Google Analytics

Search This Blog

Wednesday, April 05, 2006

Cisco - Routing Continues - IGRP, EIGRP, OSPF

Routing- Continues:
----------------------------
RIP metric is based on "hops count".
IGRP metric is based on "bandwidth and Load".
RIP has administrative distance of "120"
IGRP has admistrative distance of "100"
RIP version 2:
- classless protocol.
Thus when setting up RIP version 2, only need to advertise for the most significant octet with no requirement for subnet mask.
LabD(config)#router rip
LabD(config-router)#version 2
LabD(config-router)#network 1.0.0.0


EIGRP (Theory):
------------------------
- Classless protocol --> only need to advertise the most significant octets coupled with reversed mask.
- Events driven--> hold down value is zero (because things got updated instantly)
--> CHek this out form "sh ip protocols"
- Incremental updates of informations (routing tables and etc) --> reduce bandwidth requirements.




Support all protocols:
------------------------------
1. IP
2. Appletalk
3. IPX
As compared to RIP and IGRP, which only supports IP protocols.

Similiarity to IGRP:
---------------------------
1. Autonomous system.
2. K-Values.

Compatible with IGRP:
--------------------------------
EIGRP = IGRP x 256 bytes
Network A = EGRP
Network B = IEGRP
When Network A receives packets from Network B, they will be divided by 256 bytes. When network B receives packets from Network A, it will be multiply by 256 bytes.

Troubleshooting:
------------------------
When someone advertises the wrong network (wrong IP or wrong reversed mask), the link will then be down. Thus you need to know your topology map to troubleshoot things out.

Setup EIGRP (Practical) :
-----------------------------------
1. configure terminal
2. router eigrp [number]
3. advertise the classless network with reversed mask.
4. Set "no auto-summary" to EIGRP object.
5. clear route table --> "clear ip route *"
6. show ip route --> "sh ip route"

i.e
LabD(config)#router eigrp 100
LabD(config-router)#network 1.0.1.0 0.0.0.3
LabD(config-router)#network 1.0.0.0 0.0.0.255
LabD(config-router)#no auto-summary
LabD(config-router)#clear ip route *
LabD#sh ip route

Summarized IP route table:
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.0.1.0/30 is directly connected, Serial1
C 1.0.0.0/24 is directly connected, Serial0
R 2.0.0.0/8 [120/1] via 1.0.0.1, 00:00:28, Serial0
R 3.0.0.0/8 [120/1] via 1.0.0.1, 00:00:28, Serial0

Non-summarized IP route table:
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.0.1.0/30 is directly connected, Serial1
C 1.0.0.0/24 is directly connected, Serial0
2.0.0.0/8 is variably subnetted, 7 subnets, 5 masks
R 2.0.0.0/26 [120/1] via 1.0.0.1, 00:00:17, Serial0
R 2.0.0.0/8 [120/1] via 1.0.0.1, 00:03:02, Serial0
R 2.0.0.64/27 [120/2] via 1.0.0.1, 00:00:17, Serial0
R 2.0.0.96/28 [120/3] via 1.0.0.1, 00:00:17, Serial0
R 2.0.0.112/28 [120/4] via 1.0.0.1, 00:00:18, Serial0
R 2.0.0.248/30 [120/5] via 1.0.0.1, 00:00:18, Serial0
R 2.0.0.252/30 [120/5] via 1.0.0.1, 00:00:18, Serial0
3.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
R 3.0.1.0/25 [120/2] via 1.0.0.1, 00:00:18, Serial0

setup Ethernet Link to EIGRP:
1. Setup ethernet interface --> "no shutdown"
2. Add ip address to it.
3. Goto EIGRP object.
4. Advertise ethernet interface by specifying the classless octets with reversed mask.
5. Check ip route --> "sh ip route"

Successors and feasible successors:
Since EIGRP has the features of successors and feasible successors, thus there is no downtime for it.
P 1.0.1.0/30, 1 successors, FD is 2169856
via Connected, Serial1
P 1.0.0.0/8, 1 successors, FD is 2169856
via Summary (2169856/0), Null0
P 1.0.0.0/24, 1 successors, FD is 2169856
via Connected, Serial0
P 2.0.0.0/8, 3 successors, FD is 2195456
via 172.16.70.3 (2195456/2169856), Ethernet0
via 172.16.70.5 (2195456/2169856), Ethernet0
via 172.16.70.8 (2195456/2169856), Ethernet0
P 2.0.0.0/26, 1 successors, FD is 3734016
via 172.16.70.9 (3734016/3708416), Ethernet0
P 3.0.1.0/25, 1 successors, FD is 2707456
via 172.16.70.1 (2707456/2681856), Ethernet0
via 1.0.0.1 (3193856/2681856), Serial0
P 3.0.0.0/8, 2 successors, FD is 2195456
via 172.16.70.6 (2195456/2169856), Ethernet0
via 172.16.70.2 (2195456/2169856), Ethernet0

