Archive for the 'Al Friebe' Category

OSPF, Part 7

Published December 17, 2009 Al Friebe , Routing & Switching Leave a Comment
Tags:

Yep, we’re up to part seven … there is a lot you can do with OSPF! For this discussion, we’ll use the example topology shown in Figure 1.

From here, we can see that R2, R3 and R5 are ABRs (connecting OSPF areas), and that R5 and R6 are ASBRs (connecting the OSPF autonomous system to other routing domains). Because they are not ABRs, R1, R4 and R6 are referred to as “internal routers”. Also, because R2, R3, R4 and R5 have connections to Area 0 (the OSPF backbone), they are “backbone” routers. Note that a router can play several roles simultaneously, such as R5, which is a backbone router, an ABR, and an ASBR. When assigning a router multiple functions, take care that you don’t run it out of RAM and/or CPU.

Let’s assume that we have configured summarizations on the ABRs for routes being advertised from Area1 and Area 2 into Area 0, and on the ASBRs for routes being redistributed from RIP and EIGRP into OSPF. Instead of summarizing routes from Area 0 into Area 1 or Area 2, though, we’ll make use of another common OSPF feature, the “stub” area.

As you can see from Figure 1, the only way to get from Area 1 to the EIGRP and RIP routing domains is via R2 or R3. We can exploit this by configuring Area 1 as an OSPF stub area. The effect will be that instead of advertising external routes into Area 1, the ABRs will each advertise a default route. R1 will now know:

  • All of the individual subnets within Area 1
  • Summary routes via R2 and R3 for the other areas
  • Default routes via R2 and R3 which allow it to reach the outside world.

R1 will choose the lowest-cost paths between R2 and R3 to the other areas and the outside world, and load-share between them in case of a tie.

So far, so good, but when it comes to conserving RAM, bandwidth and CPU on R1, we can do even better by configuring Area 1 as “totally stubby”. R2 and R3 will now suppress the advertisements of inter-area routes into Area 1, with the result that R1 will now know:

  • All of the individual subnets within Area 1
  • Default routes via R2 and R3 which allow it to reach everything beyond Area 1

Note that “totally-stubby” is a Cisco term, but other vendors’ routers may have a functionally-equivalent mode.

Continue reading ‘OSPF, Part 7′

OSPF – Part 6

Published December 10, 2009 Al Friebe , Routing & Switching Leave a Comment
Tags: ,

Carrying on with our discussion of multi-area OSPF, refer to the example topology shown in Figure 1:

Recall that we’ve allocated the IP address space as follows:

  • Area 0: 10.0.0.0/24 through 10.0.255.0/24 (256 subnets)
  • Area 1: 10.1.0.0/24 through 10.1.255.0/24 (256 subnets)
  • Area 2: 10.2.0.0/24 through 10.2.255.0/24 (256 subnets)

By default, all routers will know about the existence of all 768 subnets, but we can configure the ABRs to advertise summary routes between areas with the OSPF “area range” command. Assuming that R2 is running OSPF process ID 1, we’d tell R2 to summarize the “/16” block of routes within Area 1 into Area 0 like this:

  • R2(config)#router ospf 1
  • R2(config-router)# area 1 range 10.1.0.0 255.255.0.0

Likewise, we tell R2 to summarize the “/16” block of routes that lies within Area 0 into Area 1:

  • R2(config-router)# area 0 range 10.0.0.0 255.255.0.0

Note that in each case the area number specified is that of the area which contains the routes, not the area into which the summary block is being advertised. Similarly, we can configure route summarization on R4 between Area 2 and Area 0:

  • R4(config-router)# area 2 range 10.2.0.0 255.255.0.0
  • R4(config-router)# area 0 range 10.0.0.0 255.255.0.0

That’s it! We’ve just dramatically reduced the sizes of the routing tables on all routers in the OSPF autonomous system.

Now, let’s say that for fault-tolerance, there are two ABRs joining a pair of areas. Refer to Figure 2, in which R6, an additional ABR between Area 1 and Area 0, has been added:

What happens if we configure R2 to summarize the routes from Area 1 into Area 0, but we don’t configure R6 to do the same? Since R6 is advertising the individual subnets, the routers within Area 0 will know them, as well as the summary route they learn from R2. Since a router prefers the longest match to a particular destination, the traffic bound from Area 0 into Area 1 will flow via R6 (a “/24” beats a “/16”). Thus, to minimize the size of the routing tables in the adjacent areas, we should configure the same summarizations on both R2 and R6. This will also facilitate load-sharing between the ABRs for traffic traveling between the areas.

