Professional Documents
Culture Documents
1403 CCIE Routing
1403 CCIE Routing
Table of Contents
Cisco Device Operation .................................................................................................................................................. 7
Commands..................................................................................................................................................................... 7
Infrastructure.................................................................................................................................................................. 7
Configuration Register................................................................................................................................................ 7
Configuration Register................................................................................................................................................ 8
Software Configuration Bit Meanings......................................................................................................................... 8
Bunch of Bits (some of the more interesting Configuration Register Bits, and what they do) .................................. 9
More Bits .................................................................................................................................................................. 10
Seeing and Changing Configuration Register Settings............................................................................................ 11
Boot Command ........................................................................................................................................................ 11
My simplistic description of the boot sequence........................................................................................................ 11
Operations.................................................................................................................................................................... 11
Password recovery................................................................................................................................................... 11
Copying and Backing up Configuration Files ........................................................................................................... 11
Configuring a new router .......................................................................................................................................... 12
Security & Passwords .............................................................................................................................................. 12
General Networking Theory.......................................................................................................................................... 13
OSI Models .................................................................................................................................................................. 13
MAC Addressing ...................................................................................................................................................... 13
General Routing Concepts........................................................................................................................................... 14
Standards..................................................................................................................................................................... 15
Ethernet Cable Specifications .................................................................................................................................. 15
Protocol Mechanics...................................................................................................................................................... 16
Transmission Control Protocol (TCP) ...................................................................................................................... 16
Fragmentation & MTU .............................................................................................................................................. 17
Bridging and LAN Switching ........................................................................................................................................ 17
Transparent Bridging (TB) ........................................................................................................................................... 17
Translational Bridging............................................................................................................................................... 18
Integrated Routing and Bridging (IRB) ..................................................................................................................... 18
Bridge ACL & Filtering.............................................................................................................................................. 18
Multiple-Instance Spanning Tree Protocol (MISTP)................................................................................................. 19
Source-Route Bridging (SRB)...................................................................................................................................... 19
Data Link Switching (DLSw) and DLSw+ ................................................................................................................. 20
Source-Route Transparent Bridging (SRT) and Source-Route Translational Bridging (SR/TLB) .......................... 20
LAN Switching.............................................................................................................................................................. 21
Routing and Switching Written Qualification Exam (350-001)
Infrastructure
The infrastructure of a Cisco router includes the main board, memory, CPU, Flash and interfaces. You should
understand what each of these devices does, and how they interact. The most commonly misunderstood are:
RAM (Random Access Memory) – In all but a few low-end routers like 2500’s, the RAM holds the running version of
the IOS and the current running configuration. This is also where the routing tables, caches, and queues are stored.
Remember that when the router is powered-off, everything in RAM is lost.
ROM (Read-Only Memory) – Holds some basic router commands and usually a limited version of Cisco IOS
(Internetwork Operating System). It also houses the power-on diagnostics and the bootstrap program. The ROM is
read-only and cannot be changed.
NVRAM (Non-Volatile Random Access Memory) – This is where the router’s saved configuration file is stored. This
information will not be lost if the router is powered down.
Flash memory – Home for the router’s IOS image and microcode. Prior to installing any IOS, ensure that you have
enough flash to support the proposed image. Depending on the version and feature set of the IOS, the image can be
of various sizes. Newer versions with more powerful features will often require additional flash. Remember that files
deleted from flash can remain in place, marked for deletion, until the “squeeze” command is issued.
Routing and Switching Written Qualification Exam (350-001)
Configuration Register
Early Cisco routers had a set of hardware switches that controlled certain aspects of the router’s performance, such as
the boot sequence. This was phased out some time ago, but there is now a software equivalent, the sixteen-bit
Software Configuration Register, which is written into nonvolatile memory.
Common reasons for modifying the register include:
Recovering a lost password
Changing the router boot configuration to allow Flash or ROM boot
Loading an image into Flash memory
Enabling or disabling the console break key
Here are some of the common Configuration Register values:
0x2102 – The most common value, which establishes booting to flash and NVRAM
0x2142 – The value used most commonly to recover passwords
0x2100 – Boots using the bootstrap found in ROM
* Please note that a boot system global command in the router’s NVRAM configuration will override the
default net-boot filename.
Routing and Switching Written Qualification Exam (350-001)
0 0 1 0 0x2 cisco2-igs
0 0 1 1 0x3 cisco3-igs
0 1 0 0 0x4 cisco4-igs
0 1 0 1 0x5 cisco5-igs
0 1 1 0 0x6 cisco6-igs
0 1 1 1 0x7 cisco7-igs
1 0 0 0 0x8 cisco10-igs
1 0 0 1 0x9 cisco11-igs
1 0 1 0 0xa cisco12-igs
1 0 1 1 0xb cisco13-igs
1 1 0 0 0xc cisco14-igs
1 1 0 1 0xd cisco15-igs
1 1 1 0 0xe cisco16-igs
1 1 1 1 0xf cisco17-igs
It’s important to remember that the boot sequence, baring the involvement of “boot system” commands in the
configuration, is Flash, Network, ROM.
Routing and Switching Written Qualification Exam (350-001)
More Bits
Bit 4 enables "Fast Boot", which is only supported on a dual RSP chassis. This allows the "slave" RSP to reload
without going through an IOS load sequence; just reload the config file and go. The documentation says it will
accomplish a fast boot in approximately 30 sec.
Bit 6 determines whether the router should load its startup config from NVRAM (1) or not (0). This is the key bit
used for recovering a lost password. If it is turned on, the startup configuration (usually in NVRAM) is ignored.
This will allow you to log in without using a password and display the startup configuration passwords.
Bit 7 allows Cisco boot messages to be suppressed when IOS is licensed to another manufacturer.
Bit 8 controls the console Break key. Setting bit 8 on (the factory default) causes the processor to ignore the
console Break key. Clearing bit 8 causes the processor to interpret the break as a command, which forces the
system into the bootstrap monitor, halting normal operation. Remember that a break can be issued anytime
during the first 60 seconds of booting to go to ROM mode, regardless of the configuration settings.
Bit 10 controls the host portion of the IP broadcast address. Setting bit 10 causes the processor to use all zeros;
clearing bit 10 (the factory default) causes the processor to use all ones. Bits 10 and 14 interact to control the
network and subnet portions of the broadcast address. This table shows how these settings are configured.
Off On <zeros><zeros>
On On <net><zeros>
On Off <net><ones>
Bits 11 and 12 determine the baud rate of the console port. The default setting is 9600 (00). The most common
reason for changing the speed is to increase the speed at which you can transfer a new IOS version through the
console port connection. Here are the possible combinations of these two bits, and the speeds they represent:
0 0 9600
0 1 4800
1 0 1200
1 1 2400
Bit 13 determines the router’s response to a boot load failure. If the bit is turned on (1), it causes the server to
load IOS from ROM after five unsuccessful attempts to load a boot file from the network. If the bit is set to “0”
(factory default), the router will continue trying to load a boot file from the network indefinitely. The important
thing to remember is that if the bit is (0) and no IOS is found the router will hang. If the bit is (1), and no IOS is
found, the router will boot from ROM.
Routing and Switching Written Qualification Exam (350-001)
Bit 14 controls the network and subnet portions of the broadcast address and allows subnet or directed
broadcasts. It should be seen as being related to the function of bit 10.
Bit 15 in a hardware configuration register causes NVRAM configuration files to be ignored. This is not true of
virtual configuration registers.
Boot Command
You can alter the boot sequence by using the “boot” global configuration command. Here are several possible
configurations:
Boot from a specific Flash image (using the boot system flash filename command).
Boot from an undefined network server by sending broadcast TFTP requests (using the boot system filename
command).
Boot from a specific network server by sending a direct TFTP request to a specific IP address (using the boot
system filename address command).
Operations
Password recovery
For every family of Cisco routers and switches, there is a procedure for hacking out the password when it is lost. To
develop a basic understanding of how this is done you should review the procedures for several devices, including the
2600 and 3700 routers, and the Cat3550 switches. These are explained in detail on the Cisco website at
http://www.cisco.com/warp/public/474/index.shtml. If you have physical access to this equipment, I would recommend
following the procedures several times to get familiar with the process.
are 5 of these lines (zero through four). To configure a vty password, on all 5 lines, you would type:
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password cisco
MAC Addressing
Media Access Control (MAC) is the lower of the two sub-layers of the Data Link Layer defined in the OSI model, which
provides access to the shared media. MAC addresses are the standard, unique address that every networked device
must have; it is the true burned-in physical address of the Network Interface Card (NIC) in a host, server, router
interface or other device on a network. They are 6 bytes (48 bits) long and are controlled by the IEEE. They can be
broken down into two sub-fields:
The first three bytes (24 bits) are called the Organization Unique Identifier (OUI) field and are issued in series to
manufacturers.
Routing and Switching Written Qualification Exam (350-001)
The second part of the MAC address, the last three bytes (24 bits), is a unique identifier burned into the device
by the manufacturer from the series issued to it.
Standards
There are several organizations that have taken responsibility for developing and documenting network standards,
including:
The Institute of Electrical and Electronics Engineers (IEEE) – A professional organization that develops
communications and network standards. For example, details of all the 802.x protocols can be found on their
excellent website at www.ieee.org.
The Internet Engineering Task Force (IETF) – An international community of network designers, operators,
vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of
the Internet. You will find a list of the current and developing Requests for Comment (RFCs) on their website at
http://www.ietf.org/home.html
Protocol Mechanics
Transmission Control Protocol (TCP)
TCP is a connection-oriented Layer-4 (transport layer) protocol designed to provide reliable end-to-end transmission of
data in an IP environment. It groups bytes into sequenced segments, and then passes them to IP for delivery.
These sequenced bytes have forward acknowledgment numbers that indicate to the destination host what next byte it
should see. Bytes not acknowledged to the source host within a specified time period are retransmitted, which allows
devices to deal with lost, delayed, duplicate, or misread packets.
TCP hosts establish a connection-oriented session with one another through a "three-way handshake" mechanism,
which synchronizes both ends of a connection by allowing both sides to agree upon initial sequence numbers. Each
host first randomly chooses a sequence number to use in tracking bytes within the stream it is sending and receiving.
