Académique Documents
Professionnel Documents
Culture Documents
BRKRST-2337
Faraz Shamim
Donnie Savage
Distribution:
Provides aggregation of traffic flows from multiple Access layers to the Core. Traffic filtering and
packet policies are typically implemented here. The distribution layer should be the blocking point
for Queries (more about this later)
Access:
Provide connectivity to user attachment points for servers, end stations, storage devices, and other
IP devices.
WAN Aggregation:
Provides connectivity to the internet and/or remote sites/offices.
BRKRST-2337
Cisco Public
Core
WAN Aggregation
Internet
Mail
Servers
Mobile Worker
Internet
Servers
Firewall
VPN
Branch
Router
Core
Application
Acceleration
WAN
Remote Office
Distribution
Regional
Router
Application
Acceleration
Access
Building 1
Building 3
Building 2
Building 4
Regional Office
BRKRST-2337
Cisco Public
!
interface TenGig0/0/0/1
ip address 192.168.1.1 255.255.255.0
ipv6 enable
ospfv3 1 area 0 ipv6
ospfv3 1 area 1 ipv4
!
router ospfv3 1
address-family ipv4 unicast
router-id 10.1.1.1
exit-address-family
!
address-family ipv6 unicast
router-id 10.1.1.1
exit-address-family
Cisco Public
IPv6
IPv4
BRKRST-2337
IPv6
IPv4/IPv6
IPv6
Cisco Public
IPv4
IPv4
Similar Concepts
Differences
BRKRST-2337
Cisco Public
IPv6
IPv4
IPv4
BRKRST-2337
Cisco Public
vrf lite
multi-vrf CE
BRKRST-2337
Cisco Public
Setting of the forwarding address in Type-7 LSAs has been further refined.
Changes to the Type-7 AS external routing calculation.
Changes to translating Type-7 LSAs into Type-5 LSAs
Changes to flushing translated Type-7 LSAs
BRKRST-2337
Cisco Public
10
SNMP Management
Station
OSPFv3 router
Cisco Public
11
OSPFv3 AF IPv6
2001::1/96
BRKRST-2337
2001::2/96
Cisco Public
12
router ospfv3 1
prefix-suppression
address-family ipv4 unicast
prefix-suppression
Each infrastructure link may have IPv4 and IPv6 addresses which, by
default, are advertised by OSPFv3 using intra-area-prefix-LSA.
Resource saving, and convergence improvements
Remote attack vulnerability reduction
OSPFv3 AF IPv6
2001::1/96
2001::2/96
10.1.1.1/24
10.1.1.2/24
OSPFv3 AF IPv4
BRKRST-2337
Cisco Public
13
R(config)#router ospfv3 1
R(config-router)# shutdown
BRKRST-2337
Cisco Public
14
Core
WAN Aggregation
Data Center
Core
Internet
Mail
Servers
Mobile Worker
Internet
Servers
Firewall
VPN
Branch
Router
Application
Acceleration
Core
WAN
Remote Office
Distribution
Regional
Router
Application
Acceleration
Access
Building 1
Building 2
Building 3
Building 4
Regional Office
BRKRST-2337
Cisco Public
15
Area 12
ABR
Area 10
ABR
ABR
Backbone
Area 0
ABR
Area 11
ASBR
Internal
BRKRST-2337
RIP/RIPv2
World
Cisco Public
16
Internal
Area 12
ABR
Area 10
ABR
ABR
Backbone
Area 0
ABR
Area 11
ASBR
Internal
BRKRST-2337
Type4/5
RIP/RIPv2
World
Cisco Public
17
Area 12
ABR
Area 10
ABR
ABR
Backbone
Area 0
Full SPF
ABR
Area 11
Internal
BRKRST-2337
Partial SPF
RIP/RIPv2
World
Cisco Public
18
BRKRST-2337
Area 1
Cisco Public
19
BRKRST-2337
Backbone
ABR2
ABR1
ABRn
Area 1
Cisco Public
20
BRKRST-2337
Cisco Public
Area 2
21
NMS
Wan links
BRKRST-2337
Cisco Public
22
BRKRST-2337
Cisco Public
NMS
Area 1
23
Summarization Technique
Area 0
Configure on Both ABRs
Area-Range 11.1.0/17
Area-Range 11.1.128/17
ABR1
Cost to Range 1:
Via ABR1: 30
Via ABR2: 80
Cost to Range 2:
Via ABR1: 80
Via ABR2: 30
10
ABR2
10
Area 10
11.1/16
R3
50
11.1.1/24
20
R4
11.1.129/24
50
20
R5
11.1.2/24
R6
11.1.130/24
BRKRST-2337
Cisco Public
24
IGP 1
BGP Core
USA
IGP 4
Japan
France
IGP 5
IGP 6
IGP 2
BRKRST-2337
Canada
Brazil
Cisco Public
IGP 3
Germany
25
Stub Area
eBGP
BRKRST-2337
eBGP
Cisco Public
26
NSSA will also give the flexibility to filter type 5 at the ABR level
Redistribute only what is absolutely necessary
Dont redistribute full Internet routes into OSPF!