Take the example of ..
P 3.0.1.0/25, 1 successors, FD is 2707456
via 172.16.70.1 (2707456/2681856), Ethernet0
via 1.0.0.1 (3193856/2681856), Serial0

The successor for it is:
172.16.70.1
Ethernet link will always be chosen as successor over others for reason that it will be faster.
Serial0 is considered to be feasible successor when..
2681856(advertised)

RTP protocols:
1. Send "multicast" to neighbors.
2. if no reply from someone. Send "Unicast" for at least 16 times.
3. If still no reply from that someone, then it means dead.

After morning break.
-------------------------------
1. IGRP does not understand subnet mask. thus when you advertise, no need to put subnet mask
LabD#conf t
LabD(config)#router igrp 100
LabD(config-router)#network 1.0.0.0
LabD(config-router)#network 1.0.1.0
Refer to Advertise_EIGRP_Diagram.jpg
2. IGRP doesn't understand the EIGRP (classless).
3. IGRP doesn't support "auto-summary"
-> Because it can't provide summarization.
Summarization:
172.16.10.0 /28
172.16.10.16 /28
172.16.10.32 /28
172.16.10.48 /26
.0 = 00 000000
.16 = 00 010000
.32 = 00 100000
Thus, the first two bits are similar. Therefore, the subnet mask is thus 11000000 = /26
can be summarized as 172.16.10.0 /26
Using RIP, no need to enter all routes manually, just need to advertise adjacent networks.

OSPF:
1. open standard, not proprietary to Cisco.
2. Based on the fastest link (link speed)
3. Similar with EIGRP (events driven), holddown value = 0. --> check with "sh ip protocols"
4. Uses "auto-summary"
Communication:
1. Using link-state advertisement.
2. Instead of having a topology table, it has the link-state table.
EIGRP:
1. Neighbors table
2. Topology table
3. Routing table

OSPF:
1. Neighbors table
2. Linked-state table
3. Routing table
Single Area OSPF - Everybody will be in Area 0.

Based on the rule of OSPF:
1. Irregardless of any conditions, any other Area(s) has to be connected directly to Area 0 in other to communicate with others. This is for CCNA level. Otherwise, you may connect to non-Area 0 and create a virtual link.

The metric for your OSPF is cost calculation.
EIGRP = 90
IGRP = 100
OSPF A.D = 110
RIP = 120

setup OSPF (Practical)
1. LabD(config)#router ospf [any number from the list] --> setup OSPF
i.e LabD(config)#router ospf 666
2. Add adjacent networks with reversed mask to area 0.
3. network [adjacent network ID] [reversed mask] [area]
"sh ip route"
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.0.1.0/30 is directly connected, Serial1
C 1.0.0.0/24 is directly connected, Serial0
2.0.0.0/8 is variably subnetted, 6 subnets, 4 masks
O 2.0.0.0/26 [110/933] via 1.0.0.1, 00:01:03, Serial0
O 2.0.0.64/27 [110/997] via 1.0.0.1, 00:01:03, Serial0
O 2.0.0.96/28 [110/1061] via 1.0.0.1, 00:01:03, Serial0
O 2.0.0.112/28 [110/1071] via 1.0.0.1, 00:01:03, Serial0
O 2.0.0.248/30 [110/1119] via 1.0.0.1, 00:01:04, Serial0
O 2.0.0.252/30 [110/1119] via 1.0.0.1, 00:01:04, Serial0
3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 3.0.1.0/25 [110/192] via 1.0.0.1, 00:01:04, Serial0
O 3.0.0.0/24 [110/128] via 1.0.0.1, 00:01:04, Serial0

