Ccie Rs Lab Prep

CCIE Routing and Switching
TECCCIE-3000_c3 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 1
Techtorial Session Topics
Session 1 CCIE Program Overview/ Roadmap
Session 2 Core Knowledge

Session 3 Multilayer Switching/Frame-Relay
Session 4 IP Routing Concepts/OSPF
Session 5 IP Version 6
Session 6 IP Routing BGP

Session 7 MPLS/VPN
Session 8 IP Multicast
Session 9 Quality of Service

Session 10 Troubleshooting
2
Program Overview and Roadmap
Cisco CCIE Certification
 CCIE R&S: Configure and troubleshoot complex converged networks
 CCIE Security: Configure complex, end-to-end secure networks, troubleshoot
environments, and anticipate and respond to network attacks
 CCIE Service Provider: Configure and troubleshoot advanced technologies to support
service provider networks
 CCIE Storage: Configure and troubleshoot
storage area networks over a variety of
interfaces
 CCIE Voice: Configure complex, end-to-end
telephony, as well as network, troubleshoot, CCIE
and resolve VoIP-related problems
 CCIE Wireless: Plan, design, implement, operate,
and troubleshoot wireless network and mobility CCNP
infrastructure
CCNA
CCENT
www.cisco.com/go/learnnetspace
4
Certification Process
 CCIEs must pass two exams

 The written qualification
exam uses simulations and
multiple-choice questions
 The lab exam is what makes
this certification different; the
full-day, hands-on lab exam
tests the ability to configure
and troubleshoot equipment
 Not all lab exams are offered
at all lab locations
5
Process: Step 1 The Written Exam
 Available worldwide at Pearson VUE for $350 USD, adjusted
for exchange rate and local taxes where applicable
 Two-hour exam uses simulations and multiple-choice
questions
 Closed book; no outside reference materials allowed
 Pass/fail results available immediately; passing score set by
statistical analysis and subject to periodic change
 Waiting period of five calendar days to retake the exam
 Candidates must wait minimum of six months before retaking
the same number exam
 Must take first lab exam attempt within 18 months of passing
written, or written exam expires
6
Process: Step 2 The Lab Exam
 Available in select Cisco locations for $1,400 USD,
adjusted for exchange rates and local taxes where
applicable, not including travel and lodging
 Eight-hour exam requires working configurations
and troubleshooting to demonstrate expertise
 Cisco documentation available via Cisco Web; no
personal materials of any kind allowed in lab
 Minimum score of 80% to pass
 Scores generally can be viewed online within
48 hours; failing score reports indicate areas where
additional study may be useful
7
 Most popular track, over 80% of CCIE candidates
attempt R&S first
 Expert-level knowledge of LAN and WAN interfaces,
Routing Protocols, and variety of routers and switches
 Expert-level in troubleshoot to solve complex
connectivity problems and apply solutions to increase
bandwidth, improve response times, maximize
performance, improve security, and support global
applications
9
Recent Changes to CCIE R&S
 Reflect growth of network as a service platform

 Aligning to job tasks of expert-level network engineers
and expectations of employers
 New certification standards released on May 5, 2009
 New areas include:
–planning and evaluating network changes
–MPLS and VPN networking
–implementing performance routing and optimized edge routing
–filtering and route distribution
–EIGRPv6
–IPv6 multicast
10
CCIE R&S v4.0 Certification
 Written and lab exams refreshed with new questions

 Adding coverage of MPLS and VPN
 Written exam adding simulations
 Lab exam adding hands-on troubleshooting
 Exam durations and pricing remain same
 V4.0 exams scheduled for release October 18, 2009
and will immediately replace v3.0 exams
 Last day to take v3.0 exam is October 17, 2009
11
CCIE Exam Development Process
Development Validation and

 Job role and career Inputs Feedback • Cisco content
development advisory team
survey
• CCIE program
 Cisco business  Certification
managers
unit/ technology Standards
groups • Customer
 Exam Design
validation survey
 Cisco Technical
Support team • Alpha review
 Comprehensive • Beta test and
Job Task Analysis, statistical analysis
performed by
external and
internal network
experts
Clearly defined and ISO-reviewed
process ensures exams are relevant and
 Customer Advisory
Groups valid.
12
Written Exam
Red= v4.0 blueprint
CCIE R&S Written Exam
* = removed fromv4.0
 Covers networking theory related to:

Evaluate proposed changes to a Network
General networking*
Bridging and LAN switching (Implement Layer 2 Technologies)
IP and IP routing (Implement IPv4)
QoS (Implement Quality of Service)
WAN (Implement Layer 2 Technologies)
IP multicast (Implement IP Multicast)
Security (Implement Network Security)
IPv6 (Implement IPv6)
MPLS (Implement MPLS Layer 3 VPNs)
Implement Network Services
Troubleshoot a Network
Optimize the Network
 Written lays foundation to the Lab Exam
14
CCIE Routing and Switching Lab Exam
R&S Lab Locations
Beijing Tokyo RTP Brussels
Permanent CCIE R&S Lab Locations
Hong Kong
San Jose
Bangalore
Sydney
Dubai
Sao Paulo
Upcoming Mobile Labs:
Moscow, Russia May 4-8, 2009
Singapore, Singapore June 8-12, 2009
Riyadh, Saudi Arabia June 20-24, 2009
16
Introduction
 Candidates build a network to a series of supplied
specifications
 The point values for each question are shown
on the exam
 Some questions depend upon completion
of previous parts of the network
 Report any suspected equipment issues to the proctor
as soon as possible; adjustments cannot be made once
the exam is over
17
Black = v3.0 blueprint
R&S Lab Exam: Topics Red= v4.0 blueprint
 Evaluate proposed changes to a Network

 Bridging and Switching (Implement Layer 2 Technologies)
 IP IGP Routing (which includes IPv6) (Implement IPv4 – includes BGP)
 BGP
 Implement IPv6
 Implement MPLS Layer 3 VPNs
 IP and Cisco IOS Features (Implement Network Services)
 Implement MPLS Layer 3 VPNs
 IP Multicast (Implement IP Multicast)
 QoS (Implement Quality of Service)
 Security (Implement Network Security)
 Troubleshoot a Network
 Optimize the Network
18
Introduction
 Each candidate has his/her own PC and rack
of equipment
 Equipment rack may or may not be with candidates
desk and PC
 Equipment requires no HW or Cabling configuration
by candidate
 If the candidate feels that a HW or cabling intervention
is needed the CCIE lab proctor must be involved
 Check the CCIE web page for the latest
equipment list and IOS versions
19
Rack Access
Rack Connection Method
Ethernet
Exam
Routers
Candidate PC
Comm Server
 The Comm Server is pre-configured

 The Candidate PC has the terminal emulator
pre-configured to access all routers and switches
(in general SecureCRT), browsers and any other
needed application
20
Passwords
 All routers and switches have a startup configuration:

hostnames, passwords, line setup, and IP addresses
for primary interfaces are already configured; since all
tests require the router to be accessible via the VTY
and AUX ports, do not change these established
configurations
21
Standard Restrictions
Unless Specified within the exam you are NOT
allowed to use
 Static routes (of any kind)

 Default routes
 **Dynamic routes to null are permitted
22
R&S Lab Exam: Sample Topology
Network Addressing 125.10.0.0
FA0/0-10.11/24 S0/0-11.1/24 S0/0-11.2/24

Frame
Relay Lo0-2.2/24
SW2 R1 R2
Lo0-1.1/24
Lo1-172.16.1.1 FA0/0-22.1/24
Lo2-172.16.2.2 FA0/0-22.5/24
Lo3-172.16.3.3 SW1
Lo4-172.16.4.4 R3
FA0/0-33.1/24
FA0/0-50.1/24
Frame R5
Relay Lo0-5.5/24
FA0/0-50.1/24
R6 Lo0-4.4/24
R4
23
R&S Lab Exam: Sample Question
Section: 2.5 RIP
 Configure RIPv2 on R1, R2, and R5
 Redistribute between RIP and OSPF on R5
 All routes should be visible on all routers
Score: 2 Points
24
R&S Lab Exam: Sample Answer
Verification—1
 R4 must have all routes on its routing table
R4#show ip route
<->
172.16.0.0/24 is subnetted, 4 subnets
O E2 172.16.4.0 [110/20] via 125.10.50.1, 22:34:38, Ethernet0/0
O E2 172.16.1.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0
O E2 172.16.2.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0
O E2 172.16.3.0 [110/20] via 125.10.50.1, 22:34:58, Ethernet0/0
125.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 125.10.50.0/24 is directly connected, Ethernet0/0
O E2 125.10.22.0/24 [110/20] via 125.10.50.1, 22:44:39, Ethernet0/0
C 125.10.4.0/24 is directly connected, Loopback0
O E2 125.10.2.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0
O E2 125.10.1.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0
O 125.10.5.5/32 [110/11] via 125.10.50.1, 22:44:40, Ethernet0/0
O E2 125.10.11.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0
O E2 125.10.10.0/24 [110/20] via 125.10.50.1, 22:44:44, Ethernet0/0
R4#
25
R&S Lab Exam: Grading
 Proctors grade all lab exams
 Automatic tools aid proctors with simple
grading tasks
 Automatic tools are never solely responsible
for lab exam grading
 Proctors complete grading of the exam and submit
the final score within 48 hours
 Partial credit is not awarded on questions
 Points are awarded for working solutions only
 Some questions have multiple solutions
26
Q and A
Session 2:
Core Knowledge
Agenda
 What is the Core Knowledge questions
 How many questions?
 Structure through the lab exam
 Sample questions
29
Core Knowledge
 Consists of four and computer-delivered short-answer
questions is being added to the lab exam in all global
lab locations.
 Candidates will be required to type out their answers,
which typically require five words or less.
 This section covers core concepts from the CCIE R&S
exam objectives.
 When candidates complete the Core Knowledge
section, they may move immediately to the lab
configuration portion of the exam.
 You must be completed before the candidate moves to
the lab configuration scenarios.
30
Core Knowledge Sample Question - 1
 Refer to the diagram below. On which routers can you

enable summarization in OSPF?
(Answer: Any ABR router)
31
What protocol do the following statements describe?
 Integral to IPv6
 Every node that implements IPv6 must fully implement this protocol.
 Many IPv6 functions utilize this protocol e.g. MTU path discovery,
and neighbor discovery, etc.
(Answer: ICMPv6)
32
What device is used to dynamically announce the RP

address to all routers in a PIM environment ?
Which open standard BGP attribute is used first in the
BGP Best Path selection algorithm?
33
Session 3:
Multilayer Switching and Frame Relay
Agenda
 LAN Switching
MLS Concepts
Layer 2 Protocols
Layer 2 Features
Layer 3 Features
Troubleshooting Tips
 Frame Relay
Concepts
Configuration Options
Troubleshooting Tips
35
MLS Concepts
 Layer 1:
Collision domain: Hub
 Layer 2:
Broadcast domain: Vlan
VTP domain
STP domain
 Layer 3 and 4: MLS

Wire-rate forwarding based on upper layer info
IP (address or TOS)
TCP/UDP ports
36
Layer 2 VLAN’s
 Broadcast domains spanning multiple switches
Default Vlan 1
Normal-range: 1 to 1005
Extended-range: 1006 to 4094
Deprecated vlan-database > vlan config-mode
Minimal port config once the Vlan is known:
switchport mode access

switchport access vlan X
37
Layer 2 Features
Verify VLAN Configuration
switch#sh vlan brief
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5
Fa0/7, Fa0/8, Fa0/9, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/21
Fa0/22, Fa0/24, Gi0/1, Gi0/2
11 VLAN_BB1 active Fa0/10
12 VLAN_BB2 active
13 VLAN_BB3 active
21 VLAN_A active
22 VLAN_B active
23 VLAN_C active
55 vlan_test active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
switch#
switch#s run int f0/10
!
interface FastEthernet0/10
switchport access vlan 11
switchport mode access
end
38
Layer 2 Ethernet Trunk
 Most LAN topologies consist
of multiple VLANs
 How to carry multiple VLANs
on a single physical link,
while maintaining isolation?
?
 Trunking Protocols: X
IEEE 802.1q
4 bytes tag with Vlan ID
Supports Native Vlan 10 VLANS
(not tagged, must match on L2 links)
ISL (Cisco Proprietary)
30 bytes header (26 + 4) true encapsulation
No Native concepts, ALL frames encapsulated
39
Sample Question
 Create trunking among the four switches meeting the
following requirements:
Trunking will be formed unconditionally
Use ISL encapsulation
 Choose the encapsulation and create a trunk

between R6 and Sw2. Only VLAN_BB3 and VLAN_B
must be allowed in the trunk
 Implicit: refer to the diagrams to determine
IP addresses
Score: 2 Points
40
Sample Questions
Diagrams
 You have multiple diagrams and have to figure out
which ports to configure
Sw1 Sw2
Fa0/19 Fa0/19
Fa0/20 Fa0/20
Fa0/21 Fa0/21
Fa0/22 Fa0/22
g0/0 g0/1
sw1 Fa0/1 Fa0/1 sw2
R1
FR FR
g0/0 g0/2
sw1 Fa0/2 Fa0/2 sw2
R2
g0/0 g0/3
sw1 Fa0/3 Fa0/3 sw2
R3
g0/0 g0/4
sw1 Fa0/4 Fa0/4 sw2
R4
sw1 Fa0/10 BB1 BB2 Fa0/10 sw2
41
Sample Question—Solution
 On switch-switch links, use ‘interface-range’ to speed up
and minimize missed/wrong config
Config)#interface range fa0/19-20
switchport trunk encapsulation isl
switchport mode trunk
 On switch-router, with the IOS running, only dot1Q
is supported!
 Router’ subinterface:
-if)#encapsulation dot1q [vlanID]
-if)#ip address [asPerDiagram…]
 Switch port:
-if)#switchport encapsulation dot1q
-if)#switchport trunk allowed vlan 13,22
-if)#switchport mode trunk
42
Sample Question—Verification
switch#s int f0/x trunk
Port Mode Encapsulation Status Native vlan

Fa0/x on isl trunking 1
Port Vlans allowed on trunk

Fa0/x 1-4094
Port Vlans allowed and active in management domain

Fa0/x 1,11-13,21-23,55
Port Vlans in spanning tree forwarding state and not pruned

Fa0/x 1,11-12,21-23,55
43
Layer 2 Protocols
 CDP
Useful to discover L2 topology and detect weird forwarding
issues (cdp neighbors appear where they shouldn’t)
switch3#sh cdp neigh
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID

bb3-sw Fas 0/10 130 S I WS-C3550-4Fas 0/8
Switch4 Fas 0/24 178 R S I WS-C3560-2Fas 0/24
Switch4 Fas 0/23 178 R S I WS-C3560-2Fas 0/23
44
Sample Question
 Configure the amount of time a neighbor should hold

CDP information sent by Sw2 before discarding
it to 2 minutes
Score: 2 Points
45
 Sw2
Config)#cdp holdtime 120
 Verification:
switch2#sh cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 120 seconds
Sending CDPv2 advertisements is enabled
46
Layer 2 Protocols
DTP (Dynamic Trunking Protocol)
 Negotiate trunking encapsulation, enabled by default

 Some basic error checking
47
Sample Written Question
 What trunk mode combination would not produce
an operational ISL trunk?
Local: auto Remote: auto
Local: on Remote: auto
Local: nonegociate Remote: on
Local: nonegociate Remote: nonegociate
Local: auto Remote: desirable
 Solution: A
If both sides are set to Auto, trunk will never come up
48
Sample Lab Question
 Completely disable DTP traffic on all Fast Ethernet

ports on all switches
Score: 2 Points
49
Sample Lab Question—Solution
if)#switchport mode access

if)#switchport nonegociate
 Verification :
show interfaces switchport
Name: FaX/Y
Negotiation of Trunking: Off
50
VLAN Trunk Protocol (VTP)
 Same VTP domain, version (1 or 2) and password

 3 modes: server—client—transparent
 Pruning
Switch-1(config-if)#vlan 10
VTP Domain is CCIE
VLAN 10 
Switch-1 Switch-2
51
VTP CLI
 sh vtp status
most info comes out of this
 sh vtp counters
to see, whether pruning joins are received/transmitted
 sh int pruning
to see, which vlans are pruned and which vlans we
request from upstream
 sh int trunk
to see, which vlans are (not) pruned and are forwarding
 debug sw-vlan vtp <events|packets|xmit|pruning>
52
Layer 2 Features
VTP Verification
3550# show vtp status
VTP Version : 2
Configuration Revision : 16
Maximum VLANs supported locally : 1005
Number of existing VLANs : 9
VTP Operating Mode : Server
VTP Domain Name : cisco
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
…
3550# show vtp counters

VTP statistics:
Summary advertisements received : 734
Subset advertisements received : 0
Request advertisements received : 0
Summary advertisements transmitted : 2199
…
53
Layer 2 Features
EtherChannels
 A logical aggregation of similar links

(up to 8) 10/100/1000/10GE ports
 Channel always point-to-point and
viewed as one logical link by other protocols
 Two flavors: Cisco’s PAgP and IEEE 802.3ad LACP
Each defines an “active” and “passive” side
54
EtherChannels
 Can aggregate L2 Access Ports, L2 Trunks or L3 Links

 Load-balancing algorithm (default is src-mac)
 Operates between switches, routers, and certain
vendors’ NICs
55
Sample Question
 Create EtherChannels among Sw1 and Sw2 so that it

will be formed unconditionally NOT using any protocol
negotiation
Score: 2 Points
56
 Use interface range

Config)#int range FastEthernet0/x-y
Config)#channel-group z mode on
 Verification
sh etherchannel z port-channel
sh etherchannel [sum|load]
sh pagp|lacp [[port-chan#] neigh|count|
internal]
57
Layer 2 Features
EtherChannel Verification
Rack08Sw2#sh etherchannel sum
...
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports

------+-------------+-----------+--------------------------------------------
12 Po12(SU) - Fa0/23(P) Fa0/24(P)
switch#sh ether 12 port

Ports in the group:
-------------------
Port: Fa0/23
------------
Port state = Up Mstr In-Bndl
Channel group = 12 Mode = On/FEC Gcchange = -
Port-channel = Po12 GC = - Pseudo port-channel = Po12
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 00d:00h:00m:17s
58
Layer 2 Features
EtherChannel Verification [2]
switch#sh int port-channel 12

Port-channel12 is up, line protocol is up (connected)
Members in this channel: Fa0/23 Fa0/24
switch#sh pagp ?
<1-64> Channel group number
counters Traffic information switch#sh lacp ?
internal Internal information <1-64> Channel group number
neighbor Neighbor information counters Traffic information
internal Internal information
neighbor Neighbor information
sys-id LACP System ID
59
Spanning Tree
 Provide loop free topology while physical redundant

links/trunks are allowed between switches
 Elects a root bridge and defines roles to the ports
based on least cost path to the root
 One Root port per bridge and one Designated port
per segment
 Blocks other ports to break loops
(PDU still passes through)
60
Spanning Tree
Port States
 Blocking: No user traffic allowed, only BPDUs
 Listening: Receives BPDUs and wait for convergence of
BPDUs
 Learning: Learn source MAC from user traffic
to build CAM
 Forwarding: Normal mode, forward user traffic
AND BPDUs
 Disabled: Port is shut (/admin or not)...
61
Spanning-Tree Algorithm
A BPDU Is Superior than Another if it Has:

1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID
62
Spanning Tree
Root Ports: Port with Least Nondesignated Ports:
Cost Path to the Root Bridge 8192:000000000001 Ports in Blocking
DP
A Root
Core DP 1 2
32768:000000000002 RP 1 1 RP 32768:000000000003
B Peer C Peer
Distribution 2 DP 2 DP
RP NDP
1 2
D Peer
Designated Ports: Ports 32768:000000000004 Direction of
Selected for Forwarding BPDU Flow
63
Spanning Tree—RSTP—802.1w
switch(config)#spanning-tree mode ?
mst Multiple spanning tree mode
pvst Per-Vlan spanning tree mode
rapid-pvst Per-Vlan rapid spanning tree mode
 Mechanism of handshake to bypass listening/

forwarding state of the designated port if all bridges
on a segment recognized this port as the designated
 ‘Disabled’+’Blocking’+’Listening’ states are merged
into ‘Discarding’ state
64
Spanning Tree—MST—802.1s
 Enhances STP scalability (preserves CPU power)

 Flexible load-balancing
 Complex interoperability with other STP flavors
65
Spanning Tree—MST—802.1s
 MST Configuration: Identical for all switches in the same
region
 Digest of the config is sent in the MST BPDU
spanning-tree mode mst

spanning-tree mst configuration
name MST < up to 32bytes
revision 1
instance 1 vlan 20, 40, 60
instance 2 vlan 30, 50, 70
66
Spanning Tree Features
 Portfast
 Bpduguard
 Bpdufilter
 Uplinkfast
 Backbonefast
 Rootguard
67
Sample Lab Question
Fa0/23 Fa0/23
Fa0/24 Fa0/24
Sw1 Sw2
The 3550 switches in your topology are pre-cabled as

shown
in the diagram above. VLANs have already been
assigned to the switches. Configure Sw1 and Sw2 to have
the following behavior:
Only ODD VLANs should be forwarded on Fa0/23
during normal operation
Only EVEN VLANs should be forwarded on Fa0/24
during normal operation
Interfaces should begin forwarding traffic within eight seconds
of link-up
DO THIS WITH EXACTLY WITH TWO COMMANDS Score:PER 3 Points
SWITCH 68
Desg FWD
Root FWD
Sample Lab Question: Analysis Altn BLK
Analyze the Initial Status
Sw#sh vlan brief ; Sw1#sh int trunk

Only Vlan 1 and Vlan 2 are active
Fa0/23 and Fa0/24 are trunk ports on both sides
Sw#sh span vl [1 | 2]
Sw1 is the root for both Vlans, as per lower sys MAC
Sw2 is Forwarding both Vlans out of Fa0/23 as per
lower port ID Sw1 Sw2
69
Desg FWD
Root FWD
Sample Lab Question: Design Altn BLK
Think About It…

Initial : Vlan 1 + 2
Sw1 Sw2
Possible Solution?
spanning-tree vlan 1 forward-time 4

spanning-tree vlan 2 forward-time 4
-if)#spanning-tree vlan 2 port-priority 112
Sw1 Sw2 Sw1 Sw2

Vlan 1 Vlan 2
No, Because This Doesn’t Answer the “Exactly 2 Commands Per Switch” !
70
Desg FWD
Root FWD
Sample Lab Question: Solution Altn BLK
So We Need Sw2 to Become Root for One Vlan!
spanning-tree vlan 1 forward-time 4 spanning-tree vlan 2 forward-time 4

spanning-tree vlan 2 priority 61440 -if)#spanning-tree vlan 2 port-priority 112
Sw1 Sw2 Sw1 Sw2

Vlan 1 Vlan 2
71
Sample Lab Question: Verification
Sw1#s span vlan 1
VLAN001
Spanning tree enabled protocol ieee
Root ID Priority 32779
Address 0009.e8e2.6200
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 4 sec
...
Sw1#s span vlan 2

VLAN002
Spanning tree enabled protocol ieee
Root ID Priority 32780
Address 0015.6286.7400
Cost 19
Port 24 (FastEthernet0/24)
Bridge ID Priority 61452 (priority 61440 sys-id-ext 2)
Address 0009.e8e2.6200
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/23 Altn BLK 19 128.23 P2p
Fa0/24 Root FWD 19 128.24 P2p
72
Layer 3 Features
Switched Virtual Interface (SVI)
 Software-based virtual interface

 Configure SVIs for any VLANs for which you
want to route traffic
 SVI VLAN1 is created by default
VLAN10
Fa0/1
5.0.0.1
Fa0/2
3.0.0.6 Fa0/3 Fa0/5
3.0.0.8
vlan10 5.0.0.4
3.0.0.1
SVI
73
Layer 3 Features
Routed Ports
 Acts like a port on a router

 Not associated with a particular VLAN
 Put the interface into Layer 3 mode with the
no switchport interface configuration command
VLAN10
Fa0/1
5.0.0.1
Fa0/2
Routed Port
Fa0/3 Fa0/5
3.0.0.6
3.0.0.8
SVI 10 5.0.0.4
3.0.0.1
74
Layer 3 Features
SVI/Routed Port Configuration
VLAN10
Fa0/1
5.0.0.1
Fa0/2
Fa0/3 Fa0/5
3.0.0.6
3.0.0.8
SVI 10 5.0.0.4
3.0.0.1
SVI Routed Port

! !
interface Vlan10 interface FastEthernet0/5
ip address 3.0.0.1 255.0.0.0 no switchport
end ip address 5.0.0.1 255.0.0.0
end
75
Layer 2/Layer 3
Troubleshooting Discussion
R1 R2
E0/0 Fa0/0
Fa0/1 Fa0/2
Ping from R1 to R2 Fails

How Do You Troubleshoot?
76
References
 Cisco LAN Switching, Kennedy Clark, Cisco Press®
 Interconnections, 2nd edition, Radia Perlman
 Cisco Catalyst 3550 configuration guide CCO
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550
 Cisco Catalyst 3560 configuration guide CCO

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/index.htm
77
Q and A
Frame Relay
 Concepts
 Implementation Options
 Troubleshooting Tips
79
Frame Relay Concepts
Frame Relay
LMI
Switch LMI
PVC
DLCI DLCI
 DLCI—Data-link connection identifier

 LMI—Local Management Interface
 PVC—Permanent Virtual Circuit
80
Frame Relay: CCIE Lab FR Switch
The Frame Relay Switch Is Pre-Configured
R1 FR-SW R2
Sample Configuration
!
frame-relay switching
!
interface Serial1/0
no ip address
encapsulation frame-relay
clockrate 1007616
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 102 interface Serial1/2 201
81
NBMA—Hub and Spoke
Typical Exam Scenario
172.16.1.2/24
R2
201
102
Frame Relay R1
301 103 172.16.1.1/24
R3
172.16.1.3/24
82
Frame-Relay Inverse ARP
Rtr A Rtr B
S0 S1
140 401
interface Serial0 interface Serial1

ip address 172.16.1.1 255.255.255.0 ip address 172.16.1.2 255.255.255.0
encapsulation frame-relay encapsulation frame-relay
Dynamic L3 to L2 Address Mapping Uses Frame Relay Inverse

ARP to Request the Next Hop Protocol Address for a Specific
Connection (DLCI)
83
Frame-Relay Verification
Rtr A Rtr B
S0 S1
140 401
RtrA# show frame-relay map
Serial0 (up): ip 172.16.1.2 dlci 140(0x8C,0x20C0), dynamic,

broadcast,, status defined, active
RtrA# show frame-relay pvc
DLCI = 140, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0
input pkts 83 output pkts 87 in bytes 8144
out bytes 8408 dropped pkts 0 in FECN pkts0
in BECN pkts 0 out FECN pkts 0 out BECN pkts0
in DE pkts 0 out DE pkts 0

out bcast pkts 41 out bcast bytes 3652
pvc create time 01:31:50, last time pvc status changed 01:28:28
84
Frame-Relay Static Mapping
Rtr A Rtr B
S0 S1
140 401
interface Serial0
ip address 172.16.1.1 255.255.255.0
encapsulation frame-relay Manually Disable Inverse ARP!
no frame-relay inverse-arp
frame-relay map ip 172.16.1.2 140 broadcast
interface Serial1
ip address 172.16.1.2 255.255.255.0
No frame-relay inverse-arp
Frame-relay map ip 172.16.1.1 401 broadcast
85
Hub and Spoke—Multipoint
R1
interface Serial1
ip address 172.16.1.1 255.255.255.0
172.16.1.2/24 frame-relay map ip 172.16.1.3 103 broadcast
R2
201
102
Frame Relay R1
301 103 172.16.1.1/24
R3
172.16.1.3/24
R3
interface Serial1
ip address 172.16.1.3 255.255.255.0
frame-relay map ip 172.16.1.2 301
86
Hub and Spoke—Point-to-Point
172.16.1.2/24
R2
201 102
Frame Relay R1
103
172.16.1.1/24
301
R3
172.16.1.3/24
R2 R1
interface Serial1.201 point-to-point interface Serial1
frame-relay interface dlci 201 frame-relay map ip 172.16.1.2 102 broadcast
87
Frame Relay Troubleshooting
Rtr A Rtr B
S0 S1
114 411
show interface
show frame-relay map
show frame-relay lmi
show frame-relay pvc
88
show interface
R1#show interfaces s0/0/1
Serial0/0/1 is up, line protocol is up

…
Encapsulation FRAME-RELAY, loopback not set
Keepalive set (10 sec)
LMI enq sent 147, LMI stat recvd 147, LMI upd recvd 0,
DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE
FR SVC disabled, LAPF state down
…
DCD=up DSR=up DTR=up RTS=up CTS=up
89
show frame-relay lmi
R1#show frame-relay lmi
LMI Statistics for interface Serial0/0/1 (Frame Relay DTE) LMI TYPE = ANSI
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 183 Num Status msgs Rcvd 183
Num Update Status Rcvd 0 Num Status Timeouts 0
Last Full Status Req 00:00:24 Last Full Status Rcvd 00:00:24
90
show frame-relay pvc
R1#show frame-relay pvc
PVC Statistics for interface Serial0/0/1 (Frame Relay DTE)

Active Inactive Deleted Static
Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 114, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
Serial0/0/1
input pkts 20 output pkts 11 in bytes 1310
out bytes 1004 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0

in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 2 out bcast bytes 68

5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:32:30, last time pvc status changed 00:32:20
91
Frame Relay Default Behavior
 Multipoint
 LMI type is “cisco”
 Inverse ARP is enabled
 Split Horizon is disabled
92
References
 Frame Relay Configuration Guide CCO

http://www.cisco.com/en/US/tech/tk713/tk237/technologies_tech
_note09186a008014f8a7.shtml
93
Q and A
Session 4:
IP Routing Concepts
IP Routing Concepts
 Policy-based Routing
 Administrative Distance
 Passive Interfaces
96
Policy-Based Routing
 Configured on the receiving (ingress) interface
 Packets are routed based on a configured policy
specified in a route map
 The route map statements can be marked as permit
or deny
If a matching statement is marked as a deny, packets are
sent back through the normal forwarding channels
 Packets that not match any route map statements are

sent back through the normal forwarding channels
If it is desired to drop packets that do not match the specified
criteria, interface Null 0 should be specified as the last interface
in the list
97
Policy-Based Routing—Configuration
Configuration Steps
Define a sequenced Policy (route-map)
route-map policyName [permit|deny] [seq#]
Identify which traffic to policy-route

match…
Specify the policy for that traffic

set…
Apply the policy to an interface

-if)#ip policy route-map policyName
98
PBR Sample Lab Question
150.2.2.0/24
Configure only R5 so that any
received IP traffic that is sourced
from 135.12.1.0 is forwarded to R2.
135.12.1.0/24
140.10.1.1/24
R3
R1
136.15.1.5/24
R4
Verification
R5
R3#trace ip 140.10.1.1 R2
Type escape sequence to abort.

Tracing the route to YY.YY.10.7
1 136.15.1.5 0 msec 0 msec 0 msec  It goes to R5 than
2 140.10.1.1 20 msec 16 msec 16 msec  it goes to R2 (not to R1)
99
Administrative Distance
Connected 0
Static 1
eBGP 20
EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
Ext EIGRP 175
iBGP 200
Unknown 255  Not Believed
 A router with more than one IP routing protocol enabled will use
the administrative distance to select a route if the route is learned
from more than one protocol; a lower admin distance is preferred
100
Passive Interfaces
 To disable sending routing updates out an interface, use
the passive-interface command
 Used in router configuration mode
 Configuration Examples:
passive-interface gi0/0/0  no updates sent out
interface gi0/0/0
passive-interface default  no updates sent out any
interfaces use no passive- interface on specified
interfaces to send updates
** Note: A passive interface does not send routing protocol information.

It does receive and process updates on the interface.
101
EIGRP
Disclaimer—Reminder
 With the time allocated, we can only review the

cornerstones of the most important IGPs
EIGRP and OSPF
103
EIGRP
 Introduction and Review

 Neighbor Relationships
 Summarization
 Load Balancing
104
Advantages of EIGRP
 Uses multicast instead of broadcast
 Utilize composite metric
(bandwidth, delay, load, reliability)
 Unequal cost paths load balancing
 More flexible than OSPF
Full support of distribute list
Manual summarization can be done in any interface
at any router within network
105
EIGRP

 Load Balancing
 Summarization
106
EIGRP Packets
 Hello: Establish neighbor relationships
 Update: Send routing updates
 Query: Ask neighbors about routing information
 Reply: Response to query about routing information
 Ack: Acknowledgement of a reliable packet
107
EIGRP Neighbor Relationship
 Two routers become neighbors when they see each
other’s hello packet (see later for details)
Hello address = 224.0.0.10
 Hellos sent once every five seconds on the

following links:
Broadcast Media: Ethernet, Token Ring, FDDI, etc.
Point-to-point serial links: PPP, HDLC, point-to-point frame
relay/ATM sub-interfaces
Multipoint circuits with bandwidth greater than T1: ISDN PRI,
SMDS, Frame Relay
108
 Hellos sent once every 60 seconds on the
following links:
Multi-point circuits with bandwidth less than T1: ISDN BRI, Frame
Relay, SMDS, etc.
 Neighbor declared dead when no EIGRP packets

are received within hold interval
Not only Hello can reset the hold timer
 Hold time by default is three times the hello time

Config-if)#ip hold-time eigrp as-number seconds
109
 EIGRP will form neighbors even though hello time
and hold time don’t match
 EIGRP sources hello packets from primary address
of the interface
 EIGRP will not form neighbor if K-values
are mismatched
 EIGRP will not form neighbor if AS numbers
are mismatched
110
Neighbor Process—Review
 Used for establishing and maintaining neighbors
 Multicast hellos (by default)
224.0.0.10 (0100.5e00.000a) A
 Neighbor timers
Default Hello Interval—5 or 60 sec.
Default Hold time—15 or 180 sec. Hello
111
Checking Neighbor Status
RTRA#show ip eigrp neighbors

IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 10.1.1.1 Et0 12 6d16h 20 200 0 233
1 10.1.4.3 Et1 13 2w2d 87 522 0 452
0 10.1.4.2 Et1 10 2w2d 85 510 0 3
 Hold—How long to wait for an EIGRP packet before

declaring this neighbor dead
 Uptime—How long since last time this neighbor
was discovered
112
Checking Neighbor Status
RouterA(config) # router eigrp 100

RouterA(config-router) # eigrp log-neighbor-changes
RouterA(config) # logging console
 EIGRP log-neighbor-changes is on by default

since 12.1(3)
Don’t turn it off in the lab
Best to send to logs to console in the lab
113
Log-Neighbor-Changes Messages
Neighbor 10.1.1.1 (Ethernet0) is down: peer restarted

Neighbor 10.1.1.1 (Ethernet0) is up: new adjacency
Neighbor 10.1.1.1 (Ethernet0) is down: holding time expired
Neighbor 10.1.1.1 (Ethernet0) is down: retry limit exceeded
Neighbor 10.1.1.1 (Ethernet0) is down: route filter changed
 Common neighbor change messages

(Hint: Peer restarted means you have to check the peer;
it’s the one that restarted)
114
What Causes Neighbor Instability?
 Holding time expired
 Retry limit exceeded
 Manual changes
 Physical link instability
 Stuck-in-active routes
115
Holding Time Expired
 Holding time expires when an
EIGRP packet is not seen for the
duration of the hold time A
Usually caused by missing multicast
hello packets
Typically caused by congestion,
physical errors Hello
or even routing issue
Neighbor 10.1.1.1 (Ethernet0) Is Down:

116
Troubleshooting Holding Time
Expiration
Ping 224.0.0.10
Ping the multicast
A
Address (224.0.0.10)
from the Other Router
Note: If There Are Many
Interfaces/Neighbors on Router B,
You Should Use Extended Ping and
Specify the Source Address/Interface
of the Multicast Ping
B
Neighbor 10.1.1.1 (Ethernet0) Is Down:

117
Troubleshooting Holding Time
Expiration
RouterA# debug eigrp packet hello

EIGRP Packets debugging is on (HELLO)
19:08:38.521: EIGRP: Sending HELLO on Serial1/1
19:08:38.521: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
19:08:38.869: EIGRP: Received HELLO on Serial1/1 nbr 10.1.6.2
19:08:38.869: AS 100, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
19:08:39.081: EIGRP: Sending HELLO on FastEthernet0/0
19:08:39.081: AS 100, Fags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
Remember—Any Debug Can Be Hazardous
on a Live Network; It’s Ok in CCIE Lab Though
118
Retry Limit Exceeded
 EIGRP sends unreliable and reliable packets
Hellos and Acks are unreliable
Updates, Queries, and Replies are reliable
 Reliable packets are sequenced and require

an Acknowledgement
Reliable packets are retransmitted up to 16 times
if not acknowledged
119
Retry Limit Exceeded (Cont.)
 Reliable packets are re-sent after Retransmit Time

Out (RTO)
Typically 6 x Smooth Round Trip Time (SRTT)
Minimum RTO is 200 ms
Maximum RTO is 5000 ms (5 seconds)
16 retransmits takes between 50 seconds and 80 seconds
120
Retry Limit Exceeded (Cont.)
 If a reliable packet is not acknowledged before

16 retransmissions and the Hold Timer duration
has passed, re-initialize the neighbor
Ack Update
X
B
Neighbor 10.1.1.1 (Ethernet0) Is Down: Retry Limit Exceeded
121
Manual Changes
 Some manual configuration changes also reset
EIGRP neighbors:
Summary changes (manual and auto)
Route filter changes
 This is normal behavior

Metric change does not reset neighbors
122
Physical Link State Changes
 Interface drivers tell EIGRP when a link goes down
or comes up
EIGRP removes neighbors from the neighbor table when the
interface used to reach them goes down
EIGRP (re)-initializes neighbors when a link comes up
(and Hellos received)
 Normal, but not nice
123
EIGRP

 Summarization
 Load Balancing
124
EIGRP Summarization
 Purpose: Smaller routing tables, smaller updates

 Auto summarization:
On major network boundaries, networks are summarized
to the major networks
Auto summarization is turned on by default
150.150.X.X 151.151.X.X
150.150.X.X
125
Manual Summarization
 Configurable on per interface basis in any router
within the network
 When summarization is configured on an interface,
the router immediate creates a route pointing to null
zero with administrative distance of five
 Loop prevention mechanism
 When the last specific route of the summary goes
away, the summary is deleted
 The minimum metric of the specific routes is used
as the metric of the summary route
126
EIGRP Summarization
Manual Summarization Command:

ip summary-address eigrp <as number> <address> <mask>
AS 100
150.2.0.0/16
150.2.0.0/15
S0
150.3.0.0/16
interface s0
ip address 150.1.1.1 255.255.0.0
ip summary-address eigrp 100 150.2.0.0 255.254.0.0
127
Deploying Summarization
 Summarization is simply
a way to hide topological A
detail while maintaining
reachability
 But sometimes you have B
to be creative to summarize
C 10.1.0.0/22
10.1.1.0/24 10.1.3.0/24
128
 For instance, can you still 10.1.2.0/24

summarize here? A
 Note that A has a component
which is part of 10.1.0.0/22
behind it B
C 10.1.0.0/22
10.1.1.0/24 10.1.3.0/24
129
 Sure 10.1.2.0/24
 Routers always route to the A

longest prefix
10.1.2.0/24
 Destinations within
B
10.1.2.0/24 will be routed 10.1.0.0/22
towards A, while
destinations within
C 10.1.0.0/22
10.1.1.0/24 and 10.1.3.0/24
will be routed towards C
10.1.1.0/24 10.1.3.0/24
130
EIGRP

 Summarization
 Load Balancing
131
EIGRP Load Balancing
 Routes with equal metric to the minimum metric,
will be installed in the routing table
(equal cost load balancing)
 There can be up to six entries in the routing table
for the same destination (default = 4)
ip maximum-paths <1-6>
132
EIGRP Unequal
Cost Load Balancing
 EIGRP offers unequal cost load balancing feature

with the command:
Variance <multiplier>
 Variance command will allow the router to include

routes with a metric smaller than multiplier times
the minimum metric route for that destination,
where multiplier is the number specified by the
variance command
133
Variance Example
B
20 10 Net 172.16.10.0.24
E C A
10 10
20 25
Variance 2 D
 Router E will choose router C to get to

net 172.16.10.0/24 FD=20
 With variance of 2, router E will also choose router B
to get to net 172.16.10.0/24
 Router D will not be used to get to net 172.16.10.0/24
134
EIGRP Sample Lab Question
Backbone 3
 Configure EIGRP 100 on VLAN_30.
 Make mutual redistribution between EIGRP 100
OSPF and EIGRP on R2 only.

