CCIE routing and switching exam certification guide 4th edition kho tài liệu training

ixContents Foreword xxxiIntroduction xxxii Part I LAN Switching Chapter 1 Ethernet Basics 3 “Do I Know This Already?” Quiz 3 Foundation Topics 7 Ethernet Layer 1: Wiring, Speed, and Dupl

800 East 96th StreetIndianapolis, IN 46240 USA

ii

CCIE Routing and Switching Certification Guide, Fourth Edition

Wendell Odom, CCIE No 1624

Rus Healy, CCIE No 15025

Denise Donohue, CCIE No 9566

Copyright © 2010 Pearson Education, Inc.

Printed in the United States of America

First Printing November 2009

Library of Congress Cataloging-in-Publication Data

ISBN-10: 1-58705-980-0 (hardcover w/cd) 1 Telecommunications engineers—Certification—Study guides

2 Routing (Computer network management)—Examinations—Study guides 3 Telecommunication—Switching systems—Examinations—Study guides 4 Computer networks—Examinations—Study guides 5 Internetworking (Telecommunication)—Examinations—Study guides I Healy, Rus II Donohue, Denise III Title

Warning and Disclaimer

This book is designed to provide information about Cisco CCIE Routing and Switching Written Exam, No 350-001 Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.

The information is provided on an “as is” basis The authors, Cisco Press, and Cisco Systems, Inc shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it.

The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.

Trademark Acknowledgments

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately ized Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

iii

Corporate and Government Sales

Cisco Press offers excellent discounts on this book when ordered in quantity for bulk

purchases or special sales For more information, please contact: U.S Corporate and Government Sales

1-800-382-3419 corpsales@pearsontechgroup.com

For sales outside of the U.S please contact: International Sales

1-317-581-3793 international@pearsontechgroup.com

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value Each book is crafted

with care and precision, undergoing rigorous development that involves the unique expertise of members from the

pro-fessional technical community.

Readers’ feedback is a natural continuation of this process If you have any comments regarding how we could

improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at

feedback@ciscopress.com Please make sure to include the book title and ISBN in your message.

We greatly appreciate your assistance.

Publisher: Paul Boger

Associate Publisher: Dave Dusthimer

Cisco Representative: Erik Ullanderson

Cisco Press Program Manager: Anand Sundaram

Executive Editor: Brett Bartow

Managing Editor: Patrick Kanouse

Development Editor: Dayna Isley

Project Editor: Seth Kerney

Copy Editor: Keith Cline

Technical Editor(s): Maurilio Gorito, Narbik Kocharians

Editorial Assistant: Vanessa Evans

Book Designer: Louisa Adair

Composition: Mark Shirar

Indexer: Tim Wright

Proofreader: Apostrophe Editing Services

iv

About the Authors

Wendell Odom, CCIE No 1624, is a 28-year veteran of the networking industry He currently works as an independent author of Cisco certification resources and occasional instructor of Cisco authorized training for Skyline ATS He has worked as a network engineer, consultant, systems engineer, instructor, and course developer He is author of several best-selling Cisco certification titles He maintains lists of current titles, links to Wendell’s blogs, and other certification resources at www.TheCertZone.com

Rus Healy, CCIE No 15025, has worked on several Cisco Press projects, including the third edition of this book as a coauthor, and the second edition as a technical reviewer Rus

is chief technology officer of Annese & Associates, Cisco’s Education Partner of the Year for the Northeast US and Canada Rus serves on the Board of Directors of Habitat for Humanity of New York State and Habitat for Humanity of Ontario County, NY

Denise Donohue, CCIE No 9566, is senior solutions architect for ePlus Technology, a Cisco Gold partner She works as a consulting engineer, designing networks for ePlus’s customers Prior to this role, she was a systems engineer for the data consulting arm of SBC/AT&T She has co-authored several Cisco Press books in the areas of route/switch and voice Denise has been a Cisco instructor and course director for Global Knowledge and did network consulting for many years Her areas of specialization include route/switch, voice, and data center

About the Technical Reviewers

Maurilio Gorito, CCIE No 3807 (Routing and Switching, WAN Switching, and Security), has more than 20 years of experience in networking, including Cisco networks and IBM/SNA environments, which includes the planning, designing, implementation, and troubleshooting of large IP networks running RIP, IGRP, EIGRP, BGP, OSPF, QoS, and SNA worldwide, including in Brazil and the United States Maurilio has worked for Cisco since 2000 with the CCIE Team As program manager, he is responsible for managing the CCIE Routing and Switching track certification exams, and he has more than seven years

of experience proctoring CCIE lab exams He holds degrees in mathematics and pedagogy

Narbik Kocharians, CCIE No 12410 (Routing and Switching, Security, SP), is a Triple CCIE with more than 32 years of experience in the IT industry He has designed,

implemented, and supported numerous enterprise networks Narbik is the president of Micronics Training Inc (www.Micronicstraining.com), where he teaches CCIE R&S and

SP boot camps

v

Acknowledgments

Maurilio and Narbik each did a nice job tech editing the book and finding the technical

errors that can creep into a manuscript On his third time with editing this book, Maurilio

did his usual great job with one of the most difficult challenges with this book: help us

choose what to cover, and in what depth, and what to not cover And what a treat to get

Narbik, one of the world’s most respected CCIE instructors, to review the book His

comments both on technical accuracy and suggested improvements of how to go about

describing the topics were very valuable

Joe Harris (CCIE 6200, R/S, Security, SP) did a great job for us working to update and add

to the CD question bank Joe's expertise and experience has been a tremendous help to

improve the questions on the CD Thanks, Joe!

We had the privilege of working with Dayna Isley as development editor this time around

Dayna got the task of juggling a wide variety of details, keeping track of a large number of

chapters, some with few changes, some with many small changes, and some with big

chunks of new material that needed to fit well with existing material (and with 3 authors to

boot) And oh yeah, she had to do the usual development work, too Amazing job, Dayna!