What about connections to the outside world? Refer to Figure 3, in which R5 has been made an ASBR (Autonomous System Boundary Router), connecting the OSPF autonomous system to a RIP routing domain:

To make R5 an ASBR, we would need to configure “route redistribution” from RIP into OSPF (redistribution is a CCNP topic). Once that’s done, R5 will advertise the individual prefixes it learns via RIP into OSPF, and they will be passed throughout Area 2, into Area 0, and also into Area 1. If we like, we can also configure route summarization on the ASBR. Assuming that the RIP cloud contains subnets that fall within the address block of 172.16.0.0/16, we would configure the OSPF summary route like this:

  • R5(config-router)#summary-address 172.16.0.0 255.255.0.0

The result would be that R5 will advertise the summary block 172.16.0.0.16 into Area 2, where it will be learned by R4, which will advertise it into Area 0. The advertisement will flood across Area 0 and be learned by R2 and R6, which will both advertise the summary route into Area 1. The result is that R5 (the ASBR) will know all of the individual routes it learned via RIP, and all of the other routers in the OSPF autonomous system will know the summary route for the external routing domain.

Next time, we’ll discuss some additional OSPF scalability features.

Author: Al Friebe

OSPF, Part 5

Published November 30, 2009 Al Friebe , Routing & Switching Leave a Comment
Tags: ,

In our previous discussion, we saw that dividing an OSPF autonomous system into multiple areas can improve the scalability. An example of a multi-area OSPF topology is shown in Figure 1:

Let’s imagine that we’ve allocated the IP address space as follows:

  • Area 0: 10.0.0.0/24 through 10.0.255.0/24 (256 subnets)
  • Area 1: 10.1.0.0/24 through 10.1.255.0/24 (256 subnets)
  • Area 2: 10.2.0.0/24 through 10.2.255.0/24 (256 subnets)

Our OSPF autonomous system contains a total of 768 subnets, and unless we prevent it, each subnet will be known by every router. With a little configuration, however, we can do much better. As you can see, the subnets within the areas fall into three blocks:

  • Area 0: 10.0.0.0/16
  • Area 1: 10.1.0.0/16
  • Area 2: 10.2.0.0/16

What we can do is configure the ABRs (R2 and R4) so that instead of advertising each individual prefix from one area to another, they will instead advertise summary blocks. For example, we will configure R2 to advertise the 10.1.0.0/16 block from Area 1 into Area 0, and likewise the 10.0.0.0/16 block from Area 0 to Area 1. Similarly, we’ll have R4 advertise the 10.2.0.0/16 block from Area 2 into Area 0, and the 10.0.0.0/16 block from Area 0 into Area 2. What will be the result?

Each internal router (R1, R3 and R5) has the LSDB for its particular area, and running SPF will send that area’s prefixes into its routing table. Thus, for the prefixes within their respective areas, the internal routers see things as follows:

  • R1: 10.1.0.0/25 through 10.1.255.0/24 (the 256 subnets in Area 1)
  • R3: 10.0.0.0/25 through 10.0.255.0/24 (the 256 subnets in Area 0)
  • R5: 10.2.0.0/25 through 10.2.255.0/24 (the 256 subnets in Area 2)

Being an ABR, R2 will have the LSDB for both Area 2 and Area 0, and therefore will see 512 prefixes total for those two areas. Likewise, R4, the ABR connecting Area 2 to Area 0, will also see 512 prefixes for those areas.

In addition, since the ABRs are advertising the blocks of subnets from one area to another, each router will see one prefix for each area to which it is not directly connected. Therefore, the total numbers of prefixes known to the routers will be:

  • R1: 258 prefixes (256 for Area 1, summaries for Area 0 and Area 2)
  • R2: 513 prefixes (256 for Area 1, 256 for Area 0, summary for Area 2)
  • R3: 258 prefixes (256 for Area 0, summaries for Area 1 and Area 2)
  • R4: 513 prefixes (256 for Area 2, 256 for Area 0, summary for Area 1)
  • R5: 258 prefixes (256 for Area 2, summaries for Area 0 and Area 1)

In the case of the internal routers (R1, R3 and R5), the routing tables have gone from 768 to 258 entries, a reduction of nearly two-thirds. In the case of the ABRs (R2 and R4), the number of routing tables has gone from 768 to 513, a reduction of nearly one-third. As you can imagine, as the total number of subnets goes up, the savings that can be realized by using multiple areas becomes even greater.