 At this point, you must be able to ping R1
between EIGRP 100 subnets and the
OSPF subnets, and the Backbone 3 VLAN_30
router IP address 100.3.1.254. R2 R5
Verification OSPF
Area 0
R5#sh ip route
Frame
R5#ping 100.3.1.254 Relay
D EX YY.YY.12.0/30
<..>
D EX YY.YY.14.0/24
!!!!! R1
D EX YY.YY.20.0/24
R5#ping YY.YY.14.4
D EX YY.YY.40.0/24
<…>
D EX YY.YY.50.0/24
!!!!!
135
Q and A
OSPF
OSPF
 Review
 Dealing with NBMA
 Commands
 Preparing for OSPF
138
OSPF
 Review
 Commands
139
OSPF Areas
 OSPF uses a two-level
Area 3
hierarchical model
Backbone area
All other areas
Area 0
 Areas defined
with 32 bit number Area 2
Defined in IP address format
Area 1
Can also be defined using single
decimal value (i.e., Area 0.0.0.0, or Area 0)
 0.0.0.0 reserved for the backbone area
 Area boundaries are at the routers
Each link is in one and only one area
140
OSPF LSAs
 Router and network

Area 3
LSA’s within an area
 Summary LSA Type 3
outside the area
Area 0
 Summary LSA Type 4
and Type 5 for Area 2
redistributed routes
Area 1
141
OSPF LSAs
142
OSPF Virtual Links
Can Be Useful for Several Purposes
 Allow areas to connect
Area 3
to areas other than 0
X
 Repair a discontinuous
X
area 0
Area 0
 Backup purpose
Area 2
Area 1
143
OSPF Router Types
Area Border Router—ABR
 A router with at least one interface in area
0 and 1 or more interfaces in one or more
non-backbone areas
 OSPF routes can only be summarized on an ABR
Area 51
Area 0
ABR
144
OSPF Router Types
Autonomous System Boundry Router—ASBR
 A router with at least one interface in an OSPF
area that is redistributing routes from another
protocol into OSPF; external routes can be
summarized on an ASBR
Area 51 ASBR
Area 0
BGP
RIP
ABR IGRP
EIGRP
Static
Connected
145
OSPF Area Types
Stub Area
Redistributed Routes (OSPF External Routes or Type 5) are not
advertised into a Stub Area; OSPF Inter-Area Routes are advertised
into a Stub Area; the ABR will advertise a default into the Stub Area
RTR-A(config-router)# area 1 stub
RTR-B(config-router)# area 1 stub
configure on all routers in the area
Default Route
OSPF Inter-Area Routes (10.1.1.4)
X OSPF External Routes (192.168.3.3)
Area 1 Area 0
Stub Redistribute
10.1.1.5/30 Connected
S0/1 10.1.1.6/30 192.168.3.3/32
S0
A B S1 S0 C
10.1.1.1/30 10.1.1.2/30
ABR ASBR
146
OSPF Area Types
Totally Stubby Area
Redistributed Routes (OSPF External Routes or Type 5) and
OSPF Inter-Area Routes are Not Advertised Into a Totally
Stubby Area; the ABR will Advertise a Default into the Stub Area
RTR-A(config-router)# area 1 stub
RTR-B(config-router)# area 1 no-summary
configure no-summary on the ABR
Default Route
X OSPF Inter-Area Routes (10.1.1.4)
X OSPF External Routes (192.168.3.3)
Area 1 Area 0
Totally Stubby Redistribute
10.1.1.5/30 Connected
S0/1 10.1.1.6/30 192.168.3.3/32
S0
A B S1 S0 C
10.1.1.1/30 10.1.1.2/30
ABR ASBR
147
OSPF Area Types
Not So Stubby Area—NSSA
Redistributed Routes (OSPF External Routes) are advertised
as Type 7 at the ASBR; the ABR converts them to
Type 5; the ABR will not advertise a default into the NSSA Area
RTR-B(config-router)# area 1 nssa
RTR-C(config-router)# area 1 nssa
configure on all routers in the area
OSPF Inter-Area Routes

(10.1.1.0) Type 3
OSPF External Routes X
Type 5
Area 0 Redistribute
RIP
10.1.1.5/30 RIP V2 172.26.32.1/24
S0/1 10.1.1.6/30 S1
S0 S0
A B S1 C 10.1.1.10/30 D
10.1.1.1/30 10.1.1.2/30 Area 1 S0 10.1.1.9/30 172.26.33.1/24
NSSA ASB
ABR R
OSPF Type 5 OSPF Type 7 Routes to RIP Routes to

Routes OSPF Type 5 Routes OSPF Type 7 Routes
148
OSPF Area Types
Totally Stubby NSSA
Redistributed Routes (OSPF External Routes) are advertised
as Type 7 at the ASBR; the ABR converts them back to Type 5;
OSPF Inter-Area Routes are not advertised into the Totally Stub
Not So Stubby Area; the ABR Will Advertise a Default Route
into the Totally Stubby NSSA
RTR-B(config-router)# area 1 nssa no summary
RTR-C(config-router)# area 1 nssa
configure no-summary on the ABR
OSPF Inter-Area Default Route
OSPF Inter-Area Routes X
(10.1.1.0) Type 3
OSPF External Routes X
Type 5
Area 0 Redistribute
RIP
10.1.1.5/30 RIP V2 172.26.32.1/24
S0/1 10.1.1.6/30 S1
S0 S0
A B S1 C 10.1.1.10/30 D
10.1.1.1/30 10.1.1.2/30 Area 1 S0 10.1.1.9/30 172.26.33.1/24
Totally Stubby ASB
ABR NSSA R
OSPF Type 5 OSPF Type 7 Routes to RIP Routes to

Routes OSPF Type 5 Routes OSPF Type 7 Routes
149
Designated Routers
Designated Router—DR
 On a multi-access network, the DR is responsible
for distributing LSAs to other attached OSPF routers;
DR is selected by highest priority (default = 1),
highest loopback address, or highest IP address
assigned to a physical interface
DR
 Always configure a loopback interface before

configuring OSPF—stable OSPF Router ID
150
Designated Routers
Backup Designated Router—BDR
 The BDR will assume the DR role if the DR fails
 Listens and learns all information that the DR learns—
a “hot standby”
DR BDR
151
Designated Routers
DROTHER—Not the DR or BDR
 All other routers on the multi-access network segment
DR BDR DROTHER DROTHER
152
Designated Routers
Adjacency
 On a multi-access network, all OSPF routers will
become adjacent with the DR and BDR
Full
2-Way
153
Broadcast and Non-Broadcast
Multi-Access
Adjacency
 Full—Router and network LSAs exchanged, databases
are fully synchronized; normal state
 2-Way—Bi-directional communications have been
established; normal state between DROTHER routers
Full
2-Way
154
Designated Routers
Adjacency
 A router stuck in any other state has a problem
router# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.5.1 1 INIT/- 00:00:34 172.16.1.1 Serial0
router#
DR BDR DROTHER
Full
2-Way
155
External Costs
External Routes
Type 1 Cost = 15 Type 2 Cost = 5
OSPF Domain RIP Domain
OSPF Cost = 10 RIP Cost = 5
156
OSPF
 Review
 Commands
158
Point-to-Point Media
 Serial links
 Multicast used
 No DR or BDR
159
Non-Broadcast
Multi-Access Media (NBMA)
Frame Relay (Multipoint), X.25
 Several possibilities: Point-to-point, broadcast,
point-to-multipoint, or nonbroadcast
Frame Relay
160
Dealing with NBMA
Point-to-Point Model
 Benefits: Individual costs can be configured;
can be simple, treated like standard point-to-point links
 Drawbacks: Complex to configure if the NBMA network
is big or redundant; wastes address space
161
Dealing with NBMA
Broadcast Model
 Benefits: Simple to configure; treated like
a multi-access network
 Drawbacks: Must maintain an L2 full-mesh
at all times; one metric for all VCs
162
Dealing with NBMA
Non-Broadcast (NBMA) Model
 Benefits: Only one IP subnet used
 Drawbacks: Complex to configure and scale;
need to manually configure each neighbor
163
Dealing with NBMA
 Point-to-multipoint model:
Benefits: Simple to configure; no neighbor configuration
(unless you want individual costs); no requirement
for a full mesh at L2
Drawbacks: Compared to other choices—none
 This is the recommended method of dealing

with NBMA networks
164
OSPF
 Review
 Commands
165
OSPF Commands—Router
router-id
 The router-id command is used to explicitly specify the
router ID OSPF will use
 If the OSPF process already has neighbors,
this command will not take effect until the next reload
or manual restart of the OSPF process
clear ip ospf
Order of determining the RID
Manually configured RID
Highest loopback interface IP address (if available)
Highest active interface IP address
166
network
The network command is used to determine
which interfaces will be enabled for OSPF
network 10.2.1.1 0.0.0.0 area 0
network 10.2.2.1 0.0.0.0 area 1
network 10.2.3.1 0.0.0.0 area 2
10.2.1.1/24 10.2.3.1/24
10.2.2.1/24
167
network
network 10.2.1.0 0.0.0.255 area 0

network 10.2.2.0 0.0.0.255 area 1
network 10.2.3.0 0.0.0.255 area 2
10.2.1.1/24 10.2.3.1/24
10.2.2.1/24
168
network
network 10.2.0.0 0.0.255.255 area 0

or in this example
Network 0.0.0.0 255.255.255.255 area 0
is the equivalent
Do you know why?
10.2.1.1/24 10.2.3.1/24
10.2.2.1/24
169
redistribute metric-type
 By default, redistributed routes have external metric
type 2; Type 2 routes have a cost which consists of the
external cost only;
Type 1 routes include the cost of traversing the
OSPF domain
ASBR(config-router)#redistribute rip metric-type?

1 Set OSPF External Type 1 metrics
2 Set OSPF External Type 2 metrics
ASBR(config-router)#redistribute rip metric-type 1
170
summary-address
 Addresses can be summarized into OSPF
on an ASBR
ASBR(config-router)# summary-address 10.1.0.0 255.255.252.0
RIP Domain
10.1.0.0/24
OSPF Domain 10.1.1.0/24
10.1.0.0/22 10.1.2.0/24
ASBR 10.1.3.0/24
171
area range
 Addresses can be summarized on an ABR into
area 0 or from area 0
ABR(config-router)# area 1 range 10.2.0.0 255.255.252.0

ABR(config-router)# area 0 range 10.1.0.0 255.255.252.0
Area 1 Area 0
10.2.0.0/24 ABR 10.1.0.0/24
10.2.1.0/24 10.1.1.0/24
10.2.2.0/24 10.1.2.0/24
10.2.3.0/24 10.1.3.0/24
10.1.0.0/22 10.2.0.0/22
OSPF Does Not Allow Summarizing Anywhere Else (Only ASBR and ABR)
172
area stub
 All routers in the area must be configured as stub
 Add no-summary at the ABR and the area becomes
totally stubby
RTR(config-router)# area 1 stub
ABR(config-router)# area 1 stub [no summary]
ABR
Area 1 Area 0
173
area nssa
 All routers in the area must be configured as NSSA
 Add no-summary at the ABR and the area becomes
totally stubby NSSA
RTR(config-router)# area 1 nssa
ABR(config-router)# area 1 nssa [no summary]
ABR ASBR
Area 0 Area 1 RIP Domain
174
area virtual-link
Virtual Link
Area 1
Area 0 Transit Area 51
Area
Rtr A Rtr B
RID=10.10.254.254 RID = 10.11.254.254
Rtr A Rtr B
router ospf 1 router ospf 1

area 1 virtual-link 10.11.254.254 area 1 virtual-link 10.10.254.254
175
neighbor
 Designate neighbors on non-broadcast networks
 Must be the primary address of the neighbor’s interface
RTR(config-router)# neighbor ip-address

[additional optional
keywords]
Frame Relay
or
X.25
176
Commands—Interface
Non-Broadcast Multi-Access (NBMA) Network
Frame Relay
or
X.25
Pvcs Can Be on Same Subnet or on Different Subnets

Practice and Understand the Effect of OSPF Network Types
RTR(config-if)# ip ospf network point-to-multipoint (Hello = 30, Dead = 120)

RTR(config-if)# ip ospf network point-to-point (Hello = 10, Dead = 40)
RTR(config-if)# ip ospf network broadcast (Hello = 10, Dead = 40)
177
OSPF Commands—Interface
auto-cost
 OSPF interfaces have a cost equal to
ref-bw / bandwidth (defined by the bandwidth statement)
 ref-bw = 100,000,000 by default
FastEthernet = 100,000,000 / 100,000,000 = 1
Ethernet = 100,000,000 / 10,000,000 = 10
T1 = 100,000,000 / 1,544,000 = 64
 The auto-cost command is used to change the
reference value, which changes the cost of every OSPF
interface on the router
Rtr(config-router)#auto-cost reference-bandwidth ref-bw
ref-bw <1-4294967> in Mbits per second
178
OSPF Commands—Interface
ip ospf keyword(s)
 ip ospf cost interface-cost
Specify the cost of sending a packet on the interface
 ip ospf hello-interval seconds

Specify the interval between hello packets sent on the interface
 ip ospf dead-interval seconds

Specify the interval during which at least one hello packet is
received before declaring the neighbor down
The default dead-interval is the hello-interval * 4
 ip ospf priority
Set the router priority for DR / BDR selection (highest wins)
179
OSPF Commands—Security
Authentication—Clear Text
 Authentication requires router and/or interface
commands; the router command is used to enable
authentication for an area and the interface command
is used to enable authentication on an interface and set
the authentication password
Area 0
S0 S0
Rtr A Rtr B
Rtr A Rtr B
interface serial 0 interface serial 0
ip ospf authentication ip ospf authentication
ip ospf authentication-key cisco ip ospf authentication-key cisco
! !
area 0 authentication area 0 authentication
180
Authentication—Message Digest
Area 0
S0 S0
Rtr A Rtr B
Rtr A Rtr B
interface serial 0 interface serial 0
ip ospf authentication message-digest ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco ip ospf message-digest-key 1 md5 cisco
! !
area 0 authentication message-digest area 0 authentication message-digest
181
Authentication—Clear Text—Virtual Link
Virtual Link
Area 1
Area 0 Transit Area 51
Area
Rtr A Rtr B
RID=130.10.254.254 RID = 130.11.254.254
Rtr A
router ospf 1
area 1 virtual-link 130.11.254.254 authentication-key cisco
area 0 authentication
Rtr B
router ospf 1
area 1 virtual-link 130.10.254.254 authentication-key cisco
area 0 authentication
182
Authentication—Can Be Applied per Interface or Virtual Link
Interface
ip ospf authentication
ip ospf authentication-key password
ip ospf authentication message-digest

ip ospf message-digest key-id md5 password
ip ospf authentication null
Virtual Link
area area-id virtual-link router-id authentication authentication-key password
area area-id virtual link router-id authentication message–digest

area area-id virtual link router-id message-digest-key key-id md5 password
area area-id virtual-link router-id authentication null
183
OSPF Commands—Monitoring
Show IP OSPF Neighbor
Show ip ospf Neighbor
Neighbor ID Pri State Dead Time Address Interface

10.1.1.254 1 2WAY/DROTHER 00:00:35 10.1.2.1 Ethernet0
10.1.3.254 1 FULL/BDR 00:00:39 10.1.2.2 Ethernet0
10.1.4.254 1 FULL/DR 00:00:37 10.1.2.3 Ethernet0
10.1.5.254 1 FULL/--- 00:00:36 10.1.6.1 Serial0
184
OSPF Commands—Monitoring
show ip ospf interface
RTR# show ip ospf interface s0/0

Internet Address 10.255.255.201/30, Area 0
Process ID 1, Router ID 10.255.254.3, Network Type NON_BROADCAST, Cost: 400
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 10.255.254.4, Interface address 10.255.255.202
Backup Designated router (ID) 10.255.254.3, Interface address 10.255.255.201
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
Hello due in 00:00:14
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 3
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.255.254.4 (Designated Router)
Suppress hello for 0 neighbor(s)
185
OSPF
 Review
 Commands
186
Preparation Suggestions
 Practice every OSPF command
Both Rtr(config-router)# & Rtr(config-if)# commands
 Practice OSPF over Frame Relay

Point-to-point, point-to-multipoint, broadcast, non-broadcast
 DR & BDR, Wildcard masks

 Virtual link
 Authentication
 Redistribution and route feedback filtering
 VERIFY YOUR CONFIGURATION WITH SH CMD!

