Material de Repaso PDF

CONMUTACION Y RUTEO I
Review
OSI Model,IPv4 Addressing,
ICMP & ARP
Alberto Arellano A. Ing. Msc.
aarellano@espoch.edu.ec
CCNA – CCNP - CCSP
What is a Network?
“A network consists of two or more computers or devices

that are linked in order to share resources, exchange files,
or allow electronic communications. The computers or
devices on a network may be linked through cables,
telephone lines, radio waves, satellites, or infrared light
beams.” The Florida Center for Instructional Technology
Network Components: Servers
and Clients
 Servers provide information and services to clients

 e-mail, web pages.
 Clients request information from the server.

Server Computers
 Servers have software installed that enable them to provide

information (email or web pages), to other hosts on the network.
 Each service requires separate server software.
 A single computer can run multiple types of server software.
Server Computers
Software
5
Client Computers
Software
6
Network Infrastructure
 The network infrastructure contains two categories of network

components:
 Devices
 End Devices
 Networking Devices
7 Media
End devices
 End devices or hosts:

 The source or destination of a message.
8
End devices
Industrial
9
Networking Devices
 Switches
 Routers
 Firewalls
10 Access Point
 Network media: The medium over which the
message travels.
 Metallic wires - electrical impulses.
 Fiber optics – pulses of light
 Wireless – electromagnetic waves.
11
Physical Topology
 Physical topology: Physical topology is the physical layout

of the components on a network. The cabling layout used to link
devices is known as the physical topology of the network
Physical Topology
Physical Topology – Star
Topology
 It’s called a star topology because all communication
has to go through the switch, it is the central component
of our
Local Area Network (LAN)
 A local area network (LAN) is a network that connects

computers and devices in a limited geographical area.
Local Area Network (LAN)…
Main characteristics of LAN:

 Areas of coverage: LANs located within the same
building such as a home, school computer
laboratory, office building.
 Distance: LANs span (cover) distance less than a 10
km.
 Ownership: LANs are owned and operated by
individual organizations.
 Technologies: Ethernet, Token Ring, FDDI, WLAN
Types of LAN
 Wireless Personal Area Network (W-PAN) is a type of

wireless network that works within a very small area (10
meters).
Types of LAN
 A House area network (HAN) is a type of local area network
that develops from the need to facilitate communication and
interoperability among digital devices present inside or within the
close vicinity of a home
Wireless PAN – Z-WAVE
 Z-Wave is a wireless communications protocol designed for

home automation, specifically for remote control applications
in residential and light commercial environments. Data rate
(100 kpbs)
Wireless PAN – BLUETOOTH
 Bluetooth is a wireless technology standard for exchanging
data over short distances (using short-wavelength UHF radio
waves in the ISM band from 2.4 to 2.485 GHz. Data rate (3
mbps)
Wireless PAN – RFID
RFID - RFID is an acronym for “radio-frequency identification”.

A system consisting a tag, antenna and a processor capable of
wirelessly communication data over radio waves. Data rate (150 kbps)
Wireless PAN – ZIGBEE
 ZigBee is a specification for a suite of high-level

communication protocols used to create personal area
networks built from small, low-power digital radios. ZigBee is
based on an IEEE 802.15.4 standard
Zigbee - Details
23
Wireless PAN – BODY AREA
NETWORK
 A body area network (BAN), also referred to as a wireless
body area network (WBAN) or a body sensor network (BSN),
is a wireless network of wearable computing devices.
Wireless- Controller Area
Network
 A Controller Area Network (CAN bus) is a vehicle
bus standard designed to allow microcontrollers and devices
to communicate with each other in applications without a host
computer. Transmitting and receiving data at 20kbps in the
unlicensed 900MHz band.
EJERCICIO
Una red VAN que implementa la tecnología 802.15.4, está compuesta por 20
automóviles cada uno de los cuales posee un sistema de adquisición de
datos (motas) mediantes sensores, cada uno de las motas está compuesto
por 12 sensores: 4 de Temperatura, 2 tacómetro, 2 sensores de flujo de aire y
4 sensores de proximidad, además de un módulo de comunicación en 2.4
Ghz., las características de los sensores se muestran a continuación:
Sensor Rango de Medida Observaciones
Temperatura PT100 -50º C a 100º C Considere 1 bit para representar el

signo del valor
Tacómetro 0 – 8000 RPM
Flujo de Aire 0 – 250000 m/s
Sensor de Proximidad 0 – 10 m Este valor por precisión se mide en

centímetros
Determine:
• El % de uso de la red si todos las 20 automóviles están transmitiendo datos, y si se
considera un uso real del 75% del bit rate nominal del estándar 802.15.4.
• El tiempo de servicio de la red cuando 10, 15 y 20 autos transmiten datos, considere
un uso real del 50, 80 y 100% del bit rate nominal del estándar 802.15.4
Metropolitan Area
Network (MAN)
 A metropolitan area
network (MAN) is a
high-speed network that
connects local area
networks (LANs) in a
metropolitan area.
Metropolitan Area Network
(MAN)
Main characteristics of MAN:
 Areas of coverage: MANs connect various
locations such as campuses, offices, and
government, that are frequently used as links
between buildings.
 Distance: MANs span (cover) distance up to 100
miles (161 km).
 Ownership: MANs are owned by a group of users
who jointly own and operate the network.
 Technologies: Metro Ethernet, SMDS, WIMAX
Wide Area
Network (WAN)
 A wide area network (WAN) is a network that
covers a large geographical area.
Wide Area Network (WAN)
Main characteristics of WAN:
 Areas of coverage: WANs located within a
countryside and worldwide networks, (such as a city,
country, or the world) using a communications
channel that combines many types of media such as
telephone lines, cables and radio waves. The Internet
is the world’s largest WAN.
 Distance: WANs span (cover) distance greater than
160 Km.
 Ownership: WANs have no ownership. (Carriers)
 Technologies: Frame Relay, ATM, MPLS, LTE
Tema 2. Modelo OSI

31
OSI Reference
Model (1983)
The Open System Interconnect (OSI) reference model is a model,
developed by the International Standards Organization (ISO), which
describes how data from an application on one computer can be
transferred to an application on another computer.
OSI Reference Model
TCP/IP Model (1982)
The Internet Protocol Suite is framework that defines a set of general design
guidelines and implementations of specific networking protocols to enable
computers to communicate over a network. RFC 1122 describes the Internet
Protocol Suite architectural model which commonly is referred as
the TCP/IP Suite Model.
The Communication Process -
Encapsulation
Data Link IP TCP HTTP Data Link
Data Trailer
Header Header Header Header
Server
HTTP Data
 Encapsulation – Process of adding control information as it

passes down through the layered model.
The Communication Process -
Decapsulation
Data Link IP TCP HTTP Data Link
Data Trailer
Header Header Header Header
Client
HTTP Data
 Decapsulation – Process of removing control information as it

passes upwards through the layered model.
The Physical Layer
 The OSI physical layer provides the means to transport the bits
that make up a data link layer frame across the network media.
Physical Layer Media
 The physical layer produces the representation and groupings of bits for
each type of media as:
 Copper cable: The signals are patterns of electrical pulses.
 Fiber-optic cable: The signals are patterns of light.
 Wireless: The signals are patterns of microwave transmissions .

Data Transmission rate
and Bandwidth
A very important consideration in data communication is
how fast data we can send, in bit per second, over a
channel. Data rate is depend upon three main factors
1. The bandwidth available (Khz)
2. The signal we use (Analog & Digital)
3. The level of noise (SNR)
Data can be analog or digital. The term analog data refers
to continues; the term digital data refers to information that
has discrete state.
Bit Rates of Digital
Transmission Systems
Data Rate Limits
 The maximum data rate limit over a medium is decided by following
factors:
1. Bandwidth of channel.
2. Signal levels (The number of values allowed in a particular
signal is known as the number of signal levels.)
3. Channel quality (level of noise)
Data Rate Limits
 Two theoretical formulas were developed to calculate the data
rate:
1. For noiseless channel- Nyquist bit rate
2. For noisy channel- Shannon capacity.
 The formula for maximum bit rate in bits per second(bps) of

Nyquist is:
Maximum bit rate = 2*BW*log2L
Where,
BW =bandwidth at channel
L= number of signed levels used to represent data.
Noisy Channel :
Shannon capacity
An ideal noiseless channel never exists. The maximum data
rate for any noisy channel is:
C = BW* log2 (1+S/N)
Where,
C= Channel capacity in bits per second
BW= bandwidth of channel
S/N= signal to noise ratio.
Exercises
Consider a noiseless channel with a bandwidth of 3000 Hz

transmitting a signal with two signal levels. The maximum bit rate can
be calculated as
Consider the same noiseless channel transmitting a signal with four

signal levels (for each level, we send 2 bits). The maximum bit rate
can be calculated as
Exercises
We need to send 265 kbps over a noiseless channel with a bandwidth

of 20 kHz. How many signal levels do we need?
Solution
We can use the Nyquist formula as shown:
Since this result is not a power of 2, we need to either increase the

number of levels or reduce the bit rate. If we have 128 levels, the bit
rate is 280 kbps. If we have 64 levels, the bit rate is 240 kbps.
Exercises – Shannon Capacity
We can calculate the theoretical highest bit rate of a regular
telephone line. A telephone line normally has a bandwidth of 3000 Hz
(300 to 3300 Hz) assigned for data communications. The signal-to-
noise ratio is usually 3162. For this channel the capacity is calculated
as
This means that the highest bit rate for a telephone line is
34.860 kbps. If we want to send data faster than this, we can
either increase the bandwidth of the line or improve the signal-
to-noise ratio.
The signal to noise ratio is often given in decibels also.

SNRdb = 10 log10 SNR
SNRdb = 10 log 10 (3162) = 34,99 db
SNR CNT ADSL
Exercises – Shannon Capacity
Assume that SNRdB = 36 and the channel bandwidth is 2 MHz.

Calculate the theoretical channel capacity?
Assume that SNRdB = 45 and the channel bandwidth is 10

MHz. Calculate the theoretical channel capacity?
SNR=104.5=31623
C=B log2(1+SNR) = 10 x 106 x log231623 = 149,5 Mbps
log231623=(log1031623/log102)
Exercises – Shannon &
Nyquist Capacity
We have a channel with a 1-MHz bandwidth. The SNR for this
channel is 63. What are the appropriate bit rate and signal
level?
Solution
First, we use the Shannon formula to find the upper
limit.
The Shannon formula gives us 6 Mbps, the upper limit. For

better performance we choose something lower, 4 Mbps.
Then we use the Nyquist formula to find the number of
signal levels.
Units of Data Rate
 Data transfer rate defines the amount of information
transferred per unit of time. Examples of data transfer rate
units are:
Throughput
In computer network, throughput is defined as the actual number of

bits that flows through a network connection in a given period of time.
Throughput is always less than or equal to bandwidth but can never
exceed bandwidth. In a computer network, the throughput can be
affected by many factors as listed below:
 Network congestion due to heavy network usage.
 Too many users are accessing the same server.
 Low bandwidth allocation between network devices.
 Medium loss of a computer network.
 Resources (CPU, RAM) of network devices.

Throughput
In the network of the figure, server A sends a data stream of 135 Kbps
every 30 seconds. This traffic was sent for 1 hour. Calculate the
utilization percentage of the link between R1 and R2
Data = 135 * 120

Data = 16200 Kbps
% U = Data / Data Rate Nominal
% U = 16200 / 20000
% U = 81%
Transmission Media
In data communications, the transmission medium is usually
free space, metallic cable, or fiber-optic cable. The information
is usually a signal that is the result of a conversion of data from
another form.
Copper Media
Unshielded Twisted Pair Shielded Twisted Pair
Coaxial Cable
Coaxial Cable
• Coaxial cable is a
copper-cored cable
surrounded by a heavy
shielding and is used to
connect computers in a
network.
• Outer conductor shields
the inner conductor from
picking up stray signal
from the air.
Category Impedance Use
• High bandwidth but lossy
channel. RG-59 75  Cable TV
• Repeater is used to RG-58 50 
Thin
regenerate the weakened Ethernet
signals. Thick
RG-11 50 
Ethernet
Unshielded Twisted-
Pair (UTP) Cable
Components UTP Cabling
Systems
RJ45
connector
Patch Pannel Patch Cord
RJ45 Jack
connectors
Wall Plate
Components UTP Cabling
Systems
Types of UTP Cable
Use of UTP Cable
Shielded Twisted-Pair (STP)
Cable - Connectors
Testing UTP Cables
Fiber Optic Cabling
Types of Fiber Media
Network Fiber
Connectors
Transceivers
Testing Fiber Cables
OTDR
Wireless
70
802.11 Wi-Fi Standards
802.11 Operating Modes
IEEE 802.11 defines the following operating modes:
• Infrastructure mode
• Ad hoc mode
In both operating modes, a Service Set Identifier (SSID), also known

as the wireless network name, identifies the wireless network.
The SSID is a name configured on the wireless AP (for infrastructure
mode) or an initial wireless client (for ad hoc mode) that identifies the
wireless network.
802.11 Architecture
The 802.11 logical architecture contains several main components:
station (STA), wireless access point (AP), independent basic service
set (IBSS), basic service set (BSS), distribution system (DS), and
extended service set (ESS).
AD-HOC
INFRASTRUCTURE
802.11 Configuration
3G/4G Networks
 First Generation Mobile Systems (1G)
 Voice Signals Only
 Analogue Cellular Phones
 NMT, AMPS
 Second Generation Mobile Systems (2G)
 Voice & Data Signals
 Digital Fidelity Cellular Phones
 GSM, CDMA, TDMA
 Third Generation Mobile System (2.5G)
 Enhance 2G
 Higher Data Rates
 GPRS, EGDE
 Third Generation Mobile System (3G)
 Voice, Data & Video Signals
 Video Telephony/ Internet Surfing
 3G, W-CDMA, UMTS
 Fourth Generation Mobile System (4G)
 Enhanced 3G/ Interoperability Protocol
 High Speed & IP-based
 4G, Mobile IP
3G/4G Networks
Technology 1G 2G 2.5G 3G 4G
Design Began 1970 1980 1985 1190 2000
Implementation 1984 1991 1999 2002 2010
Higher Higher Capacity

Analog Voice, Digital Voice, Capacity, completely IP-
Higher Capacity,
Service Synchronous Short broadband Oriented,
Packetized Data
Data to 9.6kbps Massages data unto Multimedia
2Mbps Data
AMPS, TACS, TDMA, CDMA, GPRS, EDGE, WCDMA,

Standards Single Standard
NMT GSM, PDC 1XRTT CDMA2000
Data Bandwidth 1.9 kbps 14.4 kbps 384 kbps 2 Mbps 2000Mbps
Multiplexing FDMA TDMA, CDMA TDMA, SDMA CDMA CDMA
PSTN, Packet
Core Network PSTN PSTN Packet Network Internet
Network
5G Networks
Tema 3. Capa de Aplicación

y Transporte
78
Application Layer
 The application layer is the top layer of both the OSI

and TCP/IP models.
 The OSI application layer is closest to the end user.
Because of the TCP/IP

protocol dominance, the
TCP/IP Application and
Transport Layer terms are
used.
When discussing network

functionality, networking
professionals tend to use
the OSI terms for the
bottom three layers.
Application Layer
Two Networking Models
 Networked computers take on different roles or functions in relation

to each other.
 Peer-to-Peer (P2P) network.
 Variations: P2P networks and P2P applications.

 Client / Server network:
 Requires central servers responding to client requests.

P2P Traffic
Client Server Model
 In a client server model, 2 computers typically communicate
with each other by using request/response protocols.
 The requestor takes on the role of a client.
 The responder takes on the role of a server.

Common Applications
HTTP
Hypertext Transfer Protocol (HTTP) • Used to transfers files that make up the web pages.
SMTPProtocol (SMTP)
Simple Mail Transfer • Used to transfer mail messages and attachments.
Post OfficePOP
Protocol (POP) • Used by email clients to retrieve email from a remote server.
Internet Message Access Protocol

IMAP
(IMAP)
• Used by email clients to retrieve email from a remote server.
DNS
Domain Name System (DNS) • Used to resolve Internet names to IP addresses
Telnet
Telnet • Used to provide remote access to networking devices.
File TransferFTP
Protocol (FTP) • Used for interactive file transfer between systems.
TFTPProtocol (TFTP)
Trivial File Transfer • Used for connectionless active file transfer.
Dynamic Host Configuration Protocol • Used to dynamically assign an IP address, subnet mask,
DHCP
(DHCP) default gateway, and DNS server addresses to a host.
• Used as a precursor to the DHCP protocol.

Bootstrap BOOTP
Protocol (BOOTP) • BOOTP is a network protocol used to obtain IP address
information during bootup.
TCP/IP Application Layer
Protocols
Application
Layer
HTTP SMTP POP FTP DNS DHCP TFTP SNMP
Transport
Layer
TCP UDP
Internet
Layer
IP
Network
Access
Layer LAN / WAN
TCP versus UDP
TCP UDP
UDP Header (8 bytes)
TCP Header(20 Bytes)

0 15 16 31
16-bit Source Port Number 16-bit Destination Port Number
32-bit Sequence Number
32 bit Acknowledgement Number
4-bit Header 6-bit U A P R S F

Length (Reserved) R C S S Y I 16-bit Window Size
G K H T N N
HTTP is Port 80
16-bit TCP Checksum 16-bit Urgent Pointer
HTTPS is Port 443
Options (if any)
SSH is Port 22
Data (if any)
 The transport layer assigns each application an identifier called a port

number.
 The transport layer uses ports to identify the application or service.
Well Known or Registered
Port Number
 Well Known Ports (Numbers 0 to 1023)
 Reserved for common services and
applications Well Known or Registered

Port Number
 Client: TCP destination port
 Server: TCP source port
Private/Dynamic Port Well Known or Registered Well Known or Registered Private/Dynamic Port
Number Port Number Port Number Number
 Dynamic or Private Ports (Numbers 49152 to 65535)

 Also known as Ephemeral Ports
 Usually assigned dynamically to client applications when initiating a
connection.
 Client: TCP source port
 Server: TCP destination port
 May also include the range of Registered Ports (Numbers 1024 to
49151)
Hypertext Transfer Protocol (HTTP)
 Hypertext Transfer Protocol (HTTP) works with the World

Wide Web.
 Contributed to the fast growth of the Internet.
 HTTP is a client-server application.

 HTTP is used to transfer files from a Web Server to your
Internet browser.
HTTP (HyperText Transfer Protocol)
HTTP HTTP
HTTP
HTTP
Client
Server
 HTTP – The Web’s application layer protocol.

 RFC 1945 and RFC 2616
 Implemented in:
 Client program
 Server program
 Current version: HTTP/1.1-HTTP/2

 Encapsulated in TCP
HTTP 2.0
Web Browser - Client
HTTP
Client
 Browser – The user agent for the Web.

 Displays requested Web page.
 Browser and client may be used interchangeably in this

discussion.
Web Server
HTTP
Server
 Web Server – Stores web objects, each addressable by a URL.

 Implement the server side of HTTP.
 Examples:
 Apache
 Nginx
 Microsoft Internet Information Server
 Oracle
HTTPS
File Transfer Protocol
(FTP)
 File Transfer Protocol (FTP) is client/server
technology used to interactively transfer files
between systems.
 FTP is designed to:
 Download files (e.g. receive from the
Internet)
 Upload files (e.g. send to the Internet).
 Encapsulated in TCP. Port 20 (Data) and

21(Command)
 Data transfer can occur in ASCII mode or in

binary mode.
FTP Client Software
 An FTP client is an application that runs on a computer that is
used to push and pull data from a server running an FTP daemon
(FTPd).
FileZilla
E-Mail Protocols
 E-mail requires two protocols to operate:
 Simple Mail Transfer Protocol (SMTP): Used to send
email messages and attachments.

 Post Office Protocol (POP) or Internet Message Access
Protocol (IMAP): Used to retrieve emails from an email

server.
Simple Mail Transfer Protocol
(SMTP)
User agent Mail server Mail server User agent
SMTP SMTP
POP3
IMAP
 Email servers communicate with each other using the Simple Mail
Transfer Protocol (SMTP) to send mail.
 SMTP uses TCP port 25.
 The SMTP protocol transports email messages in ASCII format using

TCP.
 SMTP uses the Multipurpose Internet Mail Extensions (MIME)
standard to attach non-ASCII files.

 POP or IMAP are used by MUA clients to download their e-mails from an
e-mail server.
 POP uses TCP port 110.
 IMAP uses TCP port 143.

POP3 (Post Office Protocol)
 POP3 (Post Office Protocol)

 RFC 1939
 Limited functionality
 Uses TCP port 110
 Download-and-delete mode
 Retrieves messages on server and store the locally
 Delete messages on server
 Download-and-keep mode
 Does not delete messages on server when retrieved.
 Problem
 Difficult to access email from multiple computers – work and home.
 Some email may have already been downloaded on another
computer (work) – download-and-delete
 To read email from another computer, must leave on server –
download-and-keep
IMAP (Internet Message
Access Protocol)
 IMAP (Internet Message Access Protocol)

 RFC 2060
 Mail not downloaded, but kept on server
 Received email is associated with user’s INBOX
 Users can create and manage remote folders
 Web-based email
 Introduced with Hotmail in mid-1990’s
 Communicates with remote mailbox using HTTP
 HTTP is used to push (client to server) and pull the email (server to
client)
Email Service
Domain Name System
(DNS)
 DNS serves as the "phone book" for the Internet.
 Used to resolve domain names to IP addresses.
 For example:
 cisco.com = 72.163.4.161
 Uta.edu.ec = 200.93.227.4
 facebook.com = 31.13.73.1
 Domain names, such as www.uta.edu.ec, are much easier for people to
remember than 200.93.227.4.
Root DNS Servers Map
http://www.root-servers.org/
nslookup
 Displays default DNS server for your host
 Can be used to query a domain name and get the IP address
 ipconfig /displaydns
 After a certain amount of time, specified in the Time to Live (TTL)
associated with the DNS resource record, the resolver discards the
record from the cache.
 ipconfig /flushdns – Manually deletes entries
 The default TTL for positive responses is 86,400 seconds (1 day).
 The default TTL for negative responses is 300 seconds.
Dynamic Host Configuration
Protocol
 DHCP allows a host to obtain configuration parameters quickly and

dynamically from a DHCP Server.
 Replaced the older BOOTP protocol which required a manually
created text file containing MAC address to IP address

assignment.
 DHCP servers provide the following parameters to a host:

Commonly assigned
 IP Address
host information.
 Subnet Mask
 Default Gateway
 Domain Name
 DNS Server
 TFTP Server Location
 NetBIOS Name
Transport Layer Port
Numbers
 Hypertext Transfer Protocol (HTTP) - TCP Port 80
 Hypertext Transfer Protocol Secure (HTTPS)- TCP Port 443
 Simple Mail Transfer Protocol (SMTP) - TCP Port 25
 Post Office Protocol (POP) - TCP Port 110
 Telnet - TCP Port 23
 SSH - TCP 22
 File Transfer Protocol (FTP) - TCP Ports 20 & 21
 Trivial FTP (TFTP) - UDP 69
 Domain Name System (DNS) - TCP/UDP Port 53
 Dynamic Host Configuration Protocol - UDP Port 67 & 68
Tema 4. Capa de Red

109
IP
Functions
of the
Network
Layer Layer IP
 The network layer, or OSI Layer 3, provides services to allow end devices to
exchange data across the network.
 The network layer uses four basic processes:
 Addressing end devices
 Encapsulation
 Routing
 De-encapsulation
Network Layer Protocols
Characteristics of IPv4
 Connectionless:
 No connection is established before sending data
packets.
 Best effort delivery:
 No guarantee packet delivery.
 Media independent:
 Operates independently of the medium carrying
the data.
Best Effort Delivery =
Unreliable
IPv4 Media Independent
 IP doesn’t care what type of media the packet is carried on.

IPv4 Packet
IP Header Data (Payload)
 IPv4 has been in use since 1983 when it

was deployed on the Advanced Research
Projects Agency Network (ARPANET).
 An IPv4 packet has two parts:
 IP Header - Identifies the packet
characteristics.
 Payload - Contains the Layer 4 segment
information and the actual data.
IPv4 Header – Significant
Fields
Byte 1 Byte 2 Byte 3 Byte 4
IP Header Differentiated Services

Version Total Length
Length
DSCP ECN
Identification Flag Fragment Offset
Time-To-Live Protocol Header Checksum
Source IP Address
Destination IP Address
Options (optional)
Padding
Sample IPv4 Packet
Length
DSCP ECN
Source IP Address
Options (optional) Padding

Length
DSCP ECN
Source IP Address
Version (4 bits)
– Indicates the version of IP currently used.
– 0100 = 4 and therefore IPv4
– 0110 = 6 and therefore IPv6
Length
DSCP ECN
Source IP Address
IP Header Length (4 bits)

– Identifies the number of 32-bit words in the header.
– The IHL value varies due to the Options and Padding fields.
– The minimum value for this field is 5 (i.e., 5×32 = 160 bits =
20 bytes) and the maximum value is 15 (i.e., 15×32 = 480
bits = 60 bytes).
Length
DSCP ECN
Source IP Address
Differentiated Services (8 bits)

– Formerly called the Type of Service (ToS) field.
– The field is used to determine the priority of each packet.
– First 6 bits identify the Differentiated Services Code Point (DSCP) value for QoS.
– Last 2 bits identify the explicit congestion notification (ECN) value used to prevent
dropped packets during times of network congestion.
Length
DSCP ECN
Source IP Address
Total Length (16 bits)

– Sometimes referred to as the Packet Length.
– Defines the entire packet (fragment) size, including header and data, in bytes.
– The minimum length packet is 20 bytes (20-byte header + 0 bytes data) and the
maximum is 65,535 bytes. .
Length
DSCP ECN
Source IP Address
Options (optional)
A router may have to fragment
Padding
a packet
when forwarding it from one medium to
another medium that has a smaller MTU.
When this happens, fragmentation
occurs and the IPv4 packet uses the
following 3 fields to keep track of the
fragments
Length
DSCP ECN
Source IP Address
Identification (16 bits)

– Field uniquely identifies the fragment of an
original IP packet.
Length
DSCP ECN
Source IP Address
Flag (3 bits)
– This 3-bit field identifies how the packet is fragmented.
– It is used with the Fragment Offset and Identification
fields to help reconstruct the fragment into the original
packet.
Length
DSCP ECN
Source IP Address
Fragment Offset (13 bits)

– Field identifies the order in which to place the packet
fragment in the reconstruction of the original
unfragmented packet.
Fragmentation Exercise
127
Length
DSCP ECN
Source IP Address

Time-to-Live (TTL) (8 bits)
– Used to limit the lifetime of a packet.
– It is specified in seconds but is commonly referred to as hop
count.
– The packet sender sets the initial TTL value and is decreased
by one each time the packet is processed by a router, or hop.
– If the TTL field decrements to zero, the router discards the
packet and sends an ICMP Time Exceeded message to the
source IP address.
– The traceroute command uses this field to identify the routers
used between the source and destination.
Length
DSCP ECN
Source IP Address
Protocol (8 bits)
– Field indicates the data payload type that the packet is
carrying, which enables the network layer to pass the data
to the appropriate upper-layer protocol.
– Common values include ICMP (1), TCP (6), and UDP (17).
– Others: GRE (47), ESP (50), EIGRP (88), OSPF (89)
– http://www.iana.org/assignments/protocol-numbers/
Length
DSCP ECN
Source IP Address
Header Checksum (8 bits)

– Field is used for error checking of the IP header.
– The checksum of the header is recalculated and
compared to the value in the checksum field.
– If the values do not match, the packet is discarded.
Length
DSCP ECN
Source IP Address
Source IP Address (32 bits)

– Contains a 32-bit binary value that represents the
source IP address of the packet.
Length
DSCP ECN
Source IP Address
Destination IP Address (32 bits)

– Contains a 32-bit binary value that represents the
destination IP address of the packet.
Tema 5. Direccionamiento
IPv4
133
IPv4 Address
“The identifier used in the IP layer of the TCP/IP protocol
suite to identify each device connected to the Internet is
called the Internet address or IP address. An IPv4 address
is a 32-bit address that uniquely and universally defines the
connection of a host or a router to the Internet; an IP
address is the address of the interface”.(Berhouz Forouzan)
HOST
 TCP/IP uses the term host to refer to an end system that
attaches to the Internet.
IPv4 Address
 The IPv4 addresses are unique and

universal.
 An IPv4 address is 32 bits long.
 The address space of IPv4 is 232
(4,294,967,296)
 Notation.
 Binary notation
 Dotted-decimal notation
Beginning with IPv4
• IPv4 (Internet Protocol

version 4)
• Developed in the early
1980s
• RFC 760 Jan 1980
obsoleted by RFC 791
Sep 1981
Subnet Masks
11111111111111110000000000000000
 An IP address is a hierarchical address that is made up of two parts:
 A network portion
 A host portion.
 Subnet Mask
 Used to define the:
 Network portion
 Host portion
 32 bits
 Contiguous set of 1’s followed by a contiguous set of 0’s
 1’s: Network portion

 0’s: Host portion
138
Dividing the Network and Host
Portions
11111111.11111111.00000000.00000000
Dotted decimal: 255 . 255 . 0 . 0

Slash notation: /16
 Expressed as:
 Dotted decimal
 Ex: 255.255.0.0
 Slash notation or prefix length
 /16 (the number of one bits)
Example
192 168 11 10
255 255 255 0

11111111 11111111 11111111 00000000
 The subnet mask identifies which part of the IP address

refers to the network.
Network Portion Host Portion
192 168 11 0
 The prefix length is the number of bits set to 1 in the subnet mask.
 It is written in “slash notation”, a “/” followed by the number of
bits set to 1.
 For example:
 IP address: 192.168.11.10 255.255.255.0
 Is the same as: 192.168.11.10 /24
Valid Subnet Mask Values
128 64 32 16 8 4 2 1 Decimal Value
1 0 0 0 0 0 0 0 128
1 1 0 0 0 0 0 0 192
1 1 1 0 0 0 0 0 224
1 1 1 1 0 0 0 0 240
1 1 1 1 1 0 0 0 248
1 1 1 1 1 1 0 0 252
1 1 1 1 1 1 1 0 254
1 1 1 1 1 1 1 1 255
Subnet Masks
 So how do hosts figure out which part of the address is the network portion?
 Hosts AND the IPv4 address and the subnet mask.
“1” bits refer to the network portion.
 “0” bits refer to the host portion.
 Hosts actually use a the Boolean “AND” operation to accomplish this task.
 This tells them what network they belong to.
A B
192.168.1.100 192.168.2.101
255.255.255.0 255.255.255.0
Source IPv4 Destination IPv4

192.168.1.100 192.168.2.101
 How does the host know if the destination

IPv4 address is on it’s network or another
network?
192.168.1.10 192.168.1.11
Same network?
AND AND
My Network = 192.168.1.0 Destination Network = 192.168.1.0

Same network? YES!
192.168.1.100 192.168.2.101
Same network?
AND AND
My Network = 192.168.1.0 Destination Network = 192.168.2.0

Same network? NO!
Network Address
 Network Address, is particularly important because it is
used in routing a packet to its destination network.
 The network address has all 0 bits in the host portion.
Broadcast Address
 A broadcast address is used to send data to all hosts in the
network.
 The broadcast address has all 1 bits in the host
portion.
Host Range
 Host Addresses in binary
192.168.1.0 (net) 11000000.10101000.00000001.00000000

255.255.255.0(SM) 11111111.11111111.11111111.00000000
192.168.1.1 11000000.10101000.00000001.00000001
192.168.1.254 11000000.10101000.00000001.11111110
192.168.1.255 11000000.10101000.00000001.11111111
(broadcast)
192.168.0.0 (net) 11000000.10101000.00000000.00000000

255.255.0.0 (SM) 11111111.11111111.00000000.00000000
192.168.0.1 11000000.10101000.00000000.00000001
192.168.255.254 11000000.10101000.11111111.11111110
192.168.255.255 11000000.10101000.11111111.11111111
(broadcast)
Addresses for User Devices
 Hosts are assigned IP addresses from the range of available

addresses in the network.
 These IP addresses can be assigned either:

 Statically
 Dynamically
Static Assignment
 Useful for printers, servers, and other networking devices that do

not change location often and need to be accessible to clients on
the network based on a fixed IP address.
 Increased control of network resources.
 However, static addressing can be time-consuming to enter on

each host.
Dynamic Assignment
 Instead of manually assigning IP

addresses (subnet mask, default
gateway, DNS addresses), it is
easier to have IP addresses
assigned automatically.
 This is done using Dynamic Host
Configuration Protocol (DHCP).

 The DHCP server requires that a
block of addresses, called an

address pool, is used for
assigning to the DHCP clients on
a network.
How Does DHCP Work?
Client Boots
DHCP Discover
Mac Address
DHCP Request
IP, MAC Address
Client DHCP
Server
DHCP Offer
IP, Lease time
DHCP Ack
IP, Lease time
Dynamic vs. Static IP
Addressing Quiz
Desktop computer Server Router Switch
Laptop IP phone Printer RADIUS server
AP PDA iTouch Fridge
Static IP Address Dynamic (DHCP) IP Address

Destination Address Type
Source IP addresses
are always unicast
 Unicasts:
 Packet travels from one host to another specific host.
 Multicasts:
 Packet travels from one host to a select number of other hosts.
 Supports voice and audio broadcasts, news feeds, distribution of
software, re-imaging clients off peak times.
 Broadcasts:
 Packet travels from one host to all hosts on the local network.
Destination Address Type
Classful Addressing
In classful addressing, the IP address space is divided into

five classes: A, B, C, D, and E. Each class occupies some
part of the whole address space
 Historically, RFC1700 grouped the unicast ranges into specific sizes

referred to as Classful addressing for IPv4:
 Class A, B, and C addresses: 0.0.0.0 - 223.255.255.255
 Multicast addresses: 224.0.0.0 - 239.255.255.255
 Experimental addresses: 240.0.0.0 - 255.255.255.254
IPv4 Address Classes
 Class A /8
 Class B /16
 Class C /24
IPv4 Address Classes
Address # of Possible # of Possible Total Possible
Class Networks Hosts Addresses
Class A 126 16,777,214

2,113,928,964
Class B 16,384 65,534 1,073,709,056
Class C 2,097,152 254 532,676,608
 Class A. 255.0.0.0 or /8
 Was reserved for governments and extremely large organizations.
 Class B. 255.255.0.0 or /8
 Was reserved for medium/large organizations.
 Class C. 255.255.255.0 or /24

 Was for every other organization (small organizations).
How the ranges were
determined
First First Network Host
Class Bits Octet Bits Bits
A 0 0 – 127 8 24
B 10 128 - 191 16 16
C 110 192 - 223 24 8
D 1110 224 – 239
E 1111 240 - 255

Private Addresses
 Most IPv4 addresses are public IP
addresses.
 These are reachable IPv4
addresses on the Internet.

 However, there are blocks of
addresses that are private

addresses and are never
propagated on the Internet.
 Packets with a source or destination
private IP address are not
propagated by Internet routers.
 Internet routers / firewalls block or
translate these addresses.

 Private addresses are usually
converted to public IP addresses using
NAT (Network Address Translation)
Private Addresses
 Private addresses are defined in RFC 1918.

 RFC 6598, IANA reserved 100.64.0.0/10 known as shared
address space. Similar to RFC 1918, but intended only for use
in service provider networks.
Public Addresses
 Public addresses are
required on the Internet and
they must be unique.
 The use of public addresses
is regulated and allocated to
each organization
separately.
 RIRs (Regional Internet
Registries) typically provide
public addresses to ISPs.
 Companies obtain their
IPv4 address blocks from

an ISP.
Other Special Addresses
 Refer to RFC 3330
 Loopback address: 127.0.0.1

 127.0.0.0 – 127.255.255.255
 Hosts use to direct traffic to themselves.
 Link-Local addresses: 169.254.0.0/16

 169.254.0.0 – 169.254.255.255
 Host can automatically assign itself an address if it has
none.
 TEST-NET addresses:
 192.0.2.0 to 192.0.2.255 (192.0.2.0 /24)
Subnetting
 Problem: Organizations
have multiple networks
which are independently University Network
managed Engineering Medical
 Solution 1: Allocate a School School
separate network
address for each network Library
 Difficult to manage
 From the outside of
the organization, each
network must be
addressable.
 Solution 2: Add another
level of hierarchy to the Subnetting

IP addressing structure
Subnetting Example
Network address 172.16.0.0 with /16 network mask
Using Subnets: subnet mask 255.255.255.0 or /24
172.16.0.0/24 172.16.10.0/24
172.16.5.0/24 172.16.25.0/24
165
Basic Idea of Subnetting
 Split the host number portion of an IP address into a
subnet number and a (smaller) host number.
 Result is a 3-layer hierarchy
network prefix host number
network prefix subnet number host number
extended network prefix
 Then:
 Subnets can be freely assigned within the organization
 Internally, subnets are treated as separate networks
 Subnet structure is not visible outside the organization
How your provider (ISP) sees
you….
150.50.1.0 /24
150.50.2.0 /24
150.50.0.0 /16
150.50.0.0
150.50.3/16
.0 /24
150.50.4.0 /24
150.50.5.0 /24
 Subnetting does not change how the outside world sees

the network but provides additional structure within the
organization.
Calculating the number
subnets/hosts
192.168.1.0
255.255.255.0
Network Host
 Network 192.168.1.0/24
 Need:
 As many subnets as possible, 60 hosts per
subnet
subnets/hosts
Number of hosts per subnet
192.168.1. 0 0 0 0 0 0 0 0
255.255.255. 0 0 0 0 0 0 0 0
6 host bits
Network Host
 Network 192.168.1.0/24
 Need:
subnet
subnets/hosts
Number of subnets
192.168.1. 0 0 0 0 0 0 0 0
255.255.255. 1 1 0 0 0 0 0 0 255.255.255.192
6 host bits
Network Host
 Network 192.168.1.0/24
 Need:
 As many subnets as possible, 60 hosts per subnet
 New Subnet Mask: 255.255.255.192 (/26)

 Number of Hosts per subnet: 6 bits, 64-2 hosts, 62 hosts
 Number of Subnets: 2 bits or 4 subnets

subnets/hosts
Number of subnets
192.168.1. 0 0 0 0 0 0 0 0
255.255.255. 1 1 0 0 0 0 0 0 255.255.255.192
192.168.1. 0 0 0 0 0 0 0 0 192.168.1.0/26
192.168.1. 0 1 0 0 0 0 0 0 192.168.1.64/26
192.168.1. 1 0 0 0 0 0 0 0 192.168.1.128/26
192.168.1. 1 1 0 0 0 0 0 0 192.168.1.192/26
 Number of Hosts per subnet: 6 bits, 64-2 hosts, 64 TOTAL
hosts, 62 usable hosts
 Number of Subnets: 2 bits or 4 subnets
subnets/hosts
192.168.1.0
255.255.255.0
Network Host
 Network 192.168.1.0/24
 Need:
subnet
subnets/hosts
192.168.1. 0 0 0 0 0 0 0 0
255.255.255. 0 0 0 0 0 0 0 0
4 host bits
Network Host
 Network 192.168.1.0/24
 Need:
subnet
subnets/hosts
Number of subnets
192.168.1. 0 0 0 0 0 0 0 0
255.255.255. 1 1 1 1 0 0 0 0 255.255.255.240
4 host bits
Network Host
 Network 192.168.1.0/24
 Need:
 As many subnets as possible, 12 hosts per subnet
 New Subnet Mask: 255.255.255.240 (/28)

 Number of Hosts per subnet: 4 bits, 16-2 hosts, 14 hosts
 Number of Subnets: 4 bits or 16 subnets

subnets/hosts
192.168.1. 0 0 0 0 0 0 0 0 192.168.1.0/28
192.168.1. 0 0 0 1 0 0 0 0 192.168.1.16/28
192.168.1. 0 0 1 0 0 0 0 0 192.168.1.32/28
192.168.1. 0 0 1 1 0 0 0 0 192.168.1.48/28
 New Subnet Mask:
192.168.1. 0 1 0 0 0 0 0 0 192.168.1.64/28
255.255.255.240 (/28)
 Number of Hosts per
192.168.1. 0 1 0 1 0 0 0 0 192.168.1.80/28
192.168.1. 0 1 1 0 0 0 0 0 192.168.1.96/28
subnet: 4 bits, 16-2
192.168.1. 0 1 1 1 0 0 0 0 192.168.1.112/28
hosts, 16 TOTAL hosts,
192.168.1. 1 0 0 0 0 0 0 0 192.168.1.128/28
14 usable hosts
 Number of Subnets: 4
192.168.1. 1 0 0 1 0 0 0 0 192.168.1.144/28
192.168.1. 1 0 1 0 0 0 0 0 192.168.1.160/28
bits or 16 subnets
192.168.1. 1 0 1 1 0 0 0 0 192.168.1.176/28
192.168.1. 1 1 0 0 0 0 0 0 192.168.1.192/28
192.168.1. 1 1 0 1 0 0 0 0 192.168.1.208/28
192.168.1. 1 1 1 0 0 0 0 0 192.168.1.224/28
192.168.1. 1 1 1 1 0 0 0 0 192.168.1.240/28
VLSM
 Variable Length Subnet

Mask
 This is the process of

subnetting a subnet
 More than one subnet

mask can be used
VLSM
 VLSM – the process of
sub-netting a subnet to fit
your needs.
 Example:
Subnet 10.1.0.0/16, 8
more bits are borrowed
again, to create 256
subnets with a /24 mask.
Mask allows for 254 host
addresses per subnet
Subnets range from:
10.1.0.0 / 24 to
10.1.255.0 / 24
* Same process for Subnet
10.2.0.0/16
VLSM
 Subnet 10.3.0.0/16, 12 more bits
are borrowed again, to create
4,096 subnets with a /28 mask.
– Mask allows for 14 host

– Subnets range from: 10.3.0.0 /
28 to 10.3.255.240 / 28
 Subnet 10.4.0.0/16, 4 more bits
are borrowed again, to create 16
subnets with a /20 mask.
– Mask allows for 2,046 host

– Subnets range from: 10.4.0.0 /
20 to 10.4.240.0 / 20
Classless Inter-Domain Routing
(CIDR)-Supernetting
 Route summarization done by CIDR
 Routes are summarized with masks that are less than
that of the default classful mask (supernetting)
-Example:
172.16.0.0 / 13 is the summarized
route for the 172.16.0.0 / 16 to
172.23.0.0 / 16 classful networks
Although 172.22.0.0/16 and

172.23.0.0/16 are not shown in
the graphic, these are also
included in the summary route.
Classless Inter-Domain Routing
(CIDR)-Supernetting
Steps to calculate a route

summary:
1. List networks in binary

format
2. Count number of left
most matching bits to
determine summary
route’s mask
3. Copy the matching bits
and add zero bits to
determine the
summarized network
address
Example: Calculating a
summary route
 Which address can be used to
summarize networks
 A:
• 192.168.0.0/30
 11000000 10101000 00000000 00000000
• 192.168.0.4/30
 11000000 10101000 00000000 00000100
• 192.168.0.8/30
 11000000 10101000 00000000 00001000
• 192.168.0.16/29
 11000000 10101000 00000000 00010000
• B
• 192.168.4.0/30
• 192.168.5.0/30  11000000 10101000 00000100 00000000
• 192.168.6.0/30  11000000 10101000 00000101 00000000
• 192.168.7.0/29  11000000 10101000 00000110 00000000
 11000000 10101000 00000111 00000000
 Answer:????
ICMP
Internet Control Message Protocol
 IP is a best effort delivery system.

 No mechanism to ensure that the data is delivered
 So how do we know if a packet encountered a problem

along the way?
 Internet Control Message Protocol (ICMP)
ICMP
 RFC 792
 ICMP is available for both IPv4 and IPv6.
 ICMPv4 is the messaging protocol for IPv4.
 ICMPv6 provides these same services for IPv6 but
includes additional functionality.

 ICMP messages common to ICMPv4 and ICMPv6 include:
 Host confirmation
 Destination or Service Unreachable
 Route redirection
 Time exceeded
 ICMPv6 includes additional functionality.

ICMP
 ICMP is used for:

 Informational messages (ping, traceroute)
 Error messages (network unreachable)
 ICMP is a layer 3 protocol directly encapsulated in

another layer 3 protocol IP.
 No transport header
 Knowledge of ICMP control messages is an essential

part of network troubleshooting.
ICMP Message Format
 Type
 the type of service being provided. There’s a specific type number for each
error or informational message sent.
 Code
 the error code provides further information on the message type. It tells what
was the possible cause to the problem.
 Checksum
 the 16-bit one's complement of the one's complement sum of the ICMP
message starting with the ICMP type. Used to find problems on the ICMP
message ONLY.
ICMP Messages
Type Message Type Message

3 Destination Unreachable 8 or 0 Echo request or reply
4 Source Quench 13 or 14 Timestamp
11 Time Exceeded 17 or 18 Address Mask
12 Parameter problem 10 or 9 Router Sollicitation/Adv
5 Redirection
ICMP Types&Codes
Type Code Meaning

0 0 echo reply
3 0 network unreachable
3 1 host is unreachable
3 3 port is unreachable
4 0 source quench
5 0 redirect
8 0 echo request
9/10 0 router discovery/advertisement
11 0 time exceed
12 0 parameter problem
13/14 0 time stamp request
17/18 0 network request/reply
Host Confirmation (PING)
 Ping is a utility used to verify connectivity to an IP host.
 It measures the round-trip time for messages sent from the
originating host to a destination computer.

 Ping uses an ICMP Echo Message to determine if a host is
reachable.
 A host initiates a ping (ICMP Echo Request) and the destination
replies (ICMP Echo Reply).

