• Configure the network so that full reachability is maintained if R3’s connection to SW1 goes down.
• Do not apply any configuration onto R4 to solve this task.
若是R3的Fa0/0與SW1之間斷掉,那 Area 2(SW3、SW1、R6)間就沒有任何路由器跟Area 0介接。
只有在R6與R1間,透過Area 1與Area 0介接。
R1:
router ospf 1
area 1 virtual-link 150.1.6.6
R6:
router ospf 1
area 1 virtual-link 150.1.1.1
To resolve this problem R6 must offer devices in area 2 an alternate path to area 0. This can be done with a new link being added to R6 that is in area 0, such as another Ethernet interface or a Tunnel interface, or by configuring an OSPF virtual-link.
An OSPF virtual-link allows the creation of an indirect area 0 adjacency. This adjacency can be used to repair breaks in the OSPF domain or to solve traffic engineering requirements. In this particular case R6 can virtual-link to the neighbors R1 or R4 who are in area 1, since they both have connections to area 0. R1 is chosen in this solution since the question states not to configure R4.
The first important point to note about the virtual-link is that the neighbor value specified in the virtual-link syntax is the router-id of the neighbor in the transit area. This means that if for some reason the router-id changes, i.e. a new higher Loopback interface is added, or the router-id command is changed, the virtual-link will fail.
Additionally, the neighbors forming adjacency over the virtual-link do not have to be directly connected; they simply need to know how to recurse towards each others’ LSA 1 advertisements. This means that the traffic flow via the virtual-link should naturally follow the Intra-Area SPF calculation between the routers’ LSA 1 advertisements.
2013/10/31
WB1 6.5~6.6 OSPF Network Point-to-Multipoint & OSPF Network Point-to-Multipoint Non-Broadcast
兩種OSPF Network Point-to-Multipoint (Multicast) & (Non-Broadcast - Unicast) 讓Spoke可以透過Hub Router將學到的路由Next-Hop改成為Hub的IP
6.5 OSPF Network Point-to-Multipoint
R1~R4:
interface Serial0/0/0
ip ospf 1 area 0
ip ospf network point-to-multipoint
frame-relay map ip 155.1.0.5 405 broadcast
R5:
interface Serial0/0/0
ip ospf 1 area 0
ip ospf network point-to-multipoint
frame-relay map ip 155.1.0.1 501 broadcast
frame-relay map ip 155.1.0.2 502 broadcast
frame-relay map ip 155.1.0.3 503 broadcast
frame-relay map ip 155.1.0.4 504 broadcast.
6.6 OSPF Network Point-to-Multipoint Non-Broadcast
R1~R4:
interface Serial0/0/0
ip ospf 1 area 0
ip ospf network point-to-multipoint non-broadcast
frame-relay map ip 155.1.0.5 405
R5:
interface Serial0/0/0
ip ospf 1 area 0
ip ospf network point-to-multipoint non-broadcast
frame-relay map ip 155.1.0.1 501
frame-relay map ip 155.1.0.2 502
frame-relay map ip 155.1.0.3 503
frame-relay map ip 155.1.0.4 504
!
router ospf 1
neighbor 155.1.0.1
neighbor 155.1.0.2
neighbor 155.1.0.3
neighbor 155.1.0.4
The Non-Broadcast network type means that there will be a DR/BDR election,
and that hellos are exchanged as unicast. In order to unicast OSPF hellos the
neighbor statement needs to be configured under the OSPF process of the DR.
Once the DROTHERs and/or BDR hear the unicast hellos from the DR, they will
automatically respond back with their own unicast hellos. This implies that the
neighbor statement can be configured everywhere, but is only required on the
DR. Once R5 is configured with the neighbor statement the show ip ospf
neighbor output should be checked to verify adjacency.
---------------------------------------------------------------------------------------------------
OSPF network type
point-to-multipoint non-broadcast is essentially the same as network type point-to-multipoint, with one exception.
Point-to-multipoint network type uses multicast hellos,
Point-to-multipoint non-broadcast uses unicast hellos.
Both do not support the DR/BDR election, automatically update the nexthop value of routes learned on partially meshed networks to the directly connected neighbor, and advertise the network as a set of endpoints instead of a transit network.
6.5 OSPF Network Point-to-Multipoint
R1~R4:
interface Serial0/0/0
ip ospf 1 area 0
ip ospf network point-to-multipoint
frame-relay map ip 155.1.0.5 405 broadcast
R5:
interface Serial0/0/0
ip ospf 1 area 0
ip ospf network point-to-multipoint
frame-relay map ip 155.1.0.1 501 broadcast
frame-relay map ip 155.1.0.2 502 broadcast
frame-relay map ip 155.1.0.3 503 broadcast
frame-relay map ip 155.1.0.4 504 broadcast.
6.6 OSPF Network Point-to-Multipoint Non-Broadcast
R1~R4:
interface Serial0/0/0
ip ospf 1 area 0
ip ospf network point-to-multipoint non-broadcast
frame-relay map ip 155.1.0.5 405
R5:
interface Serial0/0/0
ip ospf 1 area 0
ip ospf network point-to-multipoint non-broadcast
frame-relay map ip 155.1.0.1 501
frame-relay map ip 155.1.0.2 502
frame-relay map ip 155.1.0.3 503
frame-relay map ip 155.1.0.4 504
!
router ospf 1
neighbor 155.1.0.1
neighbor 155.1.0.2
neighbor 155.1.0.3
neighbor 155.1.0.4
The Non-Broadcast network type means that there will be a DR/BDR election,
and that hellos are exchanged as unicast. In order to unicast OSPF hellos the
neighbor statement needs to be configured under the OSPF process of the DR.
Once the DROTHERs and/or BDR hear the unicast hellos from the DR, they will
automatically respond back with their own unicast hellos. This implies that the
neighbor statement can be configured everywhere, but is only required on the
DR. Once R5 is configured with the neighbor statement the show ip ospf
neighbor output should be checked to verify adjacency.
---------------------------------------------------------------------------------------------------
OSPF network type
point-to-multipoint non-broadcast is essentially the same as network type point-to-multipoint, with one exception.
Point-to-multipoint network type uses multicast hellos,
Point-to-multipoint non-broadcast uses unicast hellos.
Both do not support the DR/BDR election, automatically update the nexthop value of routes learned on partially meshed networks to the directly connected neighbor, and advertise the network as a set of endpoints instead of a transit network.
2013/10/30
WB1 6.2 看一下 Rack1R5#show ip ospf database LSA的解釋
LSA-1 (Router Link) 同一個Area中所有的Router所產生的LSA-1
LSA-2 (Net Link States) 同一個Area的DR Router所產生的LSA-2
LSA-3 (Summary Net Link) 僅由ABR所產生的Network Summary LSA
Once adjacency is established in area 0, Inter-Area routing advertisements can be propagated throughout the entire topology. This is due to the fact that R1, R2, R3, R4, and R5 are now ABRs, and can originate the Network Summary LSA (LSA 3) describing Inter-Area routes to the other neighbors in their attached areas.
(LSA 3) describing Inter-Area routes to the other neighbors in their attached areas.
