Tuesday, February 9, 2010

BGP--Route Selection Using Attributes

Route Selection Using Attributes

Attributes fall into multiple categories.

Well-known means that all implementations must support the attribute.

Optional attributes do not need to be recognized by the BGP implementation.

There are two categories of well-known attributes. They are mandatory and discretionary.

Mandatory attributes must be included in all messages.

Discretionary attributes do not need to be included in a message.

Mandatory Well-Known attributes are as follows:



Next-hop IP

Discretionary Well-Known attributes are those below:

Local Preference

Atomic Aggregate

Optional attributes can be either transitive or nontransitive.

Non-transitive means the metric is not carried far.

Transitive means that they are kept and carried beyond the local neighbors.

The MED is an optional nontransitive attribute.

The aggregator and community are optional transitive attributes.

The AS-path stores the list of AS numbers traversed for a network advertisement.

The next-hop attribute is the next-hop IP that will be used. Use caution with this attribute on multipoint NBMA networks. The next-hop-self keyword may be needed.

Weight is the first attribute considered in route selection. A higher weight is preferred. Weight is not advertised. It is only used to influence the path selection to an outbound network from a single router.

Local Preference works like the weight attribute for path selection. However, it affects the entire AS.

AS-Path Prepending influences how other autonomous systems reach your network. Remember to prepend your own AS number, otherwise the advertisement will be dropped. Prepend additional AS numbers onto the path that you are attempting to devalue.

The Multi-Exit Discriminator, AKA “metric”, is used to influence how a neighboring AS reaches your network. Higher metric values are perceived as worse.

Communities allow route tagging. Once routes have been tagged, they may be filtered. Communities are 32 bit values represented in decimal values separated by a colon. 2000:100 is an example of a community value. The first 16 bits represent the AS number. The last 16 bits represent the tag value.

There are four special community values.

No-export: will not be advertised beyond the confederation

Internet: equivalent to any

No-advertise: never advertise this route

Local-AS: will not be advertised outside of the AS (even with regards to confederations)

Tuesday, February 2, 2010


Route Selection Using Policy Controls

Over the last ten years, the size of the Internet grew to an extremely large size. None of the interior protocols used by most companies (such as OSPF, RIP, and EIGRP) could successfully handle a network of this size. BGP was a new Exterior Gateway Protocol (EGP) created to handle routing tables of enormous size. This introductory chapter gives us the overview of BGP and the foundation configuration commands.



* …is a distance vector routing protocol
* …uses TCP as its layer four transport (TCP port 179)
* …does not use triggered updates
* …uses periodic keepalives to verify TCP connectivity
* …is extremely scalable, but is slow to converge

BGP is rarely necessary if your company has a single connection to the Internet. It is most useful when you have multiple or redundant Internet connections since it can then find the service provider with the fastest path to your destination.


Unlike most of the routing protocols you may have configured in the past, BGP does not dynamically discover other neighboring BGP routers. They must be statically configured. This is beneficial since the service provider keeps its BGP connections under tight security. Use the following syntax to configure a BGP neighbor relationship:

Router(config)# router bgp

Router(config-router)# neighbor remote-as

You can only configure a Cisco router for a single BGP autonomous system (AS) (you cannot enter multiple router bgp numbers). However, you can connect to a practically limitless number of neighboring autonomous systems.

Once you have formed your neighbor relationships (neighbors no longer show the idle or active states from the show ip bgp summary output), you are now able to specify which internal networks you would like to advertise into the BGP routing process. Remember, service provider will propagate the networks you advertise to the entire Internet.

There are two ways of advertising internal networks into the BGP routing process: the network or redistribute router configuration commands. The BGP network command operates differently than any other routing protocol. Typically, the network statement tells a routing process the networks on which it should operate. For example, if you typed network when using the RIP routing protocol, RIP would send advertisements out any interface that was using an address from the network. In BGP, the statement network causes BGP to advertise the network to all neighbor relationships it has formed (provided a network is installed on the interior routing table).

The redistribute command, however, works similarly to other routing protocols. The command redistribute eigrp 100 causes all EIGRP routes from autonomous system 100 to enter the BGP routing table.


