CCIE Routing and Switching v4.0

Transcription

1

2 Table of Cotets CCIE Routig ad Switchig v4.0 Quick Referece Brad Ellis Jacob Uecker Steve Meas Chapter 1 Geeral Networkig Theory...2 Chapter 2 Bridgig ad LAN Switchig Chapter 3 IP Addressig Chapter 4 IP Routig Chapter 5 Quality of Service (QoS) Chapter 6 Network Optimizatio Chapter 7 WAN Chapter 8 IP Multicastig Chapter 9 Security Chapter 10 MPLS Chapter 11 IPv Chapter 12 Implemetig Layer 2 Techologies..226 Chapter 13 Implemetig IPv Chapter 14 Implemetig IPv ciscopress.com

3 [ 2 ] CCIE Routig ad Switchig v4.0 Quick Referece Chapter 1 Geeral Networkig Theory Geeral Routig Cocepts Lik-State ad Distace Vector Protocols Distace Vector Examples: Routig Iformatio Protocol Versio 1 (RIPv1), RIPv2, Iterior Gateway Routig Protocol (IGRP) Features periodic trasmissio of etire routig tables to directly coected eighbors Mathematically compares routes usig some measuremet of distace Features hop-cout limitatio Lik State Examples: Ope Shortest Path First (OSPF), Itermediate System-to-Itermediate System (IS-IS) Seds local coectio iformatio to all odes i the iteretwork. Forms adjacecies with eighborig routers that speak the same protocol; seds local lik iformatio to these devices. Although this floods of iformatio to all odes, the router seds oly the portio of iformatio that deals with the state of its ow liks. Each router costructs its ow complete picture or map of the etwork from all the iformatio received Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

4 [ 3 ] CCIE Routig ad Switchig v4.0 Quick Referece Hybrid Example: Ehaced Iterior Gateway Routig Protocol (EIGRP) Features properties of both distace vector ad lik-state routig protocols Path Vector Protocol Example: Border Gateway Protocol (BGP) Path vector protocols are a subset of distace vector protocols; BGP uses path vectors or a list of all the autoomous systems a prefix has crossed to make metric decisios ad to esure a loop-free eviromet. I additio to the autoomous system path list, a admiistrator ca use may other factors to affect the forwardig or receipt of traffic usig BGP. Split Horizo Routig protocols use the Split horizo techique to help prevet routig loops. The split-horizo rule states that a iterface will ot sed routig iformatio out a iterface from which the routig iformatio was origially received. Split horizo ca cause problems i some topologies, such as hub-ad-spoke Frame Relay cofiguratios. Summarizatio Summarizatio is the process i which the admiistrator collapses may routes with a log mask to form aother route with a shorter mask. Route summarizatio reduces the size of routig tables ad makes the routig fuctio more efficiet. Route summarizatio also helps to make etworks more stable by reducig the umber of updates set whe subets chage state. Route summarizatio makes classless iterdomai routig (CIDR) possible. Variable-legth subet maskig (VLSM) promotes the use of route summarizatio. Some dyamic routig protocols egage i route summarizatio automatically for chages i a major classful etwork, whereas others do ot. For ay routig protocol withi the scope of the CCIE writte exam, a admiistrator ca disable ay automatic summarizatio that might occur ad cofigure maual summarizatio. To egage i route summarizatio, fid all the left-most bits that are i commo ad create a mask that ecompasses them. A example follows Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

5 [ 4 ] CCIE Routig ad Switchig v4.0 Quick Referece The followig routes exist i the routig table all routes use a 24-bit mask: = = = = = = = = Notice that the first 21 bits of the subetwork IDs are all commo. These ca be masked off. You ca use the sigle route etry for all these subetworks as follows: /21 Classful ad Classless Routig Protocols Classful routig protocols are cosidered legacy ad do ot iclude subet mask iformatio with routig updates. Examples of classful routig protocols are RIPv1 ad IGRP. Because subet mask iformatio is ot icluded i updates, cosistecy of the mask is assumed throughout the etwork. Classful routig protocols also feature automatic summarizatio of routig updates whe set across a major classful etwork boudary. For example, the /16 etwork would be advertised as /8 whe set ito a domai. Although BGP ad EIGRP are ot classful routig protocols, both egage i automatic summarizatio behavior by default, ad i that sese they act classful. The o auto-summary commad is used to disable this behavior. Classful routig protocols feature a fixed-legth subet mask (FLSM) because of their iheret limitatios. The FLSM leads to iefficiet use of addresses ad limits the etwork s overall routig efficiecy. By default, classful routig protocols discard traffic boud for ay ukow subet of the major classful etwork. For example, if your classful routig protocol receives traffic destied for ad it kows of oly the ad subets i its routig table, it discards the traffic eve if a default route is preset! The ip classless 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

6 [ 5 ] CCIE Routig ad Switchig v4.0 Quick Referece commad was itroduced to chage this behavior. The ip classless commad eables the protocol to use the default route i this case. This commad is o by default with Cisco IOS Release 12.0 ad later routers. As a classic example of a classless routig protocol, OSPF carries subet mask iformatio i updates. Wireless LAN Services Module (WLSM) is possible with such protocols. Routig Decisio Criteria Routers must determie the best route to sed traffic o toward its destiatio. This is accomplished as follows (ote that the order of operatios is critical ad fixed): 1. Valid ext-hop IP address: Whe updates are received, the router first verifies that the ext-hop IP address to reach the potetial destiatio is valid. 2. Metric: The router the examies the metrics for the various routes that might exist from a particular protocol. For example, if OSPF has several routes to the destiatio, the router tries to istall the route with the best metric (i this case, cost) ito the routig table. 3. Admiistrative distace: If multiple routig protocols ru o the device, ad multiple protocols all preset routes to the destiatio with valid ext hops, the router examies admiistrative distace. The route sourced from the lowest admiistrative distace protocol or mechaism is istalled i the routig table. 4. Prefix: The router examies the route s prefix legth. If o exact match exists i the routig table, the route is istalled. This might cause the routig table to fill with the followig etries: EIGRP /24 ad RIP /19. For the prefix legth ad the routig table, remember that whe a router looks for a match i the IP routig table for the destiatio address, it always looks for the logest possible prefix match. For example, if the routig table cotais etries of /8, /16, ad /24, ad your traffic is destied for /24, the logest match prefix is selected. This prefix legth rule trumps admiistrative distace. So a /24 prefix leared via EIGRP would be preferred over a /16 added as a static route despite the static route havig a superior admiistrative distace Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

7 [ 6 ] CCIE Routig ad Switchig v4.0 Quick Referece Routig Iformatio Base ad Routig Protocol Iteractio Admiistrative Distace If a router lears of a etwork from multiple sources (routig protocols or static cofiguratios), it uses the admiistrative distace value to determie which route to istall i the routig (forwardig) table. The default admiistrative distace values are listed here. Source Admiistrative Distace Coected iterface 0 Static route 1 EIGRP summary route 5 Exteral BGP 20 Iteral EIGRP 90 IGRP 100 OSPF 110 IS-IS 115 RIP 120 Exterior Gateway Protocol 140 O-demad routig 160 Exteral EIGRP 170 Iteral BGP 200 Ukow 255 Admiistrators ca create static routes that float. A floatig static route meas the admiistrator icreases the admiistrative distace of the static route to be greater tha the default of 1. For example, if you ru EIGRP o your etwork, the AD of a static route could be icreased to 95. This would mea the static route would be used oly whe a dyamic EIGRP route did ot exist Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

8 [ 7 ] CCIE Routig ad Switchig v4.0 Quick Referece Routig Table The routig table has bee the pricipal elemet of IP routig ad the primary goal of routig protocols to build ad maitai for most of moder iteretworkig. The mai routig table model, the hop-by-hop routig paradigm, has the routig table list for each destiatio etwork of the ext-hop address to reach that destiatio. If the routig tables are cosistet ad accurate, with o misiformatio, this simple hop-by-hop paradigm works well eough to deliver data to aywhere from aywhere i the etwork. I recet practice, this simple hop-by-hop model is abadoed for ew techologies such as Multiprotocol Label Switchig (MPLS). These techologies eable a simple ad efficiet label lookup to dictate the ext hop that data should follow to reach a specific destiatio. Although this determiatio ca be based o the routig table iformatio, it ca easily be based o other parameters, such as quality of service (QoS) or other traffic egieerig cosideratios. MPLS is explored i its ow chapter of this Q. Routig Iformatio Base ad Forwardig Iformatio Base Iteractio The routig ad forwardig architecture i Cisco routers ad multilayer switches used to be a cetralized, cachebased system that combied a cotrol plae ad a data plae. The cotrol plae refers to the resources ad techologies that create ad maitai the routig table. The data plae refers to those resources ad techologies eeded to actually move data from the igress port to the egress port o the device. This cetralized architecture has migrated so that the two plaes ca separate to ehace scalability ad availability i the routig eviromet. The separatio of routig ad forwardig tasks has created the Routig Iformatio Base (RIB) ad the Forwardig Iformatio Base (FIB). The RIB operates i software, ad the cotrol plae resources take the best routes from the RIB ad place them i the FIB. The FIB resides i faster hardware resources. The Cisco implemetatio of this ehaced routig ad forwardig architecture is called Cisco Express Forwardig (CEF). Redistributio Redistributio Betwee Routig Protocols Route redistributio might be required i a iteretwork because multiple routig protocols must coexist. Multiple routig protocols might be a ecessity because of a iterim period durig coversio from oe to aother, applicatio-specific protocol requiremets, political reasos, or a lack of multivedor iteroperability Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

9 [ 8 ] CCIE Routig ad Switchig v4.0 Quick Referece A major issue with redistributio is the seed metric used whe the routes eter the ew routig protocol. Normally, the seed metric is geerated from the origiatig iterface. For example, EIGRP would use the badwidth ad delay of the origiatig iterface to seed the metric. With redistributed routes, however, these routes are ot coected to the router. Some routig protocols feature a default seed metric for redistributio, whereas others do ot. Followig is a list of the defaults for the various protocols. Ifiity idicates a seed metric must be cofigured; otherwise, the receivig protocol will ot use the route. Protocol Default Seed Metric OSPF 20; except BGP, which is 1 IS-IS 0 RIP Ifiity IGRP/EIGRP Ifiity Redistributio Ito RIP Remember to set a default metric, usig either the redistribute commad or the default-metric commad. Followig is the commad to redistribute routes ito RIP: redistribute protocol [process-id] [match route-type] [metric metric-value] [route-map map-tag] The match keyword eables you to match certai route types whe redistributig OSPF. For example, you ca specify iteral, exteral 1, or exteral 2. The route-map keyword eables you to specify a route map for cotrollig or alterig the routes that are redistributed. Redistributio Ito OSPF The default seed metric is 20. The default metric type for redistributed routes is Exteral Type 2 (E2), meaig the metric reflects oly the cost from the redistributig router to the destiatio regardless of the path cost withi the 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

10 [ 9 ] CCIE Routig ad Switchig v4.0 Quick Referece OSPF etwork. Type 1 (e1) ca be optioally used, which meas the metric will be based o the total path to the destiatio. Subets are ot redistributed by default. Followig is the commad for redistributio ito OSPF: redistribute protocol [process-id] [metric metric-value] [metric-type type-value] [route-map map-tag] \[subets] [tag tag-value] The subets keyword is critical i this commad ad specifies that subets should ideed be redistributed. The tag value eables the admiistrator to cofigure a optioal tag value that ca be used later to easily idetify these routes. Redistributio ito EIGRP Remember that like RIP, you must set a default seed metric whe redistributig ito EIGRP. Followig is the commad for redistributio ito EIGRP: redistribute protocol [process-id] [match {iteral exteral 1 exteral 2}] [metric metric-value] [route-map map-tag] Troubleshootig Routig Loops You ca perform oe-way or two-way redistributios. You ca also perform redistributio i multiple locatios throughout the topology. With oe-way redistributio, you typically pass a default route ito the edge protocol, ad take all the edge protocol routes ad redistribute them ito the core protocol of the etwork. With two-way redistributio, all routes from each routig protocol pass ito each other. If two-way redistributio is 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

11 [ 10 ] CCIE Routig ad Switchig v4.0 Quick Referece performed i multiple areas i the etwork, a excellet chace exists for route feedback ad routig loops. Routig loops are likely to occur because routig iformatio from oe autoomous system ca easily be passed back ito that same autoomous system. The safest way to elimiate the chace for a loop is to redistribute oly i oe directio (oe-way redistributio). If this is ot possible, ad two-way redistributio is wated, try these techiques to esure a lack of loops: Redistribute from the core protocol ito the edge with filterig to block routes ative to the edge. Apply two-way redistributio o all routes, ad maipulate admiistrative distace associated with the exteral routes so that they are ot selected whe multiple routes exist for the same destiatio. A excellet techique to detect a routig loop durig redistributio is to use the debug ip routig commad. This commad shows all routig table activity as it occurs ad demostrates a loop coditio through routig table istability. I a stable etwork, little to o output occurs Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

12 [ 11 ] CCIE Routig ad Switchig v4.0 Quick Referece Chapter 2 Bridgig ad LAN Switchig Spaig Tree Protocol 802.1D 802.1D Spaig Tree Protocol (STP) is a Layer 2 loop-prevetio mechaism. It is a IEEE stadards-based protocol. Over the years, Cisco ehaced this protocol with ew features to make much-eeded improvemets. This chapter discusses those improvemets ad ew IEEE versios of the protocol that dramatically improve the techology. Layer 2 loops are terrible because of o Time To Live (TTL) value i frames. Loops ca cause broadcast storms, MAC table corruptio, ad multiple-frame copies. STP Process The bridge ID (BID) is a critical elemet for the creatio of the spaig-tree, loop-free topology. The bridge ID cosists of a 2-byte bridge priority ad a 6-byte MAC address. The default priority is 32,768. Newer switch operatig systems break the priority field ito two sectios: the 4-bit priority ad a 12-bit exteded system ID. This exteded system ID value is just the VLAN ID. This eables each VLAN to have a uique bridge ID while still usig the same MAC address ad priority value. Previously, multiple MAC addresses were eeded for each VLAN to esure uiqueess. Path cost is the measure of distace from oe bridge to aother. Liks are assiged a cost value by STP. This cost value is based o badwidth. Higher-badwidth liks receive a lower-cost value, ad STP deems a lower-cost path as preferred to a higher-cost path. Iitially with STP operatios, a root bridge must be selected. This root bridge will have all its ports i the forwardig state (desigated ports) ad will be the cetral referece poit for the creatio of a loop-free Layer 2 topology. For 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

13 [ 12 ] CCIE Routig ad Switchig v4.0 Quick Referece the electio of this device, cofiguratio bridge protocol data uits (BPDU) are set betwee switches for each port ad BIDs are compared. The switch with the lowest priority will be the root bridge. If a tie occurs, the switch with the lowest MAC address will be the root bridge. After the root bridge for the etwork has bee determied, this referece poit ca create the loop-free topology. This iitial creatio of the loop-free topology takes place i three steps: Step 1. Step 2. Step 3. Elect a root bridge. The lowest BID wis. Elect root ports. Every oroot bridge selects oe root port. Elect desigated ports. Each segmet has oe desigated port (the bridge with the desigated port is the desigated bridge for that segmet); all active ports o the root bridge are desigated (uless you coect two ports to each other). Whe covergece occurs, BPDUs radiate out from the root bridge over loop-free paths. Figure 2-1 shows a example of STP i actio. Ports have a port state uder 802.1D STP. Ports begi life o the switch as disabled ad gradually trasitio to a forwardig state whe STP deems it is safe to do so. The possible states are listed here alog with the timers that cotrol the trasitio times. The states are carefully ordered to demostrate the order of trasitio: Figure 2-1 Spaig-Tree Topology 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

14 [ 13 ] CCIE Routig ad Switchig v4.0 Quick Referece 1. Disabled: Admiistratively dow 2. Blockig: BPDUs received oly (20 sec) 3. Listeig: BPDUs set ad received (15 sec) 4. Learig: Bridgig table is built (15 sec) 5. Forwardig: Sedig/receivig data STP timers cotrol covergece i the process: Figure D Timers Hello: 2 sec (time betwee each cofiguratio BPDU) Forward Delay: 15 sec (cotrols duratios of listeig/learig states) Max Age: 20 sec (cotrols the duratio of the blockig state) Default covergece time is 30 to 50 secods. Timer modificatio is possible from the root bridge. See Figure Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

15 [ 14 ] CCIE Routig ad Switchig v4.0 Quick Referece Although the timers ca be maipulated, Cisco does ot recommed this. Istead, Cisco mechaisms ca improve covergece times without direct maipulatio of the timers by the admiistrator. Covergece time is a recogized issue with STP ad the exact reaso for IEEE s creatio of ew versios of the protocol. Topology Chages STP uses a Topology Chage Notificatio (TCN) BPDU to alert the root bridge that a topology chage to the spaig tree might eed to occur. The Type field of the BPDU sigifies the TCN BPDU: 0x80. TCN BPDUs improve covergece time whe failures i the etwork occur primarily because they help i a rapid updatig of the MAC address tables. The TCN process of 802.1D is as follows: 1. A bridge seds a TCN BPDU i two cases: a. It takes a port ito forwardig ad has at least oe desigated port (DP). b. A port goes from Forwardig/Learig to Blockig. c. TCNs are set out the root port of oroot devices; they are set each hello iterval util they are ackowledged by the upstream device. 2. Upstream bridges process TCN o DPs. 3. The upstream switch sets the Topology Chage Ackowledgmet (TCA) field of the ext cofiguratio BPDU received ad seds this dowstream. This causes the dowstream switch to stop sedig TCN BPDUs. Note The CCIE writte exam focuses o the Cisco IOS-based commad set. As a result, o CatOS commads are show i ay of the Quick Referece Sheets. 4. The upstream switch the seds the TCN further upstream. 5. This cotiues util the root bridge receives the TCN. 6. The root bridge the sets the TCA ad Topology Chage flags i the ext cofiguratio BPDU set out dowstream. 7. The root bridge sets the TC flag i all BPDUs set for Forward Delay + Max Age. This istructs all switches to age MAC table address etries faster Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

16 [ 15 ] CCIE Routig ad Switchig v4.0 Quick Referece Root Bridge Placemet You eed to set the root bridge locatio i your etwork usig the appropriate Cisco IOS commad. You should also select a secodary root if the primary root fails. spaig-tree vla vla_id priority priority_value eables you to modify the priority value ad directly maipulate the root electio. For example, spaig-tree vla 100 priority 4096 sets the priority to 4096 for VLAN 100 o the local switch. If all switches are at the default priority value of 32,768, the bridge becomes the root. You ca use the priority value of 8192 i this case o aother switch to elect it as the secodary root bridge. The commad spaig-tree vla vla_id root primary is actually a macro commad that examies the priority of the existig root ad sets the priority o the local switch to be 1 less. If the default is used o the root, the priority is set to To create a secodary root, you ca use the followig commad: spaig-tree vla vla_id root secodary This commad sets the priority value to 16,384. Remember, i a Cisco eviromet, by default all spaig-tree mechaisms occur o a VLAN-by-VLAN basis, which is Per-VLAN Spaig Tree (PVST+). Fast STP Covergece with Cisco-Proprietary Ehacemets to 802.1D PortFast PortFast, as show i Figure 2-3, is a Cisco ehacemet to the 802.1D STP implemetatio. You apply the commad to specific ports, ad that applicatio has two effects: Ports comig up are put directly ito the forwardig STP mode. The switch does ot geerate a TCN whe a port cofigured for PortFast is goig up or dow for example, whe a workstatio power-cycles. Therefore, cosider eablig PortFast o ports coected to ed-user workstatios. Use cautio with PortFast ports to esure that hubs, switches, bridges, or ay other device that might cause a loop do ot coect to these ports Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

17 [ 16 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 2-3 PortFast UplikFast Cofigure UplikFast o wirig closet switches, which detects a directly coected failure ad eables a ew root port to come up almost immediately. Whe you cofigure UplikFast, the local switch has a priority set to 49,152 ad adds 3000 to the cost of all liks. Fially, a mechaism is icluded that causes the maipulatio of MAC address tables for other bridges. BackboeFast Cofigure BackboeFast o all switches to speed covergece whe the failure occurs ad is idirectly located, such as i the core of the backboe. It reduces covergece from approximately 50 secods to approximately 30 secods w Rapid Spaig Tree Protocol Rapid Spaig Tree Protocol (RSTP or IEEE 802.1w) improves o 802.1D. The protocol icorporates may ew features to speed covergece, icludig icorporatio of the ideas preseted by Cisco i its ehacemets to 802.1D. Although the ew techology has may improvemets,, the cofiguratio remais almost idetical ad the two techologies ca coexist. Full beefits are ot realized util all systems ru RSTP, however. RSTP requires full-duplex, poit-to-poit coectios betwee adjacet switches to achieve fast covergece. RSTP defies edge ports as those ot participatig i STP. Edge ports ca be statically cofigured or will be recogized by the PortFast cofiguratio commad Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

