6702C SG Part1 Version1 - 1

6702C IP Routing
Course number: 6702C
Student guide
Part Number: ENT-6702C-001P1.01.10
Issue: 1.10
Copyright © 2010 Avaya Inc. All Rights Reserved.
This document contains Avaya Inc. confidential and proprietary information.
It is not to be copied, disclosed or distributed in any manner, in whole or in
part, without express written authorization of Avaya Inc. While the information
in this document is believed to be accurate and reliable, except as otherwise
expressly agreed to in writing AVAYA PROVIDES THIS DOCUMENT "AS IS"
WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS
OR IMPLIED. The information and/or products described in this document are
subject to change without notice.
Avaya and the Avaya Logo are trademarks of Avaya Inc. and may be registered
in certain jurisdictions. All trademarks identified by ®, TM or SM are registered
marks, trademarks, and service marks,respectively, of Avaya Inc. All other
trademarks are the property of their respective owners.
- Page 1 -
Contents
Introduction............................................................................................................................3
Welcome............................................................................................................................ 3
IP Routing Overview............................................................................................................. 7
Introduction........................................................................................................................ 7
The function of routing...................................................................................................... 8
How an IP packet is forwarded through the network...................................................... 12
How routers work............................................................................................................ 15
IP addresses and IP Routing Tables.............................................................................. 22
Layer 2 or Layer 3 routing.............................................................................................. 31
Configuring routing on the ERS...................................................................................... 35
Characteristics of routing protocols.................................................................................37
Check your learning........................................................................................................ 40
Lesson summary............................................................................................................. 43
IP Forwarding and Static Routes........................................................................................45
Introduction...................................................................................................................... 45
IP Routing Table Manager.............................................................................................. 46
Static and default routes................................................................................................. 48
Route preference.............................................................................................................53
Lesson summary............................................................................................................. 61
Routing Information Protocol.............................................................................................. 63
Introduction...................................................................................................................... 63
Routing Information Protocol...........................................................................................64
Bellman-Ford algorithm................................................................................................... 65
Versions of RIP............................................................................................................... 67
Configuring RIP on the Ethernet Routing Switch............................................................79
Accept and Announce policies for RIP........................................................................... 85
Configuring RIP policies.................................................................................................. 90
Lesson summary........................................................................................................... 100
OSPF on the Ethernet Routing Switch............................................................................. 101
Introduction.................................................................................................................... 101
The routed enterprise network...................................................................................... 102
Basic components of OSPF.......................................................................................... 107
Types of OSPF Routers................................................................................................116
Types of OSPF networks.............................................................................................. 120
OSPF adjacencies.........................................................................................................122
OSPF interface configuration........................................................................................ 129
OSPF packet with message digest............................................................................... 136
Check your learning...................................................................................................... 139
Lesson summary........................................................................................................... 142
Advanced OSPF Features................................................................................................ 143
6702 IP Routing © 2010. All Rights reserved

- Page 2 -
Introduction.................................................................................................................... 143
Compare Routing Table and OSPF LSDB................................................................... 144
Network summaries....................................................................................................... 151
OSPF route policies...................................................................................................... 162
Virtual links.................................................................................................................... 168
Lesson summary........................................................................................................... 176
BGP4 Overview.................................................................................................................177
Introduction.................................................................................................................... 177
Border Gateway Protocol.............................................................................................. 178
BGP4 Concepts and Terminology.................................................................................184
Check Your Learning.....................................................................................................194
Lesson summary........................................................................................................... 197
Configuring VRRP.............................................................................................................199
Introduction.................................................................................................................... 199
Understanding Virtual Router Redundancy Protocol.....................................................200
The VRRP state machine............................................................................................. 207
VRRP advertisement..................................................................................................... 212
Configuring VRRP on a VLAN...................................................................................... 221
Lesson summary........................................................................................................... 227
IPv6 Overview................................................................................................................... 229
Introduction.................................................................................................................... 229
What is IPv6?................................................................................................................ 230
Differences between IPv4 and IPv6..............................................................................234
IPv6 header format........................................................................................................237
Deploying IPv6.............................................................................................................. 248
Lesson summary........................................................................................................... 253
Summary........................................................................................................................... 255
Wrap up......................................................................................................................... 255
Appendix - OSPF Packet Format..................................................................................... 257
Introduction.................................................................................................................... 257
OSPF packets............................................................................................................... 258
Appendix - BGP Packet Format....................................................................................... 273
Introduction.................................................................................................................... 273
BGP4 message format.................................................................................................. 274
Acronym List - Avaya Converged Campus...................................................................... 283
Acronym List - Avaya Converged Campus................................................................... 283
Acronym List - Converged Campus..................................................................................311
Acronym List - Converged Campus.............................................................................. 311
© 2010. All Rights reserved 6702 IP Routing

- Page 3 -
Introduction
Introduction
Welcome
Course Introduction
Course introduction
Welcome to course number 6702, IP Routing The purpose of this course is to provide you
with a comprehensive understanding of how to implement an IP-routed network using RIP
and OSPF protocols, and also show you how to establish route policies. Through lectures
and hands-on labs, you will gain a solid foundation of essential IP routing features used
on the Avaya Ethernet Routing Switch: static routes, route summaries and policies, and
the Layer 3 protocols RIP and OSPF.
Intended audience
This course is designed for technical staff responsible for the installation, operation, and
management of any Avaya Ethernet Routing Switch.
Course objectives
In this course, you will learn how to:
• Describe how IP routing is implemented on an Avaya Ethernet Routing Switch

including how to use RIP and OSPF Protocols
• Describe the advantages and use of Static routes, alternate routes and equal cost
multipath (ECMP) routes and how they are used in the network
• Explain the operation of RIP and configure RIP advertising within a network
• Explain how to configure an Open Shortest Path First (OSPF) network
• Describe the characteristics of a multiple-area OSPF domain and describe how OSPF
adjacencies are formed
• Describe the use of BGP
• Describe the use of VRRP
• Describe the benefits and implementation of IPv6
Required course materials
For this course, you will require the following materials:
• Student guide
• Student lab guide

- Page 4 -
Introduction
Course agenda
Course agenda
In this course, you will study the following lessons:
Course Details Duration
Introduction 30 minutes
IP Routing Overview 1 hour
Layer 2 Network Lab Activity 2 hours 30 minutes
IP Forwarding and Static Routes 1 hour
RIP Network Lab Activity 1 hour 30 minutes
Configuring Routing Information Protocol 1 hour 30 minutes
IP route policies and ECMP Lab Activity 1 hour 30 minutes
Configuring OSPF 1 hour 30 minutes
OSPF Networks Lab Activity 2 hours
Advanced OSPF Features 1 hour 30 minutes
OSPF and RIP Network Lab Activity 1 hour 30 minutes
BGP4 Overview 1 hour
BGP Network Lab Activity 1 hour 30 minutes
Configuring VRRP 1 hour
IPv6 Overview 1 hour
Conclusion 30 minutes
Total Course Duration 4 Days
Prerequisite Skills and Training

In order to successfully complete this course you should have an understanding of Ethernet
Layer 1 and Layer 2 technologies. You should have an understanding of IP Protocol and how
devices communicate using IP.
These skills may be obtained by successfully completing the following prerequisite courses:
• 0077 Ethernet Standards
• 6701 Ethernet Switching and Resiliency
• 0229 IP Fundamentals
The focus of the course is on the Routing Protocols RIP, OSPF and
BGP. Do not waste time on other subjects that are prerequisites or of
Student other student interest or you surely will not complete the material in 4
Notes days.

- Page 5 -
Introduction

- Page 6 -
Introduction

- Page 7 -
IP Routing Overview
IP Routing Overview
Introduction
Lesson introduction
Lesson introduction
The purpose of this lesson is to introduce you to IP Routing, including the details of the
Layer 2 and Layer 3 processes on the network and within a switch. You will also discover
the differences between the most popular Layer 3 IP routing protocols and the basics of
configuring IP routing on an Ethernet Routing Switch.
Lesson objectives
In this lesson, you will learn how to:
• Explain the difference between Layer 2 bridging and Layer 3 routing

• Explain how an IP packet is forwarded through the network
• Describe how routers work in an IP network
• Explain how IP address classes are used in an IP network
• Explain the Layer 3 forwarding process in the I/O module and the CPU of an ERS
• Identify the two steps used to configure an IP routing protocol on an ERS
• Identify the characteristics of each Layer 3 Routing Protocol supported on Avaya
Ethernet Routing Switches (RIP, OSPF and BGP)
Lesson duration
The duration of this lesson is 1 hour, 30 minutes.
This lesson should be followed by lab activity "Layer 2 network" which

will take about 2 hours to complete.
Student
Notes

- Page 8 -
IP Routing Overview
The function of routing

Creating the enterprise internetwork
Creating the enterprise internetwork
An enterprise network today requires more than Layer 2 (L2) switches and bridges. These
switches are used to create virtual local area networks (VLANs) that have the capability to
span multiple physical segments. This solves the connectivity problem, but has certain inherent
shortcomings.
For example, a flat L2 network is a single broadcast domain; meaning that a broadcast from any
station must be flooded throughout the VLAN, consuming network and end-station resources.
Also, each switch and bridge must maintain a forwarding database (FDB) containing the media
access control (MAC) address of every device in the network. Since today’s enterprise networks
may contain many thousands of devices, it places a strain on network resources and can impact
performance.
Finally, the format of the network address itself restricts the maximum number of hosts; for
example, a Class C Internet Protocol (IP) network only provides 254 unique host addresses.
To summarize, flat L2 networks simply do not scale well enough for the medium to large-sized
enterprise.
L3 forwarding: routing
The solution is to implement L3 forwarding, also known as routing. Whereas L2 devices forward
within a given network (or VLAN) using the destination MAC address, routers forward between
different networks. They do so by examining the destination network number in the packet's L3
header, and looking up the appropriate next hop in a table of known networks.
Routers do not need to know about all the hosts, just the networks where they reside (the host
MAC address is known only by the last router to deliver the packet to its network interface card
[NIC]). Such a system of interconnected VLANs is called an internetwork.
IP and other L3 protocols
Internetworks using IP are predominant in today's enterprises. The global Internet on which the
World Wide Web (WWW) is built is simply the largest example of an internetwork.
Besides IP, there are a number of other L3 protocols for creating internetworks based on
different standards. Some of these are: Internet Protocol Exchange (IPX), for Novell's NetWare;
AppleTalk, for Apple Computer's proprietary routing approach; and DECNet, from Digital
Equipment Corporation. Although these legacy protocols are still in use, the widespread
deployment of IP has made it the preferred choice for the vast majority of today's users.

- Page 9 -
IP Routing Overview
Layer 2 networks compared to Layer 3 internetworks
Layer 2 networks compared to Layer 3 internetworks
• Layer 2
• Single broadcast domain and all devices learn the MAC addresses
• Best for network edge switching
• Layer 3
• Routing protocols advertise networks

• Limits broadcast traffic
• Best for network core switching

- Page 10 -
IP Routing Overview
Why route instead of bridge?
Why route instead of bridge?

Scalability and flexibility
VLANs are constructed to limit the extent that broadcasts are seen in the network. VLANs are a
method of constructing custom broadcast domains. VLANs function at the Data Link layer, L2 of
the OSI Reference Model. To connect one VLAN to another, a Network Layer or L3 forwarding
device is required. These devices are called routers.
Advantages of routing over bridging
Routing has a number of advantages over bridging, such as:
• Broadcast limiting - Broadcasts are limited to the originating VLAN.

• Media flexibility - Routers can provide connectivity between hosts on different local
area network (LAN) types such as Ethernet, Token Ring, Fiber Distributed Data
Interface (FDDI), and ATM. Transparent bridges, on the other hand, require that all
hosts residing on LANs be of the same type, since they do not re-encapsulate or
otherwise modify data packets.
• Scalability - Routers need only know about the network addresses and the hosts on
directly attached segments or VLANs. They do not need to know about all the hosts
in the enterprise.
Disadvantages of routing compared to bridging
However, there are also some disadvantages:
• Complexity - Routers require software protocols in order to learn network addresses

from one another.
• Cost - Routers and L3 switches are typically more expensive than their simpler L2
counterparts.
• Design planning - Network administrators must assign network and subnet numbers
in a logical fashion to ensure connectivity and optimal performance.

- Page 11 -
IP Routing Overview
Connecting broadcast domains
Connecting broadcast domains
This is just a general example of using routers to connect and extend

networks. It also illustrates how routers can be used to connect different
Student data link topologies.
Notes

- Page 12 -
IP Routing Overview
How an IP packet is forwarded through the network

Network layer addresses
Network layer addresses
A Network Layer address identifies both the network a host resides on and the host itself. In
most cases it is not derived from the hardware MAC address in any way. Routers use only the
network address (until the last hop), so they mask off the host portion, leaving only the network
identifier. Once the packet reaches the destination network, some form of address resolution
is required to derive the host's MAC address so that the packet can be sent to the appropriate
NIC.
Typical network address format
The first part of a typical Network Layer address identifies the network on which the host
resides. This part is the network number. The second part identifies the device, or host. This
part is the node number. The next figure illustrates the address format used by IP.
Each packet contains a Network Layer address for both the source and the destination. Routers
use only the destination address. The destination host uses the source address in order to send
a reply back and establish a connection or session between end-stations. Routers have no role
in creating the connection; they simply forward datagrams between the hosts. Connections, on
the other hand, are created by Transport Layer (L4) protocols running within the hosts.
Typical network address format

- Page 13 -
IP Routing Overview
Address resolution and ARP
Recall that L2 relies on the hardware MAC address to deliver data to an end-station. Each NIC
is programmed to accept data sent to its address, as well as broadcasts. However, the last-hop
router does not necessarily know the MAC addresses of directly attached hosts. It just knows
the Network Layer address. Address Resolution Protocols (ARPs) are needed to translate a
host's Network Layer address to the corresponding MAC address at the last hop. The same
protocols allow stations on a flat network to communicate, even if they initially only know each
other's Network Layer address.
For instance, in the following example, station 10.10.10.3 broadcasts a request for the MAC
address of station 10.10.10.4, which is a destination end-station's Network Layer address. If the
destination node uses the same Network Layer protocol and is in the same broadcast domain,
it monitors the broadcast, recognizes its Network Layer address in the request, and responds
with its MAC address. The sender can now address a frame directly to the destination NIC.
Generally, a sender maintains a translation table or cache of resolved MAC addresses to avoid
repeatedly sending the same request every time it has another packet.

- Page 14 -
IP Routing Overview
ERS ARP configuration
ERS ARP configuration
The ERS maintains an ARP Table for translating IP addresses to MAC addresses. You can
view the table using Java Device Manager or the CLI.
ERS proxy ARP
Proxy ARP allows the ERS to respond to an ARP request from a locally attached host or end
station for a remote destination. It does so by sending an ARP response back to the local host
with its own MAC address of the router interface for the subnet on which the ARP request
was received. The reply is generated only if the switch has an active route to the destination
network.
To configure proxy ARP using the JDM menu bar, choose VLAN > VLANs, click IP and select
the ARP Tab. Click DoProxy.
This enables Proxy ARP on the VLAN. Proxy ARP may also be enabled on a port basis.

- Page 15 -
IP Routing Overview
How routers work

Creating a routing table
Creating a Routing Table

As shown in the following diagram, a router connects two or more networks through its physical
ports. Each of the ports on the router has a network address corresponding to the network
attached to it. The router automatically learns the addresses of these directly attached networks
and routes packets between them. For remote networks (those not directly attached), the router
must learn network numbers either through static configuration or from another router through a
dynamic routing protocol such as RIP or Open Shortest Path First (OSPF).
Creating a routing table
Forwarding decisions
Routers base their forwarding decisions on the network portion of a packet's Network Layer
destination address. They generally ignore the host portion until the last hop, since all hosts in
a given network are usually in the same direction relative to the router. Routers only keep track
of the networks in the internetwork, whereas bridges and L2 switches keep track of the hosts
within a single network. This substantially reduces the size of the routing table.
Destination networks
A routing table generally provides some information about each destination network, such as
which router port is most suitable for forwarding packets to that network, or the number of router
hops required to reach it. This allows the router to choose the best path to a particular network,
based on various criteria such as hop count, configured cost, or bandwidth. If a path becomes
unavailable for some reason, a router directs traffic to the most efficient path that remains
available.
If a port provides a connection directly to the destination network, the packet is sent to the target
host and routing is complete. Otherwise, it is sent to another router, which does its own look

- Page 16 -
IP Routing Overview
up and repeats the routing process. Each router transmits the packet toward its destination on
the most efficient path it knows about. The packet proceeds, hop by hop, until it reaches its
destination network.
Hop counter
Each time a router forwards a packet, it increments the hop count in the Network Layer
header. Many routers (such as IP routers) discard a packet when the hop count reaches some
maximum value. This prevents packets from looping endlessly through the internetwork.
Routers do not listen to every packet on the network; only those packets explicitly addressed
to the router at the Data Link Layer are monitored. For this reason, end-stations must be aware
of the router. Hosts are usually configured with a default gateway identifying the address of the
router port on their local network. When a host wants to send a packet to a remote network, it
knows to send it to the default gateway rather than trying to reach a remote host itself.

- Page 17 -
IP Routing Overview
Building the routing table - example
Building the routing table - example
Time 1 (T1): Router B’s directly-connected networks
Interface 1 and 2 were added to Router B with IP addresses 192.32.1.90 and 192.32.2.81,
respectively.
Destination networks that can be reached through this router are 192.32.1.0 and 192.32.2.0.
With both of these networks directly connected, Router B displays a metric of 0. Router B
advertises both networks with a distance metric of 1.
T2: Router A’s RIP update to Router B
Router B has learned, through a RIP update from Router A, that network 192.32.3.0 can be
reached through 192.32.2.80 and that network 192.32.3.0 is two hops away.
T3: Router C’s RIP update to Router B
Router C has sent a RIP update to Router B.
From that update, Router B learned that network 192.32.4.0 can be reached by using
192.32.1.91 and that the network is two hops away.

- Page 18 -
IP Routing Overview
IP address format
IP addressing
The dominant Network Layer technology is the Internet Protocol or IP. IP addresses consist
of 32 bits, generally written as a group of four octets separated by periods, in a format called
dotted-decimal notation. The maximum value of any octet is 255 (all bits set to 1), and certain
values (such as 255) are reserved. To assign IP addresses, it is often necessary to understand
the binary value of each octet. This can be done by converting the value of each octet into its
binary equivalent, as shown below:
187.124.225.188 = 10111011.01111100.11100001.10111100
The binary number system assigns a value to each digit that is a power of two. Whereas a
decimal number includes units, tens, hundreds, thousands, and so forth (powers of ten), the
binary digits' values are one, two, four, eight, 16, 32, and so on. By adding these values you can
easily convert a binary number to its decimal equivalent.
Activity
Convert the following values to binary or decimal:
Binary Decimal
1010 1010
98
0011 0101
199
Binary and decimal Values

- Page 19 -
IP Routing Overview
The network and node address
Network subnet masks
You have seen that the IP address consists of a network portion and a host portion, and
that routers use the network portion to make forwarding decisions. IP has different “classes”
of network addresses, with varying numbers of bits used for the network and host portion,
respectively. This presents several problems:
• How does a router or a host interpret a given address?

• Which are the network bits and which are the host bits?
The solution is a network mask, also known as a subnet mask. Like the IP address, the
subnet mask is a 32-bit number. The number is divided into four octets and represented in
dotted-decimal notation. The rules for applying a subnet mask are as follows:
• If the bit value is 1, that bit position is part of the network address. The network mask
begins at the most significant bit (left most bit) as a string of contiguous ones.
• If the bit value is 0, that bit position is part of the host address.
For example, the subnet mask 11111111 11111111 00000000 00000000 reserves the first
16 bits for a network number (the 1s) and the remaining 16 bits for host addresses. The
dotted-decimal notation for this subnet mask is 255.255.0.0.
If you extend the network portion by one bit, you effectively double the number of possible
network addresses and cut in half the number of unique host IDs. Every IP device must be
configured with the mask that has been chosen for its network. The various implementations of
Transmission Configuration Protocol (TCP)/IP accept the subnet mask in different ways. The
most common are:
• 192.168.10.24/255.255.255.0
• 192.168.10.24/24
Both of these IP addresses represent a host with an IP address of 192.168.10.24 and a 24-bit
mask of 255.255.255.0.

- Page 20 -
IP Routing Overview
Decimal - Binary translation chart

- Page 21 -
IP Routing Overview
Network (subnet) masks
Activity - Find the network and host address for each of the following:
Address/mask Network address Host address
101.202.18.34 /
255.255.255.0
192.168.200.44 / 16
47.32.76.44 / 255.255.240.0
204.234.181.209/30
Address/mask Network address
Student 101.202.18.34 / 255.255.255.0 101.202.18.0 0

Notes
192.168.200.44 / 16 192.168.0.0 0
47.32.76.44 / 255.255.240.0 47.32.64.0 0
204.234.181.209/30 204.234.181.208 0
Point out that the /x value must be amended to reflect the necessary
octet where the mask ends.
Student
Notes Also note that the standard Windows Calculator will convert between
Binary, hex, octal and decimal. To enable this feature, start the
calculator and from the menu select View > Scientific. Next select the
type of input necessary, enter the value and then select the new type.

