FVNET9712 S12 S13 Notes

‫آموزش طراحی شبکههای‬
‫کامیپوتری ‪Enterprise‬‬
‫آموزش طراحی شبکههای کامیپوتری ‪Enterprise‬‬
‫درس دوازدهم‪ :‬طراحی روتینگ داخل شبکه و ارتباط با اینترنت ‪ -‬بخش یکم‬
‫مدرس‪:‬‬
‫رضا گنجی‬
‫کارشناس ارشد مهندسی فناوری اطالعات )‪(IT‬‬
‫‪1‬‬
‫طراحی روتینگ داخل شبکه و ارتباط با اینترنت‬

‫مالحظات پروتکلهای روتینگ‬
‫‪2‬‬
Enterprise ‫کامیپوتری‬
Interior and Exterior Routing Protocols
• IGPs are used for intra-autonomous system

routing.
- RIP
- EIGRP
- IS-IS
- OSPF
• EGPs are used for inter-autonomous system
routing.
- BGP
3
Route Summarization
The design recommendations for summarizations:

• Use route summarization to scale routing design.
- Stability, control, predictability, and security.
• Design addressing by using address blocks that can be
summarized.
• Use default routing whenever it makes sense. It is the
ultimate route summarization.
4
Originating Default Routes
• Using static routing for Internet reachability can lead to black holes.
• It is recommended to configure a static default route to ISP and then redistribute it
into IGP.
- If connectivity to ISP is lost, the edge router stops advertising the route to the ISP to all
internal routers.
5
Route Redistribution
Routes can be learned from different sources and then redistributed. The three possible sources are:
• Static routes
- You are using a Layer 3 device that does not support dynamic routing.
• Another routing protocol
- Solving bad design.
- Mergers between companies.
- Transition from one IGP to another.
• Directly connected routes
- Redistributing directly connected routes into IGP is an alternative to using the network command
(or enabling routing per interface) and then declaring the interfaces passive.
6
Avoiding Transit Traffic
IGP concern: when the core link fails, traffic should

not trans it a branch, because it will probably not be
able to handle it.
• With OSPF, use proper multi-area design. Only then
you will be able to filter traffic.
• With EIGRP, configure the branch as a stub.
7
Avoiding Transit Traffic (Cont.)
BGP concern: when connecting to two ISPs you can

become a transit path for traffic that is not yours.
• Ensure that only your prefixes are advertised outwards.
- Never advertise routes that you receive from ISP1 to
ISP2. And vice versa.
8
Defensive Filtering
9
Use Cases for Passive Interfaces
10
Use Cases for Passive Interfaces (Cont.)
11
Use Cases for Passive Interfaces (Cont.)
12
Routing Protocol Fast Convergence
• Routing information on R3 and R5 changes constantly.

- Changes are propagated to neighbors with each change.
• If, for example, R2 cannot process information fast
enough, it can also start periodically dropping adjacency.
- Can lead to sporadic connectivity loses.
• Solution: Start removing redundant links until topology
stabilizes, then make sure that it does not happen again.
13
Routing Protocol Convergence (Cont.)
Preventing routing meltdowns:

• Slow down-do not lower routing timers (hello, hold) if you do not need to.
- Making system faster can fasten convergence times, but it can also make the system more brittle.
• Use devices and routing protocols that support technologies like Nonstop Forwarding and
Graceful Restart.
- Non-Stop Forwarding allows continuous forwarding regardless of the state of the control plane.
- Graceful Restart takes care of routing databases between devices after the control plane recovers.
Graceful restart is a routing protocol capability that prevents the existing forwarding of packets from
being disturbed.
14
Coexistence of IPv4 and IPv6 IGP Routing
Look towards the future when deploying IPv6 routing:

• Coexistence between IPv4 and IPv6 routing.
• Target party- if IPv4 routing is end-to-end, you want the same for IPv6.
- Clearer design translates into easier interpretation and therefore easier troubleshooting.
- However, it might not always be an option (extra resources are needed for IPv6 routing).
• Common design options:
- EIGRP for both IPv4 and IPv6.
- OSPFv2 for IPv4 and OSPFv3 for IPv6, or OSPFv3 for both.
- IS-IS for both IPv4 and IPv6. Either single topology or multi-topology mode.
15
Coexistence of IPv4 and IPv6 IGP Routing (Cont.)
16
Routing Protocol Authentication
• When designing a network, think about authentication.

