Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam. CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2, Fifth Edition from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Expert instructors Narbik Kocharians and Terry Vinson share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. This second of two volumes covers IP BGP routing, quality of service (QoS), wide area networks, IP multicast, network security, and Multiprotocol Label Switching (MPLS) topics. This complete study package includes --- A test-preparation routine proven to help you pass the exams --- Do I Know This Already? quizzes, which enable you to decide how much time you need to spend on each section --- Chapter-ending exercises, which help you drill on key concepts you must know thoroughly --- The powerful Pearson IT Certification Practice Test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports --- A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies --- Study plan suggestions and templates to help you organize and optimize your study time Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success. The official study guide helps you master topics on the CCIE Routing and Switching v5.0 exams, including: --- BGP operations and routing policies --- QoS --- WANs --- IP Multicast --- Device and network security and tunneling technologies --- MPLS CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2, Fifth Edition is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining. The print edition of the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2, Fifth Edition contains more than 200 practice exam questions. Also available from Cisco Press for Cisco CCIE R&S v5.0 study is the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2 Premium Edition eBook and Practice Test, Fifth Edition. This digital-only certification preparation product combines an eBook with enhanced Pearson IT Certification Practice Test. This integrated learning package: --- Allows you to focus on individual topic areas or take complete, timed exams --- Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions --- Provides additional unique sets of exam-realistic practice questions --- Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most This print book includes a 70% discount offer off the list price of the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2 Premium Edition eBook and Practice Test, Fifth Edition to help enhance your exam preparation experience.
Trang 1The Cisco Certified Internetwork Expert (CCIE) certification might be the most challenging and prestigious of all networking certifications It has received numerous awards and certainly has built a reputation as one of the most difficult certifications to earn in all of the technology world Having a CCIE certification opens doors professionally, typically results in higher pay, and looks great on a résumé.
Cisco currently offers several CCIE certifications This book covers the version 5.0 exam blueprint topics of the written exam for the CCIE Routing and
Switching certification The following list details the currently available CCIE certifications at the time of this book’s publication;
check www.cisco.com/go/ccie for the latest information The certifications are listed in the order in which they appear on the web page:
CCDE
CCIE Collaboration CCIE Data Center
CCIE Routing & Switching CCIE Security
CCIE Service Provider
CCIE Service Provider Operations CCIE Wireless
Each of the CCDE and CCIE certifications requires the candidate to pass both awritten exam and a one-day, hands-on lab exam The written exam is intended to test your knowledge of theory, protocols, and configuration concepts that follow good design practices The lab exam proves that you can configure and troubleshoot actual gear.
WHY SHOULD I TAKE THE CCIE ROUTING AND SWITCHING WRITTEN EXAM?
The first and most obvious reason to take the CCIE Routing and Switching written exam is that it is the first step toward obtaining the CCIE Routing and Switching certification Also, you cannot schedule a CCIE lab exam until you pass the corresponding written exam In short, if you want all the professional benefits of a CCIE Routing and Switching certification, you start by passing the written exam.
The benefits of getting a CCIE certification are varied, among which are the following:
Better pay
Career-advancement opportunities
Trang 2Applies to certain minimum requirements for Cisco Silver and Gold Channel Partners, as well as those seeking Master Specialization, making you more valuable to Channel Partners
Better movement through the problem-resolution process when calling the Cisco TAC
at www.cisco.com/go/certifications.
CCIE ROUTING AND SWITCHING WRITTEN EXAM 400-101
The CCIE Routing and Switching written exam, at the time of this writing,
consists of a two-hour exam administered at a proctored exam facility affiliated with Pearson VUE (www.vue.com/cisco) The exam typically includes
approximately 100 multiple-choice questions No simulation questions are currently part of the written exam.
As with most exams, everyone wants to know what is on the exam Cisco provides general guidance as to topics on the exam in the CCIE Routing and Switching written exam blueprint, the most recent copy of which can be accessed from www.cisco.com/go/ccie.
Cisco changes both the CCIE written and lab blueprints over time, but Cisco seldom, if ever, changes the exam numbers However, exactly this change occurred when the CCIE Routing and Switching blueprint was refreshed for v5.0 The previous written exam for v4.0 was numbered as 350-001; the v5.0 written exam is identified by 400-101.
The CCIE Routing and Switching written exam blueprint 5.0, as of the time of publication, is listed in Table I-1 Table I-1 also lists the chapters that cover each topic.
