CCNP ROUTE Complete Guide 1st Edition Yap Chin Hoong Dear valued customer, Your investment of the CCNP ROUTE Complete Guide 1st Edition Companion CD will really worth it because it contains much valuable information that can enhance your CCNP studies. Kindly download the Companion CD by following the instructions at *link removed*. The Dynamips folder contains a FREE software that provides a tool to simulate real Cisco routers (and switches) for your CCNP practices. It is so powerful that can simulate any real Cisco IOS commands because it actually loads and runs real Cisco IOS software. Setup the Dynamips/Dynagen using a tutorial file included in the folder. However, you may face some issues with Telnet in Windows Vista and Windows 7. Try to Google around to solve that, it isn't that difficult. The MISC Tools and Guides folder contains some extra info regarding Dynamips. Actually you don't really need to look into it. It contains the tools and guides when you wanted to use other IOS files other than those provided in the IOS folder in the CD. The VBUnzip is actually a tool used to extract Cisco IOS files. So when Dynamips load an extracted IOS image file, it doesn't need to extract it because it is already extracted. This will speed up the boot up time of the IOS. If you managed to see how real Cisco routers boot, you will see "extracting images ". Basically we want to skip that step in the simulation. The Lab Setups folder contains all the labs setup using Dynamips according to the CCNP ROUTE Guide. Whenever you saw a network diagram with some routers and IP addresses, and feel like wanted to see how it works yourself. You may first look at the page number in the CCNP ROUTE Guide, then heads towards the Lab Setups folder, most likely that there is a lab for it. Copy it out to your desktop, extract it, launch the Dynamips engine, and run the Network.net file for the lab, the lab should be loaded in 10 seconds. Console into every routers, copy and paste the basic configuration into the routers (the config files are included in the folder for a particular lab setup itself). TATA! You are ready to practice the commands according to the CCNP ROUTE Guide. Just follow the commands and you will be able to see how things work. All commands in the CCNP ROUTE Guide have been fully tested and working fine. Basically we can setup Cisco labs and practice Cisco IOS commands in 2 minutes time. Before this, we would need to look for real routers, power cords, UTP network cables, power them on, took 5 minutes, clear the configuration, etc. From the time we are motivated to practice until the lab is up and ready for practice (maybe take able 30 minutes), we may already feel tired and say: "OK, let me watch a movie and come back to this later ". Hope you get the idea of using this wonderful tool. Finally, the Proof of Concepts folder contains many packet captures and command output captured for the various topics throughout the CCNP ROUTE Guide. Download and install Wireshark http://www.wireshark.org/ to view the packet capture files. Packet captures shows the bits and bytes of network packets. Basically I spend many days and nights capturing them to prove how networking works, and documented them down in the CCNP ROUTE Guide. Basically most of the concepts have been proven using Cisco IOS commands and real network packets. Hope you get the idea. The files in the Proof of Concept folder are basically used to enhance you learning experience. Those info are saved separately there because it will overwhelm the most of the readers and make the CCNP ROUTE Guide too lengthy if everything is included in the CCNP ROUTE Guide itself. OK, I have briefed the overall usages of the Companion CD. Have fun and keep in touch! Regards, YapCH CCNP ROUTE Complete Guide 1st Edition Copyright © 2010 Yap Chin Hoong www.yapchinhoong.com Chapter Title Page Chapter 1 Designing IP Networks 1 Chapter 2 Advanced IP Addressing 5 Chapter 3 IPv6 11 Chapter 4 On-Demand Routing, RIPv2, and Routing Principles 37 Chapter 5 EIGRP 49 Chapter 6 EIGRP Lab 65 Chapter 7 OSPF in a Single Area 83 Chapter 8 OSPF in a Single Area Lab 99 Chapter 9 Interconnecting Multiple OSPF Areas 115 Chapter 10 Advanced OSPF – OSPF Stub Areas and OSPF Virtual Links 135 Chapter 11 Route Redistribution and Manipulating Routing Updates 151 Chapter 12 Policy-Based Routing and IP SLA (Service-Level Agreement) 175 Chapter 13 Basic BGP 189 Chapter 14 Basic BGP Lab 219 Chapter 15 BGP Route Summarization, Route Filtering, and Route Reflection 231 Chapter 16 Advanced BGP – Path Manipulation and Multihoming 251 Bonus Chapters Chapter 17 Integrated IS-IS 263 Chapter 18 Integrated IS-IS Lab 295 Chapter 19 IP Multicast Routing 309 Chapter 20 IP Multicast Routing Lab 325 Appendix 1 Cisco IOS Architecture 335 Appendix 2 Cisco IOS Packet Switching Architectures 341 Appendix 3 Cisco IOS Image Naming Convention, Packaging, and Deployment 353 Appendix 4 ICMP and ICMPv6 Type and Code Numbers 357 Appendix 5 Netmask Table 360 Appendix 6 CCNP ROUTE Extra Knowledge 361 About the Author Yap Chin Hoong is a senior network engineer with a computer network consulting firm at Malaysia. He found great satisfaction when conveyed complex networking concepts to his peers. Yap holds a bachelor’s degree in Information Technology from Universiti Tenaga Nasional. When not sitting in front of computers, Yap enjoying playing various types of musical instruments. Visit his YouTube channel during your study breaks. :-) Facebook: http://www.facebook.com/yapchinhoong Website: http://www.itcertguides.com/ YouTube: http://www.youtube.com/user/yapchinhoong Copyright © 2010 Yap Chin Hoong www.yapchinhoong.com 1 Chapter 1 Designing IP Networks - Proper network design with efficient use of addressing structure is able to reduce the size of routing tables and conserve network resources. - This chapter explains why there is a need for hierarchical structure and design. The next chapter describes how to design networks with hierarchical addressing scheme to support VLSM and route summarization. - Generally, a corporate organizational structure does affect its network design. The structure of a scalable and hierarchical network design often reflects a corporation’s information flow. - There are 2 types of hierarchical network design: Functional Structured Design Divisions of an organization with different scope of operations (eg: finance, marketing, IT, etc) have their own networks and are connected according to their functional purposes within the organization. The network architecture often follows the organizational chart. Geographic Structured Design Most retail corporations are organized by geographical location of retail stores. The divisions of the corporation have their own networks which are organized and connected according to their locations (eg: countries, states, or provinces). [local retail stores regional offices HQ] - The geographic network structure is more cost-effective as fewer network links are required. Cisco Hierarchical Design Model - Defined by Cisco to simplify the design, implementation, and maintenance of responsive, scalable, reliable, and cost-effective networks. - The 3 layers are logical and not physical – there may be many devices in a single layer, or a single device may perform functions of 2 layers. Figure 1-1: The Cisco Hierarchical Model Core layer Distribution layer Access layer (Routing) (Switching) (Backbone) Copyright © 2010 Yap Chin Hoong www.yapchinhoong.com 2 - Below are the 3 layers in the Cisco Hierarchical Model: Core layer Also referred to as the backbone layer. It is responsible for transferring large amounts of traffic reliably and quickly – switches traffic as fast as possible. A failure in the core can affect many users; hence fault tolerance is the main concern in this layer. The core layer should be designed for high reliability, high availability, high speed, and low convergence. Do not support workgroup access, implement access lists, VLAN routing, and packet filtering which can introduce latency to this layer. Distribution layer Also referred to as the workgroup layer. Its primary functions are routing, Inter-VLAN routing, defining or segmenting broadcast and multicast domains, network security and filtering with firewalls and access lists, WAN access, and determining (or filtering) how packets access across the core layer. Access layer Also referred to as the desktop layer. Here is where end systems gain access to the network. The access layer (switches) handles traffic for local services (within a network) whereas the distribution layer (routers) handles traffic for remote services. It mainly creates separate collision domains. It also defines the access control policies for accessing the access and distribution layers. - In a hierarchical network, traffic on a lower layer is only allowed to be forwarded to the upper layer after it meets some clearly defined criteria. Filtering rules and operations restrict unnecessary traffic from traversing the entire network, which results in a more responsive (lower network congestion), scalable (easy to grow), and reliable (higher availability) network. - A clear understanding of the traffic flow patterns of an organization helps to ensure the placement of network devices and end systems within the organization. - Below are some considerations for hierarchical layer network designs: Full-Meshed Core Layer In this core layer design, all routers between headquarters and other divisions have direct connections to all other routers, which allow the network to react quickly upon a link failure. This design is more practical for small organizations with limited number of offices as its implementation cost is very high for large organizations. Hub-and-Spoke Core Layer This core layer design addresses the limitations faced in full-mesh design by introducing regional date centers. Data travels to a centralized headquarters where the corporate databases and network services reside. Access and Distribution Layers End users or customers at remote sites gain access to network services through the access layer; while the distribution layer provides connectivity between the remote and local sites. Services such as DHCP and DNS should be placed in the distribution layer if there is no benefit of having duplicated services at the remote sites. A hub-and-spoke topology is recommended to connect remote sites to at least 2 distribution layer devices for redundancy and easier maintenance. - The formula for calculating the number of links in a full mesh network that has n nodes is 2 )1( n n - A well-designed large-scale internetwork with an effective scalable IP addressing plan has many benefits, eg: scalable, flexible, predictable, and able to reduce the size of routing tables through route summarization. Copyright © 2010 Yap Chin Hoong www.yapchinhoong.com 3 - Below are some benefits and characteristics of a good network design: Scalability Allows for significant increases in the number of sites, and facilitates the process of adding routers to an existing network. When 2 companies merge, and both use 