When there is achange in the network topology, each router recalculates its routing table before announcingthe change to its neighbors.. begin-Tasks and Tips On a Cisco router, enable RI
Trang 1Choosing the Right Interior Routing Protocol
Expert Reference Series of White Papers
Trang 2Choosing an IP routing protocol is an important step The right protocol can make your routingoperate efficiently, and the wrong one can make your life difficult Each protocol has its ownpros and cons, and works better in some situations than others In this paper, we explore thestrengths and weakness of RIP, EIGRP, OSPF, and IS-IS, and discuss when it is appropriate touse each We will evaluate each protocol in terms of five criteria:
proto-Routing Information Protocol (RIP)
RIP was one of the first IP routing protocols It is simple to understand and simple to configure.RIP version 1 sends its advertisements as broadcasts; RIP version 2 sends them as multicas-
ts Both versions advertise their entire routing table every 30 seconds For both versions, themetric is hop count – with each router counting as a hop A network with a metric of 16 hops isconsidered unreachable, which limits the diameter of a RIP routing domain
Convergence Speed
RIP is notoriously slow to converge It is a distance vector protocol, which means that eachrouter advertises only the path it itself is using to reach a particular network When there is achange in the network topology, each router recalculates its routing table before announcingthe change to its neighbors If a network has gone down, the router must query its neighborsfor an alternate path to the network, and wait for them to respond Additionally, RIP employstimers such as the hold-down timer to lessen the chance of a routing loop These timers, how-ever, also lengthen the amount of time that incorrect information might be propagated throughthe network
Denise Donohue, Global Knowledge Instructor, CCIE #9566
Choosing the Right
Interior Routing Protocol
Trang 3Ease of Use
RIP is an easy protocol to use All that is required is to enable RIP and configure a networkstatement for the router interfaces that will be running RIP RIP version 1 is a classful routingprotocol, and thus all links within the RIP domain must use the same subnet mask RIP version
2 is classless, and thus supports variable-length subnet masking (VLSM) With either version
of RIP, the network statement lists only the classful network
Network Topology
The best place to use RIP is in a small network with links of about the same bandwidth sinceits metric does not account for differences in bandwidth The more stable the network, the bet-ter RIP performs RIPv1 is best used on links with only RIP devices, since its advertisementsare sent as broadcasts If it were used on a LAN link with hosts as well as a neighbor router onthe link, the hosts would be interrupted every 30 seconds by RIP broadcasts This is not aproblem with RIPv2, since it sends its advertisements to the multicast address of 224.0.0.9.Only devices listening for that multicast address would be affected
When using RIPv1, the same subnet mask must be used on every subnet of a classful work There must be no discontiguous subnets RIPv2 can handle networks with VLSM, sinceyou can disable auto-summarization
net-Vendor Support
Since RIP is such a well-known protocol, it is very widely supported All Cisco routers support
it, as well as firewalls, Microsoft Windows operating systems, and Unix-based operating tems Some networks must run RIP in order to support a Unix computer If that is the case inyour network, consider sectioning off that part of the network, confining the RIP portion of thenetwork to as few devices as possible Run a more sophisticated protocol in the rest of thenetwork, and redistribute the RIP routes into it If possible, inject only a default route into theRIP area
sys-IPv6 Support
There is a version of RIP that supports IPv6, called RIPng (RFC 2080) It is available ning in Cisco IOS version 12.2(8)T9
begin-Tasks and Tips
On a Cisco router, enable RIP under the global configuration mode and then list the classfulnetworks for the interfaces where you want to run RIP For instance, suppose you have thenetwork shown in the drawing below
Trang 4Router B has three interfaces Two are in the classful network 10.0.0.0, and one is in theclassful network 172.20.0.0 Suppose you want Routers A, B, and C to all exchange RIP infor-mation The configuration on Router B would then be:
ver-(config)#router rip
(config-router)#version 2
(config-router)#interface s1/0
(config-if)#ip rip send version 1
(config-if)#ip rip receive version 1
You may not want all interfaces with IP addresses in the classful network to be running RIP; in
that case, you can use the passive-interface <interface> command Making an interface
pas-sive for RIP stops the router from sending advertisements out that interface It will still listen toRIP advertisements coming in that interface, however, and will still advertise the network
assigned to that interface A variation of this is the command passive-interface default This
makes all interfaces encompassed in the network statement passive for RIP You can then
enable RIP on a specific interface with no passive-interface <interface> In the drawing
above, the LAN interface has no other routers on it, only hosts It would make sense to makethat interface passive for RIP The commands to accomplish that are:
Trang 5(config)#router rip
(config-router)#passive-interface fa0/0
Another option with RIPv2 is to make an interface passive, then add a neighbor statement
list-ing the IP address of the router on the other end of a link RIP will then send its updates as aunicast out that interface, to that neighbor If you wanted to do this for Router A, for example,use the following commands:
in RIPv2 with the following command:
(config-router)#no auto-summary
Turning off auto-summarization causes RIP to advertise every subnet to its neighbors Thisisn’t necessarily a good thing – it makes the routing tables and route advertisements larger.RIPv2 allows you to manually configure summarization at the interface level The commandlooks like this:
(config-if)#summary-address rip <network> <subnet_mask>
When using RIP in only a portion of your network, it is good practice to redistribute the RIProutes into your primary (core) protocol, and represent the core networks with either a default
or static routes in the RIP portion of the network To configure RIP to advertise a default route
to its neighbors, first configure a static default route pointing to a neighbor core router Thentell RIP to generate default information to its peers:
(config)#ip route 0.0.0.0 0.0.0.0 <neighbor_ip_address>
(config)#router rip
(config-router)#default-information originate
RIP Summary
Convergence Speed — Slow
Ease of Use — Easy to understand and use
Network Topology— No special topology required
Vendor Support — Widely supported by many vendors
IPv6 Support — Supported
When to Use — Small, homogenous, stable network When hosts require its use
Trang 6Open Shortest Path First (OSPF)
OSPF is an open standard link-state protocol, described in several RFCs It calculates its bestpath using the Shortest Path First algorithm originated by Edgars Djikstra OSPF’s metric iscost On Cisco routers, “cost” is based on bandwidth – the default value is 108 divided byinterface bandwidth OSPF adds the cost of each link along the path to the destination net-work The SPF algorithm uses this metric to build a tree containing the shortest (least-cost)path to each network Running the SPF algorithm is very CPU intensive, which could be a lia-bility in an unstable network Advertisements are sent as multicasts, and once a router hasconverged, only triggered updates are sent
Convergence Speed
OSPF is one of the fastest-converging protocols When an OSPF router learns about a change
in network topology, it forwards the information to its neighbors before recalculating its routinginformation This helps speed up convergence Each router maintains a link-state databasecontaining information about all networks in the OSPF routing domain If a network goes down,there is no need for a router to query its neighbors – it already knows any alternate paths tothat network Once a router has updated its neighbors, it reruns the SPF algorithm and sub-mits the resulting routes to the routing table
Ease of Use
A basic OSPF configuration is fairly easy to configure However, one of the protocol’s strengths
is the ability to customize it to better fit your network needs An OSPF configuration can getvery complex if you take advantage of its many features On the plus side, many network engi-neers are knowledgeable and skilled in the protocol, since it is so widely used
Network Topology
OSPF requires a two-level hierarchy There is a backbone area called Area 0, and all trafficbetween areas transits Area 0 It fits well in hub-and-spoke networks, where you have a well-defined backbone with groups of networks branching out from it The need for this type oftopology is often the most challenging part of implementing OSPF in an existing network Area
0 should have the most redundancy and the most bandwidth, as it is a transit area All theother areas are required to have at least one router with at least one interface in Area 0 OSPFprovides virtual links as a way around this requirement as a temporary measure while transi-tioning the network to fit the OSPF model
IP addressing should follow the network topology to allow for summarization of routes For themost efficient operation, assign your IP subnets so that each area’s routes are able to be sum-marized into as few advertisements as possible Without summarization, information about allroutes is sent to every router in the OSPF domain When any link goes down, all routers thenhave to receive that information and rerun the SPF algorithm OSPF only allows summariza-tion at the ABRs (area border router) and ASBRs (autonomous system boundary router)
In a pure hub-and-spoke network, you may be able to designate areas as stub or totally stubbyareas This helps make OSPF operation even more efficient, as it limits the information routers
in the stub areas must maintain
Trang 7Tasks and Tips
On a Cisco router, enable OSPF under the global configuration mode You must specify aprocess number – this number is local to the router Then enable OSPF on interfaces andassign those interfaces to areas using the network statement The network statement requires
a wildcard mask after the prefix information This allows you to either specify a range of faces to be included in the OSPF process or limit it to one particular IP address The networkstatements are read from the top down, so more specific statements should be configured first The following examples are based on this diagram:
inter-In this example, the requirement is to enable OSPF area 0 between Router A and Router B,and OSPF area 10 between Router B and Router C On Router B, we specify interface S1/1
by its exact IP address and include interfaces Fa0/0 and S1/0 in one network statement:
(config)#router ospf 1
(config-router)#network 172.20.4.1 0.0.0.0 area 0
(config-router)#network 10.0.0.0 0.255.255.255 area 10
Trang 8This configuration makes Router B an area border router, as it belongs to both area 0 and area
10 This is a basic OSPF configuration; some additional changes can make OSPF more eff i c i e n t Recall that all OSPF routers within an area must have an identical link state database With abasic configuration, all network information would be flooded throughout the entire OSPF rout-ing domain This can create a very large OSPF database, using a significant amount of memo-
ry When there is a topology change, all routers would be involved in convergence This
adversely impacts router CPU and network bandwidth Additionally, as a general rule, the morerouters involved in convergence, the slower the convergence time Some tuning of OSPF canmake it more efficient in terms of router and network resource use
It would make sense to make area 10 totally stubby – Router C would then have only area routes and a default route pointing to Router B There is no need to send OSPF hellosout interface Fa0/0, so make it a passive interface Additionally, if all subnets of 10.1.0.0/16 are