OSPF was written to address the needs of large, scalable internetworks that RIP could not. The issues it addresses are:

Speed of convergence:
In large networks, RIP convergence can take several minutes. With OSPF, convergence is much faster as routing changes are flooded immediately and computed in parallel.

Support for VLSM:
RIP v1 does not support VLSM. OSPF does support VLSM.

Network reachability:
RIP networks cannot span more than 15 routers, while OSPF has virtually no reachability limitations.

Use of bandwidth: RIP broadcasts its routing table out each interface every 30 seconds. OSPF multicasts link-state updates and only sends the updates when there is a change in the network. OSPF does perform a full update every 30 minutes to ensure that all routers are synchronized.

Method for path selection:
RIP has no concept of network delays or link costs. It routes packets purely on hop count. OSPF uses a cost value (speed of connection) for its path selection.

OSPF relies on IP packets for delivery of routing information, and uses protocol 89 in the transport layer.

We learned the three basic OSPF topologies:

Broadcast Multi-access:
Networks supporting multiple attached routers, together with the capability of addressing a single physical message to all of the attached routers (broadcast). Ethernet would be an example.

Point-to-point: A network that joins a single pair of routers. A T1 dedicated serial line would be an example.

NBMA (Non-broadcast Multi-access): Networks supporting multiple routers, but having no broadcast capability. Frame-relay and X.25 are examples of NBMA networks.

In a broadcast multi-access topology such as Ethernet, Hello packets are sent periodically out each OSPF enabled interface using IP multicast address The information contained in the hello packet is:

Router ID: A 32-bit number (usually an IP address) that uniquely identifies a router in an AS (autonomous system).

Hello and Dead intervals: The default Hello interval is 10 seconds. The Dead interval is 4 times the hello interval or 40 seconds by default.

Neighbors: The neighbors with which bi-directional communication has been established.

Area-ID: To communicate, two routers must share a common segment and have their interfaces belong to the same area on that segment.

Router priority: An 8-bit number that indicates the priority of this router when selecting a Designated Router (DR) and Backup Designated Router (BDR).

DR and BDR IP addresses: The IP address of the current DR and BDR are listed.

Authentication password:
If authentication is enabled, the password is listed here.

Stub area flag: A stub area is a special area that has only one exit to the backbone.

DR/BDR Election

To elect a DR and BDR on a broadcast multi-access network, the routers view each other’s priority value during the hello packet exchange process, and then use the following conditions to determine which is elected:

The router with the highest priority value is the DR.

The router with the second highest priority value is the BDR.

The default priority is 1 on an OSPF interface, in case of a tie, the router ID is used. The router with the highest router ID then becomes the DR, and the router with the second highest router ID becomes the BDR. The router ID is the highest IP address on the router, unless a loopback is configured, in which case the highest loopback IP address will be the router ID.

Loopback interfaces are logical interfaces that never go down. In other words they will always be in an UP, UP state. Because they can never go down, they are excellent references to use for router processes. Cisco is well aware of this and uses them in many ways. For instance, remember how OSPF chooses its Router ID. The highest active IP address is used, unless a Loopback interfaces is configured. If so, the highest Loopback IP address is chosen as the Router ID. BGP uses Loopbacks in the very same way. Also, Loopbacks are great for simulating networks connected to a router.

A router with the priority set to 0 is ineligible to become DR or BDR. If a router with a higher priority value gets added to the network, the DR and BDR do NOT change. The only time a DR or BDR change is if one goes down. If the DR goes down, the BDR takes its place. If the BDR goes down, a new BDR is elected. Basically the first two routers powered up on a segment will become the DR and BDR.

An adjacency is the relationship that exists between a router and its DR and BDR. Adjacent routers will have synchronized link-state databases. Once a DR and BDR are elected, any router added to the network will establish adjacencies only with the DR and BDR.

OSPF neighbor process

When a router is first powered on, it goes through several states, each with its own function.

The router (let's call it RouterA) begins in the DOWN state- It begins to send hello packets out its OSPF enabled interfaces.