172.16.0.0 private addresses, there will be likely some overlapping addressing spaces. A scalable network that integrates private addressing with a good IP addressing plan minimizes the impact of merging networks (additions or reorganizations). It allows the companies to connect at the core layer, and implements NAT as a temporary solution to translate overlapping address space to an unused address space. The overlapping network number can then be changed later on the network devices, DHCP servers, and endpoint hosts in the new network. Predictability The behavior and performance of a scalable network is predictable. Packets are load-balanced when equal-cost paths exist between any 2 routers in the network. When a circuit or router fails, an alternative equal-cost path that exists in the routing table can be used without any recalculation. This reduces convergence times and produces a predictable traffic pattern. Flexibility Minimizes the impact of unexpected growth, restructuring or downsizing of an organization network. - An optimized IP addressing plan uses a hierarchical addressing scheme. Below describes some benefits of using hierarchical addressing: Reduced number of routing table entries Route summarization should be used for keeping routing tables as small as possible by having a single IP address that represents a group of IP addresses. Other benefits are more efficient routing, reduced CPU cycles for finding the best path, reduced memory requirements, conserves bandwidth (fewer routing updates), faster convergence upon topology changes, easier troubleshooting, and increased network stability and availability. Efficient allocation of addresses Hierarchical addressing makes use of all possible addresses by grouping them contiguously; compared to unplanned address assignment, which might end up wasting groups of addresses. - Flat networks are networks in which devices are connected to a single large collision and broadcast domains. Flat addressing does not use a logical hierarchical addressing scheme. Route summarization and the benefits of hierarchical addressing scheme are not applicable for networks designed and implemented with flat addressing scheme. - Hierarchical addressing often uses Variable-Length Subnet Masks (VLSMs) and Classless Interdomain Routing (CIDR) to implement an effective IP addressing plan which is crucial for the scalability and the implementation of route summarization for a network. - The difference between route summarization and CIDR is as below: i) Route summarization is generally done up to the classful network number boundary. (Fixed masks – /8, /16, /24). ii) CIDR is commonly used to combine and summarize several classful networks and goes beyond the classful network number boundary. (Flexible masks). - Collapsed core or collapsed backbone referred to as a network with no distribution layer where all network segments are connected to each other through an internetworking device. Copyright © 2010 Yap Chin Hoong www.yapchinhoong.com 4 - A single point of failure is any device, interface on a device, or link that can isolate users from the services they depend on if it fails. Networks that follow a strict hierarchical model tend to have many single points of failure due to the emphasis on summarization points and clean points of entry between the layers. Redundancy provides alternate paths around these failure points, providing some measure of safety against loss of service. However, redundancy, if not designed and implemented properly, can cause more trouble than it is worth, as each redundant link and connection point in the network weakens the hierarchy and reduces stability. Copyright © 2010 Yap Chin Hoong www.yapchinhoong.com 5 Chapter 2 Advanced IP Addressing - Scalable and stable networks are the result of good network design with a planned IP addressing scheme and effective implementation planning. The use of hierarchical addressing and the capability to manipulate traffic flow results in a network that is designed to grow. - Network problems often start to occur as the size of routing table increases, in which more CPU resources are required for topology convergence, and the delays caused by routing table lookup in large routing tables. These problems can be resolved with route summarization and CIDR. - Advanced IP addressing techniques such as NAT and VLSM are being used to implement route summarization and CIDR in controlling the size of routing tables. - The difference between route summarization and CIDR is as below: i) Route summarization is generally done up to the classful network number boundary. (Fixed masks – /8, /16, /24). ii) CIDR is commonly used to combine and summarize several classful networks and goes beyond the classful network number boundary. (Flexible masks). - NAT allows the use of a private addressing space within an organization while using globally unique addresses for Internet access. Different address pools may be used for different groups of users, which can ease the management of the network. - VLSM is an advanced feature that allows the best use of the available address spaces. - The current solution for address depletion or exhaustion is private addressing and NAT. The long-term solution is IPv6. IP Addressing Design - A network that is designed with a hierarchical addressing scheme supports VLSM, CIDR, and route summarization. - Below are some problems faced by unsummarized large networks: i) Excessive unnecessary bandwidth usage for high volume of routing updates, which also introduces unnecessary workloads (perform more routing table lookups) for routers. ii) Extra CPU and memory resources usage for updating all routing tables upon a route change. Ex: SPF calculations which performed by OSPF are expensive, as each router needs to recalculate all paths to all networks. - RIP, IGRP, RIPv2, and EIGRP perform autosummarization at their classful boundaries; whereas OSPF and IS-IS require manual configuration to implement route summarization. - Kindly refer to Chapter 15: Variable-Length Subnet Masks and Route Summarization, CCNA Complete Guide 2nd Edition for the review on VLSM and route summarization. - Kindly refer to Chapter 17: Scaling the Internet with CIDR and NAT, CCNA Complete Guide 2nd Edition for the review on CIDR and NAT. Copyright © 2010 Yap Chin Hoong www.yapchinhoong.com 6 Figure 2-1: Hierarchical and Scalable Addressing allows Summarization - There are some other methods other than CIDR, and VLSM that can be used as the solutions for address exhaustion, eg: IP unnumbered. IP unnumbered is useful on point-to-point serial links. It can conserve one subnet per point-to-point link by allowing them to have no IP address assigned. Each end of the serial line borrows an IP address from another interface on the router whenever an address is required (a source address is always required when generating a packet). The Internet Authoritative Bodies - They belong to the group within the Internet community that is responsible for assigning unique classful networks. Everything started with the government-funded IANA, which is being commercially administered by Networks Solutions of Herndon, Virginia recently. On 25/11/1998, the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit corporation managed by the US government, was officially recognized to perform administrative functions for the Internet, eg: coordinating the assignment of protocol parameters, managing the domain name and root server systems, and allocating IP addresses. - The growth of the Internet has led to regional organizations for the allocation of IP addresses. Regional Internet Registries (RIRs): i) American Registry for Internet Numbers (ARIN, http://www.arin.net) serves North America, and parts of Caribbean. ii) Réseaux IP Européens (RIPE, http://www.ripe.net) serves Europe, Middle East, and Central Asia. iii) Latin American and Caribbean Internet Addresses Registry (LACNIC, http://www.lacnic.net) serves Central and South America, and Caribbean. iv) African Region Internet Registry (AfriNIC, http://www.afrinic.net) serves Africa. v) Asia Pacific Network Information Center (APNIC, http://www.apnic.net) serves Asia, and Pacific Ocean regions. Domain registration: i) The Internet’s Network Information Center (InterNIC, http://www.internic.net/) Building 1 Building 2 Building 1 Building 2 Branch 1 Branch 2 10.1.1.0/24 10.1.2.0/24 10.2.1.0/24 10.2.2.0/24 10.1.0.0/16 10.2.0.0/16 AS 100 Summarized route 10.0.0.0/8 leaving AS Copyright © 2010 Yap Chin Hoong www.yapchinhoong.com 7 Network Address Translation - Below are the main features and usages of NAT as supported by Cisco IOS: i) Static NAT, a manually configured one-to-one address translation. ii) Dynamic NAT, a pool of addresses that is defined and used for address translation. iii) Port Address Translation (PAT), a group of local addresses (normally within an organization) is translated into a single globally unique public address. IP addresses along with port numbers ensure the uniqueness of different connections. iv) Overlapping Addresses Translation, commonly being used when companies merge. v) Destination Address Rotary Translation. Also known as TCP load distribution, as it can be used only for TCP traffic. - TCP load distribution is a dynamic form of NAT that can be configured for outside-to-inside traffic (only for connections that is opened from the outside to the inside). A destination address that matched against an access list is translated or replaced with an address from a rotary pool in round-robin basis. Figure 2-2: Network Setup for NAT Standard Access Lists Translation Configuration - Configures NAT to meet the following requirements: i) For packets with a source address of 172.16.2.x, translate them using the NAT pool of addresses defined in sales_pool. ii) For packets with a source address of 172.16.3.x, translate them using the NAT pool of addresses defined in marketing_pool. - Standard Access List Translation configuration on NAT: NAT#conf t Enter configuration commands, one per line. End with CNTL/Z. NAT(config)#ip nat pool sales_pool 200.1.2.1 200.1.2.254 prefix-length 24 NAT(config)#ip nat pool marketing_pool 200.1.3.1 200.1.3.254 prefix-length 24 NAT(config)#ip nat inside source list 1 pool sales_pool NAT(config)#ip nat inside source list 2 pool marketing_pool NAT(config)# NAT(config)#access-list 1 permit 172.16.2.0 0.0.0.255 NAT(config)#access-list 2 permit 172.16.3.0 0.0.0.255 NAT(config)#^Z NAT# 172.16.2.2 200.1.1.200 Inside Outside PC1 172.16.3.3 PC2 NAT ServerA 172.16.1.1 200.1.1.1 E0/0 E0/1 . CCNP ROUTE Complete Guide 1st Edition Yap Chin Hoong Dear valued customer, Your investment of the CCNP ROUTE Complete Guide 1st Edition Companion CD will. practice the commands according to the CCNP ROUTE Guide. Just follow the commands and you will be able to see how things work. All commands in the CCNP ROUTE Guide have been fully tested and working. because it will overwhelm the most of the readers and make the CCNP ROUTE Guide too lengthy if everything is included in the CCNP ROUTE Guide itself. OK, I have briefed the overall usages of