1. Trang chủ
  2. » Công Nghệ Thông Tin

Distance Vector vs. Link State docx

125 1K 2

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 125
Dung lượng 3,68 MB

Nội dung

Distance Vector vs Link State B A C D X E Distance Vector Link State Hybrid Routing by rumor Route table Topology Periodic Update Incremental Update Distance Vector vs Link State Distance Vector • Updates frequently • Each router is "aware" only of its immediate neighbors • Slow convergence • Prone to routing loops • Easy to configure Link State • Updates are event triggered • Each router is "aware" of all other routers in the "area" • Fast convergence • Less subject to routing loops • More difficult to configure Comparison Continued Distance Vector • Fewer router resources required • Updates require more bandwidth • Does not "understand" the topology of the network Link State • More router resource intensive • Updates require less bandwidth • Has detailed knowledge of distant networks and routers Link State Example OSPF IS-IS OSPF is used for corporate networks IS-IS is used for ISP’s Open Shortest Path First (OSPF)  OSPF is an open standards routing protocol  This works by using the Dijkstra algorithm  OSPF provides the following features:  Minimizes routing update traffic  Allows scalability (e.g RIP is limited to 15 hops)  Has unlimited hop count  Supports VLSM/CIDR  Allows multi-vendor deployment (open standard) Link State There are two types of Packets Hello LSA’s OSPF Hello A B • • • • C When router A starts it send Hello packet – uses 224.0.0.5 Hello packets are received by all neighbors B will write A’s name in its neighbor table C also process the same way "Hello" Packets • • • • Small frequently issued packets Discover neighbours and negotiate "adjacencies" Verify continued availability of adjacent neighbours Hello packets and Link State Advertisements (LSAs) build and maintain the topological database • Hello packets are addressed to 224.0.0.5 10 Link State Advertisement (LSA)  An OSPF data packet containing link state and routing information that is shared among OSPF routers  LSAs are shared only with routers with whom it has formed adjacencies  LSA packets are used to update and maintain the topology database 11 The ip access-group command { in | out } 113 Exercise – Standard Access List 192.168.0.5 255.255.255.252 192.168.0.9 255.255.255.252 192.168.0.33 255.255.255.240 E0 A 192.168.0.18 255.255.255.248 S0 192.168.0.17 255.255.255.248 S0 192.168.0.6 255.255.255.252 S1 S0 E0 B 192.168.0.10 255.255.255.252 192.168.0.34 255.255.255.240 Account should be denied access to Sales To steps to configure •Create a standard Access list •Apply ACL to proper interface inbound or outbound 114 Exercise – Standard Access List 192.168.0.5 255.255.255.252 192.168.0.9 255.255.255.252 192.168.0.33 255.255.255.240 E0 A 192.168.0.18 255.255.255.248 S0 192.168.0.17 255.255.255.248 S0 192.168.0.6 255.255.255.252 S1 S0 E0 B 192.168.0.10 255.255.255.252 192.168.0.34 255.255.255.240 Config# Access-list deny 192.168.0.18 0.0.0.7 Config# access-list permit any Config#int e Config-if# ip access-group out 115 Extended ACLs Extended ACLs are used more often than standard ACLs because they provide a greater range of control Extended ACLs check the source and destination packet addresses as well as being able to check for protocols and port numbers At the end of the extended ACL statement, additional precision is gained from a field that specifies the optional Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port number Logical operations may be specified such as, equal (eq), not equal (neq), greater than (gt), and less than (lt), that the extended ACL will perform on specific protocols Extended ACLs use an access-list-number in the range 100 to 199 (also from 2000 to 2699 in recent IOS) 116 Configuration • • • • • Access-list acl# {permit/Deny} • IP Protocol – – – – – OSPF EIGRP ICMP TCP UDP Protocol Src IP src WCM Dst IP dst WCM Opetrator port RP If you need to Block a routing protocol • Operator – – – – eq gt lt neq 117 Testing Packets with Extended Access Lists Extended ACL Syntax 119 Extended ACL LAB -2 192.168.0.5 255.255.255.252 E0 192.168.0.17 255.255.255.248 S0 192.168.0.9 255.255.255.252 S0 192.168.0.6 255.255.255.252 S1 S0 192.168.0.10 255.255.255.252 A E0 B 192.168.0.33 255.255.255.240 192.168.0.34 255.255.255.240 192.168.0.18 255.255.255.248 192.168.0.34 should be denied FTP of 192.168.0.18 192.168.0.18 should be denied website of 192.168.0.34 On Router R1 Config# Access-list 100 deny tcp 192.168.0.34 0.0.0.0 192.168.0.18 0.0.0.0 eq 21 Config# access-list 100 permit IP any any On Router R3 Config# Access-list 100 deny tcp 192.168 0.18 0.0.0.0 192.168.0.34 0.0.0.0 eq 80 Config# access-list 100 permit IP any any Config#int s0 Config-if# ip access-group 100 IN Config#int s0 Config-if# ip access-group 100 IN 121 Deny FTP access-list 101 deny tcp any any eq 21 access-list 101 permit ip any any or access-list 101 deny tcp any any eq ftp access-list 101 permit ip any any 122 Rules For extended access list apply near to the source For standard access list apply near to the destination 123 Named ACLs IP named ACLs were introduced in Cisco IOS Software Release 11.2, allowing standard and extended ACLs to be given names instead of numbers The characteristics of named accesslist:     Identify an ACL using an alphanumeric name You can delete individual statements in a named access list Named access lists must be specified as standard or extended You can use the ip access-list command to create named access lists Named ACLs are not compatible with Cisco IOS releases prior to Release 11.2 The same name may not be used for multiple ACLs 124 Named ACL’s  Numbered Access list did not give you any hint, What is filtered  Named ACL’s are both basic and advanced filtering tool  Name cannot start with a number or !  Cannot have space in the name  Should not have ? Character anywhere in the name  Name is case sensitive 125 Named ACL Example R1(config)#ip access-list standard blocksales • • • • • R1(config-std-nacl)#deny 172.16.40.0 0.0.0.255 R1(config-std-nacl)#permit any R1(config-std-nacl)#exit R1(config)#^Z R1# #Int e #Ip access-group blocksales out 126 Verify Access List 127 Basic Rules for ACLs Standard IP access lists should be applied closest to the destination Extended IP access lists should be applied closest to the source Use the inbound or outbound interface reference as if looking at the port from inside the router  Statements are processed sequentially from the top of list to the bottom until a match is found, if no match is found then the packet is denied  There is an implicit deny at the end of all access lists This will not appear in the configuration listing  Access list entries should filter in the order from specific to general Specific hosts should be denied first, and groups or general filters should come last  Never work with an access list that is actively applied  New lines are always added to the end of the access list  A no access-list x command will remove the whole list It is not possible to selectively add and remove lines with numbered ACLs  Outbound filters not affect traffic originating from the local router    128 .. .Distance Vector vs Link State Distance Vector • Updates frequently • Each router is "aware" only of its immediate neighbors • Slow convergence • Prone to routing loops • Easy to configure Link. .. and Link State Advertisements (LSAs) build and maintain the topological database • Hello packets are addressed to 224.0.0.5 10 Link State Advertisement (LSA)  An OSPF data packet containing link. .. configure Comparison Continued Distance Vector • Fewer router resources required • Updates require more bandwidth • Does not "understand" the topology of the network Link State • More router resource

Ngày đăng: 06/03/2014, 07:20

TỪ KHÓA LIÊN QUAN

w