R K E E T WO R S

CCNA Routing & Switching

Arranged by: Eng. AHMED NABIL

AHMED NABIL

New Cisco Certifications model

AHMED NABIL

The Golden Redundancy Rule (One is none, Two yadobak One)

- Link redundancy (EC) - Router/Switch redundancy (FHRP)

AHMED NABIL

Switch Port Aggregation with Ether Channels

Switches can use Ethernet, FastEthernet & Gigabit Ethernet to scale link speeds. Cisco offers another method of scaling link BW by aggregating or bundling parallel links termed as the EtherChannel technology. Two to eight links of FE or GE are bundled as one logical link of FEC (FastEtherChannel) or GEC (GigaEtherChannel), that can provide a full duplex BW up to 1600Mbps or 16Gbps EtherChannels will provide the switching devices with the ability of: Logical aggregation of similar links Viewed as one logical port Switch-level load balancing (Load distribution) Link Level Redundancy

Bundle C/C's
All bundled ports must be 1- In the same VLAN (if they are access ports) 2- In the same Trunk mode (if they are trunk ports) 3- All ports must be configured with identical STP settings 4- Ports must have the same Duplex & Speed

Use the show interface capabilities command to check the switch for EtherChannel feature.

AHMED NABIL

Traffic Distribution
Actually EtherChannel make "Traffic Distribution" among the available links of the bundle, so load may not be equally balanced across EtherChannel links, as a result there must be an algorithm or criteria for selecting certain users to use certain link in the EtherChannel bundle This load balancing criteria on an EC is not done on a frame-by-frame or packet-by-packet basis, instead address in the frame or packet run through an algorithm, which results in a binary value, this value is then matched up with one of the connections in the EC, all traffic with this binary value is then transported across this connection in the EC

Avoidance of switching loops with EC

Ordinarily, having multiple or parallel links between switches create possibility of bridging loops, a special protection method is used with EC to avoid bridging loops "no inbound (received) broadcast, multicasts or any flooded traffic is sent back out over any of the remaining ports in the channel, outbound flooded frames are load balanced like any other traffic, so flooded traffic becomes part of the hashing calculation to choose an outbound channel link", also STP treat EC as one physical link, and if a link fail it does not recalculate STP & no TCN BPDU is sent.

EtherChannel Dynamic Negotiation protocols

To provide some dynamic link configuration, we can allow dynamic creation of EC between switches using either PAgP (Port Aggregation Protocol) or LACP (Link Aggregation Control Protocol)

The three major aspects to EtherChannel are as follows: - Frame distribution - Management of EtherChannel - Logical port An EtherChannel protocol has to satisfy all these aspects
5
AHMED NABIL

1)PAgP Port Aggregation Protocol

PAgP is a Cisco propeiatery protocol, where PAgP packets are exchanged between switches over EtherChannels capable ports PAgP learn the neighbor device id & port capabilities, ports that have same neighbor device id & port group capability of my local switch are bundled together as a bidirectional point-to-point EtherChannel Link The PAgP aids in the automatic creation of Fast EtherChannel links. PAgP packets are sent between Fast EtherChannelcapable ports to negotiate the forming of a channel. When PAgP identifies matched Ethernet links, it groups the links into an EtherChannel. The EtherChannel is then added to the spanning tree as a single bridge port. The last component of EtherChannel is the creation of the logical port. The logical port, or Agport, is composed of all the links that make up the EtherChannel. The actual functionality and behaviour of the Agport is not different than that of any other port. For instance, the spanning tree algorithm treats Agport as a single port. for example: if VLAN, speed, duplex of an established port in the bundle changes, PAgP changes that parameter for all the ports of the bundle

2)LACP Link Aggregation Control Protocol

It is a standard based alternative to PAgP defined in IEEE 802.3ad, also known as IEEE 802.3 clause 43"link aggregation" LACP also learn the neighbor id & port group capabilities & compare it with its local switch capability. A set of up to 16 link for EC, through LACP can be negotiated, only 8 of the links will be active & other 8 links are used as standby for active links.

Configuring EC
(config)#interface <_> (config-if)#channel-protocol {pagp/lacp} (config-if)#channel-group <group no.> mode {on/desirable/auto/off}
6
AHMED NABIL

Troubleshooting

The status of the port channel shows the EtherChannel logical interface as a whole. This should show SU (Layer 2 channel, in use) if the channel is operational. You also can examine the status of each port within the channel. Notice that most of the channel ports have flags (P), indicating that they are active in the port-channel. One port shows because it is physically not connected or down. If a port is connected but not bundled in the channel, it will have an independent, or (I), flag.

AHMED NABIL

FHRP
(First Hop Redundancy Protocols)

AHMED NABIL

Redundancy within the network (between devices)

Router redundancy in a multilayer switched network: - Redundancy is one method for creating highly available networks. - Cisco supports: 1- HSRP (Hot Standby Router Protocol) 2- VRRP (Virtual Router Redundancy Protocol) 3- GLBP (Gateway Load Balancing Protocol) to provide failover in case of a gateway failure. When the host tries to communicate with a device outside its network, it needs a gateway.

Router Redundancy Protocols (First Hop Redundancy Protocols) = FHRP Hosts will see multiple Gateways as a single Virtual Gateway

AHMED NABIL

 HSRP: (RFC 2281) (Cisco proprietary) - HSRP was developed to allow several routers to appear as a single gateway (Virtual router). - The routers that provide redundancy for a given gateway address are assigned to a common HSRP group no. (0-255). - If multiple routers exist, One router is elected as an active router, One router is elected as a standby router, The other routers are listeners. - The routers exchange HSRP hello messages at regular intervals so they can remain aware of each other existence. - Hello is sent on 224.0.0.2 all routers multicast address every 3 sec. with hold down time = 10 sec. using UDP port no. 1985. - HSRP router election: The active router is the router that have the highest: 1- HSRP priority (0-255) by default=100. 2- Highest IP address of interface facing the LAN segment. The standby router is the second highest priority or IP address. This will be the typical addresses learned by the hosts
R1- Active, forwarding traffic; R2, R3 - hot standby, idle HSRP ACTIVE IP: 10.0.0.254 MAC: 0000.0c12.3456 vIP: 10.0.0.10 vMAC: 0000.0c07acxx HSRP STANDBY IP: 10.0.0.253 MAC: 0000.0C78.9abc vIP: vMAC: HSRP LISTEN IP: 10.0.0.252 MAC: 0000.0cde.f123 vIP: vMAC: Gateway routers

R1

R2

R3

Clients

CL1

CL2

CL3

10

IP: MAC: GW: ARP:

10.0.0.1 aaaa.aaaa.aa01 10.0.0.10 0000.0c07.acxx

IP: MAC: GW: ARP:

10.0.0.2 aaaa.aaaa.aa02 10.0.0.10 0000.0c07.acxx

IP: MAC: GW: ARP:

10.0.0.3 aaaa.aaaa.aa03 10.0.0.10 0000.0c07.acxx

AHMED NABIL

HSRP tracking system (conceding the election): The active router has many links to outside. If all /or any link failed, the router remains active and still all hosts forward traffic to it. HSRP has a mechanism to detect link failures, this is called interface tracking. When an interface fail, HSRP reduce the router priority by a certain value (default=10). If the pre-emptive effect is enabled and the priority of the active router is less than the standby router, the standby router will be the active router.
G1

G1

In this example, router A and router B reside in one building. Each of these routers supports a Gigabit Ethernet link to the other building. Router A has the higher priority and is the active forwarding router for standby group 1. Router B is the standby router for that group. Routers A and B are exchanging hello messages through their E0 interfaces.
G1

G1

The Gigabit Ethernet link between the active forwarding router for the standby group and the other building experiences a failure. Without HSRP enabled, router A would detect the failed link and send an Internet Control Message Protocol (ICMP) redirect to router B. However, when HSRP is enabled, ICMP redirects are disabled. Therefore, neither router A nor the virtual router sends an ICMP redirect. In addition, although the G1 interface on router A is no longer functional, router A still communicates hello messages out interface E0, indicating that router A is still the active router. Packets sent to the virtual router for forwarding to headquarters cannot be routed. Interface tracking enables the priority of a standby group router to be automatically adjusted, based on availability of the interfaces of that router. When a tracked interface becomes unavailable, the HSRP priority of the router is decreased. When properly configured, the HSRP tracking feature ensures that a router with an unavailable key interface will relinquish the active router role. In this example, the E0 interface on router A tracks the G1 interface. If the link between the G1 interface and the other building fails, the router automatically decrements the priority on that interface and stops transmitting hello messages out interface E0. Router B assumes the active router role when no hello messages are detected for the specific 11holdtime period. AHMED NABIL

 HSRP configuration: Configuration can take place on any layer 3 port as router port, SVI (Switched Virtual Interface) MLS interface, Ether Channel port (config-if)# standby <group no.> ip <virtual IP> (config-if)# standby <group no.> priority <no.> (config-if)# standby <group no.> track <int. name> <decrement value>

Troubleshooting: #show standby [brief] #debug standby Configuring an HSRP Standby Interface

Configuring HSRP Standby Priority

12

AHMED NABIL

Troubleshooting
Switch#show standby brief P indicates configured to preempt. | Interface Grp Prio P State Active addr Standby addr Vl11 11 100 Active local 172.16.11.112

Group addr 172.16.11.115

Switch#debug standby *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar 1 1 1 1 1 1 1 1 1 1 1 1 00:22:30.443: 00:22:32.019: 00:22:33.331: 00:22:34.927: 00:22:36.231: 00:22:37.823: 00:22:39.163: 00:22:40.735: 00:22:42.119: 00:22:43.663: 00:22:45.067: 00:22:46.567: SB11: SB11: SB11: SB11: SB11: SB11: SB11: SB11: SB11: SB11: SB11: SB11: Vl11 Vl11 Vl11 Vl11 Vl11 Vl11 Vl11 Vl11 Vl11 Vl11 Vl11 Vl11 Hello Hello Hello Hello Hello Hello Hello Hello Hello Hello Hello Hello out in out in out in out in out in out in 172.16.11.111 172.16.11.112 172.16.11.111 172.16.11.112 172.16.11.111 172.16.11.112 172.16.11.111 172.16.11.112 172.16.11.111 172.16.11.112 172.16.11.111 172.16.11.112 Active Standby Active Standby Active Standby Active Standby Active Standby Active Standby pri pri pri pri pri pri pri pri pri pri pri pri 100 50 100 50 100 50 100 50 100 50 100 50 ip ip ip ip ip ip ip ip ip ip ip ip 172.16.11.115 172.16.11.115 172.16.11.115 172.16.11.115 172.16.11.115 172.16.11.115 172.16.11.115 172.16.11.115 172.16.11.115 172.16.11.115 172.16.11.115 172.16.11.115

13

AHMED NABIL

VRRP: (RFC 2338) IETF standard alternative to HSRP. VRRP group has one Master router & all other routers are in the backup state. The master router has the highest priority (1-255) default=100 If equal priorities, the highest IP address will break the tie. VRRP master only sends hellos on multicast address 224.0.0.18 every 1sec. By default on IP protocol 112.

VRRP configuration: (config-if)# vrrp <group no.> priority <value> (config-if)# vrrp <group no.> ip <virtual ip> - Troubleshooting : #show vrrp [brief ]

14

AHMED NABIL

GLBP (Gateway Load Balancing Protocol): : (Cisco proprietary) HSRP & VRRP provide gateway resiliency but HSRP & VRRP can accomplish load balancing by configuring multiple groups. GLBP is like HSRP & VRRP but with a more dynamic and robust behavior. Rather than having just one active router performing forwarding, all routers in the group can participate and offer load balancing by forwarding portion of the overall traffic. So, GLBP will fully utilize resources without extra administrative burden. GLBP group members multicast hellos every 3 seconds to IP address 224.0.0.102, UDP port 3222. GLBP Operation: The trick behind GLBP load balancing lies in electing an AVG (Active Virtual Gateway) router that has a management role by distributing the load among all routers (Gateways or also called AVFs (Active Virtual Forwarders)) The AVG router has the highest priority (1-255) if equal the highest IP address. AVG router answers all ARP requests for the virtual router & every time it will reply with a MAC of one of the routers (AVFs)

Troubleshooting #show glbp

A Comparison of Router Redundancy Protocols

15

0007.b4xx.xxyy

AHMED NABIL

Multilayer Switches in a GLBP Group

Figure shows a typical network where three multilayer switches are participating in a common GLBP group. Catalyst A is elected the AVG, so it coordinates the entire GLBP process. The AVG answers all ARP requests for the virtual router 192.168.1.1. It has identified itself, Catalyst B, and Catalyst C as AVFs for the group. In this figure, round robin load balancing is being used. Each of the client PCs look for the virtual router address in turn, from left to right. Each time the AVG replies, the next sequential virtual MAC address is sent back to a client. After the fourth PC sends a request, all three virtual MAC addresses (and AVF routers) have been used, so the AVG cycles back to the first virtual MAC address. Notice that only one GLBP group has been configured, and all clients know of only one gateway IP address 192.168.1.1. However, all uplinks are being utilized, and all routers are proportionately forwarding traffic. Redundancy is also inherent in the GLBP groupCatalyst A is the AVG, but the next-highest priority router can take over if the AVG fails. All routers have been given an AVF role for a unique virtual MAC address in the group. If one AVF fails, some clients remember the last known virtual MAC address that was handed out. Therefore, another of the routers also takes over the AVF role for the failed router, causing the virtual MAC address to remain alive at all times.
16
AHMED NABIL