The wonderful (and mostly hidden) production folks—Patrick Kanouse’s group—did their

usual great job When every time you see how they reworded something, or made a figure

look better, or catch a problem, it makes me appreciate the kind of team we have at Cisco

Press In particular, thanks to Seth Kerney for managing the production process as Project

Editor for the book, and for working through all the competing tasks, large and small

changes, and the competing timelines Many thanks to the entire production team for

pulling us through the process and making the book better

From a more strategic perspective, thanks to Brett Bartow, the executive editor for this

book I can remember sitting at a table at the Cisco Networker’s conference back in… 2004

I believe, and talking with Brett about the possibility of rewriting the first edition of this

book for what came to be called the second edition Not only did Brett work hard, and with

flexibility, to get me the chance to write this book originally, he has also helped me keep a

great group of co-authors engaged with the book to help use keep the book up-to-date on a

relatively frequent update cycle

From Wendell Odom:

As usual, the timeline for the new edition of this book coincided with a couple of other projects

Yet again, Rus helped beyond compare Frankly, while I may have written more net pages in this

book overall, Rus has become invested in this book, not just in time and effort, but in the amount

he cares about this book in the marketplace Rus’s value to the ongoing shape of this book goes

far beyond any particular words or figures printed in the pages

vi

Denise Donohue joined the team for this fourth edition, making her the fifth co-author to work on various parts of the book It was great to have a fresh set of eyes looking at the content, and to have an experienced author and respected consultant/instructor work with

us was a big help as well Without Denise, we never would have made the requested due dates—thanks, Denise!

Finally, on the personal side, thanks to my wife, Kris, for helping make this work lifestyle happen for me I truly love to write, and Kris helps make that happen Thanks, doll! And as always, thanks to my Lord and Savior, Jesus Christ

From Rus Healy:

Thanks to Wendell Odom and Denise Donohue for the opportunity to work with them on this book It’s been a satisfying and enjoyable project It’s always a pleasure to serve on a great team, and along with the great folks from Cisco Press, this group is one of the best!Finally, I want to thank my wife, Nancy, and our kids, Gwen and Trevor, for putting up with

me as I took time away from family life to work on this book

From Denise Donohue:

I would like to second all the wonderful things that Wendell said about the Cisco Press staff and our technical reviewers Authors are but the tip of the iceberg; producing a quality book requires many hands, and we are so very grateful for all the help

A big “thank you” to Wendell for the opportunity to work on this new edition The subject matter was interesting, and I learned some new things! What more can you ask? He and Rus are so professional in their writing; my future books will be better because of the tips I picked up from them

I promised my Lord and Savior, Jesus Christ, that I’d give him a shout-out in this book Thanks to Him for all He’s done, including helping me understand how to explain a tough concept or keep motivated to stay inside and write on bright, sunny spring days

Finally, thank you to my husband and children for picking up the slack while I’m writing Couldn’t have done it without you!

vii

Contents at a Glance

Foreword xxxiIntroduction xxxii

Chapter 1 Ethernet Basics 3

Chapter 2 Virtual LANs and VLAN Trunking 31

Chapter 3 Spanning Tree Protocol 63

Chapter 4 IP Addressing 105

Chapter 5 IP Services 141

Chapter 6 IP Forwarding (Routing) 181

Chapter 7 EIGRP 217

Chapter 9 IGP Route Redistribution, Route Summarization, Default Routing,

and Troubleshooting 309Chapter 10 Fundamentals of BGP Operations 365

Chapter 11 BGP Routing Policies 427

Chapter 12 Classification and Marking 493

Chapter 13 Congestion Management and Avoidance 529

Chapter 14 Shaping, Policing, and Link Fragmentation 567

Chapter 15 Wide-Area Networks 611

viii

Chapter 16 Introduction to IP Multicasting 643

Chapter 17 IP Multicast Routing 689

Appendix D IP Addressing Practice

Appendix E RIP Version 2

Appendix F IGMP

Appendix G Key Tables for CCIE Study

Appendix H Solutions for Key Tables for CCIE Study

Glossary

ix

Contents

Foreword xxxiIntroduction xxxii

Part I LAN Switching

Chapter 1 Ethernet Basics 3

“Do I Know This Already?” Quiz 3

Foundation Topics 7

Ethernet Layer 1: Wiring, Speed, and Duplex 7

RJ-45 Pinouts and Category 5 Wiring 7 Auto-negotiation, Speed, and Duplex 8 CSMA/CD 9

Collision Domains and Switch Buffering 9 Basic Switch Port Configuration 11

Ethernet Layer 2: Framing and Addressing 13

Types of Ethernet Addresses 15 Ethernet Address Formats 16 Protocol Types and the 802.3 Length Field 17

Switching and Bridging Logic 18 SPAN and RSPAN 20

Core Concepts of SPAN and RSPAN 22 Restrictions and Conditions 22 Basic SPAN Configuration 24 Complex SPAN Configuration 24 RSPAN Configuration 25

Chapter 2 Virtual LANs and VLAN Trunking 31

“Do I Know This Already?” Quiz 31

Foundation Topics 35

Virtual LANs 35

VLAN Configuration 35 Using VLAN Database Mode to Create VLANs 36 Using Configuration Mode to Put Interfaces into VLANs 38 Using Configuration Mode to Create VLANs 39

Private VLANs 40

VLAN Trunking Protocol 42

VTP Process and Revision Numbers 43 VTP Configuration 44

x

Normal-Range and Extended-Range VLANs 46 Storing VLAN Configuration 47

VLAN Trunking: ISL and 802.1Q 48

ISL and 802.1Q Concepts 48 ISL and 802.1Q Configuration 49 Allowed, Active, and Pruned VLANs 52 Trunk Configuration Compatibility 52 Configuring Trunking on Routers 53 802.1Q-in-Q Tunneling 55