From the show ip ospf database output on R5 the Summary Net link States (Area 0) shows ABRs that are advertising information from other areas into area 0.
For example R2 is advertising the link 192.10.1.0/24 from area 51 into area 0, and can be seen as the last entry in this category.
Only the DR on an OSPF segment originates the Network LSA (LSA 2).
Rack1R5#show ip ospf database
OSPF Router with ID (150.1.5.5) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
150.1.1.1 150.1.1.1 1857 0x80000005 0x007705 1
150.1.2.2 150.1.2.2 42 0x80000006 0x006115 1
150.1.3.3 150.1.3.3 15 0x80000006 0x004D24 1
150.1.5.5 150.1.5.5 1861 0x80000002 0x002D3E 1
223.255.255.255 223.255.255.255 80 0x80000004 0x008D60 1
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
155.1.0.5 150.1.5.5 1852 0x80000002 0x002A6B
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
150.1.7.7 150.1.3.3 1373 0x80000001 0x00DD1A
155.1.5.0 150.1.5.5 93 0x80000002 0x00D225
155.1.7.0 150.1.3.3 1373 0x80000001 0x00E217
155.1.8.0 150.1.5.5 93 0x80000002 0x00BB38
155.1.9.0 150.1.3.3 1376 0x80000001 0x00D620
155.1.10.0 150.1.5.5 95 0x80000002 0x00AF41
155.1.37.0 150.1.3.3 260 0x80000003 0x008951
155.1.58.0 150.1.5.5 95 0x80000002 0x008939
155.1.67.0 150.1.3.3 1376 0x80000001 0x004C71
155.1.79.0 150.1.3.3 1376 0x80000001 0x00C7E9
155.1.108.0 150.1.5.5 95 0x80000002 0x006B24
155.1.146.0 150.1.1.1 74 0x80000003 0x00EF81
155.1.146.0 223.255.255.255 82 0x80000003 0x0071B9
192.10.1.0 150.1.2.2 291 0x80000003 0x00D4FD
Summary ASB Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
192.10.1.254 150.1.2.2 291 0x80000003 0x00D002
Router Link States (Area 3)
Link ID ADV Router Age Seq# Checksum Link count
150.1.5.5 150.1.5.5 95 0x80000009 0x0084F4 2
150.1.8.8 150.1.8.8 1619 0x80000004 0x00C377 3
223.255.255.255 223.255.255.255 1638 0x80000003 0x00DEB6 2
Net Link States (Area 3)
Link ID ADV Router Age Seq# Checksum
155.1.58.8 150.1.8.8 1619 0x80000003 0x00E681
155.1.108.8 150.1.8.8 1628 0x80000003 0x0051A6
Summary Net Link States (Area 3)
Link ID ADV Router Age Seq# Checksum
150.1.7.7 150.1.5.5 1386 0x80000001 0x00466D
155.1.0.0 150.1.5.5 106 0x80000004 0x007E3D
155.1.7.0 150.1.5.5 1386 0x80000001 0x004B6A
155.1.9.0 150.1.5.5 1386 0x80000001 0x003F73
155.1.37.0 150.1.5.5 1860 0x80000001 0x00F5A2
155.1.67.0 150.1.5.5 1386 0x80000001 0x00B4C4
155.1.79.0 150.1.5.5 1386 0x80000001 0x00303D
155.1.146.0 150.1.5.5 1870 0x80000001 0x0042E8
192.10.1.0 150.1.5.5 1860 0x80000001 0x00345A
Summary ASB Link States (Area 3)
Link ID ADV Router Age Seq# Checksum
192.10.1.254 150.1.5.5 1860 0x80000001 0x00305E
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
51.51.51.51 192.10.1.254 140 0x80000230 0x00389F 0
Rack1R5#
LSA-2 (Net Link States) 同一個Area的DR Router所產生的LSA-2
LSA-3 (Summary Net Link) 僅由ABR所產生的Network Summary LSA
Once adjacency is established in area 0, Inter-Area routing advertisements can be propagated throughout the entire topology. This is due to the fact that R1, R2, R3, R4, and R5 are now ABRs, and can originate the Network Summary LSA (LSA 3) describing Inter-Area routes to the other neighbors in their attached areas.
(LSA 3) describing Inter-Area routes to the other neighbors in their attached areas.
From the show ip ospf database output on R5 the Summary Net link States (Area 0) shows ABRs that are advertising information from other areas into area 0.
For example R2 is advertising the link 192.10.1.0/24 from area 51 into area 0, and can be seen as the last entry in this category.
Only the DR on an OSPF segment originates the Network LSA (LSA 2).
Rack1R5#show ip ospf database
OSPF Router with ID (150.1.5.5) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
150.1.1.1 150.1.1.1 1857 0x80000005 0x007705 1
150.1.2.2 150.1.2.2 42 0x80000006 0x006115 1
150.1.3.3 150.1.3.3 15 0x80000006 0x004D24 1
150.1.5.5 150.1.5.5 1861 0x80000002 0x002D3E 1
223.255.255.255 223.255.255.255 80 0x80000004 0x008D60 1
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
155.1.0.5 150.1.5.5 1852 0x80000002 0x002A6B
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
150.1.7.7 150.1.3.3 1373 0x80000001 0x00DD1A
155.1.5.0 150.1.5.5 93 0x80000002 0x00D225
155.1.7.0 150.1.3.3 1373 0x80000001 0x00E217
155.1.8.0 150.1.5.5 93 0x80000002 0x00BB38
155.1.9.0 150.1.3.3 1376 0x80000001 0x00D620
155.1.10.0 150.1.5.5 95 0x80000002 0x00AF41
155.1.37.0 150.1.3.3 260 0x80000003 0x008951
155.1.58.0 150.1.5.5 95 0x80000002 0x008939
155.1.67.0 150.1.3.3 1376 0x80000001 0x004C71
155.1.79.0 150.1.3.3 1376 0x80000001 0x00C7E9
155.1.108.0 150.1.5.5 95 0x80000002 0x006B24
155.1.146.0 150.1.1.1 74 0x80000003 0x00EF81
155.1.146.0 223.255.255.255 82 0x80000003 0x0071B9
192.10.1.0 150.1.2.2 291 0x80000003 0x00D4FD
Summary ASB Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
192.10.1.254 150.1.2.2 291 0x80000003 0x00D002
Router Link States (Area 3)
Link ID ADV Router Age Seq# Checksum Link count
150.1.5.5 150.1.5.5 95 0x80000009 0x0084F4 2
150.1.8.8 150.1.8.8 1619 0x80000004 0x00C377 3
223.255.255.255 223.255.255.255 1638 0x80000003 0x00DEB6 2
Net Link States (Area 3)
Link ID ADV Router Age Seq# Checksum
155.1.58.8 150.1.8.8 1619 0x80000003 0x00E681
155.1.108.8 150.1.8.8 1628 0x80000003 0x0051A6
Summary Net Link States (Area 3)
Link ID ADV Router Age Seq# Checksum
150.1.7.7 150.1.5.5 1386 0x80000001 0x00466D
155.1.0.0 150.1.5.5 106 0x80000004 0x007E3D
155.1.7.0 150.1.5.5 1386 0x80000001 0x004B6A
155.1.9.0 150.1.5.5 1386 0x80000001 0x003F73
155.1.37.0 150.1.5.5 1860 0x80000001 0x00F5A2
155.1.67.0 150.1.5.5 1386 0x80000001 0x00B4C4
155.1.79.0 150.1.5.5 1386 0x80000001 0x00303D
155.1.146.0 150.1.5.5 1870 0x80000001 0x0042E8
192.10.1.0 150.1.5.5 1860 0x80000001 0x00345A
Summary ASB Link States (Area 3)
Link ID ADV Router Age Seq# Checksum
192.10.1.254 150.1.5.5 1860 0x80000001 0x00305E
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
51.51.51.51 192.10.1.254 140 0x80000230 0x00389F 0
Rack1R5#
WB1 6.2 OSPF over Non-Broadcast Media
As seen in the show ip ospf interface output the default network type for a multipoint Frame Relay
interface is NON_BROADCAST.
