Planning
Prepare, Plan, Design, Implement, Operate, Optimize (PPDIOO)
Cisco Security Architecture for Enterprise (SAFE)
Intelligent Information Network (IIN)
Services-Oriented Network Architecture (SONA)
IT Infrastructure Library (ITIL)
Fault, Configuration, Accounting, Performance, and Security (FCAPS)
Telecommunications Management Network (TMN)
Routing
For each route received, verify the next hop. If invalid, discard the route.
If multiple identical, valid routes are received by a routing protocol, choose the lowest metric.
Routes are identical only if they advertise the same prefix and mask.
When identical prefixes are learned from two or more separate sources, Administrative Distance is used to discriminate between the paths (lower is better).
Connected 0
Static 1
External BGP 20
Internal EIGRP 90 E
OSPF 110 O
RIP 120 R
External EIGRP 170 E
Routers look for the longest mask match to the destination IP to determine route.
EIGRP
Fast convergence, VLSM, partial updates, multi-protocol (IPX, IP, AppleTalk), runs over IP (protocol 88), supports layer 2 protocols, load balancing, multicasts instead of broadcasts (224.0.0.10), authentication, manual summarization.
Neighbor discovery and maintenance: periodic hello messages.
Reliable Transport Protocol (RTP) - Controls sending, tracking, and acknowledging EIGRP messages.
Diffusing Update Algorithm (DUAL) – Determines the best loop-free route.
Protocol-independent modules (PDM) – Modules are “plug-ins” for IP, IPX, and AppleTalk versions of EIGRP.
Three tables:
Neighborship: Built from hellos and used for reliable delivery.
Topology: Contains routing information for best paths and loop-free alternatives.
Routing: EIGRP places best routes from its topology table into the common routing table.
Packets:
Hello: Identifies neighbors and serves as a keepalive mechanism.
Update: Reliably sends route information.
Query: Reliably requests specific route information.
Reply: Reliably responds to a query.
ACK: Acknowledgment.
After 16 unacknowledged retransmissions, a neighbor is removed from the neighbor table.
Neighbors are directly attached to routers (same subnet) that have matching AS numbers & k-values. Timers don’t have to
agree.
A neighbor is considered lost if no hello is received within 3 hello periods (called the hold time).
1
Default is hello/hold 5/15 for multipoint circuits with > T1. 60/180 for < T1
Debug: debug ip eigrp packets; debug ip eigrp
To set Hello and Hold (dead) timers: int) hello-interval eigrp [AS#] [#] int) hold-time eigrp [AS#] [#]
!!! Do not have to match between neighbors.
!!! Hold timer tells neighbor how long to wait for a hello packet.
To show hello timers: sh ip eigrp interface detail k-Values can be changed by (Must match on both ends of a link for neighbors to form): router) metric weights 0 [k1] [k2] [k3] [k4] [k5]
Feasible Distance: Metric from this router, through the neighbor, to the destination network.
Advertised OR Reported Distance: Metric for a route, from the neighboring router’s perspective. Used to determine if a route is loop free.
Routers use the FD to determine the best route, based on the lowest metric, and use the AD when falling back to an alternative when the best route fails. In routing table, shows as (FD/AD).
By default, EIGRP uses cumulative delay and minimum bandwidth in its metric calculation.
Metric = 256 * ((10 7 / slowest-bandwidth) + cumulative-delay)
Setting delay in iOS is in tens of microseconds. sh int/sh ip eigrp topo shows delay in microseconds. int) delay [tens of microseconds] int) bandwidth [kbps]
Show commands: sh ip route sh ip route eigrp – only EIGRP routes sh ip protocols – AS, timers, identified networks, EIGRP neighbors. sh ip eigrp topo (IP) – topology table including successors and feasible successor. Add IP for details. sh ip eigrp topo all-links - Lists all routes including any that aren’t successor or feasible successors. sh ip eigrp neighbors – verify that the correct routers are neighbors. sh ip eigrp traffic – show the amount and types of EIGRP messages. sh ip eigrp interfaces (detail) – lists interfaces participating in EIGRP and any neighbors found out these ints and other stats. Omits passive interfaces. sh ip eigrp accounting – Shows RID and ASN. sh ip eigrp database (IP) - Confirm the absence/presence of route that might be redistributed from OSPF.
Successor path: The route with the lowest feasible distance; put into the routing table.
Feasibility condition: If a non-successor’s route’s AD<FD of the successor, the route is a feasible successor route (loop prevention).
Once the router has chosen a path to a network, it is passive for that route. If the path is lost and no feasible successor is identified, the router sends out queries to search for any loop-free alternatives. During this time, the route is active.
EIGRP Query messages are sent to every neighbor (besides failed) to see if they have a loop-free route; a route is loop-free if it has a route in the passive state. If the neighbor has a route, it sends a reply message with the route and no longer forwards the query on. If the neighbor is active, it floods the query out to its own neighbors and doesn’t immediately reply to the original router; it waits for replies to its own queries. Only when a router has received replies to all of its queries can it reply to the original router. When the original router has all the replies of its own, it will pick the best route.
Ensuring routers have feasible successors will avoid this process. Also, stub routers and summarization can make this process simpler and quicker.
Stuck in Active: Condition in which a route has been in an EIGRP active state for longer than the router’s Active timer (def:3).
When that happens it resets the neighbor relationship with the neighbor that did not reply. Common causes: High CPU or memory usage on neighbor; link between routers drops packets; unidirectional link. router) timers active-time [# of minutes]
2
Active Process Enhancement – Enables router to use SIA-Queries/Replies to prevent the unneeded loss of a neighbor during a
SIA situation; enabled automatically with newer versions of IOS.
Halfway through the Active timer, the router sends a SIA Query to each neighbor yet to reply. If the message is replied to, the neighbor stays active. If the original does not get a reply, the neighborship is killed.
A stub will limit queries; it’s a router that is connected to no more than 2 neighbors and should never be a transit router.
Commonly used in hub-and-spoke. When router is configed to be a stub, it informs its neighbors who will then no longer send query messages to the stub. The stub still receives all routes from its neighbors by default.
A stub will immediately send a negative reply message and not forward a query message on if the stub is configured for a summary route and its routing table does not have a specific route to the network being queried.
To make an EIGRP router a stub: router) eigrp stub (connected/static/sum/redis) (receive-only) !!! Tells what to send, or not.
A stub router with the receive-only option prevents the router from advertising any networks, including its own.
Connected/static/summary/redistributed options: Still advertises routes, including these selected extras.
To set router-id: router) eigrp router-id [IP]
!!! Not required; only important if injecting external routes into EIGRP to avoid confusion.