 ICMP only reports on the status of the delivered packet to the
source device.
ICMP: Echo Request/Reply
 PING sends icmp type 8 echo request to a node

and expects an icmp type 0 echo reply
8 0
Send
0 0
Reply
Destination or Service
Unreachable
 When a router cannot deliver a packet, it sends an ICMP
Destination Unreachable message to the source.
 Message includes a code indicating why it could not be
delivered.
 Some of the Destination Unreachable codes for ICMPv4 are:
 0 - net unreachable.
 1 - host unreachable.
 2 - protocol unreachable.
 3 - port unreachable.
 4.- fragmentation needed and DF set
 5.- source route failed
 Note: Codes 0,1,4 and 5 may be received from a gateway

codes 2 and 3 may be received from a host
Unreachable
 ICMP only reports on the status of the delivered packet to the
source device.
 For example:
 PC1 pings PC2.
 The ping crosses R1, then R2, but R3 encounters a link error.
 Since the packet only contains the source and destination IP
addresses, R3 may notify PC1 of the failure (optional).

 R3 unaware of the exact path the packet took
 No ICMP messages are sent to R1 or R2.
R1 R2 R3 PC2
PC1
Unreachable
C:\Users\eietr> ping 192.168.2.115  Codes 0 (net
Pinging 192.168.1.115 with 32 bytes of data:
unreachable) is sent
Reply from 192.168.1.116: Destination net unreachable. when a router does
Reply from 192.168.1.116: Destination net unreachable. not have the
Reply from 192.168.1.116: Destination net unreachable. requested network.
Reply from 192.168.1.116: Destination net unreachable.
Ping statistics for 192.168.1.115:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
C:\Users\eietr>
C:\Users\eietr> ping 192.168.1.115  Code 1 (host

unreachable) is sent
Pinging 192.168.1.115 with 32 bytes of data: when a router
Reply from 192.168.1.116: Destination host unreachable. receives a packet for
Reply from 192.168.1.116: Destination host unreachable. which it has an
Reply from 192.168.1.116: Destination host unreachable.
attached route but is
Reply from 192.168.1.116: Destination host unreachable.
unable to deliver the
Ping statistics for 192.168.1.115: packet to the host on
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), the attached
network.
C:\Users\eietr>
Ping Tools
www.pingtest.net
Ping Tools (pingdeli)
https://www.etopian.com/software/ip-network-ping-tool-freeware/
Ping Tools - IPERF
Route Redirection
 A router may use the ICMP

Redirect Message to notify
the hosts on a network that
a better route is available
for a particular destination.
 This message may only
be used when the

source host is on the
same physical network
as both gateways.
 Both ICMPv4 and ICMPv6
use route redirection
messages.
Route Redirection
 Host A sends a packet to Host B on
network 10.0.0.0/8, but since they are
B not on the same network, it forwards
it to the default gateway, R1.
 R1 finds the correct route to network

10.0.0.0/8 is through the same
interface and forwards out of its E0
interface to R2.
 R1 also forwards an ICMP Redirect

message to Host A telling it to use R2
A as the gateway to forward all future
requests to network 10.0.0.0/8.
Time Exceeded
The ICMP - Time exceeded message is generated when the gateway
processing the datagram finds the Time To Live field is equal to zero
and therefore must be discarded. The same gateway may also notify
the source host via the time exceeded message.
time-exceeded
message
ICMP Type=11 Code=0 or 1 Checksum
header Rest of Header=unused (all zero)
Data IP header and first 8 bytes of original datagram’s data
• Code=0, TTL count exceeded
• Code=1, Fragment reassembly time exceeded
Time-exceeded
Router Router
TTL=1 X
Traceroute
tracert www.espol.edu.ec
Open Visual Traceroute
Address Resolution Protocol
(ARP)
The primary purpose of ARP: (RFC 826)

1. Resolving IPv4 addresses to Ethernet MAC
addresses
2. Maintaining a cache of mappings
 ARP is used to map known IP addresses to

MAC addresses on the local network.
 If the device is on a remote LAN segment, the
host will send an ARP request for the MAC
address of the default gateway.
Ethernet MAC Address
A media access control address (MAC address) of a computer is a
unique identifier assigned to network interfaces for communications at
the data link layer of a network segment. MAC addresses are used as
a network address for most IEEE 802 network technologies, including
Ethernet and Wi-Fi. Logically, MAC addresses are used in the
media access control protocol sublayer of the OSI reference model.
Ethernet MAC
MAC Address
Representations
MAC Address Format
OUI unique
 An Intel MAC address: 00-21-CC-BA-44-C4
 0000 0000 - 0010 0001 – 1100 1100 - 1011 1010 – 0100 0100 – 1100 0100
 IEEE OUI FAQs: http://standards.ieee.org/faqs/OUI.html
Unicast MAC Address
Broadcast MAC Address
Multicast MAC Address
Multicast MAC address is a

Range of IPV4 multicast addresses
special value that begins with
is 224.0.0.0 to 239.255.255.255
01-00-5E in hexadecimal
ARP Message Format
ARP Message Format
Protocol Type: This field is the complement of the Hardware Type field,
Specifying the type of layer three addresses used in the message. For IPv4
addresses, this value is 2048 (0800 hex), which corresponds to the EtherType
code for the Internet Protocol.
Hardware Address Length: Specifies how long hardware addresses are in this
message. For Ethernet or other networks using IEEE 802 MAC addresses, the
value is 6.
ARP Message Format
Protocol Address Length: Again, the complement of the preceding field;

specifies how long protocol (layer three) addresses are in this message.
For IP(v4) addresses this value is of course 4.
ARP Request
ARP Reply
Understanding IP
communications
192.168.10.0/24 A MAC MAC B 192.168.10.0/24
Subnet aa.aa bb.bb Subnet
192.168.10.10 192.168.10.11
255.255.255.0 255.255.255.0
Destination Address Source Address Type IP FCS
bb.bb aa.aa DA 192.168.10.11
 Devices can only communicate with other devices on the same subnet
 A knows that it is on the 192.168.10.0/24 subnet (AND operation with its IP address and
subnet mask). (Same subnet = Same subnet mask)
 A knows that B (192.168.1.11) is on its same subnet (AND operation with B’s IP address
and A’s subnet mask)
SAME Subnet
A can reach B B 192.168.10.11
A 192.168.10.10
directly without AND 255.255.255.0
AND 255.255.255.0
going through a --------------------
--------------------
router 192.168.10.0
192.168.10.0
Understanding IP
communications
192.168.10.0/24 A MAC MAC C 192.168.20.0/24
Subnet aa.aa cc.cc Subnet
192.168.10.10 192.168.20.12
255.255.255.0 255.255.255.0

DA 192.168.20.12
 A knows that it is on the 192.168.10.0/24 subnet (AND operation with its IP address and
subnet mask) (Same subnet = Same subnet mask)
 A knows that C (192.168.20.12) is on a different subnet (AND operation with B’s IP
address and A’s subnet mask) – Can’t get there directly!
A 192.168.10.10 DIFFERENT Subnets B 192.168.20.12

A can NOT reach B AND 255.255.255.0
AND 255.255.255.0
directly. Must go --------------------
--------------------
through a router 192.168.20.0
192.168.10.0
Understanding IP
communications
A MAC MAC MAC MAC C

aa.aa 11.11 22.22 cc.cc
192.168.10.10 192.168.10.1 192.168.20.1 192.168.20.12
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
11.11 aa.aa DA 192.168.20.12

cc.cc 22.22 DA 192.168.20.12
 A sends packet to devices in a DIFFERENT subnet directly to a router which is on the

same subnet as A.
 The router will take care of it from there.
192.168.10.10 DIFFERENT Subnets 192.168.20.11

AND 255.255.255.0 A can NOT reach B AND 255.255.255.0
-------------------- directly. Must go --------------------
192.168.10.0 through a router 192.168.20.0
How Does ARP Work?
Destination MAC:
FF-FF-FF-FF-FF-FF
Add entry to ARP

cache
Understanding IP
communications
A B
192.168.10.10 192.168.10.11
255.255.255.0 255.255.255.0
A C
192.168.10.10 192.168.20.12
255.255.255.0 255.255.255.0
A C
192.168.10.10 192.168.10.1 192.168.20.1 192.168.20.12

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
 Otherwise, they must go through a router, that is on its same subnet
Understanding IP
communications
192.168.1.120
B MAC 00-0B
A C
192.168.1.110 192.168.1.50
MAC 00-0A MAC 00-0C
192.168.1.1
MAC 00-0D
R1 Internet
Ethernet Header IP Packet

Destination
Source MAC Source IP Destination IP
MAC
00-0A 192.168.1.110 192.168.1.50
???
192.168.1.120
MAC 00-0B
B
PC-A’s ARP Cache
IPv4 Address MAC Address
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
Internet
R1

Destination MAC Source MAC Source IP Destination IP
??? 00-0A 192.168.1.110 192.168.1.50
ARP Request
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
Internet
R1
Ethernet Header ARP Request
Destination MAC Source MAC Target IPv4 Target MAC
FF-FF 00-0A 192.168.1.50 ???
On Destination MAC Source MAC Source IP Destination IP
Hold ??? 00-0A 192.168.1.110 192.168.1.50
ARP Request
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
Internet
R1
FF-FF 00-0A 192.168.1.50 ???
Hold ??? 00-0A 192.168.1.110 192.168.1.50
The target IPv4 is not me.
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
Internet
R1
FF-FF 00-0A 192.168.1.50 ???
Hold ??? 00-0A 192.168.1.110 192.168.1.50
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
The target IPv4 is not me. Internet

R1
FF-FF 00-0A 192.168.1.50 ???
Hold ??? 00-0A 192.168.1.110 192.168.1.50
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache The target IPv4 is me!
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
Internet
R1
FF-FF 00-0A 192.168.1.50 ???
Hold ??? 00-0A 192.168.1.110 192.168.1.50
192.168.1.120
Here is my MAC
B MAC 00-0B address for the IPv4
PC-A’s ARP Cache address you were
IPv4 Address MAC Address looking for!
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
Internet
R1
Ethernet Header ARP Reply
Destination MAC Source MAC Sender IPv4 Sender MAC
00-0A 00-0C 192.168.1.50 00-0C
Hold ??? 00-0A 192.168.1.110 192.168.1.50
192.168.1.120
Here is my MAC
B MAC 00-0B address for the IPv4
PC-A’s ARP Cache address you were
IPv4 Address MAC Address looking for!
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
Internet
R1
00-0A 00-0C 192.168.1.50 00-0C
Hold ??? 00-0A 192.168.1.110 192.168.1.50
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
192.168.1.50 00-0C
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
Internet
R1
00-0A 00-0C 192.168.1.50 00-0C
Hold ??? 00-0A 192.168.1.110 192.168.1.50
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
192.168.1.50 00-0C
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
Internet
R1

??? 00-0A 192.168.1.110 192.168.1.50
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
192.168.1.50 00-0C
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
MAC 00-0D
Internet
R1

00-0C 00-0A 192.168.1.110 192.168.1.50
192.168.1.120
MAC 00-0B ARP Request
B
Remote Communication
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Default Gateway: 192.168.1.1 MAC 00-0D
Internet
R1

??? 00-0A 192.168.1.110 10.1.1.10
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Internet
R1

??? 00-0A 192.168.1.110 10.1.1.10
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Internet
R1
FF-FF 00-0A 192.168.1.1 ???
Hold ??? 00-0A 192.168.1.110 10.1.1.10
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Internet
R1
FF-FF 00-0A 192.168.1.1 ???
Hold ??? 00-0A 192.168.1.110 10.1.1.10
The target IPv4 is not me.
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Internet
R1
FF-FF 00-0A 192.168.1.1 ???
Hold ??? 00-0A 192.168.1.110 10.1.1.10
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
IPv4 Address MAC Address The target IPv4 is not me.
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Internet
R1
FF-FF 00-0A 192.168.1.1 ???
Hold ??? 00-0A 192.168.1.110 10.1.1.10
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.110 The target IPv4 is

192.168.1.50
for me! MAC 00-0C
MAC 00-0A 192.168.1.1
Internet
R1
FF-FF 00-0A 192.168.1.1 ???
Hold ??? 00-0A 192.168.1.110 10.1.1.10
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Here is my MAC address for
the IPv4 address you were
looking for! Internet
R1
00-0A 00-0D 192.168.1.1 00-0D
Hold ??? 00-0A 192.168.1.110 10.1.1.10
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Internet
R1
00-0A 00-0D 192.168.1.1 00-0D
Hold ??? 00-0A 192.168.1.110 10.1.1.10
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
192.168.1.1 00-0D
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Internet
R1
00-00A 00-0D 192.168.1.1 00-0D
Hold ??? 00-0A 192.168.1.110 10.1.1.10
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
192.168.1.1 00-0D
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Internet
R1

??? 00-0A 192.168.1.110 10.1.1.10
192.168.1.120
B MAC 00-0B
PC-A’s ARP Cache
192.168.1.1 00-0D
A C
192.168.1.50
192.168.1.110
MAC 00-0C
MAC 00-0A 192.168.1.1
Internet
R1

00-0D 00-0A 192.168.1.110 10.1.1.10
Remove ARP Entry
I will remove this ARP entry if 192.168.1.120
I have not used it in 2 MAC 00-0B
minutes.
192.168.1.110 192.168.1.50
MAC 00-0A MAC 00-0C
192.168.1.1
PC-A’s ARP Cache MAC 00-0D
192.168.1.1 00-0D
Viewing and Clearing the
ARP Table
 To view the local ARP table in Windows &
Linux: arp –a
 To clear the local ARP table in Windows&
Linux: arp –d
Class 2. IPv6 Addressing

IPv4 - 1981
IPv4
IPv4 was standardized in 1981,
provisioning 4.29 billion (232) IP
addresses for a world population
of 4.41 billion people. *
Images courtesy of Computer History Museum

= 100,000,000
= 100,000,000
*www.census.gov
IPv4 Addresses World Population 1980
• 4.29 billion addresses, about a 1:1 ratio with the world’s

population.
• What was the Internet like in 1981?
• No WWW, no mobile devices, and most people never heard of
the Internet
• Mostly mainframe and minicomputers
• The IBM PC was introduced trying to overtake the Apple II
The Internet Begins to Take Off
• 1990s introduced the World Wide Web.

• Everyone was getting on the Internet.
• Internet routing tables growing rapidly – 20,000 routes in
1994.
• IETF realized that it would soon run out of IPv4 address
space.
IPv4: Running Out of Addresses
Private Address
Space
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
• Short term solutions included:

• NAT (Network Address Translation)
• Private address space(RFC 1918) IPv4
• CIDR (Classless Inter-Domain Routing)
• Long-term solution: IPv6
IPv4 Address Exhaustion
 The final IPv4 addresses were allocated by IANA to

the five RIRs on February 3, 2011, and since then the
RIRs have been running out of IPv4 addresses.
5
IPv4 Address Exhaustion
http://www.potaroo.net/tools/ipv4/
6
What is happening with the ISPs
And then there’s mobile…
• Facebook sees 20-40% (1-2 seconds)

better performance because no NAT,
CGN, etc.
• Facebook, LinkedIn and Microsoft
internally are IPv6 only
Comcast X1 is IPv6 Only
Comcast Voice is going IPv6 only
Comcast Corporation is a set of

media that offers cable television,
Internet and Telephony services
CNT Ecuador Leader 2017
IPv6 Adoption Statistics
https://www.google.com/intl/es/ipv6/statistics.html
IPv6 Adoption Statistics
https://www.akamai.com/uk/en/our-thinking/state-of-
the-internet-report/state-of-the-internet-ipv6-
adoption-visualization.jsp
Introducing IPv6
• Developed mid to late

1990s.
• Much learned from IPv4.
• 128-bit address space,
written in hexadecimal. 128 bits
• This gives us 340 undecillion
addresses!
2001:DB8:CAFE:0001::100 128 bits
340 undecillion
= 340,282,366,920,938,463,463,374,607,431,768,211,456
IPv6 Introduction
• How many is 340 undecillion?

• 340 undecillion addresses is 10
nonillion addresses per person!
• Internet is a much different
place and will continue to
evolve:
• Mobile devices
• Video on demand
• Internet of Everything
• A critical part in how we “live,
work, play, and learn”.
10 nonillion
= 10,000,000,000,000,000,000,000,000,000,000
IPv6 Features
• IPv6 is not just about more addresses:
• Simplified Header
• End-to-end Connectivity
• Server-less autoconfiguration ("plug-n-play") and
reconfiguration.
• Faster Forwarding/Routing
• No Broadcast
• Mobility
• Enhanced Priority Support
IPv6: A Brief History
• 1993, IETF announced a call for white papers with RFC

1550 IP: Next Generation (IPng) White Paper Solicitation.
• IETF chose Simple Internet Protocol Plus (SIPP) written by
Steve Deering, Paul Francis, and Bob Hinden but changed
the address size from 64 bits to 128 bits.
• 1995, IETF published RFC 1883 Internet Protocol,
Version 6 (IPv6) Specification - later obsoleted by RFC
2460 in 1998.
When will IPv6 exceed
IPv4?
• Traffic doubles every 2 years.
• 80% of traffic is still IPv4.
• IPv6 is at 20%. Let’s assume its share increases by 10 % per year
• IPv6 reaches 60% in 2019
• Percentage of CG-NAT users increases to 20% by 2025
Transitioning to IPv6?
Transitioning to IPv6?
Dual Stack
What is it?
Dual stack means that devices are able to run IPv4 and IPv6
in parallel. It allows hosts to simultaneously reach IPv4 and
IPv6 content, so it offers a very flexible coexistence strategy.
Benefits
• Native dual stack does not require any tunneling
mechanisms on internal networks
• Both IPv4 and IPv6 run independent of each other
• Dual stack supports gradual migration of endpoints,
networks, and applications
Tunneling – 6to4
6to4 is an IPv4 tunnel-based transition mechanism defined

in RFC-3056. It was designed to allow different IPv6 domains
communicate with other IPv6 domains through IPv4 clouds
without explicit IPv4 tunnels. (http://www.ipv6tf.org/)
IPv6 over IPv4 GRE Tunnels
GRE provides a way to encapsulate packets inside of

a transport protocol and transmit them from one
tunnel endpoint to another.
TEREDO Tunneling
Teredo is a transition technology that gives

full IPv6 connectivity for IPv6-capable hosts that are
on the IPv4 Internet but have no native connection to
an IPv6 network
TCP/IP Model with IPv4
TCP/IP Model with IPv6
IPv4 vs IPv6 Header
Let’s Begin with the IPv6 Header
IPv4
• IPv6 takes advantage of 64-bit
CPUs.
• Several differences between IPv4
and IPv6 headers.
• Simpler IPv6 IPv6
64-bit memory word
header.
• Fixed 40 byte
IPv6 header.
• Lets look at
the
differences…
IPv6 Version
IPv4
• IPv4 Version contains 4.
• IPv6 Version contains 6.
• Version 5?- Internet Stream Protocol
(ST2)
IPv6
IPv4 Internet Header Length
IPv4
• IPv4 Internet Header Length (IHL) 1
• Length of IPv4 header in 32-bit 2
words including any Options or 3
Padding. 4
• IPv6 5
• IHL for IPv6 is not needed. ?
• IPv6 header is fixed at 40 bytes.
IPv6
8 bytes
8 bytes
40 bytes = 8 bytes
8 bytes
8 bytes
IPv6 Traffic Class
• IPv4 Type of Service

IPv4
• IPv6 Traffic Class
• Not mandated by any IPv6 RFCs.
• Same functionality as IPv4.
• Uses same Differentiated Services
technique (RFC 2474) as IPv4.
IPv6
7 6 5 4 3 2 1 0
IP Precedence Unsused
DiffServ Code Point (DSCP) IP ECN
IPv6 Flow Label
• New field in IPv6 – not part of IPv4.

IPv4
• Flow label is used to identify the packets in a common stream or flow.
• Traffic from source to destination share a common flow label.
• RFC 6437 IPv6 Flow Label Specification
11001011000101100
10110010111000111
IPv6
IPv6 Payload Length
IPv4 Header Data (Payload)
• IPv4 Total Length – Number of bytes
of the IPv4 header (options) + data. IPv4
• IPv6 Payload Length – Number of
bytes of the payload.
• Does not include the main IPv6
header.
• Includes extension headers + data
IPv6
Payload
IPv6 Extension
IPv6 Header Header (Optional) Data
IPv6 No Fragmentation
MTU of outgoing link smaller

Packet received.
than packet size. Drop packet.
No reassembly
I will use MTU of the Send ICMPv6 Packet Too Big
required.
interface. message, use MTU 1350.
MTU = 1500 MTU = 1500 MTU = 1350 MTU = 1500

PCA PCB
R1 R2 Link with R3
smaller MTU
Source Destination
1
• IPv6 requires that every link have a minimum
IPv6 Packet – MTU 1500 MTU of 1280 bytes, with a recommended
MTU of 1500 bytes.
2 • Path MTU Discovery uses this same process.
ICMPv6 Packet Too Big • Because intermediate devices do not
Use MTU 1350 fragment packets, Path MTU Discovery is
used when their links are greater than 1280.
3
IPv6 Packet
MTU 1350
IPv6 Next Header
• IPv4 Protocol IPv4

• IPv6 Next Header
• For both protocols, the field indicates the
type of header following the IP header.
• Common values:
• 6 = TCP IPv6
• 17 = UDP
• 58 = ICMPv6
• 88 = EIGRP IPv6 Next Data
• 89 = OSPF Header Header (Protocol: TCP, UDP, ICMPv6, etc.)
IPv6 Hop Limit
• IPv4 TTL (Time to Live) IPv4

• IPv6 Hop Limit
• Renamed to more accurately reflect
process.
• Set by source, every router in path
decrements hop limit by 1.
IPv6
• When 0,
drop packet.
IPv6 Source and Destination
Addresses
• IPv6 Source and Destination
IPv4
addresses have the same basic
functionality as IPv4.
• IPv4 – 32-bit addresses.
• IPv6 – 128-bit addresses.
• Some significant changes in IPv6.
IPv6
IPv4 Header Checksum
• IPv4 Header Checksum IPv4

• Not used in IPv6.
• Upper-layer protocols generally have a
checksum (UDP and TCP).
• So, in IPv4 the UDP checksum is
optional.
• Because it’s
not in IPv6, IPv6
the UDP
checksum is
now
mandatory.
IPv6 Extension Header
• Next Header identifies:

• The protocol carried in the
data portion of the packet.
• The presence of an extension header.
• Extension headers are optional and follow the main IPv6
header.
• Provide flexibility and features to the main IPv6 header for future
enhancements without having to redesign the entire protocol.
• Allows the main IPv6 header to have a fixed size for more
efficient processing.
IPv6 Main Next Extension Next Data

Header Header Header Header (Protocol: TCP, UDP, ICMPv6, etc.)
IPv6 Extension Header
IPv6 Address
IPv6 addresses are 128 bits long

• Segmented into 8 groups of four HEX characters (called
HEXtets)
• Separated by a colon (:)
• Default is 50% for network ID, 50% por interface ID
IPv6 Address Format
IPv6 Address Notation
2001:0DB8:AAAA:1111:0000:0000:0000:0100
2001 : 0DB8 : AAAA : 1111 : 0000 : 0000 : 0000 : 0100
16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits

1 2 3 4 5 6 7 8
IPv6 addresses are 128-bit addresses represented in:

• Hexadecimal: 1 hex digit = 4 bits
• Eight 16-bit segments or “hextets” (not a formal term)
between 0000 and FFFF
• Separated by colons
• Reading and subnetting IPv6 is easier than IPv4…. Really!
Rules for Compressing IPv6
Addresses
• Two rules for reducing the size of written IPv6 addresses.

• First rule: Leading zeroes in any 16-bit segment do not have to
be written.
2001 : 0DB8 : 0001 : 1000 : 0000 : 0000 : 0ef0 : bc00

2001 : DB8 : 1 : 1000 : 0 : 0 : ef0 : bc00
2001 : 0DB8 : 010d : 000a : 00dd : c000 : e000 : 0001

2001 : DB8 : 10d : a : dd : c000 : e000 : 1
2001 : 0DB8 : 0000 : 0000 : 0000 : 0000 : 0000 : 0500

2001 : DB8 : 0 : 0 : 0 : 0 : 0 : 500
Rules for Compressing IPv6
Addresses
• Second rule: Any single, contiguous string of one or more 16-bit

segments consisting of all zeroes can be represented with a
double colon (::).
First rule Second rule First rule
2001 : 0DB8 : 1000 : 0000 : 0000 : 0000 : 0000 : 0001
2001 : DB8 : 1000 : : 1
2001:DB8:1000::1
Rule 2: Double Colon :: Choices
Only a single contiguous string of all-zero segments can be represented with a

double colon.
Although the rule states that both of these are correct…
2001 : DB8 : 0000 : 0000 : 1234 : 0000 : 0000 : 5678
RFC 5952
2001 : DB8 :: 1234 : 0 : 0 : 5678
or
2001 : DB8 : 0 : 0 : 1234 :: 5678
… RFC 5952 states that the longest string of zeroes must be replaced
with the :: and if they are equal then the first string of 0’s should use
the :: representation.
IPv4: Subnet Mask
and Prefix Length
Prefix Subnet
Binary Mask Length Mask
11111111 00000000 00000000 00000000 /8 255.0.0.0
11111111 10000000 00000000 00000000 /9 255.128.0.0
11111111 11000000 00000000 00000000 /10 255.192.0.0
11111111 11100000 00000000 00000000 /11 255.224.0.0
11111111 11110000 00000000 00000000 /12 255.240.0.0
IPv4 Network portion
Host
11111111 portion
11111000 00000000 00000000 /13 255.248.0.0
Prefix 11111111 11111100 00000000 00000000 /14 255.252.0.0
11111111 11111110 00000000 00000000 /15 255.254.0.0
11111111 11111111 00000000 00000000 /16 255.255.0.0
11111111 11111111 10000000 00000000 /17 255.255.128.0
• IPv4, the prefix, the network 32 11111111 11111111 11000000
bits 00000000 /18 255.255.192.0
11111111 11111111 11100000 00000000 /19 255.255.224.0
portion of the address, can 11111111 11111111 11110000 00000000 /20 255.255.240.0
be identified by: 11111111 11111111 11111000 00000000 /21 255.255.248.0
11111111 11111111 11111100 00000000 /22 255.255.252.0
• Dotted decimal subnet 11111111 11111111 11111110 00000000 /23 255.255.254.0
mask 11111111 11111111 11111111 00000000 /24 255.255.255.0
11111111 11111111 11111111 10000000 /25
• Prefix length 255.255.255.128
• The number of bits in the 11111111 11111111 11111111 11000000 /26
255.255.255.192
prefix or network portion of 11111111 11111111 11111111 11100000 /27
the address. 255.255.255.224
11111111 11111111 11111111 11110000 /28
255.255.255.240
11111111 11111111 11111111 11111000 /29
255.255.255.248
11111111 11111111 11111111 11111100 /30
255.255.255.252
11111111 11111111 11111111 11111110 /31
255.255.255.254
IPv6 Prefix Length
• IPv6 prefixes are always identified by prefix length.

• Prefix length - The number of bits in the Prefix portion of the
address (equivalent to the network portion of the address).
• Separates the Prefix portion from the Interface ID (equivalent to
the host portion of the address).
• Written immediately following the IPv6 address, usually no
space.
Prefix Interface ID
2001:0DB8:0000:0000:0000:0000:0000:0001
Prefix length /32 /48/52
/56 /64
/60
Interface ID /64
• The standard LAN size has been set at a /64

• 18,446,744,073,709,600,000 IPv6 addresses
• Let’s attempt to exhaust all of the available
addresses
• We will allocate 10,000,000 addresses per second
• Hint: there are 31,536,000 seconds per year
• 10,000,000 x 31,536,000 = 315,360,000,000,000
18,446,744,073,709,600,000
/ 315,360,000,000,000
= 58,494 years
48
IPv6 over Ethernet
• IPv6 has a specific Ether type id

• IPv6 relies heavily on Multicast
49
IPv6 Address Types…. Road Map
IPv6 does not have a “broadcast” address.

IPv6 Source and Destination
Addresses
• IPv6 Source – Always a unicast IPv4

• IPv6 Destination – Unicast,
multicast or anycast.
IPv6
IP Address Types
Global Unicast Address
GUA
IPv6 Internet
• Global Unicast Address (GUA)

• 2000::/3 (Range 2000::/64 thru 3fff:fff:fff:fff::/64)
• Globally unique, routable, similar to public IPv4
addresses
• 2001:DB8::/32 - RFC 2839 reserves this range of
addresses for documentation
• These are the addresses we will be referring to the most.
GUA
Global Routing Prefix Subnet ID Interface ID
001 Range: 2000: 0010 0000 0000 0000 :

First hextet
3FFF: 0011 1111 1111 1111 :
• Global Unicast Address (GUA)

• 2000::/3
• Range 2000::/64 thru
3fff:fff:fff:fff::/64
• 1/8th of IPv6 address space
GUA
Range:
001
2000::/64 thru 3fff:fff:fff:fff::/64
• Except under very specific circumstances, all end users will

have a global unicast address.
• Note: A host (an interface) can potentially have multiple
IPv6 addresses on the same or different networks.
• Terminology:
• Prefix equivalent to the network address of an IPv4
address
• Prefix length equivalent to subnet mask in IPv4
• Interface ID equivalent to host portion of an IPv4
address
Parts of a Global Unicast Address
IPv4 Unicast Address /?
Network portion Subnet portion Host portion
32 bits
IPv6 Global Unicast Address

/48 /64
16-bit
Global Routing Prefix Interface ID
Subnet ID
128 bits
• 64-bit Interface ID = 18 quintillion

(18,446,744,073,709,551,616) devices/subnet
• 16-bit Subnet ID (initially recommended) = 65,536 subnets
/64 Global Unicast Address and the
3-1-4 Rule
/48 /64
16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits

3 1 4
2001 : 0DB8 : CAFE : 0001 : 0000 : 0000 : 0000 : 0100
3 + 1 = 4 (/64) : 4
2001:0DB8:CAFE:0001:0000:0000:0000:0100/64
2001:DB8:CAFE:1::100/64
Subnetting IPv6
Can you count in hex?

Just increment by 1 in Hexadecimal:
2001:0DB8:CAFE:0000::/64
2001:0DB8:CAFE:0001::/64
2001:0DB8:CAFE:0002::/64 ...
2001:0DB8:CAFE:0009::/64 3-1-4 Rule
2001:0DB8:CAFE:000A::/64
Valid abbreviation is to remove the leading 0s:

2001:DB8:CAFE:1::/64
IPv6 Address Allocation
Global Routing Prefix I am getting a /64 at home

/23 /32 /48 /56 /64
Subnet
Sub Interface ID
ID
*RIR
*ISP Prefix
Internet Service
*Site Prefix Provider (CNT,
Possible Home Site Prefix Telconet)
Subnet Prefix
* This is a minimum allocation. The prefix-length may be shorter if it

can be justified.
Global Routing Prefix determines
number of /64 subnets *
/64
2001:DB8:0000:0000:0000:0000:0000:0000
64-bit Interface ID
/60 = 16 /64’s
/56 = 256 /64’s
/52 = 4,096 /64’s
/32 = 65,536 /48’s /48 = 65,536 /64’s (Many sites will get this prefix length)
/44 = 1,048,576 /64’s

/40 = 16,777,216 /64’s
/36 = 268,435,456 /64’s
/32 = 4,294,967,296 /64’s
EUI-64 PROCESS
One of IPv6's key benefits over IPv4 is its capability for automatic
interface addressing. By implementing the IEEE's 64-bit Extended
Unique Identifier (EUI-64) format, a host can automatically assign
itself a unique 64-bit IPv6 interface identifier without the need for
manual configuration or DHCP. This is accomplished on Ethernet
interfaces by referencing the already unique 48-bit MAC address,
and reformatting that value to match the EUI-64 specification
EUI-64 PROCESS
OUI Device Identifier
24 bits 24 bits
Hexadecimal 00 03 6B E9 D4 80
Step 1: Split the MAC address
Binary 0000 0000 0000 0011 0110 1011 1110 1001 1101 0100 1000 0000
Step 2: Insert FFFE F F F E

Binary 0000 0000 0000 0011 0110 1011 1111 1111 1111 1110 1110 1001 1101 0100 1000 0000
Step 3: Flip the U/L bit
Binary 0000 0010 0000 0011 0110 1011 1111 1111 1111 1110 1110 1001 1101 0100 1000 0000
Modified EUI-64 Interface ID in Hexadecimal Notation
Binary 02 03 6B FF FE E9 D4 80
Link-Local Unicast Range
First 10 bits
1111 1110 10xx xxxx Remaining 54 bits 64-bit Interface ID
Range: FE80: 1111 1110 1000 0000 :

First hextet
FEBF: 1111 1110 1011 1111 :
Link-local Unicast
• Link – Network segment

• Link-local means, local to
that link or network.
• IPv6 Source – Always a unicast IPv4

• IPv6 Destination – Unicast, multicast,
or anycast.
• Unicast, including a link-local address
IPv6
Link-Local Communications
• Used to communicate with other devices on the link.

• Are NOT routable off the link (network).
• Only have to be unique on the link.
• Not included in the IPv6 routing table.
• An IPv6 device must have at least a link-local address.
Most Networks Are Already Running
IPv6
I’m not running IPv6…
or am I?
PC> ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix :
Link-local IPv6 Address . . . . :
fe80::50a5:8a35:a5bb:66e1
IPv4 Address. . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . : 192.168.1.1
• IPv6 is automatically enabled with Windows, MAC and Linux operating systems.
• Windows XP and Windows Server 2003 Generates the local link address through the
process EUI-64.
• Windows Vista® or Windows Server® 2008 by default generate random interface IDs
for non-temporary autoconfigured IPv6 addresses, including public and link-local
addresses, rather than EUI-64-based interface IDs
• Can communicate with other devices on the link, including the router.
An Important Role in IPv6
Routing Protocol
Messaging
From: Link-local
ICMPv6 Router From: Link-local or
To: Multicast
Solicitation unspecified address
To: Multicast
From: Link-local ICMPv6 Router I will use
To: Multicast Advertisement your link-
local as my
default
gateway,
• Used as a source IPv6 address before a device gets one
dynamically (SLAAC and DHCPv6).
• Router’s link-local address is used by devices as the default
gateway.
• Routers exchange routing messages.
• Router use the link-local address as the next-hop address in the
routing table: via link-local address.
Loopback Addresses
• Loopback Address
• ::1/128
• Used by a node to send an IPv6 packet to itself, typically
when testing the TCP/IP stack
• Same functionality as IPv4 loopback 127.0.0.1
• Not routable.
• Unspecified Address
• :: (all-0s)
• Indicates the absence or anonymity of an IPv6 address
(RS source address)
• Used as a source IPv6 address during duplicate address
detection process
Multicast
Addresses
• Multicast Addresses - Used to
send a single packet to multiple
destinations simultaneously (one-
to-many).
• Assigned Multicast Address –
• FF02::/8 – Multicast addresses
with link-local scope
Multicast Addresses
• Solicited Node Multicast Address –

• FF02:0:0:0:0:1:FF00::/104 (FF02::1:FFxx:xxxx)
• Used during ICMPv6 neighbor discovery address
resolution (ARP in IPv4)
• Automatically created using a special mapping of the
device’s unicast address.
• Every global unicast and link-local unicast has an associated
solicited node multicast address.
Anycast Addresses
• Anycast Address
• A unicast address that is assigned to more than one
interface (typically different devices).
ICMPv6
Internet Control Message Protocol for IPv6
• ICMPv6 is defined in RFC 4443.

• Similar to ICMPv4, describes two types of
messages:
• Informational
• Error
• ICMPv6 Neighbor Discovery is described in RFC
4861.
• Much more robust than ICMP for IPv4.
• Contains new functionality and improvements.
Next
All ICMPv6 IPv6 Main Header ICMPv6
Data
messages Header 58 Header
ICMPv6 Messages
• ICMPv6 error messages are:

• Destination Unreachable
• Packet Too Big Similar to IPv4
• Time Exceeded We will take a brief look at these
• Parameter Problem
• ICMPv6 informational messages used by the ping command:

• Echo Request
Similar to IPv4
• Echo Reply
We will see a packet analysis example
ICMPv6 Messages
ICMPv6 informational messages used for Multicast Listener Discovery

(RFC 2710 ):
• Multicast Listener Query Similar to IGMP for IPv4
• Multicast Listener Report (Internet Group Message Protocol)
• Multicast Listener Done
ICMPv6 informational messages used by Neighbor Discovery (RFC 4861):

• Router Solicitation Message New message types (except for
• Router Advertisement Message Redirect message).
• Neighbor Solicitation Message Brief overview.
• Neighbor Advertisement Message Details discussed in various
• Redirect Message lessons
ICMPv6 General Message Format
Next
IPv6 Header Header = ICMPv6 Message
58
0 8 16 24 31
Type Code Checksum
Message Body
• IPv6 Next Header Value: 58 decimal or 3A hexadecimal

• ICMPv6 General Message Format (similar to ICMP for IPv4)
Error Message:
Destination Unreachable Message
Code Values
0 - No route to destination
0 8 16 24 31 1 - Communication with destination
Type = 1 Code Checksum administratively prohibited
2 - Beyond scope of source
Unused address
3 - Address unreachable
As much of invoking packet as possible without the 4 - Port unreachable
ICMPv6 packet exceeding the minimum IPv6 MTU. 5 - Source address failed
ingress/egress policy
6 - Reject route to destination
• Sent when a packet cannot be delivered to its destination for

reasons other than congestion.
• A router (or a firewall) usually generates these messages.
• Type = 1
• Code values vary, giving more detail.
Error Message: Packet Too Big
0 8 16 24 31
Type = 2 Code = 0 Checksum
MTU of the next hop link
As much of invoking packet as possible without the

ICMPv6 packet exceeding the minimum IPv6 MTU.
• Important difference with IPv6…

• IPv4 routers fragment a packet when the MTU (Maximum
Transmission Unit) of the outgoing link is smaller than the size of
the packet.
• The destination device is responsible for reassembling the
fragmented packets.
• IPv6 routers do not fragment packets.
IPv6 No Fragmentation
MTU of outgoing link smaller
Packet received.
than packet size. Drop packet.
No reassembly
I will use MTU of the Send ICMPv6 Packet Too Big
required.
interface. message, use MTU 1350.
MTU = 1500 MTU = 1500 MTU = 1350 MTU = 1500

PCA PCB
R1 R2 Link with R3
smaller MTU
Source Destination
1
IPv6 Packet – MTU 1500
2
ICMPv6 Packet Too Big
Use MTU 1350
3
IPv6 Packet
MTU 1350
Error Message: Time Exceeded
IPv6
0 8 16 24 31
Type = 3 Code = 0 Checksum
Unused
As much of invoking packet as possible without the

• If a router receives a packet with a Hop Limit of zero, or if a router

decrements a packet's Hop Limit to zero, it MUST:
• Discard the packet
• Send an ICMPv6 Time Exceeded message (Type = 3, Code 0)
to the source of the packet.
• This indicates either a routing loop or too small an initial Hop Limit
value.
Error Message: Parameter Problem
Code Extension Header Name

0 8 16 24 31 0 Erroneous header field
Type = 4 Code Checksum encountered
1 Unrecognized Next Header
Pointer type encountered
2 Unrecognized IPv6 option
As much of invoking packet as possible without the encountered
?
Next Next
IPv6 Main Header Extension Header TCP
Header Data
Header 138 6 Header
• Type 4
• Generated when a receiving device finds a problem with a field
in the main IPv6 header such as the Next Header field – packet
is discarded.
ICMPv6
Echo Request and Echo Reply
Type 128 = Echo Request
Type 129 = Echo Reply
0 8 16 24 31
Type = 128/129 Code = 0 Checksum
Identifier Sequence Number
Data
Ping PCB ICMPv6 Echo Request

PCA PCB
ICMPv6 Echo Reply
• Similar to IPv4 Echo Request and Echo Reply messages are

used by the ping utility.
ICMPv6 Echo Request to GUA
Internet Protocol Version 6

0110 .... = Version: 6
<output omitted>
Payload length: 40
Next header: ICMPv6 (0x3a) ICMPv6 Echo Request
Hop limit: 128
Source: 2001:db8:cafe:1::100
Destination: 2001:db8:cafe:1::1
Internet Control Message Protocol v6

Type: 128 (Echo (ping) request)
Code: 0 (Should always be zero)
Checksum: 0x8f38 [correct]
ID: 0x0001
Sequence: 0 Next
Data (32 bytes) IPv6 Header Header = ICMPv6 Message
58
ICMPv6 Echo Reply from GUA

0110 .... = Version: 6
<output omitted>
Payload length: 40
ICMPv6 Echo Reply
Next header: ICMPv6 (0x3a)
Hop limit: 64
Source: 2001:db8:cafe:1::1
Destination: 2001:db8:cafe:1::100

Type: 129 (Echo (ping) reply)
Checksum: 0x8e38 [correct]
ID: 0x0001
Sequence: 0
Data (32 bytes)
ICMPv6
Echo Request to Link-Local Address

0110 .... = Version: 6
<output omitted>
Payload length: 60
Next header: ICMPv6 (0x3a) ICMPv6 Echo Request
Hop limit: 64
Source: fe80::1 Source and destination
Destination: fe80::50a5:8a35:a5bb:66e1 link-local addresses.