- Page 22 -
IP Routing Overview
IP addresses and IP Routing Tables

Types of IP addresses
Types of IP addresses
The IP standards define several classes of IP addresses with different default mask values.
Organizations wishing to connect to the global Internet request one or more network addresses
for their company. These addresses are administered by a central authority to avoid duplication.
Here is the breakdown of the IP network classes:
• Class A - Used for the largest networks
• Default Mask of 8 bits

• Network address ranges from 1.0.0.0/8 to 126.0.0.0/8.
• 224 - 2 Hosts (16,777,214) - nodes for each network
• The most significant bit (MSB) is set to zero.
• Class B - Used for large and medium-sized networks

• Network address ranges from 128.0.0.0/16 to 191.255.0.0/16
• 216 - 2 Hosts (65,534) - nodes for each network
• The first two MSBs equal 10.
• Class C - Used for small networks

• Network address ranges from 192.0.0.0/24 to 223.255.255.0/24
• 28 - 2 Hosts (254) - nodes for each network
• The first three MSBs equal 110.
• Class D - Used for multicast
• Address ranges from 224.0.0.0 to 239.255.255.254

• Multicast addresses are valid as destination addresses only.
• 224.0.0.5 and 224.0.0.6 are used by OSPF
• 224.0.0.9 is used by RIP
• The first four MSBs equal 1110. The remaining 28 bits are used to identify the
multicast group.
• Class E - Reserved for research and experimental use
• Network address ranges from 240.0.0.0 to 254.255.255.255

• The first four MSBs equal 1111. The remaining 28 bits are used to identify a
group.

- Page 23 -
IP Routing Overview
IP address classes
IP address classes

- Page 24 -
IP Routing Overview
IP address class expressed in binary notation
IP address class expressed in binary notation
Each IP address class, when expressed in binary notation, has a different boundary point
between the network and host portions of the address, as illustrated below. The network portion
is a network number field from 8 through 24 bits. The remaining 8 through 24 bits identify a
specific host on the network.
Network and host boundaries in IP address classes
• Other addresses
• The IP address of 0.0.0.0 is used for the default network.

• Network address ranges from 127.0.0.0 to 127.255.255.255 are reserved for
loop back and internal testing. A destination of 127.0.0.1 is the local interface.
• Broadcast messages use the IP destination address 255.255.255.255 and are
intended for all computers on a network.

- Page 25 -
IP Routing Overview
Supernet addressing and Classless Inter-Domain Routing (CIDR)
Supernet addressing and Classless Inter-Domain Routing (CIDR)
A supernet is a group of networks identified by contiguous network addresses. Supernetting

allows you to address an entire block of Class C addresses and avoid using large routing tables
to track the addresses.
Each supernet has a unique supernet address that consists of the upper bits shared by all
of the addresses in the contiguous block. For example, consider the Class C addresses
192.32.128.0. By adding the mask 255.255.128.0 to IP address 192.32.128.0, you aggregate
the addresses 192.32.128.0 through 192.32.255.255 and 128 Class C addresses use a single
routing advertisement.
Another example is the block of addresses 192.32.0.0 to 192.32.7.0. The supernet address
for this block is 11000000 00100000 00000, with the 21 upper bits shared by the 32-bit
addresses.
A complete supernet address consists of an address/mask pair:
• The address is the first 32-bit IP address in the contiguous block. In this example, the
address is 11000000 00100000 00000000 00000000 (192.32.0.0 in dotted-decimal
notation).
• The mask is a 32-bit string containing a set bit for each bit position in the supernet
part of the address. The mask for the supernet address in this example is 11111111
11111111 11111000 00000000 (255.255.248.0 in dotted-decimal notation).
The complete supernet address in this example is 192.32.0.0/21.
Although classes prohibit using an address mask with the IP address, you can use CIDR to
create networks of various sizes using the address mask. You can also divide the address
space using variable-length subnet mask (VLSM); the division is not visible outside your
network. With CIDR, the addresses are used by routers outside your network.

- Page 26 -
IP Routing Overview
IP routing table
The entries in a general routing table within an IP router are defined as follows:
• Destination - The destination IP network of this route. An entry with a value of

0.0.0.0 is considered a default route. Multiple routes to a single destination can
appear in the table, but access to such multiple entries is dependent on the table
access mechanisms defined by the network management protocol in use.
• Mask - Indicate the network mask to be logically ANDed with the destination address
before being compared to the value in the ipRouteDest field.
• Interface - The router interface for this route. Virtual router interfaces are identified
by the VLAN number of the VLAN followed by the (VLAN) designation. Brouter
interfaces are identified by the slot/port number of the brouter port.
• Next Hop - The IP address of the next hop of this route
• Metric - Cost to the destination network. Depending on the protocol that learned the
route, this may be a simple hop count or a user-assigned cost value.
• Type - The type of route:
• Direct: Identifies that the destination network for this route entry is directly
connected to the router
• Indirect: Identifies that the destination network for this route entry is not
directly connected to the router. The destination network was learned by
updates from other routers.
• Alternate: Available route if the best route becomes unavailable
• Best: The route being used to forward IP traffic to the destination
• Equal Cost Multi-Path (ECMP): Provides alternate routes for faster
convergence in case of network failures
• Protocol - The routing mechanism by which this route was learned
• Age - The number of seconds since this route was last updated

- Page 27 -
IP Routing Overview
ERS 8600 Routing Table

- Page 28 -
IP Routing Overview
IP routing - explanation and figure 1 of 3
Communicating between subnets

If the source and destination subnetworks are different, the source workstation must send
the packet to its destination using an IP router. The source workstation creates an L2 header
with its MAC address as the source MAC address and the IP router's MAC address as the
destination MAC address. The IP header contains the source and destination IP address.
The IP router removes the MAC header and Cyclic Redundancy Checking (CRC) field,
examines the IP header for the destination address and compares this address to the router's IP
routing table. If the destination network is located or a default route is discovered, the IP router
forwards the packet out the interface towards the final IP destination. The router places a new
MAC header whose destination MAC address is either the next router down the line or the MAC
address of the final destination.
The following graphics illustrate this process.
1. The IP Layer on Host A accepts a UDP packet destined for Host B and encapsulates
the packet in an IP datagram that includes a source address of 192.30.10.20 and a
destination address of 193.40.10.20.
2. The Data Link Layer on Host A encapsulates the IP datagram in an Ethernet frame
and transmits the frame to Router A.
3. Upon receiving the Ethernet frame, Router A transmits the frame to Router B.
4. Upon receiving the Ethernet frame, Router B transmits the IP datagram in an
Ethernet frame to Host B.
IP routing, Figure 1 of 3

- Page 29 -
IP Routing Overview
IP routing - figure 2 of 3
1. How did Host A know to send the frame to Router A?

2. How did Router B acquire the Host B MAC address?
1 How did Host A know to send the frame to Router A?

Subnets not equal, so send to default gateway.
Student 2 How did Router B acquire the Host B MAC address?
Notes Router B ARPs for Host B.

- Page 30 -
IP Routing Overview
IP routing - figure 3 of 3
Additional questions to ask:
How did Host A acquire the Router A MAC address?

Student
Notes
How did Router A know to send the frame to Router B?
How did Router A acquire the Router B MAC address?
Did Router A modify either the IP source or destination address?
How did Router B know to send the frame to Host B?
Did Router B modify either the IP source or destination address?

- Page 31 -
IP Routing Overview
Layer 2 or Layer 3 routing

Layer 2 or Layer 3 forwarding?
Routing decision
Once the incoming frame has been identified as belonging to a VLAN with IP routing enabled,
the router executes a routing decision, deciding if the packet needs to be routed and if so, by
which layer, L2 or L3.
MAC destination mine?
If the MAC destination address is the address of the router interface itself, two possibilities exist:
• This is a packet to be routed using L3

or
• This is a management packet for the routing switch.
If the destination MAC address is not that of the routing entity, the packet is handled
at L2.
Layer 2 or Layer 3 forwarding?

- Page 32 -
IP Routing Overview
Layer 3 routing process
At this point, you know that the packet has the destination MAC address of the packet matches
the MAC address of the ingress port on the router. Next the router checks to see if the IP
address in the Layer 3 header matches an IP address on the router.
Does the IP destination match an address on the router?
• If yes, send the packet to the CPU.

• If no, determine if the network is local to the router.
Is the network local to the router?
• If yes, is the IP address in ARP table on that VLAN?
• If yes, use the MAC address for the IP address from the ARP table for the
destination MAC address.
• If no, refer to ARP Table for the MAC address associated with the IP address
and then forward the packet to the destination.
• If no, determine if the destination network is in the route table.
Is the destination network in the route table?
• If yes, use the MAC address associated with the next hop router and forward the
packet out the appropriate port.
• If no, determine if there is a default route assigned.
Is there a default route assigned to the VLAN?
• If yes, use the MAC address associate with the default router and forward the packet
out the appropriate port.
• If no, send an ICMP Destination unreachable message to the source of the packet.

- Page 33 -
IP Routing Overview

- Page 34 -
IP Routing Overview
ERS 8600 routing support
ERS 8600 routing support

The ERS 8600 performs Layer 3 switching (routing) along with Layer 2 switching, Quality of
Service (QoS), and other functions within the distributed hardware architecture. Therefore,
network design constraints concerning the speed at which routing occurs have been eliminated.
With the ERS 8600, you no longer design a network utilizing L2 VLANs as a speed advantage
over an IP/IPX L3 routed network, because packets are switched at the same speed regardless
of layer. For example, if you compare a routed IP packet traversing five 8600s with a Layer 2
switched packet traversing the same five 8600s, both switch at line rate with no difference in
latency. The Layer 2 and Layer 3 lookup is done by the same hardware and therefore packets
are switched at the same speed.
IP routing configuration
IP forwarding is enabled on the ERS 8600 by default and can be administratively disabled. To
configure IP routing protocols such as RIP, OSPF or BGP, you enable the routing protocol(s)
globally and on each of the IP interfaces that is required for the desired network topology.
IP routing interfaces
In the ERS 8600, there are two types of router interfaces: virtual router interfaces (routing
between VLANs) and brouter ports (routing and bridging on the same port). When routing
on a VLAN, an IP address is assigned to the VLAN and is not associated with any particular
physical port. A Brouter port is a single port VLAN that routes IP packets and is capable of
being member of other VLANs for bridge operations.
Ethernet Routing Switch routing support

- Page 35 -
IP Routing Overview
Configuring routing on the ERS

To enable routing on the ERS use the following two basic steps:
• Enable the routing protocol: RIP, OSPF, or BGP Globally

• Enable the protocol on the desired interfaces
The next graphic shows OSPF being enabled globally using the default RouterId. You insert
an interface to be configured with OSPF. The interface type broadcast is used for Ethernet. An
OSPF passive interface can be configured on the VLAN window.

- Page 36 -
IP Routing Overview
Disabling routing for a physical port
Disabling routing for a physical port allows you to configure a port to not perform routing, even if
it is part of a routed VLAN. You can use this feature in many cases.
One example is to prevent IP traffic from being routed on that port for security reasons. This
feature allows you to configure a port to not perform routing, even if it is part of a routed VLAN.
It is helpful in many cases. Use it to prevent IP traffic from being routed on that port for security
reasons.
The graphic below shows configuration using the CLI and Java Device Manager.

- Page 37 -
IP Routing Overview
Characteristics of routing protocols

RIP characteristics
RIP characteristics
RIP is a distance vector protocol that uses the Bellman-Ford algorithm to determine the best
route. RIP makes its routing decisions based solely on distance (hops). RIP does not take into
consideration such things as congestion, line speed, and cost.
A list of routes presently known by a router is broadcast out each RIP-enabled interface every
30 seconds.
RIP allows a maximum of 15 router hops between networks because of the time it takes for all
routers to converge (stabilize their routing tables).
RIPv1 - RIP, RFC 1058: RIPv2 - Multicasting RIPv2 updates, RFC

2453:
• Destination MAC is a broadcast,
ff-ff-ff-ff-ff-ff • Destination MAC is a multicast,
• Destination IP is a broadcast for 01-00-5E-00-00-09
the network, 192.168.10.255/24 • Destination IP is the RIP2
• RIP Update is formed as a Multicast address, 224.0.0.9
RIP1 update, no network mask • RIP Update is formed as a RIP2
included. update, and includes network
• RIP Version = 1 mask.
• RIP Version = 2
Provides Authentication

- Page 38 -
IP Routing Overview
OSPF characteristics
OSPF
Open Shortest Path First (OSPF) was created for use in large IP internetworks. It was defined
by RFC 1583 and updated in RFC 2178. It is a link state protocol operating in a fast, reliable,
and efficient way for routers to exchange network topology information. OSPF is an Interior
Gateway Protocol (IGP) that is used only for IP routing. It uses an IP Protocol ID of 89 (refers to
RFC 1700). It uses the Dijkstra Shortest Path First (SPF) algorithm to compute routes.
OSPF solves problems with:
• Convergence, by ensuring that all routers maintain an identical topology database

• Overhead, by only advertising changes to the network
OSPF features
OSPF features include:
• Quick convergence
• Area hierarchy for routing information control
• Variable Length Subnet Mask (VLSM)
• Configurable routing metrics
• Equal cost multipath (ECMP)
• Authentication
• IP multicast
• External routes tagged
OSPF characteristics
• Created for use in large IP networks

• Link state protocol
• Based on cost
• Exchanges Link State Advertisement (LSA) information with routers (between
neighbors)
• Floods LSAs out on all OSPF interfaces
• Enables building identical Link State Data Bases (LSDBs) on each router
• Provides fast convergence when topology changes
• Defined in RFCs 1583/2178/2328

- Page 39 -
IP Routing Overview
BGP characteristics
BGP
The Border Gateway Protocol (BGP) is an inter-domain routing protocol that provides loop-free
inter-domain routing either between autonomous systems or within an autonomous system
(AS).
Once configured, BGP systems exchange network layer reachability information (NLRI) with
other BGP systems for the purpose of constructing a graph of AS connectivity. BGP uses this
information to prune routing loops and enforce AS-level policy decisions.
BGP provides features that allow you to consolidate routing information and to control the flow
of BGP updates.
BGP characteristics
• BGP is an inter-domain Autonomous System (AS) routing protocol.
• The focus is the Internet.

• BGP requirement depends on ISP connection type and addressing strategy.
• Primary functions of BGP are to:
• Exchange network reachability information between Autonomous Systems

• Provide loop-free inter-domain routing between Autonomous Systems
• BGP4 uses a reliable transport mechanism (TCP/179).
• BGP4 supports Classless Inter-Domain Routing (CIDR).
• Aggregation of IP routes and AS paths

- Page 40 -
IP Routing Overview
Check your learning

Check your learning
Review what you just learned by answering the questions in your student guide.
A list of routes presently known by a router is broadcast out each RIP-enabled interface:
_____ Every 10 seconds
Answer: , Every 30 seconds
Which type of address identifies both the network a host resides on and the host itself?
_____ Network Layer address
_____ Network Summarization address
_____ IP address
_____ MAC address
Answer: Network Layer address

- Page 41 -
IP Routing Overview
Which protocol is needed for translating a host's Network Layer address to the corresponding
MAC address at the last hop?
_____ IP
_____ RIP
_____ OSPF
_____ ARP
Answer: , ARP
The IP standards define several classes of IP addresses with different default mask values.
Which class is used for small networks?
_____ Class A
_____ Class B
_____ Class C
_____ Class D
Answer: , Class C

- Page 42 -
IP Routing Overview
As routers forward packets between different networks, they need to know:
_____ All the hosts in the internal network
_____ Only the hosts in the networks where they reside
_____ Only host MAC addresses
_____ The MAC address of every device in the network
Answer: , Only the hosts in the networks where they reside

- Page 43 -
IP Routing Overview
Lesson summary
Lesson summary
In this lesson you learned how to:
• Explain the difference between Layer 2 bridging and Layer 3 routing

• Explain how an IP packet is forwarded through the network
• Describe how routers work in an IP network
• Explain how IP address classes are used in an IP network
• Explain the Layer 3 forwarding process in the I/O module and the CPU of an ERS
• Identify the two steps used to configure an IP routing protocol on an ERS
• Identify the characteristics of each Layer 3 Routing Protocol supported on Avaya Ethernet
Routing Switches (RIP, OSPF and BGP)

- Page 44 -
IP Routing Overview

- Page 45 -
IP Forwarding and Static Routes
Introduction
Lesson introduction
Lesson introduction
The purpose of this lesson is to introduce the concept of the Routing Table Manager
(RTM) functionality within an ERS. You will also see how a routing table is built and
maintained by the RTM.
Lesson objectives
• Explain the operation of the Routing Table Manager

• Explain static routes, alternate routes, and Equal Cost Multi-Path (ECMP) routes
• Describe how policies are used to facilitate network address summarization
Lesson duration
The duration of this lesson is 1 hour.
Resources
Refer to the following resources, as needed, to complete the lesson:
• NN46205-522 - Avaya Ethernet Routing Switch 8600 Configuration - OSPF and

RIP
RIP Network lab activity should follow this lesson.
Student
Notes

- Page 46 -
IP Routing Table Manager

IP Routing Table Manager
Routing Table Manager (RTM) is a software module within the ERS operating system. It
performs these significant functions:
• Maintains the routing table by interacting with the routing protocols

• Produces the routing table for IP forwarding
• Responds to link operation/configuration changes
• Manages static routes
• Administers ECMP
• Controls Alternate Paths
• Allows configurable route preference changes
Example
A destination network of 172.16.0.0/16 is being advertised by more than one routing protocol.
When the ERS 8600 receives the RIP advertisement for the network with a metric of 3, and also
another RIP advertisement with a metric of 5, the metric of 3 is chosen as the best RIP route.
ECMP would apply here, for multiple RIP learned routes with the same metric.
The Ethernet Routing Switch also learns the route using OSPF with a cost of 21. This is the
best OSPF route. ECMP would apply here for multiple OSPF learned routes with the same
metric.
The RTM Route Preference chooses the OSPF route over the RIP learned route because of the
lower preference. OSPF Intra has a preference of 20 compared to RIP preference of 100.

- Page 47 -
IP RTM Example
IP RTM Example

- Page 48 -
Static and default routes

Static and default route configuration
Static and default route configuration
Occasionally, you may want to create a route manually using static configuration rather than
depend on a routing protocol like RIP. Some reasons for using static routes are:
• Slow links or routers - RIP advertises the entire routing table every 30 seconds by
default. In a large network this might cause slow links or slow routers to use all of
their resources servicing the RIP updates.
• Summarization of IP networks - If the network is well constructed, a range of
network addresses might be reached using a small set of links. It would make little
sense to advertise large numbers of remote networks that were all reachable by only
a few links.
• Internet access - The Internet consists of tens of thousands of networks. For most
Enterprise networks, there is no need to import all of these networks into the network.
Instead, a single default route is used for any packet whose destination network is
unknown to the router.
In each of these cases, the use of static routes and/or default routes can enhance the
performance of the network.
Static routes can be used to advertise ranges of networks reachable by WAN links. In this case
the routes represented by the static route would be a summary of the networks reachable by the
WAN link. This would have the benefit of reducing the size of the local routing table, reducing
the size of the local RIP advertisements, as well as removing the necessity of running RIP on a
slow WAN interface.
You can use a static default route to specify a route to all networks for which there are no
explicit routes in the routing table. This route is by definition a route with the prefix length of zero
(RFC 1812). The ERS 8600 can be configured with any route using the IP static routing table.
Default routes can be used to support Internet access from within the enterprise network.
The default route in effect says, "If it is not within this enterprise, it must be on the Internet
somewhere." Therefore, the Next Hop of the default route would point to the company's Internet
Service Provider (ISP) router.
After a static or default route is configured on one router, it can be advertised to the rest of the
network using RIP, just like any other route.
IG note
Student To create a default static route, you must configure the destination
Notes address and subnet mask to 0.0.0.0.