要確認的是Hub(R5)必須要是DR,這樣才有辦法更新路由給所有的Spoke(R1~R4)
Rack1R5#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
150.1.1.1 0 FULL/DROTHER 00:01:44 155.1.0.1 Serial0/0
150.1.2.2 0 FULL/DROTHER 00:01:58 155.1.0.2 Serial0/0
150.1.3.3 0 FULL/DROTHER 00:01:38 155.1.0.3 Serial0/0
223.255.255.255 0 FULL/DROTHER 00:01:49 155.1.0.4 Serial0/0
150.1.8.8 1 FULL/DR 00:00:31 155.1.58.8 FastEthernet0/0
Rack1R5#
我是直接在R5上,給 priority 255 (DR)
Rack1R5#sh run interface serial 0/0
Building configuration...
Current configuration : 314 bytes
!
interface Serial0/0
ip address 155.1.0.5 255.255.255.0
encapsulation frame-relay
ip ospf priority 255
ip ospf 1 area 0
clock rate 2000000
frame-relay map ip 155.1.0.4 504
frame-relay map ip 155.1.0.3 503
frame-relay map ip 155.1.0.2 502
frame-relay map ip 155.1.0.1 501
no frame-relay inverse-arp
end
Rack1R5#
直接在R1~R4上,給 priority 0 (DROTHER)
Rack1R1#sh run interface ser0/0
Building configuration...
Current configuration : 312 bytes
!
interface Serial0/0
ip address 155.1.0.1 255.255.255.0
encapsulation frame-relay
ip ospf priority 0
ip ospf 1 area 0
clock rate 2000000
frame-relay map ip 155.1.0.4 105
frame-relay map ip 155.1.0.3 105
frame-relay map ip 155.1.0.2 105
frame-relay map ip 155.1.0.5 105
no frame-relay inverse-arp
end
Rack1R1#
每一台Spoke上所學到的路由都是原本的路由器所產生的,要注意...frame-relay map
Rack1R2#show ip route ospf
51.0.0.0/32 is subnetted, 1 subnets
O E2 51.51.51.51 [110/20] via 192.10.1.254, 00:25:01, FastEthernet0/0
155.1.0.0/24 is subnetted, 13 subnets
O IA 155.1.146.0 [110/65] via 155.1.0.4, 00:23:27, Serial0/0
[110/65] via 155.1.0.1, 00:23:27, Serial0/0
O IA 155.1.10.0 [110/67] via 155.1.0.5, 00:23:27, Serial0/0
O IA 155.1.8.0 [110/66] via 155.1.0.5, 00:23:27, Serial0/0
O IA 155.1.9.0 [110/67] via 155.1.0.3, 00:23:27, Serial0/0
O IA 155.1.7.0 [110/66] via 155.1.0.3, 00:23:27, Serial0/0
O IA 155.1.5.0 [110/65] via 155.1.0.5, 00:23:27, Serial0/0
O IA 155.1.58.0 [110/65] via 155.1.0.5, 00:23:27, Serial0/0
O IA 155.1.37.0 [110/65] via 155.1.0.3, 00:23:27, Serial0/0
O IA 155.1.79.0 [110/66] via 155.1.0.3, 00:23:27, Serial0/0
O IA 155.1.67.0 [110/66] via 155.1.0.3, 00:23:27, Serial0/0
O IA 155.1.108.0 [110/66] via 155.1.0.5, 00:23:27, Serial0/0
150.1.0.0/16 is variably subnetted, 2 subnets, 2 masks
O IA 150.1.7.7/32 [110/66] via 155.1.0.3, 00:23:28, Serial0/0
Rack1R2#show ip route 155.1.10.10
Routing entry for 155.1.10.0/24
Known via "ospf 1", distance 110, metric 67, type inter area
Last update from 155.1.0.5 on Serial0/0, 00:23:56 ago
Routing Descriptor Blocks:
* 155.1.0.5, from 150.1.5.5, 00:23:56 ago, via Serial0/0
Route metric is 67, traffic share count is 1
Rack1R2#show ip route 155.1.0.5
Routing entry for 155.1.0.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Serial0/0
Route metric is 0, traffic share count is 1
Rack1R2#show frame-relay map | include 155.1.0.5
Serial0/0 (up): ip 155.1.0.5 dlci 205(0xCD,0x30D0), static,
Rack1R2#ping 155.1.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/43/60 ms
Rack1R2#
There are basically two ways to solve this design problem, either change the next-hop to something the router does know how to resolve, or allow the router to properly resolve the current next-hop. In this solution, the current next-hop is resolved by adding additional frame-relay map statements. Changing the next-hop value is explored in the next few examples with the point-to-multipoint
OSPF network type.
interface is NON_BROADCAST.
要確認的是Hub(R5)必須要是DR,這樣才有辦法更新路由給所有的Spoke(R1~R4)
Rack1R5#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
150.1.1.1 0 FULL/DROTHER 00:01:44 155.1.0.1 Serial0/0
150.1.2.2 0 FULL/DROTHER 00:01:58 155.1.0.2 Serial0/0
150.1.3.3 0 FULL/DROTHER 00:01:38 155.1.0.3 Serial0/0
223.255.255.255 0 FULL/DROTHER 00:01:49 155.1.0.4 Serial0/0
150.1.8.8 1 FULL/DR 00:00:31 155.1.58.8 FastEthernet0/0
Rack1R5#
我是直接在R5上,給 priority 255 (DR)
Rack1R5#sh run interface serial 0/0
Building configuration...
Current configuration : 314 bytes
!
interface Serial0/0
ip address 155.1.0.5 255.255.255.0
encapsulation frame-relay
ip ospf priority 255
ip ospf 1 area 0
clock rate 2000000
frame-relay map ip 155.1.0.4 504
frame-relay map ip 155.1.0.3 503
frame-relay map ip 155.1.0.2 502
frame-relay map ip 155.1.0.1 501
no frame-relay inverse-arp
end
Rack1R5#
直接在R1~R4上,給 priority 0 (DROTHER)
Rack1R1#sh run interface ser0/0
Building configuration...
