Authorized Self-Study Guide BSCI

To fully benefit from this book, you should be CCNA certified or should possess the following knowledge: A working knowledge of the OSI reference model An understanding of internetworkin

publisher, except for the inclusion of brief quotations in a review.

Printed in the United States of America 1 2 3 4 5 6 7 8 9 0

First Printing December 2006

Library of Congress Number: 2004114556

Warning and Disclaimer

This book is designed to provide information about building scalable Cisco internetworks Every effort has been made to make thisbook as complete and as accurate as possible, but no warranty or fitness is implied

The information is provided on an "as is" basis The authors, Cisco Press, and Cisco Systems, Inc shall have neither liability norresponsibility to any person or entity with respect to any loss or damages arising from the information contained in this book orfrom the use of the discs or programs that may accompany it

The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc

Corporate and Government Sales

Cisco Press offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales

For more information, please contact: U.S Corporate and Government Sales 1-800-382-3419

corpsales@pearsontechgroup.com

For sales outside of the U.S please contact: International Sales 1-317-581-3793international@pearsontechgroup.com

Trademark Acknowledgments

Readers' feedback is a natural continuation of this process If you have any comments regarding how we could improve the quality

of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail atfeedback@ciscopress.com Pleasemake sure to include the book title and ISBN in your message

We greatly appreciate your assistance

Publisher: Paul Boger

Cisco Representative: Anthony Wolfenden

Cisco Press Program Manager: Jeff Brady

Executive Editor: Mary Beth Ray

Managing Editor: Patrick Kanouse

Development Editor: Andrew Cupp

Project Editor: Seth Kerney

Copy Editor: Keith Cline

Technical Editors: Mark Gallo, Joe Harris

Publishing Coordinator: Vanessa Evans

Book and Cover Designer: Louisa Adair

Composition: ICC Macmillan Inc.

Indexer: Tim Wright

Americas Headquarters

Cisco Systems, Inc

170 West Tasman Drive

Asia Pacific Headquarters

Cisco Systems, Inc

EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, GigaStack, HomeLink, InternetQuotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace,MGX, Networking Academy, Network Registrar, Packet, PIX ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet,StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc.and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners The use of the wordpartner does not imply a partnership relationship between Cisco and any other company (0609R)

About the Authors

Diane Teare is a professional in the networking, training, and e-learning fields She has more than 20 years of experience in

designing, implementing, and troubleshooting network hardware and software and has also been involved in teaching, coursedesign, and project management She has extensive knowledge of network design and routing technologies and is an instructorwith one of the largest authorized Cisco Learning Partners She was recently the director of e-learning for the same company,where she was responsible for planning and supporting all the company's e-learning offerings in Canada, including Cisco courses.Diane was part of the team that developed the latest version of the BSCI course She has a bachelor's degree in applied science inelectrical engineering (BASc) and a master's degree in applied science in management science (MASc) She is a certified CiscoSystems instructor and currently holds her CCNP and CCDP certifications She coauthored the Cisco Press titlesCampus

Network Design Fundamentals and the first two editions of this book; and editedCCDA Self-Study: Designing for Cisco

Internetwork Solutions (DESGN) and Designing Cisco Networks

Catherine Paquet has in-depth knowledge of security systems, remote access, and routing technology She is a CCSP, a CCNP,

and a CCSI with one of the largest Cisco Learning Partners She started her internetworking career as a LAN manager, moved toMAN manager, and eventually became the nationwide WAN manager with a federal agency Prior to starting Netrisec Inc., anetwork security consultancy, Catherine was the director of technical resources for a Cisco Learning Partner Catherine currentlyworks on network design and implementation projects and lectures on topics related to security frameworks, regulations, andreturn on security investments In 2002 and 2003, she volunteered with the U.N mission in Kabul, Afghanistan, to train Afghanpublic servants in the area of networking Catherine has a master's degree in business administration with a major in managementinformation systems (MBA [MIS]) She coauthored the Cisco Press titlesCampus Network Design Fundamentals,The BusinessCase for Network Security: Advocacy, Governance, and ROI, and the first two editions of this book, and editedBuilding CiscoRemote Access Networks

About the Technical Reviewers

Mark Gallo is a Systems Engineering Manager at Cisco within the Channels organization He has led several engineering groups

responsible for positioning and delivering Cisco end-to-end systems, and for designing and implementing enterprise LANs andinternational IP networks He has a bachelor of science degree in electrical engineering from the University of Pittsburgh and holdsCisco CCNP and CCDP certifications Mark resides in northern Virginia with his wife, Betsy, and son, Paul

Joe Harris, CCIE No 6200, has both CCIE Security and Routing and Switching certifications and is a Commercial Systems

Engineer with Cisco specializing in advanced routing and security He has more than 12 years of experience in the field of

designing and implementing Cisco network solutions Joe holds a bachelor of science degree from Louisiana Tech University andresides with his wife and two children in Frisco, Texas

We would like to thank many people for helping us put this book together:

The Cisco Press team: Mary Beth Ray, the executive editor, coordinated the entire team and ensured that everything was lined

up for the successful completion of the book Drew Cupp, the development editor, has once again been invaluable with his eye fordetail and speedy responses to our many queries We also want to thank Seth Kerney, the project editor, and Keith Cline, the copyeditor, for their excellent work in steering this book through the editorial process Finally, we want to thank Brett Bartow, theexecutive editor on the previous editions to this book (and our other books), for sticking with us all these years!

The Global Knowledge and Cisco Systems team: Many other people were involved in the development of the latest version of

the BSCI course, and we want to extend our thanks to them—our apologies if we have forgotten someone! The Global Knowledgeteam included Ray Dooley and his team—Carol Kavalla, Bill Treneer, and Norma Douthit—Patti Hedgspeth, Kimberly Ferguson,Ammarah Abbasi, Karie Krueger, Joy Rau, Richard Chapin, and Margaret Prince The Cisco team included Ray Garra, BobMartinez, Roger Beatty, Cynthia Barnette, Peter Wood, Dennis Keirnan, Brenda Nichols, Glenn Tapley, Drew Blair, Mike Bevan,James Cagney, Kathy Yankton, Ray Viscaina, Andy Esponsa, Eric De Jesus, Christy Faria, Jeremy Creech, Lee Rogers, AdrianaVascan, and Charles Newby Thanks also to the other members of the development teams of the original BSCN and BSCIcourses, including Patrick Lao, Kip Peterson, Keith Serrao, Kevin Calkins, Won Lee, and Imran Quershi

The technical reviewers: We want to thank the technical reviewers of this book—Mark Gallo and Joe Harris—for their thorough,

detailed review and very valuable input

Our families: Of course, this book would not have been possible without the constant understanding and patience of our families.