Trang 21Table I-1 CCIE Routing and Switching Written Exam Blueprint
To give you practice on these topics, and pull the topics together, Edition 5 of
the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2 includes a
large set of CD questions that mirror the types of questions expected for the Version 5.0 blueprint By their very nature, these topics require the application of the knowledge listed throughout the book This special section of questions provides a means to learn and practice these skills with a proportionally larger set of questions added specifically for this purpose.
These questions will be available to you in the practice test engine database, whether you take full exams or choose questions by category.
ABOUT THE CCIE ROUTING AND SWITCHING V5.0
OFFICIAL CERT EXAM GUIDE, VOLUME 2, FIFTH
This section provides a brief insight into the contents of the book, the major goals, and some of the book features that you will encounter when using this book.
Trang 22BOOK ORGANIZATION
This volume contains six major parts Beyond the chapters in these parts of the book, you will find several useful appendixes gathered in Part VIII.
Following is a description of each part’s coverage:
Part I, “IP BGP Routing” (Chapters 1 and 2): This part focuses on the
details of BGP (Chapter 1), with Chapter 2 looking at BGP path attributes and how to influence BGP’s choice of best path.
Part II, “QoS” (Chapters 3–5): This part covers the more popular QoS
tools, including some MQC-based tools, as well as several older tools,
particularly FRTS The chapters include coverage of classification and marking (Chapter 3), queuing and congestion avoidance (Chapter 4), plus shaping, policing, and link efficiency (Chapter 5).
Part III, “Wide-Area Networks” (Chapter 6): The WAN coverage has been
shrinking over the last few revisions to the CCIE R&S written exam Chapter 6 includes some brief coverage of PPP and Frame Relay Note that the previousversion (V4.0) and current version (V5.0) of the blueprint include another WANtopic, MPLS, which is covered in Part VI, Chapter 11.
Part IV, “IP Multicast” (Chapters 7 and 8): Chapter 7 covers multicast onLANs, including IGMP and how hosts join multicast groups Chapter 8 covers multicast WAN topics.
Part V, “Security” (Chapters 9 and 10): Given the CCIE tracks for both
Security and Voice, Cisco has a small dilemma regarding whether to cover those topics on CCIE Routing and Switching, and if so, in how much detail Thispart covers a variety of security topics appropriate for CCIE Routing and
Switching This chapter focuses on switch and router security.
Part VI, “Multiprotocol Label Switching (MPLS)” (Chapter 11): As
mentioned in the WAN section, the CCIE R&S exam’s coverage of MPLS has been growing over the last two versions of the blueprint This chapter focuses on enterprise-related topics such as core MPLS concepts and MPLS VPNs, including basic configuration.
Part VII, “Final Preparation” (Chapter 12): This part provides a set of
tools and a study plan to help you complete your preparation for the exams Part VIII, “Appendixes”:
Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes”: This appendixlists answers and explanations for the questions at the beginning of each
Appendix B, “CCIE Exam Updates”: As of the first printing of the book, this appendix contains only a few words that reference the web page for this book at www.ciscopress.com/title/9781587144912 As the blueprint evolves over time, the authors will post new materials at the website Any future printings ofthe book will include the latest newly added materials in printed form
inside Appendix B If Cisco releases a major exam update, changes to the book will be available only in a new edition of the book and not on this site.
Note
Trang 23Appendixes C through F and the Glossary are in printable, PDF format on the CD.
(CD-only) Appendix C, “Decimal-to-Binary Conversion Table”: This appendix lists the decimal values 0 through 255, with their binary equivalents.
(CD-only) Appendix D, “IP Addressing Practice”: This appendix lists several practice problems for IP subnetting and finding summary routes The
explanations to the answers use the shortcuts described in the book.
(CD-only) Appendix E, “Key Tables for CCIE Study”: This appendix lists the most important tables from the core chapters of the book The tables have much of the content removed so that you can use them as an exercise You can print the PDF and then fill in the table from memory, checking your answers against the completed tables in Appendix F.
(CD-only) Appendix F, “Solutions for Key Tables for CCIE Study”
(CD-only) Glossary: The Glossary contains the key terms listed in the book.
