Alcatel-Lucent Scalable IP Networks Student Guide by Zurgani Alaa

Module 0 â&#x20AC;&#x201D; Introduction

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks

Module Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Module 0 |

Alcatel-Lucent Scalable IP Networks This course is part of the Alcatel-Lucent Service Routing Certification (SRC) Program. For more information on the the SRC program, see www.alcatel-lucent.com/src To locate additional information relating to the topics presented in this manual, refer to the following:

Technical Practices for the specific product

Internet Standards documentation such as protocol standards bodies, RFCs, and IETF drafts

Technical support pages of the Alcatel website located at: http://www.alcatel-lucent.com/support

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Course timeline Course objectives Course prerequisites Course introduction

Module 0 - 2

Alcatel-Lucent Scalable IP Networks — Timeline

Day 2 Module 3 — Ethernet Overview Module 4 — IP Overview & Addressing

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 0 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Day 1 Module 0 — Introduction Module 1 — Internet Overview Module 2 — 7x50 SR/ESS Components and CLI

Module 0 - 3

Alcatel-Lucent Scalable IP Networks — Timeline

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Transport Layer Overview IP Routing Link State Routing Protocols BGP Overview 7750 SR Services Overview

Module 0 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Day 3 Module 5 — Module 6 — Module 7 — Day 4 Module 8 — Module 9 —

Module 0 - 4

Alcatel-Lucent Scalable IP Networks — Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 0 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After successful completion of this course, you should be familiar with: The OSI protocol suite Key functions of the Ethernet protocol Key functions of an IP network The IP address classes, IP subnet masking, and IP supernetting Configuration of IP addresses and subnet masks on router interfaces The concepts of static and dynamic routing The differences between IGP and EGP routing protocols

Module 0 - 5

Alcatel-Lucent Scalable IP Networks — Objectives (continued)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 0 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Understand the differences between a distance vector protocol and a link state protocol Understand the basic operation of RIP Understand the basic operation of OSPF Successfully configure the various IGP protocols Understand the basic operation of BGPv4 Successfully configure BGPv4 Understand TCP and UDP as transport protocols Understand the various services offered by the 7750 SR

Module 0 - 6

Prerequisites and Follow-On

Suggested follow-on courses Based on the material covered in this course, it is recommended that this course be followed with the Alcatel-Lucent IGP course. ASIN exam To ensure full comprehension of the material covered in this course, it is recommended that the student register for and take the Alcatel-Lucent Scalable IP Networks exam following successful completion of this course.

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 0 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Suggested prerequisites There is no prerequisite for this course, however familiarity with binary arithmetic is an asset.

Module 0 - 7

Alcatel-Lucent Scalable IP Networks — Introduction

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 0 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP technology has exploded over the last decade. The technology has now infiltrated every facet of our lives. This 4-day course introduces the layer 2 and layer 3 technology that is used in the networking world.

Module 0 - 8

Alcatel-Lucent Scalable IP Networks — Course Goal

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 0 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Provide the participants with foundation knowledge of IP networking, its applications, and its implementation in an Alcatel-Lucent environment.

Module 0 - 9

Graphical Symbols and Icons

User

Flow or lookup

Physical link (solid black) Control plane

Switch

Table

(dashed red)

Packet (showing detail) 10.1.1.1

Workstation

Customer site 1

Type

IP Data

System or loopback Interface

Customer site 2

Alcatel-Lucent Scalable IP Networks v1.1

These typical graphical symbols are used in this course.

Scalable IP Networks v1.00

Network Cloud

Server

Data plane (dotted blue)

Module 0 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Generic router

Module 0 - 10

Administration

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 0 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Registration Facility information Restrooms Communications Materials Schedule Introductions Name and company Experience Questions

Module 0 - 11

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

www.alcatel-lucent.com

Module 1 â&#x20AC;&#x201D; Internet Overview

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks

Module Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.01

Module 1 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After successful completion of this module, you should be able to: Understand the layering concepts of network protocols Discuss the functions of the different layers of the TCP/IP protocol suite Identify some of the different protocols that operate at the different layers Understand the encapsulation process as data travels across the Internet Compare and contrast the OSI and TCP/IP layering models

Module 1 – page 2

Section 1 â&#x20AC;&#x201D; Reference Model

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

OSI Overview

TCP/IP Protocols

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

Developed in the 1970s by pioneering network engineers Vinton Cerf and Bob Kahn. Intended to provide a common framework to allow the interworking of diverse network hardware and computer systems. TCP/IP was included in early releases of the UNIX operating system. This led to extensive use of TCP/IP at universities and other enterprises that used UNIX. During the 1980s, primarily used by U.S. universities and research institutions. From 1986, the backbone of the Internet was primarily provided by the NSFnet, a government-sponsored network, and was not intended for commercial use. Increasingly adopted by commercial enterprises during the 1990s. On April 30, 1995, the architecture was transitioned from the NSFnet backbone to the use of distributed interconnection or peering points. Provides the underlying technological framework of the Internet today. As of June 30, 2006, it was estimated that there are 1.04 billion Internet users worldwide (http://www.internetworldstats.com/stats.htm).

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Developed in the 1970s by pioneering network engineers Vinton Cerf and Bob Kahn Intended to provide a common framework to allow the interworking of diverse network hardware and computer systems Included in early releases of the UNIX operating system During the 1980s, primarily used by U.S. universities and research institutions During the 1990s, increasingly adopted by commercial enterprises Provides the underlying technological framework of the Internet today

Module 1 – page 4

TCP/IP Layering

Application Services

Transport

Internet Protocol

Network Interfaces

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

The purpose of a network protocol suite is to define the protocols and technologies that support the interconnection of a diverse array of hardware and systems to support the operation of a wide range of applications over the network. Anyone who has used an Internet application such as a web browser or e-mail can appreciate the complexity of the systems required to support these applications. The layering of protocols provides a way to simplify this complex problem by segregating it into a number of smaller functions. Each layer performs a specific function that contributes to the overall functioning of the network. Protocol layers have the following benefits:

Simplify complex procedures into a structure that is easier to understand

Allow vendors to interoperate

Isolate problems from one layer that may be passed to other areas

Allow modular plug-and-play functionality

The TCP/IP protocol suite (or Internet protocol suite) is constructed around four layers of technology. The application layer provides all the services (for example, web browsing and e-mail) available to users of the Internet. The network interfaces layer includes all the hardware that comprises the physical infrastructure of the Internet. The two intermediate layers provide a common set of services that are available to all Internet applications and that operate on all the hardware infrastructure of the Internet.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP Layers

Module 1 – page 5

TCP/IP Layering — Application Layer

Application Services

Application User interface to the network User Applications

Transport

• E-mail • Telnet • FTP

Internet

• WWW

Protocol

Network Interfaces

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

The application layer is the layer for the user. It is important to understand at this point that this layer only describes Network applications. Applications such as word processors and database programs are not considered network applications as they do not require network connectivity and are not part of this layer. The figure above shows examples of network applications. Without network connectivity, these applications would be useless.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP Layers

Module 1 – page 6

TCP/IP Layering — Transport Layer

Application Services

Transport Communication between applications • Reliable data transfer • Flow control

Transport

• Sequencing of data

Internet Protocol

Network Interfaces

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

Transport protocols are the application’s interface to the network. The transport protocol provides a mechanism for an application to communicate with an application residing on another device in the network. In the TCP/IP protocol suite there are two transport protocols: TCP and UDP. TCP is a connection-oriented protocol that provides an ordered and reliable transfer of data over the network. UDP is a connectionless protocol that supports the transfer of a single datagram across the network with no delivery guarantee. UDP is simpler and operates with less overhead than TCP. Most Internet applications use TCP for data transfer because it provides a reliable transfer service. This includes HTTP (web browsing), e-mail, Telnet, and FTP. Some applications, such as DNS and SNMP, use UDP because they only require a simple datagram transfer, while RTP uses UDP to avoid the overhead of TCP and because there is no benefit in retransmitting lost packets for applications that use RTP.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP Layers

Module 1 – page 7

TCP/IP Layering — Internet Protocol Layer

Application Services

Internet Protocol Common services and addressing • Unique network addressing scheme to identify hosts

Transport

Internet

• Routing protocols for path determination • End-to-end forwarding of datagrams

Protocol

Network Interfaces

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

The Internet protocol layer provides a common addressing plan for all hosts on the Internet as well as a simple, unreliable datagram transfer service between these hosts. IP is the common glue that defines the Internet. IP also defines the way a datagram (or packet) is routed to its final destination. In an IP network, the forwarding of packets across the network is handled by routers. IP routers examine the destination address of a datagram and determine which router is the next hop that will provide the best route to the destination (known as hop-by-hop routing). Routers communicate with each other using dynamic routing protocols to exchange information about the networks they are connected to. This allows routers to make forwarding decisions for the datagrams they receive.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP Layers

Module 1 – page 8

TCP/IP Layering — Network Interfaces

Application Services

Network Interfaces Physical transfer of data • Ethernet

Transport

• ATM • Frame Relay • PPP

Internet Protocol

Network Interfaces

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

The network interfaces layer comprises the hardware that supports the physical interconnection of all network devices. The technologies of this layer are often defined as multiple layers themselves. The common attribute of all technologies of this layer is that they are able to forward IP datagrams. There are many different technologies that operate at this layer, some of which are very complex. Some of the protocols commonly used at this layer include ATM, frame relay, PPP, and Ethernet. However, there are many other protocols used; some are open standards and some are proprietary. The diversity of the network interfaces layer demonstrates one of the benefits of protocol layering. As new transmission technologies are developed, it is not necessary to make changes to the upper layers to incorporate these technologies in the network. The only requirement is that the new technology be able to support the forwarding of IP datagrams. This layer is often referred to as “Layer 2” in reference to the data link layer of the OSI reference model (presented later).

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP Layers

Module 1 – page 9

Application Encapsulation

From: glenn@alcatel.com Application

Message Body

To: someone@sympatico.ca

Services

Transport

Internet Protocol

Network Interfaces

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

When a network application wants to communicate with another application across the network, it must first prepare its data in the specific format defined by the protocol to be used by the receiving application. A specific protocol is used so that the receiving application will know how to interpret the data it receives. In the case of a mail message, the message consists of two parts, the message header and the body. The message header contains the sender’s and receiver’s addresses as well as other information such as the urgency of the message and the nature of the message body. The format of the header and the nature of the addresses is defined by the application protocol. In the case of a mail message, the protocol is SMTP. In addition to defining the format of the message, the protocol also specifies how the applications are expected to interact with each other, including the exchange of commands and the expected responses. To accomplish the transfer of the application’s data, the application uses the services of the transport layer.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP Layers

Module 1 – page 10

Transport Encapsulation

From: glenn@alcatel.com Application

Message Body

To: someone@sympatico.ca

Services

Source: Transport

1223

Header

Message Body Body

Destination: 25

Internet Protocol

Network Interfaces

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

The transport layer provides a service to transfer data between applications across a network. There are two transport protocols used on the Internet: TCP and UDP. For exchanging e-mail across the Internet, an e-mail application uses SMTP. SMTP uses TCP to accomplish the transfer. TCP provides a reliable transfer service so that the application does not have to be concerned about whether all data is properly transferred. UDP provides a simple, unreliable datagram delivery service (much like IP). TCP treats all application data as a simple byte stream, including both the message header and the message body. TCP accepts the application’s data and breaks it into segments for transmission across the network as required. To accomplish this reliable transfer, TCP packages the application data with a TCP header. On the receiving end of the connection, TCP removes the TCP header and reconstructs the application data stream exactly as it was received from the application on the sender’s side of the network. The TCP and UDP headers carry source and destination addresses that identify the sending and recipient applications because a single host system may support multiple applications. These addresses are known as port numbers. The TCP units of data are known as segments; UDP data is called a datagram. To transmit its segments of data across the network, TCP uses the services of the IP layer.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP Layers

Module 1 – page 11

IP Encapsulation

From: glenn@alcatel.com Application

Message Body

To: someone@sympatico.ca

Services

Source: Transport

Internet Protocol

1223

Header

Message Body Body

Destination: 25

Source:138.120.191.122

Header

Dest.: 197.199.45.12

Body

Network Interfaces

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

The IP layer provides a common addressing scheme across the network as well as a simple, unreliable datagram forwarding service between nodes in the network. Data from the transport layer is packaged in IP datagrams for transfer over the network. Each datagram travels independently across the network. The intermediate routers forward the datagram on a hop-by-hop basis based on the destination address. Each datagram contains source and destination addresses that identify the end nodes in the network. Every node in an IP network is expected to have a unique IP address. IP uses the services of the underlying network interfaces to accomplish the physical transfer of data.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP Layers

Module 1 – page 12

Data Link Encapsulation

From: glenn@alcatel.com Application

Message Body

To: someone@sympatico.ca

Services

Source: Transport

Internet Protocol

1223

Header

Message Body Body

Destination: 25

Source:138.120.191.122

Header

Dest.: 197.199.45.12

Body

Network Interfaces

DA: 00-D0-F6-A4-26-5C

Hdr

SA: 00-20-60-37-BB-5F

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

Hdr

Body

F C S

The data link layer is the term used to describe the network interfaces used by IP for physically transmitting the data across the network. The units of data transmitted at the data link layer are usually known as frames. IP datagrams must always be encapsulated in some type of data link frame for transmission. A typical data link frame contains a header, usually containing some type of address. The frame also often carries a trailer that contains some type of checksum to verify the integrity of the transmitted data. There are many types of technology used as network interfaces by IP, and they each have their own specific format and rules of operation. The common characteristic is that the technologies are all capable of carrying IP datagrams. Most protocols at this layer also use some type of addressing. The address identifies the two endpoints of a data exchange to the data link protocol. For example, the figure above shows the addressing of an Ethernet frame. Some point-to-point protocols such as PPP may not use addresses if there is only one possible destination for the data.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP Layers

Module 1 – page 13

OSI — A History Lesson

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

The OSI reference model was developed at the end of the 1970s, but the development of actual protocols to support the reference model was slow. By the early 1990s a number of OSI protocols (TP0-4, CLNS, CONS, X.400, and X.500) had been specified and commercial implementations attempted, but the success of TCP/IP and the weaknesses of OSI led to the complete adoption of TCP/IP for internetworking.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Early 1970s — Canepa and Bachman at Honeywell Information Systems worked to develop a mechanism to distribute databases. Late 1970s — ISO and CCITT each developed a standard. 1983 — The ISO and CCITT documents merged into the Basic Reference Model for Open Systems Interconnection. 1984 — The merged document was published by both ISO and CCITT, with CCITT being renamed ITU-T (ISO 7498 and ITU-T X.200). Some OSI protocols (e.g., X.21 and ATM) competed with TCP/IP, but growth of the Internet caused IP to be adapted.

Module 1 – page 14

OSI — Interesting Facts

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

OSI was designed as an open standard to replace the strictly proprietary networking technologies that were in use in the 1970s (SNA was dominant, but many others were also in use). However, TCP/IP applications and implementations grew much more rapidly than OSI and by 2000, OSI was essentially replaced by TCP/IP. The OSI reference model is widely used to describe the layering of network protocols, and much networking terminology derives from the OSI protocol suite. A few remnants of OSI are still in use; for example, LDAP, which is a derivation and simplification of X.500, and IS-IS, which was designed as an OSI routing protocol and was adapted to TCP/IP networks.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Formed the basis of the OSI protocol suite, to create a widely adopted suite of protocols to be used by international networks The 7-layer model created by Bachman and Canepa was the only model submitted to the ISO subcommittee in March 1978 Introduced to compete with IBM’s SNA, due to the company‘s closed architecture

Module 1 – page 15

OSI Model

Application Presentation

Upper Layers

Session Transport Network Lower Layers

Data Link Physical

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

The OSI reference model represents a logical way of organizing how networks talk to each other so that all hardware and software vendors have an agreed-upon framework to develop networking technologies. By providing and using this model, the ISO has accomplished the following:

Simplifies complex procedures into an easy-to-understand structure

Allows vendors to interoperate

Provides the ability to isolate problems from one layer that may be passed to other areas

Allows a modular plug-and-play functionality

Provides an independent layer design

The OSI model is represented by the seven layers depicted in the figure above. These layers may be grouped into two main areas, defined simply as the upper and lower layers. Although a single device (for example, a UNIX workstation) can execute all seven layers, this is not practical in real networks. The amount of traffic that needs to be moved through modern networks requires purpose-built devices that handle various layer functions. Two such examples are bridges, which are purpose-built for layer 2 operation, and routers, which are purpose-built for layer 3 operation.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

OSI

Module 1 – page 16

TCP/IP Suite vs. OSI TCP/IP Suite

Application Application

Presentation

Services

Session Transport

Transport

Internet

Network

Protocol

Data Link

Network Interfaces

Physical

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

The TCP/IP suite differs from the OSI model in that the TCP/IP suite uses four protocol layers and the OSI model uses seven layers. The figure above roughly shows the protocol layer relationship between the two models. Network Interfaces — This layer is used to define the interface between hosts and contains the functionality of both the physical and data link layers of the OSI model. Protocols such as Ethernet describe both the framing of data (layer 2) and the physical transmission of the frame over the media (layer 1). This layer is often referred to as layer 2 or L2 because it provides OSI layer 2-type services to the IP layer. Internet Protocol — The IP layer provides a universal and consistent forwarding service across a TCP/IP network. IP provides services comparable to the OSI network layer and is sometimes referred to as a layer 3 (or L3) protocol. The OSI protocol CLNP corresponds most closely to IP. Transport — The transport layer comprises two main protocols, TCP and UDP. These transport protocols provide similar services to the OSI transport protocols. TCP is very similar to the OSI transport protocol, TP4. TCP and UDP may be referred to as layer 4 protocols. Application Services — The application services provide end-user access to the Internet. Any of the services of the upper three OSI protocols that are required are incorporated into the application protocols. There are a number of Internet protocols that provide services similar to these OSI layers, although they do not follow the layering or service definitions of OSI. For example, TLS provides session-like services to Internet applications and MIME provides presentation-like services to SMTP and HTTP. Application layer protocols are sometimes referred to as layer 7 protocols.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

OSI

Module 1 – page 17

Section 2 â&#x20AC;&#x201D; Network Devices

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

OSI Overview

Network Devices — Examples

Router

Repeater Hub

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

The figure above shows some different network devices. The major difference between them is the OSI layer that each of the devices operates at. L1 Physical Layer — With regard to the figure above, the repeater and the hub are considered to be layer 1 devices. These devices normally have no intelligence. The devices simply take whatever traffic comes in and send it out with no decision-making. L2 Data Link Layer — In the figure above, the switch is the layer 2 device. The switch makes intelligent forwarding decisions based on the data link address, whether it be a MAC address, VPI/VCI, or DLCI. An Ethernet switch also dynamically learns the MAC addresses of the hosts in its LAN. Data on a switch is divided into collision domains (a port on a switch represents a single collision domain). However, the switch and all its ports reside in one broadcast domain. L3 Network Layer — The most common layer 3 device is a router. The router makes intelligent forwarding decisions based on the network layer address. As in a switch, each port on a router is a single collision domain. However, each port on a router is also a single broadcast domain. Therefore, traffic crossing from one broadcast domain to another broadcast domain must go through a router.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Switch

Module 1 – page 19

Layer 1 Devices

Repeater Hub

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.01

Module 1 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A repeater retransmits the Ethernet signal down a wire and amplifies it to be used again. The repeater extends the reach of Ethernet in a LAN. A hub works exactly like a repeater, with the exception that it functions less as a distance extender and more like a port concentrator of several hosts in one physical area.

Module 1 – page 20

Layer 1 Devices — Repeater

Connects network segments Retimes and regenerates signals to proper amplitudes Disadvantage — propagation delay due to broadcasting Disadvantage — physical limit to the number of repeaters used

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.01

Module 1 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Repeater

Module 1 – page 21

Layer 1 Devices — Hub

A single Ethernet segment device that can operate at 10/100/1000 Mb Can act as a repeater Disadvantage — Same as repeater Used in small home networks or isolated segments in larger networks

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.01

Module 1 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Hub

Module 1 – page 22

Bridging and Bridges Bridging is a layer 2 (L2) concept. Bridging is primarily associated with Ethernet. A bridge (or switch) operates at L2 of the OSI model. A bridge is an intelligent device that does an L2 address lookup. Application Presentation

L2 Network Device

Session

OSI Model

Transport Network Data Link

Bridge Physical

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.01

Bridge

Module 1 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 1 – page 23

Switches

Switch

A switch is a multiple Ethernet segment device that can have dedicated 10/100/1000 Mb ports. Traffic in isolated segments is “switched” via a high-speed, bandwidth-dedicated backplane called a “fabric”. The majority of modern switches function in store/forward.

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

A store/forward switch requires the whole Ethernet frame (packet) to be received before it can be forwarded. Although this may suggest higher network latencies due to larger frame sizes, high-speed switching hardware and interfaces mean that this is usually not a problem.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

L2 Network Device

Module 1 – page 24

L3 Devices — Routers

A router, unlike a bridge, operates up to L3 of the OSI model. A router connects two different network segments.

L3 Network Device Application Presentation

OSI Model

Network

Physical

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.01

•

Examine the IP header of the incoming packet for the destination IP address

•

Look up this address in its routing table

•

Determine the best path to the destination IP address

•

Determine the egress interface for the above path

•

Forward the data out of this egress interface

Transport

Data Link

Router

Basic router functions:

Session

Router

Module 1 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Routing

Module 1 – page 25

L2 Encapsulations

TCP/UDP

DATA

DATA TCP/UDP

TCP/UDP

Ethernet

ETHERNET

DATA

POS

TCP/UDP

PPP

ETHERNET

4 3

PPP

5 6

DATA

DATA TCP/UDP

TCP/UDP

Ethernet/ ATM

ATM

ETHERNET

DATA

TCP/UDP

IP ETHERNET

Alcatel-Lucent Scalable IP Networks v1.1

Module 1 |

Encapsulated data enters the ingress Ethernet switch on the top left via Ethernet interface 1 and leaves the switch via interface 2. Because both the ingress and egress interfaces for the Ethernet switch are Ethernet line cards, the Ethernet switch simply transmits the Ethernet frame, unchanged, out the egress interface. The data frame is still referred to as an Ethernet frame or layer 2 frame. When the L2 frame reaches the router at interface 3, the router strips off the Ethernet header, looks into the next encapsulation, which is the IP header, and forwards the frame based on the IP header only via interface 4. Basic router functions: 1. Examine the IP header of the incoming packet for the destination IP address. 2. Look up this address in its routing tables. 3. Determine the best path described in the routing table for the destination IP address. 4. Determine the egress interface for the above path. 5. Forward the data out of this egress interface. Assuming that the next router decides to forward this data packet out of interface 6 because this interface is connected to a PPP-based L2 switch, egress interface 6 of the router encapsulates the IP frame with a PPP header and sends the data to the PPP device. If the router decides to forward the data packet via interface 7, to the next router and then out to interface 8, the egress interface at 8 would add an ATM header to the IP frame because it is connected to ATM interface 9 on the Ethernet/ATM switch. Note: Although only the IP header is relevant during the routing of the data packet, the data packet is encapsulated at router interfaces 4, 5, and 7 by the appropriate L2 headers.

Scalable IP Networks v1.01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

DATA

Module 1 – page 26

Module Summary

y Application Services y Transport y Internet Protocol y Network Interfaces

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.01

Module 1 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP and OSI protocol suites provides a common framework to allow the interworking of diverse network hardware and computer systems TCP/IP protocol suite has 4 layers:

Module 1 – page 27

Module Summary (cont’d)

y Application y Presentation y Session y Transport y Network y Data Link y Physical

Routers are layer 3 devices, switches are layer 2 devices and hubs & repeaters are layer 1 devices At each layer of the TCP/IP or OSI suite data is encapsulated in the appropriate format

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.01

Module 1 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

OSI protocol suite has 7 layers:

Module 1 – page 28

Learning Assessment

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.01

Module 1 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1. Which of the following applications fall under the application layer of the OSI model? (Select all that apply) A. MS Word B. Telnet C. Notepad D. FTP 2. Which layer is responsible for providing reliable communications? A. Session B. Application C. Physical D. Transport E. Network F. Data link G. Presentation

Module 1 – page 29

Learning Assessment (continued)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.01

Module 1 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

3. Which of the following devices operate at the physical layer? (Select all that apply) A. Router B. Repeater C. Hub D. Switch 4. Which of the following are layer 2 encapsulations? (select all that apply) A. ATM B. PPP C. IP D. Ethernet

Module 1 – page 30

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

www.alcatel-lucent.com

Module 2 â&#x20AC;&#x201D;7x50 SR/ESS Components and CLI

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks

Module Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After successful completion of this module, you should be able to: Understand the hierarchical structure of the 7x50 CLI Understand basic CLI commands Understand the concepts of configuring the hardware of the 7x50 product line Understand the physical access options of the 7x50 Understand basic system configuration Understand the purpose of the BOF

Module 2 – page 2

Section 1 â&#x20AC;&#x201D; Hardware Configuration

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

7x50 SR/ESS Components and CLI

Alcatel 7450 Ethernet Service Switch Group

Slot

ESS-1 Integrated switch fabric/control, IOM, and power 20 Gb/s full duplex system capacity Two 10 Gb/s MDAs Over-subscription of some MDAs available Power redundancy

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

1 2 3 4 5 A B

ESS-7

7 Slots (5 IOM, 2 SF/CPM) 100 Gb/s full duplex system capacity 200 Gb/s switch fabric/ control Fabric/control redundancy Five 20 Gb/s IOMs Ten 10 Gb/s MDAs Over-subscription of some MDAs available Power redundancy Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

MDA 1

Module 2 – page 4

Alcatel 7450 Ethernet Service Switch Group

6 Slots (4 IOM, 2 SF/CPM) 80 Gb/s full duplex system capacity 80 Gb/s switch fabric/ control Fabric/control redundancy 4 10/20 Gb/s IOMs Over-subscription of some MDAs available Power redundancy

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

ESS 12 10 Slots (10 IOM, 2 SF/CPM) 400 Gb/s full duplex system capacity 400 Gb/s switch fabric/ control Fabric/control redundancy Ten 20/40 Gb/s IOMs Over-subscription of some MDAs available Power redundancy

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

ESS 6

Module 2 – page 5

Alcatel 7750 Service Router Family MDA 1

Slot 1 2 3 4 5 A B

1 MDA 2

SR-7 SR-12 MDA 1

A 1 Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

SR-1

• Three chassis options – 1, 7, and 12 slots • Carrier-class reliability combined with high density in a small footprint • System capacities scalable from 20 Gb/s to 200 Gb/s • Modular design for the SR-7 and SR-12– removable IOM, SF/CPM, and MDAs • Common operating system Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Slot 1 2 3 4 5 A B 6 7 8 9 10

Module 2 – page 6

Alcatel 7750 SR SF/CPM Cards

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Redundant SF/CPMs supported on SR7 and SR12

Module 2 – page 7

Alcatel 7750 SR IOM, MDAs, and SFPs

Small Form-Factor Pluggable (SFP) optics

2 MDAs per IOM IOMs and MDAs are hot-swappable

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

IOM - Input/Output Module IOMs are hot-swappable modules responsible for connecting to standard physical interfaces. It contains two 10Gbps traffic-processing programmable fast path complexes. Each complex supports a pluggable Media Dependent Adapter (MDA) that allows a common programmable fast path to support all of the possible interface types. The IOM also contains a CPU section for managing the forwarding hardware in each flexible fast path. MDA - Media Dependent Adapters MDAs provide one or more physical interfaces, such as Ethernet, ATM or SONET/SDH. MDAs pass incoming packets to the IOM for processing, and transmits outgoing packets out the appropriate physical interface in the correct format. SFP – Small Form Factor Pluggable interfaces SFPs transceivers are small optical modules available in a variety of formats.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

10 IOMs per SR-12 5 IOMs per SR-7

Module 2 – page 8

Alcatel 7x50 Service Router System Components

Flexible Fast Path Complex

Media Dependent Adapter (MDA)

Flexible Fast Path Complex

SF/CPM Module Switch Fabric Control Plane

CPU CPU

I/O Module

Control Plane Media Dependent Adapter (MDA)

Flexible Fast Path Complex

Media Dependent Adapter (MDA)

Flexible Fast Path Complex

FFPC CPU

CPU Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

Data plane operation Data coming in from the remote network/customer site, ingresses through the Media dependent adapters, where the data is formatted (internal format). The data is then processed in the I/O module where the decision to switch happens (L2/L3 Forwarding information lookup) and the data packets are sent to the switch fabric. The switch fabric then forwards the data to the appropriate IOM from where its sent to the appropriate MDA. The data plane operation happens after the control plane has built the forwarding information and stored them in the IOM. Control plane operation Control messages ingress the 7x50 in a manner similar to the data packets, except they are processed further by the control plane.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Media Dependent Adapter (MDA)

Module 2 – page 9

Comparisons between the 7450 ESS and 7750 SR

7450 Ethernet Service Switch

7750 Service Router

Purpose

Primarily designed to support Ethernet aggregation services

Support Ethernet, ATM, Frame relay and VPRN services

Platforms

ESS-1, ESS-6, ESS-7 and ESS-12

SR-1, SR-7, SR-12

Redundancy Pwr/Control

ESS-6,7 and ESS-12

SR-7 and SR-12

MDA

Ethernet, POS

All Ethernet, ATM, POS, DS3/OC3 channelized

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Type

Module 2 – page 10

Section 2 â&#x20AC;&#x201D; CLI Commands

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

7x50 SR/ESS Components and CLI

Command Line Interface

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

The Alcatel 7750 SR CLI is a command-driven interface accessible through the console, Telnet and SSH. The CLI can be used for the configuration and management of 7750 SR routers. The 7750 SR CLI command tree is a hierarchical inverted tree. At the highest level is root. Below root are other levels with the major command groups; for example, configuration commands and show commands are levels below root. To move up in the hierarchy, enter the command node name (sometimes a parameter must be provided). Navigate down the tree by typing the name of the successively lower contexts. For example, typing ‘configure’ or ‘show’ at the root level navigates down to the ‘configure’ or ‘show’ context, respectively. Global commands, such as back, exit, info, and tree, can be entered at any level in the CLI hierarchy. Sometimes the context can be specified in a specific context with a single keyword, such as: SR>config# router SR>config>router# Sometimes a keyword and a user-supplied identifier are required: SR>config>router# interface system SR>config>router>if# Viewing the CLI Tree Structure You can view the hierarchical CLI command structure below your current position with the tree and tree detail commands. Displaying Configuration Contexts Use the info and info detail commands to display information about the current context level. info

displays non-default information

info detail

displays all configuration information, including defaults

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel’s 7750 SR CLI is a command-driven interface accessible through the console, Telnet and SSH. The CLI is used for configuration and management of 7750 SR routers. The CLI command structure is a hierarchical inverted tree. The highest level is root. Navigation down the hierarchy tree is performed by typing the names of submenus. Global commands can be used anywhere in the hierarchy.

Module 2 – page 12

CLI Command Prompt

SR1>config>router>ospf# Host name SR1

Context separator

Example of creating a new router interface: SR1>config# router interface Toronto SR1>config>router>if$ address 131.131.131.1/30 At the end of the prompt, there is either a pound symbol (#) or a dollar symbol ($). A # symbol at the end of the prompt indicates that the context is an existing context. A $ symbol at the end of the prompt indicates that the context has been newly created. Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Example of configuring OSPF:

Module 2 – page 13

Command Completion

1. Abbreviation, if the keystrokes entered are unique. SR1>config>router>os [ENTER] SR1>config>router>ospf# 2. Tab Key or Space Key to automatically complete the command. SR1>config>router>os [TAB] SR1>config>router>ospf SR1>config>router>os [SPACEBAR] SR1>config>router>ospf If a match is not unique, the CLI displays possible matches: SR1>config# ro [TAB] router router-ipv6 SR1>config# router Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

The system maintains a history of previously entered commands. The history command displays the previous 30 commands entered.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Command completion can be achieved by:

Module 2 – page 14

CLI Navigation

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

When you enter a CLI command, you move from one command level to another. When you start a CLI session, you begin in the root context. Navigate to another level by entering the name of successively lower contexts. For example, enter either the configure or show commands at the root level to navigate to the config or show context, respectively. Other navigation methods include:

Move down the hierarchy by entering the level; for example, config.

Move up one level in the hierarchy by entering the keyword back.

Move several levels down in the hierarchy by entering multiple contexts separated by spaces. For example: #config router ospf

See Console Control Commands below for explanations of exit, exit all and <Ctrl-z>. Some contexts are specified with a single keyword, such as router, and others require a keyword and a user-supplied identifier such as interface interface-name. Console Control Commands Console control commands are used for navigating in a CLI session and for displaying information about a console session. Many of these commands are global commands, which means they can be executed at any level of the CLI hierarchy. The following are some of the more commonly used global commands (see the next page for additional commands): <Ctrl-c>

Aborts the pending command

<Ctrl-z>

Terminates the pending command line and returns to the root context — This is a special keyboard sequence that acts like pressing the <Enter> key and entering exit all to return the user to the root context.

back

Navigates the user to the parent context

echo

Echoes the text that is typed (primary use is to display messages within an exec file)

exec

Executes the contents of a text file as if they were CLI commands entered at the console

exit

Returns the user to the previous higher context

exit all

Returns (moves up) the user to the root context

help

Displays a brief description of the help system

Lists all commands in the current context

history

Displays a list of the most recently entered commands (like history in UNIX shell environments)

info

Displays the running configuration for a configuration context

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Console Control Commands Console control commands are used for navigating a CLI session and displaying information about a console session. The following is a list of some of the more commonly used global commands (see next page for additional commands): <Ctrl-c> Aborts the pending command <Ctrl-z> Terminates the pending command line and returns to the root context echo Echoes the text that is typed (primary use is to display messages in an exec file)

Module 2 – page 15

CLI Navigation (continued)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

back Brings you back one context exit all Brings you back to the root level up/down arrow Lists previous command(s) to be repeated tree Shows available commands from context

Module 2 – page 16

CLI Navigation (continued)

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

The shutdown command does not change, reset, or remove any configuration settings or statistics. Many objects must be shut down before they can be deleted. A shutdown is saved in the configuration file. All ports are shut down by default when the system is first powered on.

To restore the settings after issuing a no command, you must reconfigure the router, reboot from a configuration file that has the correct configuration, or do an exec command on a configuration file that contains the correct settings. You can use an exec command to process a configuration file and restore the configuration stored in the file.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

The shutdown command can be used to disable protocols and interfaces. The no form of any command may have one of two results: The removal from the configuration (i.e., no ospf). Reset to default settings (i.e., config>ospf>area>interface>no hello-interval)

Module 2 – page 17

CLI Global Commands

password ping pwc sleep ssh telnet traceroute tree write

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Info logout oam

provides info on the configuration Terminates the CLI session OAM test suite (see the Service OAM section of the 7750 SR OS Services Guide) Changes the user CLI login password Note: Not a global command; must be entered at the root level. Verifies the reachability of a remote host Displays the present or previous working context of the CLI session Causes the console session to pause operation (sleep) for 1 second or for the specified number of seconds (primary use is to introduce a pause during the execution of an exec file) Opens a secure shell connection to a host Telnet to a host Determines the route to a destination address Displays a list of all commands at the current level and all sublevels Sends a console message to a specific user or to all users with active console sessions

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

Refer to the 7750 SR OS System Guide for detailed information about CLI commands and navigation. Scalable IP Networks v1.00

Module 2 – page 18

CLI Environment Commands

Enables the substitution of a command line by an alias

create

Enables the create parameter check

Configures whether CLI output should be displayed 1 screen at a time, awaiting user input to continue

reduced-prompt

Configures the number of higher-level CLI context levels to display in the CLI prompt

terminal

Configures the terminal screen length for the current CLI session

time-display

Specifies whether time should be displayed in local or UTC format

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

alias

CLI environment commands are used to customize session preferences for a single CLI session.

Refer to the 7750 SR OS System Guide for detailed information about CLI commands and navigation. Scalable IP Networks v1.00

Module 2 – page 19

Finding Help Displays a brief description of the help system

Lists all commands in the current context

string ?

Lists all commands available in the current context that start with string

command ?

Displays the command’s syntax and associated keywords

command keyword ?

Lists the associated arguments for keyword in command

string <Tab> string <Space>

Completes a partial command name (auto-completion) or lists available commands that match string

Help Edit

Displays help on editing (editing keystrokes) Lists the available editing keystrokes

Help Globals

Displays help on global commands Lists the available global commands

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

The tree and tree detail system commands are help commands that are useful when you search for a command in a lower-level context.

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Help

Refer to the 7750 SR OS System Guide for detailed information about CLI commands and navigation. Scalable IP Networks v1.00

Module 2 – page 20

File System CLI Context

Root File

Alcatel-Lucent Scalable IP Networks v1.1

Attrib Cd Copy Delete Dir Md Move Rd Scp Type Version Module 2 |

Delete

Deletes the specified file. The optional wildcard (*) can be used to delete multiple files that share a common (partial) prefix and/or (partial) suffix.

move

Moves a local file, system file, or a directory. If the target already exists, the command fails and an error message displays.

scp

Copies a file from the local files system to a remote host on the network. scp uses ssh for the data transfer, and uses the same authentication and provides the same security as ssh.

type

Display the contents of a text file.

version

Displays the version of a 7750 SR OS cpm.tim or iom.tim file.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

File system is DOS based and is used to store software image, configuration files and event logs File commands can be used to create, copy, move, remove files and directories

Module 2 – page 21

Section 3 â&#x20AC;&#x201D; Boot Process

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

7x50 SR/ESS Components and CLI

Basic Boot Up components

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

Basic Operating System The 7750 SR does not use a BOOT PROM to start the system; instead, it uses a Boot Option File (BOF). Each new system is shipped with a Compact Flash (CF) card that contains the files required to start a 7750 SR system. The system files are stored on CF3 and that is where the system looks for the files when initializing. The CF3 card contains the following directories and files located off of the root directory: Boot.ldr This file contains the system bootstrap image. Bof.cfg The Bof.cfg file is user configurable and contains information such as: Management port IP address Location of the image files (primary, secondary, and tertiary) Location of the configuration files (primary, secondary, and tertiary) TiMOS-m.n.Y.z This is a directory this is named according to the major and minor software release, type of release and version. For example, if the software release is Version 1.2 of a released software version the name would be: TiMOS 1.2.R.0 On an SR7, and SR12 this directory contains two files, cpm.tim and iom.tim, for the SF/CPM and IOM cards respectively. Since the SR-1 has an integrated fabric/control and I/O, there is only one file, named both.tim. Config.cfg This file contains the default configuration file. The default configuration file is very basic and provides just enough information to make the system operational. You can create other configuration files and point the system to them using the bof.cfg file.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Uses a Boot Option File (BOF) to start the system Stored in the compact flash CF3 Other components required for startup Boot loader BOF configuration file TiMOS-m.n.Y.Z software image file Default config file

Module 2 – page 23

Software Release Media

boot.ldr

bof.cfg

config.cfg

TiMOS-m.n.Y.z cpm.tim

Bootstrap Image

Boot Option File m n Y

z Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Default Configuration File

CPM Image File

iom.tim IOM Image File

Major release number Minor release number A Alpha Release B Beta Release M Maintenance Release R Released Software I Internal Engineering and Test Release Version number. Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Root

Module 2 – page 24

System Initialization

Initialize Hardware

Startup Failed

Get config (3 possible locations)

N Y Load & Execute boot strap loader (cf3:\boot.ldr)

Process boot option file (cf3:\bof.cfg)

Image OK ?

Get runtime image (3 possible locations)

User intervention point:

Need Persistence ? Y Process persistence and Configuration files

SNMP shutdown Issue Trap (if possible) Issue Log entry Issue Console msg

Persistence File Processed OK

Wait required

N Process Config File

Boot with Defaults SNMP shutdown Issue Trap Issue Log entry Issue Console msg

Config found ?

Y Config File Processed OK

User activity detected

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

The configuration file includes chassis, IOM, MDA, and port configurations, as well as system, routing and service configurations. Persistence You can configure the BOF to turn persistence On or Off (default is Off). Persistence is required if the 7450 is managed by the 5620 SAM network manager. When persistence is turned on the 7450 SR creates an index file with the same file prefix name as the current configuration file. The index file contains variable index information (i.e. interface indexes, LSP ids, path ids, etc.). The index file is built dynamically by the 7450 operating system and does not contain configuration information entered by users. The index file is saved whenever the system configuration file is saved. The index file ensures that the 5620 SAM has the same index data as the 7450 ESS node after a system reboot. If a 7450 reboots and the indexes stored on the SAM do not match the node indexes, a complete re-synchronization between the node and the SAM takes place automatically. This can be a very time consuming and processor intensive operation. If a node reboots with persistence turned on, it must locate the persistence index file and successfully process it before processing the system configuration file. If the index file cannot be processed for some reason, the system performs an SNMP shutdown (Get and Set functionality is disabled), however traps will continue to be issued. The system issues traps, log messages, and console messages to advise the user. It requires a no shutdown SNMP to reactivate full SNMP functionality.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

START

Module 2 – page 25

Boot Options File

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Stores parameters that specify the location of the image filename that the router will try to boot from and the configuration file that the router uses to configure the applications and interfaces The most basic BOF configuration should have the following: Primary address Primary image location Primary configuration location

Module 2 – page 26

BOF Parameters

Alcatel 7750 SR uses the BOF file to perform the following tasks: 1) 2) 3) 4) 5) 6) 7) 8)

Set up the CPM Ethernet port (speed, duplex, auto) Create an IP address for the CPM Ethernet port Create a Static route for the CPM Ethernet port Set the console port speed. Configure the DNS Domain name Configure Primary, Secondary, Tertiary configuration source Configure Primary, Secondary, Tertiary image source Configure persistence requirements

Always be sure to save the BOF!