When routers receive this hello packet, they add it to their list of neighbors. This is the INIT state.

The neighbors that received the hello packet will reply with their own hello packet. The neighbor field will include RouterA as a neighbor.

When RouterA receives these packets, it adds all the routers that had its router ID in their hello packet to its own neighbor database. This is referred as the TWO-WAY state.

The routers determine who the DR and BDR will be. After the DR and BDR election, the routers are considered to be in the EXSTART state (ready to start exchanging link-state information).

In the EXSTART state, the DR and BDR establish adjacencies with each router in the network. When the routers have exchanged one or more DBD (Database Description) packets, they are in the EXCHANGE state.

The routers exchange link-state information using LSR (Link State Requests) and LSU (Link State Update) packets. A router will issue a LSAck in response when a LSU is received. The process of sending LSRs is referred to as the LOADING state.

All routers add the new link-state entries into their link-state databases.

Once all LSRs have been satisfied for a given router, the adjacent routers are considered synchronized and in a FULL state. The routers must be in a full state before they can route traffic. At this point, the routers should all have identical link-state databases.

Routers in a point-to-point topology dynamically detect their neighbors by using the hello protocol. There is no election: adjacency is automatic as soon as the two routers can communicate. All OSPF packets are sent to multicast address The default OSPF hello and dead intervals on non-NBMA topologies are 10 seconds and 40 seconds, respectively.

We learned that the OSPF operation is in an NBMA topology. With NBMA networks, a single interface interconnects multiple sites. NBMA topologies support multiple routers but without broadcast capabilities. Frame relay, ATM, and X.25 are examples of NBMA networks. The default OSPF hello and dead intervals on NBMA topologies are 30 seconds and 120 seconds, respectively.


Routing protocols fall into four different categories. Classful vs. Classless and Distance Vector vs. Link State. The main difference between Classful and Classless routing protocols are their support of VLSM. Classful routing protocols do not support VLSM. This is due to the fact they do not include the subnet mask with route updates. On the other hand, Classless routing protocols do support VLSM, because they contain subnet mask information within the route updates.

Here is a quick review of the Classful routing protocols.

RIP (Routing Information Protocol)

Uses hop count as its metric. HOP stands for Hand-off protocol.
IP load balancing is enabled by default.
Sends its entire routing table every 30 seconds by default out all RIP enabled interfaces.
It is a Distance Vector routing protocol.
It is a classful routing protocol (route masks are not carried within the updates, consistency of masks is assumed).
RIP uses UDP port number 520, which makes it an Application layer protocol.
Hop count limit of 15, and 16 is infinity.

IGRP (Interior Gateway Routing Protocol):

Uses a composite metric made up of bandwidth, delay, reliability, load, and MTU (with Bandwidth and delay used as default).
Uses the “fastest” path to the destination.
IP load balancing is enabled by default.
It is a classful routing protocol. Route masks are not carried within the updates, and consistency of masks is assumed.
IGRP uses protocol number 9 at the Transport layer.
Default hop count limit of 100, but configurable to 255.

We explained how "less is more" in the classful/classless routing distinction. With classful routing protocols, summary routes are automatically created at Class A, B, and C network boundaries. So, all router interfaces in the network must have the same subnet mask. If they do not, routing failures may occur. As a result, classful routing protocols may not fully utilize available allocation of host addresses.

Since no subnet mask is sent in routing updates with classful routing protocols, the router does one of the following to determine the network portion of the destination address:

If the routing update information regards the same network number as configured on the receiving interface, the router applies the subnet mask that is configured on the receiving interface.

If the routing update information pertains to a network address that is not the same as the one configured on the receiving interface, the router will apply the default (by class) subnet mask.

Unlike classful routing protocols, classless routing protocols include the routing mask with the route advertisement. With classless routing protocols, summary routes can be manually controlled within the network. Classless routing protocols include OSPF, EIGRP, RIP v2, IS-IS, and BGP.

In a classless routing environment, router interfaces within the same network can have different subnet masks (VLSM can be used). This approach maximizes allocation of available host addresses.

