Professional Documents
Culture Documents
ROUTE 1 BasicNetworkRoutingConcepts
ROUTE 1 BasicNetworkRoutingConcepts
3
Enterprise Network
Infrastructure
Enterprise Campus:
Provides access to the network communications services and resources
to end users and devices.
Usually scalable hierarchical model
Access layer
Distribution layer
Core layer
4
Enterprise Network
Infrastructure
Enterprise Edge:
Provides:
Access to the Internet
Access to the same network services as users at the main site.
5
Role of Dynamic
Routing Protocols
Routing protocols provide:
Network reachability between routers
Dynamically adapt to network
changes
Best practice that you use one IP (IGP) routing protocol throughout the
enterprise.
OSPF or EIGRP
Multiple routing protocols (IGP and BGP) are used when the organization is
multihomed to two or more ISPs for Internet connectivity.
6
BGP with ISP
Choosing a Dynamic Routing Protocol
Input (network) requirements
Size of the network (scalability)
Vendor interoperability
Familiarity
What’s currently being used
Protocol characteristics:
IGP or EGP
Type of routing algorithm
Speed of convergence
Scalability
Summarization 7
IGP versus EGP
Interior Gateway Protocols
(IGP): These are used within
the organization, and they
exchange the routes within
an AS.
RIP
EIGRP
OSPF
IS-IS
Exterior Gateway Protocols (EGP): Used to exchange routes
between different ASs.
BGP is the only EGP that is used today.
8
Types of Routing Protocols
Exterior
Gateway
Interior Gateway Protocols Protocols
Distance Vector Link State Path Vector
Distance Vector Routing Link State Routing Path Vector
Protocols Protocols
IPv4 RIPv2 EIGRP OSPFv2 IS-IS BGP-4
RIPng EIGRP for OSPFv3 * IS-IS for BGP-4 for
IPv6 IPv6 IPv6 IPv6 or
MP-BGP
* OSPFv3 supports routing both IPv4 and IPv6.
9
Distance Vector Routing Protocols
What does a street sign like this tell you?
How far (distance)
Which way (direction)
Distance vector
Routes are advertised as vectors of
distance and direction.
Distance is defined in terms of a metric
Such as hop count
Direction is simply the:
Next-hop router or
Exit interface
Typically use the Bellman-Ford algorithm for
10
the best-path (shortest) route determination
Link-State Protocols
Link-state routing protocol can
create a “complete view,” or
topology, of the network.
Link-state protocols are associated
with Shortest Path First (SPF)
calculations. OR
A link-state router uses the link-
state information to:
Create a topology map
Select the best path to all
destination networks in the
topology.
Each router makes the decision!
Link State routing protocols is like having a complete map of the network topology 11
Path vector protocols
IPv6
Traffic Types
Destination IP address: A device can send traffic to one
recipient, to selected recipients, or to all devices within a
subnet at the same time.
Routing protocols use different traffic types to control how
routing information is exchanged.
Unicast: Unicast addresses are used in a one-to-one context.
Multicast: Multicast addresses identify a group of interfaces.
Traffic that is sent to a multicast address is sent to multiple
destinations at the same time.
Anycast: It is assigned to an interface on more than one node.
When a packet is sent to an anycast address, it is routed
to the nearest interface that has this address.
Broadcast: IPv4 broadcast addresses are used when sending
traffic to all devices in the subnet.
17
Well-known IPv4 and IPv6 multicast addresses used by
routers
19
Frame Relay Point-to-Point
Physical interface: Same Network
One connection to
provider
Alternative: Separate
leased lines for each
point-to-point
connection Sub-interface: Sub-interface for each separate network
20
Point-to-point subinterfaces are logical interfaces:
Emulates a leased line network
Provide a routing equivalent to point-to-point physical interfaces
As with physical point-to-point interfaces, each interface requires its own
subnet.
Frame Relay point-to point is applicable to hub and spoke topologies.
21
Nonbroadcast Multiple-Access Networks
22
Split horizon:
Prevents a routing update that is received on an interface from being
forwarded out of the same interface.
Hub router will not forward routing update learned from one spoke router to
other spoke routers.
Solution: Disable split horizon or subinterfaces
23
DR
Designated Router:
OSPF over NBMA networks works in a nonbroadcast network mode by default
The hub router will not forward broadcasts/multicasts received by one
spoke to other spokes.
Default, OSPF treats an NBMA network like Ethernet.