18 [ 17 ] CCIE Routig ad Switchig v4.0 Quick Referece RSTP Port States RSTP port states are simplified from 802.1D ad cosist of the followig: Discardig Learig Forwardig Also, the port states are o loger tied directly to port roles. For example, a DP could be Discardig, eve though it is destied to trasitio to the Forwardig state. RSTP Port Roles Root port: This port role exists i 802.1D, too, ad is the best path back to the root bridge; it must exist o all oroot bridges. Desigated port: This port role exists i 802.1D, too, ad there must be a DP o all segmets i the topology. By default, all ports o the root bridge are DPs. Alterative port: This port role is ew to 802.1w ad is a quickly covergig backup port to the curret DP o a segmet. Backup port: This port role is ew to 802.1w ad is a quickly covergig backup to the root port for a system. RSTP BPDUs All bridges ow sed BPDUs every hello time period (2 secods by default). The BPDUs ow act as a keepalive; protocol iformatio is aged if o BPDUs are heard for three cosecutive hello times. RSTP proposal ad agreemet process/topology chage mechaism Covergece occurs o a lik-by-lik basis i 802.1w. No loger does a reliace o timers for covergece exist as i 802.1D. A proposal ad agreemet process replaces the timer methodology of STP ad flows dowstream from the root device Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

19 [ 18 ] CCIE Routig ad Switchig v4.0 Quick Referece I RSTP, oly oedge ports movig to the Forwardig state cause a topology chage (TC). The origiator of a TC is ow resposible for floodig it through the etwork. Implemetig RSTP O most Cisco switches, cofigurig 802.1s (Multiple Spaig Tree, MST) automatically eables RSTP. Cisco did ivet a mode of operatio, PVST+ mode, that eables you to use RSTP without the implemetatio of MST. You ca eable PVST+ mode o a switch with the followig commad: spaig-tree mode rapid-pvst 802.1s Multiple Spaig Tree MSTP (IEEE 802.1s) is a IEEE stadard that eables several VLANs to be mapped to a reduced umber of spaig-tree istaces. This provides advatages over PVST+ because typical topologies eed oly a few spaigtree topologies to be optimized. You cofigure a set of switches with the same MISTP parameters, ad this becomes a MST regio. With MISTP, you have a iteral spaig tree capable of represetig the etire MST regio as a commo spaig tree for backward compatibility with earlier IEEE implemetatios. Follow these steps to cofigure MISTP: Step 1. Globally eable MISTP (MSTP) o your switches: spaig-tree mode mst Step 2. Eter MST cofiguratio submode: spaig-tree mst cofiguratio Step 3. ame ame Step 4. Set the MST regio ame: Set a cofiguratio revisio umber: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

20 [ 19 ] CCIE Routig ad Switchig v4.0 Quick Referece revisio rev_um Step 5. Map your VLANs to MST istaces: istace it vla rage You ca easily verify a MSTP cofiguratio usig the followig commads: show spaig-tree mst cofiguratio show spaig-tree mst vla_id Loop Guard As its ame implies, Loop Guard is a method for esurig that STP loops ever occur i a particular topology. Eve though STP guards agaist such loops, they ca still occur because of thigs such as uidirectioal lik failures or switch cogestio issues. Loop Guard prevets loops coservatively by prevetig alterative or root ports from becomig DPs i the topology. If BPDUs are ot received o a o-dp, ad Loop Guard is eabled ad that port moves ito the STP loopicosistet Blockig state istead of the Listeig/Learig/Forwardig state. Loop Guard operates oly o ports cosidered poit-to-poit by the spaig tree ad caot be ru with Root Guard o a iterface. To eable Loop Guard, use the followig global cofiguratio mode commad: spaig-tree loopguard default Uidirectioal Lik Detectio Uidirectioal Lik Detectio (UDLD), as show i Figure 2-4, detects ad disables uidirectioal liks. A uidirectioal lik occurs whe traffic trasmitted from the local switch is received by the eighbor, but traffic set from the eighbor is ot. Uidirectioal liks ca cause a variety of problems, icludig spaig-tree loops. UDLD performs tasks that autoegotiatio caot perform Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

21 [ 20 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 2-4 UDLD To perform UDLD, packets are set to eighbor devices o iterfaces with UDLD eabled. Therefore, both sides of the lik must support UDLD. By default, UDLD is locally disabled o copper iterfaces ad is locally eabled o all Etheret fiber-optic iterfaces. Followig is the Cisco IOS commad to eable UDLD o a iterface: udld eable Root Guard Root Guard eables a admiistrator to eforce the root bridge placemet i the etwork. Service providers that coect switches to customer etworks are ofte iterested i this techology because they wat to esure that o customer device iadvertetly or otherwise becomes the root of the spaig tree. Root Guard esures that the port o which Root Guard is eabled is the DP. If the switch receives superior STP BPDUs o a Root Guard-eabled port, the port is moved to a root-icosistet STP state. This root-icosistet state is effectively equal to the Listeig port state. No traffic is forwarded across this port. This protects the curret placemet of the root bridge i the ifrastructure. You ca eable this feature o a port with the followig iterface cofiguratio commad: spaig-tree guard root BPDU Guard This Cisco STP feature protects the etwork from loops that might occur if BPDUs were received o a PortFast port. Because BPDUs should ever arrive at these ports, their receptio idicates a miscofiguratio or a security breach. BPDU Guard causes the port to error-disable upo the receptio of these frames. You ca cofigure BPDU Guard globally to have the feature eabled for all PortFast ports o the system. Followig is the commad to do this: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

22 [ 21 ] CCIE Routig ad Switchig v4.0 Quick Referece spaig-tree portfast bpduguard You ca also eable the feature at the iterface level. Use this commad: spaig-tree bpduguard eable You ca eable this feature at the iterface level eve if PortFast is ot eabled o the port. Agai, the receipt of a BPDU causes the port to error-disable. Storm Cotrol The Storm Cotrol feature protects a LAN from beig affected by uicast, broadcast, or multicast storms that might develop. The switch implemets storm cotrol by coutig the umber of packets of a specified type received withi the oe-secod time iterval ad compares the measuremet with a predefied suppressio-level threshold. Storm Cotrol ca typically eable the admiistrator to cotrol traffic by a percetage of total badwidth or the traffic rate at which packets are received. Whe the rate of multicast traffic exceeds a set threshold, all icomig traffic (broadcast, multicast, ad uicast) is dropped util the level drops below the specified threshold level. Oly spaig-tree packets are forwarded i this situatio. Whe broadcast ad uicast thresholds are exceeded, traffic is blocked for oly the type of traffic that exceeded the threshold. Storm Cotrol is cofigured at the iterface level with the followig commad: storm-cotrol {broadcast multicast uicast} level {level [level-low] pps pps [pps-low]} Uicast Floodig If a destiatio MAC address is ot i the MAC address table of the switch, the frame is flooded out all ports for that respective VLAN. Although some floodig is uavoidable ad expected, excessive floodig might be caused by asymmetric routig, STP topology chages, or forwardig table overflow. Also, floodig ca result from attacks o the etwork, especially if deial-of-service (DoS) attacks occur. Switches ca ow implemet a uicast flood-prevetio feature. This is implemeted through the followig global cofiguratio commad: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

23 [ 22 ] CCIE Routig ad Switchig v4.0 Quick Referece mac-address-table uicast-flood {limit kfps} {vla vla} {filter timeout alert shutdow} A alterative cofiguratio approach foud o some Catalyst model devices (such as the 6500 series) is to use Ukow Uicast Flood Blockig (UUFB), which is cofigured with the followig simple iterface commad: switchport block uicast LAN Switchig DTP Dyamic Trukig Protocol (DTP) is a Cisco proprietary protocol that egotiates the trukig status of a switchport. Coected switches exchage DTP messages that idicate their desirability to create a truk. The DTP port state dictates its capability to create a truk. Followig are the possible states: Productio: Formatted below as bulleted list; however, ico does t appear. Sa Dee auto: Eables the switch to create a truk if iitiated from the other switch. A switch programmed with auto does ot iitiate a truk but ca form a truk if the other side iitiates. The truk is formed with desirable ad o. desirable: Actively tries to create a truk lik with the peer. The truk is formed with auto, desirable, ad o. o: DTP messages are set, ad a truk will be formed uless the peer explicitly forbids it. The truk is formed with auto, desirable, ad o. off: Trukig is ot allowed o the switchport regardless of the DTP status of the peer. oegotiate: Disables DTP ad will ot form a truk lik with a peer which requires truk egotiatio. Truk is formed with o ad oegotiate. VLAN Trukig 802.1Q The IEEE 802.1Q stadard trukig protocol uses a extra tag i the MAC header to idetify the VLAN membership 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

24 [ 23 ] CCIE Routig ad Switchig v4.0 Quick Referece of a frame across bridges. This tag is used for VLAN ad quality of service (QoS) priority idetificatio. The VLAN ID (VID) associates a frame with a specific VLAN ad provides the iformatio that switches eed to process the frame across the etwork. Notice that a tagged frame is 4 bytes loger tha a utagged frame ad cotais 2 bytes of Tag Protocol Idetifier (TPID) ad 2 bytes of Tag Cotrol Iformatio (TCI). These compoets of a 802.1Q tagged frame are described i more detail here: TPID: The Tag Protocol Idetifier has a defied value of 8100 i hex; with the EtherType set at 8100, this frame is idetified as carryig the IEEE 802.1Q/802.1p tag. Priority: The first 3 bits of the Tag Cotrol Iformatio defie user priority; otice the eight (23) possible priority levels; IEEE 802.1p defies the operatio for these 3 user-priority bits. CFI: The Caoical Format Idicator is a sigle-bit flag, always set to 0 for Etheret switches. CFI is used for compatibility reasos betwee Etheret etworks ad the Toke Rig. VID: VLAN ID idetifies the VLAN; otice it eables the idetificatio of 4096 (2 12 ) VLANs. Two of these idetificatios are reserved, permittig the creatio of 4094 VLANs Q truks feature a cocept called the ative VLAN. The ative VLAN is a VLAN for which frames are ot tagged. Followig are the aspects of the ative VLAN: The VLAN a port is i whe ot trukig. The VLAN from which frames are set utagged o a 802.1Q port. The VLAN to which frames are forwarded if received utagged o a 802.1Q port. Cisco switches produce errors if the ative VLAN does ot match at each ed of the lik. The default ative VLAN i Cisco devices is VLAN 1. You ca cotrol the 802.1Q VLAN traffic set over a truk, which is possible for security purposes or load balacig. The commad that creates ad cotrols truks o Cisco IOS-based switches is the iterface commad: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

25 [ 24 ] CCIE Routig ad Switchig v4.0 Quick Referece switchport truk {allowed vla vla-list} {ecapsulatio {dot1q isl egotiate}} {ative vla vla-id} {pruig vla vla-list} VLAN Trukig Protocol (VTP) is a Cisco proprietary Layer 2 multicast messagig protocol that sychroizes VLAN iformatio across all media types ad taggig methods o your switches. To ejoy the beefits of VTP, your switches must meet the followig requiremets: You must cofigure the VTP domai ame idetically o each device; domai ames are case-sesitive. The switches must be adjacet. The switches must be coected with truk liks. The same VTP password must be cofigured if used i the domai. Geerally, you fid four items i all VTP messages: VTP protocol versio (either 1,2 or 3) VTP message type Maagemet domai ame legth Maagemet domai ame VTP has four possible message types: Summary advertisemets Subset advertisemets Advertisemet requests VTP Joi messages (used for pruig) The VTP cofiguratio revisio umber is importat. This value determies whether a switch has stale iformatio about VLANs ad ultimately cotrols whether the switch overwrites its VLAN database with ew iformatio. The revisio umber icremets each time a chage is made to the VLAN database o a Server mode VTP system. The umber is from 0 to 4,294,967,295. Whe itroducig ew Server mode switches, esure that you do ot 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

26 [ 25 ] CCIE Routig ad Switchig v4.0 Quick Referece iadvertetly overwrite the VLAN database because of a higher cofiguratio revisio umber o the ew switch. Itroducig ew switches i Trasparet mode helps esure that this problem ever results. You have three possible modes for your VTP servers: Server: Eables you to create, modify, ad delete VLANs; these chages are advertised to VTP Cliet mode systems; Catalyst switches default to this mode. Cliet: Does ot eable the creatio, modificatio, or deletio of VLANs o the local device; VLAN cofiguratios are sychroized from Server mode systems. Trasparet: Permits the additio, deletio, ad modificatio of VLAN iformatio, but the iformatio resides oly locally o the Trasparet device; these systems forward advertisemets from servers but do ot process them. Followig is a sample cofiguratio of VTP for a Server mode system i Cisco IOS mode. Note that chagig the VTP domai o this system resets the cofiguratio revisio umber to 0: Switch# cofigure termial Switch(cofig)# vtp mode server Settig device to VTP SERVER mode. Switch(cofig)# vtp domai Lab_Network Settig VTP domai ame to Lab_Network Switch(cofig)# ed Switch# VTP Pruig VTP pruig eables you to limit the amout of traffic set o truk ports. It limits the distributio of flooded frames to oly switches that have members of the particular VLAN. You ca eable VTP pruig with this commad: vtp pruig Whe you eable pruig o the switch, all VLANs are prued by default (with the exceptio of VLAN 1). You 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

27 [ 26 ] CCIE Routig ad Switchig v4.0 Quick Referece eed to cofigure pruig o oly oe VTP server, ad the settig automatically propagates. You ca chage this behavior by makig select VLANs you choose prue-ieligible. This is doe with the followig commad: switchport truk pruig vla {oe {{add except remove} vla[,vla[,vla[,...]]}} Followig is the Cisco IOS commad: vtp pruig EtherChael EtherChael eables you to budle redudat liks ad treat them as a sigle lik, thus achievig substatial badwidth ad redudacy beefits. It is ofte advisable to use a EtherChael for key truks i your campus desig. Notice that EtherChael affects STP because ordiarily oe or more of the liks would be disabled to prevet a loop. Be aware of the followig guidelies for EtherChael: All Etheret iterfaces o all modules must support EtherChael. You have a maximum of eight iterfaces per EtherChael. The ports do ot eed to be cotiguous or o the same module. All ports i the EtherChael must be set for the same speed ad duplex. Eable all iterfaces i the EtherChael. A EtherChael will ot form if oe of the ports is a Switched Port Aalyzer (SPAN) destiatio. For Layer 3 EtherChaels, assig a Layer 3 address to the port-chael logical iterface, ot the physical iterfaces. Assig all EtherChael ports to the same VLAN or esure they are all set to the same truk ecapsulatio ad truk mode Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

28 [ 27 ] CCIE Routig ad Switchig v4.0 Quick Referece The same allowed rage of VLANs must be cofigured o all ports i a EtherChael. Iterfaces with differet STP port path costs ca form a EtherChael. After a EtherChael has bee cofigured, a cofiguratio made to the physical iterfaces affects the physical iterfaces oly. EtherChael load balacig ca use MAC addresses, IP addresses, or Layer 4 port umbers either source, destiatio, or both source ad destiatio addresses. Here is a example: Router# cofigure termial Router(cofig)# iterface rage fastetheret 2/2-8 Router(cofig-if)# chael-group 2 mode desirable Router(cofig-if)# ed Etheret Etheret refers to the family of LAN products covered by the IEEE stadard. This stadard defies the carrier sese multiple access collisio detect (CSMA/CD) protocol. Four data rates are curretly defied for operatio over optical fiber ad twisted-pair cables: 10 Mbps: 10BASE-T Etheret 100 Mbps: Fast Etheret 1000 Mbps: Gigabit Etheret 10,000 Mbps: 10 Gigabit Etheret Etheret has replaced just about every other LAN techology because of the followig reasos: Is easy to uderstad, implemet, maage, ad maitai 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

29 [ 28 ] CCIE Routig ad Switchig v4.0 Quick Referece Has a relatively low cost Provides extesive topological flexibility Is a stadards-compliat techology defies the origial shared media LAN techology. This early Etheret specificatio rus at 10 Mbps. Etheret ca ru over various media such as twisted pair ad coaxial. You ofte see Etheret referred to as differet terms because of the differeces i the uderlyig media. Here are examples: 10BASE-T: Etheret over Twisted-Pair Media 10BASE-F: Etheret over Fiber Media 10BASE2: Etheret over Thi Coaxial Media 10BASE5: Etheret over Thick Coaxial Media 802.3u (Fast Etheret) Fast Etheret refers to ay oe of a umber of 100-Mbps Etheret specificatios. As its ame implies, Fast Etheret offers speeds te times that of the 10BASE-T Etheret specificatio. Although Fast Etheret is a faster techology, it still preserves such qualities as frame format, MAC mechaisms, ad maximum trasmissio uit (MTU). These similarities permit you to use existig 10BASE-T applicatios ad etwork maagemet tools o Fast Etheret etworks z (Gigabit Etheret) This Etheret techology builds o the foudatios of the old but icreases speeds tefold over Fast Etheret to 1000 Mbps, or 1 gigabit per secod (Gbps) Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

30 [ 29 ] CCIE Routig ad Switchig v4.0 Quick Referece 802.3ab (Gigabit Etheret over Copper) Gigabit Etheret over Copper (also kow as 1000BASE-T) is aother extesio of the existig Fast Etheret stadard ab specifies Gigabit Etheret operatio over the Category 5e/6 cablig systems already istalled. This reuse of the existig ifrastructure helps make 802.3ab a cost-effective solutio. 10 Gigabit Etheret The latest i Etheret techologies, 10 Gigabit Etheret provides the followig features: High badwidth Low cost of owership Scalability from 10 Mbps to 10,000 Mbps Log Reach Etheret The Cisco Log Reach Etheret (LRE) etworkig solutio delivers 5-Mbps to 15-Mbps speeds over existig Category 1/2/3 wirig. As the ame coveys, this Etheret-like performace exteds 3500 to 5000 feet. Gigabit Iterface Coverter The Gigabit Iterface Coverter (GBIC) is a Cisco stadards-based hot-swappable iput/output device that plugs ito a Gigabit Etheret slot o a Cisco etwork device. This flexibility eables you to iexpesively adapt your etwork equipmet to ay chages i the physical media that might be itroduced. You ca itermix GBICs i a Cisco device to support ay combiatio of 802.3z-compliat 1000BASE-SX, 1000BASE-LX/LH, or 1000BASE-ZX iterfaces. Upgradig to the latest iterface techologies is simple because of these GBICs Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

31 [ 30 ] CCIE Routig ad Switchig v4.0 Quick Referece Chapter 3 IP Addressig IPv4 Addresses IPv4 addresses cosist of 32 bits, which are divided ito four sectios of 8 bits, each called a octet. Addresses are typically represeted i dotted-decimal otatio. For example Subet masks idetify which portio of the address idetifies a particular etwork ad which portio idetifies a host o the etwork. The address classes defied for IP etworks cosist of the followig subet masks: Class A (8 bits) Class B (16 bits) Class C (24 bits) Class A addresses begi with 0 ad have a first octet i decimal of 1 to 127. Class B addresses begi with 10 ad rage from 128 to 191. Class C addresses begi with 110 ad rage from 192 to 223. Class D ad Class E addresses also are defied. The Class D address space has the first 4 bits set to 1110 ad has a first octet of 224 to 247. These addresses are used for IP multicast. Class E addresses have the first 4 bits set to 1111 ad have a first octet of 248 to 255. These addresses are reserved for experimetal use. Of the etire IPv4 address space, several blocks of IPs have bee reserved for a specific use. The private IP space, which should ot be used outside of a admiistrative domai, has bee allocated the followig blocks: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

