* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Integrating Cisco Press Resources into the
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Internet protocol suite wikipedia , lookup
Backpressure routing wikipedia , lookup
Network tap wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Computer network wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Airborne Networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Switching Basics and Intermediate Routing CCNA 3 Chapter 2 www.ciscopress.com Link-State Routing Overview Maintaining Routing Information Via Link States • Link-state routing algorithms, also known as shortest path first (SPF) algorithms, build a complex database of topology information – The algorithms compute the shortest path between nodes – Maintains full knowledge of distant routers and how they interconnect www.ciscopress.com Link-State Routing Overview Maintaining Routing Information Via Link States • Link-state routing uses link-state advertisements (LSAs) – A basic building block that describes a router’s local topology and is distributed to all other routers in the area • Link-state routing uses a topological database (or link-state database) – The set of all links learned from the flooding of LSAs – Synchronized with all other routers in the area www.ciscopress.com Link-State Routing Overview Maintaining Routing Information Via Link States • OSPF and Intermediate System-to-Intermediate System (IS-IS) are link-state routing protocols – Collect routing information from all other routers in the area – Each router calculates all the best paths to all destinations in the network – Because each router calculates best paths, they are less likely to propagate incorrect information learned from a neighboring router www.ciscopress.com Link-State Routing Overview Maintaining Routing Information Via Link States • Link-state routing protocols were designed to overcome the limitations of distance vector routing protocols – Respond quickly to network changes – Send only triggered updates – Send periodic updates at long intervals, such as every 30 minutes – A hello mechanism determines reachability of neighbors www.ciscopress.com Link-State Routing Overview Maintaining Routing Information Via Link States Link-State Routing Relies on Complex Mechanisms to Permit Stable, Synchronous and High-Speed Routing www.ciscopress.com Link-State Routing Overview Maintaining Routing Information Via Link States • When a failure occurs in a network: – Link-state protocols flood LSAs; use a special multicast address – Each link-state router takes a copy of the LSA, updates its topological database, and forwards the LSA to neighboring routers – All link-state routers in the area recalculate their routing tables using the Dijkstra SPF algorithm • A link is similar to an interface on a router – The state of the link is a description of the interface and its relation to its neighboring routers www.ciscopress.com Link-State Routing Overview Maintaining Routing Information Via Link States OSPF Uses a Two-Layer Hierarchy www.ciscopress.com Link-State Routing Overview Maintaining Routing Information Via Link States Two primary elements exist in the two-layer hierarchy 1. Area: A grouping of contiguous networks • • Areas are logical subdivisions of the autonomous system Each area must be connected directly to the backbone area (known as area 0) 2. Autonomous System (AS): A collection of networks under a common administration • • Share a common routing strategy Can be logically subdivided into multiple areas www.ciscopress.com Link-State Routing Overview Maintaining Routing Information Via Link States – The backbone area is the transition area • All other areas communicate through it • All non-backbone areas are connected to it – These can be configured as a stub area, a totally stubby area, or a not-so-stubby area (NSSA) (not covered in this curriculum) to reduce the sizes of the link-state database and the routing table www.ciscopress.com Link-State Routing Overview Link-State Routing Protocol Algorithms • Link-State Routing Protocol Algorithms: – Rely on SPF protocols to maintain a complex database of the network topology – Develop and maintain a full knowledge of the network routers and how they interconnect • Use LSAs to exchange information with other routers – Each router that has exchanged LSAs constructs a topological database • The SPF algorithm is used to compute reachability to destination networks • A routing table is built from this information, containing only lowest-cost routes www.ciscopress.com Link-State Routing Overview Link-State Routing