Type: 128 (Echo (ping) request)
Checksum: 0x0444 [correct]
ID: 0x0a24
Sequence: 0
Data (52 bytes)
ICMPv6
Echo Reply from Link-Local Address

0110 .... = Version: 6
<output omitted>
Payload length: 60
Next header: ICMPv6 (0x3a) ICMPv6 Echo Reply
Hop limit: 64
Source: fe80::50a5:8a35:a5bb:66e1 Source and destination
Destination: fe80::1 link-local addresses.
Type: 129 (Echo (ping) reply)
ID: 0x0a24
Sequence: 0
Data (52 bytes)
ICMPv6
Neighbor Discover Protocol
(RFC4861)
ICMPv6 Neighbor Discovery defines 5 different packet types:

• Router Solicitation Message
• Router Advertisement Message Router-Device
Messaging
Used with dynamic address allocation
• Neighbor Solicitation Message

• Neighbor Advertisement Message Device-Device
• Used with address resolution (IPv4 ARP) Messaging
• Redirect Message
Similar to ICMPv4 redirect message
Router-to-Device messaging
Dynamic Address Allocation
in IPv4
DHCPv4 Server
1
I need IPv4
addressing
information.
Here is everything
you need.
Dynamic Address Allocation
in IPv6
To all IPv6 routers: I might not be
I need IPv6 address needed.
information.
ICMPv6 Router Solicitation
DHCPv6 Server
To all IPv6 devices: ICMPv6 Router Advertisement
Let me tell you how
to do this … 1. SLAAC
2. SLAAC with
Stateless DHCPv6
3. Stateful DHCPv6
SLAAC
(Stateless Address Autoconfiguration)
RA Message Options
ICMPv6 Router Advertisement

Option 1, 2, or 3
DHCPv6
Server
Option Other Configuration Managed Configuration

(“O”) Flag (“M”) Flag
Option 1: SLAAC – No DHCPv6 0 0
(Default on routers)
Option 2: SLAAC + Stateless 1 0
DHCPv6 for DNS address
Option 3: All addressing except 0 1
default gateway use DHCPv6
Router Solicitation /
Router Advertisement
2001:DB8:CAFE:1::/64
Link-local: FE80::1 Link-local: FE80::50A5:8A35:A5BB:66E1
R1 MAC: 00-03-6b-e9-d4-80 MAC: 00-21-9b-d9-c6-44
PC1
Router Solicitation
• Sent when device needs IPv6 1
addressing information. To: FF02::2 (All-IPv6 Routers)
Router Advertisement From: FE80::50A5:8A35:A5BB:66E1
RS
• Sent every 200 seconds or in
response to RS ICMPv6 Router Solicitation
2
To: FF02::1 (All-IPv6 devices)
From: FE80::1 (Link-local address) RA
ICMPv6 Router Advertisement
Analyzing the
Router Solicitation Message
Analyzing the
Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:00:00:00:02
Ethernet multicast MAC address – Maps to “all IPv6 routers”
0110 .... = Version: 6 [Traffic class and Flowlabel not shown]
Payload length: 16
Next header: ICMPv6 (0x3a) Next header is an ICMPv6 header
Hop limit: 255
Source: fe80::50a5:8a35:a5bb:66e1 Link-local address of PC1
Destination: ff02::2 All-IPv6-routers multicast address

Type: 133 (Router solicitation) Router Solicitation message
Code: 0
ICMPv6 Option (Source link-layer address)
Type: Source link-layer address (1)
Length: 8
MAC address of PC1 but RA
Link-layer address: 00:21:9b:d9:c6:44
is sent as all-IPv6-host multicast

Analyzing the
Router Advertisement Message
Analyzing the
Ethernet II, Src: 00:03:6b:e9:d4:80, Dst: 33:33:00:00:00:01

Ethernet multicast MAC address – Maps to “All-IPv6 devices”
0110 .... = Version: 6
.... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 64
Next header: ICMPv6 (0x3a) Next Header is an ICMPv6 header
Hop limit: 255
Link-local address of R1. Added to hosts’ Default Router List
Source: fe80::1
and is the address they will use as their default gateway.
Destination: ff02::1
All-IPv6 devices multicast
Continued next slide

Analyzing the
Type: 134 (Router advertisement) Router Advertisement
Code: 0
Cur hop limit: 64 Recommended Hop Limit value for hosts
Flags: 0x00 M and O flags indicate that no information is available via DHCPv6
ICMPv6 Option (Source link-layer address)
Type: Source link-layer address (1)
Length: 8
Link-layer address: 00:03:6b:e9:d4:80 Router R1’s MAC address
ICMPv6 Option (MTU)
Type: MTU (5)
Length: 8
MTU: 1500 MTU of the link.
ICMPv6 Option (Prefix information)
Type: Prefix information (3)
Length: 32
Prefix-length (/64) to be used for autoconfiguration.
Prefix Length: 64
Prefix: 2001:db8:cafe:1:: Prefix of this network to be used for
autoconfiguration

Address Resolution: IPv4 and IPv6
ARP Request: Broadcast

IPv4: ARP over Ethernet Ethernet ARP Request/Reply
ARP
Cache Know
IPv4, what
My IPv4! 2 1
PC2 PC1 is the
Here is the ARP Reply ARP Request MAC?
MAC?
2 1 Neighbor
Know
My IPv6!
Neighbor Neighbor Cache IPv6, what
Here is the
Advertisement Solicitation is the
MAC?
MAC?
IPv6: ICMPv6 over IPv6 over Ethernet

NS: Multicast NS: Solicited Node Multicast
Ethernet IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement
Neighbor Solicitation and
Neighbor Advertisement
2001:DB8:CAFE:1::200/64 2001:DB8:CAFE:1::100/64
FF02::1:FF00:200 (Solicited Node Multicast)
MAC Address MAC Address
PC2 00-1B-24-04-A2-1E 00-21-9B-D9-C6-44 PC1
1
PC1> ping 2001:DB8:CAFE:1::200
4 3 Neighbor Cache 2 5
Neighbor Neighbor <empty until step 5>
Advertisement Solicitation
NS: Multicast NS: Solicited Node Multicast

Ethernet IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement
NA: Unicast NA: Unicast
ICMPv6 Duplicate Address
Detection (DAD)
Global Unicast - 2001:DB8:CAFE:1::200

PC2 Link-local - FE80::1111:2222:3333:4444
Neighbor Solicitation Hopefully no

Neighbor Advertisement
• Duplicate Address Detection (DAD) is used to guarantee that an IPv6 unicast

address is unique on the link.
• A device will send a Neighbor Solicitation for its own unicast address (static or
dynamic).
• After a period of time, if a NA is not received, then the address is deemed
unique.
• RFC was updated to where it is only recommended - /64 Interface ID makes
duplicates unlikely!
Neighbor Cache
Neighbor Solicitation Neighbor Advertisement
PC1
Neighbor Cache
2001:DB8:ACAD:1::10 0021.9bd9.c644 IPv6 - 2001:DB8:ACAD:1::10
?
MAC - 0021.9bd9.c644
• Neighbor Cache – Maps IPv6 addresses with Ethernet MAC addresses
• Similar to ARP Cache for IPv4
• 5 States (2 noticeable and 3 transitory):
• Reachable: Packets have recently been received providing confirmation that
this device is reachable.
• Stale: A certain time period has elapsed since a packet has been received from
this address.
• Transitory States: INCOMPLETE, DELAY, PROBE
Neighbor Cache
Windows
C:\> netsh interface ipv6 show neighbor
CONMUTACIÓN Y RUTEO I
Tema 11. OSPF v3

IPv4 and IPv6 Routing Protocols
Exterior
Gateway
Interior Gateway Protocols Protocols
Distance Vector Link State Path Vector
Distance Vector Routing Link State Routing Path Vector
Protocols Protocols
IPv4 RIPv2 EIGRP OSPFv2 IS-IS BGP-4
RIPng EIGRP for OSPFv3 * IS-IS for BGP-4 for
IPv6 IPv6 IPv6 IPv6 or
MP-BGP
* OSPFv3 supports routing both IPv4 and IPv6.
• The basic operations and algorithms you learned

about OSPFv2 for IPv4 also apply to OSPFv3 for
IPv6.
Comparing Flavors of OSPF
Traditional
OSPFv2 for IPv4 OSPFv3 for IPv6 OSPFv3 Address Families
OSPF version OSPFv2 OSPFv3 OSPFv3
Advertised IPv4 networks IPv6 prefixes IPv4 networks and IPv6 prefixes
routes
Link-state Yes Yes Yes
Metric Cost Cost Cost

Support Yes Yes Yes
multiple areas
Router-ID 32-bit 32-bit 32-bit
DR and BDR Yes Yes Yes

Comparing Flavors of OSPF
Traditional
OSPFv2 for IPv4 OSPFv3 for IPv6 OSPFv3 Address Families
Layer 3 IPv4 IPv6 IPv6
encapsulation
Source address IPv4 address IPv6 link-local address IPv6 link-local address
Destination - 224.0.0.5 FF02::5 FF02::5

All OSPF
Routers
Destination – 224.0.0.6 FF02::6 FF02::6
ALL DR/BDR
Destination - IPv4 address IPv6 link-local address IPv6 link-local address
Neighbor
IPv6 Unicast N/A (IP unicast Required Required (Even if only using
Routing routing default) IPv4 address family)
Authentication Plain text and MD5 IPsec IPsec
LSAs OSPFv3 renames two LSA types and defines two additional LSA types that do
not exist in OSPFv2.
OSPFv3 Header Comparison
Comparing OSPFv2 and
OSPFv3 LSAs
OSPFv2 LSAs OSPFv3 LSAs
Type Name LS Type Code Name
1 Router LSA 0x2001 Router LSA
2 Network LSA 0x2002 Network LSA
3 Network Summary LSA 0x2003 Inter-Area Prefix LSA
4 ASBR Summary LSA 0x2004 Inter-Area Router LSA
5 AS-External LSA 0x4005 AS-External LSA
6 Group Membership LSA 0x2006 Group Membership LSA
7 NSSA External LSA 0x2007 Type-7 LSA
0x2008 Link LSA
0x2009 Intra-Area Prefix LSA
Comparing OSPFv2 and
Traditional OSPFv3
OSPFv2 OSPFv2 IPv4 OSPFv2 OSPFv2 IPv4
Neighbor LSDB Routing Neighbor LSDB Routing

Table Table Table Table
IPv4 Network
R1 IPv6 Network
R2
OSPFv3 OSPFv3 IPv6 R2 OSPFv3 OSPFv3 IPv6
Neighbor LSDB Routing Neighbor LSDB Routing

Table Table Table Table
OSPFv3 Configuration
2001:DB8:CAFE:1::/64 Area 0
192.168.1.0/24
2001:DB8:77:: G0/0 2001:DB8:CAFE:2::/64 2001:DB8:CAFE:3::/64 2001:DB8:CAFE:4::/64
/64 FE80::1 :1/.1 FE80::2 FE80::3
S0/0/1 S0/0/0 S0/0/1
S0/0/0 S0/0/1 G0/0
:2/.2 :2/.2 :2/.2
ISP R1 :1/.1 R2 :1/.1 R3 :1/.1
192.168.77.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24
R1(config)# ipv6 route ::/0 2001:db8:77::1
R1(config)# ipv6 unicast-routing Required
R1(config)# ipv6 router ospf 2 OSPF process-id does not need to must match other routers
R1(config-rtr)# router-id 1.1.1.6 Uses same process as OSPFv2 for
R1(config-rtr)# passive-interface gig 0/0 determining the 32-bit router-id; required
R1(config-rtr)# default-information originate command if there is no IPv4 address
R1(config-rtr)# exit
R1(config)# interface gigabitethernet 0/0
R1(config-if)# ipv6 ospf 2 area 0
R1(config-if)# exit OSPF for IPv6 is enabled on the interface,
R1(config)# interface serial 0/0/0 no network command
2001:DB8:CAFE:1::/64 Area 0
192.168.1.0/24
/64 FE80::1 :1/.1 FE80::2 FE80::3
S0/0/1 S0/0/0 S0/0/1
S0/0/0 S0/0/1 G0/0
:2/.2 :2/.2 :2/.2
ISP R1 :1/.1 R2 :1/.1 R3 :1/.1
192.168.77.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24
R2(config)# ipv6 unicast-routing
R2(config)# ipv6 router ospf 2
R2(config-rtr)# router-id 2.2.2.6
R2(config)# interface serial 0/0/0
R2(config-if)# exit
*Aug 1 02:42:29.015: %OSPFv3-5-ADJCHG: Process 2, Nbr 1.1.1.6 on Serial0/0/0
from LOADING to FULL, Loading Done
R2(config-if)#
2001:DB8:CAFE:1::/64 Area 0
192.168.1.0/24
/64 FE80::1 :1/.1 FE80::2 FE80::3
S0/0/1 S0/0/0 S0/0/1
S0/0/0 S0/0/1 G0/0
:2/.2 :2/.2 :2/.2
ISP R1 :1/.1 R2 :1/.1 R3 :1/.1
192.168.77.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24
R3(config)# ipv6 router ospf 2
R3(config-rtr)# router-id 3.3.3.6
R3(config-rtr)# passive-interface gigabitethernet 0/0
*Jul 2 19:17:36.335: %OSPFv3-5-ADJCHG: Process 2, Nbr 2.2.2.6 on Serial0/0/1
from LOADING to FULL, Loading Done
R3(config-if)# exit
OSPFv3 Neighbor Adjacencies
2001:DB8:CAFE:1::/64 Area 0
192.168.1.0/24
/64 FE80::1 :1/.1 FE80::2 FE80::3
S0/0/1 S0/0/0 S0/0/1
S0/0/0 S0/0/1 G0/0
:2/.2 :2/.2 :2/.2
ISP R1 :1/.1 R2 :1/.1 R3 :1/.1
192.168.77.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24
R1# show ipv6 ospf neighbor
OSPFv3 Router with ID (1.1.1.6) (Process ID 2)
Neighbor ID Pri State Dead Time Interface ID Interface

2.2.2.6 0 FULL/ - 00:00:31 5 Serial0/0/0
R1# R2’s OSPFv3 32-bit router-id
OSPFv3 Routes
2001:DB8:CAFE:1::/64 Area 0
192.168.1.0/24
/64 FE80::1 :1/.1 FE80::2 FE80::3
S0/0/1 S0/0/0 S0/0/1
S0/0/0 S0/0/1 G0/0
:2/.2 :2/.2 :2/.2
ISP R1 :1/.1 R2 :1/.1 R3 :1/.1
192.168.77.0/24 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24
R3# show ipv6 route ospf

IPv6 Routing Table - default - 8 entries
<output omitted>
Default route originated by R1
OE2 ::/0 [110/1], tag 2
via FE80::2, Serial0/0/1
O 2001:DB8:CAFE:1::/64 [110/129]
O 2001:DB8:CAFE:2::/64 [110/128] Administrative distance of OSPF
and OSPF metric
R3# Link-local address of R2
Topology OSPFv3 Multivendor
Configure IPv6 address
Cisco Routers
Brocade Router
Juniper Router
Configure OSPFv3
Cisco Routers
Configure OSPFv3
Cisco Routers
Configure OSPFv3
Brocade Router
Configure OSPFv3
Juniper Router
Verify connectivity
OSPFv3 – IPv6 over IPv4
IPv6 tunneling over IPv4
Since IPv4 and IPv6 are not compatible with each other we
need some coexistence strategies. One technique that we can
use is tunneling. Basically it means that we encapsulate IPv6
packets into IPv4 packets (or the other way around) so that it
can be routed.
Configure IPv6 Address
Cisco Routers
Brocade Routers
Configure OSPFv3
Brocade Routers
Configure OSPFv3
Cisco Routers
Configure Tunnel 6to4
Cisco Routers
Configure OSPFv3 over
Tunnel 6to4 Cisco Routers
Configure OSPFv3 over
Tunnel 6to4 Cisco Routers
Verify Connectivity
6to4 Tunnel - Homework
Class 1.
Configuration of IPv4 Address
Multivendor Routers
CCNA – CCNP - CCSP 1
An IP Router …
 A device with more than one
link-layer interface (breaks
broadcast domains)
 Different IP addresses (from
different subnets) on different
interfaces
 Receives packets on one
interface, and forwards them
(usually out of another interface)
to get them one hop closer to
their destination
 Maintains forwarding tables
(FIB) and routing information
base (RIB)
Router Components
 Regardless of their function, vendor, size or complexity, all router
models are essentially computers and require:
 Operating systems (OS)
 Central processing units (CPU)
 Random-access memory (RAM)
 Read-only memory (ROM)
 Routers also have special memory

That includes Flash and nonvolatile
random-access memory (NVRAM).
Router Front
System Power LED System Activity LED

Solid green indicates the Blinks when packets are transmitted or
presence of power. received on any WAN or LAN interface.
Router Interfaces
 A router interface is a physical connector that enables a router to
send or receive packets
 Each interface connects to a separate network
 Consist of socket or jack found on the outside of a router
 Types of router interfaces:

 Ethernet
 FastEthernet
 Gigabit Ethernet (10 Gigabit, 40 Gigabit & 100 Gigabit)
 Serial (54 Mpbs)
 DSL
 Cable
 ISDN
Routers Market share
Ethernet Switch
Market share
Routers Core
Routers Core Capacity
Access Routers
NOS (Network Operating System)
The term network operating system is used to refer to a specialised operating
system for a network device such as a router, switch or firewall.
• JUNOS, used in routers and switches from Juniper Networks

• Cisco Internetwork Operating System (IOS)
• IPOS, used in routers from Ericsson
• TiMOS, used in routers from Alcatel-Lucent
• Versatile Routing Platform (VRP), used in routers from Huawei.
• RouterOS, software which turns a PC or MikroTik hardware into a dedicated
router
• ZyNOS, used in network devices made by ZyXEL.
• Extensible Operating System used in switches from Arista (EOS)
• ExtremeXOS (EXOS), used in network devices made by Extreme Networks
Multivendor NOS (Network
Operating System)
Networking Emulation Platform
GNS3
GNS3 is used by hundreds of thousands of network engineers worldwide to

emulate, configure, test and troubleshoot virtual and real networks. GNS3 allows
you to run a small topology consisting of only a few devices on your laptop, to
those that have many devices hosted on multiple servers or even hosted in the
cloud.
GNS3 supports the following operating systems:

•Windows 7 (64 bit)
•Windows Server 2012 (64 bit)
•Windows Server 2016 (64 bit)
•Mac OS X Mavericks (version 10.9) and later.
•Linux
GNS3 Device Support
More 120 APPLIANCES supported

GNS3 Virtualization Support
Lab. Routers Juniper, CISCO, Brocade
& Mikrotik with IPv4
Initial configuration Juniper Routers
1.Put the equipment in factory conditions

• Login: root
• Password:
• root@% cli
• root > request system zeroize
• root > configure
2. Set basics parameters (hostname, password root)
• login: root
• root@% cli
• root> configure
• root# set system host-name Juniper_1
• root# set system root-authentication plain-text-password
• root# commit
Configue IPv4 Address Juniper Routers
3. Configure ip address on em0, em1, em2 and em3 interfaces JunOS_1
root@Juniper_1# set interfaces em0 unit 0 family inet address 10.20.3.2 /24
root@Juniper_1# set interfaces em1 unit 0 family inet address 10.20.5.2/24
root@Juniper_1# commit
4. Show interfaces
configuration
5. Show configuration file

6. Configure ip address on, em0, em1, em2 and em3 interfaces JunOS_2
root@Juniper_1# set interfaces em0 unit 0 family inet address 10.20.10.2 /24
root@Juniper_1# commit
7. Show interfaces
configuration
8. Verify conectivity between routers

Configuration Cisco Routers
Configuration Brocade - Vyatta
Routers
Routers
Routers
Mikrotik Initial Configuration
Mikrotik - WebFig
WebFig is a web based RouterOS utility which allows you to monitor, configure
and troubleshoot the router. It is designed as an alternative of WinBox, both have
similar layouts and both have access to almost any feature of RouterOS.
Mikrotik – IP Address config
Mikrotik – Winbox Access
34
Verify the Routing Table
Juniper Router
192.168.10.0/24 10.1.1.0/24
Cisco Router
192.168.10.0/24
Brocade Router
192.168.10.0/24 10.1.1.0/24
Homework: Configure IPv4
Address HPE & Cisco IOSxr
192.168.10.0/24 10.1.1.0/24
Tema 8. RIPng

1
RIPng Topology
2001:DB8:CAFE:2::/64
Enabling RIPng on the
Cisco_1
2001:DB8:CAFE:2::/64
Cisco_1(config)# ipv6 unicast-routing

Cisco_1(config)# ipv6 router rip ESPOCH
Cisco_1(config)# exit
Cisco_1(config)# interface ethernet0/0
Cisco_1(config)# ipv6 address 2001:1:A:3::1/64
Cisco_1(config-if)# ipv6 rip ESPOCH enable
Cisco_1(config-if)# exit
Cisco_2
2001:DB8:CAFE:2::/64

Cisco_3
2001:DB8:CAFE:2::/64

Brocade_1
2001:DB8:CAFE:2::/64
Brocade_2
2001:DB8:CAFE:2::/64
Enabling IPv6 on
2001:DB8:CAFE:2::/64
MKTK_1
MKTK_1
2001:DB8:CAFE:2::/64
MKTK_1
2001:DB8:CAFE:2::/64
MKTK_1
2001:DB8:CAFE:2::/64
Verify Routing Table on
MKTK_1
2001:DB8:CAFE:2::/64
MKTK_2
2001:DB8:CAFE:2::/64
MKTK_2
2001:DB8:CAFE:2::/64
Verify Routing Table on
MKTK_2
2001:DB8:CAFE:2::/64
Verifying RIPng Routing
Table on Cisco_3
Verifying RIPng Routing
Table on Brocade_2
Verify Connectivity
MKTK_2  Cisco_3
Verify Connectivity
Ubuntu_1  Ubuntu_4
RIPng& Default Route
Configure IPv6 Address &
RIPng R1
RIPng R2
RIPng R3
RIPng Brocade-1&2
Check connectivity
Redistribute Default Route
R1
Static Route ISP
Homework
RIPng& Default Route
Tema 3. Configuration of
IPV6 Address
1
Lab. Routers Juniper, CISCO & Brocade
with IPv6
1. Configure ip address on Loopback0, e0 and e1 interfaces JunOS_1
root@JunOS_1# set interfaces lo0 unit 100 family inet6 address feee::10:10:10:1/128
root@JunOS_1# set interfaces em0 unit 0 family inet6 address 2001:1:2:2::1/64
root@JunOS_1# commit
2. Show interfaces
configuration
3. Verify Routing Table

Configue IPv6 Address CISCO Routers
Configue IPv6 Address Brocade
Routers
Configue IPv6 Address Brocade
Routers
Enabling IPv6 on
2001:DB8:CAFE:2::/64
Mikrotik
Enabling IPv6 on
2001:DB8:CAFE:2::/64
Mikrotik
Homework: Configure IPv6
Address HPE & Cisco IOSxr
192.168.10.0/24 10.1.1.0/24
RUTEO Y CONMUTACION I
Tema 4.
IP Routing
1
What is a Router?
Leonard Kleinrock and the first IMP.
 A router is a specialized computer!

 It sends packets over the data network.
 It is responsible for interconnecting networks by selecting the best path

for a packet to travel and forwarding packets to their destination
 The first router (ARPANET):
 IMP (Interface Message Processor, 50Kbps)
 Honeywell 516 minicomputer
 August 30, 1969

What is a Router?
 The three different routers classes are:
 Access routers:
These allow homes and small businesses to

connect to the internet service provider
 Enterprise routers:
They link tens and thousands of computers

within a campus or an enterprise
 Backbone routers:
They link together ISP’s and enterprise

networks with a long-distance trunks.
Access Routers
Enterprise Routers
Backbone Routers
Google Cloud Router
Google Cloud Router enables you to dynamically exchange routes
between your Virtual Private Cloud (VPC) and on-premises networks
by using Border Gateway Protocol (BGP)
Capacity of Router
Capacity of Router = N x R (measured by packets per second)
N = number of line cards (Typically 8 - 32 per chassis)

R = line-rate (1Gb/s, 2.5Gb/s, 10Gb/s, 40Gb/s, 100Gb/s)
Line Card Components
Routers Planes
Control plane: run routing protocols (RIP, OSPF, BGP)
Data plane: forwarding packets from incoming to outgoing link

Router Architecture
Input port functions
physical layer:
bit-level reception
decentralized switching:
data link layer:
e.g., Ethernet  given datagram dest., lookup output
port using forwarding table in input
port memory
 goal: complete input port processing
at ‘line speed’
 queuing: if datagrams arrive faster
than forwarding rate into switch fabric
Switching Fabric
The switching fabric is at the heart of a router.
Through it the packets are actually moved from
an input port to an output port.
Switching Fabric Functions
• Transfer packet from input buffer to appropriate output
buffer
• Switching rate: rate at which packets can be transfer from
inputs to outputs
• often measured as multiple of input/output line rate
• N inputs: switching rate N times line rate desirable
• Three types of switching fabrics

Switching Fabric
Switching Fabric
via Memory
• The input port receives the
packets.
• The packet was copied from the
input port into memory of the
routing processor (on the input
port).
• The routing processor extracted
the destination address from the
header, looked up the appropriate
output port in the routing table, and
copied the packet to the output
port's buffers.
Ex. Cisco Catalyst 8500

April 1998
Switching Fabric
via Bus
• The input ports transfer a packet
directly to the output port over a
shared bus, without intervention
by the routing processor.
• But only one packet at a time can

be transferred over the bus.
• A packet arriving at an input port

(and finding the bus busy with the
transfer of another packet) is June 2009
blocked from passing through the
switching fabric and is queued at
the input port
Switching Fabric
via Crossbar
• One way to overcome the
bandwidth limitation of a single,
shared bus is to use a crossbar.
• A crossbar switch is an
interconnection network
consisting of 2N busses that
connect N input ports to N output
ports.
• A packet arriving at an input port
travels along the horizontal bus
attached to the input port until it
intersects with the vertical bus
leading to the desired output
port.
Routing Processor
• Routing Processing is the “Routing Table Lookup” for

search through the routing table, looking for a destination
entry that best matches the destination network address of
the packet, or a default route if the destination entry is
missing.
• The most important complicating factor is that backbone

routers must operate at high speeds, being capable of
performing millions of lookups per second, so we have
several algorithms to accomplish that, like:
• Tire based Algorithm,
• Multibit Tire Algorithm,
• Compressed Tries,
• Binary Search.
Output Ports
 Buffering required when datagrams arrive

from fabric faster than the transmission rate
 Queuing: Scheduling discipline chooses
among queued datagrams for transmission
CPE 401/601 Lecture 11 : 20

Router Architectures
How much buffering?
 RFC 3439 rule of thumb:
Source Router Destination

C
2T
 A router needs a buffer size: B  2T  C
 2T is the two-way propagation delay (or just 250ms)
 C is capacity of bottleneck link
 e.g., C = 10 Gps link:
 2.5 Gbit buffer
 Recent recommendation:
 with N flows(Typical backbone link has > 20,000
flows),buffering equal to
RTT. C
CPE 401/601 Lecture 11 : 21

N
Router Architectures
Router
Input Links Switch Output Links
a a
b b
c c
Processor
Forwarding Table
Prefix Output Link
f 0 a f
00 b
01 c
1 d
10 e
1100 f
1101 g
1110 h
i 1111 i i
Router
Prefix Output Link

0 a
00 b
01 c
1 d
10 e
1100 f
1101 g
1110 h Compressed
1111 i 1-Bit Trie Algorithm
Multi-Bit Trie Algorithm (VST)
Example: 00 P5
01 P4
Prefixes: 10 P1
P1 : 10*
11 P2
P2 : 11*
000
P3 : 11001* 00000 P6
P4 : 1* 001 P3
00001
P5 : 0* 010
P6 : 1000000* 00010 011
00011
:
100
:
11111 101
Assume that the stride for the root of some tree is 2; 110
And that for the root’s left child is 5; 111
And that for the root’s right child is 3.
Router
a 1100 a
b b
c c
Processor
1100
Forwarding Table
f f Prefix
0
00
01
Output Link
a
b
c
f
Compressed 1 d
1-Bit Trie Algorithm 10 e
1100 f
1101 g
1110 h
i 1111 i i
Router
a 1100 a
b b
c c
Processor
Forwarding Table
Prefix Output Link
f 0 a f
00 b
01 c
1 d
10 e
Centralized 1100 f
1101 g
Switching 1110 h
i 1111 i i
Router
a a
b b
c c
Processor
Forwarding Table
Prefix Output Link
f 00 0 a f
00 b
01 c
1 d
10 e
Decentralized 1100 f
1101 g
Switching 1110 h
i 1111 i i
Forwarding
Forwarding means to place the packet in its route to its
destination. Forwarding requires a host or a router to have a
routing table. When a host has a packet to send or when a
router has received a packet to be forwarded, it looks at this
table to find the route to the final destination.
Techniques for
Forwarding Packets
 Source Routing
 Packet carries path
 Table of virtual circuits
 Connection routed through network to setup
state
 Packets forwarded using connection state
 Table of global addresses (IP)
 Routers keep next hop for destination
 Packets carry destination address
Source Routing
 List entire path in packet
 Driving directions
 Router processing, one option

 Examine first step in directions
 Strip first step from packet
 Forward to step just stripped off
 IPv4
 LSSR – Lose Source Routing options
 SSR – Strict Source Routing options
 IPv6
 RH0 – Type 0 Routing Header extension
Virtual Circuits/Tag
Switching
 Use the telephone model virtual circuits
 Each flow is identified by a Virtual Circuits Identifier (VCI).
 Connection setup phase, Signaling
 Use other means to route setup request
 Each router allocates flow ID on local link
 Creates mapping of inbound flow ID/port to outbound flow
ID/port
 Each packet carries connection ID
 Sent from source with 1
st hop connection ID
 Router processing
 Lookup flow ID – simple table lookup
 Replace flow ID with outgoing flow ID
 Forward to output port

Virtual Circuits
Example
In-port In-VCI Out-port Out-VCI
Lookup table for 1 5 3 7
Switch R1 4 11 0 8
Packet 5 7
2 2
Sender R1 R2 1,7  4,2

1 3 1 3
4 4
1,5  3,7 2
2
1
R3 Receiver
3
4 6
2,2  3,6
Forwarding with
Classfull Address
Forwarding with
Classless Address
IP Routing
 IP routing is also called IP forwarding

 It is the process use by routers to send
packets at the network layer.
 IP routing protocols refers to the protocols
the routers use to implement the routing
tables
IP Routing
IP Routing
 Criteria that could (ideally) be used to make routing
decisions:
 Network characteristics
 Network topology
 Network load
 Datagram length
 Type of service requested in the datagram’s header
 IP routing software:
 Normally does not consider most of these factors
 Makes decisions based on fixed assumptions about
shortest paths
Processing of an IP
packet/datagram
IP router: IP forwarding enabled

Host: IP forwarding disabled
Processing of an IP
packet/datagram
 Processing of IP datagrams is very similar on an IP
router and a host
 Main difference:
“IP forwarding” is enabled on router and
disabled on host
 IP forwarding enabled
 if a datagram is received, but it is not for the local
system, the datagram will be sent to a different
system
 IP forwarding disabled
 if a datagram is received, but it is not for the local
system, the datagram will be dropped
Processing of an IP
datagram at a router
Receive an 1. IP header validation
IP datagram
2. Process options in IP header
3. Parsing the destination IP address
4. Routing table lookup
5. Decrement TTL
6. Perform fragmentation (if
necessary)
7. Calculate checksum
8. Transmit to next hop
9. Send ICMP packet (if necessary)
Routing tables
 Each router and each host keeps a routing table which tells the
router where to forward an outgoing packet
 Main columns:
1. Destination address: where is the IP datagram going to?
2. Next hop: how to send the IP datagram?
3. Interface: what is the output port?
 Next hop and interface column can often be summarized as one
column
Destination Next interface
Hop
Routing table of a host or router 10.1.0.0/24 direct eth0
IP datagrams can be directly delivered 10.1.2.0/24 direct eth0
(“direct”) or is sent to a router (“R4”) 10.2.1.0/24 R4 serial0
10.3.1.0/24 direct eth1
20.1.0.0/16 R4 eth0
20.2.1.0/28 R4 eth0
Type of routing table
entries
 Network route
 Destination addresses is a network address (e.g., 10.0.2.0/24)
 Most entries are network routes
 Host route
 Destination address is an interface address (e.g., 10.0.1.2/32)
 Used to specify a separate route for certain hosts
 Default route
 Used when no network or host route matches
 The router that is listed as the next hop of the default route is the
default gateway.
 Loopback address
 Routing table for the loopback address (127.0.0.1)
 The next hop lists the loopback (lo0) interface as outgoing

interface
42
Forwarding Table/FIB
 Forwarding table determines how packets are sent
through the router
 Often called the FIB – Forwarding Information
Base
 Made from routing table built by routing protocols
 Best routes from routing tables are installed
 Performs the lookup to find next-hop and outgoing

interface
 Switches the packet with new encapsulation as per
the outgoing interface
Forwarding Table
nancy@sluggo.lab> show route forwarding-table
Internet:
Destination Type RtRef Nexthop Type Index NhRef Netif
10.100.71.0/24 user 0 10.100.67.254 ucst 18 74212 GigE0.0
10.100.71.224/27 user 2 10.100.67.254 ucst 18 74212 GigE0.0
10.250.1.36/30 intf 0 ff.3.0.21 ucst 27 1 so-2/0/0.0
10.250.1.37/32 intf 0 10.250.1.37 locl 26 1
10.250.1.103/32 dest 0 10.250.1.103 bcst 37 1 ge-7/2/0.0
---(more)---
Routing Tables Feed the
Forwarding Table
Routing Information Base (RIB)

Forwarding Information Base (FIB)
BGP 4 Routing Table
OSPF – Link State Database
Connected Routes
Static Routes
Routing table lookup:
Longest Prefix Match
Longest Prefix Match: Search for the 128.143.71.21
routing table entry that
= has the longest
match with the prefix of the destination IP
address
Destination addressNext hop
10.0.0.0/8 R1
1. Search for a match on all 32 bits 128.143.0.0/16 R2
2. Search for a match for 31 bits 128.143.64.0/20 R3
128.143.192.0/20 R3
….. 128.143.71.0/24 R4
32. Search for a match on 0 bits 128.143.71.55/32 R3
0.0.0.0/0 (default) R5
Host route, loopback entry The longest prefix match for

 32-bit prefix match 128.143.71.21 is for 24 bits
Default route is represented as 0.0.0.0/0 with entry 128.143.71.0/24
 0-bit prefix match
Packet will be sent to R4
Route Aggregation
 Longest prefix match algorithm permits to
aggregate prefixes with identical next hop
address to a single entry
 This contributes significantly to reducing the size
of routing tables of Internet routers
Destination Next Hop Destination Next Hop
10.1.0.0/24 R3 10.1.0.0/24 R3
10.1.2.0/24 direct 10.1.2.0/24 direct
10.2.1.0/24 direct 10.2.1.0/24 direct
10.3.1.0/24 R3 10.3.1.0/24 R3
20.2.0.0/16 R2 20.0.0.0/8 R2
20.1.1.0/28 R2
How do routing tables
get updated?
 Adding an interface:
 Configuring an interface eth2 with
Destination Next Hop/
10.0.2.3/24 adds a routing table interface
entry: 10.0.2.0/24 eth2
 Adding a default gateway:

 Configuring 10.0.2.1 as the Destination Next Hop/
default gateway adds the entry: interface
0.0.0.0/0 10.0.2.1
 Static configuration of network
routes or host routes
 Update of routing tables through

routing protocols
 ICMP messages
Routing table
manipulations with ICMP
 When a router detects that an IP
datagram should have gone to a
different router, the router (here R1)
 forwards the IP datagram to
the correct router (R2)
 sends an ICMP redirect
message to the host
 Host uses ICMP message to update
its routing table
Routing Component
 Three important routing elements :
 algorithm
 database
 protocol
 Algorithm : can be differentiate based on

several key characteristics
 Database : table in routers or routing table
 Protocol: the way information for routing to
be gathered and distributed
Routing Protocols
 Routing protocol : protocol to exchange of

information between routers about the
current state of the network.
 Routing protocol jobs

 create routing table entries
 keep routing table up-to-date
 compute the best choice for the next hop
router
Routing Metrics
 How do we decide that one route is better
than another?
 Solution : using a metric as a measurement
to compare routes
 Metrics may be: distance, throughput,
delay, error rate, and cost.
 Today, IP supports Delay, Throughput,
Reliability and Cost (DTRC).
 Routing Protocol determine the best path
based on the route with the lowest cost.
Hop Count = Distance
 A hop is defined as a passage through
one router
2 hops
1 hop 1 hop
R1 R2
1 hop 1 hop
R3
Routing Algorithm Types
 Unicast vs Multicast
 Static vs Dynamic
 Source routing vs Hop-by-hop
 Distance vector vs Link state
54
Routing Algorithm:
Unicast
In unicasting, the router forwards the received
packet through only one of its interfaces (1
source  1 destination)
Routing Algorithm:
Multicast
In multicasting, the router may forward the
received packet through several of its interfaces
Routing Algorithm:
Static Route
 Manually configuration routing table
 Can’t react dynamically to network change such as router’s
crash
 Work well with small network or simple topology
 Unix hosts use command route to add an entry
 Cisco Router use command ip route to add an entry
 Juniper Routers use command set routing-options static route
to add entry.
point to point
connection
route to this
way only, no need
for update
Routing Algorithm:
Static Route Linux
Routing Algorithm:
Dynamic Route
 Network protocol adjusts automatically for topology
or traffic changes
 Routing protocol maintains and distributes routing

information
Routing Routing Routing Routing
Protocol Table Table Protocol
Update Routing Information

Routing Algorithm:
Source Routing
 Route specified by
source
Types
 Strict Source and Record
Route (SSRR)
 Loose Source and Record
Route (LSRR)
Centralized vs. Distributed
Routing Algorithms
Centralized:
 A centralized route server collects routing
information and network topology, makes route
selection decisions, then distributes them to routers
Distributed:
 Routers cooperate using a distributed protocol
 to create mutually consistent routing tables
 Two standard distributed routing algorithms

 Link State (LS) routing
 Distance Vector (DV) routing

Distance vector (DV)
Algorithm
 Each router has unique ID
 Each router knows cost of its outgoing links
 Router starts with distance vector “0” for itself, and
“infinity” for all other destinations
 Transmits DV to each neighbor -- periodically or upon
change
 Saves the most recently received DV from each neighbor
 Calculates new DV based on minimizing cost for each
destination
 Recalculations occur when:
 DV with new values received from a neighbor
 Link(s) fails
Operation of Distance
Vector Routing (1)
From A Link Cost From B Link Cost
A local 0 B local 0
Letters represent
Node names
A B
1
A=0 2 From C Link Cost

C local
C 0
3 4
Numbers on links represent
link identifiers (not cost)
5
6
From D Link Cost D E From E Link Cost
D local 0 E local 0
Vector Routing (2)
A local 0 B local 0
A 1 1
B=0, A=1
A B
1
2 From C Link Cost

C local
C 0
3 4
D=0, A=1
6
D local 0 E local 0
A 3 1
Vector Routing (3)
A local 0 B local 0
B 1 1 A 1 1
D 3 1 A=0, B=1, D=1
A B
1
C=0, B=1, A=2
2 From C Link Cost
C local
C 0
B 2 1
3 4 A 2 2
6
D local 0 E local 0
E=0, B=1, A=2,
A 3 1 D=1 B 4 1
A 4 2
D 6 1
Vector Routing (4)
A local 0 B local 0
B 1 1 A 1 1
D 3 1 B=0, A=1, D=2, D 1 2
C=1, E=1 C 2 1
A B E 5 1
1
2 From C Link Cost

C local
C 0
B 2 1
3 4 A 2 2
D=0, A=1, B=2
E=1
5
6
D local 0 E local 0
E=0, B=1, A=2,
A 3 1 D=1, C=1 B 4 1
B 3 2 A 4 2
E 6 1 D 6 1
C 5 1
Vector Routing (5)
A local 0 B local 0
B 1 1 A 1 1
D 3 1 D 1 2
C 1 2 C 2 1
E 1 2 A B E 5 1
1
These do not alter 2 From C Link Cost
routing tables further C
C local 0
Thus, no new 3 4
B 2 1
A 2 2
updates generated E 5 1
D 5 2
5
6
D local 0 E local 0
A 3 1 B 4 1
B 3 2 A 4 2
E 6 1 D 6 1
C 6 2 C 5 1
DV routing has now converged

Drawbacks of
Distance-vector Routing
 Slow convergence after topology change
 “Counting to infinity” problem:
 Loop exists
 DVs do not converge till the link costs reach “infinity ”
 Problematic convergence with unequal link
costs
 Bouncing effect:
 The bouncing effect" is produced by a link failure, and temporal
inconsistent routing tables in some nodes of the network caused
by the link failure and a wrong order of the distance vector
message delivery.
 Data packets circulate in the loop till time-to-live (TTL) expires
Drawbacks of Distance Vector
Routing: Counting to “Infinity” (1)
From A Link Cost

A’s stable routing table
A local 0
B 3 3
after link 1 fails
D 3 1
C 3 3
E 3 2 A B
1
A=0, B=3, D=1, 2

C=3, E=2 C
A transmits its last
3 4
DV before D does
Link 6 fails 5
6
From D Link Cost D E
D local 0
A 3 1 D’s routing table
B 6 inf immediately
E 6 inf
C 6 inf after link 6 fails
From A Link Cost
A local 0
B 3 3
D 3 1
C 3 3
E 3 2 A B
1
D transmits its 2
C
updated DV
D=0, A=1, B=4, 3 4
E=3, C=4
6
D local 0
A 3 1
B 3 4
E 3 3
C 3 4 D updates its routing table
From A Link Cost

Then A updates its routing table
A local 0
B 3 5
D 3 1
A=0, B=5, D=1,
C 3 5
C=5, E=4
E 3 4 A B
1
A transmits its 2
C
updated DV
3 4
6
D local 0
A 3 1
B
E
3
3
4
3
We are in an
C 3 4
infinite loop!
Routing: Bouncing Effect (1)
A local 0 All links except 5 have unit B local 0

B 1 1 cost, link 5 cost = 10 A 1 1
C 1 2 C 2 1
D 3 1 D 1 2
E 3 2 A B E 4 1
1
2
C
Routes towards C
3 4 From Link Cost
AC 1 2
BC 1 1
5 CC local 0
DC 3 3
6 EC 4 2
D local 0 E local 0
A 3 1 A 5 2
B 3 2 B 4 1
C 3 3 C 4 2
E 6 1 D 6 1
All links except 5 have
From A Link Cost unit cost, link 5 cost = 10 From B Link Cost
B’s routing table
A local 0 B local 0 immediately after
B 1 1 A 1 1
C 1 2 C 2 inf link 2 fails
D 3 1 D 1 2
E 3 2 A B E 4 1
1
Link 2 fails
A=0, B=1, C=2, 2
D=1,E=2 C
Routes towards C
A transmits its DV 3 4 From Link Cost
before B does AC 1 2
BC 2 inf
5 CC local 0
DC 3 3
6 EC 4 2
D local 0 E local 0 Routes towards C

A 3 1 A 6 2 immediately after
B 3 2 B 4 1 B’s update of its
C 3 3 C 4 2
D 6 1
routing table
E 6 1
All links except 5 have unit
From A Link Cost cost, link 5 cost = 10 From B Link Cost However, B
local
updates its routing
A local 0 B 0
B transmits its new DV A 1 1 table based on DV
B 1 1
C 1 2 B=0, A=1, C=3, C 1 3 from A (causing the
D 3 1 D=1,E=1 D 1 2
E 4 1
route towards C to
E 3 2 A B
1 change also)
2
C
Routes towards C
3 4 From Link Cost
AC 1 2
BC 1 3
A’s DV produces 5 CC local 0
no change at D DC 3 3
6 EC 4 2
D local 0 E local 0
A 3 1 A 6 2
B 3 2 B 4 1
C 3 3 C 4 2
E 6 1 D 6 1
All links except 5 have unit
From A Link Cost cost, link 5 cost = 10 From B Link Cost
A local 0 B local 0
B 1 1 A 1 1
C 1 4 C 1 3
D 3 1 D 1 2
E 3 2 A B E 4 1
1
Further DV exchanges 2
produce no change in C
Routes towards C
routing tables! Both 3 4 From Link Cost
routing and distances AC 1 4
have (temporarily) Loop! BC 1 3
stabilized 5 CC local 0
DC 3 3
6 EC 4 4
D local 0 E local 0
A 3 1 A 6 2
B 3 2 B 4 1
C 3 3 C 4 4
E 6 1 D 6 1
Packets for C can now “bounce” between A and B

Some Solutions for Problems in
Distance Vector Routing
 Split Horizon: If A routes packets for X via B, it
should not announce to B that X is a short distance
from A! A B X
 Simple: Omit from DV any info about

destinations routed on the link
 “Poisonous reverse”: Set distance of
destination routed on the link to infinity(16)
 Triggered Updates: transmit updates as soon
as routing table changes, don’t wait for end of update
period
Routing Protocols: Link
State (LS) Routing
Each router:
 Identifies itself to all its neighbors
 Constructs a link state packet (LSP) with:
 Names of each neighbor
 Cost of link to each neighbor
 Floods its LSP in the network
 Stores most recent copy of LSP from every other
router
 Using LSPs constructs a full map of network
topology, and computes shortest route(s) to each
destination (using an appropriate shortest path
algorithm, such as Dijkstra’s)
Shortest Path First (SPF)
Algorithm
Distance Vector Link-State
 Link-state routing protocols (a.k.a. shortest

path first protocols) are based on Edsger
Dijkstra’s shortest path first (SPF)
algorithm.
Shortest Path First (SPF)
Algorithm
 Shortest path from R2 to the R3 LAN:
 R2 to R1: 20
Each router calculates the SPF
 R1 to R3: 5 algorithm and determines the
 R3 - R3 LAN: 2 cost from its own perspective.
Cost: 27
R1 SPF Tree
80
R2 SPF Tree
81
R3 SPF Tree
82
R4 SPF Tree
83
R5 SPF Tree
84
Link-State Routing Process
1. Each router learns about its own links, its own directly connected networks.
(Interface is “up”)
2. Each router is responsible for meeting its neighbors on directly connected
networks. (OSPF Hello packets)
3. Each router builds a link-state packet (LSP) containing the state of each
directly connected link. (neighbor ID, link type, and bandwidth)
4. Each router floods the LSP to all neighbors, who then store all LSPs
received in a database.
 Neighbors then flood the LSPs to their neighbors until all routers in the
area have received the LSPs.
5. Each router uses the database to construct a complete map of the topology
and computes the best path to each destination network.
 The SPF algorithm is used to construct the map of the topology and to
determine the best path to each network. (Road map)
 All routers will have a common map or tree of the topology, but each
router will independently determine the best path to each network within
that topology.
Step 1: Learning About
Directly Connected
Networks
 Step 1: Each router learns about its own links, its own directly
connected networks.
 Interface configured with an IP address/subnet mask.
 Directly connected networks are now part of the routing table
 Regardless of the routing protocols used.

 A link is an interface on a router.
 For the link participate in the link-state routing process, it must be:
 In the up state.
 Included in the routing protocol

Link 2
• Network: 10.2.0.0/16
• IP address: 10.2.0.1
• Type of network: Serial
• Cost of that link: 20
• Neighbors: R2
Link 1
• Network: 10.1.0.0/16
• IP address: 10.1.0.1 Link 3
• Type of network: Ethernet • Network: 10.3.0.0/16
• Cost of that link: 2 • IP address: 10.3.0.1
• Neighbors: None • Type of network: Serial
• Neighbors: R3
Link 4
• Network: 10.4.0.0/16
 Link states - Information about the state of a • IP address: 10.4.0.1
router’s links • Type of network: Serial
 This information includes interface’s: • Neighbors: R4
 IP address/mask
 Type of network
 Ethernet (broadcast) or serial point-to-point
link
 Cost of that link
 Any neighbor routers on that link
Step 1
Initially:
 Router unaware of any neighbor routers on the
link.
 Learns of neighbor when receives a Hello
packet from the adjacent neighbor.
Hello, I’m
R2
Hello, I’m R1
Hello, I’m
Step 2: R3
Sending Hello
Packets to
Neighbors Hello, I’m
R4
 Step 2: Each router is responsible for meeting its neighbors on directly

connected networks.
 Use a Hello protocol to discover any neighbors on their links.
 A neighbor is any other router that is enabled with the same link-state
routing protocol.
Hello, I’m R2 &
still here
Hello, I’m R1
& still here
Step 2: Sending
Hello, I’m R3 &
Hello Packets to still here
Neighbors
Whatever happened to the

Hellos from R4?
Hello packets
 “Keepalive” function
 Stops receiving Hello packets from a neighbor, that
neighbor is considered unreachable and the
adjacency is broken.
Step 3: Building
the Link-State
Packet
 Step 3: Each router builds a link-state

packet (LSP) containing the state of each
directly connected link.
Step 3: Building
the Link-State
Packet
 After established its adjacencies

 Builds its LSPs
 Link-state information about its links.
 Sends LSPs out interfaces where it has established adjacencies with
other routers.
 R1 not sent LSPs out its Ethernet interface.
Step 4: Flooding Link-State
Packets to Neighbors
 Step 4: Each router floods the LSP to all neighbors, who then store all
LSPs received in a database.
 Each router floods its link-state information to all other link-state routers.
 When a router receives an LSP from a neighboring router, sends that
LSP out all other interfaces, except the interface that received the LSP.
 Flooding effect of LSPs throughout the routing area.
 Link-state routing protocols calculate the SPF algorithm after the flooding is
complete.
Step 4: Flooding Link-State
Packets to Neighbors
 An LSP needs to be sent only:

 During initial startup of the router or of the routing protocol process on
that router
 Whenever there is a change in the topology,
 link going down
 link coming up
 neighbor adjacency being established
 neighbor adjacency being broken
Link State Database for R1
Step 5:
Constructing a
Link-State
Database
 Step 5 (Final Step):
Each router uses the
database to construct a
complete map of the
topology and computes
the best path to each
destination network.
 After propagation of LSPs

 Each router will then have an LSP from every link-state router.
 LSPs stored in the link-state database.