32 [ 31 ] CCIE Routig ad Switchig v4.0 Quick Referece to to to Other allocated rages iclude the multicast rages ( to ), the loopback rage ( to ), ad the lik local rage ( to ). Subettig Subettig eables for the creatio of smaller, more-efficiet etworks. Overall etwork traffic is reduced, ad security measures ca be easily itroduced i a subetted etwork. The IP address is 32 bits i legth. It has a etwork ID portio ad a host ID portio. The umber of bits used for the host ID dictates the umber of hosts possible o the etwork or subetwork. Oe address is reserved for the etwork ID (all host bits set to 0), ad oe address is reserved for a subet broadcast (all host bits set to 1). To calculate the umber of hosts available o a subet, use the formula 2 ^ 2, where is the umber of bits used for the host ID. To idetify subets, bits are borrowed from the host portio. The umber of subets that ca be created depeds o the umber of bits borrowed. The umber of subets available is calculated with 2 ^, where is the umber of bits borrowed. Here is a example of subettig. Take the address with a subet mask of First ote that this mask uses 18 bits. Fourtee bits remai for host addressig. That meas that o a subet here 2 ^ 14 2 addresses are available. That is, 16,382 host addresses are possible. A default Class A etwork uses 8 bits for the mask. Here 10 bits are borrowed from the host portio. That eables for the creatio of 2 ^ 10 = 1024 subets. VLSM Oe of the fudametal cocepts i etworkig is subettig, that is, breakig oe subet ito smaller pieces. With Variable Legth Subet Maskig (VLSM), a subet ca be broke up ito variable legth pieces. To illustrate, the followig diagram shows that a /24 etwork ca be broke up ito two /25 etworks, four /26 etworks, or eight /27 etworks Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

33 [ 32 ] CCIE Routig ad Switchig v4.0 Quick Referece Before VLSM, oly oe of these optios could be chose. With VLSM, the same /24 etwork ca be subetted ito oe /25, oe /26, ad two /27s, as show i the followig diagram. That is, the ew, smaller subets ca be of variable legth; they do t eed to be a sigle legth (/25, /26, or /27). Before VLSM, to properly address a series of poit-to-poit etworks, a /30 subet would be required. Without variable legth subets, a etire etwork would eed to be subetted ito /30 etworks. If oly a hadful of /30s were required, may IPs would be wasted. VLSM eables a etwork admiistrator to choose subettig boudaries based o the requiremets of the etwork, rather tha beig forced to desig aroud the costraits of IP addressig. VLSM does ot chage other rules of IP addressig. Usig the previous illustratio, if a /24 etwork is subetted ito oe /25, oe /26, ad two /27s, the orgaizatio must follow the stadard breaks betwee subets. I other words, the order of the subets matter. The /24 caot be broke ito a /25, the oe /27, ad the a /26, followed by the secod /27 as show here: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

34 [ 33 ] CCIE Routig ad Switchig v4.0 Quick Referece The subettig must occur alog atural breaks. VLSM is ofte cofused with classless etworkig ad CIDR. They are related but refer to differet IP addressig cocepts. Classless etworkig refers to the delikig of Class A, B, C, ad D etworks from actual IP addresses. I a classless etwork, a subet withi the 10.x.x.x rage does t eed to be a /8. CIDR is a method i which subets ca be grouped together. It provides a way to refer a list of cosecutive subets without havig to list each oe idividually. For example, the subets of /24, /24, /24, ad /24 ca be aggregated together ad referred to as /22. It is massively useful i large etworks where large groups of IP address rages ca be aggregated together withi a routig table or access lists. Address Resolutio Protocol Address Resolutio Protocol (ARP) ca resolve IP addresses to MAC addresses i a Etheret etwork. A host watig to obtai a physical address broadcasts a ARP request oto the TCP/IP etwork. The host o the 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

35 [ 34 ] CCIE Routig ad Switchig v4.0 Quick Referece etwork with the IP address i the request the replies with its physical hardware address. Whe a MAC address is determied, the IP address associatio is stored i a ARP cache for rapid retrieval. The the IP datagram is ecapsulated i a lik-layer frame ad set over the etwork. Ecapsulatio of IP datagrams ad ARP requests ad replies o IEEE 802 etworks other tha Etheret is specified by the Subetwork Access Protocol (SNAP). Reverse Address Resolutio Protocol (RARP) works the same way as ARP, except that the RARP request packet requests a IP address rather tha a MAC address. Use of RARP requires a RARP server o the same etwork segmet as the router iterface. RARP ofte is used by diskless odes that do ot kow their IP addresses whe they boot. The Cisco IOS Software attempts to use RARP if it does ot kow the IP address of a iterface at startup. Also, Cisco routers ca act as RARP servers by respodig to RARP requests that they ca aswer. Eablig Proxy ARP Cisco routers use proxy ARP to help hosts with o kowledge of routig determie the MAC addresses of hosts o other etworks. If the router receives a ARP request for a host ot o the same etwork as the ARP request seder, ad if the router has all its routes to that host through other iterfaces, it geerates a proxy ARP reply packet, givig its ow local MAC address. The host that set the ARP request the seds its packets to the router, which forwards them to the iteded host. Proxy ARP is eabled by default. To eable proxy ARP if it has bee disabled, use the followig commad: Router(cofig-if)# ip proxy-arp Defiig Static ARP Cache Etries To cofigure static mappigs, use the followig commad: Router(cofig)# arp ip-address hardware-address type Use the followig commad to set the legth of time a ARP cache etry stays i the cache: Router(cofig-if)# arp timeout secods 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

36 [ 35 ] CCIE Routig ad Switchig v4.0 Quick Referece Settig ARP Ecapsulatios Cisco routers ca actually use three forms of address resolutio: ARP, proxy ARP, ad Probe (similar to ARP). Probe is a protocol developed by Hewlett-Packard (HP) for use o IEEE etworks. By default, stadard Etheret-style ARP ecapsulatio (represeted by the arpa keyword) is eabled o the IP iterface. You ca chage this ecapsulatio method to SNAP or HP Probe, as required by your etwork, to cotrol the iterface-specific hadlig of IP address resolutio ito 48-bit Etheret hardware addresses. To specify the ARP ecapsulatio type, use the followig commad: Router(cofig-if)# arp {arpa probe sap} Hot Stadby Router Protocol The Hot Stadby Router Protocol (HSRP) provides high etwork availability by routig IP traffic from hosts without relyig o the availability of ay sigle router. HSRP is used i a group of routers to select a active router ad a stadby router. The active router is the router of choice for routig packets; a stadby router is a router that takes over the routig duties whe a active router fails or whe other preset coditios are met. HSRP is useful for hosts that do ot support a router discovery protocol (such as Iteret Cotrol Message Protocol [ICMP] Router Discovery Protocol [IRDP]) that caot switch to a ew router whe their selected router reloads or loses power. Whe the HSRP is cofigured o a etwork segmet, it provides a virtual MAC address ad a IP address shared amog a group of routers ruig HSRP. The address of this HSRP group is the virtual IP address. Oe of these devices is selected by the protocol to be the active router. HSRP detects whe the desigated active router fails, at which poit a selected stadby router assumes cotrol of the MAC ad IP addresses of the Hot Stadby group. A ew stadby router is also selected at that time. Devices that ru HSRP sed ad receive multicast User Datagram Protocol (UDP)-based hello packets to detect router failure ad to desigate active ad stadby routers. For a example of a HSRP topology, see Figure Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

37 [ 36 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 3-1 HSRP topology Devices that ru HSRP sed ad receive multicast UDP-based hello packets to detect router failure ad to desigate active ad stadby routers. You ca cofigure multiple Hot Stadby groups o a iterface, thereby makig fuller use of redudat routers ad load sharig. To do so, specify a group umber for each Hot Stadby commad you cofigure for the iterface. To eable the HSRP o a iterface, use the followig commad: Router(cofig-if)# stadby [group-umber] ip [ip-address [secodary]] Whereas the precedig represets the oly required HSRP cofiguratio commads, you should be familiar with may others for cofigurig additioal HSRP behaviors. To cofigure the time betwee hello packets ad the hold time before other routers declare the active router to be dow, use the followig commad: Router(cofig-if)# stadby [group-umber] timers [msec] hellotime [msec] holdtime 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

38 [ 37 ] CCIE Routig ad Switchig v4.0 Quick Referece You ca also set the Hot Stadby priority used i choosig the active router. The priority value rage is from 1 to 255, i which 1 deotes the lowest priority, ad 255 deotes the highest priority: Router(cofig-if)# stadby [group-umber] priority priority You ca also cofigure a router with higher priority to preempt the active router. I additio, you ca cofigure a preemptio delay after which the Hot Stadby router preempts ad becomes the active router: Router(cofig-if)# stadby [group-umber] preempt [delay {miimum delay reload delay syc delay}] You ca also cofigure the iterface to track other iterfaces so that if oe of the other iterfaces goes dow, the device s Hot Stadby priority is lowered: Router(cofig-if)# stadby [group-umber] track type umber [iterface-priority] You ca also specify a virtual MAC address for the virtual router: Router(cofig-if)# stadby [group-umber] mac-address macaddress Fially, you ca cofigure HSRP to use the bured-i address of a iterface as its virtual MAC address rather tha the preassiged MAC address (o Etheret ad FDDI) or the fuctioal address (o Toke Rig): Router(cofig-if)# stadby use-bia [scope iterface] Gateway Load Balacig Protocol Gateway Load Balacig Protocol (GLBP) takes HSRP eve further. Istead of just providig backup for a failed router, it ca also hadle the load balacig betwee multiple routers. GLBP provides this fuctioality usig a sigle virtual IP address ad multiple virtual MAC addresses. Workstatios are cofigured with the same virtual IP address, ad all routers i the virtual router group participate i forwardig packets. GLBP members commuicate with each other usig hello messages set every 3 secods to the multicast address Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

39 [ 38 ] CCIE Routig ad Switchig v4.0 Quick Referece Members of a GLBP group elect oe gateway to be the active virtual gateway (AVG) for that group. It is the job of other group members to back up for the AVG if that the AVG fails. The AVG assigs a virtual MAC address to each member of the GLBP group. The AVG is resposible for aswerig ARP requests for the virtual IP address. Load sharig is achieved by the AVG replyig to the ARP requests with differet virtual MAC addresses that the group members will respod to. Although you ca use may optioal commads with GLBP, the primary commad to eable GLBP follows: glbp group ip [ip-address [secodary]] Note how similar this commad is to the HSRP cofiguratio commad. Virtual Router Redudacy Protocol Virtual Router Redudacy Protocol (VRRP) is so similar to HSRP that it ca be basically thought of as the stadards-based versio of the protocol. Like HSRP, it lacks the iheret load-balacig capabilities that GLBP provides. Although may customizatio commads exist, the commad to eable the protocol is just like that of the other redudacy protocols i structure: vrrp group ip ip-address [secodary] Network Address Traslatio Network Address Traslatio (NAT) eables a orgaizatio to use private IP address space iside the orgaizatio (or ay other IP address it might require) ad preset this IP address differetly to the outside etworks. Orgaizatios might use NAT for the followig purposes: To coect private IP iteretworks that use oregistered IP addresses to the Iteret, NAT traslates the iteral local addresses to globally uique IP addresses before sedig packets to the outside etwork. Iteral addresses must be chaged, ad this creates a large admiistrative burde. NAT is used istead to traslate addresses. To do basic load sharig of TCP traffic. A sigle global IP address is mapped to may local IP addresses by usig the TCP load distributio feature Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

40 [ 39 ] CCIE Routig ad Switchig v4.0 Quick Referece NAT uses the followig defiitios: Iside local address: The IP address assiged to a host o the iside etwork. Ofte, this is a oregistered IP address. Iside global address: A legitimate IP address that represets oe or more iside local IP addresses to the outside world. Outside local address: The IP address of a outside host as it appears to the iside etwork. Outside global address: The IP address assiged to a host o the outside etwork by the ower of the host. For a depictio of this NAT termiology, see Figure 3-2. Figure 3-2 NAT termiology 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

41 [ 40 ] CCIE Routig ad Switchig v4.0 Quick Referece Traslatig Iside Source Addresses You ca cofigure static or dyamic iside source traslatio: Static traslatio establishes a oe-to-oe mappig betwee your iside local address ad a iside global address. Static traslatio is useful whe a host o the iside must be accessible by a fixed address from the outside. Dyamic traslatio establishes a mappig betwee a iside local address ad a pool of global addresses. Cofigurig Static Traslatios To establish a static traslatio betwee a iside local address ad a iside global address, use the followig global cofiguratio commad: Router(cofig)# ip at iside source static local-ip global-ip To mark the appropriate iterface as coected to the iside, use the followig iterface cofiguratio commad: Router(cofig-if)# ip at iside To mark the appropriate iterface as coected to the outside, use the followig iterface cofiguratio commad: Router(cofig-if)# ip at outside Cofigurig Dyamic Traslatios To defie a pool of global addresses to be allocated as eeded, use the followig global cofiguratio commad: Router(cofig)# ip at pool ame start-ip ed-ip {etmask etmask prefix-legth prefix-legth} To defie a stadard access list permittig those addresses to be traslated, use the followig global cofiguratio commad: Router(cofig)# access-list access-list-umber permit source [source-wildcard] Next, a establish dyamic source traslatio, specifyig the access list defied i the prior step, usig the followig global cofiguratio commad: Router(cofig)# ip at iside source list access-list-umber pool ame 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

42 [ 41 ] CCIE Routig ad Switchig v4.0 Quick Referece To mark the appropriate iterface as coected to the iside, use the followig iterface cofiguratio commad: Router(cofig-if)# ip at iside To mark the appropriate iterface as coected to the outside, use the followig iterface cofiguratio commad: Router(cofig-if)# ip at outside Overloadig a Iside Global Address You ca coserve addresses i the iside global address pool by allowig the router to use oe global address for may local addresses. Whe multiple local addresses map to oe global address, the TCP or UDP port umbers of each iside host distiguish betwee the local addresses. To permit this behavior, use the dyamic traslatios cofiguratio from the previous sectio ad iclude the overload keyword as follows: Router(cofig)# ip at iside source list access-list-umber pool ame overload Traslatig Overlappig Addresses You ca use NAT to traslate iside addresses that overlap with outside addresses. Use this feature if your IP addresses i the stub etwork are legitimate IP addresses belogig to aother etwork ad you wat to commuicate with those hosts or routers. You ca cofigure the traslatios usig static or dyamic meas. To do so, use the same commads from the Traslatig Iside Source Addresses sectio, but use the ip at outside source sytax. TCP Load Distributio If your orgaizatio has multiple hosts that must commuicate with a heavily used host, you ca establish a virtual host o the iside etwork that coordiates load sharig amog real hosts. Destiatio addresses that match a access list are replaced with addresses from a rotary pool. Allocatio is doe o a roud-robi basis ad oly whe a ew coectio is opeed from the outside to the iside. First, defie a pool of addresses cotaiig the addresses of the real hosts i global cofiguratio mode: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

43 [ 42 ] CCIE Routig ad Switchig v4.0 Quick Referece Router(cofig)# ip at pool ame start-ip ed-ip {etmask etmask prefix-legth prefix-legth} type rotary Next, defie a access list permittig the address of the virtual host i global cofiguratio mode: Router(cofig)# access-list access-list-umber permit source [source-wildcard] Next, establish dyamic iside destiatio traslatio, specifyig the access list defied i the prior step: Router(cofig)# ip at iside destiatio list access-list-umber pool ame To mark the appropriate iterface as coected to the iside, use the followig iterface cofiguratio commad: Router(cofig-if)# ip at iside To mark the appropriate iterface as coected to the outside, use the followig iterface cofiguratio commad: Router(cofig-if)# ip at outside Moitorig ad Maitaiig NAT To clear all dyamic address traslatio etries from the NAT traslatio table, use the followig commad: Router# clear ip at traslatio * To clear a simple dyamic traslatio etry cotaiig a iside traslatio, or both iside ad outside traslatio, use the followig commad: Router# clear ip at traslatio iside global-ip local-ip [outside local-ip global-ip] To clear a simple dyamic traslatio etry cotaiig a outside traslatio, use the followig commad: Router# clear ip at traslatio outside local-ip global-ip To clear a exteded dyamic traslatio etry, use the followig commad: Router# clear ip at traslatio protocol iside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port] To display active traslatios, use the followig commad: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

44 [ 43 ] CCIE Routig ad Switchig v4.0 Quick Referece Router# show ip at traslatios [verbose] To display traslatio statistics, use the followig commad: Router# show ip at statistics Iteret Cotrol Message Protocol Iteret Cotrol Message Protocol (ICMP) assists the operatio of the IP etwork by deliverig messages about the etwork s fuctioality or lack thereof. ICMP icludes fuctios for the followig: Commuicatig etwork errors: Such as host or etwork ureachable. Aoucig etwork cogestio: A example is the ICMP Source Quech messages used to cause a seder to slow dow trasmissio because of a router bufferig too may packets. Provide troubleshootig tools: The Echo fuctio is used by the pig utility to test coectivity betwee two systems. Commuicate timeouts i the etwork: If a packet s TTL reaches 0, a ICMP message ca be set aoucig this fact. ICMP Protocol Ureachable Messages If the Cisco device receives a obroadcast packet destied for itself that uses a ukow protocol, it seds a ICMP protocol ureachable message back to the source. Similarly, if the device receives a packet that it caot deliver to the ultimate destiatio because it kows of o route to the destiatio address, it seds a ICMP host ureachable message to the source. This feature is eabled by default. To eable it if it s disabled, use the followig commad: Router(cofig-if)# ip ureachables ICMP Redirects If the router reseds a packet through the same iterface o which it was received, the Cisco IOS Software seds a ICMP redirect message to the origiator of the packet, tellig the origiator that the router is o a subet directly coected to the receivig device ad that it must forward the packet to aother system o the same subet Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

45 [ 44 ] CCIE Routig ad Switchig v4.0 Quick Referece To eable the sedig of ICMP redirect messages if this feature was disabled, use the followig commad: Router(cofig-if)# ip redirects Services Network Time Protocol There are may reasos that a admiistrator will wat to keep the time accurate o all systems i the ifrastructure. Network Time Protocol (NTP) assists the admiistrator i this goal by automatically sychroizig the time betwee etwork devices. Devices i the etwork ruig NTP ca receive the correct time from a authoritative time source, such as a Cisco router, a radio clock, or a atomic clock attached to a timeserver. To cofigure a router to receive the time from a authoritative time source o the etwork, use the followig commad: tp server {{[vrf vrf-ame] ip-address hostame} [versio umber] [key key-id] [source iterface] [prefer]} Some platforms have a battery-powered hardware clock, referred to as the caledar, i additio to the softwarebased system clock. The hardware clock rus cotiuously, eve if the router is powered off or rebooted. It is a good practice to periodically update the hardware clock with the time leared from NTP. To do this, use this commad: tp update-caledar To have the router provide the correct time for the etwork, you ca use this commad: tp master [stratum] The stratum value is a idicator of how close a device is to the master time source. Cosider it like a hop cout. If you set the stratum to 1 o the router, you idicate that it is the authoritative time source. You ca also have the router sychroize the clock of a peer router, or be sychroized from that peer. The commad to cofigure this is as follows: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

46 [ 45 ] CCIE Routig ad Switchig v4.0 Quick Referece tp peer {{[vrf vrf-ame] ip-address hostame}[ormal-syc][versio umber] [key key-id] [source iterface] [prefer]} You should also ote that NTP messages ca be autheticated to esure that accurate time is beig set to all devices. Figure 3-3 DHCP DHCP Cisco devices ca fuctio as DHCP servers ad ca be cofigured to forward requests to secodary servers if the Cisco device caot satisfy the request. Figure 3-3 shows the four-step process that the router participates i to provide DHCP services. Cofigurig a Cisco Device as a DHCP Server To cofigure the DHCP address pool ame ad eter DHCP pool cofiguratio mode, use the followig commad: Router(cofig)# ip dhcp pool ame The DHCP server assumes that all IP addresses i a DHCP address pool subet are available for assigig to DHCP cliets. You must specify the IP address that the DHCP server should ot assig to cliets. To do so, use the followig commad: Router(cofig)# ip dhcp excluded-address low-address [high-address] To cofigure a subet ad mask for the DHCP address pool, use the followig commad i DHCP pool cofiguratio mode: Router(cofig-dhcp)# etwork etwork-umber [mask /prefix-legth] 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