They have always been there to motivate and inspire us We thank you all

Each other: Last, but not least, this book is a product of work by two friends, which made it even more of a pleasure to complete.Icons Used in This Book

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference.The Command Reference describes these conventions as follows:

Boldface indicates commands and keywords that are entered literally as shown In actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show

command)

Italics indicate arguments for which you supply actual values

Vertical bars (|) separate alternative, mutually exclusive elements

Square brackets [ ] indicate optional elements

Braces { } indicate a required choice

Braces within brackets [{ }] indicate a required choice within an optional element

Authorized Self-Study Guide: Building Scalable Cisco Internetworks (BSCI), Third Edition, is an excellent self-study resource for theCCNP BSCI exam Whether you are studying to become CCNP certified or are just seeking to gain a better understanding ofswitching technology, implementation and operation, planning and design, and troubleshooting, you will benefit from the informationpresented in this book

Cisco Press Self-Study Guide titles are designed to help educate, develop, and grow the community of Cisco networking

professionals As an early-stage exam-preparation product, this book presents a detailed and comprehensive introduction to thetechnologies used to build scalable routed networks Developed in conjunction with the Cisco certifications team, Cisco Pressbooks are the only self-study books authorized by Cisco Systems

Most networking professionals use a variety of learning methods to gain necessary skills Cisco Press Self-Study Guide titles are aprime source of content for some individuals and can also serve as an excellent supplement to other forms of learning Trainingclasses, whether delivered in a classroom or on the Internet, are a great way to quickly acquire new understanding Hands-onpractice is essential for anyone seeking to build, or hone, new skills Authorized Cisco training classes, labs, and simulations areavailable exclusively from Cisco Learning Solutions Partners worldwide Please visithttp://www.cisco.com/go/training to learn moreabout Cisco Learning Solutions Partners

I hope and expect that you will find this guide to be an essential part of your exam preparation and a valuable addition to yourpersonal library

Don Field

Director, Certifications

Cisco System, Inc

December 2006

Internetworks are growing at a fast pace to support more protocols and users and are becoming more complex As the premierdesigner and provider of internetworking devices, Cisco Systems is committed to supporting these growing networks

This book teaches you how to design, configure, maintain, and scale a routed network It focuses on using Cisco routers

connected in LANs and WANs typically found at medium-to-large network sites After completing this book, you will be able toselect and implement the appropriate Cisco IOS services required to build a scalable, routed network

In this book, you study a broad range of technical details on topics related to routing Routing protocol principles are examined indetail before the following routing protocols are explored: Enhanced Interior Gateway Routing Protocol (EIGRP), Open ShortestPath First (OSPF), Intermediate System-to-Intermediate System (IS-IS), and Border Gateway Protocol (BGP) Running multiplerouting protocols and controlling the information passed between them are examined, and IP multicast and IP version 6 (IPv6) areexplored

Configuration examples and sample verification outputs demonstrate troubleshooting techniques and illustrate critical issuessurrounding network operation Chapter-ending Configuration Exercises and Review Questions illustrate and help solidify theconcepts presented in this book

This book starts you down the path toward attaining your CCNP, CCIP, or CCDP certification, because it provides in-depthinformation to help you prepare for the BSCI exam

The commands and configuration examples presented in this book are based on Cisco IOS Release 12.4

Who Should Read This Book

This book is intended for network architects, network designers, systems engineers, network managers, and network

administrators who are responsible for implementing and troubleshooting growing routed networks

If you are planning to take the BSCI exam toward your CCNP, CCIP, or CCDP certification, this book provides you with in-depthstudy material To fully benefit from this book, you should be CCNA certified or should possess the following knowledge:

A working knowledge of the OSI reference model

An understanding of internetworking fundamentals, including commonly used networking terms, numbering schemes,topologies, distance vector routing protocol operation, and when to use static and default routes

The ability to operate and configure a Cisco router, including displaying and interpreting a router's routing table, configuringstatic and default routes, enabling a WAN serial connection using High-Level Data Link Control (HDLC) or PPP,

configuring Frame Relay permanent virtual circuits (PVC) on interfaces and subinterfaces, configuring IP standard and

extended access lists, and verifying router configurations with available tools, such as show and debug commands

Working knowledge of the TCP/IP stack, and configuring IP addresses and the Routing Information Protocol (RIP)

If you lack this knowledge and these skills, you can gain them by completing the Cisco Introduction to Cisco Networking

Technologies (INTRO) and Interconnecting Cisco Network Devices (ICND) courses or by reading the related Cisco Press books

What's New in This Edition

Examples and Configuration Exercises now use Cisco IOS Release 12.4 on Cisco 2811 routers; outputs have been redoneusing this new release on these routers.

The "Advanced IP Addressing" chapter was removed; much of the information from this chapter has been included inAppendix C, "IPv4 Supplement."

Objectives of This Book

When you complete the readings and exercises in this book, you will be able to describe the converged network requirements ofvarious networked applications within the Cisco architectures You will also be able to describe advanced IP routing principles,including static and dynamic routing characteristics and the concepts of classful and classless routing and address summarization.You will be able to implement and verify EIGRP, OSPF, and Integrated IS-IS for scalable multiarea networks, and BGP forenterprise Internet service provider (ISP) connectivity You will also be able to manipulate routing updates and packet flow You will

be able to implement and verify IP multicast forwarding using Protocol Independent Multicast (PIM) and related protocols, anddescribe how IPv6 functions to satisfy the increasingly complex requirements of hierarchical addressing

Summary of Contents

The chapters and appendixes in this book are as follows:

Chapter 1, "Network Architecture Framework and Design Models," introduces converged networks and the variety of trafficwithin them Some strategies, frameworks, and models used in the network design process are presented

Chapter 2, "Routing Principles," covers the principles of routing, including static and dynamic routing characteristics,classful and classless routing, and the differences between distance vector, link-state, and hybrid routing protocol behavior.Chapter 3, "Configuring the Enhanced Interior Gateway Routing Protocol," introduces EIGRP Topics include EIGRPterminology and concepts, EIGRP configuration, verification, and troubleshooting EIGRP authentication is also included.Chapter 4, "Configuring the Open Shortest Path First Protocol," introduces the OSPF routing protocol Basic configuration

of OSPF, in both single and multiple areas is described OSPF configuration over specific network types is also explored.Chapter 5, "Advanced Open Shortest Path First Protocol Configuration," covers advanced operation, configuration, andverification of the OSPF protocol The different types of OSPF routers and link-state advertisements (LSAs) are

introduced OSPF route summarization configuration is covered and default routes are introduced Stub areas, virtual links,and OSPF authentication configuration are explored

Chapter 6, "Configuring the Integrated Intermediate System-to-Intermediate System Protocol," provides an overview of theIntegrated IS-IS protocol, including its operation and configuration (and basic configuration examples)

Chapter 7, "Manipulating Routing Updates," discusses different ways to control routing update information Route

redistribution to interconnect networks that use multiple routing protocols is explained Information between the protocolscan be controlled by using distribute lists and route maps and by changing the administrative distance; the chapter

discusses the configuration of each of these techniques The chapter concludes with a discussion of the Dynamic HostConfiguration Protocol (DHCP) and how to enable DHCP server functionality on a Cisco IOS device

Chapter 8, "Configuring the Border Gateway Protocol," introduces BGP, including terminology and the fundamentals ofBGP operation, configuration, and troubleshooting techniques BGP authentication and the use of route maps for

manipulating BGP path attributes are also introduced

Chapter 9, "Implementing IP Multicast," provides an introduction to IP multicast, multicast addressing and protocols, andthe implementation of IP multicast on Cisco devices

Chapter 10, "Implementing IPv6," introduces IPv6 and the IPv6 addressing scheme Routing protocols that support IPv6are explored, and the details of OSPF for IPv6 configuration are presented The chapter also discusses how IPv4 networkscan be transitioned to IPv6

"Acronyms and Abbreviations" identifies abbreviations, acronyms, and initialisms used in this book and in the

In addition to the material in the printed book, you can also find the following appendixes atciscopress.com on your My RegisteredBooks page after you register your book (see the next section, "Online Material," for details):

Appendix C, "IPv4 Supplement," provides job aids and supplementary information that are intended for your use whenworking with IPv4 addresses Topics include subnetting job aid, decimal-to-binary conversion chart, IPv4 addressing

review, IPv4 access lists, IP address planning, hierarchical addressing using variable-length subnet masks (VLSMs), routesummarization, and classless interdomain routing (CIDR).