Protocol Algorithms • (continued): – LSA exchanges are triggered events • Greatly speed up convergence process • No need to wait for a series of timers to expire before the networked routers can begin to converge www.ciscopress.com Link-State Routing Overview Link-State Routing Protocol Algorithms Cost Metric Determines Shortest Path for Link-State Routing Protocols www.ciscopress.com Link-State Routing Overview Link-State Routing Protocol Algorithms Next Hops and Costs for Destination Routes (Previous Slide) www.ciscopress.com Link-State Routing Benefits of Link-State Routing • Link-state protocols use cost metrics to choose paths – Cost metric reflects the capacity of the links • Routing updates are less frequent • Network can be segmented into area hierarchies – Limits the scope of route changes • Link-state protocols send only updates of a topology change – Use triggered, flooded updates which lead to faster convergence times www.ciscopress.com Link-State Routing Benefits of Link-State Routing • Each router has a complete and synchronized picture of the network – Difficult for routing loops to occur • LSAs are sequenced and aged – Routers always base their routing information on the most recent set of information • With careful design work, size of link-state databases can be minimized – Smaller Dijkstra calculations and faster convergence www.ciscopress.com Link-State Routing Limitations of Link-State Routing • In addition to a routing table, link-state protocols require: – A topological database – An adjacency database • Lists all the relationships formed between neighboring routers for the purpose of exchanging routing information – A forwarding table • A data structure of a stripped down association between network prefixes and next hops www.ciscopress.com Link-State Routing Limitations of Link-State Routing • Dijkstra’s algorithm requires CPU cycles to calculate best paths through the network – If the network is large or unstable, this can require a significant amount of CPU time • Not a problem for most modern routers • A strict hierarchical network design is required to divide the network into smaller areas – Reduces the excessive use of memory and CPU cycles – Reduces size of topology tables and Dijkstra calculations – Areas must be contiguous at all times www.ciscopress.com Link-State Routing Limitations of Link-State Routing • Although configuration of link-state networks is usually simple, configuring a large network can be challenging • Trouble-shooting is usually easier, as every router has a copy of the topology – However, interpreting the information requires a good understanding of link-state routing concepts • Link-state protocols usually scale to bigger networks than distance vector protocols www.ciscopress.com Link-State Routing Limitations of Link-State Routing • Link-state routing raises two concerns: – During the initial discovery process, link-state routing protocols flood the network with LSAs • Significantly decreases the network’s capability to transport data • This is temporary, but noticeable – Link-state routing is both memory- and processor-intensive • Greater demand requires higher-end routers that cost more www.ciscopress.com Single-Area OSPF Concepts • OSPF was developed by the Interior Gateway Protocol (IGP) group of the Internet Engineering Task Force (IETF) – Created in mid 1990s because RIP was unable to serve large, heterogeneous networks • OSPF has two primary characteristics: – Protocol is an open standard, not proprietary – Based on the SPF algorithm www.ciscopress.com Single-Area OSPF Concepts Comparing OSPF with Distance Vector Routing Protocols • OSPF is a link-state protocol, RIP and IGRP are distance vector protocols – Distance vector protocols send all, or a portion of, their routing table in updates to their neighbors • A link is an interface on a router – The state of the link describes the interface and its relationship to neighboring routers • Can include IP address, subnet mask, type of network • The collection of link states forms a link-state database www.ciscopress.com Single-Area OSPF Concepts Comparing OSPF with Distance Vector Routing Protocols • An OSPF router sends LSA packets to periodically advertise its link states instead of sending routing table updates – Information about attached interfaces and metrics are included – LSAs are flooded to all routers in the area – As OSPF routers accumulate link-state information, they use the SPF algorithm to calculate the shortest path to each destination www.ciscopress.com Single-Area OSPF Concepts Comparing OSPF with Distance Vector Routing Protocols • A topological (link-state) database is an overall picture of networks in relationship to routers – Contains the collection of LSAs received from all routers in the same area – Database is pieced together from the LSAs – Routers in the same area have identical topological databases www.ciscopress.com Single-Area OSPF Concepts Comparing OSPF with Distance Vector Routing Protocols • OSPF can operate within a hierarchy – The largest entity is the Autonomous System (AS): • A collection of networks under a common administration that share a common routing strategy • An AS can be divided into several areas, which are groups of contiguous networks and attached hosts www.ciscopress.com Single-Area OSPF Concepts OSPF Hierarchical Routing • OSPF’s capability to separate a large network into multiple areas is known as hierarchical routing – Hierarchical routing enables you to separate a large internetwork (AS) into smaller internetworks called areas – Routing still occurs between areas • Many of the minute internal routing operations, such as recalculating the database, are kept within an area www.ciscopress.com Single-Area OSPF Concepts OSPF Hierarchical Routing OSPF Uses Areas to Provide Hierarchy www.ciscopress.com Single-Area OSPF Concepts OSPF Hierarchical Routing • OSPF’s hierarchical topology possibilities have the following advantages: – Reduced frequency of SPF calculations – Smaller routing tables – Reduced link-state update overhead www.ciscopress.com Single-Area OSPF Concepts Dijkstra’s Algorithm • In Dijkstra’s algorithm, the best path is the lowest cost path – Named for Edsger Wybe Dijkstra, a Dutch computer scientist – Each link has a cost – Each node has a name – Each node has a complete topological database www.ciscopress.com Single-Area OSPF Concepts Dijkstra’s Algorithm Dijkstra’s Algorithm Uses Cost Metric www.ciscopress.com Single-Area OSPF Concepts Dijkstra’s Algorithm • Dijkstra’s algorithm places each router at the root of a tree – Calculates the shortest path to each node based on the cumulative cost to reach the destination – Each router has its own view of the topology – Each router uses the information in its topological database to calculate a shortest-path tree, with itself as the root – The router uses this tree to route network traffic www.ciscopress.com Single-Area OSPF Concepts Dijkstra’s Algorithm • The cost, or metric, of an interface indicates the overhead that is required to send packets across that interface – The OSPF cost of an interface is inversely proportional to that interface’s bandwidth • Higher bandwidth equals lower cost • Cost = 100,000,000 / bandwidth in bps www.ciscopress.com Single-Area OSPF Concepts Dijkstra’s Algorithm Shortest Path is Measured from Each Root Node to Build a Shortest Path Tree www.ciscopress.com Single-Area OSPF Configuration Basic OSPF Configuration • The router ospf command takes a process identifier as an argument: – Router (config)# router ospf process-id – The process ID is a locally significant number between 1 and 65,535 that you select to identify the routing process • It does not need to match the OSPF process ID on other OSPF routers www.ciscopress.com Single-Area OSPF Configuration Basic OSPF Configuration • The network command identifies which IP networks on the router are part of the OSPF network: – Router(config-router)#network address wildcardmask area area-id (all on one command line) Parameters of a network Command www.ciscopress.com Single-Area OSPF Configuration Basic OSPF Configuration • The wildcard mask is sometimes called an inverse mask because it is the inverse of the subnet mask for the network – This is not required; many network administrators use the 0.0.0.0 option to match the interface Basis OSPF Network with Each Router in Area 0 www.ciscopress.com Single-Area OSPF Configuration Basic OSPF Configuration Using the network statement in OSPF www.ciscopress.com Single-Area OSPF Configuration Basic OSPF Configuration • A router uses the OSPF hello protocol to establish neighbor relationships – Hello packets let other routers know they are still functional • On networks supporting more than two routers (multiaccess networks), such as Ethernet networks, the hello protocol elects: – A designated router (DR) • Generates LSAs • Manages link-state synchronization – A backup designated router (BDR) • Becomes the DR if the existing DR fails www.ciscopress.com Single-Area OSPF Configuration Loopback Interfaces • The OSPF router ID is the number by which the router is known to OSPF • To modify the OSPF router ID to a loopback address use this command: – Router(config)#interface