2200 Advanced Routing Protocols(1)

8/3/2019 2200 Advanced Routing Protocols(1)

1/80

1 2000, Cisco Systems, Inc.

2200

1303_06_2000_c2


2/80


2200

1303_06_2000_c2

Advanced RoutingTechnologies

Advanced RoutingTechnologies

Session 2200

By Itsik Malka

Session 2200

By Itsik Malka


3/80


2200

1303_06_2000_c2

AgendaAgenda

Host Interaction

Default Route and Filtering

Distance

Redistribution

Policy Routing

Routing to the internet


4/80


2200

1303_06_2000_c2

Host InteractionHost Interaction


5/80


2200

1303_06_2000_c2

How Hosts TransmitHow Hosts Transmit

Using default-gw:

Compare DA tointerfaces and masks

If local, get L2 datavia arp and transmit

Else get L2 data ofdefault router via arp

and transmit

Using tables:

Search table for longestmatch use next hop

Local is a special case,next hop is DA

If no match use defaultroute for next hop

Get L2 data of next hopvia arp and transmit

Note: Simplified


6/80


2200

1303_06_2000_c2

ip irdp [multicastholdtime seconds (3X max)maxadvertinterval seconds (600)minadvertinterval seconds (3/4X max)preference number (0)address address [number]]

IRDP on RoutersIRDP on Routers

Announcements have a lifetime and preference

Configured per interface; off by default

Can advertise via all systems multicast

(224.0.0.1) Preference level can be set


7/80


2200

1303_06_2000_c2

IRDP on HostsIRDP on Hosts

in.rdisc in Solaris (multicast only)

gated in Linux, HP-UX and AIX

routerdiscovery client yes | no | on | off ;

WinSock2 in Windows

NT 4.0 KB Article Q223756HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adaptername\Parameters\Tcpip\

DHCP option 31


8/80


2200

1303_06_2000_c2

10.1.1.3

00:10:7B:04:88:BB10.1.1.3310.1.1.1

00:10:7B:04:88:AA

10.1.1.2

00:10:7B:04:88:CC

default-gw = 10.1.1.1

HSRPHot StandbyRouter Protocol

HSRPHot StandbyRouter Protocol

Transparent failover of default router

Phantom router created

One router is active, responds to phantomL2 and L3 addresses

Others monitor and take over phantom addresses


9/80


2200

1303_06_2000_c2

Router Group #1

Router Group #2

StandbyStandby

StandbyStandby

StandbyStandby

PrimaryPrimary

PrimaryPrimary

HSRPRFC 2281HSRPRFC 2281

HSR multicasts hellosevery 3 sec with adefault priority of 100

HSR will assume controlif it has the highestpriority and preemptconfigured after delay(default=0) seconds

HSR will deduct 10 fromits priority if the trackedinterface goes down


10/80


2200

1303_06_2000_c2

HSRPHSRP

Hot Standby Router ProtocolRouter1:

interface ethernet 0/0

bandwidth 128128

ip address 169.223.10.1 255.255.255.0standby 10 ip 169.223.10.254169.223.10.254

Router2:

interface ethernet 0/0

bandwidth 15001500

ip address 169.223.10.2 255.255.255.0standby 10 priority 150150 preempt delay 1010

standby 10 ip 169.223.10.254169.223.10.254

standby 10 track serial 0 6060

Internet or ISPbackbone

Server Systems

Router 1Router 1 Router 2Router 2


11/80


2200

1303_06_2000_c2

IP Broadcast ControlIP Broadcast Control

Subnet or directed broadcast->w.x.y.255

All net broadcast->255.255.255.255

IP directed broadcasts are dropped by default

ip helper-address forwards ip forward-protocol packets

ip directed-broadcast floods ip forward-protocolpackets

To be forwarded:

The packet must be a MAC-level broadcast.

The packet must be an IP-level all or major network broadcast.

The packet must be a TFTP, DNS, Time, NetBIOS, ND, or BOOTPpacket, or a UDP protocol specified by the ip forward-protocoludp global configuration command.

The time-to-live (TTL) value of the packet must be at least two.