47 [ 46 ] CCIE Routig ad Switchig v4.0 Quick Referece Additioal DHCP pool cofiguratio mode commads eable you to cofigure additioal parameters for the scope, icludig default gateway, domai ame, DNS server addresses, Widows Iteret Namig Service (WINS) server addresses, ad so o. Web Cache Commuicatio Protocol Web Cache Commuicatio Protocol (WCCP) eables a admiistrator to forward web traffic to a Cisco cache egie. The Cisco cache egie reduces trasmissio costs ad dowloadig time for cliets. Whe users request web pages, the WCCP-capable router seds the requests to a cache egie. If the cache egie has a copy of the requested page i storage, the cache egie seds the user that page. If there is o cached copy, the cache egie retrieves the requested page from the web server, stores a copy, ad forwards the page to the user. The routers ad the cache egie operate trasparetly from the perspective of ed users. Ed users do ot kow that the page came from the cache egie rather tha the web server. The global cofiguratio commad used o the router to eable the protocol follows: ip wccp {web-cache service-umber} [group-address groupaddress] [redirect-list access-list] [group-list access-list] [password [0-7] password] To actually redirect traffic o a iterface to a cache egie, use the followig iterface cofiguratio commad: ip wccp {web-cache service-umber} redirect out Domai Name System Cisco routers ca participate i the Domai Name System (DNS). For example, you ca specify a default domai ame that the Cisco IOS Software uses to complete domai ame requests. You ca specify either a sigle domai ame or a list of domai ames. Ay IP hostame that does ot cotai a domai ame has the domai ame you specify appeded to it before beig added to the host table. To specify this domai ame, use the followig commad: Router(cofig)# ip domai ame ame 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

48 [ 47 ] CCIE Routig ad Switchig v4.0 Quick Referece To defie a list of default domai ames to complete uqualified host ames, use the followig commad: Router(cofig)# ip domai list ame You ca also specify DNS ame servers for the router or switch to call o for ame resolutio. To do so, use the followig commad: Router(cofig)# ip ame-server server-address1 [server-address2...server-address6] If you do ot wat to eable your router to use DNS for ame resolutio, you ca use the followig commad to disable this default behavior: Router(cofig)# o ip domai-lookup Network Maagemet Loggig ad Syslog Cisco devices commuicate with a admiistrator through system messages. These system messages are typically set to a loggig process, so they are most ofte called syslog messages. Syslog is also the ame of the UNIX-based service that hadles system messages from UNIX systems (ad also Cisco devices if cofigured to do so). Loggig is eabled by default. The o loggig o commad actually forces system messages to the cosole. This ca impede the performace of the Cisco device because processes must wait for messages to be writte to the cosole before the processes ca cotiue their operatios. It is recommeded that the admiistrator leave the loggig process eabled (the default behavior); that way loggig messages ca be writte to the cosole more efficietly. Because there is o way to stop the sedig of system messages to the cosole, admiistrators should use the loggig sychroous commad ilie cofiguratio mode. This commad prevets these messages from iterruptig typig at the cosole. To have the Cisco device store syslog messages i a iteral buffer, admiistrators should esure the loggig process is i its default-eabled state (loggig cosole commad) ad the use the commad loggig buffered\, 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

49 [ 48 ] CCIE Routig ad Switchig v4.0 Quick Referece which uses a default size of 4096 bytes. This ca be chaged by specifyig a optioal size at the ed of the loggig buffered commad. To view the cotets of the buffer, use the show loggig commad. The oldest messages display first. Whe the buffer fills to capacity, ew messages overwrite the oldest messages. You ca clear the buffer aytime with the clear loggig commad. You ca store syslog messages o a server (UNIX- or Widows-based) i the etwork. CiscoWorks LAN Maagemet Suite (LMS) features a built-i syslog server applicatio that stores these messages i a searchable database. It eables the filterig of messages, reportig o messages, ad eve actio filters that eable automated resposes to certai messages, icludig pages ad s. To sed system messages to a UNIX or CiscoWorks syslog server, esure the loggig process is eabled ad the issue the commad loggig x.x.x.x, i which x.x.x.x is the IP address of the syslog server. The commad ca be etered multiple times to cofigure multiple destiatios for the messages. To limit the sedig of all messages, use the loggig trap level commad, i which level is the umber or the ame of the severity level. For example, loggig trap otificatios restricts the messages set to oly those of level 0 through 5. This keeps debuggig ad iformatioal messages from beig set to the server. UDP port 514 is used for syslog messages, so be sure that your firewalls permit this port if you eed the messages to pass through such devices. UNIX syslog servers use a facility code to idetify the source of syslog messages. They use this code to create differet logs for the differet sources of messages. Sample facilities iclude lpr for the Lie Priter System ad mail for the system. UNIX syslog servers reserve the facility codes local0 through local7 for log messages received from remote servers ad etwork devices. To have switches use oe log file o the server ad routers use aother, chage the facility code for switches usig the loggig facility local6 commad. By default, Cisco devices use local7 for their messages so that your router messages will be i a differet log. CiscoWorks requires the use of local7. Some devices eable loggig of system messages to a file i flash memory. The commad to do this is simply loggig file flash:myame.txt. This commad ca also set size limits o the file ad cotrol the types of messages set to flash Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

50 [ 49 ] CCIE Routig ad Switchig v4.0 Quick Referece Admiistrators should stamp syslog messages with the date ad time that they were geerated. This is accomplished with the service timestamps log datetime commad. Simple Network Maagemet Protocol Simple Network Maagemet Protocol (SNMP) is a part of the TCP/IP suite of protocols ad has powerful moitorig capabilities. CiscoWorks relies o SNMP ad various other protocols to cofigure ad moitor Cisco equipmet. For a example, see Figure 3-4. Figure 3-4 CiscoWorks SNMP Versio 2c At a miimum, to cofigure a Cisco device for SNMP, you eed to assig passwords kow as commuity strigs i SNMP. Here are typical Cisco IOS global cofiguratio commads for settig strigs that permit cofiguratio ad moitorig, respectively: smp-server commuity [strig] rw smp-server commuity [strig] ro Typically, you view iformatio obtaied by SNMP usig a graphical user iterface, like that provided by CiscoWorks Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

51 [ 50 ] CCIE Routig ad Switchig v4.0 Quick Referece Followig are some examples of show commads for moitorig SNMP activities o the equipmet: o smp-server: Disables SNMP aget operatio show smp egieid: Displays the idetificatio of the local SNMP egie ad all remote egies cofigured o the router show maagemet evet: Displays the SNMP evet values cofigured o your routig device through the use of the evet Maagemet Iformatio Base (MIB) show smp: Checks the status of SNMP commuicatios show smp group: Displays the ames of groups o the router ad the security model, the status of the differet views, ad the storage type of each group show smp pedig: Displays the curret set of pedig SNMP requests show smp sessios: Displays the curret SNMP sessios show smp user: Displays iformatio o each SNMP userame i the group userame table SNMP Versio 3 SNMP Versio 3 dramatically improves upo the security model for the maagemet protocol. Whereas previous versios used clear-text passwords, SNMP Versio 3 provides for autheticatio ad ecryptio of etwork maagemet iformatio. With SNMP Versio 3, you create a view that defies what MIB variables a particular user or group of users ca access. Here is the sytax to create a view. All the commads that follow are global cofiguratio mode commads: smp-server view view-ame oid-tree {icluded excluded} Notice how you provide the view with a ame, ad the you specify the portio of the MIB tree that the user ca access. The example here adds the Iteret portio of the tree ad everythig below it to the view ame SAMPLEVIEW. This is basically the etire MIB structure: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

52 [ 51 ] CCIE Routig ad Switchig v4.0 Quick Referece smp-server view SAMPLEVIEW iteret icluded If you wat a user or group of users to be able to access this view of the MIB that you defied, use the followig sytax: smp-server group [groupame {v1 v2c v3 [auth oauth priv]}][read readview] [write writeview] [otify otifyview] [access access-list] Here is a example of the creatio of a group to use the view: smp-server group MYSAMPLEGROUP v3 auth read SAMPLEVIEW Addig a user accout to this group is a simple matter. Use the sytax show here: smp-server user userame groupame [remote ip-address [udp-port port]] {v1 v2c v3 [ecrypted] [auth {md5 sha} auth-password ]} [access access-list] Here is sample sytax usig the group we just created: smp-server user jsmith MYSAMPLEGROUP v3 auth md5 secret Switched Port Aalyzer ad Remote SPAN Network aalyses i a switched Cisco eviromet is hadled usig Switched Port Aalyzer (SPAN). Traffic is mirrored from source ports to a destiatio port o the switch; a etwork aalyzer should be located at the destiatio switch. SPAN is available i several forms: Local SPAN: SPAN source ports ad the destiatio port are located o the same device. VLAN-based SPAN (VSPAN): The source is a VLAN as opposed to oe or more ports. Remote SPAN (RSPAN): The SPAN source ad destiatio ports are located o differet switches; a special-purpose VLAN carries the mirrored frames to the destiatio port i the etwork. Figure 3-5 shows a sample RSPAN cofiguratio Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

53 [ 52 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 3-5 RSPAN You should be aware of importat guidelies for SPAN: You ca cofigure destiatio ports as truks to capture tagged traffic. A port specified as a destiatio port i oe SPAN sessio caot be a destiatio port for aother SPAN sessio. A port chael iterface (a EtherChael) caot be a destiatio. If you specify multiple igress source ports, the ports ca belog to differet VLANs. Destiatio ports ever participate i ay spaig-tree istace. A method of trasportig source SPAN data to a remote destiatio. This is used whe the SPAN source ad the SPAN destiatio are located o two differet switches. The data must be trasported over a special purpose VLAN, which is cofigured o all switches i the trasit path. The VLAN must be cofigured as a remote-spa i VLAN cofiguratio mode: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

54 [ 53 ] CCIE Routig ad Switchig v4.0 Quick Referece Router(cofig-vla)# remote-spa O the switch i which the data is origiated, the SPAN destiatio is the RSPAN VLAN. O the switch i which the data is ultimately destied, the SPAN source is specified as the RSPAN VLAN, ad the destiatio is a physical port. All trasit switches simply truk the RSPAN betwee switches. Implemetig IPv4 Tuelig ad GRE Typical etwork traffic is cosistet with the TCP/IP model, meaig it has a umber of distict headers. For example, a packet ca have a layer 2 header, such as Etheret; a layer 3 header, such as IP; ad a layer 4 header, such as TCP. Whe tuelig is implemeted, a header with data is ecapsulated withi a header at the same layer. I IPv4 tuelig, a IP packet typically cotais aother IP packet, as show i the followig diagram: Tuelig is used for a umber of reasos icludig coectig two disjoited etworks that might ot have IP commuicatio betwee them. A umber of IPv4 tuelig protocols existig icludig IPsec ad Geeric Router Ecapsulatio (GRE). GRE carries a arbitrary payload (like IPv4, IPv6, or IPsec) usig IP packets of protocol 47. It does ot, however, ecrypt ay tueled data. GRE tuels ca be used with OSPF to exted the backboe to a discoected area. Care must be take to esure that the route to the destiatio address provided durig the GRE cofiguratio is ot leared via OSPF. This ca lead to a recursive route, causig the GRE tuel to bouce. To create a GRE tuel, it is ecessary to create the umbered tuel iterface: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

55 [ 54 ] CCIE Routig ad Switchig v4.0 Quick Referece Router(cofig)# it tuel <#> Cofigure a IP address o the iterface: Router(cofig-it)# ip address <IP> <MASK> Specify the source iterface or IP address: Router(cofig-it)# tuel source <it or IP> Specify the destiatio address: Router(cofig-it)# tuel destiatio <IP> 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

56 [ 55 ] CCIE Routig ad Switchig v4.0 Quick Referece Chapter 4 IP Routig Ope Shortest Path First Ope Shortest Path First (OSPF) lik-state routig protocol is desiged to be more scalable ad efficiet tha Routig Iformatio Protocol (RIP). Cosider the followig OSPF features: Rus o IP ad uses protocol 89. Classless with variable: Legth subet mask (VLSM) support. Uses multicasts ( all shortest path first [SPF] routers; : Desigated Router [DR]/ Backup Desigated Router [BDR]) for hellos ad updates. Plai text ad Message Digest Algorithm 5 (MD5) autheticatio available. Null autheticatio is the default. Dijkstra s algorithm is used to produce a shortest-path tree for each destiatio. Lik-state advertisemets are used to build a database of the topology. OSPF Packet Types Type 1, Hello: Builds adjacecies Type 2, Database Descriptio (DBD): Checks for database sychroizatio betwee routers Type 3, Lik-State Request (LSR): Requests lik-state specifics from the router 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

57 [ 56 ] CCIE Routig ad Switchig v4.0 Quick Referece Type 4, Lik-State Update (LSU): Seds requested lik-state records Type 5, Lik-State Ackowledgmet (LSA): Ackowledges the other packet types OSPF Adjacecies Occurs through the exchage of hello packets. After adjacecy is established, lik-state databases (LSDB) are syched. Two OSPF eighbors o a poit-to-poit lik form full adjacecy with each other. I LANs, all routers form a adjacecy with the DR ad BDR; updates eed to be set oly to the DR, which updates all other routers; ad all other routers o the LAN are called DROTHERS ad maitai a partial eighbor relatioship with each other. After adjacecies have bee established, LSAs are exchaged through a reliable mechaism. LSAs are flooded to esure topological awareess. LSAs have a sequece umber ad a lifetime value. LSAs covey the cost of liks used for the SPF calculatio. The cost metric is based o iterface badwidth. The LSA agig timer is a 30-miute default. Hello packets are set periodically ad cotai the followig fields: Router ID: Idetifies the router; highest IP chose; loopback overrides all iterfaces, however; ca also be set with the router-id commad; this ID is used to break ties for DR electio. Hello/Dead itervals: Frequecy at which hellos are set ad the amout of time that ca elapse before router is declared dead; default is 10 secods, ad the default dead iterval is 4 times that for a Etherettype etwork; these defaults vary based o etwork type. Neighbors: List of the adjacet routers. Area ID: Area idetifier (always 0 for backboe) Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

58 [ 57 ] CCIE Routig ad Switchig v4.0 Quick Referece Router priority: Priority value used for DR ad BDR electio. DR/BDR addresses: IP addresses of the DR ad BDR if kow. Autheticatio password: This password must match o routers cofigured for autheticatio. Stub area flag: All routers i the area must agree o this settig to form a stub area. Here are the details of the exchage process betwee two routers o a LAN (Router 1 ad Router 2) ad the OSPF adjacecy states ivolved: 1. Router 1 begis i the dow state because it is ot exchagig OSPF iformatio with ay other router. It seds hello packets via multicast address (all SPF). 2. Router 2 receives the OSPF hello ad adds Router 1 i its list of eighbors. This is the begiig of the Iit State. 3. Router 2 seds a uicast hello packet respose to Router Router 1 receives the hello ad otes that it is listed i the packet. It adds Router 2 to its list of eighbors. Router 1 kows that it has bidirectioal commuicatio with Router 2. This is kow as the two-way state. 5. I a LAN eviromet, the DR ad BDR are elected. 6. I a LAN eviromet, the hello packets fuctio as a keepalive mechaism every 10 secods. After the DR ad BDR are established, the routers are i Exstart State, ad they are ready to exchage database iformatio. The exchage protocol fuctios as follows: 1. I the Exstart State, the DR ad BDR establish a adjacecy with each router i the etwork; a master-slave relatioship is formed with the router ID idicatig the master i the relatioship. 2. The master ad slave routers exchage DBD packets; this is the Exchage State. The LSAs i the DBD iclude sequece umbers used to idicate freshess. 3. Whe a DBD is received, the router ackowledges the receipt ad compares the iformatio with its curret database. If more recet iformatio is described i the DBD, the router seds a LSR to request the iformatio, which is the Loadig State. The router receivig the LSR respods with a LSU; this LSU is also ackowledged by the receiver Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

59 [ 58 ] CCIE Routig ad Switchig v4.0 Quick Referece 4. The router adds the ew iformatio to its LSDB. 5. Whe the exchage completes, the routers are i Full State. Router iformatio is later maitaied usig the followig process: 1. The router otices the chage ad multicasts a LSU to the OSPF DR ad BDR multicast address of The DR ackowledges the LSU ad floods to all usig multicast This process ivolves ackowledgmets, too. 3. The DR also seds the LSU to ay other etworks to which it is attached. 4. Routers update their LSDB with the ew iformatio i the LSU. Summaries are set every 30 miutes to esure sychroizatio, ad lik state etries have a Max Age of 60 miutes. Poit-to-Poit Liks Typically, a poit-to-poit lik is a serial lik, but it might also be a subiterface i a Frame Relay or ATM etwork. No DR or BDR electio exists i the poit-to-poit eviromet. Packets are multicast to Nobroadcast Multiaccess Modes of Operatio RFC: compliat modes: Nobroadcast multiaccess (NBMA). Oe IP subet required. Must maually cofigure eighbors eighbor address [priority umber] [poll-iterval umber]. DR/BDR electio. DR/BDR eed full coectivity with all routers Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

60 [ 59 ] CCIE Routig ad Switchig v4.0 Quick Referece Sometimes used i partial mesh. Frame Relay ad ATM etworks default to this type. Poit-to-multipoit. Oe IP subet required. Hello packets used to discover eighbors. DR/BDR ot required. Sometimes used i partial mesh. Modes from Cisco: Poit-to-multipoit obroadcast. Used if iterface does ot support multicast capabilities. Neighbors must be maually cofigured. DR/BDR electio is ot required. Broadcast Makes WAN appear as LAN. Oe IP subet required. Hellos discover eighbors. DR/BDR elected. Requires full mesh. Poit-to-poit. Oe IP subet required Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

61 [ 60 ] CCIE Routig ad Switchig v4.0 Quick Referece No DR/BDR electio. Iterfaces ca be LAN or WAN. You ca use the followig commad to defie the OSPF etwork type: Router(cofig-if)# ip ospf etwork [{broadcast obroadcast poit-to-multipoit poit-to-multipoit obroadcast}] Here is a example of statically defiig adjacecies i a obroadcast multiaccess eviromet: RouterA(cofig)# router ospf 1 RouterA(cofig-router)# etwork area 0 RouterA(cofig-router)# eighbor priority 0 RouterA(cofig-router)# eighbor priority 0 Priorities are set to 0 for the eighborig routers to esure that RouterA becomes the DR. This is the oly router with full coectivity. Note that you ca also set a router s priority locally usig the ip ospf priority iterface cofiguratio commad. Troubleshootig Neighbor Relatioships OSPF eighbor list is empty: OSPF is ot eabled properly o appropriate iterfaces. Layer 1 or 2 is ot fuctioal. Passive iterface is cofigured. Access list(s) blockig OSPF packets i multiple directios. Error i IP address or subet mask cofiguratio. Hello or dead iterval mismatch. Autheticatio cofiguratio error. Area ID mismatch Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

62 [ 61 ] CCIE Routig ad Switchig v4.0 Quick Referece Stub flag mismatch. OSPF adjacecy exists with secodary IP addressig or asychroous iterface. Icorrect cofiguratio type for NBMA eviromet. OSPF eighbor stuck i Attempt State: Miscofigured eighbor statemet Uicast ofuctioal i NBMA eviromet OSPF eighbor stuck i Iit State: Access list or Layer 2 problem blockig hellos i oe directio Multicast ofuctioal o oe side Autheticatio cofigured o oly oe side Broadcast keyword missig from the map commad OSPF eighbor stuck i Two-Way State: Priority 0 cofigured o all routers OSPF eighbor stuck i Exstart/Exchage Mismatched iterface maximum trasmissio uit (MTU) Duplicate router IDs o routers Broke uicast coectivity Network type of poit-to-poit betwee Primary Rate Iterface (PRI) ad Basic Rate Iterface (BRI)/dialer 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

63 [ 62 ] CCIE Routig ad Switchig v4.0 Quick Referece OSPF eighbor stuck i Loadig State: Mismatched MTU Corrupted lik-state request packet Router Types Iteral routers: All iterfaces belog withi the same area; these routers have a sigle lik-state database. Area Border Routers (ABR): Coect oe or more areas to the backboe; act as gateway for iterarea traffic; separate lik-state database for each coected area. Backboe routers: At least oe iterface i the backboe area. Autoomous System Boudary Router (ASBR): Iject routes ito the OSPF etwork leared from aother protocol; this router might be located aywhere. (It might also be backboe, iteral, or ABR.) 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

64 [ 63 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 4-1 OSPF Router Types LSA Types OSPF uses various types of LSAs i its operatio. You should be familiar with the types i the followig table for the CCIE writte exam. Type Descriptio 1 Router 2 Network 3 Network Summary 4 ASBR Summary 5 AS Exteral 7 NSSA Exteral 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