Passive interfaces prevent routing updates and hello packets from being sent out an int; not forming neighbors.
To not form neighborships on an interface by default, and then to allow individual interfaces: router) passive-interface default router) no passive-interface [INT]
!!! Will omit passive networks from sh ip eigrp int
To advertise a network: router) network [IP] [WILDCARD]
To not summarize networks by default: router) no auto-summary
To summarize addresses sent to a neighbor out an interface: int) ip summary-address eigrp [AS#] [IP] [HOSTMASK] (admin distance)
!!! Summary route will use a metric equal to the lowest metric subordinate route.
!!! Make sure IP/MASK is a network IP
!!! Will reset neighborships on that interface
!!! Auto-summary affects local routes advertised; neighboring routers will not summarize learned routes.
To set default gateway on neighbors: config) ip default-network [IP]
!!! Neighbor will display “Gateway of last resort is [NEXT HOP IP] to network [NET IP]”
Other method: ip route 0.0.0.0 0.0.0.0 [int] OR [IP] router) network 0.0.0.0
OR router) redistribute static
Issue with EIGRP over Frame Relay: 1 physical int can support multiple logical connections, each having a DLCI. DLCIs must be mapped to a neighbor IP add; either dynamically or statically. Dynamic uses Inverse ARP; routers form neighborships only with routers that they are connected to via a DLCI. Static mapping requires manual configs under each interface but enables routers without DLCI connections to become neighbors. int) frame-relay map ip [remote IP] [local DLCI] broadcast !!! Broadcast is req. to send hellos as unicasts.
!!! Above can be done under physical multipoint ints and subints.
!!! Neighbor loss is detected more quickly on p2p links because timers are lower, and sub int can go down.
To disable split horizon per frame relay sub int, to allow neighbors to share routes through a hub router’s single multipoint interface: subif) no ip split-horizon eigrp [AS#]
3
By default a router sends EIGRP messages out an interface using up to (default: 50%) of the bandwidth defined with the bandwidth command (if> bandwidth #). Default bandwidth for serial links: 1544 kbps. To change the percentage:
(sub)if) ip bandwidth-percent eigrp [AS#] [BANDWIDTH %]
!!! Routers assume T1 speeds on serial links. If not, manually set with int) bandwidth # command.
For multipoint interfaces, bandwidth control first divides the subinterface bandwidth by the number of configured PVCs, then determines the EIGRP percentage based on that number. (Bandwidth/# of PVCs) * percentage.
To configure a static EIGRP neighbor; do on both ends, use with Frame Relay WAN links. Neighbor must be in same subnet as one of the router’s own interfaces: router) neighbor [IP] [outgoing interface]
!!! This disables multicasts on the interface for any other neighbor on the interface, if a multipoint interface, you must statically define all the neighbors on both routers.
!!! You still need to enter the network command.
EIGRP automatically load balances across equal metric paths. To allow unequal load balancing over separate paths (must be feasible successors!) (up to 6): router) variance [Multiplier] !!! Multiplies FD. FS routes whose metric is <= are put in routing table.
Convergence can be even faster if there are multiple routes in the routing table and EIGRP load balances. To config: router) maximum-paths [#] !!! Default is 4
EIGRP authentication (make sure clocks are set!): key chain [NAME] keychain) key [#] !!! Key number AND string have to match between routers! keychain-key) key-string [STRING] keychain-key) accept-lifetime (BEGIN time/date) (END time/date) OR {INFINATE} (optional) keychain-key) send-lifetime (BEGIN time/date) (END time/date) OR {INFINATE} (optional) interface [SUBIF] [multipoint/P2P]
(sub)int) ip authentication mode eigrp [AS#] md5
(sub)int) ip authentication key-chain eigrp [AS#] [STRING] sh key chain; sh ip eigrp neighbors; debug eigrp packets
Gradeful Shutdown: feature that speeds network convergence – whenever EIGRP is shutdown the router sends a “goodbye” message (really a hello) informing its neighbors. Neighbors then immediately recalculate paths without waiting for the hold timer to expire.
Offset lists are a way to add to the metric of a route after it’s been calculated. You may do this to cause a router to choose a normally less desireable path or to load balance over paths. Adding to EIGRP adds to the delay: access-list [#] permit [network IP] router) offset-list [ACL name/#] [in/out] [offset #] [interface]
OSPF
Link-state; open-standard; classless; fast convergence; uses cost as a metric (bandwidth); calculated with Dijkstra’s SPF.
SPF algorithm runs within an area; interarea routes are passed between areas.
Creates database to reflect the structure of the network; learns more info on the network topology than other protocols; thus makes more informed decisions.
Routers exchange hellos; learning RID and cost. Neighbor info is kept in the adjacency database.
Runs over IP (protocol 89) using an OSPF header.
By using areas as a design to group routers and interfaces, topology databases can be shrunk, reducing processing time, memory consumption, and effort, to calculate the best routes. Contains LSA flooding; minimizes impact of topology changes; enforces hierarchical network design.
Domains must contain an area 0 backbone; designated as a transit area; other areas should be directly connected to it.
LSDB must be identical for each router in an area.
Topologically, routers inside one area only know about the subnets in another area. They do not know about the details of the topology in the other area. From a topology perspective, it appears as if the subnets from another area are connect directly to the ABR.
4
LSA: Class of OSPF data structures that hold topology info (RIDs and cost to each neighbor). Held in the LSDB and sent over the network in LSUs.
# of LSAs in LSDB = # of router interfaces connected to adjacent areas, including own; ABRs have multiple.
LSAs are numbered with a sequence number, and a timer is run to age out old LSAs (30 mins def). When an LSA is received, it’s compared to the LSDB.
LSA Types RNSSEE:
1: Router: LSA for a router to represent itself (RID) for each area it’s connected to; advertises intra-area routes. Includes all interface IPs that are in that area. Lists info about attached links; stub networks, IP of DR in a connected network, and IP of neighbor in non DR network. Internal routers create a single LSA, ABRs create multiple; one per area. Identified with an LSID.
2: Network: Used in multi-access DR networks, 1 per network, created by DR per subnet; lists the subnet & its connected interfaces. Used to conform to SPF’s rule of a link only connecting 2 nodes, and to reduce updates. Flooded only within the area.
3: Net Summary: Created by ABRs to represent interarea routes; subnets in one’s area’s type 1 and 2 LSAs when advertising into another area. Defines the subnets and cost, but no topology data. O IA
4: ASBR Summary: Like a type 3 generated by ABR, but advertises a host route used to reach an ASBR. O IA
5: AS External: Created by an ASBR for external routes injected into OSPF. (ASBR summary route) E1/E2
7: NSSA External: Created by ASBRs inside an NSSA, instead of a type 5.
