0% found this document useful (0 votes)
107 views61 pages

Advanced Routing

The document provides information on advanced routing concepts including process switching, fast switching, CEF switching, the difference between next hop and exit interface, RIPv2 details like timers, authentication, and configuration, EIGRP details like metrics, neighbor discovery, and configuration, and OSPF details like areas, LSAs, neighbor states, authentication, and network types. It then describes a lab scenario involving configuring RIP, EIGRP, and OSPF on routers connected in various topologies with requirements like authentication, route filtering, and verifying traffic sharing.

Uploaded by

ahmed embaby
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
107 views61 pages

Advanced Routing

The document provides information on advanced routing concepts including process switching, fast switching, CEF switching, the difference between next hop and exit interface, RIPv2 details like timers, authentication, and configuration, EIGRP details like metrics, neighbor discovery, and configuration, and OSPF details like areas, LSAs, neighbor states, authentication, and network types. It then describes a lab scenario involving configuring RIP, EIGRP, and OSPF on routers connected in various topologies with requirements like authentication, route filtering, and verifying traffic sharing.

Uploaded by

ahmed embaby
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 61

Advanced Routing

• Process switching
• Fast switching
• CEF switching
• When the traffic of the router is processed
switched and when it is CEF switched.
• Difference between Next hop and Exit interface.
• It worked with me when I connect two routers
together back to back with Ethernet int and static
routes point to the exit interface.
• Some times in real networks it didn’t work as
Ethernet as exit interface is a broadcast int and an
IP must be specified.
• Plz redo the scenario but put a L2 switch between
the two routers and use static routes with exit int
and see if there is any difference
RIPv2
• Multicast updates to 224.0.0.9 (v1 use broadcast)
• UDP port 520
• Metric = hop count (16 = infinity)
• Updates = all routing table
• AD = 120
• Classless (classfull by default, in all versions I cant
specify the mask in the network command)
RIPv2
• Timers:
– Updates = 30 sec
– Invalid = 180 sec
– Holddown = 180 sec (if a router receives update for
invalid route, it starts holddown time before accepting
such route)
– Flush = 240 sec
• Updates sent every 30 sec, if no update is
received for a route for 180 sec (invalid) route is
marked as possibly down, one minute later (240
sec) it will be flushed
RIPv2
• Auto Summary is ON by default (when cross
major net boundary OR when diff subnet
mask is detected)
• To solve this problem use no-auto + version 2
• No-Auto summary has no effect under ver1
• Network command:
– Advertise net to neighbor on this interface
– Send / receive updates on int
– Adv any int that is included by the network comm
RIPv2
• To still send updates on passive int → under routing process use
neighbor command, it sends unicast updates
– Neighbor x.x.x.x
• To sends updates as broadcast while using v2 → under interface
– Ip rip v2-broadcast
• Authentication → under interface
– ip rip auth mode text / MD5
– ip rip auth key-chain xxxx
– Key chain xxxx
• Key 1
• Key-string yyyy
• Summary address → under interface
– ip summary-address rip x.x.x.x
RIPv2
• Passive interface → under Routing process
– Stop sending updates
– Still can receive updates
– Do not stop adv the int network through other
interfaces.
• Route filtering
➢ Passive int
➢ Distribute list
✓ Prefix list
✓ Access list (standard & extended)
➢ Offset list
➢ AD
RIPv2
• Default Route origination
– Default-information originate → Under routing
process
– Ip summary-add rip 0.0.0.0 0.0.0.0 on int but it
will suppress all other advertisements
• Split horizon is OFF by default on main
interface configured with FR.
• Split horizon is ON by default on multipoint
sub interface in FR.
RIP Lab

