Антон Меркушов – инструктор SkillFactory, опытный сетевой инженер и сертифицированный профессионал Cisco – о современных технологиях и протоколах, необходимых при расширении сети.
1. Технологии построения
крупных сетей
10.03.2013
Антон Меркушов: CCNP, CCSP, CCSI 33059, CCAI
amerckushov@getccna.ru
2. Содержание
• Введение
• Протокол BGP в корпоративной сети
• Рост/слияние компании – объединение сетей
• Внедрение IPv6 – неизбежное будущее или
реальность
• Заключение
#
3. Введение
• Сети демонстрируют как количественный, так и качественный рост
• Растёт сложность сетей и используемых в них технологий
• Повышаются требования к сетевым инженерам
#
6. IGP против EGP
• Interior gateway protocol (IGP)
– A routing protocol operating within an Autonomous System (AS).
– RIP, OSPF, and EIGRP are IGPs.
• Exterior gateway protocol (EGP)
– A routing protocol operating between different AS.
– BGP is an interdomain routing protocol (IDRP) and is an EGP.
#
7. Автономная система (AS)
• An AS is a group of routers that share similar routing policies and
operate within a single administrative domain.
• An AS typically belongs to one organization.
– A single or multiple interior gateway protocols (IGP) may be used
within the AS.
– In either case, the outside world views the entire AS as a single
entity.
• If an AS connects to the public Internet using an exterior gateway
protocol such as BGP, then it must be assigned a unique AS number
which is managed by the Internet Assigned Numbers Authority (IANA).
#
8. IANA
• The IANA is responsible for allocating AS numbers through five
Regional Internet Registries (RIRs).
– RIRs are nonprofit corporations established for the purpose of
administration and registration of IP address space and AS
numbers in key geographic locations.
#
9. Региональные интернет регистраторы (RIR)
RIR
Name Geographic
Coverage
Link
AfriNIC
Con&nent
of
Africa
www.afrinic.net
APNIC
(Asia
Pacific
Network
Asia
Pacific
region
www.apnic.net
Informa&on
Centre)
ARIN
Canada,
the
United
States,
and
(American
Registry
for
Internet
several
islands
in
the
Caribbean
www.arin.net
Numbers)
Sea
and
North
Atlan&c
Ocean
LACNIC
Central
and
South
America
and
(La&n
America
and
Caribbean
www.lacnic.net
por&ons
of
the
Caribbean
Internet
Addresses
Registry)
RIPE
Europe,
the
Middle
East,
and
www.ripe.net
(Réseaux
IP
Européens)
Central
Asia
#
10. Номера автономных систем
• AS numbers can be between 1 to 65,535.
– RIRs manage the AS numbers between 1 and 64,512.
– The 64,512 - 65,535 numbers are reserved for private use (similar
to IP Private addresses).
– The IANA is enforcing a policy whereby organizations that connect
to a single provider use an AS number from the private pool.
• Note:
– The current AS pool of addresses is predicted to run out by 2012.
– For this reason, the IETF has released RFC 4893 and RFC 5398.
– These RFCs describe BGP extensions to increase the AS number
from the two-octet (16-bit) field to a four-octet (32-bits) field,
increasing the pool size from 65,536 to 4,294,967,296 values.
#
11. Основы BGP
• The Internet is a collection of autonomous systems that
are interconnected to allow communication among them.
– BGP provides the routing between these autonomous
systems.
• BGP is a path vector protocol.
• It is the only routing protocol to use TCP.
– OSPF and EIGRP operate directly over IP. IS-IS is at the
network layer.
– RIP uses the User Datagram Protocol (UDP) for its
transport layer.
#
12. Основы BGP
• BGP version 4 (BGP-4) is the latest version of BGP.
– Defined in RFC 4271.
– Supports supernetting, CIDR and VLSM .
• BGP4 and CIDR prevent the Internet routing table from
becoming too large.
– Without CIDR, the Internet would have 2,000,000 +
entries.
– With CIDR, Internet core routers manage around
450,000 entries.
– http://bgp.potaroo.net/
#
13. Текущий размер глобальной таблицы BGP
• As of March1, 2013, there were 445,961 routes in the routing tables of the Internet
core routers.
• http://bgpupdates.potaroo.net/instability/bgpupd.html
#
14. Основы BGP
• When two routers establish a TCP enabled BGP connection, they are called
neighbors or peers.
– Peer routers exchange multiple connection messages.
• Each router running BGP is called a BGP speaker.
• When BGP neighbors first establish a connection, they exchange all candidate
BGP routes.
– After this initial exchange, incremental updates are sent as network
information changes.
#
15. Основы BGP
• BGP provides an interdomain routing system that guarantees the
loop-free exchange of routing information between autonomous
systems.
#
16. Сравнение BGP с IGP
• BGP works differently than IGPs because it does not make routing
decisions based on best path metrics.
– Instead, BGP is a policy-based routing protocol that allows an AS
to control traffic flow using multiple BGP attributes.
• Routers running BGP exchange network attributes including a list of
the full path of BGP AS numbers that a router should take to reach a
destination network.
• BGP allows an organization to fully use all of its bandwidth by
manipulating these path attributes.
#
17. Сравнение BGP с IGP
Interior
or
Hierarchy
Protocol
Type
Metric
Exterior
Required?
RIP
Interior
Distance
vector
No
Hop
count
OSPF
Interior
Link
state
Yes
Cost
IS-‐IS
Interior
Link
state
Yes
Metric
Advanced
EIGRP
Interior
No
Composite
distance
vector
Path
vectors
BGP
Exterior
Path
vector
No
(aGributes)
#
18. Подключение корпоративной сети к ISP
• Modern corporate IP networks connect to the global Internet.
• Requirements that must be determined for connecting an enterprise to
an ISP include the following:
– Public IP address space
– Enterprise-to-ISP connection link type and bandwidth
– Connection redundancy
– Routing protocol
#
19. Использование глобальных IP адресов
• Public IP addresses are used:
– By internal enterprise clients to access the Internet using NAT.