1, 2, and 3 are for internal routes while 4, 5, and 7 are for external routes.
Configure a maximum number of LSAs to protect a router’s memory: router) max-lsa [#]
Addresses:
224.0.0.5 - Multicast - All OSPF routers. Updates from DR/BDR to other neighbors.
224.0.0.6 - Multicast - All DR routers. Updates from neighbor routers to the DR/BDR.
Hellos are used to discover neighbors and supply info to confirm two routers may become neighbors. Keepalives too. Begins neighbor process by multicasting its own RID.
Database Descriptions (DBD): Used to exchange brief versions of LSAs; summary of LSDB, usually on initial topology exchange.
Cliffnotes.
Link State Request (LSR): Lists the LSIDs of LSAs the sender of the LSR would like the receiver to supply.
Link State Update (LSU): A packet containing a fully detailed LSA; response to a LSR. Includes RID of router and RID and cost of its neighbors. LSU can contain multiple LSAs.
Link State Acknowledgment (LSAck): Confirms the receipt of an LSU.
OSPF refloods each LSA every 30 minutes based on each LSA’s age variable, LSAs are incremented each update.
Routers send out periodic multicast packets to introduce themselves to other routers on a link. They become neighbors when they see their own RID included in the neighbor field of a hello from another router (Must be on same subnet)
Hello criteria to match to form neighbors: Hello/dead timers, Area ID, authentication type/PW, Stub area flag.
Default hello/dead timers: 10/40 for LAN and point-to-point. 30/120 for NBMA interfaces.
After starting OSPF process with process ID, add networks. WC mask is mandatory. Or set per interface. router ospf [#] router) network [IP] [WC] area [#] int) ip ospf [#] area 0 !!! Takes precedence over network command.
To set router-id: router) router-id [IP] !!! Preferred int lo[#]) [IP] !!! Highest loopback- Not as preferred.
!!! Highest IP of any non-loopback - avoid this, they can change.
Clear ip ospf process !!! To restart OSPF and let new RID take effect.
Neighbor States:
Down: No hellos received from a neighbor for more than the dead interval. OSPF not started yet.
Attempt: Neighbor is defined with neighbor statement; after sending a Hello, before receiving one.
INIT: Router sends hello packets out all OSPF interfaces. Hello received; did not have local router’s RID or lists parameters that don’t match.
5
2WAY: Hello received; has router’s own RID and all parameters match; can become neighbors.
EXSTART: When routers become adjacent; currently negotiating the DBD seq. numbers and master/slave roles.
EXCHANGE: EXSTART is done, and DBDs are being exchanged listing the LSAs in ther LSDB by RID and seq. #.
Loading: All DBDs exchanged, routers are sending LSR/LSA/SLAcks to exchange full LSAs.
FULL: Neighbors fully adjacent; LSDBs are identical; routing table calculations can begin.
On multi-access links, DR elections occur. All routers on link become adjacent only to the DR and BRD.
DR & BDR: Ethernet and NBMA networks: Control area information within a shared network segment. Without, large flurry of updates between all routers in the area.
DROTHER: Router is neither DR nor BDR.
DROTHERs use 224.0.0.6; DRs use 224.0.0.5.
To set an OSPF priority on a broadcast interface to influence DR elections (0 opts out, highest wins): int) ip ospf priority [#]
If priorities are tied, elections fall back to highest Router-ID.
FULL Neighbors: Fully adjacent, OSPF topology fully exchanged. Exists BR <--> BDR and BR/BDR <--> all neighbors.
2WAY Neighbors: Normal, stable, working state for neighbors with which topology data was not exchanged directly.
In a DR network, routers in the 2WAY state have not exchanged info directly with each other, instead relying on the DR.
Network types:
DR: Broadcast, NBMA
No DR: point-to-point, point-to-multipoint, point-to-multipoint non-broadcast
Statically define neighbors: NBMA, point-to-multipoint non-broadcast
NBMA: Default for multipoint serial interfaces; uses DRs, requires manual neighbor configs.
Point-to-multipoint: No DRs; auto discovers neighbors.
P2MP nonbroadcast: Used on Layer 2 where dynamic neighbor discovery is not supported; manual neighbors.
Broadcast: Default mode for LANs; uses DRs and automatic neighbor discovery.
P2P: Discovers neighbors and doesn’t require a DR.
To change network type: int) ip ospf network point-to-[point OR multipoint (nonbroadcast)]
Show/debug commands
Debug ip ospf adjacencies: see neighbor initialization process.
Debug ip ospf packet: View all OSPF packets in real time. sh ip ospf: Ton of OSPF details. sh ip ospf neighbors (detail): See neighbor table and DR/BDR. sh ip route (ospf) sh ip route [IP] longer-prefixes: Shows all known routes in range. sh ip protocols: Verify parameters, timers, identified networks, neighbors and their sources. sh ip ospf: RID, timers, counters. sh ip ospf interface (brief): Shows interfaces on which OSPF runs and their assigned areas. Check bad WC masks here. sh ip ospf database (router, network, summary, external, asbr-summary, nssa-external, database-summary) sh ip ospf border-routers: Best paths to ASBR. sh ip ospf statistics: Statistics. intra-area: Internal - interarea: between areas.
Route preference: intra-area > interarea > E1 > E2
Cost of interarea routes: Since type 3 LSAs don’t have info about topology in other areas, cost can’t be exactly calculated.
Intra-area cost is calculated and then added to the cost given in the type 3 LSA.
If there are 2 or more ABRs connecting two areas, special rules:
1) When choosing a best route, an intra-area route is preferred by an ABR.
2) An ABR will ignore an interarea route learned in a non-backbone area.
Bandwidth cost: (reference bandwidth(Mb) / interface bandwidth(Kb)). Default ref BW is 100.
6
Change how OSPF calculates its metric to allow for higher speed links (Gigabit Ethernet = 1000): router) auto-cost reference-bandwidth [#]
Bandwidth can also be set on a per interface basis: int) bandwidth [speed]
Cost can be set on a per interface basis: int) ip ospf cost [value]
The network command matches network statements in order, with the most specific wildcard masks first.
To not form neighborships on an interface by default, and then to allow individual interfaces: router) passive-interface default router) no passive-interface [INT]
!!! Will omit passive networks from sh ip ospf int
!!! Can also be done on individual interfaces, without setting default.
Frame Relay: A shortage of IP addresses may lead to the decision to use fewer LAN subnets. Putting more than 2 routers into a single FR WAN subnet uses fewer IPs than using separate subnets.
The default OSPF network type on multipoint ints is non-broadcast. b/c OSPF uses multicasts for hellos, it won’t find neighbors on FR nets. Adding broadcast to the frame-relay map command will convert multicasts to unicasts.