187
OSPF Sample Lab Question
 Area 0 covers the serial link
between R1 and R4.
 Area 1 covers the serial link R2
OSPF
Area 2
between R1 and R2. VLAN_C

OSPF
 Area 2
Verification covers VLAN_C. Frame
Area 1
Relay
R1#show ip ospf virtual-link OSPF Backbone
Frame
Virtual Link OSPF_VL0 to router 2.2.2.2 is up Relay
R4
R1
<…>
R1#show ip route ospf
##.0.0.0/8 is variably subnetted, 19 subnets, 4 masks
O IA 1.1.20.0/24 ... Serial0/0/0
O IA 1.1.40.0/24 ... Serial0/0/1
188
References
 Cisco OSPF Command and Configuration Handbook,

William R. Parkhurst, Cisco Press
 OSPF Network Design Solutions,
Thomas M. Thomas, Cisco Press
 Cisco Documentation
189
Q and A
Route Distribution
Metrics
 Be aware of metric requirements going from one
protocol to another
RIP metric is a value from 1–16
OSPF metric is from 1–65535
EIGRP uses a composite metric based on
bandwidth, delay, reliability, load, & MTU
 Two ways to specify a metric
In the redistribution statement
config-router)# redistribute rip subnets metric 10
or specify a default metric
config-router)# redistribute rip subnets
config-router)# default-metric 10
192
Assigning Metrics
 You can include a default metric command as a precaution unless
specifically told not to
router ospf 1
network 10.1.0.0 0.0.255.255 area 0.0.0.0
redistribute rip subnets
redistribute eigrp 100 metric 10
Default-metric 120
router eigrp 100
network 172.16.0.0 0.0.255.255
redistribute ospf 1
Default-metric 10000 100 255 1 1500
router rip
network 192.168.1.0
redistribute eigrp 100
Default-metric 1
 Note: when routes are redistributed into OSPF, only routes
that are not subnetted are redistributed if the subnets keyword
is not specified
193
Assigning Metrics
Redistribute OSPF and EIGRP into RIP;

Assign Assign all routes a Metric
(hop count) of 2
router rip
redistribute ospf 1
default-metric 2 OSPF 1
Redistribute OSPFand EIGRP RIP

into RIP; Assign OSPF routes a metric
(hop count) of 1 and EIGRP routes
a metric of 2 EIGRP 100
router rip
redistribute ospf 1 metric 1
default-metric 2
194
Route Maps
Route Redistribution

Assign OSPF routes 172.16.0.0/16 a metric
(hop count) of 1, all other OSPF routes a
metric of 3; all EIGRP routes a metric of 2
router rip
redistribute ospf 1 route-map ospfmetric
redistribute eigrp 100 OSPF 1
default-metric 2
RIP
route-map ospfmetric permit 10
match ip address 1
set metric 1
route-map ospfmetric permit 20 EIGRP 100
set metric 3
access-list 1 permit 172.16.0.0 0.0.255.255
195
Route Maps
Route Redistribution

block redistribution of OSPF routes
172.16.0.0/16, all other OSPF routes
are redistributed with a metric of 3,
EIGRP routes with a metric of 2
router rip
redistribute ospf 1 route-map ospfmetric OSPF 1
default-metric 2 RIP
route-map ospfmetric deny 10
match ip address 1
route-map ospfmetric permit 20 EIGRP 100
set metric 3
196
R&S Lab Exam: Sample Topology
Network Addressing 125.10.0.0
FA0/0-10.11/24 S0/0-11.1/24 S0/0-11.2/24

Frame
Relay Lo0-2.2/24
SW2 R1 R2
Lo0-1.1/24
Lo1-172.16.1.1 FA0/0-22.1/24
Lo2-172.16.2.2 FA0/0-22.5/24
Lo3-172.16.3.3 SW1
Lo4-172.16.4.4 R3
FA0/0-33.1/24
FA0/0-50.1/24
Frame R5
Relay Lo0-5.5/24
FA0/0-50.1/24
R6 Lo0-4.4/24
R4
197
R&S Lab Exam: Sample Question
Section: 2.5 RIP
 Configure RIPv2 on R1, R2, and R5
 Redistribute between RIP and OSPF on R5
 All routes should be visible on all routers
Score: 2 Points
198
R&S Lab Exam: Sample Answer
Verification—1
 R4 must have all routes on its routing table
R4#show ip route
<->
O E2 172.16.4.0 [110/20] via 125.10.50.1, 22:34:38, Ethernet0/0
O E2 172.16.1.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0
O E2 172.16.2.0 [110/20] via 125.10.50.1, 22:36:03, Ethernet0/0
O E2 172.16.3.0 [110/20] via 125.10.50.1, 22:34:58, Ethernet0/0
125.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 125.10.50.0/24 is directly connected, Ethernet0/0
O E2 125.10.22.0/24 [110/20] via 125.10.50.1, 22:44:39, Ethernet0/0
C 125.10.4.0/24 is directly connected, Loopback0
O E2 125.10.2.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0
O E2 125.10.1.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0
O 125.10.5.5/32 [110/11] via 125.10.50.1, 22:44:40, Ethernet0/0
O E2 125.10.11.0/24 [110/20] via 125.10.50.1, 22:44:40, Ethernet0/0
O E2 125.10.10.0/24 [110/20] via 125.10.50.1, 22:44:44, Ethernet0/0
R4#
199
Session 5:
IP Version 6
IPv6 Addressing, Header and Basic
IPv6 Addressing
IPv4 32-bits
IPv6 128-bits
 232 = 4,294,967,296
 2128 =
340,282,366,920,938,463,463,374,607,431,768,211,456
 2128 = 332 * 296
202
IPv6 Addressing
Representation
 16-bit hexadecimal numbers
 Numbers are separated by (:)
 Hex numbers are not case-sensitive
 Example:
2003:0000:130F:0000:0000:087C:876B:140B
203
IPv6 Address Representation
 16-bit fields in case-insensitive colon hexadecimal
representation
2031:0000:130F:0000:0000:09C0:876A:130B
 Leading zeros in a field are optional

2031:0:130F:0:0:9C0:876A:130B
 Successive fields of 0 represented as (::), but only once

in an address
2031:0:130F::9C0:876A:130B
2031::130F::9C0:876A:130B not valid!
204
IPv6 Addressing
Prefix Representation
 Representation of prefix is just like CIDR
 In this representation you attach the prefix length
 IPv4 address: 198.10.0.0/16
 IPv6 address: 3ef8:ca62:12FE::/48
205
IPv6 Address Range Reserved
or Assigned
Of the Full Address Space
 2000::/3 (001) is for aggregatable global
unicast addresses
 FE80::/10 (1111 1110 10) for link-local
 FEC0::/10 (1111 1110 11 ) for site-local
 FF00::/8 (1111 1111) is for multicast
 ::/8 is reserved for the “unspecified address”
 Other values are currently unassigned
(approx. 7/8 of total)
Site-Local Address Deprecated in RFC 3879
206
Unicast
 Unicast addresses are used in a one-to-one context
 IPv6 unicast addresses are
Unspecified, loopback, IPv4 mapped, and IPv4 compatible
Link-local
Site-local (deprecated)
Unique-local (IETF draft)
Aggregatable global unicast
207
 IPv4 mapped
0:0:0:0:0::FFFF:IPv4 = ::FFFF:IPv4
0:0:0:0:0:FFFF:192.168.30.1 = ::FFFF:C0A8:1E01
 IPv4 compatible
0:0:0:0:0:0:IPv4 = ::IPv4
0:0:0:0:0:0:192.168.30.1 = ::192.168.30.1 = ::C0A8:1E01
208
IPv4 Mapped Addresses
80 bits 32 bits
0 FFFF IPv4 Address

0:0:0:0:0:FFFF:192.168.30.1
= ::FFFF:192.168.30.1
= ::FFFF:C0A8:1E01
 IPv6 application asks DNS for the address of a host

Host is IPv4 only
DNS creates IPv4 mapped address
Kernal uses IPv4 communication
209
IPv4-Compatible Addresses
96 bits 32 bits
0 IPv4 Address
0:0:0:0:0:0:192.168.30.1
= ::192.168.30.1
= ::C0A8:1E01
 IPv4 compatible address

Is a way to insert the IPv4 address into an IPv6 address
Enables easy automatic tunneling
210
 Loopback address representation
0:0:0:0:0:0:0:1=> ::1
Same as 127.0.0.1 in IPv4
Identifies self
 Unspecified address representation

0:0:0:0:0:0:0:0=> ::
Used as a placeholder when no address available
(Initial DHCP request, Duplicate Address Detection DAD)
211
IPv6 Addressing
 IPv6 addressing rules are covered by multiple RFCs
Architecture defined by RFC 3513
 Address types are

Unicast: One to one (global, link local, compatible)
Anycast: One to nearest (allocated from unicast)
Multicast: One to many
Reserved
 A single interface may be assigned multiple IPv6

addresses of any type (unicast, anycast, multicast)
No broadcast address use multicast
212
Aggregatable Global Unicast Addresses
LAN
Provider Prefix Host
3 45 bits 16 bits 64 bits
Global Routing Prefix Subnet Interface ID
001
 Aggregatable global unicast addresses are

Addresses for generic use of IPv6
Structured as a hierarchy to keep the aggregation
 See RFC 3513
213
Link-Local
128 bits
0 Interface ID
1111 1110 10 64 bits

FE80::/10
10 bits
 Link-local addresses
Have a limited scope of the link
Are automatically configured with the interface ID
214
Link-Local
Aggregatable Address
2001::4: 204:9AFF:FEAC:7D80
Link-Local Address
FE80:0:0:0 204:9AFF:FEAC:7D80
215
 Lowest-order 64-bit field of unicast addresses
may be assigned in several different ways
Auto-configured from a 64-bit EUI-64, or expanded from a 48-bit
MAC address (e.g. Ethernet address)
Auto-generated pseudo-random number
(to address privacy concerns)
Assigned via DHCP
Manually configured
216
 Use the EUI-64 format for stateless
auto-configuration
 This format expands the 48-bit MAC address to
64 bits by inserting FFFE into the middle 16 bits
 To make sure that the chosen address is from a unique
Ethernet MAC address, the universal/local (“u” bit)
is set to 1 for global scope and 0 for local scope
217
EUI-64
Ethernet MAC Address 00 90 27 17 FC 0F
(48 bits)
00 90 27 17 FC 0F
FF FE
64-bit Version 00 90 27 FF FE 17 FC 0F
1 = Unique
Uniqueness of the MAC 000000X0 Where X=
0 = Not Unique
X=1
EUI-64 Address 02 90 27 FF FE 17 FC 0F
 EUI-64 address is formed by inserting “FFFE” and ORing

a bit identifying the uniqueness of the MAC address
218
Anycast
 Anycast allows a source node to transmit IP datagrams

to a single destination node out of a group of
destination nodes with same subnet ID based on the
routing metrics
219
Anycast Address
128 bits
Prefix 111111X111111… 111
Anycast ID
0 If EUI-64 Format
X= 7 bits
1 If Non-EUI-64 Format
 Anycast
Is one-to-nearest type of address
Has a current limited use
220
Multicast
128 bits
0 Multicast Group ID
1111 1111 0 If Permanent

Flag =
F F Flag Scope 1 If Temporary
1 = Node
8 bits 8 bits
2 = Link
Scope =
5 = Site (Deprecated)
8 = Organization
E = Global
 Multicast is used in the context of one-to-many;

a multicast scope is new in IPv6
221
Multicast Mapping over Ethernet
IPv6 Multicast FF02 0000 0000 0000 0000 0001 FF17 FC0F
Address
Corresponding
33 33 FF 17 FC 0F
Ethernet Address
Multicast Prefix
for Ethernet
Multicast
 Mapping of IPv6 multicast address to Ethernet

address is
33:33:<last 32 bits of the IPv6 multicast address>
222
Expanded Address Space
Multicast Assigned Addresses (RFC 3306)
Address Scope Meaning

FF01::1 Node-Local All Nodes
FF02::1 Link-Local All Nodes
FF01::2 Node-Local All Routers
FF02::2 Link-Local All Routers
FF05::2 Site-Local (Deprecated) All Routers
FF02::1:FFXX:XXXX Link-Local Solicited-Node
223
IPv4 and IPv6 Header Comparison
IPv4 Header IPv6 Header

Type of
Version HL Total Length Traffic
Service Version Flow Label
Class
Fragment
Identification Flags
Offset
Next
Payload Length Hop Limit
Header
Time to Live Protocol Header Checksum
Source Address
Source Address
Destination Address
Options Padding
Field’s Name Kept from IPv4 to IPv6

Fields Not Kept in IPv6 Destination Address
Name and Position Changed in IPv6
New Field in IPv6
224
 Version: A 4-bit field that IPv6 Header

contains the number 6
Version Traffic Class Flow Label
instead of 4
Hop
Payload Length Next Header
Limit
Source Address
Destination Address
225
Fields Renamed
 Traffic Class: An 8-bit IPv6 Header

field that is similar to Traffic
the TOS field in IPv4 Version
Class
Flow Label
 It tags the Packet® Payload Length Next Header

Hop
Limit
with a traffic class that
can be used in
Source Address
differentiated services
 These functionalities
are the same as in IPv4 Destination Address
226
Fields Renamed
 Payload Length: This is IPv6 Header

similar to the total
length in IPv4, except it
does not include the Hop
40-byte header Limit
Source Address
Destination Address
227
Fields Renamed
 Hop Limit: Like TTL field, IPv6 Header

decrements by one for
each router
Hop
Limit
Source Address
Destination Address
228
Fields Renamed
 Next Header: Similar to IPv6 Header

the protocol field in IPv4
 The value in this field
tells you what type of Next Hop
Payload Length
Header Limit
information follows
e.g. TCP, UDP, Source Address
extension header
Destination Address
229
Fields Removed
 Header Length: IPv4 Header

IPv6 has a fixed header Type of
length (40 bytes) Version HL Service
Total Length
Fragment
Identification Flags
Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
230
Fields Removed
 Fragmentation: IPv6 does IPv4 Header

not do fragmentation Type of
Version HL Service
Total Length
 If a sending host wants
to do fragmentation, Identification Flags
Fragment
Offset
it will do it through
extension headers Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
231
Fields Removed
 Identification: Used to IPv4 Header

identify the datagram Type of
from the source Version HL Service
Total Length
 No fragmentation is done Identification Flags

Fragment
Offset
in IPv6 so no need for
identification, also no Time to Live Protocol Header Checksum
need for flags
Source Address
Destination Address
Options Padding
232
Fields Removed
 Checksum not needed IPv4 Header

because both media Type of
HL
access and upper layer Version
Service
Total Length
protocol (UDP and TCP)

Fragment
have the checksum; Identification Flags
Offset
IP is best-effort, plus
Header
removing checksum Time to Live Protocol
Checksum
helps expedite
Source Address
Packet processing
Destination Address
Options Padding
233
Fields Added
 20-bit flow label field to IPv6 Header

identify specific flows
needing special QoS Version Traffic Class Flow Label
Each source chooses its Payload Length Next Header

Hop
own flow label values; Limit
routers use source addr +

flow label to identify Source Address
distinct flows
Flow label value of 0 used
when no special QoS
requested (the common Destination Address
case today)
RFC 3697
234
Extension Headers
IPv6 Header
TCP Header
Next Header
+ Data
= TCP
IPv6 Header
Routing Header TCP Header
Next Header
Next Header = TCP + Data
= Routing
IPv6 Header Routing Header Fragment of

Destination Header
Next Header Next Header = TCP Header
Next Header = TCP
= Routing Destination + Data
Extension Headers Are Daisy Chained
235
Header Format Simplification
IPv6 Extension Headers
IPv6 Basic Header

(40 Octets)
Any Number of IPv6
Extension Headers Packet
Data (Ex. TCP or UDP)
Next Header Ext Hdr Length
Ext Hdr Data
 Next Header = TCP/UDP or extension header

 Extension headers are optional following the IPv6 basic
header
 Each extension header is 8 octets (64 bits) aligned 236
Upper Layer Header
User Datagram Protocol (Protocol 17)
IPv6 Basic Header

(40 Octets)
Any Number of IPv6
Extension Headers Packet
Data (UDP)
UDP Packet
Source Port Destination Port
Length UDP Checksum
UDP Data Portion
 Upper layer (UDP, TCP, ICMPv6) checksum must be computed

 These are the typical headers used inside a Packet to transport data
 This could be UDP (Protocol 17), TCP (Protocol 6), or ICMPv6
(Protocol 58)
237
Upper Layer Header
ICMPv6 (Protocol 58)
IPv6 Basic Header
ICMPv6 Packet
ICMv6 Packet
ICMPv6 Type ICMPv6 Code Checksum
ICMPv6 Data
 ICMPv6 is similar to IPv4: provides diagnostic and error

messages
 Additionally, it’s used for neighbor discovery, path MTU
discovery, and Mcast listener discovery (MLD) 238
Path MTU Discovery
 Definitions
Link MTU is link’s maximum transmission unit
Path MTU is the minimum MTU of all the links in a path between
a source and a destination
 Minimum link MTU for IPv6 is 1280 octets
(68 octets for IPv4)
On links with MTU < 1280, link-specific fragmentation and
reassembly must be used
 Implementations are expected to perform path MTU
discovery to send Packets bigger than 1280 octets
For each destination, start by assuming MTU of first-hop link
If a Packet reaches a link in which it cannot fit, will invoke ICMP
“Packet too big” message to source, reporting the link’s MTU;
MTU is cached by source for specific destination
239
Path MTU Discovery
Source Destination
MTU = MTU = MTU = MTU =

1500 1500 1400 1300
Packet with MTU=1500

ICMP Error: Packet Too Big
Use MTU = 1400
ICMP Error: Packet Too Big
Use MTU = 1300
Packet Received
Path MTU = 1300
Minimum Link MTU for IPv6 is 1280 Octets
(Versus 68 Octets for IPv4)
240
Neighbor Discovery (RFC 2463)
Protocol Built on Top of ICMPv6 (RFC 2463)
Combination of IPv4 Protocols (ARP, ICMP, IGMP, etc.)
 Uses ICMP messages and solicited-node multicast
addresses
 Determines the link-layer address of a neighbor
on the same link
 Finds neighbor routers
 Verifies the reachability of neighbors
 Comprised of different message types:
Neighbor Solicitation (NS)/Neighbor Advertisement (NA)
Router Solicitation (RS)/Router Advertisement (RA)
Redirect
Renumbering
241
Solicited-Node Multicast Address
 For each unicast and anycast address configured,

there is a corresponding solicited-node multicast
 This address has link-local significance only
 This is specially used for two purposes: for the
replacement of ARP, and DAD
242
 FF02:0000:0000:0000:0000:0001:FF00:0000/104
 FF02::1:FF00:0000/104
 Gets the lower 24 bits from the unicast address
243
Aggregatable Address
Prefix Interface ID
24 bits
FF02 0 1 FF Lower 24
128 bits
 A solicited-node address is:

A multicast address with a link-local scope
Formed by a prefix and the right-most 24 bits of the
aggregatable address
244
Aggregatable Address 2001:DB8:0:4:204:98FF:FEAC:7D80

2001:DB8:0:4: 204:9AFF:FE AC:7D80
24 bits
Solicited-Node Multicast Address FF02::1:FFAC:7D80
FF02 0 1 FF AC7D80
245
Neighbor Solicitation and Advertisement
A B
Neighbor Solicitation:
ICMP type = 135
Src = A
Dst = Solicited-node multicast address of B
Data = Link-layer address of A
Query = What is your link-layer address?
Neighbor Advertisement:
ICMP type = 136
Src = B
Dst = A
Data = Link-layer address of B
A and B Can Now Exchange
Packets on This Link
246
IPv6 Auto-Configuration
 Stateless (RFC2462) Subnet Prefix
ReceivedPREFIX
SUBNET + MAC +
Router solicitations are sent by MACAddress
ADDRESS
RA Indicates
booting nodes to request RAs Subnet
for configuring the interfaces Prefix
Advertised
Host autonomously configures
its own link-local address
 Stateful
DHCPv6
Subnet Prefix
Received + MAC
Address
At Boot Time, an IPv6 Host
Builds a Link-Local Address,
Then Its Global IPv6
Address(es) from RA
RA: Router Advertisement
247
IPv6 Auto-Configuration
Renumbering
 Host renumbering is done by modifying the RA to
announce the old prefix with a short lifetime and the new
prefix
 Router renumbering protocol (RFC 2894), to allow
domain-interior routers to learn of prefix
introduction/withdrawal
248
Stateless Auto-Configuration
1. RS 2. RA
1. ICMP Type = 133 (RS) 2. ICMP Type = 134 (RA)