loopback number • The highest IP address on an active interface of a router at startup can be overridden by using a loopback address – OSPF is more reliable if a loopback interface is configured because a loopback interface is always active www.ciscopress.com Single-Area OSPF Configuration Modifying the OSPF Cost Metric • OSPF uses cost as the metric to determine the best route – Cost is associated with the output side of an interface – It is calculated with the formula cost = 100,000,000/bandwidth in bps – The lower the cost, the more likely the route is to be used www.ciscopress.com Single-Area OSPF Configuration Modifying the OSPF Cost Metric OSPF Cost Values www.ciscopress.com Single-Area OSPF Configuration Modifying the OSPF Cost Metric • It is essential for proper OSPF operation that the correct interface bandwidth is set: – Router(config)#interface serial 0 – Router(config-if)#bandwidth 56 • Cost can be changed to influence the outcome of OSPF cost calculation – When costs are from different vendors are unequal, might want to make change to match costs – Might need to change cost to account for Gigabit Ethernet • Use this command to change cost: – Router(config-if)#ip ospf cost number www.ciscopress.com Single-Area OSPF Configuration OSPF Authentication • A router trusts the information that is coming from a router that should be sending it the information • To guarantee this trust, routers in a specific area can be configured to authenticate each other with OSPF authentication – Each interface can present an authentication key that the router uses to send OSPF information to other routers on the segment – The key, known as a password, is a shared secret between the routers – The key can be up to eight characters long – The key generates the authentication data in the OSPF header www.ciscopress.com Single-Area OSPF Configuration OSPF Authentication • Use the following syntax to configure OSPF authentication: – Router(config-if)#ip ospf authentication-key password • After the password is configured, authentication must be enabled: – Router(config-router)#area area-number authentication • With simple authentication, the password is sent as plain text (security risk) • Configure encryption of the password www.ciscopress.com Single-Area OSPF Configuration OSPF Authentication • Authentication password encryption syntax: – Router(config-if)#ip ospf message-digest-key key-id encryptiontype md5 key (all on one line!) – The key-id is an identifier with a value of between 1 and 255 – The encryption-type refers to the type of encryption, where 0 means none and 7 means proprietary • The following is configured in router configuration mode on a router with an interface in the area area-id – Router(config-router)#area area-id authentication message-digest • MD5 creates a message digest, which is scrambled data based on the password and the message contents – If the digests match, the receiving router trusts the data www.ciscopress.com Single-Area OSPF Configuration OSPF Network Types and OSPF Timers • OSPF interfaces automatically recognize three OSPF network types: – – – – Broadcast multiaccess, such as Ethernet Point-to-point networks Nonbroadcast multiaccess networks (NBMA), such as Frame Relay An administrator can manually configure a fourth OSPF network type: point-to-multipoint • In a multiaccess network, it is not known in advance how many routers will be connected • In point-to-point networks, only two routers will be connected www.ciscopress.com Single-Area OSPF Configuration OSPF Network Types and OSPF Timers • In a broadcast multiaccess network segment, many routers can be connected – If every router has to establish adjacency with every other router, [n * (n-1) / 2] adjacencies need to be formed • For 5 routers the formula would be 5*(5-1) / 2 = 5*4 / 2 = 20 / 2 = 10 adjacencies • Routers hold an election for a DR router – This router becomes adjacent to all other routers in the broadcast segment • All other routers send their link-state information to the DR • The DR sends link-state information to all other routers on the segment by using the 224.0.0.5 multicast address www.ciscopress.com Single-Area OSPF Configuration OSPF Network Types and OSPF Timers • Despite the gain in efficiency that electing a DR provides, a disadvantage exists: – The DR is a single point of failure • A second router is elected the BDR to take over in case the DR fails • To make sure that both the DR and BDR see the link states that all routers send on the segment, the 224.0.0.6 multicast address is used • On point-to-point networks, no DR or BDR is elected; both routers