Statically define a frame relay map (for non-broadcast networks—routers that aren’t directly connected):
(sub)int) frame-relay map ip [IP] [DLCI] (broadcast)
OR
(sub)int) frame-relay interface-dlci [#]
If the FR network type allows for DRs, a PVC must exist between the DR/BDRs and every other router in the subnet. Relevant issues can be solved by restricting DR roles or changing network type to not have DR elections.
Partial mesh issues: For any router without a direct PVC, statically configure an IP to DLCI map with the other router’s nexthop IP, and the DLCI that connects to a router that has PVCs with each of the two routers.
Some network types tell a router to not attempt auto discovery of neighbors. Also, in a partial mesh, routers not connected with a PVC cannot become neighbors. Static definitions are needed: router) neighbor [next-hop interface IP] (cost [#]) (priority [#]) !!! IP is not RID!
!!! Priority will set the neighbors priority in DR elections.
Point-to-multipoint: Will not elect a DR but will dynamically discover neighbors. Only requires config of interface to be pointto-multipoint and to statically define FR maps if there is a partial mesh.
Point-to-multipoint nonbroadcast: Nonbroadcast implies that the routers cannot broadcast to discover neighbors. Routers need neighbor commands. Partial mesh designs require static Frame Relay maps.
Change timers in OSPF (P2P and multipoint timers aren’t the same): int) ip ospf hello-interval [#]
!!! The dead timer automatically becomes 4x hello. int) ip ospf dead-interval [#] int) ip ospf dead-interval minimal hello-multiplier [#]
!!! Sets dead timer to 1 second, hello becomes 1 / # (fraction of a second).
When an MTU mismatch occurs between OSPF neighbors, one router will attempt to become neighbors with the other. The other router will be listed in the neighbor table, but they will not exchange topology information. Routers will flap between EXSTART, INIT, and DOWN. Fix with: int) ip mtu [#]
Configure OSPF MD5 authentication (key #s must match): interface [INT] int) ip ospf authentication message-digest int) ip ospf message-digest-key [#] md5 [PASS]
Configure OSPF plain text authentication: interface [INT] int) ip ospf authentication int) ip ospf authentication-key [PASS]
7
No authentication: int) ip ospf authentication null
Change default authentication locally on a router from default of none: router) area [#] authentication (message-digest)
!!! Without md - plain text. With md - use md5 key. Keys still set per interface. Auth can be overridden per int as well to prefer another type. Default is (null).
Type 3 (network summary from an ABR) can be filtered via prefix-lists: router) area [#] filter-list prefix [NAME] [in/out]
!!! When in is configured, IOS filters prefixes being created and flooded into the configured area.
!!! When out is configured, IOS filters prefixes coming out of the configured area.
Filtering with distribute lists allows routers to filter OSPF routes from getting into their respective routing tables, but has no impact on the flow of LSAs.
OSPF allows summarization at both ABRs and ASBRs but not on other OSPF routers. Helps with OSPF because it is processor intensive. Prevents topology changes from being passed outside an area. Reduces size of databases; saves memory.
To summarize routes in OSPF at ABRs: router) area [AREA] range [IP] [MASK] (cost)
!!! The configured area # refers to the area where the subnets exist; the summary will be advertised into all other areas connected to the ABR.
!!! If at least one subordinate subnet exists, the ABR advertises the summary route as a Type 3 LSA.
!!! The ABR assigns a metric to the summary route’s Type 3 LSA, by default, to match the best metric.
!!! The command can optionally explicitly set the cost of the summary.
!!! If no subordinate subnets exist, the ABR does not advertise the summary.
!!! Router automatically creates a static route for the summary, pointing to Null0.
An ASBR redistributes routes into OSPF from some other routing source; as Type 5 LSAs.
To summarize redistributed networks on an ASBR (Cannot explicitly set metric): router) summary-address [IP] [HOSTMASK]
!!! The ASBR assigns the summary route the same metric as the lowest metric route.
!!! Router automatically creates a static route for the summary, pointing to Null0.
Default routes summarize all networks down to 1 route announcement. Injected as Type 5 routes.
To introduce a default route to be flooded through the domain: router) default-information originate (always) (metric [#]) (metric type [1/2] (route-map [name])
!!! Creates Type 5 LSA for the default route (0.0.0.0/0) and floods it like any other Type 5 LSA (External).
!!! Only works if the ASBR itself has a default route in its routing table.
!!! ASBR either has a static default route or learns one from the ISP using BGP.
!!! A router withdraws its OSPF default route when its own route to 0.0.0.0 fails, allowing a failover.
!!! (always) will advertise the route, even if it doesn’t exist in the routing table.
Default routes can be advertised with: router) area 0 range 0.0.0.0 0.0.0.0
The OSPF stub router feature is a simple way to enable the function of flooding default routes inside an area, with those default routes driving IP packets back toward the ABRs attached to that area. ABRs create a default route, using a Type 3
LSA (0.0.0.0 0.0.0.0) and flood that into the stub area. They do not flood Type 5 LSAs or other Type 3s. The default route has a metric of 1 unless otherwise configured. Routers inside the stub area cannot redistribute external routes into the stubby area, because that would require a Type 5 LSA. All routers in the area must be configured to be stubby, if not, they will not form neighborships.
Areas with totally filter out Type 3 LSAs.
Stub: No external Type 5s. Does have Type 3 networks. No redistribution. Only internal routes and default route to ABR: router) area [#] stub
Total stub: No external Type 5s or Type 3 networks. No redistribution. Only internal routes and 0.0.0.0 route to ABR: router) area [#] stub no-summary !!! [no-summary] only needed on distributing router.
8
NSSA: No external Type 5s. Does have Type 3 networks. Allows external redistribution into stub area, and beyond. Stub router acts as ASBR and gets around the lack of Type 5 (external) LSAs by converting them to Type 7s to pass the external route back into OSPF (with redistribution). The following ABR converts the 7 back into a 5: area [#] nssa default-information-originate
Totally NSSA - No external Type 5s or Type 3 networks. Allows external redistribution into stub area:
Area [#] nssa no-summary
Set a stub's advertised external route metric: router) area [#] default-cost [COST]
When OSPF finds the best route for an intra-area route, it goes by the lowest cost link to the ASBR.
When OSPF finds the best route for an interarea route, it calculates the cost(s) to the ABR(s), and adds that to the cost from the ABR(s) to the ASBR (Type 4 LSA). Using the lowest cost path.