- You want to prevent false routing updates from updating the routing table.
• Do not use plaintext authentication.
• Because it is stronger, use SHA instead of MD5 if the routing protocol supports it.
17
Summary
• Use route summarization in order to make your network scalable.
• Route redistribution is sometimes necessary, but a lot of times it is just a consequence
of bad design.
• Transit traffic can be a problem with both BGP and IGPs.
- Best case scenario is overloaded links. Worst case is disruption of service.
• Faster convergence is not always better-make sure that routing meltdowns do not
happen.
• When implementing IPv6 addressing and routing into your network, strive for parity
of devices and functions.
18

‫طراحی ‪EIGRP‬‬
‫‪19‬‬
Case Study: Single-Homed Site
20
Case Study: Single-Homed Site (Cont.)
21
Case Study: Single-Homed Site (Cont.)
Using static routing between headquarters and branch instead of EIGRP:

• If a link is not robust, this approach will enable you to prevent link instability from affecting
the rest of EIGRP network.
• Introduces a lot of administrative overhead.
22
Case Study: Dual-Homed Site
23
Case Study: Dual-Homed Site (Cont.)
• Four paths from HQ1.

• The direct path will be preferred.
• Can be problematic from the network scaling perspective.
24
Case Study: Dual-Homed Site (Cont.)
25
Case Study: Geographic Dispersion of HQ
26
Case Study: Geographic Dispersion of HQ (Cont.)
27
Case Study: Geographic Dispersion of HQ (Cont.)
28
Case Study: Stub Feature
29
Case Study: Stub Feature (Cont.)
30
Case Study: Stub Feature (Cont.)
What a stub advertises depends on configuration:

• connected - advertise only connected routes.
• receive-only - do not advertise routes, only accept them.
• redistributed - allows a stub router tore-advertise routes that are learned through redistribution.
• eigrp stub static - does not cause redistribution of static routes, but allows only the advertisement of
redistributed static routes.
• summary - advertise locally created summary routes.
• By default, if you only use the eigrp stub command on a router, then the connected and summary
routes are advertised.
31
Case Study: Summarizing Towards the Core
• You have added 18 new remote sites.

• Configured summarization on DHQ1 and D-HQ2
towards the core:
- 10.0.64.0/19
- 10.0.24.0/21
- 10.0.32.0/19
• What happens if D-HQ1 loses connection to
10.0.24.0/24?
32
Case Study: Summarizing Towards the Core (Cont.)
33
34
35
36
Summary
• Summarizing from HQ to branch will make your network scalable.

- Preferably, branch should only receive the default route. However, make sure that this
default route does not create a suboptimal path situation.
• EIGRP stub feature, which is used in combination with summarization, can improve
scaling.
- Stub feature reduces the number of queries being sent.
• When summarizing towards the core, make sure you will not end up with a routing
black hole.
37

‫طراحی ‪OSPF‬‬
‫‪38‬‬
Case Study: OSPF Areas
• You added a branch to your Area 0 network. Soon

many more are anticipated.
• Should you keep the whole network in OSPF Area 0?
39
Case Study: OSPF Areas (Cont.)
• Single-area topology is fine for small networks.

• Multi-area topology is recommended to keep the
size of LSDB manageable:
- One OSPF area hides topology from another area.
- Segmentation reduces the number of SPF tree
calculations.
- Segmentation reduces the amount of LSA flooding.
- Multi-area design enables summarization.
40
HQ router should be the ABR:

• The branch router is likely a small router. It
should not have a large LSDB or multiple
LSDBs, because that means more processing.
• Only routers that are ABRs can perform
summarization.
- You want to summarize towards the branch and
thus keep its routing table small.
41
• Having all branches in the same area is not

scalable.
• Keep each branch in its own area and with
that limit amount of LSA flooding and SPF
recalculations.
42
Review of OSPF LSAs
43
Case Study: OSPF Summarization
10.10.3.0/24 link fails:

• Will SPF recalculation be needed in Area 1?
• Will SPF recalculation be needed in Area 0?
• What does summarization achieve?
44
Case Study: OSPF Summarization (Cont.)
Link 10.10.3.0/24 fails:

• Without summarization:
- SPF calculation in both Area 1 and then Area 0.
• With summarization:
- SPF calculation only in Area 1.
45
• To reduce the size of routing table you

configured summarization.
• Why is HQ2 still seeing all individual
routes from Area 1?
46
• Summarization between areas will only work

on Type 1 LSAs.
- Information about Area 1 as I enters Area 4 is
Type 3.
• Summarization should be configured on HQ1.
47
Case Study: OSPF Path Selection
• You installed a new branch office that dual-homes

to the headquarters.
• Which path will BR install in its routing table-to
HQ1 or HQ2?
48
Case Study: OSPF Path Selection (Cont.)
It depends:
• If paths to headquarters are equal cost, then both will be
installed into the routing table and equal-cost load
balancing will be performed.
- Will be problematic if paths are equal cost but links
significantly differ in bandwidth.
• If paths are not equal cost, the lower-cost path will be
installed into the routing table.
49
• You have added a second dual-homed branch

office.
• If HQ1-BRa link fails, how will the traffic
flow from HQx to BRa?
50
• Traffic will flow in the following way:

HQx-HQ1-BRb-HQ2-BRa.
• Traffic crossing backbone must go into an
area by the shortest path and then stay
within that area.
• What are solutions to this problem?
51
52
53
54
Case Study: OSPF Stubby Areas
Area 1 is stubby:
• What does that mean?
• Why would you configure Area 1 as stubby?
55
Case Study: OSPF Stubby Areas (Cont.)
• Branch routers do not need to run a full

OSPF LSDB.
• With stubby area, external routes are not
propagated.
- A default route is used instead.
• Which area could you use if you wanted the
branch to get just a single default route?
56
• Totally stubby area does not receive type 3,4,

and 5 LSAs.
• All routing is done based on a single default
route.
• What about if you had an external network
connected to BR1? Can BR1 be an ASBR also?
57
• Stubby and totally stubby area cannot contain

ASBR.
• The solution is not-so-stubby-area.
- Uses Type 7 LSA to send routes to ABR.
- ABR translates them into Type 5 LSAs.
• NSSA can be either stubby or totally stubby.
58
Summary
• Divide your OSPF networks into areas.
- Reduces the size of LSDB and amount of LSA flooding.
• Summarize OSPF routes in order to further reduce the amount of SPF recalculation
and LSA flooding.
- With OSPF, summarization is only possible on ABRs and ASBRs.
• Configuring your branch OSPF networks as stubby areas will minimize the size of
LSDB of your branch routers.
• OSPF uses cost for path selection, it supports equal-cost load balancing, but does not
support unequal-cost load-balancing.
59

‫آشنایی با ‪IS-IS‬‬
‫‪60‬‬
Introducing IS-IS
IS-IS vs. OSPF:

• Both nonproprietary.
• Scalability using two-level hierarchy.
- OSPF: Area 0 and other areas.
- IS- IS: Level 1 and Level 2.
• Routers within area maintain a complete topology.
- OSPF has link-state advertisements- LSAs.
- IS-IS has link-state packets-LSPs.
• Both use Dijkstra to calculate the SPF tree.
61
‫‪IS-IS Areas‬‬
‫‪62‬‬
‫)‪IS-IS Areas (Cont.‬‬
‫‪63‬‬
‫)‪IS-IS Areas (Cont.‬‬
‫‪64‬‬
Inter-Router Communication
• IS-IS uses three types of packets:

- Hello packets
- Link-state packets
- Sequence number packets
• Adjacency has three states:
- Down
- Initializing
- Up
65
CLNS Addressing
The most commonly used NSAP format for IS-IS follows:
• AFI set to 49 (private address; 2 bytes)
• Area ID (4 bytes)
• System ID (6 bytes)
• NSEL (2 bytes) should be 00
- The CLNS address with the NSEL set to 00 is called the NET address.
66
IS-IS Metric
• The path metric is a cumulated metric of all links on the path to destinations.
• The IS-IS metric is not bound to the interface bandwidth, and the metric of all
interfaces is set to 10 by default.
67
IS-IS Load Balancing
• As with OSPF, IS-IS can select several paths to destinations for load balancing.
• Paths have to have equal metrics.
• The maximum number of paths is platform-dependent and is configurable.
• You can ensure that paths are of equal cost by changing the IS-IS metric on a
particular link.
68
IS-IS Authentication
• Authentication can be done on hello packets (adjacency) and/or on LSPs (routing).