BOOK FEATURES
The core chapters of this book have several features that help you make the best use of your time:
“Do I Know This Already?” Quizzes: Each chapter begins with a quiz that
helps you to determine the amount of time you need to spend studying that chapter If you score yourself strictly, and you miss only one question, you might want to skip the core of the chapter and move on to the “Foundation Summary” section at the end of the chapter, which lets you review facts and spend time on other topics If you miss more than one, you might want to spendsome time reading the chapter or at least reading sections that cover topics about which you know you are weaker.
Foundation Topics: These are the core sections of each chapter They
explain the protocols, concepts, and configurations for the topics in that chapter.
Foundation Summary: The “Foundation Summary” section of this book
departs from the typical features of the “Foundation Summary” section of otherCisco Press Exam Certification Guides This section does not repeat any details from the “Foundation Topics” section; instead, it simply summarizes and lists facts related to the chapter but for which a longer or more detailed explanationis not warranted.
Key topics: Throughout the “Foundation Topics” section, a Key Topic icon
has been placed beside the most important areas for review After reading a chapter, when doing your final preparation for the exam, take the time to flip through the chapters, looking for the Key Topic icons, and review those paragraphs, tables, figures, and lists.
Fill In Key Tables from Memory: The more important tables from the
chapters have been copied to PDF files available on the CD as Appendix E The tables have most of the information removed After printing these mostly emptytables, you can use them to improve your memory of the facts in the table by trying to fill them out This tool should be useful for memorizing key facts The
Trang 24CD-only Appendix F contains the completed tables so that you can check your work.
CD-based practice exam: The companion CD contains multiple-choice
questions and a testing engine The CD includes 200 questions unique to the CD As part of your final preparation, you should practice with these questions to help you get used to the exam-taking process, as well as to help refine and prove your knowledge of the exam topics.
Special question section for the “Implement Proposed Changes to a Network” section of the Blueprint: To provide practice and perspectives on
these exam topics, a special section of questions has been developed to help you prepare for these new types of questions.
Key terms and Glossary: The more important terms mentioned in each
chapter are listed at the end of each chapter under the heading “Definitions.” The Glossary, found on the CD that comes with this book, lists all the terms from the chapters When studying each chapter, you should review the key terms, and for those terms about which you are unsure of the definition, you can review the short definitions from the Glossary.
Further Reading: Most chapters include a suggested set of books and
websites for additional study on the same topics covered in that chapter Often,these references will be useful tools for preparation for the CCIE Routing and Switching lab exam.
Next Hop Peering
Troubleshooting a BGP Route That Will Not Install in the Routing Table MP-BGP
This chapter covers what might be the single most important topic on both the CCIE Routing and Switching written and lab exams—Border Gateway Protocol (BGP) Version 4 This chapter focuses on how BGP accomplishes its
fundamental tasks:
1 Forming neighbor relationships
2 Injecting routes into BGP from some other source3 Exchanging those routes with other routers
Trang 254 Placing routes into IP routing tables
All of these BGP topics have close analogies with those of BGP’s IGP cousins, but of course there are many differences in the details.
This chapter focuses on how BGP performs its central role as a routing protocol.
“DO I KNOW THIS ALREADY?” QUIZ
Table 1-1 outlines the major headings in this chapter and the corresponding “DoI Know This Already?” quiz questions.
Table 1-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
To best use this pre-chapter assessment, remember to score yourself strictly You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.”
1 Into which of the following neighbor states must a neighbor stabilize before
BGP Update messages can be sent?
a Activeb Idle
c Connectedd Established
2 BGP neighbors check several parameters before the neighbor relationship
can be completed Which of the following is not checked?
a That the neighbor’s router ID is not duplicated with other routers
b That the neighbor command on one router matches the update source IP
address on the other router
c If eBGP, that the neighbor command points to an IP address in a connected
d That a router’s neighbor remote-as command refers to the same autonomous system number (ASN) as in the other router’s router bgp command (assuming that confederations are not used)
3 A group of BGP routers, some with iBGP and some with eBGP connections,
all use loopback IP addresses to refer to each other in
their neighbor commands Which of the following statements are false
regarding the configuration of these peers?
Trang 26a IBGP peers require a neighbor ip-address ibgp-multihop command for the
peer to become established.
b eBGP peers require a neighbor ip-address ebgp-multihop command for
the peer to become established.
c eBGP and iBGP peers cannot be placed into the same peer group.
d For eBGP peers, a router’s BGP router ID must be equal to the IP address listed in the eBGP neighbor’s neighbor command.