Running SPF
Algorithm
 Each router in the routing area can now use the SPF
algorithm to construct the SPF trees that you saw earlier.
Step 5: Constructing a
Link-State Database
SPF Tree for R1
 With a complete link-state database, R1 can use shortest path

first (SPF) algorithm to calculate shortest path to each
network.
 SPF algorithm results in an SPF tree.
Building the Shortest Path First
Link State Database for R1
(SPF) Tree
 At first, the tree (topology) only includes its directly

connected neighbors.
 Using the link-state information from all other
routers, R1 can now begin to construct an SPF tree
of the network with itself at the root of the tree.
R1 Processes the LSPs from R2
Red: New
information
for tree.
 The SPF algorithm begins by processing the following LSP information

from R2:
 Connected to neighbor R1 on network 10.2.0.0/16, cost of 20
 Has a network 10.5.0.0/16, cost of 2

Red: New
information
for tree.
 The SPF algorithm begins by processing the following LSP information from R3:
Red: New
information
for tree.
Red: New
information
for tree.
SPF Tree
 R1 has now constructed

the complete SPF tree.
Determining the
Shortest Path
 Using the SPF tree, SPF algorithm results in the shortest path
to each network.
 Note: Only the LANs are shown in the table, but SPF can
also be used to determine the shortest path to each WAN

link network.
Network 10.5.0.0/16
via R2 Serial 0/0/0 2
at a cost of 22
20
Determining the
Shortest Path
Determining the
Shortest Path
2
5
Network 10.6.0.0/16 via R3 Serial 0/0/1

at a cost of 7
Determining the
Shortest Path
5
10
Network 10.7.0.0/16 via

R3 Serial 0/0/1 at a
cost of 15
Determining the
Shortest Path
5
10
Network 10.8.0.0/16 via 2

cost of 17
108
Network 10.9.0.0/16
via R2 Serial 0/0/0
at a cost of 30
10
Determining the 20
Shortest Path
109
Determining the
Shortest Path
5
10
10
Network 10.10.0.0/16
via R3 Serial 0/0/1
at a cost of 25
110
Network 10.11.0.0/16 via
Determining the cost of 27
Shortest Path
5 2
10
10
111
Determining the
Shortest Path
 Each router constructs its own SPF tree independently from

all other routers.
 Link-state databases must be identical on all routers.
Generating a Routing Table from
the SPF Tree
SPF Tree for R1
 These paths listed previously can now be added to the routing table.
 The routing table will also include
 Directly connected networks
 Routes from any other sources, such as static routes.
 Packets will now be forwarded according to these entries in the routing
table.
Advantages of Link-State
Routing Protocols
• LS routing protocols exchange link-states, and can therefore use the
Builds a SPF algorithm to build an SPF tree of the network.
Topological Map • Using the SPF tree, each router can determine the shortest path to
every network.
• When receiving an LSP, LS protocols immediately flood the LSP out all
interfaces except for the interface from which the LSP was received.
Fast Convergence • In contrast, RIP processes each message, updates the routing table,
then flood to the next neighbour.
• After the initial flooding of LSPs, link-state routing protocols only send
Event-driven
out an LSP when there is a change in the topology.
Updates • The LSP contains only the information regarding the affected link.
• Link-state routing protocols use the concept of areas to enable a

Hierarchical Design hierarchical design to networks, allowing for better route aggregation
(summarization) and the isolation of routing issues within an area.
Disadvantages of Link-State
Routing Protocols
Memory • Link-state protocols require additional memory to create and maintain

Requirements the link-state database and SPF tree.
• Link-state protocols can also require more CPU processing than

distance vector routing protocols.
Processing
• The SPF algorithm requires more CPU time than distance vector
Requirements algorithms such as Bellman-Ford, because link-state protocols build a
complete map of the topology.
• The flooding of link-state packets can adversely affect the available

Bandwidth bandwidth on a network.
Requirements • This should only occur during initial startup of routers, but can also be an
issue on unstable networks.
Tema 6. Static Routing

with IPV6
1
Enabling IPv6 Unicast
Routing on Cisco_1
The ipv6 unicast-
routing global configuration
command must be configured
to enable the CISCO router to
forward IPv6 packets and
participate static/dynamic IPv6
routing.

Cisco_1(config)#
Cisco_1
Brocade_1
Brocade_2
JunOS_R1
set interfaces em0 unit 0 family inet6 address 2001:ACDC:1212:2::2/64

set interfaces em1 unit 0 family inet6 address 2001:ACDC:1212:6::1/64
Verify Connectivity
Configure IPv6 Static Routes
on Cisco_1
on Brocade_1
set protocols static route6 2001:acdc:1212:6::/64 next-hop 2001:acdc:4::2
commit
on Brocade_2
commit
on Brocade_2
set routing-options rib inet6.0 static route 2001:acdc:1212:3::/64 next-hop 2001:acdc:4::1
set routing-options rib inet6.0 static route 2001:acdc:1212:5::/64 next-hop 2001:acdc:4::1
commit
Configure IPv6 Parameters
on PC’s
PC1
PC2
Verify Connectivity
Homework # 1
Homework # 2
Tema 5. Static Routing

With IPv4
1
Static Routing
Static routing is a form of routing that occurs when a router uses a
manually-configured routing entry, rather than information from a
dynamic routing traffic. Static routes are manually configured by
a network administrator by adding in entries into a routing table.
Static Routing Features
 More secure since they are not advertised over the network.
 More efficient since they use less bandwidth than dynamic routing
protocols.
 No CPU cycles are used to calculate and communicate routes.
 Predictable as the path a static route uses to send data always the same.
Static Routing
Disadvantages
 Initial configuration and
maintenance is time-
consuming.
 Configuration is error-
prone, especially in large
networks.
 Administrator
intervention is required
to maintain changing
route information.
 Does not scale well with
growing networks;
maintenance becomes
cumbersome.
 Requires complete
knowledge of the whole
network for proper
implementation.
Static Routing Versus
Dynamic Routing
Dynamic Routing Static Routing
Configuration Generally independent of the
Increases with network size
Complexity network size
Topology Automatically adapts to topology

Administraion intervention required
Changes changes
Suitable for simple and complex

Scaling Suitable for simple topologies
topologies
Security Less secure More seure
Resource Uses CPU, memory, and link

No extra resources required
Usage bandwidth
Route depends on the current Route to destination is always the

Predictability
topology same
When to Use Static
Routes
 In small networks that are not expected to grow significantly.
 To route traffic to and from stub networks.
A stub network is a network

accessed by a single route.
A stub router has only one

upstream neighbor.
6
Types of Static Routes
 There are the following types of static
routes in IPv4 and IPv6
 Standard static route
 Default static route
 Summary static route
 Floating static route

Standard Static Route
 Standard static routes are useful when connecting
to a specific remote network.
.2
No need to use a dynamic
.1 routing protocol with R1 to
reach 172.16.3.0/24.
I can simply use a static

route to reach the stub
network.
Default Static Route
 A default static route is a “catch-all” route that matches all

networks that is not in the routing table.
 It is configured with a 0.0.0.0/0 “quad zero” destination
address.
 It creates a “Gateway of Last Resort” in the routing table
 Using when no other routes in the routing table match the
packet destination IP address.
 In other words, when a “more specific” match does not
exist.
 A common use is when connecting a company's
edge router to the ISP network.

 When a stub router connects to only one upstream router.
Example
All I need to know about are my
directly connected networks. For all
other networks, I can use a default Default static routes are also
static route going to R2. commonly used with edge
routers to connect to an ISP.
.2
.1
Summary Static Route
I have four static routes to reach
the remote networks 172.20.0.0/16
- 172.23.0.0/16.
172.21.0.0/16
172.20.0.0/16 10.0.0.0/24
.2 R1
172.22.0.0/16
172.23.0.0/16
 Used to reduce the number of routing table entries.

 Multiple static routes can be summarized into a single static
route if:
 The destination networks are contiguous and can be
summarized into a single network address.
 The destination networks are all reachable using the
same exit interface or next-hop IP address.
Floating Static
Route
Private WAN
172.16.1.0 /30
172.16.1.0 /30
S0/0/0 S0/0/0
.2 .1
10.0.0.0 /8
Branch UIO
S0/0/1 S0/0/1
.242 .226
209.165.200.240 /29 Internet 209.165.200.224 /29
.241 .225
ISP
 Floating static routes are static routes used to provide a

backup path to a primary static or dynamic route, in the
event of a link failure.
 The floating static route is only used when the primary route is
not available.
Floating Static
Route
Private WAN
172.16.1.0 /30
172.16.1.0 /30
S0/0/0 S0/0/0
.2 .1
10.0.0.0 /8
Branch HQ
S0/0/1 S0/0/1
.242 .226
209.165.200.240 /29 Internet 209.165.200.224 /29
.241 .225
ISP
 Accomplished by configuring the static route with a higher administrative

distance than the primary route.
 Administrative distance represents the trustworthiness of a route.
 If multiple paths to the destination exist, the router will choose the
path with the lowest administrative distance o preference.
Administrative
Distance or Preference
Administrative distance (AD) is a number of arbitrary unit assigned

to dynamic routes, static routes and directly-connected routes. The
value is used by vendor-specific routers to rank routes from most
preferred (low administrative distance value) to least preferred (high
administrative distance value)
Default Administrative
Distance by Vendor
Topology Example
6.0
 We will assume all the interface have been configured

with an IPv4 address and are in the up/up state.
of Cisco_1
Notice how Cisco_1 only has entries for its
directly connected networks.
It does not have any knowledge of any

networks beyond its directly connected
interfaces.
For example, Cisco_1 has no knowledge

of networks:
•172.20.3.0/24 – LAN Brocade_1
6.0 •172.20.4.0/24 – Brocade-1 – Jun_OS-R1
•172.20.6.0/24 – LAN JunOS_R1
•172.20.5.0/24 – LAN Brocade-2
Verify the Routing
Table of Brocade_1
Brocade_1 has no knowledge of networks:

•172.20.2.0/24 – Brocade_2 to Cisco_1
•172.20.5.0/24 – LAN Brocade_2
•172.20.6.0/24 – LAN JunOS_R1
6.0
Verify the Routing
Table of Brocade_2
Brocade_2 has no knowledge of networks:

•172.20.1.0/24 – Brocade_1 to Cisco_1
•172.20.3.0/24 – LAN Brocade_1
•172.20.4.0/24 – Brocade_1 to JunOS_R1
6.0 •172.20.6.0/24 – LAN JunOS_R1
Verify the Routing
Table of JunOS_R1
JunOS_R1 has no knowledge of networks:

•172.20.1.0/24 – Cisco_1 to Brocade_1
•172.20.3.0/24 – Lan Brocade-1
6.0 •172.20.2.0/24 – Cisco_1 to Brocade_2
•172.20.5.0/24 – Lan Brocade-2
Verify Connectivity
CISCO Routers
ip route Command (for IPv4 static
routes)
Router(config)# ip route network-address subnet-

mask {ip-address | exit-interface}
 network-address: Destination network address of the remote network

 subnet-mask: Subnet mask of the remote network
 One or both of the following parameters must also be used:

 ip-address: Next-hop router’s IP address. (Does not have to be
next-hop.)
 exit-interface: Outgoing or exit interface
Types of Standard Static
Routes
 Next Hop Static Route
 ip route network-add subnet ip-address
 Directly Attached Static Route

 ip route network-add subnet exit-intf
 Fully Specified Static Route

 ip route network-add subnet exit-intf ip-
address
23
Configure Static Routes on
Cisco_1
Display Static Routes on
Cisco_1
Brocade_1
Brocade_1
Brocade_2
Brocade_2
JunOS_R1
root@JunOS_R1# set routing-options static route 172.20.3.0/24 next-hop 172.20.4.1

root@JunOS_R1# set routing-options static route 172.20.5.0/24 next-hop 172.20.4.1
root@JunOS_R1# commit
JunOS_1
Verify connectivity
between PC’s
Configuring a Default
Static Route
ip route 0.0.0.0 0.0.0.0 {ip-address | exit-intf [ip-address]}
Parameter Description
0.0.0.0 • Matches any network address.
0.0.0.0 • Matches any subnet mask.

• Commonly referred to as the next-hop router’s IP address.
ip- • Typically used when connecting to a broadcast media (i.e.,
address Ethernet) .
• Commonly creates a recursive lookup.
• Use the outgoing interface to forward packets to the
destination network.
exit-
• Also referred to as a directly attached static route.
intf
• Typically used when connecting in a point-to-point
configuration.
Default Route
Internet Access
Static Route
Default Route
Internet Access through NAT
(Network Address Translation)
82.102.142.204
If you want to connect to the public INTERNET you need to get

a public IP address, if your LAN network has private IP
addressing and you need to access the Internet, a solution is to
use NAT, which allows you to translate a private IP address into
public
Configure DNS Server &
Default Route Mikrotik
Verify connectivity to
the internet
Configure NAT
Configure Static Routes
to LANs
Static Route on
Brocade_1
Default Route on
R1
Default Route on
Juniper_1
Default Route on
Juniper_1
Configure IP Address, Default
Gateway & DNS Server on Webterm3
Verify Internet Access
Wireshark DNS Traffic
Homework # 1
In the scenario presented, implement main routes and backup paths
to Internet Access
Tema 7. Dynamic
Routing & RIPv2
1
Dynamic Routing Protocol
Operation
 In general, the operations of a dynamic routing protocol can be described

as follows:
 The router sends and receives routing messages on its interfaces.
 The router shares routing messages and routing information with
other routers that are using the same routing protocol.

 Routers exchange routing information to learn about remote
networks.
 When a router detects a topology change the routing protocol can
advertise this change to other routers.

Discover Directly
Attached Networks
 R1 adds the 10.1.0.0 network available through interface FastEthernet
0/0 and 10.2.0.0 is available through interface Serial 0/0/0.
 R2 adds the 10.2.0.0 network available through interface Serial 0/0/0
and 10.3.0.0 is available through interface Serial 0/0/1.
 R3 adds the 10.3.0.0 network available through interface Serial 0/0/1
and 10.4.0.0 is available through interface FastEthernet 0/0.
Network Interface Hop Network Interface Hop Network Interface Hop
C 10.1.0.0 Fa0/0 0 C 10.2.0.0 S0/0/0 0 C 10.3.0.0 S0/0/1 0
C 10.2.0.0 S0/0/0 0 C 10.3.0.0 S0/0/1 0 C 10.4.0.0 Fa0/0 0

Network Convergence
Convergence is when a network has complete and accurate information
about the entire network
Convergence time is the time it takes routers to share information, calculate
best paths, and update their routing tables.
NOTE:
 A network is not completely operable until the network has converged.
Routing Protocols
Classification
Dynamic Routing Protocols
Purpose Interior Gateway Protocols Exterior Gateway Protocols

(IGP) (EGP)
Distance Vector Link-State Path-Vector

Operation Routing Protocols Routing Protocols Routing Protocol
RIPv1 IGRP Classful

Behaviour
RIPv2 EIGRP OSPF IS-IS BGP Classless
RIPv1 and IGRP are legacy Link-state routing

protocols that have evolved protocols are classless
into the classless routing by nature.
protocols, RIPv2 and EIGRP.
5
CNT BGP TELCONET
An autonomous system
(AS), is a collection of routers
under a common
administration.
• Company ’ s internal
network
• An ISP’s network.
 Because the Internet is based on the autonomous system concept,

two types of routing protocols are required:
 Interior Gateway Protocols IGP (RIP, EIGRP, OSPF, IS-IS):
 Routing inside an autonomous system

 Exterior Gateway Protocols (BGP): Between ISPs, CNT and
TELCONET, and some customers (usually just say BGP).
 Routing between autonomous systems
IGP versus EGP Routing
Protocols
ISP with customers
ISP with customers
BGP
ISP-1 AS-2
IS-IS OSPF
AS-1
BGP
EIGRP
Static Route
ISP-2 AS-3
OSPF Default Static Route IS-IS
Single customer
 IGPs are used by organizations and within service provider’s network.

 BGP could be used to interconnect large organizations to service
providers and in between various service providers.
 Smaller organizations would typically connect using static routes but
could also use BGP.
Protocol Operation
 What does a street sign like this tell
you?
 How far (distance)
 Which way (direction)
 Distance vector
 Routes are advertised as vectors
of distance and direction.

 Distance is defined in terms of a metric
 Such as hop count
 Direction is simply the:

 Nexthop router or
 Exit interface
 Typically use the Bellman-Ford

algorithm for the best-path (shortest)
route determination
Protocol Operation
 Routing protocol
 Does not know the topology of an internetwork.
 Only knows the routing information received from its
neighbors.
 Does not know if another path would actually be faster.
Would another path I don’t have a map of

that is longer actually the network.
be faster? (speed
limit)
All I know is how far
and which direction
(to next hop router)
Distance Vector
Routing Protocols
 Routing Information Protocol (RIP)
 Three versions: IPv4 RIPv1 and RIPv2. RIPng for IPv6.
 Standard Protocol
 Hedrick RFC 1058 (06/1988). Routing Information Protocol

 Malkin RFC 2453 (11/1998). RIP Version 2
 Malkin, Minnear. RFC 2080 (11/1997). RIPng for IPv6
 Uses hop counts as its metric.
 Interior Gateway Routing Protocol (IGRP)
 Legacy Cisco Proprietary protocol.
 Uses bandwidth and delay as its metric.
 Enhanced IGRP (EIGRP)
 Initially, Cisco Proprietary protocol.
 Uses bandwidth and delay as its metric.
 Only event driven distance-vector routing protocol.
Link-State Protocol
Operation
 Link-state routing protocol can
create a “complete view,” or
topology, of the network.
 Link-state protocols are
associated with Shortest Path
First (SPF) calculations.
 A link-state router uses the OR
link-state information to:
 Create a topology map
 Select the best path to all
destination networks in the

topology.
 Each router makes the
decision!
Link-State Protocol
Operation
 Link-state protocols work
best in situations where
 The network design is
hierarchical, usually
occurring in large networks.
 The administrators have a

good knowledge of the
implemented link-state
routing protocol.
 Fast convergence of the

network is crucial.
Link-State Concepts
Link-State Routing
Protocols
 Open Shortest Path First (OSPF)
 Standard Protocol
 J. Moy: RFC 1131 (10/1989)
 J. Moy: RFC 2328, OSPF Version 2 (04/1998)
 R. Coltun, D. Ferguson, J. Moy, A. Lindem: RFC 5340, OSPF for
IPv6 (07/2009)
 Metric : Cost
 Intermediate System-to-Intermediate System (IS-
IS)
 Popular in provider networks
 Standard Protocol
 Oran. RFC 1142 (12/1990) Use of OSI IS-IS for Routing in TCP/IP
and Dual Environments.
 Hopps. RFC 5308 (10/2008) Routing IPv6 with IS-IS
Classful Routing Protocols
172.16.0.0/16
Major Classful
Network
 Classful routing protocols do not send subnet mask information in their routing
updates:
 Only RIPv1 and IGRP are classful.
 Created when network addresses were allocated based on classes (class A, B,
or C).
 Cannot provide variable length subnet masks (VLSMs) and classless
interdomain routing (CIDR).
 Create problems in discontiguous networks.
R1 Forwards a Classful Update to R2
172.16.1.0/24 192.168.1.0/30 192.168.2.0/30 172.16.2.0/24
.1 .1 .2 .2 .1 .1
S0/0/0 S0/0/0 S0/0/1 S0/0/1
G0/0 R1 R2 R3 G0/0
Routing update:
My 30 seconds are up. 172.16.0.0
I’m sending an update
to my RIP neighbor(s).
R2# show ip route | begin Gateway

Gateway of last resort is not set
R 172.16.0.0/16 [120/1] via 192.168.1.1, 00:00:11, Serial0/0/0

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/30 is directly connected, Serial0/0/0
L 192.168.1.2/32 is directly connected, Serial0/0/0
R2#
R3 Forwards a Classful Update to R2
Discontiguous Networks
172.16.1.0/24 192.168.1.0/30 192.168.2.0/30 172.16.2.0/24
.1 .1 .2 .2 .1 .1
S0/0/0 S0/0/0 S0/0/1 S0/0/1
G0/0 R1 R2 R3 G0/0
Routing update: My 30 seconds are up.

172.16.0.0 I’m sending an update

R 172.16.0.0/16 [120/1] via 192.168.2.1, 00:00:14, Serial0/0/1

[120/1] via 192.168.1.1, 00:00:16, Serial0/0/0
R2#
Connectivity Fails or
Inconsistent
Discontiguous Networks
172.16.1.0/24 192.168.1.0/30 192.168.2.0/30 172.16.2.0/24
.1 .1 .2 .2 .1 .1
S0/0/0 S0/0/0 S0/0/1 S0/0/1
G0/0 R1 R2 R3 G0/0
R2# ping 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2
seconds:
U.U.U
Success rate is 0 percent (0/5)
R2#
R2# traceroute 172.16.1.1
Tracing the route to 172.16.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.1.1 4 msec
192.168.2.1 4 msec
192.168.1.1 4 msec
R2#
Classless Routing
Protocols
172.16.1.0/24 192.168.1.0/30 192.168.2.0/30 172.16.2.0/24
.1 .1 .2 .2 .1 .1
S0/0/0 S0/0/0 S0/0/1 S0/0/1
G0/0 R1 R2 R3 G0/0
Routing update:
My 30 seconds are up.
I’m sending an update 172.16.1.0/24
172.16.0.0/24 is subnetted, 1 subnets

R 172.16.1.0 [120/1] via 192.168.1.1, 00:00:06, Serial0/0/0
R2#
 Classless routing protocols include subnet mask information in the

routing updates:
 RIPv2, EIGRP, OSPF, and IS-IS and IPv6 routing protocols
 Support VLSM and CIDR
 Also support discontiguous networks
R3 Forwards a Classless
Update to R2
172.16.1.0/24 192.168.1.0/30 192.168.2.0/30 172.16.2.0/24
.1 .1 .2 .2 .1 .1
S0/0/0 S0/0/0 S0/0/1 S0/0/1
G0/0 R1 R2 R3 G0/0
Routing update:
My 30 seconds are up.
172.16.2.0/24 I’m sending an update

172.16.0.0/24 is subnetted, 2 subnets

R 172.16.1.0 [120/1] via 192.168.1.1, 00:00:03, Serial0/0/0
R 172.16.2.0 [120/1] via 192.168.2.1, 00:00:03, Serial0/0/1
R2#
Connectivity Success
172.16.1.0/24 192.168.1.0/30 192.168.2.0/30 172.16.2.0/24
.1 .1 .2 .2 .1 .1
S0/0/0 S0/0/0 S0/0/1 S0/0/1
G0/0 R1 R2 R3 G0/0
R2# ping 172.16.1.1

Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms
R2#
R2# traceroute 172.16.1.1
Tracing the route to 172.16.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.1.1 4 msec 4 msec *
R2#
Routing Protocol
Characteristics
 Speed of Convergence:
 Routing loops can occur when inconsistent routing tables are not
updated due to slow convergence in a changing network.

 Scalability:
 Large networks require a scalable the routing protocol.
 Classful or Classless (Use of VLSM and summarization):

 Classful routing protocols do not include the subnet mask and cannot
support VLSM while classless routing protocols do.

 Resource Usage:
 Defines how much memory space (RAM), CPU utilization, and link
bandwidth utilization is required by the routing protocol.

 Implementation and Maintenance:
 This describes the level of knowledge that is required for a network
administrator to implement and maintain the network based on the

routing protocol deployed.
Speed Convergence
Routing Protocol Convergence Comparison using Simulation and Real
Equipment. D. Sankar and D. Lancaster.
Centre for Security, Communications and Network Research Plymouth University,
United Kingdom. 2013
Network Convergence Time
Purpose of a Metric
 Metrics are a way to measure or compare.

 Determine the best path.
 Routing protocol learns multiple routes to the same

destination.
 Metric is used to determine which path is most preferable
 Lower the metric, the better

Routing Protocols and
Their Metrics
Routing Default
Description
Protocol Metric
•Simple metric that counts the number of routers a packet

RIP Hop count
traverses.
•Bandwidth influences path selection by preferring the
path with the highest overall bandwidth.
Bandwidth
•Delay considers the time a packet takes to traverse a
EIGRP and path.
Delay •Optionally, load (traffic utilization of a certain link) and
reliability (probability of a link failure) can also be
included in the metric calculation.
OSPF Cost •A value based on the cumulative link bandwidths.
IS-IS Cost •A value based on the cumulative link cost

Routing Protocol Metrics
 Different routing protocols use different metrics.
 Routing metrics are not interchangeable between routing
protocols.
 Two different routing protocols might choose different paths to
the same destination.
 For example:
56 Kbps
27
Routing Protocol Metrics
R 192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:24, Serial0/0/0
C 192.168.3.0/24 is directly connected, FastEthernet0/0
R 192.168.5.0/24 [120/1] via 192.168.4.1, 00:00:26, Serial0/0/1
R 192.168.6.0/24 [120/1] via 192.168.2.1, 00:00:24, Serial0/0/0
[120/1] via 192.168.4.1, 00:00:26, Serial0/0/1
R 192.168.7.0/24 [120/1] via 192.168.4.1, 00:00:26, Serial0/0/1
R 192.168.8.0/24 [120/2] via 192.168.4.1, 00:00:26, Serial0/0/1
 All routers running RIP

 What is the metric (distance)
for R2 to reach the
192.168.8.0 network?
 2 (hops away)
 What is the direction (vector)

for R2 to reach the
192.168.8.0 network?
 Serial 0/0/1 (via R3)
Equal Cost Multipath Routing
Load Balancing
R2# show ip route

<output omitted>
R 192.168.6.0/24 [120/1] via 192.168.2.1, 00:00:24, Serial0/0/0
[120/1] via 192.168.4.1, 00:00:26, Serial0/0/1
 What happens when two or more routes to the same destination have identical
metric values?
 The router load balances between these equal-cost paths.
 All routing protocols do equal cost load balancing.
 EIGRP also does unequal cost load balancing.
Protocols
Dynamic Routing Protocols
 Distance vector routing protocols:

Interior Gateway Protocols  Share updates between neighbors
(IGP)
 Not aware of the network topology
 RIPv1 sends periodically broadcasts
Distance Vector
Routing Protocols
updates to IP 255.255.255.255 even if
topology has not changed
 Updates consume bandwidth and
RIPv1 IGRP
network device CPU resources
RIPv2 EIGRP  EIGRP will only send an update when
topology has changed
 RIPv2 and EIGRP use multicast
addresses
30
Routing Information
Protocol ver. 1 (RIPv1)
I Can’t 15 hops 14 hops 13 hops 12 hops 11 hops 10 hops 9 hops

reach
192.168.1.0
8 hops
 RIPv1 (RFC 1058) is a legacy 1st generation IPv4 protocol.
 Easy to configure, making it a good choice for small networks.
 RIPv1 has the following key characteristics: 7 hops
 Metric = hop count (lower is better).
 Updates broadcasted every 30 seconds to 255.255.255.255.
6 hops
 If hop count > 15 hops = too far and the update is not
propagated.
5 hops
 RIP updates are encapsulated into a UDP segment, with both
source and destination port numbers set to UDP port 520.
1 hop 2 hops 3 hops 4 hops
192.168.1.0/24
Routing Information
Protocol ver. 2 (RIPv2)
 RIPv2 (RFC 2053) replaced RIPv1 and included the
following improvements:
 Classless routing protocol: Supports VLSM and
CIDR, because it includes the subnet mask in the

routing updates.
 Increased efficiency: Forwards updates to multicast
address 224.0.0.9, instead of the broadcast address

255.255.255.255.
 Reduced routing entries: Supports manual route
summarization.
 Secure: Supports an authentication mechanism to
secure routing table updates between neighbors.

Split horizon
Distance vector protocols are susceptible to routing loops.
Routing loops occur when a packet is continually routed
through the same routers over and over, in an endless circle.
Split horizon is one of the methods used by distance vector
routing protocols to avoid routing loops. The principle is
simple – a router will not advertise a route back onto the
interface from which it was learned. Split horizon is
enabled on interfaces by default.
Route Poisoning
Another method employed by distance vector routing protocols to
prevent routing loops is route poisoning. When a router detects
that one of its directly connected routes has failed, it will advertise
a failed route with an infinite metric (“poisoning the route”).
Routers who receive the routing update will consider the route as
failed and remove it from their routing tables.
Each routing protocol has its own definition of an infinite metric. In the
case of RIP the infinite metric is 16
RIP Timers
 Update Timer: Default value is of 30 secs, it resets itself as soon as the
update is received from neighboring router.
 Invalid Timer: Default value is of 180 secs, If a router fails to receive an
update post 30 secs, it will wait for another 150 secs before declaring the
route for which update was not received as “Invalid”
 Hold Timer: It triggers as soon as Invalid timer is finished at 180 Secs. Hold
timer will hold the Invalid route until the flush timer is complete on source
router.
 Flush Timer: Default time of 240 Seconds. This timer starts along with
update and Invalid timer and it indicates how long a route can remain in a
routing table before being flushed.
RIPv2 Manual
Route Summarization
RIPv1 versus RIPv2
Features RIPv1 RIPv2
Both use hop count as a simple

Metric metric. The maximum number of
hops is 15.
Forward Updates To Address 255.255.255.255 224.0.0.9
Supports VLSM  
Supports CIDR  
Supports Summarization  
Secure  
RIP Summary
IGRP
 The Interior Gateway Routing Protocol (IGRP) was
the first proprietary IPv4 routing protocol developed by
Cisco in 1984.
 IGRP Features:
 No hop limit
 Easy to understand
 Bandwidth and delay are used to create a composite

metric.
 Optionally, load and reliability can also be included in
the calculation.
 Routing updates are broadcast every 90 seconds, by
default.
EIGRP
 In 1992, Enhanced IGRP (EIGRP) replaced IGRP.
 EIGRP also supports VLSM and CIDR, increases
efficiency, reduces routing updates, and supports

secure message exchange.
 EIGRP also introduced:
 Bounded triggered updates
 Hello keepalive mechanism
 Maintains a topology table (DUAL – backup routes)
 Rapid convergence
 Multiple network layer protocol support (IPv4, IPv6,
IPX, Appletalk)
IGRP versus EIGRP
Features IGRP EIGRP
Both use a composite metric consisting of

bandwidth and delay. Reliability and load
Metric
can also be included in the metric
calculation.
Forward Updates To Address 255.255.255.255 224.0.0.10
Supports VLSM  
Supports CIDR  
Supports Summarization  
Supports Authentication  
RIPv2 Topology
192.168.3.0/24
Example
42
GNS3 Cloud object
192.168.3.0/24
The cloud object was in fact a direct usage of the emulator capabilities to
connect to external networks
43
Configure Mikrotik
GUI Access
Configure the ip address of the ether5

interface by accessing the CLI
Configure Mikrotik
GUI Access
Verify connectivity from the Windows command line to configured
addresses
Configure Mikrotik
GUI Access
Winbox is a small utility that allows administration of Mikrotik RouterOS
Using a fast and simple GUI.
Configure IP Address
MKTK_2
Configure IP Address
MKTK_1
Verify conectivity
Configure IP address
Cisco_1
Configure IP address
Brocade_1
Configure RIP on
MKTK_2
1. Add the interfaces by which RIP messages are sent and received
Configure RIP on
MKTK_2
2. Set RIP Networks
Configure RIP on
MKTK_2
3. RIP Settings  Redistribute Connected Routes
Configure RIP on
MKTK_1
1. Add the interfaces by which RIP messages are sent and received
Configure RIP on
MKTK_1
2. Set RIP Networks
Configuring RIP on
Cisco_1
Cisco_1(config)# router rip
Cisco_1(config-router)# version 2
Cisco_1(config-router)# no auto-summary
Cisco_1(config-router)# network 10.10.20.0
Cisco_1(config-router)# network 10.10.30.0
 To enable RIP and advertise a network, use the routing configuration

command network network-address
 Enter the network address for each directly connected network.
 Entering the command automatically :
 Enables RIP on all interfaces that belong to a specific network.
 Interfaces now both send and receive RIP updates.
 Advertises the specified network in RIP updates every 30 seconds.
Configuring RIP on
Brocade_1
Verifying RIP Routes on
Cisco_1
MKTK_2
MKTK_1
Verify Connectivity
PC3  PC2
RIP Passive Interfaces
192.168.3.0/24
192.168.1.0/24 .1 G0/0
192.168.5.0/24
.1 DCE DCE .1
S0/0/0 S0/0/0 S0/0/1
G0/0 R1 R2 S0/0/1 R3 G0/0
.1 .2 .2 .1
192.168.2.0/30 192.168.4.0/30
 Sending out unneeded updates on a LAN:

 Wastes Bandwidth
 Wastes Resources
 Security Risk
 The passive-interface
 Stops routing updates out the specified interface.
 The network that the specified interface belongs to is still
advertised in routing updates that are sent out other interfaces.
 Should be configured on interfaces which do not connect to
other RIP routers.
Configuring a Passive
Interface on Cisco
192.168.3.0/24
Routing update:
192.168.1.0/24
192.168.1.0/24 .1 G0/0
192.168.5.0/24
.1 DCE DCE .1
S0/0/0 S0/0/0 S0/0/1
G0/0 R1 R2 S0/0/1 R3 G0/0
.1 .2 .2 .1
192.168.2.0/30 192.168.4.0/30
R1(config)# router rip

R1(config-router)# passive-interface g0/0
R1(config-router)# end
R1#
R1# show ip protocols | begin Default
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial0/0/0 2 2
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
192.168.2.0
Passive Interface(s):
GigabitEthernet0/0
Routing Information Sources:
Gateway Distance Last Update
192.168.2.2 120 00:00:06
Distance: (default is 120)
Configuring a Passive
Interface on Mikrotik
192.168.3.0/24
RIP Propagating a
Internet
192.168.3.0/24
209.165.200.224/27
.226
192.168.1.0/24 S0/0/1 192.168.5.0/24

.225 .1 G0/0
.1 .1
S0/0/0 S0/0/0 S0/0/1
G0/0 R1 R2 S0/0/1 R3 G0/0
.1 .2 .2 .1
192.168.2.0/30 192.168.4.0/30
 It is common to configure a default static route on an edge router and
then propagating the default route throughout the routing domain using
the routing protocol.
 Otherwise, you would have to individually configure default static
routes on all internal routers.

 Edge router must be configured with default static route:
 ip route 0.0.0.0 0.0.0.0 exit-intf next-hop-ip
 Propagated to other routers via RIP using:

 default-information originate
Propagating a Default
Route on R1
Internet
192.168.3.0/24
209.165.200.224/27
.226
192.168.1.0/24 S0/0/1 192.168.5.0/24

.225 .1 G0/0
.1 DCE DCE .1
RIP DefaultS0/0/0
S0/0/0 Route R2RIPS0/0/1
Default Route
S0/0/1
G0/0 R1 R3 G0/0
.1 .2 .2 .1
192.168.2.0/30 192.168.4.0/30
R1(config)# ip route 0.0.0.0 0.0.0.0 S0/0/1 209.165.200.226

R1(config)# router rip
R1(config-router)# default-information originate
R1(config-router)# ^Z
R1#
*Mar 10 23:33:51.801: %SYS-5-CONFIG_I: Configured from
console by console
Propagating a Default
Route on Mikrotik
Homework
RIP&Default Route
Clase 9. Network Planning

& Design

Why design and plan our network ?
• Nowadays more
complex networks
• Exponential growth
of traffic internal &
external
• Adaptability to new
technologies such
as cloud computing
• Minimize OPEX and
CAPEX
• Optimize the use of
network resources
• Network Engineer's
Task
Complex Networks Computers….
• Routers
• Switchs L2 & L3 & L4
• Firewalls
• IDS/IPS
• UTM
• VPN Concentrator
• Load Balancers
• Wireless Devices
• VOIP Devices
• Telepresence Devices
• SAN Devices
• Servers
Global IP
traffic
growth
Managed IP: Includes
corporate IP WAN
traffic and IP transport
of TV and VoD
Traffic Trends ….
VoD Services
State of IPv6 Deployment 2018
• Over 25% of all Internet-connected networks advertise IPv6
connectivity.
• Google reports 49 countries deliver more than 5% of traffic over IPv6
• Google reports 24 countries whose IPv6 traffic exceeds 15%
New Technologies – Cloud Computing
CAPEX & OPEX
Capital expenditures (CapEx) refers to the money a company spends

towards fixed assets, such as the purchase, maintenance, and
improvements of hardware (Server, Routers, Switches, etc.) and Software
(Licenses, Monitoring Platforms, etc.).
An OpEx, or operational expenditure, is an ongoing cost that recurs
regularly, usually on a monthly basis. It is generally provided under a
contract by the service provider.
…. Network Planning & Design
Network planning and
design is an iterative process,
encompassing topological
design, network-synthesis,
and network-realization, and is
aimed at ensuring that a
new telecommunications
network or service meets the
needs of the subscriber
and operator.
…. Network Planning & Design
• Topological design: This stage
involves determining where to place
the components and how to
connect them.
• Network-synthesis: This stage
involves determining the size of the
components used, subject
to performance criteria such as
the Grade of Service (Jitter,
latency).
• Network realization: This stage
involves determining how to meet
capacity requirements and ensure
reliability within the network.
Network Planning Tasks
NETWORK
CAPACITY
PLANNING
Network Capacity Planning (1/2)
Network capacity planning is generally done to identify
shortcomings or parameters that can affect the
network’s performance or availability within a
predictable future time, usually in years. Typically,
network capacity planning requires information about:
• Current network traffic volumes (Traffic Matrix)

• Network utilization (SNMP, Netflow)
• Type of traffic
• Capacity of current infrastructure
Network Capacity Planning (2/2)
A methodology used to:
• Model current network state and traffic behavior
• Project future traffic load and sizing the network resources
• Predict future capacity issues - congestion, resource shortages
• Suggest when, where and which resources to add or
reconfigure
Network Capacity Tools
CISCO MATE LIVE

RIVERBED SP NETWORK PLANNER
Network Capacity Tools
Net2Plan
TOolbox for Traffic Engineering Methods

TOTEM
Traffic Demand Matrix
The traffic matrix (TM) is essential in network planning and traffic engineering
tasks. Traffic demands define the amount of data transmitted between each
pair of network nodes(Link,Load)
• Typically per Class or Type of Service
• Typically peak traffic
• Measured, estimated or deduced
IP Traffic Measurement Types
Passive Measurements Tools
MRTG + SNMP
Netflow
Link performance parameters
R1 R2
Y1
Red1 Red2
• Link Load (%) Y2

Y3
• Service Time (ms) R3
Link Load (TL)
Service Time(Ts)
=
=
Red3 Tu = User Traffic
Tsc = Network Traffic
Lc = Nominal Link Capacity
Calculation of Load of the Links
User Traffic (Tu) = +
= Client  Server
= Server  Client
>>
• Application type
• Flow Size (UP, DOWN)
• Number of requests per Flow
• Number of users per Application
Application Types
APLICACIÓN TRANSPORTE
HTTP/ HTTPS TCP
SMTP/POP/IMAP TCP
DNS TCP/UDP
FTP/FTPS TCP
SSH TCP
SNMP UDP
H.323 UDP
SIP/RTP UDP
SQL/ORACLE TCP
SKYPE UDP
Header Size / Protocols
LAYER PROTOCOL HEADER SIZE (Bytes)
TRANSPORT TCP 20
UDP 8
IPv4 20 – 60
IPv6 40
NETWORK ICMP 8
ARP 28
NDP 8
OSPF 24
EIGRP 20
Header Size / Protocols
LAYER PROTOCOL HEADER SIZE (Bytes)
Ethernet 18
802.1Q 22
802.1ad (Q-in-Q) 26
HDLC Std 4
HDLC Cisco 6
DATA
LINK PPP 6
Frame Relay IETF 2
Frame Relay Cisco 4
ATM 5
MPLS 4
MPLS TE 8
MPLS TE VPN 12
User Traffic (Tu) / Application = ∗# ∗#
= +
= ∗# ∗#
PROTOCOL
Network Traffic (Tsc) Static Routing
Traffic generated by the
network for proper operation, Dynamic
Routing
depends on the protocol used
LDP - MPLS
Static Routing =
Dynamic Routing
(Interior Gateway Protocol) RIPv1-RIPv2-RIPng
The entire route table is sent between the
neighbors every 30 seconds
= ∗ ∗
SRT = Size Routing Table (Bytes)
ENCAPSULATION
N = number of minutes the network is
UDP – RIP – IP - Ethernet
monitored, usually 60 minutes.
OSPFv2 & OSPFv3

HELLO TIME
• Point-to-Point  10 seconds
Dynamic Routing
• Point-to-Multipoint  30 seconds
(Interior Gateway Protocol)
= ∗ ∗ ∗
HPS = Hello PDU Size

HT = # PDU Hello that are sent in 1 minute
ENCAPSULATION N = number of minutes the network is
OSPF – IP - Ethernet monitored, usually 60 minutes.
EIGRP
HELLO TIME
• Link < T1  60 seconds
Dynamic Routing
• Link > T1  5 seconds
= ∗ ∗ ∗

EIGRP – IP - Ethernet monitored, usually 60 minutes.
IS-IS
HELLO TIME
• Point-to-Point 10 seconds
Dynamic Routing
= ∗ ∗ ∗

ISIS - Ethernet monitored, usually 60 minutes.
Traffic Demand Matrix - No link failures
R1 R2
X1, Y1 Red2
Red1
Convergent Routing
X2,Y2 X3, Y3
R3
Xi  Traffic UP in 10 minutes
Yi  Traffic DOWN in 10 minutes
T1 T2 T3 T4 T5 T6
R1-R2 U U U U U U O/D R1 R2 R3
R1-R3 U U U U U U Red3
R2-R3 U U U U U U R1 0 6X1 6X2
T1+T2+T3+T4+T5+T6= 60 MINUTOS
R2 6Y1 0 6X3
R3 6Y2 6Y3 0
Link Demand Traffic - No link failures
R1 R2
X1, Y1 Red2
Red1
Convergent Routing
X2,Y2 X3, Y3
R3
T1 T2 T3 T4 T5 T6
LINK TRAFFIC DEMAND
R1-R2 U U U U U U Red3 R1 - R2 6X1+6Y1+6Tsc
R1-R3 U U U U U U
R2-R3 U U U U U U R1 – R3 6X2+6Y2+6Tsc
T1+T2+T3+T4+T5+T6= 60 MINUTOS R2 – R3 6X3+6Y3+6Tsc
Link Demand Traffic - Link failures
R1 R2
X1, Y1
Red1 Red2
Convergent T1 T2 T3 T4 T5 T6
Routing R1-R2 U D U D U U
X2,Y2 X3, Y3
R1-R3 U U U U U U
R2-R3 U U U U U U
R3
LINK TRAFFIC DEMAND

Red3
R1 - R2 4X1+4Y1+4Tsc
R1 – R3 6X2+2X1+6Y2+2Y1+6Tsc
R2 – R3 6X3+2X1+6Y3+2Y1+6Tsc
Exercise 1. Determine the load of the links in the following
scenario. Static Route with IPv4, float static routes. No link
failures. 80 Mbps Routers Interfaces.
D
O/D R1 R2 R3 R4
R1 - Y1 Y2 Y3
R2 X1 - - -
O R3 X2 - - -
R4 X3 - - -
Considerations Monitoring time 60 minutes
at the level of the application layer
RED # USERS
PDU SIZE PDU SIZE
LAN_1 40 PROTOCOL
UPSTREAM(bytes) DOWNSTREAM(bytes)
LAN_2 30
HTTPS 80 650
LAN_3 50
FTP 90 450
All users access all ORACLE 70 680
applications
RED SERVIDOR # PDU UP # PDU DOWN

Link Availability Time Line
HTTPS 36 54
LAN_1 T1 T2 T3 T4 T5 T6
FTP 28 42
R1-R2 U U U U U U
ORACLE 30 78
R1-R3 U U U U U U
HTTPS 28 56
R1-R4 U U U U U U
LAN_2 FTP 36 66
R3-R4 U U U U U U
ORACLE 22 48
HTTPS 35 52
LAN_3 FTP 30 60
ORACLE 26 42
1. Deduce the equation that calculates the demand for traffic
in each link
LINK TRAFFIC DEMAND
R2 – R1 X1+Y1
(Tsc0)
R3 – R1 X2+Y2
R4 – R1 X3+Y3
R3 – R4 0
2. Determine the size of the PDU at the level of the data

link layer (DATATCP IP Ethernet)
PDU SIZE PDU SIZE
PROTOCOL
HTTPS (80+20+20+18)=138 (650+20+20+18)=708
FTP (90+20+20+18)=148 (450+20+20+18)=508
ORACLE (70+20+20+18)=128 (680+20+20+18)=738
3. Calculate the user traffic per application
LAN PROTOCOL TUP (bytes) TDOWN (bytes)
HTTPS (138*36*40)=198720 (708*54*40)=1529280
LAN_1 FTP (148*28*40)=165760 (508*42*40)=853440
ORACLE (128*30*40)=153600 (738*78*40)=2302560
Subtotal X1= 518080 Y1= 4685240
HTTPS (138*28*30)=115920 (708*56*30)=1189440
LAN_2 FTP (148*36*30)=159840 (508*66*30)=1005840
ORACLE (128*22*30)=84480 (738*48*30)=1062720
Subtotal X2= 360240 Y2= 3258000
HTTPS (138*35*50)=241500 (708*52*50)=1840800
LAN_3 FTP (148*30*50)=222000 (508*60*50)=1524000
ORACLE (128*26*50)=166400 (738*42*50)=1549800
Subtotal X3= 629900 Y3= 4914600
4. Calculate the Traffic Matrix

O/D R1 R2 R3 R4
R1 - 4685240 3258000 4914600
R2 518080 - - -
R3 360240 - - -
R4 629900 - - -
3. Calculate the demand traffic / link
LINK TRAFFIC DEMAND (bytes)
R2 – R1 518080+4685240 = 5203320
R3 – R1 360240+3258000 = 3618240
R4 – R1 629900+4914600= 5544500
R3 – R4 0
5. Calculate Link Load (%)

LINK TL (%)
R2 – R1 (5203320*8)/80000000 = 52,03%
R3 – R1 (3618240*8)/80000000 = 36,18%
R4 – R1 (5544500*8)/80000000 = 55,44%
R3 – R4 0
Exercise 2. Determine the load of the links and effective cost in the
following scenario. Static Route with IPv6, float static routes. link
failures. 80 Mbps Routers Interfaces. Monthly cost 2800 USD.
D
O/D R1 R2 R3 R4
R1 - Y1 Y2 Y3
R2 X1 - - -
O R3 X2 - - -
R4 X3 - - -
Considerations Monitoring time 60 minutes
RED # USERS
PDU SIZE PDU SIZE
LAN_1 40 PROTOCOL
LAN_2 30
HTTPS 80 650
LAN_3 50
FTP 90 450
All users access all ORACLE 70 680
applications
RED SERVIDOR # PDU UP # PDU DOWN