• Two types of authentication:
- Plaintext (do not use it)
- MD5 hash
69
IS-IS for IPv6
Two architecture options:

• Single-topology
- Single SPF for IPv4 and IPv6.
- All routers must run the same set of protocols (IPv4-only, IPv6-only, or IPv4 and IPv6).
- Use only when you have dual-stack network with end-to-end IPv4 and IPv6.
- Be careful when adding IPv6 IS-IS routing.
• Multitopology
- SPF for each IPv4 and IPv6.
- Not compatible with single-topology architecture.
- Will use more memory and CPU than single-topology.
70
Summary
• IS-IS is similar to OSPF:

- Standardized.
- Link-state.
- Uses two level hierarchy.
- Uses Dijkstra to calculate SPF tree.
- Supports equal cost multipath.
• IS-IS is different to OSPF:
- IS-IS packets are encapsulated directly in data-link frame.
- Backbone can span multiple areas.
• IS-IS router needs NSAP address, even if only used for routing IP.
71

‫طراحی ‪IS-IS‬‬
‫‪72‬‬
Area and Scaling
• IS-IS supports many routers in a single area.

- You can place more than 500 routers in the backbone.
• Benefits of segmentation into areas:
- Calculation is not required with every link flap.
- Size of the LSPDB gets smaller.
- Summarization between IS-IS levels will shrink the LSDB even further.
• Benefit of having a flat design:
- Simple network design.
73
IS-IS Hub-and-Spoke Scaling
• Although BR1 can only reach BR2 through HQ, it

still receives all BR2's routing information.
• As the number of the remote sites grows, more
information needs to be exchanged.
• Therefore scaling is limited for hub and spoke
networks.
74
Case Study: IS-IS Hub-and-Spoke
• CHQ2 chooses DHQ2 as the best path to

10.1.1.0/24.
• If the DHQ2-BR1 link is down, how can
you prevent suboptimal traffic path?
75
Case Study: IS-IS Hub-and-Spoke (Cont.)
• Solution: Place the link between DHQ1 and

DHQ2 in the same area as your branch network.
• DHQ1-DHQ2 cost should be lower than the link
cost through BR2.
76
Summary
• IS-IS segmentation will make your network more scalable but at cost of complexity.
• Just like with OSPF, the hub-and-spoke design is not very scalable with IS-IS.
• Be careful with IS-IS hub-and-spoke design. You need to prevent transitioning traffic
through remote sites.
77

‫استفاده از ‪ BGP‬برای ارتباط با اینترنت‬
‫‪78‬‬
Case Study: Single and Dual-Homing
79
Case Study: Single and Dual-Homing (Cont.)
80
• Two (or more) links to the same ISP:

- Single or dual CE routers
- Single or dual ISP routers
• Possible single-point failures:
- ISP failure
- Router failure in single CE router design
81
Connectivity between CE and ISP:

• Default route
• BGP
Multiple ways of configuring outbound routing in dual-homed model:
• Static routing (default route)
• Dynamic routing protocol (EIGRP, OSPF, BGP)
• FHRP (HSRP, VRRP, GLBP)
If you use default routes, and then EIGRP as your IGP, how would you achieve that one
connection is preferred over the other?
82
83
Case Study: Multihoming
Connecting to two or more service providers:

• Would you use static routing or BGP?
• Would you get public addresses from service providers or
would you get provider-independent address space?
84
Case Study: Multihoming (Cont.)
• Provider-independent address space is required.

• BGP is used to exchange routes with ISP.
- You will need your own AS number.
• You will need to run IBGP between enterprise
internal routers.
• What should be the amount of BGP routing
information that your routers get from ISPs?
85
Case Study: Multihoming (Cont.)
86
Implications of Running Full BGP Routing Table
• IPv4 Internet routing table is huge.