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

Parameters that are configured in the BOF are shown in the chart above. Configuration of the BOF is done in the BOF CLI context. Sample BOF file commands: SR-1# buff cf3 or create a buff file on media cf3

# Change

SR-1>buff# address 10.10.10.2/24 primary address (must be entered from console)

# Change or create the CPM Ethernet Port IP

SR-1>buff# speed 100 CPM Ethernet Port speed to 100 Mbps. SR-1>bof# primary-image cf3:/TIMOS.1.0.R0

# Set the # Set the primary image directory

SR-1>bof# primary-config cf3:/test.cfg test.cfg SR-1>bof# save bof

# Saves the

Show Commands: SR-1>show bof

Scalable IP Networks v1.00

# Set the primary configuration file to be

Displays the in-memory bof file (last used)

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Boot Option File

Module 2 – page 27

Show BOF

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

The slide above shows the information that is contained in the boot options file. The primary image location is one of the most important items in the BOF. If the router cannot find an image, it will remain in the boot cycle forever. In this example, the primary configuration is located in CF1. Therefore, when the router reboots, it goes to CF1, gets the configuration that is specified in the BOF, and loads the router with that configuration. In addition, after the primary configuration location has been defined, every time the operator inputs the command admin save, the current configuration is saved to the primary configuration file. The address that is referred to in the slide above is the address of the management port on the CPM. Notice the console speed; this is the default speed of the RS-232 port on the CPM. This speed can be changed here in the BOF. Setting the CPM Ethernet Port Address Use the following command to assign an IP address to the active CPM in the running configuration and the BOF or the standby CPM for systems that use redundant CPMs. SR1# bof ↵ SR1>bof# address <xxx.xxx.xxx.xxx/xx> ↵ (or e.g.,SR7>bof# address <xxx.xxx.xxx.xxx/xx> <active |standby>↵) SR1# show bof ↵

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:sr1a# show bof =============================================================================== BOF (Memory) =============================================================================== primary-image cf3:\4.0.R9 primary-config cf3:\test\test_sr1a.cfg address 138.120.199.60/24 active autonegotiate duplex full speed 100 wait 3 persist on console-speed 115200 ===============================================================================

Module 2 – page 28

Compact Flash

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Each Control/Switch processor on a 7x50 product can have 3 compact flashes, cf1:, cf2:, cf3: Flash size can be 256M, 512M, 1G and 2G By default the system startup looks for the boot.ldr file in cf3 cf3 can store the runtime image, the running configuration Requires a shutdown of the compact flash before removing it Compact flash 1 and 2 can be used to store debug/accounting logs

Module 2 – page 29

Section 4 â&#x20AC;&#x201D; Basic Router Configuration

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

7x50 SR/ESS Components and CLI

Physical Access

CPM Console Port

In-band

OOB-CPM Management Ethernet Port

CustomerFacing Access Ports & Network Ports are located on MDAs

SR-1 Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

The 7750 SR can be accessed in three ways: In-band ports — These are access ports and network ports on MDAs. Console port — A DB-9 serial port; this port is enabled by default. The default settings are: Baud Rate: 115,200 Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None CPM Ethernet port — A 10/100 Ethernet management port.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

SF/CPM (Switch Fabric/Control Processor Module) Card Common to the SR-7 and 12

Module 2 – page 31

Initial System SETUP

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

The following steps are typically used to configure a system from start up Login to the SR/ESS using console input Configure System name and changing admin user password Configure CPM Ethernet management IP address Configure additional BOF parameters Configure IOM cards Configure MDA cards View Alarms Configure system address Configure Logs if required View entire running config

Module 2 – page 33

Initial System SETUP (cont’d)

Change admin user password

>config>system# name SR-1 SR-1# password Enter current password: Enter new password: Re-enter new password:

Configure the CPM Ethernet port IP address

SR-1# bof SR-1>bof># address 10.1.1.1/32

SR-1>bof# save SR-1>bof# exit

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

Basic System Management Configuration Some basic configuration on the 7750 SR is required before putting it into service: System name Change admin password CPM Ethernet management port IP address Configure IOMs, MDAs, and ports System Name The system name can be any ASCII printable string of up to 32 characters. The system name is configured in the config CLI context. If the name contains spaces, it must be enclosed in double quotes to delimit the start and end of the name. The system name becomes part of the CLI prompt. Passwords The default login and password is admin. This password should be changed before your router is put into service. The system automatically creates at least one admin user (the default) and must retain at least one admin user unless you are using an external protocol such as RADIUS or TACACS+ to provide authentication. You can configure the following password parameters: Aging — The maximum number of days (1 to 500) that a password remains valid before the user must change it. The default is no aging enforced. Attempts — The number of unsuccessful login attempts allowed in a specified time period. If the configured threshold is exceeded, the user is locked out for a specified time. Count: 4 Time (minutes): 10 Lockout (minutes): 10 In the example above, a user is locked out for 10 minutes if 4 unsuccessful login attempts in occur in a 10-minute period. Authentication Order — You can configure the order in which password authentication is attempted among RADIUS, TACACS +, and local methods. Complexity — You can use this parameter to specify if passwords must contain upper- and lowercase characters, numeric, and special characters.

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Set the system name

Minimum Length — You can specify the minimum number of characters (1 to 8) required for a password.

Scalable IP Networks v1.00

Module 2 – page 34

Show Card

=============================================================================== Card 1 =============================================================================== Slot Provisioned Equipped Admin Operational Card-type Card-type State State ------------------------------------------------------------------------------1 iom-20g-b iom-20g-b up up ===============================================================================

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

Show Card The slide above shows the output of a show card command. The output shows that the card slot is configured to support all IOMs. The next columns show which card the slot is configured to accept and then which card is actually installed in the slot. These two entries must match. Finally, the administrative and operational states should both be up.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:sr1a# show card 1

Module 2 – page 35

Show MDA

=============================================================================== MDA Summary =============================================================================== Slot Mda Provisioned Equipped Admin Operational Mda-type Mda-type State State ------------------------------------------------------------------------------1 1 m5-1gb-sfp-b m5-1gb-sfp-b up up 2 m16-oc3-sfp m16-oc3-sfp up up ===============================================================================

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

Show MDA The slide above shows the output of a show mda command. The output shows the card slot that is being referenced, in this case card 1, and then the MDAs that are supported by the IOM in card slot 1. In this case, all MDAs are supported. Next is which MDA is the IOM slot configured to accept, the actual MDA that is installed in the IOM MDA slot, and the status of the MDA.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:sr1a# show mda

Module 2 – page 36

Admin display-config

# Generated FRI DEC 22 16:00:41 2006 UTC exit all configure #-------------------------------------------------echo "System Configuration" #-------------------------------------------------system name "acie_sr1a" snmp shutdown exit login-control Press any key to continue (Q o quit) Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

Admin display-config The slide above shows a partial output of the admin display-config command. The first portion of the output shows the current version of the operating system that is running on the router. The router then outputs the entire configuration of the router, down to the port level. This command can output a large number of pages on a fully configured router.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:acie_sr1a# admin display-config # TiMOS-B-4.0.R9 both/hops ALCATEL SR 7750 Copyright (c) 2000-2007 AlcatelLucent. # All rights reserved. All use subject to applicable license agreements. # Built on Tue Dec 19 15:56:05 PST 2006 by builder in /rel4.0/b1/R9/panos/main

Module 2 – page 37

Info Command

A:Training1>config>router# interface Toronto A:Training1>config>router>if# info ---------------------------------------------address 131.131.131.1/30 port 1/1/1 ----------------------------------------------

You can view more details by using the detailed version of the info command: info detail

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

The info command provides informational display during configuration without the need to use the show config command.

Module 2 – page 38

Logs

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

7x50 Logs The 7x50 ESS keeps very extensive logs of events, alarms, traps, and debug/trace messages. The logs are used to monitor events and troubleshoot faults in the 7450. You can configure what type of logging information is captured and where you want to send the captured logging information. Log Sources Applications and processes within the 7450 generate event logs. The logs are divided into four streams: Main – most normal logs not specifically directed to any other event stream. Security – any attempts to breach system security, such as failed login attempts. Change – any events that affect the configuration or operation of the node. Debug/Trace – all output generated as a result of turning on debug/trace. Forwarded events are placed into an event log. Each event log has a log identification (log-id) number and can contain events from more than one event stream. Log Destinations You can configure the destination for the contents of a log-id. A log-id can be directed to one of the following destinations: Console – the physical 9-pin console port of the 7450. Session – a console or Telnet session. Sessions are temporary log destinations that are valid only as long as the session lasts. Memory – a circular buffer where the oldest entry is overwritten when the buffer is full. File – event logs and accounting policy information can be directed to a file. Syslog – event log information can be sent to a syslog server. SMNP Trap Group – event log information can be sent to an SNMP trap group. All events and traps are time-stamped and numbered per destination. Traps are sequence-numbered per destination and stored in memory. If the 7450 NMS should go offline for some reason it may not receive some trap notifications. When the NMS comes back online it will automatically recognize that it has missed some trap notifications because the last sequence number it has will be different from the sequence number in the 7450. The NMS will then update its records with the missing traps. If the in-memory notification log become full and some records are overwritten the NMS will resynchronize itself with the 7450.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Record Events, Alarms, Faults that result from actions performed on the 7X50 Can be used to record debug messages for trouble shooting Log Sources Main - most normal logs Security - any attempt to breach system security Debug - events as a result of turning debug tracing on Change - any events that change configuration of the node Log Destinations Console, Session Memory, File SYSLOG Server SNMP Trap Group

Module 2 – page 39

Configuring Logs

Main

Security

Change

Event Controller Log event?

Debug

Yes

Optional Filter Policy Garbage

Log Id 10

Log Id 11

Session

File

Alcatel-Lucent Scalable IP Networks v1.1

Configuring Logs Steps 1. Configure a log id with a number from 1-98 2. Identify the source 3. Specify an optional filter to filter events if desired 4. Identify the destination 5. Examine the logs to view the events

Scalable IP Networks v1.00

Log Id 13

Log Id 12

SNMP

Memory

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Sources

Module 2 – page 40

CLI for Configuring Logs

<filter-id>

: [1..1001]

[no] default-action [no] description [no] entry

- Specify the default action for the event filter - Description string for the event filter + Configure an event filter entry

A:PE1>config# log filter 14 A:PE1>config>log>filter$ description "default filter" A:PE1>config>log>filter$ default-action forward A:PE1>config>log>filter$ back A:PE1>config>log>filter# info detail ---------------------------------------------default-action forward description "default filter" ---------------------------------------------Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:PE1>config# log filter - filter <filter-id> - no filter <filter-id>

Module 2 – page 41

CLI for Configuring Logs (cont’d)

14 from debug-trace to session filter 14

A:PE1>config>log>log-id# info detail ---------------------------------------------no description filter 14 time-format utc from debug-trace to session no shutdown ---------------------------------------------A:PE1>config>log>log-id#

Alcatel-Lucent Scalable IP Networks v1.1

General Log Commands Show log applications Show log event-control Show log file-id Show log filter-id Show log log-collector Show log log-id Show log snmp-trap-group Show log syslog

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:PE1>config>log# log-id A:PE1>config>log>log-id# A:PE1>config>log>log-id# A:PE1>config>log>log-id#

Module 2 – page 42

Default Alarm Logs

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

How to show Layer 1 & Layer 2 alarms 7X50 has two default memory logs (Log-id 99 & 100) containing all the events from the “main” application. All severity levels of alarms are recorded in log-id 99, where log-id 100 only contains serious errors. There are several ways to view the alarms of a specific subject, such as alarms related to a particular port. One method is to create a new log that only monitors the specific subject.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

There are two default logs Log 99 – All severity levels of alarms Log 100 – Only serious errors To view the logs use the following commands: Show log log-id 99 Show log log-id 100 More granular “data mining” of the two log files can be accomplished: Show log log-id 99 subject 1/1/1 – port specific Show log log-id 99 application chassis – chassis related alarms Others exist. Only store about 500 entries. If more entries are required then specific alarm logs need to be created

Module 2 – page 43

Default Logs – Alarm Monitoring Example

A:PE1>config>log>log-id# show log log-id 99 =================================================================== Event Log 99 =================================================================== Description : Default System Log Memory Log contents [size=500 next event=25 (not wrapped)] 24 2006/08/17 15:30:55.29 UTC WARNING: SYSTEM #2006 - CHASSIS "tmnxMDATable: Slot 1, MDA 2 configuration modified" 23 2006/08/17 15:30:55.29 UTC WARNING: SYSTEM #2007 - PORT "Pool on Port 1/2/b.net-sap Modified managed object created“ ……………………. 5 2006/08/17 15:30:55.29 UTC MINOR: CHASSIS #2004 - Mda 1/2 "Class MDA Module : wrong type inserted"

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

The “show log log-id 99 application chassis” command details any and all alarms that have been logged within the router. In the above case the detailed information only shows minor alarms from the individual modules being inserted into the chassis. Noting the time, these entries were from when the router first booted.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

The “show log” command

Module 2 – page 44

Module Summary 7x50 product CLI commands and navigation Useful commands System startup and boot files Boot Options File (BOF) and default configuration files Basic system and hardware configuration Logs and alarms

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 2 – page 45

Learning Assessment

What information does the BOF contain? What is the CLI context in which interfaces are configured? What command can be used to view the status of the MDAs? List the possible log sources. How many default logs are there, and what info do they provide?

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 2 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1. 2. 3. 4. 5.

Module 2 – page 46

Learning Assessment Answers

Alcatel-Lucent Scalable IP Networks v1.1

Module 2 |

1. What information does the BOF contain? Stores the parameters that specify the location of the image file from which the router will try to boot, and stores the configuration file which the routers uses to configure the applications and interfaces. 2. What is the CLI context in which interfaces are configured? PE1>config>router# 3. What command can be used to view the status of the MDAs? PE1>show mda x 4. List the possible log sources. Main, Security, Debug, Change 5. How many default alarm logs are there, and what info do they provide? There are two. Log 99 provides list of alarms of all severity. Log 100 provides a list of only the serious errors that occur.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Page left blank for notes

Module 2 – page 47

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

www.alcatel-lucent.com

Module 3 â&#x20AC;&#x201D; Ethernet Overview

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks

Module Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After successful completion of this module, you should be able to: Understand layer 2 requirements Discuss the Ethernet protocol and its different components Discuss the operation of STP Discuss the operation of RSTP and its improvement over STP Discuss the function of virtual local area networks Discuss the operation of MSTP and how it relates to VLANs

Module 3 – page 2

Section 1 â&#x20AC;&#x201D; Layer 2 OSI and Ethernet Defined

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet Overview

Data Link Layer/ Layer 2 OSI

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

The data link layer defines a lower-level addressing structure to be used between end systems as well as the lowerlevel framing and checksums used to transmit over the physical medium. Using checksums maintains data integrity across end systems. It is at the data link layer that the data is broken down into bits for transmission via the physical layer. Ethernet, token ring, and frame relay are all examples of data link layer or layer 2 protocols. Traditional Ethernet switches operate at the data link layer and are concerned with forwarding packets based on the layer 2 addressing scheme. Layer 2 Ethernet switches are not concerned with whether the packet contains IP, IPX, or AppleTalk, but only with the transmission of the Ethernet frame.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Defines an addressing structure that is used between end systems Provides framing and error checking for the transfer of data via physical media Layer 2 examples: Ethernet PPP ATM Frame relay Token ring

Module 3 – page 4

Layer 2 Protocols - ATM

Bits

GFC

VPI

VCI VCI

VCI

CLP

HEC Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

The UNI header consists of the following fields: GFC—4 bits of generic flow control that are used to provide local functions, such as identifying multiple stations that share a single ATM interface. The GFC field is typically not used and is set to a default value. VPI—8 bits of virtual path identifier that is used, in conjunction with the VCI, to identify the next destination of a cell as it passes through a series of switch routers on its way to its destination. VCI—16 bits of virtual channel identifier that is used, in conjunction with the VPI, to identify the next destination of a cell as it passes through a series of switch routers on its way to its destination. PT—3 bits of payload type. The first bit indicates whether the cell contains user data or control data. If the cell contains user data, the second bit indicates congestion, and the third bit indicates whether the cell is the last in a series of cells that represent a single AAL5 frame. CLP—1 bit of cell loss priority that indicates whether the cell should be discarded if it encounters extreme congestion as it moves through the network. HEC—8 bits of header error control that are a checksum calculated only on the header itself.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

ATM Asynchronous Transfer Mode yPacket oriented cell switching technology yApplication packets are broken into 53 byte fixed sized cells including a 5 byte header also referred to as an ATM packet yATM circuit is identified by a VPI/VCI value yEnhanced QoS support with 5 service classes yIdeal for multiple services on the same line

Module 3 – page 5

Layer 2 Protocols - ATM Adaptation Layers

y AAL1 – Constant Bit rate traffic y AAL2 – Variable Bit rate traffic y AAL3/4 – Connection oriented service usually y AAL5 – Connectionless oriented service usually (for e.g. IP)

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Constant Bit Rate (CBR) service: AAL1 encapsulation supports a connection-oriented service where minimal data loss is required. Examples of this service include 64 Kbit/sec voice, fixed-rate uncompressed video and leased lines for private data networks. Variable Bit Rate (VBR) service: AAL2 encapsulation supports a connection-oriented service in which the bit rate is variable but requires a bounded delay for delivery. Examples of this service include compressed packetized voice or video. The requirement on bounded delay for delivery is necessary for the receiver to reconstruct the original uncompressed voice or video. Connection-oriented data service: For connection-oriented file transfer and in general, data network applications where a connection is set up before data is transferred, this type of service has variable bit rate and does not require bounded delay for delivery. Two AAL protocols were defined to support this service class, and have been merged into a single type, called AAL3/4. Connectionless data service: Examples of this service include datagram traffic and in general, data network applications where no connection is set up before data is transferred. This is used to transport IP/Ethernet/Frame relay applications

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

AAL ATM packets are further encapsulated by ATM adaptation layers (AAL) which are responsible for Segmentation of higher layer data into ATM cells and Re-assembly (SAR) of ATM packets received at the other end into higher layer data Purpose is to adapt the class of service from higher layers onto connectionless ATM cells AAL classification is related to the service and application required for transport

Module 3 – page 6

Layer 2 Protocols - ATM Adaptation Layer 5

y Generally used to transport non-real time connectionless data y Encapsulation used for transporting IP packets and interworking with Frame Relay or Ethernet packets y AAL5 is the simple and efficient AAL which is the one used most for data traffic; it has no per-cell length nor per-cell CRC fields. Variable length

0-47

4 Bytes

PDU payload

PAD

CPI

CRC-32

PDU -

Variable length user information field (broken into 48 byte segments)

PAD -

Padding used to cell align the trailer between 0 and 47 bytes long.

UU -

CPCS user-to-user indication to transfer one byte of user information

CPI -

Common Part Indication

LI -

Length indicator

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Higher level SDUs may be several bytes in length, however, as the ATM payload is only 48 bytes, the SDUs must be segmented into multiple cells as it enters the ATM network, and then reassembled when it exits the ATM network. This function of the ATM adaptation layer is known as SAR – Segmentation and Reassembly. The adaptation layer comprises two sub-layers, one of which is the SAR sub-layer, the other being the CS – Convergence Sub-layer, which performs service-dependent functions.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

AAL 5

Module 3 – page 7

Layer 2 Protocols -PPP

y Physical- Can operate across any DTE/DCE (EIA/TIA, ISDN etc.) y LCP (Link Control Protocol) – to build data link connections y NCP ( Network Control Protocol)- to allow multiple Network protocols to be used over the point to point links

Supports authentication, compression, error detection, multi-link as part of the LCP protocol

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

PPP (Point to Point Protocol) Point to Point data link layer protocol initially designed to transport IP packets Can be used over Asynchronous (ATM, dial-up) or synchronous ISDN digital media Components:

Module 3 – page 8

Layer 2 Protocols - PPP (cont’d)

Flag 0x7E Protocol Second byte

Address 0xFF

Control 0x03

Protocol First byte

Data Padding

Packing

PPP in OSI frame

Frame Check Sequence

IP/IPX/AppleTalk

NCP

(Network Control)

LCP

(Link Control)

HDLC 1

Flag 0x7E

(High-level Data link)

Physical Layer

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Flag: The first flag field indicates the start of a PPP frame. Always has the value “01111110” binary (0x7E hexadecimal, or 126 decimal). The last flag field indicates the end of a PPP frame. Always has the value “01111110” binary (0x7E hexadecimal, or 126 decimal Address: In HDLC this is the address of the destination of the frame. But in PPP we are dealing with a direct link between two devices, so this field has no real meaning. It is thus always set to “11111111” (0xFF or 255 decimal), which is equivalent to a broadcast (it means “all stations”). Control: This field is used in HDLC for various control purposes, but in PPP it is set to “00000011” (3 decimal). Data: Zero or more bytes of payload that contains either data or control information, depending on the frame type. For regular PPP data frames the network-layer datagram is encapsulated here. For control frames, the control information fields are placed here instead. Padding: In some cases, additional dummy bytes may be added to pad out the size of the PPP frame.FCS2 (or 4) Frame Check Sequence (FCS): A checksum computed over the frame to provide basic protection against errors in transmission. This is a CRC code similar to the one used for other layer two protocol error protection schemes such as the one used in Ethernet. It can be either 16 bits or 32 bits in size (default is 16 bits). The FCS is calculated over the Address, Control, Protocol, Information and Padding fields. Protocol: Identifies the protocol of the datagram encapsulated in the Information field of the frame. See below for more information on the Protocol field. Value (in hex) --------------

Scalable IP Networks v1.00

Protocol Name ----------------0001 0003 0005 0007 to 001f 0021 0023 0025 0027 0029 002b

Reference -----------Padding Protocol ROHC small-CID ROHC large-CID reserved (transparency inefficient) Internet Protocol version 4 OSI Network Layer Xerox NS IDP DECnet Phase IV Appletalk Novell IPX

[RFC3095] [RFC3095]

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

PPP Frame

Module 3 – page 9

Layer 2 Protocols – PPP (cont’d)

Data Network

LCP

Set Receive Data size and compression

CHAP Challenge

CHAP Response

Success NCP

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

A PPP Session establishment has three phases: 1. Link Establishment Phase

- each PPP device sends LCP packets to configure/test the data link

- LCP packets contain a Configuration Option field to negotiate: • maximum receive unit • compression of certain PPP fields • link authentication protocol

2. (Optional) Authentication Phase

PAP - Password Authentication Protocol • Two-way handshake • Passwords sent in clear text • Remote node in control of attempts

CHAP - Challenge Handshake Authentication Protocol • Three-way handshake • Challenge | Response | Accept/Reject • Use secret know only to authenticator and peer • Can be repeated any time after the link has been established

3. Network-Layer Protocol Phase 1. - PPP devices send NCP packets to choose and configure one or more network-layer protocols 2. - Once protocols are configured, datagrams can be sent over the network

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

PPP Establishment Sequence

Module 3 – page 10

Layer 2 Protocols - Ethernet

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet Most commonly used layer 2 protocol for LANs Uses MAC for identifying interfaces Encapsulates layer 3 traffic in an Ethernet frame that requires a source MAC and a destination MAC address for end system identification Can use the broadcast address FF:FF:FF:FF:FF:FF as the destination MAC address to forward data to all Ethernet devices in the LAN

Module 3 – page 11

Ethernet History

Ethernet started using the CSMA/CD access method (halfduplex) to handle simultaneous demands. Ethernet is one of the most widely implemented LAN standards.

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Ethernet was originally designed by the Xerox Corporation, but the company was unsuccessful at launching the technology commercially. Later Xerox joined with Digital Equipment Corporation to commercially standardize a suite of network products that would use the Ethernet technology. The Intel Corporation later joined the group, known as DEC-Intel-Xerox (DIX). DIX developed and published the standard that was used for 10 Mb/s version of Ethernet. Originally, the only medium capable of handling these speeds was a multidrop thick coaxial cable. The IEEE had started project 802, which was to provide the industry with a framework for standardizing of LAN technology. Because the technology was so diverse, the IEEE formed working groups in support of the different LAN technologies. The 802.3 working group was tasked with standardizing LANs based on the Ethernet technology.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet is a LAN architecture developed by the Xerox Corporation in cooperation with DEC and Intel in 1976. Ethernet initially supported data transfer rates of 10 Mb/s. The Ethernet specification served as the basis for the IEEE 802.3 standard, which specifies the physical and lower software layers.

Module 3 – page 12

Ethernet and the OSI Model

Logical Link Control 802.2

Presentation Media Access Session Transport Network

Control

LLC – Interface to the L3 protocol MAC – L2 addressing, data transfer, sync, error control, and data flow

Data Link Physical

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Ethernet resides at the data link layer. The Ethernet layer is subdivided into two sublayers: LLC and MAC. The LLC interfaces between the network interface layer and the higher L3 protocol and may provide additional functions such as flow control. The MAC layer is responsible for determining the physical source and destination addresses for a particular frame and for the reliable transfer of data, synchronization of data transmission, error control, and flow of data. At the physical layer, to observe the physical link condition, Ethernet uses the link integrity test, in which Ethernet transceivers continually monitor the data path for activity. The result of good activity is the green LED on most Ethernet NICs.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Application

Module 3 – page 13

Ethernet Frame Format

SFD DA

Length /type

P a y l o a d (46 to 1500 bytes)

FCS

Frame check sequence 4 bytes Payload: Internet layer Frame length or type information, 2 bytes Source MAC address (6 bytes) Destination MAC address (6 bytes) 8 bytes, fixed sequence to alert the receiver (0x55555555555555D5), start frame delimiter Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

The frame consists of a set of bits organized into several fields. These fields include address fields, a variable size data field that carries from 46 to 1500 bytes of data, and an error checking field that checks the integrity of the bits in the frame to make sure that the frame has arrived intact. The original Ethernet standards defined the minimum frame size as 64 bytes and the maximum as 1518 bytes. These numbers include all bytes from the destination MAC address field to the frame check sequence field. The preamble and the start frame delimiter fields are not included when quoting the size of a frame. The IEEE 802.3ac standard released in 1998 extended the maximum allowable frame size to 1522 bytes to allow for a VLAN tag to be inserted into the Ethernet frame format. Frames can be bigger for gigabit Ethernet and 10 gigabit Ethernet ports. Preamble This is a stream of bits used to allow the transmitter and receiver to synchronize their communication. The preamble is an alternating pattern of binary 56 ones and zeroes. The preamble is immediately followed by the Start Frame Delimiter. Start Frame Delimiter This is always 10101011 and is used to indicate the beginning of the frame information. Destination MAC This is the MAC address of the machine receiving data.. Source MAC This is the MAC address of the machine transmitting data. Length This is the length of the entire Ethernet frame in bytes. Data/Padding (a.k.a. Payload) The data is inserted here. This is where the IP header and data is placed if you are running IP over Ethernet. This field contains IPX information if you are running IPX/SPX (Novell). Contained within the data/padding section of an IEEE 802.2 frame are four specific fields: DSAP - Destination Service Access Point SSAP - Source Service Access Point CTRL - Control bits for Ethernet communication NLI - Network Layer Interface The Frame Check Sequence (FCS) is a part of the frame put in place to verify that the information each frame contains is not damaged during transmission. If a frame is corrupted during transmission, the FCS on the frame will not match with the recipient's calculated FCS. Any frames that do not match the calculated FCS will be discarded

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Preamble

Module 3 – page 14

Ethernet II Frame Capture

0000 0010 0020 0030 0040 0050 0060 0070 0080 0090 00a0 00b0 00c0 00d0 00e0 00f0 0100 0110 0120

00 01 35 40 65 0d 6b 61 61 74 70 65 63 2e 75 68 64 72 31

11 21 95 00 3a 0a 73 72 2c 68 72 73 65 0d 74 6f 20 61 33

43 0e 00 bc 20 41 20 63 20 6f 6f 73 20 0a 20 75 74 74 2d

Alcatel-Lucent Scalable IP Networks v1.1

45 ab 17 0e 20 6c 43 68 4f 72 68 20 69 51 74 6c 6f 69 37

61 00 09 00 73 63 61 20 6e 69 69 74 73 75 68 64 20 6f 38

23 00 55 00 54 61 6e 52 74 7a 62 6f 20 65 69 20 4e 6e 34

00 40 98 ff 57 74 61 6f 61 65 69 20 72 73 73 62 65 73 2d

e0 06 09 fb 33 65 64 61 72 64 74 74 65 74 20 65 74 0d 33

52 ea 6c 03 32 6c 61 64 69 20 65 68 73 69 64 20 77 0a 31

d4 a8 96 0d 66 20 2c 2c 6f 61 64 69 74 6f 65 64 6f 61 32

a5 8a 8e 0a 62 4e 20 20 0d 63 2e 73 72 6e 76 69 72 74 34

00 78 7b 64 69 65 36 4b 0a 63 20 20 69 73 69 72 6b 20 2e

TCP Info

L3/IP Information

Ether Type

Source Address

08 35 67 65 38 74 30 61 55 65 20 64 63 20 63 65 20 2b 20

00 fe a7 76 32 77 30 6e 6e 73 41 65 74 61 65 63 4f 31 0d

45 8a 50 69 0d 6f 20 61 61 73 63 76 65 62 20 74 70 20 0a

00 78 18 63 0a 72 4d 74 75 20 63 69 64 6f 73 65 65 36

Module 3 |

..CEa#..R.....E. .!....@....x5..x 5....U..l..{g.P. @..........devic e: sTW32fbi82.. ..Alcatel Networ ks Canada, 600 M arch Road, Kanat a, Ontario..Unau thorized access prohibited. Acc ess to this devi ce is restricted ...Questions abo ut this device s hould be directe d to Network Ope rations..at +1 6 13-555-3124. .. All rights reserved © 2006–2007 Alcatel-Lucent

Details Frame 234 (303 bytes on wire, 303 bytes captured) Ethernet II, Src: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00), Dst: Dell_45:61:23 (00:11:43:45:61:23) Destination: Dell_45:61:23 (00:11:43:45:61:23) Source: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00) Type: IP (0x0800) Internet Protocol, Src: 138.120.53.254 (138.120.53.254), Dst: 138.120.53.149 (138.120.53.149) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) Total Length: 289 Identification: 0x0eab (3755) Flags: 0x00 Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xeaa8 [correct] Source: 138.120.53.254 (138.120.53.254) Destination: 138.120.53.149 (138.120.53.149) Transmission Control Protocol, Src Port: 23 (23), Dst Port: 2389 (2389), Seq: 4, Ack: 1, Len: 249 Source port: 23 (23) Destination port: 2389 (2389) Sequence number: 4 (relative sequence number) Next sequence number: 253 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 16384 Checksum: 0xbc0e [correct] Telnet

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Destination Address

Module 3 – page 15

Ethernet — MAC Addressing

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

MAC addresses allow Ethernet connected devices to communicate with each other. IEEE 802.3 uses a 48-bit address space, yielding 2^48 possible addresses. A unique L2 MAC address is given to each network host. Most MAC addresses are pre-programmed into the Ethernet NIC at the time of manufacture. MAC addresses are assigned by IEEE and are globally unique. The first 3 octets in the address are assigned by IEEE on a per-manufacturer basis.

Module 3 – page 16

Ethernet — MAC Addressing (continued)

XX-XX-XX-XX-XX-XX OUI

Vendor Assigned

The OUI is the number assigned by the IEEE to vendors such as Alcatel OUI examples: Alcatel Canada 00-80-21 and 00-D0-F6, Alcatel USA 00-17-CC, Alcatel Italia 00-20-60 OUI engine: http://standards.ieee.org/regauth/oui/index.shtml

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

MAC Address Format

Module 3 – page 17

Ethernet Frame Types

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Ethernet supports multiple frame types that are often related to the payload that is in the frame itself. Ethernet 802.3 Raw — This type of Ethernet frame was developed by Netware and will only support Novell IPX/SPX traffic. The frame is similar to the standard 802.3 frame except that it does not contain the LLC information. Ethernet 802.2 — This frame includes fields from 802.3 and 802.2. The major difference in this type of frame is that the first 3 bytes of the data field are reserved for the LLC header information: the DSAP, SSAP, and control field. This is the most commonly used frame today. Ethernet II — The major difference of this frame is that the 2 bytes that typically define the length of the frame are now used to define the type of frame. In addition, the Ethernet II frame does not use an LLC header in the data field. Ethernet SNAP — SNAP is similar to 802.2, with LLC parameters, but has expanded capabilities. The LLC now uses the first 8 bytes of the data field for LLC header information. The wireless protocol 802.11g uses this format.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet 802.3 Raw Original frame type; does not support LLC Ethernet 802.2 Includes fields from 802.3 and LLC 802.2 Ethernet II Similar frame type except that the length field has been replaced by a type field Ethernet SNAP Similar to 802.2 but has expanded LLC capabilities

Module 3 – page 18

Ethernet Transmission

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Half-duplex transmission is the traditional means of transporting Ethernet frames. Because data is transmitted in one direction at a time over a shared medium, such as a hub, collisions are possible. The CSMA/CD algorithm is used to handle collisions. A hub uses shared media and supports half-duplex only. 10Base-T, which works on half-duplex, is efficient 30 to 40% of the time because of collisions and as such the effective throughput is only 3 to 4 Mb. Full-duplex transmission has data forwarding in both directions simultaneously. Full-duplex implementations also require a point-to-point connection between each send and receiver port. Therefore a switch with 8 ports would have each of the 8 ports connected to the rest of the ports via a dedicated set of wires. This ensures that there is no shared medium and collision is not possible. Because data can be transmitted bidirectionally, the effective rate of a 10-Mb full-duplex transmission is 20 Mb (i.e., 10 Mb each way). Hence full-duplex transmissions are more efficient than half-duplex. Switches and routers usually support full-duplex transmissions. When devices such as switches and hubs are interconnected, care must be taken to ensure that the proper transmission parameters are set on the ports. For switch-to-hub connections, the switch port must be set to halfduplex because the hub only supports half-duplex. For switch-to- switch, switch-to-host, or switch-to-router connections, full-duplex can be used.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Half-duplex transmission Data sent in one direction at a time Results in collisions Uses CSMA/CD to resolve collisions Hubs are the most common half-duplex devices Full-duplex transmission Data sent in both directions at the same time Requires point-to-point connections No collisions An approach to higher network efficiency Switches are the most common fullduplex devices

Module 3 – page 19

Half-Duplex Operation (CSMA/CD )

All hosts constantly listen to the line. Host A transmits. Hosts B, C, and D listen to host A and do not transmit. All hosts receive host A’s message.

Hub

Alcatel-Lucent Scalable IP Networks v1.1

C Module 3 |

The CSMA/CD access rules are summarized by the protocol’s acronym. Carrier Sense means that a host that wants to transmit data will first monitor the link, and if it does not sense the transmission signal of another host, it will transmit its data. If the waiting host senses another host transmission signal, the waiting host will continue to wait until the link goes silent. Multiple Access means many hosts share the same medium. Collision Detection means that hosts monitor the medium while transmitting to detect another host that is transmitting while they are transmitting. This means that only one host can transmit at once, as shown in the figure above. In this scenario: All the hosts are listening to the line. Host A decides to transmit because there is no message transmitted by any other host (idle line). Hosts B, C, and D listen to host A transmitting and will not transmit data until host A has transmitted the data. Host A’s message is transmitted on all hub ports. The procedure above reduces the chance of collisions but does not prevent them. Both hosts A and B could decide to transmit at once because no other hosts are transmitting a message on the line (idle line).

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 3 – page 20

Half-Duplex Operation (CSMA/CD) (continued)

All hosts constantly listen to the line. Host A and host B transmit simultaneously. Messages collide. Both hosts back off for a random time interval.

Hub

A Alcatel-Lucent Scalable IP Networks v1.1

C Module 3 |

When host A and host B transmit frames at the same time, they will both detect collision or corruption of the data. Both host A and host B will generate a jam signal, which will be received by other hosts so that they discard the data that was just corrupted by a collision. A random back-off timer is then started on the transmitting hosts. Afterward, either host A or host B will initiate a transmission after they detect no other transmission on the line.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 3 – page 21

Full-Duplex Operation

Point-to-point only Attached to a dedicated switched port Requires full-duplex support on both ends Collision-free Switch

A Alcatel-Lucent Scalable IP Networks v1.1

D Module 3 |

Full-duplex operation is an optional MAC layer capability that allows simultaneous two-way transmission over pointto-point links. Full-duplex transmission involves no media contention, no collisions, and no need to schedule retransmissions. There are exactly two hosts connected on a full-duplex point-to-point link. The link bandwidth is effectively doubled because each link can now support full-rate, simultaneous, two-way transmission.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 3 – page 22

Auto-Negotiation

y 10 Mb/s y 100 Mb/s y 1000 Mb/s

Operation mode y Half-duplex (CSMA/CD) y Full-duplex

If auto-negotiation is enabled, Ethernet nodes connected by a twisted pair cable negotiate their speed as well as duplex mode prior to establishing a link. Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Auto-negotiation is a mechanism that takes control of the cable when a connection to a network device is established. Auto-negotiation detects the various modes that exist in the device on the other end of the wire (the link partner) and advertises its own abilities to automatically configure the highest performance mode of interoperation. Auto-negotiation was first defined in 1995 as an optional feature for 10 and 100 Mb/s twisted-pair Ethernet, clause 28 of 802.3u. 1000Base-T requires auto-negotiation to establish signal timing control to make the link operational. Basically, an auto-negotiation device advertises its abilities and detects the abilities of the remote device that it is connected to, known as the link partner. After auto-negotiation has received the link partner's abilities in a robust manner and it receives acknowledgment that its abilities have also been received by the link partner, autonegotiation compares the two sets of abilities and decides which technology to connect. This decision is based upon a previously agreed priority of technologies. Auto-negotiation attaches the highest-performance common technology to the medium and becomes transparent until the link goes down or is reset.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet’s negotiable operation Speed

Module 3 – page 23

Network Domains Switch

Bridge Hub

2 Collision Domains, 1 Broadcast Domain Router

1 Collision Domain, 1 Broadcast Domain 3 Broadcast Domains, 3 Collision Domains Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

A collision domain is a group of Ethernet or fast Ethernet devices in a CSMA/CD LAN that are connected by repeaters and that compete for access in the network. Only one device in the collision domain may transmit at any one time, and the other devices in the domain listen to the network to avoid data collisions. A collision domain is sometimes referred to as an Ethernet segment. A broadcast domain is a restricted area in which information can be transmitted for all devices in the domain to receive. More specifically, Ethernet LANs are broadcast domains. Any devices attached to the LAN can transmit frames to any other device because the medium is a shared transmission system. Frames are normally addressed to a specific destination device in the network. While all devices detect the frame transmission in the network, only the device to which the frame is addressed actually receives it. A special broadcast address consisting of all 1s is used to send frames to all devices in the network.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Resource

Module 3 â&#x20AC;&#x201C; page 24

Collision Domains

Hub Collision

Hub

Domain

Switch

Collision Domain Collision

Collision

Domain

Collision Domain

Broadcast Domain

Collision

Domain

Switch

Domain

Router

Broadcast

Hub

Domain

Broadcast

Hub

Domain Collision Domain

Hub

In this figure, there are 8 collision domains and 3 broadcast domains. Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Hub

Module 3 – page 25

Switching

Host B 2

00 00 A2 00 00 01

00 00 A2 00 00 02

Switch Forwarding Table Node MAC Address Interface 00 00 A2 00 00 01 1 00 00 A2 00 00 02 2 Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Ethernet switches use the MAC address of the host. The switch dynamically learns which host MAC addresses are associated with an interface and enters the address information into a MAC FDB. When the switch receives an Ethernet frame, it looks at the destination MAC address of the frame, compares it to the entries in its MAC FDB, and then transmits the frame out of the appropriate interface. If no entry is found, the switch floods the frame out of all its interfaces.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Switch

Host A

Module 3 – page 26

Building Up the MAC Forward/Filter Table

Step 2: The switch receives the frame on 1/1/1 and places source in MAC table.

1/1/1

Step 3: The destination is not in the MAC table so the switch forwards the frame to all ports except the source.

1/1/4

1/1/2

Step 4: Host B responds to Host A. The switch adds the source address of Host B to the MAC table.

1/1/3

Step 5: Host A and Host B can now send unicast frames bidirectionally. Step 6: Similarly, Host C and Host D will send frames and populate the MAC table.

MAC Table 1/1/1 Host A 0000.8c01. 000A

Host B

Host C

Host D

0000.8c01 0000.8c01. 0000.8c01.0 .000B 000C 00D

1/1/2 1/1/3 1/1/4

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

0000.8c01.000A

Step 2

0000.8c01.000B

Step 4

0000.8c01.000C

Step 6

0000.8c01.000D 27

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Step 1: Host A sends a frame to Host B.