Appendix D, "Manipulating Routing Updates Supplement," provides supplementary information about the features andconfiguration of policy-based routing (PBR)

Appendix E, "BGP Supplement," provides supplementary information on BGP covering the following topics: BGP routesummarization, redistribution with interior gateway protocols (IGPs), policy control and prefix lists, communities, and routereflectors

Appendix F, "Summary of BSCI Router Commands," lists some of the Cisco router IOS commands you might find in thisbook, organized in various categories

Appendix G, "Open System Interconnection (OSI) Reference Model," is a brief overview of the OSI seven-layer model

Online Material

After you register your book on the Cisco Press website, you can find helpful material related to this book

To register this book, go tohttp://www.ciscopress.com/bookstore/register.asp and enter the book's ISBN located on the backcover You'll then be prompted to log in or join ciscopress.com to continue registration

After you register the book, a link to the supplemental content will be listed on your My Registered Books page There you can findthe supplemental material inAppendixes C throughG You can also download three configuration files for use in the book'sConfiguration Exercises, as well as a copy of the network diagram used for the Configuration Exercises

The printed book does contain helpful references to the online appendixes to guide you in making the best use of this supplementaland background material

Configuration Exercises and Review Questions

Configuration Exercises at the end of the chapters let you practice configuring routers with the commands and topics presented Ifyou have access to real hardware, you can try these exercises on your routers; refer toAppendix B for a list of recommendedequipment and initial configuration commands for the backbone routers However, even if you do not have access to any routers,you can go through the exercises and keep a log of your own running configurations Commands used and solutions to theConfiguration Exercises are provided within the exercise sections

At the end of each chapter, you can test your knowledge by answering Review Questions on the subjects covered in that chapter.You can compare your answers to the answers provided inAppendix A to find out how you did and what material you might need tostudy further

Author's Notes, Key Points, Sidebars, and Cautions

The notes, sidebars, and cautions found in this book provide extra information on a subject The key points highlight specific points

of interest

Part I: Network Architecture and Design

Chapter 1 Network Architecture Framework and Design Models

Chapter 1 Network Architecture Framework and Design Models

This chapter discusses network architecture framework and design models It covers the following topics:

Converged NetworksCisco Intelligent Information NetworkCisco Service-Oriented Network Architecture FrameworkCisco Enterprise Architecture

Cisco Hierarchical Network ModelCisco Enterprise Composite Network ModelRouting and Routing Protocols Within the Enterprise Composite Network ModelThis chapter introduces converged networks and the variety of traffic within them To accommodate the requirements of suchnetworks, Cisco has introduced the Intelligent Information Network (IIN) strategy along with the Service-Oriented NetworkArchitecture (SONA) framework that guides the evolution of enterprise networks toward an IIN, both of which this chapterdescribes

The components of the Cisco enterprise-wide systems architecture are introduced Two network design models—the traditionalhierarchical network model and the Enterprise Composite Network Model are described The chapter concludes with a discussion

of how routing protocols fit within the Enterprise Composite Network Model

Converged Networks

A converged network is one in which data, voice, and video traffic coexists on a single network When voice and video aretransported across a network, the voice and video are seen by the network as being just like any other application data

Converged networks contain a variety of different types of traffic, including the following:

Voice and video traffic— Examples include IP telephony, involving applications such as contact centers, and video

broadcast and conferencing

Mission-critical traffic— This data is generated by applications critical to an organization (for example, information

generated by a stock exchange application at a finance company, patient records at a hospital, and so forth)

Transactional traffic— This information is generated by applications such as those for e-commerce.

Routing protocol traffic— Data from whichever routing protocols are running in the network, such as the Routing

Information Protocol (RIP), Open Shortest Path First Protocol (OSPF), Enhanced Interior Gateway Routing Protocol(EIGRP), Intermediate System-to-Intermediate System Protocol (IS-IS), and Border Gateway Protocol (BGP)

Network management traffic— Including information about the status of the network and its devices.

The requirements on the network differ significantly depending on the mix of traffic types, especially in terms of security andperformance

For example, voice and video performance requirements include low delay and jitter (variation in delay), whereas transactional

traffic requires high reliability and security with relatively low bandwidth Voice applications, such as IP telephony, also require highreliability and availability because user expectations for "dial tone" in an IP network are exactly the same as in the traditionaltelephone network Video traffic is frequently carried as IP multicast traffic, requiring multicast features to be enabled on thenetwork To meet these traffic requirements, converged networks use quality of service (QoS) mechanisms so that, for example,voice and video traffic are given priority over web-based traffic.

Several security strategies, such as device hardening with strict access control and authentication, intrusion protection, intrusiondetection, and traffic protection with encryption, can minimize or possibly eliminate network security threats Security is a key issue

in all networks and becomes even more important in wireless networks where access is possible virtually anywhere

Cisco Intelligent Information Network

To accommodate today's and tomorrow's network requirements, the Cisco vision of the future includes the IIN, a strategy thataddresses how the network is integrated with businesses and business priorities The IIN encompasses the following features:

Integration of networked resources and information assets that have been largely unlinked— The modern

converged networks with integrated voice, video, and data require that IT departments (and other departments that weretraditionally responsible for other technologies) more closely link the IT infrastructure with the network

Intelligence across multiple products and infrastructure layers— The intelligence built in to each component of the

network is extended network-wide and applies end to end

Active participation of the network in the delivery of services and applications— With added intelligence, the IIN

makes it possible for the network to actively manage, monitor, and optimize service and application delivery across theentire IT environment

The IIN offers much more than basic connectivity, bandwidth for users, and access to applications—it offers an end-to-endfunctionality and centralized, unified control that promotes true business transparency and agility

With the IIN, Cisco is helping organizations to address new IT challenges, such as the deployment of service-oriented

architectures, web services, and virtualization (as described in the upcoming "Phase 2" bullet) The IIN technology vision offers anevolutionary approach that consists of three phases in which functionality can be added to the infrastructure as required The threephases are as follows:

Phase 1:Integrated transport— Everything (data, voice, and video) consolidates onto an IP network for secure network

convergence By integrating data, voice, and video transport into a single, standards-based, modular network,organizations can simplify network management and generate enterprise-wide efficiencies Network convergence also laysthe foundation for a new class of IP-enabled applications, now known as Cisco Unified Communications solutions

Phase 2: Integrated services— When the network infrastructure is converged, IT resources can be pooled and shared,

orvirtualized, to flexibly address the changing needs of the organization By extending this virtualization concept toencompass server, storage, and network elements, an organization can transparently use all of its resources moreefficiently Business continuity is also enhanced because in the event of a local systems failure, shared resources acrossthe IIN can provide needed services

Phase 3: Integrated applications— This phase focuses on making the networkapplication aware so that it can optimizeapplication performance and more efficiently deliver networked applications to users With Application-Oriented Networking(AON) technology, Cisco has entered this third IIN phase In addition to capabilities such as content caching, load

balancing, and application-level security, the Cisco AON makes it possible for the network to simplify the applicationinfrastructure by integrating intelligent application message handling, optimization, and security into the existing network

Note

You can access the IIN home page athttp://www.cisco.com/go/iin

Cisco Service-Oriented Network Architecture Framework

The Cisco SONA is an architectural framework that illustrates how to build integrated systems and guides the evolution of

enterprise networks toward an IIN Using the SONA framework, enterprises can improve flexibility and increase efficiency byoptimizing applications, business processes, and resources to enable IT to have a greater impact on business

The SONA framework leverages the extensive product-line services, proven architectures, and experience of Cisco and itspartners to help enterprises achieve their business goals

The SONA framework, shown inFigure 1-1, shows how integrated systems can allow a dynamic, flexible architecture and providefor operational efficiency through standardization and virtualization In this framework, the network is the common element thatconnects and enables all components of the IT infrastructure