Link Availability Time Line
HTTPS 36 54
LAN_1 T1 T2 T3 T4 T5 T6
FTP 28 42
R1-R2 U U U U U U
ORACLE 30 78
R1-R3 U D U D U D
HTTPS 28 56
R1-R4 U U U U U U
LAN_2 FTP 36 66
R3-R4 U U U U U U
ORACLE 22 48
HTTPS 35 52
LAN_3 FTP 30 60
ORACLE 26 42
1. deduce the equation that calculates the demand for traffic
in each link
LINK TRAFFIC DEMAND
R2 – R1 6X1+6Y1
(Tsc0)
R3 – R1 3X2+3Y2
R4 – R1 6X3+3x2+6Y3+3Y2
R3 – R4 3X2+3Y2
2. Determine the size of the PDU at the level of the data

link layer (DATATCP IP Ethernet)
PDU SIZE PDU SIZE
PROTOCOL
HTTPS (80+20+40+18)=158 (650+20+40+18)=728
FTP (90+20+40+18)=168 (450+20+40+18)=528
ORACLE (70+20+40+18)=148 (680+20+40+18)=758
LAN3 PROTOCOL TUP (bytes) TDOWN (bytes)
HTTPS (158*36*40)=227520 (728*54*40)=1572480
LAN_1 FTP (168*28*40)=188160 (528*42*40)=887040
ORACLE (148*30*40)=177600 (758*78*40)=2364960
Subtotal X1= 593280 Y1= 4824480
HTTPS (158*28*30)=132720 (728*56*30)=1223040
LAN_2 FTP (168*36*30)=181440 (528*66*30)=1045440
ORACLE (148*22*30)=97680 (758*48*30)=1091520
Subtotal X2= 411840 Y2= 3360000
HTTPS (158*35*50)=276500 (728*52*50)=1892800
LAN_3 FTP (168*30*50)=252000 (528*60*50)=1584000
ORACLE (158*26*50)=205400 (758*42*50)=1591800
Subtotal X3= 733900 Y3= 5068600
4. Calculate the Traffic Matrix

O/D R1 R2 R3 R4
R1 - 4824480 1680000 6748600
R2 593280 - - -
R3 205920 - - 205920
R4 939820 - 1680000 -
R2 – R1 593280+4824480= 5417760
R3 – R1 205920+1680000= 1885920
R4 – R1 939820+6748600= 7688420
R3 – R4 205920+1680000= 1885920
5. Calculate Link Load (%)

LINK TL (%)
R2 – R1 (5417760*8)/80000000 = 54,18%
R3 – R1 (1885920*8)/80000000 = 18.86%
R4 – R1 (7688420*8)/800000000 = 76,88%
R3 – R4 (1885920*8)/80000000 = 18.86%
6. Calculate effective cost of Link
LINK Effective Cost (EC)
R2 – R1 2800* 54,18% = 1517,04
R3 – R1 2800 * 18.86% = 528,08
R4 – R1 2800 * 76,88% = 2152,64
R3 – R4 2800 * 18.86% = 528,08
Total 4725,84 USD (11200 USD )
Exercise 3. Determine the load of the links and service time in the
following scenario. No link failures. Default hello time. The data
rate (Mbps) of each link is show in the figure:
Considerations
RED # USERS
Monitoring time 60 minutes
LAN_1 20
LAN_2 25
LAN_3 40
LAN_4 22
RED # PDU UP # PDU PDU SIZE PDU SIZE

SERVIDOR # Users PROTOCOL
DOWN UPSTREAM(bytes) DOWNSTREAM(bytes)
ORACLE 20 36 54 ORACLE 120 750
LAN_1
HTTP 20 28 42 HTTP 85 550
VOIP 10 30 68 VOIP 60 380
ORACLE 15 28 56 HELLO 35 35
LAN_2 HTTP 15 36 52
VOIP 25 22 48
ORACLE 35 35 52
LAN_3 HTTP 35 30 50
VOIP 40 26 42
ORACLE 10 20 46
HTTP 10 24 50
LAN_4 VOIP 22 32 48
1. calculate the route that will be used to communicate each
LAN with the servers
LAN ROUTE COST
L1 R4 – R1 – R2 3
L2 R6 – R1 – R2 2
L3 R3 - R2 2
L4 R5 – R1 – R2 3
2. Calculate traffic system communication (OSPF)

OSPF IP Ethernet)
= ∗ ∗ ∗
Tsc = (35+20+18)*6*60*2
Tsc = 52560 bytes
3. deduce the equation that calculates the demand for traffic
in each link
LINK TRAFFIC DEMAND
R4 – R1 X1+Y1+Tsc
R6 – R1 X2+Y2+Tsc
R3 – R2 X3+Y3+Tsc
R5 – R1 X4+Y4+Tsc
R1 – R2 X1+X2+X4+Y1+Y2+Y4+Tsc
4. Determine the size of the PDU at the level of the data link
layer (DATATCP IP Ethernet)
PDU SIZE PDU SIZE
PROTOCOL
ORACLE (120+20+20+18)=178 (750+20+20+18)=808
HTTP (85+20+20+18)=143 (550+20+20+18)=608
VOIP (60+8+20+18)=106 (380+8+20+18)=426
LAN3 PROTOCOL TUP (bytes) TDOWN (bytes)
ORACLE (178*36*20)=128160 (808*54*20)=872640
LAN_1 HTTP (143*28*20)=80080 (608*42*20)=510720
VOIP (106*30*10)=31800 (426*68*10)=289680
Subtotal X1= 240040 Y1=1673040
ORACLE (178*28*15)=74760 (808*56*15)=678720
LAN_2 HTTP (143*36*15)=77220 (608*52*15)=474240
VOIP (106*22*25)=58300 (426*48*25)=511200
Subtotal X2= 210280 Y2= 1664160
ORACLE (178*35*35)=218050 (808*52*35)=1470560
LAN_3 HTTP (143*30*35)=150150 (608*50*35)=1064000
VOIP (106*26*40)=110240 (426*42*40)=715680
Subtotal X3= 478440 Y3= 3250240
ORACLE (178*20*10)=35600 (808*46*10)=371680
HTTP (143*24*10)=34320 (608*50*10)=304000
LAN_4 VOIP (106*32*22)=74624 (426*48*22)=449856
Subtotal X4=144544 Y4=1125536
6. Calculate the Traffic Matrix (Only User Traffic)
O/D R1 R2 R3 R4 R5 R6
R1 - 594864 - 1673040 1125536 1664160
R2 4462736 - 3250240 - - -
R3 - 478440 - - - -
R4 240040 - - - - -
R5 144544 - - - - -
R6 210280 - - - - -
R4 – R1 240040+1673040+52560 = 1965640
R6 – R1 210280+1664160+52560 = 1927000
R3 – R2 478440+3250240+52560 = 3781240
R5 – R1 144544+1125536+52560 = 1322640
R1 – R2 594864+4462736+52560 = 5110160
8. Calculate Link Load (%) & Service time
LINK TL (%)
R4 – R1 (1965640*8)/50000000 = 31,45%
R6 – R1 (1927000*8)/100000000 = 15,42%
R3 – R2 (3781240*8)/50000000 = 60,5%
R5 – R1 (1322640*8)/50000000 = 21,16%
R1 – R2 (5110160*8)/100000000 = 40,88%
LINK Service Time (ms)

R4 – R1 ((240040+1673040)*8)/((50000000 – (52560*8)) = 308,68
R6 – R1 ((210280+1664160)*8)/((100000000 – (52560*8)) = 150,58
R3 – R2 ((478440+3250240)*8)/(50000000 - (52560*8)) = 601,64
R5 – R1 ((144544+1125536)*8)/((50000000 – (52560*8)) = 204,93
R1 – R2 ((594864+4462736)*8))/((100000000 – (52560*8)) = 406,32
Exercise 4. Determine the load of the links and service time
in the following scenario. Link failures. hello time 15
seconds. The data rate (Mbps) of each link is show in the
figure:
Considerations
RED # USERS at the level of the application layer
LAN_1 20
PDU SIZE PDU SIZE
LAN_2 25 PROTOCOL
LAN_3 32 UPSTREAM(bytes) DOWNSTREAM(bytes)
LAN_4 22 ORACLE 120 750
HTTP 85 550
RED # PDU UP # PDU VOIP 60 380
SERVIDOR # Users
DOWN HELLO 30 30
ORACLE 20 36 54
LAN_1
HTTP 20 28 42 Link Availability Time Line
VOIP 10 30 68
ORACLE 15 28 56
T1 T2 T3 T4 T5 T6
LAN_2 HTTP 15 36 52
R4 – R1 U U D U D U
VOIP 25 22 48
R6 – R1 U U U U U U
ORACLE 30 35 52
R3 – R2 U U D D U U
LAN_3 HTTP 30 30 50
VOIP 32 26 42
ORACLE 10 20 46
HTTP 10 24 50
LAN_4 VOIP 22 32 48
Exercise 5. Determine the load of the links and service time
in the following scenario. Link failures. The data rate (Mbps)
of each link is show in the figure:
Considerations
RED # USERS at the level of the application layer
LAN_1 30
PDU SIZE PDU SIZE
LAN_2 45 PROTOCOL
LAN_3 22 UPSTREAM(bytes) DOWNSTREAM(bytes)
LAN_4 48 ORACLE 120 750
HTTP 85 550
RED # PDU UP # PDU VOIP 60 380
SERVIDOR # Users
DOWN HELLO 30 30
ORACLE 20 36 54
LAN_1
HTTP 20 28 42 Link Availability Time Line
VOIP 10 30 68
ORACLE 15 28 56
T1 T2 T3 T4 T5 T6
LAN_2 HTTP 15 36 52
R4 – R1 U U D U D U
VOIP 25 22 48
ORACLE 30 35 52
R3 – R2 U U D D U U
LAN_3 HTTP 30 30 50
VOIP 32 26 42
ORACLE 10 20 46
HTTP 10 24 50
LAN_4 VOIP 22 32 48
Tema 10. OSPF v2

1
Introduction to OSPF
 OSPF is:
 Classless
 Link-state routing protocol
 Uses areas for scalability
 RFC 2328 defines the OSPF metric as an arbitrary value called cost.
 Cisco uses bandwidth to calculate the OSPF cost metric .
 Juniper, Mikrotik, Brocade uses value as cost metric (1 through 65,535)

Features of OSPF
Supports Routing changes

VLSM and trigger routing
CIDR updates. Uses SPF
algorithm
Quickly
propagates
network Works well in small
changes and large network
sizes and supports
areas
Supports
Message Digest
5 (MD5)
authentication
OSPF Operation
To create and maintain routing information, OSPF routers complete the following
generic link-state routing process, to reach a state of convergence:
1. Establish neighbor adjacencies: OSPF-enabled routers must form

adjacencies with their neighbor before they can share information with that
neighbor. An OSPF-enabled router sends Hello packets out all OSPF-enabled
interfaces to determine whether neighbors are present on those links.
2. Exchange link-state advertisements: After adjacencies are established,
routers then exchange link-state advertisements (LSAs). LSAs contain the state
and cost of each directly connected link.
3. Build the topology table: After the LSAs are received, OSPF-enabled routers
build the topology table (LSDB) based on the received LSAs. This database
eventually holds all the information about the topology of the network.
4. Execute the SPF algorithm: Routers then execute the SPF algorithm. The
SPF algorithm creates the SPF tree.
5. Build the routing table: From the SPF tree, the best paths are inserted into the
routing table.
OSPF Operation
5
OSPF Packet Format
 In the IP packet header:

 Protocol field is set to 89 (OSPF)
 Destination address is typically set to one of two multicast addresses:
 224.0.0.5
 224.0.0.6
 Destination MAC address is also a multicast address:
 01-00-5E-00-00-05
 01-00-5E-00-00-06
OSPF Packet Format
OSPF Packet Format
OSPF Packet Types
 Five types of OSPF LSPs (link-state packets).

 Hello: Used to establish and maintain adjacency.
 DBD (Database Description): Abbreviated list of

the sending router’s link-state database.
 LSR (Link-State Request) : Used by routers to

request more information about any entry in the
DBD.
 LSU: (Link-State Update): Link-state information.
 LSAck (LSA Acknowledgment): Router sends a

link-state (LSAck) to confirm receipt of the LSU.
Hello Packet
 Discover neighbors (OSPF neighbors)
 Establish adjacencies
 Advertise parameters on which two routers must agree to become
neighbors
 Hello Interval, Dead Interval, Network Type
 Elect the Designated Router and Backup Designated Router on

multiaccess networks such as Ethernet and Frame Relay
Hello, I’m
R2
Hello, I’m
Hello, I’m R3
R1
OSPF Hello Message
Format
OSPF Timers
Hello Intervals
Hello, I’m
R2
Hello, I’m
Hello, I’m R3
R1
 By default Cisco, Juniper and Huawei, OSPF Hello packets are

sent:
 10 seconds on multiaccess and point-to-point segments
 30 seconds on nonbroadcast multiaccess (NBMA) segments
(Frame Relay, X.25, ATM).

 Sent to ALLSPFRouters at 224.0.0.5
Dead
OSPF Timers
Hello, I’m
R2
Intervals
Hello, I’m
Hello, I’m R3
R1
 Dead interval - Period, expressed in seconds, that the router will

wait to receive a Hello packet before declaring the neighbor
“down.”
 Cisco, Juniper , Huawei uses a default of four times the Hello
interval.
 40 seconds - Multiaccess and point-to-point segments.
 120 seconds - NBMA networks.
 Dead interval expires

 OSPF removes that neighbor from its link-state database.
 Floods the link-state information about the “down” neighbor out
all OSPF-enabled interfaces.

OSPF DR/BDR
 Election of Designated Router (DR) and Backup Designated

Router (BDR).
 Used to reduce the amount of OSPF traffic on multiaccess
networks
 DR is responsible for updating all other OSPF routers.
 BDR is the backup if the current DR fails.

OSPF Network Type
OSPF LSA Types
OSPF uses a LSDB (link state database) and fills this with
LSAs (link state advertisement). Instead of using 1 LSA
packet OSPF has many different types of LSAs.
LSA TYPE DESCRIPTION

1 Router LSA
2 Network LSA
3 or 4 Summary LSA
5 Autonomous System External LSA
6 Multicast OSPF LSA
7 Defined for Not-So-Stubby-Area
8 Extrenal Attributes LSA for BGP
9,10,11 Opaque LSA (ex.MPLS-TE)
Type 1 – Router LSA
Type 1 – Router LSA
LSA Type 1 (Router LSA) packets are sent between routers
within the same area of origin and do not leave the area. An
OSPF router uses LSA Type 1 packets to describe its own
interfaces but also carries information about its neighbors to
adjacent routers in the same area.
Type 2 – Network LSA
Type 2 –2 Network
LSA Type LSA
(Network LSA) packets are generated by
the Designated Router (DR) to describe all routers connected
to its segment directly. LSA Type 2 packets are flooded
between neighbors in the same area of origin and remain
within that area.
Administrative Distance
Administrative distance (AD) is the trustworthiness (or preference)

of the route source.
Steps to OSPF Operation
with States
• At start routers are at OSPF Down
State
• Use multicast address
224.0.0.5/FF02::5 to make sure
single IP packet will be forwarded to
every router within OSPF network,
router now at OSPF Init State .
• All neighboring router with OSPF
enabled receive the hello packet,
checks contents of the hello
message and if certain information
match it reply to that hello with
sending its router ID in the neighbor
list, this is OSPF Two-way State
Steps to OSPF Operation
with States
• After creating 2-way neighbor relationship neighboring routers will
start exchanging network related information.
• At this stage they will decide who will send network information first.
Router with the highest router ID will start sending first. This
stage is called OSPF Exstart Stage
• Then they will start exchanging link state database. This stage is
Exchange Stage.
• When router receive the LSDB it perform following action:
• Acknowledge the receipt of DBD by sending Ack packet (LSAck)
• Compare the information it received with the existing DB
• If the new DB is more up to date the router send link state
request (LSR) for detail information of that link. This is Loading
Stage
• When all LSR have been satisfied and all routers has an identical
LSDB this stage is OSPF Full Stage
OSPF Metric
Cisco
OSPF Cost = 108/bandwidth in
bps
Juniper
cost = reference-bandwidth /
interface bandwidth
 Cisco. uses the cumulative bandwidths of the outgoing interfaces

from the router to the destination network as the cost value.
 Cisco, Juniper assigns a default cost metric of 1 to any link faster
than 100 Mbps, and a default cost metric of 0 to the loopback
interface (lo0)
Reference Bandwidth
• The reference bandwidth

• Defaults to 108, which is
100,000,000 bps or 100
Mbps.
• This results in interfaces with a
bandwidth of 100 Mbps and
higher having the same OSPF
cost of 1.
 Can be modified using the OSPF command:

Cisco(config-router)# auto-cost reference-bandwidth 10000
Juniper  set protocols ospf reference-bandwidth 10g

Huawei  bandwidth-reference 10000
Default Bandwidth on Serial
Interfaces
R1# show interface serial 0/0/0
Serial0/0/0 is up, line protocol is up
Hardware is GT96K Serial
Description: Link to R2
Internet address is 192.168.10.1/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
 On Cisco routers, the bandwidth value on many serial

interface's defaults to T1 (1.544 Mbps).
 Always check this with the show interface command.
 Always use the bandwidth command on serial interfaces.
 Bandwidth value does not actually affect the speed of the

link
Default Bandwidth on
Default Serial Interfaces
Bandwidth on
Serial Interfaces
R1# show ip route

<route ouput omitted>
O 192.168.10.8 [110/1294] via 192.168.10.6, 14:27:57, Serial0/0/1
[110/1294] via 172.16.3.2, 14:27:57, Serial0/0/0
 R1 believes that both of its serial interfaces are connected to T1 links.

 R1’s routing table having two equal-cost paths to the 192.168.8.0/30
network.
 Serial 0/0/0 is actually the better path.
Adjusting Interface
Bandwidth
 To adjust the interface bandwidth use the

bandwidth kilobits interface configuration
command.
Adjusting Interface
Bandwidth on R1
R1(config)# int s0/0/1

R1(config-if)# bandwidth 64
R1(config-if)# end
R1# show interfaces serial 0/0/1 | include BW

MTU 1500 bytes, BW 64 Kbit/sec, DLY 20000 usec,
R1#
R1# show ip ospf interface serial 0/0/1 | include Cost:
Process ID 10, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 15625
R1#
Cisco Assign OSPF Cost
R1(config)# inter serial 0/0/1
R1(config-if)# end
R1# show ip ospf interface serial 0/0/0 1,000,000,000/64,000 = 15625
Serial0/0 is up, line protocol is up
Internet Address 192.168.10.1/30, Area 0
Process ID 1, Router ID 10.1.1.1, Network Type POINT_TO_POINT,Cost: 15625
<output omitted>

R1(config-if)# ip ospf cost 15625
 An alternative method to using the bandwidth command is to use

the ip ospf cost command, which allows you to directly specify
the cost of an interface.
 This will not change the output of the show ip ospf interface
command.
Juniper Assign OSPF Cost
R1(config)# inter serial 0/0/1

R1(config-if)# end
R1# show ip ospf interface serial 0/0/0 1,000,000,000/64,000 = 15625
Serial0/0 is up, line protocol is up
Internet Address 192.168.10.1/30, Area 0
Process ID 1, Router ID 10.1.1.1, Network Type POINT_TO_POINT,Cost: 15625
<output omitted>
set protocols ospf area 0.0.0.0 interface fe-1/0/1 metric 15625

OSPF Topology
OSPF Router ID
What’s my
Router ID?
What’s my
Router ID?
What’s my
Router ID?
 A router is known to OSPF by the OSPF router ID number.
 LSDBs use the OSPF router ID to differentiate one router from the next
 Cisco routers derive the router ID based on three criteria and with the following
precedence:
1. IP address configured with the OSPF router-id command.
2. Highest IP address of any of its loopback interfaces.
3. Highest active IP address of any of its physical interfaces.
Define the Router ID
 Cisco Assign a specific router ID to the router.
Router(config)# router ospf process-id
Router(config-router)# router-id ip-address
 Juniper Assign a specific router ID to the router.

root@JunOs_1# set routing-options router-id ip-address
 Brocade Assign a specific router ID to the router.

vyos@R1# set protocols ospf parameters router-id ip-address
 Mikrotik Assign a
Specific router ID to
the router.
Define the Networks
 Cisco
Router(config)# router ospf process-id
Router(config-router)# network network-address wildcard-mask area area-id
 Juniper.
root@JunOs_1# set protocols ospf area 0.0.0.0 interface em0
 Brocade Assign a specific router ID to the router.

vyos@R1# set protocols ospf area 0.0.0.0 network Network/Mask
Configure Cisco_1
2
Configure Cisco_2
2
Configure Brocade_1
Configure Juniper_1
Configure Juniper_2
Configure Mikrotik_1
2
3
4
Verifying OSPF
Neighbors
Lists of
OSPF
neighbors
in the
order they
were
learned. The amount of time remaining
before declaring the neighbor down. The local interface to
reach this neighbor.
R1# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface

3.3.3.3 0 FULL/ - 00:00:37 192.168.10.6 Serial0/0/1
2.2.2.2 0 FULL/ - 00:00:30 172.16.3.2 Serial0/0/0
R1#
The state of the OSPF enabled interface.

The OSPF priority of the
interface. • FULL state means that the router and its The neighbor’s IP
neighbor have identical OSPF LSDB. address
• Used in DR/BDR election.
42
Display OSPF neighbors
Display Routing Table
OSPF Timers Configuration
 CISCO
interface fast 0/1
ip ospf hello-interval 2
ip ospf dead-interval 8
 JUNIPER
set protocols ospf area 0 interface em0 hello-interval 2
set protocols ospf area 0 interface em0 dead-interval 8
Homework
OSPF&Default Route
Load Balancing with OSPF
If the router receives and installs multiple paths with the same
administrative distance and cost to a destination, load-balancing can
occur.
The number of paths used is limited by the number of entries the
routing protocol puts in the routing table. Four entries is the default
for most IP routing protocols with the exception of Border Gateway
Protocol (BGP), where one entry is the default. 16 different paths
configured is the maximum number.
maximun-paths 6
Juniper Routers
By default, when there are multiple equal-cost paths to the same destination for
the active route, Junos OS uses a hash algorithm to choose one of the next-
hop addresses to install in the forwarding table. Can be configured Junos OS,
for the active route, all next-hop addresses for a destination are installed in the
forwarding table. This feature is called per-packet load balancing
Cisco Routers
1. Configure IP Address
2. Configure router-id
3. Configure OSPF proccess
4. Verify OSPF routing table
Configure OSPF on
Cisco Routers
Configure OSPF on
Cisco Routers
Verify OSPF Routing Table
Verify Connectivity
Verify Connectivity
Homework. Balancing with
OSPF Huawei Routers
Juniper Routers
Juniper Routers
Juniper Routers
Juniper Routers
Verify Connectivity
Verify Connectivity
Routing Policy
1. Define Routing Policy
set policy-options policy-statement BalanceoCarga then load-balance per-packet
2. Export Policy
set routing-options forwarding-table export BalanceoCarga
Tema 12. EIGRP

1
Overview of EIGRP
 Enhanced IGRP is a Cisco-proprietary routing protocol

released in 1992.
 EIGRP was created as a classless version of IGRP.
 EIGRP acts like a link-state routing protocol, but it’s still a

distance vector routing protocol.
 In 2013, Cisco released a basic functionality of EIGRP as an
open standard to the IETF as an informational RFC.
 Open-EIGRP: RFC 7868 (05/2016).
Main Components of
Routing Protocols
Data Structures EIGRP creates and EIGRP creates and
maintains the: maintains the:
• Routing protocols create and • Neighbor table • Neighbor table
maintain tables (databases) in RAM • Topology table • Topology table
for its operations. • Submits best path(s) to • Submits best path(s) to
the Routing table the Routing table
Routing Protocol Messages
• Routing protocols use messages to EIGRP Hello

learn and maintain accurate EIGRP Update
information about the network. EIGRP Query
• Specifically, messages are used to EIGRP Reply
discover neighboring routers, EIGRP Acknowledge
exchange routing information, and
other tasks.
Algorithm
• Routing protocols use algorithms to I will use the EIGRP I will use the EIGRP
determine the best path to various DUAL algorithm to DUAL algorithm to
destinations. identify what the best identify what the best
routes are. routes are.
EIGRP Features
 Advanced distance vector (DUAL)  Flexible network design

 Rapid convergence  Multicast and unicast instead of broadcast
 100% loop-free classless routing address
 Easy configuration  Support for VLSM and discontiguous subnets
 Incremental updates  Manual summarization at any point in the
internetwork
 Load balancing across equal-
and unequal-cost pathways  Support for multiple network layer protocols
EIGRP Key Components
 Protocol-dependent modules (PDMs)

 Reliable Transport Protocol (RTP)
 Neighbor discovery / Recovery
 DUAL finite-state machine
Protocol-Dependent
Modules
 EIGRP maintains a
individual tables for
each routed protocol.
 EIGRP uses protocol-
dependent modules
(PDMs) to provide
support for IPv4, IPv6
and legacy protocols
IPX and AppleTalk.
 Each PDM is
responsible for all
functions related to its
specific routed
protocol.
ReliableEIGRP
Transport
RTP
Protocol
 Reliable Transport Protocol

(RTP) is the EIGRP Transport
layer protocol used for the delivery
and reception of EIGRP packets.
 However, not all RTP packets
are sent reliably.

Reliable Transport
Protocol
 Reliable packets require explicit acknowledgement
from destination
 Update, Query, Reply
 Unreliable packets do not require

acknowledgement from destination
 Hello, ACK
 RTP can send EIGRP packets as unicast or

multicast.
 IPv4 EIGRP multicast address 224.0.0.10.
 IPv6 EIGRP multicast address FF02::A.

EIGRP Authentication
 EIGRP can authenticate the routing update source.

 Ensures router only accepts routing updates from legitimate
peers.
 Note:
 Authentication does not encrypt the EIGRP routing updates.
EIGRP Packet
Frame Payload
Frame Header CRC

IP Protocol Number EIGRP EIGRP
Header (EIGRP = 88) Header Message
On a LAN, the EIGRP The EIGRP

The EIGRP
packet is header
The destination IP address message
encapsulated in an identifies the
is set to the multicast consists of
Ethernet frame with a type of EIGRP
224.0.0.10 and the EIGRP the Type /
destination multicast packet and
protocol field is 88. Length /
MAC address: autonomous
Value (TLV).
system number.
01-00-5E-00-00-0A
EIGRP Packet Types
 EIGRP uses these 5 packet types to maintain

its various tables and establish complex
relationships with neighbor routers:
Packet Type Description
Hello Used to discover other EIGRP routers in the network.
Acknowledgement Used to acknowledge the receipt of any EIGRP packet.
Update Convey routing information to known destinations.
Query Used to get specific information from a neighbor router.
Reply Used to respond to a query.

EIGRP Header
EIGRP Packet
EIGRP Hello
Packets
 Hello packets are used to discover & form adjacencies with neighbors.
 Multicasted to:
 IPv4: 224.0.0.10
 IPv6: FF02::A
 Hello packets are always sent unreliably.
 Therefore Hello packets do not require acknowledgment.
Hello Packets
 Hello packets are sent on a regular interval.

 Router assumes that as long as it is receiving Hello packets from a
neighbor, the neighbor and its routes remain viable.

 The interval depends on the interface’s bandwidth.
 Low Bandwidth = 60 seconds
 Default interval on multipoint nonbroadcast multiaccess networks
(NBMA) such as X.25, Frame Relay, and ATM interfaces with access
links of T1 (1.544 Mbps) or slower.
 High bandwidth = 5 seconds
 Default interval on circuits with bandwidth greater than T1 such as
Ethernet LANs.
Hello Holdtime
 Hold time - maximum time the router should wait to

receive the next hello before declaring that neighbor as
unreachable.
 Default hold time - 3 times the hello interval
 If the hold time expires:
 EIGRP declares the route as down
 DUAL searches for a new path in the topology table or
by sending out queries.

Hello Format
EIGRP Packet Types – Update
and Acknowledgement Packets
EIGRP uses
triggered
updates
 Update Packets
 Contains only the routing information needed (a change occurs)
 Sent only to those routers that require it.
 Uses reliable delivery.
 Acknowledgment (ACK) Packets

 Sent when reliable delivery is used (update, query, and reply
packets).
 Unreliable unicast.
EIGRP Packet Types – Query and
Reply Packets
Why Query? Another

router could be
attached to the same
LAN.
 Used by DUAL when searching for networks and other

tasks.
 Queries and replies use reliable delivery.
 Queries can use multicast or unicast, whereas Replies are
always sent as unicast.
EIGRP Message
• The EIGRP packet header

identifies the type of
EIGRP message.
• The TLV
(Type/Length/Value) field
contains EIGRP
parameters, IP internal
and external routes.
EIGRP Message - TLVs
TLV 0x0001 - EIGRP
Parameters
• K values are used to calculate the EIGRP metric.

• The Hold Time advertised by a neighbor is the maximum
time a router should wait for any valid EIGRP message sent
by that neighbor before declaring it dead.
TLV 0x0002 - Internal IP
Routes
• Delay: Sum of delays in units
of 10 microseconds from
source to destination.
• Bandwidth: Lowest configured
bandwidth on any interface
along the route.
• Prefix length: Specifies the
number of network bits in the
subnet mask.
• Destination: The destination
address of the route.
TLV 0x0003 - External IP
Routes
• Fields used to track

external source of
route.
• Same fields contained
in the Internal IP route
TLV (0x0002).
 IP external routes are routes which are imported into EIGRP through
redistribution of a default route or other routing protocols.
Initial Route Discovery
DUAL Algorithm
J. J. Garcia-Luna-Aceves
 Diffusing Update Algorithm (DUAL) is the convergence algorithm used

by EIGRP.
 First proposed by E. W. Dijkstra and C. S. Scholten.
 The most prominent work with DUAL has been done by J. J. Garcia-
Luna-Aceves.
 Distance vector routing protocols such as RIP prevent routing loops
with hold-down timers and split horizon.
 Although EIGRP uses both of these techniques, it uses them
somewhat differently; the primary way that EIGRP prevents routing loops
is with the DUAL algorithm.
EIGRP Operations
 EIGRP selects primary (successor) and backup (feasible successor)
routes and injects those into the topology table.
 The primary (successor) routes are then moved to the routing table.
IP EIGRP Neighbor Table List of directly connected adjacent EIGRP

Neighbor IP Address Local router exit neighbor routers and the local interface to
interface to neighbor exit to reach it.
IP EIGRP Topology Table List of all routes learned from each EIGRP
neighbor and identifies successor routes
Destination 1 FD / AD via each neighbor
and feasible successor routes.
IP Routing Table List of the best (successor) routes from

the EIGRP topology table and other
Destination 1 Best route
routing processes.
Example: EIGRP Tables
Router C’s tables:
EIGRP Administrative
Distance (AD)
 EIGRP default administrative distances
Routes manually
summarized.
Routes redistributed into

EIGRP.
EIGRP
Feasible Distance & Reported distance
In the Example , R3 will advertise to R2 its metric towards the

destination.
Basically R3 is saying to R2: “It costs me 5 to get there”. This is called

the advertised distance. R2 has a topology table and in this
topology table it will save this metric, the advertised distance to reach
this destination is 5.
The advertised distance is also called the reported distance.

EIGRP
R2 is sending its feasible distance towards R1 which is 15. R1 will save

this information in the topology table as the advertised distance. R2 is
“telling” R1 the distance is 15.
• Advertised distance: How far the destination is away for your neighbor.
• Feasible distance: The total distance to the destination.
The best path to the destination is called the successor!

The successor will be copied from the topology table to the routing table.
With EIGRP however it’s possible to have a backup path which we call
the feasible successor.
EIGRP
R4 R5
• Which path is the successor (the best path)?

• Do we have any feasible successors? (backup paths)
EIGRP
Router Advertised Distance Feasible Distance

R1 10 15
R2 5 10
R3 9 109
The path with the lowest feasible distance will be the successor (R2)
so now we answered the first question.
Router Advertised Distance Feasible Distance

R1 10 15
R2 5 10 SUCCESSOR
R3 9 109
EIGRP
Advertised distance of feasible successor < Feasible distance of successor.
Router Advertised Feasible

Distance Distance
R1 10 15
R2 5 10 Successor
R3 9 109 Feasible
Successor
EIGRP Network Topology
R1#show running-config
<Output omitted>
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
!
interface Serial0/0/0
ip address 192.168.10.6 255.255.255.252
clock rate 64000
!
ip address 192.168.10.10 255.255.255.252
<Output omitted>
! R2#show running-config
<Output omitted>
interface GigabitEthernet0/0 !
ip address 172.16.1.1 255.255.255.0 interface GigabitEthernet0/0
! ip address 172.16.2.1 255.255.255.0
interface Serial0/0/0 !
ip address 172.16.3.1 255.255.255.252 interface Serial0/0/0
clock rate 64000 ip address 172.16.3.2 255.255.255.252
! !
interface Serial0/0/1 interface Serial0/0/1
ip address 192.168.10.5 255.255.255.252 ip address 192.168.10.9 255.255.255.252
clock rate 64000
!
ip address 209.165.200.225 255.255.255.224
router eigrp
Command
R1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# router ?
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
mobile Mobile routes
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
ospfv3 OSPFv3
rip Routing Information Protocol (RIP)
R1(config)#router eigrp 1
R1(config-router)#
Process ID
Router(config)# router eigrp autonomous-system
Router(config)# router eigrp 1 Must be same on all routers in EIGRP

routing domain
 Both EIGRP and OSPF use a process ID to represent an

instance of their respective routing protocol running on the
router.
 EIGRP refers to “autonomous-system” number
 Actually functions as a process ID.
 1 and 65,535
EIGRP Router ID
The EIGRP router ID is used to uniquely identify each router in the

EIGRP routing domain.
Criteria for deriving the router ID:

1. Configured router ID:
 Configured with eigrp router-id router-id command
2. Highest Loopback IPv4 address:
3. Highest active interface IPv4 address:
eigrp router-id
Command
RID: 2.2.2.2
R2(config)# router eigrp 1

R2(config-router)# eigrp router-id 2.2.2.2
R2(config-router)#
RID: 1.1.1.1 RID: 3.3.3.3

R1(config-router)#
R3(config-router)#
network Command
Router(config-router)# network network-address
R2(config-router)# network 192.168.10.0
 The network command in EIGRP has the same function as in other IGP
routing protocols:
 What does it do?
 Any interface on this router that matches the network address in the
network command will be enabled to send and receive EIGRP

updates.
 This network (or subnet) will be included in EIGRP routing updates.
network Command
All interfaces
belonging to Including the wildcard
the classful mask would only
172.16.0.0/16 advertise that subnet.
address are
enabled for For example, to
EIGRP configure only the
subnet 192.168.10.8 /30
on the S0/0/1 interface.
R1(config-router)#
R2(config-router)#
*Feb 28 17:51:42.543: %DUAL-5-NBRCHANGE: EIGRP-IPv4
1: Neighbor 172.16.3.1 (Serial0/0/0) is up: new
adjacency
R2(config-router)#
network Command
Alternatively, we could of also used either:

• network 192.168.10.8 0.0.0.3
• network 192.168.10.9 0.0.0.0
R2(config-router)# network 192.168.10.8 255.255.255.252
R2(config-router)# end
R2#
R2# show running-config | section eigrp 1
router eigrp 1
network 172.16.0.0
network 192.168.10.8 0.0.0.3 Notice how the EIGRP converts the
eigrp router-id 2.2.2.2
entry into a wildcard mask.
R2#
Verifying Adjacencies
 Use the show ip eigrp neighbors command to view the neighbor
table and verify that EIGRP has established an adjacency with its neighbors.
 The output displays a list of each adjacent neighbor.
 The command is very useful for troubleshooting EIGRP, followed by
ping and show ip interface brief. Amount of time since this neighbor
was added to the neighbor table.
R1# show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 192.168.10.6 Se0/0/1 11 04:57:14 27 162 0 8
0 172.16.3.2 Se0/0/0 13 07:53:46 20 120 0 10
R1#
The local
Neighbor’s interface Seconds remaining
IPv4 receiving before declaring
address EIGRP Hello neighbor down.
packets. Reset to hold time
when Hello is
received.
Verifying EIGRP
 What if the ping is successful and EIGRP still does not see the router
as a neighbor?
 Are both routers configured with the same EIGRP process ID?
 Is the directly connected network included in the EIGRP network
statements?
 Is the passive-interface command inappropriately configured,
thus preventing EIGRP hello packets on the interface?

R1# show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "eigrp 1"

Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP-IPv4 Protocol for AS(1) 1 Routing protocol and Process ID (AS Number)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 2 K values used in composite metric
NSF-aware route hold timer is 240
Router-ID: 1.1.1.1 3 EIGRP Router ID
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170 4 EIGRP Administrative Distances
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled

Maximum path: 4
Routing for Networks:
172.16.0.0
192.168.10.0 5
Interfaces enabled for this EIGRP for IPv6.
Routing Information Sources:
Gateway Distance Last Update
192.168.10.6 90 00:40:20
172.16.3.2 90 00:40:20
Distance: internal 90 external 170
R1#
Verify the R1
Routing Table

C 172.16.1.0/24 is directly connected, GigabitEthernet0/0
L 172.16.1.1/32 is directly connected, GigabitEthernet0/0
D 172.16.2.0/24 [90/2170112] via 172.16.3.2, 00:14:35, Serial0/0/0
D 192.168.1.0/24 [90/2170112] via 192.168.10.6, 00:13:57, Serial0/0/1
D 192.168.10.8/30 [90/2681856] via 192.168.10.6, 00:50:42, Serial0/0/1
[90/2681856] via 172.16.3.2, 00:50:42, Serial0/0/0
R1#
EIGRP
Composite
Metric and the
K Values
 EIGRP uses the following values in its composite metric to calculate the preferred path
to a network:
 Bandwidth: The lowest bandwidth between source and destination.
 Delay: The cumulative interface delay along the path
 Reliability: Worst reliability between source and destination, based on keepalives.
 Load: Worst load on a link between source and destination, based on the packet
rate and the configured bandwidth of the interface.
 Note: Although MTU is included in the routing table updates, it is not a routing metric
used by EIGRP or IGRP.
EIGRP Metrics
 By default:
 K1 and K3 are set to 1,
 K2, K4, and K5 are set to 0.
 The result is that only the bandwidth and delay values are used in
the computation of the default composite metric.
Examining the Metric
Values
Hardware is GT96K Serial
Description: Link to R2
<output omitted>
 show interface command, lets you can examine the

actual values used for bandwidth, delay, reliability, and
load in the computation of the routing metric.
 Default values:
 bandwidth
 delay
Bandwidth
<output omitted>
<output omitted>
 The bandwidth metric (1544 Kbps) is a static value used by some routing
protocols such as EIGRP and OSPF to calculate their routing metric.
 Kilobits per second (Kbps).
 Most serial interfaces use the default bandwidth value of 1544 Kbps
or 1,544,000 bps (1.544 Mbps).
 The value of the bandwidth might or might not reflect the actual physical
bandwidth of the interface.
 Modifying the bandwidth value does not change the actual bandwidth
of the link.
 Should reflect actual bandwidth of the link.
Delay
<output omitted>
<output omitted>
 Delay is a measure of the time it takes for a packet to

traverse a route.
 Based on the type of link, or interface
 Expressed in microseconds (millionths of a second).
 The router does not actually track how long packets are
taking to reach the destination.

 Like the bandwidth value, delay is a default value that
can be changed by the network administrator.

Delay
<output omitted>
<output omitted>
Delay
Media
In usec
 100 microseconds for Fast Gigabit Ethernet 10
Ethernet interfaces. Fast Ethernet 100
 Default value is 20,000 FDDI 100
microseconds for serial 16M Token Ring 630
interfaces Ethernet 1,000
T1 (Serial Default) 20,000
DS0 (64 Kbps) 20,000
1024 Kbps 20,000
56 Kbps 20,000
Reliability – Optional Metric
<output omitted>
<output omitted>
 Reliability is a measure of the probability that the link

will fail or how often the link has experienced errors.
 Value between 0 and 255,
 1 = a minimally reliable link

 255 = 100 percent reliable.
 By default EIGRP does not use reliability in its metric
calculation.
Load – Optional Metric

<output omitted>
<output omitted>
 Load reflects the amount of traffic using the link.

 Value between 0 and 255.
 A lower load value is more desirable because it indicates
less load on the link.

 1/255 would be a minimally loaded link.
 40/255 is a link at 16 percent capacity
 255/255 is a link that is 100 percent saturated
 By default EIGRP does not use load in its metric calculation.
Using the
bandwidth
Command
Configure the bandwidth

commands for R1, R2 and
R3.
R1(config)# inter s 0/0/0




Example Metric
Calculation
R2  192.168.1.0/24
 Using the default values for K1 and K3, you can simplify this calculation
to:
slowest bandwidth 107
+ cumulative sum of all the delays
∑
------------------------------------------------
10
EIGRP route metric
BW = 9,765
+
Delay = 2,001
(Slowest BW + Sum of
Delays) * 256
EIGRP Load Balancing
 Routes with a metric equal to the minimum

metric are installed in the routing table.
 Referred to as “equal-cost load balancing”.
 All IP routing protocols on routers can perform
equal-cost load balancing.
 The maximum-paths maximum-path command
can be used to allow up to 6 equal-cost paths.
 Default is 4.
 Setting the maximum-path option to 1 disables
load balancing.
EIGRP Equal-Cost Load
Balancing
Advertised Distance (AD)
R1 Topology Table
R1(config)# router eigrp 100 Network Neighbor AD FD
R1(config-router)# network 172.16.1.0 0.0.0.255
R1(config-router)# network 192.168.1.0 172.16.2.0/24 R2 20 40
R1(config-router)# network 192.168.2.0 R3 20 40
R1(config-router)# network 192.168.4.0 R4 20 40
R1(config-router)# maximum–paths 3
R1(config-router)# R5 20 40
Unequal Cost Load
Balancing
 EIGRP can also balance traffic across multiple routes that have
different metrics.
 Referred to as unequal-cost load balancing.
 The degree to which EIGRP performs load balancing is controlled

with the variance multiplier command.
 The multiplier is a value, between 1 and 128, used for load
balancing.
 The default is 1, which means equal-cost load balancing.
 Setting a variance value greater than 1 allows EIGRP to install

multiple loop-free routes with unequal cost in the routing table.
 EIGRP will always install successors (the best routes) in the
routing table.
 The variance allows feasible successors (and only feasible
successor routes) as candidate routes to potentially be
installed in the routing table.
EIGRP Unequal-Cost
Load Balancing
The routers above are all running EIGRP. C1 is connected

to C2, C3 and C4 using links of 50, 30 and 10 Mbps.
EIGRP Unequal-Cost
Load Balancing
EIGRP Unequal-Cost
Load Balancing
It is noted the different values for the feasible distance and

advertised distance. The lowest feasible distance is 51968 and it’s
the path through R2 which makes it the successor.
EIGRP Unequal-Cost
Load Balancing
EIGRP Unequal-Cost
Load Balancing
C3 and C4 have been selected as feasible successors because their
advertised distance of 51712 is lower than the feasible distance (51968) of
C2.
If we want to enable load balancing we have to use the following formula:
FD of feasible successor < FD of successor * multiplier
Let’s say we want to load balance over C3:
• Feasible Distance of R2 (successor) = 51968

• Feasible Distance of R3 (feasible successor) =86016
Variance = 86016 / 51968 = 1,65

Variance = 2
C1(config)#router eigrp 10
C1(config-router)#variance 2
EIGRP Unequal-Cost
Load Balancing
EIGRP Unequal-Cost
Load Balancing
EIGRP Unequal-Cost
Load Balancing
Let’s say we want to load balance over C3 and C4:
• Feasible Distance of C2 (successor) = 51968

• Feasible Distance of C4 (feasible successor) =256768
Variance = 256768 / 51968 = 4,94

Variance = 5
C1(config)#router eigrp 10
C1(config-router)#variance 5
EIGRP Unequal-Cost
Load Balancing
EIGRP
for IPv6
 EIGRP for IPv6 is a distance-vector routing protocol.

 The configuration and operation is similar to EIGRP for IPv4.
 The following remained the same as EIGRP for IPv4:
 Uses the same protocol number (88)
 Maintains a topology table and queries if no feasible successors are
available.
 Uses DUAL to calculate the successor routes
EIGRP for IPv4 and
EIGRP for IPv6
EIGRP for IPv4 EIGRP for IPv6
Advertised routes IPv4 networks IPv6 prefixes
Distance vector Yes Yes
Convergence technology DUAL DUAL
Default: Bandwidth & delay Default: Bandwidth & delay

Metric
Optional: Reliability and load Optional: Reliability and load
Transport protocol RTP RTP
Update messages Partial & bounded updates Partial & bounded updates
Neighbor discovery Hello packets Hello packets
Source address; IPv4 address; IPv6 link-local address;

destination addresses 224.0.0.10 IPv4 multicast FF02::10 IPv6 multicast
Authentication Plain text and MD5* MD5*
Router ID 32-bit router ID 32-bit router ID

EIGRP for IPv4 and EIGRP
for IPv6
EIGRP for IPv6 EIGRP for IPv6 IPv6 EIGRP for IPv6 EIGRP for IPv6 IPv6
Neighbor Topology Routing Neighbor Topology Routing

Table Table Table Table Table Table
Note:
• IPv6 link-local addresses are in the FE80::/10 range.
• The /10 indicates that the first 10 bits are 1111 1110 10xx xxxx, which results in the
first hextet having a range of:
• 1111 1110 1000 0000 (FE80) to 1111 1110 1011 1111 (FEBF).
F E 8 0 F E B F
EIGRP for IPv6 Topology
!
ipv6 address 2001:DB8:CAFE:1::1/64
!
ipv6 address 2001:DB8:CAFE:A001::1/64
clock rate 64000
!
!
ipv6 address 2001:DB8:CAFÉ:2::1/64
!
!
clock rate 64000
!
ipv6 address 2001:DB8:FEED:1::1/64
!
ipv6 address 2001:DB8:CAFE:3::1/64
!
clock rate 64000
!
 IPv6 routing protocols use link-local
addresses to exchange routing
messages.
 By default, Cisco routers use EUI-
64 to automatically create a link-
local address.
 Static link-local addresses make it FE80::1
easier to remember and identify the
router.
R1(config)# interface s 0/0/0
R1(config-if)# ipv6 address fe80::1 ?
link-local Use link-local address
R1(config-if)# ipv6 address fe80::1 link-local

R1(config-if)# exit
R1(config-if) #exit
R1(config)# interface g 0/0
FE80::2

R2(config-if)# exit
R2(config-if)# exit
R2(config-if)# exit
R2(config-if)#
80
ipv6 address fe80::2 link-local
FE80::3

R3(config-if)# exit
R3(config-if)# exit
R3(config-if)#
81
 Static link-local addresses make
it easier to remember and
identify the router.
 Link-local addresses only need
to be unique on the link. FE80::1
R1#show ipv6 interface brief

GigabitEthernet0/0 [up/up]
FE80::1
2001:DB8:CAFE:1::1
Serial0/0/0 [up/up] Same IPv6 link-local
FE80::1 address is configured
2001:DB8:CAFE:A001::1 on all interfaces.
Serial0/0/1 [up/up]
FE80::1
2001:DB8:CAFE:A003::1
R1#
Enabling IPv6
Routing
R1(config)# ipv6 router eigrp 2

% IPv6 routing not enabled
R1(config-rtr)#
 ip unicast-routing command is required for forwarding IPv6

packets, static IPv6 routes and dynamic IPv6 routing protocols.
 The EIGRP AS “2” must be the same on all routers.
EIGRP Router ID and no
shutdown
R1(config-rtr)# eigrp router-id 1.0.0.0
R1(config-rtr)# no shutdown
R1(config-rtr)#
 Criteria for deriving the router ID:

1. Configured router ID:
 Configured with eigrp router-id router-id command
2. Highest Loopback IPv4 address:
3. Highest active interface IPv4 address:
 EIGRP (IPv4 and IPv6) requires a 32-bit router ID.