- Page 49 -
Configuration notes
The following figure shows how static and default routes can be configured on the ERS 8600.
Configuring static and default routes
When static and default routes are configured on an Ethernet Routing Switch, the next-hop
does not need to be directly attached. The above figure shows how a default route might be
entered using a learned "next-hop." If this network becomes unreachable, the statically-defined
route (Static or Default) becomes inactive as shown by the Run-time CLI command.
• The next-hop address must be reachable using the current routing table to configure
the Static or Default route.
• Only the CLI show ip route info command displays inactive Static or Default routes.
The routing table shown using Java Device Manager (JDM) only shows active routes.
• Default and Static routes are not advertised by RIP unless a RIP Announce policy is
created.
• Default routes are not accepted or advertised by a RIP interface unless the
appropriate interface parameters are configured.
• default-listen <enable|disable>
• default-supply <enable|disable>

- Page 50 -
ECMP routes
ECMP routes
The Equal Cost MultiPath (ECMP) feature allows the ERS 8600 to determine up to four equal
cost paths to the same destination prefix. The multiple paths can be used for load sharing
of traffic and allows faster convergence to other active paths in case of network failure. By
maximizing load sharing among equal-cost paths, you can use your links between routers more
efficiently when sending IP traffic.
Refer to the latest ERS software release notes for the specific ECMP capabilities.
ECMP routes
ECMP Benefits
ECMP and alternate routes:
• Add bandwidth - ECMP

• Add resilience - Quicker fail-over than relearning through routing protocols

- Page 51 -
Alternate routes
Alternate routes
Routers can learn several routes to a given destination network through several protocols. If
the alternate route feature is enabled, it stores all of these alternate routes sorted in order of
network mask/cost/route preference. The "best" or first listed in this list is the best route, which
is used by the hardware. The rest of the routes are referred to as alternate routes.
Alternate routes provide for faster convergence in case of network failures.
To avoid traffic interruption, alternate routes can be enabled globally to replace best routes with
the next-best route if the best route becomes unavailable. The alternate route concept is applied
between routing protocols, for example if an OSPF route becomes unavailable and an alternate
RIP route is available it will be immediately activated without waiting for an update interval to
expire.
The internal routing table manager records the route changes for protocols. It maintains
separate tables of static (user-configured) and dynamic (protocol-learned) routes and you can
configure preferences that determine the precedence given to one type of route over another.
In the event of learning a route with the same network mask and cost values from multiple
sources (protocols), route preferences are taken into consideration to select the best route
to be added to the forwarding database. Up to four other routes for each destination are held
available as an alternative route.
Alternate routes

- Page 52 -
Routing Table Path Type
Routing Table Path Type
The Path Type specified in the routing table indicates how the route is to be used when
forwarding traffic.

- Page 53 -
Route preference
Route preference
The route preference specifies the order of preference in which a route source is to be used to
populate the routing table. You can adjust the default values to obtain a specific network design
behavior.
On an ERS 8600, default preferences are assigned to all standard routing protocols. You can
modify the default preference for a protocol to lend it higher or lower priority compared to other
protocols. When you change the preference for a route, if all best routes remain best routes,
only the local route tables are changed. However, if changing the protocol preference causes
best routes to no longer be best routes, neighboring route tables may be affected.
In addition, you can modify the preference value for dynamic routes through route filtering/IP
policies, and this value will override the global preference for the protocol. This alternative
mechanism allows you to change the behavior of specific routes to have a different preference
rather than acquiring the global protocol preference. For a static route, you can specify an
individual route preference that overrides the global static route preference. The preference
value can be anything between 0 and 255, with 0 reserved for local routes and 255 representing
an unreachable route.
Be aware that changing route preferences in a live network can affect system performance
and network reachability. Therefore, Avaya recommends that you make any modifications to
route preferences while the switch is not actively routing within a live network. To change the
default preferences for routing protocols, you should first disable the routing protocols, make the
preference changes, and then re-enable the routing protocols.
Modifying route preferences

- Page 54 -
Routing Table Manager policies
Routing Table Manager policies
When the ERS 8600 routes IP traffic, a number of filters can be applied that manage Accept,
Redistribute, and Announce policies for unicast routing table information. The filtering process
relies on the IP prefix lists in the common Routing Table Manager infrastructure. The filtering
criteria are specific to each of the routing protocols.
The following figure illustrates the Routing Table Manager policies.
IP RTM Example
Routing table manager policies

- Page 55 -
RIP route policies
RIP route policies
Criteria RIP announce

RIP announceRIP announce
RIP announce RIP
- OSPF - Direct - RIP - BGP accept
- RIP
Match Protocol Yes Yes Yes Yes
Match Network Yes Yes Yes Yes Yes
Match IpRoute Source Yes Yes
Match NextHop Yes Yes Yes Yes Yes
Match Interface Yes
Match Route Type Yes
Match Metric Yes Yes Yes Yes Yes
MatchAs Path
Match Community
Match Community Exact
Match Tag Yes
NssaPbit
SetRoute Preference Yes
SetMetric TypeInternal
Set Metric Yes Yes Yes Yes Yes
SetMetric Type
SetNextHop
SetInject NetList Yes Yes Yes Yes Yes
SetMask Yes

- Page 56 -
OSPF route policies
OSPF route policies
OSPF route policy criteriaOSPF redistribute

OSPF redistribute
OSPF redistribute
OSPF redistributeOSPF
Direct Static RIP BGP accept
OSPF
Match Protocol
Match Network Yes Yes Yes Yes Yes
Match IpRoute Source Yes
Match NextHop Yes Yes Yes
Match Interface Yes
Match Route Type Yes
Match Metric Yes Yes Yes Yes Yes
MatchAs Path
Match Community
Match Community Exact
Match Tag Yes
NssaPbit
SetRoute Preference Yes
Set Metric Yes Yes Yes Yes Yes
SetMetric Type Yes Yes Yes Yes
SetNextHop Yes
SetInject NetList Yes Yes Yes Yes Yes

- Page 57 -
BGP route policies
BGP route policies
BGP Route BGP Redistribute

BGP Redistribute
BGP Redistribute
BGP Redistribute
BGP Accept
BGP Announce
Policy Criteria OSPF Static RIP Direct BGP BGP
Match Protocol
Match Network Yes Yes Yes Yes Yes Yes
Match IpRoute Source Yes Yes
Match NextHop Yes Yes Yes Yes Yes
Match Interface Yes
Match Route Type Yes Yes
Match Metric Yes Yes Yes Yes Yes Yes
MatchAs Path Yes Yes
Match Community Yes Yes
Match Community Exact Yes Yes
Match Tag
NssaPbit
SetRoute Preference
Set Metric Yes Yes Yes Yes Yes Yes
SetMetric Type
SetNextHop Yes Yes
SetInject NetList
SetMask
SetAsPath Yes Yes
SetAsPath mode Yes Yes
Set Automatic Tag
Set Community Number Yes Yes
Set Community Mode Yes Yes
Set Origin Yes
SetLocal Pref Yes Yes

- Page 58 -
BGP Route BGP Redistribute

BGP Redistribute
BGP Redistribute
BGP Redistribute
BGP Accept
BGP Announce
Policy Criteria OSPF Static RIP Direct BGP BGP
SetTag
SetWeight Yes
RIB = Routing Information Base

- Page 59 -
Check your learning

Check your learning
Which provides faster convergence in case of best route to a network becoming unreachable
then allowing quick recovery using another protocol?
_____ ECMP routes
_____ Alternate routes
_____ Indirect routes
_____ Next routes
Answer: , Alternate routes
Which Routing Table component indicates how the route is to be used when forwarding
traffic?
_____ Metric
_____ Next Hop
_____ Protocol
_____ Path Type
Answer: , Path Type

- Page 60 -
For the ERS 8600, the feature that specifies the priority of which route sources will be used to
populate the routing table is the:
_____ Routing prefix lists
_____ Routing table policies
_____ Route preference
_____ Route filters
Answer: , Route preference

- Page 61 -
Lesson summary
Lesson summary
In this lesson you learned how to:
• Explain the operation of the Routing Table Manager

• Explain static routes, alternate routes, and Equal Cost Multi-Path (ECMP) routes
• Describe how policies are used to facilitate network address summarization

- Page 62 -

- Page 63 -
Routing Information Protocol
Introduction
Lesson introduction
Lesson introduction
The purpose of this lesson is to examine the process of routing datagrams at the open
system interconnection (OSI) network layer, with a specific focus on Internet Protocol (IP)
routing and the Routing Information Protocol (RIP). Both the technology standards and the
vaya Ethernet Routing Switch (ERS) implementation are discussed.
Lesson objectives
• Explain the general characteristics of RIP

• Explain the Bellman-Ford algorithm
• Describe the differences between RIPv1 and RIPv2
• Configure IP-RIP routing on the Ethernet Routing Switch
• Describe and configure Accept and Announce policies for RIP
• Configure RIP policies
Lesson duration
Follow this lesson with Lab Activity - IP Route policies and ECMP which
will take about 1 hour and 30 minutes to complete.
Student
Notes

- Page 64 -

Routing Information Protocol (RIP) is a standard, dynamic routing protocol based on the
Bellman-Ford (or distance vector) algorithm. It is used as an Interior Gateway Protocol (IGP).
RIP allows routers to exchange information to compute routes through an IPv4-based network.
RIP is defined in RFC 1058 for RIP version 1 and RFC 2453 for RIP version 2. The most
significant difference between the two versions is that RIP version 2 supports subnet masks and
next hop information in the RIP packet.
RIP characteristics
In routed environments, routers communicate with one another to track available routes.
Routers can dynamically learn about available routes using RIP.
RIP uses broadcast User Datagram Protocol (UDP) data packets to exchange routing
information. Each router advertises routing information by sending a routing information update
every 30 seconds (one interval). If a router does not receive an update from another router
within 90 seconds (three intervals), it marks the routes served by the non-updating router as
unusable. If no update is received within 180 seconds (six intervals), the router removes all
routing table entries for the non-updating router.
RIP is known as a distance vector protocol. The vector is the network number and next hop,
and the distance is the cost associated with the network number. The hop count, or distance, is
used as a metric to determine the best path to a remote network or host. RIP does not take into
consideration such things as congestion, line speed, and cost.
RIP updates
A list of routes presently known by a router is broadcast to each interface every 30 seconds.
Routing tables are exchanged at the following times:
• Initial broadcast (router entering the network)

• Every 30 seconds (unsolicited)
• Link state change triggers update (when enabled)
RIP Diameter
RIP allows a maximum of 15 router hops between networks because of the time it takes for all
routers to converge (stabilize their routing tables).

- Page 65 -
Bellman-Ford algorithm
Building the routing table
Building the routing table
Distance vector protocols such as RIP maintain a routing table of reachable destination
networks. Each table entry contains the network address, metric (distance), interface (vector),
and other information such as the protocol that created the entry and the elapsed time since it
was last refreshed.
RIP uses the Bellman-Ford Algorithm. The Bellman-Ford Algorithm specifies the actions taken
when processing a received route. It checks whether the destination is already known.
• If not, it creates a new routing table entry, marks it with the interface on which the
route was received, and initializes the aging timer to zero.
• If the route is already known, it sees if the advertiser matches the existing next hop
router. If so, it resets the aging timer to zero to refresh the route. If advertised from a
different router and the metric is less than the existing route, it replaces this existing
route; otherwise it ignores the update. This prevents “thrashing” when two or more
routers advertise an equal cost route to a given destination.
Bellman-Ford Algorithm
Routing Table Manager
Ethernet Routing Switch (ERS) 8600 software implements standard RIP to exchange
Transmission Control Protocol (TCP)/IP route information with other routers. The ERS 8600

- Page 66 -
Routing Table Manager (RTM) enhances the functionality of the Bellman-Ford algorithm by
adding Equal Cost MultiPath (ECMP) and Alternate Route support.

- Page 67 -
Versions of RIP
Versions of RIP
There are two versions of RIP.
• RIP version 1 (v1) uses network classes as a basis for mask determination. A RIP
v1 router uses the mask associated with an interface and applies this mask to all
received routes to determine the network portion.
• RIP version 2 (v2), on the other hand, does not need to infer this information, since
the mask is included in every route advertisement.
Question
Using the following example:
Why is Rtr 2 the next hop for Net E and not Rtr 4?
Net E was first learned from Rtr 2. Net E will not be accessed by Rtr 4
unless access to Rtr 2 fails.
Student
Notes
Route selection process using RIP

- Page 68 -
RIP and network masks
Transmitting RIPv1 advertisements
RIPv1 advertisements do not contain the mask of the route advertised. Instead, the following
rule is applied:
• If the subnetwork route to be advertised out an interface is in the same network as

the interface, include the subnetwork in the advertisement.
else:
• Advertise only the natural “Class” network. (Do not advertise subnets into other
networks.)
Receiving RIPv1 advertisements
RIPv1 advertisements do not include the mask associated with the advertised route. To
overcome this limitation, RIPv1 interfaces assign a network mask based on the following:
• If the advertised subnetwork belongs to the network of the interface on which it is

received, the interface performs a Boolean AND with the advertised network and the
configured network interfaces mask.
else:
• Apply the natural “Class” mask of the received route if the host portion is zero.
• Assign a 32-bit mask if the host portion is non-zero.
• This occurs if a host is running RIPv1, such as with a UNIX routed

environment, and advertising itself into the network.

- Page 69 -
A RIP network
RIPv1 example
The following example illustrates a RIPv1 network. In this case, two Ethernet Routing Switches
are connected by a single connection on the 192.168.10.0/24 network.
Notice the routing table for Routing Switch 2.
• The network 10.1.1.0/24 on Routing Switch #1 is received as 10.0.0.0/8 on Routing

Switch #2.
• The network 172.16.101.0/24 on Routing Switch #1 is received as 172.16.0.0/16 on
Routing Switch #2.
• The network 192.168.11.0/24 on Routing Switch #1 is received correctly on Routing
Switch #2.
RIPv1 example
This example is to illustrate only the behavior of RIPv1 routers. In this

example, Router 2 applies the natural mask for the class A network
Student (10.1.1.0/24) and to the Class B network (172.16.10.0/24) on the
Notes common interface.
In a RIPv2 network, Router 2’s routing table will be accurate and include
the actual network addresses that are in the network along with the
correct mask.

- Page 70 -
RIP message format
The format of the RIP message is:
• Command - Specifies either (1) a request for routing information or (2) a response
that contains network-distance pairs from the sender's routing table
• Version - Contains current protocol version number. The receiver uses this number
to verify that messages are interpreted correctly.
• Family of Net 1 - Identifies the protocol family under which the network address is to
be interpreted. IP addresses are assigned a value of 2.
• Route Tag (v2) - An attribute assigned to a route that must be preserved and
re-advertised with a route. The intended use of the Route Tag is to provide a method
of separating "internal" RIP routes (routes for networks within the RIP routing
domain) from “external” RIP routes, which may have been imported from an external
gateway protocol (EGP) or another internal gateway protocol (IGP).
• Subnet Mask (v2) - The subnet mask that is applied to the IP address to yield the
non-host portion of the address. If this field is zero, then no subnet mask has been
included for this entry.
• Next Hop (v2) - The immediate next hop IP address to which packets to the
destination specified by this route entry should be forwarded. Specifying a value of
0.0.0.0 in this field indicates that routing should be through the originator of the RIP
advertisement.
• IP Address of Net 1 - IP address of the first network in the sender's routing table
• Distance to Net 1 - The number of gateway hops to the network. Values are limited
to the range of 1 through 15; 16 is used to signify infinity.
A maximum of 25 network entries can be contained in a single 512-octet response

packet.
Note

- Page 71 -
RIP message format

- Page 72 -
Transitional routing loops
An inherent problem in the way RIP operates, routing loops, is detailed in the following
illustrations and explanation.
1. Referring to the diagram below, assume Router A has a direct connection to Network
1. Router A has also sent RIP updates out all its interfaces, so Router B and Router
C have also learned reachability information for Network 1 through the appropriate
interface.
Transitional routing loops, Figure 1 of 3
2. Suppose that the connection to Network 1 on Router A fails. Router A eventually

marks that network as unreachable and advertises this fact. However, Router A
could also receive a RIP update from Router B before this occurs. In this case,
Router A follows the distance vector algorithm and believes that Network 1 can be
reached through Router B at a lower cost, so Router A places a new route in its
tables pointing back to Router B.
3. If either Router A or Router B receives a datagram destined for Network 1, they route
the datagram back and forth until the packet is dropped because of the Time-To-Live
(TTL) expiration. From a user's perspective, a connection does not happen or the
connection is broken.

- Page 73 -
Transitional routing loops - figure 2 of 3

- Page 74 -
Transitional routing loops - figure 3 of 3

- Page 75 -
Poison reverse
Poison reverse
Poison reverse is a technique for speeding the convergence of the network routing tables by
reducing the possibility of routing loops between adjacent nodes.
Operation of poison reverse
When an interface is configured with poison reverse, RIP advertises networks that it has learned
through that interface back out that same interface with a cost of infinity. In other words, it tells
its neighbors “do not forward packets for this destination to me, because I will just forward them
back to you.”
This process reduces the possibility of routing loops between adjacent nodes.
Example: Router B’s RIP update to Router C with poison reverse enabled
Poison reverse works as follows: (advertisements between Router B and Router C)
• Router B received a RIP update from Router C via interface 1.
• Router B now knows that network 192.32.4.0 is two hops away.
• Router B advertises network 192.32.4.0 out the same interface it was learned on;
however, with a cost of 16.
• This informs Router C that under no circumstance should it forward packets destined
for 192.32.4.0 toward Router B, since those packets would simply be forwarded back
on the same interface, resulting in a routing loop.
Poison reverse example

- Page 76 -
Split horizon
Split horizon
Sometimes poison reverse is inefficient, in that it uses bandwidth to advertise unreachable

networks. Split horizon attempts to solve this problem.
When an interface is configured with split horizon, RIP does not advertise networks that it has
learned through that interface back out that same interface.
Therefore, split horizon reduces the number of RIP packets sent with each update, conserving
bandwidth.
Whether to use poison reverse or split horizon is up to the network administrator. Poison
reverse is safer, because it explicitly tells neighbors not to forward certain packets. Split horizon
simply trusts the neighbors not to forward if the route is not advertised.
Poison reverse or split horizon is enabled on an interface-by-interface basis.
Note
Split horizon example

- Page 77 -
Sending RIP updates
Sending RIP updates
The ERS supports the following four RIP Send modes, configurable on all router interfaces:
rip1Compatible - Broadcast RIPv2 updates using RFC 1058 route subassumption

rules (default)
• Destination MAC is a broadcast, ff-ff-ff-ff-ff-ff.

• Destination IP is a broadcast for the network, ex: 192.168.10.255.
• RIP Update is formed as a RIPv2 update, that is, it includes the network mask.
• RIP Version = 2.
ripVersion1 - RIP updates compliant with RFC 1058
• Destination MAC is a broadcast, ff-ff-ff-ff-ff-ff.

• Destination IP is a broadcast for the network, ex: 192.168.10.255.
• RIP Update is formed as a RIPv1 update, that is, no network mask is included.
ripVersion2 - Multicasting RIPv2 updates
• Destination MAC is a multicast, 01-00-5E-00-00-09.

• Destination IP is the RIPv2 Multicast address, 224.0.0.9.
• RIP Update is formed as a RIPv2 update, that is, it includes the network mask.
DoNotSend - No RIP updates are sent on the interface.

- Page 78 -
Receiving RIP updates
Receiving RIP updates
There are three modes for receiving RIP updates on an interface, listed below:
• rip1OrRip2 - Accept RIPv1 or RIPv2 updates

• rip1 - Accept RIPv1 updates only
• rip2 - Accept RIPv2 updates only
Both the rip1OrRip2 and the rip2 modes accept multicast RIP2 update datagrams, 224.0.0.9 -
All RIPv2 routers.
When an interface is “receive ripv1,” only RIPv1 advertisements are

accepted. If the advertisements are rip1Compatible or RIPv2, they will
Student be ignored. This will cause routes not to be learned. A BAD THING.
Notes

- Page 79 -
Configuring RIP on the Ethernet Routing Switch

Configuring RIP
Configuring RIP
To advertise a router interface with RIP, you must configure the following:
1. Configure the global RIP parameters as required. This must include enabling the RIP
protocol.
2. Configure the interfaces to support RIP. If a router interface has RIP enabled, that
directly attached network will be advertised.
Local interfaces that do not run RIP are not advertised unless a RIP Announce policy is
configured.
Note
Global commands
The following are some of the CLI commands from the config/ip/rip context:
• enable
• holddown <seconds>
• info
• updatetime <seconds>
• receive <ipaddr> mode <rip1|rip2|rip1orrip2>
• send <ipaddr> mode <notsend|rip1|rip1comp|rip2>
The following are some of the commands that are available from both the
config/vlan/<vid>/ip/rip and the config/ethernet/<port>/ip/rip context:
• advertise-when-down <enable|disable>
• enable
• info
• poison <enable|disable>
• supply <enable|disable>
• trigger <enable|disable>

- Page 80 -
Configuring RIP

- Page 81 -
Fine tuning RIP
Additional RIP parameters
RIP Automatic Aggregation causes an interface in RIPv2 or RIPv1Compatibility mode to

broadcast RIP updates using the natural “Class” mask. This has the effect of reducing the size
and number of RIP updates out the interface as well as reducing the size of the routing table
of the receiving router. This parameter cannot be set when the router interface is configured to
send RIPv1 updates.
This parameter is best implemented when the announcing interface can be used to reach all
subnetworks that are represented by the “Class” mask. If this is not true, there may be areas of
the network that cannot be accessed, or other routing problems.
RIP Automatic Aggregation

- Page 82 -
RIP default supply/listen
RIP default supply/listen
This parameter allows the router interface to be configured to supply a default route,
0.0.0.0/0, if one exists. The interface can also be configured to accept offered default routes
as necessary. The following table shows the relationships between RIP Supply and RIP
AdvertiseDefaultRoute.
RIP supply and AdvertiseDafultRoute parameters
Supply AdvertiseDefaultRoute Action
disable disable No RIP updates sent
enable disable RIP update without default

route
disable enable Default route only (must

exist in routing table)
enable enable RIP updates and default

route if it exists in routing
table
The relationships between RIP Listen and RIP AcceptDefaultRoute are similar.
Point out that when you use auto-aggregation, the network must be
constructed in such a way that the summary routes created by this value
Student actually exist.
Notes
For example, this will not work if there is a single Class A or Class B that
has been subnetted and all routes in the network are from this single
class network. In this case, if auto-aggregation is enabled strange things
might happen in the network.