STP Enhancements and Per-VLAN STP

VLAN Ranges and Mappings

VLAN Range 0, 4095 1 2-1001 Range Reserved Normal Normal Usage For system use only Cisco default For Ethernet VLANs Cisco defaults for FDDI and Token Ring For Ethernet VLANs only

1002-1005

Normal

1025-4094

Extended

17

AHMED NABIL

Types of STP
1) CST (Common Spanning Tree) Single STP instance run for all VLANs, all BPDUs will be transmitted over native VLAN using dot1q trunks, but any redundant links will not ever be used. Cisco provided that proprietary version of STP that offer more flexibility than CST, this allows the STP on each VLAN to be configured independently by run STP instance for each VLAN, this could allow using redundant links in a load sharing attitude, due to proprietary nature of PVST, ISL must be used for trunking

2)PVST (Per-VLAN Spanning Tree)

So no interoperability between CST & PVST (no BPDUs exchange will take place).

3)PVST+ (PVST plus) Cisco introduced that version of STP, but it allow CST and PVST to interoperate, to do this PVST+ act as a translator between CST & PVST PVST+ exchange BPDUs with PVST using ISL trunks, while it communicate with CST by sending BPDUs as untagged frames, BPDUs from other instances of STP (other VLANs) are propagated across CST network by tunnelling (PVST+ send these BPDU by using unique multicast address so that the CST switch will not interpret them and forward them to down stream neighbor, these tunnelled BPDUs reach other PVST+ switches where they are understood.

18

AHMED NABIL

Optimizing Spanning Tree Protocol

By default, STP is enabled for every port on the switch. If for some reason STP has been disabled, you can re-enable it. 1) Activating Spanning tree: If an entire instance of STP has been disabled, you can re-enable it with the following global configuration command: Switch(config)# spanning-tree vlan vlan-id If STP has been disabled for a specific VLAN on a specific port, you can reenable it with the following interface configuration command: Switch (config-if)# spanning-tree vlan vlan-id
2) Root Bridge Placement Although STP is wonderfully automatic with its default values and election processes, the resulting tree structure might perform quite differently than expected. To force certain switch to be the root or backup root: Switch(config)#spanning-tree vlan vlan-list root {primary/secondary} Switch(config)#spanning-tree vlan 5, 70-77 root primary This command forces this switch to be the root. Switch(config)#spanning-tree vlan 5, 70-77 root secondary This command configures this switch to be the secondary root. Or Switch(config)#spanning-tree vlan 1 priority priority This command statically configures the priority (in increments of 4096).

AHMED NABIL

20

AHMED NABIL

STP considerations & Enhancements

There are many configuration needed to optimize the operation of STP, also Cisco has introduced many enhancements, to speed up the convergence of STP

Enhancing STP convergence

Port Fast: Access Layer nodes On switch ports that connect only to single workstations or specific devices, bridging loops should never be possible Catalyst switches offer the PortFast feature that shortens the Listening and Learning states to a negligible amount of time. When a workstation link comes up, the switch immediately moves the PortFast port into the Forwarding state One other benefit of PortFast is that topology change notification (TCN) BPDUs are not sent when a switch port in PortFast mode goes up or down Activate portFast by that command On specific interface: (config-if)# spanning-tree portfast On all interfaces: (config)#spanning-tree portfast default 2)BPDU Guard By definition, if you enable PortFast, you are never expecting to find anything that can cause a bridging loopespecially another switch or device that produces BPDUs. Suppose that a switch is connected by mistake to a port where PortFast is enabled. Now, there is a potential for a bridging loop to form. An even greater consequence is that the potential now exists for a new device to advertise itself and become the new Root Bridge. The BPDU guard feature was developed to further protect the integrity of switch ports that have PortFast enabled. If any BPDU (whether superior to the current Root or not) is received on a port where BPDU guard is enabled, that port is immediately put into the errdisable state. The port is shut down in an error condition and must either be manually re-enabled or automatically recovered through the errdisable timeout function. Configuring BPDU Guard Switch(config)# spanning-tree portfast bpduguard default -On interface: (config-if)# spanning-tree bpduguard enable
21
AHMED NABIL

Rapid Spanning Tree Protocol (RSTP) IEEE802.1w

The IEEE 802.1w standard was developed to take 802.1Ds principle concepts and make the resulting convergence much faster. This is also known as the Rapid Spanning Tree Protocol (RSTP). RSTP defines how switches must interact with each other to keep the network topology loop free, in a very efficient manner. Like 802.1D, RSTPs basic functionality can be applied as a single or multiple instances. and also as the Cisco-proprietary, Rapid Per-VLAN Spanning Tree Protocol (RPVST+). RSTP operates consistently in each, but replicating RSTP as multiple instances requires different approach. RSTP calculates final topology using exactly the same criteria as 802.1d. There is now a difference between the role the protocol has determined for a port and its current state. RSTP Port Behavior Root PortThe one switch port on each switch that has the best root path cost to the Root. This is identical to 802.1D. (By definition, the Root Bridge has no Root Ports.) Designated PortThe switch port on a network segment that has the best root path cost to the Root. Alternate PortA port that has an alternate path to the Root, different than the path the Root Port takes. This path is less desirable than that of the Root Port. (An example of this is an access layer switch with two uplink ports; one becomes the Root Port, the other is an Alternate Port.) Backup PortA port that provides a redundant (but less desirable) connection to a segment where another switch port already connects. If that common segment is lost, the switch might or might not have a path back to the Root.