Figure 1-1 Cisco SONA Framework

Interactive services layer— Enables efficient allocation of resources to applications and business processes delivered

through the networked infrastructure This layer comprises these services:

- Voice and collaboration services

- Mobility services

- Security and identity services

- Storage services

- Computer services

- Application networking services

- Network infrastructure virtualization

- Services management

- Adaptive management services

Application layer— This layer includes business applications and collaboration applications The objective of this layer is

to meet business requirements and achieve efficiencies by leveraging the interactive services layer

Note

You can access the SONA home page athttp://www.cisco.com/go/sona

Cisco Enterprise Architecture

Cisco provides an enterprise-wide systems architecture that helps companies to protect, optimize, and grow the infrastructure thatsupports their business processes As illustrated inFigure 1-2, the architecture provides for integration of the entire

network—campus, data center, branches, teleworkers, and WAN—offering staff secure access to the tools, processes, andservices they require

Figure 1-2 Cisco Enterprise Architecture

[View full size image]

The Cisco EnterpriseCampus Architecture combines a core infrastructure of intelligent switching and routing with tightly integratedproductivity-enhancing technologies, including IP communications, mobility, and advanced security The architecture provides theenterprise with high availability through a resilient multilayer design, redundant hardware and software features, and automaticprocedures for reconfiguring network paths when failures occur IP multicast capabilities provide optimized bandwidth consumption,and QoS features ensure that real-time traffic (such as voice, video, or critical data) is not dropped or delayed Integrated securityprotects against and mitigates the impact of worms, viruses, and other attacks on the network, including at the switch port level.For example, the Cisco enterprise-wide architecture extends support for security standards, such as the Institute for Electrical andElectronic Engineers (IEEE) 802.1x port-based network access control standard and the Extensible Authentication Protocol (EAP)

It also provides the flexibility to add IPsec and Multiprotocol Label Switching virtual private networks (MPLS VPNs), identity andaccess management, and virtual local-area networks (VLANs) to compartmentalize access These features help improve

performance and security while decreasing costs

The Cisco EnterpriseData Center Architecture is a cohesive, adaptive network architecture that supports requirements for

consolidation, business continuance, and security while enabling emerging service-oriented architectures, virtualization, andon-demand computing Staff, suppliers, or customers can be provided with secure access to applications and resources,

levels of resilience for all the branch offices An optimized network leverages the WAN and LAN to reduce traffic and savebandwidth and operational expenses The enterprise can easily support branch offices with the ability to centrally configure,monitor, and manage devices located at remote sites, including tools, such as AutoQoS, which configures devices to handlecongestion and bandwidth issues before they affect network performance.

The Cisco EnterpriseTeleworker Architecture allows enterprises to securely deliver voice and data services to remote small orhome offices over a standard broadband access service, providing a business-resiliency solution for the enterprise and a flexiblework environment for employees Centralized management minimizes the IT support costs Integrated security and identity-basednetworking services enable the enterprise to extend campus security policies to the teleworker Staff can securely log in to thenetwork over analways-on VPN and gain access to authorized applications and services from a single cost-effective platform.Productivity can further be enhanced by adding an IP phone, thereby providing cost-effective access to a centralized IP

communications system with voice and unified messaging services

The Cisco EnterpriseWAN Architecture offers the convergence of voice, video, and data services over a single Cisco UnifiedCommunications network, which enables the enterprise to cost-effectively span large geographic areas QoS, granular servicelevels, and comprehensive encryption options help ensure the secure delivery of high-quality corporate voice, video, and dataresources to all corporate sites, enabling staff to work productively and efficiently wherever they are located Security is providedwith multiservice VPNs (IPsec and MPLS) over Layer 2 or Layer 3 WANs, hub-and-spoke, or full-mesh topologies

Cisco Hierarchical Network Model

Traditionally, the three-layer hierarchical model has been used in network design, providing a modular framework that allowsdesign flexibility and facilitates implementation and troubleshooting The hierarchical model divides networks or modular blockswithin a network into the access, distribution, and core layers, as illustrated inFigure 1-3 The features of the hierarchical layers are

as follows:

Access layer— This layer is used to grant users access to network devices In a network campus, the access layer

generally incorporates switched LAN devices with ports that provide connectivity to workstations and servers In the WANenvironment, the access layer at remote sites or at teleworkers' homes provides access to the corporate network acrossvarious WAN technologies

Distribution layer— This layer aggregates the wiring closets and uses switches to segment workgroups and isolate

network problems in a campus environment Similarly, the distribution layer aggregates WAN connections at the edge ofthe campus and provides policy-based connectivity (in other words, it implements the organization's policies)

Core layer (also referred to as the backbone)— The core layer is a high-speed backbone and is designed to switch

packets as fast as possible Because the core is critical for connectivity, it must provide a high level of availability and adapt

to changes quickly

Figure 1-3 Cisco Hierarchical Network Model

The hierarchical model can be applied to networks that include any type of connectivity, such as LANs, WANs, wireless LANs(WLANs), MANs, and VPNs For example,Figure 1-4 demonstrates the hierarchical model applied to a WAN environment

Figure 1-4 Hierarchical Model Applied to a WAN

[View full size image]

The hierarchical model is useful for smaller networks, but does not scale well to today's larger, more complex networks TheEnterprise Composite Network Model, introduced in the following section, provides additional modularity and functionality.

Cisco Enterprise Composite Network Model

Cisco has developed a set of best practices for security, comprising a blueprint for network designers and administrators for theproper deployment of security solutions to support network applications and the existing network infrastructure This blueprint iscalled "SAFE." SAFE includes the Enterprise Composite Network Model, which network professionals can use to describe andanalyze any modern enterprise network This model supports larger networks than those designed with only the hierarchical modeland clarifies the functional boundaries within the network

Note

You can access the SAFE blueprint home page athttp://www.cisco.com/go/safe

The Enterprise Composite Network Model first divides the network into three functional areas, as illustrated inFigure 1-5 anddescribed as follows:

Enterprise Campus— This functional area contains the modules required to build a hierarchical, highly robust campus

network Access, distribution, and core principles are applied to these modules appropriately

Enterprise Edge— This functional area aggregates connectivity from the various elements at the edge of the enterprise

network, including to remote locations, the Internet, and remote users

Service Provider Edge— This area is not implemented by the organization; instead, it is included to represent connectivity

to service providers such as Internet service providers (ISPs), WAN providers, and the public switched telephone network(PSTN)

Figure 1-5 Enterprise Composite Network Model Functional Areas

As illustrated inFigure 1-6, each of these functional areas contains various network modules These modules can in turn includehierarchical core, distribution, and access layer functionality

The Enterprise Campus functional area comprises the following modules:

Building— Containing access switches and end-user devices (including PCs and IP phones).

Building Distribution— Includes distribution multilayer switches to provide access between workgroups and to the Core Core— Also called the backbone, provides a high-speed connection between buildings themselves, and between buildings

and the Server and Edge Distribution modules

Edge Distribution— The interface between the Enterprise Campus and the Enterprise Edge functional areas This module

concentrates connectivity to and from all branches and teleworkers accessing the campus via a WAN or the Internet

Server— Represents the campus's data center.