Distance vector routing protocols are referred to as "routing by rumor". They simply relay learned routes out interfaces on a periodic basis to directly connected neighbors. There are two distance vector routing algorithms which distance vector protocols use. The more common of the two is the Bellman-Ford, or B-F, algorithm. EIGRP uses DUAL -- the Diffusing Update Algorithm.

Link state routing is the alternative to distance vector. In a link-state environment, link-state announcements are propagated to all devices in the routing domain. Also, hierarchical design can limit the requirement to notify all devices.

Convergence time is the time it takes for all routers to agree on the network topology after a change such as:

New routes being added
Existing routes changing state

EIGRP Features and Advantages

EIGRP is an advanced distance vector protocol (Cisco also calls EIGRP a balanced hybrid protocol). EIGRP is guaranteed to be 100% loop free while maintaining a very rapid convergence time. EIGRP offers superior performance over IGRP because of the rapid convergence and the guarantee of a loop-free topology at all times. These improvements are the key to the name “Enhanced” IGRP.

Features and advantages of EIGRP include the following:

Incremental updates
Supports VLSM and discontiguous networks
Classless routing
Compatible with existing IGRP networks
Protocol independent (supports IP, IPX, and AppleTalk)
Uses multicast instead of broadcast
Utilizes link bandwidth and delay
Unequal cost path load balancing
More flexible than OSPF

EIGRP is not an application such as RIP, but is instead a protocol running at the transport layer as protocol number 88 in the IP header. EIGRP uses the services of IP to deliver routing information.

EIGRP supports many different topologies such as Multi-access (Ethernet), Point-to-point (HDLC), and NBMA (Frame relay and ATM)

We also learned that EIGRP automatically summarizes at the classful boundary, and this can be turned off with the command no auto-summary.

EIGRP Operation

The EIGRP terminology is as follows:

Neighbor table:
The is the table of adjacent routers

Topology table:
This is where all learned routes are maintained

Routing table:
This is where the best (successor) routes are stored

Successor: The primary route to a network

Feasible Successor: The backup route to a network

Here are the five generic packet types used in EIGRP:

Hello: Multicasts used for neighbor discovery

Update: Multicasts used for updating neighbors of new routes

Queries: A router sends queries when it does not have a Feasible Successor

Replies: A packet sent in reply to a query

ACK: The ACK is used to acknowledge the above packets

We learned that hellos are sent every 5 seconds on broadcast media, point-to-point links, and multi-point circuits with bandwidth greater than T1. They are sent every 60 seconds on multi-point circuits with bandwidth less than T1

The hold time is, by default, three times the hello interval.

EIGRP Metrics

EIGRP uses the same composite metric as IGRP does to pick the best path, except that it is scaled by 256. The default criteria used are:

Bandwidth: The smallest bandwidth between the source and destination

Cumulative interface delay along the path

Additional criteria that can be used is as follows:

Reliability: Worst reliability between source and destination based on keepalives

Load: Worst load on a link between source and destination based on bps

MTU (Maximum Transfer Unit): Smallest MTU in path

•EIGRP uses the following formula to calculate the composite metric:
–CM = 256 x ([k1 x BWmim+ (k2 x Bwmim)/(256 – LOAD) + k3 x DELAYsum] x X)
–Where the following is true:
•BWmim = 107/bandwidth_of_slowest_link
•DELAYsum = SUM(delays_along_the_path)
•X = k5/(reliability + k4) if and only if k1<>1, if k1 = 1 then X = 1
–With the k values set at the default values – you have:
•CM = 256 x (BWmim + DELAYsum)
–NOTE: When you compute by hand – you will get a slightly diff. result than router – this is because of how router handles floating point mathematics
AD (Advertised Distance) is the cost between the next-hop router and the destination.

FD (Feasible Distance)
is the cost to reach the destination from the local router.

The successor (lowest cost route) is the best route to a destination.

The FS (Feasible Successor) is a valid backup route in the event the successor route to the destination fails.

EIGRP utilizes the split horizon feature and that you can use EIGRP to turn off split horizon for NMBA.