22

AHMED NABIL

RSTP port states

DiscardingIncoming frames are simply dropped; no MAC addresses are learned. (This state combines the 802.1D Disabled, Blocking, and Listening states, as all three did not effectively forward anything. The Listening state is not needed, because RSTP can quickly negotiate a state change without listening for BPDUs first.) LearningIncoming frames are dropped, but MAC addresses are learned. ForwardingIncoming frames are forwarded according to MAC addresses that have been (and are being) learned.
STP Port State Disabled Blocking Listening Learning Forwarding RSTP Port State Discarding Discarding Port Included in Active Topology? No No Port Learning MAC Addresses? No No

Discarding
Learning Forwarding

No
No Yes

No
Yes Yes

23

AHMED NABIL

Rapid Per-VLAN Spanning Tree Protocol In PVST+, one spanning tree instance is created and used for each active VLAN that is defined on the switch. Each STP instance behaves according to the traditional 802.1D STP rules. You can improve the efficiency of each STP instance by configuring a switch to begin using RSTP instead. This means that each VLAN will have its own independent instance of RSTP running on the switch. This mode is known as Rapid PVST+ (RPVST+). You need only one configuration step to change the STP mode and begin using RPVST+. You can use the following global configuration command to accomplish this: Switch(config)# spanning-tree mode rapid-pvst Be careful when you use this command on a production network because any STP process that currently is running must be restarted. This can cause functioning links to move through the traditional STP states, preventing data from flowing for a short time.
Important note: RSTP is compatible with STP (but will work slower to adapt to STP)

24

AHMED NABIL

Native VLAN concept: Dot1q also introduced the concept of native VLAN on a trunk, where frames belonging to this VLAN are not tagged with any VLAN id, using this feature 802.1q tagging device & non802.1q devices can co-exist on a 802.1q trunk. Native VLAN is by default VLAN 1, which is also called the management VLAN (management VLAN is the VLAN that carries frames from all protocols (CDP, VTP, DTP,.)), the native VLAN can be changed by configuration.

To identify native VLAN (config-if)#switchport trunk native vlan <vlan id> default is VLAN 1, this is used only with dot1q & trunking mode

AHMED NABIL

Securing and Managing network devices

26

AHMED NABIL

CDP Vulnerabilities

Disable CDP whenever possible (config)#no cdp run (config-if)#no cdp enable

Telnet Vulnerabilities The Telnet connection sends text unencrypted and potentially readable.

Use SSH (Secure Shell) whenever possible, it can encrypt data

SSH replaces the Telnet session with an encrypted connection.

(config)# hostname name (config)# ip domain-name name (config)# ip ssh [version 1 |version 2] (config)#crypto key generate rsa (config)#line vty 0 15 (config-line)#transport input ssh
AHMED NABIL

27

Describing vty ACLs

Set up standard IP ACL. Use line configuration mode to filter access with the access-class command. Set identical restrictions on every vty line.

Switch(config)#access-list access-list-number {permit | deny | remark} source [mask] Configures a standard IP access list

Switch(config)#line vty {vty# | vty-range} Enters configuration mode for a vty or vty range

Switch(config-line)#access-class access-list-number in|out Restricts incoming or outgoing vty connections to addresses in the ACL

28

AHMED NABIL

Syslog (System Message Logging): Syslog is a protocol that is used to permit network devices to send their system messages across the network to a syslog server, so events as interface up or down, routing protocol neighborship established or tear down, or any debug lines can be saved to that server. Also syslog messages can be sent to the logging buffer inside a router or a switch, and it can be displayed using # show logging or famously #show log And to order the device to buffer logs in internal memory of router or switch use (config)#logging buffer To tell router or switch the IP address of a syslog server, use (config)#logging ip of server One of the very famous syslog server softwares is called KIWI Syslog messages have 7 types called: Emergency, Alert, Critical, Error, Warning, Notification, Informational and Debugging

29

AHMED NABIL

SNMP (Simple Network Management Protocol): It is an application that provide a mean of sending management messages (called SNMP traps) from various network device needed to be monitored to a SNMP server, the device which is needed to be managed is called SNMP agent, and the managing device is called Manager, and the database collected is called MIB (Management Information Base) and the software installed on Manager is called NMS (Network Management Station Software), of the most famous NMSs are Cisco Works, Cisco Prime, HP open view, IBM Tivoli. Most commonly a network administrator gathers and stores statistics over time using NMS, this info may contain devices processing(#show process cpu), memory utilization(#show process memory), interface status changes, any protocol state, also SNMP can used to make remote configuration. SNMP versions: The three main versions are ver 1, ver2c and ver 3. Version 1 is extremely legacy, and often used today. SNMP ver2c main enhancements were improvements in the messaging system to make obtaining large amount of statistics more efficient, but both version 1 and 2c have no much to do with security, specially what is termed SNMP community string in other words authentication of agents, manager and administrator. These community strings are really just clear text.

30

AHMED NABIL

In SNMP there are two types of community strings (authentication): Read-only (RO): Proviodes access to MIB, but doesnot allow to change. Read-Write (RW): provides read and modify for all MIB objects and variables. \ SNMP v3 most visible enhancement is security, by providing Confidentiality (Encryption), Integrity, and secured Authentication. By configuration you can choose which of the CIA options you want to activate On a managed device to configure the community string: (config)#snmp-server community community-string {RO/RW} This string should be exact on the SNMP server

31

AHMED NABIL

Routing Advanced Features

32

AHMED NABIL

Floating Static (using Static as backup path): (config)# ip route <dst. net.> <mask> {o/p interface / ip address of next hop} [ Admin. Dist.] - Floating static configured by changing the admin. Dist. Of static route to be least preferred over a dynamic routing protocol, so the static route will be backup for the dynamic protocol, in an immediate convergence fashion

AHMED NABIL

33

OSPF in Multiple Areas

AHMED NABIL

Single VS. Multiple Areas OSPF

Problems with OSPF in single area: 1-Frequent calculation of SPF algorithm (in a large sized topology a single network instability will cause instability to the whole topology) 2-Large link-state table (due to large network size) 3-Large routing table (due to large network size)

So routers will need high CPU power & big memory size, The solution if you require to scale your network using OSPF, is to use hierarchical design.

Multiple Area OSPF

1-Reduced Rate of SPF calculations. 2-Smaller routing and topology table. 3-Reduced LSU overhead by confining network instability.

AHMED NABIL

35

Types of Routers
Internal Router: Router that has all its interfaces in the same area, it has full LSDB for its area (config)#router ospf <process id> (config-router)#network <link id> <wcm> area <area id>

ABR (Area Border Router):

Router that is responsible for connecting two or more areas, it must has at least one interface in the backbone area (area 0), it has full database for all areas to which it is connected and send summary database updates between these areas

(config)#router ospf <process id>

(config-router)#network <link id> <wcm> area 0

(config-router)#network <link id> <wcm> area <area id> ASBR (Autonomous System Boundary Router): Router that has at least one interface into an external internetwork (another AS) or other non-OSPF network Backbone Router:

Router that has at least one link in area 0, it could be an internal router, ABR or ASBR

AHMED NABIL

36

Types of LSAs Type 1 LSA:(router link LSA) Intra-area LSA "O in routing table" Every router generate router link advertisements and flood it to all routers for each area to which it belong.
Type 2 LSA: (Network Link LSA) Intra-area "O in routing table" generated by DR and flooded inside its area, its function is that DR advertise its existence to all its area.

