08 Mar 12 IPv6 – Plug n Play
Hi Folks
One of the most published feature of IPv6 is its plug n play capability. The stateless “Autoconfiguration” of the node makes it really convenient to the masses to adapt the technology. The host generate a link local address exchanging following ICMP messages and then performs “link local uniqueness test” like gratious arp in IPv4.
In this post we will see the detailed process as it happen and understand the packet format. In IPv6 ARP is been replaced by Neighbor Discovery (ND) process, it uses IPv6 version of ICMP to do this called ICMPv6. ICMPv6 is essentially ICMP packets with different codes. Eg: Destination Unreachable is Type -1, Echo request/reply is type 128 & 129 respectively.
Nodes (hosts and routers) use Neighbor Discovery to determine the link-layer addresses for neighbors known to reside on attached links and to quickly purge cached values that become invalid. Hosts also use Neighbor Discover to find neighboring routers that are willing to forward packets on their behalf. Finally, nodes use the protocol to actively keep track of which neighbors are reachable and which are not, and to detect changed link-layer addresses. When a router or the path to a router fails, a host actively searches for functioning alternates. The next header field value 58 in IPv6 header indicate ICMPv6.
Neighbor Discovery (ND) defines five new ICMPv6 packets to provide Auto-confih, dead mode recovery and route optimization.
- Router Solicitation (RS) – Hosts send Router Solicitations in order to prompt routers togenerate Router Advertisements quickly. Source address of RS might be unspecified and destination address is typically FF02::2 (all router, link scope). ICMP type is 133.
- Router Advertisement (RA) – Routers send out Router Advertisement messages periodically, or in response to Router Solicitations. Source address is the router’s link scope address on the interface attached to the link. Destination address is FF02::1. Also RA contains lifetime typically 1800 second in IOS. A router with lifetime value 0 indicate that it is not a default router. If there is more than one router on LAN then windows choose the first router however Cisco router can send high/medium/low preference in RAs. RA contains prefix-list which informs host about the valid network prefixes. Each entry in the list includes – one global unicast address prefix. RA also contains MTU and hop-limit information. ICMP type is 144. The packet format ,
M – 1 bit “Managed address configuration” flag when set, it indicates that addresses are available via Dynamic Host Configuration Protocol [DHCPv6].
O – 1 bit flag when set indicate router may use router advertisement but should consult DHCP.
- Neighbor Solicitation- Sent by a node to
- determine the link-layer address of a neighbour
- to verify that a neighbor is still reachable via a cached link-layer address.
- Neighbor Solicitations are also used for Duplicate Address Detection.
Source address is link local address, destination address is solicitated-node multicast address. Target address contains the address neighbour we are soliciting. Solicit node multicast address is created and assigned for every unicast address assigned to an interface. This address is formed by overlapping the lower 24 bit of interface ID to prefix. ICMP type is 135.
- Neighbor Advertisement – A node sends Neighbor Advertisements in response to Neighbor Solicitations and sends unsolicited Neighbor Advertisements in order to (unreliably) propagate new information quickly. ICMP type is 136.
- Redirect – Routers send Redirect packets to inform a host of a better first-hop node on the path to a destination. Hosts can be redirected to a better first-hop router but can also be informed by a redirect that the destination is in fact a neighbor. The latter is accomplished by setting the ICMP Target address equal to the ICMP Destination Address. ICMP type is 137.
.
Note : Hop limit field for all five types of packet is set to 255 so that it does not flood beyond the link. Also there is no MAC aging instead neighbour sends NA & NS every 30 sec otherwise entry becomes STALE.
Please share your feedback to help write better.
06 Mar 12 IPv6 – Introduction
Hi Folks,
Currently, two types of IP addresses exist: IP Version 4 addresses (IPv4) and IP Version 6 addresses (IPv6). IPv4 addressing, which was in place before IPv6 was adopted, uses 32 bits to represent each IP address. This 32-bit addressing scheme provides up to 2^32 (4,294,967,295) unique host addresses, mathematically speaking. With the ever increasing size of the global Internet, the 32-bit IPv4 addressing scheme has turned out to be insufficient for the foreseeable future, prompting the introduction of the 128-bit IPv6 addressing scheme. Now so since the last slot of IPv4 is officially over it is more important to understand and adapt IPv6. In this post we will see the comparison for IPv4 and IPv6 their similarities and differences. Also we will see different types of IPv4 address and their usage. Following is the header for IPv4 packet format and IPv6 packet. Some of the fields are new and some has been kept same by just renaming them.
Some of the differences and usage of IPv6 packet field is mention as follows-
- Version field is set to a value 6 indicating IPv6 header which is set to 4 in IPv4.
- The Source/Destination address space is 128 bit long.
- No IP Header Length (IHL) field in IPv6.
- No Total length, Flags, Fragment offset fields. Fragment information is included in IPv6 extension header field.
- Flow Label –A sender can identify the flow label for different application and IPv6 enable switches & routers can match those flow label for policing or ACLs.
- Next Header – Same as protocol field in IPv4 used to point out optional IPv6 options. It contains a number indicating upper layer protocol or Extension header protocol. Example : IPv6 over Ethernet uses protocol id 0x86DD whereas in IPv4 it uses 0×800.
- Hop Limit – Same as Time to Live (TTL) field in IPv4.
- Traffic class – Essentially ToS field in IPv4.
IPv6 Address types : IPv6 interface is expected to have multiple address & multiple scope.