– To make enterprise servers accessible from the Internet using
static NAT.
• Public IP addresses are available from ISPs and RIRs.
– Most enterprises acquire their IP addresses and AS number from
ISPs.
– Large enterprises may want to acquire IP addresses and AS
number from a RIR.
#
20. Пример использования статических маршрутов
• Static routes are the simplest way to implement routing with an ISP.
– Typically a customer has a single connection to an ISP and the customer
uses a default route toward the ISP while the ISP deploys static routes
toward the customer.
R1(config)# router eigrp 110
R1(config-router)# network 10.0.0.0
R1(config-router)# exit
R1(config)# ip default-network 0.0.0.0
R1(config)# ip route 0.0.0.0 0.0.0.0 serial 0/0/0
Company
A
ISP
10.0.0.0
Internet
172.16.0.0
172.17.0.0
R1
S0/0/0
S0/0/1
PE
• PE(config)# ip route 10.0.0.0 255.0.0.0 serial 0/0/1
• PE(config)# ip route 172.16.0.0 255.255.0.0 serial 0/0/1
• PE(config)# ip route 172.17.0.0 255.255.0.0 serial 0/0/1
#
21. Использование BGP
• BGP can be used to dynamically exchange routing information.
• BGP can also be configured to react to topology changes beyond a
customer-to-ISP link.
Company
A
ISP
AS
65010
AS
65020
Internet
R1
S0/0/0
S0/0/1
PE
#
22. Резервирование подключений
• Redundancy can be achieved by deploying redundant
links, deploying redundant devices, and using redundant
components within a router.
– The ISP connection can also be made redundant.
• When a customer is connected to a single ISP the
connection is referred to as single-homed or dual-homed.
• When a customer is connected to multiple ISPs the
connection is referred to as multihomed or dual-
multihomed.
#
24. Подключение к одному ISP – без резервирования
• The connection type depends on the ISP offering (e.g., leased line,
xDSL, Ethernet) and link failure results in a no Internet connectivity.
• The figure displays two options:
– Option 1: Static routes are typically used with a static default route from
the customer to the ISP, and static routes from the ISP toward customer
networks.
– Option 2: When BGP is used, the customer dynamically advertises its
public networks and the ISP propagates a default route to the customer.
OpNon
1:
Default
Route
StaNc
Route(s)
Company
A
ISP
AS
65010
AS
65020
Internet
R1
S0/0/0
S0/0/1
PE
OpNon
2:
BGP
#
25. Подключение к одному ISP – с резервированием
• The figure displays two dual-homed options:
– Option 1: Both links can be connected to one customer router.
– Option 2: To enhance resiliency, the two links can terminate at separate
routers in the customer’s network.
Company
A
ISP
OpNon
1:
Internet
R1
PE
Company
A
ISP
OpNon
2:
Internet
R1
PE
R2
#
26. Подключение к одному ISP – с резервированием
• Routing deployment options include:
– Primary and backup link functionality in case the primary link fails.
– Load sharing using Cisco Express Forwarding (CEF).
• Regardless, routing can be either static or dynamic (BGP).
Company
A
ISP
OpNon
1:
Internet
R1
PE
Company
A
ISP
OpNon
2:
Internet
R1
PE
R2
#
27. Подключение к нескольким ISP – без резервирования
• Connections from different ISPs can terminate on the
same router, or on different routers to further enhance the
resiliency.
• Routing must be capable of reacting to dynamic changes
therefore BGP is typically used.
ISP
1
PE
Company
A
R1
Internet
ISP
2
R2
PE
#
28. Подключение к нескольким ISP – без резервирования
• Multihomed benefits include:
– Achieving an ISP-independent solution.
– Scalability of the solution, beyond two ISPs.
– Resistance to a failure to a single ISP.
– Load sharing for different destination networks between ISPs.
ISP
1
PE
Company
A
R1
Internet
ISP
2
R2
PE
#
29. Подключение к нескольким ISP – с резервированием
• Dual multihomed includes all the benefits of multihomed connectivity,
with enhanced resiliency.
• The configuration typically has multiple edge routers, one per ISP, and
uses BGP.
ISP
1
PE
Company
A
R1
Internet
ISP
2
R2
PE
#
30. Особенности подключения к нескольким ISP
1. Each ISP passes only a default route to the AS.
– The default route is passed on to internal routers.
2. Each ISP passes only a default route and provider-owned
specific routes to the AS.
– These routes may be propagated to internal routers, or
all internal routers in the transit path can run BGP to
exchange these routes.
3. Each ISP passes all routes to the AS.
– All internal routers in the transit path run BGP to
exchange these routes.
#
31. Характеристики векторов пути BGP
• Internal routing protocols announce a list of networks and the metrics to get
to each network.
• In contrast, BGP routers exchange network reachability information, called
path vectors, made up of path attributes.
• The path vector information includes:
– A list of the full path of BGP AS numbers (hop by hop) necessary to reach
a destination network.
– Other attributes including the IP address to get to the next AS (the next-
hop attribute) and how the networks at the end of the path were
introduced into BGP (the origin code attribute).
#
32. Процесс выбора маршрута в BGP
• Prefer
the
route
with
highest
weight.
• Prefer
the
route
with
the
lowest
MED.
• Prefer
the
route
with
highest
• Prefer
the
EBGP
route
over
IBGP
route.
LOCAL_PREF.
• Prefer
the
route
through
the
closest
IGP
neighbor.
• Prefer
the
locally
generated
route
(network
or
aggregate
routes).
• Prefer
the
oldest
EBGP
route.
• Prefer
the
route
with
the
shortest
AS-‐
PATH.
• Prefer
the
route
with
the
lowest
neighbor
BGP
router
ID
value.
• Prefer
the
route
with
the
lowest
ORIGIN
(IGP<EGP<incomplete)
• Prefer
the
route
with
the
lowest
neighbor
IP
address.
#
33. Когда использовать BGP
• Most appropriate when the effects of BGP are well-
understood and at least one of the following conditions
exists:
– The AS has multiple connections to other autonomous
systems.