Type3 LSA:(Network Link Summary LSA) inter-area "O-IA in routing table"

generated by ABR, ABR take type1 LSA and type2 LSA from area and summarize theses LSAs to type3 LSA and flood it to all AS, it describes network ips and their masks.

AHMED NABIL

37

Type4 LSA:(ASBR summary LSA)

inter-area "O-IA in routing table"

generated by ABR to advertise how to reach an ASBR inside an area to all AS, it describe path and cost to reach ASBR, so it contains RID of ASBR & cost.

Type5 LSA (AS External link LSA)

generated by ASBR and flood to all AS, it describe routes to destination networks in an external AS

"OE1, OE2" in routing table

-external type 2 (OE2): doesnt add internal cost to external cost (default) -external type 1(OE1): add internal cost to external cost
Type6 LSA (Multicast OSPF-Not supported by Cisco)
AHMED NABIL

38

Link-State Advertisement Types

(Future use)

Interpreting the Routing Table: Types of Routes

Interpreting the OSPF Database

Link count: Total number of directly attached links, used only on router LSAs..

AHMED NABIL

39

Advertise default route: (config-router)#default-information originate [always] [metric value ]

Note that the path through R1 is preferred to Internet until R1 path fail, then R2 will be the alternative

default-information originate is used to dynamically advertise a default route, only if a default route exist in the routing table, otherwise use always keyword which is used to advertise a default router even if no default route exist in the table. This command is valid for OSPF and RIP ver2, for Eigrp another command is used to give the same effect (Config)#router eigrp 222 (config-router)#ip default-network 0.0.0.0

AHMED NABIL

40

Enhanced Interior Gateway Routing Protocol (EIGRP)

AHMED NABIL

41

 EIGRP Neighborship:
Every router discover its neighbors (begin establishing adjacency) using hello protocol. EIGRP routers to be neighbors: 1- they must have the same AS no. 2- they must have the same K-values.

- The routers will form adjacency even if hello & dead intervals didnt match The debug output below will display that action
RouterA# debug eigrp packets Mismatched adjacency values 01:39:13: EIGRP: Received HELLO on Serial0/0 nbr 10.1.1.2 01:39:13:AS 200, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0 01:39:13: K-value mismatch

AHMED NABIL

42

EIGRP terminologies :

1- Neighbor table (list of all neighbors) #show ip eigrp neighbors 2- Topology table (list of all routes to all destination network, as a matter of fact, it is routing tables of all neighbors) #show ip eigrp topology [all-links] 3- Routing table (best routes to all destination networks) #show ip route [eigrp]

4- Successor S (the best route) 5- Feasible successor FS (the backup route) 6- Feasible distance FD (the metric from source to destination) 7- Advertised distance AD (the metric from my neighbor to destination)
AHMED NABIL

43

 Route selection:
By applying DUAL on the topology table to get the RTG table. DUAL: 1- Track all routes advertised by neighbors. 2- Select a loop free path using a successor S and FS. 3- If a S is lost, FS is used. 4- If no FS available, it queries neighbors and recalculate S. 5- It can hold up to 4 routes by default and 16 as max. for the same destination network in the RTG table. 6- It can differentiate between different types of paths : - internal path (Admin. Dist.=90 & symbol in RTG table is D. -external path (Admin. Dist. =170 & symbol in RTG table is DEX.

How to choose S? - S is the route that have the least metric. Metric = 256* [k1*BW + (k2*BW / 256-load) + k3*delay + (k5 / reliability+k4)] By default, k1=k3=1 , k2=k4=k5=0 7 BW=10 /BWi, BWi=Bandwidth of interface in units of Kbps Delay=delayi * 10, delayi=delay of interface in microseconds These values can be observed from the #show interface command How to choose FS? This is called the feasibility condition The route that satisfy that inequality FD (S) > AD ( FS) , is eligible to be the FS

AHMED NABIL

44

 Configuration: (config)# router eigrp <AS no.> ! Up to 32 process (AS) can be configured on the same router ! (config-router)# network <ip> [<w.c.m>] Note that wild card mask is now optional in new IOS for EIGRP, but with OSPF is a must.
Example 1

Example 2

AHMED NABIL

45

Auto and Manual summary: (config-router)# no auto-summary (config-if)# ip summary-address eigrp <AS> <ip> <mask>

172.16.2.0

RouterC#show ip route <output omitted> Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks D 172.16.0.0/16 is a summary, 00:00:04, Null0 D 172.16.1.0/24 [90/156160] via 10.1.1.2, 00:00:04, FastEthernet0/0 D 172.16.2.0/24 [90/20640000] via 10.2.2.2, 00:00:04, Serial0/0/1 C 192.168.4.0/24 is directly connected, Serial0/0/0 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C 10.2.2.0/24 is directly connected, Serial0/0/1 C 10.1.1.0/24 is directly connected, FastEthernet0/0 D 10.0.0.0/8 is a summary, 00:00:05, Null0

AHMED NABIL

46

Timers : Hello & dead timers (config-if)# ip hello-interval eigrp <AS> <sec> (config-if)# ip hold-time eigrp <AS> <sec> Stuck In Active timer (config-router)# timers active-time {<no. in sec> / disable}

EIGRP load sharing: (config-router)# maximum-paths maximum-path

Default 4, max 16 or more

Router E chooses router C as Successor to get to network Z because FD = 20 Router B could be a Feasible Successor because it satisfy Feasibility Condition Router D (is not Feasible)is not used to get to network Z (45 > 40). Note: Feasibility Condition (AD (FS)<FD (S))
AHMED NABIL

47

 Troubleshooting:
#show ip route
RouterA# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, D - EIGRP, EX - EIGRP external, O - OSPF, (text omitted) * - candidate default, Gateway of last resort is not set 172.16.0.0/24 is subnetted, 1 subnets D 172.16.1.0 [90/10639872] via 10.1.2.2, 06:04:01, Serial0/0 10.0.0.0/24 is subnetted, 4 subnets D 10.1.3.0 [90/10514432] via 10.1.2.2, 05:54:47, Serial0/0 D 10.3.1.0 [90/10639872] via 10.1.2.2, 06:19:41, Serial0/0 C 10.1.2.0 is directly connected, Serial0/0 C 10.1.1.0 is directly connected, Ethernet0/0