4 A router has routes in the IP routing table for 20.0.0.0/8, 20.1.0.0/16, and 20.1.2.0/24 BGP on this router is configured with the no auto-
summary command Which of the following is true when using the
BGP network command to cause these routes to be injected into the BGP
a The network 20.0.0.0 command would cause all three routes to be added to
the BGP table.
b The network 20.0.0.0 mask 255.0.0.0 command would cause all three
routes to be added to the BGP table.
c The network 20.1.0.0 mask 255.255.0.0 command would cause
20.1.0.0/16 and 20.1.2.0/24 to be added to the BGP table.
d The network 20.0.0.0 command would cause only 20.0.0.0/8 to be added to
the BGP table.
5 A router has configured redistribution of EIGRP routes into BGP using the command redistribute eigrp 1 route-map fred This router’s BGP
configuration includes the no auto-summary command Which of the
following are true?
a route-map fred can consider for redistribution routes listed in the IP
routing table as EIGRP-learned routes.
b route-map fred can consider for redistribution routes in the IP routing
table listed as connected routes, but only if those interfaces are matched by
EIGRP 1’s network commands.
c route-map fred can consider for redistribution routes that are listed in the
EIGRP topology table as successor routes but that are not in the IP routing table because a lower administrative distance (AD) route from a competing routing protocol exists.
d route-map fred can consider for redistribution routes listed in the IP
routing table as EIGRP-learned routes, but only if those routes also have at least one feasible successor route.
6 Using BGP, R1 has learned its best route to 9.1.0.0/16 from R3 R1 has a
neighbor connection to R2, over a point-to-point serial link using subnet
8.1.1.4/30 R1 has auto-summary configured Which of the following is true
regarding what R1 advertises to R2?
a R1 advertises only 9.0.0.0/8 to R2, and not 9.1.0.0/16.
b If the aggregate-address 9.0.0.0 255.0.0.0 BGP subcommand is
configured, R1 advertises only 9.0.0.0/8 to R2, and not 9.1.0.0/16.
Trang 27c If the network 9.0.0.0 mask 255.0.0.0 BGP subcommand is configured, R1
advertises only 9.0.0.0/8 to R2, and not 9.1.0.0/16.
d None of the other answers is correct.
7 Which of the following statements are false regarding what routes a BGP
router can advertise to a neighbor? (Assume that no confederations or route reflectors are in use.)
a To advertise a route to an eBGP peer, the route cannot have been learned
from an iBGP peer.
b To advertise a route to an iBGP peer, the route must have been learned from
an eBGP peer.
c The NEXT_HOP IP address must respond to a ping command.
d Do not advertise routes if the neighboring router’s AS is in the AS_PATH.e The route must be listed as valid in the output of the show ip
bgp command.
8 Several different routes were injected into BGP through various methods on
R1 Those routes were then advertised through iBGP to R2 R2 summarized the
routes using the aggregate-address summary-only command, and then
advertised through eBGP to R3 Which of the following are true about the ORIGIN path attribute of these routes?
a The routes injected using the network command on R1 have an ORIGIN
value of IGP.
b The routes injected using the redistribute ospf command on R1 have an
ORIGIN value of IGP.
c The routes injected using the redistribute command on R1 have an ORIGIN
value of EGP.
d The routes injected using the redistribute static command on R1 have an
ORIGIN value of incomplete.
e If the as-set option was not used, the summary route created on R2 has an
ORIGIN code of IGP.
9 Which of the following statements is true regarding the use of BGP
a With BGP synchronization enabled, a router can add an iBGP-learned route
to its IP routing table only if that same prefix is also learned through eBGP.
b With BGP synchronization enabled, a router cannot consider an
iBGP-learned route as a “best” route to that prefix unless the NEXT_HOP IP address matches an IGP route in the IP routing table.
c BGP synchronization can be safely disabled when the routers inside a single
AS either create a full mesh of BGP peers or create a hub-and-spoke to the router that learns the prefix through eBGP.
d None of the other answers is correct.
10 Which of the following statements are true regarding the operation of BGP
confederations?
Trang 28a Confederation eBGP connections act like normal (nonconfederation) eBGP connections with regard to the need for the neighbor ebgp-
multihop command for nonadjacent neighbor IP addresses.
b iBGP-learned routes are advertised over confederation eBGP connections.c A full mesh of iBGP peers inside a confederation sub-AS is not required.d None of the other answers is correct.
