Choosing the Right Interior Routing Protocol 1-800-COURSES www.globalknowledge.com Expert Reference Series of White Papers Introduction Choosing an IP routing protocol is an important step. The right protocol can make your routing operate efficiently, and the wrong one can make your life difficult. Each protocol has its own pros and cons, and works better in some situations than others. In this paper, we explore the strengths and weakness of RIP, EIGRP, OSPF, and IS-IS, and discuss when it is appropriate to use each. We will evaluate each protocol in terms of five criteria: • Convergence speed • Ease of use • Network topology required • Vendor support • IPv6 support This paper also provides configuration tasks and commands for Cisco routers. It includes tips for each protocol, as well as suggestions on designing your network to maximize the efficiency of each protocol. This paper assumes the reader is already familiar with interior routing proto- cols. It contains a short description of each protocol, but does not go in depth on each of its features or possible configuration commands. A list of good reference material is at the end of the paper, for those wishing more information on a particular protocol. Routing Information Protocol (RIP) RIP was one of the first IP routing protocols. It is simple to understand and simple to configure. RIP version 1 sends its advertisements as broadcasts; RIP version 2 sends them as multicas- ts. Both versions advertise their entire routing table every 30 seconds. For both versions, the metric is hop count – with each router counting as a hop. A network with a metric of 16 hops is considered unreachable, which limits the diameter of a RIP routing domain. Convergence Speed RIP is notoriously slow to converge. It is a distance vector protocol, which means that each router advertises only the path it itself is using to reach a particular network. When there is a change in the network topology, each router recalculates its routing table before announcing the change to its neighbors. If a network has gone down, the router must query its neighbors for an alternate path to the network, and wait for them to respond. Additionally, RIP employs timers such as the hold-down timer to lessen the chance of a routing loop. These timers, how- ever, also lengthen the amount of time that incorrect information might be propagated through the network. Denise Donohue, Global Knowledge Instructor, CCIE #9566 Choosing the Right Interior Routing Protocol Copyright ©2005 Global Knowledge Network, Inc. All rights reserved. Page 2 Ease of Use RIP is an easy protocol to use. All that is required is to enable RIP and configure a network statement for the router interfaces that will be running RIP. RIP version 1 is a classful routing protocol, and thus all links within the RIP domain must use the same subnet mask. RIP version 2 is classless, and thus supports variable-length subnet masking (VLSM). With either version of RIP, the network statement lists only the classful network. Network Topology The best place to use RIP is in a small network with links of about the same bandwidth since its metric does not account for differences in bandwidth. The more stable the network, the bet- ter RIP performs. RIPv1 is best used on links with only RIP devices, since its advertisements are sent as broadcasts. If it were used on a LAN link with hosts as well as a neighbor router on the link, the hosts would be interrupted every 30 seconds by RIP broadcasts. This is not a problem with RIPv2, since it sends its advertisements to the multicast address of 224.0.0.9. Only devices listening for that multicast address would be affected. When using RIPv1, the same subnet mask must be used on every subnet of a classful net- work. There must be no discontiguous subnets. RIPv2 can handle networks with VLSM, since you can disable auto-summarization. Vendor Support Since RIP is such a well-known protocol, it is very widely supported. All Cisco routers support it, as well as firewalls, Microsoft Windows operating systems, and Unix-based operating sys- tems. Some networks must run RIP in order to support a Unix computer. If that is the case in your network, consider sectioning off that part of the network, confining the RIP portion of the network to as few devices as possible. Run a more sophisticated protocol in the rest of the network, and redistribute the RIP routes into it. If possible, inject only a default route into the RIP area. IPv6 Support There is a version of RIP that supports IPv6, called RIPng (RFC 2080). It is available begin- ning in Cisco IOS version 12.2(8)T9. Tasks and Tips On a Cisco router, enable RIP under the global configuration mode and then list the classful networks for the interfaces where you want to run RIP. For instance, suppose you have the network shown in the drawing below. Copyright ©2005 Global Knowledge Network, Inc. All rights reserved. Page 3 Router B has three interfaces. Two are in the classful network 10.0.0.0, and one is in the classful network 172.20.0.0. Suppose you want Routers A, B, and C to