#show ip eigrp topology [all-links]

RouterA# show ip eigrp topology IP-EIGRP Topology Table for AS(100)/ID(10.1.2.1) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 10.1.3.0/24, 1 successors, FD is 10514432 via 10.1.2.2 (10514432/28160), Serial0/0 P 10.3.1.0/24, 1 successors, FD is 10639872 via 10.1.2.2 (10639872/384000), Serial0/0 P 10.1.2.0/24, 1 successors, FD is 10511872 via Connected, Serial0/0 P 10.1.1.0/24, 1 successors, FD is 2190 via Connected, Ethernet0/0 P 172.16.1.0/24, 1 successors, FD is 10639872 via 10.1.2.2 (10639872/384000), Serial0/0

AHMED NABIL

48

#show ip protocols
RouterA# show ip protocols Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 100 Automatic network summarization is not in effect Maximum path: 4 Routing for Networks: 10.1.0.0/16 10.0.0.0 Routing Information Sources: Gateway Distance Last Update 10.1.2.2 90 05:50:13 Distance: internal 90 external 170

#show ip eigrp neighbors

#show ip eigrp traffic #debug eigrp packet [query / reply / update] #debug ip eigrp
AHMED NABIL

49

Redistributing Multiple Routing Protocols

50

AHMED NABIL

Redistribution
It is the mechanism that allow to connect different domains, so as the different Routing protocol can exchange and advertise routing updates as if they are a single protocol The redistribution is performed on the router that lies at the boundary between different domains or runs multiple protocols

Redistributing VS. Redistributed protocol Redistributing protocol:

It is the native protocol that will transform another protocol to its form Redistributed Protocol:

It is the non-native protocol that will be transformed to another protocol form - note: in order for any routes to be redistributed it must exist in the routing table of the redistributing router

AHMED NABIL

51

Configuring Redistribution Redistribution supports all protocols RIP, IGRP, EIGRP, OSPF, IS-IS, ISO-IGRP, ODR, BGP, Static and Connected
RtrA (Config)# Router protocol RtrA(config-router)# redistribute ? bgp eigrp igrp isis ospf rip static Border Gateway Protocol (BGP) Enhanced Interior Gateway Routing Protocol (EIGRP) Interior Gateway Routing Protocol (IGRP) ISO IS-IS Open Shortest Path First (OSPF) Routing Information Protocol (RIP) Static routes

But consider the following:

1-Redistribution vary slightly among different protocols 2-Only protocols that support the same stack are redistributed

-IP RIP AND OSPF

-IPX RIP cannot with OSPF -IP EIGRP cannot with IPX EIGRP or Apple Talk EIGRP 3-Redistribution occur automatically between: -IGRP & EIGRP if both in same AS

-Static into RIP

-Connected into any protocol using network command

4-Redistribution of classless updates to a classfull protocol could cause problems

52

AHMED NABIL

IPv6 Routing

53

AHMED NABIL

IPv6 Routing Protocols

IP routing protocols supporting IPv6 : Integrated IS-IS for IPv6 BGP extensions for IPv6 RIP for IPv6 Static routes EIGRP for IPv6 OSPF for IPv6

Configuring IPv6: (config)#ipv6 unicast-routing (config)#ipv6 route <prefix> </prefix length> {interface / next hop ip} (config)#interface fa0/0 (config-if)#ipv6 address <address> </ prefix length > [eui-64] The eui-64 parameter forces the router to complete the address low-order 64bits by using an EUI-64 interface ID. Example:

AHMED NABIL

54

R2# show ipv6 interface brief FastEthernet0/0 [up/up] FE80::213:19FF:FE7B:5004 2000::4:213:19FF:FE7B:5004 FastEthernet0/1 [up/up] FE80::213:19FF:FE7B:5005 2000:0:0:2::2 Serial0/0/0 [administratively down/down] unassigned Serial0/0/1 [up/up] FE80::213:19FF:FE7B:5004 2000::1:213:19FF:FE7B:5004 Serial0/1/0 [administratively down/down] unassigned Serial0/1/1 [administratively down/down] Unassigned R2# show ipv6 route IPv6 Routing Table - Default - 7 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1 I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP EX - EIGRP external O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 C 2000:0:0:1::/64 [0/0] via Serial0/0/1, directly connected L 2000::1:213:19FF:FE7B:5004/128 [0/0] via Serial0/0/1, receive C 2000:0:0:2::/64 [0/0] via FastEthernet0/1, directly connected L 2000:0:0:2::2/128 [0/0] via FastEthernet0/1, receive C 2000:0:0:4::/64 [0/0] via FastEthernet0/0, directly connected L 2000::4:213:19FF:FE7B:5004/128 [0/0] via FastEthernet0/0, receive L FF00::/8 [0/0] via Null0, receive

AHMED NABIL

55

RIPng (RIP next Generation)

Theory and Comparisons to RIP-2 The RIPng RFC states that the protocol uses many of the same concepts and conventions as the original RIP-1 specification, also drawing on some RIP-2 concepts. However, knowing that many of you might not remember a lot of details about RIP-2, particularly because RIP-2 is included in the CCNA certification rather than CCNP, variety of facts about RIP-2 and RIPng.

The overall operation of RIPng closely matches RIP-2. In both, routers send periodic full updates with all routes, except for routes omitted due to Split Horizon rules. No neighbor relationships occur; the continuing periodic Updates, on a slightly-variable 30 second period, also serve the purpose of confirming that the neighboring router still works.

AHMED NABIL

56

EIGRP for IPv6

Cisco originally created EIGRP to advertise routes for IPv4, IPX, and AppleTalk. This original EIGRP architecture easily allowed for yet another Layer 3 protocol, IPv6, to be added. As a result, Cisco did not have to change EIGRP significantly to support IPv6, so many similarities exist between the IPv4 and IPv6 versions of EIGRP. Note: Many documents, including this chapter, refer to the IPv6 version of EIGRP as EIGRP for IPv6. However, some documents at www.cisco.com also refer to this protocol as EIGRPv6, not because it is the sixth version of the protocol, but because it implies a relationship with IPv6. As with the previous section RIP Next Generation (RIPng), this section begins with a discussion of the similarities and differences between the IPv4 and IPv6 versions of EIGRP. The remaining coverage of EIGRP focuses on the changes to EIGRP configuration and verification in support of IPv6.