• R1-R2 → Ethernet, R3-R5 & R4-R5 → PPP


• R2-R3-R4 → FR subinterface point to point (multipoint subinterface with no
split horizon will cause routing loop in this scenario bet R2-3-4-5)
• All routers have loopbacks, and must be reachable
• Authenticate R2,R3 & R4
• Filter R4 loopback on R1 with distribute list
• Summary address on R1 for two loopbacks
• From R2 reach loopback of R5 from R3 using distribute list
• Passive interface on R1 and use neighbor command
EIGRP
• IP protocol 88
• AD Internal 90, External 170
• Multicast updates to 224.0.0.10
• Auto summary is ON by default
• Split horizon is ON by default, to stop use (no
ip split-horizon eigrp AS#
• Builds neighborship before sending updates
EIGRP
• Packets
– Hello (Multicast / Unicast)
– Update (Multicast / Unicast) → ACK
– Query (Multicast / Unicast) → ACK
– Reply to query (Unicast) → ACK
– ACK (unicast)
EIGRP
• Timers
– Hello 5s, Hold 15s → LAN, P2P
– Hello 60s, Hold 180s → FR NBMA
• What should match to be neighbors?
– K values
– AS #
– Authentication
– Source of hello must be in the same subnet
EIGRP
• Metric = [k1*BW+(k2*BW)/(256-
load)+k3*Delay] * [k5/(reliability+k4)]
• K values default k1=k3=1, k2=k4=k5=0
• Metric = BW + Delay
• BW = (10^7/least BW in Kbps)*256
• Delay = Sum of delays in tens of msec * 256
EIGRP
• Advertised Distance AD = Metric from my
neighbor to the destination
• Feasible distance FD = Metric from this router to
the destination
• Successor = Route with lowest metric (Feasible
Distance FD)
• Feasible Successor = Backup route that satisfies
the feasibility condition
• Feasibility condition =
AD of feasible successor < FD of successor
EIGRP
• Network Commnd:
– Send Hello packets to form neighborship
– Advertise this net to other neighbors
– Send / receive updates on int
• EIGRP Tables:
– Neighbor table
– Topology table
– Routing table
EIGRP
• Equal cost load balance by default over 4 path
• Can be modified to be 6, 1 means no load balance
• Use variance to do unequal cost load balance, variance 2
means add routes that are in the range of double the best
metric. Variance 4 means in the range of 4 times the best
metric.
• Ip summary-address per interface suppress specific subnets
• Passive interface will stop hellos on interface
• Authentication MD5 only using key chain
– Ip auth mode
– Ip auth key-chain
EIGRP
• Stub networks, to limit scope of query msgs
– Receive only
– Connected (default)
– Summary (default)
Do advertise
– redistributed
– Static
• Default route origination using summary address
will suppress all subnets
• Unicast updates using neighbor command to stop
multicast on interface
EIGRP
• Filtering
– Distribute list
• Prefix list
• Access list
• Route maps
– Offset list
– AD
• Default hops is 100, max is 255
EIGRP Lab

• FR is same network but on R1 multipoint subinterface to test split


horizon
• R2 & R6 advertise same network to test variance on R3, 26.26.26.0/24
• Authentication R1,2,3
• Filter network behind R2 & R6 on R4 using prefix list
• Check traffic share in routing table sh ip route x.x.x.x
OSPF
• IP protocol 89
• AD = 110
• Metric = 100 / BW (Mbps)
• OSPF Packets
– Hello
– DBD (Database sync)
– LSR (link state request)
– LSA (link state advertisement)
– LSU (link state update) group of LSAs
– LSACK (link state ACK)
OSPF
OSPF
• Areas
• ABR (Area border router)
• ASBR (Autonomous System Border router)
• Intra Area (inside area)
• Inter area (between areas)
• Backbone Area (area 0)
• Special area types
– Stub
– Totally stubby
– NSSA
– Tot NSSA
OSPF
• LSA types
– 1 → Router LSA (info of router directly conn links
inside the area, does not cross ABR, one LSA for every
router in the area
– 2 → Network LSA (Adv by DR inside area only, include
list of attached routers to transit net like Ethernet or
NBMA) floods inside transit net only
– 3 → Summary LSA (Adv by ABR for every subnet to
other areas and receive same from other areas)
– 4 → Route to ASBR (ASBR send type 1 and its ABR
convert it to type 4 that contains router ID of ASBR)
OSPF
• LSA Types
– 5 → AS external LSA (of external networks injected by redistribution)
– 6 → Multicast OSPF LSA
– 7 → NSSA LSA
– 8 → External attribute LSA for BGP
• OSPF database table is constructed from the LSA changed.
• OSPF Route Types
– O intra area route
– O IA inter area route
– O E1 Type 1 external route (cost increase with path)
– O E2 Type 2 external route (cost is constant with path)
– O N1 NSSA Type 1
– O N2 NSSA Type 2
OSPF Neighbors
• Neighbor sequence
1. Down
2. Init
3. 2Way
4. Exstart
5. Exchange
6. Loading
7. Full
OSPF
• Router ID selection process:
– Configured Router ID under routing process, then
– Highest configured loopback IP, then
– Highest Active physical IP.
• What must match to be neighbors:
– Hello & dead timers
– Subnet Mask
– Area ID
– Authentication method and password
– Stub flag / NSSA flag
OSPF
• Authentication has two levels
– Area (configure type only either text or MD5)
– Interface (Configure both Type and Key)
• Authentication has two modes:
– Text
• -router)# area 0 authentication → Area level
• -if)# ip ospf authentication → Interface level
• -if)# ip ospf authentication-key xxxx OR