Configuring PPPoE 56

Foundation Summary 59 Memory Builders 60

Fill In Key Tables from Memory 61 Definitions 61

Further Reading 61

Chapter 3 Spanning Tree Protocol 63

“Do I Know This Already?” Quiz 63

Foundation Topics 67 802.1d Spanning Tree Protocol 67

Choosing Which Ports Forward: Choosing Root Ports and Designated Ports 67

Electing a Root Switch 67 Determining the Root Port 69 Determining the Designated Port 70 Converging to a New STP Topology 71 Topology Change Notification and Updating the CAM 72 Transitioning from Blocking to Forwarding 73

Per-VLAN Spanning Tree and STP over Trunks 74 STP Configuration and Analysis 76

Optimizing Spanning Tree 79

PortFast, UplinkFast, and BackboneFast 79 PortFast 80

UplinkFast 80 BackboneFast 81 PortFast, UplinkFast, and BackboneFast Configuration 81 PortChannels 82

Load Balancing Across PortChannels 82 PortChannel Discovery and Configuration 83 Rapid Spanning Tree Protocol 84

Rapid Per-VLAN Spanning Tree Plus (RPVST+) 86 Multiple Spanning Trees: IEEE 802.1s 87

Protecting STP 88

Root Guard and BPDU Guard: Protecting Access Ports 89 UDLD and Loop Guard: Protecting Trunks 89

xi

Troubleshooting Complex Layer 2 Issues 91

Layer 2 Troubleshooting Process 91 Layer 2 Protocol Troubleshooting and Commands 92 Troubleshooting Using Basic Interface Statistics 92 Troubleshooting Spanning Tree Protocol 95

Troubleshooting Trunking 95 Troubleshooting VTP 96 Troubleshooting EtherChannels 98 Approaches to Resolving Layer 2 Issues 100

IP Addressing and Subnetting 108

IP Addressing and Subnetting Review 108 Subnetting a Classful Network Number 109 Comments on Classless Addressing 111 Subnetting Math 111

Dissecting the Component Parts of an IP Address 111 Finding Subnet Numbers and Valid Range of IP Addresses—Binary 112 Decimal Shortcuts to Find the Subnet Number and Valid Range of IP Addresses 113

Determining All Subnets of a Network—Binary 116 Determining All Subnets of a Network—Decimal 118 VLSM Subnet Allocation 119

Route Summarization Concepts 121 Finding Inclusive Summary Routes—Binary 122 Finding Inclusive Summary Routes—Decimal 123 Finding Exclusive Summary Routes—Binary 124

CIDR, Private Addresses, and NAT 125

Classless Interdomain Routing 125 Private Addressing 127

Network Address Translation 127 Static NAT 128

Dynamic NAT Without PAT 130 Overloading NAT with Port Address Translation 131 Dynamic NAT and PAT Configuration 132

xii

Foundation Summary 135 Memory Builders 138

Fill in Key Tables from Memory 138 Definitions 139

Further Reading 139

Chapter 5 IP Services 141

“Do I Know This Already?” Quiz 141

Foundation Topics 146 ARP, Proxy ARP, Reverse ARP, BOOTP, and DHCP 146

ARP and Proxy ARP 146 RARP, BOOTP, and DHCP 147 DHCP 148

HSRP, VRRP, and GLBP 150 Network Time Protocol 154 SNMP 155

SNMP Protocol Messages 157 SNMP MIBs 158

SNMP Security 159

Syslog 159 Web Cache Communication Protocol 160

Implementing the Cisco IOS IP Service Level Agreement (IP SLA) Feature 163 Implementing NetFlow 165

Implementing Router IP Traffic Export 166 Implementing Cisco IOS Embedded Event Manager 167 Implementing Remote Monitoring 169

Implementing and Using FTP on a Router 170 Implementing a TFTP Server on a Router 171 Implementing Secure Copy Protocol 171 Implementing HTTP and HTTPS Access 172 Implementing Telnet Access 172

Implementing SSH Access 173

Foundation Summary 174 Memory Builders 179

Fill In Key Tables from Memory 179 Definitions 179

Further Reading 179

Part III IP Routing

Chapter 6 Forwarding (Routing) 181

“Do I Know This Already?” Quiz 181

Foundation Topics 186

IP Forwarding 186

Classless and Classful Routing 194

Multilayer Switching 195

MLS Logic 195 Using Routed Ports and PortChannels with MLS 196 MLS Configuration 197

Policy Routing 201 Optimized Edge Routing and Performance Routing 206

EIGRP Basics and Steady-State Operation 221

Hellos, Neighbors, and Adjacencies 221 EIGRP Updates 224

The EIGRP Topology Table 226

EIGRP Convergence 228

Input Events and Local Computation 229 Going Active on a Route 231

Stuck-in-Active 233 Limiting Query Scope 234

EIGRP Configuration 234

EIGRP Configuration Example 234 EIGRP Load Balancing 237 EIGRP Authentication 238 EIGRP Automatic Summarization 239 EIGRP Split Horizon 240

EIGRP Route Filtering 240 EIGRP Offset Lists 242 Clearing the IP Routing Table 243

xiv

Foundation Summary 244 Memory Builders 246

Fill In Key Tables from Memory 246 Definitions 246

Further Reading 247

Chapter 8 OSPF 249

“Do I Know This Already?” Quiz 249

Foundation Topics 254 OSPF Database Exchange 254

OSPF Router IDs 254 Becoming Neighbors, Exchanging Databases, and Becoming Adjacent 255

Becoming Neighbors: The Hello Process 257 Flooding LSA Headers to Neighbors 258 Database Descriptor Exchange: Master/Slave Relationship 259 Requesting, Getting, and Acknowledging LSAs 259

Designated Routers on LANs 260 Designated Router Optimization on LANs 260

DR Election on LANs 262 Designated Routers on WANs and OSPF Network Types 263 Caveats Regarding OSPF Network Types over NBMA Networks 264 Example of OSPF Network Types and NBMA 265

SPF Calculation 268 Steady-State Operation 269

OSPF Design and LSAs 269

OSPF Design Terms 270 OSPF Path Selection Process 271 LSA Types and Network Types 271 LSA Types 1 and 2 272 LSA Type 3 and Inter-Area Costs 275 Removing Routes Advertised by Type 3 LSAs 278 LSA Types 4 and 5, and External Route Types 1 and 2 278 OSPF Design in Light of LSA Types 280