- 256k in 2008, 512k in 2014,...
• TCAM is a limited resource. Some routers and Layer 3 switches can have reservation
for IPv4 routes at 512k.
- When you go over the limit, unpredictable connectivity issues happen. Router might even
crash.
87
Implications of Running Full BGP Routing Table
• Solution 1: Buying a high capacity router.

- This kind of investment is not always an option. Plus, consider downtime.
• Solution 2: Allocating more TCAM space to IPv4 routes.
- Be careful, since you are taking away resources from other features.
• Solution 3: Do you really need to run full BGP in your network?
- Run a partial BGP routing table and have a default route for all other destinations.
88
Running a Partial Internet Table
89
BGP Route Selection Process
Consider only routes with no AS loops and a valid next hop. The evaluation steps are as
follows:
1. Prefer highest weight (local to router)
2. Prefer highest local preference (global within AS)
3. Prefer route that is originated by the local router (next hop = 0.0.0.0)
4. Prefer shortest AS path
5. Prefer lowest origin code (IGP < EGP <incomplete)
6. Prefer lowest MED (exchanged between autonomous systems)
7. Prefer the EBGP path over the IBGP path
90
BGP Route Selection Process (Cont.)
8. Prefer the path through the closest IGP neighbor

9. Prefer the oldest route for EBGP paths
10. Prefer the path with the lowest neighbor BGP router ID
11. Prefer the path with the lowest neighbor IP address
91
Influencing Outbound and Inbound Routing
• Options for influencing routing decisions outbound:

- Weight, local preference, AS path length
• Options for influencing routing decisions inbound:
- AS path length, BGP communities, MED
92
Influencing Outbound Routing: Weight Attribute
• Whichever path is the shortest, through ISP1 or ISP2, will

be chosen.
- If paths are equal, then the oldest route will be preferred.
• However, as a result you can have a suboptimal outbound
traffic path situation.
- Can be especially true if using unequal links to connect to the
Internet.
• This scenario applies only to the case of a single router on
the enterprise side.
93
Influencing Outbound Routing:

Weight Attribute (Cont.)
94
Influencing Outbound Routing: Local Preference
• Local preference is sent within local AS to

IBGP neighbors.
• The default value is 100 .
- Higher is preferred.
95
Influencing Outbound Routing:

Local Preference (Cont.)
96
Influencing Inbound Routing: Setting MED Outbound
97
Influencing Inbound Routing: Setting MED

Outbound (Cont.)
• Unless you configure bgp always compare-med, MED

can be only used with a single ISP.
- ISPs need to have the same MEDs-a very unlikely scenario.
• Default behavior:
- First best paths to each AS are chosen based on older route.
- Then winners to each AS are compared based on MED.
• Behavior with bgp deterministic-med:
- First best paths to each AS are chosen based on MED.
- Then winners to each AS are compared based on MED.
98
Influencing Inbound Routing: Setting

Communities Outbound
• ISP gives you a list of BGP communities.

- Each community corresponds to a specific
configuration on the ISPs side.
• You can set BGP communities however you
want your links to be treated.
99
Influencing Inbound Routing: Setting

Communities Outbound (Cont.)
100
Influencing Inbound and Outbound Routing:

Prepending AS Path
101
Case Study: Avoiding Loops When Forwarding

to the Internet
102
Case Study: Avoiding Loops When Forwarding to

the Internet (Cont.)
103
Case Study: Avoiding Loops When Forwarding to

the Internet (Cont.)
104
‫‪Route Dampening‬‬
‫‪105‬‬
Coexistence of BGP for IPv4 and IPv6
• Single IPv4 BGP session:

- Only one neighborship.
- When you send information over IPv4 BGP session, you need to create a route map to
modify the next-hop BGP attribute.
• Dual (IPv4/IPv6) BGP sessions:
- More neighborships must be configured.
- You do not need to configure a route map to modify the next-hop BGP attribute.
106
Summary
• Avoid single-homed, use dual-homed or multihomed solution.

