10.1.1

•AS 100
•160.10.0.0/16
 Next hop router to reach a network
 Advertising router/Third party in
EBGP
 Unmodified in IBGP

•Cisco Systems Confidential •183 •Confidential © Tech Mahindra 2012

•0799_04F7_c2 •20
Third Party Next Hop

•AS 200
•192.68.1.0/24 150.1.1.3

•C
•150.1.1.1
•peering

•150.1.1.2 •150.1.1.3

•A •B

•192.68.1.0/24

•AS 201

 More efficient, but

bad idea!
•184 •Confidential © Tech Mahindra 2012
Next Hop...

 IGP should carry route to next hops

 Recursive route look-up
 Unlinks BGP from actual physical topology
 Allows IGP to make intelligent forwarding decision

•185 •Confidential © Tech Mahindra 2012

•Local Preference

 Not for EBGP, mandatory for IBGP

 Default value is 100 on Ciscos
 Local to an AS
 Used to prefer one exit over another
 Path with highest local preference wins

•186 •Confidential © Tech Mahindra 2012

 Local Preference

•AS 100
•160.10.0.0/16

•AS 200 •AS 300

•D •500 •800 •E

•A •B

• 160.10.0.0/16 500
•AS 400

•> 160.10.0.0/16 800 •C

•187 •Confidential © Tech Mahindra 2012

•Multi-Exit Discriminator
• Non-transitive

• Represented as a numeric value (0-

0xffffffff)

• Used to convey the relative preference

of entry points

• Comparable if paths are from the same

AS

• Path with lower MED wins

• IGP metric can be conveyed as MED

•188 •Confidential © Tech Mahindra 2012
Multi-Exit Discriminator (MED)

•AS
200

•C
•preferred
•192.68.1.0/24 2000 •192.68.1.0/24 1000

•A •B

•192.68.1.0/24
•AS
201

•189 •Confidential © Tech Mahindra 2012

Origin

 Conveys the origin of the prefix

 Three values:
 IGP - Generated using “network” statement
• ex: network 35.0.0.0
 EGP - Redistributed from EGP
 Incomplete - Redistribute IGP
• ex: redistribute ospf
 IGP < EGP < INCOMPLETE

•190 •Confidential © Tech Mahindra 2012

Communities

 Transitive, Non-mandatory
 Represented as a numeric value (0-
0xffffffff)
 Used to group destinations
 Each destination could be member of
multiple communities
 Flexibility to scope a set of prefixes within
or across AS for applying policy

•191 •Confidential © Tech Mahindra 2012

•Community •...

Community Local Preference

201:110 110
•Service Provider AS 200 201:120 120

•C •D

•Community:201:110 •Community:201:120

•A •B
•192.68.1.0/24
•Customer AS 201

•192 •Confidential © Tech Mahindra 2012

•Synchronization

•1880

•C
•A
•D •OSPF
•690 •35/8
 C not running BGP (non-pervasive BGP) •209
•BIGP is in sync
 A won’t advertise 35/8 to D until the
 Turn synchronization off!
 Run pervasive BGP
router bgp 1880
no sync

•193 •Confidential © Tech Mahindra 2012

BGP Route Selection(bestpath) Only one
path as the bestpath !

 Route has to be synchronized

Prefix in forwarding table
 Next-hop has to be accessible
Next-hop in forwarding table
 Largest weight
Local to the router
 Largest local preference
Spread within AS

 Locally sourced
Via redistribute or network statement

•194 •Confidential © Tech Mahindra 2012

BGP Route Selection ...

 Shortest AS-path length

number of ASes in the AS-path attribute
 Lowest origin
IGP < EGP < INCOMPLETE
 Lowest MED
between paths from same AS
 External over internal
closest exit from a router
 Closest next-hop
Lower IGP metric, closer exit from as AS
 Lowest router-id
 Lowest IP address of neighbor

•195 •Confidential © Tech Mahindra 2012

•BGP Route Selection ...

•AS 100

•AS
•AS 200
300
•D
Increase AS path attribute length
by at least 1
•A •B
•AS 400
AS 400’s Policy to reach AS100

AS 200 preferred path

AS 300 backup
•196 •Confidential © Tech Mahindra 2012
•Stub AS

 Typically no need for BGP

 Point default towards the ISP
 ISP advertises the stub network to Internet
 Policy confined within ISP policy

•197 •Confidential © Tech Mahindra 2012

•Stub AS

•B
•AS 101
•Provider
•A

•AS 100
•Customer

•198 •Confidential © Tech Mahindra 2012

•Multi-homed AS

 Only border routers speak BGP

 IBGP only between border routers
 Exterior routes must be redistributed in a
controlled fashion into IGP or use defaults

•199 •Confidential © Tech Mahindra 2012

•Multi-homed AS

•AS 100 •AS 300

•provider
•A •D •provider

•B •C

•AS 200
•customer

•200 •Confidential © Tech Mahindra 2012

•Service Provider Network

 IBGP used to carry exterior routes

 IGP keeps track of topology
 Full IBGP mesh is required

•201 •Confidential © Tech Mahindra 2012

•Common Service Provider Network

•AS 100 •A •H •AS 200

•B •C

•AS 300
•provider
•D •F

•E

•G

•AS 400

•202 •Confidential © Tech Mahindra 2012

•Routing Policy

 Why?
– To steer traffic through
preferred paths
– Inbound/Outbound prefix
filtering
– To enforce Customer-ISP
agreements
 How ?
– AS based route filtering -
•203 •Confidential © Tech Mahindra 2012
Distribute list - using IP access
lists
access-list 1 deny 10.0.0.0
access-list 1 permit any
access-list 2 permit 20.0.0.0
… more access-lists as prefixes are added ...