 If there is no 32-bit IPv4 address configured on the router, then a router-id
command is required.
 This is used to uniquely identify the router in EIGRP messages.
 EIGRP for IPv6 also requires the no shutdown command
2.0.0.0
3.0.0.0
1.0.0.0

R2(config-rtr)#

R3(config-rtr)#
85
Enabling EIGRP for
IPv6 on the Interface
R1(config)# interface g0/0

R1(config-if)# ipv6 eigrp 2
R1(config-if)# exit
R1(config-if)#ipv6 eigrp 2
R1(config-if)# exit
R1(config-if)#
Enabling EIGRP for
IPv6 on the Interface

R2(config-if)# exit
R2(config-if)# exit
%DUAL-5-NBRCHANGE: EIGRP-IPv6 2: Neighbor FE80::1 (Serial0/0/0)
is up: new adjacency
R2(config-if)#
R3(config-if) #exit
R3(config-if)#
*Mar 4 03:02:00.696: %DUAL-5-NBRCHANGE: EIGRP-IPv6 2: Neighbor
FE80::1 (Serial0/0/0) is up: new adjacency
R3(config-if)# exit
R3(config-if)#
*Mar 4 03:02:17.264: %DUAL-5-NBRCHANGE: EIGRP-IPv6 2: Neighbor
FE80::2 (Serial0/0/1) is up: new adjacency
Verifying EIGRP for IPv6:
Examining Neighbors
R1#show ipv6 eigrp neighbors
EIGRP-IPv6 Neighbors for AS(2)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 Link-local address: Se0/0/1 13 00:37:17 45 270 0 8
FE80::3
0 Link-local address: Se0/0/0 14 00:53:16 32 2370 0 8
FE80::2
R1#
Amount of
time since
Neighbor’s IPv6 Local Seconds remaining this neighbor
Link-local Address Interface before declaring was added to
receiving neighbor down. the neighbor
EIGRP for table.
IPv6 Hello The current hold time
packets and is reset to the
maximum hold time
whenever a Hello
packet is received.
Verifying EIGRP for IPv6:
show ipv6 protocols
R1#show ipv6 protocols
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "ND"
IPv6 Routing Protocol is "eigrp 2"
EIGRP-IPv6 Protocol for AS(2) 1 Routing protocol and Process ID (AS Number)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 2 K values used in composite metric
NSF-aware route hold timer is 240
Router-ID: 1.0.0.0 3 EIGRP Router ID
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170 4 EIGRP Administrative Distances
Maximum path: 16
Maximum hopcount 100
Maximum metric variance 1
Interfaces: 5 Interfaces enabled for this EIGRP for IPv6.

GigabitEthernet0/0
Serial0/0/0
Serial0/0/1
Redistribution:
None
R1#
Verifying EIGRP Routing
Table
R1#show ipv6 route
C 2001:DB8:CAFE:1::/64 [0/0]
via GigabitEthernet0/0, directly connected
L 2001:DB8:CAFE:1::1/128 [0/0]
via GigabitEthernet0/0, receive
D 2001:DB8:CAFE:2::/64 [90/3524096] Notice link-local
via FE80::3, Serial0/0/1 addresses used as
D 2001:DB8:CAFE:3::/64 [90/2170112] next-hop addresses.
C 2001:DB8:CAFE:A001::/64 [0/0] Routing messages
via Serial0/0/0, directly connected
come from the link-
L 2001:DB8:CAFE:A001::1/128 [0/0]
via Serial0/0/0, receive
local address of the
D 2001:DB8:CAFE:A002::/64 [90/3523840] neighboring routers
C 2001:DB8:CAFE:A003::/64 [0/0]
via Serial0/0/1, directly connected
L 2001:DB8:CAFE:A003::1/128 [0/0]
via Serial0/0/1, receive
L FF00::/8 [0/0]
via Null0, receive
R1#
Tema 13. BGP Básico

1
Autonomous System (AS)
A portion of a large internetwork that is under a given administrative

authority. Autonomous systems can be under the authority of a
particular corporation or institution, or they can be defined by the
uniform use of a particular routing protocol such as Open Shortest
Path First (OSPF), IS-IS or EIGRP.
What is BGP?
 It is the plumbing technology of the Internet
 It is a protocol used to connect different autonomous systems
(AS) together
 Without BGP the Internet would not exist in its current form as
a stable routing platform in an unstable environment.
BGP
 BGP version 4 (BGP-4)
 It is defined in RFC 1105(06/1989), RFC 4271
(01/2006), A Border Gateway Protocol (BGP-4).
 Extensions to BGP-4 (known as BGP4+) includes IPv6,
Multiprotocol-BGP (Unicast, Multicast, IPv4, IPv6).
BGP Use Between
Autonomous
Systems
 Main goal is to provide an interdomain routing systems that

guarantees the loop-free exchange of routing information
between AS’s.
 BGP-4 is a classless routing protocols so it supports:
 VLSM
 CIDR
 There are more than 800,000 CIDR blocks

 Without CIDR full Internet routing tables would contain
more than 6,000,000 entries.
Overview of autonomous
systems
AS Numbers
 Assigned by an Internet registry or a service provider (LACNIC).
 Between 1 and 65,535.
 0 - Reserved
 1 through 64,495 – Assignable for public use
 64,512 through 65,535 - Private use
• This is similar to RFC 1918 IP addresses.
 65,535 - Reserved
 The current AS pool of addresses was predicted to run out by
2012. For this reason, the IETF has released RFC 4893 and
RFC 5398.
 These RFCs describe BGP extensions to increase the AS
number from the two-octet (16-bit) field to a four-octet (32-bits)
field, increasing the pool size from 65,536to 4,294,967,296values
AUTONOMOUS SYSTEM REPORT
https://bgp.he.net/
AUTONOMOUS SYSTEM REPORT
AUTONOMOUS SYSTEM
STATS (2016)
https://as24904.kwaoo.net/as-stats/top.php
AUTONOMOUS SYSTEM
STATS (2017)
AUTONOMOUS SYSTEM
STATS (2018)
BGP Table - 2016
http://bgp.potaroo.net/
BGP Table - 2017
BGP Table - 2018
BGP Table - 2019
 Caution in receiving full Internet routes:

 100,000 routes require about 70 MB of RAM for the BGP table
BGP IPv6 - 2018
Internet eXchange Point
An Internet Exchange Point (IXP) is a network facility that enables the
interconnection of more than two independent Autonomous Systems,
primarily for the purpose of facilitating the exchange of Internet traffic.
https://www.internetexchangemap.com/ 17
IXP - Ecuador
As of April 2018, there are 20 autonomous systems (AS) directly
connected to NAP.EC (http://aeprovi.org.ec/es/) and in the routing
table there are prefixes of 79 different autonomous systems (AS).
18
Comparison with Other
Scalable Routing Protocols
 BGP does not look at speed for the best path.

 BGP is a policy-based routing protocol that allows an AS to control
traffic flow using multiple BGP attributes.
 Routers exchange network reachability information, called path
vectors or attributes
 These include a list of the full path of BGP AS numbers that
a router should take to reach a destination network.
19
When to use BGP and when
not to use BGP
Use BGP when the effects of BGP are well understood and one
of the following conditions exist:
 The AS allows packets to transit through it to reach another
AS (transit AS).
 The AS has multiple connections to other AS’s.
 The flow of traffic entering or exiting the AS must be
manipulated.
 This is policy based routing and based on attributes.
When to use BGP and when
not to use BGP
Do not use BGP if you have one or more of the following conditions:
 A single connection to the Internet or another AS
 No concern for routing policy or routing selection
 A lack of memory or processing power on your routers to handle
constant BGP updates
 A limited understanding of route filtering and BGP path selection
process
 Low bandwidth between AS’s
BGP Internal & External
 External BGP (EBGP) - When BGP is running

between routers in different autonomous systems.
 Internal BGP (IBGP) - When BGP is running between

routers in the same AS.
BGP Path Vector
Characteristics
The path vector information includes:
 A list of the full path of BGP AS numbers (hop by hop)
necessary to reach a destination network.
 Other attributes including the IP address to get to the next
AS (the next-hop attribute) and how the networks at the
end of the path were introduced into BGP (the origin code
attribute).
Loop Free Path –
Example 1
In the above diagram, we see the network 170.10.0.0 /16 is not
accepted by the AS 65333, because it already has its own
autonomous system number as prefix in its AS-PATH. Thus, it
detects the loop.
1
BGP Characteristics
 BGP updates are carried using TCP on port 179.
• In contrast:
• RIP updates use UDP port 520
• EIGRP uses EIGRP’s RTP
• OSPF does not use a Layer 4 protocol but uses OSPF
mechanisms for reliability (OSPF ACKs)
 Because BGP requires TCP:
• IP connectivity must exist between BGP peers.
• TCP connections must also be negotiated between them before
updates can be exchanged.
 BGP inherits those reliable, connection-oriented properties from
TCP.
 BGP assumes that its communication is reliable and therefore, BGP
does not have to implement any retransmission or error-recovery
mechanisms, like EIGRP or OSPF does.
BGP Neighbor Relationships
 Neighbors or peers - Two routers that establish a TCP-enabled

BGP connection between each other.
 BGP speaker - Each router running BGP.
 A BGP speaker has a limited number of BGP neighbors with
which it peers and forms a TCP-based relationship.
 BGP peers can be either:
 Internal to the AS
 External to the AS
BGP Neighbor Relationships
External BGP Neighbors

 eBGP: BGP is running between routers in different autonomous
systems.
 Routers running eBGP are “usually” directly connected to each
other
 eBGP multi-hop allows eBGP neighbors not to be directly
connected.
eBGP Requirements
There are several requirements for eBGP neighborship:

 Different AS number:
 eBGP neighbors must reside in different autonomous
systems to be able to form an eBGP relationship.

 Define neighbors:
 A TCP session must be established prior to starting
BGP routing update exchanges.

 Reachability:
 The IP addresses used in the neighbor command
must be reachable
 eBGP neighbors are “usually” directly connected.
eBGP Multihop
eBGP (external BGP) by default requires two routers to be directly
connected to each other in order to establish a neighbor adjacency.
This is because eBGP routers use a TTL =1 for their BGP packets.
When the BGP neighbor is more than one hop away, the TTL will
decrement to 0 and it will be discarded.
When these two routers are not directly connected then we can still
make it work but we’ll have to use multihop. This requirement does
not apply to iBGP because TTL set to 255.
iBGP
Internal BGP Neighbors

 iBGP: When BGP is running between routers within the same AS
 iBGP is run within an AS to exchange BGP information so that:
 All internal BGP routers have the same BGP routing
information about outside autonomous systems

 This information can be passed to other autonomous systems.
 Typically full-mesh on all routers in the transit path between
AS’s
iBGP Requirements
There are several requirements for iBGP neighborship:

 Same AS number:
 iBGP neighbors must reside in the same AS to be
able to form an IBGP relationship.

 Define neighbors:
 A TCP session must be established between
neighbors prior to start exchanging BGP routing

updates.
 Reachability:
 iBGP neighbors must be reachable; an IGP typically
runs inside the AS.

 Do not have to be directly connected.
BGP Message Types
BGP uses a variety of messages for establishing the

connection, exchanging routing information, checking
if the remote BGP neighbor is still there and/or
notifying the remote side if any errors occur.
To do all of this, BGP uses 4 messages:
 Open Message
 Update Message
 Keepalive Message
 Notification Message
BGP Message Types
Each BGP Message contains the following header:
 Marker: The marker field is used to either authenticate incoming
BGP messages or to detect loss of synchronization between two
BGP peers.
 Length: The length field indicates the total BGP message length,
including the header(messages may be between 19 and 4096
bytes long).
BGP OPEN Message
 After the TCP session is established, both neighbors send Open
messages which includes a set of parameters that have to be agreed
upon before a full BGP adjacency can be established.This message is
used to establish full connections with peers.
 Each neighbor uses this message to identify itself and to specify its BGP
operational parameters including:
 BGP version number(defaults to version 4)
 AS number: AS number of the originating router, determines if BGP
session is eBGP or iBGP.

 BGP identifier: IP address that identifies the neighbor using the
same method as OSPF router ID.

 Optional parameter: authentication, multiprotocol support and route
refresh.
BGP Keepalive Message
 Keepalive messages are sent between peers every 60
seconds (by default) to maintain connections.
 The message consist of only a message header (19
bytes).
 Hold time is three times the KEEPALIVE timer of 60
seconds, 180 seconds.
 If the periodic timer = 0, no keepalives are sent.
 Recommended keepalive interval is one-third of the hold
time interval.
BGP Update Message
 Update messages contain all the information BGP

uses to construct a loop-free picture of the
internetwork.
 A BGP update message has information on one path
only; multiple paths require multiple update
messages.
 All the attributes in the update message refer to that
path, and the networks are those that can be
reached through it.
BGP Update Message
 An update message includes the following information:

 Unreachable routes information
 Path attribute information
 Network-layer reachability information (NLRI)
 This field contains a list of IP address prefixes that are
reachable by this path.

BGP NLRI format
 The NLRI is a list of <length, prefix> tuples.

 One tuple for each reachable destination.
 The prefix represents the reachable destination
 The prefix length represents the # of bits set in the
subnet mask.
BGP Notification Message
 A BGP notification message is sent when an error condition is
detected.
 The BGP connection is closed immediately after this is
sent.
 Notification messages include an error code, an error
subcode, and data related to the error.
BGP Databases
 Neighbor table
 List of BGP neighbors
 BGP table (forwarding database)

 List of all networks learned from each neighbor
 Can contain multiple paths to destination networks
 Contains BGP attributes for each path
 IP routing table
 List of best paths to destination networks
Basic BGP Configuration
Requirements
The next step is to gather the parameters needed
to provide the BGP configuration details. For
basic BGP, these details include the following:
 The autonomous system numbers (of your own
network and of all remote autonomous systems)
 The IP addresses of all the neighbors (peers)
involved
 The networks that are to be advertised into BGP
Basic BGP configuration requires the following
main steps:
 Step 1. Define the BGP process.
 Step 2. Establish the neighbor relationships.
 Step 3. Advertise the networks into BGP.
 Step 1. Define the BGP process &

Neighbors.
R1# configure terminal
R1(config)# router bgp 100
R1(config-router)# neighbor 192.168.1.2 remote-as 100


 Step 3. Advertise the networks into BGP

R2(config-router)# network 192.168.1.0 mask 255.255.255.0

R4(config-router)# network 172.16.1.0 mask 255.255.255.0
Defining the
Source IP
Address
RouterD(config)#router bgp 65102

RouterD(config-router)#neighbor 10.3.3.1 remote-as 650102
 Router D has the configuration above.

 If Router A is sending the BGP packets to Router D via Router B
 The source IP address of the packets will be 10.1.1.1
 Router D:
 Does not recognize the sender of the BGP packet (10.1.1.1)
 10.1.1.1 is not configured as a neighbor of Router D.
 The IBGP session between Router A and D will not be established.

Defining the
Source IP
Address
RouterA(config)#router bgp 65102

RouterA(config-router)#neighbor 192.168.4.4 remote-as 650102
RouterA(config-router)#neighbor 192.168.4.4 update-source loopback0
RouterD(config)#router bgp 65102
RouterD(config-router)#neighbor 192.168.1.1 remote-as 650102
RouterD(config-router)#neighbor 192.168.1.1 update-source loopback0
 Solution: Establish the IBGP session using a loopback interface when
there are multiple paths between the IBGP neighbors.
 Causes the router to use the address of the specified loopback interface
as the source address for BGP connections to this neighbor.
 Need to make sure loopback address is reachable (TCP session)
EBGP Next Hop
Proccesing
One potential issue with iBGP is that it doesn’t change
the next hop IP address. Sometimes this can cause
reachability issues. Let’s look at an example
46
eBGP Next Hop
Proccesing
Solution:
Use option next-hop-self
BGP Example 1
R1 Configure IGP - OSPF
BRC-1 Configure IGP -
OSPF
OSPF
OSPF
OSPF
Display routing table on
Brocade Routers
R4 Configure IGP - EIGRP
Display routing table on
Cisco Routers
Configure iBGP & eBGP R1
Configure iBGP R2
Configure iBGP R3
Configure iBGP BRC-1

Display BGP Neigbhbors
CISCO & Brocade
Display BGP Table CISCO &
Brocade
Configure iBGP&eBGP R4
Configure iBGP R5
Configure iBGP R6
Configure iBGP R7
Configure iBGP R8
Configure iBGP R9
Configure iBGP R10

Examining the BGP Table –
R1
 The status codes are shown at the beginning of each line of output, and
the origin codes are shown at the end of each line.
 A row with an asterisk (*) in the first column means that the next-hop
address is valid.
 A greater-than sign ( > ) in the second column indicates the best path
for a route selected by BGP. This route is offered to the IP routing table.
Examining the Routing
Table R1
Table BRC-4
Table R10
Solution: next-hop-self  R1
BRC-4
Solution: next-hop-self  R4
Ping PC6 (ASN 500)  PC1(ASN
800)
Lab. BGP – Homework # 1
Lab. BGP – Homework # 2
R1  HPE
R2,R3  CISCO R4  HPE
BCR-1, BCR-2, BCR-3, R5,R6,R7,R8  CISCO
BCR-4  BROCADE R9, R10  Mikrotik
BGP with IPv6 – MP-BGP
(RFC 4760)
The normal version of BGP (Border Gateway Protocol) only
supported IPv4 unicast prefixes. Nowadays we use MP-BGP
(Multiprotocol BGP) which supports different addresses:
• IPv4 unicast
• IPv4 multicast
• IPv6 unicast
• IPv6 multicast
BGP with IPv6 – MP-BGP
Configure R3, R2 &
R1 - EIGRP
Configure R6, R5 & R4 –
OSPF
Configure R3, R2 iBGP
Configure R1 iBGP&eBGP
Configure R6, R5 iBGP
Configure R4 iBGP&eBGP
Verify R1 iBGP&eBGP
Process
Verify R4 iBGP&eBGP
Process
Verify R3 BGP Routing Table
Verify Connectivity
Lab. M-BGP - Homework
Tema 14. Redistribution

of Routes
1
Why Run Multiple
Routing Protocols?
 When migrating from an older
Interior Gateway Protocol (IGP)
to a new IGP.
 In mixed-router vendor
environments, such as EIGRP
and OSPF.
 When the use of a new protocol
is desired, but the old routing
protocol is still being
implemented.
 When some departments do not
want to change support a new
routing protocol.
Route Redistribution
 Routing protocols were not designed to interoperate with one another

using different:
 Metrics
 Reactions to topology changes
 Timers
 Processes
 Routers using different routing protocols can exchange routing

information.
 Route redistribution is the capability of boundary routers connecting
different routing domains to exchange and advertise routing information
between those routing domains.
 One-way route redistribution - one protocol receives the

routes from another)
 Two-way route redistribution - both protocols receive routes
from each other.
 Boundary routers:
 Routers that perform redistribution
 Borders two or more ASs or routing domains.
 Redistribution is always performed outbound

 The router doing redistribution does not change its routing table.
 R1 (boundary router) participates in both:
 OSPF
 EIGRP
 Two-way redistribution does not affect the routing table on R1
 However:
 R2 will learn about redistributed EIGRP networks (via OSPF)
 R3 will learn about redistributed OSPF networks (via EIGRP)
 Only networks in R1’s routing table can be redistributed.
Redistribution
OSPF to RIP
Redistribution
EIGRP to OSPF
Redistribution into
OSPF – Default Metric
Redistribution
OSPF to EIGRP
OSPF External Routes
Use external type 1 (E1) routes when there are multiple

Autonomous System Border Routers (ASBRs) advertising an
external route to the same autonomous system to
avoid suboptimal routing.
OSPF External Routes
Use external type 2 (E2) routes if only one ASBR is advertising an
external route to the AS.
Lab. Redistrute Route
Configure EIGRP
Configure EIGRP
Configure OSPF
Configure OSPF
Configure RIPv2
Configure RIPv2
Configure Redistribute
RIP  EIGRP
OSPF  EIGRP
RIP  OSPF
EIGRPOSPF
OSPF  RIP
EIGRPRIP
Default Route
Routing Table R3
Tema 15. DHCP

Services
1
DHCP - Introduction
 DHCP was created by the Dynamic Host Configuration
Working Group of the Internet Engineering Task
Force(IETF) (RFC 2131 – 03/1997)
 Runs over UDP
 Utilizing ports:
 67 – connections to server
 68 – connections to client
 Extension of BOOTP (protocol used for simple

interaction)-DHCP enhances the capabilities of BOOTP
 DHCP is basically used for dynamic configuration
 Uses client–server model
Objective of DHCP
 DHCP temporarily binds IP address & other
configuration parameters to DHCP client & provides
framework for passing configuration information to
hosts
 DHCP was designed to provide computers with
temporary address
 DHCP is well adapted to situation where hosts move
from one location to another or are routinely connected
and disconnected
 Thus DHCP is mainly used to simplify the installation &
maintenance of networked computers.
Characteristics
 Centralized IP address administration
 Backward compatible with BOOTP – therefore a
host running the BOOTP client software can request
a static configuration from a DHCP server
 Supports multiple servers
 Provides dynamic assignment
 Allows static assignment
 Doesn’t interact with domain name service (DNS)
Dynamic Host Configuration
Protocol (DHCP)
 The client’s configuration parameters can include:
 IP Address
 Subnet Mask
 Default Gateway
 DNS Server address
 Domain Names
 WINS Server address
 IP VoIP Server
 …
DHCP Address Allocation
Mechanisms
 Dynamic Allocation:
 DHCP automatically assigns an IP address from a
pool of addresses.
 The address is leased for a limited period of time
configured on the server, or until the client no longer

needs the address.
 Automatic Static Allocation:
 DHCP automatically assigns a static IP address
permanently to a device, selecting it from a pool of

available addresses.
 There is no lease and the address is permanently
assigned to a device.
Software Elements
 Client Software :
 installed in client machines
 to handle broadcast requests
 for automatic IP acquisition & acquiring other
configuration
 Sever Software :
 installed in server machines
 designated to respond to client requests for IP address
 manage pools of IP addresses & related configuration
 Relay Agent Software :

 DHCP clients broadcasts requests onto local
Software Elements
 Relay Agent Software :
 Routers block broadcasts to outer network which means
responses from the DHCP servers must come from

same network
 DHCP relay agents intercepts IP address requests
 repackages the requests

 rebroadcasts them as unicast messages to DHCP servers with
known addresses of other network
 DHCP servers sends its reply to relay agent which in turn
forwards them to client requesting the IP address
Format Message
 DHCP Message Format : The format is based on the format of
BOOTP messages.
DHCP Operation
IP address: 192.168.10.15
Subnet mask: 255.255.255.0
Default Gateway: 192.168.10.1
Lease time: 3 days
DHCPDISCOVER
Broadcast
DHCPOFFER
Unicast
DHCPREQUEST
Broadcast
DHCPACK
Unicast
DHCPREQUEST
Unicast
DHCPACK
Unicast
DHCP transition diagram
Why configure an DHCP
Server?
 In an enterprise, DHCP Services are usually provided by
a Windows Server or a UNIX server platform.
 They are relatively easy to manage and highly
scalable.
 In smaller locations (SOHO, Branch) DHCP services can

be provided by a Routers or Firewalls.
 Reduces DHCP deployment costs since a dedicated
server is not warranted.

CISCO Routers Configure DHCP
Step 1: Exclude Addresses From the
Pool
 Define a range of addresses that DHCP is not to allocate.
 These are usually static addresses reserved for the router
interface, switch management IP address, servers, and local

network printers.
R1(config)#ip dhcp excluded-address low-address [high-address]
R1(config)# ip dhcp excluded-address 10.10.10.1 10.10.10.99

Step 2: Create the
Address Pool
 Create the DHCP pool using the ip dhcp pool command.
 Enters you into DHCP configuration mode
R1(config)#ip dhcp pool POOL-NAME
R1(config)#ip dhcp pool LAN_1

R1(dhcp-config)#
Step 3: Configure the
Specifics of the Pool
 Enter DHCP configuration mode and configure the specifics.
 R1(dhcp-config)#
Tasks Command
Define the address pool network network-number [mask | /prefix-length]
Define the default gateway. default-router address [address2...address8]
Optional Tasks Command
Define a DNS server. dns-server address [address2...address8]
Define the domain name. domain-name domain
Define the duration of the DHCP lease {days [hours] [minutes] | infinite}
lease.
option code [instance number] {ascii string | hex

Define an option code string | ip-address}
option 150 ip 192.168.1.254
Verification Commands
R1# show ip dhcp ?
binding DHCP address bindings
conflict DHCP address conflicts
database DHCP database agents
import Show Imported Parameters
pool DHCP pools information
relay Miscellaneous DHCP relay information
server Miscellaneous DHCP server information
snooping DHCP snooping
R1# show ip dhcp

DHCP Configuration
Example
 Exclude the first 9 addresses and the
last host address.
 Call the pool: LAN-POOL-10

 Assign the network address
 Identify the default router.
 Configure the domain name xyz.com

R1(config)# ip dhcp excluded-address 192.168.10.254
R1(config)# ip dhcp pool LAN-POOL-10
R1(dhcp-config)# network 192.168.10.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.10.1
R1(dhcp-config)# domain-name xyz.com
R1(dhcp-config)# end
DHCP Relay
 DHCP clients use IP broadcasts to find the DHCP server on the

segment.
 What happens when the server and the client are not on the same
segment and are separated by a router?
 Routers do not forward these broadcasts.
 When possible, administrators should use the ip helper-address

command to relay broadcast requests for these key UDP services.
Configuring IP helper
addresses
Broadcast Unicast
To configure RTA e0, the interface that receives the Host A

broadcasts, to relay DHCP broadcasts as a unicast to the DHCP
server, use the following commands:
RTA(config)#interface e0
RTA(config-if)#ip helper-address 172.24.1.9
Topology Example
2. Configure OSPF Routing Protocol and Static Routes
Configure Pool Address
Router ISP
Configure DHCP Relay
R2
Juniper_1
Brocade_1
Tema 16. Packet Filtering

with ACLs IPv4 & IPv6
What are ACLs?
 An ACL is a sequential list of of permit or

deny statements, known as access control
entries (ACEs).
 ACEs are also commonly called ACL
statements.
 ACLs control whether a router permits or
denies packets based on criteria in the header
that identifies the:
 Source IP address
 Destination IP address
 IP protocols (ICMP, TCP, UDP, EIGRP, …)
 TCP/UDP source port
 TCP/UDP destination port

Packet Filtering Example
 For example, you could say,

 Only permit web access to users from network A.
 Deny web access to users from network B, but permit them to have all
other access."
 This is just a simple example. You can configure multiple rules to further
permit or deny services to specific users. You can also filter packets at
the port level using an extended ACL.
Types of ACLs
 Standard ACLs
 Can permit or deny traffic for Source IP addresses … only!
 Extended ACLs
 Can permit or deny traffic for:
 Protocol type IP (IP, ICMP, EIGRP, OSPF, TCP, UDP, …)
 Source IP address
 Source TCP or UDP ports
 Destination IP address
 Destination TCP or UDP ports
Numbered and Named
ACLs
5
Wildcard Mask
 Standard and Extended ACLs both use wildcard

masks.
 Wildcard masks and subnet masks differ in the
way they match binary 1s and 0s.
 Wildcard masks use the following rules to match

binary 1s and 0s:
 Wildcard mask bit 0 - Match the corresponding
bit value in the address

 Wildcard mask bit 1 - Ignore the corresponding
bit value in the address

Calculating Wildcard
Masks #1
 Calculating wildcard masks can be difficult, but you can do it
easily by subtracting the subnet mask from 255.255.255.255.
 For example, assume you wanted to permit access to all

users from the 192.168.3.0 /24
 Subtract the subnet mask (255.255.255.0) from the subnet
mask 255.255.255.255.
255.255.255.255
-255.255.255. 0
0. 0. 0.255
access-list 1 permit 192.168.3.0 0.0.0.255

Calculating Wildcard
Masks #2
 Assume you wanted to permit access to all
users from the 192.168.3.32 /28
 Subtract the subnet mask (255.255.255.240)
from the subnet mask 255.255.255.255.
255.255.255.255
-255.255.255.240
0. 0. 0. 15

Host keyword
Decimal Binary
IP Address 192.168.1.1 11000000.10101000.00000001.00000001
Wildcard Mask 0.0.0.0 00000000.000000000.00000000.00000000
Result 192.168.1.1 11000000.10101000.00000001.00000001
 The host keyword can be used to substitute for the 0.0.0.0 wildcard
mask.
 This mask states that all IPv4 address bits must match or only one
host is matched.
access-list 1 permit host 192.168.1.1
Note: The host keyword can also be used in IPv6 ACLs.

Any Keyword
Decimal Binary
IP Address 0.0.0.0 00000000.00000000.00000000.00000000
Wildcard Mask 255.255.255.255 11111111.11111111.11111111.11111111
Result 0.0.0.0 00000000.000000000.00000000.00000000
 The any keyword substitutes for the 255.255.255.255 wildcard

mask.
 This mask says to ignore the entire IPv4 address or to accept
any addresses.
access-list 1 permit any
Any Traffic filtering on a
Router
ACL Placement
 Extended ACLs - This way,
undesirable traffic is denied close to
the source network without crossing
the network infrastructure.
 Standard ACLs - Because standard
ACLs do not specify destination
addresses, place them as close to the
destination as possible.
 Placing a standard ACL at the source
of the traffic will effectively prevent
that traffic from reaching any other
networks through the interface where
the ACL is applied.
ACL Placement
 Placement of the ACL and therefore

the type of ACL used may also
depend on:
 The extent of the network
administrator’s control
 Bandwidth of the networks
involved
 Ease of configuration
13
Can only permit/deny based on source address.
Will deny traffic to all sites.
Why not here?
14
Can permit/deny based on source,
destination, protocol... Can block before
wasting network bandwidth.
Why here?
OR
How are ACLs Created?
1. Create an ACL definition.

 Enter global configuration
mode.
 Define statements of what to
filter.
2. Apply the ACL to an interface.
 Enter interface configuration
mode.
 Identify the ACL and the
direction to filter.
Create a Standard ACL
RTR(config)# access-list ACL# {permit|deny} { test-conditions }
 ACL-# is a unique identifier.

 The # range identifies the type of ACL.
 permit | deny are terms to specify how the

packets which meet the condition will be handled.
 permit: Implies the packet will not be filtered.
 deny: Implies the packet will be filtered.
 remark: Allows you to enter a description of the
ACL
Apply the ACL to an
interface
RTR(config-if)# {protocol} access-group list-# {in|out}
ip access-group 5 out
 in | out identifies if the ACL is for incoming or outgoing

traffic.
in means that packets are filtered as they enter the
interface, before the routing decision.
out means that packets are filtered as they leave the
interface, after the routing decision.
 “out” is the default.
Outbound ACLs are generally more efficient, and are
preferred.
Inbound ACLs must check every packet.
Deny Any Implied
By default, there is an
implied deny at the
end of all ACLs for
traffic that was not
matched to a
configured entry.
R1(config)# access-list 1 permit 192.168.10.0 0.0.0.255
SAME AS

R1(config)# access-list 2 deny any
20
Removing an ACL

R1(config)# exit
R1# show access-lists
Standard IP access list 10
10 permit 192.168.10.0, wildcard bits 0.0.0.255
R1# conf t
R1(config)# no access-list 10
R1(config)# exit
R1 #show access-lists
R1#
Comments -
remark
R1(config)# access-list 10 remark Permit hosts from the 192.168.10.0 LAN

R1(config)# exit
R1# show running-config | include access-list 10
access-list 10 remark Permit hosts from the 192.168.10.0 LAN
R1#
Internal Logic
Order matters
Conflict with Statements
ACL 3: Host statement conflicts with previous range statement
R1(config)# access-list 3 deny 192.168.10.0 0.0.0.255

R1(config)# access-list 3 permit host 192.168.10.10
% Access rule can't be configured at higher sequence num as
it is part of the existing rule at sequence num 10
R1(config)#
Internal Logic
Order matters
Host Statement Entered Before Range
ACL 4: Host statement can always be configured before range statements
R1(config)# access-list 4 permit host 192.168.10.10

R1(config)# access-list 4 deny 192.168.10.0 0.0.0.255
R1(config)#
Applying Standard ACLs to
Interfaces
Step 1: Configure the ACL statements
Step 2: Select the interface to apply the ACL
Step 3: Apply the ACL to the interface using the ip access-group command
R1(config-if)# ip access-group 1 out

Permit a Specific
Subnet

R1(config)# interface s0/0/0
Deny a Specific Host
and Permit a Specific
Subnet
X
X
R1(config)# access-list 1 deny host 192.168.10.10
27
Named ACL
Named ACLs
RTR(config)# ip access-list {standard|extended} { NAME }
ip access-list extended TELNET-FILTER
 Named ACLs allow standard and extended IP ACLs to be

identified with a name.
 Name cannot start with a number.
 Named ACLs help identify the function of the ACL.

 The actual names used must be unique across all named
access lists of all protocols and types on an individual router.
 Names can be duplicated on different routers.
 ACLs of different types cannot have the same name.

 For example, it is illegal to specify a standard ACL named
Filter_Web and an extended ACL with the same name.

Named ACLs Syntax
RTR(config)# ip access-list {standard|extended} { NAME }
ip access-list extended TELNET-FILTER
 Create the named ACL in global configuration mode.

 Notice that the access-list command has changed to:
 ip access-list
 Then enter named ACL configuration mode.
 The sub config mode prompt varies between standard and extended
ACLs.
R1(config)# ip access-list standard NAME-OF-THE-ACL

R1(config-std-nacl)# exit
R1(config)# ip access-list extended A-DIFFERENT-NAME-ACL
R1(config-ext-nacl)# exit
Named ACLs Syntax
 In ACL configuration mode, specify one or more

conditions permitted or denied.
 This determines whether the packet is passed or
dropped.
RTR(config {std- | ext-}nacl)# deny {source [source wildcard] | any}
RTR(config {std- | ext-}nacl)# permit {source [source wildcard] | any}
RTR(config {std- | ext-}nacl)# remark [comment]

Named ACL
Example
X
R1(config)# ip access-list standard NO_ACCESS
R1(config-std-nacl)# deny host 192.168.11.10
R1(config-std-nacl)# permit any
R1(config-std-nacl)# exit
R1(config-if)# ip access-group NO_ACCESS out
Commenting ACLs
Example 1 – Commenting a numbered ACL
R1(config)# access-list 1 remark Do not allow Guest workstation through
R1(config)# access-list 1 remark Allow devices from all other 192.168.x.x subnets
R1(config-if)#
Example 2 – Commenting a named ACL

R1(config-std-nacl)# remark Do not allow access from Lab workstation
R1(config-std-nacl)# deny host 192.168.11.10
R1(config-std-nacl)# remark Allow access from all other networks
R1(config-std-nacl)# permit any
R1(config-std-nacl)# interface G0/0
R1(config-if)# ip access-group NO_ACCESS out
R1(config-if)#
Editing Numbered ACLs Using
Sequence Numbers
Configuration
Step 1 R1# show access-lists 1

10 deny 192.168.10.99
R1#
Step 2 R1# conf t
R1(config)# ip access-list standard 1
R1(config-std-nacl)# no 10
R1(config-std-nacl)# 10 deny host 192.168.10.10
R1(config-std-nacl)# end
R1#
Step 3 R1# show access-lists
10 deny 192.168.10.10
R1#
Editing Named ACLs –
Adding a Line
Standard IP access list NO_ACCESS
10 deny 192.168.11.10
R1# conf t
R1(config-std-nacl)# 15 deny host 192.168.11.11
R1(config-std-nacl)# end
10 deny 192.168.11.10
15 deny 192.168.11.11
R1#
Note: The no sequence-number named-ACL command is used to delete

individual statements.
Verifying ACLs
R1# show ip interface s0/0/0
<output omitted>
Outgoing access list is 1
Inbound access list is not set
<output omitted>
R1# show ip interface g0/0

GigabitEthernet0/1 is up, line protocol is up
<output omitted>
Outgoing access list is NO_ACCESS
Inbound access list is not set
<output omitted>
10 deny 192.168.10.10
15 deny 192.168.11.11
10 deny 192.168.11.10
R1#
Viewing ACL Statistics
10 deny 192.168.10.10 (4 match(es))
15 deny 192.168.11.11
10 deny 192.168.11.10 (4 match(es))
R1#
Output after pinging PC3 from PC1.

Matches
R1# show access-lists have been
Standard IP access list 1 incremented.
10 deny 192.168.10.10 (8 match(es))
15 deny 192.168.11.11
10 deny 192.168.11.10 (4 match(es))
R1#
Clearing ACL Statistics
R1#show access-lists
10 deny 192.168.10.10 (8 match(es))
15 deny 192.168.11.11
10 deny 192.168.11.10 (4 match(es))
R1#
R1#clear access-list counters 1
R1# Matches have
R1#show access-lists been cleared.
10 deny 192.168.10.10
15 deny 192.168.11.11
10 deny 192.168.11.10 (4 match(es))
Standard ACL Sequence
Numbers and Internal Logic
R1(config)#access-list 1 deny 192.168.10.0 0.0.0.255 Range
R1(config)#access-list 1 deny 192.168.20.0 0.0.0.255 (network)
R1(config)#access-list 1 deny 192.168.30.0 0.0.0.255 statements
R1(config)#access-list 1 permit 10.0.0.1
R1(config)#access-list 1 permit 10.0.0.2
R1(config)#access-list 1 permit 10.0.0.3 Host
R1(config)#access-list 1 permit 10.0.0.4 statements (no
R1(config)#access-list 1 permit 10.0.0.5 conflicts
R1(config)#end
R1#show running-config | include access-list 1
access-list 1 permit 10.0.0.2
access-list 1 permit 10.0.0.1 Host
statements (no
conflicts
access-list 1 deny 192.168.10.0 0.0.0.255 Range
access-list 1 deny 192.168.20.0 0.0.0.255 (network)
access-list 1 deny 192.168.30.0 0.0.0.255 statements
R1#
R1#show access-lists 1 Reload
50 permit 10.0.0.2
60 permit 10.0.0.3 Host statements are listed first, in an
40 permit 10.0.0.1 order to be efficiently processed by the
70 permit 10.0.0.4 IOS keeping the original sequence
80 permit 10.0.0.5 numbers assigned by IOS
10 deny 192.168.10.0, wildcard bits 0.0.0.255
R1#copy running-config startup-config
R1#reload Range statements are listed
R1#show access-lists 1 after host statements, in the
Standard IP access list 1 order they were entered,
10 permit 10.0.0.2 also with original sequence
20 permit 10.0.0.3 numbers
30 permit 10.0.0.1
40 permit 10.0.0.4
50 permit 10.0.0.5
R1#
Extended ACL
Extended ACLs
 Extended ACLs are used more often than standard ACLs

because they provide a greater degree of control. Extended
ACLs provide more precise traffic-filtering control.
 Also referred to as “increased granular control”.
 All extended ACLs filter on Source IP address AND

Destination IP address.
 But what make them really special is that they can also filter
based on:
 Upper layer protocols (e.g., IP, TCP, UDP, ICMP, EIGRP,
…)
 Source port
 Destination port
Extended ACLs Syntax
Extended ACLs also filter on Protocol and Destination address.
The choice of Protocol adds
 All extended ACLs follow this basic syntax. various other options.
permit Source Destination

access-list list-# deny Protocol Operator Port
remark IP Wildcard IP Wildcard
IP 20 (FTP-data)
100- LT
199 TCP 21 (FTP)
GT
UDP any any 23 (TELNET)
EQ
2000 ICMP host host 25 (SMTP)
NEQ
to EIGRP 53 (DNS)
2699
OSPF 80 (HTTP)
These options change

depending which Protocol is
selected.
Port Names versus Port
Number
access-list 114 permit tcp 192.168.20.0 0.0.0.255 any eq 23
access-list 114 permit tcp 192.168.20.0 0.0.0.255 any eq telnet

access-list 114 permit tcp 192.168.20.0 0.0.0.255 any eq ftp
access-list 114 permit tcp 192.168.20.0 0.0.0.255 any eq ftp-data
Port/protocol after destination address

refers to the destination port
 Note:
 Not all protocols have a port name assigned
 Port numbers always work.
 E.g., SSH and HTTPS do not have port names assigned and must therefore
be assigned using their respective port numbers (22 and 443)
Use ? examples.
Extended IP ACLs
Examples
access-list 101 permit ip any any
Permit all packets
access-list 101 deny ip any host 10.1.1.1
Deny all packets from any source address going specifically to host 10.1.1.1.
access-list 101 deny ip host 10.1.1.1 any
Deny all packets from host 10.1.1.1 going to any destination address.
Extended TCP ACLs
Examples
access-list 101 deny tcp any any eq telnet
Deny packets from any source address telnetting to anywhere.
access-list 101 deny tcp any host 10.1.1.1 eq 23
Deny packets from any source address telnetting to 10.1.1.1.
access-list 101 deny tcp any host 10.1.1.1 eq telnet
Same function as last example; except it denies using the keyword telnet.
Extended TCP ACLs
Examples
Port/protocol after destination address refers to the destination port

Packets from subnets 192.168.32.0 to 192.168.63.0 are permitted FTP access to

any destination.
FTP requires both ports to be permitted.