Then, the three-way handshake proceeds in the following manner:
1. The initiating host (Host-A) initiates a connection by sending a packet with the initial sequence number ("X")
and SYN bit (or flag) set to make a connection request of the destination host (Host-B).
2. Host-B receives the SYN bit, records the sequence number of "X", and replies by acknowledging the SYN
(with an ACK = X + 1).
3. Host-B includes its own initial sequence number ("Y"). As an example: An ACK of "20" means that Host-b has
received bytes 0 through 19, and expects byte 20 next. This technique is called forward acknowledgment.
4. Host-A then acknowledges all bytes Host-B sent, with a forward acknowledgment indicating the next byte Host
A expects to receive (ACK = Y + 1).
5. Data transfer can now begin.
There is an acknowledgment process associated with TCP. Here is a sample sequence to show how this works:
1. The sender (Host-A) has a sequence of ten bytes ready to send (numbered 1 to 10) to a recipient (Host-B)
who has a defined window size of five.
2. Host-A will place a window around the first five bytes and transmit them together, then wait for an
acknowledgment.
3. Host-B will respond with an "ACK = 6", indicating that it has received bytes 1 to 5, and is expecting byte 6 next.
4. Host-A then moves the sliding window five bytes to the right and transmits bytes 6 to 10.
5. Host-B will respond with an "ACK = 11", indicating that it is expecting sequenced byte 11 next. In this packet,
the receiver might indicate that its window size is 0 (because, for example, its internal buffers are full). Host-A
won't send any more bytes until Host-B sends a subsequent packet with a window size greater than 0.
TCP also has a mechanism called "slow start" that is designed to expand and contract the window size based on flow
control needs, starting with small window sizes and increasing over time as the link proves to be reliable. When TCP
sees that packets have been dropped (ACKS are not received for packets sent), it tries to determine the rate at which
it can send traffic through the network without dropping packets. Once data starts to flow again, it slowly begins the
process again. This may create oscillating window sizes if the main problem has not been resolved, so the window
size is slowly expanded after each successful ACK is received.
Routing and Switching Written Qualification Exam (350-001)
Routers can be configured to bridge, just as a switch or bridge can. To transparently bridge packets on an IOS router,
you would do:
Router(config)# bridge 1 protocol ieee
Router(config-if)# bridge group 1
One of the problems, inherent with this type of layer-2 technology, is loops. The Spanning Tree Protocol (STP), based
on the Spanning Tree Algorithm (STA), provides the bridge-to-bridge communication necessary to have the desired
redundancy, while not causing bridges to fail.
Bridge Protocol Data Units (BPDUs) are passed between the bridges at fixed intervals, usually every one to four
seconds. If a bridge fails, or a topology change occurs, the lack of BPDUs will be detected and the STA calculation will
be re-run. Since topology decisions are made locally as the BPDUs are exchanged between neighboring bridges,
there is no central control on the network topology. The tools for fine-tuning an STP domain include adjusting the
bridge priority, port priority and path cost parameters.
There are two major disadvantages to TB:
The forwarding tables must be cleared each time STP reconfigures, which can trigger a broadcast storm as the
tables are being reconstructed.
The volume of broadcasts can overwhelm low-speed serial interfaces when the network is flooded with unknown
frames.
Cisco supports Transparent Bridging over DDR (Dial-on-Demand Routing) and Frame Relay networks.
Translational Bridging
A translational bridge is a bridge that can forward frames between different types of network technologies. For
instance, a translational bridge would send frames between an Ethernet network and a Token-Ring network or
between a FDDI Network and an Ethernet Network.
OR
Router(config-if)# bridge-group {bridge-group} output-address-list {access-list number}
Or by Protocol type with this command:
Router(config)# access-list {number} {permit | deny} {type-code} {wild-mask}
Then, you would apply it to an interface with this command:
Router(config-if)# bridge-group {bridge-group} input-type-list {access-list number}
OR
Router(config-if)# bridge-group {bridge-group} output-type-list {access-list number}
Cisco’s source-route bridging implementation provides three types of explorer packets to collect RIF information:
Directed frame - A data frame that already contains the defined path across the network.
All-routes explorer packets (also known as all-rings explorer packets) - All route explorers go through the
whole network looking for Source-Route Bridges; all SRB’s they encounter forward the frame to every port,
except the one on which it was learned. This is how RIF’s are developed.
Spanning explorer packets (also known as single-route, or limited-route explorer packets) - Explorer
packets pass through a predetermined path constructed by a spanning tree algorithm in the bridges. A station
should receive only one single route explorer from the network. SR/TLB uses this to define an Ethernet domain
to the SRB domain.
I have created a document specifically about reading RIFs, which you can obtain free at www.laganiere.net.
Routing and Switching Written Qualification Exam (350-001)
What SR/TLB provides is the ability to create a single spanning-tree and perform source-route bridging between
translational bridged networks. That means that you have a Token Ring and an Ethernet network and are performing
bridging between them. As you know, there are many differences between how an Ethernet network and Token Ring
network functions. Some of these differences are: Bits of MAC addresses are reversed, MTU sizes are different, Token
Ring uses a RIF, different spanning-tree algorithms, etc.
LAN Switching
Layer-2 switches are sometimes called micro-segmentation devices because you can think of them as bridges with
dozens of ports, sometimes having as few as one host per collision domain. Because switches facilitated the move
away from shared media for end-devices, they had the affect of increasing available bandwidth without increasing
complexity. They have the following features:
Each port on a switch is a separate collision domain.
Each port can be assigned a VLAN (Virtual Local Area Network) membership, which creates controllable
broadcast domains.
While switch ports are more expensive than shared media, they are generally much cheaper than Router ports.
Set-based - The most common CLI is that which was brought into the Cisco family with the acquisition of
Crescendo Communications in 1993. It is found on the Catalyst 4000/5000/6000 series of switches, and is often
called XDI, CatOS, or the Set-based CLI. This is what you will find on most of the Core and Distribution layer
switches, and most new products use this CLI. XDI is based on the Unix csh or c-shell prompt, and the reason it
is commonly called the Set-based CLI is that “Set” is one of the three primary commands used. Most commands
start with one of the following keywords:
Set – Implements configuration changes
Show – Verifies and provides information on the configuration
Clear – Removes configuration elements
In a separate document intended for people studying for the Cisco Switching exam, I put together a list of which
models use what interface, and a sample configuration for each type. I think this document is also useful for CCIE
Written exam candidates who want to review the basics of switch configuration. This document can be found at
www.laganiere.net.
Trunking
Trunks transport the packets of multiple VLANs over a single network link using either IEEE 802.1Q or Cisco’s
proprietary Inter-Switch Link (ISL). IEEE has become common in Cisco networks because it gives you the flexibility to
include other vendor’s equipment, and because of the reduced overhead when compared to ISL, which is
encapsulated with a 26-byte header that transports VLAN IDs between switches and routers.
Note that not all Cisco switches support all encapsulation methods; for instance the Cat2948G and Cat4000 series
switches support only 802.1Q encapsulation. In order to determine whether a switch supports trunking, and what
trunking encapsulations are supported, look to the hardware documentation or use the "show port capabilities"
command.
Trunks are configured for a single Fast-Ethernet, Gigabit Ethernet, or Fast- or Gigabit EtherChannel bundle and
another network device, such as a router or second switch. Notice that I specifically excluded 10Mb Ethernet ports,
which cannot be used for trunking. For trunking to be enabled on EtherChannel bundles, the speed and duplex
settings must be configured the same on all links. For trunking to be auto-negotiated on Fast Ethernet and Gigabit
Ethernet ports, the ports must be in the same VTP domain.
To help understand how trunks negotiate, this chart tells where they will form, based on the settings of the ports:
Trunk Negotiation
Off No No No No No
STP Timers
Hello timer - How often the switch broadcasts Hello messages to other switches.
Forward delay timer - Amount of time a port will remain in the listening and learning states before going into the
forwarding state.
Maximum age timer – How long protocol information received on a port is stored by the switch.
Forwarding – Once the learning state is complete, the port will begin its normal function of gathering MAC
addresses and passing user data.
Disabled – Either there has been an equipment failure, a security issue or the port has been disabled by the
Network Administrator.
STP Enhancements:
There are three major enhancements available for Spanning Tree, as it is applied on Cisco devices:
PortFast - By default, all ports on a switch are assumed to have the potential to have bridges or switches
attached to them. Since each of these ports must be included in the STP calculations, they must go through the
four different states whenever the STP algorithm runs (when a change occurs to the network). Enabling
PortFast on the user access ports is basically a commitment between the Network Architect and the switch,
agreeing that the specific port does not have a switch or bridge connected, and therefore this port can be placed
directly into the Forwarding state; this allows the port to avoid being unavailable for 50 seconds while it cycles
through the different bridge states, simplifies the STP recalculation and reduces the time to convergence.
UplinkFast - Convergence time on STP is 50 seconds. Part of this is the need to determine alternative paths
when a link between switches is broken. This is unacceptable on networks where real-time or bandwidth-
intensive applications are deployed (basically any network). If the UplinkFast feature is enabled (it is not by
default) AND there is at least one alternative path whose port is in a blocking state AND the failure occurs on the
root port of the actual switch, not an indirect link; then UplinkFast will allow switchover to the alternative link
without recalculating STP, usually within 2 to 4 seconds. This allows STP to skip the listening and learning
states before unblocking the alternative port.
BackboneFast - BackboneFast is used at the Distribution and Core layers, where multiple switches connect
together, and is only useful where multiple paths to the root bridge are available. This is a Cisco proprietary
feature that speeds recovery when there is a failure with an active link in the STP. Usually when an indirect link
fails, the switch must wait until the maximum aging time (max-age) has expired, before looking for an alternative
link. This delays convergence in the event of a failure by 20 seconds (the max-age value). When BackboneFast
is enabled on all switches, and an inferior BPDU arrives at the root port - indicating an indirect link failure - the
switch rolls over to a blocked port that has been previously calculated.
The primary difference between UplinkFast and BackboneFast is that BackboneFast can detect indirect link failures,
and is used at the Distribution and Core layers, while UplinkFast is aware of only directly connected links, and is used
primarily on Access layer switches. If UplinkFast is turned on for the root switch, it will automatically disable it. Since
BackboneFast is an enhancement strictly for Core and Distribution layer devices, and these are all Set-based
switches, there is no command to enable it for IOS based switches.