- Page 83 -
RIP Automatic Aggregation example
The following network represents a customer who has three groups of buildings on one campus.
Each of the Ethernet Routing Switches shown collects all of the routes from each group's
buildings into the backbone network.
Each building has a large number of networks from Class B Network 172.16.0.0, as shown in
the graphic. Each building has a number of Ethernet Routing Switches providing each floor
or workgroup with its own IP subnet from the Class B networks allocated to each group of
buildings. There are a total of 175 Class B subnets used.
The customer is concerned about the size of the RIP updates and decides to use the RIP
aggregation feature between the core routers to limit the size of the RIP updates and, therefore,
reduce the size of the routing tables in all of the routers.
Questions:
• Will this work?

• Why or why not?

- Page 84 -
IG Note
Student No When the RIP Aggregation is turned on between the core Routers,
Notes all the Subnets of 172.16.0.0 are summarized to the natural class B
Mask.
This will prevent connectivity between each of the groups of buildings. A

VERY BAD THING!
If the “core” network is constructed with 172.16.0.0/18, the RIP

Aggregation will not happen because each of the interfaces is in the
same network.

- Page 85 -
Accept and Announce policies for RIP

Function of Accept policies
Function of Accept policies
RIP Accept policies are applied whenever the router receives a RIP update. The policy is used
to selectively accept routes from the RIP update. If no policies are configured or no matching
policy exists for a given route, the default behavior is applied; that is, the route is included in the
routing table.
A RIP Accept policy can be used to:
• Listen to RIP updates only from certain gateways

• Listen only for specific networks
• Assign a specific mask to be included with a network in the routing table
Creating a summary route from RIPv2 advertisements
The following graphic illustrates one use of RIP Accept policies. The network uses RIPv2. All
routers in the network advertise their actual networks into the core. The administrator of Rtr A
wants to create a single route that points to Rtr C for all networks configured there. To do this,
an Accept policy is created that takes any network in the range 172.16.192.0 to 172.16.255.255
and creates a single entry into the routing table for Rtr A.
Example – Creating a summary route from RIPv2 advertisements

- Page 86 -
This will have the same effect as the Announce policy on the next page.
The difference is that in this case, each router must know exactly the
Student configuration of the rest of the network to create the correct Accept
Notes policy.

- Page 87 -
Why have RIP Announce policies?
Why have RIP Announce policies?
Announce policies enable a user to selectively announce routes out selected interfaces, hence
affecting the routes learned by other routers in the network. RIP Announce policies are applied
while sending a RIP update. The policy information is used to announce the route to other
routers in the RIP routing domain. The policy can select the source of the route from among
static, direct, RIP, or OSPF sources.
If no policies are configured or no matching policy exists for a given route, the default behavior
is applied; that is, RIP-learned routes are announced and all non-RIP routes are ignored.
Viewed in this context, the RIP Auto-Aggregation feature is a built-in Announce policy to
advertise routes out the selected interfaces using the Class mask, unless the network is
configured on that interface.
Announce policies can be used to:
• Announce or prohibit certain routes out specific interfaces

• Automatically generate a default route
• Announce or prohibit only routes learned from specific gateways
• Announce or prohibit only routes learned over specific interfaces

- Page 88 -
RIP Announce policy example
Example – A network with a RIP Announce policy
In the RIP Automatic Aggregation illustration, the network would not function because each of
the groups of Class B subnetworks was announced as the full Class B network with the Class B
mask. This caused routing problems between the subnetworks.
If an Announce policy were created to advertise all of the subnetted Class B networks with
a mask of 18 bits (255.255.192.0), the effect would be to advertise summary routes for each
subnetwork.
Example network with a RIP Announce policy
IG Note
Student This will work with the correct Announce Policy to summarize the local
Notes Class B networks to a single advertisement with 18 bits.

- Page 89 -
Accept policy
Summary route for Accept policy

The purpose of our Accept policy for Rtr A is to accept any advertised networks that exist on Rtr
C and create a single “summary” route for those networks.
Rtr C has network addresses in the following range:

• 172.16.192.0-172.16.255.255
Questions:
• What should the summary route be?
Answer - 172.16.192.0/18 or 172.16.192.0/255.255.192.0
Student
Notes
The next graphic illustrates the answer to this question.
• Will networks from Rtr B match this summary route?
• Why?
No - Networks from RTR B are within the range 172.16.128.0 to

172.16.191.255
Student The bit pattern for the third octet is 1000 0000 to 1011 1111.
Notes The common bits for RTR B are 10 and the default route for RTR C is
11.
Thus, the network addresses will not match our “summary route.”
Summary route for Accept policy

- Page 90 -
Configuring RIP policies

Configuring RIP policies
The following example describes how to configure RIP policies using an ERS 8600 with “E
modules”. You can form a unified database of route policies that can be used by the protocols
(RIP or OSPF) for any type of filtering task.
Policy ID
A policy is identified by a name or an ID. Under a given policy you can have several sequence
numbers, each of which is equal to one policy in the old convention. If a field in a policy is not
configured, it appears as 0 or any when it is displayed in the Java Device Manager (JDM).
This implies that the field is to be ignored in the match criteria. The clear option can be used to
remove existing configurations for any field.
Policy sequence number
Each policy sequence number contains a set of fields. Only a subset of those fields is used
when the policy is applied in a certain context. For example, if a policy has a set-preference field
set, it is used only when the policy is applied for accept purposes. This field is ignored when the
policy is applied for announce/redistribute purposes.
You can apply one policy for one purpose, for example, RIP Announce, on a given RIP
interface. In that case, all sequence numbers under the given policy are applicable for that
filter. A sequence number also acts as an implicit preference; a lower sequence number is
preferred.

- Page 91 -
Creating RIP policies
Creating RIP policies
Creating a RIP policy involves the steps listed below and described in detail in the next few
pages.
• Create a Prefix List
• Specify network addresses

• Specify network address ranges
• Create a Route Policy
• Permit or Deny
• Select Protocol Type
• Select Route Type
• Select the In/Out Policy
• Apply the policy to a RIP interface
This is just a summary of what is required. More information to follow.
Student
Notes

- Page 92 -
Creating a prefix list
You can create one or more IP prefix lists and apply that list to any IP route policy. The prefix
list combines two databases, the address-list and the net0lst, which were previously used by
all protocols for different types of policies. A prefix list with a 32-bit mask is equivalent to an
address. A prefix list with a mask less than 32 bits can be used as a network. If you configure
the masklengthFrom field to be less than Mask LengthTo field, it can also be used as a range.

- Page 93 -
Creating a route policy

You can configure route policies to be used for In, Out, and Redistribute purposes by all
protocols.
• Id - This is the ID of an entry in the Prefix list table.

• SequenceNumber - A second index used to identify a specific policy within a route
policy group.
• Name - This command is used during the creation process, or to rename a policy
once it has been created. This command changes the name field for all sequence
numbers under the given policy.
• Enable - This field indicates whether this policy sequence number is enabled or
disabled. If it is disabled the policy sequence number is ignored.
• Mode - This field specifies the action to be taken when a policy is selected for a
specific route. Select permit (allow the route) or deny (ignore the route).
• MatchProtocol - Select the appropriate protocol. If configured, matches the
protocol through which the route is learned. This field is used only for RIP announce
purposes.
• MatchNetwork - If this is configured, the switch matches the destination network
against the contents of the specified prefix list. Click the ellipse button and choose
from the list in the MatchNetwork dialog box. You can select up to four entries. To
deselect an entry, use the ALT key.

- Page 94 -
• MatchIpRouteSource - If configured, this matches the next hop IP address for

RIP routes and advertising router IDs for OSPF routes against the contents of the
specified prefix list. This option is ignored for all other route types. Click the ellipse
button and choose from the list in the Match Route Source dialog box. You can
select up to four entries. To deselect an entry, use the ALT key. This field can also be
changed in the Route Policy tab of the Policy dialog box.
• MatchNextHop - If configured, this matches the next hop IP address of the route
against the contents of the specified prefix list. This field applies only to non-local
routes. Click the ellipse button and choose from the list in the Match Next Hop dialog
box. You can select up to four entries. To deselect an entry, use the ALT key.
• MatchInterface - If this is configured, the switch matches the IP address of the
interface by which the RIP route was learned against the contents of the specified
prefix list. This field is used only for RIP routes and ignored for all other type of route.
Click the ellipse button and choose from the list in the Match Interface dialog box.
You can select up to four entries. To deselect an entry, use the ALT key.
• MatchRouteType - Sets a specific route-type to be matched (applies only to OSPF
routes). Externaltype1, and Externaltype2 specify the OSPF routes of the specified
type only. OSPF internal refers to intra- and inter-area routes.
• MatchMetric - If this is configured, the switch matches the metric of the incoming
advertisement or existing route against the specified value (1to 655535). If 0, then
this field is ignored. The default is 0.
• SetRoutePreference - Setting the preference greater than zero specifies the route
preference value to be assigned to the routes which matches this policy. This applies
to Accept policies only. You can set a value from 0 to 255. The default value is 0. If
the default is configured, the global preference value is used.
• SetMetric - If this is configured, the switch sets the metric value for the route
while announcing or redistributing. The default-import-metric is 0. If the default is
configured, the original cost of the route is advertised into OSPF; for RIP, the original
cost of the route or the default value is used.
• SetMetricType - If configured, this sets the metric type for the routes to be
announced into the OSPF routing protocol that matches this policy. The default is
type 2. This field is applicable only for OSPF announce policies.
• SetInjectNetList - If this is configured, the switch replaces the destination network
of the route that matches this policy with the contents of the specified prefix list. Click
the ellipse button and choose from the list in the Set Inject NetList dialog box
• SetMask - If this is configured, the switch sets the mask of the route that matches
this policy. This applies only to RIP accept policies.

- Page 95 -
RIP In/Out policy
RIP In/Out policy
You can configure inbound filtering on a RIP interface. This configured policy determines
whether to learn a route on a specified interface. It also specifies the parameters of the route
when it is added to the routing table. Conversely, you can configure outbound filtering on a RIP
interface. This configured policy determines whether to advertise a route from the routing table
on a specified interface. This policy also specifies the parameters of the advertisement.
RIP In/Out policy

- Page 96 -
Check your learning

Check your learning
Select the RIPv1 advertisement that would result from using the following information: •
Advertising interface: 192.168.10.1/28 • Route to be advertised: 192.168.11.16/28
_____ 192.168.11.0
_____ 192.168.11.16
_____ 192.168.0.0
_____ 192.168.10.0
Answer: 192.168.11.0
Due to the time it takes for all routers to converge, what is the maximum number of router
hops allowed in an IP network using RIP?
_____ 7
_____ 15
_____ 16
_____ 31
Answer: , 15

- Page 97 -
When an IP RIP interface configured with split horizon learns about a remote network, it:
_____ Advertises that network out that same interface with a cost equal to the sum of
the hop metric received and the interface's cost parameter
_____ Advertises that network out that same interface with a cost of 16
_____ Advertises that network out that same interface with a cost of 31
_____ Does not advertise that network out that same interface
Answer: , Does not advertise that network out that same interface
When an Ethernet Routing Switch receives a RIPv2 advertisement on an interface configured

to receive RIPv1, the Ethernet Routing Switch:
_____ Accepts the advertised route and mask
_____ Accepts the advertised route and use the mask of the receiving interface
_____ Accepts the advertised route and use the natural “Class” mask
_____ Ignores the advertisement
Answer: , Ignores the advertisement

- Page 98 -
Distance vector protocols such as RIP populate a routing table with:
_____ Reachable destination networks
_____ MAC addresses
_____ Metrics
_____ Interfaces
Answer: Reachable destination networks
Select the set of values for RIP Supply and RIP AdvertiseDefaultRoute that will
advertise all known routes except the default route.
Answer: b

- Page 99 -
Which parameter matches the next hop IP address of the route against the contents of the
specified prefix list, for non-local routes?
_____ MatchNextHop
_____ MatchInterface
_____ MatchProtocol
_____ MatchNetwork
Answer: MatchNextHop

- Page 100 -
Lesson summary
Lesson summary
In this lesson you learned to:
• Explain the general characteristics of RIP

• Explain the Bellman-Ford algorithm
• Describe the differences between RIPv1 and RIPv2
• Configure IP-RIP routing on the Ethernet Routing Switch
• Describe and configure Accept and Announce policies for RIP
• Configure RIP policies
Follow this lesson with Lab Activity - IP Route policies and ECMP which
will take about 1 hour and 30 minutes to complete.
Student
Notes

- Page 101 -
OSPF on the Ethernet Routing Switch
Introduction
Lesson introduction
Lesson introduction
The purpose of this lesson is to explain how to configure the basic components of an
Open Shortest Path First (OSPF) network on the Avaya Ethernet Routing Switch (ERS)
and identify the types of networks supported by OSPF.
Lesson objectives
In this lesson, you will learn to:
• Describe the features and advantages of Open Shortest Path First (OSPF)
• Explain the types of OSPF Link State Advertisements (LSAs)
• Describe the purpose of the four types of OSPF routers
• List the types of networks supported by OSPF
• Describe OSPF neighbor routers and explain the process of forming an adjacency
• Describe how to configure an OSPF router interface
• Describe Message Digest Version (MD5) authentication for OSPF adjacencies
Lesson duration
IG Note
Student Lab activity – OSPF Networks should follow this lesson. Allow 2 hours
Notes to complete this lab.

- Page 102 -
The routed enterprise network

The true cost of network links
The true cost of network links
Distance vector routing protocols, such as Routing Information Protocol (RIP), determine the
best path to remote networks by counting the number of hops. The smallest number of hops is
designated as the best route. While this type of metric works when all network links have the
same throughput, distance vector protocols have difficulty determining the “best” route if the
links in the network vary in capacity. As you have seen in prior units, protocols like RIP perform
a distributed computation. Each router learns the cost to all networks from its neighbors. The
router then chooses the best available route from this list, adds its own cost to this list, and
sends this information to all of its neighbors.
As an example, a 9600-baud RIP interface has the same metric as a Gigabit interface. RIP has
no way to distinguish between the two, unless the network administrator assigns an artificially
high hop count to the slow interface, a practice that not all vendors support.
Distance vector protocols typically broadcast the entire routing table on a frequent basis.
These network updates consume a large percentage of small network links, thus reducing the
bandwidth available for user's data.
Link state routing protocols
Link state routing protocols overcome these limitations. This class of routing protocols uses
a replicated, distributed database to calculate routes to all networks. Each router advertises
the cost to each of its neighbors. This cost is then flooded to all routers in the network. These
advertisements make up the database each router maintains. To calculate the routing table,
each router independently determines the best cost to all networks using this database. Link
state protocols, like OSPF, advertise only the costs of the links associated with a router. The
metric can reflect the speed of the interface. Then using these advertised costs, each router can
calculate the best route through the network.
To use the previous example, a 9600-baud interface may have a metric of 10,000 and a Gigabit
interface metric of 1. These metrics reflect the differences in the speed of the interfaces.

- Page 103 -
The routed enterprise network

- Page 104 -
Which routing protocol to use - RIP or OSPF?
Distance vector compared to link state
How to decide on a routing protocol for an Internet Protocol (IP) network? The choice for a
standards-based protocol is between RIP and OSPF. Each of these protocols has a place in the
world of IP routing. Choose the one that best fits into your network.
RIP
In general, RIP is an easy to use routing protocol in small-to-modest sized networks that have
stable links. It requires minimal protocol expertise or up-front design effort to function well.
However, since RIP broadcasts entire routing tables, its overhead may be unacceptable in
larger enterprises. Also, it does not adapt to failed network links quickly enough for some
mission-critical environments.
The next chart summarizes the advantages and disadvantages of using RIPv2.
Advantages and disadvantages of using RIPv2

- Page 105 -
Open Shortest Path First - OSPF
OSPF
Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) that distributes routing
information between routers belonging to a single autonomous system (AS). OSPF is a
link-state protocol that supports IP subnets, Type of Service (TOS)-based routing, and tagging
of externally-derived routing information.
In general, OSPF is better suited to larger enterprise networks. The ability to restrict the effect
of topology changes to a single area, its use of metrics reflecting the true speed of a link, and
its greater control over summarization and route importing make OSPF a clear winner in large
networks.
OSPF does require more planning, higher performance central processing units (CPUs) in
the routers, and experienced network management teams to monitor its performance. These
requirements may lead to higher implementation costs.
Advantages and disadvantages of using OSPF
OSPF routing protocol objectives
OSPF protocol is based on link-state information and Shortest Path First (SPF) route
computation. This is a departure from the Bellman-Ford basis used by traditional Transmission
Control Protocol/Internet Protocol (TCP/IP) routing protocols such as RIP.
The OSPF protocol was developed by the OSPF working group of the Internet Engineering
Task Force. It was designed expressly for the TCP/IP Internet environment, including explicit
support for Classless Inter-Domain Routing (CIDR) and the tagging of externally derived routing
information.

- Page 106 -
OSPF also provides for the authentication of routing updates, and utilizes IP multicast when
sending/receiving the updates. OSPF responds quickly to topology changes, yet involves small
amounts of routing protocol traffic.
OSPF Features
• Created specifically for use in large IP internetworks

• OSPF is one of a number of link state protocols. Intermediate system-to-intermediate
system (IS-IS) is another link state protocols.
• Metric is based on cost. There is no unreachable metric.
• Designed to support Classless Inter-domain Routing (CIDR)
• Supports numbered and unnumbered point-to-point networks
• Equal Cost Multipath (ECMP)
• Converges more quickly than RIP. In an OSPF environment, LSAs, not networks,
are exchanged. These advertisements reflect actual network topology information.
Distribution of LSAs is triggered by any change in the network and flooded to all
routers.
• Can be CPU-intensive, particularly when OSPF is recalculating new routes. Link
state database and SPF tree consume additional memory.
• Requires more planning and careful use of network address assignments to use its
best features. (RIP is plug-and-play.)
• Uses Dijkstra's SPF algorithm
• Request for Comment (RFC) 1583/2178/2328 (OSPF Version 2) represents the
present standard.

- Page 107 -
Basic components of OSPF

Link State Database and SPF tree
Link State Database and SPF tree
Routers using link state protocols, such as OSPF, do not exchange routing information. They
exchange link state information, which is maintained by each router in a database describing
the domain's topology. This database is called the Link State Database (LSDB), and has the
following features.
• The database is often displayed in technical literature as a diagram with a graph

composed of nodes and edges.
• The LSDB is a data structure containing LSAs. Each participating router has an
identical database. Each advertisement in the LSDB was built by one of the routers in
the OSPF domain and sent to every other OSPF (flooding) router.
• Using Dijkstra's SPF algorithm, and working from the LSDB, each router constructs
a tree of shortest paths with itself as the root (called the SPF tree). All routers run
this algorithm in parallel. The SPF tree gives the route to each destination in the
autonomous system. A best OSPF route can be derived from the SPF tree.
• The LSDB does not contain the best routes. The SPF tree derived from this LSDB
contains the best OSPF route, and for the ERS 8600 the best OSPF route is passed
to the Routing Table Manager (RTM).
• Using the routes preferences, the RTM compares the best OSPF routes with the
routes from other protocols for a given destination and then populates the routing
table. The router forwards a datagram to the next hop router based on the routing
table.

- Page 108 -
Basic components of OSPF
In the OSPF specification, an OSPF domain is equated to an

autonomous system (AS). However, in the real world, an AS is often
Student composed of multiple routing domains. Hence, we will use domains
Notes instead of autonomous systems.

- Page 109 -
Link State Advertisements
The six types of LSAs represent a piece of the OSPF network:
• Router links advertisement - Type 1
• Describes a router's links to the network. It is passed only within an area.

• Link state ID = The originating router's router ID
• Network links advertisement - Type 2
• Describes a multi-access network. It is passed only within an area.

• Link state ID = The IP interface address of the network's designated router
(DR)
• Summary link advertisement - Type 3
• Describes networks within an area. It is passed between areas.

• Link state ID = The destination network's IP address
• AS summary link advertisement - Type 4
• Describes a path to the AS boundary router (ASBR). It is passed between

areas.
• Link state ID = The router ID of the described ASBR
• AS external link advertisement - Type 5
• Describes external destinations originated on an ASBR. It is passed between

areas.
• AS external link advertisements in NSSA - Type 7
• Describes external destinations originated on an ASBR in an NSSA. Type 7

links are translated at Area Border Routers (ABRs) into Type 5 advertisements.
This list is to provide an introduction to LSAs providing a basis for the

building of the LSDB. Revisiting these LSAs will be required when
Student discussing the detail of forming an adjacency.
Notes
A Type 6 LSA is used in multicast OSPF.