all exchange RIP infor- mation. The configuration on Router B would then be: (config)#router rip (config-router)#network 10.0.0.0 (config-router)#network 172.20.0.0 The default configuration sends RIPv1 advertisements and listens for both version 1 and ver- sion 2 advertisements. The version can be configured under the router configuration mode, for the entire RIP process, or in interface configuration mode, for just that interface. In the previ- ous example, suppose you want to run RIP version 2 in general, but version 1 on the interface connecting to Router C (you can choose which version to both send and receive): (config)#router rip (config-router)#version 2 (config-router)#interface s1/0 (config-if)#ip rip send version 1 (config-if)#ip rip receive version 1 You may not want all interfaces with IP addresses in the classful network to be running RIP; in that case, you can use the passive-interface <interface> command. Making an interface pas- sive for RIP stops the router from sending advertisements out that interface. It will still listen to RIP advertisements coming in that interface, however, and will still advertise the network assigned to that interface. A variation of this is the command passive-interface default. This makes all interfaces encompassed in the network statement passive for RIP. You can then enable RIP on a specific interface with no passive-interface <interface>. In the drawing above, the LAN interface has no other routers on it, only hosts. It would make sense to make that interface passive for RIP. The commands to accomplish that are: Copyright ©2005 Global Knowledge Network, Inc. All rights reserved. Page 4 (config)#router rip (config-router)#passive-interface fa0/0 Another option with RIPv2 is to make an interface passive, then add a neighbor statement list- ing the IP address of the router on the other end of a link. RIP will then send its updates as a unicast out that interface, to that neighbor. If you wanted to do this for Router A, for example, use the following commands: (config-router)#passive-interface s1/1 (config-router)#neighbor 172.20.4.2 RIP will automatically summarize up to the classful network when advertising routes out an interface belonging to a different classful network. For instance, in our example network, Router B would not advertise the two subnets 10.1.0.0 and 10.2.0.0 to Router A. It would instead summarize and advertise only network 10.0.0.0. Similarly, Router B would summarize the 172.20.4.0 subnet and advertise 172.20.0.0 to Router C. You can disable this functionality in RIPv2 with the following command: (config-router)#no auto-summary Turning off auto-summarization causes RIP to advertise every subnet to its neighbors. This isn’t necessarily a good thing – it makes the routing tables and route advertisements larger. RIPv2 allows you to manually configure summarization at the interface level. The command looks like this: (config-if)#summary-address rip <network> <subnet_mask> When using RIP in only a portion of your network, it is good practice to redistribute the RIP routes into your primary (core) protocol, and represent the core networks with either a default or static routes in the RIP portion of the network. To configure RIP to advertise a default route to its neighbors, first configure a static default route pointing to a neighbor core router. Then tell RIP to generate default information to its peers: (config)#ip route 0.0.0.0 0.0.0.0 <neighbor_ip_address> (config)#router rip (config-router)#default-information originate Copyright ©2005 Global Knowledge Network, Inc. All rights reserved. Page 5 RIP Summary Convergence Speed — Slow Ease of Use — Easy to understand and use Network Topology — No special topology required Vendor Support — Widely supported by many vendors IPv6 Support — Supported When to Use — Small, homogenous, stable network. When hosts require its use Open Shortest Path First (OSPF) OSPF is an open standard link-state protocol, described in several RFCs. It calculates its best path using the Shortest Path First algorithm originated by Edgars Djikstra. OSPF’s metric is cost. On Cisco routers, “cost” is based on bandwidth – the default value is 108 divided by interface bandwidth. OSPF adds the cost of each link along the path to the destination net- work. The SPF algorithm uses this metric to build a tree containing the shortest (least-cost) path to each network. Running the SPF algorithm is very CPU intensive, which could be a lia- bility in an unstable network. Advertisements are sent as multicasts, and once a router has converged, only triggered updates are sent. Convergence Speed OSPF is one of the fastest-converging protocols. When an OSPF router learns about a change in network topology, it forwards the information to its neighbors before recalculating its routing information. This helps speed up convergence. Each router maintains a link-state database containing information about all networks in the OSPF routing domain. If a network goes down, there is no need for a router to query its neighbors – it already knows any alternate