The Cisco Press book “Cisco LAN Switching” by Clark and Hamilton is an excellent resource for leaning about
switching.
Routing and Switching Written Qualification Exam (350-001)
DISL
Dynamic Inter-Switch Link Protocol is only used when you have two Cisco devices, connected together by a Fast
Ethernet link. DISL will ease the configuration burden because only one end of the ISL link needs to be configured.
CGMP
You will find information on CGMP in the Multicast section of this Cramsession.
Security
VLAN Access-Lists (VACL)
A VACL is an access-list, on a switch, that can control traffic between switch ports. With a VACL you could filter traffic
between two hosts without that traffic ever going through a router.
VACL’s work like a route-map. You can filter either on MAC address or IP traffic. Assuming you are going to filter IP
traffic you would:
create an access-list that defines your traffic
create a vlan access-map that tells the switch what to do with that traffic (forward it or drop it)
apply it to the vlan (or list of vlans) that you want to filter your traffic in
Private VLANs
Private VLAN is a feature that is not available on all models of Cisco switches or routers. This feature allows for
devices on a switch to be isolated into their own Layer 2 networks while still having Layer 3 IP addresses on the same
subnets. This can be configured such that certain ports could be allowed to reach a default gateway, if desired.
There are three types of Private VLANs:
Community ports – can communicate within their community and with a promiscuous port.
Isolated ports – are completely isolated at Layer 2 from all other isolated ports (and all other ports on the switch).
Broadcasts from isolated ports are forwarded to all promiscuous ports.
Promiscuous ports – communicates with all other private vlan ports on the same switch
You cannot configure a Private VLAN using the numbers 1 or 1002-1005.
802.1X
The IEEE standard, 802.1X performs port-based authentication. What this means is that the switch can
actually request authentication of the user connected to the switch before providing connectivity to the network. Just
like a network access server (NAS) would do to a dial-up user, the switch requests the user’s credentials, relays those
to an authentication server, and verifies their validity before granting permission to access the network.
The device/user connected to the switch must use 802.1X client software for this authentication to work. This type of
client is included in the Windows XP operating system. Prior to successful authentication, the only traffic that can
communicate across the port on the switch is the Extensible Authentication Protocol (EAP) over LAN (or EAPOL). The
switch acts as an authentication proxy for the client as it is just passing the authentication credentials along to the
authentication server by encapsulating and unencapsulating the EAP packets. The switch uses the RADIUS protocol
to communicate with the authentication server by passing the EAP packets in RADIUS packets.
To configure the switch for this process to work, you must configure the following on the switch:
AAA
RADIUS
dot1x port-control auto (on each interface)
Routing and Switching Written Qualification Exam (350-001)
Remember that the default Subnet Mask is just that, a default; it can be adjusted as necessary (depending on the
routing protocol) by the network designer.
Subnetting
IP addresses are made up of two pieces of information, the network that the host can be found on, and the unique
address of the host. The network segment is on the left, the host portion on the right, but where the delineation occurs
depends on the definition of the subnet mask. The subnet mask provides the ability to have an extended network
Routing and Switching Written Qualification Exam (350-001)
prefix by taking bits from the host portion of the address, and adding them to the network prefix. For example, a
classful Class C network prefix consists of the first 24 bits of the IP address (three octets); but the network prefix can
be extended into the fourth octet to provide more granularity to the configuration.
It is also common to designate the subnet mask in the /bits ("slash bits") format. This is simply the number of bits
dedicated to the network part of the IP address. In the two examples above, the /bits designations would be /27 and
/21.
Subnetting Tricks
I have found the following chart to be helpful for quick subnet mask calculations. If you take a few seconds at the
beginning of the test session and write this out from memory on a piece of scratch paper, it can be a useful timesaver
during any exam that requires subnetting and binary conversion.
Line 1 Bits 1 2 3 4 5 6 7 8
Line 3 Subnet 128 192 224 240 248 252 254 255
Route Summarization
Route summarization condenses routing information by consolidating like routes, and collapsing multiple subnet routes
into a single network route. Where summarization is not applied, each router in a network must retain a route to every
subnet in the network. This means as the network grows, the routing table becomes larger and larger. Routers that
have had their routes summarized can reduce some sets of routes to a single advertisement, which reduces the load
on the router and simplifies the network design.
Some important reasons to take advantage of summarization:
The larger the routing table, the more memory is required because every entry takes up some of the available
memory.
The routing decision process may take longer to complete as the number of entries in the table are increased.
Routing and Switching Written Qualification Exam (350-001)
An added benefit of reducing the IP routing table size is that it requires less bandwidth and time to advertise the
network to remote locations, thereby increasing network performance.
Depending on the size of the network, the reduction in route propagation and routing information overhead can be
significant. Route summarization is of minor concern in production networks until their size gets considerable.
However, if summarization has not been taken into account during the initial design phase, it is very difficult to
implement later.
Some routing protocols, EIGRP for example, summarize automatically. Other routing protocols, such as OSPF, require
manual configuration to support route summarization.
Remember that when redistributing routes from a routing protocol that supports VLSM (such as EIGRP or OSPF) into
a routing protocol that does not (such as RIPv1 or IGRP) you might lose some routing information.
Some important requirements exist for summarization:
Multiple IP addresses must share the same high-order bits. Since the summarization takes place on the low-
order bits, the high-order bits must have commonality.
Routing tables and protocols must use classless addressing to make their routing decisions; in other words, they
are not restricted by the Class A, B and C designations to indicate the boundaries for networks.
Routing protocols must carry the prefix length (subnet mask) with the IP address.
DNS
Domain Name Service (DNS) resolves names to IP addresses. DNS uses TCP and UDP port 53. An example of DNS
would be someone entering a fully-qualified domain name (FQDN) like www.cisco.com into their web browser. That
device would then do a DNS lookup to a DNS server to resolve the name to an IP address.
ICMP
Internet Control Message Protocol (ICMP) works at Layer 3 (Network). ICMP
is used to communicate errors between hosts and routers. The most
commonly used form of the ICMP protocol is the ping application. Some
examples of common ICMP messages are echo, echo reply, destination
unreachable, redirect, and time exceeded.
NAT
Network Address Translation (NAT) converts network addresses. Usually,
NAT is used to convert from private (internal) IP addresses to public
(external) IP addresses. NAT can be used to reduce the need for Internet
addresses. There is some NAT terminology you should know:
Inside Local—This is the local IP address of the private host on your
network (i.e., your PC’s IP address).
Inside Global—This is the public, legal, registered IP address that the
outside network sees as the IP address of your local host.
Outside Local—This is the local IP address from the private network,
which your local host sees as the IP address of the remote host.
Outside Global—This is the public, legal, registered IP address of the
remote host (i.e., the IP address of the remote Web server that your
PC is connecting to).
There are also different types of NAT that you should be familiar with. They
are:
Static NAT – maps a single inside address to a single outside address.
Dynamic NAT – maps inside addresses to outside addresses, as
needed.
NAT Overload – maps a larger number of inside addresses to a
smaller number of outside addresses (the outside addresses are
overloaded as there is a smaller number of them than there are inside
addresses)
NAT Overlap – maps inside and outside addresses when they are
using conflicting IP addresses (overlapping networks).
Telnet
Telnet is used to remotely configure router, switches, or servers. Any system that runs a telnet server can be
connected to with telnet. Once connected, you can perform commands on that system or network device. Telnet uses
TCP port 23.
SNMP
Simple Network Management Protocol (SNMP) is used for network management. Network devices (like routers,
switches, servers, PCs, or even laser printers) can have SNMP agents. You would have a network management
application that uses SNMP to communicate with these network devices. With SNMP, you could gather statistics and
be alerted of utilization, for example. SNMP uses UDP port 161.
100-199 Extended IP
300-399 DECNet
600-699 AppleTalk
O’Reilly & Associates’ “Cisco IOS Access Lists” by Jeff Sedayao, and McGraw-Hill’s “Cisco Access Lists: Field
Guide” by Held and Hundley are excellent resources for this topic.
IP Routing
Routing Protocol Concepts
Routing protocols provide dynamic network information to the routers that are part of the domain, and represent one of
the most important areas for a Network Engineer to master.
Cisco's proprietary Enhanced Interior Gateway Routing Protocol (EIGRP) is the most common Hybridized routing
protocol (and the only one I’ve ever heard of). It was designed to combine the best aspects of distance-vector and
link-state routing protocols without incurring any of the performance limitations specific to either. Remember that one
of the major limitations to EIGRP is that it only runs on Cisco equipment.
Distribution Lists
Distribution lists are used to filter the contents of inbound or outbound distance vector routing protocol updates (RIP
and IGRP). Standard IP access lists are used to define a list against which the contents of the routing updates are
matched. Remember that the access list is applied to the contents of the update, not to the source or destination of
the routing update packets themselves.
The “distribute-list” command is entered at the global or router configuration levels, and there is an option to apply the
list to specific interfaces. For any given routing protocol, it is possible to define one interface-specific distribute-list per
interface, and one protocol-specific distribute-list for each process/autonomous-system pair.
Example:
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 2 permit 172.16.3.0 0.0.0.255
router rip
distribute-list 1 in ethernet 0
distribute-list 2 out
Routing Loops
Routing loops occur when the routing tables of some or all of the routers in a given domain route a packet back and
forth without ever reaching its final destination. Routing loops often occur during route redistribution, especially in
networks with multiple redistribution points.
There are several commonly used methods for preventing routing loops, including:
Holddowns – Routes are held for a specified period of time to prevent updates advertising networks that are
possibly down. The period of time varies between routing protocols, and is configurable. Holddown timers
should be set very carefully - if they are too short, they are ineffective; too long and convergence will be
delayed.
Triggered updates – Also known as flash updates, these are sent immediately when a router detects that a metric
has changed or a network is no longer available. This helps speed convergence. Instead of waiting for a
certain time interval to elapse to update the routing tables, the new information is sent as soon as it is learned.
Split horizon – If a router has received a route advertisement from another router, it will not re-advertise it back
out the interface from which it was learned.
Poison reverse – Once you learn of a route through an interface, advertise it as unreachable, back through that
same interface.
Routing and Switching Written Qualification Exam (350-001)
Administrative Distance
When a route is advertised by more than one routing protocol, the router must decide which protocol’s routes to use.