Management— Represents the network management functionality, including monitoring, logging, security, and other

management features within an enterprise

Figure 1-7 illustrates how the Building, Building Distribution, and Core modules map directly onto the hierarchical model's access,distribution, and core layers The figure also shows how multiple buildings can be represented by multiple sets of a Building and aBuilding Distribution module, with each connected to the Core

Figure 1-7 Multiple Buildings Represented Within the Enterprise Campus

[View full size image]

The Enterprise Edge functional area is the interface between the Enterprise Campus functional area (through the Edge Distributionmodule) and the Service Provider Edge functional area It is composed of the following four modules:

E-commerce— Includes the servers, network devices, and so forth necessary for an organization to provide e-commerce

functionality, such as online ordering

Corporate Internet— Provides Internet access for the organization, and passes VPN traffic from external users to the

VPN and Remote Access module

VPN and Remote Access— Terminates VPN traffic and dial-in connections from external users WAN— Provides connectivity from remote sites using various WAN technologies

The three modules within the Service Provider Edge functional area are as follows:

ISP— Represents Internet connections PSTN— Represents allnonpermanent connections, including via analog phone, cellular phone, and Integrated ServicesDigital Network (ISDN)

Frame Relay/Asynchronous Transfer Mode (ATM)— Represents allpermanent connections to remote locations,including via Frame Relay, ATM, leased lines, cable, digital subscriber line (DSL), and wireless

Note

For further information and details about network design, refer to the Cisco Press bookCCDA Self-Study: Designing forCisco Internetwork Solutions (DESGN)

Routing and Routing Protocols Within the Enterprise Composite Network Model

Routing protocols are an integral part of any network When designing a network using the architectures and models introduced inthis chapter, routing protocol selection and planning are among the design decisions to be made Although the best practice is touse one IP routing protocol throughout the enterprise if possible, in many cases multiple routing protocols might be required, asillustrated inFigure 1-8 For example, BGP might be used in the Corporate Internet module, whereas static routes are often usedfor remote-access and VPN users Therefore, enterprises might have to deal with multiple routing protocols

Figure 1-8 Multiple Routing Protocols May Be Used Within a Network

[View full size image]

The Enterprise Composite Network Model can assist in determining where each routing protocol is implemented, where theboundaries between protocols are, and how traffic flows between them will be managed

Each routing protocol has its own unique characteristics, some of whichTable 1-1 identifies The next part of this book,Part II,focuses on the characteristics, operation, and configuration of IP routing protocols

Table 1-1 Routing Protocol Comparison

Size of network

(small-medium-large-very large)

Speed of convergence (very

high-high-medium-low)

Support for mixed-vendor devices

(yes-no)

Network support staff knowledge

(good, fair, poor)

In this chapter, you learned about converged networks and network architecture frameworks and design models The IIN strategyand the SONA framework that guides enterprises toward an IIN were described The components of the Cisco enterprise-widesystems architecture were explored, and the traditional hierarchical network model was introduced The Enterprise CompositeNetwork Model was described, along with how routing protocols fit within this model

Review Questions

Answer the following questions, and then refer toAppendix A, "Answers to Review Questions," for the answers

1. What is a converged network?

2. What are the three phases of the IIN?

3. Which are layers within the SONA framework?

4. What are the components of the Cisco Enterprise Architecture?

5. Which are the layers within the hierarchical network model?

6. Describe each of the functional areas of the Enterprise Composite Network Model

7. Which modules are within the Enterprise Campus functional area?

8. Why might a network need to have more than one routing protocol running?

Part II: IP Routing Protocols

Chapter 2 Routing Principles

Chapter 3 Configuring the Enhanced Interior Gateway Routing Protocol

Chapter 4 Configuring the Open Shortest Path First Protocol

Chapter 5 Advanced Open Shortest Path First Protocol Configuration

Chapter 6 Configuring the Integrated Intermediate System-to-Intermediate System Protocol

Chapter 7 Manipulating Routing Updates

Chapter 8 Configuring the Border Gateway Protocol

Chapter 2 Routing Principles

This chapter discusses IP routing principles It covers the following topics:

IP Routing OverviewCharacteristics of Routing ProtocolsRIP

IP Routing Protocol ComparisonsThis chapter covers IP routing principles, including static and dynamic routing characteristics, classful and classless routing, andmanual and automatic route summarization across network boundaries It explains the difference between distance vector,link-state, and hybrid routing protocols; and includes comparisons of IP routing protocols Characteristics and configuration of theRouting Information Protocol (RIP) are described

Note

The onlineAppendix C, "IPv4 Supplement," includes job aids and supplementary information related to IPv4 addressesthat you should understand before reading the rest of the book Therefore, you are encouraged to review any of thematerial inAppendix C that you are not familiar with before reading the rest of this chapter

attached to its interfaces; it calculates the subnet or network number of an interface by using the address and subnet maskconfigured on that interface For networks not directly connected to one of its interfaces, however, the router must rely on outsideinformation A router can be made aware of remote networks in two ways: An administrator can manually configure the information(static routing), or a router can learn from other routers (dynamic routing) A routing table can contain both static and dynamicallyrecognized routes.

Network administrators can use static routing, dynamic routing, or a combination of both

Principles of Static Routing

This section explains the situations in which static routes are the most appropriate to use

A static route can be used in the following circumstances:

When it is undesirable to have dynamic routing updates forwarded across slow bandwidth links, such as a dialup link.When the administrator needs total control over the routes used by the router

When a backup to a dynamically recognized route is necessary

When it is necessary to reach a network accessible by only one path (a stub network) For example, inFigure 2-1, there isonly one way for router A to reach the 10.2.0.0/16 network on router B The administrator can configure a static route onrouter A to reach the 10.2.0.0/16 network via 10.1.1.1

Figure 2-1 Configuring Static Routing

[View full size image]

When a router is underpowered and does not have the CPU or memory resources necessary to handle a dynamic routingprotocol

When a route should appear to the router as a directly connected network

A perfect use for static routing is a hub-and-spoke design, with all remote sites defaulting back to the central site and the one ortwo routers at the central site having a static route for all subnets at each remote site However, without proper design, as thenetwork grows into hundreds of routers, with each router having numerous subnets, the number of static routes on each router alsoincreases Each time a new subnet or router is added, an administrator must add a static route to the new networks on a number

of routers The administrative burden to maintain this network can become excessive, making dynamic routing a better choice.Another drawback of static routing is that when a topology change occurs on the internetwork, an administrator might have toreroute traffic by configuring new static routes around the problem area In contrast, with dynamic routing, the routers must learnthe new topology The routers share information with each other and their routing processes automatically discover whether anyalternative routes exist and reroute without administrator intervention Because the routers mutually develop an independentagreement of what the new topology is, they are said toconverge on what the new routes should be Dynamic routing providesfaster convergence

Key Point: Convergence

A network is converged when routing tables on all routers in the network are synchronized and contain a route to alldestination networks Convergence time is the time it takes for all routers in a network to agree on the new topology

Configuring a Static Route

The following command, explained inTable 2-1, is used to create static routes:

RouterA(config)#ip routeprefix mask {address |interface} [distance]

[permanent] [tagtag]

Table 2-1.ip route Command

ip route Command Description

prefix mask The IP network and subnet mask for the remote network

to be entered into the IP routing table

address The IP address of the next hop that can be used to reach

the destination network

interface The local router outbound interface to be used to reach

the destination network

distance (Optional) The administrative distance to be assigned to

this route

permanent (Optional) Specifies that the route will not be removed

from the routing table even if the interface associated withthe route goes down

tagtag (Optional) A value that can be used as a match value in

route maps

Note

Use static routes pointing to an interface on point-to-point interfaces only, because on multiaccess interfaces the router willnot know the specific address to which to send the information On point-to-point interfaces, the information is sent to theonly other device on the network

If no dynamic routing protocol is used on a link connecting two routers, such as inFigure 2-1, a static route must be configured onthe routers on both sides of the link Otherwise, the remote router will not know how to return the packet to its originator located onthe other network; there will be only one-way communication

While configuring a static route, you must specify either a next-hop IP address or an exit interface to notify the router whichdirection to send traffic.Figure 2-1 shows both configurations Router A recognizes the directly connected networks 172.16.1.0 and10.1.1.0 It needs a route to the remote network 10.2.0.0 Router B knows about the directly connected networks 10.2.0.0 and10.1.1.0; it needs a route to the remote network 172.16.1.0 Notice that on router B, the next-hop IP address of the router A serial

interface has been used On router A, however, the ip route command specifies its own Serial 0/0/0 interface as the exit interface.