Current configuration : 312 bytes
!
interface Serial0/0
ip address 155.1.0.1 255.255.255.0
encapsulation frame-relay
ip ospf priority 0
ip ospf 1 area 0
clock rate 2000000
frame-relay map ip 155.1.0.4 105
frame-relay map ip 155.1.0.3 105
frame-relay map ip 155.1.0.2 105
frame-relay map ip 155.1.0.5 105
no frame-relay inverse-arp
end
Rack1R1#
每一台Spoke上所學到的路由都是原本的路由器所產生的,要注意...frame-relay map
Rack1R2#show ip route ospf
51.0.0.0/32 is subnetted, 1 subnets
O E2 51.51.51.51 [110/20] via 192.10.1.254, 00:25:01, FastEthernet0/0
155.1.0.0/24 is subnetted, 13 subnets
O IA 155.1.146.0 [110/65] via 155.1.0.4, 00:23:27, Serial0/0
[110/65] via 155.1.0.1, 00:23:27, Serial0/0
O IA 155.1.10.0 [110/67] via 155.1.0.5, 00:23:27, Serial0/0
O IA 155.1.8.0 [110/66] via 155.1.0.5, 00:23:27, Serial0/0
O IA 155.1.9.0 [110/67] via 155.1.0.3, 00:23:27, Serial0/0
O IA 155.1.7.0 [110/66] via 155.1.0.3, 00:23:27, Serial0/0
O IA 155.1.5.0 [110/65] via 155.1.0.5, 00:23:27, Serial0/0
O IA 155.1.58.0 [110/65] via 155.1.0.5, 00:23:27, Serial0/0
O IA 155.1.37.0 [110/65] via 155.1.0.3, 00:23:27, Serial0/0
O IA 155.1.79.0 [110/66] via 155.1.0.3, 00:23:27, Serial0/0
O IA 155.1.67.0 [110/66] via 155.1.0.3, 00:23:27, Serial0/0
O IA 155.1.108.0 [110/66] via 155.1.0.5, 00:23:27, Serial0/0
150.1.0.0/16 is variably subnetted, 2 subnets, 2 masks
O IA 150.1.7.7/32 [110/66] via 155.1.0.3, 00:23:28, Serial0/0
Rack1R2#show ip route 155.1.10.10
Routing entry for 155.1.10.0/24
Known via "ospf 1", distance 110, metric 67, type inter area
Last update from 155.1.0.5 on Serial0/0, 00:23:56 ago
Routing Descriptor Blocks:
* 155.1.0.5, from 150.1.5.5, 00:23:56 ago, via Serial0/0
Route metric is 67, traffic share count is 1
Rack1R2#show ip route 155.1.0.5
Routing entry for 155.1.0.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Serial0/0
Route metric is 0, traffic share count is 1
Rack1R2#show frame-relay map | include 155.1.0.5
Serial0/0 (up): ip 155.1.0.5 dlci 205(0xCD,0x30D0), static,
Rack1R2#ping 155.1.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/43/60 ms
Rack1R2#
There are basically two ways to solve this design problem, either change the next-hop to something the router does know how to resolve, or allow the router to properly resolve the current next-hop. In this solution, the current next-hop is resolved by adding additional frame-relay map statements. Changing the next-hop value is explored in the next few examples with the point-to-multipoint
OSPF network type.
2013/10/28
INE R&S ATC081 ~ ATC086 - Route Redistribution
081 - Route Redistribution Overview
082 - Route Redistribution Configuration & Verification, Connected Redistribution
083 - OSPF External Path Selection, TCL PING Scripting
084 - Routing Loops Overview, EIGRP Route Loop Prevention
085 - Metric Based Routing Loops, Route Tagging
086 - Administrative Distance Based Routing Loops, Debug IP Routing, IP Route Profile
Redistribution Lesson Objectives
• What routes are redistributed
• How connected redistribution works
• How IOS chooses routes to use
• Why routingloopscan occur
• How to identify routing loops
• How to prevent routing loops
Route Redistribution Overview
• Redistribution occurs from the routingtable not the routing database
• When redistributingprotocol X into Y, take…
– Routesin the routing table via protocol X
– Connected interfaces running protocol X
• Route advertisement rules
– RIP vs. EIGRP vs. OSPF vs. BGP
082 - Route Redistribution Configuration & Verification, Connected Redistribution
083 - OSPF External Path Selection, TCL PING Scripting
084 - Routing Loops Overview, EIGRP Route Loop Prevention
085 - Metric Based Routing Loops, Route Tagging
086 - Administrative Distance Based Routing Loops, Debug IP Routing, IP Route Profile
Redistribution Lesson Objectives
• What routes are redistributed
• How connected redistribution works
• How IOS chooses routes to use
• Why routingloopscan occur
• How to identify routing loops
• How to prevent routing loops
Route Redistribution Overview
• Redistribution occurs from the routingtable not the routing database
• When redistributingprotocol X into Y, take…
– Routesin the routing table via protocol X
– Connected interfaces running protocol X
• Route advertisement rules
– RIP vs. EIGRP vs. OSPF vs. BGP
INE R&S ATC068 ~ ATC080 - OSPF
068 - OSPF Overview
069 - Establishing OSPF Adjacencies, Understanding the OSPF Database
070 - OSPF Network Type Broadcast, OSPF DRBDR Election, OSPF over NBMA, OSPF Network Type Non-Broadcast and Point-to-Multipoint
071 - OSPF Network Type Point-to-Point, OSPF Network Type Mismatch
072 - OSPF Network Type Point-to-Multipoint Non-Broadcast, OSPF Per Neighbor Cost
073 - OSPF Network Type Loopback
074 - OSPF Path Selection
075 - OSPF Convergence Timers
076 - OSPF Authentication
077 - OSPF Summarization
078 - OSPF Stub Areas, OSPF Totally Stubby Areas, OSPF NSSAs, OSPF Totally NSSAs
079 - Controlling OSPF NSSA Redistribution
080 - OSPF Type 7 to 5 Translator Election, OSPF LSA Type 3 Filter, OSPF Forwarding Address Suppression
OSPF Overview
• Open Standards Based
– RFC 2328 “OSPF Version 2”
• Classless Link-State Protocol
– Uses DijkstraSPF algorithm
– Maintains active adjacencies
– Supports VLSM
– Supports both topology and NLRI summarization
Enabling OSPF
• Enable the global process
– router ospf [process-id]
• Process-id locally significant
– Must be an “up/up” interface running IP
• Used for OSPF Router-ID
• Enable the interface process
– network [address] [wildcard] area [area]
– ip ospf [process-id] area [area]
069 - Establishing OSPF Adjacencies, Understanding the OSPF Database
070 - OSPF Network Type Broadcast, OSPF DRBDR Election, OSPF over NBMA, OSPF Network Type Non-Broadcast and Point-to-Multipoint
071 - OSPF Network Type Point-to-Point, OSPF Network Type Mismatch