Example illustration:
2.0.0.96/28 [110/1061] via 1.0.0.1, 00:01:03, Serial0
110 = A.D (administrative difference)
1061 = Cost
Check ethernet bandwidth
--> sh int ethernet [number]
Check serial bandwidth
--> sh int serial [number]
--> BW 1544 Kbit (1.5 Mbit)
Check neighbors table (for OSPF)..
"LabD#sh ip ospf neighbor"
Check topology / link-state table (for OSPF)
"LabD#sh ip ospf database"
--> Notice that you are on the verge of setting a multi-access network around a switch (switch connected to multiple routers)
To counter linkage-redundancy within a multi acess network:
DR - Designated router
BDR - Backup designated router
With the concept of DR and BDW, everybody will only be connected to DR and BDR only.
LabD#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
88.0.0.9 1 2WAY/DROTHER 00:00:36 88.0.0.9 Ethernet0
88.0.0.8 1 2WAY/DROTHER 00:00:36 88.0.0.8 Ethernet0
88.0.0.10 1 FULL/BDR 00:00:36 88.0.0.10 Ethernet0
88.0.0.11 1 EXSTART/DR 00:00:36 88.0.0.11 Ethernet0
88.0.0.6 1 2WAY/DROTHER 00:00:37 88.0.0.6 Ethernet0
88.0.0.5 1 2WAY/DROTHER 00:00:37 88.0.0.5 Ethernet0
88.0.0.2 1 2WAY/DROTHER 00:00:37 88.0.0.2 Ethernet0
88.0.0.3 1 2WAY/DROTHER 00:00:36 88.0.0.3 Ethernet0
88.0.0.1 1 2WAY/DROTHER 00:00:36 88.0.0.1 Ethernet0
1.0.1.2 1 2WAY/DROTHER 00:00:36 88.0.0.7 Ethernet0
88.0.0.7 1 FULL/ - 00:00:39 1.0.1.2 Serial1
88.0.0.1 1 FULL/ - 00:00:39 1.0.0.1 Serial0
To have a fair election of who will become DR and BDW, everybody will do a clear ospf process.
LabD#clear ip ospf process
LabD#Reset ALL OSPF processes? [no]: y
Election is based on router ID (IP address of the ethernet interface)
When you reload your router, only it will pick your new router ID.
The router ID will be based on selection of all the IP addressess between all the interfaces available, such as ethernets, serials and BRIs.
DR = the one with the highest router ID.
BDR = the one with the lowest router ID.
Dead Time = If the router who is currently a DR or BDR not responding to the network within 40 seconds... new DR and BDR will be elected. The following event messages will be expected.
01:06:25: %OSPF-5-ADJCHG: Process 666, Nbr 88.0.0.11 on Ethernet0 from FULL to D
OWN, Neighbor Down: Dead timer expired
LabD#
01:06:31: %OSPF-5-ADJCHG: Process 666, Nbr 88.0.0.9 on Ethernet0 from LOADING to
FULL, Loading Done
In order to have a standardized for your router's Router ID. The router ID will always based on loopback interface's IP. This is because loopback interface can never be down as compared to physical interfaces.
--> Create a loopback interface (logical interface on your router).
LabD#conf t
Enter configuration commands, one per line. End with CNTL/Z.
LabD(config)#int loopback 0
LabD(config-if)#ip address 5.0.0.251 255.0.0.0
LabD(config-if)#no shutdown
LabD(config-if)#
01:12:59: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
Priority values: The higher the priority, the better the chance to be DR.
The lowest value for priroty = 1
Maximum priority value = 255
Value 0 = (disqualified to become a DR)

Thus election for selection of DR or BDR rules:
1. Router ID comparison.
2. Priority
3. Multi-access network (switch or hub)
Down-Time:
EIGRP don't have don't time but not OSPF because the former has successor and feasible successor.
--> Check from EIGRP "sh ip eigrp topology"
Write Erase:
LabD#wr erase

1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.0.1.0/30 is directly connected, Serial1
C 1.0.0.0/24 is directly connected, Serial0
D EX 4.0.0.0/8 [170/2195456] via 1.0.0.1, 00:05:43, Serial0
D EX 5.0.0.0/8 [170/2707456] via 1.0.0.1, 00:05:43, Serial0
D EX 6.0.0.0/8 [170/2707456] via 1.0.0.1, 00:05:43, Serial0
Notice that for LabD, it will not be able to detect network 2 and network 3. However, it is able to detect IGRP network via "D EX"
Now, you need to do "Registration"
1. Can register a few things to you RIP (Version 2)
Take RIP and pump it out as eigrp or igrp as some metric [number]
2. Thus, goto each router object (RIP, IGRP, EIGRP, OSPF) and redistribute them accordingly to each other protocols according to appropriate metric.
--> This will be for CCNP.
After you done the distribution, you will see the following from "sh ip route"
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.0.1.0/30 is directly connected, Serial1
C 1.0.0.0/24 is directly connected, Serial0
2.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
D EX 2.0.0.0/26 [170/2681856] via 1.0.0.1, 00:03:26, Serial0
D EX 2.0.0.64/27 [170/2681856] via 1.0.0.1, 00:03:26, Serial0
D EX 2.0.0.96/28 [170/2681856] via 1.0.0.1, 00:03:26, Serial0
3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D EX 3.0.1.0/25 [170/2681856] via 1.0.0.1, 00:03:21, Serial0
D EX 3.0.0.0/24 [170/2681856] via 1.0.0.1, 00:03:21, Serial0
D EX 4.0.0.0/8 [170/2195456] via 1.0.0.1, 00:18:14, Serial0
D EX 5.0.0.0/8 [170/2707456] via 1.0.0.1, 00:18:14, Serial0
D EX 6.0.0.0/8 [170/2707456] via 1.0.0.1, 00:18:14, Serial0
--> All networks are visible, this is because we have setup a "redistributing" router.