- Unicast Address : This is the address assigned to a single interface. There are following types of Unicast addresses.
- Global Aggregate Address – It is like public addresses in IPv4 and routable. Commanly starts with 2. Eg: 2003::/3. Also note 2003::/12 to 2003::/23 is allocated to RIRs. /32 givent to ISPs and a block of /48 is given to the customers.
- Unique Local address – Like Private IP address space in IPv4 and starts with FD00::/8
- Link Local address – It is not a routable address and used to communicate within the same broadcast domain. Can be configured automatically by using the prefix FE80::/10 & the interface identifier in EUI-64 format. Router will never forward packets that have source and destination address set to link-local address.
2. Anycast Address : Multiple interface on different nodes can be assigned same address know as anycast. A packet sent to this interface is delivered to the closest interface as determined by routing protocol. When configuring anycast address on an interface you must manually define with “anycast” keyword in order to advertise anycast networks via routing.
3. Multicast Address : This address is used for a set of interfaces on different nodes. A packet sent to this address is delivered to all interface indentified by the multicast address. Multicast address space in IPv6 starts with FF00::/8 , the second octate defines lifetime and scope.
- Lifetime – Set to 0 (Zero) if Permanent set to 1 if temporary.
- Scope – Values set at the scope indicate the following
|
1 |
Node level Scope |
|
2 |
Link Level Scope |
|
3 |
Subnet Level |
|
4 |
Admin |
|
5 |
Site |
|
8 |
Organisation |
|
E |
Global |
Example : multicast address with link-local scope FF02::/6 is special IPv6 multicast address destined to All DR routers in ospf. Also note in IPv6 broadcast is not implemented and is replaced with multicast.
Note: IPv6 has inbuilt security mechanism for encryption (AH & ESP).
Please share your feedback to help write better.
01 Mar 12 Address Resolution Protocol (ARP)
Hi Folks,
This time we will look at a basic protocol which we deal evryday in our work and is been very helpful in troubleshooting the layer 2 connectivity.
Address Resolution Protocol (ARP) is a predominant protocol for finding a host’s hardware address when only its network layer address is known. This protocol operates below the network layer as a part of the interface between the OSI network and OSI link layer. It is used when IPv4 is used over Ethernet. Lets see the Frame structure of the protocol -
- ARP Packet Format
Hardware type
Each data link layer protocol is assigned a number used in this field. For Ethernet it is 1.
Protocol type
Each protocol is assigned a number used in this field. For example, IPv4 is 0×0800.
Hardware length
Length in bytes of a hardware address. Ethernet addresses are 6 bytes long.
Protocol length
Length in bytes of a logical address. IPv4 addresses are 4 bytes long.
Operation
Specifies the operation the sender is performing: 1 for request, and 2 for reply.
There are actually four types of ARP messages that may be sent by the ARP protocol. These are identified by four values in the “operation” field of an ARP message. The types of message are:
1.ARP request
2.ARP reply
3.RARP request
4.RARP reply
Sender hardware address
Hardware address of the sender.
Sender protocol address
Protocol address of the sender.
Target hardware address
Hardware address of the intended receiver. This field is zero on request.
Target protocol address
Protocol address of the intended receiver.
ARP Function explained
ARP is used in four cases when two hosts are communicating:
1.When two hosts are on the same network and one desires to send a packet to the other
2.When two hosts are on the different networks and must use a gateway or router to reach the other host
3.When a router needs to forward a packet for one host through another router
4.When a router needs to forward a packet from one host to the destination host on the same network
When an ARP response arrives, the receiver inserts a binding into an ARP cache so that it can be used for further packets. The oldest entry is removed if the table is either full or after an entry has not been updated recently. When an ARP request arrives, the receiver checks if it has the senders protocol address in the cache; if so, then the receiver updates the cache entry with the sender’s binding. After a host replies to an ARP request, it adds the sender’s binding to the cache – if a message travels from one host to another, then a reply will often travel back.
To understand this further lets see how an ARP actually works:
ARP works by broadcasting the packet to all hosts attached to an Ethernet network. The packet contains the IP address the sender is interested in communicating with. The target machine, recognizing that the IP address in the packet matches its own, returns an answer. Hosts actually keep a cache of ARP responses
Lets take an example here to study this concept by ARP across subnet:
From the fig above lets say:
- computer A needs to send some data to computer B
- Since host B is not on the same subnet, before sending computer A transmits an ARP request in order to discover the MAC address of port A on the local router. This is done after the A checks its ARP cache and it does not find an entry for the MAC address of port A.
- Once host A knows the MAC address, it transmits an Ethernet frame to the router.
- This router C will send an ARP request out of port B in order to discover the MAC address of computer B.
- Once Computer B replies to this ARP request, the router will strip off the Ethernet frame from the data and create a new one.
· The router replaces the source MAC address (originally host A address) with the MAC address of port B. It will also replace the destination MAC address (originally port A) with the MAC address of host B.The fig 1 shows the Message format used.
The following fig shows the basic strategy and principle used by ARP:
ARP Cache concept :
The ARP cache contains a table containing matched sets of MAC and IP addresses. Each device on the network manages its own ARP cache table. There are two ways in which ARP cache is populated:
- Static ARP Cache Entries: In this type address resolutions are manually added to the cache table for a device and are kept in the cache on a permanent basis.