- Port 20 = ftp-data
- Port 21 = ftp (commands)
Configuring Extended ACLs
S0/1/0
S0/0/0 R2 S0/0/1 ISP
S0/0/0 S0/0/1
10.1.1.1/30
R1 G0/1
R3
G0/0
192.168.10.0/24 192.168.11.0/24
S1 S2
R1(config)# access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80

R1(config)# access-list 104 permit tcp any 192.168.10.0 0.0.0.255
established
The established parameter allows only responses to traffic that originates from the
192.168.10.0/24 network to return to that network.
Without the established parameter in the ACL statement, clients could send traffic to a
web server, but not receive traffic returning from the web server.
Applying Extended ACLs to
Interfaces
S0/1/0
S0/0/0 R2 S0/0/1 ISP
S0/0/0 S0/0/1
10.1.1.1/30
R1 G0/1
R3
G0/0
192.168.10.0/24 192.168.11.0/24
S1 S2

R1(config)# access-list 104 permit tcp any 192.168.10.0 0.0.0.255
established
R1(config)#interface g0/0
R1(config-if)# ip access-group 103 in
Deny FTP and Permit
Everything Else
S0/1/0
S0/0/0 R2 S0/0/1 ISP
S0/0/0 S0/0/1
10.1.1.1/30
R1 G0/1
R3
G0/0
192.168.10.0/24 192.168.11.0/24
S1 S2 FTP X
R1(config)# access-list 101 deny tcp 192.168.11.0 0.0.0.255 192.168.10.0

0.0.0.255 eq ftp
R1(config)# access-list 101 deny tcp 192.168.11.0 0.0.0.255 192.168.10.0
0.0.0.255 eq ftp-data
R1(config)# access-list 101 permit ip any any
R1(config-if)# ip access-group 101 in
Deny SSH and Permit
Everything Else
S0/1/0
S0/0/0 R2 S0/0/1 ISP

Extended ACL to Deny Telnet
S0/0/0 S0/0/1
10.1.1.1/30
R1 G0/1
R3
G0/0
192.168.10.0/24 192.168.11.0/24
S1 S2
SSH X
R1(config)# access-list 102 deny tcp any 192.168.11.0 0.0.0.255 eq 22

R1(config)# access-list 102 permit ip any any

Creating Named Extended ACLs
S0/1/0
S0/0/0 R2 S0/0/1 ISP
S0/0/0 S0/0/1
10.1.1.1/30
R1 G0/1
R3
G0/0
192.168.10.0/24 192.168.11.0/24
S1 S2
R1(config)# ip access-list extended SURFING

R1(config-ext-nacl)# permit tcp 192.168.10.0 0.0.0.255 any eq 80
R1(config-ext-nacl)# permit tcp 192.168.10.0 0.0.0.255 any eq 443
R1(config)# ip access-list extended BROWSING
R1(config-ext-nacl)# permit tcp any 192.168.10.0 0.0.0.255 established
R1(config-if)# ip access-group SURFING in
R1(config-if)# ip access-group BROWSING out
Verifying Extended ACLs
Extended IP access list BROWSING
10 permit tcp any 192.168.10.0 0.0.0.255 established
Extended IP access list SURFING
10 permit tcp 192.168.10.0 0.0.0.255 any eq www
20 permit tcp 192.168.10.0 0.0.0.255 any eq 443
R1#
R1#show ip interface g0/0
<output omitted for brevity>
Outgoing access list is BROWSING
Inbound access list is SURFING
<rest of output omitted for brevity>
Editing Extended ACLs
Extended IP access list BROWSING Should be
192.168.10.0
20 permit tcp 192.168.10.0 0.0.0.255 any eq 443
R1#
R1(config)# ip access-list extended SURFING
R1(config-ext-nacl)# no 10
R1(config-ext-nacl)# 10 permit tcp 192.168.10.0 0.0.0.255
any eq www
R1#
Extended IP access list BROWSING
20 permit tcp 192.168.10.0 0.0.0.255 any eq 443
Juniper Filters
55
Juniper Filters
1 Create filter
edit firewall
set filter controlwww term 1 from source-address 10.10.20.0/24
set filter controlwww term 1 from destination-address 10.10.12.10/32
set filter controlwww term 1 from protocol icmp
set filter controlwww term 1 then accept
set filter controlwww term 2 from source-address 10.10.20.0/24
set filter controlwww term 2 from destination-address 10.10.12.10/32
set filter controlwww term 2 from protocol tcp
set filter controlwww term 2 from destination-port http
set filter controlwww term 2 then accept
quit
2 Apply filter on Interface

set interfaces em0 unit 0 family inet filter input controlwww
commit
ACLs Homework
• WWW Access only PC-1 and

PC3
• ICMP permit only PC-1 with
PC4 and PC1-PC3
• ICMP deny all PCs to WWW
IPv6 ACL
IPv4 ACLs IPv6 ACLs

• Standard • Named only
• Numbered • Similar features to
• Named Extended ACLs
• Extended
• Numbered
• Named
Comparing IPv4 and IPv6
I know your IPv6
address but I
need your MAC
ACLs
address
ICMP Neighbor Solicitation message
1 I have the IPv6
address you are
looking for and
here is my MAC
address
ICMP Neighbor Advertisement message
2
Very similar, but there are three significant differences

 Applying an IPv6 ACL
 IPv4 - ip access-group
 IPv6 - ipv6 traffic-filter
 No Wildcard Masks - Instead, the prefix-length is used
 Additional Default Statements
 permit icmp any any nd-na
 permit icmp any any nd-ns
 These two statements allow the router to participate in the IPv6
equivalent of ARP for IPv4.
IPv6 Topology
2001:DB8:FEED:1::/64 S0/0/0 R2 S0/0/1

2001:DB8:FEED:2::/64
:2 :2
S0/0/0
S0/0/1
:1
:1
R1 R3
G0/0 G0/1
G0/0
:1 :1
:1
2001:DB8:CAFE:10::/64 2001:DB8:CAFE:11::/64 2001:DB8:CAFE:30::/64
S1 S2 S3
PC1 PC2
PC3
2001:DB8:CAFE:10::10 2001:DB8:CAFE:11::11 2001:DB8:CAFE:30::12/64

Configuring the IPv6
Topology
R1(config-if)#ipv6 address 2001:db8:cafe:10::1/64
R1(config-if)#exit
R1(config)#interface s0/0/0
R1(config-if)#ipv6 address 2001:db8:feed:1::1/64
R1(config-if)#exit
R1(config-if)#end
FE80::FE99:47FF:FE75:C3E0
2001:DB8:CAFE:10::1
2001:DB8:CAFE:11::1
Serial0/0/0 [up/up]
2001:DB8:FEED:1::1
<some output omitted for brevity>
R1#
Topology
R2(config-if)#exit
R2(config-if)#end
Serial0/0/0 [up/up]
FE80::FE99:47FF:FE71:78A0
2001:DB8:FEED:1::2
Serial0/0/1 [up/up]
FE80::FE99:47FF:FE71:78A0
2001:DB8:FEED:2::2
R2#
Topology
R3(config-if)#exit
R3(config-if)#end
FE80::FE99:47FF:FE71:7A20
2001:DB8:CAFE:30::1
Serial0/0/1 [up/up]
FE80::FE99:47FF:FE71:7A20
2001:DB8:FEED:2::1
R3#
Configuring IPv6 ACLs
R1(config-ipv6-acl)# deny | permit protocol {source-ipv6-prefix/prefix-length | any

| host source-ipv6-address} [operator [port-number]] {destination-ipv6-prefix/
prefix-length | any | host destination-ipv6-address} [operator [port-number]]
Parameter Description
deny | permit Specifies whether to deny or permit the packet.
protocol Enter the name or number of an Internet protocol, or an integer representing an

IPv6 protocol number.
source-ipv6-prefix/prefix- The source or destination IPv6 network or class of networks for which to set deny or
length permit conditions
destination-ipv6-address
any Enter any as an abbreviation for the IPv6 prefix ::/0. This matches all addresses.
host For host source-ipv6-address or destination-ipv6-address, enter the source or

destination IPv6 host address for which to set deny or permit conditions
operator (Optional) An operand that compares the source or destination ports of the specified
protocol. Operands are lt (less than), gt (greater than), eq (equal), neq (not equal),
and range.
port-number (Optional) A decimal number or the name of a TCP or UDP port for filtering TCP or
UDP, respectively.
2001:DB8:FEED:1::/64
S0/0/0
:2
R2 S0/0/1
:2 2001:DB8:FEED:2::/64
S0/0/0
:1 S0/0/1
:1
R1 R3
G0/0 G0/1
:1 G0/0
:1 :1
S1 S2 S3 X
PC1 PC2 PC3
R1(config)# ipv6 access-list NO-R3-LAN-ACCESS

R1(config-ipv6-acl)# deny ipv6 2001:db8:cafe:30::/64 any
R1(config-ipv6-acl)# permit ipv6 any any
R1(config-ipv6-acl)# end
R1#
R1(config-if)# ipv6 traffic-filter NO-R3-LAN-ACCESS in
2001:DB8:FEED:1::/64 S0/0/0
:2
R2 S0/0/1
:2 2001:DB8:FEED:2::/64
S0/0/0
S0/0/1
:1
:1
R1 R3
G0/0 G0/1
:1 G0/0
:1 :1
FTP X S1 S2 S3
PC1 PC2 PC3
R1(config)# ipv6 access-list NO-FTP-TO-11

R1(config-ipv6-acl)# deny tcp any 2001:db8:cafe:11::/64 eq ftp
R1(config-ipv6-acl)# deny tcp any 2001:db8:cafe:11::/64 eq ftp-data
R1(config-ipv6-acl)# permit ipv6 any any
R1(config-ipv6-acl)# exit
R1(config-if)# ipv6 traffic-filter NO-FTP-TO-11 in
2001:DB8:FEED:1::/64 S0/0/0
:2
R2 S0/0/1
:2 2001:DB8:FEED:2::/64
S0/0/0
S0/0/1
:1
:1
R1 R3
G0/1
HTTP/HTTPS G0/0
:1 :1 G0/0
:1
X S1 S2 S3
Telnet
PC1 PC2 Telnet from
2001:DB8:CAFE:10::10
PC3
2001:DB8:CAFE:11::11
X PC3
2001:DB8:CAFE:30::12/64
• Permit access only HTTP and HTTPS to Network 10

• Deny all other traffic to PC1 – ::10
• Permit PC3 telnet access to PC2
• Deny telnet access to PC2 for all other devices
• Permit access to everything else
R3(config)# ipv6 access-list RETRICTED-ACCESS
R3(config-ipv6-acl)# remark Permit access only HTTP and HTTPS to Network 10
R3(config-ipv6-acl)# permit tcp any host 2001:db8:cafe:10::10 eq 80
R3(config-ipv6-acl)# permit tcp any host 2001:db8:cafe:10::10 eq 443
R3(config-ipv6-acl)# remark Deny all other traffic to Network 10

R3(config-ipv6-acl)# deny ipv6 any 2001:db8:cafe:10::/64
R3(config-ipv6-acl)# remark Permit PC3 telnet access to PC2

R3(config-ipv6-acl)# permit tcp host 2001:DB8:CAFE:30::12 host 2001:DB8:CAFE:11::11
eq 23
R3(config-ipv6-acl)# remark Deny telnet access to PC2 for all other devices
R3(config-ipv6-acl)# deny tcp any host 2001:db8:cafe:11::11 eq 23
R3(config-ipv6-acl)#remark Permit access to everything else

R3(config-ipv6-acl)#permit ipv6 any any
R3(config-ipv6-acl)#exit
68
R3(config-if)#ipv6 traffic-filter RESTRICTED-ACCESS in
Verifying IPv6 ACLs
R3# show ipv6 interface g0/0

Global unicast address(es):
2001:DB8:CAFE:30::1, subnet is 2001:DB8:CAFE:30::/64
Input features: Access List
Inbound access list RESTRICTED-ACCESS

IPv6 access list RESTRICTED-ACCESS
permit tcp any host 2001:DB8:CAFE:10::10 eq www sequence 20
permit tcp any host 2001:DB8:CAFE:10::10 eq 443 sequence 30
deny ipv6 any 2001:DB8:CAFE:10::/64 sequence 50
permit tcp host 2001:DB8:CAFE:30::12 host 2001:DB8:CAFE:11::11
eq telnet sequence 70
deny tcp any host 2001:DB8:CAFE:11::11 eq telnet sequence 90
permit ipv6 any any sequence 110
R3#
Verifying IPv6 ACLs
R3# show running-config

ipv6 access-list RESTRICTED-ACCESS
remark Permit access only HTTP and HTTPS to Network 10
permit tcp any host 2001:DB8:CAFE:10::10 eq www
permit tcp any host 2001:DB8:CAFE:10::10 eq 443
remark Deny all other traffic to Network 10
deny ipv6 any 2001:DB8:CAFE:10::/64
remark Permit PC3 telnet access to PC2
permit tcp host 2001:DB8:CAFE:30::12 host 2001:DB8:CAFE:11::11 eq telnet
remark Deny telnet access to PC2 for all other devices
deny tcp any host 2001:DB8:CAFE:11::11 eq telnet
remark Permit access to everything else
permit ipv6 any any
Tema 17. Ethernet

Technology
The Ethernet Ecosystem
The Ethernet Ecosystem
Ethernet Protocol
 Ethernet – Most common LAN technology used today.

 Supports data bandwidths of 10, 100, 1000, 10,000, 40,000, 100,000 and
400,000 Mbps (400 Gbps)
 Operates in the data link layer and the physical layer.
 Defined in the IEEE 802.2 and 802.3 standards.
 Ethernet relies on the two separate sublayers of the data link layer to
operate:
 Logical Link Control (LLC)
 MAC
Network Interface Card
(NIC)
Network Interface Card (NIC)

 Layer 2, Data Link Layer, device
 Connects the device (computer) to the LAN
 Responsible for the local Layer 2 address (later)
 Common Today Bandwidth
 10/100 Mbps, 10/100/1000/40000/100000/400000
Mbps
Ethernet Protocol
LLC
• Handles communication between upper and lower
layers
• Takes the network protocol data and adds control
information to help deliver the packet to the
destination
Ethernet Protocol
MAC
• Constitutes the lower sublayer of the data link layer
• Implemented by hardware, typically in the computer NIC
• Two primary responsibilities:
• Data encapsulation
• Media access control
Ethernet Operation
MAC Sublayer
Application Application Layer
Header + data
Layer 4: Transport Layer
Layer 3: Network Layer
Layer 2:
Data Link
Layer
010010100100100100111010010001101000… Layer 1: Physical
Layer
Data encapsulation
• Frame assembly before transmission and frame disassembly upon
reception of a frame
• MAC layer adds a header and trailer to the network layer PDU
Ethernet Operation
MAC Sublayer
Data encapsulation provides three primary
functions:
Frame delimiting – identifies a group of bits that make
up a frame, synchronization between the transmitting
and receiving nodes
Addressing – each Ethernet header added in the frame
contains the physical address (MAC address) that
enables a frame to be delivered to a destination node
Error detection - each Ethernet frame contains a trailer
with a cyclic redundancy check (CRC) of the frame
contents
Ethernet Operation
MAC Sublayer
Media Access Control

• Responsible for the placement/removal of frames on the media
• Communicates directly with the physical layer
• If multiple devices on a single medium attempt to forward data
simultaneously, the data will collide resulting in corrupted,
unusable data
• Ethernet provides a method for controlling how the nodes share
access through the use a Carrier Sense Multiple Access
(CSMA) technology
Ethernet Operation
Media Access
Control
Carrier Sense Multiple Access (CSMA) process

• Used to first detect if the media is carrying a signal
• If no carrier signal is detected, the device transmits its
data
• If two devices transmit at the same time - data collision
CSMA/CD and Collisions
CSMA/CD (Carrier Sense Multiple Access with Collision Detection)
 Listens to the network’s shared media to see if any other users on
“on the line” by trying to sense a neutral electrical signal or carrier.
 If no transmission is sensed, then multiple access allows anyone
onto the media without any further permission required.
 If two PCs detect a neutral signal and access the shared media at
the exact same time, a collision occurs and is detected.
 The PCs sense the collision by being unable to deliver the entire
frame onto the network.
 When a collision occurs, a jamming signal is sent out by the first
PC to detect the collision.
 Using either a priority or random backoff scheme, the PCs wait
certain amount of time before retransmitting.
 If collisions continue to occur, the PCs random interval is doubled,
lessening the chances of a collision.
Ethernet Operation
Media Access
Control
CSMA/Collision Detection
 With today’s intermediate devices (full-duplex switches), collisions do not
occur
 Processes utilized by CSMA/CD are really unnecessary
 Wireless connections in a LAN environment still have to take collisions into
account
CSMA/Collision Avoidance (CSMA/CA)
 Device examines the media for the presence of data signal - if the media is
free, the device sends a notification across the media of its intent to use it
 The device then sends the data.
 Used by 802.11 wireless networking technologies
Ethernet Operation
MAC Address: Ethernet Identity
• Layer 2 Ethernet MAC address is a 48-bit binary value expressed as
12 hexadecimal digits
 IEEE requires a vendor to follow two simple rules:
1. Must use that vendor's assigned OUI as the first 3 bytes
2. All MAC addresses with the same OUI must be assigned a
unique value in the last 3 bytes
Ethernet Operation
Frame Processing
 Every device with an Ethernet NIC has a MAC addresses assigned:

 workstations, servers, printers, switches, and routers
 MAC addresses are sometimes referred to as burned-in addresses
(BIAs)
 Examples: 00-05-9A-3C-78-00, 00:05:9A:3C:78:00, or
0005.9A3C.7800
 Ethernet header contains the source and destination MAC address
 Each NIC views information to see if the destination MAC address in
the frame matches the device’s physical MAC address stored in
RAM
 No match, the device discards the frame
 Matches the destination MAC of the frame, the NIC passes the frame
up the OSI layers, where the decapsulation process takes place
Frame Forwarding
16
Ethernet Frame
Attributes
Ethernet Frame Attributes
Ethernet Encapsulation
 Early versions of Ethernet were relatively slow at 10 Mbps
 Now operate at 10 Gigabits per second and faster (400Gbps)
 Ethernet frame structure adds headers and trailers around the
Layer 3 PDU to encapsulate the message being sent
Ethernet II is
the Ethernet
frame format
used in
TCP/IP
networks.
Ethernet Frame Size
 Ethernet II and IEEE 802.3 standards define:

 minimum frame size as 64 bytes
 maximum as 1518 bytes
 "collision fragment" or "runt frame” – Frame less than 64 bytes
 If size of a transmitted frame is less than the minimum or greater
than the maximum, the receiving device drops the frame
 At the physical layer, different versions of Ethernet vary in their
method for detecting and placing data on the media
Ethernet Jumbo Frames
Jumbo frames are any Ethernet frame that has a payload larger
than 1500 bytes. When you think Jumbo frames most people
think of a frame that can carry a maximum payload of 9000
bytes. Most Ethernet switches today support jumbo frames, but
must be configured to do so in order for this to work correctly.
Applications such as NFS or
Storage Networks that operate
using 8KB datagrams are perfect
for jumbo frames. Instead,
applications that are highly
sensitive to latency, jitter, or delay
(such as multimedia
applications, VoIP, etc.,) will not
work well with jumbo frames.
Ethernet Frame Size
The figure displays the fields contained in the 802.1Q VLAN tag
 In 1998, IEEE 802.3ac standard extended the

maximum allowable frame size to 1522 bytes.
 Increased to accommodate a technology called
Virtual Local Area Network (VLAN).
Introduction to the
Ethernet Frame
TYPE
Preamble and Start

Frame Delimiter Fields Type Field Data and Pad
Used for synchronization Describes which protocol Fields
between the sending and is implemented Contain the
receiving devices encapsulated data
from a higher
Length Field (Prior to layer, an IPv4
1997) packet
Defines the exact length
of the frame's data field
Introduction to the
Ethernet Frame
Frame Check Sequence Field

Used to detect errors in a frame with cyclic redundancy check (4
bytes), if calculations match at source and receiver, no error
occurred.
The Ethernet MAC Address
A unique identifier called a Media Access Control (MAC) address was

created to assist in determining the source and destination address within
an Ethernet network.
 It provided a method for device identification at a lower level of
the OSI model.

 An Ethernet MAC address is a 48-bit binary value expressed as
12 hexadecimal digits.
MAC Address Format
OUI unique
 An Intel MAC address: 00-21-CC-BA-44-C4
 IEEE OUI FAQs: http://standards-oui.ieee.org/oui.txt
Unicast MAC Address
A unicast MAC address is the unique
address used when a frame is sent from
a single transmitting device to single
destination device.
Broadcast MAC Address
A unicast MAC address is the unique
address used when a frame is sent from
a single transmitting device to all
destination devices.
Multicast MAC Address
Multicast MAC address is a

Range of IPV4 multicast addresses
special value that begins with
is 224.0.0.0 to 239.255.255.255
01-00-5E in hexadecimal
Ethernet Switches
The main features of Ethernet switches are:
• Isolate traffic among segments
• Achieve greater amount of bandwidth per user by
creating smaller collision domains.
Ethernet Switches
Vendors
Modular Data Center
Switches
Ethernet Switches
Market Share 2018
Ethernet Cables
UTP
Ethernet Cables
UTP Speed
Ethernet Cables
Fiber Optic
Ethernet
1000 Mbps = 1Gbe
1000 Data Rate Reach Form Factors Media Standard
Base (Gbps) (meters) Wavelength IEEE 802.3
T 100 RJ45,SFP,GBIC TP Cooper ab
SX 300 GBIC,SFP MMF 850nm
LX 5000 GBIC,SFP SMF 1310nm z
1
CX 25 HSSDC/DB9 Twimax Cooper
ZX 70000 GBIC,SFP SMF 1550nm Defacto
Ethernet
GBIC vs SFP
SFP(Small Form-Factor Pluggable) port and GBIC(Gigabit
Interface Converter) port can be found in a variety of
equipment, including Ethernet switches, routers, network
interface cards, servers, etc. Today most Ethernet switches
are designed with as least one or two Gigabit SFP uplink
slots.
10 Gigabit Ethernet
10G Data Rate Reach Form Factors Media Standard
Base (Gbps) (meters) Wavelength IEEE 802.3
SR 300 XENPACK,XFP,X2,SFP+ MMF 850nm
LR 10 10000 XENPACK,XFP,X2,SFP+ SMF 1330nm
ae-2002
LX4 4 X 2,5 300 XENPACK,X2 MMF 1310nm
ER 40000 XENPACK,XFP,X2 SMF 1550nm
ZR 80000 XFP,SFP+ SMF 1550nm
LRM 220 XFP,SFP+ MMF 1310nm aq-2006
10
CX4 15 MicroGigaCN Twimax ak-2004
Cooper
T 100 RJ45 Cat 6A TP Cooper an-2006
CR 15 SFP+ Twimax SFF
Cooper Standard
40&100
Gigabit Ethernet
Cisco Nexus 9000

400 Gigabit Ethernet
 400 GbE Study Group approved on March 22, 2013
 400 GbE Study Group will define the objectives for reach
and media that could
 Re-use 100GbE technology
 4X100GBASE-SR4 – 100 meters on 16 parallel MMF
 4X100GBASE-LR4 – 10km on 8 parallel SMF
 Create new 400GbE technology that could delay the
standard after 2016
 400GBASE-LR16 – 2 km on duplex SMF
 IEEE 802.3bs (06/12/2017) – 400G
400GE OPTICAL
INTERFACES
400G PLUGGABLE
FORM FACTORS
400 Gigabit Switchs
400 Gigabit Switchs
CISCO NEXUS
Switch Process
For every frame that enters a switch…
 Learning Stage (Building/Updating of SAT/MAC table)
 Examines Source MAC Address:
 If Source MAC Address is in the SAT/MAC table, update 5

minute timer
 If Source MAC Address is NOT in the SAT/MAC table, add
Source MAC Address and incoming port number to SAT/MAC
table
 Forwarding Stage (Flood or Filter)
 Examines Destination MAC Address:
 If Destination MAC Address is in the SAT/MAC table, forward

the frame only out that port (Filter), unless it is the outgoing port
is the same as the incoming port (checks Source MAC Address)
 If Destination MAC Address is NOT in the SAT/MAC table,
forward the frame only out all ports except incoming port
(Flood)
Switch Process
Learn: Examine Source MAC Address
MAC Address Table
Port MAC Address
1 2 3 4
A B C D
MAC MAC MAC MAC
00-0A 00-0B 00-0C 00-0D
Switch Process
MAC Address Table
Port MAC Address
Port and Source MAC I don’t have this source
address added 2 1 00-0A
MAC address and the
incoming port in my table
so I will add it.
1 2 3 4
1
1
A B C D
2
MAC MAC MAC MAC
00-0A 00-0B 00-0C 00-0D
Destination MAC Source MAC

Type Data FCS
00-0D 00-0A
Switch Process
Forward: Examine Destination MAC Address
MAC Address Table
Port MAC Address I don’t have this
1 00-0A destination MAC address
Destination MAC in my table so I will send
1
address not in table this unknown unicast out
all ports.
1 2 3 4
1
2
A B C D
2
MAC MAC MAC MAC
00-0A 00-0B 00-0C 00-0D

Type Data FCS
00-0D 00-0A
Switch Process
MAC Address Table I don’t have this source MAC
Port MAC Address address and the incoming
1 00-0A port in my table so I will add
Port and Source MAC
address added 1 4 00-0D it.
1 2 3 4
1
1
A B C D
2
MAC MAC MAC MAC
00-0A 00-0B 00-0C 00-0D
3
Type Data FCS
00-0A 00-0D
Switch Process
Forward: Examine Destination MAC Address
MAC Address Table
I know the destination MAC
Port MAC Address
address so I will only
2 1 00-0A forward the frame out port 1.
4 00-0D
1 2 3 4
1
2
A B C D
2
MAC MAC MAC MAC
00-0A 00-0B 00-0C 00-0D
3
Type Data FCS
00-0A 00-0D
Switch Process
MAC Address Table
Port MAC Address
1 00-0A
4 00-0D
1 2 3 4
1
1 2
A B C D
2
MAC MAC MAC MAC
00-0A 00-0B 00-0C 00-0D
3
Type Data FCS
00-0D 00-0A
MAC Address Tables on Connected
Switches
S1 MAC Address Table S2 MAC Address Table

Port MAC Address Port MAC Address
Internet
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Type Data FCS
00-0B 00-0A
Switches
Internet
1 00-0A
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Type Data FCS
00-0B 00-0A
Switches
Internet
1 00-0A
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Type Data FCS
00-0B 00-0A
Switches
Internet
1 00-0A
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Type Data FCS
00-0B 00-0A
Switches
Internet
1 00-0A 1 00-0A
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Type Data FCS
00-0B 00-0A
Switches

Internet
1 00-0A 1 00-0A
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Type Data FCS
00-0B 00-0A
Switches

Internet
1 00-0A 1 00-0A
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
A B C
X MAC
00-0D
MAC MAC MAC X

00-0A 00-0B 00-0C

Type Data FCS
00-0B 00-0A
Switches
Internet
1 00-0A 1 00-0A
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Type Data FCS
00-0A 00-0B
Switches

Internet
1 00-0A 1 00-0A
3 00-0B
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Type Data FCS
00-0A 00-0B
Switches
Internet
1 00-0A 1 00-0A
3 00-0B
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Type Data FCS
00-0A 00-0B
1 00-0A 1 00-0A
3 00-0B
Internet
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C
Destination MAC Data

Source MAC
Type Destination IP address on a FCS
00-0D 00-0A remote network
1 00-0A 1 00-0A
3 00-0B
Internet
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Source MAC
1 00-0A 1 00-0A
3 00-0B
Internet
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
X
MAC MAC MAC
00-0A 00-0B 00-0C

Source MAC
1 00-0A 1 00-0A
3 00-0B
Internet
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
X
MAC MAC MAC
00-0A 00-0B 00-0C

Source MAC
1 00-0A 1 00-0A
3 00-0B
Internet
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B
X C
X
MAC MAC MAC
00-0A 00-0B 00-0C

Source MAC
1 00-0A 1 00-0A
3 00-0B
Internet
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Source MAC
Type Source IP address on a FCS
00-0A 00-0D remote network
1 00-0A 1 00-0A
3 00-0B 4 00-0D
Internet
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Source MAC
1 00-0A 1 00-0A
3 00-0B 4 00-0D
Internet
4 00-0D
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Source MAC
1 00-0A 1 00-0A
3 00-0B 4 00-0D
Internet
4 00-0D
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Source MAC
1 00-0A 1 00-0A
3 00-0B 4 00-0D
Internet
4 00-0D
S1 1 2 3 4 S2 1 2 3 4 1 Router
2
MAC
00-0D
A B C
MAC MAC MAC

00-0A 00-0B 00-0C

Source MAC
Hubs and Collision
Domains
Sending host
Receiving host
Hubs and Collision
Domains
Collision
Sending host
Receiving host
Where are the collision domains?
What would be the duplex settings?
router
hub hub
hub hub hub hub hub hub
74
Where are the collision
domains?
Single Collision Domain
router
hub hub
75
What would be the duplex
settings?
Half-duplex
router
hub hub
hub
76
Half-duplex
router
switch switch
77
router
switch switch
Collision Domains Collision Domains
78
What would be the duplex
settings?
Half-duplex
router
Full-duplex
switch switch
hub
79
Half-duplex
router
switch switch
switch hub hub switch switch switch
80
Where are the collision
domains?
router
switch switch
Collision Domains
81
What would be the
duplex settings?
Half-duplex
router
Full-duplex
switch switch
switch
82
Full-duplex
Duplex and Speed Settings
PC-A
Port 1
Autonegotiation
Duplex Full Full Duplex
Half Half
1000 Mb/s Speed
Speed 100 Mb/s 100 Mb/s

10 Mb/s 10 Mb/s
Duplex Mismatch
I’m half-duplex so I can
I’m full-duplex so I only send when the link is
can send when ever clear but I am also getting 1
I want. a lot of collisions!
2
S1 Full-duplex S2
Half-duplex
S2 will continually experience collisions

because S1 keeps sending frames any time it
has something to send.
Full Duplex Operation
 A switch supports three duplex settings:

 The full option sets full-duplex mode.
 The half option sets half-duplex mode.
 The auto option sets autonegotiation of duplex mode which
enables two ports to decide the best mode of operation.
 For Fast Ethernet and 10/100/1000 ports, the default is auto.

 For 100BASE-FX ports, the default is full.
 The 10/100/1000 ports operate in either half- or full-duplex
mode when they are set to 10 or 100 Mb/s, but when set to
1,000 Mb/s, they operate only in full-duplex mode.
Crossover
Auto-MDIX
 Connections between specific devices, such as switch-

to-switch, switch-to-router, switch-to-host, and router-
to-host device, once required the use of a specific
cable types (crossover or straight-through).
 Modern switches support the mdix auto interface
configuration command to enable the automatic
medium-dependent interface crossover (auto-MDIX)
feature.
Address Resolution
Protocol (ARP)
The primary purpose of ARP:
1. Resolving IPv4 addresses to MAC
addresses
2. Maintaining a cache of mappings
 ARP is used to map known IP addresses to

MAC addresses on the local network.
 If the device is on a remote LAN segment, the
host will send an ARP request for the MAC
address of the default gateway.
How Does ARP Work?
Destination MAC:
FF-FF-FF-FF-FF-FF
Add entry to ARP

cache
Viewing and Clearing the
ARP Table
 To view the local ARP table in Windows DOS:
arp –a
 To clear the local ARP table in Windows DOS:
arp –d
Switch Forwarding
Methods
 Store-and-forward – The entire frame is received

before any forwarding takes place.
 The destination and source addresses are read and
filters are applied before the frame is forwarded.
 CRC Check done
 Cut-through – The frame is forwarded through the

switch before the entire frame is received.
 This mode decreases the latency of the
transmission, but also reduces error detection.
Store-and-Forward
Switching
 Reads the entire frame:.

 Discards any frames that are corrupt (runts/ too big)
 Performs FCS using CRC and discards any frames with errors
 Allows QoS checks
 Once the entire frame has been read and checked for errors, the switch
then forwards it.
 Allows entry and exit at different (asymmetric) bandwidths
Cut Through – Fast
Forward
 Reads up to the end of destination MAC address.

 Then starts sending it out the designated port while
remainder of frame is still coming in.

 Lowest latency but no error control.
 Entry and exit must be same bandwidth

Cut Through – Fragment
Free
 Reads up to the end of byte 64 and then:

 Looks up port and start forwarding while remainder of frame (if any)
is still coming in.

 Discards collision fragments (too short) but other bad frames are
forwarded
 Compromise between low latency and checks
 Entry and exit must be same bandwidth

•
Adaptive Cut-Through
 Adaptive cut-through
 In this mode, the switch uses cut-through until
it detects a given number of errors.

 Once the error threshold is reached, the switch
changes to store-and-forward mode.

Selective Forwarding
Cut-Through Cut-Through Store-and-Forward

Lowest Latency Fragment Free Highest Latency
No error checking Low Latency All errors filtered
Checks for collisions

(Filters most errors)
Lowest Latency Highest Latency
Less Error Checking More Error Checking

95
Tema 18. LAN
Segmentation with VLANs

Broadcast Domains
 Although switches filter frames based on MAC
addresses, they do not filter broadcast frames.
 A broadcast frames must be forwarded by
switches.
 A collection of interconnected switches forms a
single broadcast domain.
 Only a Layer 3 entity, such as a router, or a
virtual LAN (VLAN), can stop a Layer 2
broadcast domain.
 Routers and VLANs are used to segment both
collision and broadcast domains.
 When a device wants to send out a Layer 2
broadcast, the destination MAC address in the
frame is set to all ones.
 All the devices accept and process the
broadcasted frame.
 The broadcast domain at Layer 2 is referred to
as the MAC broadcast domain.
LAN Segmentation
 LANs are segmented into a number of smaller
collision and broadcast domains using routers
and switches.
 Bridges and Switches
Bridges and switches share many attributes, several
distinctions differentiate these technologies.
 Bridges are generally used to segment a LAN into a couple
of smaller segments.
 Switches are generally used to segment a large LAN into
many smaller segments.
 Bridges have only a few ports for LAN connectivity
 Switches have many ports.
 Routers
Because routers do not forward broadcast traffic by
default, they can be used to create broadcast domains.
 Each router interface connects to a separate network,
containing broadcast traffic within the LAN segment in
which it originated.
Definition: VLAN
“A VLAN is a virtual LAN that logically

segments switched networks based on
functions, project teams, or
applications of the organization
regardless of the physical location or
connections to the network.”
Default VLAN Assignment
Default: All ports in the same VLAN (subnet)

Switch# show vlan
VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
<output omitted>
Default VLAN Assignment
Default: All ports in the same VLAN
ARP Request
Broadcast
A B C D
192.168.10.10 192.168.10.11 192.168.10.12 192.168.10.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
 Hosts can communicate with each other because:
 Same IP subnet
 Switch ports are on the same VLAN (subnet)
 Can A, B, C and D ping each other?

 If A did an ARP request for B, who would see this Ethernet broadcast?
VLAN Definitions
 A VLAN is a logical partition of a Layer 2 network.

 Multiple partitions can be created, allowing for multiple VLANs to
co-exist.
 Each VLAN is a broadcast domain, usually with its own IP network.
 VLANs are mutually isolated and packets can only pass between
them via a router.
 The partitioning of the Layer 2 network takes place inside a Layer 2
device, usually via a switch.
 The hosts grouped within a VLAN are unaware of the VLAN’s
existence.
With a single VLANs (“no
VLANs”)
MAC A MAC B MAC C MAC D

aa.aa bb.bb cc.cc dd.dd
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
 You can do this but devices can only communicate with each
other that are on the same IP subnet…. Unless you have a
…ROUTER.
 Who can A Ping? B ping? C ping? D ping?
A single VLAN (“no VLANs”)
means no segmentation
ARP Request
Wasted
Broadcast
bandwidth
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0

 If C did an ARP request for D, who would see this Ethernet broadcast?
 Remember: ARP requests are only when the source IP address and the
destination IP address are on the SAME SUBNET.
A single VLAN (“no VLANs”) means no segmentation
ARP Request
Broadcast
A B C D
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0

 If A did an ARP request for B, who would see
this Ethernet broadcast?
 If C did an ARP request for D, who would
VLANs and IP
Addresses/Masks
 VLANs are configured on the switch port

 IP Addresses and subnet masks are
configured on the devices that connect to the
switch ports.
 VLAN on the switch must match the IP
network address of the device.
VLANs and IP
Addresses/Masks
Configured
for VLAN 10
Configured for VLAN 10 Configured for VLAN 20
Configured
for VLAN 20

192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
A B C D
192.168.10.10 192.168.10.11 192.168.10.12 192.168.10.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Default: All ports in the same VLAN (subnet)
Switch# show vlan
---- -------------------------------- --------- -------------------------------
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
A B C D
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Switch# show vlan

---- -------------------------------- --------- -------------------------------
10 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Gig0/1
20 active Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24,
Gig0/2
VLANs and different
Switchs
VLANs do not have to be configured contiguously on the switch.
ARP Request ARP Request

Broadcast Broadcast
A B C D
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
 VLANs segment switches in to different VLANs or Subnets
 Think of it like having separate switches
 If C did an ARP request for D, who would see this Ethernet broadcast?
Router and
subnets/VLANs

192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
 Router is required to connect (route) between subnets/VLANs

MAC 192.168.20.1
22.22 255.255.255.0
PCA> ping 192.168.20.12 MAC 192.168.10.1

11.11 255.255.255.0

192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
 In this example, a single router with two IP addresses, one on each subnet, is
connected to the switch.
 Each of the router’s interfaces is connected to a proper VLAN port on the switch to
match it’s IP subnet. (Just like the host computers!)
MAC 192.168.20.1
22.22 255.255.255.0
PCA> ping 192.168.20.12 MAC 192.168.10.1

11.11 255.255.255.0

192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
ARP Cache  A does an ARP Request for
192.168.10.1 <-> 11.11 192.168.10.1 (Default gateway).
 Gets ARP Reply
 A adds MAC and IP to ARP Cache
MAC 192.168.20.1
22.22 255.255.255.0
MAC 192.168.10.1
PCA> ping 192.168.20.12
11.11 255.255.255.0

192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
Destination Address Source Address Type IP (ICMP) FCS

11.11 aa.aa DA 192.168.20.12
 A sends Ethernet frame to default gateway, the router

ARP Cache
MAC 192.168.20.1
192.168.20.12 <-> cc.cc 22.22 255.255.255.0
MAC 192.168.10.1
11.11 255.255.255.0

192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
 Router does an ARP Request for

PCA> ping 192.168.20.12 192.168.20.12 (Destination IP).
 Gets ARP Reply
 Router adds MAC and IP to ARP Cache
PCA> ping 192.168.20.12
MAC 192.168.20.1
22.22 255.255.255.0
MAC 192.168.10.1
11.11 255.255.255.0

192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0

cc.cc 22.22 DA 192.168.20.12
 Router sends Ethernet frame to final destination, PC-C

PCA> ping 192.168.20.12
MAC 192.168.20.1
.!!!! 22.22 255.255.255.0
MAC 192.168.10.1
11.11 255.255.255.0

192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
22.22 cc.cc DA 192.168.10.10

aa.aa 11.11 DA 192.168.10.10
Benefits of
VLANs
 Security:
 Improved by isolating user access to sensitive data and applications.
 Cost reduction:
 Reduces the need for expensive network upgrades and more efficient
use of existing bandwidth and uplinks.

 Smaller Broadcast Domains:
 Divide a network into smaller logical networks, resulting in lower
susceptibility to broadcast storms.

 Better performance:
 Divides the flat Layer 2 networks into multiple broadcast domains
reducing unnecessary traffic on the network and boosts performance.

 Improved IT staff efficiency:
 Makes the network easier to manage.
Normal Range VLANs
Switch# show vlan

---- -------------------------------- --------- -------------------------------
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Gig0/1, Gig0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
 Used in small- and medium-sized business and enterprise networks.

 VLAN Range: 1 – 1005
 Reserved VLANs: VLANs 1, 1002 – 1005

Extended Range
VLANs
 Used in Service Provider
networks (great number of
customers) or large, global
enterprises.
 VLAN Range: 1006 -
4094.
 Support fewer VLAN
features than normal

range VLANs.
Types of VLANs
 Default VLAN (VLAN 1 by default)
 Native VLAN (VLAN 1 by default)
 Used for untagged traffic (later)
 User VLANs
 Each IP subnet is a separate VLAN
 Management VLAN
 VLAN to connect to infrastructure devices such a switches
 Voice VLAN
 VLAN used to connect IP phones
 Guest VLAN
 For to connect guests and others who do not have access to
internal resources, perhaps Internet access only

 Garbage VLAN
 For unused ports not yet configured for a specific VLAN
VLAN = Subnet
 Business VLANs
 IT VLAN
 HR VLAN
 Sales VLAN
 College
 Student VLAN
 Faculty VLAN
 Guest VLAN
Default VLAN
VLAN 1
Default VLAN
Native VLAN
Un-tagged (If trunking there is no
802.1Q or ISL encapsulation)
CDP, VTP, PAgP, LACP, DTP, BPDUs
 By default all traffic is carried across VLAN 1.

 By default all ports are on VLAN 1
 VLAN 1 is:
 The default VLAN (all user traffic)
 Native VLAN: No trunking encapsulation even if configured as a trunk
coming).
 All Layer 2 control traffic (e.g., DTP, VTP, STP BPDUs, PAgP, LACP, CDP,
etc.), are associated with VLAN 1
User or Data VLANs

192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13
255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
HR Department Sales Department
 These are VLANs used for different user VLANs/subnets
 For user data traffic
 What about the ports not in the Red or Blue VLAN?
 They are still in VLAN 1 (default VLAN)
 Change them to the Voice (VoIP) VLAN later.
Creating Static
User VLANs
S1# configure terminal

S1(config)# vlan 10
S1(config-vlan)# name HR
VLAN name is optional
S1(config-vlan)# exit
Single host attached, not
S1(config)# interface fastethernet 0/2
S1(config-if)# switchport mode access
another switch (trunk)
S1(config-if)# switchport access vlan 10
S1(config-if)# end VLAN 10 assigned to the port
S1#
 Ports on a switch are manually assigned (CLI) to a VLAN.

 If you assign an interface to a VLAN that does not exist, the new
VLAN is created for you.

Configuring a
Range of Ports
S1(config)# interface range fastethernet 0/1 - 10

S1(config-if-range)# switchport mode access
S1(config-if-range)# switchport access vlan 10
S1(config-if-range)# exit
S1(config)# interface gigabitethernet 0/1
S1(config-if)# end
S1#
Configuring a
Range of Ports
S1(config)# vlan 20
S1(config-vlan)# name SALES
S1(config)# interface gigabitethernet 0/2
S1(config-if)# end
S1#
S1# show vlan

---- -------------------------------- --------- -------------------------------
10 HR active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Gi0/1
20 SALES active Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Gi0/2
Verifying
VLAN Port
Parameters
S1# show interface fa 0/1 switchport

Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 10 (HR)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
<some output omitted>
S1#
S1# show interface fa 0/11 switchport
Name: Fa0/11
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Management VLAN 1
VLAN 1
192.168.10.254
SSH to
192.168.10.254
S1(config)# inter vlan 1

S1(config-if)# description Management VLAN
S1(config-if)# ip address 192.168.10.254 255.255.255.0
S1(config-if)# no shutdown
• A switch can be managed via HTTP, Telnet, SSH, or SNMP.

• A management VLAN is used to manage the infrastructure devices including
switches, routers, AP, etc.
• Security best practice is to change the management VLAN to a VLAN other than
VLAN 1.
Native VLAN
 A native VLAN is assigned to an IEEE 802.1Q trunk port.

 Incoming traffic can be tagged (VLAN) or untagged traffic.
 Native VLANs are set out in the IEEE 802.1Q specification
to maintain backward compatibility with untagged traffic.

 Security best practice is to change the native VLAN to a VLAN
other than VLAN 1.
Voice VLAN
 VoIP traffic requires:

 Assured bandwidth to ensure voice quality.
 Transmission priority over other types of network traffic.
 Ability to be routed around congested areas on the network.
 Delay of less than 150 milliseconds (ms) across the network.
 Security best practice is that voice traffic must be placed in a

separate VLAN.
switchport voice vlan
vvid
Voice: 802.1Q trunk
Tagged as vvid CoS in 802.1p bits
Data:
Untagged: Native VLAN
Recommended Option
Switch(config)# interface type mod/num
Switch(config-if)# switchport voice vlan vlan-id
 Instructs the IP phone to forward all voice traffic through the specified VLAN.
 By default, the Cisco IP phone forwards the voice traffic with an 802.1Q priority of 5.
 Creates a special 802.1Q trunk
 Negotiated by DTP and CDP
 CoS (Class of Service) in 802.1p bits
 vvid puts:
 Voice packets on voice VLAN
 Voice VLAN is configured.
 Data packets in Native VLAN
 VLAN 1 by default unless modified on the switch
 Can configure the data VLAN to be a a VLAN other than Native or Voice
Configuring Voice VLAN
Operation
Voice: 802.1Q trunk
Tagged as voice VLAN 100 CoS in 802.1p bits
Data:
Untagged: Native VLAN
Tagged as VLAN 20
Recommended Option
Switch(config)# interface FastEthernet0/24
Switch(config-if)# switchport voice vlan 100
Switch(config-if)# switchport access vlan 20
 Portfast is automatically enabled with

voice
Switch# show VLAN.
run
interface FastEthernet0/24
switchport voice vlan 100
switchport access vlan 20
spanning-tree portfast
VLAN Trunks
Default VLAN
VLAN 1 Control traffic (STP, DTP, VTP, CDP, …)
User VLAN
VLAN 10 HR – 192.168.10.0/24
VLAN 20 User VLAN

Sales– 192.168.20.0/24
VLAN 100 Voice VLAN

VoIP– 192.168.100.0/24
VLAN 155 Management VLAN

Guests – 192.168.150.0/24
Garbage/Guest VLAN
VLAN 199 Garbage – 192.168.199.0/24
Native VLAN
VLAN 200 Untagged traffic
 A point-to-point link that carries more than one VLAN.

 Extend VLANs across multiple switches
 Cisco, Juniper, Huawei supports 802.1Q standard
 Some Cisco older switches support legacy Cisco ISL
VLAN Trunks
A Z
 The TAG is added by the switch before it goes over a trunk link.
 The TAG is removed by the switch at the other end of the trunk link.
VLAN Format TAG
802.1Q
Priority
Used for QoS (802.1p VLAN ID (VID)
standard) specifies how to VLAN identification number
Tag protocol ID expedite transmission of that supports up to 4096
(TPID) Layer 2 frames VLAN IDs
Ethernet is 0x8100.
Canonical Format Identifier (CFI)
Enables Token Ring frames to be
carried across Ethernet links
VLAN Format ISL
InterSwitch Link is Cisco's propriety tagging method and
supported only on Cisco's equipment through Fast & Gigabit
Ethernet links.
The size of an ISL frame can be expected to start from 94

bytes and increase up to 1548 bytes due to the overhead
(additional fields) the protocol places within the frame it is
tagging.
 Native VLAN
 For devices that do not support tagging.
 All trunks must have a native VLAN
 Native VLAN must be the same on both ends (both switches).
 Can be modified to be a VLAN other than VLAN 1.
 Should not be used for user VLAN or Management VLAN.
 Control traffic (CDP, VTP, PAgP, DTP) still transmitted over VLAN 1.
 If Native VLAN is other than VLAN 1 then control traffic on VLAN

1 is sent tagged.
 It is fine to leave VLAN 1 as the Native VLAN but should only carry
control traffic and not user or management traffic.

Inter-switching links:
Default and Trunking
VLAN 1 VLAN 1
All ports on VLAN 1 All ports on VLAN 1
VLAN VLAN
Trunk Trunk
VLAN 1, 10, 20, VLAN 1, 10, 20,

100, 155, 200 100, 155, 200
46
Configuring VLAN Trunks
VLANs Fa0/1 VLANs
10, 20 Fa0/1 10, 20
S1 S2
S1# show vlan brief

---- -------------------------------- --------- -------------------------------
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Gi0/1
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Gi0/2
S2# show vlan brief

---- -------------------------------- --------- -------------------------------
Gi0/1, Gi0/2
10 VLAN0010 active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10
20 VLAN0020 active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
47 Fa0/19, Fa0/20
VLANs VLANs
Fa0/1 Fa0/1 10, 20
10, 20
S1 S2
S1(config)# inter fa 0/1

S1(config-if)# no switchport access vlan 10
S1(config-if)# switchport trunk encapsulation dot1q
! Only needed on switches that also support ISL
S1(config-if)# switchport mode trunk

S1(config-if)#
S2(config-if)# no switchport access vlan 10
S2(config-if)#
VLANs VLANs
Fa0/1 Fa0/1 10, 20
10, 20
S1 S2
S1# show vlan

---- -------------------------------- --------- -------------------------------
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Gi0/1
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Gi0/2
 No trunking information.
 Fa 0/1 no longer included in VLAN 10
VLANs VLANs
Fa0/1 Fa0/1 10, 20
10, 20
S1 S2
S1# show interfaces trunk
Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk

Fa0/1 1-4094
Port Vlans allowed and active in management domain

Fa0/1 1,10,20
Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 none
S1#
VLANs VLANs
Fa0/1 Fa0/1 10, 20
10, 20
S1 S2
S2#show interfaces trunk


Fa0/1 1-4094
Port Vlans allowed and active in management domain

Fa0/1 1,10,20
Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,10,20
S2#
51
Configuring the Native VLAN
VLANs VLANs
Fa0/1 Fa0/1 10, 20
10, 20
S1 S2
S1(config-if)# switchport trunk native vlan 200
*Mar 1 01:59:34.927: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered
on FastEthernet0/1 (200), with S2 FastEthernet0/1 (1)
S1(config-if)#
*Mar 1 02:00:39.267: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered

on FastEthernet0/1 (1), with S1 FastEthernet0/1 (200).
S2(config-if)# switchport trunk native vlan 200
S2(config-if)#
 VLAN 200 (Native VLAN) does not need to be created on either switch
but…
 It must match on both ends of the trunk!
 Control data (CDP, STP, etc.) is still sent across VLAN 1 but is now tagged.
Configuring the Native VLAN
VLANs VLANs
Fa0/1 Fa0/1 10, 20
10, 20
S1 S2


Fa0/1 1-4094


Fa0/1 1-4094
 Happy native VLANs now!