65 [ 64 ] CCIE Routig ad Switchig v4.0 Quick Referece Router LSA (Type 1): Lists all of a router s liks ad their state. These LSAs are flooded withi the area they origiated. Network LSA (Type 2): Produced by the DR o every multiaccess etwork. These LSAs list all attached routers, icludig the DR; they are flooded withi the origiatig area. Network Summary (Type 3): Origiated ABRs; set ito a area to advertise destiatios outside the area; flooded throughout the autoomous system(as). ASBR Summary (Type 4): Also origiated by ABRs; the destiatio advertised is a ASBR; flooded throughout the AS. AS Exteral (Type 5): Origiated by ASBRs ad advertises a exteral destiatio or a default route to a exteral destiatio; flooded throughout the AS. NSSA Exteral (Type 7): Origiated by ASBRs i ot-so-stubby areas. Types of Routes OSPF uses routig desigators i the routig table to distiguish betwee types of routes. Here are the desigators used ad their meaig. Remember, these ca be see usig the show ip route commad: O: OSPF itra-area (router LSA) Networks from withi the same area as the router; Type 1 LSAs are used to advertise. O IA: OSPF iterarea (summary LSA) These are etworks outside of the area of the router, but withi the AS; Type 3 LSAs are used to advertise. O E1: Type 1 exteral routes Networks outside of the AS; advertised by Type 5 LSAs; calculate cost by addig the exteral cost to the iteral cost of each lik that the packet crosses; used whe multiple ASBRs are advertisig the exteral route. O E2: Type 2 exteral routes Networks outside of the AS; advertised by Type 5 LSAs; cost is always the exteral cost oly. This is the default type o Cisco routers Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

66 [ 65 ] CCIE Routig ad Switchig v4.0 Quick Referece Areas Stadard OSPF Areas A area that eables the trasmittal of all OSPF LSA types. Ay ozero area must coect to area 0 through a area border router (ABR) or virtual lik. A ABR that coects to a stadard area advertises etwork summary (type 3), ASBR summary(type 4), ad exteral summary(type 5) LSAs ito the area. Autoomous System Border Routers (ASBR) may be preset withi a stadard area. To cofigure a OSPF router to be i a stadard area, simply specify the area i the required etwork statemet. Router(cofig)# router ospf <process-id> Router(cofig-router)# etwork <IP> <WILDCARD MASK> area <#> or cofigure the area withi the iterface Router(cofig-it)# ip ospf <process-id> area <#> A router cofigured to be part of area 0 ad aother area will become a ABR. Remember that each area must be coected to area 0. A router that advertises exteral etworks ito OSPF becomes a ASBR. To view the curret cofiguratio of areas withi the router Router# show ip ospf 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

67 [ 66 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 4-2 OSPF Areas Stub area: A stub area is a area that does ot permit the advertisemet of type 5 (exteral) LSAs. Istead, these LSAs are replaced with a default route advertisemet. Type 3 ad 4 advertisemets are set ito the area from the ABR. Stub areas are used whe all traffic destied to a exteral etwork would travel through a ABR. A default route accomplishes this while savig resources. For a OSPF adjacecy to form, routers must agree o the area type. This meas that all routers withi a stub area must be cofigured as a stub: Router(cofig)# router ospf <process-id> Router(cofig-router)# area <#> stub Because stub areas do ot eable the propagatio of type 5 LSAs, a ASBR caot be part of a stub area. A Not-so-stubby-area (NSSA) was created for this purpose. Additioally, a virtual lik caot trasverse a stub area. Totally stubby area: A totally stubby area is a Cisco proprietary feature that exteds the cocepts of a stub area oe step further. I additio to the Type 5 (exteral summary) LSAs beig replaced by the ABR, Type 3 (etwork summary) ad Type 4 (ASBR summary) LSAs are replaced with a default route as well. To cofigure a area as totally stubby 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

68 [ 67 ] CCIE Routig ad Switchig v4.0 Quick Referece Router(cofig)# router ospf <process-id> Router(cofig-router)# area <#> stub o-summary Ulike the cofiguratio of a stub area, the o-summary commad is required oly o the ABR, ot all routers withi the area. All other routers (o-abr) require oly the area <#> stub commad. Like stub areas, ASBRs ad virtual liks are ot allowed withi totally stubby areas. Figure 4-3 Stub ad Totally Stubby Areas Not-so-stubby areas: Oe of the limitatios of stub areas is that they do ot eable ASBRs. Because ASBRs advertise Type 5 (exteral summary) LSAs ito a area, they violate the objective of a stub area, amely to disallow such LSAs. There does exist a eed, i some etworks, to have a ASBR iject exteral routes ito a area, while limitig exteral routes from ASBRs i other areas. To do this a Type 7, NSSA exteral, LSA was created. A ASBR ca iject Type 7 LSAs ito stub areas that are coverted to Type 5 LSAs by the ABR coected to the backboe area Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

69 [ 68 ] CCIE Routig ad Switchig v4.0 Quick Referece To cofigure a area as NSSA Router(cofig)# router ospf <process-id> Router(cofig-router)# area <#> ssa Like the stub area, all routers withi the area must agree that the area is NSSA. Whe a NSSA area is created, the ABR does ot create a default summary route. If a summary route is desired, a totally NSSA area ca be used or default-iformatio-origiate ca be added to the commad: Router(cofig-router)# area <#> ssa default-iformatio orgiate Totally NSSA: The Totally NSSA area is a Cisco proprietary ehacemet to the NSSA cocept that exteds the NSSA cocept to replace Type 3 ad Type 4 LSAs with a default route. Like the NSSA area, it does eable Type 7 LSAs to be geerated by a ASBR. Ulike the NSSA area, it coverts the Type 5, Type 3, ad Type 4 LSAs ito a default route that is advertised i the area. To cofigure a area as NSSA, the o-summary optio simply eeds to be added to the NSSA area commad: Router(cofig)# router ospf <process-id> Router(cofig-router)# area <#> ssa o-summary This commad is required oly o the ABR; all other routers require oly the ssa optio o the area. Here is a summary of the LSA types permitted i each area. Area LSA 1 LSA 2 LSA 3 LSA 4 LSA 5 LSA 7 Backboe Yes Yes Yes Yes Yes No Nobackboe Yes Yes Yes Yes Yes No Stub Yes Yes Yes Yes No No Totally stubby Yes Yes No No No No NSSA Yes Yes Yes Yes No Yes 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

70 [ 69 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 4-4 Not-so-stubby areas Cofigurig Basic Sigle-Area OSPF First, you must eable the OSPF routig process o the router usig the followig global cofiguratio commad: router ospf process-id Use the etwork commad i router cofiguratio mode to idetify those iterfaces that are to participate i OSPF: etwork address iverse-mask area [area-id] Verificatio commads iclude the followig: show ip protocols show ip route ospf show ip ospf iterface show ip ospf show ip ospf eighbor [detail] OSPF Router ID The router ID is how the router is idetified i OSPF. The router ID also is used to break a tie for DR/BDR if the admiistrator has ot set the OSPF priority values o routers usig the ip ospf priority commad. The router with the highest router ID wis the electio i that case. Here is the process for router ID selectio: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

71 [ 70 ] CCIE Routig ad Switchig v4.0 Quick Referece 1. The router ID is set with the router-id address router cofiguratio commad. If you use this commad after OSPF has selected azz router ID, you should use clear ip ospf process to reset. 2. The highest IP address o a loopback iterface. 3. The highest IP address o a active iterface. Use show ip ospf to verify the router ID selectio. Route Summarizatio Two types of summarizatio exist i OSPF: iterarea, which is performed o ABRs, ad exteral route summarizatio, which is performed o routes redistributed ito OSPF autoomous systems. To cofigure iterarea route summarizatio o the ABR, use the followig router cofiguratio commad: area area-id rage address mask To cofigure route summarizatio o a ASBR to summarize exteral routes, use the followig router cofiguratio commad: summary-address address mask [ot-advertise] [tag tag] The ot-advertise optioal keyword suppresses routes that match the specified prefix. The tag value ca be used as a match value for cotrollig redistributio with route maps o the ABR. Default Route Advertisemets i OSPF For a OSPF router to advertise a default route ito a area, the commad default-iformatio origiate must be used. If the advertisig router does ot possess a default route i its routig table, you ca use the always keyword to still geerate the default route to The complete router cofiguratio commad sytax for geeratig default routes is as follows: default-iformatio origiate [always] [metric metric_value] [metric-type type-value] [route-map map-ame] 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

72 [ 71 ] CCIE Routig ad Switchig v4.0 Quick Referece If you do ot specify a metric value, the default of 10 is used. The metric-type eables you to specify a Type 1 or Type 2 exteral route. Fially, the route-map optio eables you to cotrol the geeratio of the default route further. For example, the default route is geerated oly if the route map is satisfied. Autheticatio Type 1: clear text; least secure. To cofigure: Step 1. Eable area autheticatio o all routers i the area; use the followig router cofiguratio commad: area area_id autheticatio Step 2. Eter the clear-text password o the iterface i iterface cofiguratio mode: ip ospf autheticatio-key password Type 2: MD5; most secure. To cofigure: Step 1. Eable MD5 area autheticatio o all routers i the area usig router cofiguratio mode: area area_id autheticatio message-digest Step 2. Set the key ad password o the iterfaces usig iterface cofiguratio mode: ip ospf message-digest-key key_value md5 password Chagig the Cost Metric The Cisco implemetatio of OSPF calculates the metric usig the followig formula: cost = referece badwidth / badwidth The default referece badwidth is 100 Mbps. The badwidth value is that which is cofigured o the iterface usig the badwidth commad. If you use may iterfaces faster tha 100 Mbps, cosider resettig the referece badwidth value. You ca do so o each router usig the followig router cofiguratio mode commad: auto-cost referece-badwidth refbw 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

73 [ 72 ] CCIE Routig ad Switchig v4.0 Quick Referece Referece badwidth is i megabits per secod. For example, if you wat to esure Gigabit Etheret iterfaces evaluate to a cost of 5, set the refbw o each router to (Valid values are from 1 to 4,294,967.) You ca also override the calculated cost value i ay iterface directly by usig the followig iterface cofiguratio commad: ip ospf cost value Values rage from 1 to 65,535. Optioal OSPF Iterface Parameters Additioal optioal iterface parameters ot covered elsewhere i this Quick Referece iclude the followig: ip ospf retrasmit-iterval: Specifies the umber of secods betwee LSA retrasmissios. ip ospf trasmit-delay: Sets the umber of secods required to sed a lik-state update. ip ospf hello-iterval: Specifies the time betwee hello packets; must match o all routers i the etwork. ip ospf dead-iterval: Number of secods before the router is cosidered dead; must match o all routers i the etwork. Admiistrative Distace ad OSPF Three differet admiistrative distace values are possible for OSPF: itra-area routes, iterarea routes, ad exteral routes. By default, all are set to 110; these ca be chaged with the followig router cofiguratio commad: distace ospf {[itra-area dist1] [iter-area dist2] [exteral dist3]} OSPF Passive Iterface To set a passive iterface i OSPF, use the followig router cofiguratio commad: passive-iterface iterface-type iterface-umber Whe used with OSPF, this commad prevets the iterface from sedig hello packets ad therefore prevets a adjacecy from formig. It also prevets the sedig or receivig of routig iformatio through the iterface. The specified iterface address appears as a stub etwork i the OSPF domai Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

74 [ 73 ] CCIE Routig ad Switchig v4.0 Quick Referece Cofigurig Route Calculatio Timers You ca cofigure the delay betwee whe a topology chage is received ad whe the SPF calculatio takes place. You ca also cofigure the hold time betwee two cosecutive SPF calculatios. Use the followig router cofiguratio commad: timers spf spf-delay spf-holdtime Chagig LSA Group Pacig Routers group LSAs ad pace refreshig, checksummig, ad agig fuctios so that the resource strai o the router is reduced. This is default behavior; it ca be tweaked with the followig router cofiguratio commad: timers lsa-group-pacig secods Blockig LSA Floodig You ca prevet the default floodig behavior; to do so o a broadcast, obroadcast, or poit-to-poit etwork, use the followig iterface cofiguratio commad: ospf database-filter all out O poit-to-multipoit etworks, use the followig router cofiguratio commad: eighbor ip-address database-filter all out Reducig LSA Floodig Reduces the floodig of LSAs i stable topologies by settig LSAs to Do Not Age; this is accomplished with the followig iterface cofiguratio commad o a per-iterface basis: ip ospf flood-reductio Virtual Liks A virtual lik is a lik to the backboe through a obackboe area. Virtual liks are created betwee two ABRs, ad the area caot be a stub. Virtual liks are typically implemeted as a temporary fix for OSPF desig issues. For example, they ca be used to coect a area that has o direct coectio to the backboe area. Or they ca be used to coect to discoected area 0s (backboes). The followig commad cofigures a virtual lik: area trasit_area_id virtual-lik router_id_of_remote 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

75 [ 74 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 4-5 Virtual Liks OSPF over O-Demad Circuits O-demad circuit is a ehacemet that eables efficiet operatios over dialup, ISDN, ad other o-demad circuits. With this feature, periodic hellos are suppressed, ad the periodic refreshes of LSAs are ot flooded over the demad circuit. These types of packets brig up the lik oly the first time or whe you have a topology chage that eeds to be propagated. To cofigure OSPF for o-demad circuits o a per-iterface basis, use the followig iterface cofiguratio commad: ip ospf demad-circuit If the router is part of a poit-to-poit topology, oly oe ed of the demad circuit must be cofigured with this commad, although all routers must support the feature. If the router is part of a poit-to-multipoit topology, oly the multipoit ed must be cofigured with this commad. Also, this feature does ot work i a broadcast-based topology. Fially, the feature is ot supported for use with a asychroous iterface. OSPF Graceful Restart RFC 3623 defies OSPF Graceful Restart. This fuctioality is icorporated ito Cisco routers because of the Nostop Forwardig (NSF) capability that Cisco has egieered ito the Border Gateway Protocol (BGP), Ehaced Iterior Gateway Routig Protocol (EIGRP), OSPF, ad Itermediate System-to-Itermediate System (IS-IS) protocols Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

76 [ 75 ] CCIE Routig ad Switchig v4.0 Quick Referece The idea behid OSPF Graceful Restart/NSF is to eable the router to cotiue forwardig packets, eve while udergoig specific well-kow failure coditios. Perhaps a software upgrade is occurrig, or a route processor crash is affectig the router. NSF eables for the cotiued forwardig of packets. Before RFC 3623, Cisco offered a proprietary versio of NSF. Cisco ow refers to this versio as Cisco NSF. The OSPF RFC 3623 Graceful Restart feature eables you to cofigure IETF NSF i multivedor etworks. Cisco ow refers to this versio as IETF NSF. OSPF NSF operates i oe of two modes for failover operatios. The first possible mode is Restartig mode. I Restartig mode, the OSPF router process performs ostop forwardig recovery because of a route processor switchover. The secod possible mode is Helper mode. I Helper mode, a eighborig router restarts, ad the Helper mode router assists i the ostop forwardig recovery process. Eablig IETF NSF o the Cisco router is simple. Eter router cofiguratio mode for the OSPF process ad issue the followig commad: sf ietf Troubleshootig OSPF Route Advertisemets OSPF eighbor is ot advertisig routes: OSPF is ot eabled o iterface. Advertisig iterface is dow. Secodary iterface is i a differet area from primary iterface. ABR is ot advertisig summary route: Area is cofigured as totally stubby area. ABR lacks area 0 coectivity. A discotiguous area 0 exists Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

77 [ 76 ] CCIE Routig ad Switchig v4.0 Quick Referece Neighbor is ot advertisig exteral routes: Area is cofigured as stub or NSSA. The NSSA ABR is ot traslatig Type 7 ito Type 5 LSAs. Neighbor is ot advertisig default routes: No default-iformatio origiate commad. No default route i the routig table. Stub area is i use. NSSA border router is ot origiatig Type 7. Troubleshootig OSPF Route Istallatio OSPF istallig o routes i routig table: Network type mismatch IP address or subet mask miscofiguratio Uumbered/umbered poit-to-poit cofiguratio Distribute list Broke permaet virtual circuit (PVC) i full-mesh broadcast mode Frame etwork OSPF ot istallig exteral routes: Forwardig address ot kow through itra-area or iterarea route ABR ot geeratig Type 4 LSAs 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

78 [ 77 ] CCIE Routig ad Switchig v4.0 Quick Referece Troubleshootig Redistributio Not advertisig exteral routes: subets keyword is missig. Distribute list. Troubleshootig Route Summarizatio Router ot summarizig iterarea routes: No area rage commad o ABR Router ot summarizig exteral routes No summary-address commad o ASBR Troubleshootig CPUHOG Syslog Reports CPUHOG messages durig adjacecy establishmets: No packet-pacig code executig CPUHOG messages durig LSA refresh No LSA group-pacig code Troubleshootig Dial-o-Demad Routig Issues Hello packets are brigig up the lik: Hellos are permitted as iterestig traffic. Demad circuit keeps brigig up the lik: Lik flappig. Network type is broadcast Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

79 [ 78 ] CCIE Routig ad Switchig v4.0 Quick Referece PPP host route redistributed. Oe router is ot demad-circuit-capable. Troubleshootig SPF Calculatios SPF ruig costatly: Flappig route Neighbor flappig Duplicate router ID Troubleshootig Commo Error Messages Could Not Allocate Router ID: No eabled iterface with valid IP Not eough iterfaces up with IP addresses for multiple OSPF processes %OSPF-4-BADLSATYPE: Ivalid lsa: Bad LSA type Type 6: Neighborig router is sedig MOSPF packets ot supported o Cisco routers. Elimiate the error with the igore lsa mospf commad. OSPF-4-ERRRCV : OSPF received a ivalid packet because of a mismatched area ID, a bad checksum, or OSPF ot eabled o a receivig iterface. Bad Checksum : Device is corruptig the packet. Sedig router s iterface is bad, or a software bug exists Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

80 [ 79 ] CCIE Routig ad Switchig v4.0 Quick Referece Receivig router s iterface is bad, or a software bug exists. Geeral troubleshootig commads show ip ospf eighbor [iterface-type iterface-umber] [eighbor-id] [detail] : Displays OSPF eighbor iformatio o a per-iterface basis. show ip ospf [process-id] Displays geeral iformatio about OSPF routig processes. show ip ospf iterface [iterface-type iterface-umber] Displays OSPF-related iterface iformatio. show ip ospf database Displays lists of iformatio related to the OSPF database for a specific router. debug ip ospf packet This EXEC commad displays iformatio about each OSPF packet received: Router# debug ip ospf packet OSPF: rcv. v: 2 t: 1 l: 48 rid: aid: chk: 0 aut: 2 keyid: 1 seq: 0x0 The possible output values are as follows: v: Versio of OSPF t: Specifies the OSPF packet type (1: Hello, 2: DBD, 3: LSR, 4: LSU, 5: LAAck) rid: Provides the OSPF router ID aid: Shows the area ID 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

81 [ 80 ] CCIE Routig ad Switchig v4.0 Quick Referece chk: Displays the checksum aut: Provides the autheticatio type (0: o, 1: simple password, 2: MD5) auk: Specifies the autheticatio key keyed: Displays the MD5 key ID seq: Provides the sequece umber BGP Border Gateway Protocol (BGP) is a Exterior Gateway Protocol (EGP) used for routig betwee autoomous systems. It eables routig policies ad improves security. Figure 4-6 Exterior Gateway Protocol 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

82 [ 81 ] CCIE Routig ad Switchig v4.0 Quick Referece BGP is a advaced path vector protocol ad icludes the followig: Reliable updates Triggered updates oly Rich metrics (path attributes) Scalable to massive etworks Because of these ehacemets, BGP is ofte described as advaced distace vector. Perhaps the most techically accurate descriptio is path vector. Commo uses for BGP iclude the followig: Customer coected to oe Iteret service provider (ISP) (ot always required, however) Customer coected to several ISPs Service provider etworks (trasit AS) Network cores of very large eterprise etworks Sessio Establishmet BGP eighbors are ot discovered; they must be cofigured maually o both sides of the coectio. TCP port umber 179 is used. Oly oe sessio remais if both coectio attempts succeed. The show ip bgp summary commad gives a overview of the sessio status. Idicatios iclude Idle, Active, OpeSet, OpeCofirm, ad Established. Keepalives are set every 60 secods. Peers ca use a MD5 shared secret. Route Processig All routes received after the eighbor establishmet are saved i memory. If more tha oe way to reach a destiatio exists, the best is selected. Use the show ip bgp commad to view all the routig iformatio received from all eighbors Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