become fully adjacent www.ciscopress.com Single-Area OSPF Configuration OSPF Network Types and OSPF Timers OSPF Network Type, Characteristics, and DR Election www.ciscopress.com Single-Area OSPF Configuration OSPF Network Types and OSPF Timers • OSPF uses: – Hello intervals • Default of 10 seconds on broadcast networks • Default of 30 seconds on nonbroadcast networks – Dead intervals (4 times the hellow interval by default) • Default of 40 seconds on broadcast networks • Default of 120 seconds on nonbroadcast networks • To change the default times: – Router(config-if)#ip ospf hello-interval seconds – Router(config-if)#ip ospf dead-interval seconds www.ciscopress.com Single-Area OSPF Configuration Propagating a Default Route • OSPF routing ensures loop-free paths to every network in the routing domain – To reach networks outside the domain, either OSPF must know about the network or OSPF must have a default route • To have an entry for every network in the world would require enormous resources for each router • A practical alternative is to add a default route to the OSPF router connected to the outside network • This default route can be redistributed to each router in the AS through normal OSPF updates www.ciscopress.com Single-Area OSPF Configuration Propagating a Default Route • To configure a static default route: – Router(config)#ip route 0.0.0.0 0.0.0.0 [interface | next hop address] • This is referred to as the quad-zero route • Any destination network address is matched – To propagate this route to all the routers in a normal OSPF area: • Router(config-router)#default-information originate • All routers in the OSPF area learn a default route provided that the interface of the border router to the gateway router is active www.ciscopress.com Single-Area OSPF Configuration Verifying OSPF Configuration • Several show commands display information about OSPF configuration: – Display parameters about timers, filters, metrics and networks: show ip protocols – Display the routes that are known to the router: show ip route – Verify that interfaces have been configured in the intended areas: show ip ospf interface – Display OSPF neighbor information on a per-interface basis: show ip ospf neighbor www.ciscopress.com Single-Area OSPF Configuration Troubleshooting OSPF Output from the debug ip ospf events Command www.ciscopress.com Single-Area OSPF Configuration Troubleshooting OSPF • The debug ip ospf events output might appear if: – The IP subnet masks for routers on the same network do not match – The OSPF hello interval does not match that configured for a neighbor – The OSPF dead interval does not match that configured for a neighbor • If a router configured for OSPF does not see a router on an attached network – Make sure both routers are configured with the same subnet mask, OSPF hello and dead intervals – Make sure both neighbors are part of the same area type www.ciscopress.com Single-Area OSPF Configuration Troubleshooting OSPF Sample Output from the debug ip ospf packet Command www.ciscopress.com Single-Area OSPF Configuration Troubleshooting OSPF Fields in debug ip ospf packet Output www.ciscopress.com Single-Area OSPF Configuration Troubleshooting OSPF Fields in debug ip ospf packet Output (continued) www.ciscopress.com Summary • Link-state routing protocols such as OSPF and IS-IS quickly and reliably propagate routing information within an AS • Link-state routing protocols build link-state databases, which are synchronized with link-state advertisements (LSAs) – The link-state protocol then applies Dijkstra’s algorithm (SPF) to determine the best path(s) to each destination, which are then installed in the routing table • OSPF is the most commonly deployed link-state protocol – Employs DRs and BDRs on broadcast segments to optimize propagation of link-state information – Each link uses hello and dead interval timers depending on OSPF network type: broadcast multiaccess, NBMA, point-to-point, point-tomultipoint www.ciscopress.com Summary • OSPF is configured by: – Defining which interfaces will participate in a given OSPF process for a specific area • Use the network statements coupled with inverse masks • Inverse masks are often created to exactly match the subnet mask of the network associated with the given link, or they can be defined simply with a 0.0.0.0 mask to exactly match their interface ID • Verifying OSPF configurations is done with these commands: show ip protocol, show ip route, show ip ospf interface, show ip ospf neighbor • Troubleshooting OSPF is done with these commands: debug ip ospf events, debug ip ospf packets www.ciscopress.com