Src = Link-local address (FE80::/10) Src = Link-local address (FE80::/10)
Dst = All-routers multicast address Dst = All-nodes multicast address
(FF02::2) (FF02::1)
Query = please send RA Data = options, subnet prefix, lifetime,
autoconfig flag
 Router solicitations (RS) are sent by booting nodes

to request RAs for configuring the interfaces
249
Duplicate Address Detection (DAD)
RS
A B
RA
1. Host A boots up and assigns itself

LINK LOCAL ADDRESS (FF80::/10)
2. Host A sends RS (ICMP Type 133)

3. Host A receives RA (ICMP Type 134)
with subnet prefix (2001:DB8:410:1/64)
250
A B
NS
 Host A wants to assign itself a unique global
unicast address 2001:DB8:0410:1::34:123A
 Before it does that, it sends out a DAD request
to all nodes on the link
251
A B
NS
4. Host A sends NS (ICMP Type 135) with

Source address (::)
Destination address FF02::1:FF34:123A (solicited-node Mcast
address for 2001:DB8:0410:1::34:123A )
5. If Host A does not receive a reply back, it

will assign itself 2001:DB8:0410:1::34:123A
252
Redirect
A B
R2
Src = A
R1 Dst IP = 2001:DB8:C18:2::1
Dst Ethernet = R2 (default
router)
Redirect:
Src = R2
Dst = A
2001:DB8:C18:2::/64 Data = good router = R1
 Redirect is used by a router to signal the

reroute of a Packet to a better router
253
Renumbering
RA
RA Packet definitions:
ICMP Type = 138
Src = Router link-local address
Dst = All-nodes multicast address
Data= 2 prefixes:
Current prefix (to be deprecated) with short lifetime
New prefix (to be used) with normal lifetime
 Renumbering—modify the RA to announce the old

prefix with a short lifetime and the new prefix
254
Enabling IPv6
 To enable IPv6 on a Cisco router, you must
Enable IPv6 traffic forwarding
ipv6 unicast-routing
Enable IPv6 on the interface(s) by configuring an IPv6 address on
the interface
ipv6 address <ipv6addr>[/<prefix-length>]
ipv6 enable (can be used, but only for link-local addresses)
255
Cisco IOS Address Configuration
 ipv6 address
Enables IPv6 on the interface
Configures the interface link-local and global IPv6 addresses
Syntax:
ipv6 address <ipv6addr>[/<prefix-length>] [link-local]
ipv6 address <ipv6prefix>/<prefix-length> eui-64
ipv6 unnumbered <interface>
ipv6 enable
256
IPv6 Address Configuration
Link Local
r1#show interface ethernet 0/0

Ethernet0/0 Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0004.9aac.7d80
(bia 0004.9aac.7d80)
interface Ethernet0/0
ipv6 enable MAC address: 0004:9AAC:7D80
router#show ipv6 interface Ethernet 0/0

Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::204:9AFF:FEAC:7D80
No global unicast address is configured
Joined group address(es):
FF02::1 (All Nodes Link Local)
FF02::2 (All Routers Link Local)
FF02::1:FFAC:7D80 (Solicited-Node Multicast)
MTU is 1500 bytes
257
Ethernet EUI-64
LAN: 2001:DB8:0:4::/64
Ethernet0/0
ipv6 address 2001:DB8:0:4::/64 eui-64 MAC address: 0004:9AAC:7D80
router# show ipv6 interface Ethernet0/0

Global unicast address(es):
2001:DB8:0:4:204:9AFF:FEAC:7D80, subnet is 2001:DB8:0:4::/64
FF02::1
FF02::2
FF02::1:FFAC:7D80
MTU is 1500 bytes
Link-Local Automatically Configured

258
Ethernet (No EUI-64)
LAN: 2001:DB8:0:4::/64
Ethernet0/0
ipv6 address 2001:DB8:0:4:1:2:3:4/64 MAC address: 0004:9AAC:7D80
router# show ipv6 interface Ethernet0/0

2001:DB8:0:4:1:2:3:4, subnet is 2001:DB8:0:4::/64
FF02::1
FF02::2
FF02::1:FF03:4
FF02::1:FFAC:7D80
MTU is 1500 bytes
259
Frame Relay
R1 R2
S0/0
2001:DB8:0:1:1:2:3:0/126 S0/0
R1
interface Serial0/0
ipv6 address 2001:DB8:0:1:1:2:3:1/126
frame-relay map ipv6 FE80::204:C1FF:FE09:1DA1 102 broadcast
frame-relay map ipv6 2001:DB8:0:1:1:2:3:2 102 broadcast
R2
interface Serial0/0
ipv6 address 2001::1:1:2:3:2/126
frame-relay map ipv6 FE80::204:9AFF:FEAC:7D80 201 broadcast
frame-relay map ipv6 2001:DB8:0:1:1:2:3:1 201 broadcast
260
Frame Relay
R1 R2
S0/0
2001:DB8:0:1:1:2:3:0/126
E0/0 S0/0
E0/0 MAC address: 0004:C109:1DA1

R1
r1#show ipv6 interface serial 0/0
Serial0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::204:C1FF:FE09:1DA1
2001:DB8:0:1:1:2:3:1, subnet is 2001:DB8:0:1:1:2:3:0/126
FF02::1
FF02::2
FF02::9
FF02::1:FF03:2
FF02::1:FF09:1DA1
MTU is 1500 bytes
261
Verification
R1 R2
S0/0
2001:DB8:0:1:1:2:3:0/126
E0/0 S0/0
r1#ping fe80::204:9aff:feac:7d80
Output Interface: serial0/0
Sending 5, 100-byte ICMP Echos to FE80::204:9AFF:FEAC:7D80, timeout is 2
seconds
:
Packet sent with a source address of FE80::204:C1FF:FE09:1DA1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
r1#ping 2001:DB8:0:1:1:2:3:2

Sending 5, 100-byte ICMP Echos to 2001:DB8:0:1:1:2:3:2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
262
Cisco IOS Neighbor Discovery
Parameters
Router Advertisements
 Default router
 IPv6 network prefix
Autoconfiguring IPv6 Hosts
 Lifetime of advertisement
263
Cisco IOS Neighbor Discovery
Command Syntax
 ipv6 nd prefix-advertisement <routing-refix>/<length>

<valid-lifetime> <preferred-lifetime> [onlink] [autoconfig]
Valid-Lifetime—the amount of time (in seconds) that the specified
IPv6 prefix is advertised as being valid
Preferred-Lifetime—the amount of time (in seconds) that the
specified IPv6 prefix is advertised as being preferred
Onlink—indicates that the specified prefix is assigned to the link;
nodes sending traffic to such addresses that contain the specified
prefix consider the destination to be locally reachable on the link
Autoconfig—indicates to hosts on the local link that the specified
prefix can be used for IPv6 auto-configuration
264
Configuring Neighbor Discovery
IPv6 Internet
interface Ethernet0
Router1 ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200
onlink autoconfig
RA Ethernet0
LAN1: 2001:DB8:c18:1::/64
interface Ethernet0
ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200
Ethernet0 onlink autoconfig
ipv6 nd ra-lifetime 0
RA Router2 interface Ethernet1
ipv6 nd prefix-advertisement 2001:DB8:c18:2::/64 43200 43200
Ethernet1 onlink autoconfig
LAN2: 2001:DB8:c18:2::/64
265
Cisco IOS Prefix Renumbering Scenario
Router Configuration Before Renumbering

interface Ethernet0
ipv6 nd prefix-advertisement 2001:DB8:c18:1::/64 43200 43200 onlink autoconfig
Network Prefix: 2001:DB8:c18:1::/64
Host Configuration
Auto-Configuring
IPv6 Hosts preferred address 2001:DB8:c18:1:260:8ff:fede:8fbe
Network Prefix: 2001:DB8:c18:1::/64

266
Cisco IOS Prefix Renumbering Scenario
Router Configuration After Renumbering

interface Ethernet0
NEW Network Prefix: 2001:DB8:c18:2::/64

Deprecated Prefix: 2001:DB8:c18:1::/64
Host Configuration
Auto-Configuring deprecated address 2001:DB8:c18:1:260:8ff:fede:8fbe
IPv6 Hosts preferred address 2001:DB8:c18:2:260:8ff:fede:8fbe
267
DHCPv6
 Client first detects the presence of routers
on the link
 If found, then examines router advertisements
to determine if DHCP can be used
 If no router found or if DHCP can be used, then:
DHCP solicit message is sent to the All-DHCP-agents
multicast address
Using the link-local address as the source address
268
OSPFv3 (RFC 2780)
Similarities with OSPFv2
 OSPFv3 is OSPF for IPv6 (RFC 2740)
 Based on OSPFv2, with enhancements
 Distributes IPv6 prefixes
 Runs directly over IPv6
 OSPFv3 and v2 can be run concurrently, because each
address family has a separate SPF (ships in the night)
270
Similarities with OSPFv2
 OSPFv3 uses the same basic Packet types as OSPFv2,
such as hello, database description blocks (DDB), link
state request (LSR), link state update (LSU), and link
state advertisements (LSA)
 Neighbor discovery and adjacency formation
mechanism are identical
 RFC-compliant NBMA and point-to-multipoint topology
modes are supported; also supports other modes from
Cisco, such as point-to-point and broadcast, including
the interface
 LSA flooding and aging mechanisms are identical
271
Differences from OSPFv2
 OSPF Packet type Packet Type Description
1 Hello
 OSPFv3 will have the same
2 Database Description
five Packet types, but some
3 Link State Request
fields have been changed
4 Link State Update
5 Link State Acknowledgement
 All OSPFv3 Packets have

a 16-byte header verses the
24-byte header in OSPFv2
Version Type Packet Length Version Type Packet Length

Router ID Router ID
Area ID Area ID
Checksum Autype Checksum Instance ID 0
Authentication
Authentication
272
OSPFv3 Protocol Processing Per-Link, Not Per-Subnet
 IPv6 connects interfaces to links
 Multiple IP subnets can be assigned to a single link
 Two nodes can talk directly over a single even if they do
not share a common subnet
 The terms “network” and “subnet” are being replaced
with “link”
 An OSPF interface now connects to a link
instead of a subnet
273
Multiple OSPFv3 Protocol Instances Can Now Run
Over a Single Link
 This allows for separate ASes, each running OSPF,
to use a common link; single link could belong
to multiple areas
 Instance ID is a new field that is used to have multiple
OSPFv3 protocol instances per link
 In order to have two instances talk to each other, they
need to have the same instance ID; by default it is 0,
and for any additional instance it is increased
274
 Multicast addresses
FF02::5—represents all SPF routers on the link-local scope,
equivalent to 224.0.0.5 in OSPFv2
FF02::6—represents all DR routers on the link-local scope,
equivalent to 224.0.0.6 in OSPFv2
 Removal of address semantics
IPv6 addresses are no longer present in OSPF Packet header
(part of payload information)
Router LSA, Network LSA do not carry IPv6 addresses
Router ID, Area ID, and Link State ID remain at 32 bits
DR and BDR are now identified by their Router ID and no longer
by their IP address
 Security
OSPFv3 uses IPv6 AH and ESP extension headers instead
of variety of mechanisms defined in OSPFv2
275
OSPFv3 Configuration Example
IPv6 Prefix
2001:DB8:101::/48
Loopback 0 Loopback 0
Subnet 3 S0/0 Subnet 2
S0/0
A B
Area 51 Subnet 1 Area 1
OSPF
Area 0
276
Router A
interface Loopback0
no ip address
ipv6 address 2001:DB8:101:3::/64 eui-64
ipv6 ospf 1 area 51
interface Serial0/0
no ip address
ipv6 ospf network point-to-point
ipv6 ospf 1 area 0
frame-relay map ipv6 FE80::204:9AFF:FE5C:8B41 602 broadcast
frame-relay map ipv6 2001:DB8:101:1:204:9AFF:FE5C:8B41 602 broadcast
ipv6 router ospf 1

router-id 10.1.1.1
277
Router B
interface Loopback0
no ip address
ipv6 ospf 1 area 1
interface Serial0/0
no ip address
ipv6 ospf network point-to-point
ipv6 ospf 1 area 0
frame-relay map ipv6 FE80::204:C1FF:FE09:1DA1 206 broadcast
frame-relay map ipv6 2001:DB8:101:1:204:C1FF:FE09:1DA1 206 broadcast
ipv6 router ospf 1

router-id 10.1.1.2
278
OSPFv3 Verification
rA#show ipv6 route ospf
IPv6 Routing Table - 7 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
OI 2001:DB8:101:2:204:9AFF:FE5C:8B41/128 [110/64]
via FE80::204:9AFF:FE5C:8B41, Serial0/0
ra#show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface

10.1.1.2 1 FULL/ - 00:00:33 3 Serial0/0
279
OSPFv3 Router Commands
A(config)#ipv6 router ospf 1

A(config-rtr)#?
area OSPF area parameters
auto-cost Calculate OSPF interface cost according to bandwidth
compatible OSPF compatibility list
default Set a command to its defaults
default-information Distribution of default information
default-metric Set metric of redistributed routes
discard-route Enable or disable discard-route installation
distance Administrative distance
distribute-list Filter networks in routing updates
280
exit Exit from IPv6 routing protocol configuration mode

ignore Do not complain about specific event
log-adjacency-changes Log changes in adjacency state
maximum-paths Forward packets over multiple paths
no Negate a command or set its defaults
passive-interface Suppress routing updates on an interface
redistribute Redistribute IPv6 prefixes from another routing
protocol
router-id router-id for this OSPF process
summary-prefix Configure IPv6 summary prefix
timers Adjust routing timers
281
A(config-rtr)#area 1 ?
default-cost Set the summary default-cost of a NSSA/stub area
nssa Specify a NSSA area
range Summarize routes matching address/mask (border routers only)
stub Specify a stub area
virtual-link Define a virtual link and its parameters
282
OSPFv3 Interface Commands
r2(config)#int s0/0
r2(config-if)#ipv6 ospf ?
<1-65535> Process ID
cost Interface cost
database-filter Filter OSPF LSA during synchronization and flooding
dead-interval Interval after which a neighbor is declared dead
demand-circuit OSPF demand circuit
flood-reduction OSPF Flood Reduction
hello-interval Time between HELLO packets
mtu-ignore Ignores the MTU in DBD packets
neighbor OSPF neighbor
network Network type
priority Router priority
retransmit-interval Time between retransmitting lost link state
advertisements
transmit-delay Link state transmit delay
283
Q and A
Session 6:
IP Routing BGP
Topics
 Introduction
 BGP Path Section
 BGP Attributes
 Debugging
286
Introduction
 What Is BGP?
 How Does BGP Work
 EBGP and IBGP
 What Is a Peer (Neighbor)
287
Configuring BGP
Rtr A Rtr B
10.1.1.1/24
10.1.1.2/24
AS 1 AS 2
Rtr A Rtr B
router bgp 1 router bgp 2
288
Configuring Peers
Rtr(config-router)#?
*address-family Enter address family command mode
***aggregate-address Configure BGP aggregate entries
*auto-summary Enable automatic network number summarization
*bgp BGP specific commands
default Set a command to its defaults
*default-information Control distribution of default information
*default-metric Set metric of redistributed routes
*distance Define an administrative distance
+++distribute-list Filter networks in routing updates
exit Exit from routing protocol configuration mode
Importance: ***High **Medium *Low

+++: Do Not Use with BGP
Use neighbor x.x.x.x distribute-list {in|out}
289
Configuring Peers (Cont.)
Rtr(config-router)#?
help Description of the interactive help system
*maximum-paths Forward packets over multiple paths
***neighbor Specify a neighbor router
**network Specify a network to announce via BGP
no Negate a command or set its defaults
***redistribute Redistribute information from another routing protocol
*synchronization Perform IGP synchronization
*table-map Map external entry attributes into routing table
*timers Adjust routing timers
Importance: ***High **Medium *Low
290
Configuring BGP Peers (Cont.)
Neighbor
Rtr A Rtr B
10.1.1.1/24
10.1.1.2/24
AS 1 AS 2
Rtr A Rtr B
neighbor 10.1.1.2 remote-as 2 neighbor 10.1.1.1 remote-as 1
291
BGP Issue: Synchronization
A BGP Router will Not Advertise a Route to an eBGP
Neighbor Unless the Route Is Already in the IP Routing Table
Rtr B
Rtr A Rtr C
iBGP
eBGP eBGP
 Rtr B does not know about
172.16.0.0; therefore Rtr C
should not advertise 172.16.0.0
to Rtr D Rtr D
172.16.0.0  Redistribute 172.16.0.0 into IGP
(not recommended); or use a
full iBGP mesh and disable 12.2(8)T—Default changed
to no synchronization
synchronization (default)
292
BGP Path Selection
 Ignore a route if the next hop is not known
 Ignore external routes with local AS in path
1. Prefer the route with the largest weight

2. Prefer the route with the largest local preference
3. Prefer the route that was locally originated
via network, aggregate or redistribution from an IGP
293
BGP Path Selection (Cont.)
4. Prefer the route with the shortest AS path

If using bgp bestpath as-path ignore then skip this step; when
using the as-set option for aggregated routes then the as_set
counts as 1 regardless of the number of AS entries in the set;
confederation sub AS numbers are not used to determine the
AS-path length
5. Prefer the route with the lowest origin

(IGP < EGP < Incomplete)
6. Prefer the route with the lowest MED
This comparison is only between routes advertised
by the same external AS
7. Prefer eBGP paths to iBGP path
294
BGP Path Selection (Cont.)
8. For iBGP paths, prefer the path with lowest IGP

metric to the BGP next hop
9. For eBGP paths, prefer the oldest (most stable) path
10. Prefer the path received from the router with
the lowest router ID
295
BGP Attributes: Next Hop
 The next hop IP address that is used to reach
a destination
 For eBGP, the next hop is the IP address specified
in the neighbor command
 For iBGP, the eBGP next hop information is carried
into iBGP
AS 1 AS 2 Router C
10.1.1.1 10.1.1.2 10.1.20.1 10.1.20.2

172.16.0.0
172.16.0.0
Next Hop = 10.1.1.1
Does Router C Know How to Get to the Next Hop?
296
BGP Attributes: Weight
 A Cisco defined attribute which is used for path
selection; the weight is assigned locally and is not
propagated in routing updates
 Value: 0–65535 Default is 32768 for local routes,
0 for all others
 Higher value is preferred
172.16.0.0/16
AS 4
AS 1
AS 3 AS 2
Net 172.16.0.0 Net 172.16.0.0
Weight = 0 Weight = 80
Preferred
297
BGP Attributes: Local Pref
 Signals which path is preferred to exit the AS
and is exchanged among all BGP speakers in the AS;
local preference is not exchanged between ASs
 Value: 0–4294967295
Default value: 100
Higher value is preferred
172.16.0.0/16
AS 4
AS 1
AS 3 AS 2
Net 172.16.0.0 Net 172.16.0.0
Loc Pref = 100 Loc Pref = 800
Preferred
298
BGP Attribute: AS Path
AS Path Attribute—the List of AS Numbers That
a Route Has Traversed to Reach a Destination
AS 2
^2 1$ ^1$
^3$ ^1$
AS 5 AS 3 AS 1
^4 1$ ^1$ 10.1.0.0/24
10.1.1.1/24
AS 4
299
BGP Attributes: Origin
 IGP—i
Network Layer Reachability Information (NLRI)
is interior to the originating AS; network statement
or redistribute IGP routes
 EGP—e
NLRI is learned via eBGP
 Incomplete—?
NLRI is unknown; redistributing static into BGP
300
BGP Attributes: Metric (MED)
 Also known as the Multi-Exit-Discriminator (MED);

metric is used as a suggestion to other ASs about the
preferred path into the AS; exchanged between ASs
 Value: 0–4294967295 Default value: 0 Lower value
is preferred
AS 2
Net 172.16.1.0 Net 172.16.1.0
Metric = 0 Preferred Metric = 80
172.16.1.0
AS 1
301
BGP Path Selection—BGP Table
 The best routes to the destination networks

are selected from the BGP table
302
BGP Path Selection Summary
 Prefer highest weight (local to router)
 Prefer highest local preference (global within AS)
 Prefer routes that the router originated
 Prefer shorter AS paths (only length is compared)
 Prefer lowest origin code (IGP < EGP < Incomplete)
 Prefer lowest MED
 Prefer external (EBGP) paths over internal (IBGP)
 For IBGP paths, prefer path through closest IGP neighbor
 For EBGP paths, prefer oldest (most stable) path
 Prefer paths from router with the lower BGP router-ID
303
Other BGP Attributes: Atomic Aggregate
Atomic Aggregate—The Route Has Been Summarized
and Path Information Is Lost
Use of the as-set Command