Since OSPF area numbers are thirty-two bit variables, they can be represented in dotted-decimal format, which can sometimes be convenient. For example, instead of numbering our areas 0, 1 and 2, we could make them Area 0.0.0.0, Area 10.1.0.0, and Area 10.2.0.0, deriving the area numbers from the IP address ranges within them.

What about Area 0, which contains the 10.0.0.0/16 block? Can we make that Area 10.0.0.0, then? No, because there are some rules we must follow when it comes to multiple areas.

  • First, if we have more than one area, one of them must be Area 0 (or Area 0.0.0.0, if you prefer).
  • Also, unless special arrangements are made, the topology of an OSPF autonomous system must be a simple hub-and-spoke, with Area 0 (the backbone) in the middle.
  • One last thing … we can’t run a link directly from Area 1 to Area 2, bypassing Area 0, because OSPF won’t like that at all!

There are additional rules and options, some of which we’ll discuss in the next installment.

Author: Al Friebe

OSPF – Part 4

Published November 23, 2009 Al Friebe , Routing & Switching Leave a Comment
Tags: ,

Let’s talk about some issues that arise when we scale an OSPF internetwork up to a large size. As usual when it comes to scalability, there are three issues involved:

  • Bandwidth
  • RAM
  • CPU

First, as the internetwork grows, there are more routers. Recall that with link-state protocols such as OSPF, every router’s LSA (Link State Advertisement) is flooded throughout the internetwork. Obviously, the more routers, the more LSAs must be flooded, which results in more LSU (Link State Update) packets, consuming more bandwidth on the links.

Second, as the LSAs are flooded, each router makes a copy of each LSA, which it keeps in its LSDB (Link State Database). Therefore, the more routers, the larger will be each router’s LSDB, and a larger LSDB requires more RAM to store it. Also, since there are a lot of prefixes, the resulting routing table will be large, requiring even more RAM.

Third, every time a router’s LSDB changes, the router runs Dijkstra’s SPF algorithm to generate its revised routing table. The larger the internetwork, the larger the LSDB, and the more frequently it’s likely to be changing. Thus, each router is running SPF more often on a larger LSDB, consuming more CPU cycles.

The bottom line is that since bandwidth, RAM, and CPU cost money (and we don’t have infinite money) there is some limit to how large an OSPF autonomous system can grow. There are two solutions to this scalability problem

    1. Limit OSPF to small internetworks (bad idea!)
    2. Modify OSPF to enhance its scalability (good idea!)

      Of the two options, the latter was used, and we call it “multi-area OSPF”. What we do is divide the OSPF autonomous system into regions called “areas”. An example of a multi-area OSPF topology is shown here:

      Here’s how it works

      A router that lies completely within an area is called an “internal router”. Internal routers, such as R1, know the entire topology for that specific area (in R1’s case it’s Area 1). Using SPF on its LSDB, R1 builds its routing table by calculating the best path from itself to any prefix within Area 1. At this point, R1 knows the best route to all prefixes within Area 1. Likewise, internal routers R3 and R5 calculate their routing tables for Area 0 and Area 2, respectively.

      A router that is attached to more than one area is called an Area Border Router (ABR), and it maintains an LSDB for each area to which it is attached. R2, for example, is an ABR which connects Area 0 and Area 1. R2 runs SPF on its Area 0 and Area 1 LSDBs, and the results go into its routing table. Thus, R2 knows the best path from itself to all prefixes within Area 0 and Area 1. In addition, R2 now advertises the prefixes that lie within Area 0 into Area 1, and vice-versa. Note that only the prefixes and their metrics are advertised, not the existence of individual routers within an area. Likewise, R4, the ABR between Area 2 into Area 0, advertises prefixes between them.

      For reasons of fault-tolerance, it’s possible that there could be two or more ABRs joining two areas. Since each ABR advertises the cost for each prefix from its perspective, the routers in the area receiving the advertisements can make optimal routing decisions about the prefixes that lie in the other area. At this point, all routers know the best route to all prefixes within the areas to which they are attached, and to the prefixes within the adjacent areas.

