IP Routing • Chapter 5 541 Link ID ADV Router Age Seq# Checksum 192.16.2.0 192.168.1.5 1581 0x80000185 0x2C08 192.16.3.0 192.168.1.5 1581 0x80000185 0x2112 debug Commands debug should be used sparingly and specifically. Following are the debug commands that are spe- cific to OSPF monitoring, taken directly from the Cisco IOS. Each command is self-explanatory. We will mention that debug ip ospf adj is the best command for isolating and resolving the cause of adjacency failures. Router1# debug ip ospf ? adj OSPF adjacency events database-timer OSPF database timer events OSPF events flood OSPF flooding hello OSPF hello events lsa-generation OSPF lsa generation packet OSPF packets retransmission OSPF retransmission events spf OSPF spf tree OSPF database tree Intermediate System to Intermediate System (IS-IS) IS-IS is the forgotten, overlooked link state routing protocol. Its better-known cousin, OSPF, has all but eclipsed it. Further compounding the neglect of IS-IS is the fact that there are not as many sources of information about it as there are about OSPF. IS-IS is a link state routing protocol that is very similar to OSPF.This is no accident, as the developers borrowed and improved on IS-IS when developing OSPF. IS-IS runs the Dijkstra algorithm to build a complete picture of the routing domain (AS). Its backbone area (area 0) is called the L2 area, while all other areas are classified as L1 areas. IS-IS routes by area within the AS (L2 routing) and by the system ID within an area (L1 routing). That is, IS-IS uses the area address to determine how to reach the area, and the system ID to reach a particular device once it gets to the destination area.Therefore, it can be said that IS-IS routes on two levels: area and station. There are two main flavors of IS-IS available: one for CLNS-only routing, and one for routing both CLNS and IP.The latter is officially called Integrated IS-IS by Cisco. While IS-IS was developed by the ISO to route CLNS, it has been modified to route IP. Its modular architec- ture means that it can be further adapted to route other protocols such as IPX, should anyone need or choose to develop that particular aspect of it. www.syngress.com 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 541 542 Chapter 5 • IP Routing The “integrated” in Integrated IS-IS simply refers to the support that IS-IS has for non- CLNS protocols such as IP. When you configure Integrated IS-IS, it is subject to the same princi- ples and requirements that other IP routing protocols are (subnetting, masks, and so forth). With IS-IS, even if you choose to route only IP, you still need to assign a CLNS address (NET), as each IS communicates using CLNS, not IP.You need to enable CLNS, and assign NET, to route IP. While Integrated IS-IS can and does route IP, it does so using its native tongue: CLNS. It speaks CLNS to its peers, encapsulates routing updates in CLNS LSPs, and so on. The first process that you enable on the IS automatically defaults to L1L2 configuration to support any L2 interarea routing that might be required.This means that the IS will try to deter- mine what the area it is attached to is. Subsequent processes automatically default to L1. ISO Terminology It is important to know the ISO terminology associated with IS-IS. ■ Intermediate System (IS) What the ISO calls a router. ■ End System (ES) The ISO elected to call hosts ESs. ESs do not route. ■ End System-Intermediate System Protocol (ES-IS) ES-IS is a discovery and reg- istration protocol used by ESs to identify themselves to an IS, and to discover the IS in their area. ES-IS is also used to register an ES with the IS, which builds a reachability table of ES. ES-IS is not a routing protocol. ■ International Standard Organization Interior Gateway Routing Protocol (ISO-IGRP) ISO-IGRP was Cisco’s first and only distance vector protocol for routing CLNS. It does not route IP. ■ Link State Protocol data units (LSP) LSPs perform the same function for IS-IS and ISO-IGRP that LSAs do for OSPF. Information about the networks in each area is encapsulated within an LSP, and passed to neighboring routers. ■ Connectionless Network Protocol (CLNP) CLNP is the OSI equivalent of IP. CLNP is a best-effort, unreliable, datagram protocol. It depends on higher layers to pro- vide any needed reliability, including error detection and correction. ■ Connectionless Network Service (CLNS) CLNS is an amalgam of several OSI protocols, including CLNP for addressing and datagram service, network service access points (NSAP) for access points to higher layer protocols for various services, and so on. It is analogous to TCP/IP, and the various layers in that stack. ■ Protocol Datagram Unit (PDU) PDU is the OSI term for the units of data that get passed from one layer to the other. ■ Network Service Access Point (NSAP) NSAP is a logical point in the OSI suite that identifies a particular network service. NSAP provides the addressing for a network device, plus a special byte that identifies the particular service on a network device. ■ Network Entity Title (NET) This is the NSAP address for a particular network device, ES or IS.The format, fields, and structure of the NET is the same as that of an www.syngress.com 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 542 IP Routing • Chapter 5 543 NSAP address; the only difference is that the NET SEL value is always 0. Contrast this with a NSAP address with its SEL byte set to a nonzero value to identify a service on a network device. ■ Level 1 (L1) Defining an area as L1 is the IS-IS equivalent of OSPF defining a “normal” nonbackbone area. Areas that are not backbone areas (that is, do not provide transit support to other areas) are classified as L1 areas. ■ Level 2 (L2) Backbone area that provides transit services to all other areas. ■ TLV A tuple in the CLNS PDU that enables a designer to add features, or support for other network protocols.The best-known use of the TLV is to add routing support for IP in IS-IS.The function that it performs is similar to the process of encapsulating one network protocol’s traffic inside the packets and datagrams of another network protocol. ISO Addressing and Topologies An NSAP address can be likened to the combination of IP address and IP port numbers that identify what protocols are being carried in the IP datagram. NSAP addresses are read from right to left to determine the area, domain, and so forth.You do not assign NSAP addresses to an inter- face; you assign them to the network device, and each interface is uniquely identified by data link addresses such as the MAC address. On Cisco platforms, assign CLNS addresses to an IS by cre- ating a network entity title (NET) (a NSAP address with its SEL set to 0). NSAP SEL uniquely identifies a particular network service. Figure 5.38 shows the NSAP address format. ■ Authority Format Identifier (AFI) One-byte field that defines the structure and format of the rest of the NSAP address, including the length of the IDI field. ■ Initial Domain Identifier (IDI) Variable length. Identifies the domain that this par- ticular address falls under. ■ Address Administration Variable length. Allows the NSAP address to be divided into subaddresses, with authority for those addresses delegated. Commonly treated as part of a domain. www.syngress.com Figure 5.38 NSAP Address Format Size in Bytes Field 1 Authority Format Identifier (AFI) Variable Initial Domain Identifier (IDI) Variable Address Administration 2 Area 6 Station (System ID) 1 Selector Initial Domain Part (IDP) Domain Specific Part (DSP) 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 543 544 Chapter 5 • IP Routing ■ Area. Logical grouping of IS and ES L1 (intra-area traffic only), L2 (inter-area traffic), or L1L2 (both types of traffic). ■ System ID CLNS address for the IS or ES. In many cases, it is a MAC address of a particular interface used to identify a particular network device. It can be set manually. ■ Selector (SEL or NSEL) Identifies a particular network service, and is analogous to the port number in an IP packet.The SEL value of 00 is reserved, and indicates a net- work entity title (NET). NSAP Address Format Figure 5.39 shows a NSAP address such as that commonly used by ISO-IGRP or IS-IS. If you were simply given an NSAP address such as this, and read it like you would an IP address (left to right), you would have problems.The reason for that is that the domain part of this address is variable: it can be anywhere from one to ten bytes. So, how do you determine what part of a NSAP address is your area, for example? As you can see in Figure 5.39, NSAP addresses are written in hexadecimal format. Starting at the right, the SEL field is always one byte.The six bytes to the left of that will always be the system ID.The byte to the left of that is the area number. Anything left of the area will be the domain and AFI. IS-IS View of NSAP Address IS-IS has its own interpretation of the NSAP address as shown in Figure 5.40. Notice that there is no domain, and that the two bytes that ISO-IGRP views as the area address are treated as High Order-Domain Specific Part (HO-DSP). Up to the first 12 bytes of the NSAP address are treated as the area address; the next six bytes are the system ID, and we conclude with the SEL byte set to 0 identify a NET. www.syngress.com Figure 5.39 NSAP Address Illustrated SELSystem IDAreaDomainAFI 49. aaaa.bbbb.cccc.dddd. 0000. 1122.3344.5566. 00 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 544 IP Routing • Chapter 5 545 IS-IS routes by the area and the system ID; the lack of a domain indicates that IS-IS, like OSPF, was not designed to route between ASs. Within an AS, IS-IS will use the area address to deliver data to the correct area, and once in that area, use the system ID to deliver to the correct IS. Using the NSAP address, 49.aaaa.bbbb.cccc.dddd.0000.1111.1111.1111.00, here is how IS-IS interprets NSAP addresses. NSAP addresses are expressed in hexadecimal, with a minimum length of 8 bytes, and a maximum length of 20 bytes. Area: 49.aaaa.bbbb.cccc.dddd.0000 System ID: 1111.1111.1111 SEL: 00 Configuring CLNS-Only IS-IS You create the IS-IS process using the router isis command. Next, assign it a NET (essentially creating the areas and system ID) with the net command. Finally, put interfaces into the IS-IS routing process using the clns router isis command.This command enables routing for CLNS only; we will show you how to enable IP routing with IS-IS. Whenever you create an IS-IS routing process, CLNS routing is automatically enabled. Configuring Single Area IS-IS Figure 5.41 shows a single area, CLNS-only IS-IS configuration.The area in this case is 49.dddd.eeee.ffff, and each IS has a unique system ID. Since they are in the same area, all routers are doing L1 routing updates. www.syngress.com Figure 5.40 IS-IS Address Format Size in Bytes Fields 1 AFI < 10 IDI Variable Area 6 System ID 1 NSEL (S) ISO-IGRP Domain Address ISO-IGRP System Address ISO-IGRP Area Address 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 545 546 Chapter 5 • IP Routing The following configurations are for each router in Figure 5.41. Notice that the routing pro- cess is configured, assigned a unique NET, and enabled on the appropriate interfaces. Router1 clns routing ! interface Serial0 no ip address clns router isis area3 ! interface Serial1 no ip address clns router isis area3 ! router isis area3 net 49.dddd.eeee.ffff.0003.1111.1111.1111.00 Router2 clns routing ! interface Serial0 no ip address clns router isis area3 ! interface Serial1 no ip address clns router isis area3 www.syngress.com Figure 5.41 Single Area CLNS-Only IS-IS Area 49.dddd.eeee.ffff.0003 Router2Router1 Router4 Router3 System ID: 1111.1111.1111 System ID: 2222.2222.2222 System ID: 3333.3333.3333 System ID: 4444.4444.4444 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 546 IP Routing • Chapter 5 547 ! router isis area3 net 49.dddd.eeee.ffff.0003.2222.2222.2222.00 Router3 clns routing ! interface Serial0 no ip address clns router isis area3 ! router isis area3 net 49.dddd.eeee.ffff.0003.3333.3333.3333.00 Router4 clns routing ! interface Serial0 no ip address clns router isis area3 ! router isis area3 net 49.dddd.eeee.ffff.0003.4444.4444.4444.00 Configuring Multi-area IS-IS. The following demonstrates the necessary commands to configure multi-area IS-IS in Figure 5.42. www.syngress.com 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 547 548 Chapter 5 • IP Routing When you are reading through the configurations that follow, notice how area 49.aaaa.bbbb.cccc.dddd.0001 is an L2 area, thanks to Router1, which passes L2 updates through this area to all other routers, with the exception of Router2, which has all its links in the same area, and functions as a L1 router. Router1 clns routing cns event-service server ! interface Serial0 no ip address clns router isis area00 ! interface Serial1 no ip address clns router isis area00 ! interface Serial2 no ip address clns router isis area00 ! www.syngress.com Figure 5.42 CLNS-Only Multi-Area IS-IS Area 49.aaaa.bbbb.cccc.dddd.0003 Area 49.aaaa.bbbb.cccc.dddd.0001 Area 49.aaaa.bbbb.cccc.dddd.0000 Router1 System ID: 1111.1111.1111 Router2 System ID: 2222.2222.2222 Router3 System ID: 3333.3333.3333 Area 49.aaaa.bbbb.cccc.dddd.0004 Router4 System ID: 4444.4444.4444 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 548 IP Routing • Chapter 5 549 router isis area01 net 49.aaaa.bbbb.cccc.dddd.0001.1111.1111.1111.00 net 49.aaaa.bbbb.cccc.dddd.0000.1111.1111.1111.00 Router2 clns routing ! interface Serial1 no ip address clns router isis area00 ! router isis area00 net 49.aaaa.bbbb.cccc.dddd.0000.2222.2222.2222.00 net 49.aaaa.bbbb.cccc.dddd.0001.2222.2222.2222.00 Router3 clns routing ! interface Loopback1 no ip address clns router isis area03 ! interface Serial0 no ip address clns router isis area01 ! router isis area00 net 49.aaaa.bbbb.cccc.dddd.0001.3333.3333.3333.00 ! router isis area03 net 49.aaaa.bbbb.cccc.dddd.0003.3333.3333.3333.00 is-type level-1 Router4 clns routing ! interface Loopback1 no ip address clns router isis area04 ! www.syngress.com 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 549 550 Chapter 5 • IP Routing interface Serial0 no ip address clns router isis area04 ! router isis area04 net 49.aaaa.bbbb.cccc.dddd.0001.4444.4444.4444.00 net 49.aaaa.bbbb.cccc.dddd.0004.4444.4444.4444.00 Configuring Integrated IS-IS We took you through the previous examples of configuring IS-IS for CLNS-only routing because it is a building block to using Integrated IS-IS to route IP. We now turn our attention to configuring Integrated IS-IS by turning on the IP routing features of IS-IS.The bulk of Integrated IS-IS configuration is the same as CLNS-only IS-IS with the interface command ip router isis enabled.This essentially makes IS-IS advertise that particular link (interface) to the rest of the IS-IS speakers. Assuming that you have already assigned IP addresses to your interfaces, the process of enabling Integrated IS-IS then starts with router isis. While in IS-IS configuration mode, assign a NET to the IS. Finally, enable the actual advertisement of IP via the interface command ip router isis. Single-Area Integrated IS-IS Figure 5.43 shows the same single-area configuration we used in our CLNS-only IS-IS example. Notice that except for the IP addresses on each interface, and the ip router isis command, the configuration is almost the same. In our example, we have left the clns router isis command on each interface; this command routes CLNS. It is not necessary to the routing of IP. Router1 clns routing www.syngress.com Figure 5.43 Single-Area Integrated IS-IS Area 49.dddd.eeee.ffff.0003 Router2 Router1 192.168.0.0/24 Router4 Router3 192.168.1.0/24 192.168.2.0/24 System ID: 1111.1111.1111 System ID: 2222.2222.2222 System ID: 3333.3333.3333 System ID: 4444.4444.4444 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 550 [...]... 192. 168 .3.1 46 0 (64 520) 701 1 33 56 7018 1098 0 (64 520) 701 1 i 0 209 33 56 i *> 192. 168 .225.0/24 192. 168 .3.1 46 1098 0 209 1239 11853 64 96 i *> 192. 168 .2 26. 0/23 192. 168 .3.1 46 1098 0 209 1239 11853 64 96 i *> 192. 168 .251.0/24 192. 168 .3.1 46 1101 0 209 3 561 11853 64 96 i *> 192. 168 .252.0/23 192. 168 .3.1 46 1101 0 209 3 561 11853 64 96 I To check the status of your BGP neighbors: BGP neighbor is 192. 168 . 160 .254,... valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network * i 192. 168 .0.0 Next Hop Metric LocPrf Weight Path 1839 192. 168 .3.1 46 *> 192. 168 . 160 .254 1098 * 192. 168 .19.0/24 192. 168 . 160 .254 27487 i *> 1839 192. 168 .3.1 46 * 192. 168 .48.0/20 166 31 1742 I 1839 0 (64 520) 701 1 33 56 7018 0 209 7018 i 100 0 (64 520) 701 1 33 56 7018 1101 192. 168 . 160 .254 100 0 209 3 561 27487 i 100 0 (64 520)... appearing in the neighbor’s tables Router# show ip bgp neighbors 192. 168 . 160 .254 advertised-routes Network *> 192. 168 .2 36. 0/22 *> 192. 168 .0.0 www.syngress.com Next Hop 192. 168 .3.1 46 192. 168 .3.1 46 Metric LocPrf Weight Path 1101 1098 0 209 3 561 i 0 209 33 56 i 253_BDCisco_05.qxd 10/15/03 10:24 AM Page 569 IP Routing • Chapter 5 *> 192. 168 .225.0/24 i 192. 168 .3.1 46 1098 0 209 1239 11853 64 96 *> 192. 168 .2 26. 0/23... is 2 16. 117.84.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network h 192. 168 .0.0 Next Hop Metric LocPrf Weight Path 192. 168 .3.1 46 1098 h 80 i * 192. 168 . 160 .254 192. 168 .2 36. 0/22 192. 168 . 160 .254 *> * 4 363 100 1839 192. 168 .3.1 46 192. 168 .0.0 0 209 7018 80 i 100 0 (64 520) 701 1 33 56 3 561 i 1101 0 209 3 561 i 192. 168 . 160 .254... 11853 64 96 *> 192. 168 .2 26. 0/23 i 192. 168 .3.1 46 1098 0 209 1239 11853 64 96 *> 192. 168 .251.0/24 i 192. 168 .3.1 46 1101 0 209 3 561 11853 64 96 *> 192. 168 .252.0/23 I 192. 168 .3.1 46 1101 569 0 209 3 561 11853 64 96 What prefixes have been summarized? Use the following command: Router1# show ip bgp 192. 168 .0.0/8 longer-prefixes BGP table version is 10229889, local router ID is 192. 168 .84.1 Status codes: s suppressed,... quiet period when the routing tables are frozen .The active period can be initiated by either user data triggering the DDR link, or by the quiet period timer expiring Once in the active period, both routers exchange routing information, updating their routing tables After the active period, the link is terminated, and the routers enter the quiet period and freeze their routing tables Once the quiet period. .. 192. 168 .0.1 remote-as 65 001 neighbor 192. 168 .0.3 remote-as 65 001 neighbor 192. 168 .0.4 remote-as 65 001 Router3 interface Ethernet0 ip address 192. 168 .0.3 255.255.255.0 ! router bgp 65 001 no synchronization bgp log-neighbor-changes network 192. 168 .1.0 neighbor 192. 168 .0.1 remote-as 65 001 neighbor 192. 168 .0.2 remote-as 65 001 neighbor 192. 168 .0.4 remote-as 65 001 Router4 interface Ethernet0 ip address 192. 168 .0.4... only routes in the routing table are the ones directly connected to the router (192. 168 .1.0, 172. 16. 3.2, and 172. 16. 3.0) After the connection is established, the routing table also shows the 172. 16. 2.0 network learned via RIP Once the ISDN connection to Router2 is disconnected, the route to 172. 16. 2.0 stays in the routing table for the quiet period configured in the snapshot command Router1# show ip... 65 001 bgp confederation peers 65 011 neighbor 192. 168 .0.1 remote-as 65 011 neighbor 192. 168 .0.4 remote-as 65 021 no auto-summary Router3 interface Ethernet0 ip address 192. 168 .0.3 255.255.255.0 ! router bgp 65 011 bgp log-neighbor-changes bgp confederation identifier 65 001 neighbor 192. 168 .0.1 remote-as 65 011 no auto-summary Router4 interface Ethernet0 ip address 192. 168 .0.4 255.255.255.0 ! router bgp 65 021... 835- 866 1 Router2 825- 866 3 BRI0 172. 16. 3.2 Router1 (client) isdn switch-type basic-ni1 dialer-list 1 protocol ip permit ! interface Ethernet0 ip address 192. 168 1.1 255.255.255.0 ! interface BRI0 ip address 172. 16. 3.1 255.255.255.252 encapsulation ppp bandwidth 128 dialer map ip 172. 16. 3.2 name Router2 broadcast 835 866 1 dialer map snapshot 1 name Router2 broadcast 835 866 1 dialer load-threshold 127 either . at the right, the SEL field is always one byte .The six bytes to the left of that will always be the system ID .The byte to the left of that is the area number. Anything left of the area will be the. your control), then you can use a private ASN in the range of 64 512 through 65 535. As with private IP addresses, you can use and assign these as you want. Cisco routers can strip these numbers. process per router. Router1 router bgp 65 001 neighbor 192. 168 .0.2 remote-as 64 002 Router2 router bgp 64 002 neighbor 192. 168 .0.1 remote-as 65 535 network 192. 168 .2.0 mask 255.255.255.0 This establishes