· Dynamic ARP Cache Entries: These are hardware and IP address pairs that are added to the cache by the software itself as a result of successfully completed past ARP resolutions. They are kept in the cache only for a period of time and are then flushed. After a particular entry times out, it is removed from the cache. The next time that address mapping is needed a fresh resolution is performed to update the cache.
Note: A devices ARP cache can contain both static and dynamic entries.
Different Types of ARP :
Reverse Address Resolution Protocol (RARP) is a complement of the Address Resolution Protocol. It is a network layer protocol used to obtain an IP address for a given MAC address. The primary limitation of RARP is that each MAC address must be configured manually on a centralised server, and that the protocol only conveys an IP address. Its useful for diskless systems.
Proxy ARP a protocol that is used to hide a machine with a public IP on a private network behind a router, and still have the machine appear to be on the public network “in front of” the router. For this example, let’s assume that host A is on a network segment connected to Router A’s interface A, and host B is on a network segment connected to Router A’s interface B. Host A wants to send data directly to host B, but doesn’t have host B’s MAC address. An ARP Request sent to host B from host A will stop at the router as it is a broadcast – but with Proxy ARP, the router A will actually answer the ARP Request with the MAC address of the router interface that received the ARP Request.
In this case, Router A will respond to the ARP Request with the MAC address of it’s own interface A. This is transparent to the host A – when host A sends data to host B, the destination IP address will be that of host B, but the destination MAC address will be that of RouterA’s A interface.
Gratious ARP occurs when a host sends an ARP reply, without even seeing an ARP request, and with a broadcast destination Ethernet address. By broadcasting the gratuitous ARP, all hosts on the LAN will learn an ARP entry.
Gratuitous ARPs are useful for following reasons:
- They can help detect IP conflicts. When a machine receives an ARP request containing a source IP that matches its own, then it knows there is an IP conflict.
- They inform switches of the MAC address of the machine on a given switch port, so that the switch knows that it should transmit packets sent to that MAC address on that switch port.
- Every time an IP interface or link goes up, the driver for that interface will typically send a gratuitous ARP to preload the ARP tables of all other local hosts. Thus, a gratuitous ARP will tell us that that host just has had a link up event, such as a link bounce, a machine just being rebooted or the user/sysadmin on that host just configuring the interface up. If we see multiple gratuitous ARPs from the same host frequently, it can be an indication of bad Ethernet hardware/cabling resulting in frequent link bounces.
Therefore though ARP is a simple resolution protocol its features and use with regards to network is immense.
Please share your feedback to help write better
28 Jan 12 Cisco Performance Routing (PFR)
Cisco Performance Routing (PFR) is a new dimension to the traditional routing. It utilizes advanced path selection and adaptive routing techniques to enable a performance aware network. Traditional routing has its own limitation to cope up with new demanding situations of ISPs and Enterprise. Some of the notable limitations of traditional routing are –
- Traditional routing use static metric to provide “reachability ” information it does not take into account of link utilization information and have no Data plane knowledge
- Network recovery based on neighbor and link failure (Up/Down). No information on performance degradation or marginal performing link.
- Provides destination based prefix reachability only. No traffic class or application awareness
Cisco Performance Routing (PFR) is developed to address above issues and meet the growing demand of Intelligent network from ISPs and Enterprise. Some of the Cisco PFR benefits are –
- Cisco PFR enhances routing in order to select the best path based on measurement and defined policies.
- PFR policy can minimize cost, efficiently distribute traffic load and select the optimum performing path for applications.
- PFR helps enable Intelligent traffic management that can dynamically route around the soft errors in the enterprise WAN or ISPs.
- Cisco PFR make s adaptive routing adjustment based on advanced criteria like Response time, packet loss, jitter, Mean Opinion Score, traffic load and cost policies etc.
Let’s understand the PFR implementation. It is control loop process –
- Learn – learn application on the network.
- Measure – measure application performance.
- Apply Policy – apply performance policy to the measurement.
- Enforce – Re-route to sustain performance.
- Verify – Verify enforcement and performance.
Cisco PFR requires no special hardware it is IOS software feature. PFR has two main components -
- Border Router (BR) – uses IOS embedded technologies. Performs Learn, measure and Enforcement steps of control loop. It sends the response to Master Controller (MC).
- Master Controller (MC) – Controls all operations. Performs apply policy, Verification and reporting steps of control loop. It issues command to BR, contains traffic class, Report measurement and makes policy decision.
Cisco PFR can be implemented actively or passively. Passively it will Monitor and report the event but do not enforce any policy dynamically while in active mode it will enforce the policy dynamically.
Some of the Cisco hardware supporting PFR are 7600, 6500, 1800. 2800, 3800 ISR and 7200 etc.
Please share your feedback to help write better
21 Jan 12 ISIS Single Topology Vs Multiple Topology
Hi Folks,
I am here again with another ISIS discussion. In this section we will see how ISIS Single topology is different from the multi-topology mode and what the triggers are for the multi-topology. ISIS as you know supports routing for both IPv4 and IPv6. There are new TLVs encoded in ISIS to support IPv6 addressing. IPv6 routing can be either Single topology or Multi-topology. Single topology has the following characteristics –
- Shares path calculation with IPv4 routing Table. Only one SPF calculation.
- It requires 1:1 correlation of IPv4 and IPv6 interfaces i.e Ipv4 and IPv6 interfaces should be same.
However enabling multi-topology mode will have following effect
- Independent path calculation from IPv4 routing table. Separate SPF calculation.
- IPv4 and IPv6 configuration are completely different i.e IPv4 & IPv6 interfaces can be asymmetric.