– MD5
• -router)# area 0 authentication message-digest → Area level
• -if)# ip ospf authentication message-digest → Interface level
• -if)# ip ospf message-digest-key 1 md5 xxxx OR
OSPF
• OSPF advertises stub network (loopbacks) as
host routes /32. To override this behavior and
advertise the network with its mask use:
– -if)# ip ospf network point-to-point
• ks
OSPF
• Configure all shown
• All routers have
loopbacks
• Area 0 Authen MD5
area level
• Area 1 & 2 authen text
interface level
OSPF Network types
• Point to Point (PPP & HDLC)
– No DR & BDR
– Auto discovery of neighbors
– Hello = 10s , Dead = 40s
OSPF Network types
• Broadcast Multi-access (Ethernet & Token ring)
– DR & BDR
– Auto discovery of neighbors
– Hello = 10s , Dead = 40s
– DR & BDR election based on:
• Highest priority (default is 1), if same then
– -if)# ip ospf priority 0-255
• Highest router ID
– 224.0.0.5 → Joined by all OSPF routers
– 224.0.0.6 → Joined by DR & BDR
– All routers will form:
• FULL neighborship with DR & BDR
• 2WAY neighborship with each other, as the LSAs are sent to the DR
to be resent to other routers so no need to form FULL
neighborship with other routers
Lab
• Configure the Ethernet
network all in area 0
• Test the DR/BDR
concept
• Make sure to see the
routers form FULL
neighborship with DR &
BDR and 2WAY with
other routers.
OSPF Network types
• NBMA (Non Broadcast Multi Access)
1. Non broadcast (FR, ATM & X.25)
• Acts as a LAN
• DR & BDR election
• Hello = 30s, Dead = 120s
• One subnet
• No auto discovery (non broadcast) use neighbor command on hub
• Unicast hellos
• If hub and spoke, hub is DR as it has full connectivity to all spokes, spokes with
priority 0 (in neighbor command on DR) as not to be BDR as they have no full
connectivity to all others
• Reachability issue that spokes will point directly to other spokes (i.e as if
broadcast) so to solve the problem another map statement on the spokes
resolving the other spoke IP through the hub router.
• Configuration steps:
– Manual configuration of neighbors on Hub with priority 0
» -if)# neighbor 1.1.1.1 priority 0
– Spokes configured with priority 0 on FR interface
– Adjust spokes FR to include extra map statement to reach other spoke through hub
OSPF Network types
• NBMA (Non Broadcast Multi Access)
2. Point-to-multipoint (RFC)
• Treats each spoke as point to point
• No DR & BDR election
• Hello = 30s, Dead = 120s
• Auto discovery of neighbors (multicast hellos)
• Single Subnet (Hub & Spokes)
• Advertise FR network end point as host routes /32
• Can use neighbor cost statement to adjust cost to neighbor
– -if)# neighbor x.x.x.x cost #
• Fixes reachability issue with NBMA, the Hub will modify the next
hop in the advertisements to match himself.
• Configuration sequence:
– FR map statements with broadcast keyword
– FR interface with point to multipoint option
» -if)# ip ospf network point-to-multipoint non-broadcast
OSPF Network types
• NBMA (Non Broadcast Multi Access)
3. Point to Multipoint non-broadcast (Cisco)
• Same as point to multipoint (RFC) but with no Auto
Discovery of neighbors (unicast hellos)
• Treats each spoke as point to point
• No DR & BDR election
• Hello = 30s, Dead = 120s
• Manual configuration of neighbors
• Can use neighbor cost statement
• Advertise FR network end points as host routes /32
• Fixes reachability issue with NBMA, the Hub will modify the
next hop in the advertisements to match himself.
OSPF Network types
• NBMA (Non Broadcast Multi Access)
4. Point to Point (Cisco)
• No DR & BDR election
• Hello = 10s, Dead = 40s
• Auto discovery of neighbors (multicast hellos)
• Uses point to point sub-interface on FR cloud between
Hub and Spokes
• Multiple subnets based on the number of connected
spokes
OSPF Network types
• NBMA (Non Broadcast Multi Access)
5. Broadcast (Cisco)
• DR & BDR Election
• Hello = 10s, Dead = 40s
• Auto discovery of neighbors (multicast hellos)
• Same subnet (extra map is needed on the spokes to
resolve the other spoke through the Hub)
Lab
• All routers are in same
subnet, R1 Hub & R2 R3
are spokes
• Test NBMA non-
broadcast, point to
multipoint and point to
multipoint non-broadcast
• All routers have
loopbacks
• Full reachability is
required
OSPF Filtering Techniques
• Filter list (using prefix list) to filter LSA type 3 between Areas, on
ABR
– -router)# area x filter-list in/out
• In → to Area
• Out → From Area
• Area Range to summarize some networks and choose to advertise
it or suppress it to filter LSA type 3, on ABR
– -router)# area x range x.x.x.x y.y.y.y advertise/not-advertise
– X → of area to be summarized
– Summary address will be an OSPF route pointing to Null0 on the router
doing the summarization
• Distribute list used to block the routes from entering the local’s
router routing table but it wont stop the LSA
– Prefix list
– Router Map (to block from a specific source)
OSPF Filtering Techniques
• To block LSA type 5 on ASBR into OSPF domain
use summary-address + not-advertise
– -router)# summary-address x.x.x.x y.y.y.y not-advertise
• Default route origination
– -router)# default-information originate [always]
– A default route MUST be in the routing table to send
the default route otherwise use the always keyword
– Sent as E2 type route
Lab