paths to that network. Once a router has updated its neighbors, it reruns the SPF algorithm and sub- mits the resulting routes to the routing table. Ease of Use A basic OSPF configuration is fairly easy to configure. However, one of the protocol’s strengths is the ability to customize it to better fit your network needs. An OSPF configuration can get very complex if you take advantage of its many features. On the plus side, many network engi- neers are knowledgeable and skilled in the protocol, since it is so widely used. Network Topology OSPF requires a two-level hierarchy. There is a backbone area called Area 0, and all traffic between areas transits Area 0. It fits well in hub-and-spoke networks, where you have a well- defined backbone with groups of networks branching out from it. The need for this type of topology is often the most challenging part of implementing OSPF in an existing network. Area 0 should have the most redundancy and the most bandwidth, as it is a transit area. All the other areas are required to have at least one router with at least one interface in Area 0. OSPF provides virtual links as a way around this requirement as a temporary measure while transi- tioning the network to fit the OSPF model. IP addressing should follow the network topology to allow for summarization of routes. For the most efficient operation, assign your IP subnets so that each area’s routes are able to be sum- marized into as few advertisements as possible. Without summarization, information about all routes is sent to every router in the OSPF domain. When any link goes down, all routers then have to receive that information and rerun the SPF algorithm. OSPF only allows summariza- tion at the ABRs (area border router) and ASBRs (autonomous system boundary router). In a pure hub-and-spoke network, you may be able to designate areas as stub or totally stubby areas. This helps make OSPF operation even more efficient, as it limits the information routers in the stub areas must maintain. Copyright ©2005 Global Knowledge Network, Inc. All rights reserved. Page 6 Vendor Support OSPF is a standards-based protocol. It is supported by most routers, many firewalls, and some versions of Windows. Thus, it is good for use in a multi-vendor environment. IPv6 Support Support for IPv6 is built into OSPF version 3. Cisco routers include OSPFv3 beginning in IOS 12.2(15)T9. Tasks and Tips On a Cisco router, enable OSPF under the global configuration mode. You must specify a process number – this number is local to the router. Then enable OSPF on interfaces and assign those interfaces to areas using the network statement. The network statement requires a wildcard mask after the prefix information. This allows you to either specify a range of inter- faces to be included in the OSPF process or limit it to one particular IP address. The network statements are read from the top down, so more specific statements should be configured first. The following examples are based on this diagram: Copyright ©2005 Global Knowledge Network, Inc. All rights reserved. Page 7 In this example, the requirement is to enable OSPF area 0 between Router A and Router B, and OSPF area 10 between Router B and Router C. On Router B, we specify interface S1/1 by its exact IP address and include interfaces Fa0/0 and S1/0 in one network statement: (config)#router ospf 1 (config-router)#network 172.20.4.1 0.0.0.0 area 0 (config-router)#network 10.0.0.0 0.255.255.255 area 10 This configuration makes Router B an area border router, as it belongs to both area 0 and area 10. This is a basic OSPF configuration; some additional changes can make OSPF more eff i c i e n t . Recall that all OSPF routers within an area must have an identical link state database. With a basic configuration, all network information would be flooded throughout the entire OSPF rout- ing domain. This can create a very large OSPF database, using a significant amount of memo- ry. When there is a topology change, all routers would be involved in convergence. This adversely impacts router CPU and network bandwidth. Additionally, as a general rule, the more routers involved in convergence, the slower the convergence time. Some tuning of OSPF can make it more efficient in terms of router and network resource use. It would make sense to make area 10 totally stubby – Router C would then have only intra- area routes and a default route pointing to Router B. There is no need to send OSPF hellos out interface Fa0/0, so make it a passive interface. Additionally, if all subnets of 10.1.0.0/16 are in area 10, we could summarize the routes advertised into area 0. (config-router)#area 10 stub no-summary (config-router)#passive-interface fa0/0 (config-router)#area 10 range 10.1.0.0 255.255.0.0 With these simple changes, a topology change in area 10 does not affect Router A at all, as long as the summary route is still valid. Similarly, a topology change in area 0 does not affect Router C at all. Router B is still affected by topology changes in both areas, since Area Border Routers keep the complete database for each