Ccie switching and routing v5 0 official cert guide volume 2

Trust the best selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam. CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2, Fifth Edition from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Expert instructors Narbik Kocharians and Terry Vinson share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. This second of two volumes covers IP BGP routing, quality of service (QoS), wide area networks, IP multicast, network security, and Multiprotocol Label Switching (MPLS) topics. This complete study package includes --- A test-preparation routine proven to help you pass the exams --- Do I Know This Already? quizzes, which enable you to decide how much time you need to spend on each section --- Chapter-ending exercises, which help you drill on key concepts you must know thoroughly --- The powerful Pearson IT Certification Practice Test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports --- A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies --- Study plan suggestions and templates to help you organize and optimize your study time Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success. The official study guide helps you master topics on the CCIE Routing and Switching v5.0 exams, including: --- BGP operations and routing policies --- QoS --- WANs --- IP Multicast --- Device and network security and tunneling technologies --- MPLS CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2, Fifth Edition is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining. The print edition of the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2, Fifth Edition contains more than 200 practice exam questions. Also available from Cisco Press for Cisco CCIE R&S v5.0 study is the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2 Premium Edition eBook and Practice Test, Fifth Edition. This digital-only certification preparation product combines an eBook with enhanced Pearson IT Certification Practice Test. This integrated learning package: --- Allows you to focus on individual topic areas or take complete, timed exams --- Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions --- Provides additional unique sets of exam-realistic practice questions --- Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most This print book includes a 70% discount offer off the list price of the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2 Premium Edition eBook and Practice Test, Fifth Edition to help enhance your exam preparation experience.

The Cisco Certified Internetwork Expert (CCIE) certification might be the most challenging and prestigious of all networking certifications It has received numerous awards and certainly has built a reputation as one of the most

difficult certifications to earn in all of the technology world Having a CCIE certification opens doors professionally, typically results in higher pay, and looks great on a résumé

Cisco currently offers several CCIE certifications This book covers the version 5.0 exam blueprint topics of the written exam for the CCIE Routing and

Switching certification The following list details the currently available CCIE certifications at the time of this book’s publication;

check www.cisco.com/go/ccie for the latest information The certifications are listed in the order in which they appear on the web page:

CCDE

CCIE Collaboration

CCIE Data Center

CCIE Routing & Switching

CCIE Security

CCIE Service Provider

CCIE Service Provider Operations

WHY SHOULD I TAKE THE CCIE ROUTING AND

SWITCHING WRITTEN EXAM?

The first and most obvious reason to take the CCIE Routing and Switching

written exam is that it is the first step toward obtaining the CCIE Routing and Switching certification Also, you cannot schedule a CCIE lab exam until you pass the corresponding written exam In short, if you want all the professional benefits of a CCIE Routing and Switching certification, you start by passing the written exam

The benefits of getting a CCIE certification are varied, among which are the following:

Better pay

Career-advancement opportunities

Applies to certain minimum requirements for Cisco Silver and Gold Channel Partners, as well as those seeking Master Specialization, making you more valuable to Channel Partners

Better movement through the problem-resolution process when calling the Cisco TAC

at www.cisco.com/go/certifications

CCIE ROUTING AND SWITCHING WRITTEN EXAM 400-101

The CCIE Routing and Switching written exam, at the time of this writing,

consists of a two-hour exam administered at a proctored exam facility affiliated with Pearson VUE (www.vue.com/cisco) The exam typically includes

approximately 100 multiple-choice questions No simulation questions are currently part of the written exam

As with most exams, everyone wants to know what is on the exam Cisco

provides general guidance as to topics on the exam in the CCIE Routing and Switching written exam blueprint, the most recent copy of which can be

accessed from www.cisco.com/go/ccie

Cisco changes both the CCIE written and lab blueprints over time, but Cisco seldom, if ever, changes the exam numbers However, exactly this change occurred when the CCIE Routing and Switching blueprint was refreshed for v5.0 The previous written exam for v4.0 was numbered as 350-001; the v5.0 written exam is identified by 400-101

The CCIE Routing and Switching written exam blueprint 5.0, as of the time of publication, is listed in Table I-1 Table I-1 also lists the chapters that cover each topic