– The AS allows packets to transit through it to reach
other autonomous systems (eg, it is a service provider).
– Routing policy and route selection for traffic entering
and leaving the AS must be manipulated.
#
35. Использование нескольких протоколов маршрутизации
• Different routing protocols were not designed to interoperate with one
another.
– Each protocol collects different types of information and reacts to
topology changes in its own way.
• Running muliple routing protocols increases CPU utilization and
requires more memory resources to maintain all the topology,
database and routing tables.
#
36. От простых к сложным сетям
• Simple routing protocols work well for simple networks.
– Typically only require one routing protocol.
• Running a single routing protocol throughout your entire IP
internetwork is desirable.
• However, as networks grow they become more complex
and large internetworks may have to support several
routing protocols.
– Proper inter-routing protocol exchange is vital.
#
37. Почему используют несколько протоколов маршрутизации?
• Interim during conversion
– Migrating from an older IGP to a new IGP.
• Application-specific protocols
– One size does not always fit all.
• Political boundaries
– Multiple departments managed by different network administrators
– Groups that do not work well with others
• Mismatch between devices
– Multivendor interoperability
– Host-based routers
• Company mergers
#
38. Сложные сети
• Complex networks require careful routing protocol design and traffic
optimization solutions, including the following:
– Redistribution between routing protocols
– Route filtering
– Summarization
#
39. Редистрибуция
• Cisco routers allow different routing protocols to exchange
routing information through a feature called route
redistribution.
– Route redistribution is defined as the capability of
boundary routers connecting different routing domains
to exchange and advertise routing information between
those routing domains (autonomous systems).
#
40. Сложности редитрибуции
• The key issues that arise when using redistribution:
– Routing feedback (loops)
• If more than one boundary router is performing route redistribution, then the
routers might send routing information received from one autonomous system
back into that same autonomous system.
– Incompatible routing information
• Each routing protocol uses different metrics to determine the best path
therefore path selection using the redistributed route information might not be
optimal.
– Inconsistent convergence times
• Different routing protocols converge at different rates.
• Good planning should solve the majority of issues but additional
configuration might be required.
– Some issues might be solved by changing the administrative distance,
manipulating the metrics, and filtering using route maps, distribute lists,
and prefix lists.
#
41. Метрики маршрутов
• A boundary router must be capable of translating the metric of the received
route into the receiving routing protocol.
– Redistributed route must have a metric appropriate for the receiving
protocol.
• The Cisco IOS assigns the following default metrics when a protocol is
redistributed into the specified routing protocol:
Protocol
That
Route
Is
Default
Seed
Metric
Redistributed
Into
…
0
RIP
(interpreted
as
infinity)
0
IGRP
/
EIGRP
(interpreted
as
infinity)
20
for
all
except
BGP
routes
OSPF
(BGP
routes
have
a
default
seed
metric
of
1)
IS-‐IS 0
BGP BGP
metric
is
set
to
IGP
metric
value
#
42. Назначение метрики по умолчанию
• A seed metric, different than the default metric, can be defined during
the redistribution configuration.
– After the seed metric for a redistributed route is established, the
metric increments normally within the autonomous system.
• The exception to this rule is OSPF E2 routes.
• Seed metrics can be defined in two ways:
– The default-metric router configuration command
establishes the seed metric for all redistributed routes.
– The redistribute can also be used to define the seed metric
for a specific protocol.
#
43. Пример OSPF #1
R3(config)# router rip
R3(config-router)# network 172.18.0.0
R3(config-router)# network 172.19.0.0
R3(config-router)# router ospf 1
R3(config-router)# network 192.168.2.0 0.0.0.255 area 0
R3(config-router)# redistribute rip subnets metric 30
R3(config-router)#
RIP
AS
OSPF
Cost
=
100
R1
R2
R3
R4
172.20.0.0
172.19.0.0
192.168.2.0
Cost
=
10
172.16.0.0
172.17.0.0
172.18.0.0
192.168.4.0
Table
R1
Table
R2
Table
R3
Table
R4
C 172.16.0.0 C 172.17.0.0 C 172.18.0.0 C 192.168.1.0
C 172.20.0.0 C 172.19.0.0 C 172.19.0.0 C 192.168.2.0
R [120/1] 172.17.0.0 C 172.20.0.0 R [120/1] 172.17.0.0 O E2 [110/30] 172.16.0.0
R [120/1] 172.19.0.0 R [120/1] 172.16.0.0 R [120/1] 172.20.0.0 O E2 [110/30] 172.17.0.0
R [120/2] 172.18.0.0 R [120/1] 172.18.0.0 R [120/2] 172.16.0.0 O E2 [110/30] 172.18.0.0
C 192.168.2.0 O E2 [110/30] 172.19.0.0
O [110/110] 192.168.1.0 O E2 [110/30] 172.20.0.0
#
44. Пример OSPF #2
R3(config)# router rip
R3(config-router)# network 172.18.0.0
R3(config-router)# network 172.19.0.0
R3(config-router)# router ospf 1
R3(config-router)# network 192.168.2.0 0.0.0.255 area 0
R3(config-router)# redistribute rip subnets
R3(config-router)# default-metric 30
RIP
AS
OSPF
Cost
=
100
R1
R2
R3
R4
172.20.0.0
172.19.0.0
192.168.2.0
Cost
=
10
172.16.0.0
172.17.0.0
172.18.0.0
192.168.4.0
Table
R1
Table
R2
Table
R3
Table
R4
C 172.16.0.0 C 172.17.0.0 C 172.18.0.0 C 192.168.1.0
C 172.20.0.0 C 172.19.0.0 C 172.19.0.0 C 192.168.2.0
R [120/1] 172.17.0.0 C 172.20.0.0 R [120/1] 172.17.0.0 O E2 [110/30] 172.16.0.0
R [120/1] 172.19.0.0 R [120/1] 172.16.0.0 R [120/1] 172.20.0.0 O E2 [110/30] 172.17.0.0
R [120/2] 172.18.0.0 R [120/1] 172.18.0.0 R [120/2] 172.16.0.0 O E2 [110/30] 172.18.0.0
C 192.168.2.0 O E2 [110/30] 172.19.0.0
O [110/110] 192.168.1.0 O E2 [110/30] 172.20.0.0
#
45. Методы редистрибуции
• Redistribution can be done through:
One-‐Point
RedistribuNon
– One-point redistribution
RIP
OSPF
• Only one router is
redistributing one-way or
two-way (both ways).