• FR is point to multipoint
• All routers have loopbacks (i.e 1.1.1.1, 4.4.4.4, 5.5.5.5,..)
• R4 has 192.168.4.0/24 & 192.168.44.0/24
• R5 has 192.168.0.0/24 & 192.168.1.0/24
• On R2 use filter list to filter 192.168.4.0/24
• On R3 summarize R5 loopbacks 0.0/24 & 1.0/24
• On R5 use distribute list to filter R1 loopback 1.1.1.1
OSPF Virtual link
• Virtual link is used to:
– connect an area that is not directly connected to Area 0 through
a transit area
– Connect dis-contigous Area 0
– -router)# area x virtual-link router-id
• X → of transit area
• Router-id → of the destination ABR
• Configured on both ABRs
• The ABRs don’t have to be directly connected.
• Virtual link is treated by OSPF as an Interface in Area 0
• # sh ip ospf virtual-link
– A Virtual link can be authenticated
– Multiple Back to Back virtual links can be configured to connect
multiple Areas to Area 0, like in the next lab.
OSPF Metric
• Cost function = 100 Mbps / interface BW in
Mbps
• Changing the cost of an Interface
– -if)# ip ospf cost x
– This will set the interface cost, that will be added
the rest of the costs in the path to the destination
• Change the Cost calculation
– -router)# auto-cost reference-bandwidth x
• X → default is 100 Mbps
Lab

• Virtual link between R2&R4 to make Area 3 join Area 0


• Configure loopback on R6 in Area 5
• Connect Area 5 to Area 0 by using Virtual link between R6 & R4
• Another way to connect Area 5 is by doing a tunnel between R6 and
R2 and configure its network in Area 0 in both R2 & R6
• On R7 advertise lo3 same as R3 loopback and change the R1 S1/1
interface cost to choose R7 for lo3 on R7
OSPF Special Areas
• Stub Area (No LSA type 5)
– -router)# area x stub
– Configured on all routers in the area
– Routers in Area receives
• LSA type 3 from ABR (O IA)
• Default route as LSA type 3 from ABR (O*IA)
– ABR sends LSA type 3 to Area 0
OSPF Special Areas
• Totally Stubby Area (Cisco) ( No LSA type 3,4
& 5)
– -router)# area x stub no-summary
– Configured on ABR router with no-summary
keyword and all other routers with stub keyword
only
– Routers in Area receives default route as LSA type
3 from ABR (O*IA)
– ABR sends LSA type 3 to Area 0
OSPF Special Areas
• NSSA (NO LSA type 4 & 5)
– Area is stub but has external routes in it
– -router)# area x nssa
– Configured on all routers in the area
– Routers in Area receives
• LSA type 3 from ABR (O IA)
• Default route as LSA type 7 from ABR (O*N2) manually
– -router)# area x nssa defaulit-information-originate
– ABR sends
• LSA type 3 to Area 0
• LSA type 5 to Area 0 ( LSA type 7 converted to LSA type 5)
– All routers send LSA type 7 (O N1 & O N2)
OSPF Special Areas
• NSSA Totally Stubby (NO LSA type 3,4 & 5)
– Area is totally stubby but has external routes in it
– -router)# area x nssa no-summary
– Configured on all routers in the area
– Routers in Area receives default route as LSA type 3
from ABR (O*IA)
– ABR sends
• LSA type 3 to Area 0
• LSA type 5 to Area 0 ( LSA type 7 converted to LSA type 5)
– All routers send LSA type 7 (O N1 & O N2)
Lab