      Furthermore, the Area 1 prefixes that R2 is sending into Area 0 are flooded over to R4, which then floods them into Area 2. As a result, all routers in Area 2 know about the prefixes in Area 1. This happens in the opposite direction, as well, and when the flooding has completed, all routers will know about all of the prefixes within the entire OSPF autonomous system. Because it’s just the prefixes and their costs that are being advertised between areas, and not detailed topology information, this requires less bandwidth, RAM and CPU than if it were all one big OSPF area, with all routers knowing everything about the topology.

      In the next installment, we’ll continue our discussion of multi-area OSPF, including some techniques to further increase the scalability.

      Author: Al Friebe

      OSPF – Part 3

      Published November 19, 2009 Al Friebe , Routing & Switching Leave a Comment
      Tags:

      Continuing on with our discussion of LSDB synchronization, we’ve seen that in the case of point-to-point links, the two OSPF neighbors always proceed to “Full” state. On multi-access media such as an Ethernet LAN or a Frame Relay WAN, however, things are more complicated. Let’s look at an Ethernet LAN as an example.

      A typical topology is that several routers are connected by a switch. Assuming that the switch ports connected to the routers lie within a common VLAN, the routers are within a common broadcast domain (an IP subnet). If every router on the subnet directly compares its LSDB to that of each of its neighbors on that subnet, the number of comparisons is governed by the “full mesh” equation:

      • c = n * (n – 1) / 2

      Where:

      • c = The number of comparisons
      • n = The number of routers on the subnet

      If we crank through the numbers, we obtain:

      • n = 2: c = 1 (two routers on a point-to-point link)
      • n = 3: c = 3
      • n = 4: c = 6
      • n = 5; c = 10
      • n = 6: c = 15
      • n = 10: c = 45
      • n = 20: c = 190

      If there are two routers on the subnet, only one comparison is required to ensure LSDB synchronization. In the case of five routers on the subnet (n = 5), ten comparisons are required. If the number of routers on the subnet doubles to ten (n = 10), the number of comparisons increases to 45. Doubling it again (n = 20) results in 190 comparisons. Thus, as the number of routers doubles, the number of comparisons approximately quadruples, which is what computer scientists would call “O(n2)” (order n-squared), an exponential increase.

      Also, once “Full” state is achieved, maintaining it will require that any router that detects a change to its LSDB will send an update to each of the other routers on the subnet, each of which will inform every other router on the subnet, etc. When many routers are involved, the large number of LSUs and LSAcks will consume excessive link bandwidth and router CPU cycles.

      To solve this scalability problem, once the neighbors have reached “Two-Way”, multi-access media can elect a Designated Router (DR). The DR’s job is to maintain synchronization of the LSDBs for all routers within a subnet.

      To elect the DR, the routers compare their DR election priorities, which are contained within the Hello packets. The DR priority is set per interface (or subinterface), and ranges from zero to 255, with a default value of 1. High priority wins, and the tie-breaker is highest OSPF router ID. The first runner-up is elected Backup DR (BDR). If the DR ever becomes unavailable, the BDR is promoted to DR, and a new BDR is elected.

      Once the DR and BDR for the subnet have been elected, all other routers in the subnet will synchronize their LSDBs (go to “Full” state) with the DR. This has the effect of synchronizing all LSDBs on the subnet. The equation controlling the number of comparison is now:

      • c = n – 1

      Where:

      • c = The number of comparisons
      • n = The number of routers on the subnet

      The number of comparisons now increases linearly with the number of routers on the subnet, and if we crank through the numbers we obtain:

      • n = 2: c = 1 (two routers on a point-to-point link)
      • n = 3: c = 2
      • n = 4: c = 3
      • n = 5; c = 4
      • n = 6: c = 5
      • n = 10: c = 9
      • n = 20: c = 19

      Key point: Because all routers on the subnet directly synchronize with the DR, they become synchronized with each other without having to directly compare their LSDBs.

      Whenever a change to the topology occurs, the router detecting the change will inform the DR, which will inform the other routers on the subnet. In this manner, LSDB synchronization is maintained between the routers within the subnet. Those routers will then flood the LSA to other subnets to which they are attached.

      Next time, we’ll examine multi-area OSPF, a technique for enhancing scalability.

      Author: Al Friebe

      OSPF, Part 2

      Published November 6, 2009 Al Friebe , Routing & Switching Leave a Comment
      Tags: ,

      In this installment, we’ll continue our look at OSPF (Open Shortest Path First). As we’ve seen, each router originates a Link State Advertisement (LSA), which is flooded throughout the internetwork. The LSA contains prefix and metric information for each link to which that router is directly connected. Each router maintains a Link State Database (LSDB) which contains copies of all LSAs the router has learned. Thus, the LSDB represents the detailed topology of the internetwork. Using Dijkstra’s SPF algorithm, each router independently uses its copy of the LSDB to develop its routing table.