– There could still be other boundary
routers but they are not configured
to redistribute.
– Multipoint redistribution
MulNpoint
RedistribuNon
• Multiple routers are used to RIP
OSPF
redistribute either one-way or
two-way (both ways).
• More prone to routing loop
problems.
#
46. Предотвращение петель маршрутизации
• The safest way to perform redistribution is to redistribute
routes in only one direction, on only one boundary router
within the network.
– However, that this results in a single point of failure in
the network.
• If redistribution must be done in both directions or on
multiple boundary routers, the redistribution should be
tuned to avoid problems such as suboptimal routing and
routing loops.
#
47. Рекомендации при редистрибуции
• Do not overlap routing protocols.
– Do not run two different protocols in the same Internetwork.
– Instead, have distinct boundaries between networks that use
different routing protocols.
• Be familiar with your network.
– Knowing the network will result in the best decision being made.
#
48. Ключевые моменты редистрибуции
• Routes are redistributed into a routing protocol.
– Therefore, the redistribute command is configured under the routing
process that is receiving the redistributed routes.
• Routes can only be redistributed between routing protocols that support the
same protocol stack.
– For example IPv4 to IPv4 and IPv6 to IPv6.
– However, IPv4 routes cannot be redistributed into IPv6.
• The method used to configure redistribution varies among combinations of
routing protocols.
– For example, some routing protocols require a metric to be configured
during redistribution, but others do not.
#
49. Общие шаги редистрибуции
1. Identify the boundary router(s) that will perform redistribution.
2. Determine which routing protocol is the core protocol.
3. Determine which routing protocol is the edge protocol.
– Determine whether all routes from the edge protocol need to be
propagated into the core and consider methods that reduce the
number of routes.
4. Select a method for injecting the required routes into the core.
– Summarized routes at network boundaries minimizes the number
of new entries in the routing table of the core routers.
5. Consider how to inject the core routing information into the edge
protocol.
#
50. Редистрибуция в RIP
• Redistribute routes into RIP.
Router(config-router)#
redistribute protocol [process-id] [match route-type] [metric metric-value]
[route-map map-tag]
Parameter DescripNon
protocol The
source
protocol
from
which
routes
are
redistributed.
For
OSPF,
this
value
is
an
OSPF
process
ID.
process-id For
EIGRP
or
BGP,
this
value
is
an
AS
number.
This
parameter
is
not
required
for
IS-‐IS.
(Op&onal)
A
parameter
used
when
redistribu&ng
OSPF
routes
into
another
route-type
rou&ng
protocol.
(Op&onal)
A
parameter
used
to
specify
the
RIP
hop
count
seed
metric
for
the
redistributed
route.
metric-value If
this
value
is
not
specified
and
no
value
is
specified
using
the default-
metric router
configura&on
command,
then
the
default
metric
is
0
and
interpreted
as
infinity
which
means
that
routes
will
not
be
redistributed.
(Op&onal)
Specifies
the
iden&fier
of
a
configured
route
map
to
be
interrogated
map-tag to
filter
the
importa&on
of
routes
from
the
source
rou&ng
protocol
to
the
current
RIP
rou&ng
protocol.
#
51. Пример редистрибуции в RIP
R1(config)# router rip
R1(config-router)# redistribute ospf 1 metric 3
R1(config-router)#
OSPF
RIP
192.168.1.0
/24
.1
10.1.1.0
/24
.2
R1
Fa0/0
Fa0/0
R2
O 172.16.1.0/24 [110/50] R 172.16.0.0 [120/3]
Table
R1
Table
R2
C 10.1.1.0 C 10.1.1.0
R 192.168.1.0 [120/1] C 192.168.1.0
0 172.16.1.0 [110/50] R 172.16.0.0 [120/3]
#
52. Редистрибуция в OSPF
• Redistribute routes into OSPF.
Router(config-router)#
redistribute protocol [process-id] [metric metric-value] [metric-type type-
value] [route-map map-tag] [subnets] [tag tag-value]
Parameter DescripNon
protocol The
source
protocol
from
which
routes
are
redistributed.
For
EIGRP
or
BGP,
this
value
is
an
AS
number.
process-id
This
parameter
is
not
required
for
RIP
or
IS-‐IS.
(Op&onal)
A
parameter
that
specifies
the
OSPF
seed
metric
used
for
the
redistributed
route.
metric-value
The
default
metric
is
a
cost
of
20
(except
for
BGP
routes,
which
have
a
default
metric
of
1).
(Op&onal)
Specifies
the
iden&fier
of
a
configured
route
map
to
be
interrogated
to
filter
map-tag the
importa&on
of
routes
from
the
source
rou&ng
protocol
to
the
current
OSPF
rou&ng
protocol.
(Op&onal)
OSPF
parameter
that
specifies
that
subneced
routes
should
be
subnets redistributed.
Otherwise,
only
classful
routes
are
redistributed.
tag-value (Op&onal)
A
32-‐bit
decimal
value
acached
to
each
external
route
to
be
used
by
ASBRs.
#
53. Пример редистрибуции в OSPF
R1(config)# router ospf 1
R1(config-router)# redistribute eigrp 100 subnets metric-type 1
R1(config-router)#
EIGRP
AS
100
OSPF
192.168.1.0
/24
.1
10.1.1.0
/24
.2
R1
Fa0/0
Fa0/0
R2
D 172.16.1.0/24 [90/409600]
O E1 172.16.1.0 [110/20]
Table
R1
Table
R2
C 10.1.1.0 C 10.1.1.0
0 192.168.1.0 [110/20] C 192.168.1.0
D 172.16.1.0 [90/409600] O E1 172.16.1.0 [110/20]
#
54. Метрика по умолчанию в RIP, OSPF, BGP
• Apply default metric values for RIP, OSPF, and BGP.