EIGRP for IPv4 and IPv6Theory and Comparisons For the most part, EIGRP for IPv4 and for IPv6 have many similarities. The following list outlines some of the key differences: EIGRP for IPv6 advertises IPv6 prefixes/lengths, rather than IPv4 subnet/mask information. EIGRP for IPv6 uses the neighbors link local address as the next-hop IP address. EIGRP for IPv6 encapsulates its messages in IPv6 packets, rather than IPv4 packets. Like RIPng and OSPFv3, EIGRP for IPv6 authentication relies on IPv6s builtin authentication and privacy features (IPsec). EIGRP for IPv6 has no concept of classful networks, so EIGRP for IPv6 cannot perform any automatic summarization. EIGRP for IPv6 does not require neighbors to be in the same IPv6 subnet as a requirement to become neighbors. Other than these differences, most of the details of EIGRP for IPv6 works like EIGRP for IPv4.
AHMED NABIL

57

FF02::A

Configuring EIGRP for IPv6 EIGRP for IPv6 follows the same basic configuration style as for RIPng, plus a few additional steps, as follows: Step 1. Enable IPv6 routing with the ipv6 unicast-routing global command. Step 2. Enable EIGRP using the ipv6 router eigrp {1 65535} global configuration command. Step 3. Enable IPv6 on the interface, typically with one of these two methods: Configure an IPv6 unicast address on each interface, using the ipv6 address address/prefix-length [eui-64] interface command. Configure the ipv6 enable command, which enables IPv6 and causes the router to derive its link local address. Step 4. Enable EIGRP on the interface with the ipv6 eigrp asn interface subcommand (where the name matches the ipv6 router eigrp asn global configuration command). Step 5. Enable EIGRP for IPv6 with a no shutdown command while in EIGRP configuration mode. Step 6. If no EIGRP router ID has been automatically chosen, due to not having at least one working interface with an IPv4 address, configure an EIGRP router ID with the eigrp router-id rid command in EIGRP configuration mode.

AHMED NABIL

58

R1# show running-config ! output is edited to remove lines not pertinent to this example ! Configuration step 1: enabling IPv6 routing ipv6 unicast-routing ! Next, configuration steps 3 and 4, on 5 different interfaces interface FastEthernet0/0.1 ipv6 address 2012::1/64 ipv6 eigrp 9 ! interface FastEthernet0/0.2 ipv6 address 2017::1/64 ipv6 eigrp 9 ! interface FastEthernet0/1.18 ipv6 address 2018::1/64 ipv6 eigrp 9 ! interface Serial0/0/0.3 ipv6 address 2013::1/64 ipv6 eigrp 9 ! interface Serial0/0/0.4 ipv6 address 2014::1/64 ipv6 eigrp 9 ! interface Serial0/0/0.5 ipv6 address 2015::1/64 ipv6 eigrp 9 ! ! Configuration steps 2, 5, and 6 ipv6 router eigrp 9 no shutdown Router-id 10.10.34.3

AHMED NABIL

59

#sh ip route D 2005::/64 [90/2684416] via FE80::11FF:FE11:1111, Serial0/0/0.1 via FE80::22FF:FE22:2222, Serial0/0/0.2 D 2012::/64 [90/2172416] via FE80::22FF:FE22:2222, Serial0/0/0.2 via FE80::11FF:FE11:1111, Serial0/0/0.1 D 2014::/64 [90/2681856] via FE80::11FF:FE11:1111, Serial0/0/0.1 D 2015::/64 [90/2681856] via FE80::11FF:FE11:1111, Serial0/0/0.1 ! lines omitted for brevity... D 2099::/64 [90/2174976] via FE80::22FF:FE22:2222, Serial0/0/0.2 via FE80::11FF:FE11:1111, Serial0/0/0.1 ! show ipv6 protocols displays less info than its IPv4 cousin. R3# show ipv6 protocols IPv6 Routing Protocol is eigrp 9 EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Interfaces: FastEthernet0/0 Serial0/0/0.1 Serial0/0/0.2 Redistribution: None Maximum path: 16 Distance: internal 90 external 170 R3# show ipv6 eigrp neighbors IPv6-EIGRP neighbors for process 9 H Address Interface Hold Uptime SRTT RTO Q Seq 1 Link-local address: Se0/0/0.2 14 01:50:51 3 200 0 82 FE80::22FF:FE22:2222
AHMED NABIL

60

R3# show ipv6 eigrp topology IPv6-EIGRP Topology Table for AS(9)/ID(10.10.34.3) Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s - sia Status P 2005::/64, 2 successors, FD is 2684416 via FE80::11FF:FE11:1111 (2684416/2172416), Serial0/0/0.1 via FE80::22FF:FE22:2222 (2684416/2172416), Serial0/0/0.2 P 2012::/64, 2 successors, FD is 2172416 via FE80::11FF:FE11:1111 (2172416/28160), Serial0/0/0.1 via FE80::22FF:FE22:2222 (2172416/28160), Serial0/0/0.2 P 2013::/64, 1 successors, FD is 2169856 via Connected, Serial0/0/0.1 ! lines omitted for brevity P 2099::/64, 2 successors, FD is 2174976 via FE80::11FF:FE11:1111 (2174976/30720), Serial0/0/0.1 via FE80::22FF:FE22:2222 (2174976/30720), Serial0/0/0.2

AHMED NABIL

61

How OSPF for IPv6 Works Similar to IPv4 Same mechanisms, but a major rewrite of the internals of the protocol. Updated features for IPv6 OSPF for IPv6 currently an IETF proposed standard OSPF is a routing protocol for IP. It is a link-state protocol, as opposed to a distance vector protocol. Think of a link as being an interface on a networking device. A link-state protocol makes its routing decisions based on the states of the links that connect source and destination machines. The state of a link is a description of that interface and its relationship to its neighboring networking devices. The interface information includes the IPv6 prefix of the interface, the network mask, the type of network that it is connected to, the routers connected to that network, and so on. This information is propagated in various types of link-state advertisements (LSAs). A collection of LSA data on a router is stored in a link-state database (LSDB). The contents of the database, when subjected to Dijkstras algorithm, result in the creation of the OSPF routing table. The difference between the database and the routing table is that the database contains a complete collection of raw data; the routing table contains a list of shortest paths to known destinations via specific router interface ports. OSPFv3, which is described in RFC 2740, supports IPv6.

AHMED NABIL

62

OSPFv3Hierarchical Structure Topology of an area is invisible from outside of the area: LSA flooding is bounded by area. SPF calculation is performed separately for each area. Backbones must be contiguous. All areas must have a connection to the backbone: Otherwise a virtual link must be used to connect to the backbone. OSPFv3messages OSPFv3 uses the same basic packet types as OSPFv2: Hello Link state update (LSU) Link state acknowledgment (ACK) Neighbor discovery and adjacency formation mechanism are identical. LSA flooding and aging mechanisms are identical.