Stubby Areas 281 Graceful Restart 284 OSPF Path Choices That Do Not Use Cost 285 Choosing the Best Type of Path 285 Best-Path Side Effects of ABR Loop Prevention 286

OSPF Configuration 288

OSPF Costs and Clearing the OSPF Process 290 Alternatives to the OSPF Network Command 292 OSPF Filtering 293

Filtering Routes Using the distribute-list Command 293

xv

OSPF ABR LSA Type 3 Filtering 295 Filtering Type 3 LSAs with the area range Command 296 Virtual Link Configuration 296

Configuring OSPF Authentication 298 OSPF Stub Router Configuration 301

Route Maps, Prefix Lists, and Administrative Distance 314

Configuring Route Maps with the route-map Command 314 Route Map match Commands for Route Redistribution 316 Route Map set Commands for Route Redistribution 317

IP Prefix Lists 318 Administrative Distance 320

Route Redistribution 321

Mechanics of the redistribute Command 321 Redistribution Using Default Settings 322 Setting Metrics, Metric Types, and Tags 325 Redistributing a Subset of Routes Using a Route Map 326 Mutual Redistribution at Multiple Routers 330

Preventing Suboptimal Routes by Setting the Administrative Distance 332 Preventing Suboptimal Routes by Using Route Tags 335

Using Metrics and Metric Types to Influence Redistributed Routes 337

Using Route Summarization to Create Default Routes 347

Troubleshooting Complex Layer 3 Issues 349

Layer 3 Troubleshooting Process 349 Layer 3 Protocol Troubleshooting and Commands 351

IP Routing Processes 352 Approaches to Resolving Layer 3 Issues 359

xvi

Foundation Summary 361 Memory Builders 363

Fill In Key Tables from Memory 363 Definitions 363

Further Reading 363

Chapter 10 Fundamentals of BGP Operations 365

“Do I Know This Already?” Quiz 365

Foundation Topics 370 Building BGP Neighbor Relationships 371

Internal BGP Neighbors 372 External BGP Neighbors 375 Checks Before Becoming BGP Neighbors 376 BGP Messages and Neighbor States 378 BGP Message Types 378

Purposefully Resetting BGP Peer Connections 379

Building the BGP Table 380

Injecting Routes/Prefixes into the BGP Table 380 BGP network Command 380

Redistributing from an IGP, Static, or Connected Route 383 Impact of Auto-Summary on Redistributed Routes and the network Command 385

Manual Summaries and the AS_PATH Path Attribute 388 Adding Default Routes to BGP 391

ORIGIN Path Attribute 392 Advertising BGP Routes to Neighbors 393 BGP Update Message 393

Determining the Contents of Updates 394 Example: Impact of the Decision Process and NEXT_HOP on BGP Updates 396

Summary of Rules for Routes Advertised in BGP Updates 402

Building the IP Routing Table 402

Adding eBGP Routes to the IP Routing Table 402 Backdoor Routes 403

Adding iBGP Routes to the IP Routing Table 404 Using Sync and Redistributing Routes 406 Disabling Sync and Using BGP on All Routers in an AS 408 Confederations 409

Configuring Confederations 411 Route Reflectors 414

Foundation Summary 420

Chapter 11 BGP Routing Policies 427

“Do I Know This Already?” Quiz 427

Foundation Topics 433

Route Filtering and Route Summarization 433

Filtering BGP Updates Based on NLRI 434 Route Map Rules for NLRI Filtering 437 Soft Reconfiguration 438

Comparing BGP Prefix Lists, Distribute Lists, and Route Maps 438 Filtering Subnets of a Summary Using the aggregate-address Command 439 Filtering BGP Updates by Matching the AS_PATH PA 440

The BGP AS_PATH and AS_PATH Segment Types 441 Using Regular Expressions to Match AS_PATH 443 Example: Matching AS_PATHs Using AS_PATH Filters 446 Matching AS_SET and AS_CONFED_SEQ 449

BGP Path Attributes and the BGP Decision Process 452

Generic Terms and Characteristics of BGP PAs 452 The BGP Decision Process 454

Clarifications of the BGP Decision Process 455 Three Final Tiebreaker Steps in the BGP Decision Process 455 Adding Multiple BGP Routes to the IP Routing Table 456 Mnemonics for Memorizing the Decision Process 456

Removing Private ASNs 467 AS_PATH Prepending and Route Aggregation 468 Step 5: Best ORIGIN PA 471

Step 6: Smallest Multi-Exit Discriminator 471 Configuring MED: Single Adjacent AS 473 Configuring MED: Multiple Adjacent Autonomous Systems 474 The Scope of MED 474

Step 7: Prefer Neighbor Type eBGP over iBGP 475 Step 8: Smallest IGP Metric to the NEXT_HOP 475

The maximum-paths Command and BGP Decision Process Tiebreakers 475 Step 9: Lowest BGP Router ID of Advertising Router (with One

Exception) 476 Step 10: Lowest Neighbor ID 476 The BGP maximum-paths Command 476

Fill In Key Tables from Memory 490 Definitions 490

Further Reading 490

Part IV QoS

Chapter 12 Classification and Marking 493

“Do I Know This Already?” Quiz 493

Foundation Topics 497 Fields That Can Be Marked for QoS Purposes 497

IP Precedence and DSCP Compared 497 DSCP Settings and Terminology 498 Class Selector PHB and DSCP Values 499 Assured Forwarding PHB and DSCP Values 499 Expedited Forwarding PHB and DSCP Values 500 Non-IP Header Marking Fields 501

Ethernet LAN Class of Service 501 WAN Marking Fields 501 Locations for Marking and Matching 502

Cisco Modular QoS CLI 503

Mechanics of MQC 504 Classification Using Class Maps 505 Using Multiple match Commands 506 Classification Using NBAR 507