Module 3 – page 27

Link Aggregation Groups (LAG) Characteristics

Based on IEEE 802.3ad standard LAGs y Increase bandwidth available between two network devices y Provide redundancy if one or more links in the LAG should fail LAGs are statically configured or formed dynamically with Link Aggregation Control Protocol (LACP) Failover time less than one second Alcatel enhanced features: y Dynamic cost y LAG port threshold y Support for up to 64 LAGs with 8 links per LAG

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

A LAG increases the bandwidth available between two nodes by grouping up to eight ports into one logical link. The aggregation of multiple physical links allows for load sharing and offers seamless redundancy. If one of the links fails, traffic is redistributed over the remaining links. Up to eight links can be supported in a single LAG, and up to 64 LAGs can be configured on a 7x50 SR/ESS. Link Aggregation Control Protocol (LACP) is defined in IEE802.3ad (Aggregation of Multiple Link Segments). LACP provides a standardized method of implementing link aggregation among different manufacturers. Link aggregation provides two important benefits: increased performance - provides incremental bandwidth between two devices increased resiliency - provides automatic, point-to-point redundancy between two devices

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Features and characteristics:

Module 3 – page 28

LAG Configuration

A maximum of eight ports can be included in a LAG. All ports in the LAG must share the same characteristics (speed, duplex, hold-timer, etc.). The port characteristics are inherited from the primary port. Auto-negotiation must not be configured for 10/100 ports that are part of a LAG. Ports in a LAG must be configured as full duplex. Configure ports as no autonegotiate. Example configuration:

config> lag config>lag# config>lag# config>lag# config>lag# config>lag#

1 description “LAG from PE1 to PE2” port 2/1/1 2/2/1 3/1/1 port-threshold 2 action down dynamic-cost no shutdown

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

LAG Port Threshold parameter This parameter determines the behaviour of a LAG when the number of available links falls below the configured threshold value. Two actions can be specified: Option 1: configure lag <lag-id> port-threshold <threshold value> action down If the number of available links is less than the threshold value the LAG is declared operationally down until the number of available links is equal to or greater than the threshold value. Option 2: configure lag <lag-id> port-threshold <threshold value> action dynamic-cost When the number of available links falls below the threshold value, dynamic costing is used to determine the advertised LAG cost. Note: The costing of a LAG only affects the IGP costing (OSPF only) Dynamic Cost Parameter Dynamic cost can be enabled with the general command config>lag <lag-id> dynamic-cost. This parameter enables or disables the IGP costing of a LAG. When dynamic cost is enabled with this command and the number of active links is greater than the port threshold value (0-7), the path cost is dynamically calculated whenever there is change in the number of active links regardless of the specified port threshold action. Note that if the port-threshold action is to declare the logical link down then if the number of active links is falls below the portthreshold value it will be declared down, even if dynamic-cost is enabled. Conversely, if the port-threshold is met and the action is set to dynamic cost, then the link cost is dynamically recalculated even if the general dynamic cost parameter is not configured.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

LAG configurations should include at least two ports. Other parameter considerations include:

Module 3 – page 29

LAG Architecture – Dynamic Cost

LAG 1

Node 2

Node 1

1 port 2/1/1 2/2/1 3/1/1 3/2/1 port-threshold 3 action dynamic2 port 4/1/1 4/2/1 5/1/1 port-threshold 2 action down

LAG 2

Node 3

If each link in LAG 1 and LAG 2 has a cost of 100, then the cost of logical link LAG 1 is 100/4=25 and LAG 2 is 100/3=33.

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

In the slide above, each physical link is configured with a cost of 100. Thus the cost of the logical link LAG 1 is 100/4=25 and LAG 2 is 100/3=33. The LAG groups are configured as shown in the slide above. Thus, if two of the links in in LAG 1 fail, the logical link cost is recalculated to be 100/2=50. For LAG 2, if two of the links fail, the logical link is declared operationally down.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

config> lag config>lag# config>lag# cost config> lag config>lag# config>lag#

Module 3 – page 30

Ethernet Standards

10 Mb/s — 10Base-T Ethernet – twisted-pair or optical 100 Mb/s — 100Base-T or Fast Ethernet – twisted-pair or optical 1000 Mb/s — 1000Base-T or Gigabit Ethernet – twisted-pair or optical 10 000 Mb/s — 10 Gigabit Ethernet – optical only

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Four data rates are currently defined for operation over optical fiber and twisted-pair cables:

Module 3 – page 31

10Base-T Ethernet

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Originally IEEE 802.3i; today’s standard is 802.3x Transmission rate with 802.3i is 10 Mb/s half-duplex, with 802.3x is 10 Mb/s full-duplex Frame format was based on Ethernet II, also called DIX Most networks today use the 802.3x frame format

Module 3 – page 32

100Base-T Ethernet

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IEEE standard is 802.3u Full-/half-duplex modes, 100 Mb/s data rate Cabling options: 100Base-TX — 2 pairs of twisted-pair cable 100Base-T4 — 4 pairs of twisted-pair cable 100Base-FX — Optical cable

Module 3 – page 33

1000Base-T Ethernet

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Also known as gigabit Ethernet or GigE IEEE standard is 802.3ab Full duplex mode only, 1000 Mb/s data rate 802.3ab specifies distances of 100 m using 4 pairs of Cat 5e cabling

Module 3 – page 34

10 Gigabit Ethernet

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IEEE standard is 802.3ae Full-duplex only, with 10 Gb/s data rate Minimizes the user's learning curve by maintaining the same management tools and architecture Physical media used is optical only

Module 3 – page 35

Ethernet Interface Types

Designation

Type

Wavelength

Distance

Copper

—

100 m

—

100Base

Optical SFP

1310 nm

2 km

Multimode

FX-SM

Optical SFP

1310 nm

25 km

Single-mode

Copper

—

100 m

—

Optical SFP

850 nm

550 m

Multimode

Gigabit Ethernet

10 gigabit Ethernet

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Fiber Type

Optical SFP

1310 nm

10 km

Single-mode

Optical SFP

1550 nm

70 km

Single-mode

CWDM

Optical SFP

1470 nm to 1610 nm

70 km

Single-mode

LW/LR

Optical SFP

1310 nm

10 km

Single-mode

EW/ER

Optical SFP

1550 nm

40 km

Single-mode

Optical SFP

850 nm

300 m

Multimode

Optical SFP

850 nm

10 km

Single-mode

Optical SFP

1550 nm

80 km

Single-mode

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet 10/100Base

Module 3 – page 36

Section 2 â&#x20AC;&#x201D; Spanning Tree Protocol

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet Overview

Spanning Tree Protocol — What Is It?

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Link management protocol that is part of IEEE 802.1 Spanning tree algorithm provides path redundancy in Ethernet bridge/switch networks Provides 1 active path at a time between 2 bridges or switches Provides backup paths to the active path, should the active path fail Primary function is to avoid looping in redundant path Ethernet networks

Module 3 – page 38

Redundant Topology — Without STP

y Necessary for the link of a switch failover y Load balancing

Disadvantages: y May cause broadcast storms y May cause multiple frame copies to be sent y May cause FDB table instability

Frame looping problems Layer 2 has no mechanism to stop looping as layer 3 has with TTL

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Redundancy Advantages:

Module 3 – page 39

Receiving Multiple Copies

Host B Segment 1

Switch 1

Switch 2

Segment 2

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

In a network with built-in redundancy and no STP, the likelihood of receiving multiple copies of a frame is high. Most protocols cannot recognize duplicate transmissions. The protocols that do use a numbered sequencing to track transmitted packets will think that the numbers have reset or are recycled.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Host A

Module 3 – page 40

Broadcast Storms

Host B Segment 1

Switch 1

Broadcast

Switch 2

Segment 2

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Networks that are designed with redundancy and no STP are vulnerable to the transmission of broadcast frames because the switch receives multiple copies of a frame. Because the switch receives multiple frames, it floods broadcast frames out of all ports with the exception of the port the frame was received on. In a redundant network, this broadcast frame would perpetuate itself until the switch resets because it gets overwhelmed with activity.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Host A

Module 3 – page 41

Database Instability

Segment 1 Unicast

Unicast Switch 1

Port 0

Switch 2

Port 0 MAC Address DB

MAC Address DB Host A

Port 0

Port 1

Host A

Port 0

Host A

Port 1

Segment 2

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Redundant networks without STP can also cause database instability. In the slide above, Switch 1 and Switch 2 will map the MAC address of Host A to Port 0. Later, when the copy of the frame arrives at Port 1 of Switch 2, Switch 2 must remove its original entry for Host A and replace it with the new entry for Host A, mapping it to Port 1. This activity causes an unstable database as Switch 2 tries to keep up with the actual location of Host A.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Host B

Host A

Module 3 – page 42

STP and IEEE 802.1d

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

STP is defined in 802.1d as a link management protocol Initially developed in 1990, based on the ISO/IEC 10038 standard Designed to provide path redundancy in Ethernet bridge/switch-based networks, while preventing loops STP uses a root/branch/leaf model, which determines a single path to each leaf spanning the entire L2 network End hosts (e.g., PCs) are oblivious to STP and instead see a single LAN segment

Module 3 – page 43

STP Port States

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Each port on a switch that uses STP exists in one of the following five states. Blocking — A port in the blocking state does not participate in any frame forwarding. A switch always enters the blocking state following switch initialization. Listening — This is the state that a port enters into after the blocking state when the STP has decided that this port should participate in frame forwarding. Learning — A port enters into the learning state after the listening state. This is to prepare the forwarding tables for frame forwarding. Forwarding — A port in the forwarding state forwards frames. Disabled — A port in the disabled state is non-operational.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1) Port enabled, by management or initialization 2) Port disabled, by management or failure 3) Algorithm selects as Designated or Root Port 4) Algorithm selects as Blocked Port 5) Protocol timer expiry (Forwarding Timer)

Module 3 – page 44

STP Port States and Activities

Part of active topology

Learning of MAC addresses

Disabled

Learning

Yes

Forwarding

Yes

Blocking Listening

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

STP port state

Module 3 – page 45

STP and BPDU BPDU Packet Protocol ID (2 bytes) Version (1 byte) Message type (1 byte) Flags (1 byte) Root ID ( 8 bytes) Path cost (4 bytes) Bridge ID (8 bytes) Port ID (2 bytes) Message age (2 bytes) Maximum age (2 bytes) Hello time (2 bytes) Forwarding delay (2 bytes)

Configurable on each bridge Configurable on root bridge Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

The root bridge/switch sends STP messages via BPDUs to the branches/leaves. On individual branches and leaves, the user can specify IDs and path costs. The root bridge/switch sets the forwarding delay, hello time, and maximum age. BPDU is sent in Ethernet frame with the port’s address as source and the STP Multicast address 01:80:C2:00:00:00 as destination

Module 3 – page 46

BPDU Packet Details

Always set to 0

Version

Always set to 0

Message type Flags Root ID Root path cost Bridge ID Port ID Message age Maximum age Hello time Forwarding delay

Determines which of two BPDU types; configuration or TCN Handle changes in the active topology Contains the bridge ID of root bridge (after convergence, all BPDUs should contain the same value) Cumulative path cost of all links to the root bridge Identifies the bridge that is transmitting the current configuration message Contains a unique value for each port Time stamp since the root bridge created this BPDU Maximum amount of time this BPDU is saved Time between configuration BPDUs Time spent in the listening and learning states

Configurable on each bridge Configurable on root bridge Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

STP performance is directly related to the root bridge/switch timer settings, which are outlined above in the final three fields of the BPDU: Maximum age, hello time, and forwarding delay. Maximum age — Defines the maximum amount of time that any received STP information is kept. When this timer is exhausted, the STP information is discarded. (typically 20 seconds) Hello time — Determines the frequency of transmitted hello messages to other bridges or switches (typically 2 seconds) Forwarding delay — Defines the amount of time the port stays in the learning and listening states (typically 15 seconds) The setting of all these values affects how quickly the network converges to a stable, frame-forwarding topology.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Protocol ID

Module 3 – page 47

STP in Action: State 1 Initialization

BPDU

Root Bridge/Switch

Boot Up

State 1 — Initialization

BPDU

Root Bridge/Switch

Path Cost 10

Boot Up

Boot Up Host A Host B

Root Bridge/Switch

Boot Up BPDU

Path Cost

Alcatel-Lucent Scalable IP Networks v1.1

BPDU

Root Bridge/Switch

BPDU

Path Cost 10

Module 3 |

A port in the Initialization state performs as follows: Upon initialization every switch in the network assumes that it is the root and starts advertising this very fact in the BPDU messages

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Path Cost 10

Module 3 – page 48

STP in Action: State 1 — Root Bridge/Switch Election

y After bridges/switches have initialized, root bridge election occurs. y Each bridge/switch has a user-assigned bridge priority. y The bridge priority ranges from 0 to 65 535 (default is 32 768). y Each bridge/switch sends its BID to every other bridge/switch. The BID is 8 bytes: 2 for bridge priority and 6 that contain the MAC address of the bridge/switch. y Election of the root bridge is determined using the Bridge ID, which is made up of the Priority and MAC address — the switch with lowest Bridge ID value is selected

y Any subsequent physical change in the network after election of the root bridge will cause an STP recalculation.

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Root bridge/switch election calculation:

Module 3 – page 49

STP in Action: State 2 — Root Bridge/Switch Election (continued)

BPDU

Path Cost 10

BPDU

Priority - 32 MAC - 00-80-21-00-00-10

BPDU

Root Bridge/Switch

BPDU

Root Bridge/Switch

Host B

BPDU

Path Cost

Priority - 48 MAC - 00-80-21-00-00-20 Alcatel-Lucent Scalable IP Networks v1.1

BPDU

Host A

Root Bridge/Switch Path Cost 10

BPDU

Priority - 16 MAC - 00-80-21-00-00-10

Module 3 |

In this example, the two bridges/switches with the same priority will use their MAC addresses to decide which will be root. In this case, it is the topmost bridge/switch that has the lower MAC address and is therefore the root. A port in the blocked state Discards frames received from the attached segment. Discards frames switched from another port for forwarding. Does not incorporate station location into its address database. (There is no learning at this point, so there is no address database update.) Receives BPDUs and directs them to the system module. Does not transmit BPDUs received from the system module.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Priority - 16 MAC - 00-80-21-00-00-05

Path Cost 10

Module 3 – page 50

STP in Action: State 2 — Root Bridge/Switch Election (continued)

Path Cost 10 Leaf Bridge/Switch

Root Bridge/Switch

Priority - 32 MAC - 00-80-21-00-00-10

D Host A

Leaf Bridge/Switch

Host B

Leaf Bridge/Switch

C Path Cost

Priority - 48 MAC - 00-80-21-00-00-20 Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Path Cost 10

2 Priority - 16 MAC - 00-80-21-00-00-10

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Priority - 16 MAC - 00-80-21-00-00-05

Path Cost 10

Module 3 – page 51

STP in Action:— Path Calculation

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Link bandwidth STP cost value 4 Mb/s

250

10 Mb/s

100

16 Mb/s

45 Mb/s

100 Mb/s

155 Mb/s

622 Mb/s

1 Gb/s

10 Gb/s

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Each port on a bridge/switch has a path cost value assigned, depending on bandwidth. The accumulated path cost determines the total cost to reach the root bridge/switch. Path cost values can be found in the IEEE 802.1d standard.

Module 3 – page 52

STP in Action:— Port Designations

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

If both ports on a segment have equal cost to the root, then the bridge port with the lower bridge Id is elected as the designated port and the other port becomes a non-designated port

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After bridges/switches have initialized, and root and leaf bridges have been selected, each bridge port participating in the Spanning Tree is assigned either the root/designated or blocking status Ports on root bridge automatically become designated ports. A switch/bridge that is not a root and has ports participating in STP is referred to as a designated bridge/switch Ports on designated bridge closest (least path cost) to the root are elected as root ports. These ports receive the BPDUs from the root Non-root ports on the designated bridge providing the least cost path from the segment (that the port is connected to) to the root bridge are elected as designated ports. Non-root ports on the designated bridge that do not provide the least cost path from the segment (that the port is connected to) to the root bridge are elected as non-designated ports and go into the blocked state

Module 3 – page 53

STP in Action:— Port Designations

y The port that belongs to the bridge with the lower bridge id will be elected as the designated port

If two non-root ports on the same bridge belonging to the same segment have the same least path cost to the root bridge and have the same bridge id, then y The port with the lower port id will be elected as the designated port

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

If both ports on a segment have equal cost to the root, then the bridge port with the lower bridge Id is elected as the designated port and the other port becomes a non-designated port

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

If the least path cost to the root bridge for non-root ports on a segment are the same, then

Module 3 – page 54

STP in Action: State 3— Port Designations

Path Cost 10

Designated Port

Root

Cost to Root 10

Root Port

Cost to Root 10

SEGMENTS

Leaf

D Host A Leaf Designated Ports

Host B

Leaf

Root Port

C Path Cost

NonDesignated Port

Designated Port Path Cost 10

Cost to Root 20 Cost to Root 12

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Note that in the Alcatel 7750 SR product line, the default is that STP is disabled. To summarize, three values are used in the STP port calculations:

Port priority (has a default value but is configurable)

Per interface cost (dependent on bandwidth but is configurable)

Port MAC address

Root port — Shortest path toward the root on a leaf, facing the root Designated port — Sends and receives frames on that segment Blocked port — Does not forward any frames

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Cost to Root 0 Path Cost 10

Module 3 – page 55

STP in Action: State 3 — Listening State

For war ded Tr

affic

BPDUs

ss Me

es ag

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

After STP has determined that the port will participate in frame forwarding, it puts the port into the listening state. While in the listening state, the port can perform the following functions:

Discard any frames it receives from an attached Ethernet segment

Discard any frames another port on the bridge/switch passes to it to forward

Does not update the FDB when it receives updated BIDs

Receives and processes BPDUs both from the link and from the bridge/switch

Receives and processes network management traffic

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Bridge/Switch

Module 3 – page 56

STP in Action: State 4 — Learning State

For war ded Tr

affic

BPDUs

ss Me

es ag

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Learning is the state that a port enters just before getting ready to participate in frame forwarding. The primary function is to incorporate MAC addresses in the FDB. In the learning state, the port does the following:

Discards frames received from an attached segment

Discards frames received from another port for forwarding

Updates its FDB with new address information

Receives and processes BPDUs both from the link and from the bridge/switch

Receives and processes network management traffic

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Bridge/Switch

Module 3 – page 57

STP in Action: State 5 — Final Forwarding Paths

Path Cost 10

A Root

Leaf

D Host A Leaf

Host B

Leaf

C Path Cost

Alcatel-Lucent Scalable IP Networks v1.1

Path Cost 10

Module 3 |

A port in the forwarding state forwards frames. It enters this state from the learning state. While in the forwarding state, the port can perform the following functions:

Forward any frames that it receives from an attached Ethernet segment

Forward any frames that another port in the bridge/switch passes to it to forward

Updates the FDB when it receives updated BIDs

Receives and processes BPDUs both from the link and from the bridge/switch

Receives and processes network management traffic

BPDUs are sent from the root to all the nodes including the PCs i.e host A and host B

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Path Cost 10

Module 3 – page 58

STP in Action: Topology Changes

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

A topology change occurs when a switch either moves a port into the Forwarding state or moves a port from the Forwarding or Learning states into the Blocking state. In other words, a port on an active switch comes up or goes down. The switch sends a TCN BPDU out its Root Port so that, ultimately, the Root Bridge receives news of the topology change. The switch continues sending TCN BPDUs every Hello Time interval until it gets an acknowledgment from its upstream neighbor. As the upstream neighbors receive the TCN BPDU, they propagate it on toward the Root Bridge and send their own acknowledgments. When the Root Bridge receives the TCN BPDU, it also sends out an acknowledgment. However, the Root switch sets the Topology Change flag in its Configuration BPDU, which is relayed to every other switch in the network. This is done to signal the topology change and cause all other bridges to shorten their bridge table aging times from the default (300 seconds) to only the Forward Delay value (default 15 seconds). This condition causes the learned locations of MAC addresses to be flushed out much sooner than they normally would, easing the bridge table corruption that might occur because of the change in topology. However, any stations that actively are communicating during this time are kept in the bridge table. This condition lasts for the sum of the Forward Delay and the Max Age (default 15 + 20 seconds).

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After spanning tree has converged, only a change in topology causes the algorithm to be run again. Topology change occurs when A switch moves a port from blocking into the forwarding state A switch moves a port from the forwarding/learning state into the blocking state Switch will generate a TCN BPDU (no data) out of its root port towards the root Every other switch on the way to the root will relay the TCN BPDU out its root port and send an acknowledge to the sending switch Root responds with a TC flag set in its BPDU towards the downstream switches

Module 3 – page 59

STP in Action — Topology Change (Breaking a Link)

Path Cost 10

A Root

Leaf Wait 20 seconds (Max age time)

I am the new root

D Host A Leaf Leaf BPDU

Host B

C Path Cost

Path Cost 10 BPDU

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Given the topology above, the following actions occur when the link between switches A and D has loss of traffic. 1. BPDUs are sent by the root bridge every 2 seconds. 2. When the link between A and D breaks, the root port on D will wait for the maximum age time (20 seconds) before deciding that the path between D and A is no longer operational. 3. During the maximum age time, the BPDUs received at C’s blocked port from D are discarded because C considers these BPDUs to be inferior. 4. After the maximum age time, D thinks it’s the new root and advertises the new BPDUs to C

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Path Cost 10

Module 3 – page 60

STP in Action — Topology Change (Breaking a Link)

A Root

Listen (15 seconds) Learn (15 seconds) Host A Leaf Leaf

BPDU

Host B

C Path Cost

Path Cost 10 BPDU

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Given the topology above, the following actions occur when the link between switches A and D has loss of traffic. 1. Switch C receives the BPDUs from D’s designated port and realizes that the D’s path to the root A switch is broken. It has a better view to the root A. 2. Switch C then cycles the blocked port to D through listening states when it relays bridge A’s BPDUs to D 3. Switch D obtains the A’s BPDU from C and coverts the port into a root port since this is its only path to root A and enters the listening state 4. Switch C and D’s ports then go through the learning state when data frames are now forwarded and MAC learning takes place. The total time required for convergence is: Max Age Time + Listening + Learning = 20 + 15 + 15 = 50 seconds

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Path Cost 10

Module 3 – page 61

STP in Action — Topology Change (Breaking Link; Port disable)

Path Cost 10

A Root

TBPDU

T BPDU

Leaf

D Host A Leaf Leaf TBPDU

Host B

C Path Cost

Alcatel-Lucent Scalable IP Networks v1.1

Path Cost 10

T BPDU

Module 3 |

Given the topology above, the following actions occur when the port on D is disabled Switch A and D will detect a port down since the port on D is explicitly disabled Switch D will remove its best BPDU it received from Switch A since its root port to A is down Switch D will normally try to send a TCN BPDU out of its root port but since its root port is down, will not do so Switch A will send a TBPDU (BPDU with T bit set) since its designated port is down out of its other designated port

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Path Cost 10

Module 3 – page 62

STP in Action — Topology Change (Breaking a Link; Port Disable)

A Root

Listen (15 seconds) Learn (15 seconds) Host A Leaf Leaf

BPDU

Host B

C Path Cost

Path Cost 10 BPDU

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Given the topology above, the following actions occur when the link between switches A and D has loss of traffic. Switch A being the root will generate a BPDU with the T bit set down to switch B, C and D Switch C does not receive any BPDUs from D and will now transition its blocked port to a designated port and go through the listening and the learning stages before setting it to forwarding The total time required for convergence is: Max Age Time + Listening + Learning = 15 + 15 = 30 seconds

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Path Cost 10

Module 3 – page 63

STP in Action — Topology Change (Adding a Switch)

BPDU

New Root BPDU

BPDU

Path Cost 10

New Leaf

New BPDUs sent

Pa th C

os t

BPDU

New switch E added

Leaf

B D

Leaf

BPDU

Host A Host B

Path Cost 10

Root

Leaf

C Path Cost

Alcatel-Lucent Scalable IP Networks v1.1

BPDU

Module 3 |

Path Cost 10

What happens when a new switch is added to the existing topology? In the figure above, a new switch E is added to the top right of the existing topology. This switch has a lower MAC address than the current root. The following actions occur: 1. As soon as switch E starts it thinks that it is the root, it then advertises BPDUs to neighboring switches A and D. 2. Switch A also sends BPDUs to E because A is still the root in the original topology. 3. Because E has a lower MAC address than A and its root bridge priority is the same as that of A, E becomes the new root and starts advertising BPDUs to all other switches in the topology. Note: In the figure above, the link between switch A and D no longer exists once switch E is added.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Priority - 16 MAC - 00-8021-00-00-05

Priority - 16 MAC - 00-80-2100-00-00

Module 3 – page 64

STP in Action — Topology Change (Adding a Switch)

Root

A Path Cost 10

Path Cost 10

Leaf Path Cost 10

Re-calculating topology New blocked port

Cost to Root 20

Cost to Root 10

Listen (15 seconds) Learn (15 seconds)

Host A Leaf

Host B Cost to Root 22

Leaf Cost to Root 20

Leaf

C Path Cost

Alcatel-Lucent Scalable IP Networks v1.1

Path Cost 10

Module 3 |

1. All other switches in the topology set their ports to the listening state followed by the learning state, in which no data traffic is forwarded. 2. After all BPDUs have converged and the roots and designated ports have been assigned, the switches transition their ports from the listening state to the learning state.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Cost to Root 10

Module 3 – page 65

STP in Action — Topology Change (Path Cost Change)

Path Cost 10

Root Leaf

Path Cost Change

D Host A Leaf

Host B

Leaf

C New Path Cost

Path Cost

Alcatel-Lucent Scalable IP Networks v1.1

New Path Cost Path Cost Module 3 |

2 10

In the figure above, the path between switches C and D is now the better path because the port costs between C and D are changed from 10 to 2.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Path Cost 10

Module 3 – page 66

STP in Action — Topology Change (Path Cost Change)

BPDU

Path Cost 10 BPDU

BPDU

Root Leaf

Path Cost Change Switch C receives BPDU With new costs

BPDU

Host A Leaf

Host B

Leaf

C Path Cost

Path Cost

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

In the figure above, the path between switches C and D is now the better path because the port costs between C and D are changed from 10 to 2. Switch C will now get BPDUs from the root A with different cumulative costs.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Path Cost 10

Module 3 – page 67

STP in Action — Topology Change (Path Cost Change)

Path Cost 10

Root Cost to Root 10

Path Cost Change

Cost to Root 10

Topology changed

D Host A Leaf

Listen (15 seconds)

Host B

Learn (15 seconds)

Leaf Leaf

C Path Cost

Path Cost

10 Cost to Root 20

Alcatel-Lucent Scalable IP Networks v1.1

Cost to Root 12

Module 3 |

In the figure above, the path between switches C and D is now the better path because the port costs between C and D are changed from 10 to 2. The following actions occur: 1. Switch C upon receiving BPDUs from the root A via B and D and realizes that the cumulative cost to the root has changed. It will therefore switch both its ports to the listening and the learning state 2. It will then decide that the cumulative cost to root A via B is more than the cumulative cost to root A via D. 3. The ports between C and D change to the forwarding state and the ports between B and C are now blocked.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Cost to Root 0

Path Cost 10

Module 3 – page 68

Spanning Tree Exercise

Priority - 16 MAC - 00-80-21-00-00-10 Priority - 16 MAC - 00-80-21-00-00-20

Priority - 16 MAC - 00-80-21-00-00-30

C 10 10

Priority - 16

MAC - 00-80-21-00-00-40

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

Steps to add Switch D to the existing Topology 1) Ports on switch D initialize on startup, D thinks it’s the root and 2) BPDUs are sent on each of the two ports and received from switches B and C simultaneously. Since a new port facing D has been turned on switches B and C, 3) Both B and C will send a TCN BPDU to the root out of their respective root ports and they will also forward A’s BPDU to the new switch D 4) Switch D upon receiving A’s BPDU realizes that it cannot be the root since A has a lower MAC address. It now has to transition both of its ports into designated ports 5) Switch D now obtains A’s BPDU from both B and C and therefore has to make a decision as to which port it needs to block. 6) Since both ports on D are equal cost away from the root, D examines the sender bridge’s id i.e. MAC address of B and MAC address of C in the BPDUs. 7) B’s MAC address is smaller, therefore D will block its port towards C. It will then transition its port towards B as a root port and go into the listening state. 8) In the meantime the TCN BPDU generated by B and C towards the root, will be acknowledged by the root A setting the TCA bit on its timely BPDU configuration messages 9) All switches upon receiving this BPDU will set their MAC database flush timer to 15 seconds from the original 300 seconds 10) The root port on D will now go into the learning state after the listening state where it will now receive all the end station data and finally the STP topology is converged

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Highlight the steps that will ensure that Switch D is added to the existing Bridge topology using STP

Module 3 – page 69

Section 3 â&#x20AC;&#x201D; Rapid Spanning Tree

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet Overview

What is RSTP?

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

The major advantage of RSTP over STP is rapid convergence: the network takes less than 5 seconds to converge to a forwarding topology. STP can take up to a minute for a similar-sized network. RSTP was the natural evolution of STP. As the demands on the network became more critical, the existing STP convergence time was no longer adequate. The terminology used with RSTP remains basically unchanged. Note that RSTP is disabled by default on all 7750 SR products.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

What is RSTP? Stands for rapid spanning tree protocol An evolution to the loop prevention algorithm (STP) from 802.1d New IEEE specification is 802.1w Achieves rapid failover and convergence times Unlike STP, RSTP is not timer-based Allows backward compatibility with 802.1d STP Why do we need RSTP? Network topology convergence is significantly faster than STP

Module 3 – page 71

STP vs. RSTP — Port States

RSTP port state

Part of active topology

Learning of MAC addresses

Disabled

Discard

Learning

Yes

Forwarding

Yes

Blocking Listening

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

In STP, the port states were confusing because STP mixed the state of the port (blocking or forwarding traffic) with the role it played in the topology (root port, designated port, or neither). For example, ports in the blocking state and listening state are operationally similar: they both discard frames and do not learn MAC addresses. In addition, when a port is in the forwarding state, there is no way to infer that it is a root or designated port.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

STP port state

Module 3 – page 72

STP vs. RSTP — Port Roles

Port states

STP port role (assigned by STP algorithm)

Forwarding

Root

Designated

Blocked

Backup

Blocked

Alternate

Blocking

Alcatel-Lucent Scalable IP Networks v1.1

RSTP port role (configurable)

Module 3 |

The major difference between STP and RSTP is that the port roles are configurable in RSTP, while in STP they were determined by the algorithm. This adds more time for the network topology to converge in STP when there is a change in the topology due to failure or redesign. In STP, the port roles were either forwarding or blocking. RSTP is granular when approaching the roles of the ports. The switch is now able to define which forwarding port is a root port or a designated port. The switch can also elect backup and alternate ports for faster recovery from a failure.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Role — A new variable assigned to a bridge port

Module 3 – page 73

Alternate Port

Designated Port

Root Port

Alternate Port

Root Port

Designated Port BPDU

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

The alternate and backup ports are blocking ports; however, they have been selected to be the ports that are turned on in the event of a failure. The alternate port resides on a different switch than the designated port.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Root

Module 3 – page 74

Backup Port

Designated Port

Root Port

Alternate Port

Root Port

Backup Port

Designated Port

BPDU

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

The alternate and backup ports are blocking ports; however, they have been selected to be the ports that are turned on in the event of a failure. The backup port resides on the same switch as the designated port.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Root

Module 3 – page 75

RSTP BPDU Format

Version (1 byte) Message type (1 byte) Flags (1 byte) Root ID ( 8 bytes)

Configurable

Path cost (4 bytes) Bridge ID (8 bytes) Port ID (2 bytes) Message age (2 bytes) Maximum age (2 bytes)

Configurable on root bridge

Hello time (2 bytes)

Bit 0 – Topology change Bit 1 – Proposal Bit 2, 3 – Port role 0 0 Unknown 0 1 Alternate/backup 1 0 Root 1 1 Designated Bit 4 – Learning Bit 5 – Forwarding Bit 6 – Agreement Bit 7 – Topology change ACK

Forwarding delay (2 bytes) Version 1 length (2 bytes)

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

In the slide above, only the shaded fields have been changed to support RSTP. As shown, the major change is with the Flags field. In STP, only bits 0 and 7 were identified. RSTP now makes full use of the entire octet. The message type is now 2, and the version is 2 (this allows 802.1w bridges to detect legacy 802.1d bridges).

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Protocol ID (2 bytes)

Module 3 – page 76

STP vs. RSTP — BPDUs

RSTP

BPDU handling

Non-root bridge only transmits BPDUs when it receives one on the root port

Bridge sends BPDU at hello time intervals

Aging

BPDU is aged after the max-age timer expires (and no BPDU is received on the port)

BPDUs are used like keepalive messages (after 3 BPDUs in a row are missed it ages it out)

Accepting inferior BPDUs

—

Inferior BPDU is accepted and previously stored information may be replaced

Transition to Based on timers (Forward Delay Uses a feedback mechanism (no and Max-Age) timers involved) forwarding state Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

BPDU handling — STP only generates a BPDU when it receives one on its root port. This is time-consuming as it renders bridges more as BPDU relayers than generators. This change in RSTP greatly improves BPDU handling efficiency. Aging — In RSTP, due to the way BPDUs are now handled, they can serve as keepalive timers from bridge/switch to bridge/switch. If 3 BPDUs are missed in a row, the bridge/switch considers either the direct neighbor or the designated bridge/switch as unreachable. This results in much faster failure detection. In STP, this would not be possible, and if the max age expires, the neighbor cannot be assumed to be down. It would only indicate that somewhere along the path from the port with the max age expired to the root bridge/switch, there is a failure. Accepting inferior BPDUs — This concept is new to RSTP and does not exist in STP. Inferior BPDUs are control information received on a switch that is older than the control information stored on the switch. Accepting inferior information from the designated or root bridge/switch means that the network can recover far more quickly from topology failures. Transition to forwarding state — This RSTP feature is the key factor in the improvement of topology convergence. This topic is covered in more detail on the next slide.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

STP

Module 3 – page 77

STP vs. RSTP — Topology

Topology change notification

Sends TCN BPDUs toward root

Sends BPDUs (with TC bit set) on all designated and root ports

Topology ACKs

Replies with BPDU with TCA bit set

No acknowledgement (clears MAC addresses on all ports)

Topology change

First sent to root bridge/switch, 1-step process (topology change then relayed from root all the flooded quickly across the way to the leaf bridge/switch network)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

RSTP

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

STP

Module 3 – page 78

RSTP Operation

DU BP

ex ch

BP DU

an ge

U BPD

BP DU

RP U BPD

DP BP DU

DU BP

3 BPDUs missing BPDU

BPDU With TC bit set

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

1. The link between C and E breaks 2. E doesn’t get 3 BPDUs in a row and realizes that its port to the root is broken 3. C also realizes that it hasn’t received 3 BPDUs in a row from E and concludes that there must be a topology change between C and E 4. It generates a BPDU with TC bit set and floods this out its root port. Switch B receives this BPDU and sends it out all its forwarding ports 5. All switches receiving this BPDU with the TC bit set send this out of all its forwarding ports 6. E now thinks it’s a root since it doesn’t process any BPDUs received from D. It then transitions its port to D into the forwarding state 7. It exchanges BPDU with D indicating to D that it is the root 8. D replies back with a BPDU indicating that it knows of a better root which is A 9. E then changes its port into a root port

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Root

Module 3 – page 79

Section 4 â&#x20AC;&#x201D; Virtual LAN

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet Overview

Switches and VLANs

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

On the 7750 SR and 7450 ESS there is no default VLAN for all ports to join. Other types of switches may have a default VLAN for ports that are not assigned to a particular VLAN.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A VLAN permits a group of ports to share a common broadcast domain regardless of physical location. A VLAN can reside on 1 switch or on many switches. Each VLAN is identified by a VLAN ID. Devices in different VLANs can only communicate with each other if the frame is first sent to a layer 3 device (a router).

Module 3 – page 81

Why VLANs?

100 Broadcast traffic as a percentage of network capacity Hierarchical networks

100

Network nodes Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

There are two main reasons for the development of VLANs: the amount of broadcast traffic and increased security. Broadcast traffic increased in direct proportion to the number of stations in the LAN. The goal of the VLAN is the isolation of groups of users so that one group is not interrupted by the broadcast traffic of another. VLANs also have the benefit of added security by separating the network into distinct logical networks. Traffic in one VLAN is separated from another VLAN as if they were physically separate networks. If traffic is to pass from one VLAN to another, it must be routed.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Flat networks

Module 3 – page 82

How Do VLANs Work?

Port 1 Internal switch VLAN 101

Port 5

Port 6

Port 2 Internal switch VLAN 102

Port 7 Port 3 Internal switch VLAN 103

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

In the figure above, VLANs subdivide the Ethernet switch into multiple switches. Note that there are no logical interconnections between these internal switches. Therefore, the broadcast traffic that is generated by a host in a VLAN stays within that VLAN, making the VLAN its own broadcast domain. Because broadcast traffic for a particular VLAN remains within that VLAN’s borders, inter-VLAN or broadcast domain communication must occur through a layer 3 device such as a router. Hosts are not VLAN-aware, and therefore no 802.1q configuration is required on the hosts. The VLAN configuration is done within the switch and ports are assigned on a VLAN-by-VLAN basis.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet switch

VLAN 101 VLAN 102 VLAN 103

Module 3 – page 83

VLAN Exercise

Broadca st

VLAN 102

VLAN 101

VLAN 102

Bro adc ast

VLAN 101

Host 2

Host 4

Switch 1

Host 1 sends out a broadcast. Which hosts will receive the broadcast?