Table I-1 CCIE Routing and Switching Written Exam Blueprint

To give you practice on these topics, and pull the topics together, Edition 5 of

the CCIE Routing and Switching v5.0 Official Cert Guide, Volume 2 includes a

large set of CD questions that mirror the types of questions expected for the Version 5.0 blueprint By their very nature, these topics require the application

of the knowledge listed throughout the book This special section of questions provides a means to learn and practice these skills with a proportionally larger set of questions added specifically for this purpose

These questions will be available to you in the practice test engine database, whether you take full exams or choose questions by category

ABOUT THE CCIE ROUTING AND SWITCHING V5.0

OFFICIAL CERT EXAM GUIDE, VOLUME 2, FIFTH

EDITION

This section provides a brief insight into the contents of the book, the major goals, and some of the book features that you will encounter when using this book

BOOK ORGANIZATION

This volume contains six major parts Beyond the chapters in these parts of the book, you will find several useful appendixes gathered in Part VIII

Following is a description of each part’s coverage:

Part I, “ IP BGP Routing ” ( Chapters 1 and 2 ): This part focuses on the

details of BGP (Chapter 1), with Chapter 2 looking at BGP path attributes and how to influence BGP’s choice of best path

Part II, “ QoS ” ( Chapters 3 – 5 ): This part covers the more popular QoS

tools, including some MQC-based tools, as well as several older tools,

particularly FRTS The chapters include coverage of classification and marking (Chapter 3), queuing and congestion avoidance (Chapter 4), plus shaping, policing, and link efficiency (Chapter 5)

Part III, “ Wide-Area Networks ” ( Chapter 6 ): The WAN coverage has been

shrinking over the last few revisions to the CCIE R&S written exam Chapter

6 includes some brief coverage of PPP and Frame Relay Note that the previousversion (V4.0) and current version (V5.0) of the blueprint include another WANtopic, MPLS, which is covered in Part VI, Chapter 11

Part IV, “ IP Multicast ” ( Chapters 7 and 8 ): Chapter 7 covers multicast onLANs, including IGMP and how hosts join multicast groups Chapter 8 covers multicast WAN topics

Part V, “ Security ” ( Chapters 9 and 10 ): Given the CCIE tracks for both

Security and Voice, Cisco has a small dilemma regarding whether to cover those topics on CCIE Routing and Switching, and if so, in how much detail Thispart covers a variety of security topics appropriate for CCIE Routing and

Switching This chapter focuses on switch and router security

Part VI, “ Multiprotocol Label Switching (MPLS) ” ( Chapter 11 ): As

mentioned in the WAN section, the CCIE R&S exam’s coverage of MPLS has been growing over the last two versions of the blueprint This chapter focuses

on enterprise-related topics such as core MPLS concepts and MPLS VPNs, including basic configuration

Part VII, “ Final Preparation ” ( Chapter 12 ): This part provides a set of

tools and a study plan to help you complete your preparation for the exams Part VIII, “ Appendixes ”:

Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes”: This appendixlists answers and explanations for the questions at the beginning of each

inside Appendix B If Cisco releases a major exam update, changes to the book will be available only in a new edition of the book and not on this site

Note

Appendixes C through F and the Glossary are in printable, PDF format on the CD.

(CD-only) Appendix C, “Decimal-to-Binary Conversion Table”: This appendix lists the decimal values 0 through 255, with their binary equivalents

(CD-only) Appendix D, “IP Addressing Practice”: This appendix lists several practice problems for IP subnetting and finding summary routes The

explanations to the answers use the shortcuts described in the book

(CD-only) Appendix E, “Key Tables for CCIE Study”: This appendix lists the most important tables from the core chapters of the book The tables have much of the content removed so that you can use them as an exercise You can print the PDF and then fill in the table from memory, checking your answers against the completed tables in Appendix F

(CD-only) Appendix F, “Solutions for Key Tables for CCIE Study”

(CD-only) Glossary: The Glossary contains the key terms listed in the book

BOOK FEATURES

The core chapters of this book have several features that help you make the best use of your time:

“Do I Know This Already?” Quizzes: Each chapter begins with a quiz that

helps you to determine the amount of time you need to spend studying that chapter If you score yourself strictly, and you miss only one question, you might want to skip the core of the chapter and move on to the “Foundation Summary” section at the end of the chapter, which lets you review facts and spend time on other topics If you miss more than one, you might want to spendsome time reading the chapter or at least reading sections that cover topics about which you know you are weaker