AHMED NABIL

63

OSPFv3 vs OSPF v2

AHMED NABIL

64

Enhanced Routing Protocol Support Differences from OSPFv2 1- OSPFv3 uses IPv6 link-local addresses to identify the OSPFv3 adjacency neighbors. 2- OSPFv2 does not define or allow for multiple instances per link, although similar functionality could be furnished by other mechanisms, such as subinterfaces. OSPFv3 has explicit support for instances through the instance field. This structure allows separate autonomous systems, each running OSPF, to use a common link. A single link could belong to multiple areas. Instance ID is a new field that is used to allow multiple OSPFv3 protocol instances per link. In order to have two instances talk to each other, they need to have the same instance ID. By default, it is 0, and for any additional instance it is increased. 3- Security and Authentication OSPFv3 uses IPv6 IPsec extension headers instead of variety of the mechanisms defined in OSPFv2. 4- Multicast addresses: FF02::5Represents all SPF routers on the link-local scope; equivalent to 224.0.0.5 in OSPFv2 FF02::6Represents all DR routers on the link-local scope; equivalent to 224.0.0.6 in OSPFv2 The two new LSAs in IPv6 are as follows: Link LSAs (type 8): Type 8 LSAs have link-local flooding scope and are never flooded beyond the link with which they are associated. Link LSAs provide the link-local address of the router to all other routers attached to the link, inform other routers attached to the link of a list of IPv6 prefixes to associate with the link, and allow the router to assert a collection of options bits to associate with the network LSA that will be originated for the link. Intra-area prefix LSAs (type 9): A router can originate multiple intra-area prefix LSAs for each router or transit network, each with a unique link-state ID. The link-state ID for each intra-area prefix LSA describes its association to either the router LSA or the network LSA. The link-state ID also contains prefixes for stub and transit networks. * Type 3 and type 9 LSAs carry all IPv6 prefix information, which, in IPv4, is included in router LSAs and network LSAs.

AHMED NABIL

65

OSPFv3 Configuration To configure OSPFv3, first enable IPv6, and then enable OSPFv3 and specify a router ID, using the following commands: Router(config)#ipv6 unicast-routing Router(config)#ipv6 router ospf process-id Enables an OSPF process on the router. The process ID parameter identifies a unique OSPFv3 process. This command is used on a global basis. Router(config-rtr)#router-id router-id For an IPv6-only router, a router ID parameter must be defined in the OSPFv3 configuration as an IPv4 address using the router-id router-id command. You can use any IPv4 address as the router ID value. Router(config-if)#ipv6 ospf process-id area area-id [instance instance-id] Enables OSPF for IPv6 on an interface.

AHMED NABIL

66

Example: (config)#ipv6 unicast-routing (config)# ipv6 router ospf 1 (config-rtr)# router-id 2.2.2.2 (config)# interface Ethernet0/0 (config-if)# ipv6 address 3FFE:FFFF:1::1/64 (config-if)# ipv6 ospf 1 area 0 (config-if)# ipv6 ospf priority 20 The priority number is used to in the designated router election.

The cost of the summarized routes will be the highest cost of the routes being summarized. For example, if the following routes are summarized: OI 2001:0DB8:0:0:7::/64 [110/20] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0 OI 2001:0DB8:0:0:8::/64 [110/100] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0 OI 2001:0DB8:0:0:9::/64 [110/20] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0 They become one summarized route: OI 2001:0DB8::/48 [110/100] via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0

AHMED NABIL

67

OSPFv3 Configuration Example

Router1# interface S1/1 ipv6 address 2001:410:FFFF:1::1/64 ipv6 ospf 100 area 0 interface S2/0 ipv6 address 3FFE:B00:FFFF:1::2/64 ipv6 ospf 100 area 1 ipv6 router ospf 100 router-id 10.1.1.3

Router2# interface S3/0 ipv6 address 3FFE:B00:FFFF:1::1/64 ipv6 ospf 100 area 1
ipv6 router ospf 100 router-id 10.1.1.4

Verifying OSPFv3
Router2#show ipv6 ospf int s 3/0 S3/0 is up, line protocol is up Link Local Address 3FFE:B00:FFFF:1::1, Interface ID 7 Area 1, Process ID 100, Instance ID 0, Router ID 10.1.1.4 Network Type POINT_TO_POINT, Cost: 1 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:02 Index 1/1/1, flood queue length 0 Next 0x0(0)/0x0(0)/0x0(0) Last flood scan length is 3, maximum is 3 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 10.1.1.3 68 Suppress hello for 0 neighbor(s) AHMED NABIL

#show ipv6 ospf database

Router Link States (Area 1) ADV Router Age 26.50.0.1 1812 26.50.0.2 1901 Seq# 0x80000048 0 0x80000006 0 Fragment ID Link count Bits 1 None 1 B

Net Link States (Area 1) ADV Router Age 26.50.0.1 57 Seq# 0x8000003B Link ID 3 Rtr count 4

Inter-Area Prefix Link States (Area 1) ADV Router Age 26.50.0.2 139 26.50.0.2 719 Seq# 0x80000003 0x80000001 Prefix 3FFE:FFFF:26::/64 3FFE:FFF:26::/64

Inter-Area Router Link States (Area 1) ADV Router Age 26.50.0.2 772 26.50.0.4 5 Seq# 0x80000001 1207959556 0x80000003 1258292993 Link ID 72.0.0.4 75.0.7.1 Dest RtrID

Link (Type-8) Link States (Area 1) ADV Router Age 26.50.0.1 1412 26.50.0.2 238 Seq# 0x80000031 3 0x80000003 3 Link ID Fa0/0 Fa0/0 Interface

Intra-Area Prefix Link States (Area 1)

ADV Router 26.50.0.1 26.50.0.1 26.50.0.2

Age 1691 702 1797

Seq# Link ID Ref-Istype 0x8000002E 0 0x2001 0x80000031 1003 0x2002 0x80000002 0 0x2001

Ref-LSID
0 3 0

Type-5 AS External Link States ADV Router Age 72.0.0.4 72.0.0.4 75.0.7.1 Seq# 287 38 162 Prefix 0x80000028 3FFE:FFFF:A::/64 0x80000027 3FFE:FFFF:78::/64 0x80000007 3FFE:FFFF:8::/64

AHMED NABIL

69

CCNA R & S Course

Eng.Ahmed Nabil DoN

2013 abil

AHMED NABIL

70