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

In the figure above, Host 1 sends out a broadcast. Because Host 4 is the only other member of the VLAN, it is the only host to receive the broadcast. The FDB entries behave much the same way in the VLAN model as they do in the switch model: they are updated based on the source address. In the figure above, the source address of the broadcast frame is only learned by VLAN 101. VLAN 102 will not know the source address of Host 1 after Host 1 transmits its broadcast packet. Therefore, in a VLAN environment, a separate FDB is kept for each VLAN. In the example above, this means that VLAN 101 will never learn about Host 3 or Host 2 unless it is manually configured or interconnected at layer 3.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Host 3

Host 1

Module 3 – page 84

VLANs across Multiple Switches

Switch 1

Switch 2

Alcatel-Lucent Scalable IP Networks v1.1

Switch 3

Module 3 |

The standard that governs VLAN identification between switches (also known as tagging) is 802.1q. This standard stipulates that a 4-octet header/tag be inserted in the Ethernet frame between the source address and the type/length fields. Tags are the key component that allows 802.1q to function, and they are the method with which Ethernet frames can be associated with a VLAN segment.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

VLAN 101 VLAN 102 VLAN 103

Module 3 – page 85

VLANs over Multiple Switches

MAC FDB VLAN 101

Switch 1

MAC FDB VLAN 102

Separate Physical Interfaces

MAC FDB VLAN 103

MAC FDB VLAN 101 Switch 2

MAC FDB VLAN 102 MAC FDB VLAN 103

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

The sharing of VLANs between switches is achieved by the insertion of a header with a 12-bit VID, which allows for 4094 possible VLAN destinations for each Ethernet frame. A VID must be assigned for each VLAN. Assigning the same VID to VLANs on different connected switches can extend the VLAN (broadcast domain) across a network. The 802.1q standard works by inserting a 32-bit VLAN header into the Ethernet frame of all network traffic of the VLAN. The VID uses 12 bits of the 32-bit VLAN header. The switch then uses the VID to determine which FDB it will use to find the destination. After a frame reaches the destination switch port, the VLAN header is removed.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

VLAN 101 VLAN 102 VLAN 103

Module 3 – page 86

VLAN Trunking

MAC FDB VLAN 101

Switch 1

MAC FDB VLAN 102 MAC FDB VLAN 103

MAC FDB VLAN 101

Switch 2

MAC FDB VLAN 102 MAC FDB VLAN 103

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

VLAN trunking provides efficient inter-switch forwarding of VLAN frames. In the previous example, each VLAN required its own inter-switch connections to forward frames from one switch to another. VLAN trunking allows a single Ethernet port to carry frames from multiple VLANs. This allows the use of a single highbandwidth port, such as a gigabit Ethernet port, to carry the VLAN traffic between switches instead of multiple fast Ethernet ports. VLANs are separated within the trunk based on their VLAN IDs (Q tags). The FDB at the destination switch designates the destination VLAN for the traffic on the VLAN trunk.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

VLAN 101 VLAN 102 VLAN 103

Module 3 – page 87

VLAN Tagging

Preamble

SFD DA

VLAN Length tag /Type

P a y l o a d (46 to 1500 bytes)

FCS

Length of the MAC frame + 4 bytes 2 bytes

802.1q tag type (value 81 00)

3 bits

2 bytes

Tag control information

1 bit

User_priority

12 bits

VLAN_ID CFI (Canonical format: bit ordering ordering can be different)

Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

The VLAN header can be broken down into two parts: the VLAN tag type and the tag control information. The tag type is a fixed value that is an indicator of a VLAN tag. It indicates that the Length/Type field can be found a further 4 bytes into the frame. Because the frame is a Q-tag frame and is longer, it needs to indicate that the Length/Type field is offset from the traditional location by 4 bytes. The tag control information has three parts: Priority value — A 3-bit value that specifies a frames priority. CFI — A single bit. A setting of 0 means that the MAC address information is in its simplest form. Currently no other value is supported. VID — A 12-bit value that identifies the VLAN that the frame belongs to. If the VID is 0, the tag header contains only priority information.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

802.1q Ethernet Frame

Module 3 – page 88

VLAN Stacking — More VLANs

VLAN 10-300

VLAN 10-300 10-300

data

10-300

data

CE Customer 2

10-300

20 data

CE Customer 3

10-300

VLAN 10-300

data 10-300

200

10-300

data

10-300

data

CE Customer 2

Customer 1

VLAN 10-300 10-300

Customer 1

VLAN 10-300

data

VLAN 10-300

VLAN 20 10-300

Customer 2

data

VLAN 200 CE

Customer 3

VLAN 35 Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

A restriction of Ethernet VLANs is the limited number of VIDs. With 12 bits used to define the VID, there are only 4096 possibilities. Because VLAN 0 and 4095 are reserved, the PE is really only capable of supporting 4094 VLANs — not a significant number if it is compared with the expanding rates of networks. One of the solutions to this restriction is VLAN stacking, also known as Q-in-Q. VLAN stacking allows the service provider to use layer 2 protocols to connect customer sites. In the figure above, 3 customers are connected through a common switch using VLAN stacking. At the PE, the administrator has assigned a VLAN to represent the customer on that port. When the customer’s traffic arrives at the PE device, the PE switch simply inserts another VLAN tag in the frame. It is this second or stacked VLAN tag that takes the customer’s traffic through the provider’s network. At the egress port of the PE equipment, the second or stack VLAN tag is removed and the traffic forwarded out the port. This allows Customers 1, 2, and 3 to use the same VLAN tags in their network. In theory, the service provider can support 4094 customers, with each customer supporting 4094 VLANs within their network.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Customer 3

Customer 1

Module 3 – page 89

VLANs Stacking — More VLANs (continued)

VLAN Length tag /Type

P a y l o a d (46 to 1500 bytes)

FCS

Providers VLAN Tag 20 Customer VLAN Tag 100

VLAN VLAN Length tag tag /Type

Alcatel-Lucent Scalable IP Networks v1.1

P a y l o a d (46 to 1500 bytes)

Module 3 |

FCS

In the figure on the previous slide, Customer 1 has sent a frame to the PE switch with a VLAN tag of 100. The PE switch inserts a second VLAN tag of 20. This tag number represents Customer 1 traffic. The second tag keeps Customer 1 traffic separate from Customer 2 and 3 traffic and gives Customer 1 the ability to add 4095 more associated VLANs. The VLAN tag that is inserted by the provider is the VLAN tag that is used in the provider network. When the frame has reached the appropriate egress port, the provider’s VLAN tag is removed and the frame with the customer’s VLAN tag is forwarded out the egress port.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Customer VLAN Tag 100

Module 3 – page 90

Section 5 â&#x20AC;&#x201D; Multiple Spanning Tree Protocol

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Ethernet Overview

Multiple Spanning Tree Protocol (MSTP) What is MSTP? Why do we need MSTP? Differences: MSTP vs. STP Where to use MSTP y Example

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 3 – page 92

Multiple Spanning Tree Protocol

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

What is MSTP? An IEEE standard that allows more than one instance of STP A natural progression from RSTP, introduced in 2003 as part of 802.1s Why do we need MSTP? Allows load balancing of network between different sets of VLANs Allows a set of VLANs to run a single instance of the spanning tree while another set runs another instance of the spanning tree Some early versions of MSTP, before 802.1s, used a single STP instance per VLAN, which was very CPU-intensive. MSTP lowers CPU usage in these instances. Reduce overhead of BPDUs as otherwise they're sent for every VLAN Interoperability Scalabitility

Module 3 – page 93

Standard STP

Switch A

VLAN 1-500

Root

VLAN 501-1000 Leaf Leaf

R A

Switch C

Switch B Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

In a common spanning tree, all VLANs are mapped to the same spanning tree instance. This leads to under-utilized links and possible communication interruptions.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Port States D - Designated R - Root A - Alternate

Module 3 – page 94

MSTP

Switch A

VLAN 501-1000

VLAN 1-500

R D

R D A

D Switch C

Switch B Alcatel-Lucent Scalable IP Networks v1.1

Module 3 |

With MSTP, each VLAN or range of VLANs is mapped to a separate instance of STP. This allows for better utilization of the network. As shown in the figure above, MSTP permits multiple root switches in a network. In one instance of the spanning tree a port may be blocking, but another instance may use that port for forwarding.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Port States D - Designated R - Root A - Alternate

Module 3 – page 95

Module Summary

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Provided an overview of Ethernet and the various types of Ethernet frames Discussed the operation of an Ethernet switch and how MAC addresses are dynamically learned Discussed the concept and reasons behind STP Compared STP and RSTP Discussed the concepts of VLANs and why they are used Discussed VLAN stacking and why it is used Discussed the use of MSTP and how it can be used with VLANs

Module 3 – page 96

Learning Assessment

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1. What is the purpose of using a spanning tree protocol? A. Prevent routing loops B. Maintain redundant paths in a switched environment C. Build forwarding tables D. Prevent switching loops 2. The forwarding port leading away from the root bridge is known as what? A. Backup port B. Designated port C. Root port D. Alternate port 3. When would it be appropriate to use the multiple spanning tree protocol? A. When using VLANs B. In a simple switched network C. When crossing broadcast domains

Module 3 – page 97

Learning Assessment (continued)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 3 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

4. How is the root bridge/switch selected? A. Election process using the highest bridge ID B. Election process using the lowest bridge ID C. Election process based on the port priority D. Election process based on the port MAC address 5. When would CSMA/CD be invoked? A. When multiple hosts share the same medium B. When a single host is directly connected to a single switch port C. CSMA/CD is no longer used 6. What is the primary difference between STP and RSTP? A. Basically the same except RSTP is easier to install B. STP uses the concept of backup and alternate ports C. RSTP uses the concept of backup and alternate ports

Module 3 – page 98

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

www.alcatel-lucent.com

Module 4 â&#x20AC;&#x201D; IP Overview

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks

Module Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After successful completion of this module, you should be able to: Discuss the concept of IP address classes Calculate IP subnets Calculate variable length subnet masks Discuss the concept of CIDR Discuss the value of route summarization Calculate routing entries as a result of route summarization Conduct basic network design Configure and verify layer 3 interfaces on the 7750 SR and 7450 ESS switches

Module 4 – page 2

Section 1 â&#x20AC;&#x201D; IPv4 address

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Addressing

Internet Protocol

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

The Internet Protocol (RFC 791) provides services that are roughly equivalent to the OSI network layer. IP provides a datagram (connectionless) transport service across the network. This service is sometimes referred to as unreliable because the network does not guarantee delivery or notify the end host system about packets lost due to errors or network congestion. IP datagrams contain a message, or one fragment of a message, that may be up to 65 535 bytes (octets) in length. IP does not provide a mechanism for flow control. This is taken care of by the transport layer. IP supports a whole range of application protocols, such as ICMP, and ARP.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Packet-based protocol used to exchange information Equivalent to the OSI network layer Provides addressing, fragmentation, reassembly, and protocol demultiplexing Enables the routing of information

Module 4 – page 4

IPv4 Packet

Module 4 |

Version — Always set to the value 4, which is the current version of IP IHL — IP Header Length: Number of 32-bit words forming the header, usually five ToS, now known as DSCP — Usually set to 0, but may indicate particular QoS needs from the network. The DSCP defines the way routers should queue packets while they are waiting to be forwarded Size of Datagram — In bytes, the combined length of the header and the data Identification — 16-bit number that, together with the source address, uniquely identifies this packet; used during the reassembly of fragmented datagrams Flags — Sequence of three flags (one of the four bits is unused) used to control whether routers are allowed to fragment a packet (i.e., the Don't Fragment [DF] flag), and to indicate the parts of a packet to the receiver Fragmentation Offset — Byte count from the start of the original sent packet, set by any router that performs IP router fragmentation Time To Live — Number of hops/links that the packet may be routed over, decremented by most routers (used to prevent accidental routing loops) Protocol — SAP that indicates the type of transport packet being carried (e.g., 1 = ICMP, 2= IGMP, 6 = TCP, 17 = UDP) Header Checksum —1s complement checksum inserted by the sender and updated whenever the packet header is modified by a router. Used to detect processing errors introduced into the packet inside a router or bridge in which the packet is not protected by a link-layer cyclic redundancy check. Packets with an invalid checksum are discarded by all nodes in an IP network. Source Address — IP address of the original sender of the packet Destination Address — IP address of the final destination of the packet Options — Not normally used, but when used, the IP header length is greater than five 32-bit words to indicate the size of the options field

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 – page 5

IPv4 Addressing

IP address example: 192.168.2.100

Binary equivalent: 11000000.10101000.00000010.01100100

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

An IP address is 32 bits long and is in binary format, normally expressed by four decimal numbers. Each decimal number is separated by a dot. This format is called dotted-decimal notation. The dotted-decimal format divides the 32-bit IP address into four octets of 8 bits each. These octets specify the value of each field as a decimal number, as shown in the slide above. The range of each octet is from 0 to 255.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

An IP address is a unique L3 identifier of computers, routers, and devices in an IP network. The 32-bit address is in dotted-decimal format, with each octet separated by a period.

Module 4 – page 6

IPv4 Addressing (continued)

Host Number

Network Number

Network Prefix

Alcatel-Lucent Scalable IP Networks v1.1

Host Number

Module 4 |

The first part of an IP address identifies the network that a host would reside in. The second part of an IP address identifies an individual host inside that network. This creates a two-level hierarchy, as shown in the slide above. All hosts in a given network share the same network prefix. However, the host numbers must be unique to each host. Conversely, hosts with different network prefixes may share the same host number. Note: The size of the network/host portions can be adjusted, as shown in the following slides.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

32 Bits

Module 4 – page 7

IPv4 Address Classes

7 8 Host

Class B

Network

15 16 Network

Class C

11 0

31 Host

Network

32 bits

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

When addresses were first being assigned, it was decided that, to provide some form of flexibility to support the various sizes of networks that were being implemented, the IP address space be divided into classes. The classes were defined as Class A, Class B, and Class C. This is referred to as classful addressing because the address space is split into predefined sizes. As shown above, each class defines the boundary between the network and host at a different octet within the 32-bit address. Class A (1 to 126) — A Class A network has an 8-bit network prefix and, as shown above, the highest-order bit is always set to 0. This allows for a maximum of 128 networks that can be defined; however, 2 out of the 128 networks are reserved. The 0.0.0.0 network is reserved for default routes, and the 127.0.0.0 network is reserved for loopback functions. Class B (128 to 191) — A Class B network has a 16-bit network prefix and, as shown above, the two highest-order bits are always set to 10. A maximum of 16 384 networks can be defined. Class C (192 to 223) — A Class C network has a 24-bit network prefix and, as shown above, the three highest-order bits are always set to 110. A maximum of 2 097 152 networks can be defined. Classes D (224 to 239) and E (240 to 255) — Class D is used for multicast addresses (used in applications such as OSPF), and Class E is used for scientific purposes. The concept of classes never envisioned the enormous growth of the Internet. Many of the addressing problems can be traced back to this early classification of the IP address space.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Class A

Module 4 – page 8

Unique IP Addressing

172.16.0.1

Hosts

172.5.0.4

Network

Hosts 172.16.0.2

192.168.0.1 Network 172.5.0.3

192.10.0.4 10.0.0.2

10.0.0.1

192.10.0.3

172.5.0.2

192.10.0.2 Network 172.5.0.1

Network 192.10.0.1

Each node that uses the TCP/IP protocol suite has a unique 32-bit logical IP address. Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

A router’s function is to separate broadcast networks. In the figure above, each router is connected to 2 or 3 networks via 2 or 3 interfaces. Every interface is identified by an IP address. The interfaces in the same network belong to the same network prefix or network class. There are 5 networks in the figure above: Class C

192.168.0.0 192.10.0.0

Class B

172.5.0.0 172.16.0.0

Class A

Scalable IP Networks v1.00

10.0.0.0

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

192.168.0.2

Module 4 – page 9

IP Global Address Assignments

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

Under the current IP addressing scheme (often known as IPv4, eventually to be replaced by IPv6), the address space is divided into two types: public address space and private address space. Understanding the difference is important and useful for a network administrator, especially if your organization is connected to the Internet. All of the public address space (IP addresses) that are routable via the Internet are managed by one of the three RIRs. Each RIR is responsible for a geographic region. (Don't confuse RIRs with the InterNIC [http://www.internic.net] and its designated registrars, such as Network Solutions, Inc. They handle domain name registration, not address registration.) The IANA distributes IP addresses to the RIRs. You must request address space, and IANA will either grant or deny your request. Alternatively, you can request the address space from your ISP (who then, in turn, allocates from its ARIN-allotted address space, or makes the request on your behalf). This system preserves address space and provides a central authority to prevent address-space collisions. When you are using a public address, you can send to and receive from all (non-broken) parts of the Internet. This means that all routers on the Internet have an idea about how to route your IP address toward you. Because of this, not all address space is portable. If you own your address space, you can authorize an ISP to route it for you, but there is a chance that when you change providers or locations, it will no longer be possible to route your IP addresses to the new location. (You might, therefore, want to check before you travel with your address space.) IANA has reserved the following three blocks of the IP address space for private internets (local networks): 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 In addition, IP addresses in the range of 169.254.0.0 to 169.254.255.255 are reserved for automatic private IP addressing. These IP addresses should not be used on the Internet.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Global addressing is provided by IANA. Major organizations of the world all have specific address assignments. Address assignments are available at RFC 1466 http://www.iana.org/assignments/ipv4-address-space. The Alcatel IP address assignment is 138.120.0.0. The addresses assigned by IANA are also referred to as public addresses. In addition, IANA reserves some addresses (referred to as private addresses) to be used in private networks.

Module 4 – page 10

IPv4 Addressing (Unicast/Broadcast)

y Example: 139.120.200.25

“Broadcast address” refers to all IP addresses in the broadcast domain. A routing update from a source to all hosts in a broadcast domain (such as Ethernet) is referred to as a broadcast update. The destination IP address in the update contains the network number and all 1s for the host address. y Example: 138.120.255.255 specified in the destination IP header of a packet ensures that the packet will be delivered to all hosts in the 138.120.0.0 network. Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

“Unicast address” refers to a specific IP address. A routing update from source to a specific destination address is referred to as a unicast update. This update is usually delivered to a single host or a single interface on the router.

Module 4 – page 11

IPv4 Addressing (Multicast/Anycast)

Anycast address Any source or destination address but do not uniquely identify a host Updates are sent to the nearest host or service No specific address ranges for anycast addresses Supported differently in IPv6

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Multicast address Used to address a group of hosts Reserved addresses are used for specific applications (224.0.0.0 to 239.255.255.255)

Module 4 – page 12

Section 2 â&#x20AC;&#x201D; Subnet Introduction

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Addressing

Subnetting

15 16

31 Host

Network

23 24

31 Host

Subnet

Introduces an additional level of hierarchy in addressing. Without subnetting, there are the network and host portions. With subnetting, there are the network, subnetwork, and host portions. Host space is now more efficiently used. For example, with one network address, 6 or more subnetworks can be created. Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

There are three main problems with classful addressing. Lack of Internal Address Flexibility — Big organizations are assigned large, monolithic blocks of addresses that do not match the structure of their underlying internal networks well. Inefficient Use of Address Space — The existence of only three block sizes (Classes A, B, and C) leads to waste of limited IP address space. Proliferation of Router Table Entries — As the Internet grows, more and more entries are required for routers to handle the routing of IP datagrams, which causes performance problems for routers. Attempting to reduce inefficient address space allocation leads to even more router table entries. As shown in the slide above, these problems were resolved by adding another layer of hierarchy to the addressing structure. Instead of being a simple two-level hierarchy, that defines the network prefix and host number, a third level was introduced that defines a subnet number. Adding a third level allowed network administrators the flexibility to manage their current network address in a manner that best suited their needs by assigning a distinct subnet number for each of their internal networks.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Class B

Module 4 – page 14

Subnet Masking

A subnet mask is a 32-bit number that accompanies an IP address. The mask indicates the network and the subnet. Boolean logic is performed to differentiate the network and subnet. In a subnet, the first and last IP addresses are reserved. The first address is the subnetwork. The last address is reserved as a broadcast address for the subnetwork.

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

A subnet mask is a 32-bit binary number that accompanies an IP address. It is created so that it has a one bit for each corresponding bit of the IP address that is part of its network ID or subnet ID, and a zero for each bit of the IP address’s host ID. The mask thus tells TCP/IP devices which bits in the IP address belong to the network ID and subnet ID, and which are part of the host ID.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Q. How do you identify the subnet portion of a network? A. With the concept of subnet masking.

Module 4 – page 15

Subnet Masking (continued)

IP address

11000000.10101000.00000010.10000100

Subnet mask

11111111.11111111.11111111.10000000 equals 11000000.10101000.00000010.10000000 192.168.2.128 192.168.2.0 192.168.2.128 192.168.2.129 to 192.168.2.254

LOGICAL AND

Subnetwork Network Class C Subnetwork Host range Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

The subnet mask of 255.255.255.128 has been chosen arbitrarily and is applied to the IP address of 192.168.2.132, which is a Class C address. This subnet mask splits the Class C network of 192.168.2.0 into two subnetworks, each with 127 hosts. Using another IP example of 192.168.2.100, after applying the Boolean logic as shown above, we have the Class C network, which is always 192.168.2.0, and the subnetwork with 192.168.2.0, with the host range of 192.168.2.0 to 192.168.2.127. Note that, although the subnet and the network have the same network prefix, they are essentially different. A network with 192.168.2.0 with no subnet mask has a host range of 192.168.2.0 to 192.168.2.25. As seen in the next slides, a network of 192.168.2.0 can be referred to as a network with 192.168.2.0 with a subnet mask of 255.255.255.0.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Address Example: 192.168.2.132 (Class C) What is the network and what is the subnet? Let’s assume a subnet mask of 255.255.255.128 (32-bit value). Rewriting the IP address and subnet mask as binary and applying Boolean logic:

Module 4 – page 16

Subnet Masks

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

All possible subnet masks are as follows:

128.0.0.0

192.0.0.0

255.255.192.0

224.0.0.0

255.255.224.0

240.0.0.0

255.255.240.0

/20

248.0.0.0

255.255.248.0

/21

252.0.0.0

255.255.252.0

/22

254.0.0.0

255.255.254.0

/23

255.0.0.0

255.255.255.0

/24

255.128.0.0

255.255.255.128 /25

255.192.0.0

/10

255.255.255.192 /26

255.224.0.0

/11

255.255.255.224 /27

255.240.0.0

/12

255.255.255.240 /28

255.248.0.0

/13

255.255.255.248 /29

255.252.0.0

/14

255.255.255.252 /30

255.254.0.0

/15

255.255.255.254 /31

255.255.0.0

/16

Scalable IP Networks v1.00

255.255.128.0

/17 /18 /19

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

An IP address is usually associated with a subnet mask IP:192.168.2.132 with a subnet mask of 255.255.255.128 IP:192.168.2.132 with a subnet mask of 255.255.255.0 Another denotation for subnet masking is using /x, where x represents the number of 1s in the subnet mask 255.255.255.0 can be referred to as /24, as in 24 1s 255.255.255.128 can be referred to as /25, as in 25 1s IP:192.168.2.132/24 implies a subnet mask of 255.255.255.0

Module 4 – page 17

All 0 and All 1 Subnet

Subnet 0 192.168.1.0/27

11000000.10101000.00000001.00000000 All 0 subnet

Subnet 1 192.168.1.32/27

11000000.10101000.00000001.00100000

Subnet 2 192.168.1.64/27

11000000.10101000.00000001.01000000

Subnet 3 192.168.1.96/27

11000000.10101000.00000001.01100000

Subnet 4 192.168.1.128/27

11000000.10101000.00000001.10000000

Subnet 5 192.168.1.160/27

11000000.10101000.00000001.10100000

Subnet 6 192.168.1.192/27

11000000.10101000.00000001.11000000

Subnet 7 192.168.1.224/27

11000000.10101000.00000001.11100000 All 1 subnet 27 bits

What is the difference between 192.168.1.0/24 and 192.168.1.0/27? Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

When subnetting first came about, the use of the all 0 and all 1 subnet was forbidden. That meant that when doing your subnet calculations, you had to subtract two subnets, and all host addresses associated with them, from your network. The reason why these subnets were restricted was because of the older classful routing protocols, such as RIPv1. These addresses could cause confusion in a router that ran a classful protocol. In the all 0 subnet, for example, a router must be able to transmit its routing updates with the route/prefix so that a receiving router can differentiate between the new 192.168.1.0/27 subnet and the 192.168.1.0/24 base network addresses. Without being able to understand these prefix lengths, a router would not be able to understand the difference between the base network and the all 0 subnet. With the all 1 subnet, a router also needs to understand the prefix length so that it can determine if a broadcast should be sent to the all 1 subnet or to the entire network. If the router does not understand the prefix length, it does not know if the broadcast 192.168.1.255 would be sent to the all 1 subnet or to all hosts in all subnets.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Given a network 192.168.1.0 and subnet mask of /27, what are the possible subnets and hosts?

Module 4 – page 18

Calculating Host Addresses

11000000.10101000.00000001.00000000 All 0 host

Host address 1 192.168.1.1/27

11000000.10101000.00000001.00000001

Host address 2 192.168.1.2/27

11000000.10101000.00000001.00000010

…………………………. Host address 29 192.168.1.29/27

11000000.10101000.00000001.00011101

Host address 30 192.168.1.30/27

11000000.10101000.00000001.00011110

Host address 31 192.168.1.31/27

11000000.10101000.00000001.00011111 All 1 host

Example: Find all hosts in subnet address

192.168.1.96/27

Total number of hosts

First host

192.168.1.96+1/27

192.168.1.97/27

Tenth host

192.168.1.96+10/27

192.168.1.106/27

Last host

192.168.1.96+30/27

192.168.1.126/27

Broadcast address

192.168.1.96+31/27

192.168.1.127.27

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

The assigned host address field of a subnet cannot contain all 0s or all 1s. The host number of all 0s is reserved for the network address while the host number of all 1s is reserved for the broadcast address for that network or subnet. In the example above, 5 bits are used for the host address field. Using the formula of 25 – 2 = 30, there are 30 assignable host addresses in this subnet. This means that each of the subnets that were created can support a maximum of 30 hosts. In the example above, defining the host address for the tenth host in the subnet is relatively simple: you simply take the host bits and place them in the bit pattern that represents 10 or 01010. This gives the host address of 192.168.1.10/27. If one of the other subnets were used (for example, 192.168.1.96/27), defining the host address is a little more difficult; however, the concept remains the same. Given a subnet address of 192.168.1.96/27 to define the tenth host address, the host bits are once again arranged in the bit pattern that represents 10 or 01010. This is then added to the network address of 192.168.1.96/27 to give the host address of 192.168.1.106/27. To define the broadcast address for this network, the host bits would be all set to 1 or 11111. This is the binary representation of 31, so 31 would be added to the network address of 192.168.1.96, giving a broadcast address of 192.168.1.127/27 for this particular subnet.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Host address 0 192.168.1.0/27

Module 4 – page 19

Extended Network Prefix

y For example: A Class A IP address of 10.0.0.0 can be referred to as network 10.0.0.0/8, where /8 implies a subnet mask of 255.0.0.0, or network 10.0.0.0/16, where /16 implies a subnet mask of 255.255.0.0, in which case the 10.0 is the extended network prefix. y Similarly, an IP address of 138.120.24.253/25 has an extended network prefix of 138.120.24.128.

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

Routers use the network prefix of the destination IP address to route the traffic to a subnetted environment. Routers in the subnetted environment use the extended network prefix to route traffic between the individual subnets. The extended network prefix is a combination of the network prefix and the subnet number. The extended network prefix was originally defined by the subnet mask, as shown in the slide above. When the bits in the subnet mask are set to 1, the router examining the address treats the corresponding bits in the destination IP address as part of the network address. The bits in the subnet mask that are set to 0 define the host portion of the address. The more modern protocols, such as OSPF, ISIS, and BGP, allow the extended network prefix to be represented by a decimal number that indicates the length of the subnet mask, as shown above. This number represents the number of contiguous 1s in the subnet mask. It should be understood that this concept of representing the prefix length with a decimal number is strictly for the convenience of the user. The protocol still carries the four octet subnet mask in its routing updates.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Class-based addressing for IP addresses is not required and is seldom used today. Subnetting is very common for IPv4 addresses, and all network addresses supported by modern protocols expect a subnet mask. Because any subnet mask can be applied to any IP address, a network address can be referred to by a prefix with a subnet mask.

Module 4 – page 20

Subnet Design Considerations

Subnet 4

Subnet 6 1. How many subnets required now?

Subnet 3 Subnet 9

2. How many subnets in the future? 3. How many hosts in the largest

Subnet 7

subnet? 4. How many hosts will be in the subnet in the future?

Subnet 5

Alcatel-Lucent Scalable IP Networks v1.1

Subnet 8

Module 4 |

An addressing plan requires careful planning and consideration for future requirements. The network administrator cannot just look at the existing infrastructure in the assignment of addresses but must take into account future growth of hosts of all the subnets as well as future growth in the number of subnets that will be required. The first planning step is to define the number of subnets that are required. In the example above, there is a requirement for nine subnets; therefore, 23 or 8 subnets would not meet the requirement. To meet this requirement, the administrator must plan for 24 or 16 subnets. This now leaves room for future expansion. The next step is to ensure that there is enough host space available to meet the requirements of the largest subnet. If the largest subnet required 35 hosts, a 26- or 64-host space must be used. This size would also leave room for expansion. After the design is completed, the administrator must ensure that the organization’s allocated IP address space is sufficient to meet current as well as future needs.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Subnet 2 Subnet 1

Module 4 – page 21

Subnet Example

Subnet 3

Subnet 2

20 host addresses 2. Network IP address is 192.168.1.0/24

Subnet 4

Subnet 6 Subnet 5

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

First the administrator must identify the bits required to provide the six needed subnets. Because the address is a binary address, the boundaries for the subnets are base on the power of 2. In the example above, the administrator would require 3 bits of the existing host address to provide the necessary subnets: 23 = 8 available subnets. This would give the subnets an extended prefix of 27 bits. The 4-octet subnet mask would appear as 255.255.255.224. This would leave 5 bits of the last octet for host addresses. The calculation for usable or assignable host addresses is 2n – 2, or in this case 25 – 2. The reason why 2 host addresses must be subtracted from the total is because the host address 00000 (all 0s) is reserved for the network address and the host address of 11111 (all 1s) is reserved for the broadcast address of the subnet. In the example above, the base address is 192.168.1.0/24. With the subnet extended prefix defined above, the administrator would have the following subnets, with each subnet supporting 30 hosts: 192.168.1.0/27

192.168.1.32/27 192.168.1.64/27

192.168.1.96/27 192.168.1.128/27192.168.1.160/27 192.168.1.192/27192.168.1.224/27

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1. Subnet 2, the largest subnet, requires Subnet 1

Module 4 – page 22

Section 3 â&#x20AC;&#x201D; Variable Length Subnet Mask

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Addressing

Variable-Length Subnet Mask

In this scenario there are 5 networks; we can therefore generate our subnets with a /27 mask as follows: 192.168.10.0/27

192.168.10.128/27

192.168.10.32/27

192.168.10.160/27

192.168.10.64/27

192.168.10.192/27

192.168.10.96/27

192.168.10.224/27

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

When an IP network is assigned more than one subnet mask, it is considered to be a network with variable-length subnet masks—i.e., the extended prefixes that are used are not all the same for each subnet. VLSM is a more efficient use of the allocated IP address space. Instead of being locked into a single subnet prefix, VLSM allows the administrator to tailor the size of the subnets to meet the host requirements. For example, the figure above shows one of the subnets being further subdivided into /30 subnets. These work well for point-to-point links used between routers, for which only two host addresses are required.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Given a network of 192.168.10.0/24, generate subnetworks to address each of the networks below:

Module 4 – page 24

VLSM (continued)

192.168.10.96/27

192.168.10.0/27

192.168.10.32/27

192.168.10.64/27

192.168.10.128/27

Each of the above subnets supports 30 hosts. However, the link between the routers is a point-to-point link and only requires 2 host addresses. The broadcast networks attached to a switch could require 60 hosts each but are limited by 30 hosts. How do we rectify this situation? Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

The following subnetworks have been assigned randomly:

Module 4 – page 25

VLSM (continued)

192.168.10.0/26 192.168.10.64/26 192.168.10.128/26 192.168.10.192/26 (all with 62 hosts each)

This is not enough to represent five networks, but take subnetwork 192.168.10.192/26 and apply /30 to it. 192.168.10.192/26 can then be divided into: y 192.168.10.192/30 y 192.168.10.200/30 y 192.168.10.208/30

192.168.10.196/30 192.168.10.204/30 192.168.10.212/30 and so on..

Any one of the above addresses can be used to represent pointto-point links between the routers. Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

When developing a VLSM design, the network administrator must take into consideration the same questions that were asked when doing the traditional subnet design. At each level, the administrator must ensure that there are enough bits available for expansion. If the networks are spread out over a number of different sites, the administrator must ensure that enough bits are used to support those sites and any future sites that may be deployed. In addition, the administrator must envision how each site may further subdivide their network to support the sub-subnets in the site itself. Development of this hierarchical addressing scheme requires careful consideration and planning. The network must recursively work its way down so that each level has enough space in the host address to support each requirement. If this hierarchical scheme is planned correctly before deployment, the multiple networks can then be aggregated into a single address that will help to reduce the number of routing entries in the backbone routers.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Assign variable-length subnet masks to the network. Use a different mask (e.g., use /26 for 192.168.10.0/24). The total number of subnetworks generated are:

Module 4 – page 26

VLSM Requirements

Subnet 4

Subnet 6 Subnet 3 Subnet 9

Subnet 7

Subnet 5

Alcatel-Lucent Scalable IP Networks v1.1

Subnet 8

Module 4 |

VLSM brings about a new set of challenges: how the different subnets and their various extended prefixes get advertised throughout the network This requires the use of more modern routing protocols. The routing protocol used must be able to satisfy the following:

The routing protocol must be able to carry the extended prefixes with each subnet advertised.

The routers themselves must make forwarding decisions based on the longest match.

The routing protocol must be able to perform summarization to support route aggregation.

Routing protocols such as OSPF and IS-IS support the use of VLSM. RIPv1 does not support the use or deployment of VLSM; however, RIPv2 does support the use of VLSM.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Subnet 2 Subnet 1

Module 4 – page 27

VLSM Example 1

Subnet 4 172.16.96.0/19

• It requires 5 subnets each needing at least 2000 hosts

Subnet 3 172.16.64.0/19

Subnet 2

Subnet 5

172.16.32.0/19

172.16.128.0/19

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

In the example above, the organization is assigned the network IP address of 172.16.0.0/16, and it plans to design and deploy a VLSM network. Five subnets are required each with a requirement of 2000 hosts. In typical Class B fashion, there is only 1 network with 65 534 hosts, and this is represented by the last 16 bits. We need 5 networks. Using some of the default Class B host bits should give us the required networks. Option 1: Using 2 bits out of 16 gives us 22 = 4 networks and 214 = 16 384 hosts Option 2: Using 3 bits out of 16 gives us 23 = 8 networks and 213 = 8192 hosts Option 3: Using 4 bits out of 16 gives us 24 = 16 networks and 212 = 4096 hosts Option 2 or 3 can be used, but because only 5 networks are required, option 2 is the best choice here. However, if the network is bound to grow with no more than 4000 hosts ever in any given subnet, option 3 might be better because the network has been designed for 16 subnets.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Subnet 1 172.16.0.0/19

• In this example, the service provider is allocated and address of 172.16.0.0/16

Module 4 – page 28

VLSM Example 2

Subnet 3f Subnet 3a

172.16.95.0/24

Subnet 3

172.16.64.0/20

172.16.64.0/19

Subnet 3e

Subnet 3b

172.16.94.0/24

172.16.80.0/21 Subnet 3c

Subnet 3d

172.16.88.0/22

172.16.92.0/23

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

In the example above, subnet 172.16.64.0/19 has been isolated and is now going to be further subdivided to support the six subnets that are located in the local campus. The total number of hosts supported in the /19 network is 8190. This can be further subdivided into more subnetworks with a smaller number of hosts. If the requirement is to have six unequal subnets, one option is as follows: 172.16.64.0/20

212

–2

4094

172.16.80.0/21

211

–2

2046

172.16.88.0/22

210

–2

1022

172.16.92.0/23

–2

510

172.16.94.0/24

–2

254

172.16.95.0/24

–2

254

Note that the sum of all valid hosts is 8180. This is because by dividing further, two addresses are reserved for the subnetwork number and broadcast number for each. The use of VLSM allows flexibility in the design of networks. Not all subnetworks or networks require the same number of hosts.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

The service provider has the IP address 172.16.0.0/16 and has a subnet, 172.16.64.0/19 which must be further subnetted into 6 subnets supporting different numbers of hosts

Module 4 – page 29

VLSM Exercise

Divide the address space into the subnets as shown in the diagram below

Subnet 2

Subnet 1

Subnet 3

Subnet 2d

Subnet 2a Subnet 2b

First host

Last host

Alcatel-Lucent Scalable IP Networks v1.1

Subnet 2c

Broadcast Module 4 |

In the figure above, the administrator is tasked with taking the base address and subnetting it to support three subnets. Then the second subnet must be further subdivided to support four subnets. The administrator must then define the first, last, and broadcast addresses for the second sub-subnet. Subnet 1 network address ______________________ Subnet 2 network address ______________________ Subnet 3 network address ______________________ Subnet 2a network address ______________________ Subnet 2b network address ______________________ Subnet 2c network address ______________________ Subnet 2d network address ______________________ Subnet 2b First host address ___________________ Last host address ___________________ Broadcast address __________________

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

The base network address is 138.120.0.0/16.

Module 4 – page 30

VLSM Exercise (continued)

IP subnet addresses

20 Users B 18 Users C

20 Users D Corporate HQ 18 Users E 25 Users F Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

In the figure above, the administrator is tasked with taking the base address and subnetting it to support six subnets, ensuring that each subnet will support its host requirements. The next task for the administrator is to take one of the subnets and further subdivide it to support the point-topoint links that join the subnet routers to the main router.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Using 10.10.10.0/24, provide

25 Users

Module 4 – page 31

VLSM Exercise (continued)

HQ Æ A ________________________ HQ Æ B ________________________ HQ Æ C ________________________ HQ Æ D ________________________ HQ Æ E ________________________ HQ Æ F ________________________ Router A LAN ________________________ Router B LAN ________________________ Router C LAN ________________________ Router D LAN ________________________ Router E LAN ________________________ Router F LAN ________________________

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Given the IP address, use VLSMs to extend the use of the address. Provide a possible address for:

Module 4 – page 32

Section 4 â&#x20AC;&#x201D; Classless Inter-Domain Routing

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Addressing

Classless Inter-Domain Routing

10.10.1.0/24 Router A

Router B

. . 10.10.254.0/24

Routing Table 10.10.0.0/24 10.10.1.0/24 . .

10.10.255.0/24

. 10.10.255.0/24

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

With the rapid expansion of the Internet, IPv4 addresses were quickly becoming exhausted, and the sizes of routing tables were expanding exponentially. The response to these problems was the development and adaptation of CIDR. CIDR eliminated the concept of address classes and replaced it with the concept of network prefixes. Rather than the first 3 bits defining the network mask, the network prefix now defines the network mask. This prefix mask is a method of defining the leftmost contiguous bits in the network portion of the routing table entry. By eliminating the concept of address classes, CIDR allowed for a more efficient allocation of the IP address space. In addition, CIDR supports the concept of route aggregation, thus allowing a single route entry to represent multiple networks.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

10.10.0.0/24

Module 4 – page 34

Route Aggregation Router A

10.15.24.0/24

Router B

Route Table 10.15.24.0/21

10.15.25.0/24 10.15.26.0/24 10.15.27.0/24 10.15.28.0/24 10.15.29.0/24 10.15.30.0/24 10.15.31.0/24

Common bit pattern

Common

Network

Line (/21)

Line (/24)

10.15.24.0/24

00001010 . 00001111 . 00011 000 . 00000000

10.15.25.0/24

00001010 . 00001111 . 00011 001 . 00000000

10.15.26.0/24

00001010 . 00001111 . 00011 010 . 00000000

10.15.27.0/24

00001010 . 00001111 . 00011 011 . 00000000

10.15.28.0/24

00001010 . 00001111 . 00011 100 . 00000000

10.15.29.0/24

00001010 . 00001111 . 00011 101 . 00000000

10.15.30.0/24

00001010 . 00001111 . 00011 110 . 00000000

10.15.31.0/24

00001010 . 00001111 . 00011 111 . 00000000

Alcatel-Lucent Scalable IP Networks v1.1

All possible combinations are contained within the network line and the common line.

Module 4 |

As was discussed in the VLSM section, address planning is extremely important when subnets are first deployed. The subnets should be deployed so that they support the concept of aggregation, and when aggregation or summarization is applied all subnets can be represented by as few entries as possible in the route table. In the slide above, Router A supports eight different subnets with a /24 prefix. Rather than advertising all eight subnets, the administrator has decided to implement route aggregation. To see what network address or addresses will be advertised from Router A to Router B, the administrator has decided to calculate what the new network prefix or prefixes should be. First, define the octet that will be manipulated by the aggregation. In this case, it is the third octet. Next, identify the original network prefix (/24), then look to the left of the prefix line and identify the area where all the addresses have the same bit pattern. Draw a line down that portion. Look in-between these two lines and ensure that all possible bit patterns are contained between the two lines. If this is the case, you can then summarize those bit patterns into (in this example) a /21 mask.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Route Table

Module 4 – page 35

Route Aggregation Exercise

10.15.1.96/28 Router 1

Router 2

10.15.1.64/28

10.15.1.112/28

Given the information on the slide, what summarized route or routes will be advertised to Router 2 from Router 1?

10.15.1.80/28 10.15.1.48/28

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

In the figure above, the administrator is going to be using route aggregation on Router 1. What route or routes will be advertised to Router 2?

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

10.15.1.32/28

Module 4 – page 36

CIDR and VLSM

VLSM Customer

Alcatel-Lucent Scalable IP Networks v1.1

ISP

Module 4 |

When you first look at CIDR and VLSM, they seem to both provide the same function and they are very similar. The difference between the two is how they appear to the Internet. Both CIDR and VLSM support the following:

The routing protocol must carry network-prefix information with each advertised route.

All routers must support the longest-match forwarding algorithm.

Addresses must be allocated to support route aggregation.

The difference is, as mentioned earlier, how the manipulation of the address space appears to the Internet. VLSM address manipulation is done on the address assigned to an organization and is invisible to the Internet. CIDR, on the other hand, manipulates addresses, and these manipulations are advertised to the Internet.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

CIDR

Module 4 – page 37

LAB 2.1-2.2 IP Addressing

Edge-Pod1

Core-Pod1

Core-Pod3

Pod3

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Pod2

Edge-Pod2

Core-Pod2

Core-Pod4

Edge-Pod3 Edge-Pod4

Module 4 |

Pod4

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Pod1

Module 4 – page 38

Section 5 â&#x20AC;&#x201D; IPv6 Addressing

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Addressing

Features of IPv6

y More than 3.4 x 1038 addresses

Hierarchical address allocation provides efficient routing y Small routing table

Support for anycast addresses and the elimination of broadcast addresses Efficient IP header (40 bytes with 8 fields) y Fewer fields and simpler forwarding

Built-in security (IPsec implemented in IPv6) y Authentication header and encapsulation security payload

Better QoS support Flexibility in the Extension header y Daisy chain of next headers Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

Provides a huge address space • There are more than 3.4 x 1038 addresses (this represents approximately 5 x 1028 address for each person alive today!). Practically an infinite number of addresses insures no future shortages and provides great flexibility in address allocation.

Hierarchical address allocation provides efficient routing • There is a small routing table because routes can be summarized due to the hierarchical nature of address space. This simplifies routing for mobile and other specialized devices.

Support for anycast addresses and the elimination of broadcast addresses

Efficient IP header (40 bytes with 8 fields) •

Fewer fields and simpler forwarding enhances router efficiency.

Built-in security (IPsec implemented in IPv6) • Authentication header and encapsulation security payload

Better QoS support

Flexibility in the extension header • A daisy chain of next headers provides flexibility to increase IP functionality without complicating the primary header used for forwarding.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Provides a huge address space

Module 4 – page 40

IPv6 Header

Version

Traffic Class

Flow Label

Payload Length

Next Header

Hop Limit

Source Address

Destination Address

Alcatel-Lucent Scalable IP Networks v1.1

Version

Traffic Class

Flow label

Payload length

Next header

Module 4 |

• Value is 6 • Similar to ToS field in IPv4; supports differentiated services • Can be used to identify specific data flows • Length of the IP payload; similar to IPv4 except that it does not include the header length • Similar to the protocol field in IP; specific values are used to indicate that extension headers follow the mail header

Hop Limit • Similar to TTL in IPv4, but specifically designated as a hop count field

Source Address • 128-bit address of the sending node

Destination Address • 128-bit address of the intended recipient

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IPv6 header: 8 fields, 40 bytes

Module 4 – page 41

IPv4 vs. IPv6

Alcatel-Lucent Scalable IP Networks v1.1

IPv6 header: 8 fields, 40 bytes

Module 4 |

There is no Identification or Fragment Offset field in IPv6 because it does not support packet fragmentation. A minimum MTU of 576 is defined for IPv6 networks, and packets exceeding the MTU are discarded.