- Page 110 -
Building the LSDB
Building the LSDB
Each router builds an advertisement describing its immediate surroundings. These

advertisements contain neighboring routers and networks.
In the advertisement, only directly connected networks are included.
LSAs can propagate throughout the OSPF domain.
In the figure below, the LSDB of all routers contains information about the complete network.
This information is pieced together from advertisements received from each of the other
participating routers within the OSPF domain.
Note that two of the vertices (N8 and N9) are networks representing a broadcast network with
one router.
All other vertices represent routers connected by point-to-point links.
Building the LSDB

- Page 111 -
Viewing the LSDB - JDM
The LSDB is the heart of OSPF. The LSDB is the same on all routers within a single area.
On the ERS you can view the LSDB from the Java Device Manager (JDM) by opening the Edit
OSPF window and clicking the LSDB tab.
The Run-time CLI can be used to gather additional detail about the LSDB.
show ip ospf lsdb [area <value>] [lsatype <value>] [lsid <value>] [adv_rtr <value>]
[detail]
The following figures show examples of the JDM and CLI with additional details.
Additional information, such as Neighbors and OSPF Interfaces can also be retrieved.
Viewing the LSDB - Java Device Manager

- Page 112 -
Viewing the LSDB - Run-time CLI
Viewing the LSDB - Run-time CLI

- Page 113 -
OSPF areas
Why OSPF areas?
In a large enterprise with many routers and networks, the LSDB and routing tables become
large. This is not advantageous because:
• Large routing tables consume memory and result in more central processing unit
(CPU) cycles being needed to make a forwarding decision.
• Large LSDBs consume memory.
• The processing of Link State Advertisements (LSAs) is CPU-intensive.
Dividing the network into OSPF areas can reduce these unwanted effects.
Characteristics of areas
When a network is broken up into areas:
• A separate LSDB is maintained for each area.

• Routers internal to the area maintain only one LSDB for the area to which they
belong.
• Area border routers (ABRs) must maintain an LSDB for each area to which they
belong.
• Networks outside an area are advertised into the area.

- Page 114 -
Advantages of areas
Some advantages of implementing OSPF areas are as follows:
• Routers internal to the area incur less overhead.

• The impact of a topology change is localized to the area in which it occurs.
Although the change is advertised outside the area, the processing of LSAs and the
consequent modification of the SPF tree require less CPU overhead.
• With careful network address planning, networks within an area can be advertised in
the form of a summary. This reduces the amount of processing on all routers external
to the area, and the size of the routing table.
In large networks, OSPF offers the following benefits:
• Fast convergence - When network topology changes, OSPF recalculates routes

quickly.
• Minimal routing protocol traffic - Unlike distance vector routing protocols, such as
RIP, OSPF generates a minimum of routing protocol traffic.
• Load sharing - OSPF provides support for equal-cost multipath routing. If several
equal-cost routes to a destination exist, traffic is distributed equally among them.
• Type of Service - Separate routes can be calculated for each IP Type of Service.

- Page 115 -
Graphical example of OSPF areas
Why areas?
Value Added: Inter-area IP traffic always transits a backbone component

because of the flow of area summary links advertisements.
Student
Notes

- Page 116 -
Types of OSPF Routers

Types of OSPF Routers
There are four types of OSPF routers:
• Internal
• Area Border
• Backbone
• Autonomous System Boundary
Internal Routers
An internal router is a router with all directly connected networks belonging to the same area.
Routers with only backbone interfaces also belong to this category. These routers run a single
copy of the basic routing algorithm and maintain one SPF for that area.
An Area Border Router, or ABR, is a router with interfaces in multiple areas. ABRs maintain
multiple LSDBs, one copy for each attached area, including the backbone.
ABRs must be connected to the backbone.
A backbone router is a router with an interface to the backbone. This router can also be an ABR
or an internal router. ABRs are, by definition, also backbone routers.
OSPF views non-OSPF networks as outside the OSPF AS and, therefore, external to it. An
OSPF router connected to such networks - Routing Information Protocol (RIP) or Border
Gateway Protocol (BGP) - is an AS Boundary Router (ASBR). This router has AS external
routes that are advertised throughout the OSPF domain. Every router in the OSPF domain
knows the path to each ASBR router.
The next figure illustrates the types of OSPF routers.

- Page 117 -
Types of OSPF routers
AS Boundary Router (ASBR) is also known as AS Border Router.
We prefer AS Boundary Router because it is easier for students to

Student
Notes distinguish from the Area Border Router.

- Page 118 -
Configuring OSPF on an ERS 8600
Global OSPF parameters
To configure the Global OSPF parameters for the ERS 8600, open the Edit OSPF window by
selecting Routing > OSPF from the menu bar.
• RouterID - A 32-bit integer uniquely identifying the router in the autonomous system.
By convention, to ensure uniqueness, this should default to the value of one of the
router's IP interface addresses.
• AdminStat - The administrative status of OSPF in the router. The value "enabled"
denotes that the OSPF process is active on at least one interface; "disabled" disables
it on all interfaces.
• VersionNumber - The current version of the OSPF protocol is 2.
• AreaBdrRtrStatus - A flag to note whether this router is an area border router
• ASBdrRtrStatus - A flag to note whether this router is an AS border router
• ExternLSACount - The number of external (LS type 5) link-state advertisements in
the link-state database
• ExternLSACksumSum - The 32-bit unsigned sum of the LS checksums of the
external LSAs contained in the link-state database
• OriginateNewLSAs - The number of new LSAs that have been originated. This
number is incremented each time the router originates a new LSA.
• RxNewLSAs - The number of LSAs received determined to be new instantiations.
This number does not include newer instantiations of self-originated LSAs.
• Port Metrics - Default Costs for 10 Mbs, 100 Mbs, and 1000 Mbs ports.
• TrapEnable - Indicates whether or not traps relating to OSPF are sent to the
management station.
• AutoVirtLinkEnable - Enables or disables automatic creation of virtual links
• SpfHoldDownTime - Allows you to change the OSPF Hold Down timer value (3
to 60 seconds). Default is 10 seconds. Specifies the amount of time to wait before
activating a route to a network that has been determined as down or unreachable.
This ensures that the route has become available for a period of time before
considering it valid, making for a level of network stability.
• LastSpfRun - Indicates the time (SysUpTime) since the last SPF calculated by
OSPF
• SPF Run - Allows you to initiate a new SPF run to update the routing table. This
feature can be used when you need to immediately restore a deleted OSPF-learned
route. It can also be used as a debug mechanism when the routing table's entries
and the link-state database are out of sync.

- Page 119 -
Global OSPF parameters
When deleting an Area, the user is no longer required to shut down

OSPF administratively; it can now be performed dynamically.
Student
Notes The user can also change the router-ID dynamically. However, this will
cause the OSPF to flush its LSDB and restart. This is consistent with the
RFC.

- Page 120 -
Types of OSPF networks

Types of networks supported by OSPF
OSPF routers form adjacencies differently based on types of networks. However, a protocol
cannot determine the type of network to which it is connected. You must declare the type
of network upon initial configuration. Failure to do so can result in incorrect operation of an
interface.
Point-to-Point network
This network connects a single pair of routers. This is a link with only one router at each end.
Links, High-Speed Serial Interface (HSSI), T1, and sync, running standard Point-to-Point
Protocol (PPP), are all examples of point-to-point networks. A point-to-point network can be
either numbered or unnumbered.
Broadcast Network
This network supports more than two attached routers. It can support sending a single message
to all routers (multicast messages). Ethernet, FDDI, and SMDS are examples of media
supporting broadcast networks.
Non-broadcast multi-access (NBMA) network
This network supports more than two attached routers, but has no broadcast capability. OSPF
packets that are normally multicast are sent to the IP address of each neighboring router.
X.25, Frame Relay, and asynchronous transfer mode (ATM) networks are examples of NBMA
networks.
Point-to-Multipoint (Std) network
This network supports OSPF capabilities in a group mode Frame Relay environment (non-fully
meshed and fully meshed).
Network behind a passive interface
A passive interface allows the advertisement of internal routes without forming adjacencies. The
network behind a passive interface is treated as a stub area. The network is advertised into the
OSPF area as an internal route.
A stub area is configured at the edge of the OSPF routing domain and has only one ABR.
A stub area does not receive LSAs for routes outside its area, which reduces the size of its
link-state database. A packet destined outside the stub area is routed to the ABR, which
examines it before forwarding the packet to its destination.

- Page 121 -
Hint for presenting this slide: Present the typical mappings of OSPF
network type to physical network per the examples. Then point out that
Student other mappings can work (for example, an Ethernet with only two routers
Notes configured as a point-to-point network) and may in, some cases, be
more efficient.

- Page 122 -
OSPF adjacencies
Why form adjacencies between routers?
Why form adjacencies between routers?
OSPF creates adjacencies between neighboring routers to exchange LSDB information. The
Ethernet Routing Switch supports up to 480 adjacencies.
The Hello protocol is used to determine if two routers are to become adjacent. The Hello
protocol verifies that both routers are in the same area, have the same interface timers and
network mask, and their router capabilities match. If all of these tests are passed, the routers
may then exchange link state information.
Forming an adjacency
The general process that OSPF routers use to form an adjacency is described below. For more
detailed information about this process, refer to RFC 2328.
1. Routers A and B exchange hello packets. Based on the contents, A and B decide
whether to become fully adjacent.
2. Routers A and B compare LSDBs by exchanging database description packets.
These packets do not provide enough detail to actually update the database, only
enough detail to find out which LSAs are not yet in the local database and which
LSAs presently in the database are out of date.
3. Each router updates its database by transmitting a link state request to the other
router. The request is considered fulfilled when a link state update is received
containing the requested LSAs.
1 Each router updates its database with information it considers better than what
it already has. A sequence number contained in each LSA determines what
constitutes better information. The receipt of each LSA is acknowledged by
using the link state ACK packet.
4. When this process is complete, the adjacency is formed, the link state databases are
synchronized, and the Neighbor State is Full.
5. The two routers continue to exchange Hello messages, maintaining their adjacency.
Any LSA learned by a router is propagated to its neighbors, otherwise the link is
inactive.

- Page 123 -
Forming an adjacency

- Page 124 -
Neighbor states
Neighbor states
The conversation between neighboring routers has defined states. On the router, you see some
of these states when you view the log or trace file.
The states that can exist between neighboring routers are:
• Down - This is the initial state of a neighbor conversation. There has been no recent
information received from the neighbor. This appears only for statically configured
neighbors.
• Attempt - This state only occurs on non-broadcast networks. It indicates that no
recent information has been received from a neighbor.
• Init - A hello packet is seen from the neighbor but bi-directional communication is not
established with the neighbor.
• Two-Way - Communication between the two routers is bi-directional. This occurs
when router A receives router B's hello and sees itself listed as a neighbor.
• ExStart - This is the first step in creating an adjacency. A master or slave
relationship is negotiated, governing the subsequent message exchange.
• Exchange - The router is describing its entire LSDB by sending database description
packets to the neighbor. The router with the highest router ID becomes the master.
• Loading - Link state request packets are sent to the neighbor asking for more recent
advertisements that were learned but not received. Link state updates are sent in
response.
• Full - The neighboring routers are fully adjacent, and the LSDBs are identical.

- Page 125 -
Neighbor States
In this example, RtrB is the DR and becomes the Master for this process
example.
Student
Notes Seq = references the sequence number used
I = Init bit
M = More bit
Master/Slave = Master Bit
This example is taken from RFC2328. This example also appears in a

number of other OSPF references.

- Page 126 -
Multi-access networks and the Designated Router
Adjacencies in a broadcast network
An adjacency is an agreement to exchange database information. Forming an adjacency can be

bandwidth-intensive and resource-intensive.
In a multi-access environment such as an Ethernet network, having all routers maintain

adjacencies with all other routers within a broadcast domain requires unnecessary overhead.
In the next figure, if Router A is adjacent to Routers B, C, and D, their LSDBs are identical.
Therefore, there is no need to form adjacencies between Routers C and D, B and D, or B and
C.
To reduce overhead in multi-access environments, a Designated Router (DR) is elected using

information contained in the same hello messages used to form an adjacency.
In the Hello message, the highest router priority parameter value dictates which router becomes
the DR. In the case of equal router priorities, the router with the highest router ID (a global
OSPF parameter) becomes the DR.
When a router's interface is initialized, the router checks for a DR. If one already exists, the
router defers to it, regardless of its configured priority.
The DR maintains adjacencies to all routers on the same physical network. This router sends
link state updates to the multicast AllSPFRouters address (224.0.0.5). This eliminates the need
to send a separate update to the address of each adjacent router.
Non-DR Routers and a Backup Designated Router (BDR)
Routers that are not the DR send updates to the AllDRRouters address (224.0.0.6).
A router can be prevented from becoming the DR by setting its router priority value to 0.
A Backup Designated Router (BDR) is also elected in case the DR fails. All routers, including
the DR, become adjacent with a BDR.

- Page 127 -
Routers forming an adjacency
A router attempts to form an adjacency in the following manner:
• On a point-to-point network, it forms an adjacency with the router at the other end of
the network.
• On a multi-access network, it forms an adjacency with the designated router (DR)
and the backup designated router (BDR).
Value Added: The number of adjacencies formed if all pairs of routers in

a multi-access network were to become adjacent is n(n-1)/2, where n is
Student the number of routers.
Notes
The transitive property we learned in grade school math (If A=B and
B=C then A=C) is the basis for designating a single route for all others to
become adjacent with reducing the number of adjacencies to n-1.

- Page 128 -
Propagating the arrival of a new adjacency
Propagating the arrival of a new adjacency
If a new OSPF router comes into the network, it must form at least one adjacency. The
presence of a new router means that there are new networks available, and this information
must be propagated throughout the network. The LSDBs of all OSPF routers must be updated
and the SPF tree recalculated.
In the next figure, this transition occurs as follows:
1. Router A initializes and starts to transmit OSPF Hello messages through the
point-to-point link.
• Destination IP Address: 224.0.0.5 (AllSPFRouters)

2. Routers B and A form an adjacency resulting in synchronization of their databases.
3. Router B sends a link state update packet to the DR of the multi-access network.
• Destination IP Address: 224.0.0.6 (AllDRRouters)

4. The DR announces the new advertisement to all adjacent routers on the broadcast
network.
• Destination IP Address: 224.0.0.5 (AllSPFRouters)

5. The receiving routers recognize new information in the update; change their LSDBs;
and flood the new information to all their adjacencies.
Steps for propagating the arrival of a new adjacency

- Page 129 -
OSPF interface configuration

Configuring the router interface
On the Ethernet Routing Switch, an OSPF router interface may be a brouter port or it may be a
virtual router port attached to a VLAN.
A brouter port is a single-port VLAN that can route IP packets and bridge all nonroutable traffic.
The difference between a brouter port and a standard IP protocol-based VLAN configured to
perform routing is that the routing interface of the brouter port is not subject to the spanning tree
state of the port. A brouter port can be in the blocking state for nonroutable traffic and can still
route IP traffic. This feature removes interruptions caused by Spanning Tree Protocol (STP)
recalculations in routed traffic.
• Enable - Enables (true) or disables (false) OSPF on the port

• HelloInterval - The length of time, in seconds, between the Hello packets that the
router sends on the interface. This value must be the same for all routers attached to
a common network.
• RtrDeadInterval - The number of seconds that a router's Hello packets have not
been seen before its neighbors declare the router down. This should be some
multiple of the Hello interval. This value must be the same for all routers attached to
a common network.
• DesigRtrPriority - The priority of this interface. In multi-access networks, this field is
used in the designated router election algorithm where the highest becomes the DR.
The value 0 signifies that the router is not eligible to become the designated router
on this particular network. In the event of a tie in this value, routers use the highest
router ID to determine the DR.
• Metric - The metric of using this type of service on this interface. The default value
of the TOS 0 Metric is 10^8 / ifSpeed. The value FFFF is distinguished to mean "no
route on this TOS."
• AuthKey - The Authentication Key. If the area's authorization type is
simplePassword, and the key length is shorter than eight octets, the agent
left-adjusts and zero-fills to eight octets. When read, ospfIfAuthKey always returns an
octet string of length zero. The key may be entered as ASCII text.
• AreaID - The identification number for the area, typically formatted as an IP address.
• AdvertiseWhenDown - If true, the network on this interface is advertised as up,
even if the port is down. The default is false.
• IfType - When you enable an OSPF interface, you designate it as a broadcast
(active), non-broadcast multi-access (NBMA), or passive interface. When an OSPF
interface is enabled, you cannot change its interface type. You must first disable the
interface. You can then change its type and re-enable it. If it is an NMBA interface,
you must also first delete its manually configured neighbors.
• PollInterval - Length of time, in seconds, between hello packets sent to an inactive
OSPF router.

- Page 130 -

- Page 131 -
Adding an interface - Java Device Manager
Adding an interface - Java Device Manager
To add an interface, specify the fields in the following table.
Fields
IP address Router Priority
Address Less if Designated Router
Area ID Backup Designated Router
AdminState Type
State AuthType
Click Insert. The OSPF, Insert Interfaces dialog box is displayed.
Fields on OSPF, Insert Interfaces dialog box
Fields
IP Address AuthKey
AddressLessIf HelloInterval
AreaID TransitDelay
AdminStat RetransInterval
Router Priority RtrDeadInterval
Type PollInterval

- Page 132 -
Fields
AuthType MtuIgnore
OSPF, Insert Interfaces dialog box

- Page 133 -
Authenticating OSPF neighbors
Levels of authentication in OSPF
RFC 2328 supports three types of message authentication:
Type 0 - Null
Type 1 - Simple password
Type 2 - Cryptographic authentication
Type 0 - Null
Use of this authentication type means that routing exchanges over the network and subnet are
not authenticated. The 64-bit authentication field in the OSPF header can contain anything; it is
not examined upon packet reception. When employing Null authentication, the entire contents
of each OSPF packet (other than the 64-bit authentication field) are check-summed in order to
detect data corruption.
Type 1 – Simple password
Using this authentication type, a 64-bit field is configured on a network basis. All packets
sent on a particular network must have this configured value in their OSPF header 64-bit
authentication field. This essentially serves as a "clear" 64-bit password.
In addition, the entire contents of each OSPF packet (other than the 64-bit authentication field)
are check-summed in order to detect data corruption.
Simple password authentication guards against routers inadvertently joining the routing
domain; each router must first be configured with its attached networks' password before it
can participate in routing. However, simple password authentication is vulnerable to passive
attacks. Anyone with physical access to the network can learn the password and compromise
the security of the OSPF routing domain.
Type 2 - Cryptographic authentication
Using this authentication type, a shared secret key is configured in all routers attached to a
common network or subnet. For each OSPF protocol packet, the key is used to generate and
verify a message digest that is appended to the end of the OSPF packet.
The message digest is a one-way function of the OSPF protocol packet and the secret key.
Since the secret key is never sent over the network in the clear, protection is provided against
passive attacks.
The algorithms used to generate and verify the message digest are specified implicitly by the
secret key. This specification completely defines the use of OSPF cryptographic authentication
when the MD5 algorithm is used.

- Page 134 -
Cryptographic authentication
Cryptographic authentication
Cryptographic authentication used by OSPF uses the MD5 algorithm as specified in RFC
1321. The algorithm takes as input a message of arbitrary length, and produces as output a
128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally
infeasible to produce two messages having the same message digest, or to produce any
message having a given pre-specified target message digest. The MD5 algorithm is intended for
digital signature applications using a private (secret) key under a public-key cryptosystem such
as Rivest Shamir Adelman (RSA).
Authentication field
When cryptographic authentication is used, the 64-bit authentication field in the standard OSPF
packet header is redefined, as shown below. The new field definitions are as follows:
• Key IP
This field identifies the algorithm and secret key used to create the message digest appended to
the OSPF packet. Key IDs are unique for each interface (or equivalently, for each subnet).
• Auth Data Len
This is the length in bytes of the message digest appended to the OSPF packet.
• Cryptographic sequence number
This is an unsigned 32-bit non-decreasing sequence number, used to guard against replay
attacks.
The message digest appended to the OSPF packet is not actually considered part of the OSPF
protocol packet. The message digest is not included in the OSPF header’s packet length,
although it is included in the packet’s IP header length field. The message digest is 128 bits in
length.
Note: The OSPF cryptographic authentication option does not provide confidentiality.

- Page 135 -
OSPF packet header for cryptographic authentication

- Page 136 -
OSPF packet with message digest

Generating the packet’s digital signature
Generating the packet's digital signature
When using cryptographic authentication, there may be multiple keys configured for the
interface. As the network administrator, you choose which key is enabled for an interface. The
switch then uses the selected key for message generation and modifies the out-bound packet
as follows:
1. The AuthType field in the standard OSPF header is set to 2.