• Area 1 → Stub, Area 2 → Totally Stubby


• Area 3 → NSSA, Area 4 → NSSA Totally Stubby
• R1 has Lo0 192.168.1.0/24 injected by redistribution
• R7 has Lo0 192.168.7.0/24 injected by redistribution
• R8 has Lo0 192.168.8.0/24 injected by redistribution
• Check that every router has set of routes that will match its Area type.
• R3 receives O IA and O*IA
• R5 receives only O*IA
• R7 receives only O IA, NSSA area’s ABR does not inject default route into the area by default it can be
done manually, but usually the NSSA area’s ASBR i.e R7 is the one that has the external routes so R7
should inject a default type 7 route into Area 3 that will be converted to type 5 by ABR.
• R8 receives only O* IA and any N2 routes. Since R1 participate in Area 4 and injecting external route,
R8 will receives the route as O N2.
• R8 routing table:
C 192.168.8.0/24 is directly connected, Loopback0
8.0.0.0/24 is subnetted, 1 subnets
C 8.8.8.0 is directly connected, Loopback8
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.18.0 is directly connected, Serial1/0
O N2 192.168.1.0/24 [110/20] via 10.1.18.1, 00:21:33, Serial1/0
O*IA 0.0.0.0/0 [110/65] via 10.1.18.1, 00:21:33, Serial1/0
• R5 routing table:
5.0.0.0/24 is subnetted, 1 subnets
C 5.5.5.0 is directly connected, Loopback5
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.45.0 is directly connected, Serial1/0
O*IA 0.0.0.0/0 [110/65] via 10.1.45.4, 00:16:09, Serial1/0
NAT
Lab

• R1 has a loopback 192.168.1.1/24


• R3 has a loopback 192.168.3.3/24
• Practice Static & Dynamic NAT on R2 when R1 pings R3
loopback with source IP on its loopback
• R1 loopback must be changed in R2 to be 10.10.10.10
• Manage to adjust the routing accordingly.
Redistribution
• Into RIP
– When redistribute routes from a routing protocol
into RIP the Default metric is Infinity (wont be
redistributed), so a valid metric MUST be specified
– When redistributing static or connected routes
into RIP the default metric is 1
Redistribution
• Into EIGRP
– When redistribute routes from a routing protocol
into EIGRP the Default metric is Infinity (wont be
redistributed), so a valid metric MUST be specified
– When redistributing static or connected routes
into EIGRP the default metric is equal to the
metric of the associated interface
Redistribution
• In OSPF
– When redistribute routes from a routing protocol
into OSPF the Default metric is 20
– The default metric type is Type 2 E2
– Subnet information does not redistributed by
default, so we have to add Subnets keyword
Lab

• All routers have loopbacks


• Redistribute on R2 and R3 to get full reachability.
Advanced Redistribution
• To filter the redistributed routes we can use
– Route maps to allow/deny specific routes
• Using the ACL or Prefix list in route map will allow the
permitted and deny the denied.
– Tags to mark the routes for further filtering in
another router in the domain.
Lab

• FR same network using Subinterface multipoint on R1.


• Full reachability by redistribution on R1
• Regarding the loopbacks the below is wanted only (do not filter
direct links connecting routers):
– Into EIGRP allow Lo5 & Lo7
– Into OSPF deny Lo3
– Into RIP allow Lo3 & Lo4

You might also like