When Aggregating
(Router C) Will Propagate
the Path Information
RouterD# show ip bgp

BGP table version is 6, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal
Origin codes: i - IGP, e - EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 160.0.0.0/8 4.4.4.1 0 300 i
304
BGP Attributes: Community
 Used to group destinations and apply routing decisions
according to community; by default, not sent to any peers
 Value: 0–4,294,967,200 or 0:0–65535:65535
Values of all-zeroes and all-ones in the high order 16 bits are reserved
 Well known communities

no-export (Do not export to next AS)
no-advertise (Do not advertise to any peer)
Internet (Advertise to all routers)
local-AS (Do not advertise outside local AS)
 To send community values to a peer use the

send-community keyword
neighbor 1.1.1.1 send-community
305
BGP Attributes: Community (Cont.)
201.3.3.196/26 197.4.3.0/27 201.3.3.196/22

144.8.1.0/24 152.1.1.0/24 144.8.1.0/24
144.9.3.128/27 152.4.5.128/26 144.9.3.128/23
12.1.0.0/16 28.5.0.0/17 12.1.0.0/16
AS 1250 AS 88 AS 51
AS 1
AS 1 Wants to Adjust the BGP Attributes of the Underlined Routes;

How Can We Do That? AS-Path? Prefix and Mask?
306
201.3.3.196/26,1:4 197.4.3.0/27 201.3.3.196/22

144.8.1.0/24 152.1.1.0/24, :44 144.8.1.0/24, 1:4
144.9.3.128/27 152.4.5.128/26,1:4 144.9.3.128/23
12.1.0.0/16 28.5.0.0/17 12.1.0.0/16, 1:4
AS 1250 AS 88 AS 51
AS 1
Use the Community Attribute
307
Setting the Community Value
router bgp 51
neighbor 10.1.1.1 remote-as 1
neighbor 10.1.1.1 send-community
neighbor 10.1.1.1 route-map setcomm out
!
!
route-map setcomm permit 10
match ip address 1
set community 1:4
!
route-map setcomm permit 20
308
Viewing the Community Value—Old Format
rtrA#sh ip bgp 172.16.1.0

BGP routing table entry for 172.16.1.0/24, version 7
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
172.10.2.2 172.10.6.6
254
10.1.1.1 from 10.1.1.1 (199.172.15.254)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 65546
309
Viewing the Community Value—New Format
ip bgp-community new-format (global configuration)
rtrA#sh ip bgp 172.16.1.0

BGP routing table entry for 172.16.1.0/24, version 7
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
172.10.2.2 172.10.6.6
254
10.1.1.1 from 10.1.1.1 (199.172.15.254)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 1:10
310
Controlling the Flow of BGP Updates
Aggregate Addresses
 Used to minimize the size
of the routing table
 Combines characteristics
of several routes to allow
a RTB#
single route to be advertised
router bgp 200
network 160.10.0.0
RTC#
router bgp 300
network 170.10.0.0
312
Aggregate Addresses (Cont.)
 aggregate-address address mask
advertises the prefix route and all of the more
specific routes
 aggregate-address address mask summary-only
This advertises the prefix only; all the more specific
routes are suppressed*
 aggregate-address address-mask suppress-map
map-name
This command advertises the prefix route and the
more specific routes but it suppresses advertisement
according to a route map
313
Example: Aggregate Address
 Question: Advertise the aggregate route 132.0.0.0/8

into AS 3. Ensure that the aggregate address and
only 132.108.10.0/24 is allowed through to AS 3
314
Example (Cont.): Configuration
r8(config)#router bgp 4
r8(config-router)#aggregate-address 132.0.0.0 255.0.0.0
suppress-map AGGREGATE_MAP1
r8(config-router)#exit
r8(config)#access-list 3 deny 132.108.10.0 0.0.0.255
r8(config)#access-list 3 permit any
r8(config)#route-map AGGREGATE_MAP1 permit 10
r8(config-route-map)#match ip address 3
r8(config-route-map)#end
315
Example (Cont.): Verification
r5#sh ip ro bgp
B 141.108.0.0/16 [200/0] via 142.108.10.6, 2d03h
B 131.108.0.0/16 [20/0] via 162.108.21.8, 00:06:41
B 161.108.0.0/16 [20/0] via 162.108.21.8, 00:06:41
132.108.0.0/16 is variably subnetted, 2 subnets, 2
masks
B 132.108.10.0/24 [20/0] via 162.108.21.8, 00:06:41
B 132.108.0.0/16 [200/0] via 142.108.10.6, 2d03h
B 132.0.0.0/8 [20/0] via 162.108.21.8, 00:06:41
316
BGP Route Filtering
Route Filtering
 Filter networks in incoming or outgoing BGP updates
based on IP address
Rtr A Rtr B
10.1.1.1/24
10.1.1.2/24
AS 1 AS 2
Rtr A Rtr B
neighbor 10.1.1.2 distribute-list 1 in neighbor 10.1.1.1 distribute-list 2 out
access-list 1 permit 172.16.0.0 0.0.255.255 access-list 2 permit 192.30.8.0 0.0.0.255
Do You See A Problem Here?

317
BGP Route Filtering
Route Filtering
 Path filtering—filter networks in incoming or outgoing
BGP updates based on AS path information
Rtr A Rtr B
10.1.1.1/24
10.1.1.2/24
AS 1 AS 2
Rtr A Rtr B
neighbor 1.1.1.2 filter-list 1 in neighbor 1.1.1.1 filter-list 2 out
… ...
ip as-path access-list 1 deny ^2$ ip as-path access-list 2 permit ^$
(deny routes belonging to AS 2) (allow routes from this AS only)
ip as-path access-list 1 permit .*
Do You See A Problem Here?
318
Route-Map Overview
Route Maps
 Route-maps are very complex access-lists:
Access-lists have lines
 Route-maps contain statements
Access-lists use addresses and masks
 Route-maps use match conditions
With access-lists, there is an access-list number
 With route-maps, there is a route-map name
Statements in route-maps are numbered
You can insert and delete statements in a route-map
You can edit match conditions in a statement
Route-map statements can modify matched routes
with “set” options
319
Route-Map Overview (Cont.)
Route Maps
 The default statement action is “permit”

 A route not matched by any statement is dropped
 “Permit all” is achieved by specifying “permit”
without a “match” clause
 Match conditions in one statement are ANDed together
 The first matching statement permits or denies the route
320
Route-Map Overview (Cont.)
Route Maps
router bgp 300
network 172.16.0.0
neighbor 2.2.2.2 remote−as 100
neighbor 2.2.2.2 route−map STOPUPDATES out
…
route−map STOPUPDATES deny 10
match ip address 1
route−map STOPUPDATES permit 20
…
access−list 1 permit 170.16.0.0 0.0.255.255
Blocks Advertisement of Network 172.16.0.0 to Neighbor 2.2.2.2
321
Debugging BGP
Debugging
 Test the IP connection between the BGP routers
Rtr A Rtr B
10.1.1.1/24
10.1.1.2/24
AS 1 AS 2
 If you can ping the remote endpoint then you can form a
BGP connection
Rtr A#ping 1.1.1.2 Rtr B#ping 1.1.1.1
323
Debugging
Start with a Minimum BGP Configuration
Rtr A Rtr B
10.1.1.1/24
10.1.1.2/24
AS 1 AS 2
Rtr A# Rtr B#

neighbor 1.1.1.2 remote-as 2 neighbor 1.1.1.1 remote-as 1
324
Debugging
IF BGP Stat = Established Then Continue
with Your BGP Configuration
Rtr A#show ip bgp neighbors
BGP neighbor is 1.1.1.2, remote AS 2, external link

BGP version 4, remote router ID 1.1.1.2
BGP state = Established, table version = 1, up for 0:12:20
Last read 0:00:20, hold time is 180, keepalive interval is 60 seconds
Minimum time between advertisement runs is 30 seconds
Received 15 messages, 0 notifications, 0 in queue
Sent 15 messages, 0 notifications, 0 in queue
Connections established 1; dropped 0
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Local host: 10.1.1.7, Local port: 11002
Foreign host: 10.1.1.1, Foreign port: 179
325
Further Possible Areas of Study
 IBGP—Route Reflector
 IBGP—Confederations
 EBGP—Neighbor Local-as
 BGP Multipath
 BGP Conditional Advertisement
326
Q and A
Recommended Reading
 Internet Routing Architectures,

Bassam Halabi, Cisco Press
 Cisco BGP-4 Command and
Configuration Handbook,
William Parkhurst, Cisco Press
Available Onsite at the Cisco Company Store

328
Session 7:
MPLS/VPN
Agenda
 MPLS Technology Introduction

 MPLS Network Ingredients
 Building MPLS Services
MPLS VPNs
MPPS Layer 3 VPNs
330
MPLS Technology Introduction
What Is MPLS Technology?
 Multi Protocol Label Switching is a technology for delivery of IP services
 MPLS technology switches packets instead of routing, to transport data
 A highly scalable mechanism that is topology driven rather than
flow driven
 Single infrastructure architecture supporting multitudes of applications
 MPLS has evolved long way from its original goal, now serving as a
foundation for value-added services
Unicast Any
Traffic IP+Optical
&multicast Transport VPLS
Engineer GMPLS
L3 VPNs Over MPLS
MPLS
Single Network Infrastructure

332
Evolving Infrastructures,
Growing Requirements
Next Generation Services Networks Require
a Transport that Offers End-to-End:
Service Resilience SLA OAM

Flexibility and Scale Guarantees
Point to Provision
Point Redundancy Traffic Classes
Point to Fast Measure

Multipoint Convergence Traffic Priority
Test and
Mutipoint to High Verify
Multipoint Availability
BW Guarantees
Report
333
MPLS Use Case
Requirements: L2 pt-pt, L2 fully meshed,L3 fully meshed sites through HQ site, all sites
directly access Hosted content and the Internet with SLA

Shared/Managed Services
Video Hosted
ERP Server Content
CustomerA Mobile
Backhaul
VM
MPLS VPN A
FR/ATM/ Backbone
Carrier PE1 P1 P2 VM
Ethernet
HQ A
VPN A PE2
Provider PE5
Local or Branch
VPN B Office
Networks P3 P4 PE4
Direct Internet
Dial ISP MPLS to
IPsec/PE
Remote Users/
Telecommuters VM
VM
PE3
VPN B
Mobile
VM
Backhaul HQ B
VPN C VPN B
HQ C
VPN C 334
MPLS Network Ingredients
MPLS Network Ingredients
 Network devices
P (Provider) routers = label switching routers = core routers
PE (Provider Edge) routers = edge LSR = provider edge device
 Protocols
IGP: core routing protocol, OSPF, EIGRP, IS-IS
Label Distribution Protocol (LDP)
Multiprotocol e/iBGP
Resource reservation (RSVP) protocol
 MPLS label
Forwarding Equivalence Class (FEC)
MPLS label
MPLS label encapsulation
 MPLS planes
MPLS control planes
MPLS forwarding planes
336
MPLS Network Devices
PE
P P
PE
PE
PE
P P
PE
PE
 P (Provider) routers = label switching routers = core routers

Switch packets from ingress PE to egress PE
 PE (Provider Edge) routers = edge LSR = provider edge device

MPLS services are enabled on PE devices. They interconnect customer sites
337
MPLS Network Protocols
PE
PE P P PE
RSVP IGP
PE
P P PE
LDP
PE
 IGP: OSPF, EIGRP, IS-IS on core facing and core links

 RSVP and/or LDP on core and/or core facing links
 MP-e/iBGP on PE devices
338
Label Distribution Protocol
 Defined in RFC 3035 and 3036, LDP-superset of Tag Distribution Protocol

 Uses UDP for session discovery and TCP(646) for the rest of
the messages Version (2 Octets)
 LDP Header:
PDU Length (2 Octets)
LDP ID (6 Octets)
 Uses per-interface or per-platform label space, each needing separate LDP

sessions
 Label distribution protocols distribute labels for prefixes advertised by unicast
routing protocols (OSPF, IS-IS, EIGRP, etc.) using LDP or BGP
 Multiple phases to establish a session & allocate labels so that traffic
can be switched:
Discovery mechanisms
Session establishment
Label distribution and management
Label binding advertisement (unsolicited or on-demand), distribution, liberal retention
339
MPLS Label and Label Encapsulation
MPLS Label
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label # – 20bits EXP S TTL-8bits
COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live
MPLS Label Encapsulation

PPP Header
(Packet over SONET/SDH) PPP Header Label Layer 2/L3 Packet
LAN MAC Label Header MAC Header Label Layer 2/L3 Packet
340
Forwarding Equivalence Class
FEC Is Used by Label Switching Routers to Determine

How Packets Are Mapped to Label Switching
Paths (LSP):
 IP prefix/host address
 Layer 2 circuits (ATM, FR, PPP, HDLC, Ethernet)
 Groups of addresses/sites—VPN x
 A bridge/switch instance—VSI
 Tunnel interface—traffic engineering
341
MPLS Control Plane and Forward Plane
Route
RIB Routing Updates/
 Control plane used Process Adjacency
to distribute labels and
build label-switched
paths Label Bind
LIB MPLS Updates/
Process Adjacency
 Forwarding plane consists

of label imposition, swapping,
and disposition—no matter
what the control plane
Destination-based
MFI FIB
unicast/multicast
Labels divorce forwarding
from IP address
MPLS Traffic IP Traffic
Labels define destination
and service
342
MPLS Control Plane
Downstream Unsolicited Mode
Step I: Core Routing Convergence
In Address Out Out In Address Out Out In Address Out Out
Label Prefix I’face Label Label Prefix I’face Label Label Prefix I’face Label
128.89 1 128.89 0 128.89 0
171.69 1 171.69 1
… … … … … …
0 128.89
0
1
You Can Reach 128.89 Thru Me

You Can Reach 128.89 1
and 171.69 Thru Me
Routing Updates
You Can Reach 171.69 Thru Me 171.69
(OSPF, EIGRP, …)
343
MPLS Control Plane
Downstream Unsolicited Mode
Step II: Assigning Labels

- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …
0 128.89
0
1
Use Label 9 for 128.89

Use Label 4 for 128.89 and 1
171.69
Downstream Node Advertise Labels for Prefixes/FEC Reachable via that Device
344
MPLS Forwarding Plane
Step III: Forwarding Labeled Packets
- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …
0 128.89
0
128.89.25.4 Data
1
9 128.89.25.4 Data
128.89.25.4 Data 4 128.89.25.4 Data 1
Label Switch Forwards

Based on Label 171.69
345
Label Stacking
 There may be more than one label in an MPLS packet
 As we know labels correspond to forwarding equivalence classes
Example—there can be one label for routing the packet to an egress point
and another that separates a customer A packet from customer B
Inner labels can be used to designate services/FECs, etc.
e.g. VPNs, fast reroute
 Outer label used to route/switch the MPLS
packets in the network
 Last label in the stack is marked with EOS bit Outer Label
 Allows building services such as TE Label
MPLS VPNs LDP Label
Traffic engineering and fast reroute VPN Label
VPNs over traffic engineered core
Any transport over MPLS Inner Label IP Header
346
MPLS Core Architecture Summary
1a. Existing Routing Protocols (e.g. OSPF, IS-IS)
Establish Reachability to Destination Networks
1b. LDP Establishes Label to Destination 4. Edge LSR at
Network Mappings Egress Removes
Label and Delivers
Packet
!
ip cef
mpls label protocol
ldp
!
Interface ether0/0
2. Ingress Edge LSR Receives Packet, mpls ip
Performs Layer 3 Value-Added !
Services, and “Labels” Packets 3. LSR Switches Packets
Using Label Swapping
347
MPLS VPNs
What Is a Virtual Private Network?
 VPN is a set of sites or groups which are allowed to communicate
with each other
 VPN is defined by a set of administrative policies
Policies established by VPN customers
Policies could be implemented completely by VPN service providers
 Flexible intersite connectivity
Ranging from complete to partial mesh
 Sites may be either within the same or in different organizations
VPN can be either intranet or extranet
 Site may be in more than one VPN
VPNs may overlap
 Not all sites have to be connected to the same service provider
VPN can span multiple providers
349
L2 vs. L3 VPNs
Point-to-Point Layer 2 VPNs
 Customer endpoints (CPE) connected via Frame Relay DLCI, ATM VC or
point-to-point connection
 No routing with the provider network. VPN CEs peer with each other, much
better propagation delay
 Good for point to point L2 connectivity, provider will need to manually fully
mesh end points if any-to-any connectivity is required
Multipoint Layer 2 VPNs
 Customer endpoints (CPE) connected via Ethernet (VLAN or ethernet)
 Fully meshed, hub-spoke service possible w/o routing
Layer 3 VPN
 Any access medium is supported
 Customer end points peer with providers’ routers @ L3 and exchange
VPN site-routing information
 Reduced provisioning, Scales
350
MPLS L3 VPNs
IP L3 vs. MPLS L3 VPNs
VPN B VPN A
VPN C
VPN C Multicast
Hosting
VPN B Intranet
VoIP
VPN A Extranet
VPN A
VPN B
Overlay VPN MPLS-Based VPNs

 ACLs, ATM/FR, IP tunnels, IPSec, … etc.  Point-to-cloud single point of connectivity
requiring n*(n-1) peering points  Transport independent
 Transport dependent  Easy grouping of users and services
 Groups endpoints, not groups  Enables content hosting inside the network
 Pushes content outside the network  “Flat” cost curve
 Costs scale exponentially  Supports private overlapping IP addresses
 NAT necessary for overlapping subnets  Scalable to over millions of VPNs
 Limited scaling, QoS Complexity  Per VPN QoS
352
MPLS L3 VPN Control Plane Basics
CE4
MP-iBGP—VPNv4
Label Exchange
CE3
VRF P1 P2
VRF
PE3 Static, EIGRP,
OSPF, eBGP
VRF VRF
P3
PE1
MP-iBGP—VPNv4 iBGP—VPNv4
PE2
VRF
CE1 CE2
1. VPN service is enabled on PEs