2. The checksum field in the standard OSPF header is not calculated, but is instead set
to 0.
3. The Key ID is set to the chosen key's Key ID.
4. The Auth Data Len field is set to the length in bytes of the message digest that will
be appended to the OSPF packet. When using MD5 as the authentication algorithm,
Auth Data Len is 16.
5. The 32-bit cryptographic sequence number is set to a non-decreasing value (a value
at least as large as the last value sent out the interface). The precise values to use in
the cryptographic sequence number field are implementation-specific. For example, it
may be based on a simple counter, or on the system's clock.
6. The message digest is then calculated and appended to the OSPF packet. The
authentication algorithm to be used in calculating the digest is indicated by the key
itself. Input to the authentication algorithm consists of the OSPF packet and the
secret key. When using MD5 as the authentication algorithm, the message digest
calculation proceeds as follows:
• The 16-byte MD5 key is appended to the OSPF packet.

• The trailing pad and length fields are added.
• The MD5 authentication algorithm is run over the concatenation of the OSPF
packet, secret key, pad, and length fields, producing a 16-byte message
digest.
• The MD5 digest is written over the OSPF key (in other words, appended to the
original OSPF packet). The digest is not counted in the OSPF packet’s length
field, but is included in the packet’s IP length field. Any trailing pad or length
fields beyond the digest are not counted or transmitted.

- Page 137 -
Verifying the packet’s digital signature
Verifying the packet's digital signature
When using cryptographic authentication, the received OSPF packet is authenticated by the
switch as follows:
1. The switch compares the receiving interface's configured key having a Key ID equal
to that specified in the received OSPF packet. If the key is not found, or if the key is
not valid for reception, the OSPF packet is discarded.
2. If the cryptographic sequence number found in the OSPF header is less than the
cryptographic sequence number recorded in the sending neighbor's data structure,
the OSPF packet is discarded.
3. The switch verifies the appended message digest in the following steps:
1 The received digest is set aside.

2 A new digest is calculated, as described previously.
3 The calculated and received digests are compared. If they do not match, the
OSPF packet is discarded. If they do match, the OSPF packet is accepted as
authentic, and the "cryptographic sequence number” in the neighbor’s data
structure is set to the sequence number found in the packet’s OSPF header.
OSPF Hello with cryptographic authentication

- Page 138 -
Configuring MD5 authentication
Creating MD5 keys and MD5 key-IDs
On the Ethernet Routing Switches, MD5 authentication can only be configured using the
run-time CLI.
To configure MD5 authentication, the following commands from the
config ip ospf interface <ipaddress> context are used:
• To add an MD5 key and Key-ID:
add-message-digest-key <md5-key-id> md5-key <value>

• To remove an MD5 key and Key-ID:
delete-message-digest-key <md5-key-id>
• To enable MD5 authentication on the OSPF interface:
authentication-type <none|simple|message-digest>
• To view the MD5 keys and Key-IDs, use the info command.
Note: When the interface status is viewed using JDM, the AuthType value is equal to 2.
There is no value displayed for AuthKey.
Configuring MD5 authentication

- Page 139 -
Check your learning

Check your learning
To form an adjacency, the first procedure two routers perform is:
_____ Exchange Hello packets
_____ Exchange database description packets
_____ Transmit a link state request
_____ Synchronize LSDBs
Answer: Exchange Hello packets
Which protocol works well when all network links have the same throughput, but has difficulty
determining the "best" route if the links in the network vary in capacity?
_____ OSPF
_____ NLSP
_____ RIP
_____ IS-IS
Answer: , RIP

- Page 140 -
Which type of OSPF router has interfaces in multiple areas?
_____ Internal
_____ Backbone router
_____ ABR
_____ Any of the above
Answer: , ABR
The initial state of a neighbor conversation between two statically configured neighbors is:
_____ Down
_____ Attempt
_____ Init
_____ Loading
Answer: Down

- Page 141 -
OSPF routers describe the network using:
_____ MD5
_____ RIP
_____ ABRs
_____ LSAs
Answer: , LSAs

- Page 142 -
Lesson summary
Lesson summary
• Describe the features and advantages of Open Shortest Path First (OSPF)
• Explain the types of OSPF Link State Advertisements (LSAs)
• Describe the purpose of the four types of OSPF routers
• List the types of networks supported by OSPF
• Describe OSPF neighbor routers and explain the process of forming an adjacency
• Describe how to configure an OSPF router interface
• Describe Message Digest Version (MD5) authentication for OSPF adjacencies
IG Note
Student Lab activity – OSPF Networks should follow this lesson. Allow 2 hours
Notes to complete this lab.

- Page 143 -
Advanced OSPF Features
Introduction
Lesson introduction
Lesson introduction
The purpose of this lesson is to describe the advanced Open Shortest Path First (OSPF)
features and how to configure them on the Avaya Ethernet Routing Switch (ERS). OSPF
virtual links are discussed.
Lesson objectives
• Compare the Routing Table and OSPF Link State Database (LSDB) for a single area
network and a multiple area network.
• Describe the benefits of route summaries and how they are configured
• Describe the benefits of OSPF route policies
• Describe and configure virtual links
Lesson duration
Lab activity - OSPF and RIP Networks should follow this lesson.
Allow 1.5 hour to complete this lab.

Student
Notes

- Page 144 -
Compare Routing Table and OSPF LSDB

Single area OSPF Network example
Single area OSPF Network example
The following figure illustrates a simple, single area OSPF network. All routers are in area
0.0.0.0. Each router has five networks configured in its Class B subnetwork. Interswitch links
each use a single Class C network address.
Single Area OSPF network example
Questions
1. How many DRs are within the network?

2. If the routes shown have both OSPF and RIP operating on all interfaces, which will
be selected for the routing table and why?
Answers
Student 1 - One for each Interswitch network, thus 4.

Notes
2 - OSPF will be used because by default it has a higher preference than
RIP routes.

- Page 145 -
The Router links will point to the Router IDs in the network. In this case
0.0.0.1, 0.0.0.2, 0.0.0.3 and 0.0.0.4 are the router IDs in the network.
Student
Notes The Network Links will point to the DR on each network. In this case,
one interface from each of the networks: 192.168.10.0, 192.168.11.0,
192.168.12.0, and 172.16.193.0.

- Page 146 -
OSPF aging
OSPF Aging
Use the following table to answer the questions below.
Sample LSDB
1. How often does OSPF flood the LSA?

2. Which router is responsible for deleting entries in the LSDB?
Answers
Student Only the originating Router will cause its own LSDB entries to flush. A
Notes Router will not flush LSDBs that are not its own unless it has aged 3600
seconds (2 x 30 minutes).

- Page 147 -
LSDB and a down link
LSDB down link
Using this network, and the previous LSDB, what problems, if any, are illustrated?
Sample network with down link
Answer: The link between 0.0.0.3 and 0.0.0.4 is down. The age of an
entry for an active network link or Router link should never be more than
Student about 1800 seconds (30 minutes).
Notes
Note: The Router will remove entries in the LSDB if the age of the entry
becomes greater than 3600 seconds.

- Page 148 -
OSPF Area on the ERS
Ethernet Routing Switch as an Area Border Router (ABR)
To add an interface to an area other than 0.0.0.0, the area must first be created. When the area
is created, the AreaBrdRtrStatus (on the General tab of the Edit OSPF window) changes to
True.
To create an area on an Ethernet Routing Switch:
1 Open the Edit OSPF window and click the Area tab.
2 Click Insert.
This opens a dialog box to configure the new area on the ERS 8600.
3 Enter the necessary information and click Insert.
At this point, the new area is created.
Adding an interface to an OSPF area
To add existing interfaces to this new area, click the Interface tab in the Edit OSPF window and
modify the necessary information.
New interfaces may be added to the area at the time of creation.
Note: Area 0.0.0.0, the backbone, cannot be deleted. If there are no interfaces in the
backbone area, it will not appear in the LSDB or be advertised in the LSAs.
When a router acts as an ABR, it maintains copies of the LSDB for each area that has active
interfaces. In the example used here, each router maintains two databases.
Adding an interface to an OSPF area

- Page 149 -
Stub and Not-So-Stubby areas
Stub and Not-So-Stubby Areas
There are two types of areas that have special requirements: Stub Areas and
Not-So-Stubby-Areas (NSSAs).
Stub Area
• Does not receive advertisements for external routes

• Does not permit virtual links
• Only one ABR advertises a default route for the area.
• ASBR is not permitted.
Not-So-Stubby-Area (NSSA)
• Does not permit virtual links

• Only one ABR advertises a default route for the area.
• Allows ASBRs and AS external routes to exist
• Uses LSA Type 7 advertisements within the NSSA

• The ABR can translate the LSA Type 7 advertisements to LSA Type 5 AS
external advertisements for flooding into the rest of the OSPF network.
These restrictions reduce the size of the LSDB, because external LSAs are not included or
are reduced in number. The ABR advertises a default route, 0.0.0.0, into the Stub or NSSA as
a default route. Access to routes not in the area is sent to the ABR for forwarding using this
default route.

- Page 150 -
Creating a Stub Area and NSSA
To create a stub area or an NSSA on an Ethernet Routing Switch, open the Edit OSPF window
and click the Area tab. Select:
• ImportExternal to configure a “standard” area

• ImportNoExternal to configure a Stub area
• ImportNSSA to configure an NSSA
Creating a Stub area and NSSA
Remember that ASBRs cannot exist in a stub area.
Student
Notes

- Page 151 -
Network summaries
Why use network summaries?
Why use network summaries?
Creating the areas shown in the example network below caused the LSDB to expand from eight
entries (four router and four network links) to 20 entries.
Example network with multiple areas
Question
Why did the number of entries expand?
Answer: When areas are created, the ABR (Area Border Router) sends
Summary Advertisements between areas, not the network and router
Student links. Because we have not yet created area summaries, each router link
Notes and network link is advertised from and to the backbone. In addition, all
area summaries from the backbone are advertised into each new area.
Also, the router is an ASBR so there will be two copies of the LSDB.

- Page 152 -
Original and expanded LSDB
Original and expanded LSDB
Networks in Area 4 are not yet reachable although Router ID 4 is.
A virtual link is required and we will get to this in a few pages

Student
Notes

- Page 153 -
Creating area ranges
Network Summaries
Type 3 LSAs
Networks internal to an area are advertised to other areas using a Summary-Link State
Advertisement (Summary-LSA). This is a Type 3 LSA.
ABRs generate Summary-LSAs. By default, there is a Summary-LSA for every network within
the area. However, an ABR can be configured to condense many networks into a single
network summary. This type of Summary-LSA actually describes a range of networks, and all
the networks within an area are advertised as one. The major benefit of this is that it reduces
the size of the LSDBs of routers outside the area, and reduces LSA processing. A smaller
LSDB results in a smaller routing table.
To associate a range of networks to an area:
1. In the Edit OSPF window, click the Area Aggregate tab.
2. Click Insert and enter the necessary information.
This window also allows you to control which networks are summarized.
Any existing interfaces that fall within the created range become members of the new area.
If a new interface is created, it is added to an area if a range exists for that area and the IP
address for the interface is within that range.
Creating area ranges

- Page 154 -
Question
What summary ranges would be necessary for these ranges of addresses:

172.16.4.0-172.16.7.255 and 172.16.24.0-172.16.27.255?
IG Note - Answer
Student Looking at the third octet, 4 - 7 in binary is 0000 0100 to 0000 0111.
Notes The common bit pattern is 0000 01xx (x is don't care) so the network
and mask for this range is 172.16.4.0/22.
The second range: 24 - 27 is 0001 1000 to 0001 1011 . The common bit
pattern is 0001 10xx à 172.16.24.0/22
A summary range for area 0.0.0.0 was also created but is not shown
here.
Student
Notes The determination of the values for the network number mask to create
the ranges was covered in the 160 (Advanced IP) course and not
covered here. The process is very similar to determining the network
and mask to use for Accept and Announce policies.

- Page 155 -
LSDB with summary ranges
LSDB with summary ranges
The next graphic shows the LSDB and routing table for Router 0.0.0.1. Notice that for each area
on the ABR there is an LSDB.
The ABR advertises only summary information from area 0.0.0.0 into area 1.0.0.0 and from area
1.0.0.0 into area 0.0.0.0. This causes any communication between a host in area 1.0.0.0 and
any host in another area to go though the ABR.
• Area 0.0.0.0 only has summary information for non-backbone areas, and detailed
information about itself.
• Area 1.0.0.0 only has summary information for other areas, and detailed information
about itself.
Our example network has a router in area 3.0.0.0 supporting networks 172.16.0.0/18. Below is
a portion of the LSDB for Rtr 0.0.0.3 for area 3.0.0.0. Notice that Rtr 0.0.0.4 and the network
summary for area 4.0.0.0 are in the LSDB for area 3.0.0.0.
The effect of summarization

- Page 156 -
LSDB summarization
Partial LSDB for router 0.0.0.3 / area 3.0.0.0
Question
Are the networks in area 4.0.0.0 reachable from area 1.0.0.0? Why or why not?
Answer: Rtr 0.0.0.4 does not have a backbone connection. Without a

connection to area 0.0.0.0, these networks can't talk to the rest of the
Student world.
Notes

- Page 157 -
Connecting network types
Connecting network types
Networks external to OSPF
Many networks employ more than one IP routing protocol. When using OSPF, it is important to
understand how it interoperates with other protocols.
Networks in a routing table can be learned from a variety of sources. The source can be OSPF,
but it can also be RIP, BGP, EGP, or a static route that you added.
OSPF considers itself the primary source of routing information within the AS. OSPF views all
non-OSPF networks as external. The following are examples of external routes:
• A route derived from RIP

• A static route (including a default route)
• A route to a destination outside the AS derived from EGP or BGP
• A directly connected network not running OSPF
For OSPF to advertise these external networks into an OSPF area, OSPF Redistribute policies
must be configured.
Networks external to RIP
RIP, like OSPF, only considers itself and routes learned from other RIP gateways when building
the local routing table. Networks external to RIP must be configured though RIP Accept policies
in order to be advertised within the RIP network.
In the following example, both OSPF Router 0.0.0.1 and RIP Rtr 1 have interfaces in both the
OSPF and RIP routing domains. How the RIP and OSPF routes and metrics are included with
the other domain are functions of the policies applied on each router.

- Page 158 -
External networks example

- Page 159 -
Enabling ASBR
Connecting external networks
An Autonomous System Boundary Router (ASBR) has at least one source of routing information
that is not of OSPF origin. This could be an interface into a network supporting a different
routing protocol or it could be a router configured with static and/or default routes.
To make non-OSPF networks known to all routers in an OSPF domain, configure the router as
an ASBR. You do this by enabling the global parameter called ASBR. You can configure the
ERS 8600 switch as an OSPF ASBR to:
• Distribute all OSPF routes to BGP or RIP

• Distribute RIP, BGP, Direct, or static routes to OSPF
Enabling ASBR
To enable the ASBR function on an Ethernet Routing Switch, open the Edit OSPF window and
set ASBdrRtrStatus to True.
Enabling ASBR
When a router is configured as an ASBR, it begins sending Type 5 AS external link

advertisements (AS External-LSAs) that describe networks external to the OSPF domain.
An ASBR sends an AS External-LSA for each external route it has learned. These
advertisements are flooded throughout the OSPF domain without regard to area structure.

- Page 160 -
AS summary link advertisements
ASBR advertisements
When a router is configured as an ASBR, it announces this by setting the E-bit in its router links
advertisements (Type 1).
If the OSPF domain is divided into areas, the border router for the area to which the ASBR
belongs picks up the router links advertisement generated by the ASBR. The ABR then
transmits a Type 4 AS Summary LSA.
The AS Summary LSA describes a route to the ASBR. An AS Summary LSA is flooded by the
ABR into its adjoining areas. The exception to this is when the adjoining area is a stub area, and
the import summary parameter is set to False.
In the example network, OSPF Routers 0.0.0.1 and 0.0.0.4 are configured as ASBRs.
AS summary link advertisements

- Page 161 -
AS summary link advertisements LSA-5
AS summary link advertisements LSA-5
AS Summary Link Advertisements point to a “default” route to get to the

ASBR. Within an area, the route will be to the ABR.
Student
Notes At this point, our example network has not yet imported the RIP routes
into the OSPF network or the other way around. Stay Tuned...

- Page 162 -
OSPF route policies

OSPF route policies
OSPF route policies
Two mechanisms are implemented by the ERS 8600 Routing Table Manager (RTM) to control
route advertisements in an OSPF Domain:
• OSPF Redistribute
• OSPF Accept
OSPF Route Policy Criteria
You can build OSPF route policies using criteria in the following table.
OSPF Route Policy Criteria
OSPF Redistribute
The Redistribute function allows you to take what the Ethernet Routing Switch RTM has learned
from the various sources and advertise these routes as LSAs into the OSPF Domain. These
redistribute policies may be built upon criteria displayed in the table above.
OSPF Accept
An OSPF Accept Policy allows you to control which routes being received by the ERS 8600 will
be dropped, summarized or accepted based on the specified criteria.

- Page 163 -
OSPF redistribute route policies
OSPF policies are applied in an ASBR to redistribute the routes learned from non-OSPF
sources. If no policies are configured or no matching policy exists for a given route, the default
behavior is applied, and OSPF ignores all external routes.
To create a policy that advertises RIP routes into the OSPF network, use the OSPF Redistribute
function. You may also apply a policy to the redistribution to further control the advertisement.
The example on the opposite page shows the creation of OSPF Redistribute Policy on Router
0.0.0.1 that announces all local networks as Type I routes with an explicated metric of 100.
External advertisements may be viewed using the External Link Database tab on the Edit
OSPF window.
OSPF Redistribute Route Policies
• How would you enable the advertisements of “remote” RIP routes as Type II external
routes and “Local” RIP routes as Type I external routes?
Answer: Create an additional policy that the route source is RIP and
make the advertisement a Type-II. The two policies will work together to
Student create the "standard" type I or type II advertisements.
Notes

- Page 164 -
Routing table with Type 1 Routes
Routing table with Type 1 Routes
Notice that the summary route (network) 172.16.162.0/18 is reached

via the RIP network from Rtr4 to Rtr1 then into the OSPF network.
Student Remember that this summary network does not exist.
Notes
It is a creation of Rtr3 and its ABR function. This route does not really
exist. It is here because the announce policy on Rtr1 takes all OSPF
networks (this is one) and advertises it out the RIP interface. Rtr4 learns
of this network VIA RIP.

- Page 165 -
RIP Announce policies
OSPF routes into RIP networks
OSPF networks are advertised into RIP networks using RIP Announce policies. In this case, a
RIP policy is used to announce all OSPF routes into the RIP network.
A RIP Announce policy on Router 0.0.0.1 was created assigning a metric of 10 to all OSPF
networks. The graphic on the opposite page shows the routing table for Router 0.0.0.4. Notice
the RIP-learned networks.
If the metric value is set to 0, the actual metric of the route is used to announce the network
with RIP. This would cause a network with a metric of 100 to be unreachable within the RIP
network.
RIP Announce policies

- Page 166 -
Routing table
Routing table on remote RIP router

- Page 167 -
Accept policies in an OSPF network
Accept policies in an OSPF network
OSPF Accept policies are applied whenever the OSPF computes the external routes due
to a topology change or an external link-state advertisement (LSA). If there are no policies
configured or no matching policies found for a given route, the external route is included in the
routing table.
Creating an OSPF Accept policy
In our example, network users on Router 0.0.0.3 are to be denied access to 10.1.2.0/24. To do
this, the OSPF Accept policy shown below could be used. This policy prevents external routes
to 10.1.2.0/24 from entering the routing table on this router.
OSPF Accept Policies
Questions
• Is the LSDB on the switch modified when an Accept policy is created?

• Will an Accept policy affect the routing table on other switches in the OSPF network?
Answer to both questions is NO.
OSPF Accept policies can only be applied to external routes. OSPF

Student
Notes learned routes may not be modified.

- Page 168 -
Virtual links
Connecting to the backbone for noncontiguous topologies
Virtual links
A virtual link provides a means for an OSPF area's ABR to connect to the backbone area
0.0.0.0 in a virtual manner. With this solution, an OSPF area is allowed even if it is unfeasible
to provide to a direct connection to the backbone because of some topology or distance
restrictions. Instead of a direct connection to the backbone, the ABR establishes a virtual
connection to an existing ABR through a common area. The virtual link meets the requirement
for all areas to have a connection to the backbone area.
A virtual link is treated as a point-to-point link that has the following characteristics:
• This link must be between two ABRs with one area in common. The area the two
ABRs share is called the transit area.
• Originates from an ABR connected to the backbone
• Ends in an ABR of the non-contiguous area
A virtual link is not a physical point-to-point link. It is tied to the current least-cost physical path
through the transit area.
Through the virtual link, an adjacency is formed. Like the OSPF interfaces you configured, the
timers at each end of the virtual link must agree before an adjacency can be formed.
When the adjacency through the virtual link is formed, it is included in the router links
advertisements.
The following figure illustrates a virtual link in the example network.