 How about limiting which VLANs are allowed on the trunk?
Configuring Allowed VLANs
VLANs VLANs
Fa0/1 Fa0/1 10, 20
10, 20
S1 S2
S1(config-if)# switchport trunk allowed vlan 10,20,200

S2(config-if)# switchport trunk allowed vlan 10,20,200
 No space between VLANs.

 If the native VLAN (200) is not on the list, it is not a problem.
 The trunk will not allow any data traffic for the native VLAN.
Configuring Allowed VLANs
VLANs VLANs
Fa0/1 Fa0/1 10, 20
10, 20
S1 S2


Fa0/1 10,20,200


Fa0/1 10,20,200
What is Inter-VLAN
routing?
 Layer 2 switches cannot forward traffic between VLANs without the
assistance of a router.
 Inter-VLAN routing is a process for forwarding network traffic from one
VLAN to another, using a router.
 Legacy Inter-VLAN
Routing
 Router-on-Stick
 Switch SVI
 Switch Routed Ports
Legacy Inter-
VLAN
Routing
 Routers used to route between VLANs.

 Each VLAN was connected to a different physical router interface.
 Packets would arrive on the router through one through interface, be routed
and leave through another.
 Router interfaces connected to VLANs and have IP addresses from that
specific VLAN.
 Large networks with large number of VLANs required many router interfaces.
Legacy Inter- 192.168.20.1
VLAN Routing 255.255.255.0
192.168.10.1
255.255.255.0
A B C D
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
GW 192.168.10.1 GW 192.168.10.1 GW 192.168.20.1 GW 192.168.20.1

S1(config)# vlan 10
S1(config-vlan)# vlan 30
S1(config)# interface f0/11
S1(config-if)# exit
S1(config-if)# exit
S1(config)# switchport access vlan 30
S1(config-if)# exit
R1(config-if)# ip address 172.17.10.1 255.255.255.0
R1(config-if)# no shutdown
R1(config)# exit
R1(config-if)# interface g0/1
R1(config-if)# ip address 172.17.30.1 255.255.255.0
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
<output omitted>

Router-on-a-
Stick
 The router-on-a-stick approach uses a different path to route between VLANs.

 One of the router’s physical interfaces is configured as a 802.1Q trunk port so it can
understand VLAN tags.
 Logical subinterfaces are created; one subinterface per VLAN.
 Each subinterface is configured with an IP address from the VLAN it represents.
 VLAN members (hosts) are configured to use the subinterface address as a default
gateway.
 Only one of the router’s physical interface is used.
S1(config)# vlan 10
S1(config-vlan)# vlan 30
S1(config-if)# exit
S1(config)# switchport access vlan 30
S1(config-if)# exit
S1(config-vlan)# interface f0/5
S1(config-if)#
63
R1(config)# interface g0/0.10
R1(config-subif)# encapsulation dot1q 10
R1(config-subif)# ip address 172.17.10.1 255.255.255.0
R1(config-subif)# exit
R1(config)# interface g0/0.30
R1(config-subif)# encapsulation dot1q 30
R1(config-subif)# ip address 172.17.30.1 255.255.255.0
R1(config-subif)# exit
64
R1# show vlans
<output omitted>
Virtual LAN ID: 10 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: GigabitEthernet0/0.10
Protocols Configured: Address: Received: Transmitted:

IP 172.17.10.1 11 18
<output omitted>
Virtual LAN ID: 30 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: GigabitEthernet0/0.30
Protocols Configured: Address: Received: Transmitted:

IP 172.17.30.1 11 8
<output omitted>
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B –
BGP
<output omitted>

C 172.17.10.0/24 is directly connected, GigabitEthernet0/0.10
L 172.17.10.1/32 is directly connected, GigabitEthernet0/0.10
C 172.17.30.0/24 is directly connected, GigabitEthernet0/0.30
L 172.17.30.1/32 is directly connected, GigabitEthernet0/0.30
Routers vs Multilayer
Switches
 Routers and multilayer switches both perform routing (connecting

networks)
 Routers may have different types of interfaces (Ethernet, serial,
ATM, etc.) while multilayer switches will only have Ethernet
interfaces.
 While routers can be used to segment LAN devices, their major use
is as WAN devices.
 Each devices does have its own advantages.
 Routers are:
 The backbone devices of large intranets and of the Internet
 They operate at Layer 3 (network layer) of the OSI model
 They make decisions based on network addresses (IPv4, IPv6).

Multilayer
Switch Inter-
VLAN Routing
 Multilayer switches can perform Layer 2 and Layer 3 functions, replacing the need
for dedicated routers.
 Multilayer switches support dynamic routing and inter-VLAN routing.
 A switch virtual interface (SVI) exists for VLAN 1 by default.
 On a multilayer switch, a logical (layer 3) interface can be configured for any
VLAN.
 With a multilayer switch, traffic is routed internal to the switch device.
 This routing process is a suitable and scalable solution.
Configure Router On A
Stick: 802.1Q Trunk Link
interface GigabitEthernet 0/0
no shutdown ! Does not show in config
!
interface GigabitEthernet 0/0.2
description VLAN 2
encapsulation dot1Q 2 native
ip address 172.16.1.2 255.255.255.0
172.16.10.100/ 172.16.20.100/ !
24 24 interface GigabitEthernet 0/0.10
description VLAN 10
encapsulation dot1Q 10
interface GigabitEthernet 1/1 ip address 172.16.10.1 255.255.255.0
switchport mode trunk !
description VLAN 20
 Router on a stick is very ip address 172.16.20.1 255.255.255.0
simple to implement. !
description VLAN 30
ip address 172.16.30.1 255.255.255.0
!
description VLAN 40
69 ip address 172.16.40.1 255.255.255.0
Routed Ports versus
Switched Virtual Interfaces
 Routed Ports – Just like a router, the port has an IP address/mask that
makes it a member of that subnet.
 SVI – The switch is a member of that IP subnet/VLAN. All switch ports that
are a member of that VLAN can communicate with the switch
Multilayer Switch Interfaces
Layer 2: Access or Trunk Ports
Physical Interface
Logical Interface (SVI)
 Performs both Layer 2 switching and interVLAN routing.

 Layer 2 Interface: Access or Trunk ports
 Layer 3 Interface:
 Has an IP address assigned to it.
 The Default Gateway for any hosts connected to that interface or VLAN.
 Physical interface
 Same as a router
 Aka “Routed Port”
 Example: interface gigabit 0/1
 Logical Interface
 Represents an entire VLAN
 Switched Virtual Interface (SVI)
 Example: interface vlan 10
SVI VLAN 10 SVI VLAN 20
192.168.10.1 192.168.20.1
255.255.255.0 255.255.255.0
A B C D
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
GW 192.168.10.1 GW 192.168.10.1 GW 192.168.20.1 GW 192.168.20.1
 Layer 3 functionality can also be enabled for an entire VLAN.

 The IP address is assigned to the logical interface – the VLAN.
 This is needed when routing is required between VLANs.
 SVI (Switched Virtual Interface)
 No physical connection
 VLANs must be created before the SVI can be used.
 The IP address associated of the VLAN interface is the default gateway of the
workstation.
192.168.10.1 192.168.20.1
255.255.255.0 255.255.255.0
A B C D
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
GW 192.168.10.1 GW 192.168.10.1 GW 192.168.20.1 GW 192.168.20.1
<VLANs have been created or will be created when configured on
the interface>
S1(config-if-range)# end
192.168.10.1 192.168.20.1
255.255.255.0 255.255.255.0
A B C D
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
GW 192.168.10.1 GW 192.168.10.1 GW 192.168.20.1 GW 192.168.20.1
S1(config-if)# description Engineering VLAN
S1(config-if)# description IT VLAN
192.168.10.1 192.168.20.1
255.255.255.0 255.255.255.0
S1
S2 S3
A B C D
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
GW 192.168.10.1 GW 192.168.10.1 GW 192.168.20.1 GW 192.168.20.1
Alternative Configuration
192.168.10.1 192.168.20.1
255.255.255.0 255.255.255.0
Distribution
Layer Switch
Trunk
Access
Layer Switch
A B C D
192.168.10.10 192.168.10.11 192.168.20.12 192.168.20.13

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0
GW 192.168.10.1 GW 192.168.10.1 GW 192.168.20.1 GW 192.168.20.1
S1(config)# inter gig 0/2

Multilayer Switch Interfaces
Layer 2: Access or Trunk Ports
Physical Interface (L3)

Logical Interface (SVI – L3)
DLS1# show interface gig 0/2 switchport

Name: Gig0/2
Switchport: Enabled
<output omitted>
 Layer 2 or Layer 3 Interface? Is it a “switch” port?

 Default on most switches: Layer 2
 Verify mode:
 Switch# show interface type mod/num switchport
 Switchport: Think Layer 2
 Enabled: Layer 2
 Disabled: Layer 3
Is it a “switch” port?
S1(config)# interface gig 0/2

S1(config-if)# no switchport Converts interface to Layer 3
S1(config-if)# end
S1# show interface gig 0/2 switchport
Name: Gig0/2
Switchport: Disabled Layer 3
<output omitted>
S1# config t
S1(config)# interface gig 0/2
S1(config-if)# switchport Converts interface to Layer 2
S1(config-if)# end
S1# show interface gig 0/2 switchport
Name: Gig0/2
Switchport: Enabled Layer 2
<output omitted>
 If in Layer 3 mode switchport interface command puts the port into Layer 2
mode.
SVI Interfaces
- Logical Interfaces
Switch(config)# vlan vlan-number

Switch(config-vlan)# name vlan-name
SwitchA(config)# interface vlan vlan-number
SwitchA(config-if)# ip address ip-address mask
SwitchA(config-if)# no shutdown
 Layer 3 functionality can also be enabled for an entire VLAN.

 The IP address is assigned to the logical interface – the VLAN.
 This is needed when routing is required between VLANs.
 SVI (Switched Virtual Interface)
 No physical connection
 VLANs must be created before the SVI can be used.
 The IP address associated of the VLAN interface is the default gateway of
the workstation.
 Configure DLS1 to be the default gateway for
VLANs 10 and 11.
 All hosts on these VLANs will use these
addresses as their default gateway addresses.
DLS1(config)# inter vlan 99

DLS1(config-if)# description Management VLAN
DLS1(config-if)# ip address 172.16.99.1 255.255.255.0
DLS1(config-if)# no shutdown
DLS1(config-if)# description Engineering VLAN
DLS1(config-if)# description IT VLAN
80
Layer 3 Port Configuration
– Physical Interfaces
DLS1(config)# interface gig 0/1

DLS1(config-if)# no switchport
DLS2(config)# interface gig 0/1

DLS2(config-if)# no switchport
 Physical switch ports can operate as Layer 3 interfaces

using the interface command:
Switch(config)# interface type mod/num
Switch(config-if)# no switchport
Switch(config-if)# ip address ip-address mask
Switched Network Design
 Core –
Route/Switch
packets quickly
across between
distribution
multilayer switches.
 Distribution –
Route between
VLANs/Subnets,
ACLs
 Access – Provide
access to end
devices and provide
port security. L3 = Routed Ports, over IP, separate subnets
L2 = SVI, VLANs over Trunks OR individual VLANs
Vlans – Router On Stick
Homework
V2
V3
V2 V3 V2 V3 V2 V3 V2 V3
Extreme Networks
VLANs - Example
Extreme Networks
VLANs - Example
1. Set name on Switch
Extreme Networks
VLANs - Example
2. Remove all ports default VLAN
Extreme Networks
VLANs - Example
3. Create Vlan 2 & Vlan 3
Extreme Networks
VLANs - Example
4. Configure ACCESS ports (untagged) & TRUNK
port (tagged)
Extreme Networks
VLANs - Example
Extreme Networks
VLANs - Example
5. Verify connectivity between PC-1, PC-6 & PC-4
Extreme Networks
VLANs - Example
6. Configure Routing Intervlan Multilayer
VLANs
CISCO & ExtremeOS
Configure EXOS-1
Configure EXOS-2
Configure EXOS-3
Configure CISCO-1 &
CISCO-2
Check Routing Intervlan
Configure R1
Configure R2
Check connectivity
PC11-PC9
Huawei
VLANs - Example
Create VLANs, Configure Access
Port & Trunk Port – SW1
Display Info VLANs
Display Info VLANs
Configure PC1 & PC5
Verify PING PC1 PC5
Configure VLANIF (SVI) – SW1
Configure VLANIF (SVI) – SW1
Private Vlans
In general VLAN is a concept of segregating a physical network, so
that separate broadcast domains can be created. Private VLANs
(PVANs) will split the primary VLAN domain into multiple isolated
broadcast sub-domains. It’s like the nesting concept – creating
VLANs inside a VLAN
Private Vlans
The private-VLAN feature addresses two problems that service
providers face when using VLANs:
• Scalability: The switch supports up to 4096 active VLANs. If a

service provider assigns one VLAN per customer, this limits the
numbers of customers that the service provider can support.
• To enable IP routing, each VLAN is assigned a subnet address

space or a block of addresses, which can waste the unused IP
addresses and cause IP address management problems.
Private VLANs partition a regular VLAN domain into

subdomains and can have multiple VLAN pairs—one for
each subdomain. A subdomain is represented by
a primary VLAN and a secondary VLAN.
PVLAN Types
Primary VLAN: Simply the original VLAN.
This type of VLAN is used to forward frames
downstream to all Secondary VLANs.
Secondary VLAN: Secondary VLAN is

configured with one of the following types:
• Isolated: Any switch ports associated

with an Isolated VLAN can reach the
primary VLAN, but not any other
Secondary VLAN. In addition, hosts
associated with the same Isolated
VLAN cannot reach each other.
• Community: Any switch ports

associated with a common community
VLAN can communicate with each
other and with the primary VLAN but
not with any other secondary VLAN.
Private VLANs Ports Type
Promiscuous port (P-Port): The switch port connects to a router, firewall or
other common gateway device. This port can communicate with anything else
connected to the primary or any secondary VLAN.
Host Ports:
• Isolated Port (I-Port): Connects to the regular host that resides on
isolated VLAN. This port communicates only with P-Ports.
• Community Port (C-Port): Connects to the regular host that resides on
community VLAN. This port communicates with P-Ports and ports on the
same community VLAN.
Private VLANs Ports Type
Hardware Switches
Private VLANs Configuration
1. Configuring private VLANs requires us to change the VTP
mode to Transparent
2. Create VLANs Primary, Community and Isolated
3. Associate VLAN Secundary 200, 250 and 300 to VLAN

Primary 100
4. Configure Promiscuous Port, it needs to be accessed by all
vlans(501 and 502)
5. Add Ports to Vlan Community 200 and 300 and Vlan 250
Isolated
6. Add Ports Vlan 250 Isolated
Private Vlans – Trunk Ports
Huawei – MUX VLAN
The Multiplex VLAN (MUX VLAN) feature is used to control

network resources based on VLANs.
MUX VLAN VLAN TYPE PORT TYPE
Principal Principal Port A principal port can communicate
VLAN with all ports in a MUX VLAN.
Separate Separate port A separate port can communicate
VLAN only with a principal port and is
isolated from other types of ports.
Each separate VLAN must be
bound to a principal VLAN.
Subordinate
VLAN Group VLAN Group port A group port can communicate with
a principal port and the other ports
in the same group, but cannot
communicate with ports in other
groups or a separate port. Each
group VLAN must be bound to a
principal VLAN.
Huawei – MUX VLAN
VLAN 3  Vlan Group

VLAN 4  Vlan Separate
Huawei – MUX VLAN
Huawei – MUX VLAN
Tema 19. STP

Spanning Tree
Protocol (STP)
 IEEE 802.1D
 A loop-prevention protocol
 Allows L2 devices to
communicate with each other
to discover physical loops in
the network.
 Algorithm that creates a loop-
free logical topology.
 STP creates a tree structure
of loop-free leaves and
branches that spans the
entire Layer 2 network.
L2 Loops
 Broadcasts and Layer 2

loops can be a dangerous
combination.
 Ethernet frames have no IP Packet
TTL field
 After an Ethernet frame
starts to loop, it will
probably continue until
someone shuts off one of
the switches or breaks a
link.
 IP has a mechanism to
prevent loops.
Loops Layer 2
Loops Layer 2
Loops Layer 2
STP Prevents Loops
 The purpose of STP is to avoid and eliminate loops in the network
by negotiating a loop-free path through a root bridge.
 STP determines where the are loops and blocks links that are
redundant.
 Ensures that there will be only one active path to every destination.
7
Spanning Tree Algorithm
 STP executes an algorithm
called Spanning Tree
Algorithm (STA).
 STA chooses a
reference point, called a X

root bridge.
 Then determines the
available paths to that

reference point.
 If more than two paths
exists, STA picks the

best path and blocks the
rest
Two-key STP Concepts
 STP calculations make extensive use of two key
concepts in creating a loop-free topology:
 Bridge ID
 Path Cost
Cost (Revised IEEE Cost (Previous IEEE

Link Speed
Spec) Spec)
10 Gbps 2 1
1 Gbps 4 1
100 Mbps 19 10
10 Mbps 100 100
Bridge ID (BID)
 Bridge ID (BID) is used to identify each bridge/switch.
 The BID is used in determining the center of the network,
in respect to STP, known as the root bridge.
Bridge ID
Without the
Extended
System ID
Bridge ID with
the Extended
System ID
Bridge ID (BID)
 Consists of two components:

 A 2-byte Bridge Priority: Switch defaults to 32,768 or
0x8000.
 Usually expressed in decimal format
 A 6-byte MAC address
 Usually expressed in hexadecimal format.

11
Bridge ID (BID)
 Each switch has a unique BID.

 Original 802.1D standard, the BID = Priority Field +MAC address
of the switch.
 All VLANs were represented by a CST – one spanning tree for
all vlans.
Bridge ID (BID)
 Used to elect a root bridge (coming)

 Lowest Bridge ID is the root.
 If all devices have the same priority, the bridge with the
lowest MAC address becomes the root bridge.
Path Cost – Original Spec
(Linear)
Link Speed
Spec) Spec)
10 Gbps 2 1
1 Gbps 4 1
100 Mbps 19 10
10 Mbps 100 100
 Bridges use the concept of cost to evaluate how close they are to
other bridges.
 Used to create the loop-free topology .
 Originally, 802.1D defined cost as 1000/bandwidth of the link in
Mbps.
 Cost of 10 Mbps link = 100
 Cost of 100 Mbps link = 10
 Cost of 1 Gbps link = 1
 Running out of room for faster switches including 10 Gbps

Ethernet
Path Cost – Revised Spec
(Non-Linear)
Link Speed
Spec) Spec)
10 Gbps 2 1
1 Gbps 4 1
100 Mbps 19 10
10 Mbps 100 100
 IEEE modified the most to use a non-linear scale with the new values of:
 4 Mbps 250 (cost)
 10 Mbps 100 (cost) • You can change the path cost by
 16 Mbps 62 (cost) modifying the cost of a port.
 45 Mbps 39 (cost) • Exercise caution when you do this!
 100 Mbps 19 (cost) • BID and Path Cost are used to develop
 155 Mbps 14 (cost) a loop-free topology .
 622 Mbps 6 (cost) • Coming very soon!
 1 Gbps 4 (cost)
 10 Gbps 2 (cost)
Five-Step STP Decision
Sequence
 When creating a loop-free topology, STP always uses the
same five-step decision sequence:
Five-Step decision Sequence

Step 1 - Lowest BID
Step 2 - Lowest Path Cost to Root Bridge
Step 3 - Lowest Sender BID
Step 4 – Lowest Port Priority
Step 5 - Lowest Port ID
 Bridges use Configuration BPDUs during this five-step

process.
 We will assume all BPDUs are configuration BPDUs until
otherwise noted.
Elect one Root Bridge
The STP algorithm uses three simple steps to converge on a loop-
free topology:
STP Convergence
Step 1 Elect one Root Bridge
Step 2 Elect Root Ports
Step 3 Elect Designated Ports
 When the network first starts, all bridges are announcing a

chaotic mix of BPDUs.
 All bridges immediately begin applying the five-step
sequence decision process.
 Switches need to elect a single Root Bridge.
 Switch with the lowest BID wins!
 Note: Many texts refer to the term “highest priority” which is
the “lowest” BID value.
 This is known as the “Root War.”
Elect one Root Bridge
Lowest BID wins!
Who wins?
My BID is
32769.0001.C945.A573 Who wins?
My BID is My BID is
32769.0005.5E0D.9315 32769.0060.47B0.5850
My BID is My BID is
32769.0003.E461.46EC 32769.0001.964E.7EBB
I win!
BPDUs
BPDUs
sent/relayed BPDU
every two
seconds.
BPDU BPDU
BPDU BPDU
20
My BID is
32768.0001.C945.A573 Who wins?
I’m the root!
My BID is
My BID is 32768.0060.47B0.5850
32768.0005.5E0D.9315 I’m the root!
I’m the root!
My BID is
My BID is
32768.0003.E461.46EC
32768.0001.964E.7EBB
I’m the root!
I’m the root! I win!
• At the beginning, all bridges assume and declare themselves as the

Root Bridge, by placing its own BID in the Root BID field of the BPDU.
Root Bridge
Elect Root
Ports
I will select
STP Convergence
one Root
Port that is
closest,
best path to
the root
bridge.
 Now that the Root War has been won, switches move on to selecting
Root Ports.
 A bridge’s Root Port is the port closest to the Root Bridge.
 Bridges use the cost to determine closeness.
 Every non-Root Bridge will select one Root Port!
 Specifically, bridges track the Root Path Cost, the cumulative cost of
all links to the Root Bridge.
Determining (Electing) the
Root Port
 Root Bridge, Access2 sends out BPDUs, containing a Root Path Cost of 0.
 Access1, Distribution1, and Distribution2 receives these BPDUs and adds the Path
Cost of the FastEthernet interface to the Root Path Cost contained in the BPDU.
 Access1, Distribution1, and Distribution2 add Root Path Cost 0 PLUS its Path
(port) cost of 19 = 19.
 This value is used internally and used in BPDUs to other switches.
Path Cost
BPDU BPDU
Cost=0+19=19 Cost=0+19=19
19
19
Root Bridge
0
0
BPDU 19 0 BPDU
Cost=0
Cost=0+19=19
Difference Path Cost and Root Path Cost Root Path Cost
Path Cost: • Cumulative cost to the Root Bridge.
 The value assigned to each port. • This is the value transmitted in the BPDU.
 Added to BPDUs received on that port to • Calculated by adding the receiving port’s
Path Cost to the valued contained in the
calculate Root Path Cost. BPDU.
Path Cost
BPDU BPDU
Cost=0+19=19 Cost=0+19=19
19
19
Root Bridge
0
0
BPDU 19 0 BPDU
Cost=0
Cost=0+19=19
What are the Path Costs for Root
Bridge Access2?
Path Cost
Access2# show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.964E.7EBB
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15
sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------
---
Fa0/1 Desg FWD 19 128.1 P2p
27
What are the Path Costs for
Distribution1?
Path Cost
Distribution1# show spanning-tree
VLAN0001
Cost 19
Port 3(FastEthernet0/3)
sec

Address 0005.5E0D.9315
sec
Aging Time 20

---------------- ---- --- --------- -------- --------------------
--
Gi0/1 Desg FWD 4 128.25 P2p
Gi0/2 Altn BLK 4 128.26 P2p
Fa0/3 Root FWD 19 128.3 P2p
Access1?
Path Cost
VLAN0001
Cost 19
sec

Address 0003.E461.46EC
sec
Aging Time 20

---------------- ---- --- --------- -------- --------------------
--
Distribution2?
Path Cost
VLAN0001
Cost 19
sec

Address 0060.47B0.5850
sec
Aging Time 20

---------------- ---- --- --------- -------- --------------------
--
Fa0/5 Altn BLK 19 128.5 P2p
show spanning-tree detail
Path Cost
Use this command to view the

Root Path Cost of an interface.
Distribution1# show spanning-tree detail
VLAN0001 is executing the ieee compatible Spanning Tree Protocol

Bridge Identifier has priority of 32768, sysid 1, 0005.5E0D.9315
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32769
Root port is 3 (FastEthernet0/3), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 0 last change occurred 00:00:00 ago
from FastEthernet0/1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
show
spanning-
tree detail
Path Cost

Access1# show spanning-tree detail

Bridge Identifier has priority of 32768, sysid 1, 0003.E461.46EC
show spanning-tree detail
Path Cost

Distribution2# show spanning-tree detail

Bridge Identifier has priority of 32768, sysid 1, 0060.47B0.5850
Access2# show spanning-tree detail

Bridge Identifier has priority of 32768, sysid 1, 0001.964E.7EBB
No Root port – This switch is the Root Bridge!

 Switches now send BPDUs with their Root Path Cost out other interfaces.
 Access 1 uses this value of 19 internally and sends BPDUs with a Root Path Cost of 19 out
all other ports. (For simplicity we will not include BPDU to root.)
 Switches receive BPDU and add their path cost.
 Note: STP costs are incremented as BPDUs are received on a port, not as they are sent
out a port.
Path Cost
BPDU
BPDU
Cost=4+19=23
Cost=4+19=23
19
19
BPDU
BPDU
Cost=19 0
Cost=19
0
19 0
Root Bridge
 Distribution 1 and Distribution 2 receive the BPDUs from Access 1, and adds the
Path Cost of 4 to those interfaces, giving a Root Path Cost of 23.
 However, both of these switches already have an “internal” Root Path Cost of 19
that was received on another interface. (Fa0/3 for each with a Root Path Cost of 19.)
 Distribution 1 and Distribution 2 use the better BPDU of 19 when sending out their
BPDUs to other switches.
BPDU
BPDU
Cost=4+19=23
Cost=4+19=23
19
19
BPDU
BPDU
Cost=19 0
Cost=19
0
19 0
Root Bridge
 Distribution 1 now sends BPDUs with its Root Path Cost out other interfaces (Best BPDU).
 Again, STP costs are incremented as BPDUs are received on a port, not as they are sent out a
port.
Path Cost
BPDU
Cost=4+19=23
BPDU
BPDU
Cost=19+19=38
Cost=19
19
23 23
19
0 Root Bridge
19
0
19
BPDU
0
Cost=4+19=23
Final Results
 Ports show BPDU Received Root Path Cost + Path Cost = Root Path Cost of Interface, after
the “best” BPDU is received on that port from the neighboring switch.
 This is the cost of reaching the Root Bridge from this interface towards the neighboring switch.
 Now let’s see how this is used!
Path Cost
19+4=23 19+4=23
23+4=27 23+4=27
19+19=38 19+19=38
19 19+4=23
19+4=23 19
19+4=23 19+4=23
0
19 0
0 Root Bridge
show
spanning-tree
Which port is the Root Port?
Core# show spanning-tree
VLAN0001
Cost 4
Port 25(GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Address 0001.C945.A573
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

---------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.25 P2p Path Cost
show
spanning-tree
Which port is the Root Port?

Core# show spanning-tree detail

Bridge Identifier has priority of 32768, sysid 1, 0001.C945.A573
Root port is 25 (GigabitEthernet0/1), cost of root path is 4
from FastEthernet0/1 Path Cost
Next: Elect Root Ports
 Elect Root Ports • Every non-Root bridge must select one Root Port.
 Elect Designated Ports • A bridge’s Root Port is the port closest to the
Root Bridge.
 Non-Designated Ports: All other ports
• Bridges use the cost to determine closeness.
These values Path Cost
would be the
Root Path 23 23
Cost if this
interface was
used to reach 27 27
the Root
Bridge. 38 38
19 23
23 19
23 23 0
19 0
0 Root Bridge
41
Elect Root Ports: (Review)
 Ports show Root Path Cost of Interface, after the “best” BPDU is received on that
port from the neighboring switch.
 This is the cost of reaching the Root Bridge from this interface towards the
neighboring switch.
Distribution 1 “thought process”
Path Cost
If I go through
Core it costs
27.
If I go
through D2
it costs 38.
If I go
through A1 it
costs 23.
If I go through
A2 it costs 19.
This is the best
path to the
Root!
Elect Root Ports:
 This is from the switch’s perspective.
 Switch, “What is my cost to the Root Bridge?”
 Later we will look at Designated Ports, which is from the Segment’s perspective.
Distribution 1 “thought process”

Path Cost
If I go
through Core
it costs 27.
If I go
through D2
it costs 38.
If I go
through A1
it costs 23.
If I go through
A2 it costs 19.
This is the best
path to the
Root!
Elect Root Ports
 Every non-Root bridge must select one Root Port.
 A bridge’s Root Port is the port closest to the Root Bridge.
 Bridges use the Root Path Cost to determine closeness.
? ?
23 23
27 27
38 38
19 23
23 19 RP
RP
23 23 0
19 RP 0
0 Root Bridge
Elect Root Ports Five-Step decision Sequence
 Core switch has two equal Root Path Costs to Step 1 - Lowest BID
the Root Bridge. Step 2 - Lowest Path Cost to Root Bridge
 In this case we need to look at the five-step Step 3 - Lowest Sender BID
decision process. Step 4 - Lowest Port Priority
? ?
23 23
27 27
38 38
19 23
23 19 RP
RP
23 23 0
19 RP 0
0 Root Bridge
Elect Root Ports Five-Step decision Sequence
• Distribution 1 switch has a lower Sender BID Step 1 - Lowest BID
than Distribution 2. Step 2 - Lowest Path Cost to Root Bridge
• Core chooses the Root Port of G 0/1. Step 3 - Lowest Sender BID
Step 4 - Lowest Port Priority
? ?
RP 23 23
My BID is My BID is
32769.0005.5E0D.9315 32769.0060.47B0.5850
Lower BID 27
27
38 38
19 23
23 19 RP
RP
23 23 0
19 RP 0
0 Root Bridge
Elect Designated Ports
STP Convergence
 The loop prevention part of STP becomes evident during this step, electing
designated ports.
 A Designated Port functions as the single bridge port that both sends and
receives traffic to and from that segment and the Root Bridge.
 Each segment in a bridged network has one Designated Port, chosen
based on cumulative Root Path Cost to the Root Bridge.
 The switch containing the Designated Port is referred to as the Designated
Bridge for that segment.
 To locate Designated Ports, lets take a look at each segment.
• Segment’s perspective: From a device on this segment, “Which switch
should I go through to reach the Root Bridge?”
 Root Path Cost, the cumulative cost of all links to the Root Bridge.
 Obviously, the segment has not ability to make this decision, so the
perspective and the decision is that of the switches on that segment.
• A Designated Port is elected for every segment.
• The Designated Port is the only port that sends and receives traffic to/from that segment to the
Root Bridge, the best port towards the root bridge.
• Note: The Root Path Cost shows the Sent Root Path Cost.
• This is the advertised cost in the BPDU, by this switch out that interface, i.e. this is the cost of
reaching the Root Bridge through me!
RP 23 23
19 19
19 19
19 19
19 19 RP
RP
19 19 0
19 RP 0
0 Root Bridge
• A Designated Port is elected for every segment.
• Segment’s perspective: From a device on this segment, “Which switch should I go through to
reach the Root Bridge?”
• “I’ll decide using the advertised Root Path Cost from each switch!”
RP 23 23
? ?
19 19
?
19 19
19 19
19 RP ? ? 19 RP
? ?
19 19 0
19 RP ? 0
Root Bridge
0
Segment’s perspective:
• Access 2 has a Root Path Cost = 0 (after all it is the Root Bridge) and Access 1 has a Root
Path Cost = 19.
• Because Access 2 has the lower Root Path Cost it becomes the Designated Port for that
segment.
RP 23 23
19 19
My19 designated
What is my
port
best
willpath
be 19
0
to the2Root
via Access Bridge,
(Fa0/5). It’s 19
the
19
19
via Access
best path, 1 or 0Path,
lowest Root via
19 19 RP
RP to the Root
Access
Bridge.
2?
19 19 0
19 RP ? DP 0
Root Bridge
0
• The same occurs between Access 2 and Distribution ,1 and Access 2 and Distribution 2
switches.
• Because Access 2 has the lower Root Path Cost it becomes the Designated Port for those
segments.
RP 23 23
19 19
19 19
19 19
19 RP
? 19 RP
?
19 19 DP 0 DP
19 RP DP 0
0 Root Bridge
51
Segment’s perspective: Five-Step decision Sequence
• Segment between Distribution 1 and Access 1 Step 1 - Lowest BID
has two equal Root Path Costs of 19. Step 2 - Lowest Path Cost to Root Bridge
• Using the Lowest Sender ID (first two steps are Step 3 - Lowest Sender BID
equal), Access 1 becomes the best path and Step 4 - Lowest Port Priority
the Designated Port. Step 5 - Lowest Port ID
RP 23 23
32769.0005.5E0D.9315
19 19
What is my best path

19 to the Root 19
Bridge, 19
19 19
via Distribution 1 or 19
19 RP via Access 1? They 19 RP
are the same! Who
? has the lowest BID?
DP 19 19 DP 0 DP
32769.0003.E461.46EC 19 RP DP 0
0 Root Bridge
Lower BID
• Segment between Distrib. 1 and Distrib. 2 has Step 1 - Lowest BID
two equal Root Path Costs of 19. Step 2 - Lowest Path Cost to Root Bridge
equal), Distribution 1 becomes the best path Step 4 - Lowest Port Priority
and the Designated Port. Step 5 - Lowest Port ID
RP 23 23
32769.0005.5E0D.9315 32769.0060.47B0.5850
19
Lower BID
DP
19
?
19 19
19 19
19 RP 19 RP
DP
19 19 DP 0 DP
19 RP DP 0
0 Root Bridge
53
• Segment between Access 1 and Distrib. 2 has Step 1 - Lowest BID
two equal Root Path Costs of 19. Step 2 - Lowest Path Cost to Root Bridge
equal), Access 1 becomes the best path and Step 4 - Lowest Port Priority
the Designated Port. Step 5 - Lowest Port ID
RP 23 23
32769.0060.47B0.5850
19 19
DP
19 19
19
19
19
RP ? 19 RP
32769.0003.E461.46EC DP
19 DP 19 DP 0 DP
Lower BID 19 RP DP 0
0 Root Bridge
54
• Because Distribution 1 has the lower Root Path Cost it becomes the Designated Port for that
segment.
• Because Distribution 2 has the lower Root Path Cost it becomes the Designated Port for that
segment.
Five-Step decision
Sequence
Step 1 - Lowest BID
Step 2 - Lowest Path Cost to
Root Bridge
RP 23 23 Step 3 - Lowest Sender BID
? ? Step 4 - Lowest Port Priority
DP DP
19 19
DP
19 19
19 19
19 RP 19 RP
DP
19 19 DP 0 DP
DP
19 RP DP 0
0 Root Bridge
• All other ports, those ports that are not Root Ports or Designated Ports, become Non-
Designated Ports.
• Non-Designated Ports are put in blocking mode.
• This is the loop prevention part of STP.
RP 23 23
X
NDP
DP
19 19 DP
X
DP NDP
19 19
NDP
X 19
RP
19
X
NDP 19 RP
19
DP
19 19 DP 0 DP
DP
19 RP DP 0
0 Root Bridge
Core# show spanning-tree
---------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.25 P2p
---------------- ---- --- --------- -------- --------------------------------
---------------- ---- --- --------- -------- --------------------------------
Fa0/5 Altn BLK 19 128.5 P2p
---------------- ---- --- --------- -------- --------------------------------
---------------- ---- --- --------- -------- --------------------------------
Fa0/5
Rick Graziani Desg FWD 19 128.5 57 P2p
graziani@cabrillo.edu
Port Step 1 - Lowest BID
Cost/Port ID Step 3 - Lowest Sender BID
Step 4 - Lowest Port Priority
0/2
0/1
Assume path cost and port

priorities are default (128). Port ID
used in this case. Port 0/1 would
forward because it’s the lowest.
 If the path cost and bridge IDs are equal (as in the case of parallel
links), the switch goes to the port priority as a tiebreaker.
 This is the sender’s Port priority + Port ID
 Lowest port priority wins (all ports set to 128).
 If all ports have the same priority, the port with the lowest port number
forwards frames.
STP Convergence:
Summary
Recall that switches go through three steps for their initial
convergence:
STP Convergence
Also, all STP decisions are based on a the following predetermined

sequence:
Step 1 - Lowest BID
Step 3 - Lowest Sender BID
Step 4 – Lowest Port Priority
STP Port
States
MAC Address Disabled
Blocking
Listening
Learning
Forwarding
Table BPDUs
Updating Data
Port State BPDU MAC-Add Table Data frames Duration

Disabled None sent/received No update None sent/received Until no shutdown
Administratively shutdown; Not an STP port state
Blocking Receive only No update None sent/received Continuous if loop
detected
Port initializes; receives BPDUs only

Listening Receive and send No update None sent/received Forward delay 15 sec
Building active topology. Thinks port can be selected root or designated port.
Returns to blocking (NDP) if cannot become root or designated port.
Learning Receive and send Updating Table None sent/received Forward delay 15 sec
Building bridging table. Switch can now learn source MAC Addresses but is not
formally receiving frames in order to forward them.
Forwarding Receive and send Updating Table Sent and received Continuous if up and no
loop detected
Rick Graziani 60
Sending/Receiving
graziani@cabrillo.edu data, no loops detected. Port is either a root or designated port.
STP Timers
61
Switch(config)# spanning-tree vlan 1 priority priority
• This command statically configures the priority (in multiples of

4096).
• Valid values are from 0 to 61,440.
• Default is 32768.
• Lowest values becomes Root Bridge.
Change the root bridge
Current Root
Bridge
 Modify the topology so that the Core switch is the root bridge and
Distribution1 is the secondary root bridge for VLAN 1.
STP Example
STP Example – SW-1
PVST
Per-VLAN Spanning Tree (PVST) maintains a spanning tree instance
for each VLAN configured in the network. It uses ISL Trunking and
allows a VLAN trunk to be forwarding for some VLANs while blocking
for other VLANs.
PVST
Configure SW-1,SW-2,
SW-2 & SW-4
Verify Root Bridge each
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
VLAN
Tema 20. Link Aggregation

Introducction
Take a look at the picture above. I have two switches and two
computers connected to the switches. The computers are connected
with 1000 Mbit interfaces while the link between the switches is only
100 Mbit. If one of the computers would send traffic that exceeds 100
Mbit of bandwidth we”ll have congestion and traffic will be dropped.
There are two solutions to this problem:

 Replace the link in between the switches with something that has
a higher bandwidth, perhaps a gigabit or 10gigabit link.
 Add multiple links and bundle them into an LAG.(Link aggregation
Group)
Link Agreggation
Link aggregation, as its name indicates, is the approach to combine
multiple parallel physical network links into a single logical link to
increase bandwidth and create resilient and redundant links. It
enables us to enhance the capacity and availability of the
connections between devices using Fast Ethernet and Gigabit
Ethernet technology.
Link Agreggation
In the picture above I have added a couple of extra links. The problem with
this setup is that we have a loop so spanning tree would block 3 out of 4
links. Link Agreggation solves this problem because it will create a single
virtual link out of these physical links
By combining 4x 1000 Mbit I now have a 4000 Mbit link. Spanning tree sees this
link as one logical link so there are no loops! Link Agreggation will do load
balancing among the different links that we have and it takes care of
redundancy. Once one of the links fails it will keep working and use the links that
we have left.
There’s a maximum to the number of links you can use: 8 physical interfaces
EtherChannel
EtherChannel is a link aggregation technology developed by Cisco,
which provides fault-tolerant high-speed links between Switches,
Routers, and Servers.
 EtherChannel bundles individual
Ethernet links into a single logical link
that provides bandwidth up to 1600
Mbps (Fast EtherChannel, full
duplex) , 16 Gbps (Gigabit
EtherChannel) or 160Gpbs (10
Gigabit EtherChannel) between two
switches.
 All interfaces in each EtherChannel

must be the same speed and duplex,
and both ends of the channel must be
configured as either a Layer 2 or
Layer 3 interface.
Link Agreggation Protocols
PAgP
 Port Aggregation Protocol
 Sends PAgP packets across link to
negotiate EtherChannel
 It uses the multicast address of 01-
00-0C-CC-CC-CC for
communication.
LACP
 Link Aggregation Control Protocol
 IEEE standard 802.3ad
 Sends LACP packets across link to
bundle multiple ports into a single
channel
 Use in mixed switch environment
 It uses the multicast address of 01-
80-C2-00-00-02 for communication
EtherChannel Interface
Modes
 ON – Forces EtherChannel ON without PAgP or LACP negotiation
(not recommended)
 PAgP
 Auto (default PAgP mode)
 interface enters passive negotiating state

 responds to PAgP packets received but doesn’t initiate PAgP
negotiation
 Desirable (PAgP mode)
 interface actively negotiates with other interfaces

 PAgP packets are exchanged
 LACP
 Passive (Default LACP mode)
 port responds to LACP packets received, but it does not initiate

LACP packet negotiation
 Active
 port actively negotiates state with other ports by sending LACP

packets
Link Aggregation with
PAgP
PAgP Mode Desirable Auto
Desirable Yes Yes
Auto Yes NO
Switch1(config)#interface range Gi0/0 - 3

Switch1(config-if-range)#channel-group 1 mode desirable
Switch1(config-if-range)#interface port-channel 1
Switch1(config-if)#switchport mode trunk

Switch2(config-if-range)#channel-group 1 mode auto
LACP
LACP Mode Active Passive
Active Yes Yes
Passive Yes NO

Switch1(config-if-range)#channel-group 1 mode active

Switch2(config-if-range)#channel-group 1 mode passive
Manual Mode - CISCO
When using a EtherChannel “ON” mode, EtherChannel will
be created only when another interface group is in
EtherChannel “on” mode

Switch1(config-if-range)#channel-group 1 mode on

Switch2(config-if-range)#channel-group 1 mode on
EtherChannel Layer 2 -
Example
Configure SW_L23
Configure SW_L22
Configure
SW_L21
Configure SW_L3
Configure SW_L3
Verify Etherchannel
Verify Etherchannel
Verify Etherchannel
Verify Connectivity
Etherchannel Layer 2 &
Layer 3
Configure R1
Configure R1
Configure R2
Configure R3
Configure SW_L21
Configure SW_L22
Verify Etherchannel
Verify Etherchannel
Homework

Material de Repaso PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Material de Repaso PDF

Uploaded by

Copyright:

Available Formats

CONMUTACION Y RUTEO I

“A network consists of two or more computers or devices

 Servers provide information and services to clients

 Clients request information from the server.

 Servers have software installed that enable them to provide

 The network infrastructure contains two categories of network

 End devices or hosts:

 Fiber optics – pulses of light

 Wireless – electromagnetic waves.

 Physical topology: Physical topology is the physical layout

 A local area network (LAN) is a network that connects

Main characteristics of LAN:

 Wireless Personal Area Network (W-PAN) is a type of

 Z-Wave is a wireless communications protocol designed for

RFID - RFID is an acronym for “radio-frequency identification”.

 ZigBee is a specification for a suite of high-level

Sensor Rango de Medida Observaciones

Temperatura PT100 -50º C a 100º C Considere 1 bit para representar el

Tacómetro 0 – 8000 RPM

Flujo de Aire 0 – 250000 m/s

Sensor de Proximidad 0 – 10 m Este valor por precisión se mide en

Tema 2. Modelo OSI

 Encapsulation – Process of adding control information as it

 Decapsulation – Process of removing control information as it

 Fiber-optic cable: The signals are patterns of light.

 Wireless: The signals are patterns of microwave transmissions .

 The formula for maximum bit rate in bits per second(bps) of

C = BW* log2 (1+S/N)

Consider a noiseless channel with a bandwidth of 3000 Hz

Consider the same noiseless channel transmitting a signal with four

We need to send 265 kbps over a noiseless channel with a bandwidth

Since this result is not a power of 2, we need to either increase the

The signal to noise ratio is often given in decibels also.

Assume that SNRdB = 36 and the channel bandwidth is 2 MHz.

Assume that SNRdB = 45 and the channel bandwidth is 10

The Shannon formula gives us 6 Mbps, the upper limit. For

In computer network, throughput is defined as the actual number of

 Too many users are accessing the same server.

 Low bandwidth allocation between network devices.

 Medium loss of a computer network.

 Resources (CPU, RAM) of network devices.

Data = 135 * 120

% U = Data / Data Rate Nominal

Patch Pannel Patch Cord

In both operating modes, a Service Set Identifier (SSID), also known

Implementation 1984 1991 1999 2002 2010

Higher Higher Capacity

AMPS, TACS, TDMA, CDMA, GPRS, EDGE, WCDMA,

Multiplexing FDMA TDMA, CDMA TDMA, SDMA CDMA CDMA

Tema 3. Capa de Aplicación

 The application layer is the top layer of both the OSI

Because of the TCP/IP

When discussing network

 Networked computers take on different roles or functions in relation

 Variations: P2P networks and P2P applications.

 Requires central servers responding to client requests.

 The responder takes on the role of a server.

Internet Message Access Protocol

• Used as a precursor to the DHCP protocol.

TCP Header(20 Bytes)

16-bit Source Port Number 16-bit Destination Port Number

32-bit Sequence Number

32 bit Acknowledgement Number