area they border. A good design consideration is to have several ABRs each bordering a few areas, rather than a few ABRs each bordering many areas. When designing an OSPF network, it is common to wonder how many routers and networks to put in one area, and how many areas to have. There is no single good answer to these ques- tions, as they depend on many factors. For example, networks with good summarization can accommodate more routers per area, networks with many stub areas can accommodate more areas, and routers with fast CPUs and high memory can hold more information in their data- bases. The main thing is to understand OSPF and work with it, rather than trying to challenge it. Awell-designed OSPF network can converge quickly (in under a second) and operate eff i c i e n t- ly. For instance, consider the following network (some links have been omitted for simplicity): Copyright ©2005 Global Knowledge Network, Inc. All rights reserved. Page 8 One possible design would be to put the Core routers in Area 0, along with the connected interfaces of the Distribution routers. The two Distribution routers on the left, and their connect- ed Access routers, would comprise one area. The two Distribution routers on the right, along with their connected Access routers, would comprise another area. Summarization could be done only on the Distribution routers. As a result, the Distribution and Access-layer routers could have about 1,030 routes in their routing tables. Also, at least six routers are involved in convergence when there is a topology change. (Perhaps more, if there are other routers in the Access-layer “cloud”.) Contrast this with the same network, in the EIGRP section. Another option would be to extend Area 0 to include the links between the Distribution and Access-layer routers. Then each Access-layer router would be its own OSPF area, could sum- marize its subnets to a 16-bit mask (e.g., 10.4.0.0/16), and could be a stub area. This would minimize the number of routes per router, and the number of routers involved in convergence in each area, but it also means that the Access routers are part of the core area. Hopefully, this helps you see that network design is a serious consideration with OSPF. In this time of such high security concerns, I would be lax not to mention authentication. OSPF can do both clear text and MD5 authentication between routers. This is a good feature to use to prevent an attacker from hijacking your routing and injecting false routes. As long as you’re using authentication, you might as well use MD5, as it is more secure. Commands to enable this are given both under the OSPF routing process and under the interface configuration mode. As an example, if we wished to use authentication in area 0, using “aSecret1” as the password, we would configure Router B as follows: Copyright ©2005 Global Knowledge Network, Inc. All rights reserved. Page 9 (config)#router ospf 1 (config-router)#area 0 authentication message-digest (config-router)#interface s1/1 (config-if)#ip ospf message-digest-key 1 md5 aSecret1 One last thing to plan in OSPF is the router ID. Each OSPF router is identified in the database by an IP address. Router ID can be statically configured under the OSPF process, or dynamically chosen by the router. If it is not statically configured, then the router chooses the highest loop- back interface IP address, if any loopbacks are present. If not, then the router chooses the highest IP address of an active interface. Duplicate router IDs can cause a problem in the net- work and break your routing. The safest way to ensure that each router has a unique router ID is to first create a loopback interface on each router with the IP address you wish to use as that r o u t e r’s ID. Next, statically configure that IP address to be the router ID under the OSPF process. Then the router ID will be unique, it will not change, and you can ping it when troubleshooting. Enhanced Interior Gateway Protocol (EIGRP) EIGRP is a Cisco proprietary distance-vector routing protocol. It was created to be used with basically any media and network topology, to converge quickly, and to use network resources efficiently. It uses an algorithm called DUAL – Diffusing Update Algorithm – to calculate a loop- free path to each network. It really shines in networks with more than two levels of hierarchy, because you can summarize at any router’s interface. EIGRP’s metric is based on the lowest bandwidth on the path to a network, and the sum of the interface delays along the path to that network. Convergence Speed In a properly designed network, EIGRP converges very quickly. For every destination network, it will attempt to identify a backup route. Then, if the primary route goes down, the router immediately inserts the backup route into the table. No recalculation or querying of neighbors is necessary. The catch to this is that an alternative path to each network must exist. Additionally, EIGRP must be able to insure that the alternative path is loop-free. It does this by comparing the metric (or distance) advertised by each neighbor, for each network, to the metric of its best route to that network. Any neighbor with an advertised distance less than the best distance can be used as a backup next hop. Copyright ©2005 Global Knowledge Network, Inc. All rights reserved. Page 10 OSPF Summary Convergence Speed — Fast Ease of Use — More complex than RIP or EIGRP Network Topology — Requires a two-level hierarchy with backbone are. Scales to very large networks in a hierarchical network Vendor Support — Widely supported by many vendors IPv6 Support — Supported in OSPF v3 When to Use — In a (possibly multi-vendor) network with a two-level hierarchy, and IP addressing design that allows summarization [...]