11 R1 is BGP peered to R2, R3, R4, and R5 inside ASN 1, with no other peer
connections inside the AS R1 is a route reflector, serving R2 and R3 only Eachrouter also has an eBGP connection, through which it learns the following routes: 1.0.0.0/8 by R1, 2.0.0.0/8 by R2, 3.0.0.0/8 by R3, 4.0.0.0/8 by R4, and 5.0.0.0/8 by R5 Which of the following are true regarding the propagation of these routes?
a NLRI 1.0.0.0/8 is forwarded by R1 to each of the other routers.b NLRI 2.0.0.0/8 is sent by R2 to R1, with R1 forwarding only to R3.
c NLRI 3.0.0.0/8 is sent by R3 to R1, with R1 forwarding to R2, R4, and R5.d NLRI 4.0.0.0/8 is sent by R4 to R1, but R1 does not forward the information
to R2 or R3.
e NLRI 5.0.0.0/8 is sent by R5 to R1; R1 reflects the route to R2 and R3, but
not to R4.
12 R1 is in confederation ASN 65001; R2 and R3 are in confederation ASN
65023 R1 is peered to R2, and R2 is peered to R3 These three routers are perceived to be in AS 1 by eBGP peers Which of the following is true regardingthe configuration of these routers?
a Each of the three routers has a router bgp 1 command.
b Both R2 and R3 need a bgp confederation peers 65001 BGP
BGP uses the BGP autonomous system path (AS_PATH) PA as its default metric
mechanism when none of the other PAs has been overly set and configured Generally speaking, BGP uses PAs to describe the characteristics of a route; this introduces and explains a wide variety of BGP PAs The AS_PATH attribute
lists the path, as defined by a sequence of autonomous system numbers
Trang 29(ASN) through which a packet must pass to reach a prefix Figure 1-1 shows an
Figure 1-1 BGP AS_PATHs and Path Vector Logic
Figure 1-1 shows a classic case of how BGP uses path vector logic to choose routes In the figure, R1 learns of two AS_PATHs by which to reach 9.0.0.0/8—through ASNs 2-3 and through ASNs 5-4-3 If none of the routers has used routing policies to influence other PAs that influence BGP’s choice of which route is best, R1 will choose the shortest AS_PATH—in this case, AS_PATH 2-3 In effect, BGP treats the AS_PATH as a vector, and the length of the vector (thenumber of ASNs in the path) determines the best route With BGP, the
term route still refers to traditional hop-by-hop IP routes, but the
term path refers to the sequence of autonomous systems used to reach a
particular destination.
This chapter follows a similar sequence as several of the IGP chapters First, the text focuses on neighbor relationships, followed by how BGP exchanges routing information with its neighbors The chapter ends with a section covering how BGP adds IP routes to a router’s IP routing table based on the BGP topology table.
Trang 30Building BGP Neighbor Relationships
BGP neighbors form a TCP connection with each neighbor, sending BGP messages over the connections—culminating in BGP Update messages that contain the routing information Each router explicitly configures its neighbors’ IP addresses, using these definitions to tell a router with which IP addresses to attempt a TCP connection Also, if a router receives a TCP connection request (toBGP port 179) from a source IP address that is not configured as a BGP
neighbor, the router rejects the request.
After the TCP connection is established, BGP begins with BGP Open messages
After a pair of BGP Open messages has been exchanged, the neighbors have reached the established state, which is the stable state of two working BGP peers At this point, BGP Update messages can be exchanged.
This section examines many of the details about protocols and configuration forBGP neighbor formation If you are already familiar with BGP, Table 1-
2 summarizes some of the key facts found in this section.
Trang 31Table 1-2 BGP Neighbor Summary Table
Internal BGP Neighbors
A BGP router considers each neighbor to be either an internal BGP (iBGP) peer or an external BGP (eBGP) peer Each BGP router resides in a single AS, so
neighbor relationships are either with other routers in the same AS (iBGP
neighbors) or with routers in other autonomous systems (eBGP neighbors) The two types of neighbors differ only slightly in regard to forming neighbor
relationships, with more significant differences in how the type of neighbor (iBGP or eBGP) impacts the BGP update process and the addition of routes to the routing tables.