If a next-hop IP address is used, it should be the IP address of the interface of the router on the other end of the link If an exitinterface is used, the local router sends data to the router on the other end of its attached link When an exit interface is specified,the router considers this a directly connected route

Configuring a Static Default Route

In some circumstances, a router does not need to recognize the details of remote networks The router is configured to send alltraffic, or all traffic for which there is no entry in the routing table, in a particular direction, known as a default route Default routesare either dynamically advertised using routing protocols or statically configured

To create a static default route, use the normal ip route command, but with the destination network (theprefix in the commandsyntax) and its subnet mask (themask in the command syntax) both set at 0.0.0.0 This address is a type of wildcard designation;any destination network will match Because the router tries to match the longest common bit pattern, a network listed in therouting table is used before the default route If the destination network is not listed in the routing table, the default route is used

InFigure 2-2, on router A, the static route to the 10.2.0.0 network has been replaced with a static default route pointing to router B

On router B, a static default route has been added, pointing to its Internet service provider (ISP) Traffic from a device on the router

A 172.16.1.0 network bound for a network on the Internet is sent to router B Router B recognizes that the destination networkdoes not match any specific entries in its routing table and sends that traffic to the ISP It is then the ISP's responsibility to routethat traffic to its destination

Figure 2-2 Configuring the Static Default Route

InFigure 2-2, to reach the 172.16.1.0/24 network, router B still needs a static route pointing out its S0/0/0 interface.

Entering the show ip route command on router A inFigure 2-2 returns the information shown inExample 2-1

Example 2-1.show ip route Command

RouterA#show ip route

<output omitted>

Gateway of last resort is not set

C 172.16.1.0 is directly connected, FastEthernet0/0

C 10.1.1.0 is directly connected, Serial0/0/0

S* 0.0.0.0/0 [1/0] via 10.1.1.1

Principles of Dynamic Routing

Dynamic routing allows the network to adjust to changes in the topology automatically, without administrator involvement Thissection describes dynamic routing principles

A static route cannot respond dynamically to changes in the network If a link fails, the static route is no longer valid if it is

configured to use that failed link, so a new static route must be configured If a new router or new link is added, that informationmust also be configured on every router in the network In a very large or unstable network, these changes can lead to

considerable work for network administrators It can also take a long time for every router in the network to receive the correctinformation In situations such as these, it might be better to have the routers receive information about networks and links fromeach other using a dynamic routing protocol

When using a dynamic routing protocol, the administrator configures the routing protocol on each router, as shown inFigure 2-3.The routers then exchange information about the reachable networks and the state of each network Routers exchange informationonly with other routers running the same routing protocol When the network topology changes, the new information is dynamicallypropagated throughout the network, and each router updates its routing table to reflect the changes The following are someexamples of dynamic routing protocols:

RIPEnhanced Interior Gateway Routing Protocol (EIGRP)Intermediate System-to-Intermediate System (IS-IS)Open Shortest Path First (OSPF)

Border Gateway Protocol (BGP)

Figure 2-3 Routers Running a Dynamic Routing Protocol Exchange Routing Information

[View full size image]

The information exchanged by routers includes the metric or cost to each destination (this value is sometimes called the distance)

Key Point: Metric

Ametric is a value (such as path length) that routing protocols use to measure paths to a destination

Different routing protocols base their metric on different measurements, including hop count, interface speed, or more-complexmetrics Most routing protocols maintain databases containing all the networks that the routing protocol recognizes and all thepaths to each network If a routing protocol recognizes more than one way to reach a network, it compares the metric for eachdifferent path and chooses the path with the lowest metric If multiple paths have the same metric, a maximum of 16 can be

installed in the routing table, and the router can perform load balancing between them EIGRP can also perform load balancingbetween unequal-cost paths.

Note

Prior to Cisco IOS Release 12.3(2)T, the maximum number of parallel routes (equal-cost paths) supported by IP routingprotocols was 6; in Cisco IOS Release 12.3(2)T that maximum was changed to 16

To configure an IP dynamic routing protocol, use the routerprotocol command Protocols other than RIP also require specification

of either an autonomous system or a process number You also need the network command under the router configuration mode

of all routing protocols except IS-IS and BGP

For RIP, EIGRP, and OSPF, the network command tells the router which interfaces are participating in that routing protocol Any interface that has an IP address that falls within the range specified in the network statement is considered active for that protocol.

In other words, the router sends updates from the specified interfaces and expects to receive updates from the same interfaces

Some protocols look for neighbors by sending hello packets out those interfaces Thus, because a network statement identifies

interfaces on the local router, it is configured only for directly connected networks A router also originates advertisements for thenetworks connected to the specified interfaces

RIP allows only major network numbers (Class A, B, or C network numbers) to be specified in the network command EIGRP and

OSPF permit exact specification of interfaces with a combination of a subnet or interface address and a wildcard mask

The network statement functions differently in BGP BGP requires its neighbors to be statically configured The network

statement in BGP tells the router to originate an advertisement for that network Without a network statement, BGP passes along

advertisements it receives from other routers, but it does not originate any network advertisements itself In BGP, the network

listed in the network statement does not have to be directly connected, because it does not identify interfaces on the router as it

does in other protocols (this process is explained in detail inChapter 8, "Configuring the Border Gateway Protocol")

Integrated IS-IS does not use the network statement Instead, interfaces participating in the IS-IS routing process are identified

under interface configuration mode (OSPF also permits the interfaces to be specified this way, as an alternative to using the

network command.)

Example 2-2 shows the configuration of the routers inFigure 2-3 Both routers A and B are configured with RIP Router A has two

directly attached networks and RIP is used to advertise to neighbors on both of those interfaces Therefore, network statements

are configured for both the 172.16.1.0 network and the 10.1.1.0 network Router A sends RIP packets out interfaces Fa0/0 andS0/0/0, advertising the networks that are attached to those interfaces

Example 2-2 Configuring RIP

Router B also has two directly attached networks However, router B wants only the network it shares with router A to participate in

RIP Therefore, a network statement is configured only for the 10.1.1.0 network As explained earlier, with RIP, only the major network number is actually used in the network command Router B also has a static default route pointing toward its ISP to reach

other networks Router B sends RIP packets out its interface S0/0/0, but not out its interface S0/0/1 It does not advertise the192.168.1.0 network attached to S0/0/1 or the static default route unless specifically configured to do so

Principles of On-Demand Routing

A drawback of static routes is that they must be manually configured and updated when the network topology changes A

drawback of dynamic routing protocols is that they use network bandwidth and router resources In a hub-and-spoke network with

need only a default route pointing to the hub.

When ODR is configured, the stub routers use CDP to send IP prefix information to the hub router Stub routers send prefixinformation for all their directly connected networks ODR reports the subnet mask, so it allows different subnets within the samemajor network to have different subnet masks This is known as variable-length subnet masking (VLSM) and is described in detail

inAppendix C

The hub router, in turn, sends a default route to the spokes that points back to itself It installs the stub networks reported by ODR

in its routing table and can be configured to redistribute these routes into a dynamic routing protocol For a next-hop address, thehub router uses the IP address of the spoke routers as reported to it by CDP

ODR is not a true routing protocol because the information exchanged is limited to IP prefixes and a default route ODR reports nometric information; the hub router uses a hop count of 1 as the metric for all routes reported via ODR However, by using ODR,routing information for stub networks can be obtained dynamically without the overhead of a dynamic routing protocol, and defaultroutes can be provided to the stub routers without manual configuration

Configuring ODR

ODR is configured on the hub router using the router odr global configuration command.