The predefined Administrative Distances of routing protocols allow the router to make that decision, more or less telling
the router the relative trustworthiness of the different protocols. Here is a list of the common ADs:
Directly Connected 0
Static 1
EBGP 20
EIGRP (Internal) 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
IBGP 200
Unknown 255
Area 0
This is the core area for OSPF. One of the basic rules of OSPF is that all areas must connect to area 0 (just as all
roads lead to Rome). If there is an area that is not contiguous with area “0”, your only option is to use a virtual-link.
This will provide a tunnel through another area in order to make it appear that the area is directly connected to area 0.
Area Border Routers (ABRs) are responsible for maintaining the routing information between areas. Internal routers
receive all routes from the ABR except for those routes that are contained within the internal area.
Traffic destined for networks outside of the AS must traverse Area 0 to an Autonomous System Border Router (ASBR).
The ASBR is responsible for handling the routing between OSPF and another AS using another routing protocol such
as EIGRP.
Router Types:
Internal Router (LSA Type 1 or 2) – Routers that have all their interfaces in the same area. They have identical
link-state databases and run single copies of the routing algorithm.
Area Border Router (LSA Type 3 or 4) – Routers that have interfaces attached to multiple areas. They
maintain separate link-state databases for each area. This may require the router to have more memory and
CPU power. These routers act as gateways for inter-area traffic. They must have at least one interface in the
backbone area, unless a virtual link is configured. These routers will often summarize routes from other areas
into the backbone area.
Autonomous System Boundary Router (LSA Type 5 or 7) – Routers that have at least one interface into an
external network, such as a non-OSPF network. These routers can redistribute non-OSPF network information
to and from an OSPF network. Redistribution into an NSSA area creates a special type of link-state
advertisement (LSA) known as type 7. This router will be running another routing protocol besides OSPF, such
as EIGRP, IGRP, RIP, IS-IS, etc.
Traffic Types:
Intra-area - Traffic passed between routers within a single area.
Inter-area - Traffic passed between routers in different areas.
External - Traffic passed between an OSPF router and a router in another autonomous system.
NMBA Networks
Designated Routers (DRs) and Backup Designated Routers (BDRs) are elected on Broadcast and Nonbroadcast Multi-
access networks such as Ethernet broadcast domains. You can control the selection of DRs through the use of the “IP
OSPF Priority” command; the highest priority wins, and a setting of “0” makes the router ineligible to become DR.
If a router joins the network with a priority somewhere between the existing DR and BDR, the network does not
recalculate until the DR fails, then the BDR becomes the DR, and the new router will become BDR.
Routing and Switching Written Qualification Exam (350-001)
LSA Types:
Router link entry - Type 1 LSA. Broadcasts only in a specific area. Contains all the default Link State
information. Generated by each router for each area to which it belongs. It describes the state of the router’s link
to the area. The link status and cost are two of the descriptors provided.
Network entry - Type 2 LSA. Multicast to all area routers in a multi-access network by the DR. They describe
the set of routers attached to a particular network and are flooded only within the area that contains the network.
Summary entry - Type 3 and 4 LSA’s. Type 3 LSA’s have route information for the internal networks and are
sent to the backbone routers. Type 4 LSA’s have information about the ASBRs. This information is broadcast by
the ABR, and it will reach all the backbone routers.
Autonomous system entry - This is a Type 5 or 7 LSA. It comes from the ASBR and has information relating to
the external networks. Type 7 LSA’s are only found in NSSA areas.
Routing Authentication
OSPF authentication is used to validate that the remote router that this router is about to exchange routes with is really
who it says it is. This is done with a shared password. Anyone with the shared password is allowed to exchange routes
on the network.
OSPF supports two types of authentication- plain text and MD5 encrypted. With MD5 encrypted authentication, the
password is encrypted as it goes across the network link.
The same authentication type must be used across an entire OSPF area.
Synchronization/Full Mesh
IBGP must either maintain a full mesh within an AS, or use route reflectors to simulate the mesh. This is necessary
because BGP doesn’t advertise to internal BGP (IBGP) peer routes that were learned via other IBGP peers.
BGP routing information must be in sync with the IGP before advertising transit routes to other ASs. This can be turned
off using the Cisco IOS command “no sync”; but this isn’t recommended unless all the routers in your BGP AS are
running BGP and are fully meshed, or the AS in question isn’t a transit AS. The careless use of the “no sync”
command could cause non-BGP routers within an autonomous system to receive traffic for destinations that they don’t
have a route for. With synchronization enabled, BGP waits until the IGP has propagated routing information across
the autonomous system before advertising transit routes to other ASs.
Next-Hop-Self Command
In a non-meshed environment where you know that a path exists from the current router to a specific address, the
BGP router command “neighbor {ip-address | peer-group-name} next-hop-self” can be used to disable next-hop
processing. This will cause the current router to advertise itself as the next hop for the specified neighbor, simplifying
the network. Other BGP neighbors will then forward packets for that destination to the current router. This would not be
useful in a fully meshed environment, since it will result in unnecessary extra hops where there may be a more direct
path.
Route Dampening
A network that has a router with flapping routes (routes that go up and down) can often cause problems, as the BGP
routers must continuously update their routing tables. Route dampening is used to control this route instability.
Dampening classifies routes as "well-behaved" or "ill-behaved" based on their past reliability and penalties are
assigned each time a route flaps. When a set penalty is reached, BGP suppresses the route until it is well behaved
and trusted again. There is no penalty limit at which a route is permanently barred from joining the domain. Route
dampening is not enabled by default.
The Cisco Press books “Internet Routing Architectures, 2nd edition” by Sam Halabi, “Routing TCP/IP, volume 2”
by Jeff Doyle and the “Cisco BGP-4 Command and Configuration Handbook” by William Parkhurst are excellent
resources for BGP.
Routing and Switching Written Qualification Exam (350-001)
Tables:
Neighbor table – The current configuration of all the router’s
immediately adjacent neighbors.
Topology table - This table is maintained by the protocol dependent
modules and is used by DUAL. It has all the destination networks
advertised by the other neighbor routers.
Routing table - EIGRP chooses the best routes to a destination
Routing and Switching Written Qualification Exam (350-001)
network from the topology table and places these routes in the routing table. The routing table contains:
How the route was discovered
Destination network address and the subnet mask
Metric Distance: This is the cost of the metric from the router
Next hop address
Route age
Outbound interface
Choosing routes:
DUAL selects primary and backup routes based on the composite metric and guarantees that the selected routes are
loop free. The primary routes are then moved to a routing table. The rest (up to 6) are stored in the topology table as
feasible successors.
EIGRP uses the same composite metric as IGRP to determine the best path*. The default criteria used are:
Bandwidth - The smallest bandwidth cost between source and destination
Delay - Cumulative interface delay along the path
Reliability - Worst reliability between source and destination based on keepalives
Load - Utilization on a link between source and destination based on bits per second on its worst link
MTU - The smallest Maximum Transmission Unit
* Only Bandwidth and Delay are used by default
** To help you remember, think of “Bob Doesn’t Really Like Me” for Bandwidth, Delay, Reliability, Load and
MTU.
The command to disable EIGRP’s default summarization of addresses at network boundaries is “no auto-summary”.
The Cisco Press book “EIGRP Network Design Solutions” by Ivan Pepelnjak is an excellent resource for learning
EIGRP.
Even though TCP/IP networks can use IS-IS, it is really an OSI CNLP protocol. For this reason IS-IS packets are
carried directly over Layer 2 using CLNP addressing, requiring a CLNP addressing structure in order to support the
flow of IS-IS traffic. Normally one CLNP-based address is assigned to reach router in the domain. This address,
configured in the router configuration section, is software based like a loopback interface, which means it will not go
down as long as the router is running.
There are three types of IS-IS routers:
Level-1 routers - Similar to totally stubby areas in OSPF. A Level-1 router can only communicate with other
Level-1 routers in its area and Level-1 / Level-2 routers in its area.
Level-2 routers - Similar to backbone routers in OSPF. Level-2 routers only communicate with other Level-2
routers.
Level-1 / Level-2 routers - Similar to OSPF ABRs. A Level-1 / Level-2 router can communicate with Level-1
routers within its area and other Level-2 routers.
There are only two network types for IS-IS, point-to-point and broadcast. There is no equivalent of the 'ip ospf network'
command in IS-IS; the network type is entirely dependent on the interface type:
Route-Maps
A great method to filter & modify routing updates is to use a route-map. Route-maps are use match and set commands
to match what you are looking for and set some action to occur. An example of a route-map modifying routing updates
would be a certain IP route coming into BGP and that route having its metric modified.
Routing and Switching Written Qualification Exam (350-001)
Policy Routing
Besides modifying routing updates, route-maps can also be used with policy-based routing (known as PBR). PBR is a
sort-of manual routing method whereby you would match the destination of an IP packet and manually set its
destination. Thus, you are manually routing the packet, even when there is no route in the routing table.
Redistribution
The process of sharing routes learned from different sources (usually routing protocols). For instance, you might
redistribute the routes learned through OSPF to a RIP domain, in which case you might have problems with VLSM; or
you might redistribute routes learned through static entries into EIGRP. Redistribution is just the sharing of information
learned from different sources, and it must be manually configured.
Route-Tagging
You use route-maps to assign a tag to the route to identify it. With this tag, you can set some action, based on the tag.
For example, say that you use a route-map to tag all inbound routes from a certain router with the tag 30. Say that
later, you redistribute routes into another routing protocol. You could, then, match that tag of 30 and only redistribute
the routes with the 30 tag.
Dial Backup
There are a number of ways to perform dial backup however, the two most common ways are:
Backup Interface
Dialer-Watch
With the backup interface method, you select an interface to monitor. On that interface, you use the backup interface
{interface} command to tell the router that if the monitored interface goes down, to initiate connection on the backup
interface. While the primary interface is up, the backup interface is placed in a standby mode.
Routing and Switching Written Qualification Exam (350-001)
With the dialer-watch method, a route is selected to be watched. If that route disappears from the routing table, the
backup interface is brought up. To configure dialer-watch, you must first make a dialer-watch list. This list tells the
router the route that you wish to monitor in the routing table. Next, on the backup interface, use the dialer-watch
command to reference the list. When the route disappears from the routing table, the interface with the dialer-watch
statement is activated.
The important thing is that, prior to activating either of these methods, you completely configure and test the DDR
dialup configuration. If the dialup is not properly configured, the dial backup will certainly not function.