Trang 32iBGP peers often use loopback interface IP addresses for BGP peering to achieve higher availability Inside a single AS, the physical topology often has at least two routes between each pair of routers If BGP peers use an interface IP address for their TCP connections, and that interface fails, there still might be a route between the two routers, but the underlying BGP TCP connection will fail Anytime two BGP peers have more than one route through which they can reach the other router, peering using loopbacks makes the most sense.Several examples that follow demonstrate BGP neighbor configuration and protocols, beginning with Example 1-1 The example shows some basic BGP configuration for iBGP peers R1, R2, and R3 in AS 123, with the following features, based on Figure 1-2.
The three routers in ASN 123 will form iBGP neighbor relationships with eachother (full mesh).
R1 will use the bgp router-id command to configure its RID, rather than use
a loopback.
R3 uses a peer-group configuration for neighbors R1 and R2 This allows
fewer configuration commands, and improves processing efficiency by having to prepare only one set of outbound Update packets for the peer group
(Identical Updates are sent to all peers in the peer group.)
The R1-R3 relationship uses BGP MD5 authentication, which is the only type of BGP authentication supported in Cisco IOS.
Trang 33Figure 1-2 Sample Network for BGP Neighbor Configuration
Example 1-1 Basic iBGP Configuration of Neighbors
Click here to view code image
! R1 Config—R1 correctly sets its update-source to 1.1.1.1 for both
Trang 34remote-as values
! match R1's router BGP
command interface Loopback1
ip address 1.1.1.1 255.255.255.255!
router bgp 123 no
synchronization
bgp router-id 111.111.111.111 bgp log-neighbor-
changes neighbor 2.2.2.2 remote-as 123
neighbor 2.2.2.2 update-source Loopback1 neighbor 3.3.3.3 remote-as 123
neighbor 3.3.3.3 password secret-pw
neighbor 3.3.3.3 update-source Loopback1 no auto-
summary
! R3 Config—R3 uses a peer group called "my-as" for combining commands related
! to R1 and R2 Note that not all parameters must be in the peer group: R3-R2 does
! not use authentication, but R3-R1 does, so the neighbor password
router bgp 123
no synchronization
bgp log-neighbor-changes neighbor my-as peer-
group neighbor my-as remote-as
123 neighbor my-as update-source
Loopback1 neighbor 1.1.1.1 peer-group my-as
neighbor 1.1.1.1 password
secret-pw neighbor 2.2.2.2 peer-group my-as
Trang 35the output, under
! the heading State/PfxRcd Once established, that column lists thenumber of
! prefixes learned via BGP Updates received from each peer Note also R1's
! configured RID, and the fact that it is not used as the update source
3.3.3.3 4 123 64 64 0 0 0 00:11:14 0
A few features in Example 1-1 are particularly important First, note that the configuration does not overtly define peers as iBGP or eBGP Instead, each
router examines its own ASN as defined in the router bgp command, and compares that value to the neighbor’s ASN listed in the neighbor remote-as command If they match, the peer is iBGP; if not, the peer is eBGP.
R3 in Example 1-1 shows how to use the peer-group construct to reduce the number of configuration commands BGP peer groups do not allow any new BGP configuration settings; they simply allow you to group BGP neighbor configuration settings into a group, and then apply that set of settings to a
neighbor using the neighbor peer-group command Additionally, BGP builds
one set of Update messages for the peer group, applying routing policies for the entire group—rather than one router at a time—thereby reducing some BGP processing and memory overhead.
the neighbor commands.
When IP redundancy exists between two eBGP peers, the
eBGP neighbor commands should use loopback IP addresses to take
advantage of that redundancy For example, two parallel links exist between R3
and R4 With neighbor commands that reference loopback addresses, either of
these links could fail, but the TCP connection would remain Example
1-2 shows additional configuration for the network in Figure 1-1-2, showing the useof loopbacks between R3 and R4, and interface addresses between R1 and R6.