On the stub router, there must be no IP routing protocol configured In fact, from the standpoint of ODR, a router is automaticallyconsidered a stub when no IP routing protocols have been configured.Figure 2-4 shows a hub-and-spoke topology

Figure 2-4 Hub-and-Spoke Topology: Configuring ODR

[View full size image]

ODR can also be tuned with optional commands, including using a distribute list to control the network information that is

recognized through ODR, and adjusting the ODR timers with the timers basic router configuration command.

ODR relies on the CDP to carry the information between the hub router and the spoke routers Therefore, CDP must be enabled

on the links between the hub router and spokes Cisco routers by default have CDP enabled both globally and per interface.However, on some WAN links, such as ATM, CDP must be explicitly enabled

The CDP updates are sent as multicasts On WAN links that require mappings, such as dialer links and Frame Relay, it is

important to use the broadcast keyword in the mapping statements; allowing broadcasts also allows multicasts across the link.

CDP uses Subnetwork Access Protocol (SNAP) frames, so it runs on all media that support SNAP

CDP updates are sent every 60 seconds by default This setting might be too infrequent in rapidly changing networks or too often

in stable ones You can adjust the timers with the cdp timer global configuration command You can verify CDP settings by using the show cdp interface command.

As soon as ODR is configured and running, routes from the stub routers are identified in the hub router's routing table with an ocharacter, as shown inExample 2-3 Notice in the example that the metric is 1, and the administrative distance for ODR is 160.(Administrative distance is described in the "Administrative Distance" section later in this chapter.) Also, do not confuse the ocharacter of ODR routes with the O character of OSPF routes

Example 2-3 Routing Table with ODR Routes

Characteristics of Routing Protocols

Routing protocols can be classified into different categories such as distance vector, link-state, or a hybrid of these two IP routingprotocols can also be classified as either classful or classless These characteristics are explored in this section

Distance Vector, Link-State, and Hybrid Routing Protocols

When a network is using a distance vector routing protocol, all the routers send their routing tables (or a portion of their tables) toonly their neighboring routers The routers then use the received information to determine whether any changes need to be made

to their own routing table (for example, if a better way to a specific network is now available) This process repeats periodically

In contrast, when a network is using a link-state routing protocol, each of the routers sends the state of its own interfaces (its links)

to all other routers (or to all routers in a part of the network, known as an area) only when there is a change Each router uses thereceived information to recalculate the best path to each network and then saves this information in its routing table

As its name suggests, a hybrid protocol has characteristics of both distance vector and link-state protocols Hybrid protocols sendonly changed information (similar to link-state protocols) but only to neighboring routers (similar to distance vector protocols)

Classful Routing Protocol Concepts

IP routing protocols can be categorized as classful or classless

Key Point: Classless and Classful Routing Protocols

Routing updates sent by a classful routing protocol do not include the subnet mask RIP Version 1 (RIPv1) is a classfulrouting protocol

Routing updates sent by a classless routing protocol include the subnet mask RIP Version 2 (RIPv2), EIGRP, OSPF,IS-IS, and BGP are classless routing protocols

Classful Routing Protocol Behavior

When classful protocols were originally developed, networks were very different from those used now The best modem speedwas 300 bps, the largest WAN line was 56 kbps, router memory was less than 640 KB, and processors were running in the kHzrange Routing updates had to be small enough not to monopolize the WAN link bandwidth In addition, routers did not have theresources to maintain current information about every subnet

A classful routing protocol does not include subnet mask information in its routing updates Because no subnet mask information isknown, when a classful router sends or receives routing updates, the router makes assumptions about the subnet mask beingused by the networks listed in the update, based on IP address class

Routers send update packets from their interfaces to other connected routers A router sends the entire subnet address when anupdate packet involves a subnet of the same classful network as the IP address of the transmitting interface The receiving routerthen assumes that the subnet in the update and the interface use the same subnet mask

If that route is using a different subnet mask, the receiving router will have incorrect information in its routing table Thus, whenusing a classful routing protocol, it is important to use the same subnet mask on all subnets belonging to the same classfulnetwork

When a router using a classful routing protocol needs to send an update about a subnet of a network across an interface

belonging to a different network, the router assumes that the remote router will use the default subnet mask for that class of IPaddress Therefore, when the router sends the update, it does not include the subnet information The update packet contains onlythe classful network information This process is calledautosummarization across the network boundary; the router sends asummary of all the subnets in that network by sending only the major network information Classful routing protocols automaticallycreate a classful summary route at major network boundaries Classful routing protocols do not allow summarization at otherpoints within the major network address space

The router that receives the update behaves in a similar fashion When an update contains information about a different classfulnetwork than the one in use on its interface, the router applies the default classful mask to that update The router must assumewhat the subnet mask is because the update does not contain subnet mask information.

InFigure 2-5, router A advertises the 10.1.0.0 subnet to router B because the interface connecting them belongs to the samemajor classful 10.0.0.0 network When router B receives the update packet, it assumes that the 10.1.0.0 subnet uses the same16-bit mask as the one used on its 10.2.0.0 subnet

Figure 2-5 Network Summarization in Classful Routing

[View full size image]

Router C advertises the 172.16.1.0 subnet to router B because the interface connecting them belongs to the same major classful172.16.0.0 network Therefore, router B's routing table has information about all the subnets that are in use in the network.However, router B summarizes the 172.16.1.0 and 172.16.2.0 subnets to 172.16.0.0 before sending them to router A Therefore,router A's routing table contains summary information about only the 172.16.0.0 network

Similarly, router B summarizes the 10.1.0.0 and 10.2.0.0 subnets to 10.0.0.0 before sending the routing information to router C.This summarization occurs because the update crosses a major network boundary The update goes from a subnet of network10.0.0.0, subnet 10.2.0.0, to a subnet of another major network, network 172.16.0.0 Router C's routing table contains summaryinformation about only the 10.0.0.0 network

Summarizing Routes in a Discontiguous Network

Discontiguous subnets are subnets of the same major network that are separated by a different major network

Classful protocols summarize automatically at network boundaries, which means that

Subnets are not advertised to a different major network

Discontiguous subnets are not visible to each other

In the example shown inFigure 2-6, routers A and B do not advertise the 172.16.5.0 255.255.255.0 and 172.16.6.0 255.255.255.0subnets, because RIPv1 cannot advertise subnets across a different major network; both router A and router B advertise

172.16.0.0 This leads to confusion when routing across network 192.168.14.16/28 Router C, for example, receives routes about172.16.0.0 from two different directions; it therefore might make an incorrect routing decision

Figure 2-6 Classful Routing Protocols Do Not Support Discontiguous Subnets

[View full size image]

Note The ip classless command is enabled by default in Release 12.0 and later of the Cisco IOS Software; in earlier releases

it is disabled by default

When running a classful protocol (RIPv1), ip classless must be enabled if you want the router to select a default route when it

must route to an unknown subnet of a network for which it knows some subnets For example, consider a router's routing table thathas entries for subnets 10.5.0.0/16 and 10.6.0.0/16 and a default route of 0.0.0.0 If a packet arrives for a destination on the

10.7.0.0/16 subnet and ip classless is not enabled, the packet is dropped Classful protocols assume that if they know some of the subnets of network 10.0.0.0, they must know all that network's existing subnets Enabling ip classless tells the router that it

should follow the best supernet route or the default route for unknown subnets of known networks, and for unknown networks