QoS
Fancy Queuing
Fancy queuing is Cisco’s collective term for custom, priority, or weighted fair queuing. Often if you call the TAC
(Technical Assistance Center) for help on a problem, they will ask you to remove all the fancy queuing as a way to
make sure nothing critical is being blocked.
Priority Queuing
Priority queuing uses four levels of queues, defined as; high, medium, normal, and low. The administrator defines
what traffic belongs in which queue. The decisions are usually made based on the protocol type or the source
interface; however, any protocols supported by Cisco are allowed, and the command line arguments include TCP and
UDP port designations.
The major thing to remember with priority queuing is that the “high” queue is serviced first; the “medium” queue will be
ignored until the its superior is finished. The same goes for the “normal” queue, it won’t see any bandwidth until both
the “high” and “medium” queues are empty, and so on.
Like access lists, the router reads the priority-list commands in order of appearance. When trying to classify a packet,
the system searches the rule list for a matching criterion. When a match is made, the packet is assigned to the
appropriate queue, and the search ends. Packets that do not match any of the rules are assigned to the default queue.
The default queue is “normal” by default, but it can be changed.
Custom Queuing
The primary advantage custom has over priority queuing is that it will never completely ignore any one queue. You can
define up to 16 queues, and while some pass more data than others, because they are addressed in a round-robin
fashion, none are ever completely ignored.
Associated with each output queue is a configurable byte count, which specifies how much data should be delivered
from the one queue before the system moves on to the next. When a particular queue is being processed, packets are
sent until the number of bytes sent exceeds the queue byte count for that queue, until the queue is empty, or until the
queue runs out of data. Once the appropriate number of bytes has been transmitted, the router moves on to the next
queue. If the byte count has been reached and a packet has not been completely sent, it will continue to be sent; the
packet will not be fragmented.
Like access lists, the router reads the queue-list commands in order of appearance. When trying to classify a packet,
the system searches the queue-list rules for a matching protocol or interface type. When a match is found, the packet
is assigned to the appropriate queue. Since the list is searched in the order it is specified, the first matching rule
terminates the search.
By default, each queue is allocated 1,500 bytes, although the queue size is configurable. In this way, it is possible to
allocate a percentage of the bandwidth to a specific protocol.
Configuring NBAR
Cisco Express Forwarding (CEF) must be enabled before NBAR can be configured. NBAR is configured by using the
following commands to configure traffic classes of policies that will be applied to those traffic classes, and the attaching
of policies to interfaces:
Class-map - Defines one or more traffic classes by specifying the criteria by which traffic is classified.
Policy-map - Define one or more QoS policies (such as shaping, policing, and so on) to apply to traffic defined
by a class map.
Service-policy - Attaches a policy map to an interface on the router.
Routing and Switching Written Qualification Exam (350-001)
802.1x
For information on 802.1x, please see that section under LAN Switching.
WAN
Integrated Services Digital Network (ISDN)
ISDN is offered by regional telephone carriers to provide digital telephony and data-transport services over existing
telephone wires. When it was released, it represented an effort to standardize subscriber services, user/network
interfaces, and network and internetwork capabilities. ISDN can be used to provide a PVC (Permanent Virtual Circuit)
for data passing, or an on-demand circuit for backing up other WAN technologies, or for a cost-effective way of linking
remote sites that have limited requirements.
ISDN circuits will often require service profile identifiers (SPIDs), which are similar to telephone numbers in that they
are unique line identifiers provided by the LEC (Local Exchange Carrier). A common question people have is when is
an SPID required, and when is it not. Well, the simple answer is – when the carrier requires it… Since the type of
carrier switch or how the switch is configured determines the need for a SPID, you as an end-user will have no control
of this element of the configuration.
Encapsulation for ISDN can be PPP, HDLC or LAPD, with the default encapsulation method being HDLC. CHAP and
PAP authentication techniques are associated with PPP.
Many Cisco routers with built-in ISDN interfaces (such as the 2503) have an ST interface. In order to convert the U
interface circuit from the carrier to an ST interface circuit that the router can handle, an external Network Terminating
Routing and Switching Written Qualification Exam (350-001)
Unit (NT1) is required. There might be two of these units sitting between the BRI ports on the ISDN simulator and the
routers. These units usually do not need to be configured, but the ports must be accurate: U goes to the simulator, S/T
to the router.
ISDN Specifics
TE1 S/T NT1 U LT V ET
TE2 R TA
* Note: U is two wire, S/T is four wire. The NT1 provides this conversion.
If you have completed the CCNP path, the diagram above should look familiar. It shows the relationship between the
ISDN equipment, protocol standards and reference points, which are of course:
Reference
Equipment Points Protocol Standards
Terminal adapter (TA) – R - Defines the E - Specifies ISDN on existing
Converts RS-232, V.35, and hand-off from telephone technology.
other signals into BRI. non-ISDN
equipment and
the TA.
Channels
Data on an ISDN line is channelized, with the two types of channels being:
B(earer) channel: Used for transporting user data (voice or data).
D(ata) channel: Used for control/signaling information using LAPD. Q.931, the network layer protocol that
provides messages for ISDN call setup and tear down, runs over the D Channel. It uses Q.921, a derivative of
HDLC, as its data-link layer transport.
Flavors of ISDN
There are three types of ISDN circuit, only two of which are found in the United States:
BRI – 2B /1D (B=64kb / D = 16kb)
PRI – 23B / 1D (B=64kb / D = 64kb)
E1 (Europe) – 30B / 1D (B=64kb / D = 64kb)
Frame Relay
Frame Relay is a packet-switched WAN protocol that operates at the physical and data link layers of the OSI reference
model, providing for speeds of up to 45 Mbps. It uses HDLC, PPP, or ISDN/LAPD encapsulations and provides simple
error checking using a Frame Check Sequence (FCS) on each frame, which is similar to a CRC. It does not provide for
error correction, only error detection; the end devices would need to provide error correction.
Routing and Switching Written Qualification Exam (350-001)
Types of Circuits
Permanent Virtual Circuits (PVCs) are used for frequent and long
connection times. As the name implies, they are brought up to be
permanent connections, and are always available (except during an
outage).
Switched Virtual Circuits (SVCs) are for sporadic or infrequent traffic.
They are setup when needed, broken down when not.
Encapsulation
Choices are Cisco and IETF, with Cisco being the default. This designation
is made per DLCI, and the encapsulation type must be identical at both end
devices. Since the Cisco encapsulation type is proprietary, if another
manufacturer's devices are used at the frame-relay endpoints, then the IETF
encapsulation type will be required.
is dropped inside the frame-relay cloud (discarded). This discarding causes traffic to have to be resent, slowness, and
network inefficiency. FRTS prevents this, one way, from happening by buffering the traffic at the host and only sending
as fast as the remote can receive it. Another way FRTS can prevent this is to send as fast as it can but to slow down
when the frame-relay switches tell the hub router that the remote circuit is overloaded. The frame switches would do
this by sending BECN frames. This mode is called “adaptive-shaping”.
Frame-Relay Compression
You can configure frame-relay payload compression on Cisco routers. This compresses the payload (the data being
sent) at each router before being sent over the frame-relay network. There are two types of compression you can use
to do this- Stacker and FRF.9.
Frame-Relay Mapping
You can statically map a L2 Frame-relay DLCI to an IP address with the frame-relay map command or the frame-relay
interface dlci command.
Another way to get an IP address to map to a DLCI is to use the dynamic method- inverse arp. Inverse ARP is enable,
by default.
Speed Elements
Committed Information Rate (CIR) - The maximum transmission rate you've negotiated in your contract with
the provider to transfer information under normal circumstances. This is what you are defining as the peak level
of traffic you will send and be guaranteed service. Be careful when reviewing the contracts, as some vendors will
attempt to slip in a CIR of 0, meaning they will do their best to provide service, but they're not guaranteeing
anything.
Local Port Speed - The maximum speed at which your local interface can send information.
Committed Burst Rate - The maximum amount of data that a Frame Relay internetwork is committed to accept
and transmit at the CIR.
Excess Burst Rate - The maximum bits a Frame Relay node will attempt to transmit after the committed burst
rate is exceeded.
ATM is a connection-oriented service using Switched Virtual Circuits (SVCs) and Permanent Virtual Circuits (PVCs).
SVCs are similar to ISDN dial-on-demand such that paths are created on an “as needed” basis. PVCs are similar to
frame-relay because the circuits are always established and active. Both use Virtual Path Identifiers (VPI) and Virtual
Channel Identifiers (VCI) to identify circuits and can support point-to-point and point-to-multipoint connections.
Remember that one Virtual Path (VP) can contain several Virtual Channels (VC).
There are two different types of connections in the ATM network. There are network-to-network (NNI) connection
types and user-to-network (UNI) connection types. The NNI connection is used to form connections between ATM
switches. The UNI connection is used to connect end devices (such as workstations or servers) to an ATM switch.
The following are valid ATM header switch types:
UNI (User-to-Network Interface) header - Used on any interface between a user device, such as an ATM
router, and an ATM network.
NNI (Network-to-Network Interface) header - Used on any interface that connects two ATM switches.
STI (StrataCom Trunk Interface) header - A Cisco proprietary extension of the other header types, STI is used
between Cisco switching nodes to provide advanced network features for improving performance, efficiency, and
congestion control.
ATM Mapping
Just as in Frame-Relay where you may the Layer 2 DLCI to the Layer 3 IP address, you must, somehow, perform the
same mapping with ATM.
There are several ways to create this mapping with ATM. They are:
Static mappings using ATM PVC’s
Dynamic mappings using ATM PVC’s
Or Mappings using ATM SVC’s
As previously mentioned, ATM identifies its Layer 2 circuits with VPI/VCI identifiers.
Routing and Switching Written Qualification Exam (350-001)
Physical Layer
Serial Interface Abbreviations
CSU Channel Service Unit
CTS Clear To Send [DCE --> DTE]
DCD Data Carrier Detected (Tone from a modem) [DCE --> DTE]
DCE Data Communications Equipment (modems, DSU, etc.)
DSR Data Set Ready [DCE --> DTE]
DSRS Data Signal Rate Selector [DCE --> DTE] (Not commonly used)
DSU Data Service Unit
DTE Data Terminal Equipment (computer, printer, etc.)