2. VPN site’s CE1 connects to a VRF enabled interface on a PE1
3. VPN site CE1 distributes routes to PE1
4. PE1 allocates VPN label for each prefix, redistributes routes into
MP-iBGP, sets itself as a next hop and relays VPN site routes to PE3
5. PE3 distributes CE1’s routes to CE2
353
How Control Plane Information
Is Separated
VPN-IPv4
Net=RD:16.1/16
16.1/16 NH=PE1 IGP/eBGP
Route Target Net=16.1/16
No VPN
100:1
Label=42 P1 Routes in P2
CE1 the Core(P) CE2
IGP/eBGP
Net=16.1/16 PE1 PE2
ip vrf Yellow
IPv4 Route RD 1:100
Exchange
route-target export 1:100
route-target import 1:100
 Route Distinguisher (RD): 8-byte field—unique value assigned by a provider to each
VPN to make different VPN routes unique
 VPNv4 address: RD+VPN IP prefix
 Route Target (RT): 8-byte field, unique value assigned by a provider to define the
import/export rules for the routes from/to each VPN
 MP-iBGP: facilitates advertisement of VPNv4* prefixes + labels between BGP peers
 Virtual Routing Forwarding Instance (VRF): contains VPN site routes
 Multi-VRF CE: CE device supporting multiple VRFs w/o MP-iBGP & VPN labels
354
MPLS L3 VPN Forwarding Plane
How Data Plane Is Separated
CE1 CE2
IPv4 IPv4 IPv4
P1 P2
IPv v4
4 IP
CE1
Forwards PE1 PE2 CE2
IPv4 Packet Receives
! IPv4 Packet
Interface S1/0
ip vrf forwarding Yellow
!
1. PE1 imposes pre-allocated label for the prefix

2. Core facing interface allocates IGP label
3. Core swaps IGP labels
4. PE2 strips off VPN label and forwards the packet to CE2 as an
IP packet
355
MPLS L3 VPNs Applications
Deployment Example I:
MPLS VPN SP Interconnecting VPN Sites
for different Access Technologies
CustomerA
VM
MPLS VPN A
Backbone
PE1
FR/ATM/ P1 P2
PE2 VM
HQ Hub
VPN A
Provider MPLS to Branch Office
Local or Networks IPsec/PE
Direct
Dial ISP Internet
Remote Users/
Telecommuters PE3 VM
VPN A
VM
Business
VPN A
VPN A Partner
VPN B
Remote Site
357
Deployment Example II:
MPLS VPNs in Enterprise Campus
CE (Multi-VRF)
 L2 access
L2
 Multi-VRF-CE
at distribution
 BGP/MPLS VPNs in
core only P
Layer 3
 Multi-VRF between
core and distribution
PE w/VRF
 Multi-VRF doesn’t
require MPLS labels
MP-iBGP
VPN1
L2
VPN2
802.1Q
BGP/MPLS VPN
358
Deployment Example III:
End-to-End VPN Services Using Multiple MPLS SPs
Enterprise-A
Enterprise-A Hub-3-India
Hub-1-UK Global Backbone
Service Provider
AS100
Regional Regional
SP1 Enterprise-A SP3
MPLS Core Hub-2-US MPLS Core
AS1 AS3
Regional
SP2
MPLS Core
AS2
Remote Sites Remote Sites

Enterprise-A Enterprise-A
Remote Sites
Enterprise-A
359
MPLS L3 VPNs Summary
 SPs can provide Intranet, extranet, hub-spoke, fully-meshed connectivity services
 Advanced multicast VPNs, shared hosting, voice, video,
Internet and traditional IP services can also be supported over
a single infrastructure
 SP configured route target can be used to filter/limit import/export of VPN routes
 SP configured per VPN route distinguisher segregates VPN
control plane traffic
 Unique per-VPN labels segregates data plane traffic
 Subscribers have several access medium and routing protocol options to connect to the
providers
 SPs can offer service level guarantees using QoS and traffic engineering applications for
MPLS L3 VPNs
 MPLS L3VPNs over IP
360
Terminology Reference
Terminology Description
AC Attachment Circuit. An AC Is a Point-to-Point, Layer 2 Circuit Between a CE and a PE.
AS Autonomous System (a Domain)
CoS Class of Service
ECMP Equal Cost Multipath
IGP Interior Gateway Protocol
LAN Local Area Network
LDP Label Distribution Protocol, RFC 3036.
LER Label Edge Router. An Edge LSR Interconnects MPLS and non-MPLS Domains.
LFIB Labeled Forwarding Information Base
LSP Label Switched Path
LSR Label Switching Router
NLRI Network Layer Reachability Information
P Router An Interior LSR in the Service Provider's Autonomous System
An LER in the Service Provider Administrative Domain that Interconnects the
PE Router
Customer Network and the Backbone Network.
PSN Tunnel Packet Switching Tunnel
361
Terminology Reference
Terminology Description
A Pseudo-Wire Is a Bidirectional “Tunnel" Between Two Features on a
Pseudo-Wire
Switching Path.
PWE3 Pseudo-Wire End-to-End Emulation
QoS Quality of Service
RD Route Distinguisher
RIB Routing Information Base
RR Route Reflector
RT Route Target
RSVP-TE Resource Reservation Protocol based Traffic Engineering
VPN Virtual Private Network
VFI Virtual Forwarding Instance
VLAN Virtual Local Area Network
VPLS Virtual Private LAN Service
VPWS Virtual Private WAN Service
VRF Virtual Route Forwarding Instance
VSI Virtual Switching Instance
362
MPLS/L3VPN Sample Lab Question 170.1.9.9/24
Sw4 Sw3
CE
SVI SVI
.30.10/24 .30.9/24
VLAN_B
VLAN_A
VPN Tunnel Gi0/0
VPN Tunnel Gi0/0 Fa0/0
.30.3/24
CE CE .25.2/24 .25.5/24
MP-BGP/IGP/MPLS VLAN_C
R3 PE
PE PE Gi0/1 R2 R5
.20.2/24 Fa0/1 Gi0/1
S0/0/0
IGP/MPLS .12.2/30 .100.5/24 .100.3/24
P P P
P
IGP/MPLS VLAN_E
P PE
Static
Static Route/No
Route/No MPLS MPLS
CE PE
S0/0/1
.12.1/30 Gi0/1
Fa0/0 .100.1/24 Gi0/0
150.1.YY.1/24
150.2.YY.1/24
Backbone 2
Backbone 1
R4 S0/0/0
S0/0/0 R1
.14.1/24
.14.4/24
Fa0/1
.50.4/24
PE
VLAN_D
Sw1 Sw2
SVI SVI
170.1.7.7/24 CE .50.7/24 .50.8/24
363
MPLS/L3VPN Sample Lab Question (Cont.)
There is a private network on Sw3 170.1.9.0 and
another on Sw1 170.1.7.0. Build a VPN tunnel to carry
the private traffic between these two networks using
the MPLS core and edge infrastructure.
 MP-BGP should be configured to carry vpnv4 updates.

 VRF instance should be named "ccie"
 RT & RD values is upon candidates discretion.
 Include only the relevant interface in the vrf instance.
 Configure the vrf route as appropriate on PEs
 You are allowed to use static route from CE to PE for the private
traffic.
364
MPLS/L3VPN Sample Lab Question (Cont.)
Verification
R3: Verify VPNv4 routes are received from R4(PE):
R3#sh ip route vrf ccie
Routing Table: ccie
S 170.1.9.9 [1/0] via 1.1.30.9
B 170.1.7.7 [200/0] via 1.1.4.4, 3d16h---Loopback intf.(Private Network) on Sw1
C 1.1.30.0 is directly connected, GigabitEthernet0/0
B 1.1.50.0 [200/0] via 1.1.4.4, 3d16h
R4: Verify VPNv4 routes are received from R3(PE):

R3#sh ip route vrf ccie
Routing Table: ccie
S 170.1.7.7 [1/0] via 1.1.50.7
B 170.1.9.9 [200/0] via 1.1.3.3, 3d16h---Loopback intf.(Private Network) on Sw3
C 1.1.50.0 is directly connected, GigabitEthernet0/1
B 1.1.30.0 [200/0] via 1.1.3.3, 3d16h

365
Further Reading
 http://www.cisco.com/go/mpls
 http://www.ciscopress.com
 MPLS and VPN Architectures—
Jim Guichard, Ivan Papelnjak—Cisco Press®
 Traffic Engineering with MPLS—
Eric Osborne, Ajay Simha—Cisco Press
 Layer 2 VPN Architectures— Wei Luo,
Carlos Pignataro, Dmitry Bokotey,
Anthony Chan—Cisco Press
 MPLS QoS—Santiago Alvarez-Cisco Press
366
Q and A
Session 8:
IP Multicast
Agenda
 Multicast Concepts
 PIM-SM Configuration and Verification
 Multicast Troubleshooting
369
Multicast At-a-Glance
PIM
PIM
PIM
IGMP IGMP
370
Mcast
Sample Written Question
 Which of the following is NOT true of IP Multicast

Addressing?
1. Multicast Group addresses comprise the range
224.0.0.0–239.255.255.255
2. The Link-Local Address Range is 224.0.0.0–224.0.0.255
3. Administratively Scoped Addresses
(239.0.0.0– 239.255.255.255) are assigned to user
applications by IANA
4. EIGRP Hello’s to 224.0.0.10 have a TTL = 1
5. Scope Relative Addresses are the top 256 addresses
of a scoped address range
371
Multicast Forwarding
Unicast vs. Multicast Forwarding
Unicast Forwarding
 Destination IP address directly determines
where to forward the packet
Decision based on route table
Hop-by-hop forwarding continues even during
routing topology changes
373
Unicast vs. Multicast Forwarding
Mulitcast Forwarding
 Destination IP address doesn’t directly indicate where to
forward packet
 Forwarding is connection-oriented
Receivers must first “connect” to the source before traffic
begins to flow
Connection messages (PIM Joins) follow unicast routing
table toward multicast source
Build Multicast Distribution Trees that determine where
to forward packets
Distribution Trees rebuilt dynamically in case of network
topology changes
374
Reverse Path Forwarding (RPF)
The RPF Calculation
 The multicast source address is checked against the
unicast routing table
 This determines the interface and upstream router in the
direction of the source to which PIM Joins are sent
 This interface becomes the “Incoming” or RPF interface
A router forwards a multicast datagram only if received
on the RPF interface
375
PIM Sparse Mode
PIM Sparse Mode
 Protocol-independent
Supports all underlying unicast routing protocols including: static,
RIP, IGRP, EIGRP, IS-IS, BGP, and OSPF
 Sparse mode
Uses “pull” model
Traffic sent only to where it is requested
Explicit join behavior
377
PIM-SM Shared Tree Join
RP
(*, G) State Created Only

PIM (*, G) Join Along the Shared Tree
Shared Tree
IGMP (*, G) Join

Receiver
378
PIM-SM Sender Registration
RP
Source
(S, G) State Created Only

Traffic Flow Along the Source Tree
Shared Tree
Source Tree
(S, G) Register (unicast) Receiver
(S, G) Join
379
RP
Source
(S, G) Traffic Begins Arriving

Traffic Flow at the RP Via the Source Tree
Shared Tree RP Sends a Register-Stop
Source Tree Back to the First-Hop Router
(S, G) Register (unicast) Receiver to Stop the Register Process
(S, G) Register-Stop (unicast)
380
RP
Source
Source Traffic Flows Natively

Traffic Flow Along SPT to RP
Shared Tree From RP, Traffic Flows Down
Source Tree the Shared Tree to Receivers
Receiver
381
PIM-SM SPT Switchover
RP
Source
Last-Hop Router Joins

Traffic Flow the Source Tree
Shared Tree
Source Tree
(S, G) Join Receiver
382
RP
Source
Last-Hop Router Joins the

Traffic Flow Source Tree
Shared Tree Additional (S, G) State Is Created
Source Tree Along New Part of the Source Tree
Receiver
383
RP
Source
Traffic begins Flowing Down the

Traffic Flow New Branch of the Source Tree
Shared Tree Additional (S, G) State is Created
Source Tree Along the Shared Tree to
(S, G)RP-bit Prune Receiver Prune off (S, G) Traffic
384
RP
Source
(S, G) Traffic Flow Is Now

Traffic Flow Pruned off of the Shared Tree
Shared Tree and Is Flowing to the
Receiver via the Source Tree
Source Tree
Receiver
385
RP
Source
(S, G) Traffic Flow Is No Longer

Traffic Flow Needed by the RP So it Prunes
Shared Tree the Flow of (S, G) Traffic
Source Tree
(S, G) Prune Receiver
386
RP
Source
(S, G) Traffic Flow Is Now

Traffic Flow Only Flowing to the Receiver
Shared Tree via a Single Branch of the
Source Tree
Source Tree
Receiver
387
PIM Sparse Mode Configuration
and Verification
PIM Sparse Mode Static RP
On Every Router
Global Configuration Command
ip multicast-routing
ip pim rp-address 10.1.22.22
R4 S0/0 10.2.3.4/24 R3
ip pim sparse-mode
S0/1 10.2.2.3/24
ip pim sparse-mode
LO0 10.1.22.22/32
ip pim sparse-mode
S0/1 10.2.2.2/24
S0/0 10.2.3.2/24 R2 ip pim sparse-mode
ip pim sparse-mode E0/0 10.1.1.2/24
ip pim sparse-mode
E0/0 10.1.1.1/24
ip pim sparse-mode
R1
389
PIM Sparse Mode Static RP—Verification
On Every Routerr3# show ip pim rp mapping
Group(s): 224.0.0.0/4, Static
RP: 10.1.22.22 (R2)
R4 S0/0 10.2.3.4/24 R3
ip pim sparse-mode
S0/1 10.2.2.3/24
ip pim sparse-mode
LO0 10.1.22.22/32
ip pim sparse-mode
S0/1 10.2.2.2/24
ip pim sparse-mode
E0/0 10.1.1.1/24
ip pim sparse-mode
R1
390
On Every Router
R4 S0/0 10.2.3.4/24 R3
ip pim sparse-mode
S0/1 10.2.2.3/24
ip pim sparse-mode
LO0 10.1.22.22/32
ip pim sparse-mode
S0/1 10.2.2.2/24
ip pim sparse-mode
r2# show ip pim interface

Address Interface Ver/ E0/0
Nbr 10.1.1.1/24
Query DR DR
Mode ip pim sparse-mode
Count Intvl Prior
10.1.1.2 Ethernet0/0 v2/S 1 30 1 10.1.1.2
10.2.3.2 Serial0/0 v2/S 1 30 1 10.2.3.4
10.2.2.2 Serial0/1 v2/S R1 1 30 1 10.2.2.3
391
On Every Router
R4 S0/0 10.2.3.4/24 R3
ip pim sparse-mode
S0/1 10.2.2.3/24
ip pim sparse-mode
LO0 10.1.22.22/32
ip pim sparse-mode
S0/1 10.2.2.2/24
ip pim sparse-mode
r2# show ip pim neighbor

PIM Neighbor Table E0/0 10.1.1.1/24
Neighbor Interface Uptime/Expires
ip pim sparse-mode Ver DR
Address Priority/Mode
10.1.1.1 Ethernet0/0 1d00h/00:01:17 v2 1 / B S
10.2.3.4 Serial0/0 R11d00h/00:01:44 v2 1 / DR B S
10.2.2.3 Serial0/1 1d00h/00:01:44 v2 1 / DR B S
392
PIM Sparse Mode Auto-RP
 Routers automatically learn RP address
Only routers that are candidate RPs or mapping agents
need to be configured
 Makes use of multicast to distribute info

Two specially IANA-assigned groups used
Cisco-Announce—224.0.1.39
Cisco-Discovery—224.0.1.40
Typically dense mode is used forward these groups
 Permits backup RP’s to be configured
393
PIM Sparse Mode Auto-RP
ip pim send-rp-discovery loopback 0 scope 16
MA
R4 R3
RP
On Every Router
R2
ip multicast-routing ip pim send-rp announce loopback 0 scope 16
Interface Configuration Command
ip pim sparse-dense-mode
or
ip pim sparse-mode
with R1
Global command: ip pim auto-rp listener
394
PIM Sparse Mode Auto-RP—Verification
r2# show ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
Group(s) 224.0.0.0/4
RP 10.1.22.22 (r2), v2v1 MA
R4
Info source: 10.1.44.44 (R3), via Auto-RP R3
Uptime: 00:02:19, expires: 00:02:38
RP
On Every Router
R2
ip pim sparse-dense-mode
or
ip pim sparse-mode
with R1
395
MA
R4 R3
RP
On Every Router
R2
ip multicast-routing ip pim
r3# show ip send-rp
pim rpannounce
mapping loopback 0 scope 16
Interface Configuration Command This system is an RP-mapping agent (Loopback0)

ip pim sparse-dense-mode Group(s) 224.0.0.0/4
or RP 10.1.22.22 (r2), v2v1
ip pim sparse-mode Info source: 10.1.22.22 (R2), via Auto-RP
with R1 Uptime: 00:02:55, expires: 00:02:00
396
MA
R4 R3
RP
On Every Router
R2
Interface
Configuration Command
Group(s) 224.0.0.0/4
RPip10.1.22.22
pim sparse-dense-mode
(r2), v2v1
or
Info source: 10.1.44.44 (R3), via Auto-RP
ip pim sparse-mode
Uptime: 00:24:29, expires: 00:02:17
with R1
397
PIM Sparse Mode BSR
ip pim bsr-candidate loopback 0
BSR
R4 R3
RP
On Every Router
R2
ip multicast-routing ip pim rp-candidate loopback 0
ip pim sparse-mode
R1
398
PIM Sparse Mode BSR—Verification
This system is a candidate RP (v2)

Group(s) 224.0.0.0/4
RP 10.1.22.22 (?), v2 BSR
R4
Info source: 10.1.44.44 (?), via bootstrap R3
Uptime: 00:04:09, expires: 00:02:27
RP
On Every Router
R2
ip pim sparse-mode
R1
399
PIM Sparse Mode BSR—Verification
r2# show ip pim bsr-router
PIMv2 Bootstrap information
BSR address: 10.1.44.44 (?)
Uptime: 00:06:16, BSR Priority: 0, Hash mask length: 0
Expires: 00:01:55
BSR
R4
Next Cand_RP_advertisement in 00:00:39 R3
RP: 10.1.22.22(Loopback0)
RP
On Every Router
R2
ip pim sparse-mode
R1
400
Anycast RP: Overview
 Uses single statically defined RP address
Two or more routers have same RP address
RP address defined as a loopback interface
Loopback address advertised as a host route
Senders and receivers join/register with closest RP

Closest RP determined from the unicast routing table
Can never fall back to dense mode

Because RP is statically defined
 MSDP session(s) run between all RPs

Informs RPs of sources in other parts of network
RPs join SPT to active sources as necessary
401
Anycast RP MSDP Configuration
RP1 RP2
MSDP
A B
X Y
Interface loopback 0 Interface loopback 0

Interface loopback 1 Interface loopback 1

! !
ip msdp peer 10.0.0.1 connect-source loopback 1 ip msdp peer 10.0.0.2 connect-source loopback 1
ip msdp originator-id loopback 1 ip msdp originator-id loopback 1
402
References
 Developing IP Multicast
Networks;
Beau Williamson, Cisco Press
 Routing TCP/IP Volume II;
Jeff Doyle, Cisco Press
ftp://ftpeng.cisco.com/ipmulticast/trai
ning/index.html
Available Onsite at the Cisco Company Store

403
Session 9:
Quality of Services
Quality of Service (QoS)
 What Is Qos, Why?
 Differentiated Services Architecture
 Modular QoS Command Line
 Classification/Marking
 Queuing
 Policing/Shaping
 References
405
What Is QoS in Internetworking?
 Qos is applicable in many domains outside networking
(supermarket, public roads,…)
 In networking, we refer to the set of requirements
an application imposes along an end to end pipe
Loss rate
Latency, jitter
Bandwidth
 How can we control these, in order to offer

the requested service?
406
Congestion Points
Aggregation Speed Mismatch LAN to WAN
10 Mbps 10 Mbps
1000 Mbps 64 Kbps
 Example of network node congestion