router bgp 100

neighbor 171.69.233.33 remote-as 33
neighbor 171.69.233.33 distribute-list 1 in
neighbor 171.69.233.33 distribute-list 2 out

•204 •Confidential © Tech Mahindra 2012

Filter list rules
Regular Expressions

 RE is a pattern to match against an input string

 Used to match against AS-path attribute
 ex: ^3561.*100.*1$
 Flexible enough to generate complex filter list rules

•205 •Confidential © Tech Mahindra 2012

Filter list - using as-path access list

ip as-path access-list 1 permit 3561

ip as-path access-list 2 deny 35
ip as-path access-list 2 permit .*

router bgp 100

neighbor 171.69.233.33 remote-as 33
neighbor 171.69.233.33 filter-list 1 in
neighbor 171.69.233.33 filter-list 2 out

•206 •Confidential © Tech Mahindra 2012

Route Maps

•router bgp 300

•neighbor 2.2.2.2 remote-as 100
•neighbor 2.2.2.2 route-map
SETCOMMUNITY out
•!
•route-map SETCOMMUNITY permit 10
•match ip address 1
•match community 1
•set community 300:100 •207 •Confidential © Tech Mahindra 2012
Route-map match & set clauses Match
Clauses Set Clauses

 AS-path  AS-path prepend

 Community  Community
 IP address  Local-Preference
 MED
 Origin
 Weight
 Others...

•208 •Confidential © Tech Mahindra 2012

•Route-map Configuration Example

•neighbor <y.y.y.y> route-map A

•ISP2
•!

•route-map AS200_IN permit 10

• match community 1
•H
•eth
•H •H •eth
•C21 •H
•C22 • set local-preference 200
•ISP3
•!
•neighbor <x.x.x.x> route-map AS10

•Inbound route-map •! •ip community-list 1 permit 100

•to set community •route-map AS100_IN permit 10

•eth •eth • set community 100:200
•H •H •H •H
•C31 •C32
•209 •Confidential © Tech Mahindra 2012
Load Sharing & Redundancy
using BGP
•Router A:
Load-sharing - single path
•interface loopback 0

•ip address 20.200.0.1 255.255.255.255

•!

•router bgp 100

•neighbor 10.200.0.2 remote-as 200

•neighbor 10.200.0.2 update-source loopback0

•neighbor 10.200.0.2 ebgp-multi-hop 2

•Loopback 0
•! •A
•AS100 •10.200.0.2
•AS200
•ip route 10.200.0.2 255.255.255.255 <DMZ-link1, link2>
•Loopback 0

•20.200.0.1

•211 •Confidential © Tech Mahindra 2012

•Load Sharing - Multiple paths from the same
AS

•Router A:
•router bgp 100
•neighbor 10.200.0.1 remote-as 200
•neighbor 10.300.0.1 remote-as 200
•maximum-paths 2
•A
•100 •200

•Note:A still only advertises one “best” path to ibgp peers

•212 •Confidential © Tech Mahindra 2012

Redundancy - Multi-homing

 Reliable connection to Internet

 3 common cases of multi-homing:
• - default from all providers
• - customer + default routes from all
• - full routes from all

•213 •Confidential © Tech Mahindra 2012

Default from all providers

 Low memory/CPU solution

 Provider sends BGP default
 provider is selected based on IGP metric
 Inbound traffic decided by providers’ policy
 Can influence using outbound policy,
example: AS-path prepend

•214 •Confidential © Tech Mahindra 2012

•Default from all providers

•Provide
•Provider
r
•AS 200
•AS 300
•D •E

•A •B
•AS 400

•C

•215 •Confidential © Tech Mahindra 2012

Customer + default from all providers

 Medium memory and CPU solution

 Granular routing for customer routes and
default for the rest
 Inbound traffic decided by providers’
policy
 Can influence using outbound policy

•216 •Confidential © Tech Mahindra 2012

Customer routes from all providers

•Customer

•AS 100
160.10.0.0/16

•Provide
•Provider
r
•AS 200
•AS 300
•D •E

•A •B
•C chooses
shortest AS path
•AS 400

•C
•217 •Confidential © Tech Mahindra 2012
Full routes from all providers

 More memory/CPU
 Full granular routing
 Usually transit ASes take full routes
 Usually pervasive BGP

•218 •Confidential © Tech Mahindra 2012

Full routes from all providers

•AS 100 •AS 500

•AS 200 •AS 300

•D •E

•A •B
•C chooses
shortest AS path
•AS 400

•C

•219 •Confidential © Tech Mahindra 2012

Best Practices
IGP in Backbone

 IGP connects your backbone together, not your client’s

routes
 IGP must converge quickly
 IGP should carry netmask information - OSPF, IS-IS,
EIGRP

•220 •Confidential © Tech Mahindra 2012

Best Practices...
Connecting to a customer

 Static routes
 You control directly
 No route flaps
 Shared routing protocol or leaking
 You must filter your customers info
 Route flaps
 BGP for multi-homed customers

•221 •Confidential © Tech Mahindra 2012

Best Practices...
Connecting to other ISPs

 Use BGP4
 Advertise only what you serve
 Take back as little as you can
 Take the shortest exit
 Long distance connectivity is expensive
 Connect to several providers at a single point

•222 •Confidential © Tech Mahindra 2012

THE END

•223 •Confidential © Tech Mahindra 2012