There is no Header Checksum field because there is no checksum at the IP level in IPv6. IPv6 relies on layers 2 and 4 to provide the error-free transmission of data.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Compare IPv4 and IPv6 headers: IPv4 header: 12 fields, 20 bytes

Module 4 – page 42

IPv6 Addressing

y 2001:0211:0000:0000:ab01:0000:0000:0011

Compressed representation y Leading zero compression: — 2001:211:0:0:ab01:0:0:11

y Multiple successive zero fields can be compressed (only once): y 2001:211::ab01:0:0:11

Types of addressing: y Unicast addressing y Multicast addressing y Anycast addressing

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

Represented by colon-hexadecimal format (each digit represents one hex digit)

Compressed representation

• 2001:0211:0000:0000:ab01:0000:0000:0011 • Leading zero compression: — 2001:211:0:0:ab01:0:0:11 • Multiple successive zero fields can be compressed (only once). “::” represents a number of zeroes but can only be used once in the string because it would be ambiguous if used more than once. • 2001:211::ab01:0:0:11

Types of addressing: • Unicast addressing (a single host) • Multicast addressing (a number of hosts) • Anycast addressing (any one of a number of hosts)

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Defined in RFC 3513 Represented by colon-hexadecimal format

Module 4 – page 43

Section 6 â&#x20AC;&#x201D; NAT/PAT

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Addressing

IP Addressing — NAT/PAT

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

It is important to note that the 7750 SR does not currently support NAT or PAT. The 7750 SR is not an enterprise router, and this feature is generally found in enterprise routers. The 7750 SR is not generally placed at that level of a network. There are currently no plans for the 7750 SR to support NAT or PAT. The reason that NAT and PAT are mentioned in this review is that they are currently commonly seen in the network infrastructure, and thus network experts should have a generic understanding of their purpose. Network address translation and Port and address translation were created to alleviate the stresses of IP allocation in the world. Working closely with the private IP address ranges, NAT and PAT allow for private IP addresses to be translated into public IP addresses. This translation can be in one of two forms. The first form of translation is “one-to-one” translation; we call this NAT. A single private IP address is translated to a single public IP address. In this form, the transport-layer port numbers are not monitored or modified. This allows for all applications to function normally without any change to the upper layers. The disadvantage of this form of translation is that there must be a pool of available addresses to support all the private IP-addressed clients. If all addresses in the pool are in use and a new NAT requirement emerges, it will fail because there is no available address within the pool of public addresses. The second form of translation is “many-to-one”; we call this PAT. A single public IP address supports multiple private IP addresses simultaneously. To accomplish this, the router must not only map the IP address of the client device, it must also map the port number in use by the client. As translation occurs, the IP address is changed to a single public address. To keep track of the multiple streams of traffic from client devices, the port numbers are mapped into the database. If a client’s random port number is already mapped by a different active client, the router not only changes the IP address, it also changes the client’s port number. Note that with the extremely large address space provided by IPv6, NAT/PAT will no longer be required.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Translates private IP addresses into public ranges NAT — One-to-one address translation NAT — Does not monitor transport layer port numbers PAT — Many-to-one address translation PAT — Does monitor transport layer port numbers Defined in RFCs 2663 and 3022 NAT/PAT is not currently supported on the Alcatel 7750 SR

Module 4 – page 45

IP Addressing — NAT

Internet

192.1.1.1

10.1.1.1

192.1.1.0/24 10.1.1.2 10.1.1.3 10.1.1.0/24

Alcatel-Lucent Scalable IP Networks v1.1

NAT Table: Public pool: 192.1.1.1 — 192.1.1.254 /24 Internal <> External 10.1.1.1 <> 192.1.1.2 10.1.1.2 <> 192.1.1.3 10.1.1.3 <> 192.1.1.4

Module 4 |

In the example of NAT above, the range of public IP addresses is from 192.1.1.2 to 192.1.1.254. Each client that sends traffic through the router will be mapped to a single IP address in the pool. If 253 clients are actively sending traffic through the router, the pool of available public IP addresses is saturated. When the 254th client tries to send traffic out the router, it will time out because there are no available public IP addresses to use for NAT. Although this limits the number of clients who can simultaneously use this NAT router, it does not limit the types of applications that each client can be using.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

NAT router

Module 4 – page 46

IP Addressing — PAT

1/1/1=192.1.1.5

10.1.1.1

192.1.1.4/30 10.1.1.2 10.1.1.3 10.1.1.0/24

PAT Table: Public pool: 192.1.1.5/32 (Int. 1/1/1) Internal <> External 10.1.1.1:1101 <> 192.1.1.5:1101 10.1.1.2:1212 <> 192.1.1.5:1212 10.1.1.3:1212 <> 192.1.1.5:2424* * Duplicate port; random port replaces duplicate

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

When using PAT, the router that is performing the operation must keep track of the source IP address and the source port number being used at the transport layer. Optionally, the router may also keep track of the destination address and port number. Because only one public address is allocated to the translation pool, all source IP addresses must be translated to the one public address. To keep track of each client’s traffic, the router maps the source port number into its database. Because client port numbers are typically sourced from the random port range (1024 to 65535), there is a possibility that two clients could use the same port number. When this occurs, the router not only modifies the source IP address, but it also modifies the source port number so that it can differentiate the traffic. This port change is not reflected to the client and is therefore transparent to the client. Most modern applications do not have a problem with the change of port. However, some applications (mostly legacy ones) require specific source and destination port numbers. If the router modifies the source port to one different than the application expects, or requires, the application may not function properly.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Internet

PAT router

Module 4 – page 47

Section 7 â&#x20AC;&#x201D; IP Protocols

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Overview

Internet Control Message Protocol

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

ICMP messages are constructed at the IP layer, usually from a normal IP datagram that has generated an ICMP response. IP encapsulates the appropriate ICMP message with a new IP header (to get the ICMP message back to the original sending host) and transmits the resulting datagram in the usual manner. For example, each device (such as an intermediate router) that forwards an IP datagram must decrement the TTL field of the IP header by one. If the TTL reaches 0, an ICMP “time to live exceeded in transit” message is sent to the source of the datagram. Each ICMP message is encapsulated directly in a single IP datagram, and thus, like UDP, ICMP does not guarantee delivery. Although ICMP messages are contained in standard IP datagrams, ICMP messages are usually processed as a special case, distinguished from normal IP processing, rather than processed as a normal subprotocol of IP. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application that generated the original IP packet (the one that prompted the sending of the ICMP message).

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

ICMP is a core IP application protocol used mainly to report errors in delivering IP datagrams. IP is connectionless and basically unreliable. ICMP is needed to send error control messages to routers and hosts. ICMP is encapsulated in the IP packet and is routed like a data packet. ICMP is part of the Internet protocol suite, defined in RFC 792. ICMP messages are typically generated in response to errors in IP datagrams (as specified in RFC 1122) or for diagnostic or routing purposes. The version of ICMP for IPv4 is also known as ICMPv4 as it is part of IPv4. IPv6 has an equivalent protocol, ICMPv6.

Module 4 – page 49

ICMP Message Types

y The host device sends an echo request to the destination device. y The destination device sends back an echo reply. y The ping utility uses the echo request and reply message types.

Destination unreachable (type 3) y Used by a router that cannot forward an IP datagram to send to the source of the IP datagram y The router then discards the IP datagram.

Redirect (type 5) y A redirect message can be sent back to the host, indicating that the IP datagram is taking a suboptimal route. The router then forwards the data to the destination. y Useful but may have security issues Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

Echo request and echo reply messages are very frequently used. A host or router sends an ICMP echo request message to a specified destination. Any device that receives an echo request generates an echo reply and returns it to the original sender. The request contains an optional data area, and the reply contains a copy of the data sent in the request. The echo request and reply can thus be used to test whether a destination is reachable. The echo request and reply are sent via IP datagrams. Assumptions:

The IP software on the source computer must route the datagram.

The intermediate routers between the source and destination must be operating and must route the datagram correctly.

The destination device must be running and both ICMP and IP software must be working.

All routers along the path must have the correct routes.

Ping is the most common way to send an ICMP echo request. The command usually sends a series of echo request messages and captures the corresponding echo replies. Ping then calculates the data loss statistics. The destination unreachable command can be quite useful. For example, if the destination device connects to an Ethernet network, the network hardware does not provide ACKs. Therefore, a router can continue to send packets to a destination even after the destination is powered down without receiving an indication that the destination is down. The destination unreachable message is only useful in determining that the destination is not reachable. It does not inform the source router why the packet was not delivered. The hosts in a network have minimal routing information on system startup. As the network topology changes, the host routing table may not have the optimal information. The router redirect message can be used to inform the host that it needs to change its route to the destination. The host routing table will then contain optimal routes.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Some common message types are: Echo request and echo reply (type 8 and type 0)

Module 4 – page 50

ICMP in Action

G2 Host B

Host A

Normal IP packet flow from Host A to Host B Destination link is broken ICMP destination unreachable message is sent to source Destination link is fixed Gateway G1 decides that gateway G2 is more optimal and sends a redirect message to Host A IP packet flow from Host A to Host B occurs via Gateway G2

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 4 – page 51

Address Resolution Protocol

Host 2

ARP

ICMP

request

Ping 10.10.10.2

Host 2 10.10.10.2/24

ARP

Host 1 10.10.10.1/24

reply Echo request 10.10.10.2

Host 2 Is alive

Alcatel-Lucent Scalable IP Networks v1.1

Echo reply 10.10.10.1

Module 4 |

When a host device sends a ping to another host device on the same subnet, how does it know what the MAC address of the distant host device is? This is when ARP is used. ARP is used by IP to map a known IP address to the unknown hardware address of the host. ARP operates between L2 and L3 of the OSI model. An Ethernet network uses two hardware addresses to identify the source and destination of each frame. If the destination address is all 1s (a broadcast frame), it will be sent to all hosts in that broadcast domain. ARP uses this broadcast to find out the destination MAC address of the distant host. In the figure above, Host 1 pings Host 2. Host 1 looks in its cache of MAC addresses for the destination MAC address of Host 2. If it is not there, Host 1 queues the ICMP packet and sends an ARP request message. The ARP request is a broadcast message, and it is sent to all hosts in the broadcast domain. Each host opens the frame and checks the destination IP address. If it is not its address, the host ignores the packet. However, when Host 2 receives the request, it sees that it is the destination and sends an ARP reply. This ARP reply is wrapped in a frame that has for its destination the MAC address of Host 1, and the source is the MAC address of Host 2. On receiving the reply, Host 1 now learns the MAC address of Host 2 and is able to wrap the ICMP message and send it to Host 2.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Host 1

Module 4 – page 52

ARP across a Router

ICMP Ping 20.20.20.1

Router 1

ARP

Host 12

ARP

request

Host 12 Host 1 10.10.10.1/24

ARP

20.20.20.1/24

Echo request Echo request 6

20.20.20.1 8

Router 1

Host 12

Echo reply

Is alive

10.10.10.1

20.20.20.1 7

Echo reply 10.10.10.1

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

With the previous slide, the discussion was of the use of ARP within the same subnet. What happens if the distant host is not in the same subnet as shown above? Host 1 generates a ping to Host 12. Again, when Host 1 goes to wrap the packet in the Ethernet frame, it does not have a destination MAC address associated with the Host 12 IP address, so Host 1 generates an ARP request message. This is still a broadcast message and is received by Router 1 [1]. Router 1 examines the destination IP address of the request and sees that the subnet is in its routing table. Router 1 responds to Host 1 with an ARP reply [2] that provides Host 1 with the MAC address of the interface of Router 1 as the destination MAC address for the packet. This makes Router 1 the proxy destination for any traffic that goes to Host 12. When Host 1 wants to send a packet to Host 12, it uses its MAC table lookup and uses the router’s MAC address as the target MAC address [3]. Router 1 then generates an ARP request message to the 20.20.20.0/24 network, looking for the MAC address of Host 12 [4]. Host 12 responds to Router 1, and Router 1 learns the Host 12 MAC address [5].

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Host 1

Module 4 – page 53

ARP Request Packet Capture

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

In the above packet capture a host with IP address 138.120.53.253 is attempting to resolve the MAC address for a host with IP address 138.120.53.149. The destination MAC address of the Ethernet II frame is sent to the broadcast address ff:ff:ff:ff:ff:ff. All devices in the same broadcast domain will receive this frame. Only the host with IP address 138.120.53.149 will reply. The EtherType for ARP is 0x0806 and is used to indicate which protocol is being transported in the Ethernet II frame. ARP Packet Hardware Type- Each layer 2 protocol is assigned a number used in this field. For example, Ethernet is 1 Protocol Type- Each protocol is assigned a number used in this field. For example, IP is 0x0800 Hardware Size- Size in bytes for hardware addressing. Ethernet addresses are 6 bytes in length. Protocol Size- Size in bytes for logical addressing. IPv4 addresses are 4 bytes in length. Operation Code- Specifies the operation the sender is performing. A value of 1 is for ARP request and a value of 2 is for ARP reply. Sender MAC address- The hardware MAC address of sender. Sender IP address- Protocol address of sender. Target MAC address- The hardware MAC address of the intended receiver. The MAC address will be all 0’s for a request. Target IP address- The protocol address of the intended receiver.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Frame 31 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:04:80:9f:78:00, Dst: ff:ff:ff:ff:ff:ff Destination: ff:ff:ff:ff:ff:ff Source: 00:04:80:9f:78:00 Type: ARP (0x0806) Trailer: 000000000000000000000000000000000000 Address Resolution Protocol (request) Hardware type: Ethernet (0x0001) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (0x0001) Sender MAC address: 00:04:80:9f:78:00 Sender IP address: 138.120.53.253 Target MAC address: 00:00:00_00:00:00 Target IP address: 138.120.53.149

Module 4 – page 54

ARP Reply Packet Capture

Alcatel-Lucent Scalable IP Networks v1.1

Module 4 |

The above packet capture is the ARP reply in response to the ARP request on the previous page. The Ethernet frame is a unicast frame and is sent only to the MAC address of the ARP request sender. All fields in the ARP reply packet have the same meaning as the ARP request packet. The main difference in the APR reply packet is the Operation code (Value of 2 for request) and fully populated MAC addresses for the sender and the target. Note the sender and target addresses have been swapped.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Frame 32 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: 00:11:43:45:61:23, Dst: 00:04:80:9f:78:00 Destination: 00:04:80:9f:78:00 Source: 00:11:43:45:61:23 Type: ARP (0x0806) Address Resolution Protocol (reply) Hardware type: Ethernet (0x0001) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: reply (0x0002) Sender MAC address: 00:11:43:45:61:23 Sender IP address: 138.120.53.149 Target MAC address: 00:04:80:9f:78:00 Target IP address: 138.120.53.253

Module 4 – page 55

Module Summary

y Unicast: a specific IP address that identifies one host y Broadcast: all IP addresses in a broadcast domain y Multicast: a group of hosts y Anycast: a specific IP address that identifies multiple hosts

There are Classful and Classless addressing formats Sub-netting and classless addressing provides flexibility and more efficient use of address space by adding a level in the addressing format to define the sub-net number

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IPv4 addresses consist of 32 bits (4 octets) traditionally divided into a Network prefix and a Host number There are 5 Classes of addresses There are 4 types of addresses:

Module 4 – page 56

Module Summary (cont’d)

y With NAT a single private IPv4 address is translated to a single public IP address. y With PAT a single public address supports multiple private IP addresses simultaneously

IPv6 provides huge address space, with addresses of 128 bits, it has 8 fields in its header with the following that differ from IPv4:Traffic Class, Flow Label, Next Header

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

VLSM enables an IP network to be assigned more than one sub-net mask, allowing for more efficient use of the address space Route aggregation reduces the number of routing table entries by allowing several sub-nets to be advertised by only a few prefixes NAT & PAT used to alleviate IPv4 address shortage in the world

Module 4 – page 57

Module Summary (cont’d)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

ICMP is a core IP application protocol used mainly to report errors in delivering IP datagrams ICMP is encapsulated in an IP packet and routed like a data packet ARP is used by IP to map a known IP address to the unknown hardware address of the host

Module 4 – page 58

Learning Assessment

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1. Define the first, last, and broadcast addresses of the following network address: 192.168.16.64/27 2. Which of the following addresses is a broadcast address? a. 138.120.0.255/23 b. 191.16.1.99/30 c. 145.1.1.108/30 3. Subnet the following address to provide a minimum of 9 subnets: 190.16.4.0/22

Module 4 – page 59

Learning Assessment (continued)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 4 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

4. Choose the correct addresses from the following list that can be super-netted to provide 300 host addresses. a. 192.168.1.0/24 b. 192.168.2.0/24 c. 192.168.3.0/24 d. 192.168.4.0/24 5. Summarize the following addresses to the least amount of addresses that will be advertised. a. 11.11.11.16/28 b. 11.11.11.32/28 c. 11.11.11.48/28 d. 11.11.11.64/28 e. 11.11.11.96/28 f. 11.11.11.80/28 g. 11.11.11.112/28

Module 4 – page 60

LAB 2.3 Testing for ICMP and ARP (Optional)

Edge-Pod1

Core-Pod1

Core-Pod3

Pod3

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Pod2

Edge-Pod2

Core-Pod2

Core-Pod4

Edge-Pod3 Edge-Pod4

Module 4 |

Pod4

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Pod1

Module 4 – page 62

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

www.alcatel-lucent.com

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

3HE-02767-AAAA-WBZZA Edition 01

Module 5 â&#x20AC;&#x201D; Transport Layer

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks

Module Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 5 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After successful completion of this module, you should be able to: Understand the transport layer functions Understand the concepts of ports and sockets Discuss the TCP 3-way handshake Discuss the concept of the TCP window Understand the TCP method of congestion avoidance Discuss TCP slow start Discuss the operation of UDP

Module 5 – page 2

Section 1 â&#x20AC;&#x201D; Transport Layer Protocols

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Transport Layer Overview

Transport Layer

y TCP is connection-oriented while UDP is connectionless

OSI transport layers are TP0, TP1, TP2, TP3, and TP4 TP4 and TCP are functionally similar

Alcatel-Lucent Scalable IP Networks v1.1

Module 5 |

Transport Protocol Class 0 (TP0) performs segmentation (fragmentation) and reassembly functions. TP0 discerns the size of the smallest maximum PDU supported by any of the underlying networks, and segments the packets accordingly. The packet segments are reassembled at the receiver. Transport Protocol Class 1 (TP1) performs segmentation (fragmentation) and reassembly, as well as error recovery. TP1 sequences PDUs and retransmits PDUs or reinitiates the connection if an excessive number of PDUs are unacknowledged. Transport Protocol Class 2 (TP2) performs segmentation and reassembly as well as multiplexing and demultiplexing of data streams over a single virtual circuit. Transport Protocol Class 3 (TP3) offers error recovery, segmentation and reassembly, and multiplexing and demultiplexing of data streams over a single virtual circuit. TP3 also sequences PDUs and retransmits them or reinitiates the connection if an excessive number are unacknowledged. Transport Protocol Class 4 (TP4) offers error recovery, performs segmentation and reassembly, and supplies multiplexing and demultiplexing of data streams over a single virtual circuit. TP4 sequences PDUs and retransmits them or reinitiates the connection if an excessive number are unacknowledged. TP4 provides reliable transport service and functions with either connection-oriented or connectionless network service. TP4, the most commonly used of all the OSI transport protocols, is similar to TCP in the TCP/IP suite. Both TP4 and TCP are built to provide a reliable, connection-oriented, end-to-end transport service on top of an unreliable network service. The network service may lose packets, store them, deliver them in the wrong order, or even duplicate packets. Both protocols must be able to deal with the most severe problems (e.g., a subnetwork stores valid packets and sends them at a later date). TP4 and TCP both have connect, transfer, and disconnect phases, and their principles of operation during these phases are also quite similar.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Layer 4 of the OSI model Responds to requests from the higher layers and relays requests to the network layers Provides reliable or unreliable transfer of data Can provide end-to-end error checking and flow control TCP and UDP are transport protocols for the TCP/IP stack

Module 5 – page 4

Ports

FTP

Telnet

HTTP

SMTP

IMAP

DOOM

DNS

TFTP

143

666

53 53

UDP

TCP

Alcatel-Lucent Scalable IP Networks v1.1

Gopher

Module 5 |

Ports identify an application service. This is how the transport layer can differentiate between application services. Each process that wants to communicate with another process identifies itself to the transport layer by using one or more port numbers. A port is a 16-bit number used by the host-to-host protocol to identify to which higher-level protocol or application service it must deliver incoming messages. There are two types of port numbers: Well-known ports — Well-known port numbers belong to standard servers. Well-known port numbers range from 1 to 1023. These port numbers are assigned by the IANA. Ephemeral — Client applications do not require well-known port numbers as they initiate communications with servers. Each client process is allocated a port number for as long as it needs it by the host system. Ephemeral port numbers occupy the 1024 to 65535 range and are not controlled by the IANA. Because the host dynamically assigns the port number to the client application, the port number may vary each time that the client application is launched.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Application Services

Module 5 – page 5

Sockets

Socket address = Protocol, local IP address, and local port number (e.g., TCP, 138.120.3.1, 15633) Conversation = Protocol, local IP address, local port number, remote IP address, and remote port number (e.g., TCP, 138.120.3.1, 15633. 137.10.2.2, 23) Alcatel-Lucent Scalable IP Networks v1.1

Module 5 |

Sockets are primarily used to differentiate between applications. Although applications on different hosts can be differentiated using IP addresses and destination address, it is impossible to differentiate between two sessions on the same hosts for the same application. The sockets also ensure that a datagram that arrives at the wrong host will not be accepted by the transport layer even though the well-known port exists. It is conceivable that an IP header could have its IP address corrupted and might therefore arrive at the wrong device. If the IP checksum is ignored, it is passed to the transport layer, where the port is examined. Example: There are two Telnet sessions between Host A and Host B. The IP address and destination port numbers are not enough for Host B to differentiate between the two Telnet sessions. In this case, having the source port numbers, which are unique for each Host A client session, are required for Host B to discern between the packets of each of the session. A detailed example of Telnet is in the next slide. In general, a client program, in this case a Telnet request from Host A, uses a unique source port number and uses the well-known port number (23 as the destination port on the server program on Host B).

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Unique application handle into the TCP/IP stack Used to differentiate application users between network hosts Formulated by using transport protocol, IP address, and application source/destination port numbers Created at both ends of the data transfer (i.e., source and destination) Example:

Module 5 – page 6

Transport Example — Telnet

Telnet Client 1

Telnet server

Telnet Client 2

Operating system

Enable Telnet server application Enable Telnet client 1 application Create client socket TCP,138.120.191.233,15633 Connect to server

Create socket address TCP,138.120.168.100,23 Listen to client requests, incoming request from Client 1 Conversation: TCP, 138.120.168.100,23,138.120.191.233,15633

Enable Telnet client 2 application Create client socket TCP,138.120.191.233,15322 Connect to server

Incoming request from Client 2 Conversation: TCP, 138.120.168.100,23,138.120.191.233,15322

Alcatel-Lucent Scalable IP Networks v1.1

Module 5 |

PC A wants to Telnet into a server with two applications, A1 and A2. The IP address of A is 138.120.191.233 and the server address is 138.120.168.200. Application A1 opens a client session with a socket handle.

Application:

Telnet

Source port number:

15633

Destination port number: 23

Transport layer:

TCP

Socket handle:

TCP, 138.120.191.233, 15633

Application A2

Application:

Telnet

Source port number:

15322

Destination port:

Transport layer:

TCP, 138,120.191.233, 15322

The server enables the Telnet server and creates a destination socket.

Application:

Telnet server

Source port number:

Destination port number: 15633,15322

Socket numbers:

Scalable IP Networks v1.00

TCP, 138.120.168.200, 23

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

TCP/IP

Module 5 – page 7

Section 2 â&#x20AC;&#x201D; Transmission Control Protocol

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Transport Layer Overview

Transmission Control Protocol Concepts Host B Application

Application

Service

Port X TCP

Port Y

Reliable TCP connection

TCP

Unreliable IP datagrams

Network interface

Alcatel-Lucent Scalable IP Networks v1.1

Network interface

Module 5 |

The primary purpose of TCP is to provide reliable communications between application services. TCP understands that the lower levels are unreliable, so TCP must guarantee the delivery of the data itself. Data transfer — From the application-services viewpoint, TCP provides a contiguous stream of data through the network. TCP groups the bytes into segments, which it passes to the Internet layer for transmission to the destination. Reliability — TCP uses sequence numbers for each byte transmitted and expects to receive an acknowledgment from the distant end. If the acknowledgment is not received within a specific interval, the data is retransmitted. Flow control — The TCP process of the distant end, when sending an acknowledgment back, informs the sender of the number of bytes it can receive above the last TCP segment, without causing an overflow of its internal buffers. This is done by specifying the highest sequence number that it can receive. Multiplexing — Multiplexing and demultiplexing are achieved using port numbers. Logical connections — To support reliability and flow control, TCP must initialize and maintain status information for each connection. This status information contains sockets, sequence numbers, and window size. These components combine to form a logical connection. Full-duplex — TCP maintains full-duplex data streams.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Host A

Module 5 – page 9

Establishing a TCP Connection

Application

Service

Port X

Port Y 1. Active Open SYN, seq=A 2. SYN+ACK, seq=B

TCP

ACK A+1 3. ACK Send ACK B+1

Alcatel-Lucent Scalable IP Networks v1.1

Module 5 |

Before transmitting any data, TCP must establish a connection between the two application services. This connection establishment is referred to as the “three-way handshake”. As shown in the figure above, the opening TCP segments include the sequence numbers from both sides. After a session is established between the two hosts, data can be transferred until the session is interrupted or shut down. Data is sent in pieces; each piece forms a TCP segment. A TCP segment is a combination of the data and a TCP header. Send SYN — This is a request for a session. Receive SYN — A session request has been received. ACK — This is the acknowledgment and shows the sending unit of the next sequence number that the receiver expects to see. This begins with a SYN (Synchronize) segment (as indicated by the code bit) that contains a 32-bit Sequence number A called the Initial Send Sequence (ISS), which is chosen by, and sent from, Host A. The 32-bit sequence number A is the starting sequence number of the data in the packet and increments by 1 for every byte of data sent within the segment (i.e., there is a sequence number for each octet sent). The SYN segment also puts the value A+1 in the first octet of the data. Host B receives the SYN with sequence number A and sends a SYN segment with its own totally independent ISS number B in the sequence number field. In addition, Host B sends an increment on the sequence number of the lastreceived segment (i.e., A+1) in its Acknowledgment field. The Acknowledgment number informs the recipient that its data was received at the other end and that it expects the next segment of data bytes to be sent, to start at sequence number A+1. This stage is often called the SYN-ACK. It is here that the MSS is agreed on. Host A receives the SYN-ACK segment and sends an ACK segment containing the next sequence number (B+1). This is called the Forward Acknowledgment and is received by Host B. The ACK segment is identified by the fact that the ACK field is set. Segments that are not acknowledged within a certain interval are retransmitted.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Host B

Host A Application

Module 5 – page 10

TCP Header

Source Port

Destination Port Sequence Number

Acknowledgment Number Res.

FIN SYN RST PSH ACK URG

HLEN

Checksum

Window Urgent Pointer

Options and Padding Data

Alcatel-Lucent Scalable IP Networks v1.1

Module 5 |

Source and Destination ports — Identify the upper-layer applications using the connection Sequence Number — This 32-bit number ensures that data is correctly sequenced. Each byte of data is assigned a sequence number. The first byte of data by a station in a particular TCP header has its sequence number in this field (e.g., 58000). If this packet has 700 bytes of data in it, the next packet sent by this station will have sequence number 58000 + 700 = 58700. Acknowledgment Number — This 32-bit number indicates the next sequence number that the sending device is expecting from the other station. HLEN — Gives the number of 32-bit words in the header. Sometimes called the Data Offset field. Reserved — Always set to 0 Code bits — The following flags indicate the nature of the header:

URG — Urgent Pointer

ACK — Acknowledgment

PSH — Push function; causes the TCP sender to push all unsent data to the receiver rather than sends segments when it gets around to them (i.e., when the buffer is full).

RST — Reset the connection

SYN — Synchronize sequence numbers

FIN — End of data

Window — Indicates the range of acceptable sequence numbers beyond the last segment that was successfully received. It is the allowed number of octets that the sender of the ACK is willing to accept before an acknowledgment. Urgent Pointer — Shows the end of the urgent data so that interrupted data streams can continue. When the URG bit is set, the data is given priority over other data streams. Checksum — Used to verify integrity of the TCP segment. Checksum calculation is performed on the TCP “pseudoheader” and data. This is the IP source and destination addresses, TCP header and the TCP data. Option — Mainly only the TCP MSS, sometimes called Maximum Window Size or SMSS. A segment is a series of data bytes within a TCP header.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

32 Bits

Module 5 – page 11

TCP Windows

Send Window 6 5 4 3

Receive Window

Alcatel-Lucent Scalable IP Networks v1.1

Receive Window

2 1

Send Window

Buffered Data 9 10 1112

1 2 3 4

5 6 7 8

Module 5 |

TCP uses a send/acknowledge/send scheme to ensure the reliable delivery of data. If this was done one segment at a time, it would still ensure the reliable delivery of the data but would not be a very efficient use of the bandwidth of the link. TCP uses windows to ensure the reliable delivery of data as well as use the available bandwidth. TCP groups the segments together in the send window and transmits them as a group. However, the transmitting host expects an acknowledgment from the receiver for each individual segment in that group. When the sender has received the acknowledgments, it then moves data from the buffer into the send window and transmits the next group of segments. This is why the send window of the local host and the receive window of the distant host must be the same.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Buffered Data 12 11 10 9 8 7

Module 5 – page 12

Sliding Windows

12 11 10 9 8 7 6 5 4 3

2 1

Wnd 6

Can Send 3-6

Receive Window

12 11 10 9 8 7 6 5 4 3

2 1 Ack 3 Wnd 4

Cannot send any

Receive Window

12 11 10 9 8 7 6 5 4 3

2 1 Ack 7

Can send 7-12, only 7-9 sent

Wnd 0 Receive Window

12 11 10 9 8 7

6 5 4 3 2 1 Ack 7 Wnd 6

Alcatel-Lucent Scalable IP Networks v1.1

Module 5 |

The concept of sliding windows keeps the network protocol saturated with packets to transmit. Because an acknowledgment is not required for every segment transmitted, network bandwidth is more efficiently used. During the establishment of a TCP session, the MSS and the receiver’s window size are negotiated. This indicates that the receiver and sender in both directions have decided that, any one time, a sender can transmit bytes up to the MSS. However, this is not always the case: the transmit (slow start ) will often only transmit a limited number of segments to the receiver, as indicated by the receiver’s window size. The receiver’s window can be thought of as the current buffer size for the received packets. When the sender sends the required number of packets specified by the window size, the receiver buffer is full. If the received buffer is only partially cleared by the TCP application, the receiver sends back an ACK specifying the new window size, which is the originally negotiated window size minus the partially cleared segments. The sender then slides its window by the number of segments transferred and can only send the number of packets equal to this new window size. Example: Assume a negotiated window size of 6 segments. The sender only sends 2 segments. The receiver sends an ACK back, indicating the start of the next segment and also a new window size of 4 because the first 2 segments are still buffered. The sender sends the remainder of the 4 segments, and fills up the receiver’s window. The receiver sends an ACK 7 with a window size of 0 because its received buffer is full. The sender is unable to transfer any more segments. When the TCP application on the receiver side clears the buffer, the sender then transmits 3 segments.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Can Send 1-6, only 1-2 sent

Buffered Data

Module 5 – page 13

Acknowledgment and Retransmission Send 1-6

Receive Window

2 1

Send 3-8 12 11 10 9 8 7 6 5 4

Receive Window 2 1

3 Ack 3

Send 3-8 12 11 10 9 8 7 6 5 4

Receive Window 2 1

3 Ack 3

Send 3-8 12 11 10 9 8 7 3

Receive Window 6 5 4

2 1

Retransmit Alcatel-Lucent Scalable IP Networks v1.1

Module 5 |

With reference to the slide above, the sender window transmits a group of segments (1 to 6). The receive window receives segments 1 and 2 and acknowledges the receipt of those segments by telling the sender that the next segment it expects to see is sequence number 3. The window slides at the transmitting host. For some reason, segment 3 is lost. The receive window continues to receive the rest of the segments; however, when it acknowledges the receipt of the segments, it informs the transmitting host that it is still expecting to see segment 3. The sender’s window cannot slide past segment 3. The sender host continues to send all the bytes in the window. Eventually, a timeout will occur and the sending host will retransmit. The problem arises as to how much information the sender should retransmit. It does know that segment 3 was lost; however, it does not know the status of segments 4 to 6. The decision must therefore be made as to whether the sending host retransmits just segment 3 or all data from segment 3 on. Each TCP instance is free to react to these outages as it wants: either just retransmit the current missing segment and wait for an acknowledgment to tell it of other segments that may be missing, or transmit everything from segment 3 on and let the receive window deal with the duplicate segments. This occurs because the actual acknowledgment is not of the segment that it has received but to identify the next segment that it expects to see.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Buffered Data

12 11 10 9 8 7 6 5 4 3

Module 5 – page 14

TCP Operation Example

Initial 3-way handshake

SYN

Seq.no. 286 (next seq.no. 287) Ack.no. 123 Wnd 8760 LEN = 0B

Data transfer

Seq.no. 123 (next seq.no. 323) Ack.no. 287 Wnd 8760 LEN = 200B

Host 1 10.10.10.1/24

SYN+ACK ACK

Seq.no. 123 (next seq.no. 123) Ack.no. 287 Wnd 8760 LEN = 0B

Host 2 10.10.10.2/24

Ack.no. 323 Wnd 8560 Seq.no. 323 (next seq.no. 723) Ack.no. 287 Wnd 8760 LEN = Ack.no. 723 Wnd 8160 400B

Closing session

Seq.no. 723 (next seq.no. 724) Ack.no. 287 Wnd 8760 LEN = 0B Seq.no. X (next seq.no. X+1) Ack.no. 724 Wnd 8160 LEN = 0B Seq.no. 724 (next seq.no. 724) Ack.no. 0 Wnd 8760 LEN = 0B

Alcatel-Lucent Scalable IP Networks v1.1

FIN FIN+ACK ACK

Module 5 |

Assumptions: Although the data transfer and window parameter negotiation occurs as a duplex, the slide above only shows a singlesided transfer. The session begins with station 10.10.10.1/24 initiating a SYN that contains the sequence number 122, which is the ISS. In addition, the first octet of data contains the next sequence number, 123. There are only zeros in the acknowledgment number field as this is not used in the SYN segment. The window size of the sender starts off as 8192 octets as assumed to be acceptable to the receiver. The receiving station sends its own ISS (286) in the sequence number field and acknowledges the sender's sequence number by incrementing it by 1 (287), expecting this to be the starting sequence number of the data bytes that will be sent next by the sender. This is called the SYN-ACK segment. The receiver's window size starts off as 8760. When the SYN-ACK has been received, the sender issues an ACK that acknowledges the receiver's ISS by incrementing it by 1 and placing it in the acknowledgment field (287). The sender also sends the same sequence number that it sent previously (123). This segment is empty of data, and we do not want the session to keep ramping up the sequence numbers unnecessarily. The window size of 8760 is acknowledged by the sender. From now on ACKs are used until just before the end of the session. The sender now starts sending data by stating the sequence number 123 again because this is the sequence number of the first byte of the data that it is sending. Again, the acknowledgment number 287 is sent, which is the expected sequence number of the first byte of data that the receiver will send. In the above scenario, the sender is initially sending 200 bytes of data in one segment. The network analyzer may indicate the next expected sequence number in the trace: in this case, 123 + 200 = 323. The sender has now agreed on the window size of 8760 and uses it itself.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Seq.no. 122 (next seq.no. 123) Ack.no. 0 Wnd 8192 LEN = 0B

Module 5 – page 15

TCP Congestion Control — Slow Start Send Window 6 5 4 3

Receive Window

2 1

1 Ack 2

cwnd 1 Buffered Data 12 11 10 9 8 7

Send Window 6 5 4 3

Receive Window

2 1

3 2 1 Ack 4

cwnd 3 2 Buffered Data 12 11 10 9 8 7

Send Window 6 5 4 3

Receive Window

2 1

6 5 4 3 2 1 Ack 7

cwnd

6 5 4

Alcatel-Lucent Scalable IP Networks v1.1

Module 5 |

Initially, when TCP first establishes a connection, it sends a group of segments of the size specified by the receiving host’s window. If the two hosts are in the same LAN, this should not be an issue. However, if they are in different networks, the possibility of low-speed links exists and the result could be multiple packet discards and multiple retransmissions, causing congestion in the network. To avoid this situation, TCP uses what is referred to as “slow start”. Slow start creates another window for the sender, called the congestion window (cwnd). The congestion window starts out as one segment. When the sender receives an acknowledgment, it doubles the size of the congestion window to two segments. Again, after an acknowledgment is received, the sender doubles the size of the congestion window to four. This continues until the advertised size of the receive window is reached or until the capacity of the network is reached. Note that in the slide above at the last step, the sender sends only 3 segments despite its congestion window size being 4 segments. This is because the receiver’s window size at this point is 3 segments.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Buffered Data 12 11 10 9 8 7

Module 5 – page 17

TCP Congestion Control — Congestion Avoidance Receive Window 10 8 7

8 7 Ack 9

Ack 9

Send Window cwnd 18 17 16 15 14 13 12 11 10 9

Step 2

Initiate Slow Start

Start congestion avoidance

Step 4

Ack 11 8 7

cwnd 12 11

12 11 10 Ack 13

24 23 22 21 20 19 18 17 16 15 14 13 Increase one Segment at a time

Step 5

Receive Window 10 9 8 7

8 7

cwnd 9

18 17 16 15 14 13 12 11 10 9

Step 3

Duplicate Ack

cwnd 15 14 13

15 14 13 Ack 16

27 26 25 24 23 22 21 20 19 18 17 16 Increase one Segment at a time

Alcatel-Lucent Scalable IP Networks v1.1

cwnd 19 18 17 16

19 18 17 16 Ack 20

Module 5 |

Although it is a totally different process, congestion avoidance works hand-in-hand with slow start. With the improvements in network design, the TCP process assumes that packet loss due to damage is rare. Therefore, the loss of a packet must indicate network congestion and that the packet was discarded. The congestion avoidance process has two indications of packet loss: A timeout occurs. A duplicate ACK is received. The slide above shows the process if a duplicate ACK is received. However, if a timeout occurs, the process would be the same. When the duplicate ACK is received, the slow start process is initiated and the congestion window is set back to one segment. It continues to double in size with each acknowledgment until it reaches half the original window size before the duplicate ACK was received. At this point, the congestion avoidance process takes over and increases the congestion window one segment at a time with each received ACK. This cycle continues until the TCP process reaches a steady state.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

18 17 16 15 14 13 12 11 10 9

Step 1

Module 5 – page 18

Section 3 â&#x20AC;&#x201D; User Datagram Protocol

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Transport Layer Overview

User Datagram Protocol

Application

Service 1

Service 2

Service 3

Service 4

Port 67

Port 69

Port 123

Port 56981

UDP Multiplexing and Demultiplexing

Alcatel-Lucent Scalable IP Networks v1.1

Module 5 |

Unlike TCP, UDP offers no delivery guarantees or congestion avoidance. It is considered to be a means of best-effort transport. UDP simply provides a transport mechanism for one application to send a datagram to another application. The responsibility for error recovery or any form of reliability resides with the application itself. Like TCP, UDP uses port numbers to identify the receiving and sending application processes. It uses these port numbers in its multiplexing and demultiplexing operations. Because there is no windowing (buffering) or any retransmission capability, UDP has found favor with real-time applications such as VoIP. The following are some of the well-known UDP port numbers : Port 67 – DHCP (Dynamic Host Configuration Protocol) Port 69 – TFTP (Trivial File Transfer Protocol) Port 123 – NTP (Network Timing Protocol) Port 520 – RIP (Routing Information Protocol)

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Application

Module 5 – page 20

UDP Header

Source Port

Destination Port

Length

Checksum Data

Alcatel-Lucent Scalable IP Networks v1.1

Module 5 |

The UDP header is extremely simple when compared to the TCP header. There are no synchronization, sequence, or acknowledgment fields. All that the header contains is the source application port number, the destination application port number, a length field for the length of the data, and a checksum for the UDP pseudo-header and data (IP source and destination addresses, UDP header and UDP data). This gives the UDP packet very little overhead. Some protocols that use UDP include: SNMP, DNS, and DHCP.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

32 Bits

Module 5 – page 21

Module Summary

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 5 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

This module provided an overview of the protocols in the transport layer. TCP uses sockets differentiate between applications. TCP provides connection-oriented services between hosts. TCP provides delivery guarantees for data. UDP uses ports for addressing. UDP provides a connectionless service. UDP provides no delivery guarantees for data.