In our scenario, three routers R3, R1 and R2 are connected in a straight line. To start with lets assume that R1 and R2 is configured for ISIS and have neighborship established.Please see the R1 configuration as follows –
hostname R1
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet1/0
description to_R2
ip address 10.1.12.1 255.255.255.0
ip router isis
duplex auto
speed auto
!
router isis
net 49.0123.0000.0000.0001.00
is-type level-2-only
log-adjacency-changes
passive-interface Loopback0
!
end
R1 is neighbor with R2 and accepting routes from R2 i.e. R2’s loopback.
R1#sh isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R2 L2 Fa1/0 10.1.12.2 UP 8 R2.01
R1#sh ip route isis
i L2 10.1.2.0 [115/10] via 10.1.12.2, FastEthernet1/0
Now configure ISIS between R1 and R3 which is going to be a IPv6 neighborship. First enable IPv6 routing support on R1 in global config mode.
R1(conf)# ipv6 unicast-routing
Now configure R1’s interface to R3 with IPv6 addressing also assign an Ipv6 address on loopback 0 interface.
R1#
interface Loopback0
ip address 10.1.1.1 255.255.255.0
ipv6 address 2003::1/128
!
interface FastEthernet1/1
description To_R3
ipv6 address 2003:13::1/64
Now enable ISIS on IPv6 interface by -
R1(conf)# interface FastEthernet1/1
R1(config-if)# ipv6 router isis
!
R1(conf)# interface loopback0
R1(config-if)# ipv6 router isis
As soon as you enable ISIS on IPv6 interface router will start sending the ISIS adjacency update in new IPv6 TLV format which is not understood by R2 and it will bring down the Adjacency between them. Can be checked as -
R1#sh isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R1#sh isis topology
IS-IS IP paths to level-2 routers
System Id Metric Next-Hop Interface SNPA
R1 –
R2 **
This asymmetry between IPv4 and IPv6 interfaces on R1 is leads to trigger the ISIS Multi-topology requirement where we can have separate IPv4 and IPv6 SPF calculation. This is a general migration scenario where you want to migrated edge links to IPv6 and the slowly migrating your interfaces towards the core. Therefore enable ISIS multi-topology on R1 and R3 under router isis process under address-family IPv6 unicast.
R1(config)#router isis
R1(config-router)#address-family ipv6 unicast
R1(config-router-af)#multi-topology ?
transition Accept and generate both IS-IS IPv6 and Multi-topology IPv6 TLVs
<cr>
R1(config-router-af)#multi-topology
%Must enable wide metrics first
Multi-topology uses TLVs supported by Wide metric only therefore change the metric-style to Wide. Configuration will look like-
R1#
router isis
net 49.0123.0000.0000.0001.00
is-type level-2-only
metric-style wide
log-adjacency-changes
passive-interface Loopback0
!
address-family ipv6
multi-topology
exit-address-family
!
Similar Configuration is needed at R3.
hostname R3
!
ipv6 unicast-routing
interface Loopback0
ipv6 address 2003::3/128
!
interface FastEthernet1/0
description To_R1
ipv6 address 2003:13::3/64
ipv6 router isis
!
router isis
net 49.0123.0000.0000.0003.00
is-type level-2-only
metric-style wide
log-adjacency-changes
passive-interface Loopback0
!
address-family ipv6
multi-topology
exit-address-family
!
Now as multitoplogy is enbled on R1 it should have neighborship with both R2 & R3 and should receive routes from them. Can be verified as-
R1#sh ipv6 route isis
I2 2003::3/128 [115/10]
via FE80::C81E:1FFF:FED4:1C, FastEthernet1/1
R1#sh ip route isis
i L2 10.1.2.0 [115/10] via 10.1.12.2, FastEthernet1/0
Looks good R1 has routes from both its IPv4 and IPv6 neighbors on different interface.
Again,
Please share your feedback to help write better
16 Jan 12 Nexus 7K : L4 protocol CAM entry allocation failure
Hi Folks,
Wish you a happy New Year 2012 .. hope we will keep simplifying this year with greater force.
Cisco Nexus 7K in Cisco terms – The Cisco Nexus 7000 Series systems are multiprotocol-capable, high-density, and high-performance switches that incorporate Ethernet/IP, virtualization, Layer 4 to Layer 7 services, and low-latency interconnect (LLI) technologies. And trust me whatever is said is quite. Nexus 7K is very popular choice for Datacenter environment and Cisco has devoted quite a good amount of time researching not only the functionality and capability but to looks too. Anyway the issue I am going to talk about is a real time one and not very threatening but can be a tricky situation while migration if you are not aware of this.
In this discussion we will configure a L4 access-list and apply it on one of the layer 3 interface. L4 access-list can denied/permit all the traffic matching the protocol mentioned in ACL entry, we do not need to mention source or destination.
Lets configure a Vlan for example “Vlan 62” and assign a physical interface to it.
interface Vlan62
no shutdown
description Test
ip address 195.229.249.179/28
!
interface Ethernet1/1
switchport
switchport access vlan 62
!
Now configure a L4 ACL. Say access-list 300
Nexus_7K(config)# ip access-list 300
Nexus_7K (config-acl)# permit ?