Useful show commands: sh ip ospf database | begin ASB !!! Lists Type 4 and 5 LSAs. Use for calculating ABR path. sh ip ospf database asbr-summary !!! Detailed info on Type 4 LSAs; paths to ASBRs through ABRs. sh ip ospf database summary 0.0.0.0 !!! Lists Type 3 (summary) LSAs with net 0.0.0.0 sh ip ospf database database-summary !!! Lists stats about the numbers and types of LSAs in database. sh ip ospf border-routers !!! Lists every ABR and ASBR, their area, the RID, and the best route.
OSPF virtual links allow two ABRs that connect to the same non-backbone area to form a neighborship through that nonbackbone area, even when separated by many other routers and subnets. ABRs send OSPF messages as unicasts to the IP of the other router. Do Not Age bit in LSAs is marked. Area transited cannot be stubby. Any authentication or timer settings must be done as part of the virtual-link command. Link is assigned a cost. Other end doesn’t have to be pingable. router) area [area # of transit link] virtual-link [router ID of router on other end of link]
!!! Performed on both routers on the edges of the transit link.
!!! sh ip ospf virtual-link [int]
Redistribution
Route filtering via distribution lists (OSPF or EIGRP): router) distribute-list ([ACCESS LIST #] OR (prefix [prefix list name])) [IN/OUT] (int)
The redistribute command takes routes from the routing table and passes those routes to a routing protocol for redistribution. This also includes connected routes of interfaces on which the routing protocol is enabled.
A router only redistributes routes learned by the source protocol. IE if you redistribute connected routes into the protocol, it will advertise them but not redistribute them.
Seed: When redis. routes, the metric set for routes injected into another routing protocol. Def: OSPF 20; EIGRP none.
Besides manually setting EIGRP or OSPF metrics in the redistribute command, a route-map can be used, or a default can be set: router) default-metric [Cost for OSPF] [(K1-5) for EIGRP]
Ensure that the AD of the redistributed external routes is higher than the AD of the protocol where they originated.
When doing multipoint two-way redistribution: Ensure that only internal routes are redistributed from each protocol (tags).
Also, adjust the metric of the redistributed routes. Consider using a default route to avoid this method.
EIGRP -> EIGRP and OSPF -> OSPF use the source metric.
Redistribute into EIGRP (Must manually set metric for routes to be passed!): router eigrp [#] router) redistribute [ospf/rip/static/eigrp] [#] metric [METRIC #s] (route-map [RM NAME]) (match) (tag)
EIGRP metric order: [bandwidth] [delay] [reliability] [load] [MTU]
EIGRP defaults to use AD 90 for internal routes and AD 170 for external routes.
To alter the EIGRP external metric (AD) to prefer external EIGRP (120) routes over learned OSPF (110) routes: router) distance eigrp 90 109 !!! internal=90 external=109 !!!Local to the router
To alter OSPF’s ADs: router) distance [AD] [IP] [WC MASK] (ACL)
9
router) distance ospf external [#] !!! External
Redistribute into OSPF: router ospf [#] router) redistribute [ospf/rip/static] [#] (subnets) (metric [#]) (metric-type [1/2]) (route-map [NAME])
OSPF auto summarizes and will only redistribute an entire classful subnet if the subnet command isn’t added. In addition, it will only add that classful subnet if there is an exact route to it in the routing table. AKA, redis won’t work without
(subnets)!
External OSPF routes: E1 increments its metric as it passes through the network. E2 (default) routes do not increment.
Type 5 LSAs are used for external routes. If coming from a NSSA area, Type 7 LSAs are used to circumvent the rules.
BGP’s metric (MED) is set to the IGP metric value when redistributed.
Create an IP prefix list: ip prefix-list [NAME] [permit/deny] [NETWORK/LENGTH] [le/ge] [PREFIX LENGTH]
!!! Network/length act as IP/host mask for the network. If no le/ge, must be exact. If ge, starts at net/length and goes higher to 32, cannot start before net’s length. If le, starts at # and goes to network’s mask. If ge and le, go between. ge must be > the IP’s mask. sh ip prefix list (detail): To see prefix lists, detail shows hit count.
Create a route-map: route-map [NAME] [PERMIT/DENY] (SEQUENCE #) route-map) match [ip/tag/interface] [address] [ACL/prefix-list/IP] (NAME) route-map) set [ip/interface/metric/tag/weight] [next-hop]
ACLs in route maps act differently; appear as [IP] [WC for IP] [Host Mask] [WC for Host Mask]. Can use host keyword.
When matching multiple conditions, keep on same match line. If there are multiple matches, all conditions must be met.
Apply a route map to an interface for policy based routing: int) ip policy route-map [NAME]
When redistributing into BGP, include “include-connected” to get the connected routes into BGP with IPv6.
BGP does not redistribute routes learned via iBGP into an IGP by default. To do so: “bgp redistribute-internal”
Policy Based Routing
PBR overrides the normal routing process (based on destination IP). PBR is based on the source IP or interface, or packet length.
SLA enables a router to simulate specific types of traffic and send it to an IP/receiver (responder). Kept in RTTMON MIB.
To create an SLA monitor: ip sla monitor [#]
type (echo) protocol ipIcmpEcho [IP]
frequency [#] ip sla monitor schedule 1 start-time now life forever track 1 rtr 1 reachability
To create an SLA responder: ip sla responder
To setup a failover for a dual ISP situation, create 2 SLAs, 2 tracking objects, and 2 static routes that include the tracking object. Set both ADs so 1 is higher. If the primary fails, the backup is put into the routing table.
Floating static route: Static route configured with an AD greater than a routing protocol on that same router, resulting in the static route floating into the routing table when the routing protocol’s learned route fails.
To apply SLA to a static route: ip route 0.0.0.0 0.0.0.0 [IP] (AD) track [#]
To create a PBR route-map: route-map [NAME] permit 10
match ip address (ACL)
set ip next-hop verify-availability [IP] (seq #) [track (#)] sh ip policy !!! Lists interfaces PBR is enabled and route-map used. sh ip sla configuration/statistics
10
Route map with the default keyword will cause IOS to attempt to route the packet as normal first, and if no nondefault route is matched, then use the route in the set command. Without default, IOS tries the PBR route first. route-map) set ip default next-hop (verify-availability) [IP]
If a PBR route-map matches packets with a deny clause they still just go through the normal logic, no filter.
PBR can mark the IP precedence bit and the ToS byte, but cannot mark DSCP. (set ip precedence/tos)
To apply a route map to an interface: int) ip policy route-map [NAME]
To apply the route map to a router: ip local policy route-map [NAME]
BGP
3 ways to receive BGP routes from an ISP:
Default routes from each provider: Internal IGP metrics determine the exit router for all outbound traffic.
Def routes + more specific routes: Enables you to manipulate the exit path for specific routes using BGP so that traffic takes a shorter path to networks in each ISP.