- You will need your own PI address space and your own BGP AS number if you use multihomed
solution.
• Consider not running a full Internet routing table, but a partial one:
- ISP can send it to you already filtered or you can filter it on your own.
• When connecting to ISP, you might need to influence path selection:
- Use weight or local preference to influence the outbound Internet traffic. And then use communities
or MED for the inbound traffic. However, your ISPs may not be offering this service.
- Alternatively, you can use the AS path prepending to influence the path both inbound and outbound.
However, your ISP or any upstream ISP can ignore your AS path prepending.
107
‫شبکههای‬
‫تکمیلی‬
‫طراحی‬
‫آموزش‬
‫آموزش‬
‫نت‬
‫‪Enterprise‬‬
‫بیسیک دات‬
‫کامیپوتری‬
‫ویژوال‬
‫این اسالیدها بر مبنای نکات مطرح شده در فرادرس‬

‫«آموزش طراحی شبکههای کامیپوتری ‪»Enterprise‬‬
‫تهیه شده است‪.‬‬
‫برای کسب اطالعات بیشتر در مورد این آموزش به لینک زیر مراجعه نمایید‪.‬‬
‫‪faradars.org/fvnet9712‬‬

FVNET9712 S12 S13 Notes

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FVNET9712 S12 S13 Notes

Uploaded by

Copyright:

Available Formats

‫آموزش طراحی شبکههای‬

‫آموزش طراحی شبکههای کامیپوتری ‪Enterprise‬‬

‫طراحی روتینگ داخل شبکه و ارتباط با اینترنت‬

Interior and Exterior Routing Protocols

• IGPs are used for intra-autonomous system

The design recommendations for summarizations:

Originating Default Routes

Avoiding Transit Traffic

IGP concern: when the core link fails, traffic should

Avoiding Transit Traffic (Cont.)

BGP concern: when connecting to two ISPs you can

Use Cases for Passive Interfaces

Use Cases for Passive Interfaces (Cont.)

Use Cases for Passive Interfaces (Cont.)

Routing Protocol Fast Convergence

• Routing information on R3 and R5 changes constantly.

Routing Protocol Convergence (Cont.)

Preventing routing meltdowns:

Coexistence of IPv4 and IPv6 IGP Routing

Look towards the future when deploying IPv6 routing:

Coexistence of IPv4 and IPv6 IGP Routing (Cont.)

Routing Protocol Authentication

• When designing a network, think about authentication.

‫طراحی روتینگ داخل شبکه و ارتباط با اینترنت‬

Case Study: Single-Homed Site

Case Study: Single-Homed Site (Cont.)

Case Study: Single-Homed Site (Cont.)

Using static routing between headquarters and branch instead of EIGRP:

Case Study: Dual-Homed Site

Case Study: Dual-Homed Site (Cont.)

• Four paths from HQ1.

Case Study: Dual-Homed Site (Cont.)

Case Study: Geographic Dispersion of HQ

Case Study: Geographic Dispersion of HQ (Cont.)

Case Study: Geographic Dispersion of HQ (Cont.)

Case Study: Stub Feature

Case Study: Stub Feature (Cont.)

Case Study: Stub Feature (Cont.)

What a stub advertises depends on configuration:

Case Study: Summarizing Towards the Core

• You have added 18 new remote sites.

Case Study: Summarizing Towards the Core (Cont.)

Case Study: Summarizing Towards the Core (Cont.)

Case Study: Summarizing Towards the Core (Cont.)

Case Study: Summarizing Towards the Core (Cont.)

• Summarizing from HQ to branch will make your network scalable.

‫طراحی روتینگ داخل شبکه و ارتباط با اینترنت‬

Case Study: OSPF Areas

• You added a branch to your Area 0 network. Soon

Case Study: OSPF Areas (Cont.)

• Single-area topology is fine for small networks.

Case Study: OSPF Areas (Cont.)

HQ router should be the ABR:

Case Study: OSPF Areas (Cont.)

• Having all branches in the same area is not

Review of OSPF LSAs

Case Study: OSPF Summarization

10.10.3.0/24 link fails:

Case Study: OSPF Summarization (Cont.)

Link 10.10.3.0/24 fails:

Case Study: OSPF Summarization (Cont.)

• To reduce the size of routing table you