<0-255> A protocol number
ahp Authentication header protocol
eigrp Cisco’s EIGRP routing protocol
esp Encapsulation security payload
gre Cisco’s GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Group Management Protocol
ip Any IP protocol
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
pcp Payload compression protocol
pim Protocol independent multicast
tcp Transmission Control Protocol
udp User Datagram Protocol
you see there are several popular L4 protocols are predefined and there is no limitation of how many times you can use this in an acl, L4 protocol CAM entry allocation failure is generally due to the restriction of number of custom L4 protocols you can use in an ACL. Lets configure a ACL using custom protocol entries –
Nexus_7K(config)# sh access-lists 300
IP access list 300
10 permit 52 any any
20 permit 53 any any
30 permit 54 any any
40 permit 55 any any
50 permit 56 any any
60 permit 57 any any
80 permit 59 any any
90 permit 60 any any
100 permit 61 any any
Now check Vlan Interface status and Ethernet interface status associate with the vlan.
Nexus_7# sh int vlan 62
Vlan62 is up, line protocol is up
!
Nexus_7# sh int e1/1
Ethernet1/1 is up
!
Now apply the configure ACL 300 on vlan interface 300
Nexus_7K(config)# int vlan 62
Nexus_7K(config-if)# ip access-group 300 in
ERROR: L4 protocol CAM entry allocation failure
Therefore you can see that interface is rejecting the ACL entry, this nature of Nexus is to make sure that even if someone in operation by mistake tries to apply a L4 acl exceeding resources he should not be successful. Therefore Cisco has taken care of the glitch.
However a switch will accept the ACL when interface is in down state as applying ACL will not invoke resource allocation in this case.
To simulate this lets shutdown vlan and physical interface associated.
Nexus_7K (config-if)# int e1/1
Nexus_7K(config-if)# shut
!
Nexus_7K(config-if)# int vlan 62
Nexus_7K(config-if)# shut
Now apply ACL again, it should accept it this time.
Nexus_7K(config-if)# int vlan 62
Nexus_7K(config-if)# ip access-group 300 in
No error as expected No shut the interface
Nexus_7K (config-if)# int e1/1
Nexus_7K(config-if)# no shut
!
Nexus_7K(config-if)# int vlan 62
Nexus_7K(config-if)# no shut
Lets check the affect it created
Nexus_7K(config)# sh int vlan 62
Vlan62 is down, line protocol is down
!
Nexus_7K(config)# sh int e1/1
Ethernet1/1 is down (Error disabled, aclqos: L4 protocol CAM entry allocation
failure)
You see vlan 62 went down and also Ethernet interface reason for this is given in OUTPUT itself. This will make all the Vlans on the box go into Errdisable state and shut/ no shut of interface will not help either.
To overcome this remove the ACL entry from Vlan interface and shut/no shut the interface.
So does it suggest that L4 acl is not supported in Nexus.. Sounds wired for a such high end box.. answer is no it is.. but in real world we have limited resources and resource allocation should be justified enough to optimize the functionality. Custom L4 filter entries are not very common situation therefore there is limited number of resource allocated to it. To validate this let’s make our L4 acl consist of only a few say 4 entries –
Nexus_7K(config)# sh ip access-lists 300
IP access list 300
10 permit 52 any any
20 permit 53 any any
30 permit 54 any any
40 permit 55 any any
Now unshut the interface and apply the ACL on it.You should not get any error message this time.
Please share your feedback to help write better
19 Dec 11 IPV6: Configuring basic OSPFv3
Hi Folks,
with depleting IPv4 address stack there is a compelling need to adopt IPv6 in your network. So does various protocols are becoming IPv6 compliant and as a result of that we have OSPFv3 enhanced version of the most popular IGP OSPFv2. RFC 2740 details OSPFv3. OSPFv3 share many key concepts including their basic operations, neighbor relationship, area, interface types, virtual links and many more with its predecessor OSPFv2. Apart from these similarities the two protocols are different and some of the notable differences are as follows-
OSPFv3 configured using interface commands – Network command is removed from OSPFv3. To configured an interface to participate in OSPF process use interface subcommand “ipv6 ospf <process_id> area #”. Issue command “ipv6 router ospf #” in global configuration mode to create an ospf routing instance.
OSPFv3 RID must be set - OSPFv3 can automatically set its 32-bit RID based on the configured IPv4 addresses, using the same rules for OSPFv2. However, if no IPv4 addresses are configured, OSPFv3 cannot automatically choose its router ID. You must manually configure the RID before OSPFv3 will start.
Also there are some other differences present that is because of underlying different layer 3 i.e IPv6.
Therefore, let’s get to OSPFv3 basic configuration. Enabling OSPFv3 is very simple once you have identified the desired links participating in ospf process. Configure IPv6 addressing and verify the reachability.
In the following scenario we have routers R1 & R3 working as OSPF routers. Our central Cisco router R2 will emulate ISP`s Frame Relay network. Use Table-1 for your IP addressing & DLCI requirements.
Now Configure R1 and similarly R2 for the frame-relay and IP Addressing using Table-1.
|
Device |
Interface |
IP Address |
DLCI |
OSPF Area |
|
R1 |
S1/0.103 | 2001:ABAD:CAFÉ:123::1/64 |
103 |
Area 0 |
| Loopback 0 | 2001:ABAD:CAFÉ:1001::1/64 | Area 1 | ||
|
R2 |
S1/0.301 | 2001:ABAD:CAFÉ:123::3/64 |
301 |
Area 0 |
| Loopback 0 | 2001:ABAD:CAFÉ:3003::3/64 | Area 1 |
R1 Configuration:
hostname R1
!
no ip domain-lookup
ipv6 unicast-routing * Enable IPv6 unicast routing
!
interface Loopback0
description Loopback0
ipv6 address 2001:ABAD:CAFE:1001::1/64
!
interface Serial1/0
no ip address
encapsulation frame-relay * enabling Frame Relay on an interface
no frame-relay inverse-arp * turn off Inverse-arp
no shutdown
!
interface Serial1/0.103 point-to-point
ipv6 address 2001:ABAD:CAFE:123::1/64
frame-relay interface-dlci 103
!