Default route into BGP core; let the core worry about final destination
BRKRST-2337
Cisco Public
27
BRKRST-2337
Cisco Public
28
NSF-Aware
NSF-Aware
NSF
Capable
Cisco Public
29
Line Card
Line Card
Line Card
Line Card
Pro
STANDBY
ACTIVE
STANDBY
ACTIVE
Con
Uses more system resources due to information transfer to
standby processor
BRKRST-2337
Cisco Public
30
Data Center
WAN Aggregation
Data Center
Core
Internet
Mail
Servers
Mobile Worker
Internet
Servers
Firewall
VPN
Branch
Router
Application
Acceleration
Core
WAN
Remote Office
Distribution
Regional
Router
Application
Acceleration
Access
Building 1
Building 2
Building 3
Building 4
Regional Office
BRKRST-2337
Cisco Public
31
Data Center
Data Centers are at the core of your business activity
Video, voice or other rich media traffic is placing ever-increasing demands on
the physical layer
The Core can be used as the data center core. Consider the following items
when determining the right core solution:
10GigE densityWill there be enough 10GigE ports on the core switch pair to support
both the campus distribution as well as the data center aggregation modules?
Administrative domains and policiesSeparate cores help to isolate campus
distribution layers from data center aggregation layers in terms of troubleshooting,
administration, and policies (QoS, ACLs, troubleshooting, and maintenance).
Future anticipationThe impact that can result from implementing a separate data
center core layer at a later date might make it worthwhile to install it at the beginning.
Cisco Public
32
BRKRST-2337
Cisco Public
33
Network Convergence
Techniques/Tools for Fast Convergence
Carrier Delays
Detect
Hello/dead timers
Detect
Bi-Directional Forwarding Detection(BFD)
LSA packet pacing
Interface event dampening
Propagate
Propagate
Exponential throttle timers for LSA and SPF
MinLSArrival Interval
Incremental SPF
Detect
Process
Process
Process
BRKRST-2337
Cisco Public
34
The following example configures OSPF fast hello packets; the dead interval is 1 second
and there are five hello packets sent every second:
interface GigabitEthernet1/1
Additional information
dampening
ip ospf dead-interval minimal hello-multiplier 5
ip ospf network point-to-point
There are reasons for not recommending this and also for us not offering such low values; for example, depending
on the number of interfaces, hello rates can become CPU intensive and lead to spikes in processing/memory
requirements
BRKRST-2337
Cisco Public
35
BRKRST-2337
Cisco Public
36
But..
Primary Next-Hop
Primary Path
Repair Path
Cisco Public
37
router ospf 1
router-id 10.1.1.1
fast-reroute per-prefix enable prefix-priority low
network 10.0.0.0 255.255.255.255 area 0
BRKRST-2337
Cisco Public
38
2 routers == 1 link
3 routers == 3 links
4 routers == 6 links
5 routers == 10 links
6 routers == 15 links
N routers == ((N) (N-1)) / 2
BRKRST-2337
Cisco Public
39
New Information
BRKRST-2337
Cisco Public
40
! Point-to-Point
interface serial 1/0
ip ospf database-filter all out
....