Requires a DR to exchange routing information between all routers on a
segment.
Solution: Configure the hub router can act as a DR because it is the only
router that has PVCs with all other routers. 24
Replicated Broadcasts
Broadcast replication:
The router must replicate broadcast (and multicast) packets, such as
routing update broadcasts, on each PVC to the remote routers.
Consume bandwidth and cause significant latency variations in user traffic.
25
Ch. 1 Basic Network and Routing Concepts
Connecting Remote Locations
Differentiating Routing Protocols
Static Routing
Enterprise Network Architecture
PPP Overview
Routing Protocols
Frame Relay Overview
Understanding Network Technologies
Types of VPNs
Traffic Types
MPLS Overview
Network Types and Frame Relay
Virtual Routing and Forwarding (VRF) and
Challenges
Cisco EVN
VPN Overview
Tunnels
Characteristics of a Secure VPN
DMVPN and NHRP Concepts
IPv6 Overview
GUA
Link-local address
ICMPv6 ND
Implementing RIPng 26
Principles of Static Routing Please read on your own
28
Basic Frame Relay Overview
R1# configure terminal
R1(config)# interface serial 0/0/0
R1(config-if)# ip address 192.168.1.1 255.255.255.0
R1(config-if)# encapsulation frame-relay
29
Using VPNs
What kind of connection?
Traditionally leased lines or frame relay.
Takes time to provision
VPNs
Easy to provision
Used over different technologies –
DSL, cable, DS/gig circuits
Can provide security
30
Types of VPNs
VPNs enable the exchange of information over a public (or private network)
as if remote hosts would be connected to the same private network.
Similar to leased lines.
The majority of VPN technologies also support routing protocols.
VPNs use tunnels.
35
Tunnels
38
Characteristics of a Secure VPN
Authentication
Ensures that a message:
Comes from an authentic source and
Goes to an authentic destination
Data confidentiality
Protecting data from eavesdroppers (encryption)
Aims at protecting the message contents from
being intercepted by unauthenticated or
unauthorized sources.
Data integrity
Across the Internet, there is always the possibility
that the data has been modified.
Antireplay protection:
Antireplay protection verifies that each packet is
unique and not duplicated. 39
VPN Security
provided by IPsec
IPsec
IP unicast only
Transport mode:
When IPsec headers are simply inserted in an IP packet (after the IP header),
The original IP header is exposed and unprotected.
Data at the transport layer and higher layers benefits from the implemented IPsec
features.
Transport mode protects the transport layer and up. 44
Router Router
IP IP
Tunnel mode:
The actual IP addresses of the original IP header, along with all the data within the
packet, are protected.
Tunnel mode creates a new external IP header that contains the IP addresses of the
tunnel endpoints (such as routers or VPN Concentrators).
The exposed IP addresses are the tunnel endpoints, not the device IP addresses
45
that sit behind the tunnel end points.
VPN technologies that use virtual tunnels
GRE (appear Layer 2adjacent)
DMVPN – Dynamic Mulitpoint VPN
Good for hub spoke – communications between spokes
without going thru hub
Uses multipoint GRE
GRE by itself doesn’t encrypt but can use IPsec 46
DMVPN Theory
Requirement: Need to bring up and tear down VPN tunnel between two
spokes on an as needed basis.
Problem: Hub and spoke doesn’t scale well when interconnecting spokes
and full mesh is expensive (Internet or MPLS cloud).
Solution: Multipoint GRE (MGRE) makes this possible
Single router interface can have multiple GRE tunnels on it.
Have MGRE on all branch/spoke routers so they can create GRE tunnel
to other routers on as-needed basis
One problem – How does a spoke router determine the IP address at
47
the other end of the tunnel, the other spoke router?
My tunnel IP is
10.0.0.2 and my
physical IP
200.0.113.1
My tunnel IP is
10.0.0.3 and my
physical IP
is192.51.100.1
Next-Hop Resolution Protocol (NHRP)
NHRP is used by the router to determine the IP address of physical
interface of other end of the tunnel
Similar to DNS…. client-server model
Hub is the server and the spokes are the clients
Clients (spokes) tell server (hub) their physical IP address that correspond
to a specific tunnel interface 48
Checking my
NHRP database,
10.0.0.2 is at the
physical IP
address is
200.0.113.1
“I know the IP
address of the
end-point tunnel
(10.0.0.2) but I
don’t know it’s
physical interface
IP address”
DMVPN with the assistance of NHRP
Branch C (spoke) queries HQ (hub) to say it wants to set up a tunnel with
another spoke, Branch B
Branch C queries HQ asking for Branch B’s physical interface IP address.