R2 Configuration:
hostname R2 *same procedure for R2’s interface
!
no ip domain-lookup
ipv6 unicast-routing
!
interface Loopback0
description Loopback0
ipv6 address 2001:ABAD:CAFE:3003::3/64
!
interface Serial1/0
no ip address
encapsulation frame-relay
no frame-relay inverse-arp
no shutdown
!
interface Serial1/0.301 point-to-point
ipv6 address 2001:ABAD:CAFE:123::3/64
frame-relay interface-dlci 301
!
Before we proceed and configure OSPFv3, test the reachability between R1 & R2 across frame-relay link R2. To verify ping the interface connected to R2 from R1 and Vice-versa.
R1#ping 2001:abad:cafe:123::3
Sending 5, 100-byte ICMP Echos to 2001:ABAD:CAFE:123::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/29/36 ms
R3#ping 12001:abad:cafe:123::
Sending 5, 100-byte ICMP Echos to 2001:ABAD:CAFE:123::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/35/48 ms
Now so you are sure of reachability, start configuring OSPFv3 process using following steps and table 1.
Step 1 – Identify the desired links connected to each OSPFv3 router. Use table 1.
Step 2 – Determine the OSPF area design and the area to which each router interface) should belong.
Step 3 – Configure OSPF on the interfaces.
Step 4 – Configure routing process commands, including a router ID on IPv6-only routers.
Step 5 – Verify OSPF configuration, routing tables, and reachability.
OSPFv3 configuration on R1:
R1>enable
R1#configure terminal
R1(config)# ipv6 router ospf 1 *enable OSPFv3 process
R1(config-rtr)# router-id 1.1.1.1 *Set router id
R1(config-rtr)#interface s1/0.103
R1(config-if)# ipv6 ospf 1 area 0 *enable ospfv3 on interface
R1(config-if)#interface loopback0
R1(config-if)# ipv6 ospf 1 area 1 * enable ospfv3 on interface
OSPFv3 configuration on R3:
R3>enable
R3#configure terminal
R3(config)# ipv6 router ospf 1
R3(config-rtr)# router-id 3.3.3.3
R3(config-rtr)#interface s1/0.301
R3(config-if)# ipv6 ospf 1 area 0
R3(config-if)#interface loopback0
R3(config-if)# ipv6 ospf 1 area 3
Check the OSPF neighborship and the route learn via ospf on R1.
R1#sh ipv6 ospf neighbor * Checking OSPF neighbors
Neighbor ID Pri State Dead Time Interface ID Interface
3.3.3.3 1 FULL/ - 00:00:32 12 Serial1/0.103
As expected R1 has neighbor R3 on serial subinterface. Now look for the routes learned-
R1#sh ipv6 route ospf
OI 2001:ABAD:CAFE:3003::3/128 [110/64]
via FE80::C802:2EFF:FE30:0, Serial1/0.103
R3 loopback address is learned at R1 as inter-area ospf route as R3 loopback is in different area i.e area 3. Also R3 loppback is advertised as host route i.e /128 ,ask to change it to advertise as /64 change the network type of loopback interface as point-to-point.
R3#
interface Loopback0
ipv6 ospf network point-to-point
R1#sh ipv6 route ospf
OI 2001:ABAD:CAFE:3003::/64 [110/65]
via FE80::C802:2EFF:FE30:0, Serial1/0.103
Now try to ping R3 loopback learned via ospf; you should be successful.
R1#ping 2001:abad:cafe:3003::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:ABAD:CAFE:3003::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/32/40 ms
Other Useful Commands for verification are –
# Show ipv6 interface brief * display IPv6 interfaces
# show ipv6 ospf 1 * display timer and protocol related info
# show ipv6 ospf 1 database * display prefixes learned and LSA age etc.
#Show ipv6 ospf interface * display interfaces participating in OSPF
24 Nov 11 EIGRP summarization and its caveats
Hi Folks,
EIGRP is Cisco proprietary IGP developed to counter issue posed by earlier IGPs -RIP & IGRP. EIGRP is neither distance vector protocol nor a link-state protocol- it is hybrid of the two protocol.Like a distance vector protocol, EIGRP gets its update from its neighbors. Like a link-state protocol, it keeps topology table of the advertised routes and uses the Diffusing Update Algorithm (DUAL) to select a loop-free path. Unlike a traditional distance vector protocol, EIGRP has fast convergence time and does not send full periodic routing updates. Unlike a link-state protocol, EIGRP does not know what the entire network looks
like; it depends only on its neighbor’s advertisement.
Two types of summarization take place in EIGRP—autosummarization and manual summarization. Auto-summarization is the default behavior for EIGRP, just as it is for RIP and IGRP. Basically, when the router sends out a routing update, it automatically summarizes the route to its natural major network when the route is advertised across a major network boundary.