Module 5 – page 22

Learning Assessment

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 5 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1. In TCP, what is a send_SYN used for? A. Request a session. B. Synchronize the buffer rate. C. Synchronize the flow control. D. Request a retransmission of a missing segment. 2. In TCP, must the send and receive windows on a local host match? A. Yes B. No 3. What process works in conjunction with the congestion-avoidance process in TCP when network congestion is detected? A. Sliding window B. Acknowledgment C. Slow start

Module 5 – page 23

Learning Assessment (continued)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 5 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

4. What does UDP use to establish a session? A. Session request B. Window size C. Hello protocol D. Nothing 5. How does UDP identify the application services that it is supporting? A. Socket number B. Port number C. IP address D. UDP allows the higher levels to track the application Service.

Module 5 – page 24

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

www.alcatel-lucent.com

Module 6 â&#x20AC;&#x201D; IP Routing

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks

Module Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 6 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After successful completion of this module, you should be able to: Discuss the operations and functions of a router Discuss the uses and benefits of static and default routes Discuss the operation of the distance vector protocol RIP

Module 6 - page 2

Section 1 â&#x20AC;&#x201D; Router Functions

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Routing

Functions of a Router

FCS

Payload

Type

Source MAC

Destination MAC

Source IP

Destination IP

1. Read the destination MAC address. 2. Check the FCS. 3. Check the protocol and extract the payload. 4. Record the destination IP address.

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

When a router receives a frame from a LAN, the first task is to read the destination MAC address to ensure that the router is the intended recipient of that frame. The next step, assuming that the router is the intended recipient of the frame, is to check the FCS to see if there are any errors with the frame. If there are errors, the router discards the frame at this point. Assuming the frame is received without error, the router checks the Type field to see which protocol is in the payload. The router then strips off the L2 headers and trailer and moves the payload to the L3 protocol. The L3 protocol is mainly interested in the destination L3 address. It uses this address to make its forwarding decision.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 6 - page 4

Functions of a Router (cont'd)

Source

Destination

Routing Table 5

Network

FCS

Protocol

Payload

Type

Source MAC

Next-hop

Destination MAC

5. Check the routing table to see if the network is reachable. 6. If the network is found, re-encapsulate the packet in an L2 frame.

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

The router, after examining the destination L3 address, consults its routing table to find out how to best handle the packet. The routing table reflects network reachability information (network). It then shows how the network was learned (protocol): is it local, a static router, or from a dynamic routing protocol? The final piece of information that concerns the router is what interface the packet is forwarded to (next-hop) so that it can reach its destination. If the packet is a network broadcast packet, the router discards the packet. When the decision has been made, the router forms a new frame by encapsulating the packet in an L2 frame and sends it out the appropriate interface.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 6 - page 5

Movement of Data

IP – 2.2.2.2

MAC = A

MAC = D

Gateway = 1.1.1.1 - B

IP – 2.2.2.1 MAC = C IP – 1.1.1.1 MAC = B

IP – 3.3.3.2

IP – 3.3.3.1

Source

Dest.

1.1.1.2

2.2.2.2

ARP Cache 2.2.2.2 = D

F C

Data

Source

Dest.

WAN

1.1.1.2

2.2.2.2

PPP

F C

Data

Source

Dest.

1.1.1.2

2.2.2.2

F C

Data

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

The basic flow of a packet of data through a network is as follows: Device A (1.1.1.2) wants to send data to server D (2.2.2.2). Because device A is not located on the same segment as that of device D, it must use the default gateway for the segment. This default gateway is seen as IP address 1.1.1.1 in the figure above. Device A will ARP the 1.1.1.1 address to learn the MAC address of the gateway. The router responds with MAC address “B”. Device A is now able to encapsulate the data, as shown in the top block diagram. Note that the source and destination IP addresses identify the overall source and destination devices, whereas the frame source and destination addresses identify the path across the Ethernet segment only. When the packet arrives at the left router (router B), the router removes the L2 header and trailer, checks its routing table, and determines that the data needs to be sent to the right router (router C). To accomplish this, router B encapsulates the data in a PPP frame and forwards it. Router C removes the PPP frame and consults its routing table. Noting that the destination IP network is directly connected to its Ethernet port, router C consults its ARP cache to determine the framing. When the destination L2 MAC address is determined, router C can create the frame of data and forward it to router D. Note that the IP addressing did not change throughout this movement of data. However, the L2 framing changed over each segment that the packet traversed. The IP address identifies a device within the entire network topology, whereas the L2 address identifies a device on that segment only.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP – 1.1.1.2

Module 6 - page 6

Routing Table Entries

=============================================================================== Route Table (Router: Base) =============================================================================== Dest Prefix Type Proto Age Pref Next Hop[Interface Name] Metric ------------------------------------------------------------------------------10.1.2.0/24 Local Local 03d23h08m 0 to-p2r1 0 10.1.3.0/24 Local Local 03d23h08m 0 to-p3r1 0 10.1.4.0/24 Local Local 04d00h34m 0 to-p4r1 0 10.2.3.0/24 Remote OSPF 00h41m00s 10 10.1.2.21 2000 10.2.4.0/24 Remote OSPF 00h41m00s 10 10.1.2.21 2000 10.3.4.0/24 Remote OSPF 04d00h16m 10 10.1.3.31 2000 10.10.10.11/32 Local Local 06d18h33m 0 system 0 10.10.10.21/32 Remote OSPF 00h41m04s 10 10.1.2.21 1000 ------------------------------------------------------------------------------No. of Routes: 8 =============================================================================== Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

As shown in the slide above, there is a lot of information in a routing table. Routing table entries show network reachability information, how the router learned about the network, and how to reach the network that it has learned. The routing table Protocol field is broken down into three different categories of routes: Static routes — Static routes are configured by the user. These routes define the next hop that a packet will take to reach a particular network. A static route overrides any routes learned through a dynamic routing protocol. There are two types of static routes: standard static route, which defines a network address and a next-hop, and default route, which uses 0.0.0.0/0 as the network address. This address is the wildcard address. If a packet does not match any destination addresses in the routing table, it matches the default route and takes the next hop in an attempt to get to its destination. Local routes — These networks belong to directly connected interfaces. In a route look-up, these routes have priority over all others. Dynamic routes — Dynamic routes are learned via a protocol (OSPF, IS-IS, BGP). Dynamic routes use metrics in the protocol to decide which route to install in the routing table, and they use the preference value to decide which protocol to believe if the network is learned via multiple protocols. The Metric field is used by the router to decide which route to enter in the forwarding table when it has learned multiple routes to the same destination from the same protocol. The Preference field is used by the router to decide which route to enter in the forwarding table when it has learned multiple routes to the same destination from different protocols. When the router performs a routing table lookup it selects the entry with the longest match to the destination IP address in the packet’s destination field.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:PE1# show router route-table

Module 6 - page 7

Routing Protocols

Explicitly define next

Dynamic

IGP

EGP

hop on every router/ Define default route

Distance Vector RIPv1 and RIPv2

Link State

Path Vector

OSPF

BGP

IS-IS

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

Routing protocols can be divided into two main categories: static and dynamic. The dynamic routing protocol can be further divided into two main categories: IGP and EGP. Interior gateway protocols can be further divided into distance vector and link state protocols. Distance vector — A DV protocol uses a hop-count metric, to take the shortest route to a destination regardless of the bandwidth capability of the path. The common DV protocols are RIPv1 and RIPv2. Link state — An LS protocol uses a cost metric that is a representation of the status of the link as well as the physical bandwidth of the interface. The LS protocols make their path selection based on the route that has the least cost, which is representative of the path that has the most physical bandwidth. It may not be the shortest path, but it is the best path with regard to bandwidth. Common LS protocols are OSPF and IS-IS. Path vector — A path vector protocol is a routing protocol, sometimes known as a policy routing protocol, that is used to span different autonomous systems (e.g., BGP). The routing table maintains the autonomous systems that are traversed to reach the destination system. Exterior gateway protocols — BGPv4 is the current standard for EGP. BGP is a specialized distance vector protocol that chooses the path not based on the number of routers that it must go through but rather based on the number of autonomous systems that it must go through.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Static

Module 6 - page 8

Static Routes

Router 2 10.1.1.1/30 10.1.1.2/30

Router 1

static-route in Router 1: Config router static-route 192.168.1.0/24 next-hop 10.1.1.1 metric ?? pref ??

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

Static routes are manually configured and describe the remote destination network and the next hop that a packet must be forwarded to to reach the destination. The entry can be a single network or a range of networks. If the local router does not participate in route advertising (dynamic routing), the remote routers must also have a static entry that defines how to return packets to the local router. Static routing saves bandwidth and processing as there are no advertisements or updates. However, there is no realtime indication if the destination becomes unreachable.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

192.168.1.0/24

Module 6 - page 9

Default Routes

Stub Router 2 10.1.1.1/30 10.1.1.2/30

Router 1

Static-route in Router 2: Config router static-route 0.0.0.0/0 next-hop 10.1.1.2 metric ??? pref ???

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

A default entry in the routing table is a wildcard entry that fits any destination. This is used when the destination address of a packet is not specifically defined in the routing table. It is recommended for use in stub routers, in which there is only one way for the stub network to get to all remote networks. The destination network is 0.0.0.0, which describes any network, with a network mask of 0.0.0.0. A default route is a form of static route. It is the selection of the network address and mask (0.0.0.0/0) that define it as a default route.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

192.168.1.0/24

Module 6 - page 10

LAB 2.4-2.5 Static and Default Routes

Edge-Pod1

Core-Pod1

Core-Pod3

Pod3

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Pod2

Edge-Pod2

Core-Pod2

Core-Pod4

Edge-Pod3 Edge-Pod4

Module 6 |

Pod4

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Pod1

Module 6 - page 11

Routing Protocol Basics

Router 1

How does Network A send data to Network B?

Router 2

? Router 4

Router 3 Network B

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

All dynamic routing protocols serve the same purpose: to find paths through a network to connect different networks and then to advertise that information to neighbors. The dynamic routing protocols are all built around an algorithm that gives a router the capability of deciding which route to install in the routing table and then advertising that information to its peers.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Network A

Module 6 - page 12

Path Determination Network A can reach Network B via Path 1 or Path 2. Which one is preferred?

172.16.1.0/24

Router 1

172.16.3.1/30 Router 2

172.16.3.2/30 172.16.3.13/30

172.16.3.14/30

Path 1

Path 2

172.16.3.5/30

172.16.3.6/30 Router 4

172.16.3.10/30 Router 3

Network B

172.16.3.9/30

172.16.2.0/24

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

All networks are interconnected through routers and when a router has an interface connecting it to another router, the interface must have an address that belongs to a network. In the figure above, there are six distinct networks. Router 1 knows about networks 172.16.1.0/24, 172.16.3.0/30, and 172.16.3.12/30 because it has interfaces or local connectivity to the networks. Likewise, Router 2 knows about networks 172.16.3.0/30 and 172.16.3.4/30. Router 3 knows about networks 172.16.3.12/30 and 172.16.3.8/30, and Router 4 knows networks 172.16.3.8/30, 172.16.3.4/30, and 172.16.2.0/24. Router 1’s function is to enter its locally connected networks into its routing table and identify them as locally connected networks. It then takes this information and advertises it to routers 2, 3, and 4. This advertisement is called a router update. Routers 2, 3, and 4 will carry out the same operation, advertising their routing updates to the other routers in the network. Complexity occurs when a router receives this information. For example, when Router 1 receives the information from Router 2 should it place this information in its routing table? Should it pass this information on to Router 3? If Router 1 has heard about network 172.16.3.4/30 from Router 2 and Router 3, which entry should it put in its routing table?

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Network A

Module 6 - page 13

172.16.1.0/24

Router 1

to Router 3

Alcatel-Lucent Scalable IP Networks v1.1

Network 172.16.3.0/30 172.16.3.0/30 172.16.3.12/30 172.16.3.12/30 172.16.1.0/24 172.16.3.4/30 172.16.3.4/30 172.16.3.8/30 172.16.3.8/30 172.16.2.0/24 172.16.2.0/24

Next-hop router to Router 2 172.16.3.14 to Router 3 172.16.3.2 to Net A 172.16.3.2 172.16.3.14 172.16.3.14 172.16.3.2 172.16.3.2 172.16.3.14

Module 6 |

Metric 0 3 0 3 0 1 2 1 2 2 2

As shown in the figure above, Router 1 is being flooded with information about network reachability and which paths it can use to get . to those destinations. The router requires a way of determining which path is best when it has received multiple paths to the same destination. This method of determining the best path is referred to as metrics. A metric is a value that is assigned to each path to assist in determining which path is best. In the figure above, Router 1 sees networks 172.16.1.0/24, 172.16.3.0/30, and 172.16.3.12/30. These are local directly connected interfaces. Each of these networks can reach the others because they are directly connected and are considered the best paths. The other three networks, 172.16.3.4/30, 172.16.3.8/30, and 172.16.2.0/24, can be reached via multiple paths. Therefore, the router must decide on a best path to each of these networks among all the paths. Metrics is one of the criteria used by the router to make this decision. Metrics depend on the type of protocol used. RIPv1 and RIPv2 use hop count for a metric, OSPF and IS-IS use port bandwidth as a metric, and BGP uses AS path count as a metric. Note that metrics are always 0 for a directly connected network. The hop-count metric chooses the path that goes through the fewest number of routers. It does not take into account the bandwidth of the links. With regard to the above example for network 172.16.3.8/30, using hop count, Router 1 would select the path that goes through Router 3. This link could be T1 while the path through Routers 2 and 4 are going over gigabit Ethernet links. Bandwidth metric will choose a higher bandwidth path over a shorter distance. In the previous hop-count metric example, a dynamic protocol that uses bandwidth, such as OSPF and IS-IS, would choose the path through Routers 2 and 4 to reach network 172.16.3.8/30 even though the physical distance is twice as long.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Network A

to Router 2

Metrics

Module 6 - page 14

Convergence

172.16.1.0/24 Network 172.16.3.0/30 Router 1

Router 2

Network

172.16.3.12/30

172.16.3.4/30

Network Router 4

172.16.3.8/30 Router 3

Network B 172.16.2.0/24

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

All dynamic routing protocols require a way of transmitting the information about their locally connected routes to other routers in the network. Routers also require a method of receiving and processing the information. While processing the information, a routing protocol must use its metrics to decide on the best path. Each router calculates the best path to all networks advertised by every other router in the internetwork and places this information in its routing table. The network is said to be in a convergence state when all routers have successfully computed the best paths and placed them in the routing tables. When the network topology changes, the neighbors must update their routing information and transmit this change throughout the internetwork.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Network A

Module 6 - page 15

Section 2 â&#x20AC;&#x201D; Distance Vector Overview

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Routing

Distance Vector Overview

RTR-B

RTR-A

100 Mb/s 1 Gb/s

1 Gb/s 1 Gb/s RTR-C

Alcatel-Lucent Scalable IP Networks v1.1

RTR-D

Module 6 |

Distance vector routing algorithms (Bellman-Ford) pass periodic copies of a routing table from router to router. Regular (timed-interval) updates between routers communicate topology changes. Each router receives a routing table from its direct neighbor.

In the figure above, RTR-B receives information from RTR-A.

RTR-B uses the information received from RTR-A to recalculate its routing table.

RTR-B then sends its routing table to RTR-D.

This same step-by-step process occurs in all directions between direct-neighbor routers.

IMPORTANT — With distance vector, no routing table is transmitted beyond the immediate neighbor. For example, RTR-D never sees a routing update directly from RTR-A. The distance vector algorithm allows network metrics to accumulate and maintains a table showing the next hop for all destinations listed.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Routers send periodic updates to physically adjacent neighbors Updates contain distance (how far) and vectors (direction) for networks

Module 6 - page 17

Distance Vector Overview (cont'd)

with routing table Periodic update Update from neighbor

sent to neighbor routers

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

The figure above shows the distance vector step-by-step process for updating all routers in an internet when a topology change occurs.

Each router sends its entire routing table to each of its adjacent neighbors. This table includes reachable addresses, a value representing the distance metric, and the IP address of the first router on the path to each network that it knows about.

As each router receives an update from its neighbor, it calculates a new routing table and transmits that to each of its neighbors at the next timed interval.

In a very large network with many routers, this process can take quite a while.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Process and compare

Module 6 - page 18

Distance Vector Problems

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 6 |

RTR-D

RTR-C

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Network A Routing loops 172.16.1.0/24 Network changes are sent to all routers RTR-A at periodic intervals. Changes and updates are not sent simultaneously. Slow convergence can cause routing loops. RTR-B If Network A becomes unreachable, RTRA sends an update to RTR-B. RTR-B will update RTR-C and RTR-D, but RTR-D can send its periodic update to RTR-C and RTR-B before RTR-B’s update. The packet for RTR-A from other routers will go to RTR-D to RTR-B and then back to RTR-D Æ Routing Loop.

Module 6 - page 19

Loop Avoidance

10.0.0.0 – 2 Hops

RTR-A

Routing Table: 10.0.0.0 – 2 hops via 1/1/2

Alcatel-Lucent Scalable IP Networks v1.1

10.0.0.0

10.0.0.0 – 1 Hop

RTR-B

RTR-C

Routing Table: 10.0.0.0 – 1 hop via 1/1/1

Routing Table: 10.0.0.0 – 0 hops via 1/1/3

Module 6 |

Split horizon is a loop-avoidance technique for physically adjacent devices. In simplistic terms, split horizon states that an adjacent router will not readvertise a learned network to the router that originally advertised the network. Without this policy, routers would be susceptible to routing loops. If RTR-C loses network 10.0.0.0, and if RTR-B does not block readvertisments to RTR-C, RTR-C could think that network 10.0.0.0 is accessible via RTR-B. This would cause a loop and a major disruption in traffic flow. To ensure this does not happen, all routers running a distance vector protocol support split horizon.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Split horizon — Do not advertise networks back to the source of the network information.

Module 6 - page 20

Loop Avoidance (cont'd)

10.0.0.0 – 16 Hops

10.0.0.0

X RTR-A

RTR-B

RTR-C

Routing Table: 10.0.0.0 – 16 hops via 1/1/2

Routing Table: 10.0.0.0 – 16 hops via 1/1/1

Routing Table: 10.0.0.0 – 16 hops via 1/1/3

Routing Table: 10.0.0.0 – 2 hops via 1/1/2

Routing Table: 10.0.0.0 – 1 hop via 1/1/1

Routing Table: 10.0.0.0 – 0 hops via 1/1/3

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

Route poisoning is used to speed up convergence. When used in conjunction with triggered updates, the convergence of a network speeds up. Route poisoning is accomplished by the router that is directly connected to the network that goes away. When it determines that the network is not accessible, the router sets the hop count to infinity (16 hops for RIP) and forwards a message to all directly attached neighbors. The neighbors change their routing tables and forward the message to their neighbors on all other links. Note that split horizon still applies when forwarding a route poison advertisement. In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry and forwards the change to RTR-A. This ensures that all routers learn of the topology change, and by keeping the route in the routing table, the possibility of creating a false path to network 10.0.0.0 is decreased.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Route poisoning — When a network goes away, the sourcing router sets the hop value to infinity and sends a triggered update to its neighbors.

Module 6 - page 21

Loop Avoidance (cont'd)

10.0.0.0 – 16 Hops

Poison Reverse

10.0.0.0 – 16 Hops

10.0.0.0 – 16 Hops 10.0.0.0

X RTR-A

RTR-B

RTR-C

Routing Table: 10.0.0.0 – 16 hops via 1/1/2

Routing Table: 10.0.0.0 – 16 hops via 1/1/1

Routing Table: 10.0.0.0 – 16 hops via 1/1/3

Routing Table: 10.0.0.0 – 2 hops via 1/1/2

Routing Table: 10.0.0.0 – 1 hop via 1/1/1

Routing Table: 10.0.0.0 – 0 hops via 1/1/3

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

Poison reverse is the only time that split horizon is violated in a distance vector routing protocol environment. The idea of poison reverse is to confirm to the preceding device that the update about a network going away has been recorded. This response to the originator also ensures that a loop-free topology is created. In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry and forwards the change to RTR-A. RTR-B also sends a poison reverse message back out the interface that RTR-C’s message came in on. This ensures a loop-free topology. When RTR-A gets the route poisoning message from RTR-B, it also sends a poison reverse message back on the interface that the message was received on.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Poison reverse — The only time that split horizon is violated. Poison reverse helps to avoid loop creation when a network fails.

Module 6 - page 22

Loop Avoidance (cont'd)

10.0.0.0 – 16 Hops

10.0.0.0

X RTR-A

RTR-B

RTR-C

Routing Table: 10.0.0.0 10.0.0.0– 16 – 2 hop hop – Via 1/1/1 via 1/1/2

Routing Table: 10.0.0.0– 16 – 1 hop hop – 10.0.0.0 via 1/1/1 Via 1/1/0

Routing Table: 10.0.0.0– 16 – 0 hop hop – 10.0.0.0 via Via 1/1/3 1/1/1

Hold-down timer 180 seconds

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

Hold-down timers keep the failed network in the routing table, with the hop count set to infinity, for a predetermined period of time. This allows time for the other routers in the network to receive the topology change update without causing loops. In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry by changing the metric to infinity, and it starts its hold-down timer. RTR-B will not remove the route until the hold-down timer has expired. This ensures that all routers learn of the topology change without causing a loop during convergence. Keeping the route in the routing table decreases the possibility of creating a false path to network 10.0.0.0. Note that RIP does not make use of a hold-down timer.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Hold-down timers — Provide time for other routers to converge and reduce the creation of loops when a network fails

Module 6 - page 23

Topology Change

10.0.0.0 – 16 Hops

Poison Reverse

10.0.0.0 – 16 Hops

10.0.0.0

X RTR-A

RTR-B

RTR-C

Routing Table: 10.0.0.0 hop – 10.0.0.0– –16 2 hops Via 1/1/0 via 1/1/2

Routing Table: 10.0.0.0– 16 – 1 hop hop – 10.0.0.0 via 1/1/1 Via

Routing Table: 10.0.0.0– –16 0 hops 10.0.0.0 hop – via Via 1/1/3 1/1/0

Hold-down timer 180 seconds

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

When combined, the mixture of route poisoning, poison reverse, triggered updates, and hold-down timers provides a robust loop-avoidance technique when routes fail in a network. In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity, sets the hold-down timer, and sends an update to RTR-B. RTR-B changes its routing table entry, sets the hold-down timer, and forwards the change to RTR-A. RTR-B also sends a poison reverse message back out the interface that RTR-C’s message came in on. When RTR-A gets the route poisoning message from RTR-B, it also sends a poison reverse message back on the interface that the message was received on. In addition, it modifies the routing entry by setting it to infinity and invokes its hold-down timer.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Combined loop-avoidance mechanisms would look something like this example:

Module 6 - page 24

Section 3 â&#x20AC;&#x201D; Configuring RIP

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IP Routing

RIPv1 — Overview

Uses hop-count metric Advertises updates with broadcast addressing Maximum of 15 hops; 16 equals infinity Maximum of 25 network entries per packet 30-second advertisement interval No security or authentication Classful routing protocol

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

RIPv1 was originally outlined in June 1988 and is defined in RFC 1058. RIP is an IGP that uses a distance vector algorithm to determine the best route to a destination, using hop count as the metric. A hop is a network-layer device such as a router. For the protocol to provide complete information on routing, every router in the domain must participate in the protocol. RIP is a routing protocol based on a distance vector (Bellman-Ford) algorithm, which advertises network reachability by advertising the prefix/mask and the metric (also known as hop count or cost). RIPv1 uses broadcast updates to advertise the networks. In the updates, the maximum number of networks that can be advertised per packet is 25. Therefore, if a router needs to advertise 30 networks to its peers, it will send 2 packets every 30 seconds. The first will contain 25 network entries, and the second will contain the remaining 5 network entries. Alcatel-Lucent supports modification of this parameter to a maximum of 255 network entries per packet. By default, RIP advertises all RIP routes to each peer every 30 seconds. In RIP, the hop metric is limited to a maximum value of 15 hops, i.e., networks can be no more than 15 routers away. To signify that a network is unreachable, the hop value is set to 16, which equates to infinity for RIP. Each router along the path increments the hop count value by 1. The maximum number of hops in a path is 15. If a router receives a routing update with a metric of 15 that contains a new or modified entry, increasing the metric value by 1 will cause the metric increment to 16 (infinity). Then, the destination is considered unreachable. The 7750 SR implementation of RIP uses split horizon with poison reverse to protect from such problems as “counting to infinity”. Split horizon with poison reverse means that routes learned from a neighbor through a given interface are advertised in updates out of the same interface but with a metric of 16 (infinity). RIPv1 does not support any security or authentication mechanism. However, the more modern version, RIPv2, does have built-in authentication. The 7750 SR software supports RIPv1 and RIPv2. RIPv1 was written and implemented prior to the introduction of CIDR. Therefore it is a classful routing protocol. It assumes the following netmask information for non-local routes, based on the class the route belongs to:

Class A — 8-bit mask

Class B — 16-bit mask

Class C — 24-bit mask

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 6 - page 26

RIPv2 Overview

y VLSM y Authentication of routing updates y Next-hop addresses carried with each route entry y External route tags y Multicast route updates

RIPv2 is a classless routing protocol.

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 6 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

RIPv2 is an evolution of RIPv1. In addition to supporting all RIPv1 features, it supports :

Module 6 - page 27

RIPv1 vs. RIPv2

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

RIPv2 Classless routing protocol Multicast updates every 30 seconds Support for MD5 Tagging of external routes Hop-count metric 16 hops equal infinity

Module 6 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

RIPv1 Classful routing protocol Broadcast updates every 30 seconds All updates sent in clear No method of identifying external routes Hop-count metric 16 hops equal infinity

Module 6 - page 28

RIP Neighbors

Router 1

Router 2

Router 4 has two neighbors, Router 2 and Router 3 Router 4

Router 3

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

When a routing protocol refers to neighbors, it is referring to other routers that share a common data link. A distance vector protocol such as RIP sends its updates to its neighbors and relies on them to pass the information on through the internetwork. This process is referred to as hop-by-hop updating.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Router 1 has two neighbors, Router 2 and Router 3

Module 6 - page 29

RIP Messages

Router 2

Response

Request

Response

Router 4

Router 3

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

The RIP routing process is a distance vector routing process and operates using UDP port 520. RIP defines two message types: request and response messages. The request message is used to ask RIP neighbors to send an update. The response message is the update itself. On startup, a RIP router broadcasts or multicasts a packet carrying a RIP request message out of all the RIP-enabled interfaces. When the RIP neighbors receive this message, they generate a response message in the form of an update.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Request Router 1

Module 6 - page 30

RIP Updates

Router 1

routing table (25 entries)

RIP update includes the entire

routing table (25 entries)

Router 2

Router 4 Router 3

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

Distance vector protocols normally assume that the neighbor knows nothing. Therefore, when a distance vector protocol sends an update it contains everything from its routing table. The neighbor takes what it needs from the update and discards the rest. An update message can hold a maximum of 25 routes per update. RIP routers then continue to send complete updates (the entire routing table) every 30 seconds. The response or update message timer that initiates the generation of the update message has a random variable to prevent table synchronization (all routers sending their updates at the same time). As a result of this random variable, the time between individual updates can be from 25 to 35 seconds.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

RIP update includes the entire

Module 6 - page 31

RIP Operation

10.1.1.0/24 Update from B

10.1.1.0/24

Update received by C

Update from C 15 hops

14 hops

2 hops

Network

Cloud

(assume 12 routers separate Router B &C

10.1.1.0/24

D Routing Table: Destination Metric Valid Route INVALID, do not Populate In table

B Routing Table: Destination Metric Valid 10.1.1.0/24 2 Yes A Routing Table: Destination Metric Valid 10.1.1.0/24 0 Yes

Alcatel-Lucent Scalable IP Networks v1.1

C Routing Table: Destination Metric Valid 10.1.1.0/24 15 Yes

Module 6 |

By default the RIP router advertises all RIP routes to each neighbor every 30 seconds. RIP uses a hop-count metric to determine the distance between the packet source and the packet destination. The metric values for a valid route is 1 to 15 inclusive. A route that has a metric value of 16 (infinity) indicates that the route is no longer valid and should be removed from the routing table. In the slide above, router A sends an Update message containing the route 10.1.1.0/24 with a metric of 0, to router B. Router B updates the metric for the route by adding the cost of the network on which the message arrived. If the result is greater than infinity, infinity (16) is used. That is the metric = MIN (metric + cost, infinity). It then check to see whether there is already an explicit route for the destination address. If there is no such route, router B adds this route to its routing table with the newly calculated metric of 2. It also initializes the Timeout timer for the route. It then triggers a new update message about this route (10.1.1.0/24) which it sends to its neighbor(s) (into the network cloud, in the slide above). This process is repeated at each router within the cloud which would receive an Update about route 10.1.1.0/24. Hence, router C receives an Update containing route 10.1.1.0/24 with a metric of 14. It calculates the metric value to 15, adds the route to its routing table and sends a new Update message about this route to router D. Router D calculates the new metric value to 16. As this value indicates that the route is unreachable, router D does not populate this route in its routing table If a router already has an entry in its database for the route received in the Update, then the following occurs: -If this datagram is from the same router as the existing route, the router reinitialize the timeout. - If the datagram is from the same router as the existing route, and the new metric is different or lower than the old one the route and associated info contained in the update replaces the existing route entry. And the router then sends an Update about this route to its neighbors. -If the new metric associated with the route is infinity then the Flush timer is initiated. The route is no longer used for routing packets. Note that the deletion process (Flush timer) is started only when the metric is first set to infinity. If the metric was already infinity, then a new deletion process is not started.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

10.1.1.0/24 Update from A 1 hop

Module 6 - page 32

RIP Timers

Update Timer y frequency with which a router sends an update about its routes, to its neighbors

Timeout Timer y amount of time within which a router must receive an update about a route. If the timeout timer expires and no update has been received, the route is declared Invalid, but is kept in the RIP database

Flush Timer y amount of time a route that has been declared Invalid remains in the database before being removed

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

By default, every 30 seconds a RIP router sends an unsolicited update message containing its complete routing table to all its peers. Each route has two timers associated with it: the timeout and flush timers. If the Timeout timer expires and no updates have been received about a given route, that route is marked invalid, but is maintained in the routing table for a short time so that neighbors can be notified that the route has been dropped. The invalid route is still included in the route updates sent by the router until the flush timer expires. When the flush timer expires, the invalid route is removed from the routing table. If an update about the invalid route is received while the flush timer is running, the new route update will replace the one that is about to be deleted. In this case the flush timer must be cleared. On the 7x50 SR/ESS the default values for the update, timeout and flush timers are respectively, 30 seconds, 180 seconds and 120 seconds.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

RIP uses the following three timers:

Module 6 - page 33

RIP Timers (cont’d)

10.1.1.0/24

Router B receives update

T=0s Timeout timer Starts

Router B receives update

T=30s

No update received

T=210s

Router B receives update

T=300s

Router B Router B Clears Timeout timer declares route Flush Timer & resets Invalid Resets Timeout Flush timer Timer starts Route is Valid

Alcatel-Lucent Scalable IP Networks v1.1

Update Timer = 30s Timeout Timer = 180s Flush Timer = 120s

No update received

Still no update received

T=480s

T=600s

Router B declares route Invalid Flush timer starts

Module 6 |

Router B removes route from routing table

In the above slide, router A sends an update to router B about the route 10.1.1.0/24. At time T= 0 seconds, router B receives the update and populates the route in its routing table. It also initializes the timeout timer. After 30 seconds router A sends another update about the route 10.1.1.0/24, which is received by router B. Router B resets the timeout timer associated with this route. After 180 seconds, router B receives no updates about the route 10.1.1.0/24. The associated timeout timer expires, and router B declares the route invalid. Router B also initializes the flush timer. After 90 seconds router B receives and update about route 10.1.1.0/24. It replaces the route entry with the info in the new update (route is valid again), clears the flush timer and initializes the timeout timer. After 180 seconds, router B receives no updates about route 10.1.1.0/24 and declares it invalid, as the timeout timer has expired. After 120 seconds, router B still does not receive any update about route 10.1.1.0/24, and as the flush timer has now expired, it therefore deletes the route from its routing table.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Update

Module 6 - page 34

RIP — Pinhole Congestion

GigE

10.1.1.0/24

101.10.1.0/24

Traffic Flow Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

The only metric used by RIP in its routing computation is hop count. The figure above shows that, despite having a higher-bandwidth path through the top of the network, RIP always chooses the route or path with the fewest hops. In this case, all traffic will flow across the T1 link, leaving the gigabit Ethernet path unused. This is known as pinhole congestion.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

GigE

Module 6 - page 35

Basic RIP Configuration

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 6 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

All RIP instances must be explicitly created on each device. Once created, RIP is administratively enabled. To configure RIP, perform the following tasks: Configure interfaces Configure policy statements (optional) Enable RIP Configure group parameters Configure neighbor parameters Note that routers will not automatically advertise routes with RIP. A route policy must be created and applied to RIP to dictate which routes are to be advertised.

Module 6 - page 36

Basic RIP Configuration Example

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 6 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

PE3>config>router>rip# info ---------------------------------------------export RIP_policy group "RIP-A" neighbor "to-pe2“ neighbor “to-pe1” exit exit ---------------------------------------------PE3>config>router>rip#

Module 6 - page 37

Show RIP Neighbors

=============================================================================== RIP Neighbors =============================================================================== Interface

Adm

Opr

Primary IP

Send

Recv

Metric

Mode

------------------------------------------------------------------------------To-pe1

192.168.1.1

BCast

Both

To-pe2

192.168.1.10

BCast

Both

-----------------------------------------------------------------------------No. of RIP Neighbors: 2 ===============================================================================

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

The slide above shows the neighbor information of the RIP routing protocol, including the interfaces that RIP is running on and the addresses of these interfaces. Note that the send mode is set to broadcast. This is the default value so that RIPv2 is backward-compatible with routers that are running RIPv1. This can be manually configured to multicast. The receive mode is set to both so that it can receive updates from either RIPv1 or RIPv2 routers. Finally, the metric is one hop for these interfaces.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

PE3>show>router>rip# neighbor

Module 6 - page 38

Show RIP Peers

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

The slide above shows the peer information of the RIP routing protocol, including the IP addresses of the peers, the name of the interfaces to reach them, the version of RIP that is running on those interfaces, and the last updated sent to the peer. Peer IP Addr : The IP address of the peer router. Interface Name: The peer interface name. Version: The version of RIP running on the peer. Last Update : The number of seconds since the last update sent to the peer.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

PE3# show router rip peers ================================================================= RIP Peers ================================================================= Peer IP Addr Interface Name Version Last Update ----------------------------------------------------------------10.10.10.1 to-pe1 RIPv2 0 10.10.10.2 to-pe2 RIPv2 2 ----------------------------------------------------------------No. of Peers: 2 =================================================================

Module 6 - page 39

Show RIP Database

=========================================================================== RIP Route Database =========================================================================== Destination

Peer

Interface

Met

TTL

Valid

--------------------------------------------------------------------------172.0.0.181/32

192.168.1.2

to182

172

172.0.0.181/32

192.168.1.9

to181

164

Yes

172.0.0.182/32

192.168.1.2

to182

172

Yes

172.0.0.182/32

192.168.1.9

to181

164

192.168.1.4/30

192.168.1.2

to182

172

Yes

192.168.1.4/30

192.168.1.9

to181

164

--------------------------------------------------------------------------No. of Routes: 6

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

The slide above shows the RIP database summary information, including all networks and addresses of the peers from which the router has received the updates. Note that the routes are marked as either valid or not valid. The valid routes are the ones that have the fewest hops (metric) associated with them.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

ND184>show>router>rip# database

Module 6 - page 40

Show RIP Update

=============================================================================== RIP Database (Detail) =============================================================================== Destination

: 172.0.0.181/32

Next Hop

: 0.0.0.0

Interface

: to182

Peer

: 192.168.1.2

Metric

: 2

Tag

: 0x0000

TTL

: 167

Valid

: No

Destination

: 172.0.0.181/32

Next Hop

: 0.0.0.0

Interface

: to181

Peer

: 192.168.1.9

Metric

: 1

Tag

: 0x0000

TTL

: 162

Valid

: Yes

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

The slide above shows a portion of the information that is carried in a RIP update message. A single update message can carry a maximum of 25 networks. The information shown is similar to the database summary information shown in the previous slide.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

ND184>show>router>rip# database detail

Module 6 - page 41

Show RIP Group

========================================================================= RIP groups (Detail) ========================================================================= ------------------------------------------------------------------------Group "rip" ------------------------------------------------------------------------Description

: No Description Available

Admin State

: Up

Oper State

: Up

Send Mode

: Broadcast

Receive Mode

: Both

Metric In

: 1

Metric Out

: 1

Split Horizon

: Enabled

Check Zero

: Disabled

Message Size

: 25

Preference

: 100

Auth. Type

: None

Update Timer

: 30

Timeout Timer

: 180

Flush Timer

: 120

Export Policies:

rip

Import Policies:

None

========================================================================= Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

The slide above shows the configuration information that is applied to all RIP neighbors that belong to this group. The RIP neighbors are the interfaces that are part of the RIP routing process. Any changes that are made to the group are automatically pushed down to all neighbors that belong to the group. This eases configuration.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

ND184>show>router>rip# group detail

Module 6 - page 42

Module Summary

Router functions Routing loops Static and default routes Distance vector Issues with distance vector Loop-avoidance mechanisms y Split horizon y Route poisoning y Poison reverse y Hold-down timers

RIPv1 and RIPv2 General RIP operations and updates RIP show commands

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 6 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 6 - page 43

Learning Assessment

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 6 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1. The Layer 2 address is used by the router to make its forwarding decision. A. True B. False 2. What is the preference value found in the routing table used for? A. Differentiate between multiple routes to a destination learned by the same protocol B. Differentiate between multiple routes to a destination learned by different protocols C. Serves no purpose 3. Static routes do not respond in real time to a failure. A. True B. False

Module 6 - page 44

Learning Assessment (cont'd)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 6 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

4. What are the functions of a routing protocol? Choose all that apply. A. Calculate an optimal path through a network. B. Notify applications of inability to reach destination. C. Advertise network reachability information to neighbors. D. Apply flow control to traffic to reduce congestion. 5. What is the maximum number of routes that can be carried in a RIPv1 update message? A. 15 B. 25 C. 30 D. 45

Module 6 - page 45

Learning Assessment Answers

Alcatel-Lucent Scalable IP Networks v1.1

Module 6 |

1. The Layer 2 address is used by the router to make its forwarding decision. A. True B. False 3 2. What is the preference value found in the routing table used for? A. Differentiate between multiple routes to a destination learned by the same protocol B. Differentiate between multiple routes to a destination learned by different protocols 3 C. Serves no purpose 3. Static routes do not respond in real time to a failure. A. True 3 B. False 4. What are the functions of a routing protocol? Choose all that apply. A. Calculate an optimal path through a network. 3 B. Notify applications of inability to reach destination. C. Advertise network reachability information to neighbors. 3 D. Apply flow control to traffic to reduce congestion. 5. What is the maximum number of routes that can be carried in a RIPv1 update message? A. 15 B. 25 3 C. 30 D. 45

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Left blank for notes

Module 6 - page 46

LAB 3.1 - Basic RIP Configuration

Edge-Pod2

Pod2

Core-Pod1

Core-Pod2

RIP

Core-Pod3

Core-Pod4

Pod4

Pod3

Edge-Pod3

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Edge-Pod4

Module 6 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Edge-Pod1

Pod1

Module 6 - page 47

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

www.alcatel-lucent.com

Module 7 â&#x20AC;&#x201D; Link-State Routing Protocols

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks

Module Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After successful completion of this module, you should be able to: Understand link state protocol behavior Understand the terminology used in OSPF Understand the concepts of areas used in OSPF Describe the contents of the different databases used in the OSPF routing process Discuss the different link state advertisements used in OSPF Configure and verify a simple (flat) OSPF network Configure and verify a hierarchical OSPF network

Module 7 – page 2

Section 1 â&#x20AC;&#x201D; Link State Overview

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Link-State Routing Protocols

Distance Vector vs. Link State

Views Viewsthe thenetwork networktopology topology from fromthe theneighbor’s neighbor’s perspective perspective Adds Addsdistance distancevectors vectors from fromrouter routerto torouter router Frequent, Frequent,periodic periodicupdates: updates: slow convergence slow convergence Passes Passescopies copiesof ofthe therouting routing table tableto toneighbor neighborrouters routers

Link Linkstate state

Gets Getsaacommon commonview viewof ofthe the entire entirenetwork networktopology topology Calculates Calculatesthe theshortest shortest path pathto toother otherrouters routers Event-triggered Event-triggeredupdates: updates: faster fasterconvergence convergence Passes Passeslink-state link-staterouting routing updates updatesto toother otherrouters routers

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

Link state and distance vector can be compared in several key areas: 1. Distance vector sees everything and learns everything as "next hop“. Link state obtains a wide view of the entire internetwork topology by accumulating all necessary LSPs. 2. Distance vector determines the best path by adding to the metric value it receives as tables move from router to router. With link state, each router calculates its own shortest path to destinations. 3. Distance vector is a daisy chain of tables passed using periodic table updates. This leads to slow convergence, particularly in large networks. 4. With link state, updates are triggered by topology changes. Relatively small LSPs are passed to all other routers or to a multicast group of routers, which usually results in faster convergence times.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Distance Distancevector vector

Module 7 – page 4

Link State Overview

Sends subnet mask in update Supports VLSM, CIDR, and manual route summarization Supports authentication Maintains multiple databases Sends updates using multicast addressing

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

Link-state protocols have the following common attributes:

Link-state protocols trigger an update when a link (interface) changes state. The router connected to the link initiates a triggered update to its neighbors to notify them of the topology change. If the network is stable and no changes in links are detected, the routers send periodic hello messages to maintain connectivity without having to consume excessive bandwidth.