NHRP receives query and replies
Branch C can now create a GRE tunnel with Branch B. 49
Ch. 1 Basic Network and Routing Concepts
Differentiating Routing Protocols Connecting Remote Locations
Enterprise Network Architecture Static Routing
Routing Protocols PPP Overview
Understanding Network Technologies Frame Relay Overview
Traffic Types Types of VPNs
Network Types and Frame Relay MPLS Overview
Challenges Virtual Routing and Forwarding (VRF) and
Cisco EVN
VPN Overview
Tunnels
Characteristics of a Secure VPN
DMVPN and NHRP Concepts
IPv6 Overview
GUA
Link-local address
ICMPv6 ND
Implementing RIPng 50
IPv6 Address Types
IPv6 Addresses
Assigned Solicited-Node
FF00::/8 FF02::1:FF00:0000/104
32 bits
128 bits
• 64-bit Interface ID = 18 quintillion (18,446,744,073,709,551,616) devices/subnet
• 16-bit Subnet ID = 65,536 subnets
/64 Global Unicast Address and the 3-1-4 Rule
/48 /64
16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits
3 + 1 = 4 (/64) : 4
2001:0DB8:CAFE:0001:0000:0000:0000:0100/64
2001:0DB8:CAFE:0001::100/64
2001:DB8:CAFE:1::/64
Static GUA :100 A G0/0
:1
2001:DB8:CAFE:3::/64
:1
Configuration :100
:1
G0/0
R1 S0/0/0
B
2001:DB8:CAFE:2::/64
I love the 3-1-4
rule and
R1(config)#interface gigabitethernet 0/1
subnetting IPv6!
R1(config-if)#ipv6 address 2001:db8:cafe:2::1/64
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface serial 0/0/0
R1(config-if)#ipv6 address 2001:db8:cafe:3::1/64
R1(config-if)#no shutdown
R1(config-if)#exit
Unlike IPv4, IPv6 does not associate the all-zeroes and all-ones Interface-IDs
(host portion) to subnet/broadcast – valid IPv6 device addresses.
IPv6 Address Allocation
Global Routing Prefix I am getting a /64 at home
/23 /32 /48 /56 /64
Subnet
Sub Interface ID
ID
*RIR
*ISP Prefix
*Site Prefix
Possible Home Site Prefix
Subnet Prefix
/32 /48
Subnet
Global Routing Prefix ID Interface ID
Link-local Unicast
FE80::Interface ID
Link-local addresses are created
• Automatically :
• FE80 (usually) – First 10 bits
• Interface ID
• EUI-64 (Cisco routers)
• Random 64 bits (many host operating systems)
• Static (manual) configuration
G0/0
Automatic Link-Local Address S0/0/0
R1
using EUI-64 G0/1
FC 99 47 75 C3 E0
Insert FF-FE
FC 99 47 FF FE 75 C3 E0
FC
1111 1100
1110 99 47 FF FE 75 C3 E0
U/L bit flipped
FE 99 47 FF FE 75 C3 E0
G0/0
Verifying the Router’s S0/0/0
R1
Link-Local Address G0/1
R1# show interface gigabitethernet 0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is fc99.4775.c3e0 (bia
Link-local
fc99.4775.c3e0) addresses
<Output Omitted> only have to
Wait! Two be unique
R1#show ipv6 interface brief Link-locals on the link.
GigabitEthernet0/0 [up/up] are the
FE80::FE99:47FF:FE75:C3E0
2001:DB8:CAFE:1::1
EUI-64 same!
GigabitEthernet0/1 [up/up]
FE80::FE99:47FF:FE75:C3E1 FF:FE = EUI-64 (most likely)
2001:DB8:CAFE:2::1
Serial0/0/0 [up/up]
FE80::FE99:47FF:FE75:C3E0
Serial interfaces will use a MAC
2001:DB8:CAFE:3::1 address of an Ethernet interface.
R1#
G0/0
Static Link-Local Addresses FE80::1 S0/0/0
Static addresses are more easily remembered G0/1 R1 FE80::1
and recognizable. FE80::1
R1(config)#interface gigabitethernet 0/0
R1(config-if)#ipv6 address fe80::1 ?
link-local Use link-local address
• Loopback Address
• ::1/128
• Used by a node to send an IPv6 packet to itself, typically when testing the
TCP/IP stack.