- Page 169 -
Virtual link example
Remember that Virtual Links cannot be created through a stub area.
Student
Notes

- Page 170 -
Virtual links on the ERS
Configuring virtual links
Virtual links on the ERS 8600 can be created in three ways:
• Create virtual interfaces on two ABRs to create the virtual link.

• Use the auto virtual link process on both ABRs.
• Enable auto virtual link on a single ABR, and manually create the other virtual
interface on routers that share a common area.
Creating virtual links
To manually create a virtual link, each end of the link must be defined.
1. In the Edit OSPF window, click the Virtual Interface tab.

2. Click Insert and enter the transit or common area number this router has with its
neighboring ABR, and the router ID for the neighboring ABR.
The timer router dead-time interval is 60 seconds by default on virtual interfaces. This is
compliant with RFC 2328.
Note
Creating virtual links

- Page 171 -
Virtual neighbors

- Page 172 -
Auto Virtual Links
Using Auto Virtual Links
Use automatic virtual links to provide an automatic, dynamic backup link for vital OSPF traffic.
The Auto Virtual Link feature of the Ethernet Routing Switch ensures that if the ABR's
connection to the backbone breaks, a new virtual link is created. Once the virtual link is created,
it remains up even when the ABR's original connection to the backbone is restored.
To use the Auto Virtual Link feature, set AutoVirtLinkEnable to True on two ABRs that have a
common area. This is found on the General tab of the Edit OSPF window.
Enabling Auto Virtual Link feature
config ip ospf auto-vlink enable
If AutoVirtLinkEnable is only set to True on a single ABR, the other end of the virtual link to
be created dynamically. Other ABRs can be manually configured.
Enabling Auto Virtual Link feature

- Page 173 -
Check your learning

Check your learning
OSPF routers describe the network using:
_____ MD5
_____ RIP
_____ ABRs
_____ LSAs
Answer: , LSAs
A ______________ keeps the backbone contiguous.
_____ Virtual link
_____ Link state advertisement
_____ Summary link advertisement
_____ Link state database
Answer: Virtual link

- Page 174 -
The ______ is a table generated within every router in the OSPF domain.
_____ MD5
_____ LSDB
_____ LSA
_____ ABR
Answer: , LSDB
In a network running OSPF, the primary source of routing information within the AS is:
_____ A route derived from RIP
_____ A static route (including a default route)
_____ OSPF
_____ A route to a destination outside the AS
Answer: , OSPF

- Page 175 -
When a router is configured as an ASBR, it begins sending which of the following types of
LSAs to describe a network external to the OSPF domain?
_____ Type 5 AS External LSA
_____ Type 4 AS Summary LSA
_____ Type 7 LSA
_____ Type 4 AS LSA
Answer: Type 5 AS External LSA
OSPF networks are advertised into RIP networks using:
_____ External LSAs
_____ Summary LSAs
_____ OSPF Accept policies
_____ RIP Announce policies
Answer: , RIP Announce policies

- Page 176 -
Lesson summary
Lesson summary
• Compare the Routing Table and OSPF Link State Database (LSDB) for a single area
network and a multiple area network.
• Describe the benefits of route summaries and how they are configured
• Describe the benefits of OSPF route policies
• Describe and configure virtual links
Lab activity - OSPF and RIP Networks should follow this lesson.
Allow 1.5 hour to complete this lab.

Student
Notes

- Page 177 -
BGP4 Overview
BGP4 Overview
Introduction
Lesson introduction
Lesson introduction
The purpose of this lesson is to describe the Border Gateway Protocol (BGP4) features,
concepts, and terminology.
Lesson objectives
• Describe BGP4 features

• Describe BGP4 concepts and terminology
Lesson duration

- Page 178 -
BGP4 Overview
Border Gateway Protocol

Border Gateway Protocol (BGP) is an inter-domain routing protocol that provides loop-free
inter-domain routing between autonomous systems (ASs) or within an AS.
BGP systems can exchange network layer reachability information (NLRI) with other BGP
systems for the purpose of constructing a graph of AS connectivity. BGP uses this information
to prune routing loops and enforce AS-level policy decisions.
BGP provides features that allow you to consolidate routing information and to control the flow
of BGP updates.
Autonomous system, Interior Gateway Protocol Exterior Gateway Protocol
Autonomous system (AS)
An autonomous system (AS) is a group of networks managed by a single technical authority

that exhibits a coherent routing policy to other autonomous systems. Examples include an
Internet provider, an organization, a company, or a division within a company. Each AS is
assigned a unique 16-bit AS number.
Interior Gateway Protocol (IGP)
Routers within an AS run Interior Gateway Protocols (IGPs). Examples of IGPs include Open
Shortest Path First (OSPF), Routing Information Protocol (RIP), and static routes. Within an AS,

- Page 179 -
BGP4 Overview
it is possible to run multiple IGPs. IGPs automatically find the best path to all destinations in an
organization's internetwork.
The best path is determined by a metric like interface cost (OSPF) or hop count (RIP). An IGP
reacts to a change in the topology by trying to find a new best path automatically.
Exterior Gateway Protocol (EGP)
Exterior Gateway Protocols (EGPs) are used to route traffic between Autonomous Systems.
Examples of EGPs include the Exterior Gateway Protocol (EGP), and Border Gateway Protocol
4 (BGP4).
EGPs are concerned only with network reachability, whereas IGPs are concerned with hop
counts or metrics. Because autonomous systems use different IGPs with different metrics, it
would be very difficult, if not impossible, to properly interpret or correlate these metrics between
autonomous systems.

- Page 180 -
BGP4 Overview
New Internet topology
Internet topology
Today’s Internet consists of major backbones, mid-level or regional networks, campus networks,
and corporate networks that are interconnected in many ways. Backbones and mid-level
networks or Internet service providers (ISPs) can consist of one or several autonomous
systems. A corporate or campus network (subscribers) can be an independent AS, or can be
part of its ISP’s AS.
Unlike the early Internet topology (2-tiered tree), the modern Internet is an arbitrary collection
of interconnected autonomous systems. Routing protocols used in this environment must be
able to prevent routing loops, advertise tens of thousands of destinations, and give the AS
administrator considerable flexibility in determining routing policy.
Border Gateway Protocol (BGP) supplies these solutions. The following figure illustrates the
Internet topology that uses BGP to connect Autonomous Systems.
Internet topology

- Page 181 -
BGP4 Overview
BGP4
BGP4
BGP requirements depend on the ISP connection type and the addressing strategy.
BGP has two primary functions, which both enforce AS-level policy decisions:
• Exchange network reachability information between Autonomous Systems

• Provide loop-free interdomain routing between different Autonomous Systems
BGP4 has no concept of address classes. Each network listed in the network layer reachability
information (NLRI) portion of an update message contains a prefix length field, which
describes the length of the mask associated with the network. The prefix length field allows for
both supernet and subnet advertisement. The supernet advertisement is what makes Classless
Interdomain Routing (CIDR) possible.
There is also BGP4 support for BGP confederations and Transmission Control Protocol (TCP)
Message Digest 5 (MD5) message authentication.
BGP4 uses a reliable transport mechanism (TCP/179) and supports CIDR, which aggregates IP
routes and AS paths.
Autonomous systems
Local Area Networks (LANs) and Wide Area Networks (WANs) interconnected by IP routers
form a group of networks called an internetwork. For administrative purposes, an internetwork is
divided into autonomous systems.
An autonomous system (AS) is a group of routers and hosts run by a single technical
administrator that has a single, clearly defined routing policy. Each autonomous system has a
unique AS number assigned by the appropriate Internet Registry entity.
Remember that BGP enforces AS-level policy decisions by exchanging network reachability
information between autonomous systems and by providing loop-free interdomain routing
between different autonomous systems.

- Page 182 -
BGP4 Overview
Gateways
Gateways
The routers at the edges (borders) of autonomous systems are called gateways. Gateways use
Exterior Gateway Protocols to exchange reachability information and to route packets between
routing domains.
BGP exchanges information between Autonomous Systems as well as between routers within
the same AS.
• Routers that are members of the same AS and that exchange BGP updates run
internal BGP (IBGP).
• Routers that are members of different Autonomous Systems and that exchange BGP
updates run external BGP (EBGP).
Example of Gateways

- Page 183 -
BGP4 Overview
AS Types
AS Types
The categories of AS are defined by their connectivity and the type of traffic they carry, as
follows:
• Stub AS - Only one entry/exit point to the AS. All traffic either comes from, or is
destined to, this AS. One BGP peer is configured.
• Transit AS - Multiple connections to other autonomous systems. Traffic in this AS
type might have originated in another AS and be destined for a third AS. This AS
type might also be a local origination or destination. Because a transit AS has
multiple interconnections, it can carry traffic belonging to other autonomous systems.
An ISP's AS is usually a transit AS. Many BGP peers are configured.
• Multihomed nontransit AS - This type of AS has multiple connections to other
autonomous systems but does not function as a transit AS. All traffic in this AS either
originated here or is destined for here. Again, multiple BGP peers are configured.
In the following diagram, autonomous systems 20, 30, 40, and 60 are stub autonomous
systems. Autonomous systems 100 and 200 are both transit autonomous systems. Autonomous
systems 10 and 50 are multihomed nontransit autonomous systems.
Each type of AS has specific configuration needs and concerns, such as which networks are
advertised from an AS or what networks are injected into the local routing domain. We are going
to focus our attention on the stub AS.
Examples of autonomous systems

- Page 184 -
BGP4 Overview
BGP4 Concepts and Terminology

Internal/External BGP routing
Internal routing
Avaya implements internal BGP (IBGP) intra-AS routing. With IBGP, each router within an AS
runs:
• An interior gateway protocol (IGP), such as interior gateway routing protocol (IGRP)
• Intermediate system-to-intermediate system (IS-IS)
• RIP
• OSPF
The IBGP information, along with the IGP route to the originating BGP border router,
determines the next hop to use for exchanging information with an external AS. Each router
uses IBGP exclusively to determine reachability to external autonomous systems.
External routing
When a router receives an IBGP update that is destined for an external AS, the update is
passed to IP for inclusion in the routing table only if a viable IGP route to the correct border
gateway is available.
Peers
The transport protocol used with BGP is Transmission Control Protocol (TCP). When any two
routers open a TCP connection to each other for the purpose of exchanging routing information,
they form peer, or neighbor, relationships.
In the next graphic, Routers A and D are BGP peers, as are Routers B and E; C and E; F and
G; and Routers D, E, and F.
Although Routers A and D are running EBGP, Routers D, E, and F within AS 40 are running
IBGP. The EBGP peers are directly connected, while the IBGP peers are not. As long as an
IGP is running that allows any two neighbors to logically communicate, the IBGP peers do not
require a direct connection.
BGP peers exchange complete routing information only after the peer connection is established.
Thereafter, BGP peers exchange routing updates. An update message consists of a network
number, a list of autonomous systems that the routing information passed through (the AS
path), and other path attributes that describe the route to a set of destination networks. When
multiple paths are available, BGP compares the path attributes to choose the preferred path.

- Page 185 -
BGP4 Overview
Peers
Confederations and route reflectors
Since all BGP speakers within an AS must be fully meshed logically, the IBGP mesh can grow
to large proportions and become difficult to manage. A way to reduce the number of peers
within an AS is to create confederations and route reflectors, discussed later in this unit.

- Page 186 -
BGP4 Overview
Peer-to-peer sessions
BGP routers employ an entity within the router, a BGP speaker, which transmits and receives
BGP messages and acts upon them. BGP speakers form a relationship and communicate with
other BGP speakers by establishing a peer-to-peer session.
All BGP speakers within an AS must be fully meshed.
BGP peers exchange complete routing information only after the peer connection is established.
Thereafter, BGP peers exchange routing updates. An update message consists of a network
number, a list of autonomous systems that the routing information passed through (the AS
path), and other path attributes that describe the route to a set of destination networks. When
multiple paths are available, BGP compares the path attributes to choose the preferred path.

- Page 187 -
BGP4 Overview
Transit AS
Transit AS
An AS with more than one BGP speaker can use IBGP to provide a transit service for networks
located outside the AS. An AS that provides this service is called a transit AS.
In the next graphic AS 40 is the transit AS. It provides information about its internal networks,
as well as transit networks, to the remaining Autonomous Systems. The IBGP connections
between routers D, E, and F provide consistent routing information to the Autonomous
Systems.
Transit AS

- Page 188 -
BGP4 Overview
Stub and Multihomed Autonomous Systems
Stub and Multihomed Autonomous Systems

An AS containing a single BGP speaker is a stub AS.
• A stub AS has a single BGP speaker that establishes a peer-to-peer session

with one external BGP speaker.
An AS containing multiple BGP speakers is considered a multihomed AS.
• A multihomed AS can include one or more BGP speakers that establish

peer-to-peer sessions with BGP speakers in other Autonomous Systems to
provide external route information for the networks within the AS.
Stub and Multi-homed Autonomous Systems
Interior BGP routing

Each router in the AS runs an IGP such as OSPF, and maintains an IBGP connection to each
BGP border router.
Interior Gateway Protocol (IGP)
• Does not carry information about BGP
• Uses IBGP exclusively to determine reachability to external networks
Internal BGP (IBGP) and transit AS

An AS with more than one BGP speaker can use IBGP to provide a transit service for networks
located outside the AS. An AS that provides this service is called a transit AS.

- Page 189 -
BGP4 Overview
CIDR and aggregate addresses
CIDR and aggregate addresses
Classless interdomain routing (CIDR) is an addressing scheme (also known as supernetting)

that eliminates the concept of classifying networks into class types.
Earlier addressing schemes identified five classes of networks:
• Class A
• Class B
• Class C
• Class D (used for multicast)
• Class E (reserved and currently not used)
Class D and Class E are not discussed in this lesson.
Example
Network 195.215.0.0, an illegal Class C network number, becomes a legal supernet when
it is represented in CIDR notation as 195.215.0.0/16. The /16 is called the prefix length and
becomes a way of expressing the explicit mask that CIDR requires. In this case, the addition of
the prefix /16 indicates that the subnet mask consists of 16 bits (counting from the left).
Note that with this method, supernet 195.215.0.0/16 represents 195.215.0.0 255.255.0.0.
CIDR also allows you to assign network prefixes of arbitrary lengths. This differs from the class
system, which assigns prefixes as even multiples of an octet. For example, you can assign
a single routing table entry of 195.215.16/21 to represent eight separate Class C network
numbers 195.215.16.0 through 195.215.23.0.

- Page 190 -
BGP4 Overview
Aggregate routes
Aggregate routes
Eliminating the idea of network classes provides an easy method to aggregate routes. Rather
than advertise a separate route for each destination network in a supernet, BGP uses a
supernet address to advertise a single route - an aggregate route - that represents all the
destinations.
CIDR also reduces the size of the routing tables used to store advertised IP routes.
The graphic below provides an example of route aggregation using CIDR. A single supernet
address 195.215.0.0/16 is used to advertise 256 separate Class C network numbers
195.215.0.0 through 195.215.255.0.
Route aggregation using CIDR

- Page 191 -
BGP4 Overview
Confederations
Confederations
You can reduce the high bandwidth and maintenance costs associated with a large full-mesh
topology by dividing large Autonomous Systems into multiple, smaller autonomous systems,
each one known as a “sub-AS.” These can be grouped into a “confederation,” which also
reduces the size and complexity of an IBGP mesh, and reduces the complexity of the
associated configuration management.
Other autonomous systems view the confederation as a single AS. The confederation ID is
used as the AS number.
A BGP router configured for IBGP establishes a peer-to-peer session with every other IBGP
speaker in the AS. For example, a full-mesh topology for an AS with 50 IBGP speakers requires
1225 internal peer-to-peer connections, grouped into a single “confederation.”
BGP confederations are available only with BGP-4.
Confederation functions
The confederation feature complies with RFC 1965 and provides the following functions:
• Lets you configure a confederation ID on the router

• Implements new AS_PATH segment types
• Lets you configure new AS_PATH variables, AS_CONFED_SET and
AS_CONFED_SEQUENCE, for specifying confederation parameters
• Implements correct AS_PATH setting and manipulation to neighboring Autonomous
Systems that are within and outside the confederation
Confederations

- Page 192 -
BGP4 Overview
IBGP route reflectors
IBGP route reflectors

Another way to reduce the interior border gateway protocol (IBGP) mesh that is inherent in an
AS with a large number of IBGP speakers is to configure a route reflector. An IBGP speaker
that needs to communicate with other BGP speakers in the AS establishes a single peer-to-peer
route reflector client session with the IBGP route reflector.
A BGP router configured for IBGP must establish a peer-to-peer session with every other IBGP
speaker in the AS.
For 50 IBGP speakers -> 1225 internal sessions (n(n-1)/2)
Full mesh topology -> memory and bandwidth utilization
A router can be configured as a Route Reflector (RR)
An IBGP speaker that needs to communicate with other BGP speakers in the AS establishes a
single peer-to-peer RR client session with the route reflector.
The following figure shows a simple IBGP configuration with three IBGP speakers (Routers
A, B, and C). Without route reflectors configured, when Router A receives an advertised route
from an external neighbor, it must advertise the route to Routers B and C. Routers B and C
do not readvertise the IBGP learned routes to other IBGP speakers, because BGP does not
allow routers to pass routes learned from internal neighbors on to other internal neighbors, thus
avoiding routing information loops.
Simple IBGP configuration

- Page 193 -
BGP4 Overview
TCP MD5 authentication
Equal Cost Multi Path (ECMP)
Equal Cost Multi Path (ECMP) allows a BGP speaker to perform route or traffic balancing within
an AS by using multiple, equal-cost routes submitted to the routing table by OSPF, RIP, or static
routes.
TCP MD5 authentication
Transmission Control Protocol (TCP) Message Digest 5 (MD5) authentication is the new TCP
option for carrying an MD5 digest in a TCP segment (signature for the segment).
• TCP MD5 authentication allows you to configure the authentication of BGP

messages by TCP MD5 signatures, in compliance with RFC 2385, “Protection of
BGP Sessions via the TCP MD5 Signature Option.”
• When BGP authentication is enabled, a BGP speaker can verify that the BGP
messages it receives from its peers are actually from a peer and not from a third
party masquerading as a peer.
• TCP MD5 authentication protects against the introduction of spoofed TCP segments
into a connection stream.

- Page 194 -
BGP4 Overview
Check Your Learning

Check Your Learning
An autonomous system (AS) is a group of routers and hosts run by a single technical
administrator that has:
_____ Transit services for networks outside the AS
_____ Consolidated routing information
_____ Multiple, flexible routing policies
_____ A single, clearly defined routing policy
Answer: , A single, clearly defined routing policy
BGP speakers form a relationship and communicate with other BGP speakers by
establishing:
_____ Multihomed AS
_____ A peer-to-peer session
_____ Confederations
_____ Interior BGP routing
Answer: , A peer-to-peer session

- Page 195 -
BGP4 Overview
To reduce high bandwidth and cost that can be associated with an AS with a large number of
IBGP speakers, you can configure:
_____ Confederations or route reflectors
_____ Transit and multihomed Autonomous Systems
_____ Peer-to-peer sessions
_____ Aggregate addresses
Answer: Confederations or route reflectors
When ______________ is enabled, a BGP speaker can verify that the BGP messages it
receives from its peers are actually from a peer, not a third party masquerading as a peer.
_____ IGP/IBGP synchronization
_____ BGP authentication
_____ Traffic balancing
_____ Local preference calculation
Answer: , BGP authentication

- Page 196 -
BGP4 Overview
CIDR allows you to assign network prefixes of:
_____ Even multiples of an octet
_____ 8 bits
_____ 16 bits
_____ Arbitrary lengths
Answer: , Arbitrary lengths
When you use a supernet address to advertise a single route, you are using:
_____ Confederations
_____ MD5 authentication
_____ An aggregate route
_____ Interior BGP routing
Answer: , An aggregate route

- Page 197 -
BGP4 Overview
Lesson summary
Lesson summary
• Describe BGP4 features

• Describe BGP4 concepts and terminology

- Page 198 -
BGP4 Overview

- Page 199 -
Configuring VRRP
Configuring VRRP
Introduction
Lesson introduction
Lesson introduction
The purpose of this lesson is to describe the benefits and operation of the Virtual Router
Redundancy Protocol (VRRP) including how VRRP works and what problems VRRP
solves. You will also learn how to configure VRRP on the Avaya Ethernet Routing Switch.
Lesson objectives
• Describe the benefits and operation of VRRP, and where it can be used in the network
• Explain the Init, Backup, and Master states of a VRRP router
• Interpret a VRRP advertisement packet
• Describe how to configure VRRP on a VLAN
Lesson duration

- Page 200 -
Configuring VRRP
Understanding Virtual Router Redundancy Protocol

What is VRRP?
What is VRRP?
VRRP is a standards-based method for maintaining network connection from a local area
network (LAN) when the router connecting it to the rest of the network fails. It automatically
detects the failure and reassigns the IP forwarding function to a standby router. VRRP operates
transparently to the end user and requires no special configuration on host devices.
How does VRRP work?
VRRP operation is defined in RFC 2338. It is designed to eliminate the single point of failure
that can occur when the statically configured default gateway router for an end station is lost.
It uses the concept of a virtual Internet Protocol (IP) address shared between two or more
routers connecting a subnet to the enterprise network. With the virtual IP address as the default
gateway on end hosts, VRRP provides dynamic default gateway redundancy in the event of a
failure.
The VRRP router controlling the IP address(es) associated with a virtual router is called the
Master. It forwards packets to these IP addresses. The election process provides a dynamic
fail-over of forwarding responsibility if the master becomes unavailable.
In Figure 2, the first three hosts install a default route to the virtual Router 1 IP address, and the
other three hosts install a default route to the virtual Router 2 IP address. This not only has the
effect of load sharing on the outgoing traffic, it also provides full redundancy. If either router's
interface fails, the other router assumes responsibility for both addresses. In effect, the two
routers act as backups for one another.
What problem does VRRP solve?
In most IP networks, end stations are statically configured with a single router address known
as a default gateway. This is where hosts send all traffic destined for subnets other than their
own. If the gateway goes down, all such traffic is dropped. Running a dynamic routing protocol
such as Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) is one potential
solution, but this requires extra administrative effort to set up and maintain on every end
station.
With VRRP, users can achieve redundancy while still relying on a single static gateway address
on each host.