Example 1-2 Basic eBGP Configuration of Neighbors
Trang 36Click here to view code image
! R1 Config -This example shows only commands added since Example 1-1
Routing entry for 172.16.16.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Serial0/0/0.6
Route metric is 0, traffic share count is 1
R1# show ip int brief | include 0/0/0.6
Serial0/0/0.6 172.16.16.1 YES manual up up
! R3 Config—Because R3 refers to R4's loopback (4.4.4.4), and R4 isan eBGP
! peer, R3 and R4 have added the neighbor ebgp-multihop command to
2.2.2.2 4 123 263 263 0 0 0
Trang 3703:15:07 0
4.4.4.4 4 45 17 17 0 0 0 00:00:11 0
R3# show tcp brief
TCB Local Address Foreign Address (state)649DD08C 3.3.3.3.179 2.2.2.2.43521 ESTAB649DD550 3.3.3.3.179 1.1.1.1.27222 ESTAB647D928C 3.3.3.3.21449 4.4.4.4.179 ESTAB
The eBGP configurations differ from iBGP configuration in a couple of small
ways First, the neighbor remote-as commands refer to a different AS than does the router bgp command, which implies that the peer is an eBGP peer Second, R3 had to configure the neighbor 4.4.4.4 ebgp-multihop
2 command (and R4 with a similar command) or the peer connection would not
have formed For eBGP connections, Cisco IOS defaults the IP packet’s TTL field to a value of 1, based on the assumption that the interface IP addresses will be used for peering (like R1-R6 in Example 1-2) In this example, if R3 had not used multihop, it would have sent packets to R4 with TTL 1 R4 would have received the packet (TTL 1 at that point) and then attempted to route the
packet to its loopback interface—a process that would decrement the TTL to 0, causing R4 to drop the packet So, even though the router is only one hop away, think of the loopback as being on the other side of the router, requiring that extra hop.
Checks Before Becoming BGP Neighbors
Similar to IGPs, BGP checks certain requirements before another router can become a neighbor, reaching the BGP established state Most of the settings arestraightforward; the only tricky part relates to the use of IP addresses The following list describes the checks that BGP performs when forming neighbor relationships:
1 The router must receive a TCP connection request with a source address that the router finds in a BGP neighbor command.
2 A router’s ASN (on the router bgp asn command) must match the
neighboring router’s reference to that ASN with its neighbor
remote-as remote-asn command (This requirement is not true of confederation
Step 2 uses the neighbor command R1 identified as part of Step 1.
Trang 38Figure 1-3 BGP Neighbor Parameter Checking
In Figure 1-3, R3 initiates a TCP connection with its update source IP address (3.3.3.3) as the source address of the packet The first check occurs when R1 receives the first packet, looks at the source IP address of the packet (3.3.3.3),
and finds that address in a neighbor command The second check has R1
comparing R3’s stated ASN (in R3’s BGP Open message) to
R1’s neighbor command it identified at Step 1 Step 3 checks to ensure that
the BGP RIDs are unique, with the BGP Open message stating the sender’s BGP RID.
While the check at Step 1 might seem intuitive, interestingly, the reverse bit of logic does not have to be true for the neighbors to come up For example, if R1
did not have a neighbor 3.3.3.3 update-source 1.1.1.1 command, the
process shown in Figure 1-3 would still work Succinctly put, only one of the two routers’ update source IP addresses needs to be in the other
router’s neighbor command for the neighbor to come up Examples 1 and
1-2 showed the correct update source on both routers, and that makes good sense, but it works with only one of the two.
Trang 39BGP uses a keepalive timer to define how often that router sends BGP keepalive messages, and a Hold timer to define how long a router will wait
without receiving a keep-alive message before resetting a neighbor connection.The Open message includes each router’s stated keepalive timer If they do not match, each router uses the lower of the values for each of the two timers,
respectively Mismatched settings do not prevent the routers from becoming neighbors.
BGP Messages and Neighbor States
The desired state for BGP neighbors is the established state In that state, the routers have formed a TCP connection, and they have exchanged Open
messages, with the parameter checks having passed At this point, topology information can be exchanged using Update messages Table 1-3 lists the BGP neighbor states, along with some of their characteristics Note that if the IP addresses mismatch, the neighbors settle into an active state.
Table 1-3 BGP Neighbor States
BGP Message Types
BGP uses four basic messages Table 1-4 lists the message types and provides abrief description of each.
Trang 40Table 1-4 BGP Message Types
Purposefully Resetting BGP Peer Connections
Example 1-3 shows how to reset neighbor connections by using the neighbor
shutdown command and, along the way, shows the various BGP neighbor
states The example uses Routers R1 and R6 from Figure 1-2, as configured in Example 1-2.
Example 1-3 Examples of Neighbor States
Click here to view code image
! R1 shuts down R6's peer connection debug ip bgp shows moving to
! Next, the no neighbor shutdown command reverses the admin state