Access List:
Used to control your traffice.
- Manage traffic as it grows.
- Filter out certain packets. (check packets IP only)
+ compared to firewall, it will check the contents of the packets.
Functions:
1. Stop people from passing into your network.
2. Stop people from telneting into your network.
Features:
1. Traffic Shaping --> CCNP
- Certain traffic will be allowed to pass through. (based on priority)
2. Dial-on-demand routing --> CCNA.
Two type of access list:
1. Standard access list.
+ Only look at your source. (deny everything)
2. Extended access list.
+ Check your source, your destination and what you plan to do (FTP or Telnet) ?

Tips:
When you put the "standard access list".. make sure don't overkill.
- To do this, put your "standard access list" close to your destination. (the most relevant router)
When you put the "Extended access list"... make sure don't over-eat (consume unnecessary bandwidth.)
- To do this, put your "extended access list" as close to your source. (the most relevant router)
- It will read every entry from a logical manner.

Inbound or outbound Access list:
------------------------------------------------
"inbound' attribute is set when the "access list" is loaded to the entering gateway (interfaces) of the most relevant router.
"outbound" attribute is set when the "access list" is loaded to the exiting gateway (interfaces) of the most relevant router.
"permit any"
"implicit deny all"

Deny:
1. Deny one by one.
2. Permit everyone except those who are supposed to be denied.
3. Deny in a single statement.
To deny 7.0.0.2 and 7.0.0.3, we can use 7.0.0.0 / 30
/ 30 = 111111 00
.1 = 00000001
.3 = 00000011
LabF(config)#access-list 1 deny [network ID] [wildcard bits]
--> The reversed mask is now known as [wildcard bits]
Thus "reversed mask" is supposed to mean "all" while wildcard bits means "selected"
i.e
LabF(config)#access-list 1 deny 7.0.0.0 0.0.0.3
LabF#sh access-list
Standard IP access list 1
deny 7.0.0.0, wildcard bits 0.0.0.3
permit any
LabF#
Take your access list and apply to an interface.
LabF(config-if)#int ethernet 0
LabF(config-if)#ip access-group 1 out
Summary:
1. create access list
2. put access list to an interface
i.e
LabF(config)#access-list 1 deny 7.0.0.0 0.0.0.3
LabF(config)#access-list permit any
LabF(config-if)#ip access-group 1 out
Standard Access List also blocks out "reply" packets.
Let's assume that there are 20 nodes with ip 7.0.0.1 to 7.0.0.20
To deny 7.0.0.1 to 7.0.0.3 and 7.0.0.9 to 7.0.0.15
How to write the shortest access-list command?
access list 1 deny 7.0.0.0 /30 (0.0.03)
access list 1 permit 7.0.0.8
access list 1 permit 7.0.0.8 /29
access list 1 permit any

Example:
7.0.0.32 /29
.32 = 00100 000
.39 = 00100 111

In other words, whether it is "reversed mask" (when used for EIGRP) or "wildcard bits"(when used for access list), it means "the otherwise IP(s)"

5 comments:

Anonymous said...

Very nice! I found a place where you can
make some nice extra cash secret shopping. Just go to the site below
and put in your zip to see what's available in your area.
I made over $900 last month having fun!
make extra money

Anonymous said...

Very nice! I found a place where you can
make some nice extra cash secret shopping. Just go to the site below
and put in your zip to see what's available in your area.
I made over $900 last month having fun!
make extra money

Anonymous said...

Very nice! I found a place where you can
make some nice extra cash secret shopping. Just go to the site below
I made over $900 last month having fun!
make extra money

Anonymous said...

Looking for information and found it at this great site...
»

Anonymous said...

Looking for information and found it at this great site... » » »