DTR Data Terminal Ready [DTE --> DCE]
FG Frame Ground (screen or chassis)
NC No Connection
RCk Receiver (external) Clock input
RI Ring Indicator (ringing tone detected)
RTS Ready To Send [DTE --> DCE]
RxD Received Data [DCE --> DTE]
SG Signal Ground
SCTS Secondary Clear To Send [DCE --> DTE]
SDCD Secondary Data Carrier Detected (Tone from a modem) [DCE -->DTE]
SRTS Secondary Ready To Send [DTE --> DCE]
SRxD Secondary Received Data [DCE --> DTE]
STxD Secondary Transmitted Data [DTE --> DTE]
TxD Transmitted Data [DTE --> DTE]
RS-232
The RS-232 standard has been around for decades, providing an interface between DTE and DCE devices. It is
simple, universal, and well understood; however, it does have some considerable shortcomings. It has had various
designations, including RS-232C, RS-232D, V.24, V.28 and V.10; but essentially all these interfaces are interoperable.
RS-232 is used for asynchronous data transfer as well as synchronous links, such as SDLC, HDLC, X.25 and Frame
Relay.
The standards provided connectivity at up to 256kbps with line lengths of 15M (50 ft), however high speed ports and
high quality cable have allowed these boundaries to be overcome. The general rule of thumb is that the length of the
cable and the speed it supports depends on the quality of the cable.
Routing and Switching Written Qualification Exam (350-001)
The clock signals are only used for synchronous communications. The modem or DSU extracts the clock from the data
stream and provides a steady clock signal to the DTE. Note that the transmit and receive clock signals do not have to
be the same.
Some of the shortcomings of RS-232 include:
The interface uses a common ground between the DTE and DCE, which is fine as long as you are using a short
cable that connects DTE and DCE devices in the same room, but with longer links between devices, this may
not be true.
It is impossible to effectively screen noise for a signal on a single line. By screening the entire cable, you can
reduce the influence of outside noise, but internally generated noise continues to be a problem. As the baud rate
and line length increase, the effect of capacitance between the cables introduces crosstalk, until a point is
reached where the data itself is unreadable.
V.35 Interface
V.35 is a high-speed serial interface standard that is designed to support DTE and DCE connectivity over digital lines.
It was originally specified by CCITT as an interface for 48kbps line transmissions and has since been adopted for
higher speeds. It was discontinued by CCITT in 1988, and replaced by recommendations V.10 and V.11.
Recognizable by its 34-pin black plastic box-like plug (about 20mm by 70mm), often with gold plated contacts and
built-in hold down and mating screws, V.35 combines the bandwidth of several telephone circuits to provide the high-
speed interface between a DTE or DCE and a CSU/DSU. Cable distances can theoretically reach 4000 feet (1200 m)
at speeds up to 100 Kbps, depending on the equipment used and the quality of the cable. To achieve such high
speeds and great distances, V.35 combines both balanced and unbalanced voltage signals on the same interface.
The control signals in V.35 are common earth single wire interfaces, because these signal levels are mostly constant
or vary at low frequencies. The high frequency data and clock signals are carried by balanced lines (meaning that each
signal has its own ground).
Most 56kbps DSUs are supplied with both V.35 and RS-232 ports because RS-232 is perfectly adequate at speeds up
to 200kbps and generally provides a significant cost savings.
router#show interface s0
Line 01: Serial0 is up, line protocol is down
Line 02: Hardware is HD64570
Line 03: Internet address is 192.168.1.1/24
Line 04: MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Line 05: Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Line 06: Last input never, output 00:00:05, output hang never
Line 07: Last clearing of "show interface" counters never
Line 08: Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Line 09: Queueing strategy: weighted fair
Line 10: Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Routing and Switching Written Qualification Exam (350-001)
Line 1: This important line tells you if the physical interface and line protocols for the interface are active. The
physical interface can be up (Carrier Detect –CD- is present), down (CD not present), or administratively
disabled meaning someone has turned the interface off by issuing a “shut” command. The line protocol (layer-
2 process of the router) considers the interface to be up if keepalives are being received. The bottom of this
page has descriptions of the possible conditions for these two entries.
Line 4: Provides information regarding bandwidth, delay and reliability of the link.
Line 5: Shows the layer-2 encapsulation type (Frame-relay, HDLC, X.25, etc.).
Line 8: Shows the number of input drops.
Line 9: Shows the packet queue information (weighted fair queuing in this example).
Line 10: Shows the number of output drops.
Line 17: This line provides significant troubleshooting information, including the number of input, CRC, frame and abort
errors. Keep in mind that these counters are cumulative, so when working on a problem, run the show
interface serial command multiple times to see if the numbers are incrementing.
Line 19: Shows the number of interface resets.
Line 21: The number of carrier transitions indicates how many times the CD signal of a serial interface has changed
state. Usually this is either a problem with the interface, or a problem with the carrier.
Routing and Switching Written Qualification Exam (350-001)
From the output above you can see that S0 is connected via a V.35 cable, while S1 is does not have a cable
connected.
Debug Commands
There are a number of debug commands that are useful for diagnosing problems on serial links, including:
debug serial interface—Verifies whether HDLC keepalive packets are incrementing. If they are not, a possible
timing problem exists on the interface card or in the network.
debug x25 events—Detects X.25 events, such as the opening and closing of switched virtual circuits (SVCs).
The resulting cause and diagnostic information is included with the event report.
debug lapb—Outputs Link Access Procedure, Balanced (LAPB) or Level 2 X.25 information.
debug arp—Indicates whether the router is sending information about or learning about routers (with ARP
packets) on the other side of the WAN cloud. Use this command when some nodes on a TCP/IP network are
responding, but others are not.
debug frame-relay lmi—Obtains Local Management Interface (LMI) information useful for determining whether
a Frame Relay switch and a router are sending and receiving LMI packets.
debug frame-relay events—Determines whether exchanges are occurring between a router and a Frame Relay
switch.
debug ppp negotiation—Shows Point-to-Point Protocol (PPP) packets transmitted during PPP startup, where
PPP options are negotiated.
debug ppp packet—Shows PPP packets being sent and received. This command displays low-level packet
dumps.
debug ppp errors—Shows PPP errors (such as illegal or malformed frames) associated with PPP connection
negotiation and operation.
debug ppp chap—Shows PPP Challenge Handshake Authentication Protocol (CHAP) and Password
Authentication Protocol (PAP) packet exchanges.
Routing and Switching Written Qualification Exam (350-001)
debug serial packet—Shows Switched Multimegabit Data Service (SMDS) packets being sent and received.
This display also prints error messages to indicate why a packet was not sent or was received erroneously. For
SMDS, the command dumps the entire SMDS header and some payload data when an SMDS packet is
transmitted or received.
A data converter or other device being used between router and DSU that is causing problems
There are several ways to address these kinds of problems:
A serial analyzer can be used to isolate the source of the input errors, basically looking at the traffic before it hits
the router. If errors are detected, the problem is probably external to the router, there is a clock mismatch, or
there is a hardware problem on the external network. Be careful doing this, as Cisco recommends against the
use of data converters when connecting a router to a WAN or a serial network.
Use a combination of loopback configurations and ping tests to isolate the specific problem source.
Analyze the errors to look for patterns. Do errors occur at a consistent interval? Are they sporadic, and could that
be related to some periodic function, such as the sending of routing updates?
Also, cyclic redundancy check (CRC) errors, framing errors, or aborts above 1 percent of the total interface traffic can
indicate that there is a significant link problem that should be isolated and repaired immediately.
Excessive Aborts
Aborts indicate an illegal sequence of 1 bit (more than seven in a row). This condition can be created by any of the
following:
SCTE mode is not enabled on DSU.
Line clocking is improperly configured.
The serial cable is too long, or improperly shielded.
A “ones” density problem has occurred on the T1 link (incorrect framing or coding specification).
A packet terminated in mid-transmission (typical because an interface was reset, or a framing error occurred).
A hardware problem has occurred (possibly a result of a bad circuit, a bad CSU/DSU, or a bad sending interface
on the remote router).
The proper steps to resolve abort problems are:
Make sure all devices are configured to use a common line clock. If they are capable of it, set SCTE on both the
local and remote CSU/DSUs.
Make sure that the cable is properly shielded and within the recommended length.
Check the hardware at both ends of the link. Swap out any suspected faulty equipment, and ensure that all
connections are solidly seated.
Lower the data transmission rates, and monitor the situation to determine if the rate of aborts decrease.
Use local and remote loopback tests to determine where the aborts are happening.
Contact the provider and request they perform integrity tests on the line.
Clocking Problems
Clocking conflicts in serial connections can lead to degraded performance and even chronic loss of connection service.
In general, clocking problems in serial WAN interconnections can be attributed to one of the following causes:
Incorrect CSU or DSU configuration
Nonstandard cables that are too long or not properly unshielded
Noisy or poor patch panel connections
Several cables connected in a row
Routing and Switching Written Qualification Exam (350-001)
In the lab, the failure of the Network Engineer to apply the “clock rate” interface configuration command to the
DCE side of the link
To determine if you have a clocking problem, review the output from the “show interface serial” exec command on the
routers at both ends of the link. CRC, framing errors, and/or aborts are indications of a clocking problem. If the errors
are in the approximate range of 0.5 percent to 2.0 percent of traffic on the interface, clocking problems probably exist
somewhere in the WAN.
After you’ve determined that clocking conflicts are the most likely cause of input errors, use ping and loopback tests
(both local and remote) to determine if the problem is in the line, or one of the connections. Depending on these
results, and the output of the “show interfaces serial” exec commands on the various routers, you can usually
determine where the errors are accumulating:
If input errors are accumulating on both ends of the connection, clocking of the CSU is the most likely problem.
If only one end is experiencing input errors, there is probably a DSU clocking or cabling problem.
Aborts on one end suggest that the other end is sending bad information or that there is a line problem.
SONET / SDH
SONET stands for Synchronous Optical NETwork. SONET allows
datastreams of different formats to be combined onto a single high-speed
fiber optic synchronous data stream. SDH stands for Synchronous Digital
Hierarchy. SONET is the United States version of the International Version,
SDH.
SONET supports a variety of data rates. Some of the most common data
rates are:
OC-12 622Mbps
OC-48 2.488Gbps
OC-192 9.953Gpbs (or about 10Gbps)
These rates are the actual line speed. As with any protocol there is overhead
to using the protocol so throughput rates will vary.