83 [ 82 ] CCIE Routig ad Switchig v4.0 Quick Referece The best route selectio criteria occurs i this order: Exclude ay route with iaccessible ext hop Prefer highest weight (local to router) Prefer highest local preferece (global withi AS) Prefer routes that the router origiated Prefer shortest AS paths (compare legth oly) Prefer lowest origi code (IGP < EGP < Icomplete) Prefer lowest Multiexit Discrimiator (MED) Prefer exteral paths over iteral BGP (ibgp) paths For ibgp paths, prefer path through closest IGP eighbor For exteral BGP (ebgp) paths, prefer the oldest path Prefer paths from router with lower BGP router ID The best routes (valid ad reachable) are propagated to BGP eighbors. The best BGP routes are copied ito the IP routig table after the router checks admiistrative distace values. The BGP process ijects local routes i two differet ways: Usig the etwork cofiguratio commads. This commad lists etworks that are cadidates if they appear i the routig table. Usig redistributio by aother routig protocol Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

84 [ 83 ] CCIE Routig ad Switchig v4.0 Quick Referece Route Summarizatio Automatic classful summarizatio is eabled by default. Whe you disable automatic summarizatio, the routes itroduced locally ito the BGP table are ot summarized. Iteral BGP (IBGP) Versus Exteral BGP (EBGP) BGP operates by establishig peer relatioships with other BGP routers i either a exteral (ebgp) or iteral (ibgp) maer. Iteral BGP peers are those that share the same AS (AS) umber. By cotrast, exteral BGP peers are those which do ot share the same AS umber. Although these are mior cofiguratio differeces, they are hadled i differet ways: 1. Packets set to ebgp peers use a TTL of The ext-hop field is updated with the last ebgp peer. It is ot updated whe ibgp is used. 3. ebgp eighbors do ot advertise routes to ebgp eighbors i a AS that is cotaied with i the AS_PATH. 4. ibgp routes have a AD of 200; ebgp routes have a AD of ibgp routes are subject to BGP sychroizatio (if eabled). BGP sychroizatio is the major differece betwee ebgp ad ibgp routes ad is characterized by the BGP sychroizatio rule: For a ibgp route to be added to the BGP table, the exact prefix must be i the routig table from a IGP. The sychroizatio rule is a method that guaratees that a route is kow to all routers withi the AS eve if they are ot ruig BGP. If a route is advertised via ibgp ad a o-bgp router sits logically betwee the BGP peers, the o-bgp router will black hole the traffic because the destiatio is ot kow via IGP first. The sychroizatio check ca be tured off (ad is by default as of IOS versio 12.2(8)T) with the router cofiguratio commad: Router(cofig-router)# o sychroizatio 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

85 [ 84 ] CCIE Routig ad Switchig v4.0 Quick Referece If disabled, it must be guarateed that a routig black hole exists withi the AS by creatig a full-mesh ibgp etwork or usig a BGP tool such as route reflectors or cofederatios. BGP Basic Cofiguratio To start BGP o your router, use the followig global cofiguratio commad: router bgp as-umber A public AS umber ca be obtaied from the appropriate agecy, or a private AS umber is possible i some situatios (64,512 to 65,535). Oly oe BGP process is permitted per router. To cofigure your BGP eighbors, use the followig router cofiguratio commads: eighbor ip-address remote-as as-umber eighbor ip-address descriptio eighbor descriptio To temporarily disable a eighborship, use the followig router cofiguratio commad: eighbor ip-address shutdow To cofigure MD5 autheticatio betwee eighbors, use the followig router cofiguratio commad. Keep i mid the password strig must match o both routers. eighbor ip-address password strig Aoucig Networks To disable automatic summarizatio, use the followig router cofiguratio commad: o auto-summary To maually defie a etwork for advertisemet by BGP, use the followig router cofiguratio commad: etwork etwork-umber [mask etwork-mask] 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

86 [ 85 ] CCIE Routig ad Switchig v4.0 Quick Referece If you use this commad ad auto-summarizatio is o (the default behavior), at least oe of the subets must be preset i the forwardig table for the major etwork prefix to be advertised. If auto-summarizatio is disabled, a exact match is required i the forwardig table. You ca use the mask keyword to specify a specific subet with the etwork commad. If you would like to modify attributes before isertig prefixes ito the BGP table, you ca use a route map i the etwork commad i router cofiguratio mode: etwork etwork-umber [mask etwork-mask] [route-map map-tag] This optio might be used for oe or more of the followig: Chage the weight of a locally sourced route. Maipulate source routes with BGP commuities. Set the local preferece. Chage the value of the MED. To advertise routes based o route redistributio, examie the followig sample commad sytax: Router(cofig)# router bgp Router(cofig-router)# redistribute ospf 1 Router(cofig-router)# distribute-list prefix MY_PREFIX_LIST out Oe caveat here is that the routes have a origi code of ukow. This makes them seem iferior to other routes per the BGP route-selectio process. Notice the optioal use of the distribute list sytax to suppress certai etworks from beig advertised i updates. Redistributio ca be cofigured with a route map to reset the origi code or set other attributes. Here is a example: Router(cofig)# router bgp Router(cofig-router)# redistribute ospf 1 route-map MY_ROUTE_MAP 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

87 [ 86 ] CCIE Routig ad Switchig v4.0 Quick Referece Classless BGP To maually aouce a classless prefix, be sure to use the followig router cofiguratio commad: = etwork ip-prefix-address mask subet-mask You should also cosider creatig a static route poitig to ull0 to create a matchig prefix i the IP forwardig table to esure the subet is advertised. Aggregatio i BGP Use the followig router cofiguratio commad to cofigure route summarizatio to suppress the advertisig of idividual etworks. Remember, at least oe etwork of the summarized space must exist i the BGP table: aggregate-address address-prefix mask summary-oly Route Selectio Usig Policy Cotrols AS Path Filterig with Regular Expressios Strig matchig: A strig of characters i the regular expressio matches ay equivalet substrig i the AS path; 29 has three matches i , for example. Strig matchig alteratives: The pipe symbol ( ) meas or. Strig matchig rages ad wildcards: Brackets ([ ]) ca be used for rages, ad the period (.) ca match ay sigle character. Strig matchig delimiters: The caret (^) matches the begiig of strig, the dollar sig ($) matches the ed of the strig, ad a uderscore (_) matches ay delimiters. Strig matchig groupig: Paretheses ca group smaller expressios ito larger expressios Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

88 [ 87 ] CCIE Routig ad Switchig v4.0 Quick Referece Strig matchig special characters: You ca use the backslash (\) to remove the special meaig of the character that follows. Strig matchig repeatig operators: A asterisk (*) meas the expressio precedig repeats zero or more times; a questio mark (?) meas the expressio precedig repeats zero or oe time;, ad a plus sig (+) meas the expressio precedig repeats oe or more times. Here are some strig matchig examples: _200_ All routes goig through AS 200 ^200$ Directly coected to AS 200 _200$ Origiated i AS 200 ^200_. Networks behid AS 200 ^[0 9]+$ AS paths oe autoomous system log ^([0 9]+)(_\1)*$ Networks origiatig i the eighbor AS ^$ Networks origiated i local AS.* Matches everythig AS path filters cofigured iboud o a router select those routes that are allowed Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

89 [ 88 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 4-7 AS-Path Filters Routes selected eter the local BGP table whe the selectio is applied o the icomig routes from a eighbor. Routes ot selected are siletly dropped. Routes selected if a outboud filter is used are trasmitted to the eighbor whe the selectio is applied. Routes ot selected are used locally but are ever set to the eighbor. The commads used to cofigure a AS path list are relatively simple. First, cofigure a AS path access list as follows i global cofiguratio mode: ip as-path access-list access-list-umber {permit dey} as-regular-expressio To set up a BGP filter, use the eighbor filter-list router cofiguratio commad: eighbor {ip-address peer-group-ame} filter-list access-list-umber {i out} Moitorig the use of regular expressios is critical. To display routes matchig the AS path regular expressio, use the show ip bgp regexp commad. To display routes that coform to a specified filter list, use the show ip bgp filter-list commad. To display a specific access list or all AS path access lists i the router, use the show ip as-pathaccess-list commad. Prefix Lists Prefix lists are a powerful method to cotrol the updates comig from other BGP speakig routers Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

90 [ 89 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 4-8 Prefix filterig To create a etry i a prefix list, use the ip prefix-list global cofiguratio commad: ip prefix-list list-ame [seq seq-value] dey permit etwork/le [ge ge-value] [le le-value] You ca use the parameters ge (greater tha) ad le (less tha) to specify the rage of the prefix legth to be matched for prefixes that are more specific tha etwork/le. The exact match is assumed whe either ge or le is specified. The rage is assumed to be from ge-value to 32 oly if the ge attribute is specified. The rage is assumed to be from le to le-value oly if the le attribute is specified. To distribute BGP eighbor iformatio as specified i a prefix list, use the followig router cofiguratio commad: eighbor {ip-address peer-group-ame} prefix-list prefix-listame {i out} This might be useful to suppress a more specific route or to chage the path used to reach a certai destiatio. To suppress etworks from beig advertised i updates, use the followig router cofiguratio commad: distribute-list {access-list-umber ame prefix-list prefix-listame} out [iterface-ame routig-process autoomous-system-umber] To display iformatio about a prefix list or prefix list etries, use the show ip prefix-list commad Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

91 [ 90 ] CCIE Routig ad Switchig v4.0 Quick Referece Outboud Route Filterig Outboud Route Filterig (ORF) is a prefix-based BGP feature eabled through the advertisemet of ORF capabilities to peer routers. The advertisemet of the ORF capability idicates that a BGP-speakig router ca accept a prefix list from a eighbor ad apply the prefix list to locally cofigured ORFs (if ay exist). Whe this capability is eabled, the BGP speaker ca istall a iboud prefix list filter to the remote peer as a outboud filter, which reduces uwated routig updates. A ORF message cotais the followig iformatio: Address Family Iformatio (AFI, IPv4 or IPv6) ad Subsequet Address Family Iformatio (SAFI, Uicast, Multicast, ad so o) for which the filter should be used ORF type Whe to refresh (immediate or deferred refresh) List of ORF etries where the actual filter is defied Commoly used ORF types are as follows: ORF type 1 filters based o Network Layer Reachability Iformatio (NLRI) ORF type 2 filters based o stadard BGP commuity attributes ORF type 3 filters based o exteded BGP commuity attributes ORF type 128 filters based o Cisco proprietary implemetatio of prefix filterig (prefix lists) A ORF type of NLRI-based filterig (type 1) uses the followig actios: ADD: Adds a lie to a prefix list filter o the remote peer DELETE: Removes a lie from a filter that was previously istalled o a remote peer DELETE ALL: Removes all previously istalled filters o the remote peer 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

92 [ 91 ] CCIE Routig ad Switchig v4.0 Quick Referece To advertise ORF capabilities to a peer router, use the eighbor orf prefix-list commad i address family or router cofiguratio mode: eighbor {ip-address} [capability] orf prefix-list [receive sed both] Use the clear ip bgp eighbor commad with the prefix-filter keyword to push out the existig ORF prefix list so that a ew route refresh ca be received from a eighbor. The eighbor uses the ORF prefix list previously egotiated. Filterig with Route Maps Route maps are also a power filterig tool. They ca be used to accomplish the followig tasks: Filter o IP prefixes comig from a specific AS Filter o other BGP attributes Modify BGP attributes Match clauses i the BGP route map ca be based o the followig: IP etwork umbers ad subet masks (prefix list or access list) Route origiator Next hop Origi code Tag value attached to a Iterior Gateway Protocol (IGP) route AS path Commuity IGP route type 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

93 [ 92 ] CCIE Routig ad Switchig v4.0 Quick Referece With a route map, the followig ca be set: Origi Next hop Weight Commuity Local preferece MED You ca apply a route map o icomig or outgoig routig iformatio for a eighbor. The routig iformatio must be permitted by the route map to be accepted. If the route map has o statemet explicitly permittig a route, the route is implicitly deied ad dropped. The sytax required is as follows: Router(cofig-router)# eighbor ip-address route-map ame i out The show ip bgp route-map commad displays selected routes from a BGP routig table based o the cotets of a route map. Implemetig Chages i Policy The traditioal method of clear ip bgp * is disruptive. Soft recofiguratio was itroduced i Cisco IOS Release 11.2 to facilitate odisruptive chages i BGP. Whe you cofigure soft-recofiguratio iboud for a eighbor, the router stores all routes received from that eighbor as a extra copy i memory. This copy is take before ay filterig is applied by the router to routes it receives. Whe you have completed the chages to filters ad route maps applied o icomig iformatio, use clear ip bgp ip-address soft o the router i privileged EXEC mode. Whe you have completed the chages to filters ad route maps applied o the outgoig iformatio, execute clear ip bgp ip-address soft out o the router i privileged EXEC mode Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

94 [ 93 ] CCIE Routig ad Switchig v4.0 Quick Referece Route refresh is aother ew feature i the Cisco implemetatio of BGP. Routers use the route refresh feature to ask a eighbor to resed all the routig iformatio whe eeded. Use the clear ip bgp * commad to sed a route refresh message to all eighbors or clear ip bgp ip-address to sed a route refresh message to a specific eighbor. BGP Path Attributes Madatory Well-Kow Attributes Origi: Specifies the router s origi IGP EGP Ukow Route was redistributed AS-Path: Sequece of AS umbers through which the route is accessible Next-Hop: IP address of the ext-hop router Discretioary Well-Kow Attributes Local Preferece: Used for cosistet routig policy with a AS Atomic Aggregate: Iforms the eighbor AS that the origiatig router aggregated routes Notrasitive Attributes Multiexit Discrimiator: Used to discrimiate betwee multiple etry poits ito a AS Trasitive Attributes Aggregator: IP address ad AS of the router that performed aggregatio 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

95 [ 94 ] CCIE Routig ad Switchig v4.0 Quick Referece Commuity: Used for route taggig Ifluecig Route Selectio Usig Weights Usig Weight You ca use weight to provide local routig policy, ad you ca use local preferece to establish AS-wide routig policy. To assig a weight to a eighbor coectio, use the eighbor weight router cofiguratio commad: eighbor {ip-address peer-group-ame} weight weight This approach assigs a weight value to all route updates from the eighbor. Higher weights are preferred. You ca also cofigure the router so that all icomig routes that match a AS filter receive the cofigured weight. Use the followig router cofiguratio commad to do so: eighbor {ip-address peer-group-ame} filter-list access-list-umber {i out weight weight} You ca also set a weight with a route map i more complex scearios. The default weight value is 32,768 for locally origiatig etworks (icludig those via redistributio) ad is 0 for all other etworks. Usig Local Preferece You ca use local preferece to ifluece route selectio withi the local AS; this attribute is stripped from outgoig updates via ebgp. You should decide betwee the use of weight or local preferece. The default local preferece for ibgp ad local routes is 100; all others are 0 by default. You ca apply local preferece i the followig ways: Usig a route map with the set local-preferece commad Usig the bgp default local-preferece commad to chage the default local preferece value applied to all updates comig from exteral eighbors or origiatig locally For verificatio, you ca use the commad show ip bgp prefix to display the locally applied value Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

96 [ 95 ] CCIE Routig ad Switchig v4.0 Quick Referece AS Path Prepedig I etworks where coectios to multiple providers are required, it is difficult to specify a retur path to be used for traffic returig to the AS. Oe BGP mechaism you ca use is AS path prepedig. AS path prepedig potetially eables the customer to ifluece the route selectio of its service providers. You maipulate AS paths by prepedig AS umbers to existig AS paths. Typically, you perform AS path prepedig o outgoig ebgp updates over the uwated retur path. Because the AS paths set over the uwated lik become loger tha the AS path set over the preferred path, the uwated lik is ow less likely to be used as the retur path. To avoid coflicts with BGP loop-prevetio mechaisms, o other AS umber, except that of the sedig AS, should be prepeded to the AS path attribute. You ca cofigure maual maipulatio of the AS path attribute (prepedig) usig a route map with the set as-path preped commad. BGP Multi Exit Discrimiator (MED) You ca apply the MED attribute o outgoig updates to a eighborig AS to ifluece the route selectio process i that AS. The MED attribute is useful oly whe you have multiple etry poits ito a AS. The default value of the MED attribute is 0. A lower value of MED is more preferred. A router prefers a path with the smallest MED value but oly if weight, local preferece, AS path, ad origi code are equal. MED is ot a madatory attribute; o MED attribute is attached to a route by default. The oly exceptio is if the router is origiatig etworks that have a exact match i the routig table (through the etwork commad or through redistributio). I that case, the router uses the metric i the routig table as the MED attribute value. Usig the default-metric commad i BGP cofiguratio mode causes all redistributed etworks to have the specified MED value. You ca use a route map to set MED o icomig or outgoig updates. Use the set metric commad withi route map cofiguratio mode to set the MED attribute. You must use the commad bgp bestpath med cofed whe you use MED withi a cofederatio to ifluece the route selectio process. A router compares 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

97 [ 96 ] CCIE Routig ad Switchig v4.0 Quick Referece MED values for those routes that origiate i the cofederatio. BGP Commuities A commuity is a attribute used to set a idetifier s BGP routes. A router ca apply it to ay BGP route by usig a route map. Other routers ca the perform ay actio based o the tag (commuity) that is attached to the route. Ay BGP router ca tag routes i icomig ad outgoig routig updates or whe doig redistributio. I additio, ay BGP router ca filter routes i icomig or outgoig updates or select preferred routes based o the commuity values. By default, commuities are stripped i outgoig BGP updates. The actual commuity attribute is a trasitive optioal attribute. The value of this attribute is a 32-bit umber i the possible rage of 0 to 4,294,967,200. You ca tag each etwork i a BGP routig table with a set of commuities. The default commuity is Iteret (0). The BGP stadards defie several well-kow commuities for your use: o-export: Do ot advertise routes to real ebgp peers. o-advertise: Do ot advertise routes to ay peer. local-as: Do ot advertise routes to ay ebgp peers. iteret: Advertise this route ormally; this is the default commuity value. Because the commuity attribute is a trasitive optioal attribute, routers that do ot support commuities pass them alog uchaged. To defie your ow commuities, you use a 32-bit commuity value split ito two parts: High-order 16 bits that cotai the AS umber of the AS that defies the commuity meaig Low-order 16 bits that have local sigificace 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

98 [ 97 ] CCIE Routig ad Switchig v4.0 Quick Referece You ca specify a 32-bit commuity value as follows: [AS-umber]: [low-order-16-bits] You use commuities i a well-plaed step-by-step way. Here are the steps that you should cosider ad examples of each: Step 1. Step 2. Step 3. Defie admiistrative policy goals. Example: Solve asymmetric customer routig problems. Desig filters ad path selectio policy to achieve admiistrative goals. Example: Set local preferece of customer routes to 75 for customers usig the backup ISP. Defie commuities to be used to achieve idividual goals. Example: Commuity 367: 20 idicates that the local preferece of the route should be lowered to 75. To actually cofigure BGP commuities, you ca use the followig steps: Step 1. Step 2. Step 3. Step 4. Step 5. Cofigure route taggig with BGP commuities. Cofigure BGP commuity propagatio. Defie BGP commuity access lists (commuity lists) to match BGP commuities. Cofigure route maps that match o commuity lists ad filter routes or set other BGP attributes. Apply route maps to icomig or outgoig updates. Route taggig with commuities is always doe with a route map. You ca specify ay umber of commuities; commuities specified i the set keyword overwrite existig commuities uless you specify the additive optio. After you create the route map, you ca apply it to iboud or outboud BGP updates usig the followig router cofiguratio commad: eighbor ip-address route-map map i out 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