• Same functionality as IPv4 loopback 127.0.0.1
• Not routable.
• Unspecified Address
• :: (all-0s)
• Indicates the absence or anonymity of an IPv6 address (RA source address)
Unicast Addresses
Note: Site local addresses (FEC0::/10)
has ben deprecated.
Next
All ICMPv6 IPv6 Main Header ICMPv6
Data
messages Header 58 Header
ICMPv6 Neighbor Discover Protocol
ICMPv6 Neighbor Discovery defines 5 different packet types:
• Router Solicitation Message
• Router Advertisement Message Router-Device
Messaging
Used with dynamic address allocation
• Redirect Message
Similar to ICMPv4 redirect message
Router-to-Device messaging
Ch. 1 Basic Network and Routing Concepts
Differentiating Routing Protocols Connecting Remote Locations
Enterprise Network Architecture Static Routing
Routing Protocols PPP Overview
Understanding Network Technologies Frame Relay Overview
Traffic Types Types of VPNs
Network Types and Frame Relay MPLS Overview
Challenges Virtual Routing and Forwarding (VRF) and
Cisco EVN
VPN Overview
Tunnels
Characteristics of a Secure VPN
DMVPN and NHRP Concepts
IPv6 Overview
GUA
Link-local address
ICMPv6 ND
Implementing RIPng 69
Comparing RIPv2 and RIPng
70
Configuring RIP (IPv4)
192.168.3.0/24
71
Configuring RIPng
72
Similar configuration made on R1’s
Eth0/3, Lo0 and Lo1
74
2nd hop 1st hop
R 2001:DB8:A01:100::/64 [120/2]
via FE80::A8BB:CCFF:FE00:130, Ethernet0/1
R 2001:DB8:A01:A00::/64 [120/2] [Administrative Distance/Metric]
via FE80::A8BB:CCFF:FE00:130, Ethernet0/1
C 2001:DB8:A01:1400::/64 [0/0]
via Ethernet0/1, directly connected
L 2001:DB8:A01:1400::2/128 [0/0]
via Ethernet0/1, receive
C 2001:DB8:A01:1E00::/64 [0/0]
via Loopback0, directly connected
L 2001:DB8:A01:1E00::1/128 [0/0]
• via Loopback0, receive
ICMPv6
L FF00::/8 [0/0]
via Null0, receive
Local Routes
R2# show ipv6 route
IPv6 Routing Table - default - 6 entries • Local routes are /128 routes
Codes: C - Connected, L - Local, S - Static, U (host routes)
- Per-user for the
Static router’s
route
<Output omitted>
IPv6 unicast addresses.
• Allows the router to more
R 2001:DB8:A01:100::/64 [120/2]
via FE80::A8BB:CCFF:FE00:130, Ethernet0/1
efficiently process packets
R 2001:DB8:A01:A00::/64 [120/2] directed to the router itself
via FE80::A8BB:CCFF:FE00:130, Ethernet0/1 rather than for packet
C 2001:DB8:A01:1400::/64 [0/0]
via Ethernet0/1, directly connected forwarding.
L 2001:DB8:A01:1400::2/128 [0/0]
via Ethernet0/1, receive
C 2001:DB8:A01:1E00::/64 [0/0]
via Loopback0, directly connected
L 2001:DB8:A01:1E00::1/128 [0/0]
• via Loopback0, receive
ICMPv6
L FF00::/8 [0/0]
via Null0, receive
FF00::/8 to Null0
R1# show ipv6 route
• By default multicast packets
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user
(FF00::/8) are notStatic route
forwarded.
<Output omitted>
• Any ‘more specific’ multicast
packets (such as FF05::1:3 All-
R 2001:DB8:A01:100::/64 [120/2]
DHCPv6 servers) would take
via FE80::A8BB:CCFF:FE00:130, Ethernet0/1
R 2001:DB8:A01:A00::/64 [120/2] precedence.