Points of substantial speed mismatch and points of aggregation
Transmit buffers have the tendency to fill
Buffering reduces loss, but introduces delay
407
IETF QoS Model: Differentiated Services
 Specify QoS via a packet header value: DSCP
 Network uses the QoS specification to classify, shape,
and police traffic, as well as perform intelligent queuing
 Enables scalable service discrimination in the Internet
without the need for per-flow state and signaling at
every hop
Group flows into aggregates—“A collection of packets

crossing a link in a particular direction”
408
IPv4 ToS vs. DS-Field
(The ToS Byte Is Re-Defined)
409
DiffServ Architecture
410
Assured Forwarding PHB
 Guarantees bandwidth
 Allow access to extra bandwidth if available
 Four standard classes (af1, af2, af3, af4)
 DSCP value range: ”aaadd0”
where “aaa is a binary value of the class
and “dd” is the drop probability
411
Expedited Forwarding PHB
 Guarantees bandwidth with prioritized forwarding
 Polices bandwidth—(excess traffic is dropped)
 Recommended DSCP value is 101110 (46)
 Looks like IP Precedence 5 to non-DS-compliant devices
412
DSCP Usage
 DSCP selects the per-hop behavior (PHB) throughout
the network:
 Default PHB 000000
 Class Selector PHB—maps to IP Precedence
 Assured forwarding PHB (AF)
 Expedited forwarding PHB (EF)
413
DSCP
DS Field DSCP ECN
DROP
Class #1 Class #2 Class #3 Class #4
Precedence
AF11 AF21 AF31 AF41
Low Drop
(001010) (010010) 011010) (100010)
Precedence 10 18 26 34
AF12 AF22 AF32 AF42
Medium Drop
(001100) (010100) 011100) (100100)
AF13 AF23 AF33 AF43
High Drop
(001110) (010110) (011110) (100110)
High Priority = EF = 101110 = 46 Best Effort = 000000 = 0
414
MQC—3 Steps to Configure a QoS Policy
1. class-map—Define traffic classes. Apply same

class-map to different policies
2. policy-map—Associate policies/actions with
each class of traffic
3. service-policy—Attach policies to interfaces
(logical or physical) either in input or output
Note: MQC does not equate to CBWFQ

CBWFQ is a queuing mechanism configurable via MQC
415
Configuring class-map
 Creates a named traffic class

 Specifies packet-matching criteria that identifies
packets belonging to a class
class-map <class-name>
match <match-criteria>
match not <match-criteria>
match class-map <class name>
416
match-any vs match-all
Define classes consisting of multiple match criteria

class-map match-any <class-name>
match <match-criteria-1>
…
match <match-criteria-n>
match-any—When only one match criterion must be met

for a packet to match the specified traffic class
match-al—When all match criteria must be met
for a packet to match the traffic class. Default when
not configured
417
Configuration Example: class-map
class-map match-any Gold

match access-group 101
match dscp EF
class-map match-all Silver
match access-group 102
access-list 101 permit ip 10.1.0.0 0.0.0.255 any

access-list 102 permit ip 10.2.0.0 0.0.0.255 any
418
class-default class
 Implicit pre-existing class—No need to be configured
 Contains traffic not matching any user-defined class
 Features configurable by referencing class-default
directly in a policy-map:
policy-map foo
class class-default
<feature>
419
Understanding policy-map
 Named object representing a set of policies that
are to be applied to a set of traffic classes
e.g. Police traffic class to some maximum rate
e.g. Guarantee traffic minimum bandwidth
policy-map <map-name>
class <class-map-name-1>
<policy-1>
<policy-n>
class <class-map-name-n>
<policy-n>
420
Configuration Example: policy-map
policy-map wan_policy
class Gold
bandwidth 512
queue-limit 64
random-detect
class Silver
bandwidth 256
class class-default
fair-queue
421
service-policy Command
 Used to attach a policy-map and thereby the

associated policies to an interface, subinterface,
PVC, etc.
 Indicate input or output direction
(config-if)#
service-policy {[output | input policy-name]}
422
Hierarchical Policies
Parent Policy
Class-default
Shape
Child Policy
Class 1 Class 2
Priority Bandwidth
423
Hierarchical Policies
Configure the child or second-level policy

policy-map child
class http
bandwidth <bw specification>
class ftp
Configure the parent or first-level policy

policy-map parent
class class-default
shape average <CIR>
service-policy child
424
Other MQC Features with shape
With MQC you can use several QoS features simultaneously

in the same policy-map
bandwidth—minimum bandwidth guarantee
shape—maximum rate limit (with buffering)
Police—limits traffic rate (no buffering)
Set—marking
Priority—configures LLQ
…
Note: Not all combinations are supported and/or make sense
425
Classification/Marking Options
 Ip precedence/DSCP Values
 Other Values
Layer 2—802.1Q, ISL, CLP Bit, DE Bit
MPLS—Experimental Bits
NBAR— (L4, dynamic ports)
Traditional—ACLs, qos-group
426
Marking and Classification
Standard IPV4: Three MSB Called IP Precedence
Layer 3 DiffServ: Six MSB Called DSCP Plus Two for ECN
IPV4
Version ToS
Length 1 Byte Len ID Offset TTL Proto FCS IP-SA IP-DA Data
Layer 2 Three Bits (3 LSB of User Field) Used for CoS

ISL
ISL Header FCS
26 Bytes Encapsulated Frame 4 Bytes
Layer 2 Three Bits Used for CoS

802.1Q/p (User Priority bits)
TAG
PREAM. SFD DA SA PT DATA FCS
4 Bytes
427
Marking Options
Marking Can Be Done via

 CAR (Committed Access Rate)
 CBpolicing
 CBmarking
 PBR (Policy Based Routing)
 QPPB (QoS Policy Propagation via BGP)
428
Classification Options
router(config-cmap)#match ?
access-group Access group
any Any packets
class-map Class map
cos IEEE 802.1Q/ISL class of
service/uses priority values
destination-address Destination address
input-interface Select an input interface to
match
ip IP specific values (prec, dscp,
rtp)
mpls Multi Protocol Label Switching
specific values
not Negate this match result
protocol Protocol
qos-group Qos-group
source-address Source address
429
Queuing
Queuing + Scheduling = Congestion Management

 Buffering packets in queues
 Scheduling packets out of the queues
Outbound Packets
Scheduler
Packets in
Various Queues
430
Congestion Management—
Queuing and Scheduling
 Queuing
Congestion management entails the creation of queues,
assignment of packets to those queues based on
classification
 Scheduling
Congestion management controls congestion by determining
the order in which packets are sent from different queues out
an interface based on packet priorities.
Scheduling policy specifies how packets of different classes
are served with respect to each other. Example scheduling
policies include FIFO and WFQ
431
Backpressure
 ‘Backpressure’ is the term used for the mechanism
which triggers the congestion management
(queuing and scheduling)
 Backpressure comes from
tx-ring of an interface is full
Token-bucket of a shaper is empty
Others (platform specific like tofab queuing on GSR)
432
What’s a txQ ?
 Every interface has 2 sets of queues
 Software queues ( FIFO, WFQ, …)
Any type of software queuing other than FIFO is also
referred to as FANCY Queuing
 Hardware queue ( =TxQ ) which is always FIFO!
The TxQ, also called tx-ring, is a FIFO queue in between
the scheduler and the interface asic
Software Q 1
scheduler Tx-ring
Software Q n
Wire Signal
433
CBWFQ—MQC Config Example
policy-map mypolicy
class multimedia
bandwidth 3000
class www
bandwidth 2250
class ftp
bandwidth 1500
class class-default
bandwidth 750
434
CBWFQ—MQC Verification
#sh policy-map interface e1/1

Ethernet1/1
Service-policy output: mypolicy
Class-map: multimedia (match-all)

0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
Weighted Fair Queueing
Output Queue: Conversation 264
Bandwidth 3000 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
435
Low Latency Queueing (LLQ)
aka priority Command
 Implements both a minimum and maximum bandwidth

guarantee
 It is a strict priority queue with a specified amount
of available bandwidth
 During congestion, LLQ cannot use any excess
bandwidth. This is achieved with a conditional,
built-in policer
436
Configuration Example:
Low Latency Queuing (LLQ)
policy-map wan_policy
class Gold
priority 512
class Silver
bandwidth 256
class class-default
random-detect
Verification
show policy-map interface
437
Policing vs. Shaping
Data Lost
Traffic
Traffic Rate
Traffic
Traffic Rate
Policing
Time Time
Traffic Rate Data Preserved
Traffic
Traffic
Traffic Rate
Shaping
Time Time
438
Ways to Limit Throughput
 Common mechanism to meter traffic is a Token Bucket
 Policing
CAR, CBpolicing: Token bucket(s), NO queue
Conform/exceed actions are configurable
 Traffic Shaping
GTS, FRTS, CBshaping: Token bucket + queue
Conform/exceed actions are always transmit/queue
439
Token Bucket
Tc=Bc/CIR : Time Interval

Bc Tokens are
Between 2 Replenishments
Added Every Tc
of Token Bucket
(with Bc tokens)
Bc + Be: Is the Maximum

Number of Token-bits That
you Can Store
The Packets are Sent at Access

Speed as Long as There are
Enough Tokens
440
Tc—Interval—Hypothetical Example
Rate (Mbps)
Bc = 1M => TC = 1s
CIR = 1Mbps
interface rate = 2Mbps
2
1
Bc Bc
Time (s)
Tc1 1 Tc2 2 Tc3 3
If there is continuous traffic, then on average we achieve

a shaped rate of 1M (2M during 1/2s, every second = 1Mbps)
441
Be—Excess Burst
Token Bucket Dimensioning:

 Every Tc, we add Bc tokens
Be
 Allow the token bucket to
grow as deep as Be + Bc if
not all Bc tokens are used in
an interval Bc
442
Class-Based Shaping
 Shaping on a class via MQC (shape command)

 Classification with extensive MQC match criteria
(e.g. NBAR)
 Shaping queue is WFQ, CBWFQ, or LLQ
 Two forms:
shape average
shape peak
 shape {average | peak} [percent percent]

[bc] [be]
443
Average vs. Peak
 Difference in number of tokens given per Tc and how

excess tokens are accrued:
 Average—Bc only is added every Tc to the token bucket
 Peak—Bc+Be is added every Tc to the token bucket
(To burst at Bc + Be)
Average rate shaper must be idle for some time to build Be
with unused tokens added by Bc
Peak rate shaper gets increment of Bc + Be per Tc
and does not need to be idle
444
CBShaping: shape average
policy-map SHAPING
class AF
shape average 241000
Router# show policy interface Serial 3/0

…
Traffic Shaping
Target Byte Sustain Excess Interval Increment Adap
Rate Limit bits/int bits/int (ms) (bytes) Active
241000 1928 7712 7712 32 964 -
Queue Packets Bytes Packets Byte
Depth Delayed Delayed Active
41 3980 978872 3967 975686 yes
445
CBpolicing—Actions
R2(config-pmap-c)#police 30000 conform-action ?

drop drop packet
exceed-action action when rate is within conform and
conform + exceed burst
set-clp-transmit set atm clp and send it
set-discard-class-transmit set discard-class and send it
set-dscp-transmit set dscp and send it
set-frde-transmit set FR DE and send it
set-mpls-exp-imposition-transmit set exp at tag imposition and send it
set-mpls-exp-topmost-transmit set exp on topmost label and send it
set-prec-transmit rewrite packet precedence and send it
set-qos-transmit set qos-group and send it
transmit transmit packet
446
Multi-Action Policers
Two or more set parameters as a conform, exceed

or violate action
policy-map QOS
class class-default
police cir 80000 pir 100000
conform-action transmit
exceed-action set-prec-transmit 4
exceed-action set-frde-transmit
violate-action set-prec-transmit 2
violate-action set-frde-transmit
447
Hierarchical Policer
Policy Map outer_police

Class class-default
police cir 110000 bc 5000 be 5000
exceed-action drop
violate-action drop
service-policy inner_police
Policy Map inner_police

Class ef
police cir 10000 bc 1500
exceed-action drop
448
Trust Boundaries
WAN
Endpoints Access Distribution Core Aggregation
3
Trust Boundary
 A device is trusted if it correctly classifies packets
 For scalability, classification should be done as close to the edge as possible
 The outermost trusted devices represent the trust boundary
 1 and 2 are optimal, 3 is acceptable (if the access switch cannot perform classification)
449
Catalyst Qos—Gotchas
 Understand the concept of (un)trusted ports
 ‘mls qos’ needs to be enabled first in global config mode
 Most catalysts have their own CLI for configuring various
features (e.g. queuing)—not always MQC!
 Every catalyst model has its own restrictions and qos
featureset
Be familiar with 3550 and 3560 specific implementations
Read UCD!
450
Catalyst QoS: Catalyst 3550 Operation
QoS Actions QoS Actions

at Ingress at Egress
Queue/
Schedule
Classification/
Policing Marking
Reclassification
Congestion
Control
 Identify and Class Traffic with an  WRR Queuing

with WRED
Internal DSCP or Trust Existing (Gig Only)
QoS Value and Map to Internal or Tail-Drop
DSCP (Default)
 Done on a per Interface Basis  Optional
Expedite Queue
451
QOS—3560 Switch
 Packets are assigned an internal QoS label

 Queuing is done via SRR (Shaped Round Robin)
Egress
Queues
Policer Marker Ingress
Queues
Policer Marker
Classify SRR SRR
Policer Marker
Policer Marker
452
References
End-to-End QoS Network Design Quality of Service

in LANs, WANs, and VPNs, by Tim Szigeti,
Christina Hattingh
 http://www.cisco.com/univercd/cc/td/doc/product/softwa
re/ios124/index.htm
 http://www.cisco.com/univercd/cc/td/doc/product/lan/c3
550/index.htm
 http://www.cisco.com/univercd/cc/td/doc/product/lan/cat
3560/index.htm
 www.cisco.com/go/qos
453
Q and A
Session 10:
Troubleshooting
Agenda
 Overview
 Troubleshooting approach
 Sample scenario
 Sample lab question
456
Overview
“The minimally qualified Routing and Switching CCIE can

abstract functional elements of a complex network
environment, understand how infrastructure components
interoperate, grasp subtle issues, perceive problem
areas, and quickly resolve problems. The expert’s
fluency makes them ideally suited for configuring and
validating implementations, troubleshooting critical
network issues, and participating in network design
teams.”
Definition of a Minimum Qualified R&S CCIE Candidate (from the
Exam Design Session)
457
Troubleshooting Approach
When analyzing a problem you should consider the

following facts:
 Make sure you have a clear definition of the problem.
 Gather all the relevant facts and consider the likely possibilities.
 Create and implement an action plan and then observe the results.
 If the symptoms do not stop try another action plan and gather
additional facts. If you try one thing and it doesn’t work you should
take that configuration or feature off. In case you make the situation
worse, always keep the basic and get back to a known position.
 If the symptoms do stop, document how you fixed the problem.
458
Sample TS Lab Scenario
Network
YY.YY.0.0/16
Lo0= .0.4/32 OSPF
Area 1
R9
NSSA
.0.113/28
E2/0
EIGRP 10
.0.112/28
E2/0 Lo0= .0.3/32 Lo0= .1.2/32
R8 .0.66/28 OSPF R2
.1.50/28
E1/0 E0/0 .0.65/28 Lo0= .0.1/32
S1/0 S1/0 Lo0= .1.1/32 Area 0 .1.49/28 E0/0
.0.82/28 Lo0= .1.3/32
E1/0 DCE
.0.81/28 R6 .0.9/30 .0.10/30 R1 R3 E0/0

E1/0 E0/0 S0/0 S0/0
.0.97/28 .1.17/29 .1.18/29
.0.98/28
Lo0= .0.2/32 E0/0 OSPF
Frame
R7 Area 3 Relay
S0/0
.1.19/29
Lo0= .1.4/32 OSPF
Area 2
.1.33/28 Stub
R4
E0/0
.1.34/28 Lo0= .1.5/32
E0/0
R5
459
Sample TS Lab Scenario (Cont.)
IPv6 topology
Lo0: 2001:200:208::8
E0/0: 2001:308:806::8
OSPFv3
R8
Lo0: 2001:333:600::6
S2/0: 2001:303:100::6
EIGRPv6 R6 R1
E1/0: 2001:300:608::6 Lo0: 2001:404:200::1
S2/0: 2001:303:100::1
460
Sample TS Lab Scenario (Cont.)
Incident 8
Router R1 cannot ping the IPv6 route 2001:200:208::8.
1 fault - Score: 2 Points
Issue:
Possible cause(s) R1#ping ipv6 2001:200:208::8
• Address configuration <…>
• Routing protocols configuration .....  IPv6 ping fails
• Redistribution configuration Success rate is 0 percent (0/5)
• Other? Verification:
R1#ping ipv6 2001:200:208::8
!!!!!  IPv6 ping success
461
Q and A

Ccie Rs Lab Prep

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ccie Rs Lab Prep

Uploaded by

Copyright:

Available Formats

CCIE Routing and Switching

Session 2 Core Knowledge

Session 6 IP Routing BGP

Session 9 Quality of Service

 CCIEs must pass two exams

 Reflect growth of network as a service platform

 Written and lab exams refreshed with new questions

Development Validation and

 Covers networking theory related to:

Permanent CCIE R&S Lab Locations

R&S Lab Exam: Topics Red= v4.0 blueprint

 Evaluate proposed changes to a Network

 The Comm Server is pre-configured

 All routers and switches have a startup configuration:

 Static routes (of any kind)

FA0/0-10.11/24 S0/0-11.1/24 S0/0-11.2/24

 Refer to the diagram below. On which routers can you

(Answer: Any ABR router)

What device is used to dynamically announce the RP

Multilayer Switching and Frame Relay

 Layer 3 and 4: MLS

switchport mode access

VLAN Name Status Ports

 Choose the encapsulation and create a trunk

sw1 Fa0/10 BB1 BB2 Fa0/10 sw2

switch#s int f0/x trunk

Port Mode Encapsulation Status Native vlan

Port Vlans allowed on trunk

Port Vlans allowed and active in management domain

Port Vlans in spanning tree forwarding state and not pruned

switch3#sh cdp neigh

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

Device ID Local Intrfce Holdtme Capability Platform Port ID

 Configure the amount of time a neighbor should hold

Sending CDPv2 advertisements is enabled

 Negotiate trunking encapsulation, enabled by default

 Completely disable DTP traffic on all Fast Ethernet

if)#switchport mode access

 Same VTP domain, version (1 or 2) and password

3550# show vtp counters

 A logical aggregation of similar links

 Can aggregate L2 Access Ports, L2 Trunks or L3 Links

 Create EtherChannels among Sw1 and Sw2 so that it

 Use interface range

Group Port-channel Protocol Ports

switch#sh ether 12 port

Age of the port in the current state: 00d:00h:00m:17s

switch#sh int port-channel 12

 Provide loop free topology while physical redundant

A BPDU Is Superior than Another if it Has:

 Mechanism of handshake to bypass listening/

 Enhances STP scalability (preserves CPU power)

spanning-tree mode mst

The 3550 switches in your topology are pre-cabled as

Analyze the Initial Status

Sw#sh vlan brief ; Sw1#sh int trunk

Think About It…

spanning-tree vlan 1 forward-time 4

Sw1 Sw2 Sw1 Sw2

So We Need Sw2 to Become Root for One Vlan!

spanning-tree vlan 1 forward-time 4 spanning-tree vlan 2 forward-time 4

Sw1 Sw2 Sw1 Sw2

Sw1#s span vlan 2