Router(config-router)#
default-metric number
§ The number parameter
is
the
value
of
the
metric.
§ For
RIP
this
is
the
number
of
hops.
§ For
OSPF
this
is
the
assigned
cost.
#
55. Пример метрики по умолчанию в OSPF
R1(config)# router ospf 1
R1(config-router)# default-metric 30
R1(config-router)# redistribute eigrp 100 subnets metric-type 1
R1(config-router)#
EIGRP
AS
100
OSPF
192.168.1.0
/24
.1
10.1.1.0
/24
.2
R1
Fa0/0
Fa0/0
R2
D 172.16.1.0/24 [90/409600]
O E1 172.16.1.0 [110/30]
Table
R1
Table
R2
C 10.1.1.0 C 10.1.1.0
0 192.168.1.0 [110/20] C 192.168.1.0
D 172.16.1.0 [90/409600] O E1 172.16.1.0 [110/30]
#
56. Редистрибуция в EIGRP
• Redistribute routes into EIGRP.
Router(config-router)#
redistribute protocol [process-id] [match route-type] [metric metric-value]
[route-map map-tag]
Parameter DescripNon
protocol The
source
protocol
from
which
routes
are
redistributed.
For
OSPF,
this
value
is
an
OSPF
process
ID.
process-id For
BGP,
this
value
is
an
AS
number.
This
parameter
is
not
required
for
RIP
or
IS-‐IS.
(Op&onal)
A
parameter
used
when
redistribu&ng
OSPF
routes
into
another
rou&ng
route-type
protocol.
Required
if
the
default-metric command
is
not
configured
otherwise
it
is
op&onal
.
A
parameter
that
specifies
the
EIGRP
seed
metric,
in
the
order
of
bandwidth,
delay,
metric-value
reliability,
load,
and
maximum
transmission
unit
(MTU),
for
the
redistributed
route.
If
this
value
is
not
specified
when
redistribu&ng
from
another
protocol
and
no
default
metric
has
been
configured,
then
no
routes
will
not
be
redistributed.
(Op&onal)
Specifies
the
iden&fier
of
a
configured
route
map
to
be
interrogated
to
map-tag filter
the
importa&on
of
routes
from
the
source
rou&ng
protocol
to
the
current
EIGRP
rou&ng
protocol.
#
57. Пример редистрибуции в EIGRP
R1(config)# router eigrp 100
R1(config-router)# redistribute ospf 1 metric 10000 100 255 1 1500
R1(config-router)#
OSPF
EIGRP
AS
100
192.168.1.0
/24
.1
10.1.1.0
/24
.2
R1
Fa0/0
Fa0/0
R2
O 172.16.1.0/24 [110/50]
D EX 172.16.1.0/24 [170/281600]
Table
R1
Table
R2
C 10.1.1.0 C 10.1.1.0
0 192.168.1.0 [90/307200] C 192.168.1.0
O 172.16.1.0 [110/50] D EX 172.16.1.0 [170/307200]
#
58. Метрика по умолчанию в EIGRP
• Apply metric values for EIGRP.
• Router(config-router)#
• default-metric bandwidth delay reliability loading mtu
Parameter DescripNon
The
route’s
minimum
bandwidth
in
kilobits
per
second
(kbps).
bandwidth
It
can
be
0
or
any
posi&ve
integer.
Route
delay
in
tens
of
microseconds.
delay It
can
be
0
or
any
posi&ve
integer
that
is
a
mul&ple
of
39.1
nanoseconds.
The
likelihood
of
successful
packet
transmission,
expressed
as
a
number
reliability from
0
to
255,
where
255
means
that
the
route
is
100
percent
reliable,
and
0
means
unreliable.
The
route’s
effec&ve
loading,
expressed
as
a
number
from
1
to
255,
loading
where
255
means
that
the
route
is
100
percent
loaded.
Maximum
transmission
unit.
mtu The
maximum
packet
size
in
bytes
along
the
route;
an
integer
greater
than
or
equal
to
1.
#
59. Пример метрики по умолчанию в EIGRP
R1(config)# router eigrp 100
R1(config-router)# default-metric 10000 100 255 1 1500
R1(config-router)# redistribute ospf 1
R1(config-router)#
OSPF
EIGRP
AS
100
192.168.1.0
/24
.1
10.1.1.0
/24
.2
R1
Fa0/0
Fa0/0
R2
O 172.16.1.0/24 [110/50]
D EX 172.16.1.0/24
[170/281600]
Table
R1
Table
R2
C 10.1.1.0 C 10.1.1.0
0 192.168.1.0 [90/307200] C 192.168.1.0
O 172.16.1.0 [110/50] D EX 172.16.1.0 [170/307200]
#
60. Изменение административной дистанции
• When routes are redistributed between two different routing protocols,
some information may be lost making route selection more confusing.
• One approach to correct this is to control the administrative distance
to indicate route selection preference and ensure that route selection
is unambiguous.
– Although, this approach does not always guarantee the best route
is selected, only that route selection will be consistent.
• For all protocols use the distance administrative-distance
router configuration command.
– Alternatively for OSPF, use the distance ospf command.
– Alternatively for EIGRP, use the distance eigrp command.
#
61. Изменение административной дистанции
• Change the default administrative distances.
• Router(config-router)#
• distance administrative-distance [address wildcard-mask [ip-standard-
list] [ip-extended-list]]
Parameter DescripNon
administrative-distance Sets
the
administra&ve
distance,
an
integer
from
10
to
255.
(Op&onal)
Specifies
the
IP
address;
this
allows
filtering
of
networks
address according
to
the
IP
address
of
the
router
supplying
the
rou&ng
informa&on.
(Op&onal)
Specifies
the
wildcard
mask
used
to
interpret
the
IP
wildcard-mask
address.