The updates contain the subnet mask of each network being advertised. This allows for more optimal network design and accurate path selection.

VLSM and CIDR are supported in all link-state protocols.

Due to the classless aspects of link-state protocols, manual summarization is actively supported. This allows for network administrators to have much more control of where and how the summarization takes place.

All modern link-state protocols support authentication of the updates being sent between the routers. This ensures that accurate network topologies are created without false information or errors.

Link-state protocols maintain three common databases: topology (link state DB), neighbor (adjacency DB), and routing table (forwarding DB).

Modern link-state protocols use a multicast address to convey updates and hellos to their neighbor link-state routing peers. This reduces processing on devices in the network that are not running the link-state protocol.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Link-state driven updates, periodic hellos

Module 7 – page 5

Link State Overview (continued)

Link = An interface State = Active or inactive interface IS-IS and OSPF are link-state protocols More complex than distance vector Faster convergence Triggered updates Three databases: y Adjacency — Neighbor database y Topology — Link-State database y Routing — Forwarding database

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

Link state, also known as SPF, maintains a complex database of topology information. While distance vector has nonspecific information about distant networks and no knowledge of distant routers, link state maintains full knowledge of distant routers and how they interconnect. OSPF and IS-IS are examples of link-state routing protocols. LSPs are used to transmit the information necessary to build a topological database, which is used by the SPF algorithm to construct a SPF tree, and finally, a routing table of paths and ports to each network. When a link-state topology changes, the routers must become aware of the change and send information to other routers or to a designated router that all other routers can use for updates. This involves the propagation of common routing information to all routers in the network. To achieve convergence, each router does the following:

Keeps track of it neighbors.

Constructs an LSP that lists neighbor router names and link metrics (cost). This includes new neighbors, change metrics, and links to neighbors that have gone down.

Sends out the LSP so that all routers receive it.

When it receives an LSP, records the LSP in its database so that it can store the most recent LSP received.

Using accumulated LSP data to construct a complete network topology, proceeds from the common starting point for the SPF algorithm and compute routes to every network.

Each time an LSP causes a change to the link-state database, the link-state algorithm recalculates the best paths and updates the routing table.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 7 – page 6

Link State Overview (continued)

RTR-C Network 1/1/1 RTR-A

Adjacency Database RTR-B — on 1/1/2 RTR-C — on 1/1/1

2.2.2.0/24

1/1/2

RTR-B

Link State Database RTR-A to RTR-C, cost=1000 RTR-A to RTR-B, cost=1000 RTR-C to RTR-B, cost=1000 Routing Table: RTR-B to 2.2.2.0/24, cost=1000 2.2.2.0/24 — via 1/1/2 ……

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

Link state protocols keep three databases in the routers: The adjacency database, sometimes called the neighbor database, keeps track of all the other routers that are directly attached and passing link state routing information. The adjacency database is maintained with periodic hello messages. The LSDB has all learned paths to all destination networks. It is this database that is used to create the SPF tree that ultimately creates the routing table. The routing table, sometimes called the forwarding database, is used by the router to accurately forward IP packets to the destination network.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Adjacency database Link-state database Forwarding database

Module 7 – page 7

Link State Overview (continued) C 2.2.2.0/30

10.0.0.0/8 .1

.2 4.4.4.0/30

Step 1 – Updates received from peers

3.3.3.0/30

B Routing Routing Table Table 10.0.0.0/8 10.0.0.0/8 via via 2.2.2.1 2.2.2.1 ……

Step 2 – Topology database Created AA to to 2.2.2.0/30 2.2.2.0/30 Cost Cost 10 10 AA to to 3.3.3.0/30 3.3.3.0/30 Cost Cost 10 10 BB to 4.4.4.0/30 Cost 10 to 4.4.4.0/30 Cost 10 CC to 10.0.0.0/8 Cost 10 to 10.0.0.0/8 Cost 10 …… ……

Alcatel-Lucent Scalable IP Networks v1.1

Step 3 – SPF algorithm determines the best path to destination networks

Step 4 – Routing table created

10.0.0.0/8 10.0.0.0/8 Via Via 2.2.2.1 2.2.2.1 Cost Cost 20 20 -- BEST BEST Via 3.3.3.1 Via 3.3.3.1 Cost Cost 30 30 …… ……

Module 7 |

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

From router’s A Point-of-view

Module 7 – page 8

Exchange of Link State Information

R1 R1Link-state Link-statePacket Packet AA 10 10 BB

10 10

R2 R2Link-state Link-statePacket Packet BB 10 10 CC

R3 R3Link-state Link-statePacket Packet CC 10 10

10 10

Routers exchange LSPs with each other. Each router begins with the directly connected networks for which it has direct link-state information.

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

Network discovery for link-state routing uses the following processes: Routers exchange LSPs with each other. Each router begins with the directly connected networks for which it has direct link-state information. It floods its link-state information to other routers in the network.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 7 – page 9

Topological Database R2

R1 R1Link-state Link-statepacket packet AA 10 10

BB 10 10 R2 Link-state packet R2 Link-state packet BB 10 10

BB 10 10 R2 R2Link-state Link-statepacket packet

BB 10 10 R2 Link-state packet R2 Link-state packet

CC 10 10 R3 R3Link-state Link-statepacket packet CC DD

Alcatel-Lucent Scalable IP Networks v1.1

10 10 10 10

BB CC

10 10 10 10

BB CC

R3 R3Link-state Link-statepacket packet CC 10 10 DD

R3 R3Link-state Link-statepacket packet CC 10 10

10 10

Module 7 |

10 10 10 10

10 10

Network discovery for link-state routing uses the following processes (continued): Each router constructs a topological database that consists of all the LS information from the other routers in the network.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 7 – page 10

Calculating the SPF Tree and Populating the Routing Table R2

R1 R1Link-state Link-statepacket packet AA 10 10 BB 10 10 R2 Link-state packet R2 Link-state packet BB 10 10 CC 10 10 R3 R3Link-state Link-statepacket packet CC DD

Alcatel-Lucent Scalable IP Networks v1.1

SPF 1

SPF tree

R1 R1 Routing Routing table table

10 10 10 10

Module 7 |

Network discovery for link-state routing uses the following processes (continued): 1. The SPF algorithm computes network reachability, determining the shortest path to the other networks in the link-state network. 2. The router constructs this logical topology of shortest paths as a tree, with itself as root. 3. The router lists its best paths and the ports to these destination networks in the routing table. It also maintains additional topology elements and status details. When all these processes are complete, normal routing of packets can begin.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 7 – page 11

Topology Changes

Run RunSPF SPF Update Update routing routing table table

Topology Topology change change

Link-state information

Alcatel-Lucent Scalable IP Networks v1.1

Run RunSPF SPF Update Update routing routing table table

Run RunSPF SPF Update Update routing routing table table Module 7 |

When a router recognizes a topology change (link down, neighbor down, new link, or new neighbor), it must notify its neighbors. To do this, each link-state router does the following:

The router that recognizes the change sends out new link-state information that reflects the change.

When a router receives new link-state information, it must populate the information in its topological database and pass it on to its neighbors.

The SPF algorithm must be run against the new topological database to update the routing table with the new information.

Each time that there is a topology change that causes an update to the topological database, the SPF algorithm must be run.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Link-state updates are driven by topology changes.

Module 7 – page 12

Flooding

Link-state information

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

Link-state information is sent during a topology change and periodically to insure topological database synchronization. LSAs are:

Sourced by the router that is connected to the link that changes

Flooded by all other routers

Transmitted at each link-state change

The topological database synchronization relies on the flooding of link-state information throughout the link-state domain.

This must be a reliable procedure.

Routers must also have a way to determine if the link-state information they are receiving is more recent than the information already in the database. There must also be a mechanism to determine if the link-state information should be forwarded to neighbors or dropped. Without such a mechanism in place, the link-state information could be flooded infinitely.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Link-state information is flooded to other routers in the network.

Module 7 – page 13

Acknowledgment

Link-state information Acknowledgment Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

Acknowledgments make the flooding procedure reliable. This helps to ensure that the topological database is synchronized.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Each router must receive an acknowledgment that the update was received by its neighbor. If an acknowledgment is not received, the link-state information is retransmitted.

Module 7 – page 14

Sequence Numbers

— —

Without sequence numbers, the link-state information could be flooded infinitely. The sequence number remains the same, router-to-router, during the flooding process.

In a link-state environment, routers use the sequence numbers for the following decisions when receiving a link-state update: —

— —

If the sequence number is lower than the one in the database, the link-state information is discarded; and the receiving router will update the sending router with the corresponding information in its own database. If the sequence number is the same, an acknowledgement is sent. The link-state information is then discarded. If the sequence number is higher, the link-state information is populated in the topological database, an acknowledgement is sent, and the link-state information is forwarded to its neighbors.

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Sequence numbers must be included in the link-state information.

Module 7 – page 15

Sequence Numbers (continued) R1

R1 R1Link-state Link-statepacket packet Seq=1 Seq=1

R1 R1Link-state Link-statepacket packet Seq=2 Seq=2

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

In the figure above, all routers initially have an entry in their respective topology databases for network A with a sequence number of 1. This information was obtained from an update that R1 has previously sent. When the link to network A fails, R1 generates new link-state information for network A. It increments the sequence number and sends the link-state information to its neighbor. On receiving the link-state information, R2 checks the sequence number and sees that it is newer. R2 populates its topological database with the new information about network A and floods it to its neighbor R3. Likewise, R3 checks the sequence number, sees that it is newer and populates its topological database.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 7 – page 16

Sequence Numbers (continued)

y R1 must decide what to do with the second copy of the linkstate information that it receives. R1

E Z

R6 Alcatel-Lucent Scalable IP Networks v1.1

R4 Module 7 |

R1 receives the link-state information via R2 first. It populates its topological database with the newly received linkstate information. The link-state information is then received from R6. R1 must compare the link-state information with the information it already has in its database. R1 can see that the sequence numbers are the same. Therefore, it discards the link-state information and does not forward it to R2. This process stops link-state information from being flooded infinitely. In the same example as shown in the slide above, if network Z comes up immediately after it goes down, the sequence number is incremented again. For some reason, the link-state information for network Z going down with a sequence number of 2 is delayed via R4 to R3 to R2 to R1. The link-state information for network Z, being available with a sequence number of 3, arrives at R1 via R4 to R5 to R6 to R1 first. When the delayed link-state information with a sequence number of 2 arrives, R1 compares it with the link-state information that it has in its topological database. R1 determines that the link-state information is older and discards it.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

R1 receives 2 copies of the link state information for network Z.

Module 7 â&#x20AC;&#x201C; page 17

Link-State Information Aging

y The age of newly created link-state information is set to 0 for OSPF and 1200 for IS-IS. It is incremented by each hop during the flooding procedure for OSPF and is decremented for IS-IS. y The link-state age is also incremented for OSPF and decremented for IS-IS as it is held in the topological database.

Maximum age y When the link-state information reaches its maximum age, it is no longer used for routing. The link-state information is flooded to the neighbors with the maximum age, and the linkstate information is removed from the topological database. y For OSPF the default maximum age is 3600

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Link-state information includes an age field.

Module 7 – page 18

Hierarchy in Link-State Networks

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

Scalability issues exist with Link-state networks:

The size of the link-state database increases exponentially with the size of the network. Each router must add and keep track of any new destinations that are reachable in the network. A large database increases the consumption of router resources.

The complexity of the SPF calculation also increases exponentially.

A topology change requires the complete recalculation of the forwarding table on every router. The increased overhead in calculating new routing information can overwhelm a router if it has insufficient resources.

A hierarchy allows a large routing domain to be split into several smaller domains. Routing happens within the smaller routing domains and between the domains, simplifying the SPF calculation. IS-IS and OSPF both implement hierarchy but use different techniques. They both define areas and route within areas and between areas. A hierarchy results in suboptimal routing. The best path to leave the area may not be the best route to the final destination. A hierarchy is less common today due to the increased capacity of routers. Many large networks are now configured as a single area, simplifying the configuration and optimizing routing. Modern routers have the ability to handle hundreds of nodes.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Scalability issues exist with Link-state networks: The size of the link-state database increases exponentially with the size of the network. The complexity of the SPF calculation also increases exponentially. A topology change requires the complete recalculation of the forwarding table on every router. A hierarchy allows a large routing domain to be split into several smaller domains. A hierarchy results in suboptimal routing. A hierarchy is less common today due to the increased capacity of routers.

Module 7 – page 19

OSPF Overview

Link-state protocol Faster convergence than a distance vector protocol Scalable Hierarchical using “areas” Uses the SPF algorithm for routing decisions Cost metric takes into account the physical bandwidth of the port Classless protocol Traffic engineering extensions Authentication support Support for VLSM and address aggregation

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

OSPF is a hierarchical routing protocol. It supports the concept of areas within the OSPF routing domain. These areas break the network into smaller pieces to accommodate growth and to reduce the amount of protocol traffic throughout the network. The classless behavior eliminates any classful problems, such as noncontiguous subnets. OSPF also supports classless routing table lookups, VLSM, and aggregation for address management. The OSPF cost metric is based on the physical bandwidth of the port. This allows OSPF to make its path decisions based on the path that has the most bandwidth. OSPF also allows for the use of route tagging to identify external routes (i.e., routes learned from another protocol). The traffic engineering extensions to OSPF allow the protocol to track and advertise the available bandwidth. This feature is used by MPLS in the creation of traffic tunnels.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 7 – page 20

OSPF Terminology

Link t Cos

0 =1 Adjac

ency and Neigh bors

Router ID 172.16.0.1 LSA

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

The following terminology is used in OSPF routing: Area — A group of routers that share the same area ID Router ID — A unique router ID required by each OSPF router. A router ID can be derived by: 1. Defining the value in the config>router router-id context; 2. Defining the system interface in the config>router>interface ip-int-name context, if router-id is not explicitly configured; 3. Inheriting the last four bytes of the MAC address, if neither router-id nor system interface IP address is configured. Link State — The status of the link between two OSPF routers, a router’s interface, and its relationship to its neighboring routers Cost — The routing metric used by OSPF in its SPF calculations Neighbor — An adjacent system reachable by traversing a single subnet Designated Router —The router that is responsible for ensuring adjacencies between all neighbors in a multipleaccess network. This ensures that all routers do not need to maintain full adjacencies with each other. The DR is elected in all multiple-access networks (Ethernet). Backup DR — Designated to perform the same functions as the DR in the event of a failure Link State Advertisement (LSA) — Packet that contains all the relevant information regarding a router’s links and the state of those links

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Area 0

Module 7 – page 21

OSPF Hierarchy

Backbone area Area 0.0.0.1

Area 0.0.0.2

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

OSPF is a hierarchical routing protocol. It supports the concept of areas within the OSPF routing domain. These areas break the network into smaller pieces to accommodate growth and to reduce the amount of LSA traffic throughout the network. An area is a grouping of OSPF routers that have the same area ID ( i.e., number). For OSPF-enabled routers to form adjacencies, they must have the same area ID. OSPF areas are logical subdivisions of OSPF autonomous systems. The topology of each area is invisible to entities in other areas. Each router in an area retains a link-state database that describes the particular area. If a router belongs to more than one area, it retains a separate link-state database for each area. Area 0 (0.0.0.0) is a required area and is referred to as the backbone area. All other areas must be connected to the backbone area, either physically or logically. The backbone area distributes routing information between areas hence all inter-area communications must go through the backbone. An Autonomous System is a group of networks and network equipment under a common administration.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Area 0.0.0.0

Module 7 – page 22

LAB 4.1 - Configuring OSPF in a Single Area

Edge-Pod2

Pod1

Pod2 Core-Pod1

Core-Pod2

OSPF

Core-Pod3

Core-Pod4

Pod3

Pod4

Edge-Pod3

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Edge-Pod4

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Edge-Pod1

Module 7 – page 23

Section 2 â&#x20AC;&#x201D; OSPF Areas

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

OSPF Overview

Types of OSPF Areas

Normal area Stub area Intra-area routes refer to updates that are passed within the area. Inter-area routes refer to updates that are passed between areas. External routes refer to updates passed from another routing protocol into the OSPF domain by the ASBR.

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Backbone area

Module 7 – page 25

OSPF Backbone Areas

Backbone area 0

Area 1 ABR

ABR

Alcatel-Lucent Scalable IP Networks v1.1

Area 2

Module 7 |

The OSPF backbone area, area 0.0.0.0, must be contiguous, and all other areas must be connected to the backbone area. All inter-area traffic must pass through the backbone area.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Area 0

Module 7 – page 26

OSPF Normal Areas

Backbone area 0

Area 1 ABR

Normal area

RIB

Area 2

ABR

Inter-area routes Intra-area routes External routes

Alcatel-Lucent Scalable IP Networks v1.1

Normal area

Module 7 |

The OSPF normal or standard area is the default area type. The normal area imports and exports external routes. It has in its routing information database all intra-area routes, all inter-area routes, and all external routes.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Area 0

Module 7 – page 27

OSPF Stub Area

Backbone area 0

Area 1 ABR

Stub area

Normal area

RIB Inter-area routes

Area 2

ABR

Intra-area routes Default route Stub area

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

A stub area is an area that does not allow external route advertisements. The ABR of the stub area advertises a single default route (0.0.0.0) into the stub area . Any destination that the internal routers cannot match to an intra- or inter-area route will match the default route. This reduces the size of the internal router’s database and reduces CPU processing time.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Area 0

Module 7 – page 28

OSPF Router Types

Area 1

ABR Internal routers Backbone routers

ABR

Area 2

Non-OSPF routed domain

ASBR

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

OSPF supports four types of routers:

Internal router — A router that is within a specific non-zero area only. It has no direct connection to another area.

Area border router — A router that is located on the border between one or more OSPF areas. It is responsible for the connection of two or more areas (one of them being the backbone area) and for the maintenance of separate link-state databases for each area.

Autonomous system boundary router — A router that connects an OSPF routing domain to a non-OSPF routing domain

Backbone router — A router that resides in area 0 only

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Area 0

Module 7 – page 29

OSPF Databases

Area 1 ABR

ABR Adjacency

Link-state

Forwarding

Database

database

table

Area 2

List of Neighbors

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

OSPF supports a number of databases that it uses in its route calculations:

Adjacency database — When two OSPF routers exchange information, they form an adjacency. The adjacency database is a list of all neighbors to which a router has established bidirectional (full) communication.

Link-state database — Also called the topology table or routing information database, a link-state database contains the next-hop information for all destinations in the OSPF domain.

Forwarding database — This database contains all the “best” routes to the destinations in the network. The forwarding database is created when the SPF algorithm is run on the link-state database.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Area 0

Module 7 – page 30

Designated Router

172.16.0.1

Priority 64

Priority 32

Priority 10

Priority 16

Priority 0

BDR Priority 32 Router ID 172.16.0.2

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

The concept of designated routers and backup designated routers came about because of some problems that multiple-access networks, such as Ethernet, posed to OSPF related to the flooding of LSAs. For example, the formation of adjacencies between all attached routers would create unnecessary LSAs. In the figure above, without the use of DR and BDR, the number of adjacencies would be n (n − 1)/2, or in this case, 5(4)/2 = 10 adjacencies to support 5 routers. Flooding of the LSAs would be out of control. A router would flood an LSA to all its adjacent neighbors, which in turn, would flood to all their neighbors, and so on. This would create many copies of the same LSA on the same link. The DR represents the network as a pseudo node. Each router forms an adjacency with the DR and the BDR. Only the DR sends LSAs to the rest of the network. This reduces the LSA load on the network. The BDR is responsible for mirroring the DR and takes over the role of DR if there is a failure. The election process for the DR and BDR is based on priority: the highest priority wins. In the event of a tie, the router with the highest router ID wins. Any router that has reached a minimum of the 2-way state in the OSPF process is eligible to take part in the election process. A router with Priority set to 0 can never become the Designated Router.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Router ID

Module 7 – page 31

DR and BDR

============================================================================= OSPF Interfaces ============================================================================= If Name

Area Id

Designated Rtr

Bkup Desig Rtr

Adm

Oper

----------------------------------------------------------------------------system

0.0.0.0

172.0.0.152

0.0.0.0

fast

0.0.0.0

192.168.2.1

192.168.2.2

BDR

faster

0.0.0.0

Down

----------------------------------------------------------------------------No. of OSPF Interfaces: 3

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

The slide above again shows the interfaces that are running OSPF. In this case, note the DR and BDR designation of interface “fast”. This interface is an Ethernet interface, and even though it is being used in a point-to-point application, OSPF still sees it as a broadcast medium and conducts the DR and BDR election process. The “fast” interface is actually the BDR even though the priority of the interfaces are the same and the IP address of “fast” is actually higher than the IP address of its neighbor. This is because the other interface was the first one to become operational. When OSPF saw that the interface was a broadcast interface, it conducted an election. Because the far end was operational first, it was the only one taking part in the election process and therefore became the DR. When “fast” interface became operational and exchanged hellos with the adjacent router, the adjacent router informed “fast” interface that it was the DR, and therefore “fast” interface became the BDR.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:SR1# show router ospf interface

Module 7 – page 32

Section 3 â&#x20AC;&#x201D; OSPF Packets

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

OSPF Overview

OSPF Packet Types

Hello — Used to find neighbors in a router’s attached networks and to determine if a neighboring router’s interface is still functional by periodically sending out hello packets

Database description — Exchanged between routers that are in the process of forming an adjacency

Link-state request — A router request for newer database description information

Link-state update — Used to implement the flooding of LSAs; may contain one or more LSAs

Link-state acknowledgment — Acknowledgment of a link-state update

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

OSPF packet type Description

Module 7 – page 34

OSPF Hello Packet

Area ID

* Password

Hello Interval

Dead Interval

* Priority

DR and BDR

Hello

Adjacency Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

The hello protocol is used to allow routers to recognize each other in the network. Hello packets are sent out periodically on each OSPF interface, using the multicast IP address 224.0.0.5. * - To establish an adjacency between the two routers shown above, certain criteria in the hello packet must be common:

Area — To form an adjacency, both routers must be in the same area.

Password — If using security, both routers must have the same password.

Hello interval — This specifies how often each router will send a hello packet to act as a keepalive. Both routers must have the same hello interval.

Dead interval — This specifies how long a router will wait for a hello packet. If it does not receive a packet within the specified interval, the router will declare the link down. Both routers must have the same dead interval.

Priority — This specifies the router priority of an OSPF interface. A router may have different priorities on its OSPF interfaces. Highest priority is preferred when two or more routers connected to the same network segment all attempt to become DR/BDR. A router whose Priority is set to 0 is ineligible to become DR or BDR on the attached network. DR — The router ID of the Designated Router selected on the attached broadcast network. BDR — The router ID of the Backup Designated Router selected on the attached broadcast network. When the routers have exchanged and agreed on the information above, they will establish an adjacency. This ensures bidirectional communication. OSPF routes are only exchanged on adjacencies.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

* Router ID

Module 7 – page 35

Forming an Adjacency Router B 2.2.2.2

Down state

Hello (RID=1.1.1.1,DR=0.0.0.0 Neighbors known = 0)

Hello (RID=2.2.2.2, DR=0.0.0.0, Neighbors known=1.1.1.1)

Init state

Hello (RID=1.1.1.1,DR=0.0.0.0, Neighbors known = 2.2.2.2)

2-way state

DBD (RID=1.1.1.1)

Exstart state

DBD (RID=2.2.2.2) DBD (Summary of all networks known) DBD (Summary of all networks known)

Alcatel-Lucent Scalable IP Networks v1.1

Exchange state Router with larger RID starts

Module 7 |

In the diagram above the two routers in question have not formed an adjacency. The following will explain how the adjacency is created and the steps that are required to accomplish it. 1. To start both routers are in what is called a “down” state. This is when neither router has sent any OSPF related packets. 2. The router on the left sends a hello packet with the standard header. In the hello information the router will insert it’s RID and leave the neighbor field blank since it does not know of any other router on the Ethernet segment. 3. The right side router will respond with a hello of it’s own. However, in this routers hello, not only is its RID sent; the RID of the left router is also sent. With both routers seeing that the other router is acknowledging they exist the state changes from a “down” state to that of “two-way”. 4. The neighboring routers establish a master/slave relationship. During this phase the initial DBD sequence number is determined for the exchange phase. The router with the highest Router ID becomes the master and its initial sequence number is used. 5. The routers send the DBD packets describing its Link State Database. The sequence number negotiated during the master/slave establishment step is used. 6. The sequence number is incremented and the DBD packet is sent describing the Link State Database

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Router A 1.1.1.1

Module 7 – page 36

Forming an Adjacency (cont’d) Router B 2.2.2.2

Loading state

LSR (Send me info on the following networks…) LSR (Send me info on the following networks…) LSU (Here’s the info you requested) LSU (Here’s the info you requested) ACK (Thanks for the info) ACK (Thanks for the info)

Full state

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

The Adjacency continues to be created with the following steps: 1. The routers ask for explicit information with the use of the Link State Request. When the LSR is sent the “exchange” state changes to the “loading” state. 2. Each router will respond to the LSR with one or more Link State Update Packets. These packets will contain the explicit details of the networks requested. 3. Each router will respond to the LSU with an Acknowledgement packet. This ensures that each knows the other has received the information without error. 4. After all LSUs are received, and acknowledgements sent, each router will now have an identical link state database. When this happens the state changes from a “Loading” state to the “full” state. This means that each router is fully converged with the others database. 5. To maintain the adjacency the routers will now sent periodic hellos to each other. The default timer for this is 10 seconds. If something changes then only that change int eh database will be conveyed to the neighbor.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Router A 1.1.1.1

Module 7 – page 37

LSA Types

Routers can generate the following types of LSAs: Type 1 — Router LSA Type 2 — Network LSA Type 3 — Summary LSA (Network) Type 4 — Summary LSA (ASBR) Type 5 — AS external LSA

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After the initial flood to create the link-state database, LSAs are sent when there is a topology change or every 30 minutes to maintain the database.

Module 7 – page 38

Type 1 — Router LSA

Router Backbone area 0

Area 0

LSA

Area 1 ABR

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

LSA type 1 is known as a router LSA and is generated by every internal router in the network with an active interface. These LSAs are only flooded in the area in which they were originated. A router LSA lists all the router’s links along with the state and cost of the links.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Type 1

Module 7 – page 39

Type 2 — Network LSA

Area 0 Area 1 ABR

Type 2 Network LSA

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

LSA type 2 is known as a network LSA. Network LSAs are only produced by the DR in a multiple-access network. The DR represents the network as a type of pseudo node. A network LSA lists all attached routers, including the DR. A network LSA is only flooded in the area of the router that originated it.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Backbone area 0

Module 7 – page 40

Type 3 — Network Summary LSA

Network

Area 0

Summary

Area 1

LSA Backbone area 0

Alcatel-Lucent Scalable IP Networks v1.1

ABR

Module 7 |

LSA type 3 is known as a network summary LSA and is advertised by an ABR. These LSAs are sent into an area to advertise routes (destinations) that are outside that area. This lets the internal routers know which destinations can be reached by the ABR. The ABR advertises a network summary LSA in both directions. This means that the ABR advertises network summary LSAs into the non-zero area as well as the backbone or zero area.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Type 3

Module 7 – page 41

Type 4 — ASBR LSA and Type 5 — AS External LSA

Area 1

Type 5

Area 2 Type 4

External

ASBR

LSA

Non-OSPF

ASBR

routed domain

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

LSA type 5 is known as an AS External LSA. These LSAs are originated by an ASBR and advertise destinations external to the AS or a default route that is external to the AS. AS external LSAs are flooded throughout the entire network, with the exception of stub areas. LSA type 4 is known as an ASBR LSA. An ASBR LSA is only generated by an ABR. ASBR LSAs are identical to type 3 LSAs except that the destination they advertise is not a network but the ASBR itself. An ABR generates a Type 4 LSA after it has received Type 5 LSAs from an ASBR.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Area 0

Module 7 – page 42

OSPF LSAs in Action

Area 1

Broadcast network

LSA 1: Router LSA 2: Network LSA 3: Summary

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

All links in the hierarchical network above are point-to-point except for the links in Area 1. DR and BDR elections are therefore a concern in area 1. When the ABR is inserted adjoining both areas, router LSAs are sent out in the respective areas. Note: The ABR belongs to both areas and therefore has a separate set of router LSAs for each area that it belongs to. Therefore, the topology database of the ABR has a set of router LSAs for area 0 and a set of router LSAs for area 1. The ABR is connected to a broadcast network in area 1. The interface of the ABR is elected as the DR, and it sends a network LSA to all routers in the broadcast domain. In addition, the ABR summarizes all networks in Area 1 and sends a network summary LSA on behalf of all the networks to all routers in Area 0.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Area 0

Module 7 – page 43

OSPF LSAs in Action (continued)

Area 2

LSA 4: ASBR LSA 5: AS external Alcatel-Lucent Scalable IP Networks v1.1

Non-OSPF

ASBR

routed domain

Module 7 |

An ABR now connects Area 0 to Area 2. In addition, Area 2 contains an ASBR, which is connected to a non-OSPF routed domain. When the ABR comes up, its sends/receives router LSAs from both the respective areas. The ASBR advertises a type 5 LSA, which is flooded throughout the area. The ABR then sends an ASBR LSA into Area 0, indicating the router ID of the ASBR.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Area 0

Module 7 – page 44

OSPF Route Selection

Router 3 to B

Path 1 cost 12

Area 0

t Cos

0 =1

Cos t=

Area 1

Cost = 10

7 DR

Cost = 1

= 100 Cost

BDR

st Co

SPF algorithm

Area 2 Router 3 Link-state database Paths from Router 3 to reach B

Cos t=

Path 1 (via R5) cost 12 Path 2 (via R4) cost 22 Path 3 (via R6) cost 101

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

Each router gathers all the received LSAs and enters them into the link-state database. The SPF algorithm is applied to this database and is used to calculate the shortest path tree. The SPF algorithm is run first to create the branches of the tree (routers) and second to create the leaves (stub networks) on the branches. OSPF calculates the shortest path using a cost metric. This cost is assigned to each interface and depends on the bandwidth of the interface. The cost of a route is the sum of all costs of each interface that a packet must traverse to reach its destination. When all of the costs have been calculated, the route to the destination with the lowest cost is entered in the forwarding table and all traffic going to that destination uses this route.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Forwarding table

Module 7 – page 45

Authentication

MD5 allows an authentication key to be configured per interface. Links between adjacent routers must be configured with the same key. By default, authentication is not enabled on an interface.

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

MD5 is a method of verifying data integrity and is more reliable than a common checksum. MD5 is an algorithm that takes a message of variable length and creates a 128-bit “message digest”. The message digest is then transmitted to the neighbor and can only be decrypted by a receiving station that has the correct password.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

All OSPF protocol exchanges can be authenticated. This means that only trusted routers can participate in autonomous system routing. Alcatel’s implementation of OSPF in the 7750 SR supports plain text and MD5 authentication (also called simple password).

Module 7 – page 46

Show OSPF Neighbors

=============================================================================== OSPF Neighbors =============================================================================== Nbr IP Addr

Nbr Rtr Id

Nbr State

Priority

RetxQ Len

Dead Time

------------------------------------------------------------------------------192.168.2.1

172.0.0.154

Full

------------------------------------------------------------------------------No. of Neighbors: 1

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

The slide above shows the adjacencies formed by OSPF with its directly connected neighbors, including the interface that the adjacency was formed on and the router ID of the immediate neighbor. Note the neighbor state: when the routers have formed their adjacency and the databases are synchronized, the state is Full, as shown above. Other states that may be displayed are Init, Exstart, and Exchange; however, these states are only briefly displayed. The final state is Full.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:SR1# show router ospf neighbor

Module 7 – page 47

Show OSPF Interfaces

=============================================================================== OSPF Interfaces =============================================================================== If Name

Area Id

Designated Rtr

Bkup Desig Rtr

Adm

Oper

-----------------------------------------------------------------------------system

0.0.0.0

172.0.0.152

0.0.0.0

fast

0.0.0.0

192.168.2.1

192.168.2.2

BDR

faster

0.0.0.0

Down

------------------------------------------------------------------------------No. of OSPF Interfaces: 3

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

The slide above shows the interfaces that are running OSPF, including their names and the areas that they belong to. Note that the Adm status is Up and the Oper status is either, in this case, DR, BDR, or Down.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:SR1# show router ospf interface

Module 7 – page 48

Show OSPF Link State Database

=============================================================================== OSPF Link State Database (Type : All) (Detailed) =============================================================================== ------------------------------------------------------------------------------Router LSA for Area 0.0.0.0 ------------------------------------------------------------------------------Area Id

: 0.0.0.0

Adv Router Id

: 172.0.0.152

Link State Id

: 172.0.0.152

LSA Type

: Router

Sequence No

: 0x80000274

Checksum

: 0x78bf

Age

: 543

Length

: 48

Options

: E Link Count

: 2

Flags

: None

Link Type (1)

: Stub Network

Network (1)

: 172.0.0.152

Mask (1)

: 255.255.255.255

No of TOS (1)

: 0

Metric-0 (1)

: 1

Link Type (2)

: Transit Network

DR Rtr Id (2)

: 192.168.2.1

I/F Address (2)

: 192.168.2.2

No of TOS (2)

: 0

Metric-0 (2)

: 1000

------------------------------------------------------------------------------Router LSA for Area 0.0.0.0 ------------------------------------------------------------------------------Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

The slide above shows the detailed information for one LSA in the link-state database. The information includes the area that the link belongs to, the ID of the router that is sending the LSA, the link-state ID of the LSA, and the type of LSA. Note that in this case, the router ID and link-State ID are the same, because this is the LSA that depicts the system interface. In addition, this is a type 1 (router) LSA. The information also includes the type of network that the link belongs to, the network address, the network mask, and the metric for this link. Because this is the system interface, the network address is the interface address and the mask is 255.255.255.255 or /32. The metric for the system interface is 1 as it is a loopback or virtual interface. This slide also shows the network interface that the LSA is advertised out of and the metric that is associated with the interface. In this case, the interface is a 100 Mb/s Ethernet interface with a metric of 1000.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:SR1# show router ospf database detail

Module 7 – page 49

Show Route Table

=============================================================================== Route Table (Router: Base) =============================================================================== Dest Address

Next Hop

Type

Proto

Age

Metric

Pref

------------------------------------------------------------------------------172.0.0.152/32

system

Local

12d19h24m

172.0.0.154/32

192.168.2.1

Remote

OSPF

11d17h16m

1001

192.168.2.0/30

fast

Local

11d17h17m

------------------------------------------------------------------------------No. of Routes: 3 ===============================================================================

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

The slide above shows the forwarding information that is used by the router to forward traffic to its destination. Note that the local routes have a metric of 0 and a preference of 0. Therefore, if OSPF had learned of paths to these destinations, they would not be entered in the forwarding table because the OSPF preference value is 10. The information also includes the address or name of the next-hop interface. If it is a local route, the name of the interface is displayed. If it is a remotely learned route, the address of the interface that advertised the route to this router is displayed.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A:SR1# show router route-table

Module 7 – page 50

Module Summary

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

With Link state protocols every router has the same view of the network (same topology database), routing updates are triggered when there are topology changes, paths are computed to each reachable destination using shortest path first algorithm OSPF and ISIS are Link state protocols OSPF has concept of areas which break network into smaller pieces, reducing the amount of routing update flooding The three types of areas are: Backbone, Normal, Stub

Module 7 – page 51

Module Summary (cont’d)

y within a non-zero (backbone) area

Area Border Router (ABR): y between two or more different OSPF areas

Autonomous System Border Router (ASBR): y connects OSPF routing domains to another non-OSPF routing domain

Backbone Router: y within backbone area

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

The four types of routers are: Internal Router:

Module 7 – page 52

Module Summary (cont’d)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

There are 5 types or OSPF packets used to establish adjacencies, maintain the adjacencies, and exchange routing information Hello Database Description Link State Request Link State Update Link State Acknowledgement

Module 7 – page 53

Module Summary (cont’d)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

The 5 main LSA types are: Type 1 – Router LSA Type 2 – Network LSA Type 3 – Summary LSA Type 4 – ASBR Summary LSA Type 5 – AS-External LSA On a shared media one router becomes the Designated Router and is responsible for sending LSAs on the network

Module 7 – page 54

Learning Assessment

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1. In OSPF, what are the areas used for? A. Simplify network design. B. Reduce the amount of transit customer traffic. C. Reduce the amount of LSA traffic. 2. Which one of the following routers connects an OSPF routing domain to a non-OSPF routing domain? A. ASBR B. Backbone C. ABR D. Internal 3. In OSPF terminology, what is the cost used for? A. Cost is the monetary value of a link, such as a satellite link. B. Cost is a metric value used by the SPF algorithm for path calculations. C. Cost is the preference value used to select paths learned from different routing protocols.

Module 7 – page 55

Learning Assessment (continued)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

4. How many databases are formed by standard OSPF? A. 3 B. 4 C. 2 D. 1 5. All non-zero areas must connect to Area 0. A. True B. False 6. Which of the following areas supports external routes in the routing table? Choose all that apply. A. Stub B. Backbone C. Normal

Module 7 – page 56

Learning Assessment (continued)

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

7. Which of the following packets is also used as a keepalive? A. Database description B. Link-state request C. Link-state update D. Link-state acknowledgment E. Hello

Module 7 – page 57

Learning Assessment Answers

Alcatel-Lucent Scalable IP Networks v1.1

Module 7 |

1. In OSPF, what are the areas used for? A. Simplify network design. B. Reduce the amount of transit customer traffic. C. Reduce the amount of LSA traffic. √ 2. Which one of the following routers connects an OSPF routing domain to a non-OSPF routing domain? A. ASBR√ B. Backbone C. ABR D. Internal 3. In OSPF terminology, what is the cost used for? A. Cost is the monetary value of a link, such as a satellite link. B. Cost is a metric value used by the SPF algorithm for path calculations. √ C. Cost is the preference value used to select paths learned from different routing protocols. 4. How many databases are formed by standard OSPF? A. 3 √ B. 4 C. 2 D. 1 5. All non-zero areas must connect to Area 0. A. True √ B. False 6. Which of the following areas supports external routes in the routing table? Choose all that apply. A. Stub B. Backbone √ C. Normal √ 7. Which of the following packets is also used as a keepalive? A. Database description B. Link-state request C. Link-state update D. Link-state acknowledgment E. Hello √

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Page left blank for notes

Module 7 – page 58

LAB 4.2 – Multi-Area OSPF

Edge-Pod2

Pod2 Area 1 Area 2 Core-Pod1

Core-Pod2

OSPF

Core-Pod3

Pod3

Area 3

Edge-Pod3

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Core-Pod4

Pod4

Area 4

Edge-Pod4

Module 7 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Edge-Pod1

Pod1

Module 7 – page 59

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

www.alcatel-lucent.com

Module 8 â&#x20AC;&#x201D; Introduction to Border Gateway Protocol

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks

Module Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 8 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After successful completion of this module, you should be able to: Define the use of border gateway protocol Define public and private autonomous systems Explain why an IGP must be running to support BGP Define the difference between EBGP and IBGP peers

Module 8 – page 2

BGP History

1989

BGP BGP — — v2 v2 RFC RFC 1163 1163

1990

RFC RFC 1164 1164 implementation implementation

Alcatel-Lucent Scalable IP Networks v1.1

BGP BGP — — v3 v3 RFC RFC 1267 1267

1991

RFC RFC 1168 1168 implementation implementation

BGP BGP — — v4 v4 update update RFC RFC 1771 1771

BGP BGP — — v4 v4 RFC RFC 1654 1654

1994

RFC RFC 1655 1655 implementation implementation

2006

1995

BGP BGP — — v4 v4 update update RFC RFC 4271 4271

Present

RFC RFC 1772 1772 implementation implementation

Module 8 |

Over the course of BGP’s existence, multiple RFCs have been created and commonly accepted. The slide above lists the RFCs that explicitly define the characteristics of basic BGP.

In 1989, a workgroup started to outline and create the first RFC for BGP.

RFC 1105 is the first RFC for BGP. It defined the basic operation and common characteristics used by BGP. This was the BGPv1 specification that was first released for public use.

In 1990, RFC 1163 was released. This RFC incorporated additional features and modifications to the original RFC and was known as BGPv2.

At the same time, RFC 1164 was created to describe the proper implementation of BGP.

Since the release of RFC 1164 and BGPv2, all subsequent releases of BGP have been accompanied by a new RFC related to implementation.