! Point-to-Multipoint
router ospf 1
neighbor 10.1.1.3 database-filter all out
New Information
BRKRST-2337
Cisco Public
41
BRKRST-2337
Cisco Public
42
Data Center
Core
Internet
Mail
Servers
Mobile Worker
Internet
Servers
Firewall
VPN
Branch
Router
Application
Acceleration
Core
WAN
Remote Office
Distribution
Regional
Router
Application
Acceleration
Access
Building 1
Building 2
Building 3
Building 4
Regional Office
BRKRST-2337
Cisco Public
43
Summarization
B
A
ABR-1
Backbone
E
ABR-2
Area 1
F
BRKRST-2337
Cisco Public
44
Backbone Area
100
ABR-1
10
B
10
ABR-2
10.1.1.0/24, cost 10
100
Area 1
Backbone Area
100
ABR-1
10
B
10
ABR-2
10.1.1.0/24, cost 10
100
Area 1
BRKRST-2337
Cisco Public
45
Then, either:
100
ABR-1
10
B
10
ABR-2
10.1.1.0/24, cost 10
100
Area 1
Backbone Area
100
ABR-1
10
B
10
ABR-2
10.1.1.0/24, cost 10
100
Area 1
BRKRST-2337
Cisco Public
46
BRKRST-2337
Cisco Public
47
BRKRST-2337
Cisco Public
48
BRKRST-2337
Reachability
Only Through A
Cisco Public
49
BRKRST-2337
C
Static Routes Here
Cisco Public
50
ABR
Area 1
Cisco Public
51
interface s0/0
ip address 10.1.1. 255.255.255.0
ip ospf priority 200
....
interface s0
ip ospf priority 0
C Is DR ....
A
A Is DR
BRKRST-2337
Cisco Public
C Is DR A Is DR
52
BRKRST-2337
Cisco Public
53
interface s0/0
ip address 10.1.1.1 255.255.255.0
ip ospf network point-to-multipoint
10.1.1.2/32
10.1.1.3/32
10.1.1.4/32
....
interface s0
ip address 10.1.1.x 255.255.255.0
ip ospf network point-to-multipoint
BRKRST-2337
Cisco Public
54
Cisco Public
55
Advantages
Disadvantages
Single Interface
at the Hub Treated as an OSPF Broadcast
or NBMA Network
Single IP Subnet
Manual Configuration
of Each Spoke with the Correct OSPF
Priority
Single Interface
at the Hub Treated as an OSPF Point-toMultipoint Network
ip ospf Network-Type
Point-to-Multipoint
Individual Point-to-Point
Interface at the Hub
for Each Spoke
ip ospf Network-Type
Point-to-Point
BRKRST-2337
Single IP Subnet
No Configuration per Spoke
Most Natural Solution
Smaller database
Lost IP Address Space
Can Take Advantage of End-to-End
Signaling for Down State
More Routes
in the Routing Table
Larger database
Overhead of Sub-Interfaces
Cisco Public
56
Small Number
of Spokes
Large Number of
Spokes
Area 1
BRKRST-2337
Cisco Public
57
BRKRST-2337
Backbone
Area 1
Area 2
Cisco Public
58
WAN Aggregation
Data Center
Core
WAN Aggregation
Internet
Mail
Servers
Mobile Worker
Internet
Servers
Firewall
VPN
Branch
Router
Core
Application
Acceleration
WAN
Remote Office
Distribution
Regional
Router
Application
Acceleration
Access
Building 1
Building 2
Building 3
Building 4
Regional Office
BRKRST-2337
Cisco Public
59
domain-id 99
PE-1
domain-id 99
(PE)
PE-2
MPLS-VPN Backbone