(Op&onal)
The
number
or
name
of
a
standard
or
extended
access
ip-standard-list
list
to
be
applied
to
the
incoming
rou&ng
updates.
Allows
filtering
of
ip-extended-list
the
networks
being
adver&sed.
#
62. Изменение административной дистанции OSPF
• Change the default administrative distances of OSPF.
• Router(config-router)#
• distance ospf {[intra-area dist1] [inter-area dist2] [external dist3]
Parameter DescripNon
(Op&onal)
Specifies
the
administra&ve
distance
for
all
OSPF
routes
within
dist1 an
area.
Acceptable
values
are
from
1
to
255
while
the
default
is
110.
(Op&onal)
Specifies
the
administra&ve
distance
for
all
OSPF
routes
from
dist2 one
area
to
another
area.
Acceptable
values
are
from
1
to
255
while
the
default
is
110.
(Op&onal)
Specifies
the
administra&ve
distance
for
all
routes
from
other
dist3 rou&ng
domains,
learned
by
redistribu&on.
Acceptable
values
are
from
1
to
255
while
the
default
is
110.
#
63. Изменение административной дистанции EIGRP
• Change the default administrative distance of EIGRP.
• Router(config-router)#
• distance eigrp internal-distance external-distance
Parameter DescripNon
Specifies
the
administra&ve
distance
for
EIGRP
internal
routes.
internal-distance
The
distance
can
be
a
value
from
1
to
255
while
the
default
is
90.
Specifies
the
administra&ve
distance
for
EIGRP
external
routes.
external-distance
The
distance
can
be
a
value
from
1
to
255
while
the
default
is
170.
#
64. Проверка редистрибуции
• Know the network topology.
– Pay particularly attention to where redundant routes exist.
• Study the routing tables on a variety of routers in the network.
– For example, check the routing table on the boundary router and on some
of the internal routers in each autonomous system.
• Examine the topology table of each configured routing protocol to ensure that
all appropriate prefixes are being learned.
• Use the traceroute EXEC command on some of the routes to verify that
the shortest path is being used for routing.
– Be sure to run traces to networks for which redundant routes exist.
• When troubleshooting, use the traceroute and debug commands to
observe the routing update traffic on the boundary routers and on the internal
routers.
#
67. Будущее – IPv6
• Возможность развития сетей в будущем напрямую зависит от
доступности IP адресов
– IPv6 совмещает в себе расширенное адресное пространство и более
эффективный заголовок
– Будучи очень похожим на IPv4, IPv6 поддерживает более жесткую
иерархию, необходимую в будущем
#
68. Адресное пространство IPv4
• IPv4 был стандартизирован в 1981г.
• Адресное пространство – 4,29 миллиарда адресов
• Население планеты – 4,41 миллиарда человек
#
71. Оставшиеся IPv4 адреса
• IANA уже распределила последний /8 префикс региональным
регистраторам
• В некоторых регионах уже не осталось /8 префиксов
#
72. Особенности IPv6
• Larger address space
– IPv6 addresses are 128 bits, compared to IPv4’s 32 bits.
• There are enough IPv6 addresses to allocate more than the entire IPv4
Internet address space to everyone on the planet.
• Elimination of public-to-private NAT
– End-to-end communication traceability is possible.
• Elimination of broadcast addresses
– IPv6 now includes unicast, multicast, and anycast addresses.
• Support for mobility and security
– Helps ensure compliance with mobile IP and IPsec standards.
• Simplified header for improved router efficiency
#
73. Типы адресов IPv6
Тип
адреса
Описание
Топология
“One
to
One”
• An
address
des&ned
for
a
single
interface.
Unicast
• A
packet
sent
to
a
unicast
address
is
delivered
to
the
interface
iden&fied
by
that
address.
“One
to
Many”
• An
address
for
a
set
of
interfaces
(typically
belonging
to
Mul&cast
different
nodes).
• A
packet
sent
to
a
mul&cast
address
will
be
delivered
to
all
interfaces
iden&fied
by
that
address.
“One
to
Nearest”
(Allocated
from
Unicast)
• An
address
for
a
set
of
interfaces.
Anycast
• In
most
cases
these
interfaces
belong
to
different
nodes.
• A
packet
sent
to
an
anycast
address
is
delivered
to
the
closest
interface
as
determined
by
the
IGP.
#
74. Новшества IPv6
• Prefix renumbering
– IPv6 allows simplified mechanisms for address and prefix
renumbering.
• Multiple addresses per interface
– An IPv6 interface can have multiple addresses.
• Link-local addresses
– IPv6 link-local addresses are used as the next hop when IGPs are
exchanging routing updates.
• Stateless autoconfiguration:
– DHCP is not required because an IPv6 device can automatically
assign itself a unique IPv6 link-local address.
• Provider-dependent or provider-independent addressing
#
75. IPv4 устарел?
• IPv4 is in no danger of disappearing overnight.
– It will coexist with IPv6 and then gradually be replaced.
• IPv6 provides many transition options including:
– Dual stack:
• Both IPv4 and IPv6 are configured and run
simultaneously on the interface.
– IPv6-to-IPv4 (6to4) tunneling and IPv4-compatible
tunneling.
– NAT protocol translation (NAT-PT) between IPv6 and
IPv4.
#
76. Адреса IPv6
• IPv6 increases the number of address bits by a factor of 4,
from 32 to 128, providing a very large number of
addressable nodes.
IPv4
=
32
bits
11111111.11111111.11111111.11111111
IPv6
=
128
bits
11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111
#
77. Распределение адресов IPv6
• The following displays how IPv6 global unicast addresses are
allocated by the IANA.
– Only a small portion (12.5%) of the IPv6 address space is being
allocated to the Registries in the range of 2001::/16.
#
78. Специфика адресов IPv6
• The 128-bit IPv6 address is written using hexadecimal
numbers.
– Specifically, it consists of 8, 16-bit segments separated
with colons between each set of four hex digits (16
bits).
– Referred to as “coloned hex” format.
– Hex digits are not case sensitive.