Foundation Topics: These are the core sections of each chapter They

explain the protocols, concepts, and configurations for the topics in that

chapter

Foundation Summary: The “Foundation Summary” section of this book

departs from the typical features of the “Foundation Summary” section of otherCisco Press Exam Certification Guides This section does not repeat any details from the “Foundation Topics” section; instead, it simply summarizes and lists facts related to the chapter but for which a longer or more detailed explanation

is not warranted

Key topics: Throughout the “Foundation Topics” section, a Key Topic icon

has been placed beside the most important areas for review After reading a chapter, when doing your final preparation for the exam, take the time to flip through the chapters, looking for the Key Topic icons, and review those

paragraphs, tables, figures, and lists

Fill In Key Tables from Memory: The more important tables from the

chapters have been copied to PDF files available on the CD as Appendix E The tables have most of the information removed After printing these mostly emptytables, you can use them to improve your memory of the facts in the table by trying to fill them out This tool should be useful for memorizing key facts The

CD-only Appendix F contains the completed tables so that you can check your work.

CD-based practice exam: The companion CD contains multiple-choice

questions and a testing engine The CD includes 200 questions unique to the

CD As part of your final preparation, you should practice with these questions

to help you get used to the exam-taking process, as well as to help refine and prove your knowledge of the exam topics

Special question section for the “Implement Proposed Changes to a Network” section of the Blueprint: To provide practice and perspectives on

these exam topics, a special section of questions has been developed to help you prepare for these new types of questions

Key terms and Glossary: The more important terms mentioned in each

chapter are listed at the end of each chapter under the heading “Definitions.” The Glossary, found on the CD that comes with this book, lists all the terms from the chapters When studying each chapter, you should review the key terms, and for those terms about which you are unsure of the definition, you can review the short definitions from the Glossary

Further Reading: Most chapters include a suggested set of books and

websites for additional study on the same topics covered in that chapter Often,these references will be useful tools for preparation for the CCIE Routing and Switching lab exam

Part I: IP BGP Routing

Chapter 1 Fundamentals of BGP Operations

Blueprint topics covered in this chapter:

This chapter covers the following subtopics from the Cisco CCIE Routing and Switching written exam blueprint Refer to the full blueprint in Table I-1 in the Introduction for more details on the topics covered in each chapter and their context within the blueprint

fundamental tasks:

1 Forming neighbor relationships

2 Injecting routes into BGP from some other source

3 Exchanging those routes with other routers

4 Placing routes into IP routing tables

All of these BGP topics have close analogies with those of BGP’s IGP cousins, but of course there are many differences in the details

This chapter focuses on how BGP performs its central role as a routing

protocol

“DO I KNOW THIS ALREADY?” QUIZ

Table 1-1 outlines the major headings in this chapter and the corresponding “Do

I Know This Already?” quiz questions

Table 1-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

To best use this pre-chapter assessment, remember to score yourself strictly You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.”

1 Into which of the following neighbor states must a neighbor stabilize before

BGP Update messages can be sent?

a Active

b Idle

c Connected

d Established

2 BGP neighbors check several parameters before the neighbor relationship

can be completed Which of the following is not checked?

a That the neighbor’s router ID is not duplicated with other routers

b That the neighbor command on one router matches the update source IP

address on the other router

c If eBGP, that the neighbor command points to an IP address in a connected

network

d That a router’s neighbor remote-as command refers to the same

autonomous system number (ASN) as in the other router’s router

bgp command (assuming that confederations are not used)

3 A group of BGP routers, some with iBGP and some with eBGP connections,

all use loopback IP addresses to refer to each other in

their neighbor commands Which of the following statements are false

regarding the configuration of these peers?

a IBGP peers require a neighbor ip-address ibgp-multihop command for the

peer to become established

b eBGP peers require a neighbor ip-address ebgp-multihop command for

the peer to become established

c eBGP and iBGP peers cannot be placed into the same peer group

d For eBGP peers, a router’s BGP router ID must be equal to the IP address listed in the eBGP neighbor’s neighbor command.