072 - OSPF Network Type Point-to-Multipoint Non-Broadcast, OSPF Per Neighbor Cost
073 - OSPF Network Type Loopback
074 - OSPF Path Selection
075 - OSPF Convergence Timers
076 - OSPF Authentication
077 - OSPF Summarization
078 - OSPF Stub Areas, OSPF Totally Stubby Areas, OSPF NSSAs, OSPF Totally NSSAs
079 - Controlling OSPF NSSA Redistribution
080 - OSPF Type 7 to 5 Translator Election, OSPF LSA Type 3 Filter, OSPF Forwarding Address Suppression
OSPF Overview
• Open Standards Based
– RFC 2328 “OSPF Version 2”
• Classless Link-State Protocol
– Uses DijkstraSPF algorithm
– Maintains active adjacencies
– Supports VLSM
– Supports both topology and NLRI summarization
Enabling OSPF
• Enable the global process
– router ospf [process-id]
• Process-id locally significant
– Must be an “up/up” interface running IP
• Used for OSPF Router-ID
• Enable the interface process
– network [address] [wildcard] area [area]
– ip ospf [process-id] area [area]
INE R&S ATC053 ~ ATC067 - EIGRP
053 - EIGRP Overview
054 - EIGRP Auto-Summary
055 - EIGRP Split-Horizon
056 - EIGRP Update Types, EIGRP Neighbor, EIGRP Passive-Interface
057 - EIGRP Hello-Interval, EIGRP Hold-Time
058 - EIGRP Authentication
059 - EIGRP Time Based Authentication
060 - EIGRP Path Selection, EIGRP Metric Weights, EIGRP Traffic Engineering
061 - EIGRP Unequal Cost Load Balancing, EIGRP Variance
062 - EIGRP QUERY, EIGRP Summarization, EIGRP Leak-Map
063 - EIGRP Stub Router Advertisement
064 - EIGRP Default Routing
065 - EIGRP Route Filtering
066 - EIGRP Router-ID
067 - Miscellaneous EIGRP Features
EIGRP Overview
• Hybrid IGP
– Properties of both link-state and distance vector
• Forms active adjacencies but still uses split-horizon
• DUAL guaranteed loop free but still “routing by rumor”
• Uses its own transport protocol
– IP protocol 88
– Multicast to 224.0.0.10 to establish adjacencies
– Unicast and multicast to synchronize the topology
Enabling EIGRP
• Enable the global process
– router eigrp[AS]
– AS number must match to be adjacent
• Enable the interface process
– network [address] [wildcard]
– Similar to OSPF network statement
054 - EIGRP Auto-Summary
055 - EIGRP Split-Horizon
056 - EIGRP Update Types, EIGRP Neighbor, EIGRP Passive-Interface
057 - EIGRP Hello-Interval, EIGRP Hold-Time
058 - EIGRP Authentication
059 - EIGRP Time Based Authentication
060 - EIGRP Path Selection, EIGRP Metric Weights, EIGRP Traffic Engineering
061 - EIGRP Unequal Cost Load Balancing, EIGRP Variance
062 - EIGRP QUERY, EIGRP Summarization, EIGRP Leak-Map
063 - EIGRP Stub Router Advertisement
064 - EIGRP Default Routing
065 - EIGRP Route Filtering
066 - EIGRP Router-ID
067 - Miscellaneous EIGRP Features
EIGRP Overview
• Hybrid IGP
– Properties of both link-state and distance vector
• Forms active adjacencies but still uses split-horizon
• DUAL guaranteed loop free but still “routing by rumor”
• Uses its own transport protocol
– IP protocol 88
– Multicast to 224.0.0.10 to establish adjacencies
– Unicast and multicast to synchronize the topology
Enabling EIGRP
• Enable the global process
– router eigrp[AS]
– AS number must match to be adjacent
• Enable the interface process
– network [address] [wildcard]
– Similar to OSPF network statement
2013/10/21
WB1 RIP 4.17~4.18 Conditional Default Routing
4.17 RIPv2 Conditional Default Routing
R4:
router rip
default-information originate route-map TRACK_LINK_TO_BB3
!
ip prefix-list LINK_TO_BB3 seq 5 permit 204.12.1.0/24
!
route-map TRACK_LINK_TO_BB3 permit 10
match ip address prefix-list LINK_TO_BB3
以上的設定是假設R4的路由表中會存在204.12.1.0/24這筆路由時,才會將default-route放出
這不一定好,應該用下面的範例
R4:
router rip
default-information originate route-map TRACK_LINK_TO_BB3
!
ip prefix-list LINK_TO_BB3 seq 5 permit 204.12.1.0/24
!
route-map TRACK_LINK_TO_BB3 permit 10
match ip address prefix-list LINK_TO_BB3
以上的設定是假設R4的路由表中會存在204.12.1.0/24這筆路由時,才會將default-route放出
這不一定好,應該用下面的範例
WB1 RIP 4.13 ~ 4.15 過濾路由的一些方法
4.13 RIPv2 Filtering with Offset Lists
• Configure an offset-list on SW1 so that SW3 does not install a route to VLAN 5.
SW1:
router rip
offset-list 1 out 16 Vlan79
!
access-list 1 permit 155.1.5.0
4.14 RIPv2 Filtering with Administrative Distance
• Configure administrative distance filtering on R5 so that devices within the network cannot reach R4’s Loopback 0 network.
R5:
router rip
distance 255 0.0.0.0 255.255.255.255 1
!
dantance 255 0.0.0.0 255.255.255.255 1表示任何路由器的更新介面,所送出的access-list 1都變成distance 255
!
access-list 1 permit 150.1.4.0
!
4.15 RIPv2 Filtering with Per Neighbor AD
• Configure administrative distance filtering on SW1 so that traffic destined for R3’s Loopback 0 network is sent towards R6.
SW1:
router rip
distance 255 155.1.37.3 0.0.0.0 2
!
distance 255 155.1.37.3 0.0.0.0 2表示當路由器之更新路由表介面恰好為155.1.37.3時,所送出的access-list 2路由150.1.3.0變成distance 255
!
access-list 2 permit 150.1.3.0
• Configure an offset-list on SW1 so that SW3 does not install a route to VLAN 5.
SW1:
router rip
offset-list 1 out 16 Vlan79
!
access-list 1 permit 155.1.5.0
4.14 RIPv2 Filtering with Administrative Distance
• Configure administrative distance filtering on R5 so that devices within the network cannot reach R4’s Loopback 0 network.
R5:
router rip
distance 255 0.0.0.0 255.255.255.255 1
!
dantance 255 0.0.0.0 255.255.255.255 1表示任何路由器的更新介面,所送出的access-list 1都變成distance 255
!
access-list 1 permit 150.1.4.0
!
4.15 RIPv2 Filtering with Per Neighbor AD
• Configure administrative distance filtering on SW1 so that traffic destined for R3’s Loopback 0 network is sent towards R6.
SW1:
router rip
distance 255 155.1.37.3 0.0.0.0 2
!
distance 255 155.1.37.3 0.0.0.0 2表示當路由器之更新路由表介面恰好為155.1.37.3時,所送出的access-list 2路由150.1.3.0變成distance 255
!
access-list 2 permit 150.1.3.0
WB1 RIP 4.12 Extended access-lists Mean???