– The format is x:x:x:x:x:x:x:x, where x is a 16-
bit hexadecimal field therefore each x is representing
four hexadecimal digits.
• An example address is as follows:
• 2035:0001:2BC5:0000:0000:087C:0000:000A
#
81. IPv6 Addressing in an Enterprise Network
• An IPv6 address consists of two parts:
• A subnet prefix representing the network to which the interface is
connected.
• Usually 64-bits in length.
• An interface ID, sometimes called a local identifier or a token.
• Usually 64-bits in length.
IPv6
=
128
bits
11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111
Subnet
prefix
Interface
ID
82. IPv6 адресация в корпоративной сети
• IPv6 uses the “/prefix-length” CIDR notation to denote how
many bits in the IPv6 address represent the subnet.
• The syntax is ipv6-address/prefix-length
– ipv6-address is the 128-bit IPv6 address
– /prefix-length is a decimal value representing how many of
the left most contiguous bits of the address comprise the prefix.
For example:
fec0:0:0:1::1234/64
is really
fec0:0000:0000:0001:0000:0000:0000:1234/64
– The first 64-bits (fec0:0000:0000:0001) forms the address
prefix.
– The last 64-bits (0000:0000:0000:1234) forms the Interface ID.
#
83. Префикс подсети
• The prefix length is almost always /64.
– However, IPv6 rules allow for either shorter or longer prefixes
– Although prefixes shorter than /64 can be assigned to a device
(e.g., /60), it is considered bad practice and has no real
application.
• Deploying a /64 IPv6 prefix on a device:
– Is pre-subscribed by RFC3177 (IAB/IESG Recommendations on
IPv6 Address Allocations to Sites)
– Allows Stateless Address Auto Configuration (SLAAC) (RFC 2462)
#
84. Специальные IPv6 адреса
IPv6
Address
DescripNon
• All
routes
and
used
when
specifying
a
default
sta&c
route.
::/0
• It
is
equivalent
to
the
IPv4
quad-‐zero
(0.0.0.0).
• Unspecified
address
and
is
ini&ally
assigned
to
a
host
when
::/128
it
first
resolves
its
local
link
address.
• Loopback
address
of
local
host.
::1/128
• Equivalent
to
127.0.0.1
in
IPv4.
• Link-‐local
unicast
address.
FE80::/10 • Similar
to
the
Windows
autoconfigura&on
IP
address
of
169.254.x.x.
FF00::/8 • Mul&cast
addresses.
All
other
addresses
• Global
unicast
address.
#
85. Диапазоны IPv6 адресов
• Address types have well-defined destination scopes:
– Link-local address
– Global unicast address
– Site-local address
Global
Site-‐Local
Link-‐Local
(Internet)
§ Note:
• Site-‐Local
Address
are
deprecated
in
RFC
3879.
#
86. Несколько IP адресов на интерфейсе
• An interface can have multiple IPv6 addresses simultaneously
configured and enabled on it.
– However, it must have a link-local address.
• Typically, an interface is assigned a link-local and one (or more) global
IPv6 address.
– For example, an Ethernet interface can have:
• Link-local address
(e.g., FE80::21B:D5FF:FE5B:A408)
• Global unicast address
(e.g.,
2001:8:85A3:4289:21B:D5FF:FE5B:A408)
• Note:
– An interface could also be configured to simultaneously support
IPv4 and IPv6 addresses.
– This creates a “dual-stacked” interface which is discussed later.
#
87. IPv6 Link-Local адреса
• Link-local addresses are used for automatic address configuration,
neighbor discovery, router discovery, and by many routing protocols.
• They are dynamically created using a link-local prefix of FE80::/10
and a 64-bit interface identifier.
– Unique only on the link, and it is not routable off the link.
128
bits
/10
/64
FE80 Interface
ID
1111 1110 1000 0000 0000 0000 ... 0000 0000 0000
FE80::/10
#
88. IPv6 Link-Local адреса
§ Link-local packets are unique only on the link, and are not
routable off the link.
– Packets with a link-local destination must stay on the link where they have
been generated.
– Routers that could forward them to other links are not allowed to do so
because there has been no verification of uniqueness outside the context
of the origin link.K
128
bits
/10
/64
FE80 Interface
ID
1111 1110 1000 0000 0000 0000 ... 0000 0000 0000
FE80::/10
#
89. Пример IPv6 Link-Local адресов
R1# show ipv6 interface loopback 100
Loopback100 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::222:55FF:FE18:7DE8
No Virtual link-local address(es):
Global unicast address(es):
2001:8:85A3:4290:222:55FF:FE18:7DE8, subnet is 2001:8:85A3:4290::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF18:7DE8
MTU is 1514 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is not supported
ND reachable time is 30000 milliseconds (using 31238)
Hosts use stateless autoconfig for addresses.
R1#
#
90. IPv6 Global Unicast адреса
• A global unicast address is an IPv6 address from the global public
unicast prefix (2001::/16).
– The structure enables aggregation of routing prefixes to reduce the
number of routing table entries in the global routing table.
• Global unicast addresses are aggregated upward through
organizations and eventually to the ISPs.
#
91. IPv6 Global Unicast адреса
• The global unicast address typically consists of:
– A 48-bit global routing prefix
– A 16-bit subnet ID
– A 64-bit interface ID (typically in EUI-64 bit format).
Subnet
Global
Rou&ng
Prefix
ID
Interface
ID
/23
/32
/48
/64
2001 0008 21B:D5FF:FE5B:A408
0010
Registry
ISP
Prefix
Site
Prefix
Subnet
Prefix
#
92. Пример IPv6 Global Unicast адреса
R1# show ipv6 interface loopback 100
Loopback100 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::222:55FF:FE18:7DE8
No Virtual link-local address(es):
Global unicast address(es):
2001:8:85A3:4290:222:55FF:FE18:7DE8, subnet is 2001:8:85A3:4290::/64 [EUI]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF18:7DE8
MTU is 1514 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is not supported
ND reachable time is 30000 milliseconds (using 31238)
Hosts use stateless autoconfig for addresses.