All routes from all providers: Requires high bandwidth and router resources. Path selection for all external routes can be controlled via BGP and policy routing tools.
Single-homed: Single ISP connection
Dual-homed: Multiple connections to same ISP
Multihoming: Connecting to more than one ISP at the same time; typically uses BGP.
Dual-multihomed: Two connections to multiple ISPs.
Routers running BGP are termed BGP speakers. Neighbors are peers; must be statically assigned.
Runs on top of TCP (Port 179) - used for reliability.
Path-vector: Fancy distance vector based on hop count between autonomous systems.
ASN #s 1-64550 – Assigned to you by IANA. BGP Version 4 is the only EGP.
Routers can o0nly run one instance of BGP at a time.
AD for eBGP routes is 20; iBGP is 200.
Routing between ASs is called interdomain routing.
Updates are incremental and triggered; only sends what has changed. Slow to converge. Periodic keepalives.
When an update about a network leaves an AS, that AS’s number is prepended to the list of ASs that have handled that update. When an AS receives an update, it examines the AS list. If it finds its own ASN in that list, the update is discarded.
Loop prevention.
Routing Information Base (RIB) A list of networks known by BGP along with their paths and attributes “sh ip bgp”
Uses many attributes; each route has its own set. BGP goes through from top to bottom to find attribute that isn’t a tie.
Default route: 0.0.0.0 route out one path, incoming traffic has two routes in; if one ISP fails, routes will converge towards the alternate ISP.
Partial updates - Useful in a situation where two ISPs serve two areas differently. One route out can prefer an ISP who is better in one area, while the other route out prefers the other ISP. There are still backup routes out both ways as a failover.
Full updates - Router will receive entire BGP table from each connected ISP and decide best path for each network.
Packet types: 4
Open: Starts the session. Hello. After a neighbor is configured, BGP sends open to establish peering, includes ASN RID, and hold time.
Keepalive: Resets hold down timer. 60 seconds by default.
11
Update: Most common. Network reachability exchanges, up/down, path attributes.
Notification: Something bad has happened; error on conn, missed too many packets, wrong AS; close session.
Tables: Similar to IGPs; 3
Neighbor: The connected BGP friends that are manually configured.
BGP: A list of all BGP routes that have been received from ISPs (can be big).
Routing: A list of the best routes. iBGP: Internal - Between two routers w/i the same AS. eBGP External - Between two routers w/i different AS’s. Usually what is used when peering with ISP.
Neighbors don’t have to be directly connected.
Transit AS: AS that BGP routes go through.
Router can only be in one AS at a time “BGP is already running: AS is #”
Most commands start with “neighbor”
To add a neighbor: router) neighbor [IP] remote-as [AS #]
Can’t add same router twice if it has 2 separate connections/IPs leading back: Use loopbacks.
If there are redundant links to the ISP, use loopbacks with static routes to the neighbor loopbacks and physical IPs.
When doing either of the above, you must also change the source IP for the neighbors to form: router) neighbor [IP] update-source [Loopback#]
BGP assumes that external neighbors are directly connected and that they are peering with the IP of a directly connected interface of their neighbor. If not, you must tell BGP to look more than one hop away for its neighbor. This breaks the above.
To resolve, use multihop: router) neighbor [IP] eBGP-multihop [# of hops to neighbor]
The network command tells BGP what networks to advertise, regardless of interface. Hostmasks must be identical if advertising a subnet. Networks do not have to be connected; they just have to be in the routing table: router) network [IP] (mask) [hostmask]
To create a peer group to which you can then assign neighbors: router) neighbor peer (group name) peer-group
Auto summarization is on by default no auto-summary
Synchronization - Do not use or advertise a route learned via iBGP until the same route has been learned via the internal routing protocol. If other internal routers don’t know the route, the end network will be unreachable. Off by default in newer releases.
BGP Route summarization: router) aggregate-address [IP] [MASK] (summary-only)
!!! summary-only suppresses the advertisement of subset routes (shows “s” in show ip bgp)
In routing table, BGP routes show [AD/MED]
Next-Hop Processing: eBGP - Change next hop address on advertised routes. iBPG - Do not change next hop address on advertised routes. Meant for networks that share the same segment so routes don’t have an extra hop. iBGP routers must have a route to the network connecting their AS to the edge router. eBGP routes (iBGP neighbors) won’t have the correct next hop address without setting: router) network [IP] next-hop-self
Attributes are ways you can tag incoming/outgoing BGP routes that make its metric.
The BGP update message lists a set of PAs, plus any prefixes/lengths that use those PAs. It can also list withdrawn routes in the same update message as newly advertised routes. It can also list multiple prefixes in a single update message.
12
Well-known mandatory: Must be recognized by all BGP routers & present in all updates: AS Path, origin, next hop.
Well-known discretionary: Must be recognized by all BGP routers & passed on to other BGP routers, but need not be present in an update; local preference.
Optional transitive: Might not be recognized by a BGP router; travels from router to router (AS to AS). If not recognized, marked as partial; aggregator, community.
Optional nontransitive: Might not be recognized by BGP and is not passed on to other routers; MED, originator ID.
Attributes: Work top down. Tie usually broken in 1-4. Need to know 1-5!
N WLLA OMNI: Next hop > Weight > Local_Pref > Local source > AS-Path > Origin > MED > Neighbor Type > IPG Metric
Autonomous system path (AS-Path - Mandatory)
Next hop address (Mandatory)
Origin (Mandatory)
Local preference (Discretionary)
Atomic aggregate (Discretionary)
Aggregator (Optional)
Multi-Exit Discriminator (MED/Metric) (Optional)
0. Ignore routes with an inaccessible next hop address
1. Prefer the path with the highest Weight. Cisco proprietary. Local.
2. Prefer the path with the highest Local_Pref. Configured on router. Advertised to other routers in AS, local to AS. Higher is
better.
3. Prefer the path that was locally originated via a network command.
4. Prefer the path with the shortest AS_PATH. Hop count. Tie usually broken here. sh ip bgp to see. Prepend to lengthen.
5. Prefer the path with the lowest origin code. i>e>? (e doesn’t exist anymore)
6. Prefer the path with the lowest multi-exit discriminator (MED). The metric. Can influence other AS’s. Suggests preferred path.
7. Prefer eBGP to iBGP paths.
8. Prefer the path with the lowest IGP metric to the BGP next hop.
9. Determine if multiple paths require installation in the routing table for MGP Multipath
10. When both paths are external, prefer the path that was received first (the oldest one).
11. Prefer the route that comes from the BGP router with the lowest router ID.
12. If the originator or router ID is the same for multiple paths, prefer the path with the minimum cluster list length.
13. Prefer the path that comes from the lowest neighbor IP address. Tie is broken here no matter what. sh ip bgp summary shows neighbors, state with a number is established.