- Page 201 -
Configuring VRRP
How VRRP works (Figure 1 of 2)

- Page 202 -
Configuring VRRP
How VRRP works - Part 2
How VRRP works (Figure 2 of 2)

- Page 203 -
Configuring VRRP
VRRP terms and definitions
VRRP Router
A router that is running VRRP. VRRP may participate in one or more virtual routers.
Virtual Router
An abstract object managed by VRRP that acts as a next hop or default router for hosts on a
shared LAN. Think of it as a "ghost router" consisting of a virtual router identifier and a set of
associated IP addresses across a common LAN. A VRRP router may back up one or more
virtual routers.
IP Address Owner
The VRRP "ghost router" has an IP address and is supported by two or more physical routers.
Consider the situation in which one of the physical routers has configured on one of its
interfaces the IP address of the virtual router. For example, the virtual router has an IP address
of 192.168.1.1, and one of the physical routers (call it "Router A") has 192.168.1.1 configured
on a physical interface. In this case Router A is said to be the "owner" of the virtual router
address. Router A, when up, responds to packets addressed to 192.168.1.1 for simple network
management protocol (SNMP) packets, Transmission Control Protocol (TCP) connections, etc.
Primary IP Address
An IP address selected from the set of real interface addresses. One possible selection
algorithm is to always select the first address. VRRP advertisements are always sent using the
primary IP address as the source of the IP packet.
Virtual Router Master
The VRRP router that assumes the responsibility of forwarding packets sent to the IP
address(es) associated with the virtual router, and answering Address Resolution Protocol
(ARP) requests for these IP addresses
Virtual Router Backup
A set of VRRP routers available to assume forwarding responsibility for a virtual router, should
the current Virtual Router Master fail

- Page 204 -
Configuring VRRP
VRRP

- Page 205 -
Configuring VRRP
VRRP parameters
Virtual Router Identifier
The virtual router identifier (VRID) is a configured item in the range 1-255 (decimal). There is no
default.
Priority
Priority value is used by the VRRP router in Master election for the virtual router. The Master will
be the one with the lowest numerical priority.
• Priorities of 0 and 255 are special cases and are not commonly assigned to VRRP
instances.
• The value of 255 is reserved for the router that owns the IP addresses
associated with the virtual router.
• The value of 0 (zero) is reserved for the Master router to indicate it is releasing
responsibility for the virtual router.
• The range 1-255 is available for VRRP routers backing up the virtual router.
• The default value is 100.
Skew_Time
Time interval between ADVERTISEMENTS (seconds). The default is 1 second.
Time to skew Master_Down_Interval in seconds. It is calculated as:

((256 - Priority) / 256)
Master_Down_Interval
Time interval for Backup to declare Master down (seconds). It is calculated as:
(3 * Advertisement_Interval) + Skew_time
Preempt_Mode
Controls whether a higher priority Backup router preempts a lower priority Master. The values
are True (to allow) and False (to not allow) control preemption unless the router owns the IP
address(es). The default is True.
Master_Down_Timer
A timer that activates when an ADVERTISEMENT has not been heard for the
Master_Down_Interval
Adver_Timer
A timer that activates to trigger the sending of an ADVERTISEMENT based on

Advertisement_Interval

- Page 206 -
Configuring VRRP
VRRP parameters

- Page 207 -
Configuring VRRP
The VRRP state machine

How VRRP works
How VRRP works
VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to
one of the VRRP routers on a LAN. The VRRP router controlling the IP address(es) associated
with a virtual router is called the Master, and forwards packets sent to these IP addresses. The
election process provides dynamic fail-over in the forwarding responsibility should the Master
become unavailable. Any of the virtual router's IP addresses on a LAN can then be used as the
default first-hop router by end hosts.
INIT state
The purpose of this state is to wait for a Startup event.
If a Startup event is received, then:
• If the Priority = 255 (the router owns the IP address(es) associated with the virtual
router):
• Send an ADVERTISEMENT.
• Broadcast a gratuitous ARP request containing the virtual router Media Access
Control (MAC) address for each IP address associated with the virtual router.
• Set the Adver_Timer to Advertisement_Interval (Default = 1 sec.).
• Transition to the MASTER state.
Else:
• Set the Master_Down_Timer to Master_Down_Interval.

• Transition to the BACKUP state.
The next three slides show transitions from a single state. The entire
state diagram can be constructed of all of these parts.
Student
Notes
INIT state

- Page 208 -
Configuring VRRP
VRRP Backup state
VRRP backup state
The purpose of the Backup state is to monitor the availability and state of the Master router.
While in this state, a VRRP router:
• MUST NOT respond to ARP requests for the IP address(s) associated with the virtual
router
• MUST discard packets with a destination link layer MAC address equal to the virtual
router MAC address
• MUST NOT accept packets addressed to the IP address(es) associated with the
virtual router
If a Shutdown event is received, then:
• Cancel the Master_Down_Timer

• Transition to the Initialize state
If the Master_Down_Timer activates, then:
• Send an ADVERTISEMENT
• Broadcast a gratuitous ARP request containing the virtual router MAC address for
each IP address associated with the virtual router
• Set the Adver_Timer to Advertisement_Interval
• Transition to the MASTER state
If an ADVERTISEMENT is received, then:
• If the Priority in the ADVERTISEMENT is Zero, then:
• Set the Master_Down_Timer to Skew_Time

Else:
• If Preempt_Mode is False, or If the Priority in the ADVERTISEMENT is greater than
or equal to the local Priority, then:
• Reset the Master_Down_Timer to Master_Down_Interval

Else:
• Discard the ADVERTISEMENT
While in the backup state the router basically is in a wait state. It waits and listens for
advertisements from the master router. If, however, it stops receiving those advertisements,
then the router transitions into the Advertise state. At this time the router either becomes the
Master, or is pre-empted by a router with a higher priority.

- Page 209 -
Configuring VRRP
VRRP Backup state

- Page 210 -
Configuring VRRP
VRRP Master state
VRRP Master State
While in the Master state, the router functions as the forwarding router for the IP address(es)
associated with the virtual router. While in this state, a VRRP router:
• MUST respond to ARP requests for the IP address(es) associated with the virtual
router
• MUST forward packets with a destination link layer MAC address equal to the virtual
router MAC address
• MUST NOT accept packets addressed to the IP address(es) associated with the
virtual router if it is not the IP address owner
• MUST accept packets addressed to the IP address(es) associated with the virtual
router if it is the IP address owner
If a Shutdown event is received, then:
• Cancel the Adver_Timer

• Send an ADVERTISEMENT with priority = 0
• Transition to the INITIALIZE state
If the Adver_Timer activates, then:
• Reset the Adver_Timer to Advertisement_Interval
If an ADVERTISEMENT is received, then:
• If the Priority in the ADVERTISEMENT is Zero, then:
• Reset the Adver_Timer to Advertisement_Interval
Else:
• If the Priority in the ADVERTISEMENT is greater than the local Priority, or if the
Priority in the ADVERTISEMENT is equal to the local Priority and the primary IP
Address of the sender is greater than the local primary IP Address, then:
• Cancel Adver_Timer
• Set Master_Down_Timer to Master_Down_Interval
• Transition to the {Backup} state
Else:
• Discard ADVERTISEMENT

- Page 211 -
Configuring VRRP
VRRP Master state

- Page 212 -
Configuring VRRP
VRRP advertisement
Advertisement packet construction
Advertisement packet construction
VRRP advertisements are built in an IP data frame. The next graphic illustrates the construction
of a VRRP advertisement. The following details the values required for the fields in the IP
header and the VRRP advertisement.
Datalink Header
• Virtual Router MAC Address - The virtual router interface MAC address is
00-00-5E-00-01-<VRID>.
IP header
• Source Address - The primary IP address of the interface the packet is being sent
from
• Destination Address - The IP multicast address as assigned by the Internet Assigned
Numbers Authority (IANA) for VRRP is: 224.0.0.18.
• TTL - The TTL MUST be set to 255.
• Protocol - The IP protocol number assigned by the IANA for VRRP is 112 (decimal).
VRRP field descriptions
• Version - VRRP protocol version of this packet; the current version is 2.

• Type - The type field specifies the type of this VRRP packet. The only packet type
defined in this version of the protocol is 1, ADVERTISEMENT.
• Virtual Router ID (VRID) - The VRID field identifies the virtual router that this packet
is reporting status for.

- Page 213 -
Configuring VRRP
VRRP advertisement

- Page 214 -
Configuring VRRP
Additional fields
Priority
The priority field specifies the sending VRRP router's priority for the virtual router. Higher
values equal higher priority. The priority value for the VRRP router that owns the IP address(es)
associated with the virtual router MUST be 255 (decimal). VRRP routers backing up a virtual
router MUST use priority values between 1-255 (decimal). The default priority value for VRRP
routers backing up a virtual router is 100 (decimal).
The priority value zero (0) has special meaning, indicating that the current Master has stopped
participating in VRRP. This is used to trigger Backup routers to quickly transition to the Master
state without having to wait for the current Master to timeout.
Count IP Addrs
This is the number of IP addresses contained in this VRRP advertisement.
Authentication Type
The authentication type field identifies the authentication method being utilized. Authentication
type is unique on a per interface basis. The authentication methods currently defined are:
0 - No Authentication
1 - Simple Text Password
2 - IP Authentication Header
Advertisement Interval (Adver_Int)
This field displays the time interval between VRRP advertisements.
Checksum
The checksum field is used to detect data corruption in the VRRP message.
IP Address
This field displays one or more IP addresses that are associated with the virtual router. The
number of addresses included is specified in the "Count IP Addrs" field. These fields are used
for troubleshooting misconfigured routers.
Authentication Data
The authentication string is currently only used for simple text authentication, up to eight
characters of plain text.

- Page 215 -
Configuring VRRP
VRRP Advertisement example

- Page 216 -
Configuring VRRP
VRRP critical interface
Current VRRP support
The Avaya Ethernet Routing Switch product line supports up to 255 VRRP interfaces per switch.
Preempt Mode
The current release of code forces the preempt mode to True, which causes any VRRP
interface to become the master if its priority is greater than that of the current master.
Critical IP Interface
VRRP support on the Ethernet Routing Switch includes a configuration parameter called Critical
IP Interface. In the diagram on the facing page, hosts using gateway 2 to get off the local subnet
would have to be re-directed through gateway 1 in the event that interface 3 went down. To
save the LAN segment from all this unnecessary traffic you can set interface 3 as a Critical IP
Interface. Then, if interface 3 goes down, the switch immediately transitions to the backup state
and enables gateway 1 to become the Master. When the interface becomes active again, the
switch resumes the Master status for its VRRP address.
Management of the Ethernet Routing Switch with VRRP
As stated in the RFC, a VRRP interface MUST NOT accept packets addressed to the IP
address(es) associated with the virtual router if it is not the IP address owner (priority = 255).
This can cause management problems if the address used by the management station is the
VRRP interface IP address. For example, gateway 2 is down, but a user is using its real IP
address for the VRRP address. The user can ping 192.168.10.2, but any SNMP frames for that
address will be dropped by gateway 1, which is now the Master.
A solution to this problem might be to manage the Ethernet Routing Switch with the "real" IP
interface address and use the VRRP interfaces as the default gateway for the IP nodes. To do
this, you would create two VRRP IP interfaces, neither of which would be the "real" IP address
of the interface.

- Page 217 -
Configuring VRRP
Critical IP Interface
Care must be taken when using VRRP because the MAC used by the
VRRP interface is different from the "real" MAC. If a node has the "real"
Student MAC in its ARP cache, the node may not relearn the new MAC of the
Notes VRRP interface.

- Page 218 -
Configuring VRRP
VRRP example 1
VRRP example 1
With the growing corporation come new problems. The setup shown in the figure below (minus
the second switch, 101) seems logical enough, and is adequate for many network designs.
The problems start to arise when there are mission-critical applications that must get through
at any cost. What if Building A houses mail order sales reps who need constant access to
databases? How about Building B, where Marketing needs 100% uptime to the Internet to
compare competitive products? If you look at this network diagram in that respect, Company A
should probably think about redundancy. If you add another ERS 8600 in the Network Center
building at the core's edge, it would seem to solve the problem.
However, it is not really a good solution. If you look at the routing table for each switch in
Buildings A, B, C, and D you see a next hop of either ERS 100 or 101. If one of these switches
should fail, then there would be a black hole period until the routes have aged out, thus allowing
the change in the next hop. If the company has mission-critical applications, they cannot wait -N
minutes for this to happen.

- Page 219 -
Configuring VRRP
VRRP example 2
VRRP example 2
Now focus on Building A. If you use VRRP to the Network Center switches, you can have
redundant links to the core without the drawback of fail-over time. By setting up a VLAN to span
both switches, you can set a static route to the core via 192.100.1.10. Now, if switch X goes
down, switch Y becomes the Master in 3 seconds (the default), minimizing the black hole time.

- Page 220 -
Configuring VRRP
VRRP Example 3
VRRP Example 3
You can take this one step further by configuring VRRP on the other side to accomplish the
same thing for traffic coming back from the core. However, by changing the priorities to steer
the next hop to switch Y, you now have actually load-balanced traffic through the Network
Center. Inbound traffic to the campus will cross switch Y, while outbound traffic will cross switch
X. Now you get the best of both worlds. You have a traffic load balance along with redundant
fail-over paths. The last step of this solution would be to use isolated router ports in the Network
center switch, for the critical IP interface option.

- Page 221 -
Configuring VRRP
Configuring VRRP on a VLAN

Configuring VRRP
Configuring VRRP with Run-Time CLI
The Run-time CLI provides VRRP configuration for router interfaces into port or IP policy-based
VLANs as well as isolated router ports. These commands can be accessed from the
config/ethernet/<port>/ip context or the config/vlan/<vid>/ip context.
Configuring VRRP with JDM
You can also configuring VRRP with the Java Device Manager (JDM).
Brouter Ports
1. Open the Edit Port window.

2. Select the VRRP tab.
3. Click the Insert button to create a VRRP interface.
Routed VLANs
Open the Edit VLANs window.
4. Select the VLAN to configure and click the IP button.

5. Select the VRRP tab.
6. Click the Insert button to create a VRRP interface.
When a VRRP interface is configured, the IP address assigned must be in the same
subnet as the “real”router interface. This implies that a single “real” interface can only
provide VRRP services for those routers on the same subnet.
Note
VRRP Fast Hello Timers
The VRRP Fast Hello Timers are an Avaya proprietary feature that provides:
• Fast VRRP polling timer range from 200 ms to 1000 ms

• Sub-second fail-over times

- Page 222 -
Configuring VRRP

- Page 223 -
Configuring VRRP
VRRP global configuration
VRRP global configuration
You can view the VRRP configuration and operation using the JDM VRRP global configuration
window.

- Page 224 -
Configuring VRRP
Check your learning

Check your learning
The primary benefit of VRRP is:
_____ End stations are statically configured with a single router address known as a
default gateway.
_____ Detailed administrative effort is used to set up and maintain on every end
station.
_____ VRRP maintains network connection from a LAN, unless the router
connecting it to the rest of the network fails.
_____ Users can achieve redundancy while still relying on a single static gateway
address on each host.
Answer: , Users can achieve redundancy while still relying on a single static gateway address on each host.
The VRRP router controlling the IP addresses associated with a virtual router is called the:
_____ Virtual router
_____ Primary address
_____ Master
_____ Backup
Answer: , Master

- Page 225 -
Configuring VRRP
What is an IP address owner?
_____ A VRRP router that has the virtual router's IP address as a real interface
address
_____ The VRRP router that is assuming the responsibility of forwarding packets and
answering ARP requests to that IP address
_____ An IP address that is forwarding on behalf of the Master router
_____ An address selected from the same subnet as one of the interfaces
Answer: A VRRP router that has the virtual router's IP address as a real interface address
To use VRRP to provide router redundancy when routing to a non-VRRP interface, which
parameter would you use?
_____ VRRP priority
_____ VRRP critical_ip
_____ VRRP enable
_____ VRRP advert_int
Answer: , VRRP critical_ip

- Page 226 -
Configuring VRRP
The set of routers available to assume forwarding responsibility for a virtual router, should the
current Virtual Router Master fail, is called the:
_____ Virtual Router
_____ Primary Address
_____ Virtual Router Master
_____ Virtual Router Backup
Answer: , Virtual Router Backup

- Page 227 -
Configuring VRRP
Lesson summary
Lesson summary
• Describe the benefits and operation of VRRP, and where it can be used in the network
• Explain the Init, Backup, and Master states of a VRRP router
• Interpret a VRRP advertisement packet
• Describe how to configure VRRP on a VLAN

- Page 228 -
Configuring VRRP

Copyright © 2010 Avaya Inc. All Rights Reserved.
Avaya and the Avaya Logo are trademarks of Avaya Inc. and may be registered in certain
jurisdictions. All trademarks identified by ®, TM or SM are registered marks,trademarks,
and service marks,respectively, of Avaya Inc. All other trademarks are the property of their
respective owners.

6702C SG Part1 Version1 - 1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

6702C SG Part1 Version1 - 1

Uploaded by

Copyright:

Available Formats

6702C IP Routing

Course number: 6702C

Part Number: ENT-6702C-001P1.01.10

6702 IP Routing © 2010. All Rights reserved

© 2010. All Rights reserved 6702 IP Routing

In this course, you will learn how to:

• Describe how IP routing is implemented on an Avaya Ethernet Routing Switch

For this course, you will require the following materials:

6702 IP Routing © 2010. All Rights reserved

IP Routing Overview 1 hour

Layer 2 Network Lab Activity 2 hours 30 minutes

IP Forwarding and Static Routes 1 hour

RIP Network Lab Activity 1 hour 30 minutes

Configuring Routing Information Protocol 1 hour 30 minutes

IP route policies and ECMP Lab Activity 1 hour 30 minutes

Configuring OSPF 1 hour 30 minutes

OSPF Networks Lab Activity 2 hours

Advanced OSPF Features 1 hour 30 minutes

OSPF and RIP Network Lab Activity 1 hour 30 minutes

BGP4 Overview 1 hour

BGP Network Lab Activity 1 hour 30 minutes

Configuring VRRP 1 hour

IPv6 Overview 1 hour

Total Course Duration 4 Days

Prerequisite Skills and Training

© 2010. All Rights reserved 6702 IP Routing

6702 IP Routing © 2010. All Rights reserved

© 2010. All Rights reserved 6702 IP Routing

In this lesson, you will learn how to:

• Explain the difference between Layer 2 bridging and Layer 3 routing

The duration of this lesson is 1 hour, 30 minutes.

This lesson should be followed by lab activity "Layer 2 network" which

6702 IP Routing © 2010. All Rights reserved

The function of routing

Creating the enterprise internetwork

IP and other L3 protocols

© 2010. All Rights reserved 6702 IP Routing

Layer 2 networks compared to Layer 3 internetworks

Layer 2 networks compared to Layer 3 internetworks

• Routing protocols advertise networks

6702 IP Routing © 2010. All Rights reserved

Why route instead of bridge?

Why route instead of bridge?

Advantages of routing over bridging

Routing has a number of advantages over bridging, such as:

• Broadcast limiting - Broadcasts are limited to the originating VLAN.

Disadvantages of routing compared to bridging

However, there are also some disadvantages:

• Complexity - Routers require software protocols in order to learn network addresses

© 2010. All Rights reserved 6702 IP Routing

Connecting broadcast domains

Connecting broadcast domains

This is just a general example of using routers to connect and extend

6702 IP Routing © 2010. All Rights reserved

How an IP packet is forwarded through the network

Network layer addresses

Typical network address format

Typical network address format

© 2010. All Rights reserved 6702 IP Routing

Address resolution and ARP

Address resolution and ARP

Address resolution and ARP

6702 IP Routing © 2010. All Rights reserved