T1 Encoding
There are two types of T1 encoding you should be familiar with. They are:
AMI – Alternate Mark Inversion. AMI is an older form of encoding
where 8kb of each 64kb channel is used to keep the two ends of the
T1 synchronized.
B8ZS – Bipolar 8-zero substitution. B8ZS is based on AMI. B8ZS
inserts two successive ones of the same voltage (called a bipolar
violation) to keep the two ends of the T1 synchronized.
Routing and Switching Written Qualification Exam (350-001)
PPP
Point to Point Protocol (PPP) encapsulation protocol is commonly used on dial-up links but can also be used on point-to-point
leased lines. PPP replaced SLIP as the primary dialup protocol in use today. PPP can assign IP addresses to the dialup clients,
perform Multi-link PPP if you have multiple connections, monitor link quality, detect errors, and compress data going over the
link.
PPP consists of three parts:
Encapsulation - using HDLC frames
Link Control Protocol (LCP) – used to connect, monitor, and disconnect circuits
Network Control Programs (NCP) – used to support multiple upper-layer protocols
To authenticate the remote system, PPP supports a variety of authentication protocols. They are:
Password Authentication Protocol (PAP) – sends username & password in clear-text
Challenge Handshake Authentication Protocol (CHAP) – encrypts passwords
Microsoft CHAP (MS-CHAP) – Microsoft’s version of CHAP
DPT / SRP
Dynamic Packet Transport (DPT) is a Cisco optical protocol. It uses dual, counter-rotating rings to send & receive data.
Spatial Reuse Protocol (SRP) is a MAC-layer protocol that is used with DPT. SRP uses destination-stripping for the most efficient
use of bandwidth possible. SRP also provides a high level of redundancy called Intelligent Protection Switching (IPS).
DPT/SRP uses fairness algorithms to ensure all stations connected to the ring get equal time/bandwidth.
DPT/SRP rings can work on underlying technologies like SONET and WDM (wave-division multiplexing).
Routing and Switching Written Qualification Exam (350-001)
LAN
Ethernet/FE/GE
There are two types of Ethernet, which are very similar but with a few significant differences:
802.3 – Has a two-byte length field (instead of a protocol type field). The protocol information is held in two
fields: DSAP (Destination Service Access Protocol) and SSAP (Source Service Access Protocol). 802.3 runs at
10Mbs, 100Mbs, or 1,000Mbs and supports all of layer one, and part of layer two of the OSI model.
Ethernet II - Has a two-byte protocol type field that indicates the protocol of the data that is being sent (instead
of a length field). Ethernet II runs at 10Mbs and supports layers one and two of the OSI model.
Wireless/802.11
Although the first wireless networks appeared over two decades ago, adoption has been slow because:
The original wireless data rates were inadequate (way too slow).
Proprietary solutions dominated the marketplace, providing little interoperability among devices.
Wireless solutions were very expensive.
In 1999, the IEEE ratified the 802.11b standard with data rates up to 11 Mbps, and interest in Wireless LANs (WLANs)
exploded. Vendor interoperability is ensured by the Wireless Ethernet Compatibility Alliance (WECA), an independent
international nonprofit association that identifies compliant products from more than 140 companies spanning
component manufacturers, equipment vendors, and service providers under its "Wi-Fi" Brand.
As with any new technology, wireless is continually evolving. Multiple standards that offer advancements in speed,
bandwidth and security either exist, or are being developed to compete for dominance in the high-bandwidth WLAN
market. These include:
802.11b – This is the most widely deployed wireless standard, and can be found in both corporate and home
wireless markets, with wireless "hot spots" popping up in hotels, airports, convention centers, and coffee shops
worldwide. It operates in the 2.4 GHz unlicensed radio band and delivers a maximum data rate of 11 Mbps.
802.11a -- Operates in the unlicensed portion of the 5 GHz radio band, making 802.11a immune to interference
from devices that operate in the 2.4 GHz band, such as microwave ovens, cordless phones, and Bluetooth (a
short-range, low-speed, point-to-point, personal-area-network wireless standard). 802.11a has a top data rate of
54 Mbps, nearly five times the bandwidth of 802.11b. It is the first of the higher-speed wireless standards to hit
the market, but has a major drawback in that it does not provide interoperability with existing 802.11b equipment.
802.11g -- A late entry, this standard boasts a top data rate of 54 Mbps, but operates in the same unlicensed
portion of the 2.4-GHz spectrum as 802.11b, making it backward compatible with 802.11b devices. This new
standard is limited to the same three channels and crowded 2.4-GHz band as 802.11b, creating possible
scalability and interference issues.
Wireless Security
Acknowledging the inherent security deficiencies of WLANs, the 802.11 committee adopted an encryption protocol, the
Wired Equivalent Privacy (WEP). WEP does not provide authentication, access control, or data integrity checking; just
encryption.
Routing and Switching Written Qualification Exam (350-001)
Cisco Deployments
Currently the most flexible Cisco wireless access point is the Aironet 1200 Series which provides compatibility for all
the currently established and emerging wireless LAN standards. It has a dual-band design with eight 5 GHz channels,
and three 2.4 GHz channels, enabling a mix of client devices. Software and hardware are field upgradeable.
Routing and Switching Written Qualification Exam (350-001)
Multiservice
Voice/Video
Voice and Video can be digitized and passed though a normal IP network as long as sufficient bandwidth is available,
and the appropriate QoS issues are addressed. These technologies require more coverage than can be provided in a
short exam study guide; but for the purposes of this exam, and because you will probably face them in your career,
you should develop an appreciation of Cisco’s Architecture for Voice, Video and Integrated Data (AVVID). AVVID
technologies enable advanced voice and data services to be delivered reliably over a Cisco router and switch network.
An excellent place to begin this research is at:
http://www.cisco.com/en/US/netsol/ns340/ns19/ns24/networking_solutions_packages_list.html
Coder-decoders (Codecs)
Codecs use pulse code modulation to turn analog signals into digital bit streams, and conversely, transform digital bit
streams back into analog signals. This function is required by Voice-over-IP (VoIP) gateways to turn human speech
into digital data for transport, and back to analog sound to present it to the destination.
Common codecs specifications include:
G.711 – The format used for digital voice delivery in the telecom world, this standard describes the 64 Kbps
PCM voice encoding technique.
G.726 – Describes ADPCM coding at 40, 32, 24 and 16 Kbps and can be used to communicate between packet
voice and other systems, provided the PBX or public phone system has ADPCM capability defined.
G.729 – Describes CELP compressions that allow voice to be encoded in 8 Kbps streams. This standard is
further defined in two variations (G.729/G.729a). These provide standard voice-encoding algorithms that turn
the actual audio signal to digital data. These particular algorithms are significant in the VoIP arena because of
the low-bandwidth requirement (8 Kbps), while providing speech quality comparable to a 32 Kbps ADPCM link.
G.731.1 – Describes a compression technique used to compress speech or the audio portion of a multimedia
presentation, and is part of the H.324 family of standards. There are two bit rates associated with this coder -
5.3 and 6.3. The higher bit rate is based on MP-MLQ and provides a higher quality, while the lower rate is
based on CELP and provides good quality.
Routing and Switching Written Qualification Exam (350-001)
MPLS Operations
Frames enter the MPLS domain through an Edge label switch router (edge LSR), a device that initially adds or
ultimately removes the label from the packet. This router serves as the gatekeeper to and from the MPLS domain. A
Label that has been created by the Edge LSR is added to the frame header, which is subsequently used by label
switch routers (LSR) to forward packets through the domain. This header indicates what path the frame should travel
to reach its destination. This header format varies based upon the network media type. For example, in an ATM
network, the label is placed in the VPI/VCI fields of each ATM cell header. In a LAN environment, the header is a
"shim" located between the Layer 2 and Layer 3 headers.
Non-edge LSRs look at the frame, determine that there is a label embedded between Layers 2 and 3, and then treat
the frame according to the configuration in its Label forwarding information base (LFIB), a table created by the LSR
describing where and how to forward frames with specific label values. The label in the frame is just an index to a
larger record in the LFIB, which consists of an incoming label and one or more subentries (including outgoing label,
outgoing interface, and outgoing link-level information). If the incoming label finds a match then, for each component in
the entry, the switch replaces the label in the packet with the outgoing label, replaces the link-level information (such
as the MAC address) in the packet with the outgoing link-level information, and forwards the packet over the outgoing
interface.
Each of the subsequent LSRs handles the frame in a similar manner until the frame reaches the egress Edge LSR,
which then strips off all label information and passes a standard frame to the next hop.
Picture a series of LSRs (edge and core) interconnects, forming a physical path between two points. Because the
frame could be directed through the network based on contents of the LFIB and did not need to perform usual routing
operation, the frame was handled more quickly.
Remember that label information can be carried in a packet in a variety of ways:
As a small, shim label header inserted between the Layer 2 and network layer headers
Routing and Switching Written Qualification Exam (350-001)
As part of the Layer 2 header, if the Layer 2 header provides adequate semantics (such as ATM)
As part of the network layer header (such as using the Flow Label field in IPv6 with appropriately modified
semantics)
This means MPLS can be implemented over any media type, including point-to-point links, multiaccess links, and
ATM. Use of these types of control component(s) specific to a particular network layer protocol enable the use of label
switching with different network layer protocols. The label-forwarding component is independent of the network layer
protocol.
IP Multicast
IP Multicasting allows a device on the network to send a steam of information to a limited and defined group of hosts.
These hosts generally add and remove themselves to and from the data stream. By this time you should be
comfortable with the concepts behind Unicasts and Broadcasts, but just to reiterate:
Unicast – A packet that has a specific destination address of a unique host in the IP network. The packet is
passed through the routed or switched network to its destination, or dropped if it is unreachable.
Broadcast - Packet that a single host sends to all IP hosts on the broadcast domain (usually a network
segment). Keep in mind that every host that receives the broadcast interrupts its other work to process the
packet. Under normal circumstances, routers do not forward broadcasts.
Routing and Switching Written Qualification Exam (350-001)
Multicast traffic is a different beast. It’s based on the concept of a group; a collection of recipient hosts which have
“asked” to join a particular data stream; the group does not necessarily have any physical or geographical boundaries
(depending on the network design), and potentially, group members can be located anywhere on the Internet.