In our following scenario we will see both auto summarization and a manual summarization by EIGRP router and some deviations from its standard behaviour. We have 3 routers R1, R2 & R3 connected in a straight line. R1 has loopback of 10.1.1.1/24 R2 has loopback 10.1.2.2/24 and the network between them is 10.1.12.0/24. Simillarly R3 has loopback 10.1.3.3/24 and subnet used between R2 & R3 is 10.1.23.0/24. Also to simulate summarzation some more loopbacks are configured on R1 and R2.
R1#
interface Loopback0
ip address 10.1.1.1 255.255.255.0
no clns route-cache
!
interface Loopback10
ip address 20.20.20.20 255.255.255.0
no clns route-cache
!
interface Loopback30
ip address 30.30.30.30 255.255.255.0
no clns route-cache
!
interface GigabitEthernet1/0
description To_R2
ip address 10.1.12.1 255.255.255.0
negotiation auto
no clns route-cache
!
router eigrp 1
network 10.0.0.0
network 20.0.0.0
network 30.0.0.0
no auto-summary
!
Please note we have Auto-Summary disabled on R1.
R2# interface Loopback0
ip address 10.1.2.2 255.255.255.0
no clns route-cache
!
interface Loopback40
ip address 40.40.40.40 255.255.255.0
no clns route-cache
!
interface Loopback50
ip address 50.50.50.50 255.255.255.0
no clns route-cache
!
interface GigabitEthernet1/0
description To_R1
ip address 10.1.12.2 255.255.255.0
negotiation auto
no clns route-cache
!
interface GigabitEthernet2/0
description To_R3
ip address 10.1.23.2 255.255.255.0
negotiation auto
no clns route-cache
!
router eigrp 1
network 10.0.0.0
network 40.40.40.0 0.0.0.255
auto-summary
!
R3#
interface Loopback0
ip address 10.1.3.3 255.255.255.0
no clns route-cache
!
interface GigabitEthernet1/0
description To_R2
ip address 10.1.23.3 255.255.255.0
negotiation auto
no clns route-cache
!
router eigrp 1
network 10.0.0.0
auto-summary
R2 have lo40 and lo50 configured and advertised in eigrp. By default auto-summary is in effect on R2 therefore R2 will try to summarize Lo40 while sending this updates to R3. When R2 summarize a subnet it will same route pointing to Null0 interface and install this in its local routing table as eigrp summary route with AD value 5.
Lets check the routing table entry at R2 and R3 for Lo40.
R2#sh ip route eigrp
C 40.40.40.0/24 is directly connected, Loopback40
D 40.0.0.0/8 is a summary, 00:06:34, Null0
R3#sh ip route eigrp
D 40.0.0.0/8 [90/130816] via 10.1.23.2, 00:04:08, GigabitEthernet1/0
So far so good. Now at R1 lo10 is configured and auto-summary is disabled. lets check the effect of that on R2 the recieving router-
R2#sh ip route eigrp
D 20.20.20.0 [90/130816] via 10.1.12.1, 00:05:26, GigabitEthernet1/0
As expected R1 is not summarizing the routes and R2 is receiving them as it is. Now lets see what happens when R2 advertise these dynamically learned routes (20.20.20.0.24) to his neighbor. Mind it auto-summary is enabled by default on R2. Lets go back and check the routes on R3 as send by R2.
R3#sh ip route eigrp
D 20.20.20.0 [90/131072] via 10.1.23.2, 00:04:08, GigabitEthernet1/0
R3 is receiving 20.20.20.0/24 exact route not a summarize one from R2 though auto-summary is enabled on R2. Why so? Because “auto-summary” in eigrp does not summarize dynamically learned routes as in case on ip prefix 20.20.20.0/24 learned from R1. To summarize this routes we need to do “Manual Summarization“.
Key word to do manual summarization is “ip summary-address eigrp “ under interface config level mode. Again router while summarizing save a copy of summarized route in its local routing table with AD 5 . For summarized routes the metric advetised to neighbor will be smallest metric amongst the routes summarized.
Tips: Dont just rely on auto-summary plan and do manual summarization to get optimum benefit of summarization.
Please share your feedback to help write better
23 Nov 11 OSI Model
Hi Folks,
To begin with network concept it is important to understand the framework used, one of the most popular and widely used framework in networking is Open Systems Interconnection (OSI) model. It is devloped at the International Organization for Standardization. It is a prescription of characterizing and standardizing the functions of a communication system in terms of abstraction layers. Similar communication functions are grouped into logical layers. An instance of a layer provides services to its upper layer instances while receiving services from the layer below.
I would like to Summarise here the different layers of this model and their funtion in following table-
OSI Model
|
Layer |
Encapsulation |
Function |
Services |
Device |
| 7. Application |
Data |
Establishes availabilityof resources | FTP,SMTP,Telnet,POP3 | |
| 6. Presentation |
Data |
Compression, encryptionand decryption | JPEG, GIF,MPEG,ASCII | |
| 5. Session |
Data |
Establishes, maintainsand terminates sessions | NFS, SQL,RPC | |
| 4. Transport |
Segment |
Establishes end-to-endconnection. Uses virtualcircuits, buffering,windowing and flowcontrol | TCP, UDP,SPX | |
| 3. Network |
Packet |
Determines best path for packets to take | RIP, IP, IPX |
Router
|
| 2. Data Link (LLCMAC) |
Frame |
Transports data across aphysical connection.Error detection | FrameRelay, PPP,HDLC |
Switch/Bridge
|
| 1. Physical |
Bits |
Puts data onto the wire | Hub/Repeater/Concentrator/MAU |
7. Application Layer -Provides Services to lower layers. Enables program to program communication and determines if sufficient resources exist for communication. Examples are e-mail gateways (SMTP), TFTP, FTP and SNMP
6. Presentation Layer- Presents information to the Application layer. Compression, data conversion, encryption and standard formatting occur here. Contains data formats JPEG, MPEG, MIDI, TIFF
5. Session Layer – Establishes and maintains communication ‘sessions’ between applications (dialogue control). Sessions can be simplex (one direction only), half-duplex (one direction at a time) or full duplex (both ways simultaneously). Session layer keeps different applications data separate from other applications. Protocols include NFS, SQL,XWindow, RPC, ASP, and NetBios Names.