99 [ 98 ] CCIE Routig ad Switchig v4.0 Quick Referece To apply a route map to redistributed routes, use the followig router cofiguratio commad: redistribute protocol route-map map By default, commuities are stripped i outgoig BGP updates; therefore, you must maually cofigure commuity propagatio to BGP eighbors. You ca do so usig the followig commad: eighbor ip-address sed-commuity Keep i mid that BGP peer groups are ideal for cofigurig BGP commuity propagatio toward a large umber of eighbors. You ca use a stadard commuity access list to fid commuity attributes i routig updates. A stadard commuity list is defied by its assiged list umber. The list umber uses a rage from 1 to 99. Commuity lists are similar to stadard IP access lists i these ways: The router evaluates the lies i the commuity list sequetially. If o lie matches commuities attached to a BGP route, the route is implicitly deied. Stadard commuity lists differ from stadard IP access lists i these ways: The keyword iteret should be used to permit ay commuity value. If more values are listed i a sigle lie, they all have to be i a update to have a match. Here is the global cofiguratio mode sytax for the creatio of the stadard commuity list: ip commuity-list 1-99 permit dey value [ value... ] To create a exteded commuity list, use the followig global cofiguratio mode sytax: ip commuity-list permit dey regexp These exteded commuity lists are like simple commuity lists, but they match based o regular expressios Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

100 [ 99 ] CCIE Routig ad Switchig v4.0 Quick Referece Specifically, commuities attached to a route are ordered, coverted to a strig, ad matched with regexp. You ca use the.* sytax to match ay commuity value. Commuity lists are used i match coditios i route maps to match o commuities attached to BGP routes. After you create your commuity lists, you ca match to these lists i your route maps. A route map with a commuity list matches a route if at least some commuities attached to the route match the commuity list. You ca use the exact optio to esure that all commuities attached to the route have to match the commuity list. Remember, you ca use route maps to filter routes or set other BGP attributes based o commuities attached to routes. Route Reflectors BGP requires that all BGP peers i the same AS form a ibgp sessio with all peers i the AS. This is too difficult i may eviromets. Route reflectors are fully fuctioal ibgp speakers that form ibgp sessios with other ibgp speakers, ad they also perform a secod fuctio they forward routes from other ibgp speakers to route reflector cliets. The route reflector cliets form ibgp sessios oly with the route reflectors. The route reflectors ad the cliets form a cluster. To cofigure route reflectors, cosider these iitial tasks: Cofigure the proper cluster ID value o the route reflectors. Cofigure the route reflector with iformatio about which ibgp eighbor sessios are reachig their cliets. I the cliets, remove all ibgp sessios to eighbors that are ot a route reflector i the cliet cluster. Make sure that the ibgp eighbor is removed o both eds of the ibgp sessio. The commad used to cofigure the cluster ID if the BGP cluster has redudat route reflectors is as follows: bgp cluster-id cluster-id 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

101 [ 100 ] CCIE Routig ad Switchig v4.0 Quick Referece The commad used to cofigure the router as a BGP route reflector ad cofigure the specified eighbor as its cliet is as follows: eighbor ip-address route-reflector-cliet Cofederatios Cofederatios are aother method of solvig the ibgp full-mesh requiremet. Cofederatios are smaller subautoomous systems created withi the primary AS to decrease the umber of BGP peer coectios. Five steps are used i the cofiguratio of cofederatios: Step 1. Step 2. Step 3. Step 4. Step 5. Eable BGP usig the member AS umber. Cofigure the cofederatio idetifier usig the bgp cofederatio idetifier commad. Cofigure fully meshed ibgp sub-as eighbor relatioships usig the sub-as umber as the remote AS umber (ASN) for all iteral ibgp peers. Cofigure other eighbors withi the same paret AS by specifyig their sub-as umber as the remote AS umber; other cofederatio peers from differet sub-ass must also be idetified as exteral cofederatio peers usig the bgp cofederatio peers commad. Cofigure ay ebgp eighbors as you ormally would. Peer Groups To cofigure oe router with multiple BGP peer relatioships, cofiguratios ca be quite complex. Peer groups simplify the cofiguratio process. You make peer groups ad assig eighbors with the same policies to the group. Peer group members iherit the policies assiged to the group. To cofigure BGP peer groups o Cisco IOS routers, complete the followig steps: Step 1. Step 2. Create a BGP peer group; use the eighbor peer-group router cofiguratio commad. Specify parameters for the BGP peer group Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

102 [ 101 ] CCIE Routig ad Switchig v4.0 Quick Referece Step 3. Step 4. Create a BGP eighbor. Assig a eighbor to the peer group; use the eighbor peer-group router cofiguratio commad. etwork backdoor Commad The etwork backdoor router cofiguratio commad causes the admiistrative distace assiged to the etwork to be forced to 200. The goal is to make IGP-leared routes preferred. A etwork marked as a backdoor is ot sourced by the local router, but should be leared from exteral eighbors. You should be sure to verify the route is i the BGP table for the commad to have the desired effect. Cofigurig the BGP maximum-prefix Fuctio To cotrol how may prefixes a BGP router ca receive from a eighbor, use the eighbor maximum-prefix router cofiguratio commad. Route Dampeig Flappig routes create problems for BGP. A approach was created to remove the update about a flappig route util it ca be guarateed that the destiatio is more stable. This additioal BGP scalability mechaism, called route flap dampeig, was created to reduce route update processig requiremets by suppressig ustable routes. To eable route dampeig, use the bgp dampeig commad. Troubleshootig ad Moitorig BGP Importat commads ot icluded elsewhere i the BGP Short Cuts iclude the followig: show ip bgp eighbors ip-address: Displays detailed eighbor iformatio show ip bgp: Displays all the routes i the BGP table show ip bgp ip-prefix [mask subet-mask]: Displays detailed iformatio about all paths for a sigle prefix debug ip tcp trasactios: Displays all TCP trasactios 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

103 [ 102 ] CCIE Routig ad Switchig v4.0 Quick Referece debug ip bgp evets: Displays sigificat BGP evets debug ip bgp keepalives: Debugs BGP keepalive packets debug ip bgp updates: Displays all icomig or outgoig BGP updates debug ip bgp updates acl: Displays all icomig ad set updates matchig a ACL debug ip bgp ip-address updates [acl]: Displays all BGP updates received from or set to a specific eighbor EIGRP Ehaced Iterior Gateway Routig Protocol (EIGRP) is a hybrid routig protocol combiig features of both distace vector ad lik-state routig protocols. Advatages iclude the followig: VLSM support Rapid covergece thaks to Diffusig Update Algorithm (DUAL) Low CPU utilizatio with typically oly hellos ad partial updates beig set o a lik Icremetal updates Scalability Ease of cofiguratio Automatic route summarizatio, or maual route summarizatio MD5 route autheticatio EIGRP uses IP protocol 88. It uses a multicast address of for hellos ad routig updates. EIGRP s Metric EIGRP uses a composite metric such as Iterior Gateway Routig Protocol (IGRP), but it is modified with a multiplier of 256. Badwidth ad delay are the defaults eabled. EIGRP calls the metric feasible distace. All the possible metric values are as follows: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

104 [ 103 ] CCIE Routig ad Switchig v4.0 Quick Referece Badwidth: Expressed i kilobytes; to adjust the badwidth value assiged to a iterface, use the badwidth commad. Delay: Expressed i microsecods; it ca be adjusted usig the delay commad; whe maipulatig metrics, cosider delay because badwidth would affect other protocols, too. Reliability: Expressed as a umber i the rage of 1 to 255; 1 is a completely ureliable lik. Load: Expressed as a umber i the rage of 1 to 255; 1 is a miimally loaded lik. MTU: Maximum trasmissio uit; the smallest recorded MTU i the path. Note that MTU is ot used i metric calculatio. The metric formula used by EIGRP is as follows: metric = [K1 * BW + ((K2 * BW) / (256 load)) + K3 * delay] By default, K1 = 1, K2 = 0, K3 = 1, K4 = 0, K5 = 0. If you maipulate the K values o oe router, you must maipulate o all. EIGRP uses a 32-bit metric as opposed to the 24-bit metric of IGRP; the two are compatible automatically durig redistributio, however. EIGRP Packets Hello: Establish eighbor relatioships. Update: Sed routig updates. Query: Ask eighbors about routig iformatio. Reply: Respod to queries. Ack: Ackowledge reliable packets Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

105 [ 104 ] CCIE Routig ad Switchig v4.0 Quick Referece The address used for hello packets is ; AS umbers must match. Hellos are set every 5 secods o broadcast liks ad poit-to-poit serial liks, poit-to-poit subiterface liks, ad multipoit circuits greater tha T1. They are set every 60 secods o other lik types. The hold time defaults to 3 times the hello time. Neighborships form eve if the values do ot match. EIGRP Reliability Packets that require ackowledgmet are as follows: Update Query Reply Packet that do ot are as follows: Hello Ack Neighbor reset after retry limit (16) is reached. Slow eighbors are set uicast packets istead. Iitial Route Discovery Router discovery ad route exchage happe simultaeously as follows: 1. Router comes up ad seds hellos. 2. Reply from a eighbor icludes Update. 3. Ack packets are set. 4. Update process occurs i the opposite directio Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

106 [ 105 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 4-9 EIGRP Discovery ad Route Exchage EIGRP DUAL The lowest-cost route is calculated by addig the cost betwee the ext-hop router ad the destiatio (advertised distace [AD]) ad the cost betwee the local router ad the ext hop. This sum is referred to as the feasible distace (FD). A successor is a eighborig router that the local router has selected to forward packets to the destiatio. Multiple successors ca exist if they have equal-cost paths. The ext-hop router for a backup path is called the feasible successor. To qualify as a feasible successor, a ext-hop router must have a AD less tha the FD of the curret successor route. More tha oe feasible successor ca exist. The feasible successor meas that a ew path ca be selected without recalculatio ad is a major advatage i EIGRP for covergece. Remember, EIGRP acts classful by default ad automatically summarizes o major etwork boudaries. You typically wat to disable this feature with the o auto-summary router cofiguratio commad. EIGRP Queries If EIGRP detects a chage to the etwork topology, a iput evet, that requires a chage to a route, it must perform a check to determie the existece of a Feasible Successor (FS). If a FS is ot foud, the Query process must be iitiated, which is goig Active o a route Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

107 [ 106 ] CCIE Routig ad Switchig v4.0 Quick Referece Whe a route is active, a EIGRP router uses a multicast query to ask all its eighbors for a valid route to the subet. Because a received query is cosidered a iput evet, EIGRP follows a similar process before respodig. If the eighbor router receives a query for a subet to which it does ot have a route to, it seds a uicast reply statig that it has o route. If the eighbor router does have a route to the subet, that route ca be affected by the origial Query. I this case, EIGRP goes Active o the route as well. If ot, or if the router has a FS, it respods with a uicast EIGRP reply message with the route details. If the query causes the router to go active o the route, it does ot immediately respod but istead geerates a Query to all of its eighbors. If o router i the EIGRP domai cotais a route to the subet, the route is removed from all routig tables. Otherwise whe a FS is foud, it is propagated to all the queryig routers. A route is cosidered stuck-i-active if o respose to the query has bee received for a cofigured amout of time (default 3 miutes). After this time, the EIGRP drops all eighbors that it has ot received replies from. Cofigurig EIGRP To eable EIGRP, use the followig global cofiguratio commad: router eigrp autoomous-system-umber To idetify the iterfaces participatig i EIGRP, use the followig router cofiguratio commad: etwork etwork-umber [wildcard-mask] Usig the default-etwork Commad Usig the commad, you ca cofigure a default route for the EIGRP process so that it propagates to other EIGRP routers withi the same AS. A router cofigured with the commad cosiders the etwork listed i that commad as the last-resort gateway. You should defie the default route usig a static route to esure it is advertised. Verificatio A commad that deserves some elaboratio is the show ip eigrp topology commad. The codes i the output are as follows: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

108 [ 107 ] CCIE Routig ad Switchig v4.0 Quick Referece Passive: This etwork is available, ad istallatio ca occur i the routig table. Active: This etwork is curretly uavailable, ad istallatio caot occur i the routig table. Update (U): Applies if a etwork is updated (placed i a update packet); this code also applies if the router is waitig for a ackowledgmet for this update packet. Query (Q): Applies if a outstadig query packet exists for this etwork other tha i the active state; also applies if the router is waitig for a ackowledgmet for a query packet. Reply (R): Applies if the router is geeratig a reply for this etwork or is waitig for a ackowledgmet for the reply packet. Stuck i active (SIA) status: Sigifies a EIGRP covergece problem for the etwork with which it is associated. EIGRP Route Summarizatio EIGRP performs auto-summarizatio by default. You ca eable maual summarizatio. Keep the followig i mid about maual summarizatio: Summarizatio is cofigurable o a per-iterface basis i ay router withi a etwork. Whe summarizatio is cofigured o a iterface, the router immediately creates a route poitig to ull0. This is a loop-prevetio mechaism. Whe the last specific route of the summary goes away, the summary is deleted. The miimum metric of the specific routes is used as the metric of the summary route. To disable auto-summarizatio, use the o auto-summary commad i EIGRP router cofiguratio mode. Use the ip summary-address eigrp iterface commad to maually create a summary route at a arbitrary etwork boudary withi a EIGRP domai Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

109 [ 108 ] CCIE Routig ad Switchig v4.0 Quick Referece Uequal-Cost Load Balacig The degree to which EIGRP performs load balacig is cotrolled with the variace commad. You set the variace to a umber from 1 to 128. The default is 1, which idicates equal-cost load balacig. The multiplier defies the rage of metric values that are accepted for load balacig by the EIGRP process. For example, if you wat load balacig to occur betwee two liks, ad oe has a metric of 1000 ad the other has a metric of 2000, you eed to set the variace to 2 to cause load balacig betwee the two liks. A route must be i the topology table by meetig the iitial feasibility test; otherwise, it wo t be used i load balacig regardless of the variace. Badwidth Utilizatio By default, EIGRP uses up to 50 percet of the badwidth of a iterface or subiterface, which is set with the badwidth parameter. This percetage ca be chaged o a per-iterface basis by usig the ip badwidth-percet eigrp iterface cofiguratio commad. I this commad, is the percetage of the cofigured badwidth that EIGRP ca use. This percetage ca be greater tha 100. This is useful if the badwidth is cofigured artificially low for routig policy reasos. EIGRP Stub Routig Ofte used i a hub-ad-spoke topology. Oly routes you specify are propagated from the stub router. The stub router respods to all queries with the message iaccessible. A router cofigured as a stub seds a special peer iformatio packet to all eighborig routers to report its status as a stub router. Nostub routers do ot query stub routers. The stub routig feature does ot prevet routes from beig advertised to the stub router. You must cofigure the summarizatio or default route behavior. To cofigure the stub router, use the followig router cofiguratio commad: eigrp stub [receive-oly coected static summary] The optioal keywords with this commad cotrol which routes the router advertises to its ostub peers Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

110 [ 109 ] CCIE Routig ad Switchig v4.0 Quick Referece Route Filterig ad Policy Routig Distribute lists You ca filter routig update traffic for ay protocol by defiig a access list ad applyig it to a specific routig protocol. You use the distribute-list commad ad lik it to a access list to complete the filterig of routig update traffic. For outboud traffic, the appropriate router cofiguratio mode commad is as follows: distribute-list {access-list-umber ame} out [iterface-ame routig-process [autoomous-system umber]] For iboud traffic, the appropriate router cofiguratio commad is as follows: distribute-list {access-list-umber ame} i [type umber]] Usig a distribute list with redistributio helps prevet route feedback. Route feedback occurs whe routes origially leared from oe routig protocol are redistributed back ito that protocol. Route feedback ca help lead to routig loops caused by redistributio. Route Maps Route maps are complex access lists that eable coditios to be tested agaist a packet or route usig the match commads. If the coditios match, actios ca be take to modify attributes of the packet or route. These actios are specified by set commads. Several of the more commo applicatios for route maps are as follows: Route filterig durig redistributio Policy-based routig (PBR) Network Address Traslatio (NAT) Implemetig BGP policies 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

111 [ 110 ] CCIE Routig ad Switchig v4.0 Quick Referece To defie the route map coditios ad set the sequece umber of route map lies, use the followig global cofiguratio mode commads: route-map map-tag [permit dey] [sequece-umber] To defie the coditios to match, use the followig commad: match {coditios} To defie the actios to be take, use the followig commad: set {actios} Policy Routig PBR eables you to implemet policies that selectively cause packets to take differet paths; this eables you to vary from the typical destiatio-based approach of IP. For example, you ca easily cofigure routes to flow based o source address iformatio. You ca also mark traffic with differet type of service (ToS) cofiguratios. You implemet PBR through the use of route maps to implemet policy. To idetify a route map to use for PBR o a iterface, use the followig commad: ip policy route-map map-tag PBR must be cofigured before PBR fast switchig ca be eabled. Fast switchig of PBR is disabled by default. To cofigure fast-switched PBR, use the ip route-cache policy commad i iterface cofiguratio mode. Redistributio <Mods> There are quite ofte occasios i which two or more routig protocols are used withi a domai. Because these two routig protocols might cotai iformatio about differet etworks, if full coectivity is to be created, there must be a way to feed iformatio from oe protocol ito aother. Route Redistributio takes iformatio from oe protocol ad iserts it ito aother protocol. A commo example of this is foud i most modest-sized etworks whe BGP is ru as EGP with a service provider ad a IGP is ru iterally to create full etwork coectivity iside the domai. BGP ca advertise the iteral etwork routes to the rest of the Iteret ad provide a path to the Iteret. Because each routig protocol uses differet methods for metric calculatio, it is difficult to equate a 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

112 [ 111 ] CCIE Routig ad Switchig v4.0 Quick Referece metric i oe protocol to a secod protocol. Other problems arise, such as learig the same prefix from more tha oe routig protocol. A decisio must be made as to which protocol is more trustworthy. It s also possible to create routig loops as routes are advertised from oe protocol to aother. Although redistributio betwee certai protocols has uique cocers ad characteristics, the followig geeric steps apply to all routig protocol combiatios: Step 1. Step 2. Step 3. Step 4. Locate the boudary router that requires cofiguratio of redistributio. Determie which routig protocol is the core or backboe protocol. Determie which routig protocol is the edge or short-term protocol. Select a method for ijectig the required edge protocol routes ito the core. To redistribute routes ito RIP: redistribute protocol [process-id] [match route-type][metric metric-value] [route-map map-tag] RIP requires a metric to be specified withi the ormal valid limits of a RIP route. This must be specified after the metric optio. A route-map ca also be optioally be applied that eables cotrol over which routes will be redistributed ito RIP. The metric type ca also be matched that eables a specific type of route to be the oly routes redistributed. To redistribute routes ito OSPF: redistribute protocol [process-id] [metric metric-value][metric-type type-value] [route-map map-tag] [subets] [tag tag-value] OSPF also requires a metric whe importig routes. The subets optio is also almost always used whe redistributig routes ito OSPF. Otherwise oly etworks that are ot subetted will be added. You ca use Route maps to specify with graularity specific subets to be added. Use the tag optio to add a tag to the routes. This helps whe determiig where a route came from. This is ofte helpful whe tryig to stop routig loops due to redistributio Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

113 [ 112 ] CCIE Routig ad Switchig v4.0 Quick Referece To redistribute routes ito EIGRP: redistribute protocol [process-id] [match {iteral exteral 1 exteral 2}] [metric metric-value] [route-map map-tag] EIGRP mirrors OSPF ad RIP with some of the same optios but additioally adds the match optio. This eables oly specific route types from OSPF to be iserted ito the EIGRP routig process. The metric also must be specified usig the EIGRP metrics of badwidth, delay, load, reliability, ad MTU. Route Taggig Various routig protocols support tag fields. This tag field provides a locatio where additioal iformatio about a route ca be stored. This field is commoly used to idetify the AS from which a route was obtaied whe a route is leared from a differet AS. Route taggig eables you to customize routig ad maitai flexible policy cotrols Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

114 [ 113 ] CCIE Routig ad Switchig v4.0 Quick Referece Chapter 5 Quality of Service (QoS) Itroductio Voice, video, ad data travel side by side over today s coverged etworks. Some of these traffic types (for example, VoIP) eed better treatmet (that is, higher priority) tha other types of traffic (for example, FTP). Fortuately, Cisco offers a suite of QoS tools for providig special treatmet for special traffic. I the absece of QoS, traffic might suffer from oe or more of the followig symptoms: Delay (latecy): Excessive time required for a packet to traverse the etwork Delay variatio (jitter): The ueve arrival of packets, which i the case of VoIP ca be iterpreted by the listeer as dropped voice packets Packet loss: Droppig packets, especially problematic for User Datagram Protocol (UDP) traffic (for example, VoIP), which does ot retrasmit dropped packets You have two categories of QoS tools: Itegrated Services (ItServ) ad Differetiated Services (DiffServ). ItServ provides QoS by guarateeig treatmet to a particular traffic flow. A commoly used ItServ tool is RSVP (Resource Reservatio Protocol). As the ame suggests, DiffServ differetiates (that is, classifies) betwee differet types of traffic ad provides differet levels of service based o those distictios. Istead of forcig every etwork device to classify traffic, DiffServ ca mark packets with a particular priority markig that ca be refereced by other etwork devices Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