The currently accepted version of BGP is version 4. The currently accepted RFC for BGPv4 is RFC 1771, with accompanying implementation RFC 1772.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

BGP BGP original original RFC RFC 1105 1105

Module 8 – page 3

Autonomous Systems in BGP

AS-65003

• A group of networks and network equipment under a common administration

AS-65001

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

• IGP protocols such as OSPF, IS-IS, and RIP run in an AS • BGP is used to connect autonomous systems

Module 8 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

AS-65002

Module 8 – page 4

Autonomous Systems in BGP (continued)

Private autonomous systems Assigned by ISPs (for some clients), local administrators, and so on Not allowed to be advertised to other ISPs or on the Internet Range from 64512 to 65535

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

Regional Internet Registries Regional Internet Registries (RIRs) are nonprofit corporations established for the purpose of administration and registration of Internet Protocol (IP) address space and Autonomous System (AS) numbers. There are five RIRs: Registry

Geographic Region

AfriNIC

Africa, portions of the Indian Ocean

APNIC

Portions of Asia, portions of Oceania

ARIN

Canada, many Caribbean and North Atlantic islands, and the United States

LACNIC

Latin America, portions of the Caribbean

RIPE NCC

Europe, the Middle East, Central Asia

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Public autonomous systems Assigned by ARIN or another authority Must be used when connecting to other autonomous systems in the Internet Range from 0 to 64511

Module 8 – page 5

BGP Protocol Overview Interior Gateway Protocols

AS-65002

AS-65003 Exterior Gateway Protocols • IGPs run within an autonomous system

AS-65001

Alcatel-Lucent Scalable IP Networks v1.1

• EGPs run between autonomous systems

Module 8 |

IGPs are protocols that run actively within an autonomous system. Common protocols that are used in this manner are RIP, IS-IS, and OSPF. EGPs are protocols that run actively between autonomous systems. The only commonly accepted protocol used as an EGP is BGP.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

OSPF IS-IS RIP

Module 8 – page 6

Requirement for an IGP

OSPF

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

BGP is not a discovery protocol. It has no mechanism to find its way to a neighboring router if a path does not already currently exist in the routing table. BGP therefore requires an IGP of some kind (OSPF, IS-IS, RIP, or static routes) to find a path to the other BGP speakers so that TCP can establish a peering session with those BGP speakers.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

BGP is not a discovery protocol An IGP routing protocol is needed within the Autonomous System so that BGP routers know how to reach other BGP routers within the AS

Module 8 – page 7

BGP Scope

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

BGPv4, defined in RFC 1771, provides reachability information to foreign networks (outside the AS) by enabling the exchange of routing information between ASs to allow for data flow between them. When the exchange is enabled, of equal or greater concern is the application of administrative policy to the traffic flows. Policy implementation is a key strength of BGP and allows the administration to manipulate traffic based on virtually any policy. BGP has proven scalability. It is the protocol of choice for service providers, running on their Internet routers. BGP is the fundamental building block of the Internet and is used by every service provider in the world for service-provider interoperability. BGP is the most feature-rich and scalable routing protocol in use today. It supports the current requirements of the Internet, and with extended capabilities such as multiple protocol families and extended AS numbers, is well-positioned for the future.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Enables the exchange of routing information between autonomous systems Enables the implementation of administrative policies Already scaled to: Large number of autonomous systems Large number of neighbors Large volume of table entries High rate of change

Module 8 – page 8

BGP Features

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

Although BGP is an enhanced distance vector protocol, it is specifically called a path vector protocol. Neighbor relationships in BGP are somewhat different from what is normal in the IGP world. Traditionally, neighbors are always directly connected routers. With BGP, this is no longer the case: neighbors may be directly connected, but it is not required because BGP uses unicast TCP/IP for neighbor establishment. It is possible for neighbor relationships to be established with any device that is IP-reachable. There is no guarantee that the neighbor relationship will succeed because factors such as firewalls or access control lists may prevent certain types of traffic from passing, but they are possible and likely to occur. At the application layer, BGP functions similarly to other TCP/IP applications, such as Telnet, FTP, and HTTP. BGP may be viewed as an application because it uses registered port number 179 in the TCP/IP model. Generic TCP/IP applications use a 3-way handshake for session establishment, and once this is completed a TCP/IP session is formed. After the session, the applications exchange or negotiate a set of parameters for the session. In Telnet, for example, parameters such as terminal types and passwords are typically negotiated. If application-level parameters are also acceptable, a session is established at the application layer and data is exchanged. Periodic user data keeps the session alive. When the session is to be terminated, either user input or an inactivity timeout causes the application session to be torn down and TCP/IP to initiate the 4-way session teardown.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Path vector protocol Neighbors can be any reachable devices Unicast exchange of information Reliability via TCP Uses well-known TCP port 179 Periodic keepalive for session management Event-driven Robust metrics Behavior is similar to other TCP/IP applications

Module 8 – page 9

BGP Considerations

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

Protocols that are based on distance vector mechanisms, such as path vector, share certain common characteristics. The two that are significant to BGP are hop count and split horizon. It is important to note that these two behaviors are present in the BGP protocol. Adding to the complexity of BGP is the fact that topology and routing table sizes become much larger than in an IGP environment. The increased size of these tables means that factors such as CPU loading, memory utilization, update generation, and route processing have a far greater implication in BGP. These items, and others, affect convergence. Convergence may be viewed in two ways. Local convergence is the time taken for a router to receive and process all outstanding messages and settle on a stable topology. Network convergence is the time taken for all routers in the system to settle on a stable topology. In IGP terms, the system is usually the local AS. In BGP terms, the system is the Internet. Because the entire Internet is the scope of BGP, the administration is typically more complex than that in a single AS.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Path vector protocol roots are distance vector All distance vector protocols share similar characteristics: Hop count is a metric Split horizon is a factor Table sizes are significantly larger than in IGP Convergence is an issue Administratively complex

Module 8 – page 11

EBGP vs. IBGP Overview

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

There are two possible types of BGP neighbor relationships. Regardless of the type, a BGP session between two devices is alternatively referred to as a neighbor or peer session. A BGP router is also referred to as a BGP speaker. A session between two devices in different autonomous systems is referred to as an external BGP or EBGP session. It is typical for devices having an EBGP session to be directly connected, sharing a common data link, but it is not mandatory. Because the devices are in different autonomous systems, the administration of each device is typically handled separately. Care must therefore be taken to ensure that the configuration parameters match so that the peering will succeed. A session between two devices in the same autonomous system is referred to as an internal BGP or IBGP session. It is typical for devices having an IBGP session not to be directly connected, as they may be across the country or the world. Because the devices are in the same autonomous system, the administration of each device is typically handled by the same organization. Care must still be taken to ensure that the configuration parameters match so that the peering will succeed, but as the devices are locally controlled, this is often an easier task than with EBGP.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Two types of BGP sessions are possible External BGP (EBGP) sessions: Routers are in different autonomous systems Typically directly connected, but not mandatory Different administrations Internal BGP (IBGP) sessions: Routers are in the same autonomous systems Typically non adjacent routers; could be directly connected Same administration

Module 8 – page 12

Internal BGP

AS-65002

Physical Link

AS-65004

AS-65003

AS-65001

• IBGP neighbors are peers in the same autonomous system. • By default, they do not need to be directly connected.

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

A session between two devices in the same autonomous system is referred to as an IBGP session. Because the devices are in the same autonomous system, the administration of each device is typically handled by the same organization. Care must still be taken to ensure that the configuration parameters match so that the peering will succeed, but as the devices are locally controlled, this is often an easier task than with EBGP. A requirement for IBGP is that all routers that participate in an IBGP session must be fully meshed. This requires that every router needs to be able to establish an IBGP session with every other router in the AS. The rationale behind this is beyond the scope of this course and will be fully covered in the BGP course.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Internal BGP sessions (IBGP)

Module 8 – page 13

External BGP

AS-65002

Physical Link

AS-65004

AS-65003

AS-65001

Alcatel-Lucent Scalable IP Networks v1.1

• EBGP neighbors are peers in different autonomous systems. • By default, they need to be directly connected..

Module 8 |

A session between two devices in different autonomous systems is referred to as an EBGP session. It is typical for devices having an EBGP session to be directly connected, sharing a common data link, but it is not mandatory. Because the devices are in different autonomous systems, the administration of each device is typically handled separately. Care must therefore be taken to ensure that the configuration parameters match so that the peering will succeed.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

External BGP sessions (EBGP)

Module 8 – page 14

When to Use BGP

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 8 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Use BGP in the following environments: You are an ISP and need to pass client traffic from one AS to another AS. You need to multi-home to several ISPs due to company requirements. Traffic flow from or to your company must be manipulated and controlled. Do not use BGP in the following environments: There is no need to have more than one connection to the Internet. Company engineers do not understand how BGP works. The hardware and physical links to the ISP are not able to handle the load of BGP traffic.

Module 8 – page 15

BGP Metrics

BGP uses multiple metrics to select the best path to a destination network.

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

BGP, as stated above, can implement multiple criteria in selecting the best path to a destination. This makes BGP a very flexible and complicated protocol in the configuration process. However, it does give the administrator a way to influence the way traffic will flow across the network.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IGP protocols use single metrics for path determination: RIP — Hop count OSPF — Cumulative cost ISIS — Cumulative cost

Module 8 – page 16

BGP Attributes

y AS-path y Next-Hop y Origin y Local Preference y Multiexit Discriminator (MED) y Others

Attributes are carried inside update messages

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

After BGP establishes a session, routing updates are exchanged. The routing update contains a prefix and metrics. In BGP, metrics are called attributes.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Metrics are called attributes BGP attributes include the following:

Module 8 – page 17

AS Path

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

The AS Path attribute identifies the sequence of Autonomous Systems through which this UPDATE message has passed. This attribute is not a single item, like origin code, but is a list that may contain zero, one or more entries. The list may be read in either direction, but if reading from left to right then the significance of the list entries is as follows. The leftmost entry in the list is the neighboring AS that sent the prefix into your AS. The rightmost entry in the list is the originating AS for the prefix. Any intermediate entries are transit ASs that the update has passed through on its way to you. If you are viewing the update inside the originating AS, the list will be empty or null, since the update has not yet passed ‘through’ any ASs. The behavior of this attribute is that the AS number of the sender will be prepended (added to the beginning) to the list whenever the update crosses an AS boundary. If a router receives an update containing the local AS number already in the path sequence, the update is flagged as a loop. The implementation of AS_PATH is the hop count of BGP. It is important to note that this hop count is not an indication of the number of routers that the update has passed through, but of the number of ASs the update has passed through, regardless of the actual number of routers.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

AS Path – identifies the Autonomous System(s) through which this UPDATE message has passed Modified by any border router when propagating an update across an AS boundary y Local AS number inserted at the beginning of the list AS Path is a variable length list. Reading left to right: y The leftmost entry is the AS that sent the prefix to you y The rightmost entry is the originator of the prefix y Intermediate entries (if present) are transit ASs y The list may be null AS Path is the hop count of BGP Used for loop detection

Module 8 – page 18

AS Path

Prefix

AS 65100

Router X

Origin AS Path next-hop

AS 65250

Update in AS 65200

Router A

null Prefix

AS 65200

65200 65100

Origin AS Path next-hop

Prefix

Update originated in AS 65100

Alcatel-Lucent Scalable IP Networks v1.1

Router Y

Router B

Origin AS Path next-hop

Update received at Router Y

Module 8 |

In the above illustration, the same BGP update is being originated by the router in AS 65100. The prefix in the update message is internal to AS 65100. Since this router is inside the originating AS, the AS Path is null. The attribute will propagate in all further BGP updates for this prefix, in this example across AS 65200 and 65250, and each time the update crosses an AS boundary, the AS number of the sender will be prepended to the AS Path list. When the update arrives in AS 65200, it has crossed an AS boundary in order to get there, so the AS Path attribute now contains 65100, the AS number of the sender. Similarly, when it arrives in AS 65250, the AS Path attribute now contains the sequence 65200 65100. If we read the AS Path from left to right, it represents the sequence of ASs leading back to the origin of the route.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

65100

Module 8 – page 19

Next-hop

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

Next-hop defines the IP address of the border router that should be used as the next hop to the destinations listed in the Network Layer Reachability field of the UPDATE message. When a BGP speaker advertises the route to a BGP speaker located in its own autonomous system, the advertising speaker shall not modify the NEXT_HOP attribute associated with the route. When a BGP speaker advertises the route to a BGP speaker located in a remote autonomous system, the advertising speaker may modify the NEXT_HOP attribute associated with the route. The typical behavior is to set the next-hop attribute to the IP address of the egress interface used to send the Update to the remote neighbor. There is no restriction that this must be the case, so other scenarios are possible. The next-hop attribute is one of the greatest administrative challenges when deploying BGP.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Next-hop - the IP address of the border router that should be used as the next hop towards the destination Set by the border router to the local interface address used to reach the neighbor, when propagating an update across an AS boundary The behavior is not always the same y Point-to-point networks y Multi-access networks y System Addresses May be administratively modified

Module 8 – page 20

Next-hop

Prefix

AS 65100

AS 65250

Update in AS 65200

Router Y

Router A

Router X

varies* Prefix

AS 65200 Origin AS Path next-hop

Router B

Origin AS Path next-hop

Update originated in AS 65100

Alcatel-Lucent Scalable IP Networks v1.1

Prefix

Router B Origin AS Path next-hop

Update received at Router Y

Module 8 |

In the above illustration, the same BGP update is being originated by the router in AS 65100. If viewed on a router inside the originating AS, the next-hop attribute may be one of several addresses, depending on the configuration. If the network is directly connected to the router originating the prefix, the next-hop is not relevant locally (it is directly connected), and will not be present in the local BGP table. If the prefix was learned from another router in the same AS (not shown in the diagram), then the next-hop will be the IP address of the originating router. In either case, the border router will set the next-hop address to the interface used to reach the router in AS 65200 when it propagates the update. The next-hop attribute will propagate in all further BGP updates for this prefix, in this example across AS 65200 and 65250, and each time the update crosses an AS boundary, the next-hop attribute will be set to the IP address of the egress interface used to send the update to the remote neighbor. When the update is sent between the routers within AS 65200, the next-hop is unmodified by default, it remains the address of the router in AS 65100. When the update arrives in AS 65250, it crossed an AS boundary to get there, so the next-hop attribute now contains the IP address of the eBGP router that sent the update to AS 65250.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Router X

Module 8 – page 21

Origin Code

Name

Code

Value

Meaning

IGP

interior to the originating AS

EGP

learned via EGP

Incomplete

learned by some other means

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

The ORIGIN attribute shall be generated by the autonomous system that originates the associated routing information. It shall be included in the UPDATE messages of all BGP speakers that choose to propagate this information to other BGP speakers. It can assume the following values: 0 - IGP - Network Layer Reachability Information is interior to the originating AS, i.e. it is learned via an IGP protocol 1 - EGP - Network Layer Reachability Information learned via EGP 2 - INCOMPLETE - Network Layer Reachability Information learned by some other means, such as static route, or directly connected interface Once set the ORIGIN attribute should never be modified.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Origin Code - defines the origin of the path information Lower Origin value is preferred Set by originating AS, should never change

Module 8 – page 22

Origin Code

Prefix

AS 65100

Router X

Origin AS Path next-hop

AS 65250

Update in AS 65200

Router A

i Prefix

AS 65200

Router Y

Router B i

Origin AS Path next-hop

Prefix

Update originated in AS 65100

Origin AS Path next-hop

Update received at Router Y

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

In the above illustration, a BGP update is being originated by the router in AS 65100. The prefix (or NLRI) in the update message is learned via an IGP protocol internal to AS 65100, so the origin code should be set to ‘i’. It will be unknown by default. The attribute will propagate in all further BGP updates for this prefix, in this example across AS 65200 and 65250, and should never be modified.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 8 – page 23

Local Preference

yThe degree of preference for each external route. Used only with iBGP. yThis attribute can be used to manipulate the way traffic egresses the Autonomous System

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

LOCAL_PREF shall be included in all UPDATE messages that a given BGP speaker sends to the other BGP speakers located in its own autonomous system. A BGP speaker shall calculate the degree of preference for each external route and include the degree of preference when advertising a route to its internal peers. The higher degree of preference should be preferred. LOCAL_PREF is only used in iBGP. A BGP speaker shall not include this attribute in UPDATE messages that it sends to BGP speakers located in a neighboring autonomous system. If it is contained in an UPDATE message that is received from a BGP speaker which is not located in the same autonomous system as the receiving speaker, then this attribute shall be ignored by the receiving speaker.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Local preference

Module 8 – page 24

Multi Exit Discriminator (MED)

yDefines the preferred entry point to the local Autonomous System yThis attribute can be used to manipulate the way traffic ingresses the Autonomous System

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

The MULTI_EXIT_DISC may be used on external (inter-AS) links to discriminate among multiple exit or entry points to the same neighboring AS. The value of the MULTI_EXIT_DISC attribute is a four octet unsigned number which is called a metric. All other factors being equal, the exit or entry point with lower metric should be preferred. If received over external links, the MULTI_EXIT_DISC attribute may be propagated over internal links to other BGP speakers within the same AS. The MULTI_EXIT_DISC attribute is never propagated to other BGP speakers in neighboring AS's.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Multi Exit Discriminator (MED) –

Module 8 – page 25

BGP Route Selection Criteria

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

This chart depicts the BGP route selection criteria as implemented on the Alcatel 7750 SR. When BGP receives multiple routes to the same destination prefix, the route selection criteria is used to select the best route. A route will never be considered if it does not have the valid flag associated to it, contains an AS-Path loop or the next-hop is unreachable. For each prefix in the BGP table, the first entry for that prefix is compared to the next in the list, until a best route is found for each.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

If the entry is valid, loop-free and the next-hop is reachable, then prefer the … 1. Route with higher local preference 2. Route with the shorter AS path 3. Route with the lower origin code 4. Route with the lowest MED 5. Route learned from an EBGP peer before those learned from an IBGP peer 6. Route with the lowest IGP cost to the next-hop 7. Route with the lowest BGP router-ID 8. Route with the shortest cluster list 9. Route with the lowest peer IP address

Module 8 – page 26

Show BGP Neighbor

=========================================================================== BGP Neighbor =========================================================================== --------------------------------------------------------------------------Peer : 192.168.1.5

Group : bgp

--------------------------------------------------------------------------Peer AS

: 65002

Peer Address

: 192.168.1.5

Local AS

: 65001

Local Address

: 192.168.1.6

Peer Type

: External

State

: Established

Last Event

: recvKeepAlive

Last Error

: Cease

Peer Port

: 49353

Local Port

: 179

Last State

: Established

(continued on next slide)

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

The information shown in the above graphic and continued on the next slide is the output showing the information of a BGP peering session. It first identifies the peer by the IP address (192.168.1.5) and then gives the Peer AS number (65002). It then identifies the local information and gives the state of the connection. If the state says anything other then “ESTABLISHED” then there is a problem. It shows the last event which is the last message that it has received.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Node_181# show router bgp neighbor

Module 8 – page 27

Show BGP Neighbor (continued)

Local Family

: IPv4

Remote Family

: IPv4

Local Capability : RouteRefresh MP-BGP

Remote Capability: RouteRefresh MP-BGP

Hold Time

Keep Alive

: 90

Active Hold Time : 90

: 30

Active Keep Alive: 30

Cluster Id

: None

Preference

: 170

Num of Flaps

: 1

Recd. Prefixes

: 6

Active Prefixes

: 3

Recd. Paths

: 2

Suppressed Paths : 0

Input Queue

: 0

Output Queue

: 0

i/p Messages

: 25

o/p Messages

: 23

i/p Octets

: 673

o/p Octets

: 621

i/p Updates

: 7

o/p Updates

: 6

Import Policy

: None Specified / Inherited

Export Policy

: rip

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

This is a continuation from the previous slide. There is a lot of information shown above but some of the more important information is the local and remote capability. Notice that both support MP-BGP. This is Multi-Protocol BGP and will be covered in the BGP protocol class. Other important information are the timers for the hold and keep alive. These must match in a peering session. The final areas to note are the import and export policies. As was previously stated BGP is not a discovery protocol and not only must you tell it where to go to peer, you must also tell it what information you want it to advertise.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

(continued from previous slide)

Module 8 – page 28

Show BGP Paths

========================================================================== BGP Router ID : 172.0.0.181

AS : 65001

Local AS : 65001

========================================================================== BGP Paths ========================================================================== Path: 65004 65002 Origin

: Incomplete

Next Hop

MED

: none

Local Preference : none

: 192.168.1.10

Refs

: 4

ASes

Segments

: 1

Flags

: EBGP-learned

: 2

-------------------------------------------------------------------------Path: 65002 Origin

: Incomplete

Next Hop

MED

: none

Local Preference : none

Refs

: 8

ASes

Segments

: 1

Flags

: EBGP-learned

Alcatel-Lucent Scalable IP Networks v1.1

: 192.168.1.5 : 1

Module 8 |

The above graphic shows the BGP Paths that have been learned by the router. Note that the path lists the AS numbers of the systems that it must traverse and whether they were learned through e-BGP or i-BGP. Note that there may a very large number of BGP paths in the router’s routing table and as such it may be wise to specify the particular routes of interest when executing the ‘show router bgp paths’ command.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Node_181# show router bgp paths

Module 8 – page 29

Show BGP Summary

=============================================================================== BGP Comprehensive Summary =============================================================================== ServiceId

PktRcvd

Neighbor

InQ

PktSent

Up/Down State| Recv/Actv/Sent(IPv4)

OutQ

Recv/Actv/Sent(VpnIPv4)

---------------------------------------------------------------------------------Def. Instance

65002

192.168.1.5 Def. Instance

0 28

65004

192.168.1.10

0 23

00h10m17s

6/3/6

00h07m27s

6/2/7

VPN-IPv4 Incapable

===============================================================================

Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

The above graphic shows a summary of the Autonomous Systems that the router has learned about and the amount of packet traffic it has received from those systems.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Node_181>show>router>bgp# summary all

Module 8 – page 30

Show BGP Group

========================================================================= BGP Group : bgp ========================================================================= Description

: (Not Specified)

Group Type

: No Type

State

: Up

Peer AS

: n/a

Local AS

: 65001

Local Address

: n/a

Loop Detect

: Ignore

Import Policy

: None Specified / Inherited

Export Policy

: rip

Hold Time

: 90

Keep Alive

: 30

Cluster Id

: None

Client Reflect

: Enabled

NLRI

: Unicast

Preference

: 170

Established

: 2

List of Peers - 192.168.1.5

: (Not Specified)

- 192.168.1.10

: (Not Specified)

Total Peers

: 2

------------------------------------------------------------------------Peer Groups : 1 Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

BGP, like RIP, uses the concept of Groups in its configuration. Inside the group, the operator will configure the neighbor information for the BGP protocol to use for peering. Note above, that there are two peers configured and the two sessions established.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Node_181>show>router>bgp# group bgp

Module 8 – page 31

Show BGP Routes

=============================================================================== BGP Router ID : 172.0.0.181

AS : 65001

Local AS : 65001

=============================================================================== Legend Status codes

: u - used, s - suppressed, h - history, d - decayed, * - valid

Origin codes

: i - IGP, e - EGP, ? - incomplete, > - best

=============================================================================== Flag

Network

Nexthop

VPN Label

As-Path

LocalPref

MED

------------------------------------------------------------------------------u*>?

11.11.11.0/24

192.168.1.5

none

65002 *?

11.11.11.0/24

192.168.1.10 65004 65002

Press any key to continue (Q to quit) Alcatel-Lucent Scalable IP Networks v1.1

Module 8 |

The above graphic is just a portion of the output of the BGP routes. This shows all learned BGP routes to all destinations. It marks each route as valid, the origin of the route and whether the route is used or not. The > signifies the best route and this is the route that will be entered into the routing table.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Node_181>show>router>bgp# routes

Module 8 – page 32

Protocol Summary

RIPv2

BGP

OSPF

ISIS

Updates

Periodic

Incremental

Update type

Broadcast/Multicast

Unicast

Multicast

Authentication

Simple & MD5

MD5

Metric

Hops

Multiple

Cost

Default

Metric type

Distance vector

Adv. DV

Link-state

VLSM/CIDR support

Yes

Topology size

Small

Very large

Large

Transport protocol

UDP

TCP

—

Application port #

520

179

—

Protocol #

—

Alcatel-Lucent Scalable IP Networks v1.1

Simple & MD5 Simple & MD5

Module 8 |

The comparison above shows the differences and similarities of the routing protocols that are supported on the Alcatel 7750 SR platforms. RIP, OSPF, and IS-IS are the IGPs and BGP is the EGP.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Feature

Module 8 – page 33

Module Summary

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 8 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

This module provided a brief overview of BGP. BGP is an external routing protocol. Provided an understanding of IBGP and EBGP Provided an understanding of the operation of BGP and its route selection process BGP connects autonomous systems to other autonomous systems. Provided a high-level summary of the features of the routing protocols

Module 8 – page 34

Learning Assessment

2. BGP is referred to as a path vector protocol, which means that path selection is based on what? a. AS Hop count b. Cost c. AS numbers d. Default

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 8 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1. Two BGP speakers establish a peering session. One BGP speaker is in AS 65001, and the other is in AS 65002. What type of peering session is it? a. EGP b. IGP c. IBGP d. EBGP

Module 8 – page 35

Learning Assessment (continued)

4. What does BGP require to work correctly within an AS? a. An IGP b. The BGP speakers must be configured with different AS numbers. c. The BGP speakers must be installed on the edge of the network.

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 8 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

3. What transport layer protocol and port number does BGP use? a. TCP port 79 b. UDP port 79 c. TCP port 179 d. UDP port 179

Module 8 – page 36

LAB 6.1 – BGP

Edge-Pod2

Pod2 65001

65002

Core-Pod1

Core-Pod2

BGP

Core-Pod3

Pod3

65003

Edge-Pod3

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Core-Pod4

65004

Pod4

Edge-Pod4

Module 8 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Edge-Pod1

Pod1

Module 8 – page 38

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

www.alcatel-lucent.com

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

3HE-02767-AAAA-WBZZA Edition 01

Module 9 â&#x20AC;&#x201D; 7x50 SR/ESS Services Overview

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Alcatel-Lucent Scalable IP Networks

Module Objectives

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 9 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

After successful completion of this module, you should be able to: Discuss the different services offered Understand the concepts of the components that make up a service Understand the function of a service tunnel Discuss the basics of MPLS

Module 9 – page 2

Understanding Services

y Represented by the IES is a global service y The purpose of IES is to provide connectivity to the world as defined in the global routing table.

VPN services y VPN services (VLL, VPLS, and VPRN) are, by their nature, restricted. You must define the scope of the VPN: what is allowed into it and how the nodes in the service connect to each other.

Alcatel-Lucent Scalable IP Networks v1.1

Note: The 7450 ESS does not support VPRN services.

Scalable IP Networks v1.00

Module 9 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

There are two main types of services on the 7x50 SR/ESS platforms: Internet connectivity

Module 9 – page 3

Network-Component Naming Conventions

CE = customer edge PE = provider edge P = provider router

Alcatel-Lucent Scalable IP Networks v1.1

Module 9 |

Customer Edge Devices A CE device provides customer access to the service provider network over a data link to one or more PE routers. The end user typically owns and operates these devices. The CE devices run the routing protocol(s) of the end user and support the IP address scheme implemented by the end user. The devices are unaware of the existence of the MPLS protocol or the VPNs. CE devices used in layer 2 VPNs may be Ethernet switches, in which case they do not need to participate in routing protocols. They must only be aware of VLANs running in the customer network. Provider Edge Devices A PE router is directly connected to the customer edge (CE) devices. In an MPLS network PE routers are LERs. Provider Router The routers in the provider core network. In an MPLS provider network routers are LSRs.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Module 9 – page 4

Internet Enhanced Service

Internet Company C

y From the customer’s perspective, it provides a direct connection to the Internet. y The service provider can apply all billing, ingress/egress shaping, and policing to the customer. PE C PE A

Service provider network

PE B

Company A

Company B

Alcatel-Lucent Scalable IP Networks v1.1

Module 9 |

An IES is a routed connectivity service in which the subscriber communicates with an IP (layer 3) router interface to send and receive Internet traffic. The IES allows the provider to shape and police traffic to conform to SLA parameters. This allows customers to purchase subrate Internet access with asymmetrical SLAs. Characteristics

A SAP acts as the access point to the subscriber’s network.

The interface supports RIP, OSPF, IS-IS, and BGP.

Does not require an SDP; traffic is routed rather than encapsulated in a tunnel.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

IES provides direct Internet access for the customer, with the following features:

Module 9 – page 5

VLL Service

PE C

PE A

IP / MPLS Network e-pipe service

PE D

Alcatel-Lucent Scalable IP Networks v1.1

Module 9 |

A VLL is a layer 2 point-to-point service. The VLL service encapsulates customer data and transports it across a service provider’s IP or MPLS network in a GRE or MPLS tunnel. Customer access to the service provider’s network is through a SAP. A VLL service connects two access points on the same node or two access points on different nodes through two unidirectional tunnels. Each node needs to provide access to the service tunnel. A basic VLL service must have the following:

A locally unique identification number

System IP address of the originating and far-end nodes

Tunnel encapsulation type: GRE or MPLS

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

A VLL service provides a point-to-point connection between two nodes. From the customer’s perspective, it looks as if a leased link exists between the two locations. The service provider can apply billing, PE B ingress/egress shaping, and policing.

Module 9 – page 6

Virtual Private LAN Service

y From the customer’s perspective, it looks as if all sites are connected to IP/LSP Fulla single switched VLAN. mesh y The service provider PE A can reuse the IP/MPLS infrastructure to offer multiple services. y The service provider can apply billing, ingress/egress shaping, and policing.

PE B VPLS Service

PE C

IP / MPLS Network

PE D

Alcatel-Lucent Scalable IP Networks v1.1

Module 9 |

The 7750 SR supports VPLS multipoint switched services. A VPLS is a multipoint layer 2 service that allows multiple customer sites to be connected in a single bridged domain contained in a provider-managed IP/MPLS network. Customer sites in the VPLS appear to be on the same LAN even if the sites are geographically dispersed. A VPLS:

Uses an Ethernet interface on the customer access side to simplify provisioning

Enables customers to control and simplify routing strategies as all routers in the VPLS are part of the same LAN, which simplifies IP addressing

Is protocol-independent, which means there is no layer 2 protocol conversion between LAN and WAN technologies

A VPLS can span a single node or multiple nodes. On a VPLS that spans a single node, subscriber data is distributed through multiple access points on the node. On a VPLS that spans multiple sites, customer data enters the service using at least one access point on each node. Data is transported among the nodes through service tunnels over an IP/MPLS provider core network. A VPLS that spans multiple nodes requires at least one service tunnel at each node. VPLS services switch traffic based on MAC addresses (associated with the appropriate access points). CE Equipment Although VPLS is a layer 2 VPN service and allows the use of layer 2 switches as the CE devices, most customers use routers at the LAN/WAN boundary. Using a router as the CE device means that the PE device must learn only one MAC address per site, per service. Using a layer 2 switch as the CE device means that the PE device must learn potentially hundreds of MAC addresses per site, per service. The number of MAC addresses that the PE device must learn can be limited by using MAC filters and/or by limiting the maximum number of MAC addresses accepted by the PE device.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

VPLS is a class of VPN that allows the connection of multiple sites in a single bridged domain over a provider-managed IP/MPLS network.

Module 9 – page 7

Virtual Private Routed Network (RFC 4364)

Alcatel-Lucent Scalable IP Networks v1.1

Module 9 |

VPRN Service Red

PE C RI-1 RI-2

VPRN Service Green

RFC 4364 (which obsoletes RFC 2547) describes a method of distributing routing information and forwarding data to provide a layer 3 VPN service to end customers. Each VPRN consists of a set of customer sites that are connected to one or more PE routers. Each associated PE router maintains a separate IP forwarding table for each VPRN. Additionally, the PE routers exchange the routing information configured or learned from all customer sites via MP-BGP peering. Each route in a VPN is assigned an MPLS label. When BGP distributes a VPN route, it also distributes an MPLS label for the route. Before a customer data packet travels across the service provider's backbone, it is encapsulated with the MPLS label that corresponds, in the customer's VPN, to the route that best matches the packet's destination address. The MPLS packet is further encapsulated with either another MPLS label or a GRE tunnel header so that it gets tunneled across the backbone to the proper PE router. Each route exchanged by MP-BGP includes a route distinguisher (RD), which identifies the VPRN association. The backbone core routers therefore do not need to know the VPN routes.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

VPRN is a class of VPN that allows the connection of multiple sites in a routed domain over a provider-managed IP/MPLS network. From the customer’s perspective, it looks as if all sites are connected to a private routed network administered by the service provider for MP-BGP RI-1 route exchange RI-2 that customer only. for all services PE B The service provider can reuse the IP/MPLS infrastructure PE A to offer multiple services. RI-1 RI-2 Each VPRN appears like an IP / MPLS additional routing instance. Network Routes for a service between the various PEs are exchanged RI-1 PE D RI-2 using MP-BGP.

Module 9 – page 8

Tunnel Encapsulation Types

Encapsulates traffic in an IP/GRE header; appears like an IP packet Low control plane overhead Uses normal IP routing to find a path MPLS Uses LDP or RSVP for label signaling LDP auto-bind is available to simplify configuration LDP relies on an IGP to find its path RSVP y y y y

Requires manual configuration Can be loose or strict May reserve bandwidth Can use fast reroute to speed convergence

Alcatel-Lucent Scalable IP Networks v1.1

Module 9 |

Generic Routing Encapsulation

Low control plane overhead

Uses an IGP (e.g., OSPF, IS-IS) to find a path from edge to edge

Convergence depends on the IGP

MPLS

Uses LSPs (may use primary and secondary paths for protection)

Paths can be manually configured or signaled using LDP or RSVP-TE

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

GRE

Module 9 – page 9

MPLS Terminology

Alcatel-Lucent Scalable IP Networks v1.1

Module 9 |

MPLS Terminology MPLS has become the basic building block for the various services and VPNs offered on the 7750 SR platforms. The slide above lists some of the more common MPLS acronyms that are used when discussing services.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

LER (Label edge router) LSR (Label switch router) LSP (Label switch path) Push Swap Pop Label Stack DoD (Downstream on demand) DU (Downstream unsolicited) RSVP-TE (Resource reservation protocol with traffic engineering extensions) T-LDP (Targeted label distribution protocol)

Module 9 – page 10

MPLS Basics (continued)

Alcatel-Lucent Scalable IP Networks v1.1

LSR LER

Module 9 |

In the case of services the LERs are normally located at the edge of the network while the LSRs are normally the core routers. The MPLS-enabled routers (LERs and LSRs) use a signalling protocol to distribute labels across the network. These labels are used to make the forwarding decision for incoming traffic rather than the IP address. This basically turns the L3 network into an L2 or switch network. The way the labels are distributed throughout the network depends on the signalling protocol used. LDP is DU, while RSVP is DoD. The next few slides discuss LDP at a high level. RSVP and a more in-depth discussion on LDP are covered in the MPLS/L3VPN course.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

LER

Module 9 – page 11

MPLS Basics (continued)

Router 1 LDP

Router 2

LDP

LER

LSR

Network 10.1.1.0/24 10.1.2.0/24

LER

Label

Intf

10.1.4.0/24

Alcatel-Lucent Scalable IP Networks v1.1

Router 3

10.1.2.0/24

Module 9 |

In the figure above, LDP is enabled on Router 2 and Router 3. However, before any of this can happen the network must be running some sort of routing protocol. For LDP to set up a peering session, it must be able to find its way to the adjacent router, and that is done by the routing protocols. When LDP is enabled, the protocol automatically sets up a peering session with adjacent LDP-enabled routers. When this session is established, the routers look at their routing tables and send out a label associated with networks that they see. In the figure above, an LDP session is established between Router 2 and Router 3. Router 3 examines its routing table for networks that it sees behind it and sends a label to Router 2 to represent those networks. For example, Router 3 sends a label of 20 to represent networks 10.1.1.0/24 and 10.1.2.0/24. Every time Router 2 receives a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, it pushes the label value of 20 onto the packet and puts it in the LSP that takes the MPLS frame to Router 3. Because Router 3 has sent the label of 20 out, it knows that any MPLS frame coming in with the label of 20 is destined for a network that is terminated from it. Router 3 removes the 20 label from the frame, does a layer 3 look up, and routes the packet to its destination.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

10.1.1.0/24

10.1.3.0/24

Module 9 – page 12

MPLS Basics (continued)

Router 1 LDP

LDP

Router 2

LSR

Ingress

Network

Alcatel-Lucent Scalable IP Networks v1.1

LER

Egress

Intf

Label

Label 10

Router 3

LER

10.1.4.0/24

LDP

10.1.1.0/24 10.1.2.0/24

1 10.1.2.0/24

Module 9 |

In the figure above. LDP is now enabled on Router 1. Router 1 now sets up a peering session with Router 2. Router 2 sends a label to Router 1 to represent the networks that it sees behind it; in this case, Router 2 sends a label of 10 to Router 1 to represent the 10.1.1.0/24 and 10.1.2.0/24 networks. Note that the label is not the same as the one Router 2 received from Router 3. Labels are only locally significant. Router 1, when receiving a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, pushes on a label of 10 and sends it to Router 2. Router 2’s function has now changed. When it now receives an MPLS frame with a label of 10, it swaps (switches) out the 10 label, replaces it with a label of 20, and sends it out the interface to Router 3. Router 3’s function remains the same; it removes the 20 label and routes the packet to its destination.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

10.1.1.0/24

10.1.3.0/24

Module 9 – page 13

MPLS Basics (continued)

Router 1 LDP

Router 2

LDP

10 LSP 10

LER

LDP

20 LSP 20

LSR

Network

Label

Intf

10.1.1.0/24 10.1.2.0/24

Ingress

Alcatel-Lucent Scalable IP Networks v1.1

LER Label

Network

Egress

Intf

Route

Label

10.1.4.0/24

Router 3

10.1.1.0/24 10.1.2.0/24

1 10.1.2.0/24

Module 9 |

The figure above shows the complete LSP setup from Router 1 to Router 3. Router 1’s function is to do a L3 lookup, and if the packet is destined for one of the networks supported by Router 3 it pushes (encapsulates the packet in an MPLS frame) the appropriate label onto the packet. This is the function of an LER. When it receives the MPLS frame, Router 2 examines the label, swaps it for the appropriate egress label, and sends the frame out the appropriate interface to get to its destination. Router 2’s function is now an LSR and is basically a L2 switch function. When receiving the MPLS frame, Router 3 examines the label and pops (removes the packet from the MPLS frame) the label, performs an L3 lookup, and routes the packet to the appropriate network. Note that LSPs are unidirectional. For bidirectional communications, another LSP must be set up in the opposite direction.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

10.1.1.0/24

10.1.3.0/24

Module 9 – page 14

VPN Services

Access

Service 1

Access

Service 2

Tunnel Access

PE-B

Network

Tunnel (MPLS, GRE)

Tunnel Access

Service 1

Access

Service 2

Access

•After a tunnel has been created, multiple services can be carried in it. •Operations on the tunnel affect all the services that are associated with the tunnel. •A tunnel uses the system IP address to identify the far-end 7750 SR.

Alcatel-Lucent Scalable IP Networks v1.1

Module 9 |

It does not matter what type of VPN service is created, they all function using the same method. With reference to the figure above, the tunnel must be created first. As shown, the tunnel can be either GRE or MPLS. After the tunnel is created, a service can be created. The figure above shows two services being created, and each service will have a unique service number. The service number must match at both ends of the service. This service number will isolate Service 1 traffic from Service 2 traffic. When the service has been created, the customer access point must be configured inside the service, thereby defining which port on the router belongs to the customer. When traffic comes into the router, the unique service number specifies which customer port the traffic is supposed to egress on. The final step of the process is to associate the service with the tunnel that will take the traffic to its destination. As shown in the figure above, the tunnel is not tied to one specific service but instead can support multiple services.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

PE-A

Module 9 – page 15

Physical Links, Tunnel LSPs, and VCs

Physical link

Service tunnel

Alcatel-Lucent Scalable IP Networks v1.1

Module 9 |

7750 SRs are connected to physical links that are used to carry traffic. When a service is set up using MPLS, LSP tunnels are set up between PE routers. Each service or customer sends traffic through a service tunnel within the LSP tunnel.

Tunnel LSPs are identified by MPLS labels that are swapped at each intermediate node (transit LSR) along the LSP from the ingress to the egress of the MPLS network.

The VC label is used to identify which service or customer a packet belongs to. The label is attached at the ingress point and does not change value as the packet travels from ingress to egress.

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

GRE/MPLS/LDP tunnels

Module 9 – page 16

Module Summary

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 9 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Overview of the Layer 2 and Layer 3 services offered. A high-level understanding to the function of a service tunnel A basic understanding of MPLS and the terminology

Module 9 – page 17

Learning Assessment

Alcatel-Lucent Scalable IP Networks v1.1

Scalable IP Networks v1.00

Module 9 |

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

1. An e-pipe (VLL) is a multipoint-to-multipoint service. True or False? 2. A VPLS allows multiple customer sites to be connected in: A. A single collision domain B. A single bridged domain C. A single routing domain 3. What protocol is used to exchange routing information between the PE routers in the service provider’s network, in RFC 4364 layer 3 VPNs?

Module 9 – page 18

Learning Assessment Answers

Alcatel-Lucent Scalable IP Networks v1.1

Module 9 |

1. An e-pipe (VLL) is a multipoint-to-multipoint service. True or False? FALSE 2. A VPLS allows multiple customer sites to be connected in: A. A single collision domain B. A single bridged domain 3 C. A single routing domain 3. What protocol is used to exchange routing information between the PE routers in the service provider’s network, in RFC 4364 layer 3 VPNs? MP-BGP

Scalable IP Networks v1.00

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute

Left blank for notes page

Module 9 – page 19

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent Confidential for internal use only -- Do Not Distribute