      So that all routers know which router originated which LSA, each LSA is uniquely identified by the originating router’s OSPF router ID. Like an IP address, an OSPF router ID is a 32-bit binary value that is commonly represented in dotted-decimal format. An OSPF router ID is assigned or selected as follows:

      • If a “router-id” command appears under the OSPF process, that’s it.
      • If not, it’s the highest IP address amongst the active loopback interfaces.
      • If there are no active loopbacks, it’s the highest IP address amongst the active physical interfaces.

      By active we mean not Administratively Down. In other words, a physical interface that’s Up/Down or Down/Down is still a candidate for OSPF router ID.

      Note that although an OSPF router ID looks like an IP address, and may have been derived from an IP address, it is not an IP address. Instead, the router ID is used to uniquely identify the originator of a particular LSA within the LSDBs.

      Key point: If you’re setting the OSPF router IDs manually using either router-id commands or loopbacks, they had better be unique! If not, corruption of the LSDBs and of the resulting routing tables can occur.

      Two OSPF neighbors-to-be begin in the Down state. Once one of the potential neighbors has sent a hello, the neighbors move to Init state. To go further, the routers must agree on the following items with regard to the link which connects them:

      • The subnet of the link
      • The OSPF Hello and Dead intervals for the link
      • The OSPF area within which the link resides
      • Whether or not that area is an OSPF “stub” area
      • Authentication type and keystring (if configured)

      Assuming that the conditions are met, the neighbors proceed to Two-Way, which means that the neighbor relationship has been confirmed.

      In the case of a point-to-point link (such as a serial link running HDLC or PPP), once the routers are Two-Way, they immediately proceed through Exstart, Exchange, and Loading, to Full state. Once they’ve reached Full state, their LSDBs are synchronized.

      Next time, we’ll see how we handle LSDB synchronization on multi-access media, such as Ethernet LANs and Frame Relay WANs.

      Author: Al Friebe

      OSPF, Part 1

      Published November 2, 2009 Al Friebe , Routing & Switching Leave a Comment
      Tags: ,

      Having discussed the big picture when it comes to Link-State protocols, let’s now take a more detailed look. With IP there are two Link-State protocols in use:

      • OSPF: Open Shortest Path First
      • IS-IS: Intermediate System to Intermediate System

      Both work in pretty much the same way, but because it’s more commonly used, for now we’ll focus on OSPF.

      In an OSPF router, the topology database is referred to as the Link State Database (LSDB). The LSDB contains the detailed information that a router has regarding the topology of the internetwork. Each entry in the LSDB is called a Link State Advertisement (LSA). In OSPF, there are five packet types used:

      • Hello: Used to build and maintain neighbor relationships.
      • DBD: Database Description, a summary of the LSDB.
      • LSR: Link State Request, used to request one or more missing LSAs.
      • LSU: Link State Update, used to send one or more LSAs.
      • LSAck: Link State Acknowledgement, used to acknowledge receipt of a LSU.

      When a new neighbor is found, an OSPF router’s goal is to synchronize its LSDB with that of the neighbor. By “synchronize” we mean make the LSDBs consistent, so that they contain the same LSAs. To accomplish this, the routers compare LSDBs (“You show me yours, and I’ll show you mine!”) and any LSA that a router is missing it requests from the neighbor. During this process, the neighbors proceed through the following OSPF states:

      • Down: The start of the neighbor process.
      • Init: The neighbor relationship is being initialized.
      • Two-Way: The neighbor relationship has been confirmed.
      • Exstart: The routers negotiate which sends its DBD first.
      • Exchange: The DBDs are being exchanged.
      • Loading: The LSRs and LSUs are being exchanged.
      • Full: The LSDBs are synchronized.

      Once the LSDB is complete, a router runs the Shortest Path First (SPF) algorithm, generating its routing table. In OSPF the metric is cost, and SPF finds the lowest cost path to each destination prefix. Note that SPF is where OSPF gets its name: it’s an “Open” (non-proprietary) protocol that uses SPF. The SPF algorithm is commonly referred to as “Dijkstra’s Algorithm”, after Edsger Dijkstra (pronounced Dike-stra), the computer scientist who developed it.