115 [ 114 ] CCIE Routig ad Switchig v4.0 Quick Referece ToS ad IP Precedece Packet markig ca be accomplished by alterig bits i a IPv4 header s ToS byte. Two commo markigs that use the ToS byte are IP Precedece ad Differetiated Services Code Poit (DSCP). IP Precedece is a older approach tha DSCP ad uses the 3 left-most bits i the ToS byte. With 3 bits to use, IP Precedece values ca rage from 0 to 7. Cisco recommeds that IP Precedece values 6 ad 7 ever be used because they are reserved for etwork use. Cisco IOS Software accepts either a IP Precedece umber or its equivalet ame, as show i Table 5-1. Table 5-1 IP Precedece Numbers IP Precedece Value Name 0 Routie 1 Priority 2 Immediate 3 Flash 4 Flash-override 5 Critical 6 Iteret 7 Network Differetiated Services Code Poit Differetiated Services Code Poit (DSCP) uses the 6 left-most bits i a IPv4 header s ToS byte. With 6 bits at its disposal, DSCP has up to 64 DSCP values (0 to 63) assiged to various classes of traffic. With so may values to select from, to maitai relative levels of priority amog routers, the IETF recommeds selected DSCP values for use. These values, called Per-Hop Behaviors (PHB), determie how packets are treated at each hop alog the path from the source to the destiatio Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

116 [ 115 ] CCIE Routig ad Switchig v4.0 Quick Referece Figure 5-1 Layer 3 Packet Markigs Whe cofigurig a router to mark or recogize a DSCP value, the decimal umber ca be used. However, a more coveiet method is to use the ame of specific DSCP values. Assured Forwardig (AF) PHBs are typically used to idetify differet levels of priority for data applicatios. For latecy-sesitive applicatios, however, the Expedited Forwarded (EF) PHB ca be used. A listig of commoly used PHB ames ad their correspodig DSCP values is show i Table 5-2. Table 5-2 PHB Names ad DSCP Values PHB Low Drop Preferece Medium Drop Preferece High Drop Preferece Class 1 AF11 (10) AF12 (12) AF13 (14) Class 2 AF21 (18) AF22 (20) AF23 (22) Class 3 AF31 (26) AF32 (28) AF33 (30) Class 4 AF41 (34) EF (46) AF42 (36) AF43 (38) 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

117 [ 116 ] CCIE Routig ad Switchig v4.0 Quick Referece Notice that the AF PHBs are grouped ito four classes. Examiig these DSCP values i biary reveals that the 3 left-most bits of all the Class 1 AF PHBs are 001 (that is, a decimal value of 1); the 3 left-most bits of all the Class 2 AF PHBs are 010 (that is, a decimal value of 2); the 3 left-most bits of all the Class 3 AF PHBs are 011 (that is, a decimal value of 3); ad the 3 leftmost bits of all the Class 4 AF PHBs are 100 (that is, a decimal value of 4). Because IP Precedece examies these 3 left-most bits, all Class 1 DSCP values would be iterpreted by a IP Precedece aware router as a IP Precedece value of 1. The same applies to Class 2, 3, ad 4 PHB values. I a similar fashio, the 3 left-most bits of the EF PHB are 101 (that is, a decimal value of 5). Therefore, the EF PHB would be iterpreted by a IP Precedece aware router as a IP Precedece of 5, the highest IP Precedece value that we should assig. Because of these associatios that exist betwee DSCP markigs ad IP Precedece, DSCP is backward compatible with IP Precedece. Class of Service Although a IP header s ToS byte ca be used for Layer 3 markigs, a class of service (CoS) markig ca be used for Layer 2 markigs. Specifically, CoS markigs are applied to frames crossig a IEEE 802.1Q or a Iter-Switch Lik (ISL) truk. Regardless of the truk type, CoS markigs use 3 bits. So, like IP Precedece, CoS values rage from 0 through 7, ad agai, values 6 ad 7 are reserved. Network-Based Applicatio Recogitio Cisco offers multiple approaches to idetify packets to mark. For example, packets ca be classified ad marked if they match a particular access list or if they come ito a router o a particular iterface. However, oe of the most powerful Cisco IOS tools for performig packet classificatio is Network-Based Applicatio Recogitio (NBAR), which ca look beyod Layer 4 iformatio, all the way up to the applicatio layer, where NBAR ca recogize such packet attributes as character strigs i a URL. NBAR is accomplished usig the MQC, the Modular quality of service(qos) commad-lie iterface (CLI). This tool is show later i this sectio. NBAR is used i a class map to idetify traffic. The match protocol keywords are used to trigger NBAR, as follows: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

118 [ 117 ] CCIE Routig ad Switchig v4.0 Quick Referece class-map IDENTIFY_HTTP match protocol http Queuig Techiques Markig a packet does ot chage its operatio, uless QoS tools are eabled that ca referece that markig. Fortuately, multiple QoS tools ca make forwardig or droppig decisios based o these markigs. Queuig techiques are ofte referred to as cogestio maagemet tools. Queuig tools decide how packets are emptied from a iterface s output queue. Several queuig tools are available i the Cisco IOS Software: First-I, First-Out (FIFO): The default queuig mechaism o high-speed iterfaces (that is, greater tha Mbps), which does ot reorder packets Weighted Fair Queuig (WFQ): The default queuig mechaism o low-speed iterfaces, which makes forwardig decisios based o a packet s size ad Layer 3 priority markig Low latecy queuig (LLQ): The preferred queuig method for voice ad video traffic, i which traffic ca be classified i up to 64 differet classes, with differet amouts of badwidth give to each class; icludes the capability to give priority treatmet to oe or more classes Priority queuig: A legacy queuig approach with four queues, i which higher-priority queues must be emptied before forwardig traffic from ay lower-priority queues Custom queuig: A legacy queuig approach that services up to 16 queues i a roud-robi fashio, emptyig a specified umber of bytes from each queue durig each roud-robi cycle Class-based weighted fair queuig (CBWFQ): Similar to LLQ, with the exceptio of havig o priority queuig mechaism IP RTP priority: A legacy queuig approach for voice traffic that placed a rage of UDP ports i a priority queue, with all other packets treated with WFQ 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

119 [ 118 ] CCIE Routig ad Switchig v4.0 Quick Referece Weighted fair queuig (WFQ) is eabled by default o slow-speed iterfaces (that is, Mbps ad slower). WFQ allocates a queue for each flow, for as may as 256 flows by default. WFQ uses IP Precedece values to provide a weightig to fair queuig (FQ). Whe emptyig the queues, FQ, sometimes called flow-based queuig, does byte-by-byte schedulig. Specifically, FQ looks 1 byte deep ito each queue to determie whether a etire packet ca be set. FQ the looks aother byte deep ito the queue to determie whether a etire packet ca be set. As a result, smaller traffic flows ad smaller packet sizes have priority over badwidth-hugry flows with large packets. I the followig example, three flows simultaeously arrive at a queue. Flow A has three packets, which are 128 bytes each. Flow B has a sigle 96-byte packet. Flow C has a sigle 70-byte packet. After 70 byte-by-byte rouds, FQ ca trasmit the packet from flow C. After a additioal 26 rouds, FQ ca trasmit the packet from flow B. After a additioal 32 rouds, FQ ca trasmit the first packet from flow A. Aother 128 rouds are required to sed the secod packet from flow A. Fially, after a grad total of 384 rouds, the third packet from flow A is trasmitted. Figure 5-2 Fair Queuig With WFQ, a packet s IP Precedece iflueces the order i which it is emptied from a queue. Cosider the previous sceario with the additio of IP Precedece markigs. I this sceario, flow A s packets are marked with a IP Precedece of 5, whereas flow B ad flow C have default IP Precedece markigs of 0. The order of packet servicig with WFQ is based o sequece umbers, i which packets with the lowest sequece umbers are emptied first. The sequece umber is the weight of the packet multiplied by the umber of byte-by-byte rouds that must be completed to service the packet (that is, just as i the FQ example). The Cisco IOS Software calculates a packet s weight differetly depedig o the Cisco IOS versio. Before Cisco IOS Release 12.0(5)T, the formula for weight was WEIGHT = 4096 / (IP Prec. + 1) Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

120 [ 119 ] CCIE Routig ad Switchig v4.0 Quick Referece I more recet versios of the Cisco IOS Software, the formula for weight is WEIGHT = / (IP Prec. + 1). Usig the pre- Cisco IOS Release 12.0(5)T formula, the sequece umbers are as follows: A1 = 4096 / (5 + 1) * 128 = 87,381 A2 = 4096 / (5 + 1) * ,381 = 174,762 A3 = 4096 / (5 + 1) * ,4762 = 262,144 B1 = 4096 / (0 + 1) * 96 = 393,216 C1 = 4096 / (0 + 1) * 70 = 286,720 Figure 5-3 Weighted Fair Queuig Therefore, after the weightig is applied, WFQ empties packets from the queue i the followig order: A1 A2 A3 C1 B1. With oly FQ, packets are emptied from the queue i the followig order: C1 B1 A1 A2 A3. Custom queuig (CQ) ehaces some of the characteristics of WFQ by eablig the admiistrator to specify which traffic goes ito a particular queue. Also, a weight ca be assiged to each of the queues, which specifies how may bytes are emptied from a queue durig each roud-robi servicig of the queues. Cosider the followig custom queuig example: Router(cofig)# queue-list 1 protocol ip 1 tcp www Router(cofig)# queue-list 1 protocol ip 2 tcp telet Router(cofig)# queue-list 1 default 3 Router(cofig)# queue-list 1 queue 1 byte-cout 1500 limit Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

121 [ 120 ] CCIE Routig ad Switchig v4.0 Quick Referece Router(cofig)# queue-list 1 queue 2 byte-cout 1500 limit 512 Router(cofig)# queue-list 1 queue 3 byte-cout 3000 limit 512! Router(cofig)# iterface serial 0/1 Router(cofig-if)# badwidth 128 Router(cofig-if)# custom-queue-list 1 I the precedig example, a queue list (umbered 1) is defied. The queue list specifies that World Wide Web traffic goes i queue 1. Telet traffic goes i queue 2, ad other traffic (that is, default traffic) goes i queue 3. CQ services these queues i a roud-robi fashio. As CQ empties the queues, the umber of bytes emptied from each queue is iflueced with the bytecout optio, as show i the example. The umber of packets that ca be placed i a particular queue ca also be specified with the limit optio. I the precedig example, each queue ca accommodate 512 packets. Fially, the queue list is applied to iterface serial 0/1. I the precedig example, 1500 bytes are emptied from queue 1 ad from queue 2 durig each roud-robi cycle, ad 3000 bytes are emptied from queue 3 durig each roud-robi cycle. Therefore, a badwidth percetage for each traffic type ca be calculated as follows: Total umber of bytes serviced durig each roud-robi cycle = = 6000 Percetage of badwidth for World Wide Web traffic = 1500 / 6000 =.25 = 25 percet Percetage of badwidth for Telet traffic = 1500 / 6000 =.25 = 25 percet Percetage of badwidth for default traffic = 3000 / 6000 =.5 = 50 percet CQ does, however, have a deficit issue. Specifically, whe CQ empties bytes from a queue, it caot sed a partial packet. Cosider a situatio i which two packets are i queue 1: a 1499-byte packet ad a 1500-byte packet. Queue 1 is cofigured to forward 1500 bytes per roud. After the 1499-byte packet is trasmitted, the 1500-byte level has ot yet bee reached. CQ therefore seds the followig packet. Because CQ caot sed a partial packet, it seds the etire 1500-byte packet. As a result, eve though queue 1 was cofigured to sed oly 1500 bytes per roud, i this example, 2999 bytes were forwarded Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

122 [ 121 ] CCIE Routig ad Switchig v4.0 Quick Referece O the Cisco series of routers, this deficit issue is overcome with MDRR (Modified Deficit Roud Robi). MDRR keeps track of the extra bytes set ad adjusts how may bytes ca be set i subsequet rouds. MDRR ca operate i either of two modes: Strict priority: Defies a priority queue that must be completely empty before ay other traffic is set. Alterate priority: Is a low-latecy queue that alterates with each of the other queues so that traffic is ot starved out. For example, cosider queues 1, 2, ad 3, where queue 1 is a low-latecy queue. With alterate priority mode, the queues would be serviced as follows: 1, 2, 1, 3, 1. Also, with DRR queuig, the umber of bytes trasmitted i oe roud is defied as maximum trasmissio uit (MTU) + (weight 1) * 512. This umber of bytes is trasmitted from a queue or util the queue is empty. If more tha this umber of bytes is set, to fiish servicig a packet that had already started to be serviced, the DRR remembers this deficit, ad i the ext roud, the deficit is subtracted from the umber of bytes to service from the queue. Priority queuig (PQ) ca give strict priority to latecy-sesitive applicatios (for example, e-commerce applicatios). PQ gives priority to specific packets by placig those packets i a high-priority queue. Other packets are placed i a medium, ormal, or low queue. However, if ay packets are i the high queue, oe of the packets i lower-priority queues are set. Similarly, whe packets are i the medium queue, o packets are set from the ormal or low queues. Although this approach does accomplish the goal of givig priority to specific traffic, it ca lead to protocol starvatio. Cosider the followig PQ example: Router(cofig)# priority-list 1 protocol ip high tcp www Router(cofig)# priority-list 1 protocol ip medium tcp telet Router(cofig)# priority-list 1 default low! Router(cofig)# iterface serial 0/1 Router(cofig-if)# priority-group 1 I the precedig example, a priority list (umbered 1) is created. The priority list specifies that World Wide Web traffic goes i 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

123 [ 122 ] CCIE Routig ad Switchig v4.0 Quick Referece the high queue. Telet traffic goes i the medium queue, ad all other traffic (that is, default traffic) goes i the low queue. The priority-list is the applied to iterface Serial 0/1. The potetial for protocol starvatio exists, because if at ay time you have World Wide Web packets i the high queue, oe of the packets from lower priority queues are forwarded util all of the World Wide Web packets have bee forwarded. IP Real-time Trasport Protocol (RTP) priority combies some of the best aspects of PQ ad WFQ. Specifically, IP RTP priority eables a rage of UDP ports to be placed i a priority queue, whereas all other packets are treated with WFQ. Therefore, VoIP packets, which use UDP ports, ca be assiged to the priority queue. Fortuately, to prevet protocol starvatio, a badwidth limit is set for the priority queue. IP RTP priority is cofigured usig the followig iterface cofiguratio mode commad: Router(cofig-if)# ip rtp priority startig-udp-port port-umber-rage badwidth The port-umber-rage is ot the last port umber i the rage. Rather, it is the umber of ports i the rage. For example, the followig commad specifies that 64 kbps of badwidth should be made available for packets usig UDP ports i the rage 16,384 through 32,767: Router(cofig-if)# ip rtp priority The sum of the startig-udp-port ad the port-umber-rage equals the last UDP port umber i the rage (that is, 16, ,383 = 32,767). The mai drawback of IP RTP priority is its iability to place TCP ports i the priority queue. For example, H.323 call setup uses TCP ports. These call setup packets, however, caot be placed i a priority queue usig IP RTP priority. CBWFQ ad LLQ With moder versios of the Cisco IOS Software, Cisco recommeds CBWFQ or LLQ approaches to queuig. Both methods are cofigured usig MQC. The first step of MQC is to create class maps, which categorize traffic types. The followig commad eters class map cofigu Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

124 [ 123 ] CCIE Routig ad Switchig v4.0 Quick Referece ratio mode: Router(cofig)# class-map [match-ay match-all] class ame Whe i class map cofiguratio mode, multiple match statemets ca be used to match traffic, ad all traffic meetig the criteria specified by the match commad is categorized uder the class map. If multiple match statemets are specified, by default all match statemets must be met before a packet is classified by the class map. However, by usig the match-ay optio, if ay idividual match coditio is met, the packet is classified by the class map. After the class maps are defied, the first step of MQC is complete. The secod step is to create a policy map to assig characteristics (for example, markig) to the classified traffic. To eter policy map cofiguratio mode, issue the followig commad: Router(cofig)# policy-map policy ame From policy map cofiguratio mode, eter policy-map-class cofiguratio mode with this commad: Router(cofig-pmap)# class class ame From policy-map-class cofiguratio mode, QoS policies ca be assiged to traffic classified by the class map. Fially, i the third step, the policy map is applied to a iterface, Frame Relay map class, or ATM virtual circuit with this commad: Router(cofig-if)# service-policy {iput output} policy map ame Here is a LLQ example that illustrates the MQC approach: Router(cofig)# class-map SURFING Router(cofig-cmap)# match protocol http Router(cofig-cmap)# exit Router(cofig)# class-map VOICE Router(cofig-cmap)# match protocol rtp Router(cofig-cmap)# exit 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

125 [ 124 ] CCIE Routig ad Switchig v4.0 Quick Referece Router(cofig)# policy-map CCIESTUDY Router(cofig-pmap)# class SURFING Router(cofig-pmap-c) # badwidth 128 Router(cofig-pmap-c) # exit Router(cofig-pmap)# class VOICE Router(cofig-pmap-c)# priority 256 Router(cofig-pmap-c)# exit Router(cofig-pmap)# exit Router(cofig)# iterface serial 0/1 Router(cofig-if)# service-policy output CCIESTUDY I the precedig example, NBAR is used to recogize HTTP traffic, ad that traffic is placed i the SURFING class. NBAR is ivoked with the Router(cofig-cmap)# match protocol commad. Voice packets are placed i the VOICE class. The CCIESTUDY policy map gives 128 kbps of badwidth to the HTTP traffic while givig 256 kbps of priority badwidth to voice traffic. The policy map is the applied outboud to iterface serial 0/1. Weighted RED The purpose of Weighted Radom Early Detectio (WRED) is to prevet a iterface s output queue from fillig to capacity, because if a queue is completely full, all ewly arrivig packets are discarded. Some of those packets might be high priority, ad some might be low priority. However, if the queue is full, o room exists for ay packet. WRED is referred to as a cogestio-avoidace QoS tool. It ca also prevet a global sychroizatio problem, i which all TCP seders back off as packets at a full queue are dropped, ad the all seders begi to icrease the amout of traffic set, util aother sychroized back-off is triggered. Global sychroizatio results i poor utilizatio of iterface badwidth. With a cogestio-avoidace tool, drop thresholds are defied for various markigs (for example, DSCP markigs). Therefore, as a queue begis to fill, lower-priority packets are dropped more aggressively tha higher-priority packets, thus prevetig the queue from ever fillig to capacity. The Cisco cogestio-avoidace tool of choice is WRED Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.

126 [ 125 ] CCIE Routig ad Switchig v4.0 Quick Referece WRED ca be cofigured i iterface cofiguratio mode. However, a MQC approach is also supported. Three parameters that ca be cofigured for each IP Precedece value or DSCP value iclude the miimum threshold, maximum threshold, ad mark probability deomiator. The miimum threshold specifies the umber of packets i a queue before the queue cosiders discardig packets havig a particular markig. The probability of discard icreases util the queue depth reaches the maximum threshold. After a queue depth exceeds the maximum threshold, all other packets with a particular markig that attempt to eter the queue are discarded. However, the probability of packet discard whe the queue depth equals the maximum threshold is 1 / (mark probability deomiator). For example, if the mark probability deomiator were set to 10, whe the queue depth reached the maximum threshold, the probability of discard for the specified markig would be 1 / 10 (that is, a 10 percet chace of discard). Figure 5-4 Weighted Radom Early Detectio (WRED) Whe cofigurig WRED, the Cisco IOS Software automatically assigs default values to these parameters. However, these parameters ca be altered, ad the markig WRED pays attetio to (that is, IP Precedece or DSCP) ca be specified. Followig is the sytax to eable WRED i iterface cofiguratio mode: radom-detect [dscp-based prec-based] If either dscp-based or prec-based is specified, WRED defaults to prec-based. Followig is the sytax to specify WRED parameters for both IP Precedece values ad DSCP values: 2011 Cisco Systems Ic. All rights reserved. This publicatio is protected by copyright. Please see page 245 for more details.