intra-in area 10, we could summarize the routes advertised intra-into area 0
(config-router)#area 10 stub no-summary
(config-router)#passive-interface fa0/0
(config-router)#area 10 range 10.1.0.0 255.255.0.0
With these simple changes, a topology change in area 10 does not affect Router A at all, aslong as the summary route is still valid Similarly, a topology change in area 0 does not affectRouter C at all Router B is still affected by topology changes in both areas, since Area BorderRouters keep the complete database for each area they border A good design consideration is
to have several ABRs each bordering a few areas, rather than a few ABRs each borderingmany areas
When designing an OSPF network, it is common to wonder how many routers and networks toput in one area, and how many areas to have There is no single good answer to these ques-tions, as they depend on many factors For example, networks with good summarization canaccommodate more routers per area, networks with many stub areas can accommodate moreareas, and routers with fast CPUs and high memory can hold more information in their data-bases The main thing is to understand OSPF and work with it, rather than trying to challenge
it A well-designed OSPF network can converge quickly (in under a second) and operate eff i c i e n
t-ly For instance, consider the following network (some links have been omitted for simplicity):
Trang 9One possible design would be to put the Core routers in Area 0, along with the connectedinterfaces of the Distribution routers The two Distribution routers on the left, and their connect-
ed Access routers, would comprise one area The two Distribution routers on the right, alongwith their connected Access routers, would comprise another area Summarization could bedone only on the Distribution routers As a result, the Distribution and Access-layer routerscould have about 1,030 routes in their routing tables Also, at least six routers are involved inconvergence when there is a topology change (Perhaps more, if there are other routers in theAccess-layer “cloud”.) Contrast this with the same network, in the EIGRP section
Another option would be to extend Area 0 to include the links between the Distribution andAccess-layer routers Then each Access-layer router would be its own OSPF area, could sum-marize its subnets to a 16-bit mask (e.g., 10.4.0.0/16), and could be a stub area This wouldminimize the number of routes per router, and the number of routers involved in convergence
in each area, but it also means that the Access routers are part of the core area Hopefully, thishelps you see that network design is a serious consideration with OSPF
In this time of such high security concerns, I would be lax not to mention authentication OSPFcan do both clear text and MD5 authentication between routers This is a good feature to use
to prevent an attacker from hijacking your routing and injecting false routes As long as you’reusing authentication, you might as well use MD5, as it is more secure Commands to enablethis are given both under the OSPF routing process and under the interface configurationmode As an example, if we wished to use authentication in area 0, using “aSecret1” as thepassword, we would configure Router B as follows:
Trang 10(config)#router ospf 1
(config-router)#area 0 authentication message-digest
(config-router)#interface s1/1
(config-if)#ip ospf message-digest-key 1 md5 aSecret1
One last thing to plan in OSPF is the router ID Each OSPF router is identified in the database by
an IP address Router ID can be statically configured under the OSPF process, or dynamicallychosen by the router If it is not statically configured, then the router chooses the highest loop-back interface IP address, if any loopbacks are present If not, then the router chooses thehighest IP address of an active interface Duplicate router IDs can cause a problem in the net-work and break your routing The safest way to ensure that each router has a unique router ID
is to first create a loopback interface on each router with the IP address you wish to use as that
r o u t e r’s ID Next, statically configure that IP address to be the router ID under the OSPF process.Then the router ID will be unique, it will not change, and you can ping it when troubleshooting
Enhanced Interior Gateway Protocol (EIGRP)
EIGRP is a Cisco proprietary distance-vector routing protocol It was created to be used withbasically any media and network topology, to converge quickly, and to use network resourcesefficiently It uses an algorithm called DUAL – Diffusing Update Algorithm – to calculate a loop-free path to each network It really shines in networks with more than two levels of hierarchy,because you can summarize at any router’s interface EIGRP’s metric is based on the lowestbandwidth on the path to a network, and the sum of the interface delays along the path to thatnetwork
Convergence Speed
In a properly designed network, EIGRP converges very quickly For every destination network,
it will attempt to identify a backup route Then, if the primary route goes down, the routerimmediately inserts the backup route into the table No recalculation or querying of neighbors
is necessary The catch to this is that an alternative path to each network must exist
Additionally, EIGRP must be able to insure that the alternative path is loop-free It does this bycomparing the metric (or distance) advertised by each neighbor, for each network, to the metric
of its best route to that network Any neighbor with an advertised distance less than the bestdistance can be used as a backup next hop
OSPF Summary
Convergence Speed — Fast
Ease of Use — More complex than RIP or EIGRP
Network Topology — Requires a two-level hierarchy with backbone are Scales to very largenetworks in a hierarchical network
Vendor Support — Widely supported by many vendors
IPv6 Support — Supported in OSPF v3
When to Use — In a (possibly multi-vendor) network with a two-level hierarchy, and IP
addressing design that allows summarization