      After the routing tables have been generated, the network is converged. The goal is to maintain full state (LSDB synchronization) with the neighbors. Let’s say that router R1 senses a topology change, such as gaining or losing a link. It will then update the R1 LSA in its LSDB, flood a copy of the revised R1 LSA to its neighbors, and run SPF to regenerate its routing table. R1’s neighbors will acknowledge receipt of R1’s revised LSA, replace the old R1 LSA in their LSDBs with the new R1 LSA, flood the new R1 LSA to their neighbors, and run SPF. In this manner, the new R1 LSA propagates throughout the internetwork, and as it does it updates the LSDB, triggers SPF, and regenerates the routing table of each router. Once this process is complete (and it typically takes only seconds) routing is again converged.

      LSUs are sent only when changes occur (that is, they’re triggered updates), so in between LSUs a router sends periodic Hellos to reassure its neighbors of its continued presence. Since Hellos are small, they don’t take much bandwidth or CPU power to process, and can be sent relatively frequently (every few seconds is typical). Because changes are only being advertised when they occur, the result is that Link-State protocols such as OSPF scale better than Distance-Vector protocols like RIP, which periodically flood the entire routing table even in the absence of any changes.

      Next time, we’ll look at some additional details and enhancements regarding OSPF.

      Author: Al Friebe

      Routing Protocols, Part 6

      Published October 26, 2009 Al Friebe , Routing & Switching Leave a Comment
      Tags: ,

      We’ve discussed several techniques to improve the performance of Distance-Vector (D-V) protocols. With that accomplished, the next thing to do is to examine their scalability. With the D-V protocols, as the size of an internetwork grows, the number of prefixes to be advertised and stored grows, requiring greater bandwidth and RAM. Also, as the number of routing updates increases, more CPU power is required to send and receive the updates.

      Around 1990, based on the projected growth of internetworks, it became apparent that the scalability of the D-V protocols would present a problem. To deal with this, an entirely new category of routing protocols was developed: the “Link-State” protocols.

      Each Link-State router builds a topology database that contains everything that router knows about the topology of the internetwork. This information includes which IP prefixes are directly connected to which routers, and the metric information for each prefix. It’s referred to as a “Link-State” protocol because each router knows the detailed prefix (link) and metric (state) information…in other words, the state of the links.

      It’s like a jigsaw puzzle, where each router contributes a piece of the puzzle (the prefixes to which it is directly connected). The goal is to collect all of the pieces, and then assemble the puzzle.

      Each router begins by placing an entry for itself in its topology database. Next, the router uses a “hello” protocol to discover its directly connected neighbors. The neighbors then exchange topology information. When an update containing new topology information is received, the router adds that piece to its topology database, and then floods that piece. Each neighbor does the same. When this process is complete, all routers will have detailed information about the entire topology, and each router can then determine the best path from itself to each destination prefix.

      Think of the internetwork as being like a shopping mall. There’s a map near each door that shows where all the stores are. Because it’s all one mall the maps are identical, except for one thing: the “You Are Here” marker. We can use the nearest map to find the best route from where we are to each of the stores that we’d like to visit. Similarly, each router has a topology database. Because all of the routers are part of one internetwork, all of the topology databases are identical. Using its copy of the topology database, each router individually calculates the best next hop for each known destination prefix, and places this information in its routing table. At this point, routing has converged.

      There are, however, a few differences between a real Link-State protocol and our shopping mall analogy. First, the maps in the mall are diagrams, while routers keep the topology databases in table form. Second, while most shoppers are interested in visiting only a few stores within the mall (there may be exceptions), routers calculate the best next hop for all known prefixes.

      Key Point: With a Link-State protocol, what’s being advertised from one router to another is raw topology information, not routing table entries. As a result, each Link-State router knows the entire topology of the internetwork. Since the topology updates are acknowledged (making the protocol reliable), there is no need for frequent periodic updates. Instead, updates need only be sent when a topology change occurs. In between changes, the hello protocol is used to verify the continued availability of neighbors.

      Next time, we’ll look at Link-State protocols in more detail, including some real-world examples.

      Author: Al Friebe

      NAT and PAT – Part 4 (A New Perspective)

      Published October 19, 2009 Al Friebe , Routing & Switching Leave a Comment
      Tags:

      Many people are confused by Cisco’s NAT/PAT naming conventions, such as “inside local”, etc. Since a picture is worth a kiloword, I thought that perhaps a few diagrams might help.