Type-1 (Router-LSA)
Link-State-ID: C-1
Link-ID: Net-1
Area: 1
Adv. Router: C-1
Type-3 (Summary-LSA)
Link-State-ID: C-1
Link-ID: Net-1
Adv. Router: PE-2
Type-5 (External-LSA)
Link-State-ID: Net-1
Adv. Router: PE-2
Metric : 20
CE-1
C-1
Area 1
Net-1
Site1
BRKRST-2337
CE-2
Area 2
Site2
2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
60
VPN-IPv4 Update
RD:30.1.0.0, Next-hop=PE-1
RT=xxx:xxx
atomic-aggregate
BGP
BGP
PE-1
PE-3
PE-2
OSPF
OSPF
Area 1
Type-5 (External-LSA)
Link-State-ID: 30.1.0.0
Adv. Router: PE-2
Metric : 20
Area 2
30.1.1.0 - 30.1.255.0
CE-1
Site1
BRKRST-2337
Area 3
CE-2
CE-3
Site2
Site3
Cisco Public
61
BGP
VPN-IPv4 Update
RD:30.2.1.0, Next-hop=PE-2
RT=xxx:xxx
MED: 58
OSPF-Route-Type= 2:2:0
OSPF-Domain:xxx
BGP
PE-1
OSPF
BGP
BGP
PE-3
PE-2
OSPF
Area 2
Area 1
30.2.1.0 - 30.2.255.0
CE-1
Site1
BRKRST-2337
Type-5 (External-LSA)
Link-State-ID: 30.0.0.0
Adv. Router: PE-3
Metric : 58
Area 3
Type-3 (Summary-LSA)
Link-State-ID: C-1
Link-ID: 30.1.1.0
Adv. Router: PE-2
30.1.1.0 - 30.1.255.0
OSPF
OSPF
CE-2
Site2
2013 Cisco and/or its affiliates. All rights reserved.
CE-3
Site3
Cisco Public
62
router bgp xx
address-family ipv4 vrf vpna
redistribute ospf 99 vrf vpna route-map
block_summary
PE-1
BGP
PE-3
E-3
PE-2
Area 2
Area 1
30.1.1.0 - 30.1.255.0
BRKRST-2337
Area 3
router ospf 1 vrf <name>
summary-address 30.0.0.0 255.0.0.0
30.2.1.0 - 30.2.255.0
CE-1
Site1
OSPF
Type-5 (External-LSA)
Link-State-ID: 30.0.0.0
Adv. Router: PE-3
Metric : 58
CE-2
Site2
2013 Cisco and/or its affiliates. All rights reserved.
E-3
CE-3
Site3
Cisco Public
63
PE-1
Area 0
CE-1
Area 1
OR Type-2 Network-LSA Link-State-ID: Net-1
Adv. Router: x.x.x.x
BRKRST-2337
PE-2
Area 0
CE-2
Area 2
Network = Net-1
Cisco Public
Type-3 (Summary-LSA)
Down Bit Is Set
Link-State-ID: Net-1
Adv. Router: PE-2
Metric: 6
Type-3 (Summary-LSA)
Down Bit Is Ignored
Link-State-ID: Net-1
Adv. Router: CE-2
Metric: 6
64
VPN-IPv4 Update
RD:Net-1, Next-hop=PE-1
RT=xxx:xxx
MED: 6
OSPF-Route-Type= 1:2:0
OSPF-Domain:xxx
OSPF-RID= PE-1:0
Type-1 (Router-LSA)
Link-State-ID: Net-1
Adv. Router: CE-1
Metric: 6
MPLS-VPN Backbone
PE-2
PE-1
Area 1
CE-1
Area 2
Network = Net-1
Site1
BRKRST-2337
Type-3 (Summary-LSA)
Down bit is set
Link-State-ID: Net-1
Adv. Router: PE-2
Metric: 6
CE-2
Site2
Cisco Public
65
VPN-IPv4 Update
RD:Net-1, Next-hop=PE-1
RT=xxx:xxx
MED: 6
OSPF-Route-Type= 1:2:0
OSPF-Domain:xxx
OSPF-RID= PE-1:0
Type-1 (Router-LSA)
Link-State-ID: Net-1
Adv. Router: CE-1
Metric: 6
MPLS-VPN Backbone
PE-2
PE-1
Area 1
CE-1
Area 1
Network = Net-1
Site1
BRKRST-2337
Type-3 (Summary-LSA)
Down bit is set
Link-State-ID: Net-1
Adv. Router: PE-2
Metric: 6
CE-2
Site2
Cisco Public
66