• ipv6 multicast-routing
via FE80::A8BB:CCFF:FE00:130, Ethernet0/1
C 2001:DB8:A01:1400::/64 [0/0]
via Ethernet0/1, directly connected would need to be configured
L 2001:DB8:A01:1400::2/128 [0/0] • Link-local multicast (FF02) are
via Ethernet0/1, receive
C 2001:DB8:A01:1E00::/64 [0/0] never forwarded off the link.
via Loopback0, directly connected
L 2001:DB8:A01:1E00::1/128 [0/0]
• via Loopback0, receive
ICMPv6
L FF00::/8 [0/0]
via Null0, receive
Propagating a Default Route
originate keyword originates
the default route (::/0) in
addition to all other routes in
the updates sent on this
interface.
only keyword originates the
default route (::/0) but
suppresses all other routes in
the updates sent on this
interface.
79
originate option
R ::/0 [120/2]
via FE80::A8BB:CCFF:FE00:130, Ethernet0/1
R 2001:DB8:A01:100::/64 [120/2]
via FE80::A8BB:CCFF:FE00:130, Ethernet0/1
R 2001:DB8:A01:A00::/64 [120/2]
via FE80::A8BB:CCFF:FE00:130, Ethernet0/1 80
only option
R ::/0 [120/2]
via FE80::A8BB:CCFF:FE00:130, Ethernet0/1
81
Investigating the RIPng Process
R2# show ipv6 rip
RIP process "CCNP_RIP", port 521, multicast-group FF02::9, pid
138
Administrative distance is 120. Maximum paths is 16
Updates every 30 seconds, expire after 180
Holddown lasts 0 seconds, garbage collect after 120
Split horizon is on; poison reverse is off
Default routes are not generated
Periodic updates 308, trigger updates 1
Full Advertisement 0, Delayed Events 0
Interfaces:
Loopback0
Ethernet0/1 The show ipv6 rip command shows information
Redistribution: about all RIPng routing processes on the router.
None There can be mulitple RIPng processes on a
R2# single router
82
Investigating the RIPng Database
R2# show ipv6 rip database
RIP process "CCNP_RIP", local RIB
2001:DB8:A01:100::/64, metric 2, installed
Ethernet0/1/FE80::A8BB:CCFF:FE00:7430, expires in 155 secs
2001:DB8:A01:A00::/64, metric 2, installed
Ethernet0/1/FE80::A8BB:CCFF:FE00:7430, expires in 155 secs
2001:DB8:A01:1400::/64, metric 2
Ethernet0/1/FE80::A8BB:CCFF:FE00:7430, expires in 155 secs
R2#
The RIP routing protocol uses an internal database to store routes received
from RIP neighbors.
This database is also used to generate outbound RIP updates.
The RIP database is almost identical to the list of RIP routes in the main IP
routing table, with the exception of the RIP summary routes which appear
only in the RIP database and not in the main IP routing table. 83
Investigating the RIPng Database
R2# show ipv6 rip database
RIP process "CCNP_RIP", local RIB
2001:DB8:A01:100::/64, metric 2, installed
Ethernet0/1/FE80::A8BB:CCFF:FE00:7430, expires in 155 secs
<output omitted>
The RIP process (there can be mulitple RIPng processes on a single router).
The route prefix.
The route metric, destination network is 2 hops away, counting itself as a hop.
Installed and expired:
"installed" means the route is in the routing table as a RIPng route. Entries may not be
installed such a prefix that is directly connected.
If a network becomes unavailable, the route will become "expired" after the dead timer
expires (180 seconds).
Exit interface and next-hop link-local address
Expires in, in which if the countdown timer reaches 0, the route is removed from the routing table
and marked expired. This timer, the dead timer, is by default three times the hello timer—180
seconds. 84
Investigating the RIPng Database
R2# show ipv6 rip next-hops
RIP process "CCNP_RIP", Next Hops
FE80::A8BB:CCFF:FE00:7430/Ethernet0/1 [3 paths]
R2#
The show ipv6 rip next-hops lists RIPng processes and under each
process all next-hop addresses.
Includes a next-hop address and the associated exit interface where the
route was learned.
Displays information about the next hop addresses for the specified RIP
IPv6 process.
If no RIP process name is specified, the next-hop addresses for all RIP IPv6
processes are displayed.
85
Summary
RIP is a distance vector routing protocol
RIP comes in three flavors:
RIPv1 (IPv4 classful)
RIPv2 (IPv4 classless)
RIPng (IPv6)
RIPng configuration steps are:
Enable IPv6 routing
Start the RIPng routing process
Configure IPv6 address on the interfaces
Enable RIPng on the interfaces (creates RIPng process if doesn’t exist)
Default routes are announced through RIPng using the command
ipv6 rip name default-information originate | only
86
Thank You