      Let’s say that our host H1 has IP address 10.1.1.1/24, an RFC 1918 private address. We want to cross the Internet to access host H2, which has the public IP address 198.133.219.25, as shown in Figure 1:

      Slide1

      Because we can’t advertise RFC 1918 addresses to the public Internet, in order to make this work we’re going to perform PAT (overloading) on R1, our edge router. Let’s assume that our internal LAN, with address space 10.1.1.0/24, is connected to R1’s Ethernet 0 interface. We’ll be overloading on Serial 0, which has the IP address 64.82.100.67, in public space. To accomplish the translation, the commands would be:

      • R1(config)#access-list 1 permit 10.1.1.0 0.0.0.255
      • R1(config)#ip nat inside source list 1interface serial 0 overload
      • R1(config)#int e0
      • R1(config-if)#ip nat inside
      • R1(config-if)#int s0
      • R1(config-if)#ip nat outside

      Figure 2 summarizes the situation at this point:

      Slide2

      Inside and Outside: These refer to the physical location of the device whose address is being referenced. The physical locations were unambiguously defined by configuring the appropriate router interfaces with these commands:

      • ip nat inside
      • ip nat outside

      In our example, R1 is doing the translation, with the “inside” interface attached to our LAN, and the “outside” interface on the WAN link to our service provider.

      Key point: Because of the way we have configured R1’s interfaces, “inside” is defined to mean “located on our side of R1”, and “outside” means “located on the far side of R1”.

      Local and Global: These refer to the perspective (viewpoint) from which the address is being observed, not where the device is located.

      Key point: In our example, “local” is defined to mean “looking at it from our side of R1”, and “global” means “looking at it from the far side of R1”.

      Yeah, yeah…but what about “inside local”? The key to the jargon is to realize that it describes what we’re looking at, and from where in that order. It’s location-perspective. In other words, “inside local” means that we’re looking at the address of an “inside” device (on our side of our router), from our “local” perspective (from our side of our router). Given the two locations (inside and outside), and the two perspectives (local and global), there are four possibilities:

      • Inside Local
      • Inside Global
      • Outside Local
      • Outside Global

      We’ll discuss each of these in turn. Since humans can’t actually see the packets as they traverse the media, by “looking” we mean what we would “see” if we were to install protocol analyzers “locally” and “globally”, and examine the addresses within the packets’ IP headers. Since I can’t draw a protocol analyzer, in the diagrams I’ll use an “X-ray eyeball” that’s able to see the packet headers.

      Inside Local: Viewing an “inside” device from the “local” perspective, as shown in Figure 3. This is how we see the IP address of H1 from our side of R1. In our example, the “inside local” address is 10.1.1.1, which is the actual address of H1.

      Slide3

      Inside Global: Viewing an “inside” device from the “global” perspective, as shown in Figure 4. This is how the Internet sees the IP address of H1. In our example, the “inside global” address is 64.82.100.67, the translated address of H1.

      Slide4

      Outside Local: Viewing an “outside” device from the “local” perspective, as shown in Figure 5. This is how H1 sees the IP address of H2. In our example, the “outside local” address is 198.133.219.25, which is not being translated.

      Slide5

      Outside Global: Viewing an “outside” device from the “global” perspective, as shown in Figure 6. This is how the Internet sees the IP address of H2. In our example, the “outside global” address is 198.133.219.25, which is H2’s actual address.

      Slide6

      Since in our example we’re not translating the destination address on the way out (nor the source address on the way back), the “outside local” and “outside global” addresses are identical. Figure 7 shows our current situation, including the four combinations of location and perspective, along with the corresponding addresses.

      Slide7

      Key point: It’s possible that NAT/PAT is also being done on H2’s side, but there is no way we can tell that from our side. If so, they would have their own versions of inside/ outside and local/global that have nothing whatsoever to do with ours.

      No matter what terms Cisco chose to use, it would boil down to the same location-perspective issue.  So it is what it is, and that’s “what we’re looking at, and from where.

      And, yes, I still often put my fingers on the diagram and talk to myself when figuring this stuff out. “Inside global…so we’re talking about the inside stuff” while my left hand is pointing to the LAN…“from the global perspective” …my right hand is pointing to the Internet, and sliding from right to left to show the direction I’m looking.

      By the way, although we used PAT (overloading) in our example, the “location-perspective” terms work the same way for static and dynamic NAT.

      Author: Al Friebe

      Routing Protocols – Part 5

      Published October 14, 2009 Al Friebe , Routing & Switching Comment
      Tags: ,

      Continuing on with our discussion of improvements to Distance-Vector protocols, we were about to discuss hold down timers. Here’s our topology:
      Routing_Part5_Fig1

      Let’s go back to the initial conditions, where the 10.1.0.0/16 subnet was reachable. At that point, we had:

      • R1 sees 10.1.0.0/16 as directly connected (zero hops)
      • R2 sees 10.1.0.0/16 as reachable via R1 (one hop)
      • R3 sees 10.1.0.0/16 as reachable via R1 (one hop)

      Since R2 and R3 consider R1 to be their best next hop to reach 10.1.0.0/16, per the split-horizon rule neither R2 nor R3 is advertising 10.1.0.0/16 to R1, but they are advertising it to each other. Let’s assume that R1 loses its connection to the 10.1.0.0/16 subnet, we then have:

      • R1 sees 10.1.0.0/16 as unreachable
      • R2 sees 10.1.0.0/16 as reachable via R1 (one hop)
      • R3 sees 10.1.0.0/16 as reachable via R1 (one hop)

      Notice that R2 and R3 are currently mistaken as to the state of 10.1.0.0/16. At this time, R1 sends flash updates to R2 and R3, poisoning the route to 10.1.0.0/16. Let’s imagine that R2 processes the flash update prior to R3. Upon receipt of a poisoned update, a router will place the prefix into “hold down”, meaning that it will:

      • Start a hold down timer for that prefix
      • Mark the prefix as “possibly down”
      • Flood poison updates for the prefix
      • Continue routing packets for that prefix as before
      • Ignore updates for the prefix, unless the metric is better than before

      The route stays in hold down until either the hold down timer expires, or a route for that prefix with a better metric is learned.

      When a route is in hold down, packets for the prefix are routed as before, in case the route has come back up. The situation at this moment is:

      • R1 sees 10.1.0.0/16 as unreachable
      • R2 sees 10.1.0.0/16 as “possibly down” via R1 (one hop)
      • R3 sees 10.1.0.0/16 as reachable via R1 (one hop)

      Notice R2 now has 10.1.0.0/16 in hold down, and that R3 is currently mistaken. Let’s imagine that just before processing the flash update it received from R1, R3’s periodic update timer expires, and R3 sends its routing table to R2. Since 10.1.0.0/16 is in hold down on R2, the update from R3 (with a metric of two hops, worse than R2’s previous best metric of one hop) is ignored. Thus, the situation remains:

      • R1 sees 10.1.0.0/16 as unreachable
      • R2 sees 10.1.0.0/16 as “possibly down” via R1 (one hop)
      • R3 sees 10.1.0.0/16 as reachable via R1 (one hop)

      Shortly thereafter, R3 processes the triggered update it received from R1, and also places 10.1.0.0/16 in hold down. The situation is now:

      • R1 sees 10.1.0.0/16 as unreachable
      • R2 sees 10.1.0.0/16 as “possibly down” via R1 (one hop)
      • R3 sees 10.1.0.0/16 as “possibly down” via R1 (one hop)

      In accordance with the hold down rules, any packets received by either R2 or R3 that are bound for 10.1.0.0/16 will still be forwarded to R1, which will drop them or forward them depending on the actual state of that prefix. Obviously, no routing loop exists, but since neither R2 nor R3 is sure of the topology, the network is not yet converged.

      Eventually the hold down timers on R2 and R3 will expire. At that point, either 10.1.0.0/16 is reachable, or it is not. If it’s reachable, R1 will be periodically advertising it to R2 and R3, which will restore it to their routing tables as a normal route. If it’s not reachable, both R2 and R3 will remove it from their routing tables when their flush timers expire. Either way, shortly after the hold down timers expire, the network will be converged.

      We’ve looked at six techniques for improving the performance of Distance-Vector routing protocols, including:

      • Defining a Maximum
      • Split Horizon
      • Route Poisoning
      • Poison Reverse
      • Triggered Updates
      • Hold Down Timers

      In Cisco’s implementation of RIP, which uses all six techniques, the default values of the timers are:

      • Update – 30 seconds
      • Invalid – 180 seconds
      • Hold Down – 180 seconds
      • Flush – 240 seconds

      The timers can be viewed with the show ip protocols command, and changed under the RIP routing process with the timers basic command.

      Author: Al Friebe

      Next Page »

      Subscribe in a Reader

      Subscribe by Email

      Follow us on Twitter

      Featured Courses