Classification and Marking Tools 508

Class-Based Marking (CB Marking) Configuration 508

xix

AutoQoS 519

AutoQoS for VoIP 520 AutoQos VoIP on Switches 520 AutoQoS VoIP on Routers 521 Verifying AutoQoS VoIP 522 AutoQoS for the Enterprise 522 Discovering Traffic for AutoQoS Enterprise 522 Generating the AutoQoS Configuration 523 Verifying AutoQos for the Enterprise 523

Chapter 13 Congestion Management and Avoidance 529

“Do I Know This Already?” Quiz 529

Cisco Router Queuing Concepts 533

Software Queues and Hardware Queues 533 Queuing on Interfaces Versus Subinterfaces and Virtual Circuits 534 Comparing Queuing Tools 534

Queuing Tools: CBWFQ and LLQ 535

CBWFQ Basic Features and Configuration 536 Defining and Limiting CBWFQ Bandwidth 538 Low-Latency Queuing 541

Defining and Limiting LLQ Bandwidth 543 LLQ with More Than One Priority Queue 545 Miscellaneous CBWFQ/LLQ Topics 545 Queuing Summary 546

Weighted Random Early Detection 546

How WRED Weights Packets 548 WRED Configuration 549

Modified Deficit Round-Robin 550 LAN Switch Congestion Management and Avoidance 552

Cisco Switch Ingress Queueing 553 Creating a Priority Queue 553 Cisco 3560 Congestion Avoidance 555 Cisco 3560 Switch Egress Queuing 556

Resource Reservation Protocol (RSVP) 559

RSVP Process Overview 560 Configuring RSVP 562 Using RSVP for Voice Calls 563

Foundation Summary 565 Memory Builders 565

Fill In Key Tables from Memory 565 Definitions 565

Further Reading 565

Chapter 14 Shaping, Policing, and Link Fragmentation 567

“Do I Know This Already?” Quiz 567

Foundation Topics 572 Traffic-Shaping Concepts 572

Shaping Terminology 572 Shaping with an Excess Burst 574 Underlying Mechanics of Shaping 574 Traffic-Shaping Adaptation on Frame Relay Networks 576

Generic Traffic Shaping 576 Class-Based Shaping 578

Tuning Shaping for Voice Using LLQ and a Small Tc 580 Configuring Shaping by Bandwidth Percent 583

CB Shaping to a Peak Rate 584 Adaptive Shaping 584

Frame Relay Traffic Shaping 584

FRTS Configuration Using the traffic-rate Command 586 Setting FRTS Parameters Explicitly 587

FRTS Configuration Using LLQ 588 FRTS Adaptive Shaping 590 FRTS with MQC 590

Policing Concepts and Configuration 590

CB Policing Concepts 591 Single-Rate, Two-Color Policing (One Bucket) 591 Single-Rate, Three-Color Policer (Two Buckets) 592 Two-Rate, Three-Color Policer (Two Buckets) 593 Class-Based Policing Configuration 595

Single-Rate, Three-Color Policing of All Traffic 595 Policing a Subset of the Traffic 596

CB Policing Defaults for Bc and Be 597 Configuring Dual-Rate Policing 597 Multi-Action Policing 597

Policing by Percentage 598 Committed Access Rate 599

QoS Troubleshooting and Commands 601

Troubleshooting Slow Application Response 602 Troubleshooting Voice and Video Problems 603 Other QoS Troubleshooting Tips 604

Approaches to Resolving QoS Issues 605

Part V Wide-Area Networks

Chapter 15 Wide-Area Networks 611

“Do I Know This Already?” Quiz 611

Foundation Topics 614

Point-to-Point Protocol 614

PPP Link Control Protocol 615 Basic LCP/PPP Configuration 615 Multilink PPP 617

MLP Link Fragmentation and Interleaving 619 PPP Compression 620

PPP Layer 2 Payload Compression 621 Header Compression 621

Frame Relay Concepts 622

Frame Relay Data Link Connection Identifiers 623 Local Management Interface 624

Frame Relay Headers and Encapsulation 625 Frame Relay Congestion: DE, BECN, and FECN 626 Adaptive Shaping, FECN, and BECN 627 Discard Eligibility Bit 628

Frame Relay Configuration 628

Frame Relay Configuration Basics 629 Frame Relay Payload Compression 632 Frame Relay Fragmentation 634 Frame Relay LFI Using Multilink PPP (MLP) 636

Chapter 16 Introduction to IP Multicasting 643

“Do I Know This Already?” Quiz 643

Foundation Topics 646

Why Do You Need Multicasting? 646

Problems with Unicast and Broadcast Methods 647 How Multicasting Provides a Scalable and Manageable Solution 649

Multicast IP Addresses 652

Multicast Address Range and Structure 652 Well-Known Multicast Addresses 652 Multicast Addresses for Permanent Groups 653 Multicast Addresses for Source-Specific Multicast Applications and Protocols 654

Multicast Addresses for GLOP Addressing 654 Multicast Addresses for Private Multicast Domains 655 Multicast Addresses for Transient Groups 655

Summary of Multicast Address Ranges 655 Mapping IP Multicast Addresses to MAC Addresses 656

Managing Distribution of Multicast Traffic with IGMP 657

Joining a Group 658 Internet Group Management Protocol 659 IGMP Version 2 660

IGMPv2 Host Membership Query Functions 662 IGMPv2 Host Membership Report Functions 663 IGMPv2 Leave Group and Group-Specific Query Messages 666 IGMPv2 Querier 669

IGMPv2 Timers 669 IGMP Version 3 670

LAN Multicast Optimizations 672

Cisco Group Management Protocol 672 IGMP Snooping 678

Router-Port Group Management Protocol 683

Foundation Summary 686 Memory Builders 686

Fill In Key Tables from Memory 687 Definitions 687

Further Reading 687

References in This Chapter 687

Chapter 17 IP Multicast Routing 689

“Do I Know This Already?” Quiz 689

Foundation Topics 693 Multicast Routing Basics 693

Overview of Multicast Routing Protocols 694 Multicast Forwarding Using Dense Mode 694 Reverse Path Forwarding Check 695 Multicast Forwarding Using Sparse Mode 697 Multicast Scoping 699