... native IP routing protocols Configuring it is not difficult, however, once you understand how it works The main problem is that fewer companies use IS-IS than use OSPF, and thus fewer network engineers know how to support it IS-IS configurations tend to be less complex than OSPF, mostly because there are fewer changes you can make to the protocol s operation Network Topology IS-IS is a link-state protocol. .. Denise has her CCIE certification in Routing and Switching For Further Reading • Routing TCP/IP, Jeff Doyle, Cisco Press • Advance IP Network Design, Alvaro Retana, Don Slice, Russ White, Cisco Press Copyright ©2005 Global Knowledge Network, Inc All rights reserved Page 20 • EIGRP for IP, Alvaro Retana, Russ White, Don Slice, Addison-Wesley • OSPF: Anatomy of a Routing Protocol, John T Moy, Addison-Wesley... Intermediate System Thus, the protocol defines communication from an Intermediate System to another Intermediate System IS-IS is a link-state protocol and, like OSPF, divides the network into areas All inter-area communication goes through the backbone, but the backbone is not a discrete area An IS-IS backbone is merely an unbroken string of routers doing Level 2 (inter-area) routing These routers can... installed in the routing table EIGRP also adapts itself to various types of network links It sends hello messages less frequently on slower links It also paces its packets so that it will not overwhelm a link – EIGRP limits itself to using half of the bandwidth configured on an interface This bandwidth percent is also configurable Vendor Support EIGRP is a Cisco-proprietary routing protocol, so all... addressing is designed for summarization Copyright ©2005 Global Knowledge Network, Inc All rights reserved Page 14 Intermediate System – Intermediate System (IS-IS) IS-IS is a routing protocol created by the ISO and is based on OSI protocols, not on IP However, there is a version of IS-IS adapted to carry IP route information, called “Integrated IS-IS” This is the version we discuss here IS-IS uses CLNS... things: it reduces the amount of update traffic, it reduces the length of routing tables, and it sets boundaries for queries Bounding queries is an important consideration with EIGRP When a router loses the path to a network and doesn’t have a backup path, then it must query all its neighbors If those routers had the network in their routing tables and don’t have a backup path either, then they must in... Additionally, you must plan the IP addressing scheme IS-IS is a classless protocol, thus you can use VLSM It is also capable of summarizing IP addresses You would typically want to plan your IP addressing so that you are able to summarize at area borders This reduces the amount of information your neighbor routers must store in their routing tables, and also the amount of information your router must send... configuration mode The command is similar to those in other protocols If Router D were summarizing its two subnets, the command would be: (config-router)#summary-address 10.4.0.0 255.254.0.0 One last option you should consider is authentication With IS-IS, passwords can be configured either at an interface, for an entire area, or for the entire IS-IS routing domain Passwords configured at an interface are... thus authenticate the establishment of adjacencies The area password is carried in all L1 messages and authenticates the exchange of intra-area routing information The domain-wide password is carried in L2 messages and thus authenticates the exchange of inter-area routing information Multiple types of passwords can be used on a router However, you should understand that these passwords are sent as clear... of this writing, EIGRP support for IPv6 is still being developed Tasks and Tips Enable EIGRP routing under the global configuration mode You must specify an autonomous Copyright ©2005 Global Knowledge Network, Inc All rights reserved Page 12 system number; this number must match on all routers that exchange routing information The network statement enables EIGRP on any interface that falls within the . wishing more information on a particular protocol. Routing Information Protocol (RIP) RIP was one of the first IP routing protocols. It is simple to understand. Right Interior Routing Protocol 1-800-COURSES www.globalknowledge.com Expert Reference Series of White Papers Introduction Choosing an IP routing protocol is