4. Transport Layer – Responsible for end to end integrity of data transmissions and establishes a logical connection between sending and receiving hosts via‘virtual circuits’. Windowing works at this level to control how much information is transferred before acknowledgement is required. Data is segmented and reassembled at this layer. Port numbers are used to keep track of different conversations crossing the network at the same time. Supports TCP. UDP, SPX, NBP, Segmentation works here (Segments) and error correction (not detection).
3. Network Layer – Routes data from one node to another and determines the best path to take. Routers operate at this level. Network addresses are used here which are used for routing (Packets). Routing tables, subnetting and control of network congestion occur here.Routing protocols regardless of which protocol the run over reside here. RIP, IP, IPX, ARP, IGRP, Appletalk.
2. Data Link Layer – Sometimes referred to as the LAN layer. Responsible for the physical transmission of data from one node to another. Error detection occurs here. Packets are translated into frames here and hardware address is added. Bridges and switches operate at this layer.
Logical Link Control sub layer (LLC) 802.2 : manages communications between devices over a single link on a network. Uses Service Access Points (SAPs) to help lower layers talk to the Network Layer.
Media Access Control (MAC) 802.3 : builds frames from the 1’s and 0’s that the Physical Layer (address = 6-byte/48 bit) picks up from the wire as a digital signal and runs a Cyclic Redundancy Check (CRC) to assure no bits were lost or corrupted.
1. Physical Layer – Puts data onto the wire and takes it off, physical layer specifications such as the connectors, voltage, physical data rates and DTE/DCE interfaces. Some common implementations include Ethernet/IEEE 802.3, Fast Ethernet, and Token Ring/IEEE 802.5.
Please share your feedback to help write better
15 Nov 11 Passive interface behavior in Routing protocols
Hi Folks,
We all have used passive interface before, sometime to restrict the neighborship, some time to save link bandwidth etc. Though passive interface is available in all kind of routing protocol, their behavior differs from one to another. In following discussion we will configure passive interface for RIP (Distance vector Routing), EIGRP (Hybrid Routing Protocol) and OSPF (Link State) respectively and see the effects.
In Following scenario we have R1 and R2 connected by GigE link. R1 has loopback ip 10.10.10.10/32 and R2 has 10.10.10.11/32. Link between them is 10.1.12.0/24.
Lets first configure R1 and R2 for RIP.
R1#
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
interface GigabitEthernet1/0
description To_R2
ip address 10.1.12.1 255.255.255.0
negotiation auto
no clns route-cache
!
router rip
version 2
network 10.0.0.0
R2#
interface Loopback0
ip address 10.10.10.11 255.255.255.255
!
interface GigabitEthernet1/0
description To_R1
ip address 10.1.12.2 255.255.255.0
negotiation auto
no clns route-cache
!
router rip
version 2
network 10.0.0.0
Check the routes exchanged
R1#sh ip route rip
R 10.10.10.11/32 [120/1] via 10.1.12.2, 00:00:09, GigabitEthernet1/0
Now on R1 configure Gi1/0, the interface connecting to R2 as passive. This is done under routing protocol itself.
R1#
router rip
version 2
passive-interface GigabitEthernet1/0
network 10.0.0.0
Now go back and check the routes exchanged on both routers
R1#sh ip route rip
R 10.10.10.11/32 [120/1] via 10.1.12.2, 00:00:09, GigabitEthernet1/0
R2#sh ip route rip
Notice no entries ion R2. R1 is getting routes from R2 though not sending any routes to R2 on passive interface g1/0.
Note: Passive interface in RIP stops that interface to send routing update however Router will keep receiving RIP update on that interface and process the information. Same behavior is applicable in IGRP another distance vector protocol.
Now we look at the passive interface behavior on EIGRP and OSPF routing protocol. First configure EIGRP between R1 & R2 and check the neighborship.
R1#
router eigrp 1
network 10.0.0.0
auto-summary
!
R1#sh ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq Typ e
(sec) (ms) Cnt Num
0 10.1.12.2 Gi1/0 10 00:01:50 1427 5000 0 2
R1#sh ip route eigrp
D 10.10.10.11/32 [90/130816] via 10.1.12.2, 00:02:11, GigabitEthernet1/0
You see that R1 is adjacent to R2 on g1/0 and has exchanged routes. Now declare G1/0 as passive under EIGRP on R1.
R1#
router eigrp 1
network 10.0.0.0
passive-interface GigabitEthernet1/0
auto-summary
!
As soon as you declare Gi1/0 passive you will notice following error and neighborship will go down.
00:17:26: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.12.2 (GigabitEthernet1/0) is down: interface passive
Therefore configuring Passive interface in EIGRP and similarly in OSPF will tear down the neighborship. Thus preventing sending/receiving of any routing update on that interface.
Please share your feedback to help write better