12/80


2200

1303_06_2000_c2

IP Helper AddressIP Helper Address

Specified on the input interface

Indicates direction towardbroadcast destination

Forwards ip forward-protocolbroadcast packets, specifically:

TFTP, DNS, bootp, DHCP, TACACS,time, NetBIOS name and datagramservers

e0

Router A:interface ethernet 0ip helper-address 10.2.1.3 TFTP server

10.2.1.3

AA


13/80


2200

1303_06_2000_c2

IP Forward ProtocolIP Forward Protocol

Flooded UDP packets have destination addresschanged to ip broadcast-address

ip forward-protocol spanning-tree

uses spanning tree database for flooding

ip forward-protocol turbo-flood

speed-up if using spanning tree flooding

Example:

ip forward-protocol spanning-tree

bridge 1 protocol dec

access-list 201 deny 0x0000 0xFFFF

interface ethernet 0

bridge-group 1

bridge-group 1 input-type-list 201


14/80


2200

1303_06_2000_c2

UDP Broadcast ApplicationUDP Broadcast Application

TIC Servers 164.53.7.0

.61 .62

164.53.8.0 164.53.9.0 164.53.10.0

Trader Networks

AA BB

FeedNetwork 200.200.200.0 Feed network

provides data

TIC servers UDPbroadcast data

Feed networkconnected to

routers formanagement

e0 e0


15/80


2200

1303_06_2000_c2

Helper AddressesHelper Addresses

IP helper added torouter interfaceson TIC network

Each router seesthe other routersbroadcasts

Each stationreceives multiplecopies of data


.61 .62

164.53.8.0 164.53.9.0 164.53.10.0

Trader Networks

AA BB

FeedNetwork 200.200.200.0


16/80


2200

1303_06_2000_c2

UDP Forward ProtocolUDP Forward Protocol

Configure spanningtree

Filter non-routedprotocols

STP path costs set

A = 100 default

B = 50

Router A defaultrouter

IRDP preference


.61 .62

164.53.8.0 164.53.9.0 164.53.10.0

Trader Networks

AA BB

FeedNetwork 200.200.200.0


17/80


2200

1303_06_2000_c2

Router A ConfigurationRouter A Configuration

ip forward-protocol spanning-treeip forward-protocol udp 111

!

interface ethernet 0ip address 200.200.200.61 255.255.255.0

ip broadcast-address 200.200.200.255

!interface ethernet 1ip address 164.53.7.61 255.255.255.192


ip irdp preference 100

bridge-group 1


!bridge 1 protocol dec

bridge 1 priority 255

access-list 201 deny 0xFFFF 0x0000


18/80


2200

1303_06_2000_c2

Router B ConfigurationRouter B Configuration

ip forward-protocol spanning-treeip forward-protocol udp 111

!


ip address 200.200.200.62 255.255.255.0


!


ip address 164.53.7.62 255.255.255.192


ip irdp preference 90

bridge-group 1

bridge-group 1 path-cost 50


!

bridge 1 protocol dec

bridge 1 priority 255

access-list 201 deny 0xFFFF 0x0000


19/80


2200

1303_06_2000_c2

Default RoutesDefault Routes


20/80


2200

1303_06_2000_c2

CITY

WORLD

Default RoutesDefault Routes

Route used if no match is found inforwarding table

Can be carried by routing protocols

Two models

Special network number: 0.0.0.0

Flagged in routing protocol

Protocols support multiple models


21/80


2200

1303_06_2000_c2

Creating a Default RouteCreating a Default Route

default-gateway is for host mode

RIP, RIPv2: network 0.0.0.0

IGRP, EIGRP: ip default-network

OSPF, ISIS, BGP:default originate


22/80


2200

1303_06_2000_c2

ip route 0.0.0.0 0.0.0.0 s1router isis

network 19.0.0.0

default-information originate

ISIS19.0.0.0

ISIS19.0.0.0S1

19.1.1.119.1.1.2

ServiceProviderRunningBGP

L1L2L1

ISIS ExampleISIS Example

L1 default is nearest L1L2 router Both L1 and L2 ISs cangenerate a default route

A L1 IS will always prefer a L1 default route beforeusingthe closest L2 capable IS


23/80


2200

1303_06_2000_c2

BGP ExampleBGP Example

Allows redistribution of 0.0.0.0 Same as adding network 0.0.0.0

IGP19.0.0.0

eBGPiBGP

19.1.1.119.1.1.2

router bgp 164default-information originate

Service

ProviderRunningBGP


24/80


2200

1303_06_2000_c2

Conditional DefaultConditional Default

Inserts a default route if the condition inthe route map is met

In this case, if network (prefix) 10.1.1.0/24is present, advertise a default

ip prefix-list condcond permit 10.1.1.0/24

!

route-map def-conddef-cond permit 10

match ip address prefix-list condcond

!

router ripdefault-information originate route-map def-conddef-cond


25/80


2200

1303_06_2000_c2

Filtering Route DataFiltering Route Data


26/80


2200

1303_06_2000_c2

router xxxpassive interface serial 0

neighbor w.x.y.zneighbor w.x.y.z

s0

Passive InterfacePassive Interface

Prevents routing updates from being transmittedout an interface

Dont waste resources generating updates oninterfaces that have no need for them (loopback)

Can also usepassive-interface default


27/80


2200

1303_06_2000_c2

AdvertiseB and X

AdvertiseB and Y

NetworkX

NetworkA

NetworkA

NetworkB

NetworkY

Route FilteringRoute Filtering

Selectively announce routes, per neighbor

Hide part of the topology/connectivity

Selectively accept routes, per neighbor

Refuse erroneous make-believe announcements

Protect against redistribution loops

Route filter with distribute-list command Can filter anywhere in distance-vector protocols:

RIP, IGRP, EIGRP, RIPv2 and BGP

Can filter at redistribution points betweenany protocols:

RIP, EIGRP, OSPF, IGRP, IS-IS, BGP, Static, etc.

Use route-maps at redistribution pointsBased on extended access-lists for route prefixes

Based on tags of route origin or history

Based on AS filters in BGP


28/80


2200

1303_06_2000_c2

s0

10.0.0.0

172.16.1.0 129.1.1.0

PartnerNetwork

distribute list 11 in serial 0

access-list 11 permit 129.1.0.0

access-list 11 deny 0.0.0.0 255.255.255.255

10.0.0.0

Filtering Incoming UpdatesFiltering Incoming Updates

Control input of routing data


29/80


2200

1303_06_2000_c2

router eigrp 111

network 128.1.0.0

distribute list 11 out serial 0

access-list 11 permit 128.1.0.0 0.0.0.0

ip default network 128.1.0.0

s0

Filtering Outgoing UpdatesFiltering Outgoing Updates

Useful to propagate default route


30/80


2200

1303_06_2000_c2

Precedence of FiltersPrecedence of Filters

Filter routing updates in or out bound

Interface specific or global

Evaluation order: interface, global

Example:access-list 1 deny 1.0.0.0 0.255.255.255


router rip

distribute-list 1 in ethernet 0distribute-list 2 in

List 2 is overridden on interface ethernet 0


31/80


2200

1303_06_2000_c2

RIPRIP

RIPv2RIPv2

IGRPIGRP

EIGRPEIGRP

OSPFOSPF

BGPBGP

UDP Port 520UDP Port 520

UDP Port 520UDP Port 520

IP Protocol Field 9IP Protocol Field 9



TCP Port 179TCP Port 179

255.255.255.255255.255.255.255

224.0.0.9 (Default)

255.255.255.255

224.0.0.9 (Default)

255.255.255.255

255.255.255.255255.255.255.255

224.0.0.10224.0.0.10

224.0.0.5 (AllOSPFRouters)224.0.0.6 (DRRouters)

224.0.0.5 (AllOSPFRouters)224.0.0.6 (DRRouters)

Neighbor AddressNeighbor Address

ACL OversightsACL Oversights

Access control lists can filter routing updates

ISISISIS 01:80:C2:00:00:1501:80:C2:00:00:15SAP 0xFEFE; Protocol 83SAP 0xFEFE; Protocol 83


32/80


2200

1303_06_2000_c2

SignatureSignature

Signs RouteUpdates

VerifiesSignature

Campus

Configure: Key and Hash Function

Route UpdatesRoute Updates

Secure RoutingRoute Authentication

Secure RoutingRoute Authentication

Certifies authenticity of neighborand integrity of route updates


33/80


2200

1303_06_2000_c2

Signature = Encrypted Hash of Routing Update

SignatureSignature

HashHash

Routing UpdateRouting Update

Routing UpdateRouting UpdateSignatureSignature

Router A

HashFunction

HashFunction

Signature GenerationSignature Generation


34/80


2200

1303_06_2000_c2

SignatureSignature

Decrypt UsingPreconfigured Key

Re-Hash theRouting Update

If Hashes AreEqual, Signature

Is Authentic

HashHash

Routing UpdateRouting Update

Routing UpdateRouting UpdateSignatureSignature

HashHash

Router B

Receiving Router SeparatesRouting Update and Signature

HashFunction

HashFunction

Signature VerificationSignature Verification


35/80


2200

1303_06_2000_c2

key chain kalkey 1

key-string 234

!

interface Serial2

ip rip authentication mode md5

ip rip authentication key-chain kal

!router rip

version 2

AA

Authentication in RIPv2Authentication in RIPv2

key chain ka2

key 1

key-string 234

!

interface Serial1/0

ip rip authentication mode md5

ip rip authentication key-chain ka2

!

router rip

version 2

BB


36/80


2200

1303_06_2000_c2

AuthenticationAuthentication

RIP uses text and MD5

also validate-update-source

(E)IGRP uses MD5 OSPF has text and MD5 per area and intf

ISIS has text per area and domain

MD5 authentication is on the way

BGP uses MD5 per neighbor


37/80


2200

1303_06_2000_c2

DistanceDistance


38/80


2200

1303_06_2000_c2

Route SourceRoute Source Default DistanceDefault Distance

Connected InterfaceConnected Interface

Static RouteStatic Route

Enhanced IGRP Summary RouteEnhanced IGRP Summary Route

External BGPExternal BGP

Internal Enhanced IGRPInternal Enhanced IGRP

IGRPIGRP

OSPFOSPF

IS-ISIS-IS

RIPRIP

EGPEGP

External Enhanced IGRPExternal Enhanced IGRP

Internal BGPInternal BGP

Unknown, Discard RouteUnknown, Discard Route

00

11

55

2020

9090

100100

110110

115115

120120

140140

170170

200200

255255

Default Administrative DistancesDefault Administrative Distances


39/80


2200

1303_06_2000_c2

Modifying Default DistanceModifying Default Distance

distance weight [address mask

[access-list-number]

address and mask specify the source

access list applies to content

ip route dest next-hop distance

Remember the floating static route?


40/80


2200

1303_06_2000_c2

128.88.1.0

router rip

network 192.31.7.0

network 128.88.0.0

distance 255distance 90 128.88.1.3 0.0.0.0

distance 120 192.31.7.0 0.0.0.255

.3

192.31.7.0

.1

.1.2

.2

Using DistanceUsing Distance


41/80

41

RedistributionRedistribution

Hops = Bandwidth = Compound =

AS-PATH ?

Hops = Bandwidth = Compound =

AS-PATH ?

2000, Cisco Systems, Inc.

2200

1303_06_2000_c2


42/80


2200

1303_06_2000_c2

Redistributing RoutesRedistributing Routes

Under a router xxx command, redistribute:

a source protocol:bgp | igrp | isis | ospf |static | connected | rip

a value for the destination protocol:metric

a route map for filtering: route-map

scope of redistribution: subnets

as well as some protocol specific parameters

RIP OSPF


43/80


2200

1303_06_2000_c2

Default MetricsDefault Metrics

The first, or seed, metric for a route isderived from being directly connectedto a router interface

Re-distributed routes are not physically connecteddefault-metric establishes the seedmetric for the route

Once a compatible metric is established, the metriccancan increment just like any other route

Set default metric bigger than the biggestnative metric


44/80


2200

1303_06_2000_c2

Configuring Default MetricsConfiguring Default Metrics

default-metric bandwidth delay

reliability loading mtu

Used for IGRP and EnhancedIGRP redistribution

default-metric number

Used for OSPF, RIP, ISIS,and BGP redistribution


45/80


2200

1303_06_2000_c2

Offset ListsOffset Lists

Increases incoming and outgoing metric(hops or delay)

Add 10 to the delay component of routesmatching access list 21 when outbound

router igrp

offset-list 21 out 10

access-list 21 ..

Add 5 to routes learned from interface Ethernet 0

router rip

offset-list in 5 ethernet 0


46/80


2200

1303_06_2000_c2

Filtering Redistribution withAccess Lists

Filtering Redistribution withAccess Lists

Filter routing updates in or out bound

Interface specific or global or redistribution

Evaluation order: interface, redistribution, global

Exampleaccess-list 1 deny 10.0.0.0 0.255.255.255


router rip

default-metric 1

redistribute igrp 20

distribute-list 1 out igrp 20

distribute-list 2 out


47/80


2200

1303_06_2000_c2

Route Maps for Filtering ExampleRoute Maps for Filtering Example

Redistribute RIP routes with a hop count equalto 1 into OSPF

These routes will be redistributed into OSPF asexternal LSAs with

a metric of 5,

metric type of Type1

a tag equal to 1.

router ospf 109

redistribute rip route-map rip-to-ospf

!

route-map rip-to-ospf permit

match metric 1

set metric 5

set metric-type type1

set tag 1


48/80


2200

1303_06_2000_c2

Feedback LoopsFeedback Loops

When crossing a redistribution boundary,information is lost

A physical or logical loop causes a route

to be advertised back to the redistributingrouter that first advertised it

How does the router know which routeto accept?

Answer: it cantcant know

Humans have to re-insert the lost information


49/80


2200

1303_06_2000_c2

AS 300

EIGRP

RIP

172.16.0.0

172.16

EIGRP

172.16

RIP

172.16

EIGRP

172.16

RIP

ASBRASBR

ASBRASBR

Implementation ConsiderationsImplementation Considerations

Routing feedbackSuboptimal path selection

Routing loops

Incompatible routing information

Inconsistent convergence time


50/80


2200

1303_06_2000_c2

172.16.2.0

IGRPProcess

RIPProcess

Filter172.16.1.0

Allow172.16.2.0

Filter172.16.2.0

Allow172.16.1.0

172.16.1.0

Filter to AvoidRedistribution Feedback

Filter to AvoidRedistribution Feedback

Impose split horizon when redistributing


51/80

51

Policy RoutingPolicy Routing

When Destinations Arent

Enough

When Destinations Arent

Enough


2200

1303_06_2000_c2


52/80


2200

1303_06_2000_c2

Customer A

Customer B

ISP A

ISP B

Policy RoutingPolicy Routing

Forwarding decision not based ondestination address

Selects defined path based on attributes of userpacket (source/destination IP address,application port, packet lengths, and so forth)

Set next hop or interface

Set default next hop or interface


53/80


2200

1303_06_2000_c2

How Policy Routing WorksHow Policy Routing Works

All packets received on an interface are consideredfor policy routing

Each packet is passed through a route map

Each entry in a route map has match and set clauses

Match clauses are conditions to be met

If all match clauses conditions are met by the packet, thenthat route map entry is used and no others are considered

An entry can be marked permit or deny

If deny, normal forwarding is used

If is permit, all set clauses are then applied andthe packet is forwarded


54/80


2200

1303_06_2000_c2

match lengthmin-length max-length

Policy Routing Match ClausesPolicy Routing Match Clauses

Match packets against the access lists to permitpolicy routing of them

If the Layer3 packet length is between min-lengthand max-length, inclusive, the packet matches

Useful for distinguishing interactive versus bulktraffic when access lists will not work

match ip address access-list-expressions


55/80


2200

1303_06_2000_c2

set ip next-hop ip-address1 []

Policy Routing Set ClausesPolicy Routing Set Clauses

Route packets to router at ip-address1

If there is no explicit route for thisdestination, then route to this hop

Both use the first IP address associatedwith an up/up interface

set ip default next-hop ip-address1 []


56/80


2200

1303_06_2000_c2

set interface interface1 []

set default interface interface1 []


Specifies the output interface for thematched packet

If there is no explicit route for this destination,then route to this interface

If interface1 is down interface2 and subsequentinterfaces are tried

Setting interface to Null0 creates a policy thatdrops the packet


57/80


2200

1303_06_2000_c2


Set the IP TOS or precedence header field

Can use numeric or symbolic value

set ip precedence value

valuevalue namename

0 routine0 routine

1 priority1 priority

2 immediate2 immediate

3 flash3 flash

4 flash-override4 flash-override

5 critical5 critical6 internet6 internet

7 network7 network

set ip tos value

valuevalue namename

0 normal0 normal

1 min-monetary-cost1 min-monetary-cost

2 max-reliability2 max-reliability

4 max-throughput4 max-throughput8 min-delay8 min-delay


58/80


2200

1303_06_2000_c2

Policy Routing ConfigurationPolicy Routing Configuration

The set commands are evaluated in thefollowing order:

set ip precedence

set ip next-hop

set interfaceset ip default next-hop

set default interface

A valid next hop implies the output interface

The first combination of next hop andinterface is used

Router sourced packets are policy routed via ip localroute-map foocommand


59/80


2200

1303_06_2000_c2

interface Ethernet0

ip address 192.168.93.10 255.255.255.0

ip policy route-map foofoo

interface Serial1

ip address 11.0.0.2 255.0.0.0

interface BRI0

ip address 10.0.0.2 255.0.0.0

route-map foofoo permit 12

set default interface Null0


match ip address 103

set ip next-hop 10.0.0.1




access-list 101 permit tcp 192.168.93.0 0.0.0.255 any eq telnet

access-list 101 permit icmp any any

access-list 103 permit tcp 192.168.93.0 0.0.0.255 any eq ftp

192.168.93.0

s1

bri0

telnetand ping

ftp

Policy Routing ExamplePolicy Routing Example


60/80


2200

1303_06_2000_c2

EnterpriseBackbone

Standard ISPStandard ISPPremium ISPPremium ISP

NPR NPR

E.g. ERP Application E.g. E-mail

NetFlow Policy Routing (NPR)NetFlow Policy Routing (NPR)

Powerful trafficengineering

ISP and/orapplicationselection

Distributedperformance andflow acceleration

IP precedence-based QoS


61/80


2200

1303_06_2000_c2

NetFlow Policy Based RoutingNetFlow Policy Based Routing

No flow acceleration if anymatch packet-sizeclause is used

Packet size is not part of a flow definition

If the router is policy routing packets to a next hop

and it is down, the router will try unsuccessfully touse ARP (which is down). This behavior willcontinue forever

To prevent this, configure the router to first verifythat the next hop(s) of the route map is a CDP

neighbor(s) before routing to that next hop

set ip next-hop verify-availability is notsupported in dCEF since it doesnt support CDP


62/80


2200

1303_06_2000_c2

NPR ExampleNPR Example

Configure CEF, NetFlow, andNetFlow with flow acceleration

Configure policy routing to verifythat next hop 50.0.0.8 of routemap test is a CDP neighbor before

the router tries to policy route to it If the first packet is policy routed

via route map 10, the packets ofthe same flow always take thesame route map (10), not routemap 20, because they all match or

pass access list 1 check Policy Routing can be flow-

accelerated by bypassing theaccess-list check

ip cef

ip flow-cache feature-accelerate

interface ethernet0/0/1

ip route-cache flow

ip policy route-map test

route-map test permit 10

match ip address 1

set ip precedence priority


set ip next-hop verify-availability

route-map test permit 20


set interface Ethernet0/0/3

set ip tos max-throughput


63/80


2200

1303_06_2000_c2

Routing to the InternetRouting to the Internet

To Infinity and Beyond!To Infinity and Beyond!


64/80


2200

1303_06_2000_c2

The Internet ChallengeThe Internet Challenge

On the Internet, nobody knows youre a dog.

I d EI d E


65/80


2200

1303_06_2000_c2

Ingress and EgressRoute Filtering


There are routes that should notbe routed on the Internet

RFC 1918

127.0.0.0/8

Multicast blocks

Martian Networks

BGP should have filters applied

so that these routes are notadvertised to or propagatedthrough the Internet

I d EI d E


66/80


2200

1303_06_2000_c2

access-list 180

deny ip host 0.0.0.0 any

deny ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255

deny ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255

deny ip 169.254.0.0 0.0.255.255 255.255.0.0 0.0.255.255deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255

deny ip 192.0.2.0.0 0.0.0.255 255.255.255.0 0.0.0.255

deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255

deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255

permit ip any any

Access List




67/80


2200

1303_06_2000_c2

Simplest scheme is touse defaults

Learn/advertise prefix forbetter control

Use eBGP multi-path toinstall multiple paths inIP table

maximum-path

Load share over thealternate paths

AS 201

ISP

DD FF

AA

Multiple Sessions to an ISPMultiple Sessions to an ISP


68/80


2200

1303_06_2000_c2

What Is Multihoming?What Is Multihoming?

Connecting to two or more ISPs to increase:

Reliability: one ISP fails, still OK

Performance: better paths to common

Internet destinations

Three common cases:

Default from all providers

Customer+default routes from all

Full routes from all AS 400

AS 200

Customer

AS 100

160.10.0.0/16

AS 300

EE

BB

CC

AA

DD


69/80


2200

1303_06_2000_c2

ISP 2

Sessions to Multiple ISPsSessions to Multiple ISPs

Difficult to achieve loadsharing

Point default towards one ISP Learn selected prefixes from

second ISP

Modify the number of prefixes

learned to achieve acceptableload sharing AS 201

ISP 1


70/80


2200

1303_06_2000_c2

Default from All ProvidersDefault from All Providers

Low memory/CPU/$$$ solution Provider sends BGP default => exit

path decided by IGP metrics toreach default

Customer sends all local AS routes toprovider => inbound pathdecided by Internet

You can try to

influence usingAS-path

AS 400

AS 200

AS 100160.10.0.0/16

AS 300

EE

BB

CC

AA

DD

0.0.0.0 0.0.0.0

C t d D f lt F AllC t d D f lt F All


71/80


2200

1303_06_2000_c2

Customer and Default From AllProviders

Customer and Default From AllProviders

Medium memory and CPU

Best pathusually shortest AS-path

Use local-preference to override based

on prefix, as-path, or community

IGP metric to defaultused for all otherdestinations

AS 400

ProviderAS 200

CustomerAS 100

160.10.0.0/16

ProviderAS 300

EE

BB

CC

AA

DD


72/80


2200

1303_06_2000_c2

Full Routes from All ProvidersFull Routes from All Providers

Higher memory/CPU/$$$ solution Reach all destinations by best

pathUsually shortest AS path

Can still manually tune using local-prefand as-path/community/prefix matches

AS 400

AS 200

AS 100

AS 300

EE

BB

CC

AA

DD

AS 500


73/80

73

ConclusionConclusion

Be Careful Out ThereBe Careful Out There


2200

1303_06_2000_c2


74/80


2200

1303_06_2000_c2

Summary Part 1Summary Part 1

Under normal operation, there should beexactly one interior routing protocol onany network segment

Use passive-interface as necessary toensure this

The number of redistribution boundariesshould be kept to a minimum

Run as few routing protocols as possible


75/80


2200

1303_06_2000_c2

Summary Part 2Summary Part 2

Choose routing protocol based on matchingrequirements with features

Addressing should be contiguous with

respect to topology Redistribute routes only as necessary and as

few as required

Use advanced features for special cases and

for fine tuning

Test and understand before you implement


76/80


77/80

Advanced

Routing Technologies

Advanced

Routing Technologies


2200

1303_06_2000_c2

By Itsik Malka

[email protected]

By Itsik Malka

[email protected]


78/80

Please Complete Your

Evaluation Form

Please Complete Your

Evaluation FormSession 2200Session 2200


2200

1303_06_2000_c2


79/80


2200

1303_06_2000_c2


80/80

Documents

2200 Advanced Routing Protocols(1)