All sites are in the same area and there is a backdoor link
Route is advertised to MPLS VPN backbone
Same prefix is learnt as intra-area route via backdoor link
PE2 does not generate Type3 LSA once type-1 LSA is received from the site
Traffic is sent over backdoor link instead of MPLS VPN cloud
No LSA Type 3 created
MPLS VPN backbone not used
VPN-IPv4 Update
RD:Net-1, Next-hop=PE-1
RT=xxx:xxx
OSPF-Route-Type= 1:2:0
OSPF-Domain: xxx
OSPF-RID= PE-1:0
MPLS-VPN Backbone
PE-2
PE-1
Type-1 (Router-LSA)
Link-State-ID: C-1
Link-ID: Net-1
Area: 1
Adv. Router: C-1
Type-1 (Router-LSA)
Link-State-ID: C-1
Link-ID: Net-1
Area: 1
Adv. Router: C-1
CE-1/CE-2 link
Area 1
CE-1
Net-1
Area 1
C-1
Site1
BRKRST-2337
Type-1 (Router-LSA)
Link-State-ID: C-1
Link-ID: Net-1
Area: 1
Adv. Router: C-1
CE-2
Type-1 (Router-LSA)
Link-State-ID: C-1
Link-ID: Net-1
Area: 1
Adv. Router: C-1
Area 1
Site2
Cisco Public
67
MPLS-VPN Backbone
PEPE-1
Type-1 (Router-LSA)
Link-State-ID: C-1
Link-ID: Net-1
Area: 1
Adv. Router: C-1
Type-1 (Router-LSA)
Link-State-ID: C-1
Link-ID: Net-1
Area: 1
Adv. Router: C-1
Type-1 (Router-LSA)
Link-State-ID: C-1
Link-ID: Net-1
Area: 1
Adv. Router: C-1
CE-1/CE-2 link
Area 1
CE-1
Net-1
Area 1
C-1
Site1
BRKRST-2337
PE-2
Sham-Link
CE-2
Type-1 (Router-LSA)
Link-State-ID: C-1
Link-ID: Net-1
Area: 1
Adv. Router: C-1
Area 1
Site2
Cisco Public
68
Area 0
VPN
red
PE2
Area 1
VP
N
red
CE1
Area 2
BRKRST-2337
Cisco Public
69
As before, sites may consist of hierarchical OSPF topology consisting of area 0 and non-area 0
If site contains area 0, it must touch provider PE router
OSPF Rule: Summary LSAs from non-zero areas are not injected into backbone area 0
Create a virtual link so inter-area routes will show up
vpnv4
update
MPLS VPN Super Backbone
LSA Type 3
virtual-link
Area 2
PE1
PE2
VPN
red
LSA Type 3
Area 1
VP
N
red
LSA Type 1 or 2
CE1
LSA Type 3
Area 0
BRKRST-2337
LSA type 3
Summary routes is NOT advertised into area 0
Cisco Public
70
MPLS
VPN
BRKRST-2337
Cisco Public
71
BRKRST-2337
Cisco Public
72
Available in:
12.3(7)T 12.2(25)S 12.0(27)S
12.2(18)SXE 12.2(27)SBC
BRKRST-2337
Cisco Public
73
iBGP
OSPF
MPLS
VPN
Cisco Public
74
BRKRST-2337
Cisco Public
75
BRKRST-2337
Cisco Public
76
Final Thoughts
Get hands-on experience with the Walk-in Labs located in World of Solutions,
booth 1042
Come see demos of many key solutions and products in the main Cisco booth
2924
Visit www.ciscoLive365.com after the event for updated PDFs, on-demand
session videos, networking, and more!
Follow Cisco Live! using social media:
Facebook: https://www.facebook.com/ciscoliveus
Twitter: https://twitter.com/#!/CiscoLive
LinkedIn Group: http://linkd.in/CiscoLI
BRKRST-2337
Cisco Public
77
Cisco Public
78