Analogously, think of it as a newspaper subscription, or a cable TV drop; they don’t normally “just happen”, the
recipient must make an effort, you know - express an interest.
Hosts interested in receiving a particular data flow join the IP Multicast Group using Internet Group Management
Protocol (IGMP). Hosts must be a member of the group to receive the data stream. Hosts join the group – they receive
the traffic; if they don’t – they don’t.
The source then sends IP packets to an IP Multicast Group Address, then IP multicast routers forward out packets to
interfaces that lead to members of the group. This means one flow of traffic leaves the source, and the routers in
between know how to process the packets to get them to a series of destinations that have either chosen or been
defined as part of a multicast group.
The same information could be sent through broadcasts, but then every destination would be affected; or it could be
sent through unicasts, but then each communication would require a separate data-stream, consuming valuable
bandwidth. With thousands of potential receivers, even low-bandwidth applications benefit from using IP Multicast.
High-bandwidth applications can often require a large portion of the available network bandwidth for just one single
stream; the thought of multiple monster streams is what keeps a good Network Architect from spending time with their
family.
As you can see, we have been describing a bandwidth-conserving technology that reduces traffic by simultaneously
delivering a single stream of information to any number of destinations, without forwarding the traffic to disinterested
destinations. It delivers source traffic to multiple receivers without adding any additional burden on the source or the
receivers, while using less network bandwidth than might otherwise be the case.
Popular IP Multicast applications include:
Multimedia Conferencing – Geographically dispersed group meetings using audio/visual or audio-only
communication, and often including electronic whiteboard applications.
Data Distribution – Reliably replicating data files from a central site to a number of remote locations, such as
distributing price and product information from a central corporate headquarters to a number of remote sales
locations.
Real-Time Data Multicasts – Pushing out real-time data to a number of subscribing hosts, such as stock or
news ticker updates.
The benefits of IP Multicasting include significant savings in both bandwidth and server overhead because the source
device only sends the material once. Because of the reduced bandwidth utilization, there may also be a reduction of
router CPU utilization, although the added load of handling multicast traffic may negate that under some
circumstances.
Multicast packets are replicated in the network by Cisco routers enabled with Protocol Independent Multicast (PIM)
and other supporting multicast protocols. Configuration is fairly simple, and should be part of your knowledge arsenal
if you intend to take the CCIE path later.
Because IP Multicasting is a one-to-many proposition, UDP is the layer-4 protocol of choice. Problems related to
unreliable packet delivery - such as lost packets, duplicate packets and lack of control over network congestion - do
exist, but can be reduced by proper network design.
Addressing
Normal Unicast traffic is defined with a specific destination IP address that corresponds to a specific physical device.
This is not true of Multicast traffic, which forwards to a set of destinations, none of which has the specific IP address
designated in the packet. Remember when you first learned IP addressing, and you used A, B and C-class
addresses? Well, the instructor didn’t mention it to you - but there was also a D-class set of addresses, and that’s
what is used for multicast addressing.
Routing and Switching Written Qualification Exam (350-001)
Multicast IP addresses (D-class addresses) are in the range of 224.0.0.0 to 239.255.255.255, meaning the first four
bits of the address are 0x1110. These addresses are administered by the Internet Assigned Number Authority (IANA),
and tightly controlled they are. Don’t count on grabbing a few addresses in case you ever need them; with that limited
range of addresses available, they are very stingy about assigning them. One interesting outcropping of this is that
there is now a DHCP-like service running that allows the entire Internet community to share the remaining unassigned
range of IP multicast addresses dynamically (please notice I said DHCP-like, not actual DHCP).
The IANA has put aside 239.0.0.0 through 239.255.255.255 for private multicast domains, much like the reserved IP
unicast ranges (192.168.x.x, 172.16.x.x and 10.x.x.x). When you are developing an internal application that will
remain within the boundaries of your network, these should be the addresses you choose to implement.
The addresses in the range of 224.0.0.0 to 224.0.0.255 have been put aside by the IANA for use by routing protocols
on the local network segment, meaning routers have been programmed not to forward them, regardless of what the
TTL value is. Reserved addresses in this range include:
Address Usage
224.0.0.7 ST Routers
224.0.0.8 ST Hosts
IGMP
There are two versions of IGMP. Version 1 is defined in RFC 1112 and
provides just two different types of IGMP messages:
Membership Reports - Hosts send out IGMP Membership Reports
corresponding to a particular multicast group to indicate they are
interested in joining that group.
Membership Queries - The router periodically sends out an IGMP
Membership Query to verify that at least one host on the subnet is still
interested in receiving traffic directed to that group. When there is no
reply to three consecutive IGMP Membership Queries, the router will
stop forwarding traffic directed toward that group.
IGMP Version 2 is defined in RFC 2236.The primary difference is the
inclusion of a Leave Group message, which allows hosts to take the initiative
and actively communicate to the local multicast router that they no longer
wish to be part of the multicast group. The router then sends out a group
specific query and determines if there are any remaining hosts interested in
receiving the traffic. If there are no replies, the router will time out the group
and stop forwarding the traffic. This can greatly reduce the leave latency
found with IGMP Version 1.
The default behavior for a Layer 2 switch would be to forward all multicast
traffic to every port that belongs to the destination LAN on the switch.
Routing and Switching Written Qualification Exam (350-001)
Basically, if one host on a VLAN wants to see the multicast, everybody on the VLAN gets it. Since the purpose of a
switch is to limit traffic to just the ports that need to see it, this is not a desirable behavior. There are two methods to
deal the problem - Cisco Group Management Protocol (CGMP) and IGMP Snooping.
CGMP
CGMP and IGMP software components run on both the Cisco routers and Cisco Catalyst switches. Together they
allow these switches to leverage IGMP information on Cisco routers to make layer-2 (switching) forwarding decisions.
With CGMP, IP Multicast traffic is delivered only to those Catalyst switch ports that are interested in the traffic; ports
that have not explicitly requested the traffic will not receive it.
When the CGMP/IGMP-capable router receives an IGMP control packet, it processes it as it would any other IGMP
request, and then creates a CGMP message, which it then forwards to the switch. These can either be “join” or “leave”
messages, depending on what the host is asking for.
The switch receives the CGMP message and then modifies the port status in its CAM (Content Addressable Memory)
table for that multicast group. All subsequent traffic directed to this multicast group will be forwarded to the port. The
router port is also added to the entry for the multicast group.
It’s important to note that Multicast routers are required to monitor all multicast traffic for every group, since the IGMP
control messages look just like regular multicast traffic. With CGMP, the switch only has to listen to CGMP “Join” and
“Leave” messages from the router. The rest of the multicast traffic is forwarded using its CAM table as normal. The
router carries the load.
Please note that if there is a spanning-tree topology change, the CGMP/IGMP-learned multicast groups on the VLAN
are purged and the CGMP/IGMP-capable router must generate new multicast group information. If a CGMP/IGMP-
learned port link is disabled, the corresponding port is removed from any multicast group.
CGMP/IGMP-capable routers send out periodic multicast group queries, so if a host wants to remain in a multicast
group, it must respond to the query. If, after a number of queries, the router receives no reports from any host in a
multicast group, the router sends a CGMP/IGMP command to the switch to remove the group from the forwarding
tables. CGMP’s fast-leave-processing allows the switch to detect IGMP version-2 leave messages sent to the all-
routers multicast address by hosts on any of the supervisor engine module ports.
Remember that CGMP must be configured on both the multicast routers and the layer-2 switches and that CGMP is
Cisco proprietary.
IGMP Snooping
IGMP Snooping is another technique to avoid sending multicast traffic to disinterested switched Ethernet ports on a
Cisco switch. It requires the LAN switch to examine, (“snoop” through) network layer information in the IGMP packets
sent between the hosts and the router.
When the switch hears the IGMP Host Report from a host for a particular multicast group, the switch adds the host's
port number to the associated multicast table entry. When the switch hears the IGMP “Leave” Group message from a
host, it removes the host's port from the table entry. This obviously puts the burden of processing on the switch,
creating a potential performance impact on low-end switches with limited CPU horsepower. Many high-end switches
have special ASICs that can perform the IGMP checks in hardware.
Routing and Switching Written Qualification Exam (350-001)
Distribution Trees
Multicast-capable routers create distribution trees to control the path through the network. The two basic types of
multicast distribution trees are:
Source Trees - These are the simplest form of a multicast distribution tree, where the root is the source of the
multicast tree and the branches form a spanning tree through the network to the receivers. Because this tree
uses the shortest path through the network, it is also referred to as a shortest path tree (SPT).
Shared Trees - Unlike source trees that have their root at the source, shared trees use a single common root
placed at some chosen point in the network. This shared root is called the rendezvous point (RP).
Rendezvous Points
The most significant difference between PIM sparse and dense mode configurations is the requirement for
Rendezvous Points (RP) to be defined in sparse networks. This acts as the meeting place for sources and receivers
of multicast data. The sources send their traffic to the RP, and it is then forwarded to receivers down a shared
distribution tree. By default, when the first hop router of the receiver learns about the source, it will send a join
message directly to the source, creating a source-based distribution tree from the source to the receiver.
Since by default the RP is only needed to start new sessions with sources and receivers, it experiences little additional
overhead from traffic flow or processing.
In PIM-SM version 1, all routers directly connected to sources or receivers (leaf routers) are manually configured with
the IP address of the RP; for this reason this type of configuration is also known as a “static RP” configuration. This
isn’t much of a problem in a small network (like a lab exam), but it can create obvious problems in a large, complex
network.
PIM-SM version 2 has an Auto-RP feature that automates the distribution of group-to-RP mappings in a PIM network.
The advantages of this are:
Not having to configure a static RP address on every router.
Routing and Switching Written Qualification Exam (350-001)
Changes need only be configured on the RP routers, not on all the leaf routers.
The ability to “scope” the RP address within a domain, giving it an area of the network to cover. Scoping can be
achieved by defining the time-to-live (TTL) value allowed for the Auto-RP advertisements.
The Cisco Press book “Developing IP Multicast Networks” by Beau Williamson is an excellent resource for Multicast
Networking.
Reference
The following text was used as a reference in the creation of this Cramsession:
CCIE Routing and Switching Exam Certification Guide by A. Anthony Bruno, ISBN 1-58720-53-8