TTL Scoping 699 Administrative Scoping 700

xxiii

Dense-Mode Routing Protocols 700

Operation of Protocol Independent Multicast Dense Mode 701 Forming PIM Adjacencies Using PIM Hello Messages 701 Source-Based Distribution Trees 702

Prune Message 703 PIM-DM: Reacting to a Failed Link 705 Rules for Pruning 707

Steady-State Operation and the State Refresh Message 709 Graft Message 711

LAN-Specific Issues with PIM-DM and PIM-SM 712 Prune Override 712

Assert Message 713 Designated Router 715 Summary of PIM-DM Messages 715 Distance Vector Multicast Routing Protocol 716 Multicast Open Shortest Path First 716

Sparse-Mode Routing Protocols 717

Operation of Protocol Independent Multicast Sparse Mode 717 Similarities Between PIM-DM and PIM-SM 717

Sources Sending Packets to the Rendezvous Point 718 Joining the Shared Tree 720

Completion of the Source Registration Process 722 Shared Distribution Tree 724

Steady-State Operation by Continuing to Send Joins 725 Examining the RP’s Multicast Routing Table 726 Shortest-Path Tree Switchover 727

Pruning from the Shared Tree 729 Dynamically Finding RPs and Using Redundant RPs 730 Dynamically Finding the RP Using Auto-RP 731 Dynamically Finding the RP Using BSR 735 Anycast RP with MSDP 737

Interdomain Multicast Routing with MSDP 739 Summary: Finding the RP 741

Bidirectional PIM 742 Comparison of PIM-DM and PIM-SM 743 Source-Specific Multicast 744

Foundation Topics 757 Router and Switch Device Security 757

Simple Password Protection for the CLI 757 Better Protection of Enable and Username Passwords 758 Using Secure Shell Protocol 759

User Mode and Privileged Mode AAA Authentication 760 Using a Default Set of Authentication Methods 761 Using Multiple Authentication Methods 763 Groups of AAA Servers 764

Overriding the Defaults for Login Security 764 PPP Security 765

General Layer 2 Security Recommendations 782

Layer 3 Security 783

IP Access Control List Review 784 ACL Rule Summary 785 Wildcard Masks 787 General Layer 3 Security Considerations 788 Smurf Attacks, Directed Broadcasts, and RPF Checks 788 Inappropriate IP Addresses 790

TCP SYN Flood, the Established Bit, and TCP Intercept 790 Classic Cisco IOS Firewall 793

TCP Versus UDP with CBAC 793 Cisco IOS Firewall Protocol Support 794 Cisco IOS Firewall Caveats 794 Cisco IOS Firewall Configuration Steps 795 Cisco IOS Zone-Based Firewall 796

Cisco IOS Intrusion Prevention System 801 Control-Plane Policing 804

Preparing for CoPP Implementation 805 Implementing CoPP 806

Dynamic Multipoint VPN 809

Foundation Summary 811 Memory Builders 814

Fill In Key Tables from Memory 815 Definitions 815

Further Reading 815

xxv

Part VIII MPLS

Chapter 19 Multiprotocol Label Switching 817

“Do I Know This Already?” Quiz 817

The MPLS TTL Field and MPLS TTL Propagation 827 MPLS IP Forwarding: Control Plane 829

MPLS LDP Basics 829 The MPLS Label Information Base Feeding the FIB and LFIB 832 Examples of FIB and LFIB Entries 836

Label Distribution Protocol Reference 838

MPLS VPNs 839

The Problem: Duplicate Customer Address Ranges 840 The Solution: MPLS VPNs 841

MPLS VPN Control Plane 844 Virtual Routing and Forwarding Tables 844 MP-BGP and Route Distinguishers 846 Route Targets 848

Overlapping VPNs 850 MPLS VPN Configuration 851 Configuring the VRF and Associated Interfaces 853 Configuring the IGP Between PE and CE 855 Configuring Redistribution Between PE-CE IGP and MP-BGP 858 Configuring MP-BGP Between PEs 861

MPLS VPN Data Plane 863 Building the (Inner) VPN Label 865 Creating LFIB Entries to Forward Packets to the Egress PE 866 Creating VRF FIB Entries for the Ingress PE 868

Penultimate Hop Popping 869

Other MPLS Applications 870 VRF Lite 872

VRF Lite, Without MPLS 872 VRF Lite with MPLS 875

Part IX IP Version 6

Chapter 20 IP Version 6 879

“Do I Know This Already?” Quiz 879

Foundation Topics 883 IPv6 Addressing and Address Types 884

IPv6 Address Notation 884 Address Abbreviation Rules 885 IPv6 Address Types 885

Unicast 886 Multicast 889 Anycast 891 The Unspecified Address 892 IPv6 Address Autoconfiguration 892 EUI-64 Address Format 892

Basic IPv6 Functionality Protocols 894

Neighbor Discovery 894 Neighbor Advertisements 896 Neighbor Solicitation 896 Router Advertisement and Router Solicitation 897 Duplicate Address Detection 898

Neighbor Unreachability Detection 899 ICMPv6 899

Unicast Reverse Path Forwarding 900 DNS 901

CDP 901 DHCP 902

Access Lists 903

Traffic Filtering with Access Lists 904

IPv6 Static Routes 904 IPv6 Unicast Routing Protocols 906 OSPFv3 907

Differences Between OSPFv2 and OSPFv3 907 Virtual Links, Address Summarization, and Other OSPFv3 Features 908 OSPFv3 LSA Types 908

OSPFv3 in NBMA Networks 909 Configuring OSPFv3 over Frame Relay 910 Enabling and Configuring OSPFv3 910 Authentication and Encryption 918