• Configure an extended access-list filter on R5
• so that the routes to VLANs 7 and 9 are only received from R1,
• while the routes to R1’s Loopback and VLAN 146 are only received from R3.
但設定前 VLAN 7 & 9 是從R3接受到的
但設定前 R1 Lo & Vlan 146 是從R1接受到的
Rack1R5#show ip route rip
R 155.1.9.0 [120/3] via 155.1.0.3, 00:00:04, Serial0/0.1
R 155.1.7.0 [120/2] via 155.1.0.3, 00:00:04, Serial0/0.1
R 155.1.146.0 [120/1] via 155.1.0.1, 00:00:04, Serial0/0.1
R 150.1.1.0 [120/1] via 155.1.0.1, 00:00:08, Serial0/0.1
Rack1R5#
Extended access-lists when called as a distribute-list in IGP have a different meaning than in redistribution or as in BGP.
• so that the routes to VLANs 7 and 9 are only received from R1,
• while the routes to R1’s Loopback and VLAN 146 are only received from R3.
但設定前 VLAN 7 & 9 是從R3接受到的
但設定前 R1 Lo & Vlan 146 是從R1接受到的
Rack1R5#show ip route rip
R 155.1.9.0 [120/3] via 155.1.0.3, 00:00:04, Serial0/0.1
R 155.1.7.0 [120/2] via 155.1.0.3, 00:00:04, Serial0/0.1
R 155.1.146.0 [120/1] via 155.1.0.1, 00:00:04, Serial0/0.1
R 150.1.1.0 [120/1] via 155.1.0.1, 00:00:08, Serial0/0.1
Rack1R5#
Extended access-lists when called as a distribute-list in IGP have a different meaning than in redistribution or as in BGP.
WB1 RIP 4.11 Access-List ODD v.s EVEN
BB1一共送出四筆路由給R6
Rack1R6#show ip route rip | i Serial0/0
R 212.18.0.0/24 [120/1] via 54.1.1.254, 00:00:15, Serial0/0
R 212.18.1.0/24 [120/1] via 54.1.1.254, 00:00:15, Serial0/0
R 212.18.2.0/24 [120/1] via 54.1.1.254, 00:00:15, Serial0/0
R 212.18.3.0/24 [120/1] via 54.1.1.254, 00:00:15, Serial0/0
Rack1R6#
--------------------------------------------------------------------------------
Configure a one line standard access-list on R6 to filter out all routes
coming from BB1 that have an even number in the third octet.
過濾第三位為even(偶數)的路由 ---> 那就是允許第三位為單數(odd)的路由
router rip
version 2
network 54.0.0.0
network 150.1.0.0
network 155.1.0.0
distribute-list 1 in Serial0/0
no auto-summary
!
access-list 1 permit 0.0.1.0 255.255.254.255
!
Rack1R6#show ip route rip | include Serial0/0
R 212.18.1.0/24 [120/1] via 54.1.1.254, 00:00:02, Serial0/0
R 212.18.3.0/24 [120/1] via 54.1.1.254, 00:00:02, Serial0/0
Rack1R6#
--------------------------------------------------------------------------------
Configure a one line standard access-list on R6 to filter out all routes
coming from BB1 that have an odd number in the third octet.
過濾第三位為odd(單數)的路由 ---> 那就是允許第三位為偶數(even)的路由
router rip
version 2
network 54.0.0.0
network 150.1.0.0
network 155.1.0.0
distribute-list 2 in Serial0/0
no auto-summary
!
access-list 2 permit 0.0.0.0 255.255.254.255
!
Rack1R6#show ip route rip | include Serial0/0
R 212.18.0.0/24 [120/1] via 54.1.1.254, 00:00:02, Serial0/0
R 212.18.2.0/24 [120/1] via 54.1.1.254, 00:00:02, Serial0/0
Rack1R6#
Rack1R6#show ip route rip | i Serial0/0
R 212.18.0.0/24 [120/1] via 54.1.1.254, 00:00:15, Serial0/0
R 212.18.1.0/24 [120/1] via 54.1.1.254, 00:00:15, Serial0/0
R 212.18.2.0/24 [120/1] via 54.1.1.254, 00:00:15, Serial0/0
R 212.18.3.0/24 [120/1] via 54.1.1.254, 00:00:15, Serial0/0
Rack1R6#
--------------------------------------------------------------------------------
Configure a one line standard access-list on R6 to filter out all routes
coming from BB1 that have an even number in the third octet.
過濾第三位為even(偶數)的路由 ---> 那就是允許第三位為單數(odd)的路由
router rip
version 2
network 54.0.0.0
network 150.1.0.0
network 155.1.0.0
distribute-list 1 in Serial0/0
no auto-summary
!
access-list 1 permit 0.0.1.0 255.255.254.255
!
Rack1R6#show ip route rip | include Serial0/0
R 212.18.1.0/24 [120/1] via 54.1.1.254, 00:00:02, Serial0/0
R 212.18.3.0/24 [120/1] via 54.1.1.254, 00:00:02, Serial0/0
Rack1R6#
--------------------------------------------------------------------------------
Configure a one line standard access-list on R6 to filter out all routes
coming from BB1 that have an odd number in the third octet.
過濾第三位為odd(單數)的路由 ---> 那就是允許第三位為偶數(even)的路由
router rip
version 2
network 54.0.0.0
network 150.1.0.0
network 155.1.0.0
distribute-list 2 in Serial0/0
no auto-summary
!
access-list 2 permit 0.0.0.0 255.255.254.255
!
Rack1R6#show ip route rip | include Serial0/0
R 212.18.0.0/24 [120/1] via 54.1.1.254, 00:00:02, Serial0/0
R 212.18.2.0/24 [120/1] via 54.1.1.254, 00:00:02, Serial0/0
Rack1R6#
WB1 RIP 4.10 過濾特定的路由器所送出的路由
以下範例為
R5路由器於Fa0/0所送出的路由要過濾掉特定的路由30.0.0.0/14及31.0.0.0/14給SW2
另外一個比較特別為 除了R4所發出的路由外,其他所有的路由器的路由都接受
router rip
version 2
timers basic 10 60 60 80
network 150.1.0.0
network 155.1.0.0
distribute-list prefix DENY_SW2 out FastEthernet0/0
distribute-list prefix PERMIT_ALL gateway NOT_FROM_R4 in
no auto-summary
!
ip prefix-list DENY_SW2 seq 10 deny 30.0.0.0/14
ip prefix-list DENY_SW2 seq 20 deny 31.0.0.0/14
ip prefix-list DENY_SW2 seq 30 permit 0.0.0.0/0 le 32
!
ip prefix-list NOT_FROM_R4 seq 10 deny 155.1.0.4/32
ip prefix-list NOT_FROM_R4 seq 20 permit 0.0.0.0/0 le 32
!
ip prefix-list PERMIT_ALL seq 5 permit 0.0.0.0/0 le 32
R5路由器於Fa0/0所送出的路由要過濾掉特定的路由30.0.0.0/14及31.0.0.0/14給SW2
另外一個比較特別為 除了R4所發出的路由外,其他所有的路由器的路由都接受
router rip
version 2
timers basic 10 60 60 80
network 150.1.0.0
network 155.1.0.0
distribute-list prefix DENY_SW2 out FastEthernet0/0
distribute-list prefix PERMIT_ALL gateway NOT_FROM_R4 in
no auto-summary
!
ip prefix-list DENY_SW2 seq 10 deny 30.0.0.0/14
ip prefix-list DENY_SW2 seq 20 deny 31.0.0.0/14
ip prefix-list DENY_SW2 seq 30 permit 0.0.0.0/0 le 32
!
ip prefix-list NOT_FROM_R4 seq 10 deny 155.1.0.4/32
ip prefix-list NOT_FROM_R4 seq 20 permit 0.0.0.0/0 le 32
!
ip prefix-list PERMIT_ALL seq 5 permit 0.0.0.0/0 le 32
2013/10/17
GNS3 Tips
今天自己嚇自己...先寫下來...目前幾個發現的GNS3解決方法
-------------------------------------------------------------------------------
我的CCIE Lab是採用Windows 7 PC run GNS3 + 4 Real Cisco 3750 Switch的方式
GNS3:
6 x Router R1~R6 , IOS為 c3725-adventerprisek9-mz.124-15.T14.extracted.bin
3 x Router BB1~BB3, IOS為 c3725-adventerprisek9-mz.124-15.T14.extracted.bin
1 x Frame-Relay Switch, GNS3內建
4 x Real Cisco 3750 Switch:
4 x WS-C3750-24TS, IOS為 c3750-advipservicesk9-mz.122-46.SE.bin
中間的連線就是將PC串接12個USB-to-FastEthernet Adapter後,連到SW1~SW4
-------------------------------------------------------------------------------
Ping 255.255.255.255 反應慢,沒關係,終於解決了
在INE Workbook的許多測試裡,可能要 ping 255.255.255.255
但發現就是回應很慢,大約每一個ping reply大約要20~30秒,
一開wireshark看一看,果然找到問題了,
Router會先用介面的IP去用DNS反查Broadcast Address,例如
Standard query 0x6686 PTR 7.37.1.155.in-addr.arpa
這樣就會造成ping reply的速度很慢很慢很慢
所以在設備裡面要下no ip domain-lookup才可以解決這樣的情況
-------------------------------------------------------------------------------
為了加速我們在TS時,traceroute的速度,我發現,在每一台設備上,下no ip icmp rate-limit unreachable可以加速反應。
!
config t
no ip icmp rate-limit unreachable
end
!
-------------------------------------------------------------------------------
GNS3 CPU過高...idle pc值一定要算一下....另外就是加上idlemax = 100的指令,真的很有用
autostart = False
version = 0.8.5
[127.0.0.1:7201]
workingdir = working
udp = 10100
[[3725]]
image = D:\GNS3\IOS\c3725-adventerprisek9-mz.124-15.T14.extracted.bin
ram = 256
idlepc = 0x60c08728
idlemax = 100
ghostios = True
[[ROUTER R1]]
model = 3725
console = 2001
aux = 2100
以下省略
-------------------------------------------------------------------------------
我的CCIE Lab是採用Windows 7 PC run GNS3 + 4 Real Cisco 3750 Switch的方式
GNS3:
6 x Router R1~R6 , IOS為 c3725-adventerprisek9-mz.124-15.T14.extracted.bin
3 x Router BB1~BB3, IOS為 c3725-adventerprisek9-mz.124-15.T14.extracted.bin
1 x Frame-Relay Switch, GNS3內建
4 x Real Cisco 3750 Switch:
4 x WS-C3750-24TS, IOS為 c3750-advipservicesk9-mz.122-46.SE.bin
中間的連線就是將PC串接12個USB-to-FastEthernet Adapter後,連到SW1~SW4
-------------------------------------------------------------------------------
Ping 255.255.255.255 反應慢,沒關係,終於解決了
在INE Workbook的許多測試裡,可能要 ping 255.255.255.255
但發現就是回應很慢,大約每一個ping reply大約要20~30秒,
一開wireshark看一看,果然找到問題了,
Router會先用介面的IP去用DNS反查Broadcast Address,例如
Standard query 0x6686 PTR 7.37.1.155.in-addr.arpa
這樣就會造成ping reply的速度很慢很慢很慢
所以在設備裡面要下no ip domain-lookup才可以解決這樣的情況
-------------------------------------------------------------------------------
為了加速我們在TS時,traceroute的速度,我發現,在每一台設備上,下no ip icmp rate-limit unreachable可以加速反應。
!
config t
no ip icmp rate-limit unreachable
end
!
-------------------------------------------------------------------------------
GNS3 CPU過高...idle pc值一定要算一下....另外就是加上idlemax = 100的指令,真的很有用
autostart = False
version = 0.8.5
[127.0.0.1:7201]
workingdir = working
udp = 10100
[[3725]]
image = D:\GNS3\IOS\c3725-adventerprisek9-mz.124-15.T14.extracted.bin
ram = 256
idlepc = 0x60c08728
idlemax = 100
ghostios = True
[[ROUTER R1]]
model = 3725
console = 2001
aux = 2100
以下省略
2013/10/11
INE R&S ATC052 - RIP Triggered, RIP Validate Update Source
RIP Triggered
• Supports suppression of periodic updates
– Originally for dial circuits
• Interface level iprip triggered
• Updates only sent if changes occur
RIP Source Validation
• Updates only accepted from routers on your same subnet by default
• Problems with devices running PPP and IPCP address negotiation
• Disabled with process level no validate-update-source
RIP Command Reference
• Know the command reference
• Very little functionality in RIP compared to other IGPs
• Supports suppression of periodic updates
– Originally for dial circuits
• Interface level iprip triggered
• Updates only sent if changes occur
RIP Source Validation
• Updates only accepted from routers on your same subnet by default
• Problems with devices running PPP and IPCP address negotiation
• Disabled with process level no validate-update-source
RIP Command Reference
• Know the command reference
• Very little functionality in RIP compared to other IGPs
INE R&S ATC051 - RIP Default Routing, RIP Conditional Default Routing
RIP Default Routing
• Process level default-information originate
• Route-map for conditional default advertisement
– set interface [interface]
• Send default only out specified interface
– match ip address [prefix-list]
• Send default only if specified prefix is in the routing table
= = = = = = = = = = = = = = =
router rip
default-information originate
= = = = = = = = = = = = = = =
SW1:
• Process level default-information originate
• Route-map for conditional default advertisement
– set interface [interface]
• Send default only out specified interface
– match ip address [prefix-list]
• Send default only if specified prefix is in the routing table
= = = = = = = = = = = = = = =
router rip
default-information originate
= = = = = = = = = = = = = = =
SW1:
INE R&S ATC050 - Prefix-Lists, RIP Distribute-List Filtering, RIP Administrative Distance Filtering
RIP Inbound Route Filtering
• Distribute-list
– Standard access-list
– Extended access-list
• Source is route source, destination is prefix
– Prefix-list
• Offset-list
– Metric of 16 = infinite
• Distance
– 255 = infinite
– Can be per prefix and per neighbor
RIP Outbound Route Filtering
• Distribute-list
– Access-list
– Prefix-list
• Offset-list
– Metric of 16 = infinite
• Passive-interface
• Distribute-list
– Standard access-list
– Extended access-list
• Source is route source, destination is prefix
– Prefix-list
• Offset-list
– Metric of 16 = infinite
• Distance
– 255 = infinite
– Can be per prefix and per neighbor
RIP Outbound Route Filtering
• Distribute-list
– Access-list
– Prefix-list
• Offset-list
– Metric of 16 = infinite
• Passive-interface
INE R&S ATC049 - RIP Summarization
RIP Summarization
• Interface level ip summary-address rip
• At least one subnet must be in the RIP database
• Cannot summarize past the major network boundary
– Workaround with redistribute static
• Interface level ip summary-address rip
• At least one subnet must be in the RIP database
• Cannot summarize past the major network boundary
– Workaround with redistribute static
INE R&S ATC048 - RIP Authentication
RIP Authentication
• Supports clear text and MD5 authentication
• Define key chain
– key chain [name]
• Define key number
– key [num]
– Must match for MD5
• Define password
– key-string [string]
– Whitespace counts as a character
• Enable at interface level
– iprip authentication mode [text | md5]
• Apply key chain
– iprip authentication key-chain [name]
• Supports clear text and MD5 authentication
• Define key chain
– key chain [name]
• Define key number
– key [num]
– Must match for MD5
• Define password
– key-string [string]
– Whitespace counts as a character
• Enable at interface level
– iprip authentication mode [text | md5]
• Apply key chain
– iprip authentication key-chain [name]
INE R&S ATC047 - RIP Offset-List
RIP Metric Calculation
• RIP uses hop-count as metric
– 1 hop per interface
– 16 is infinite
• offset-listto modify metric
– access-list 0 means all routes
• RIP uses hop-count as metric
– 1 hop per interface
– 16 is infinite
• offset-listto modify metric
– access-list 0 means all routes
INE R&S ATC046 - RIP Unicast Updates
Update Types
• Broadcast
– RIPv1 default
– RIPv2 optional with ip rip v2-broadcast
• Multicast
– RIPv2 default
• Unicast
– RIPv1 / RIPv2 optional
– neighbor [address]
• Enable unicast update
– passive-interface [interface]
• Suppress normal broadcast / multicast updates
• Broadcast
– RIPv1 default
– RIPv2 optional with ip rip v2-broadcast
• Multicast
– RIPv2 default
• Unicast
– RIPv1 / RIPv2 optional
– neighbor [address]
• Enable unicast update
– passive-interface [interface]
• Suppress normal broadcast / multicast updates
INE R&S ATC045 - RIP Broadcast Updates, IP Directed Broadcast, IP Broadcast-Address, Smurf Attacks, Fraggle Attacks
Update Types
• Broadcast
– RIPv1 default
– RIPv2 optional with ip rip v2-broadcast
• Multicast
– RIPv2 default
• Unicast
– RIPv1 / RIPv2 optional
– neighbor [address]
• Enable unicast update
– passive-interface [interface]
• Suppress normal broadcast / multicast updates
• Broadcast
– RIPv1 default
– RIPv2 optional with ip rip v2-broadcast
• Multicast
– RIPv2 default
• Unicast
– RIPv1 / RIPv2 optional
– neighbor [address]
• Enable unicast update
– passive-interface [interface]
• Suppress normal broadcast / multicast updates
INE R&S ATC044 - RIP Split-Horizon, RIP Timers
Split-Horizon
• Updates received in an interface will not be sent back out the same interface
– Undesirable on partial mesh NBMA networks
• Enabled by default on all interfaces except main interface in Frame Relay
– no ip split-horizon to disable
• Verification
– show ip interface
RIP Convergence Timers
• Global
– timers basic [update] [invalid] [holddown] [flush]
• Interface level
– ip rip advertise [interval]
• Updates received in an interface will not be sent back out the same interface
– Undesirable on partial mesh NBMA networks
• Enabled by default on all interfaces except main interface in Frame Relay
– no ip split-horizon to disable
• Verification
– show ip interface
RIP Convergence Timers
• Global
– timers basic [update] [invalid] [holddown] [flush]
• Interface level
– ip rip advertise [interval]
INE R&S ATC043 - RIP Overview, RIP Versions, RIP Auto-Summary
RIP Overview
•Distance Vector IGP
–Uses split-horizon,poison reverse, count to infinity
–UDP port 520 for transport
•Two versions
–RIPv1
•Classful
•Updates as broadcast
–RIPv2
•Classless
•Updates as multicast to 224.0.0.9
Enabling RIP
•Enable the global process
–router rip
•Enable the interface process
–network [address]
–Matches major network only
•Verification
–show ip protocols
–show ip rip database
–debug ip rip
RIP Versions
•Default processing
–Send version 1 updates
–Listen for versions 1 & 2 updates
•Modifyingthe version
–version process level
–ip rip receive version interface level
–ip rip send version interface level
•Verification
–show ip protocols
RIP Auto-Summary
•RIPv2 is classless but does automatic classful summarization by default
–Disabled with no auto-summary under process
•VLSM is supported within the same major network
•Advertisements between major network boundaries are summarized to classful boundary
–Can result in traffic blackholes
•Distance Vector IGP
–Uses split-horizon,poison reverse, count to infinity
–UDP port 520 for transport
•Two versions
–RIPv1
•Classful
•Updates as broadcast
–RIPv2
•Classless
•Updates as multicast to 224.0.0.9
Enabling RIP
•Enable the global process
–router rip
•Enable the interface process
–network [address]
–Matches major network only
•Verification
–show ip protocols
–show ip rip database
–debug ip rip
RIP Versions
•Default processing
–Send version 1 updates
–Listen for versions 1 & 2 updates
•Modifyingthe version
–version process level
–ip rip receive version interface level
–ip rip send version interface level
•Verification
–show ip protocols
RIP Auto-Summary
•RIPv2 is classless but does automatic classful summarization by default
–Disabled with no auto-summary under process
•VLSM is supported within the same major network
•Advertisements between major network boundaries are summarized to classful boundary
–Can result in traffic blackholes
2013/10/08
Mariano Rivera thank you,and I need to be CCIE...Same Thing or different thing.
Mariano Rivera, thank you. 是你讓我知道,我應該要努力。。。
這是緬懷文,,,警惕跟告誡自己>>>>>>>>>>>
2009/10/14 這是我通過第一次的CCIE筆試。
這三年期間,因為公司專案關係,自己又接手公司非常重要的客戶,那時候想和自己的主管一同準備、一起考試的想法,到後來也因為主管比我還忙,就這樣三年過去了。
2012/10/30 這是我通過第二次的CCIE筆試。
去年的這個時候,也是滿懷鬥志,從11月、12月到今年的1月,完成了ATC001~ATC156的video.也做完了一半的 INE Vol I的小Lab...
這段期間共67天,累積共13668分鐘,換算為227hr,平均每天花上3.4hr的時間準備。
訂閱:
文章 (Atom)