EIGRP Configuration

The commands to configure EIGRP are similar to those used for IGRP. We showed you the commands needed to configure a router for EIGRP:

Router(config)# router eigrp

Router(config-router)# network (the interfaces that will participate in EIGRP)

If you are using serial links, remember they default to a bandwidth of 1.544Mbps (T1 speed). You should manually change the bandwidth value of lower value links (56K, 128K, 384K, etc) to properly reflect the clock rate of the interface to the EIGRP routing process:

Router(config-if)# bandwidth

EIGRP will automatically summarize at the classful network boundary. To turn this feature off, issue the following command:

Router(config-router)# no auto-summary

To manually create a summary on an interface issue the following:

Router(config-if)# ip summary-address eigrp

Remember EIGRP will perform equal-cost load balancing on 4 equal-cost links by default, but you can configure it to perform load balancing on a maximum of 6.

To perform unequal-cost load balancing, you must use the variance command:

Router(config-router)# variance

Verifying EIGRP

Here's a review of EIGRP and the commands used to verify and test your EIGRP configuration. Those commands are listed below.

Show commands:

show ip eigrp neighbors: Displays EIGRP neighbor table

show ip eigrp topology: Displays the topology table

show ip route eigrp: Displays the EIGRP routes in the routing table

show ip protocols: Displays current routing protocols running

show ip eigrp traffic: Displays information about EIGRP packets

show ip eigrp events: Displays information about EIGRP events

Debug commands:

debug eigrp packet: Shows EIGRP packets as they are sent and received

debug eigrp neighbor: Shows the EIGRP neighbor process

debug eigrp route: Shows EIGRP changes made to the routing table

debug eigrp summary: Shows a summary of EIGRP activity

debug eigrp events: Shows EIGRP events as they happen


Network Address Translation allows a router to translate source and destination IP addresses. Another function of NAT is to observe the port numbers used in communication in a production network. In the event port numbers need to be monitored, a route-map can be used to identify the source addresses. When a route-map is used in this manner, the router performing NAT will store complete information for translation, including port numbers.


IPv6 addresses consist of 128 bits, allowing for a much greater address space. IPv6 addresses can be shortened in two manners.

Leading 0s can be dropped in 64 bit block (4 hexadecimal digits)
A “::” can be used to represent consecutive 0s spanning multiple fields, but can only be used once! This can be used in the beginning, end or middle of the address.
An example of IPv6 shortening is the following


The above address can be abbreviated as follows.


RIPng, OSPF, BGP4+, and Integrated IS-IS are capable of serving as IPv6 routing protocols.

When connecting IPv6 and IPv4 networks, there are a few things to consider. Dual stack hosts allow for connectivity to both types of networks. If traffic of one version is needed to cross another version, say IPv4 information over IPv6, information can either be tunneled across the foreign network, or a translation can be done.

Route Summerization

Route summarization, or route aggregation, is a method of representing a series of network numbers in a single summary address.

To implement route summarization, certain requirements are needed:

Multiple IP addresses must have the same highest-order bits

Routing decision are made based on the entire address

Routing protocols must carry the prefix (subnet mask) length

Dis-contiguous subnets are major network addresses separated by another major network address.

CIDR is a mechanism developed to alleviate exhaustion of addresses and reduce routing table sizes. With CIDR, blocks of Class C addresses are assigned to ISPs, which in turn assign subsets of address space to organizations. These blocks are then summarized in routing tables.

Planning of an IP address space requires an examination of the corporate structure. Improper addressing can result in an unscalable network design.

A scalable IP addressing scheme allows for route aggregation. Route aggregation, also known as route summarization allows for many routes to be represented with a single advertisement. This reduces routing updates and allows for greater scalability with our routing protocols.

Consider avoiding the use of the "zero subnet" to prevent problems caused by devices not compatible with this technology. In the event subnet zero is used, the "ip subnet-zero" command will correctly configure a router for this practice.

Fixed Length Subnet Masking, or FLSM, uses a constant mask everywhere in the network.

Variable Length Subnet Masking, or VLSM, uses an inconsistent mask tailoring to different sizes of networks.