R1#
#
93. Настройка IPv6 Unicast адресов
IPv6
Unicast
Address
Assignment
Link-‐local
(FE80::/10)
Global
Routable
Address
Assignment
Address
Assignment
StaNc
Dynamic
StaNc
Dynamic
Automa&cally
created
(EUI-‐64
format)
if
a
global
Stateless
IPv6
Address
unicast
IPv6
address
is
IPv6
Address
Autoconfigura&on
configured
IPv6
Unnumbered
DHCPv6
#
94. Включение IPv6 на интерфейсе
Configure an IPv6 address and prefix.
Router(config-if)#
ipv6 address address/prefix-length [link-local | eui-64]
• Command is used to statically configure an IPv6 address and
prefix on an interface.
– This enables IPv6 processing on the interface.
• The link-local parameter configures the address as the
link-local address on the interface.
• The eui-64 parameter completes a global IPv6 address
using an EUI-64 format interface ID.
#
95. Назначение Link-Local адресов
.2
R1
R2
R1(config)# interface fa0/0
R1(config-if)# ipv6 address FE80::1 ?
link-local use link-local address
R1(config-if)# ipv6 address FE80::1 link-local
R1(config-if)# end
R1#
• Link-local addresses are created:
– Automatically using the EUI-64 format if the interface has IPv6 enabled on
it or a global IPv6 address configured.
– Manually configured interface ID.
• Manually configured interface IDs are easier to remember than EUI-64 generated
IDs.
• Notice that the prefix mask is not required on link-local addresses
because they are not routed.
#
96. Назначение Link-Local адресов
FE80::1
.2
R1
R2
R1# show ipv6 interface fa0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1 [TEN]
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
R1(config-if)#
§ The output confirms the link-local address.
#
97. Назначение Static Global Unicast адресов
FE80::1
.2
R1
R2
R1(config)# ipv6 unicast-routing
R1(config)# interface fa0/0
R1(config-if)# ipv6 address 2001:1::1/64
R1(config-if)#
• Global Unicast IPv6 addresses are assigned by omitting the link-
local parameter.
• For example, IPv6 address 2001:1::1/64 is configured on R1’s Fast
Ethernet 0/0.
– Notice that the entire address is manually configured and that the EUI-64
format was not used.
#
98. Назначение Static Global Unicast адресов
FE80::1
.2
R1
R2
R1# show ipv6 interface fa0/1
R1# config t
R1(config)# int fa0/1
R1(config-if)# ipv6 add 2001::/64 eui-64
R1(config-if)# do show ipv6 interface fa0/1
FastEthernet0/1 is administratively down, line protocol is down
IPv6 is enabled, link-local address is FE80::211:92FF:FE54:E2A1 [TEN]
Global unicast address(es):
2001::211:92FF:FE54:E2A1, subnet is 2001::/64 [EUI/TEN]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF54:E2A1
MTU is 1500 bytes
<output omitted>
• Notice that by simply configuring a global unicast IPv6 address on an
interface also automatically generates a link-local interface (EUI-64)
interface.
#
99. Назначение Static Global Unicast адресов
FE80::1
2001:1::1/64
.2
R1
R2
R1# show ipv6 interface fa0/0
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1 [TEN]
Global unicast address(es):
2001:1::1, subnet is 2001:1::/64 [TEN]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses.
R1#
#
100. Назначение нескольких IPv6 адресов
FE80::1
2001:1::1/64
.2
R1
R2
R1(config)# interface fa0/0
R1(config-if)# ip address 10.20.20.1 255.255.255.0
R1(config-if)# ip address 10.10.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:1::1/64
R1(config-if)# ipv6 address 2002:1::1/64
R1(config-if)# end
R1#
• What would happen if we configured 2 different IPv4 addresses and 2
different IPv6 addresses on the same interface?
#
101. Назначение нескольких IPv6 адресов
10.10.10.1/24
FE80::1
2001:1::1/64
2001:2::1/64
.2
R1
R2
R1# show run interface fa0/0
Building configuration...
Current configuration : 162 bytes
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
ipv6 address 2001:1::1/64
ipv6 address 2002:1::1/64
ipv6 address FE80::1 link-local
end
R1#
• The second IPv4 entry replaced the first entry.
– However, both IPv6 addresses have been assigned to the Fa0/0 interface.
• Interfaces can have multiple IPv6 addresses assigned to them.
– These addresses can be used simultaneously.
#
102. Маршрутизация IPv6
• IPv6 supports the following routing:
– Static Routing
– RIPng
– OSPFv3
– IS-IS for IPv6
– EIGRP for IPv6
– Multiprotocol BGP version 4 (MP-BGPv4)
• For each routing option above, the ipv6 unicast-routing
command must be configured.
#
104. Сертификация для сетевых инженеров
§ CCENT: install and verify basic
IP network with supervision
§ CCNA: also… configure and maintain
a multisite enterprise network, as directed
§ CCNP: also… plan and troubleshoot
enterprise networks with advanced
solutions, collaborating with
network specialists
§ CCIE: also… independently troubleshoot
and optimize network performance in
complex and integrated enterprise networks
#
105. Курс CCNP ROUTE
• Курс «Построение маршрутизируемых сетей
Cisco» (ROUTE) – является частью трека CCNP
• Цель курса - Подготовка сетевых профессионалов,
способных планировать, строить и поддерживать
большие маршрутизируемые IP сети
#
106. Курс CCNP ROUTE
В результате обучения вы научитесь:
• осуществлять расширенную настройку протоколов
маршрутизации EIGRP и OSPF;
• управлять обновлениями протоколов маршрутизации;
• настраивать фильтрацию маршрутной информации;
• настраивать протокол BGP в корпоративной сети для
подключения к нескольким сетям провайдера;
• использовать возможности маршрутизации для
подключения удаленных офисов;
• внедрять протокол IPv6 в сети предприятия.
#
107. Курс CCNP ROUTE
Промокод #BIGNET
Скидка 10% на профессиональный курс CCNP ROUTE
#