EIGRP for IPv6 918

Differences Between EIGRP for IPv4 and for IPv6 918 Unchanged Features 919

Route Filtering 920 Configuring EIGRP for IPv6 920

xxvii

Route Redistribution and Filtering 927

IPv6 Route Redistribution 927 Redistribution Example 928

Quality of Service 931

QoS Implementation Strategy 932 Classification, Marking, and Queuing 932 Congestion Avoidance 933

Traffic Shaping and Policing 933

Tunneling Techniques 933

Tunneling Overview 933 Manually Configured Tunnels 935 Automatic IPv4-Compatible Tunnels 936 IPv6 over IPv4 GRE Tunnels 936 Automatic 6to4 Tunnels 937 ISATAP Tunnels 939 NAT-PT 939

IPv6 Multicast 940

Multicast Listener Discovery 940 Explicit Tracking 941 PIM 941

PIM DR Election 941 Source-Specific Multicast 941 PIM BSR 942

Additional PIM Concepts and Options 942 IPv6 Multicast Static Routes 942

Configuring Multicast Routing for IPv6 943

Appendix A Answers to the “Do I Know This Already?” Quizzes 949

Appendix B Decimal to Binary Conversion Table 979

Appendix C CCIE Exam Updates 983

Appendix D IP Addressing Practice

Appendix E RIP Version 2

Appendix F IGMP

Appendix G Key Tables for CCIE Study

Appendix H Solutions for Key Tables for CCIE StudyGlossary

Terminal File

Server

Web Server

Cisco Works Workstation

Printer Laptop IBM

Mainframe

Cluster Controller

Router Bridge Hub

Catalyst

Switch

Multilayer Switch

ATM Switch

LAN2LAN Switch

Label Switch Router

ATM router

Headquarters

Branch Office

House, Regular

ONS 15540 Optical

Services Router

Cisco MDS 9500

Fibre Channel JBOD

Enterprise Fibre Channel disk Cisco

MDS 9500

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference The Command Reference describes these conventions as follows:

■ Boldface indicates commands and keywords that are entered literally as shown In

actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show command)

■ Italic indicates arguments for which you supply actual values.

■ Vertical bars (|) separate alternative, mutually exclusive elements

■ Square brackets ([ ]) indicate an optional element

■ Braces ({ }) indicate a required choice

■ Braces within brackets ([{ }]) indicate a required choice within an optional element

xxxi

Foreword

CCIE Routing and Switching Exam Certification Guide, Fourth Edition, is an excellent

self-study resource for the CCIE Routing and Switching written exam Passing this exam

is the first step to attaining the valued CCIE Routing and Switching certification and

qualifies candidates for the CCIE Routing and Switching lab exam

Gaining certification in Cisco technology is key to the continuing educational development

of today’s networking professional Through certification programs, Cisco validates the

skills and expertise required to effectively manage the modern enterprise network

Cisco Press Exam Certification Guides and preparation materials offer exceptional—and

flexible—access to the knowledge and information required to stay current in your field of

expertise or to gain new skills Whether used as a supplement to more traditional training

or as a primary source of learning, these materials offer users the information and

knowledge validation required to gain new understanding and proficiencies

Developed in conjunction with the Cisco certifications and training team, Cisco Press

books are the only self-study books authorized by Cisco and offer students a series of exam

practice tools and resource materials to help ensure that learners fully grasp the concepts

and information presented

Additional authorized Cisco instructor-led courses, e-learning, labs, and simulations are

available exclusively from Cisco Learning Solutions Partners worldwide To learn more,

The Cisco Certified Internetwork Expert (CCIE) certification may be the most challenging and prestigious of all networking certifications It has received numerous awards and certainly has built a reputation as one of the most difficult certifications to earn in all of the technology world Having a CCIE certification opens doors professionally typically results

in higher pay and looks great on a resume

Cisco currently offers several CCIE certifications This book covers the version 4.0 exam blueprint topics of the written exam for the CCIE Routing and Switching certification The following list details the currently available CCIE certifications at the time of this book’s publication; check http://www.cisco.com/go/ccie for the latest information The

certifications are listed in the order in which they were made available to the public:

■ CCIE Routing and Switching

xxxiii

Why Should I Take the CCIE Routing and Switching

Written Exam?

The first and most obvious reason to take the CCIE Routing and Switching written exam is

that it is the first step toward obtaining the CCIE Routing and Switching certification Also,

you cannot schedule a CCIE lab exam until you pass the corresponding written exam In

short, if you want all the professional benefits of a CCIE Routing and Switching

certification, you start by passing the written exam

The benefits of getting a CCIE certification are varied, among which are the following:

■ Better pay

■ Career-advancement opportunities

■ Applies to certain minimum requirements for Cisco Silver and Gold Channel Partners,

as well as those seeking Master Specialization, making you more valuable to Channel

The other big reason to take the CCIE Routing and Switching written exam is that it

recertifies an individual’s associate-, professional-, and expert-level Cisco certifications In

other words, passing any CCIE written exam recertifies that person’s CCNA, CCNP, CCIP,

CCSP, CCDP, and so on (Recertification requirements do change, so please verify the

requirements at http://www.cisco.com/go/certifications.)

CCIE Routing and Switching Written Exam 350-001

The CCIE Routing and Switching written exam, at the time of this writing, consists of a two-hour exam administered at a proctored exam facility affiliated with Pearson VUE (http://www.vue.com/cisco) The exam typically includes approximately 100 multiple-choice questions No simulation questions are currently part of the written exam

As with most exams, everyone wants to know what is on the exam Cisco provides general guidance as to topics on the exam in the CCIE Routing and Switching written exam blueprint, the most recent copy of which can be accessed from http://www.cisco.com/go/ccie

Cisco changes both the CCIE written and lab blueprints over time, but Cisco seldom, if ever, changes the exam numbers (In contrast, Cisco changes the exam numbers of the associate- and professional-level certifications when it makes major changes to what is covered on those exams.) Instead of changing the exam number when a CCIE exam changes significantly, Cisco publishes a new exam blueprint Cisco assigns the new blueprint a version number, much like a software version