To disable a neighbor without removing configuration: router) neighbor [IP] shutdown
To see a list of peers and their status: sh ip bgp neighbors
Idle: No peering; router is looking for neighbor. “Idle (admin)” means neighbor has been shutdown.
Connected: TCP handshake completed.
OpenSent/Active: An open message was sent to try to establish the peering.
OpenConfirm: Router has received a reply to the open message.
Established: Routers have a BGP peering session – this is the desired state.
Troubleshoot session establishment with:
Debug ip bgp events
Debug ip bgp ipv4 unicast
13
!!! Common causes are: AS number misconfig; neighbor address misconfig; a neighbor with no neighbor statement for you; a neighbor with no route to the source of your router’s BGP messages. sh ip bgp to see networks, next hops, and other path attributes:
* = valid path
> = best (goes into routing table) s = suppressed - BGP knows net, but isn’t advertising b/c of summarization d = dampened – BGP stops advertising a net that flaps h = history – BGP knows about the network but doesn’t have a valid route to it r = RIB failure – route was advertised to BRP but not installed in the routing table. May be b/c another IGP has a better route. (sh ip bgp rib-failure) s = stale – Used with nonstop forwarding to indicate the route is stale and needs to be refreshed when the peer is reestablished.
An “i” in the third column would indicate the route was learned from an iBGP neighbor. Blank space is eBGP.
“i” is internal, usually entered with “network” command. “e” no longer exists. (these are at end of AS path)
“?” is incomplete, usually from redistributing a route into BGP.
Show commands: sh ip bgp rib-failure: Displays routes not put into routing table and why. sh ip bgp summary: Displays the memory used by BGP databases, activity stats, and neighbors sh ip bgp neighbors (IP): Displays neighbor details. sh ip bgp neighbors (IP) (received/routes/advertised): Lets you monitor routes received/advertised.
Set weight with a route-map inbound, or per neighbor: router) neighbor [IP] weight [#] !!! Reset BGP process.
Local preference - Set under router BGP. 100 is default. Tells iBGP peers which path to select for traffic leaving the AS. router) bgp default local-preference [#]
Can also use a route-map to set per network. router) neighbor [IP] route-map (NAME) [in/out]
Multi-Exit Discriminator (MED): Metric - Suggests to a neighboring AS which of multiple paths to select for traffic bound to your AS. Lower is better. Can set the MED with a route-map (set metric) or by default by: router) default-metric [#]
AS_PATH prepending: The routing policy of purposefully adding one or more ASNs to the beginning of a route’s AS_PATH path attribute, typically to lengthen the AS_PATH and make the route less desirable in the BGP decision process. Be considerate of loop avoidance!:
Create ACL and matching route-map route-map) set as-path prepend [ASN 1] (ASN 2) router) neighbor (IP) route-map (NAME) IN
To enable BGP to load balance over more than 1 path, max of 6: router) maximum-paths (#)
Control what routes are given out and their attributes with route maps and/or prefix lists: router) neighbor [IP] (prefix-list) (route-map) (distribute-list) (NAME) in/out
When attributes are changed, BGP must be cleared to reset/apply them. router) clear ip bgp * router) clear ip bgp * soft (in/out)
BGP authentication supports MD5, using a shared password. Most ISPs require this: router) neighbor [IP] password (password)
IPv6
IPv4 : 32 bit - IPv6: 128 bit
Larger address space, no more need for NAT, simpler header, no more broadcasts, stateless auto-configuration, built in support for Mobile IP and IPsec security, capability to have multiple addresses per interface etc.
Simpler header; bigger but less info; less processing and more secure.
Header extensions: proprietary data can be added to the end.
Unicast: one-to-one
14
Multicast: one-to-many
Anycast: one-to-closest - Replaces HSRP BRRP etc. Replaces load balancing.
Global Address space: Internet addresses. First 48 bits of address. Have their high-level 3 bits set to 001; 2000::/3. The primary addresses expected to comprise the IPv6 internet are from the 2001::/16 subnet. Next 13 bits identify the Top-Level
Aggregator (upstream ISP), next 24 bits identify the regional ISP. = total of 40. Enterprises are assigned /48s, have 16 bits of subnetting available. First 64 bits (global + subnet) are the network ID.
Last 64 bits represent individual hosts (interface ID).
Link-Local scope address: Layer 2 domain - Assigned automatically as an IPv6 host comes online. Always begin with “FE80” followed by 54 bits of 0s. Last 64 bits is the 48-bit MAC address in EUI-64 format. No subnet mask. Best practice is to manually assign. Optionally add link-local at end of command.
Unique/Site-Local Address: FD00/8 - Organization - Equivalent to private address…currently does not exist, used to.
EUI-64 - 64-bit interface ID in an IPv6 address, composed of the first half of a MAC address (with the seventh bit flipped), hex
FFFE, and the last half of the MAC.
Stateful auto-configuration: A method of obtaining an IPv6 address that uses DHCPv6.
Stateless auto-configuration: A method used by an IPv6 host to determine its own IP address, without DHCPv6, by using
Neighbor Discovery Protocol (NDP) and the modified EUI-64 address format of the link-local address. Router must have
IPv6 routing and a unicast IPv6 address. int) ipv6 address autoconfig
Loopback address - ::1/128
FF02::16 - All multicast group
FF02::1 - All local hosts/devices multicast - replacement for broadcast
FF02::2 - All routers multicast
FF02::1:FFxx:xxxx - Solicited node multicast - Multiple of these; one for Link Local and one for global address. Auto generated from last 24 bits (6 hex characters) of MAC or global address. Replaces ARP, this address is used to find MAC addresses on the link.
Neighbor Discovery (ND): The protocol used in IPv6 for many functions, including address auto-configuration, Duplicate
Address Detection, router, neighbor, and prefix discovery, neighbor address resolution, and parameter discovery. Similar to ARP, the host discovers the link local address of neighbors using an NS message.
DAD: Duplicate Address Detection: Checks if the link-local address is unique (see above). Host uses NS messages to send a message to its own address. No response means that the link-local address is unique.
NS: Neighbor Solicitation - Checks if anyone else on the link has the addresses it wants to use (sends as multicast)
NA: Neighbor Advertisement - Tells others on the link that a device owns an address.
Router Discovery: v6 routers periodically send Router Advertisements listing the network prefix. When a host comes online it immediately sends a Router Solicitation message, asking for prefix info, rather than waiting for the RA. This is sent to the
All-routers multicast address.
To assign an IPv6 address: ipv6 address 2001:11AA::2/64 (link-local) (eiu64)
To enable IPv6 routing: ipv6 unicast-routing
Create a static IPv6 route: ipv6 route [IPv6 network/length] [IPv6 add of next-hop] (metric)
Set IP before starting routing process or else it will not work!
To enable IPv6 routing on an interface: int) ipv6 [RIP/EIGRP/OSPF] [NAME/AS/PROCESS] (area) (#) (ENABLE for RIP)
To go into the routing process; process is started when applied to an interface:
15
(no) ipv6 router (rip [name]) (ospf [process]) (eigrp [AS])
EIGRP for IPv6: iOS is capable of running v4 and v6 EIGRP in tandem on the same router and the same interfaces. Multicast address is FF02::A. Messages are exchanged using the interface link-local address as the source address. Two routers with interfaces on different subnets can now form EIGRP adjacency. If no IPv4 add, set. Must enable with “router) no shut.”
Auto summarization is disabled by default.
Can now summarize routes at the interface level: router) ipv6 summary address eigrp [ASN] [IP/#]
OSPFv3 – If no IPv4 adds on router, must set to start process. Can run concurrently with OSPFv2 because each version maintains its own databases and runs a separate SPF calculation. Advertises using the multicast address FF02::5 and
FF02::6 but uses its link-local address as the source address of its advertisements. This means that OSPF can form adjacencies with neighbor routers that are not on the same subnet. Multiple instances of OSPFv3 can run on each link.
Authentication is no longer built in but relies on the underlying capabilities of IPv6.
Summarization is still configured under the OSPF routing process as well as stubs: router) area [#] range [IP/#]
Default costs and interface priorities can be overridden at the interfaces: int) ipv6 ospf cost [#] int) ipv6 ospf priority [#]
To set the router ID in OSPF and EIGRP for IPv6, in IPv4 format: router) router-id [2.2.2.2]
RIPng does not have auto summarization (because IPv6 doesn’t), has built in authentication, uses multicast FF02::9. Source address of RIPng updates is the link-local address of the outbound interface. Supports multiple concurrent processes.
Multiple instances exchange routing information with each other if they use the same multicast group and UDP port number. To keep the router information separate, you need to configure each instance to use a different port: router) port [#] multicast-group ff02::9 !!! Do this on all routers in the same RIP process.
To create a default route: ipv6 route ::/0 [Add of next hop] (and/or) [outgoing interface]
IPv6 router show commands: sh ipv6 protocols sh ipv6 route sh ipv6 interface (brief) sh ipv6 ospf int sh ipv6 ospf neighbors
To see table of MAC mapping (old ARP cache) sh ipv6 neighbors
Multiprotocol BGP (MP-BGP for IPv6) – Involves two new extensions to BGP4 that enable BGP to carry reachability info for other protocols such as IPv6, multicast IPv4, and MPLS. Enable next_hop to carry IPv6 addresses and NLRI (Network Layer
Reachability Information) to an IPv6 prefix.
To enable this on BGP: router) address-family ipv6 unicast
Router ID must be manually configured using router-id command in v4 format.
Neighbors are still configured under global BGP configuration but must be activated under the IPv6 family mode: router) neighbor [IPv6] activate
Migration/Transition
Dual-Stack Routers - Assign an IPv4 and IPv6 address to a single interface, running concurrently.
Native IPv6: Only when v6 is pervasive.
Tunneling: End points are different than center carrier. Goes over GRE tunnel. Tunnel serves as a virtual point-to-point link between IPv6 domains. Manual, GRE, 6to4, IPv4-Compatible IPv6 Tunnels, and ISATAP (Intra-Site Automatic Tunnel
Addressing Protocol).
Point-to-multipoint tunnels: When IPv6 is needed in a subset of sites and is low volume.
16
Point-to-point tunnels: When v6 is needed in a subset of sites and is high volume.
Manual tunnels define the source and destination IPv4 addresses because v4 is the transport protocol. Should use loopback interfaces for increased stability. IPv6 addresses go on the tunnel interfaces because IPv6 is the passenger protocol; the address of each end of the tunnel is in the same subnet. Include “tunnel mode IPv6IP”
GRE tunnels: Default tunnel mode for Cisco routers; provides more flexibility because it is protocol-agnostic. Same as configuring a manual tunnel, but you don’t specify a tunnel mode since GRE is the default. Allows routing protocols on the tunnel. Endpoints have ipv6 addresses, to identify the transport protocol as IPv6, “tunnel mode gre ipv6”
6to4 Tunnels: Dynamically creates tunnels that IPv6 considers point-to-multipoint. Use 2002::/16. Octets 2 & 3 embed the dest IPv4 address in hex. Don’t set a destination on the tunnel, set the tunnel mode “tunnel mode ipv6ip 6to4”.
ISATAP Tunnels: Also encodes v4 address. Meant to be used within a site, between hosts and routers. Source is IPv4 address.
No destination. Combines the network prefix, 0000:5EFE, and the last 2 octets as the destination IPv4 address converted into hex for the link local (FE80, and unicast 2001/rest +). Do not support multicast; a route is needed to the tunnel destination if it is in a different subnet.
NAT-PT: Protocol Translation – Does bidirectional translation between v4 and v6. When an IPv4 only host needs to communicate with an IPv6 only host. To enable, use the command “ipv6 nat” on each interface in which traffic needs to be translated. Must also config at least 1 NAT-PT prefix; used to determine what traffic to NAT. Either globally or at the interface level “ipv6 nat prefix [IP/#]”
Static NAT-PT: To configure: ipv6 nat v6v4 source [v6 add] [v4 add] ipv6 nat v4v6 source [v4 add] [v6 add]
Dynamic NAT-PT: Draws from a pool of addresses to temporarily assign to hosts. Need to create a pool, then config NAT-PT to use the pool; for 4 to 6: ipv6 nat v4v6 pool (name) (start ipv6) (end ipv6) prefix-length (prefix length) ipv6 nat v4v6 source list (ACL #/name) pool (name)
For 6 to 4; flip to v6v4, and use v4 addresses.
Point-to-Point links: Serial ints have no MAC, borrow them from an Ethernet interface; or manually configure (FE80…)
Point-to-Multipoint: Such as Frame Relay; must map the destination v6 Link Local and Global address to the correct DLCI
Frame relay map ipv6 [dest add] out dlci [DLCI#] broadcast
Multiaccess Links: Such as Ethernet; build a table mapping destination layer 2/3 addresses (for v4 ARP); for v6, built into neighbor discovery. NS to discover, NA contains MAC. To do statically “ipv6 neighbor [v6 add] [int type] [int#] [MAC]
Pelirrojoo 6/11
17