4 A router has routes in the IP routing table for 20.0.0.0/8, 20.1.0.0/16, and 20.1.2.0/24 BGP on this router is configured with the no auto-

summary command Which of the following is true when using the

BGP network command to cause these routes to be injected into the BGP

table?

a The network 20.0.0.0 command would cause all three routes to be added to

the BGP table

b The network 20.0.0.0 mask 255.0.0.0 command would cause all three

routes to be added to the BGP table

c The network 20.1.0.0 mask 255.255.0.0 command would cause

20.1.0.0/16 and 20.1.2.0/24 to be added to the BGP table

d The network 20.0.0.0 command would cause only 20.0.0.0/8 to be added to

the BGP table

5 A router has configured redistribution of EIGRP routes into BGP using the command redistribute eigrp 1 route-map fred This router’s BGP

configuration includes the no auto-summary command Which of the

following are true?

a route-map fred can consider for redistribution routes listed in the IP

routing table as EIGRP-learned routes

b route-map fred can consider for redistribution routes in the IP routing

table listed as connected routes, but only if those interfaces are matched by

EIGRP 1’s network commands.

c route-map fred can consider for redistribution routes that are listed in the

EIGRP topology table as successor routes but that are not in the IP routing table because a lower administrative distance (AD) route from a competing routing protocol exists

d route-map fred can consider for redistribution routes listed in the IP

routing table as EIGRP-learned routes, but only if those routes also have at least one feasible successor route

6 Using BGP, R1 has learned its best route to 9.1.0.0/16 from R3 R1 has a

neighbor connection to R2, over a point-to-point serial link using subnet

8.1.1.4/30 R1 has auto-summary configured Which of the following is true

regarding what R1 advertises to R2?

a R1 advertises only 9.0.0.0/8 to R2, and not 9.1.0.0/16.

b If the aggregate-address 9.0.0.0 255.0.0.0 BGP subcommand is

configured, R1 advertises only 9.0.0.0/8 to R2, and not 9.1.0.0/16

c If the network 9.0.0.0 mask 255.0.0.0 BGP subcommand is configured, R1

advertises only 9.0.0.0/8 to R2, and not 9.1.0.0/16

d None of the other answers is correct.

7 Which of the following statements are false regarding what routes a BGP

router can advertise to a neighbor? (Assume that no confederations or route reflectors are in use.)

a To advertise a route to an eBGP peer, the route cannot have been learned

from an iBGP peer

b To advertise a route to an iBGP peer, the route must have been learned from

an eBGP peer

c The NEXT_HOP IP address must respond to a ping command.

d Do not advertise routes if the neighboring router’s AS is in the AS_PATH.

e The route must be listed as valid in the output of the show ip

bgp command.

8 Several different routes were injected into BGP through various methods on

R1 Those routes were then advertised through iBGP to R2 R2 summarized the

routes using the aggregate-address summary-only command, and then

advertised through eBGP to R3 Which of the following are true about the ORIGIN path attribute of these routes?

a The routes injected using the network command on R1 have an ORIGIN

value of IGP

b The routes injected using the redistribute ospf command on R1 have an

ORIGIN value of IGP

c The routes injected using the redistribute command on R1 have an ORIGIN

value of EGP

d The routes injected using the redistribute static command on R1 have an

ORIGIN value of incomplete

e If the as-set option was not used, the summary route created on R2 has an

ORIGIN code of IGP

9 Which of the following statements is true regarding the use of BGP

synchronization?

a With BGP synchronization enabled, a router can add an iBGP-learned route

to its IP routing table only if that same prefix is also learned through eBGP

b With BGP synchronization enabled, a router cannot consider an

iBGP-learned route as a “best” route to that prefix unless the NEXT_HOP IP address matches an IGP route in the IP routing table

c BGP synchronization can be safely disabled when the routers inside a single

AS either create a full mesh of BGP peers or create a hub-and-spoke to the router that learns the prefix through eBGP

d None of the other answers is correct.

10 Which of the following statements are true regarding the operation of BGP

confederations?

a Confederation eBGP connections act like normal (nonconfederation) eBGP connections with regard to the need for the neighbor ebgp-

multihop command for nonadjacent neighbor IP addresses.

b iBGP-learned routes are advertised over confederation eBGP connections.

c A full mesh of iBGP peers inside a confederation sub-AS is not required.

d None of the other answers is correct.

11 R1 is BGP peered to R2, R3, R4, and R5 inside ASN 1, with no other peer

connections inside the AS R1 is a route reflector, serving R2 and R3 only Eachrouter also has an eBGP connection, through which it learns the following routes: 1.0.0.0/8 by R1, 2.0.0.0/8 by R2, 3.0.0.0/8 by R3, 4.0.0.0/8 by R4, and 5.0.0.0/8 by R5 Which of the following are true regarding the propagation of these routes?

a NLRI 1.0.0.0/8 is forwarded by R1 to each of the other routers.

b NLRI 2.0.0.0/8 is sent by R2 to R1, with R1 forwarding only to R3.

c NLRI 3.0.0.0/8 is sent by R3 to R1, with R1 forwarding to R2, R4, and R5.

d NLRI 4.0.0.0/8 is sent by R4 to R1, but R1 does not forward the information

to R2 or R3

e NLRI 5.0.0.0/8 is sent by R5 to R1; R1 reflects the route to R2 and R3, but

not to R4

12 R1 is in confederation ASN 65001; R2 and R3 are in confederation ASN

65023 R1 is peered to R2, and R2 is peered to R3 These three routers are perceived to be in AS 1 by eBGP peers Which of the following is true regardingthe configuration of these routers?

a Each of the three routers has a router bgp 1 command.

b Both R2 and R3 need a bgp confederation peers 65001 BGP

subcommand

c R1 needs a bgp confederation identifier 1 BGP subcommand.

d Both R2 and R3 need a bgp confederation identifier 65023 BGP

subcommand

FOUNDATION TOPICS

Like Interior Gateway Protocols (IGP), BGP exchanges topology information for routers to eventually learn the best routes to a set of IP prefixes Unlike IGPs, BGP does not use a metric to select the best route among alternate routes to the same destination Instead, BGP uses several BGP path attributes (PA) and aninvolved decision process when choosing between multiple possible routes to the same subnet

BGP uses the BGP autonomous system path (AS_PATH) PA as its default metric

mechanism when none of the other PAs has been overly set and configured Generally speaking, BGP uses PAs to describe the characteristics of a route; this introduces and explains a wide variety of BGP PAs The AS_PATH attribute

lists the path, as defined by a sequence of autonomous system numbers

(ASN) through which a packet must pass to reach a prefix Figure 1-1 shows an

example

Figure 1-1 BGP AS_PATHs and Path Vector Logic

Figure 1-1 shows a classic case of how BGP uses path vector logic to choose routes In the figure, R1 learns of two AS_PATHs by which to reach 9.0.0.0/8—through ASNs 2-3 and through ASNs 5-4-3 If none of the routers has used routing policies to influence other PAs that influence BGP’s choice of which route is best, R1 will choose the shortest AS_PATH—in this case, AS_PATH 2-3

In effect, BGP treats the AS_PATH as a vector, and the length of the vector (thenumber of ASNs in the path) determines the best route With BGP, the

term route still refers to traditional hop-by-hop IP routes, but the

term path refers to the sequence of autonomous systems used to reach a

particular destination

This chapter follows a similar sequence as several of the IGP chapters First, the text focuses on neighbor relationships, followed by how BGP exchanges routing information with its neighbors The chapter ends with a section

covering how BGP adds IP routes to a router’s IP routing table based on the BGP topology table

Building BGP Neighbor Relationships

BGP neighbors form a TCP connection with each neighbor, sending BGP

messages over the connections—culminating in BGP Update messages that contain the routing information Each router explicitly configures its neighbors’

IP addresses, using these definitions to tell a router with which IP addresses to attempt a TCP connection Also, if a router receives a TCP connection request (toBGP port 179) from a source IP address that is not configured as a BGP

neighbor, the router rejects the request

After the TCP connection is established, BGP begins with BGP Open messages

After a pair of BGP Open messages has been exchanged, the neighbors have reached the established state, which is the stable state of two working BGP peers At this point, BGP Update messages can be exchanged

This section examines many of the details about protocols and configuration forBGP neighbor formation If you are already familiar with BGP, Table 1-

2 summarizes some of the key facts found in this section

Table 1-2 BGP Neighbor Summary Table

Internal BGP Neighbors

A BGP router considers each neighbor to be either an internal BGP ( iBGP ) peer

or an external BGP ( eBGP ) peer Each BGP router resides in a single AS, so

neighbor relationships are either with other routers in the same AS (iBGP

neighbors) or with routers in other autonomous systems (eBGP neighbors) The two types of neighbors differ only slightly in regard to forming neighbor

relationships, with more significant differences in how the type of neighbor (iBGP or eBGP) impacts the BGP update process and the addition of routes to the routing tables

iBGP peers often use loopback interface IP addresses for BGP peering to

achieve higher availability Inside a single AS, the physical topology often has

at least two routes between each pair of routers If BGP peers use an interface

IP address for their TCP connections, and that interface fails, there still might

be a route between the two routers, but the underlying BGP TCP connection will fail Anytime two BGP peers have more than one route through which they can reach the other router, peering using loopbacks makes the most sense.Several examples that follow demonstrate BGP neighbor configuration and protocols, beginning with Example 1-1 The example shows some basic BGP configuration for iBGP peers R1, R2, and R3 in AS 123, with the following features, based on Figure 1-2

The three routers in ASN 123 will form iBGP neighbor relationships with eachother (full mesh)

R1 will use the bgp router-id command to configure its RID, rather than use

a loopback

R3 uses a peer-group configuration for neighbors R1 and R2 This allows

fewer configuration commands, and improves processing efficiency by having

to prepare only one set of outbound Update packets for the peer group

(Identical Updates are sent to all peers in the peer group.)

The R1-R3 relationship uses BGP MD5 authentication, which is the only type

of BGP authentication supported in Cisco IOS

Figure 1-2 Sample Network for BGP Neighbor Configuration

Example 1-1 Basic iBGP Configuration of Neighbors

Click here to view code image

! R1 Config—R1 correctly sets its update-source to 1.1.1.1 for both

bgp router-id 111.111.111.111

bgp

log-neighbor-changes neighbor 2.2.2.2 remote-as 123

neighbor 2.2.2.2 update-source Loopback1

neighbor 3.3.3.3 remote-as 123

neighbor 3.3.3.3 password secret-pw

neighbor 3.3.3.3 update-source Loopback1

no

auto-summary

! R3 Config—R3 uses a peer group called "my-as" for combining

123

neighbor my-as update-source

Loopback1

neighbor 1.1.1.1 peer-group my-as

neighbor 1.1.1.1 password

the output, under

! the heading State/PfxRcd Once established, that column lists thenumber of

! prefixes learned via BGP Updates received from each peer Note also R1's

! configured RID, and the fact that it is not used as the update source

R1# show ip bgp summary

BGP router identifier 111.111.111.111, local AS number 123

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ

as command If they match, the peer is iBGP; if not, the peer is eBGP.

R3 in Example 1-1 shows how to use the peer-group construct to reduce the number of configuration commands BGP peer groups do not allow any new BGP configuration settings; they simply allow you to group BGP neighbor

configuration settings into a group, and then apply that set of settings to a

neighbor using the neighbor peer-group command Additionally, BGP builds

one set of Update messages for the peer group, applying routing policies for the entire group—rather than one router at a time—thereby reducing some BGP processing and memory overhead

R1-the neighbor commands.

When IP redundancy exists between two eBGP peers, the

eBGP neighbor commands should use loopback IP addresses to take

advantage of that redundancy For example, two parallel links exist between R3

and R4 With neighbor commands that reference loopback addresses, either of

these links could fail, but the TCP connection would remain Example

1-2 shows additional configuration for the network in Figure 1-1-2, showing the use

of loopbacks between R3 and R4, and interface addresses between R1 and R6

Example 1-2 Basic eBGP Configuration of Neighbors

Click here to view code image

! R1 Config -This example shows only commands added since Example 1-1

Routing entry for 172.16.16.0/24

Known via "connected", distance 0, metric 0 (connected, via

interface)

Routing Descriptor Blocks:

* directly connected, via Serial0/0/0.6

Route metric is 0, traffic share count is 1

R1# show ip int brief | include 0/0/0.6

Serial0/0/0.6 172.16.16.1 YES manual

! R3 now has three working neighbors Also note the three TCP

connections, one for

! each BGP peer Note that because R3 is listed using a dynamic port number, and

! R4 as using port 179, R3 actually initiated the TCP connection toR4

R3# show ip bgp summary

BGP router identifier 3.3.3.3, local AS number 123

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ

Up/Down State/PfxRcd

1.1.1.1 4 123 247 247 0 0 0

03:14:49 0

2.2.2.2 4 123 263 263 0 0 0

The eBGP configurations differ from iBGP configuration in a couple of small

ways First, the neighbor remote-as commands refer to a different AS than does the router bgp command, which implies that the peer is an eBGP peer Second, R3 had to configure the neighbor 4.4.4.4 ebgp-multihop

2 command (and R4 with a similar command) or the peer connection would not

have formed For eBGP connections, Cisco IOS defaults the IP packet’s TTL field to a value of 1, based on the assumption that the interface IP addresses will be used for peering (like R1-R6 in Example 1-2) In this example, if R3 had not used multihop, it would have sent packets to R4 with TTL 1 R4 would have received the packet (TTL 1 at that point) and then attempted to route the

packet to its loopback interface—a process that would decrement the TTL to 0, causing R4 to drop the packet So, even though the router is only one hop away, think of the loopback as being on the other side of the router, requiring that extra hop

Checks Before Becoming BGP Neighbors

Similar to IGPs, BGP checks certain requirements before another router can become a neighbor, reaching the BGP established state Most of the settings arestraightforward; the only tricky part relates to the use of IP addresses The following list describes the checks that BGP performs when forming neighbor relationships:

1 The router must receive a TCP connection request with a source address that the router finds in a BGP neighbor command.

2 A router’s ASN (on the router bgp asn command) must match the

neighboring router’s reference to that ASN with its neighbor

remote-as remote-asn command (This requirement is not true of confederation

configurations.)

3 The BGP RIDs of the two routers must not be the same.

4 If configured, MD5 authentication must pass.

Figure 1-3 shows the first three items in the list graphically, with R3 initiating

a BGP TCP connection to R1 The circled numbers 1, 2, and 3 in the figure correspond to the item numbers in the previous list Note that R1’s check at

Step 2 uses the neighbor command R1 identified as part of Step 1.

Figure 1-3 BGP Neighbor Parameter Checking

In Figure 1-3, R3 initiates a TCP connection with its update source IP address (3.3.3.3) as the source address of the packet The first check occurs when R1 receives the first packet, looks at the source IP address of the packet (3.3.3.3),

and finds that address in a neighbor command The second check has R1

comparing R3’s stated ASN (in R3’s BGP Open message) to

R1’s neighbor command it identified at Step 1 Step 3 checks to ensure that

the BGP RIDs are unique, with the BGP Open message stating the sender’s BGP RID

While the check at Step 1 might seem intuitive, interestingly, the reverse bit of logic does not have to be true for the neighbors to come up For example, if R1

did not have a neighbor 3.3.3.3 update-source 1.1.1.1 command, the

process shown in Figure 1-3 would still work Succinctly put, only one of the two routers’ update source IP addresses needs to be in the other

router’s neighbor command for the neighbor to come up Examples 1 and

1-2 showed the correct update source on both routers, and that makes good sense, but it works with only one of the two

BGP uses a keepalive timer to define how often that router sends BGP

keepalive messages, and a Hold timer to define how long a router will wait

without receiving a keep-alive message before resetting a neighbor connection.The Open message includes each router’s stated keepalive timer If they do not match, each router uses the lower of the values for each of the two timers,

respectively Mismatched settings do not prevent the routers from becoming neighbors.

BGP Messages and Neighbor States

The desired state for BGP neighbors is the established state In that state, the routers have formed a TCP connection, and they have exchanged Open

messages, with the parameter checks having passed At this point, topology information can be exchanged using Update messages Table 1-3 lists the BGP neighbor states, along with some of their characteristics Note that if the IP addresses mismatch, the neighbors settle into an active state

Table 1-3 BGP Neighbor States

BGP Message Types

BGP uses four basic messages Table 1-4 lists the message types and provides abrief description of each

Table 1-4 BGP Message Types

Purposefully Resetting BGP Peer Connections

Example 1-3 shows how to reset neighbor connections by using the neighbor

shutdown command and, along the way, shows the various BGP neighbor

states The example uses Routers R1 and R6 from Figure 1-2, as configured

in Example 1-2

Example 1-3 Examples of Neighbor States

Click here to view code image

! R1 shuts down R6's peer connection debug ip bgp shows moving to

! Next, the no neighbor shutdown command reverses the admin state