The CCIE Routing and Switching written exam blueprint 4.0, as of the time of publication,

is listed in Table I-1 Table I-1 also lists the chapters that cover each topic

Topics

Book Chapters

1.00 Implement Layer 2 Technologies

1.10 Implement Spanning Tree Protocol (STP) 3

(f) Bridge protocol data unit (BPDU) guard 3

(i) Port roles, failure propagation, and Loop Guard operation 3

1.20 Implement VLAN and VLAN Trunking Protocol (VTP) 2

1.30 Implement trunk and trunk protocols, EtherChannel, and load-balance 2

xxxv

1.40 Implement Ethernet technologies 1

(b) Ethernet, Fast Ethernet, and Gigabit Ethernet 1

1.50 Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer

(RSPAN), and flow control

1

(a) Local Management Interface (LMI) 15

1.70 Implement High-Level Data Link Control (HDLC) and PPP 15

2.00 Implement IPv4

2.10 Implement IP version 4 (IPv4) addressing, subnetting, and variable-length subnet

masking (VLSM)

4

2.20 Implement IPv4 tunneling and Generic Routing Encapsulation (GRE) 6

2.30 Implement IPv4 RIP version 2 (RIPv2) E

2.40 Implement IPv4 Open Shortest Path First (OSPF) 8

(f) Link-state advertisement (LSA) types 8

(g) Adjacency on a point-to-point and on a multi-access network 8

2.50 Implement IPv4 Enhanced Interior Gateway Routing Protocol (EIGRP) 7

continues

(d) EIGRP queries 7 (e) Manual summarization and autosummarization 9

2.60 Implement IPv4 Border Gateway Protocol (BGP) 10

(c) Internal Border Gateway Protocol (IBGP) and External Border Gateway Protocol

(EBGP)

10, 11

2.80 Implement Performance Routing (PfR) and Cisco Optimized Edge Routing (OER) 6 2.90 Implement filtering, route redistribution, summarization, synchronization, attributes,

and other advanced

9, 11

3.00 Implement IPv6

3.10 Implement IP version 6 (IPv6) addressing and different addressing types 20 3.20 Implement IPv6 neighbor discovery 20 3.30 Implement basic IPv6 functionality protocols 20 3.40 Implement tunneling techniques 20 3.50 Implement OSPF version 3 (OSPFv3) 20 3.60 Implement EIGRP version 6 (EIGRPv6) 20 3.70 Implement filtering and route redistribution 20

and bootstrap router (BSR)

17

Topics

Book Chapters

xxxvii

5.50 Implement multicast tools, features, and source-specific multicast 17

5.60 Implement IPv6 multicast, PIM, and related multicast protocols, such as Multicast

Listener Discovery (MLD)

17 6.00 Implement Network Security

6.02 Implement Zone Based Firewall 18

6.03 Implement Unicast Reverse Path Forwarding (uRPF) 18

6.05 Implement authentication, authorization, and accounting (AAA) (configuring the

AAA server is not required, only the client side (IOS) is configured)

18

6.06 Implement Control Plane Policing (CoPP) 18

6.07 Implement Cisco IOS Firewall 18

6.08 Implement Cisco IOS Intrusion Prevention System (IPS) 18

6.09 Implement Secure Shell (SSH) 18

6.12 Implement routing protocol authentication 18

6.13 Implement device access control 18

7.00 Implement Network Services

7.10 Implement Hot Standby Router Protocol (HSRP) 5

7.20 Implement Gateway Load Balancing Protocol (GLBP) 5

7.30 Implement Virtual Router Redundancy Protocol (VRRP) 5

7.40 Implement Network Time Protocol (NTP) 5

7.60 Implement Web Cache Communication Protocol (WCCP) 5

8.00 Implement Quality of Service (QoS)

8.10 Implement Modular QoS CLI (MQC) 12

(a) Network-Based Application Recognition (NBAR) 12

(b) Class-based weighted fair queuing (CBWFQ), modified deficit round robin (MDRR),

and low latency queuing (LLQ)

continues

9.00 Troubleshoot a Network

9.10 Troubleshoot complex Layer 2 network issues 3 9.20 Troubleshoot complex Layer 3 network issues 9 9.30 Troubleshoot a network in response to application problems 14 9.40 Troubleshoot network services 6 9.50 Troubleshoot network security 18 10.00 Optimize the Network

10.01 Implement syslog and local logging 5 10.02 Implement IP Service Level Agreement SLA 5

10.04 Implement SPAN, RSPAN, and router IP traffic export (RITE) 5 10.05 Implement Simple Network Management Protocol (SNMP) 5 10.06 Implement Cisco IOS Embedded Event Manager (EEM) 5 10.07 Implement Remote Monitoring (RMON) 5

xxxix

Version 4.0 of the blueprint provides more detail than the earlier versions of the blueprint

It is also helpful to know what topics Cisco has removed from earlier blueprints, because it

is also useful to know what not to study as well as what to study The more significant topics

removed from the last few versions of the CCIE R/S Written blueprints include the

following:

SONET; they also added wireless LANs

and added IPv6 and MPLS concepts

■ Version 4.0 (2009)—The Version 4.0 blueprint shows that no significant topics were

removed

The Version 4.0 blueprint adds many new topics compared to the Version 3.0 blueprint The

blueprint mentions around 20 new small topics In addition, the blueprint wording has been

changed to be more aligned with the other Cisco certifications, with many of the topics

listing the word configuration Notably, MPLS configuration has been added since

11.00 Evaluate proposed changes to a Network

11.01 Evaluate interoperability of proposed technologies against deployed technologies N/A

(a) Changes to routing protocol parameters N/A

(b) Migrate parts of a network to IPv6 N/A

(e) Migrate spanning tree protocol N/A

(f) Evaluate impact of new traffic on existing QoS design N/A

11.02 Determine operational impact of proposed changes to an existing network N/A

(a) Downtime of network or portions of network N/A

(c) Introducing security breaches N/A

11.03 Suggest Alternative solutions when incompatible changes are proposed to an

existing network

N/A

Topics

Book Chapters