The Routing Table Acts Classfully

It is actually the routing table itself that acts classfully by default without the ip classless command, and will do so

even if no routing protocols are running For example, if you have only static routes and no routing protocols, you

still would not be able to reach a subnet of a known major network using a default route unless the ip classless

command is enabled

A CCIE technical reviewer of an earlier edition of this book performed the following test using two Cisco 2520

routers running Cisco IOS c2500-i-l.122-8.T5.bin The two routers, R1 and R2, were connected via interface E0,

and no routing protocols were enabled on either router

R1 has a default route pointing to R2 and has the no ip classless command configured A ping from R1 to R2's

loopback0 fails When the ip classless command is entered on R1, the ping from R1 to R2's loopback0, via the

default route, succeeds This test proves that even though no routing protocols are used, the routing table acts

classfully

Test 2:

The second step is to test the classful nature of the routing table using a classless routing protocol, OSPF OSPF

is turned on for all interfaces on R1 but is activated only on R2's Ethernet link

R2's OSPF is configured to inject a default route into R1 using the default-information originate always

command (which is covered in detail inChapter 5, "Advanced Open Shortest Path First Protocol Configuration")

R1 therefore has a default route pointing to R2 that is introduced via OSPF The pings from R1 to R2's loopback0

succeed regardless of the ip classless command Therefore, turning on OSPF, a classless protocol, overrides the

routing table's classful nature

Classless Routing Protocol Concepts

Classless routing protocols can be considered second-generation protocols because they are designed to address some of thelimitations of the earlier classful routing protocols One of the most serious limitations in a classful network environment is that thesubnet mask is not exchanged during the routing update process, and therefore, the same subnet mask must be used on allsubnetworks within the same major network

With classless routing protocols, different subnets within the same major network can have different subnet masks; in other words,they support VLSM If more than one entry in the routing table matches a particular destination, the longest prefix match in therouting table is used For example, if a routing table has different paths to 172.16.0.0/16 and to 172.16.5.0/24, packets addressed

to 172.16.5.99 are routed through the 172.16.5.0/24 path, because that address has the longest match with the destinationnetwork

Another limitation of the classful approach is the need to automatically summarize to the classful network boundary at majornetwork boundaries In a classless environment, the route summarization process can be controlled manually and can usually beinvoked at any bit position within the address Because subnet routes might be propagated throughout the routing domain, manualroute summarization might be required to keep the size of the routing tables manageable

RIPv2 and EIGRP Automatic Network-Boundary Summarization

By default, RIPv2 and EIGRP perform automatic network summarization at classful boundaries, just like a classful protocol does.Automatic summarization lets RIPv2 and EIGRP be backward compatible with their predecessors, RIPv1 and Interior GatewayRouting Protocol (IGRP)

Note

IGRP is no longer supported, as of Cisco IOS Release 12.3

The difference between these protocols and their predecessors is that you can manually turn off automatic summarization, using

the no auto-summary router configuration command You do not need this command when you are using OSPF or IS-IS,

because neither protocol performs automatic network summarization by default

The autosummarization behavior can cause problems in a network that has discontiguous subnets or if some of the summarizedsubnets cannot be reached via the advertising router If a summarized route indicates that certain subnets can be reached via arouter, when in fact those subnets are discontiguous or unreachable via that router, the network might have problems similar tothose caused by a classful protocol For example, inFigure 2-7, both router A and router B are advertising a summarized route to172.16.0.0/16 Router C therefore receives two routes to 172.16.0.0/16 and cannot identify which subnets are attached to whichrouter

Figure 2-7 Automatic Network-Boundary Summarization

[View full size image]

You can resolve this problem by disabling automatic summarization when running RIPv2 or EIGRP Classless routers use thelongest prefix match when selecting a route from the routing table; therefore, if one of the routers advertises without summarizing,the other routers see subnet routes and the summary route The other routers can then select the longest prefix match and followthe correct path For example, inFigure 2-7, if router A continues to summarize to 172.16.0.0/16 and router B is configured not tosummarize, router C receives explicit routes for 172.16.6.0/24 and 172.16.9.0/24, along with the summarized route to

Figure 2-9 Effect of theno auto-summary Command for RIPv2

[View full size image]

In the OSPF network shown inFigure 2-9, router B passes the subnet and subnet mask information to router C, and router C putsthe subnet details in its routing table Router C does not need to use default classful masks for the received routing informationbecause the subnet mask is included in the routing update, and OSPF does not automatically summarize networks

You can disable automatic summarization for RIPv2 and EIGRP with the no auto-summary router configuration command When

automatic summarization is disabled, RIPv2 and EIGRP forward subnet information, even over interfaces belonging to differentmajor networks InFigure 2-9, automatic summarization has been disabled Notice that now the routing table is the same for boththe RIPv2 and the OSPF routers

Note The BGP auto-summary router configuration command determines how BGP handles redistributed routes;Chapter 8describes this command in detail.

This section describes the two versions of RIP, RIPv1 and RIPv2, and how to configure them; later chapters in this book detail theother routing protocols

Characteristics of RIPv1

RIPv1 is described in RFC 1058,Routing Information Protocol Its key characteristics include the following:

Hop count is used as the metric for path selection

The maximum allowable hop count is 15

Routing updates are broadcast every 30 seconds by default Because it is a distance vector routing protocol, updates aresent even if no change has occurred

RIP can load balance over as many as 16 equal-cost paths (4 paths by default)

It has no authentication support

Note

RFCs are available athttp://www.rfc-editor.org/rfcsearch.html

RIPv1 is a classful distance vector routing protocol that does not send the subnet mask in its updates Therefore, RIPv1 does notsupport VLSM

Characteristics of RIPv2

RIPv2 is a classless distance vector routing protocol defined in RFC 1721,RIP Version 2 Protocol Analysis; RFC 1722,RIPVersion 2 Protocol Applicability Statement; and RFC 2453,RIP Version 2 The most significant addition to RIPv2 is the inclusion ofthe mask in the RIPv2 routing update packet, allowing RIPv2 to support VLSM RIPv2 automatically summarizes routes on classfulnetwork boundaries; but as described earlier, you can disable this behavior

In addition, RIPv2 uses multicast addressing for more-efficient periodic updating on each interface RIPv2 uses the 224.0.0.9multicast address to advertise to other RIPv2 routers This approach is more efficient than RIPv1's approach RIPv1 uses a255.255.255.255 broadcast address, so all devices, including PCs and servers, must process the update packet They performthe checksum on the Layer 2 packet and pass it up their IP stack IP sends the packet to the User Datagram Protocol (UDP)process, and UDP checks to see whether RIP port 520 is available Most PCs and servers do not have any process running onthis port and discard the packet RIP can fit up to 25 networks and subnets in each update, and updates are dispatched every 30seconds For example, if the routing table has 1000 subnets, 40 packets are dispatched every 30 seconds (80 packets a minute).With each packet being a broadcast, all devices must look at it; most of the devices discard the packet

The IP multicast address for RIPv2 has its own multicast MAC address Devices that can distinguish between a multicast and abroadcast at the MAC layer read the start of the Layer 2 frame and determine that the destination MAC address is not for them.They can then discard all these packets at the interface level and not use CPU resources or buffer memory for these unwantedpackets Even on devices that cannot distinguish between broadcast and multicast at Layer 2, the worst that will happen is that theRIP updates will be discarded at the IP layer instead of being passed to UDP, because those devices are not using the 224.0.0.9multicast address

RIPv2 also supports security between RIP routers using message-digest or clear-text authentication (RIPv2 security features arenot covered in this book.)

RIP Configuration Commands

To activate the RIP process (Version 1 by default), use the following command: