Vous êtes sur la page 1sur 352

SPNGN2

Building Cisco Service


Provider Next-Generation
Networks, Part 2
Volume 1
Version 1.01

Student Guide

Text Part Number: 97-3130-02


Americas Headquarters Asia Pacific Headquarters Europe Headquarters
Cisco Systems, Inc. Cisco Systems (USA) Pte. Ltd. Cisco Systems International BV Amsterdam,
San Jose, CA Singapore The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company. (1110R)

DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS IS” AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT
OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE,
OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release
content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above.

Student Guide © 2012 Cisco and/or its affiliates. All rights reserved.
Students, this letter describes important
course evaluation access information!

Welcome to Cisco Systems Learning. Through the Cisco Learning Partner Program,
Cisco Systems is committed to bringing you the highest-quality training in the industry.
Cisco learning products are designed to advance your professional goals and give you
the expertise you need to build and maintain strategic networks.

Cisco relies on customer feedback to guide business decisions; therefore, your valuable
input will help shape future Cisco course curricula, products, and training offerings.
We would appreciate a few minutes of your time to complete a brief Cisco online
course evaluation of your instructor and the course materials in this student kit. On the
final day of class, your instructor will provide you with a URL directing you to a short
post-course evaluation. If there is no Internet access in the classroom, please complete
the evaluation within the next 48 hours or as soon as you can access the web.

On behalf of Cisco, thank you for choosing Cisco Learning Partners for your
Internet technology training.

Sincerely,

Cisco Systems Learning


Table of Contents
Volume 1
Course Introduction .......................................................................................................... 1
Overview ............................................................................................................................................... 1
Learner Skills and Knowledge ........................................................................................................ 2
Course Goal and Objectives ................................................................................................................. 3
Course Flow .......................................................................................................................................... 4
Additional References ........................................................................................................................... 5
Cisco Glossary of Terms ................................................................................................................ 5
Your Training Curriculum ...................................................................................................................... 6
Your Training Curriculum ...................................................................................................................... 7
Service Provider Network Architecture ........................................................................ 1-1
Overview ............................................................................................................................................ 1-1
Module Objectives ....................................................................................................................... 1-1
Introduction to Service Providers ....................................................................................... 1-3
Overview ............................................................................................................................................ 1-3
Objectives .................................................................................................................................... 1-3
Types of Service Providers ................................................................................................................ 1-4
Internet Service Provider Basics ........................................................................................................ 1-6
Interconnecting Service Providers ..................................................................................................... 1-7
Internet Exchange Point ..................................................................................................................... 1-8
Example ....................................................................................................................................... 1-8
Types of Internet Service Providers ................................................................................................... 1-9
Global IP Address Space Management ........................................................................................... 1-13
Global Routing ................................................................................................................................. 1-17
Autonomous Systems ...................................................................................................................... 1-18
BGP Routing Protocol ...................................................................................................................... 1-19
Multihoming ...................................................................................................................................... 1-20
Summary .......................................................................................................................................... 1-25
Cisco IP NGN Architecture ................................................................................................ 1-27
Overview .......................................................................................................................................... 1-27
Objectives .................................................................................................................................. 1-27
Cisco IP NGN Architecture............................................................................................................... 1-28
Cisco IP NGN Application Layer ...................................................................................................... 1-30
Cisco IP NGN Service Layer ............................................................................................................ 1-31
Cisco IP NGN Infrastructure Layer .................................................................................................. 1-32
Core Network Functions................................................................................................................... 1-33
Mechanisms Used in the Core Network........................................................................................... 1-34
Edge Network Functions .................................................................................................................. 1-35
Mechanisms Used in Edge Networks .............................................................................................. 1-36
Aggregation Networks ...................................................................................................................... 1-37
Access Layer .................................................................................................................................... 1-39
Access Network Functions ............................................................................................................... 1-40
Global IP Traffic Trends ................................................................................................................... 1-41
One Architecture for All Services ..................................................................................................... 1-43
Summary .......................................................................................................................................... 1-48
Cisco Hardware Platform Placement ................................................................................ 1-49
Overview .......................................................................................................................................... 1-49
Objectives .................................................................................................................................. 1-49
Cisco Hardware Platform Placement ............................................................................................... 1-50
Cisco IP NGN Core Network ............................................................................................................ 1-52
Cisco Carrier Routing System (CRS-1 and CRS-3) ........................................................................ 1-53
Cisco 12000 Series Routers ............................................................................................................ 1-59
Cisco IP NGN Edge and Aggregation Networks .............................................................................. 1-63
Cisco ASR 9000 ............................................................................................................................... 1-64
Cisco 7600 Series Routers .............................................................................................................. 1-70
Cisco ASR 1000 Router ................................................................................................................... 1-74
Cisco 7200 Router ........................................................................................................................... 1-80
Cisco ME 3800X Series Switches ................................................................................................... 1-82
Cisco IP NGN Access Network ........................................................................................................ 1-83
Cisco Integrated Services Routers Generation 2 ............................................................................ 1-84
Cisco 3900 Series ISR G2 ............................................................................................................... 1-85
Cisco 2900 Series ISR G2 ............................................................................................................... 1-86
Cisco 1900 Series ISR G2 ............................................................................................................... 1-87
Cisco Mobile Wireless Router 2941 ................................................................................................. 1-88
Cisco ME 4924-10GE Switch........................................................................................................... 1-89
Cisco ME 3600X Series Switch ....................................................................................................... 1-90
Cisco ME 3400E Series Switch ....................................................................................................... 1-91
Summary .......................................................................................................................................... 1-93
Module Summary ............................................................................................................................. 1-95
Module Self-Check ........................................................................................................................... 1-97
Module Self-Check Answer Key ................................................................................................ 1-99
Advanced LAN Switching .............................................................................................. 2-1
Overview ............................................................................................................................................ 2-1
Module Objectives ....................................................................................................................... 2-1
Implementing VLANs and Trunks ....................................................................................... 2-3
Overview ............................................................................................................................................ 2-3
Objectives .................................................................................................................................... 2-3
Cisco IP NGN Access Network .......................................................................................................... 2-5
Layer 2 Switched Network Issues ...................................................................................................... 2-6
VLAN Overview .................................................................................................................................. 2-8
Basic VLAN Design Concepts ........................................................................................................... 2-9
Example: Network Design ......................................................................................................... 2-10
Considering Traffic Source to Destination Paths ...................................................................... 2-12
VLAN Creation Guidelines ............................................................................................................... 2-14
Adding and Verifying a VLAN .......................................................................................................... 2-15
Trunking ........................................................................................................................................... 2-19
802.1Q Trunk ................................................................................................................................... 2-21
802.1Q Frame .................................................................................................................................. 2-22
Understanding Native VLANs .......................................................................................................... 2-23
Configuring and Verifying 802.1Q Trunk ......................................................................................... 2-24
Cisco IP NGN Edge and Core Networks ......................................................................................... 2-26
QinQ ................................................................................................................................................. 2-27
802.1QinQ Frame ............................................................................................................................ 2-28
Configuring QinQ ............................................................................................................................. 2-29
Summary .......................................................................................................................................... 2-30
Spanning Tree Protocol Enhancements .......................................................................... 2-31
Overview .......................................................................................................................................... 2-31
Objectives .................................................................................................................................. 2-31
Cisco IP NGN Access Network ........................................................................................................ 2-33
Default Spanning Tree Configuration .............................................................................................. 2-34
PVST+ Operation ............................................................................................................................. 2-35
PVST+ Operation ...................................................................................................................... 2-36
PVST+ Extended Bridge ID ............................................................................................................. 2-37
Spanning Tree Operation Example ................................................................................................. 2-39
Example: 802.1D Spanning Tree Operation ............................................................................. 2-39
Spanning Tree Path Cost................................................................................................................. 2-42
Example: Spanning Tree Path Cost .......................................................................................... 2-42
Spanning Tree Recalculation ........................................................................................................... 2-43
Example: Spanning Tree Recalculation .................................................................................... 2-43
STP Convergence ............................................................................................................................ 2-44
RSTP................................................................................................................................................ 2-45
PVRST+ Configuration Guidelines .................................................................................................. 2-47
Implementing PVRST+ .................................................................................................................... 2-48

ii Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
MSTP ............................................................................................................................................... 2-50
MST Regions ................................................................................................................................... 2-52
Implementing MST ........................................................................................................................... 2-54
PortFast ............................................................................................................................................ 2-58
BPDU Guard .................................................................................................................................... 2-59
Applying BPDU Guard Globally vs. per Port ............................................................................. 2-59
Configuring BPDU Guard .......................................................................................................... 2-60
BPDU Filter ...................................................................................................................................... 2-61
Configuring BPDU Filter ............................................................................................................ 2-61
REP .................................................................................................................................................. 2-62
REP Redundancy Options ............................................................................................................... 2-64
Configuring REP .............................................................................................................................. 2-65
Summary .......................................................................................................................................... 2-66
Routing Between VLANs ................................................................................................... 2-69
Overview .......................................................................................................................................... 2-69
Objectives .................................................................................................................................. 2-69
Cisco IP NGN Access Network ........................................................................................................ 2-70
Inter-VLAN Routing Overview .......................................................................................................... 2-71
Configuring a Router for Inter-VLAN Routing .................................................................................. 2-73
Configuring a Layer 3 Switch for Inter-VLAN Routing ..................................................................... 2-79
Summary .......................................................................................................................................... 2-83
First Hop Redundancy Protocols...................................................................................... 2-85
Overview .......................................................................................................................................... 2-85
Objectives .................................................................................................................................. 2-85
Cisco IP NGN Edge Network ........................................................................................................... 2-86
Default Gateway Problems .............................................................................................................. 2-87
Default Gateway Redundancy Solution ........................................................................................... 2-88
Supported First Hop Redundancy Protocols.................................................................................... 2-90
Hot Standby Router Protocol ........................................................................................................... 2-91
HSRP Configuration ......................................................................................................................... 2-93
HSRP Load Balancing ..................................................................................................................... 2-95
HSRP Verification ............................................................................................................................ 2-96
Virtual Router Redundancy Protocol ................................................................................................ 2-97
VRRP Configuration ......................................................................................................................... 2-98
VRRP Load Balancing ................................................................................................................... 2-100
VRRP Verification .......................................................................................................................... 2-101
Gateway Load Balancing Protocol ................................................................................................. 2-102
GLBP Configuration ....................................................................................................................... 2-103
GLBP Load Balancing .................................................................................................................... 2-104
GLBP Verification ........................................................................................................................... 2-105
Summary ........................................................................................................................................ 2-106
Module Summary ........................................................................................................................... 2-107
Module Self-Check ......................................................................................................................... 2-109
Module Self-Check Answer Key .............................................................................................. 2-112
Internal Service Provider Traffic Forwarding ............................................................... 3-1
Overview ............................................................................................................................................ 3-1
Module Objectives ....................................................................................................................... 3-1
Link-State Routing Protocols .............................................................................................. 3-3
Overview ............................................................................................................................................ 3-3
Objectives .................................................................................................................................... 3-3
Service Provider IP and MPLS Core Network Requirements ............................................................ 3-4
Link-State Routing Protocol Basics .................................................................................................... 3-6
Link-State Adjacencies....................................................................................................................... 3-8
Link-State Advertisements ................................................................................................................. 3-9
Link-State Database and SPF Calculations ..................................................................................... 3-10
Summary .......................................................................................................................................... 3-13
Implementing OSPF ........................................................................................................... 3-15

 2012 Cisco Systems, Inc. Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 iii
Overview .......................................................................................................................................... 3-15
Objectives .................................................................................................................................. 3-15
OSPF Overview ............................................................................................................................... 3-16
Adjacencies ...................................................................................................................................... 3-18
Metric ............................................................................................................................................... 3-20
Router ID .......................................................................................................................................... 3-21
OSPF Configuration Scenario.......................................................................................................... 3-22
Adding Interfaces to OSPF .............................................................................................................. 3-24
Single-Area OSPF Implementation Scenario .................................................................................. 3-25
OSPF Load Balancing ..................................................................................................................... 3-31
OSPF Authentication ....................................................................................................................... 3-38
OSPFv2 Authentication .................................................................................................................... 3-39
OSPFv3 Authentication .................................................................................................................... 3-40
OSPF Authentication Configuration Scenario.................................................................................. 3-41
OSPF Troubleshooting .................................................................................................................... 3-44
Summary .......................................................................................................................................... 3-45
Implementing IS-IS............................................................................................................. 3-47
Overview .......................................................................................................................................... 3-47
Objectives .................................................................................................................................. 3-47
IS-IS Basics...................................................................................................................................... 3-48
IS-IS Features .................................................................................................................................. 3-50
CLNS Addresses ............................................................................................................................. 3-51
IS-IS Metric ...................................................................................................................................... 3-53
IS-IS Configuration Scenario ........................................................................................................... 3-54
Adding Interfaces to IS-IS ................................................................................................................ 3-56
IS-IS Implementation Scenario ........................................................................................................ 3-57
IS-IS Load Balancing ....................................................................................................................... 3-62
IS-IS Authentication ......................................................................................................................... 3-67
IS-IS Troubleshooting ...................................................................................................................... 3-70
Summary .......................................................................................................................................... 3-72
References ................................................................................................................................ 3-72
Implementing Route Redistribution.................................................................................. 3-73
Overview .......................................................................................................................................... 3-73
Objectives .................................................................................................................................. 3-73
Cisco IP NGN Edge Network ........................................................................................................... 3-74
Route Redistribution Basics ............................................................................................................. 3-75
Multiple Routing Protocols ............................................................................................................... 3-76
Route Redistribution Example ......................................................................................................... 3-77
Seed Metric ...................................................................................................................................... 3-78
Route Redistribution into OSPF ....................................................................................................... 3-79
Route Redistribution into IS-IS......................................................................................................... 3-83
Summary .......................................................................................................................................... 3-87
References ................................................................................................................................ 3-87
MPLS Basics ...................................................................................................................... 3-89
Overview .......................................................................................................................................... 3-89
Objectives .................................................................................................................................. 3-89
Cisco IP NGN Edge and Core Network ........................................................................................... 3-90
MPLS Introduction ........................................................................................................................... 3-91
MPLS Labels .................................................................................................................................... 3-93
Label Switch Routers ....................................................................................................................... 3-94
MPLS Forwarding Structures ........................................................................................................... 3-96
MPLS Example ................................................................................................................................ 3-97
Label Distribution Protocol ............................................................................................................. 3-101
LDP Sessions................................................................................................................................. 3-102
Label Allocation .............................................................................................................................. 3-103
Label Advertisement ...................................................................................................................... 3-104
Steady-State .................................................................................................................................. 3-107
MPLS LDP Implementation............................................................................................................ 3-108

iv Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
MPLS Troubleshooting................................................................................................................... 3-113
Summary ........................................................................................................................................ 3-114
References .............................................................................................................................. 3-115
Module Summary ........................................................................................................................... 3-117
Module Self-Check ......................................................................................................................... 3-119
Module Self-Check Answer Key .............................................................................................. 3-122

 2012 Cisco Systems, Inc. Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 v
vi Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
SPNGN2

Course Introduction
Overview
The Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01
course is an instructor-led course that is presented by Cisco Learning Partners to their end-user
customers. This five-day course provides network engineers and technicians with the
knowledge and skills that are necessary to implement and support a provider network (P-
network).
The course focuses on using Cisco routers and switches that are connected in LANs and
WANs, and they are typically found in the P-network. Upon completing this course, learners
will be able to configure, verify, and troubleshoot the various Cisco networking devices.
The course also includes classroom activities with remote labs that are useful to gain practical
skills when deploying Cisco IOS/IOS XE Software and Cisco IOS XR Software features to
operate and support the P-network.
Learner Skills and Knowledge
This subtopic lists the skills and knowledge that learners must possess to benefit fully from the
course. This subtopic also includes recommended Cisco learning offerings that learners should
first complete to benefit fully from this course.

• Basic computer literacy


• Basic Microsoft Windows navigation skills
• Basic Internet usage skills
• Basic knowledge of networking concepts
• Basic knowledge of Cisco IOS, Cisco IOS XE, and Cisco IOS XR
Software configuration
• Skills and knowledge that are equivalent to those learned in the
following:
- Building Cisco Service Provider Next-Generation Networks, Part 1 (SPNGN1)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3

2 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Course Goal and Objectives
This topic describes the course goal and objectives.

• To install, operate, and


troubleshoot a service
provider network.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—4

Upon completing this course, you will be able to meet these objectives:
 Describe the Cisco IP Next-Generation Network (Cisco IP NGN) architecture
 Expand a small, switched LAN to a medium-sized LAN with multiple switches, supporting
VLANs, trunking, and Spanning Tree Protocol
 Describe routing concepts as they apply to a P-network and discuss considerations when
implementing routing on the network
 Implement internal and external routing protocols: OSPF, IS-IS, and BGP
 Describe and implement basic MPLS
 Determine how to apply ACLs that are based on network requirements, and implement
ACLs on a P-network
 Describe when to use NAT and implement NAT on Cisco routers
 Describe basic IPv6 concepts and use different configuration scenarios to implement IPv6
 Describe the fundamentals of Cisco IOS XR technology

© 2012 Cisco Systems, Inc. Course Introduction 3


Course Flow
This topic presents the suggested flow of the course materials.

Day 1 Day 2 Day 3 Day 4 Day 5


Course Module 2 Module 3 Module 4 Module 5
Introduction (cont.) (cont.) (cont.) (cont.)

A Module 1: Module 6:
M Service Cisco IOS, IOS-
Provider XE, and IOS-XR
Network Software
Architecture
Lunch
Module 1 Module 3: Module 3 Module 4 Module 6
(cont.) Internal Service (cont.) (cont.) (cont.)
P Provider Traffic
M Forwarding
Module 2: Module 4: Module 5:
Advanced LAN External Service ACLs and IP
Switching Provider Address
Routing Translation

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—5

The schedule reflects the recommended structure for this course. This structure allows enough
time for the instructor to present the course information and for you to work through the lab
activities. The exact timing of the subject materials and labs depends on the pace of your
specific class.

4 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Additional References
This topic presents the Cisco icons and symbols that are used in this course as well as
information on where to find additional technical references.

Cisco IOS Router Cisco IOS XE Router Cisco IOS XR Router

Multilayer Workgroup
Switch Switch

Network
Cloud Laptop Server

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—6

Cisco Glossary of Terms


For additional information on Cisco terminology, refer to the Cisco Internetworking Terms and
Acronyms glossary of terms at
http://docwiki.cisco.com/wiki/Internetworking_Terms_and_Acronyms_%28ITA%29_Guide.

© 2012 Cisco Systems, Inc. Course Introduction 5


Your Training Curriculum
This topic presents the training curriculum for this course.

Cisco Certifications

www.cisco.com/go/certifications

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—7

You are encouraged to join the Cisco certification community, a discussion forum that is open
to anyone holding a valid Cisco career certification (such as a Cisco CCDA®, CCDP®, CCIE®,
CCIP®, CCNA®, CCNP®, CCSP®,, or CCVP®). It provides a gathering place for Cisco certified
professionals to share questions, suggestions, and information about Cisco career certification
programs and other certification-related topics. For more information, visit
http://www.cisco.com/go/certificationswww.cisco.com/go/certifications.

6 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Your Training Curriculum
This topic presents the training curriculum for this course.

Expand Your Professional Options and Advance Your Career

Architect Cisco CCNA Service Provider

Expert Building Cisco Service Provider Next-


Generation Networks, Part 1 (SPNGN1) v1.01

Professional
Building Cisco Service Provider Next-
Generation Networks, Part 2 (SPNGN2) v1.01
Associate

Entry

www.cisco.com/go/certifications
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—8

Cisco Qualified Specialist-focused certifications demonstrate significant competency in


specific technology areas, solutions, or job roles. Individuals who have earned an associate-
level career certification or higher are eligible to become qualified in these focused areas. With
one or more specialist certifications, network professionals can better align their core expertise
with current industry needs.
For more information on the Cisco Qualified Specialist-focused certification, visit
http://www.cisco.com/go/certificationswww.cisco.com/go/certifications.

© 2012 Cisco Systems, Inc. Course Introduction 7


8 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Module 1

Service Provider Network


Architecture
Overview
Modern service providers are trying to provide many different services to their customers. They
try to use their own high-speed core networks—known as provider networks (P-networks)—to
carry many different services. Cisco IP Next-Generation Network (Cisco IP NGN) is the
umbrella of technologies, processes, and key architectural concepts.
This module describes the basic idea of Cisco IP NGN architecture, basic Cisco hardware
positioning, and different types of service providers and their interconnecting strategies.

Module Objectives
Upon completing this module, you will be able to explain the concept and purpose of Cisco IP
NGN. This ability includes being able to meet these objectives:
 Show different ways that service providers can interconnect their networks
 Present a unified view of a P-network in relation to the Cisco IP NGN
 Describe which hardware platform fits in which part of a P-network
1-2 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 1

Introduction to Service
Providers
Overview
Interconnecting the provider network (P-network) is an important topic in P-network design.
This module will cover basic terminology and explain how service providers are
interconnected, how IP addresses are managed, and how routing of traffic between different
networks is done.

Objectives
Upon completing this lesson, you will be able to show different ways for how service providers
can interconnect their networks. You will be able to meet these objectives:
 Describe different types of service providers
 Describe the basic concepts of Internet service providers
 Explain different types of service provider relationship models
 Explain the physical infrastructure that service providers use to exchange traffic
 Describe different type of Internet service provider tiers
 Describe how IP address space is managed and who is responsible for allocating IP
addresses
 Describe the basic principles and routing protocols that are used by ISPs
 Explain different types of autonomous systems
 Introduce the BGP routing protocol
 Describe the different types of multihoming
Types of Service Providers
This topic describes different types of service providers.

A service provider is an entity that provides different kinds of


services to other entities. Five types exist:
• Communications service provider (CSP)
• Telecommunications service provider (TSP)
• Network service provider (NSP)
• Internet service provider (ISP)
• Application service provider (ASP)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-3

Service providers are an entity that provides different kinds of services to their customers.
Historically, there were many specialized service providers that provided different services, as
follows:
 Communications service providers (CSPs)
 Telecommunications service providers (TSPs)
 Network service providers (NSPs)
 ISPs
 Application service providers (ASPs)

In the beginning, most service providers provided communications and telecommunication


services. The term CSP encompasses public and private companies in the telecommunications
(landline and wireless), Internet, cable, satellite, and managed services businesses. CSP came
into vogue in the late 1990s. Before then, communications businesses were highly specialized,
with little overlap among traditional telecommunications, cellular, cable, and Internet
companies. In the 1990s, deregulation (such as the Telecommunications Act of 1996 in the
United States) and technology convergence began to cause massive upheaval in the industry.
As companies began to offer broader portfolios of communications services, traditional
categories were inadequate to describe service providers. CSP is now widely accepted as a
broad category encompassing all of these businesses. TSP is a type of CSP that traditionally has
provided telephone and similar services. This category includes incumbent local exchange
carriers (ILECs), competitive local exchange carriers (CLECs), and mobile wireless
communications companies.

1-4 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
After the Internet was born, ISPs and NSPs became very popular. They provide Internet access
to business and residential customers. ISPs specialized in offering Internet connectivity to their
customers, and NSPs specialized in offering backbone for other service providers.
ASPs are newer service providers that provide software or some applications as a service. This
approach spreads the cost of software among many customers. This model has even more
advantages. Applications are more scalable and easier to maintain.
As the service provider architecture continues to evolve to meet market demands and to provide
services flexibly for the future, many of the niche roles that are described earlier converge to a
three-tier architecture that is used to deliver services on three horizons:
1. On the customer premises equipment (CPE) or mobile endpoint
2. At the virtualized network or data center edge
3. In the data center or cloud
In a world of dynamic service delivery today, the service provider architecture must be flexible.
Networks are evolving to a service provider core and a data center core, both of which are
complemented by data center elements (that is, compute, storage, network, or orchestration) at
the virtualized network or data center edge. This introduces the concept of the “massively
distributed data center” to service provider architectures. Convergence of networks serving
fixed, mobile, and other assets is an ongoing evolution, not a one-time step. Expect the market
dynamics, “consumerization” of IT, and mobility to have an important effect on service
delivery and on P-network architecture.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-5


Internet Service Provider Basics
This topic describes the basic concepts of Internet service providers.

• ISP provides access to common network called Internet


• ISP provides service to:
- Home user subscribers
• ADSL, cable internet, and FTTH
• Internet access, VoIP, and IPTV
- Business subscribers
• ADSL, SDSL, and leased lines
• Internet access, private VPNs, and VoIP

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-4

ISPs are companies that provide access to a common network called the Internet to their
customers or subscribers.
ISPs usually divide their customers into the following:
 Home or residential subscribers
 Business subscribers

Home subscribers are mostly subscribers that need just best-effort Internet access, sometimes
VoIP, and IPTV. Internet speeds are usually lower, and they do not sign any service level
agreement (SLA) with an ISP. This is why prices are usually much lower.
Home subscribers usually use cable television (CATV) infrastructure or asymmetric (ADSL).
Some of them also use fiber-to-the-home (FTTH) links.
Business users are more powerful users. Their business more or less depends on Internet
connectivity, so they sign a SLA with an ISP. This agreement defines the quality of links and
penalties if quality is not acceptable. Prices for these links usually are higher.
Private VPN is a commonly used service by business users. ISPs establish an isolated secure
worldwide network for interconnecting a remote branch network with a headquarters network.
Multiprotocol Label Switching (MPLS) is used for establishing private VPNs.

1-6 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Interconnecting Service Providers
This topic explains different types of service provider relationship models.

• Three entities in service provider relationship model:


- Customers
• Pay ISP for providing Internet access to them
- Peers
• Exchange traffic for free, which is a mutual benefit
- Transit partners
• You pay your partner to access a certain range of networks
• Relationships are defined in settlements between partners.
• The Internet is based on the principle of global reachability.
• Each network has to do one of two things:
- Pay another network for transit
- Peer with every other network

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-5

Note: SDSL = symmetric DSL.


In a service provider relationship model, there are three important entities:
 Customers: Customers are an important entity in this model. They pay the ISP for access
to the Internet and other services.
Service providers are responsible for providing Internet connectivity to customers. They
have to route their traffic to all other networks that are managed by other ISPs. This is why
they have to establish connections with other service providers.
 Peers: If two service providers establish a connection and exchange traffic for free, this
relationship is called peering. They usually use peer links for exchanging traffic from one
service provider to another, but they do not use this link as a transit link.
 Transit partners: Transit partners are service providers that charge other service providers
for transit traffic through their network. Transit partners usually are large service providers
that specialize in providing transit links to other service providers.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-7


Internet Exchange Point
This topic explains the physical infrastructure that service providers use to exchange traffic.

• The IXP is the physical infrastructure that service providers use to


exchange traffic.
• IXPs reduce traffic to upstream providers.
- Per-bit delivery cost reduction
• Routing efficiency and fault tolerance is improved.
• BGP is used for traffic routing.

ISP 5 “Internet”

ISP 4
ISP 3 IXP

Peering
ISP 2
ISP 1 Transit

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-6

An Internet exchange point (IXP) is the common physical infrastructure that service providers
use to exchange Internet traffic. Service providers establish one physical link to the IXP and
many sessions with different service providers using the same IXP. IXPs usually are used for
peering, but transit links can be established using IXPs.
Peering by using IXPs reduces transit traffic to upstream providers because service providers
use cost-free peer links for exchanging traffic. Only traffic with a destination outside of the
“IXP community” is where a transit link is used.
IXPs also improve routing efficiency and fault tolerance. Traffic from one service provider can
be sent directly to a destination peer service provider without using a third transit service
provider.
If a peering link between two service providers fails, one service provider routes traffic through
the redundant transit service provider.
Border Gateway Protocol (BGP) is an efficient routing protocol that is used for routing Internet
traffic. It is also used for establishing peer sessions in an IXP environment.

Example
If a customer that is connected to ISP 3 wants to establish a session with a customer that is
connected to ISP 4, ISP 3 uses peer link for traffic exchange because it is free. If the peer link
between ISP 3 and ISP 4 fails, the transit link through another service provider is used.

1-8 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Types of Internet Service Providers
This topic describes different type of Internet service provider tiers.

Tier 1 ISPs

Tier 2 ISP Tier 2 ISP


Tier 2 ISP

Tier 3 ISP Tier 3 ISP

Internet Users

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-7

ISPs are hierarchically organized. End business and residential customers usually are connected
to one or more Tier 3 or Tier 2 ISPs. Tier 1 ISPs are groups of large service providers that peer
with each other and establish the core of the Internet network. Tier 1 ISP customers are either
lower-tiered ISPs or large companies that are looking for reliable and fast access to the Internet.
Boundaries between tiers are not strictly defined. Each ISP has contracts that define
relationships between neighboring partners.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-9


• Purchase transit links from Tier 1 or Tier 2 ISPs
• Peer with regional partners for cutting costs
• Provide Internet access to end customers
- Focused on specific region
- Usually low price access
- Usually lower access speeds
• Customers are usually home user subscribers

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-8

Tier 3 ISPs are focused on providing Internet access to end customers usually in a specific
region. They offer lower-speed connections and usually have lower prices than higher tier ISPs.
Tier 3 ISPs purchase transit links from Tier 1 or Tier 2 ISPs. For cutting costs, they sometimes
peer with regional partners.

1-10 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Purchase transit links from Tier 1 ISPs
• Peer with other ISPs for cutting costs (using IXP)
• Provide Internet access to:
- End customers (home and business)
• Focus on business customers
• Charge higher prices
• Offer higher speeds
- Tier 3 ISPs

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-9

Tier 2 ISPs purchase transit links from Tier 1 ISPs. Transit links of Tier 1 ISPs are very
expensive, so Tier 2 ISPs usually use IXPs and establish peer links with other ISPs.
Tier 2 ISPs provide Internet access to home and business subscribers, but their focus is on
business customers. They usually charge higher prices than Tier 3 ISPs, but they also offer
higher speeds and better SLAs.
Tier 2 ISPs also provide transit links to tier 3 ISPs.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-11


• Large national or international ISPs
- Reach every other network on the Internet without purchasing IP transit links
or paying settlements
• Transit-free network
- Peers with (every) other Tier 1 ISP
- Highest-speed connections
- Very reliable networks
- Usually expensive
• Customers
- Lower-tiered ISPs
- Large companies

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-10

Tier 1 ISPs are a group of large national or international ISPs that can reach every other
network on the Internet without purchasing IP transit links or paying settlements. They peer
with other Tier 1 ISPs so that they can assure very reliable high-speed connections.
Tier 1 ISP customers are typically lower-tiered ISPs or large companies.

1-12 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Global IP Address Space Management
This topic describes how IP addresses are managed and who is responsible for allocating IP
addresses.

• Internet Assigned Numbers Authority (IANA)


- Responsible for allocation of globally unique:
• IP addresses
• AS number allocation
• DNS root zone management
• Protocol parameters
- IANA is operated by Internet Corporation for Assigned Names and Numbers
(ICANN)

IANA allocate RIR allocate NIR/LIR/ISP allocate ISP

assign assign assign

End user End user End user

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-11

 Note: LIR = Local Internet Registry; NIR = National Internet Registry.


The Internet Assigned Numbers Authority (IANA) is the body responsible for coordinating
some of the key elements that keep the Internet running smoothly.
Specifically, the IANA allocates and maintains unique codes and numbering systems that are
used in the technical standards (or protocols) that influence the Internet:
 It coordinates the global pool of IP addresses and provides them to Regional Internet
Registries (RIRs).
 It coordinates the global pool of autonomous system (AS) numbers and provides them to
RIRs.
 It manages the Domain Name System (DNS) root. This means assigning top-level domains
(TLDs) such as country-code top-level domains (ccTLDs), which are two-letter TLDs that
are especially designated for a particular country or autonomous territory to use to service
their community, and generic top-level domains (gTLDs) including .com, .org, and .net.
 It manages the IP numbering system (with standards bodies).
IANA describes its role as follows:
“The IANA team is responsible for the operational aspects of coordinating the Internet’s unique
identifiers and maintaining the trust of the community to provide these services in an unbiased,
responsible, and effective manner.”
IANA is operated by Internet Corporation for Assigned Names and Numbers (ICANN), which
was formed in 1998 as a nonprofit public benefit corporation with participants from all over the
world that is dedicated to keeping the Internet secure, stable, and interoperable.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-13


• Five Regional Internet Registries (RIRs)
- Manage and distribute Internet parameters within their respective regions
- IANA delegates Internet resources to RIRs

IANA

AfriNIC APNIC RIPE LACNIC ARIN


RIR

ISP NIR End user ISP ISP End user LIR ISP

End user End user End user End user End user End user

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-12

Both IPv4 and IPv6 addresses generally are assigned in a hierarchical structure. IP addresses
and IP address space ranges are assigned to subscribers by their ISP. ISPs obtain allocations of
IP addresses from the following:
 Local Internet Registry (LIR)
 National Internet Registry (NIR)
 RIR

The role of the IANA is to allocate IP addresses from the pools of unallocated addresses to the
RIRs. The IANA does not make allocations directly to ISPs or end users except in specific
circumstances, such as allocations of multicast addresses or other protocol-specific needs.
There are five regional RIRs:
 AfriNIC: Africa Region
 APNIC: Asia Pacific Region
 ARIN: North America Region
 LACNIC: Latin America and some Caribbean Islands
 RIPE: Europe, the Middle East, and Central Asia

1-14 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Local Internet Registry (LIR)
- Assigns address space to its users (that is, end users or other ISPs)
- RIR delegates Internet resources to LIR
- LIR can be:
• ISP
• Enterprise
• Academic institution
• National Internet Registry (NIR)
- Works within a country or economic unit
• End Users
- Customers that need Internet access
• IP address
• AS number

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-13

The LIR is responsible for assigning address space to its customers (that is, end users or other
ISPs). Address space blocks are assigned to the LIR by the RIR.
LIRs typically are larger ISPs, but sometimes they are also large enterprises and academic
institutions.
The NIR has the same responsibilities as the LIR, but it works at a national level. NIRs operate
primarily in the APNIC and LACNIC regions.
End users are also an important entity in the Internet address distribution structure. They are the
consumers or customers that need Internet access.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-15


• End user requests IP address by its ISP
- IPv4 address or block of addresses
- IPv6 block of addresses
• /64 address space (network) for end users
• /48, /52, and /56 address spaces (networks) for business users
• ISP distributes addresses from its assigned address space
• IP address space can be:
- Provider Independent (PI)
• Assigned by RIR from its special address space
• A way to make your network multihomed
• End user keeps address space
• Results in big routing tables
- Provider Assigned (PA)
• Assigned by ISP from ISP address space
• End user needs to renumber when changing ISP

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-14

End users always request an ISP address space from their ISP. ISPs can assign only one public
IP address or a range of IP addresses.
In the IPv6 world, ISPs typically assign /64 address space blocks of IP addresses to end users
(which is the smallest range of IP addresses that ISPs can assign) and /48, /52, or /56 address
space blocks to business users. Block sizes depend on customer needs.
Blocks of IP addresses can be as follows:
 Provider-independent address (PI address):
— Assigned by the RIR from its special address space
— A way to make your network multihomed
— End users keep their PI address space even when changing their ISP
— Results in larger global routing tables where using the PI address space decreases the
opportunity for efficient route aggregation
 End users must contract with their ISPs to obtain routing of their PI address block provider-
assigned address (PA address):
— Assigned by the ISP from the address space of the ISP
— End users need to renumber when changing their ISP

1-16 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Global Routing
Global reachability is one of the basic requirements of the modern Internet network. Reliable
routing of traffic from the source network to the destination network and back is one of most
important tasks for all ISPs. This topic describes the basic principles and routing protocols that
are used by ISPs.

• Routing is used to forward traffic from the source network to the


destination network
• Routers pass traffic between networks based on a routing table.
- The routing table is built by a routing algorithm.
• BGP (used for route distribution on the Internet)
• OSPF (used internally in the service provider core network)
• IS-IS (used internally in the service provider core network)
• The RIR has only an indirect role in the routing process.
- The RIR helps to keep the routing table at manageable sizes.
• Hierarchical structure of address space (IPv6)
• Distribute larger blocks of address space

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-15

By definition, routing is forwarding traffic from the source network to the destination network.
In small networks, the routing rules are simple, so administrators can define them easily. In
large P-networks, routing algorithms are used for building a set of best routing rules called the
routing table. When the routing table is built, the router uses this information for forwarding
traffic.
There are many routing algorithms that are developed for forming the routing table:
 BGP: This is a highly scalable exterior routing protocol that is designed for running in
large networks such as the Internet. Service providers use this protocol for exchanging
routing information.
 Open Shortest Path First (OSPF): This is an interior routing protocol that is operating
within a single AS (which is a set of networks that are operated by the same management
authority). OSPF typically is used in the core network of the service provider environment.
 Intermediate System-to-Intermediate System (IS-IS): This is an interior routing protocol
operating within a single AS. IS-IS is more popular in the service provider environment.

It is important to know that the RIR only has an indirect role in the routing process. It is trying
to keep the routing table in manageable sizes by the distribution of larger blocks of address
space that can be summarized.
The size of the IPv4 routing table is still growing very fast, which is why developers of the
IPv6 protocol defined the hierarchical structure of addressing scheme. This structure will help
to keep the IPv6 routing tables smaller.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-17


Autonomous Systems
This topic explains different types of autonomous systems.

• AS represents a group of routing prefixes (that is, list of IP addresses)


- Group of devices under a single administrative control
- Represented as a 2-Byte number
• AS information is used in the routing process
• Three types of autonomous systems
- Stub AS
• Connected to only one AS (and ISP)
• Only one connection to the Internet
- Multihomed AS
• Connected to two or more autonomous systems
• Redundant connection to the Internet
- Transit AS
• Provide connection through itself to other networks
• ISPs use transit autonomous systems

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-16

AS is set of networks that are operated by the same management authority. AS represents a
group of routing prefixes or a group of IP address blocks. AS is represented by a 2-Byte integer
number (with a maximum of 65,536 assignments) and used by a routing process. The IANA
defined AS numbers 64,512 through 65,534 to be used for private purposes. AS numbers 0,
56,320–64,511, and 65,535 are reserved by the IANA and should not be used in any routing
environment.
Autonomous systems can be grouped into three categories:
 Stub AS is connected only to one AS.
 Multihomed AS is an AS that maintains connections to two or more other autonomous
systems. This allows for a redundant connection to the Internet.
 Transit AS is an AS that provides connections through itself to other networks. ISPs use
transit autonomous systems.

1-18 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
BGP Routing Protocol
This topic introduces the BGP routing protocol.

• BGP Routing Protocol


- Basic routing protocol on the Internet
- Exchange prefix information between BGP peers
• Between autonomous systems—EBGP
• Inside one AS—IBGP
- Is multiprotocol
• Carry information for multiple protocols (such as IPv4, IPv6, multicast, and
VPN)
• Size of routing table grows very fast
- Need more memory and CPU load for processing routing table
- Route aggregation and route summarization is used

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-17

BGP is basic routing protocol on the Internet. It is used for exchanging prefix information
between BGP peers.
Peers can be as follows:
 In other autonomous systems: External Border Gateway Protocol (EBGP) peers
 Inside one AS: Internal Border Gateway Protocol (IBGP) peers
BGP is designed as a multiprotocol routing algorithm. This means that BGP can carry
information for multiple protocols such as IPv4, IPv6, multicast, VPN, and so on.
BGP is designed for huge networks such as the Internet, but because of the constant growing
size of the Internet global routing table, routers need more memory and CPU power.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-19


Multihoming
This topic describes the different types of multihoming.

• Multihoming is used to increase the reliability of the Internet connection


for an IP network.
• Multihoming customer site can have:
- Multiple connections to the same ISP
- Multiple connections to multiple ISPs

Internet Internet

ISP ISP 1 ISP 2

Customer Customer

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-18

Multihoming is a technique that is used to increase the reliability of the Internet connection for
an IP network.
Customers can establish redundant multiple connections to one ISP, but the one ISP will be a
single point of failure.
Usually, customers establish multiple connections to multiple ISPs. If one ISP is down, a
second ISP is used for traffic forwarding.

1-20 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• A network must have its own
- IP address space
- AS number
• BGP is used for routing.
• Redundant gateway routers are suggested.
• Prefixes smaller than /24 usually are filtered by the ISP.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-19

To establish a multihoming environment with two ISPs, a customer must request its own IP PI
address space and its own AS number. The customer usually starts this procedure by contacting
one of the ISPs, which requests IP parameters from the RIR.
BGP routing protocol is used for routing traffic with all ISP peers.
Customers should use redundant gateway routers to establish BGP with their ISP peers.
It is important to know that prefixes smaller than /24 usually are filtered by ISPs.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-21


• IPv6 is designed to have multiple unicast addresses per node:
- Different scopes
- Graceful renumbering
• Many nodes are expected to have multiple interfaces:
- Physical interfaces
- Pseudo interfaces to support transition mechanisms
• Sites that attach to multiple providers are expected to obtain multiple
prefixes.
• Use provider-independent addressing in the same fashion as in IPv4.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-20

IPv6 multihoming is based on some advanced features of IPv6, as follows:


 IPv6 nodes are expected to have multiple addresses and use a sophisticated source selection
algorithm to choose among them when sending a packet. The addresses will have multiple
scopes (such as interface local, unique IPv6 local unicast address, and global), and
renumbering is built into IPv6.
 Many nodes will have multiple interfaces, even nodes that are virtual tunnel interfaces,
such as those that are used for multicast or mobility functions.
 The basis for the multihoming work that is being done today is that sites are expected to
obtain their prefixes from their upstream providers; if they connect through multiple
providers, they are expected to obtain a prefix from each one. Only packets that are sourced
appropriately to the specific provider are allowed outbound via the P-network.
 Finally, you can choose to implement multihoming using BGP and PI addressing in the
same way as in IPv4—by advertising the same prefix to both service providers.

1-22 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Immediate approach
- “Multiconnecting”
• Same ISP with multiple different links
• No ISP redundancy
• Short-term approach
- PI addressing space based on AS
• From 2001:678::/29 in /48 chunks
• Rapid routing table growth!
• Long-term approaches
- Protocol-based solution
• SHIM6: Site Multihoming by IPv6 Intermediation
• LISP: Locator Identifier Separation Protocol

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-21

First, it is important to consider and analyze different IPv6 multihoming solutions to see which
mechanisms could be viable and determine how they could be positioned. These approaches are
grouped into three categories: immediate, short-term, and long-term. The definitions of the
latter two are intentionally vague, but short-term solutions should not take more than one to
three years to implement and deploy. These different categories of approaches are as follows:
 Immediate approach: Multiconnecting seems to be the only obvious way to work around
multihoming issues. Multiconnecting means connecting multiple times to a single ISP.
Multiconnecting is not generally considered a multihoming mechanism. Multiconnecting
typically is achieved by having multiple site border routers and connecting each of them to
separate routers at the ISP, usually in different locations. Host-centric multihoming and
multihoming at site exit routers also would be applicable (to an extent) immediately, if no
ISP implements ingress filtering.
 Short-term approach: PI addressing that is based on AS numbers is likely to be a short-
term solution, which is based on routing table growth estimates. The same applies to
advertising more specific routes, if done from specific allocations to make them
distinguishable. For example, PI address space for the North American region is addressed
by the American Registry for Internet Numbers (ARIN). PI address space is taken from the
2001:678::/29 IPv6 address range and is given in subnets of /48. There are concerns about
the disadvantages of this approach because the global routing table will become populated
and saturated with these prefixes over time. On the other hand, BGP is infinitely scalable,
limited only by physical memory and bandwidth, both of which are becoming cheaper over
time.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-23


 Long-term approaches: Protocol-based solutions are only long term based on
multihoming solutions:
— Site multihoming by IPv6 Intermediation (SHIM6): This IPv6-based site
multihoming solution inserts a new sublayer (shim) into the IP stack of end-system
hosts. It will enable hosts on multihomed sites to use a set of PA IP address prefixes
and switch between them without upsetting transport protocols or applications.
While it is still in draft form, SHIM6 is currently the leading site multihoming
proposal.
— Locator Identifier Separation Protocol (LISP): The basic idea behind the LISP is
that the current Internet routing and addressing architecture combines two functions:
Routing Locators (RLOCs), which describe “where” a device is attached to the
network, and Endpoint Identifiers (EIDs), which define “what” the device is in a
single numbering space, the IP address. Splitting these two functions apart, by using
different numbering spaces for RLOCs and EIDs, will yield several advantages
including improved scalability of the routing system via greater aggregation of
RLOCs.

1-24 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Summary
This topic summarizes the key points that were discussed in this lesson.

• Service providers provide services to other entities.


• ISPs provide Internet access to home and business subscribers.
• The Internet is based on the principle of global reachability, so ISPs
have to interconnect their networks.
• IXP is a point where service providers exchange traffic to reduce traffic
to upstream SPs.
• There are three types of ISPs: Tier 1, tier 2 and tier 3.
• The IANA is responsible for assigning global and unique IP parameters.
• ISPs are responsible for routing the traffic of customers to destination
networks.
• AS represents a group of routing prefixes and a group of devices under
a single administration.
• BGP is a routing protocol that is used on the Internet to exchange prefix
information.
• Multihoming is used to increase reliability of the Internet connectivity by
using redundant connections to one or more ISPs.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-22

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-25


1-26 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 2

Cisco IP NGN Architecture


Overview
Traditional provider networks (P-networks) have rapidly evolved in the last few years. P-
networks were strictly specialized in the past. Now they are growing and offering more
services. For better reliability and scalability, they had to redesign their network architecture.
Cisco IP Next-Generation Network (Cisco IP NGN) architecture helps service providers to
build modern, scalable, and reliable networks.

Objectives
Upon completing this lesson, you will be able to present a unified view of a P-network in
relation to the Cisco IP NGN. You will be able to meet these objectives:
 Describe the types of service providers and the different layers of the Cisco IP NGN
architecture model
 Describe the Cisco IP NGN application layer
 Describe the Cisco IP NGN service layer
 Describe the Cisco IP NGN infrastructure layer
 Describe core network functions
 Describe the mechanisms that are used in the core network
 Describe edge network functions
 Describe the mechanisms that are used in the edge network
 Describe aggregation network topologies and functions
 Describe two types of access networks (fixed and mobile)
 Describe access network functions
 Describe the increase in global IP traffic
 Describe how to use the unified Cisco IP NGN architecture to deliver video, mobile, and
cloud services to residences and businesses
Cisco IP NGN Architecture
This topic describes types of service providers and different layers of the Cisco IP NGN
architecture model.

Business Home office


customer Application
Service
Home user Provider

Converged network
Network
Internet Service
Provider

Home user

Application
Service
Provider

Business
customer
Home user
Home office
Business
customer

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-3

Traditional service provider (TSP) networks were very specialized in serving only one service.
There were telephony providers, mobile communications providers, cable television (CATV)
providers, ISPs, and so on.
All those service providers tended to cut their costs, improve their services, and provide more
services. Their aim was to converge all services on one common network. There were many
challenges that they had to solve:
 Telecommunications links have limited throughput (for example, ISDN is 64 kb/s). New
technologies have to be developed such as asymmetric DSL (ADSL) and very-high-data-
rate DSL (VDSL).
 Telephony is very sensitive to jitter and packet loss, which are common in the Internet
world.
 Video streams need high-throughput links.

In modern networks, all those services live within a common network infrastructure that is built
on top of an IP and Multiprotocol Label Switching (MPLS) core network. Service providers are
using different methods and new technologies (such as quality of service [QoS], Gigabit
Ethernet optic links, Carrier Ethernet services, VPNs, Cisco MPLS Traffic Engineering (Cisco
MPLS TE), and so on) to provide reliable services to their customers.

1-28 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• The Cisco IP NGN architecture is a next-generation service provider
infrastructure for video, mobile, cloud, and managed services.
• The Cisco IP NGN provides an all-IP network for services and
applications, regardless of access type.

Mobile Residential Business


Access Access Access

Application Layer

Services Layer
Mobile Video Cloud
Services Services Services

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-4

A NGN is a packet-based network that is able to provide different services to users. It uses
QoS-enabled transport technologies and provides service-related functions that are independent
of the underlying transport technology.
The NGN architecture is designed in multiple layers:
 IP infrastructure layer: This layer is responsible for providing reliable infrastructure for
running upper layer services. It is composed of the following:
— Core network
— IP Edge network
— Aggregation network
— Access network
 Services layer
 Application layer

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-29


Cisco IP NGN Application Layer
This topic describes the Cisco IP NGN application layer.

• Applications providing attractive services to users:


- Video on demand and electronic program guides
- TelePresence
- Location-based services, maps, and so on
- Interactive messaging and social networks integration

Application Layer

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-5

The application layer is the interface between the users and the services. The hardware platform
for the services layers is the servers, running front-end software, application logic, and
databases to store all user data.
This layer runs the applications on the high level. Here are a few examples:
 Set up voice or video conference sessions
 Host meetings and support collaboration software, such as electronic whiteboards
 Arrange everything to offer video on demand, such as video stores
 Arrange everything to offer the IP TV experience, such as electronic program guides
 Support e-learning
 Support location-based services (that is, based on location, finding the nearest restaurant,
gas station, or grocery store)
 Support interactive social networks integration

This is the highest layer of the Cisco IP NGN, and it fully relies on its lower layers—the
services and infrastructure layers.

1-30 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco IP NGN Service Layer
This topic describes the Cisco IP NGN service layer.

• Middle layer provides services to applications that are not limited to


networking.
• Service-layer middleware provides services to applications and utilizes
the IP infrastructure.
• Higher-level protocols provide service delivery.
• Data storage and replication services are available.
• Billing services, tracking services, and so on are available.

Services Layer
Mobile Video Cloud
Services Services Services

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-6

The services layer is the middle layer of the Cisco IP NGN architecture. The role of the
services layer is to provide an interface between the application and infrastructure layers.
The physical platforms for this layer are network devices, such as routers and appliances, and
servers. The services layer provides the following:
 Virtualization services for servers are necessary for application operation, ranging from
basic network services (such as static and dynamic Domain Name System [DNS]) to more
advanced voice and video coding, and so on.
 Protocols ensure service delivery in the form of an interface. For example, a user request to
change a channel when watching IPTV also involves the services layer that manages the
multicast stream distribution, and so on.
 Data storage and replication services ensure that all user data and databases are securely
stored.
 Billing services belong to this layer because they are needed to measure usage and charge
the customer afterward. Data that is acquired from this layer also can be used for forecasts,
trending, future business decisions, and justification or weighing of previous business
decisions.
All of these services can be divided in three major groups: mobile services, video services, and
cloud services.
Mobile services ensure that a mobile client maintains all of its connections and can be set to
respond based on the location of the mobile device. This is an enabler for location-based
services.
Video services enable the video user experience whether it is data storage for personal video
recording (PVR), video on demand, or streaming video.
Cloud services are mostly used by businesses and enable data processing and storage
consolidation at the service providers, offering a wide variety of services that are cost-efficient
for both the service provider (due to economies of scale) and the customer (lower overall
costs).
© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-31
Cisco IP NGN Infrastructure Layer
This topic describes the Cisco IP NGN infrastructure layer.

• Customer-to-provider connectivity focuses on the IP infrastructure layer


of the Cisco IP NGN.

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-7

The Cisco IP NGN infrastructure layer is an important component of the modern P-network. It
provides a reliable, high-speed, and scalable foundation of the network. End users are
connected to service providers through a customer premises equipment (CPE) device using any
possible technology. Access and aggregation network devices are responsible for enabling
connectivity between CPE and service provider edge equipment. The core network is used for
fast switching packets between edge devices.

1-32 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Core Network Functions
This topic describes core network functions.

Provides transport functions


Implemented using IP and MPLS
Core nodes interconnected with high-speed links
Design principles:
• Operational simplicity
• Highest availability of network paths
Core
• Highest scalability

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-8

The core network is the heart of the P-network. It provides transport functions for the
residential, business, mobile, and wholesale services that are defined in service provider Cisco
IP NGN architecture. Core is usually implemented using MPLS. IPv4 protocol is widely used
for interconnecting core nodes. Core nodes generally are interconnected using high-speed
optical links (such as 10 , 40, and 100 Gb/s) including IP over dense wavelength-division
multiplexing (DWDM) links.
The core design is driven by the following design principles:
 Operational simplicity: Achieved by choosing the design that is simplest to implement
and operate
 Highest availability of network paths: Achieved by building redundant paths between
core nodes
 Highest scalability

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-33


Mechanisms Used in the Core Network
This topic describes the mechanisms that are used in the core network.

Simple IGP protocol for routing in the core network


MPLS + MP-BGP
• LDP
• Multiprotocol transport
- IPv4 and IPv6 forwarding
- Private VPNs
• MPLS traffic engineering
• QoS

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-9

The design of the core network ensures high availability through the following mechanisms:
 Link state interior gateway protocol (IGP) is used for fast convergence and Shortest Path
First (SFP) algorithm tuning. Usually single area Open Shortest Path First (OSPF) is used.
 MPLS and Multiprotocol Border Gateway Protocol (MP-BGP) is used for
implementing a multiservice core and provides VPN services.
— Label Distribution Protocol (LDP) protocol is used for fast label exchange.
— Multiprotocol transport is established using MPLS and MP-BGP for the
following:
 IPv4 and IPv6 forwarding
 MPLS VPNs
— MPLS TE is used for building dynamic traffic-engineered tunnels that are based on
core network link utilization
— QoS is mandatory for enabling different classes of traffic that are running through
the core network

1-34 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Edge Network Functions
This topic describes edge network functions.

Set of network devices that do the following:


• Perform subscriber management and control
• Implement the Layer 2 or Layer 3 service edge
- Residential Internet access
- Business VPN
- Video application edge
- IP telephony application edge

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-10

The edge network is composed of a set of devices that perform subscriber management and
control functions. Billing, subscriber authentication, and subscriber authorization are crucial
functions of the edge network.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-35


Mechanisms Used in Edge Networks
This topic describes the mechanisms that are used in the edge network.

• Network access policies


- QoS and ACL
• Session control policies (such as service authorization and prepaid
service management)
• Network forwarding policies
- L2TP
- MPLS VPN tunnels
• SLA and flexible customer routing policies
• Admission control
• Multicast
- VoD and IPTV

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-11

The edge network is part of the P-network, where subscribers are managed. This is the part
where network access policies and session control policies are applied.
Subscribers are authenticated and authorized, and access control list (ACL) rules are applied to
their sessions. The edge network is also a suitable place for performing billing and prepaid
service management.
Using QoS functionality and admission control, service providers assure a service level
agreement (SLA) and uninterrupted service deployment.
When providing video services such as VoD and IPTV, multicast has to be configured in the
edge network.
MPLS VPN tunnels and Layer 2 Tunneling Protocol (L2TP) tunnels are used for establishing
VPNs for business subscribers.

1-36 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Aggregation Networks
This topic describes aggregation network topologies and functions.

Aggregation network comprises the following:


• Aggregation nodes
• Distribution nodes

Two basic types of physical topologies:


• Ring topology
• Hub-and-spoke topology

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-12

The MPLS and IP aggregation network is composed of aggregation and distribution nodes that
are deployed in various physical topologies such as ring topology and hub-and-spoke topology.
The aggregation node implements an intermediate aggregation and multiplexing layer between
the access network and the core network.
The distribution node is a demarcation point between the aggregation network and the service
edge network.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-37


• Advanced Ethernet services functions
- Classification of traffic
- Security features (such as ACLs, broadcast storm control, IP source guard,
and so on)
- DiffServ QoS policies
- Pop, push, and swap 802.1Q and QinQ tags
• Carrier Ethernet aggregation and transport functions
- MPLS and IP, IGP and LDP, and MPLS TE
- Layer 2 transport (that is, TDM, ATM, and AToM)
- Layer 3 transport (that is, IP unicast, multicast, and MPLS VPN)
• Demarcation point between the aggregation network and edge network

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-13

This figure lists aggregation network functions.


 Advanced Ethernet services functions that are based on the following:
— Classification of traffic
— Security features (such as ACLs, broadcast storm control, IP source guard and so on)
— Differentiated services QoS (DiffServ QoS) policies
— Pop, push, and swap IEEE 802.1Q and queue-in-queue (QinQ) tags
 Carrier Ethernet aggregation and transport functions that are based on the following:
— QoS is mandatory for enabling different classes of traffic running through the core
network
— MPLS and IP, IGP and LDP, and MPLS TE
— Layer 2 transport (that is, time-division multiplexing [TDM], ATM, and Any
Transport over MPLS [AToM])
— Layer 3 transport (that is, IP unicast, multicast, and MPLS VPN)
 Demarcation point between the aggregation network and edge network

1-38 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Access Layer
This topic describes two types of access networks (fixed and mobile).

Access network comprises the following:


• Fixed access network nodes
- DSL nodes (for residential and business)
• ADSL, ADSL2+, and VDSL
- PON nodes (for residential and business)
• GPON and EFM-PON
- Ethernet access nodes
• 802.1Q bridging
• Mobile access network nodes
- Cell site gateway (CSG)
• Supports 2G, 3G, and 4G mobile RAN
• Connected trough TDM, SDH, and SONET
- Packet microwave transport

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-14

This figure lists access networks.


 Fixed access network nodes
— DSL nodes (for residential and business)
 ADSL, ADSL2+, and VDSL
— Passive optical network (PON) nodes (for residential and business)
 Gigabit passive optical network (GPON) and Ethernet First Mile-PON (EFM-
PON)
— Ethernet access nodes
 802.1Q bridging
 Mobile access network nodes
— Cell site gateway (CSG)
 Supports second-generation (2G), third-generation (3G), and fourth-generation
(4G) mobile Radio Access Network (RAN)
 Connected trough TDM, SDH, and SONET
— Packet microwave transport

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-39


Access Network Functions
This topic describes access network functions.

• Subscriber isolation
• Subscriber line identification
• IGMP snooping
• Support for TV broadcast
• 802.1p classification
• ACLs, MAC filters, and BPDU filters

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-15

This figure lists important access network functions.


 Subscriber isolation
 Subscriber line identification
 Internet Group Management Protocol (IGMP) snooping
 Support for TV broadcast
 IEEE 802.1p classification
 ACLs, MAC filters, and bridge protocol data unit (BPDU) filters

1-40 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Global IP Traffic Trends
This topic describes the increase in global IP traffic.

• By 2015, global IP traffic will reach an annual run rate of 966 exabytes
per year
- 966 exabytes is equal to 8 times more than all IP traffic that was generated in
2008 (totaling 121 exabytes)
• What is a zettabyte?
- One sextillion bytes
- Approximately 10 to the 21st power (1,000,000,000,000,000,000,000) bytes

Exabytes/mo
20.1
EB/mo

2010 2011 2012 2013 2014 2015

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-16

It is anticipated that 966 exabytes will cross global IP networks in 2015. This is eight times
more than all of the IP traffic that was generated just a few years ago, in 2008. If you can
imagine the equivalent of 28 million DVDs that are downloaded every hour, this is the traffic
level that global IP networks will support in 2015.
Global IP traffic will increase fourfold from 2010 to 2015 with a compound annual growth rate
of 32 percent during this period. By 2015, it is expected that global IP traffic will reach about
81 exabytes per month. This amount of monthly traffic is equivalent to about 20 billion DVDs,
19 trillion MP3s, or 500 quadrillion text messages—a staggering amount of traffic.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-41


VoIP
• More devices 70,000
Online Gaming
- Nearly 15 billion connections
60,000 Web Data
• More Internet users
File Sharing
- 3 billion Internet users

Pet bytes / Month


50,000 Internet Video
• Faster broadband speeds
40,000
- Fourfold speed increase
• More rich media content 30,000
- 1 million video minutes per
20,000
second
10,000

0
2010 2011 2012 2013 2014 2015

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-17

The key IP traffic drivers remain consistent, but each is evolving in new and interesting ways.
More networked devices and connections: By 2015, it is forecast that there will be nearly 15
billion fixed and mobile networked devices and machine-to-machine connections. This is more
than two devices for every person on earth by 2015 because the United Nations projects that
there will be 7.2 billion people by 2015. There is a plethora of new and enhanced devices, from
tablets and smart phones to web-enabled TVs and multifunction gaming consoles that
residential, mobile, and business users are adopting and using more.
More users: As fixed and mobile networks grow and expand, more of the world population
will have network and Internet access. By 2015, there will be 3 billion Internet users.
Faster fixed broadband speeds: More network speed leads to more high-bandwidth
computing and network usage because you have a better, more efficient experience. It is
expected that fixed broadband speeds will grow fourfold from 2010 to 2015—from a global
average of 7 to 28 Mb/s.
Rich media and video to dominate online experiences: Every second, 1 million minutes of
video content will cross the global network in 2015.

1-42 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
One Architecture for All Services
This topic shows using the unified Cisco IP NGN architecture to deliver video, mobile, and
cloud services to residences and businesses.

• A unified IP NGN that delivers video, mobile, and cloud services

Service Provider Services Third-Party


and Content Services and Content

National IP National
Data Center, Inter-Data Center Inter-Data Center Data Center,
Cloud, and VHO Core Cloud, and VHO

Regional Regional
Data Center Edge Data Center
INNOVATE and VSO and VSO

MONETIZE Aggregation

Business
OPTIMIZE

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-18

Many of the benefits of the Cisco IP NGN architecture stem from the ability to deliver an
integrated, multidirectional network, where every element—from the core to the edge and all of
the way to the customer—is linked to the data center and orchestrated to work together.
The Cisco IP NGN is uniquely designed to manage video, mobile, and cloud services and, most
importantly, to integrate these three elements so that service providers can offer customers a
high-quality, plentiful experience across the full range of services and deliver these services to
a wide variety of devices.
These technology innovations enable service innovations and bring extra value to the service
provider business by helping you to attract new partners and deliver new business models that
influence service profitability.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-43


• The strategy to maximize service revenue and minimize subscriber
turnover is to offer a complete set of bundled triple-play services to
residential subscribers:
- Voice
- High-speed Internet
- Broadcast TV and video on demand (VoD)
• Bundled services are offered at attractive price points to encourage
subscribers to purchase all services from a single provider.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-19

A popular strategy to maximize service revenue and minimize subscriber turnover is to offer a
complete set of bundled triple-play services to residential subscribers that include the
following:
 Voice
 High-speed Internet
 Broadcast TV and VoD

Bundled services are offered at attractive price points to encourage subscribers to purchase all
services from a single provider. Multimedia service integration is an important factor for IP
convergence in the network. Voice services are delivered using VoIP, and video services are
delivered using IPTV and IP VoD. To accommodate triple-play services, it is vital that the
network is able to scale to tens and even hundreds of gigabits per second.
Large traffic growth is expected to result from a steady increase in demand for VoD and high-
definition content that is delivered over both IPTV multicast and VoD unicast connections. To
support this ongoing trend, the Cisco IP NGN Carrier Ethernet Design effectively scales video
transport from 1 to 10 Gb/s at line rate, evolving to 100 Gb/s and beyond, while greatly
increasing the total number of supported multicast groups and broadcast TV channels.

1-44 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Business subscribers are an important segment of many service
provider customer bases.
• The main business services that must be provided by the network today
are the following:
- MPLS VPN
- Carrier Ethernet connectivity
- Managed services
• Business services typically provide secure bandwidth with dedicated
quality of service (QoS).

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-20

Business subscribers are an important segment of many service provider customer bases. The
main business services that must be provided by the network today are the following:
 MPLS VPN
 Carrier Ethernet connectivity
 Managed services
Carrier Ethernet connectivity services have been defined by the Metro Ethernet Forum (MEF)
to include Ethernet Line (E-Line), Ethernet LAN (E-LAN), and Ethernet Tree (E-Tree) service
types, which are defined as follows:
 MPLS VPN
 E-Line is based on a point-to-point Ethernet Virtual Connection (EVC). Two E-Line
services are defined:
— Ethernet Private Line (EPL): A very simple and basic point-to-point service that is
characterized by low frame delay, frame delay variation, and frame loss ratio. No
service multiplexing is allowed, and other than a committed information rate (CIR),
no class of service (CoS) (or bandwidth profiling) is allowed,
— Ethernet Virtual Private Line (EVPL): A point-to-point service wherein service
multiplexing (that is, more than one EVC) is allowed. The individual Ethernet
virtual circuits can be defined with a rich set of bandwidth profiles and Layer 2
control protocol processing methods as defined by the MEF.
 ELAN is based on a multipoint-to-multipoint EVC. Service multiplexing (that is, more
than one Ethernet virtual circuit at the same User-Network Interface [UNI]) is permitted as
is the rich set of performance assurances that are defined by the MEF such as CIR with an
associated committed burst size (Bc) and excess information rate (EIR).
 E-Tree is a point-to-multipoint ELAN service in which the spoke “leaves” can
communicate with the hub or “root” location but not with each other. A typical application
for E-Tree is in franchise operations.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-45


Business services typically provide secure bandwidth with dedicated QoS. This can be done
either at Layer 3 using an MPLS VPN2 or directly over Ethernet using a Layer 2 Carrier
Ethernet service. Additionally, many businesses favor outsourcing management of WAN
routers and firewalls to the service provider. The Carrier Ethernet network must be able to offer
all of these services with secure and dedicated bandwidth.

1-46 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Video services consist of broadcast IPTV and VoD.
• Video can contribute large revenue to a service provider.
• Unlike Internet traffic, video traffic is intolerant of delays, packet loss,
and network outages.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-21

One of the most challenging and important services that are carried over the Cisco IP NGN
Carrier Ethernet network is video. Video services consist of broadcast IPTV and VoD. Both of
these services can carry either standard-definition or high-definition content. Video is important
because it can contribute large revenue to a service provider. It is challenging because of the
quantity of stream-oriented traffic that is generated. Unlike Internet traffic, video traffic is
intolerant of delays, packet loss, and network outages. Packet loss ratios that are greater than
10–6 and outages greater than 2–3 seconds can seriously compromise video quality.
As part of its IP NGN Carrier Ethernet Design, Cisco has a comprehensive solution for
delivering high-quality and high-availability IPTV and VoD. The core benefits of the Cisco IP
NGN video-delivery solution include the following:
 Layer 3 video distribution has enhanced Protocol Independent Multicast-Source Specific
Multicast (PIM-SSM) and IGMP, providing consistent subsecond convergence and
recovery from all types of failure scenarios. PIM is a highly scalable and robust protocol
that is proven in large multicast networks.
 Both IPTV and VoD are controlled by a robust Cisco Integrated Video Admission Control
(Cisco VCAC) solution that monitors network topology changes and traffic and provides
throttling of video admission if necessary. This solution prevents network meltdowns that
could be caused by allowing video traffic to exceed network capacity.
 The Cisco IP NGN video-delivery solution supports rapid channel change that reduces
channel-change times from several seconds to less than 1 second by initiating video
streams in less than 100 ms after a request is made.
 The Cisco Video Assurance Management Solution (Cisco VAMS) provides real-time,
centralized monitoring for broadcast video transport. It monitors video streams in real time
and sends proactive alerts to service providers if picture quality is degraded, enabling them
to determine the cause of the degradation and correct it before call centers are
overwhelmed. In addition, the Cisco VAMS maintains and tracks the dynamic mapping of
video channels to multicast addresses, giving service providers a means to easily pinpoint
issues with video quality anywhere in their network.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-47


Summary
This topic summarizes the key points that were discussed in this lesson.

• The Cisco IP NGN is a packet-based network that provides different


services to users and is comprised of three layers.
• The application layer is the interface between the users and the
services.
• The service layer is the interface between the application and
infrastructure layers.
• The IP infrastructure layer provides a reliable, high-speed, and scalable
foundation of the network.
• Core network provides transport functions and is implemented using IP
and MPLS.
• Mechanisms that are used in the core network are link state IGP, MP-
BGP and MPLS.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-22

• The edge network is composed of a set of devices that perform


subscriber management and control functions.
• Network access policies, session control policies, network forwarding
policies, admission control and multicast are mechanisms that are used
in the edge network.
• The aggregation layer implements an intermediate aggregation and
multiplexing layer between the access network and the core network.
• Access network comprises of fixed and mobile network nodes.
• Subscriber isolation is a function of the access network.
• Modern networks have to be ready for the anticipated growth of IP
traffic.
• Cisco IP NGN is designed to provide one architecture for video, mobile
and cloud services and is ready for growth of IP traffic.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-23

1-48 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 3

Cisco Hardware Platform


Placement
Overview
This section describes Cisco devices that are used in the service provider environment.
Different routing and switching platforms are described and placed in different parts of the
service provider Next-Generation Network (NGN) architecture.

Objectives
Upon completing this lesson, you will be able to describe which hardware platform fits in
which part of a provider network (P-network). You will be able to meet these objectives:
 List Cisco device placement and operation systems
 Show the core network layer within the IP NGN architecture
 Describe the CRS-1 and CRS-3
 Describe the Cisco 12000 Series Routers
 Show the Cisco IP NGN edge and aggregation network layers within the IP NGN
architecture
 Describe the Cisco ASR 9000 Series Routers
 Describe the Cisco 7600 Series Routers
 Describe the Cisco ASR 1000 Series Routers
 Describe the components of the Cisco 7200 Series Routers
 Describe the Cisco ME 3800 Series Switches
 Show the Cisco IP NGN access network layer within the IP NGN architecture
 Describe the Cisco Integrated Services Routers Generation 2
 Describe the Cisco 3900 Series ISR G2
 Describe the Cisco 2900 Series ISR G2
 Describe the Cisco 1900 Series ISR G2
 Describe the Cisco Mobile Wireless Router 2941 ISR G2
 Describe the Cisco ME 4924-10GE Switches
 Describe the Cisco 3600X Series Switches
 Describe the Cisco ME 3400E Series Switches
Cisco Hardware Platform Placement
This topic lists Cisco device placement and operating systems.

Product Function Placement Operating


system
CRS Core router Core IOS XR
12000 Series Core router Core and edge IOS / IOS XR
ASR 9000 Edge router Edge and core IOS XR
ASR 1000 Edge router Edge IOS XE
7600 Series Edge router, service Edge IOS
router
7200 Series Edge router, high- Edge, customer edge IOS
end CPE
ISR Series CPE Customer edge IOS
ME 3800X Series Aggregation switch Aggregation IOS
ME 4900 Series Aggregation switch Aggregation, access IOS
ME 3600X Series Access switch Access IOS
ME 3400E Series Access switch Access IOS
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-4

1-50 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Product Function Placement Operating
system
SCE Series Traffic inspection Edge SCOS
uBR Series CMTS Edge, aggregation IOS
AS5000 Series Access Server Edge, aggregation IOS
6000 Series DSLAM Edge, aggregation IOS
ASR 901 Aggregation router Edge, aggregation IOS
and switch
ASR 903 Aggregation router Edge, aggregation IOS XE
and switch

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-5

Note: CMTS = cable modem termination system; DSLAM = DSL access multiplexer; and
SCOS = Service Control Operating System.
More on Cisco routers and switches will be described later in this lesson. Reference only pages
listing the Cisco devices and their characteristics that are meant for your reference only.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-51


Cisco IP NGN Core Network
This topic shows the core network layer within the IP NGN architecture.

• Cisco routers in the core network

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-6

1-52 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco Carrier Routing System (CRS-1 and CRS-3)
This topic describes the CRS-1 and CRS-3.

Cisco CRS-1
• First generation of a Next-Generation Network (NGN) high-speed core
router
• New hardware:
- Fully distributed
- All features supported at line speed
• New operating system—Cisco IOS XR:
- Modular
- Designed for high availability
- Consistent CLI

Cisco CRS-3
• Upgraded version of CRS-1 with 3.5 times better performance

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-7

The Cisco Carrier Routing System (CRS-1) is composed of high-performance routers that are
used in service provider core environments:
 First generation of a NGN high-speed core router
 New hardware:
— Fully distributed
— All features that are supported at line speed
 New operating system—Cisco IOS XR Software:
— Modular
— Designed for high availability
— Consistent CLI
— A package-based software distribution model
— Cisco IOS In-Service Software Upgrade (Cisco IOS ISSU)
— Two-stage configuration commit process
The Cisco CRS-3 is an upgraded version of the Cisco CRS-1 with 3.5 times better performance.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-53


• Route processor (RP)
- Provides processing power
- Additional RPs can be installed if more
processing power is needed
• Physical layer interface module (PLIM)
- Provides Layer 2 interface capabilities
- May be replaced with different PLIM to meet
interface type requirements
• Modular Service Card (MSC)
- Independent of the PLIM
- Provides processing support for the PLIM
• Switch Fabric Module (SFM)
- Shipped with the chassis
- Different for each platform

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-8

CRS-1 is built in a modular architecture. The most important components of CRS-1 are as
follows:
 Route processor (RP):
— Provides processing power
— Additional RPs can be installed if more processing power is needed
 Physical layer interface module (PLIM):
— Provides Layer 2 interface capabilities
— May be replaced with a different PLIM to meet interface type requirements
 Modular Service Card (MSC):
— Independent of the PLIM
— Provides processing support for the PLIM
 Switch Fabric Module (SFM):
— Shipped with the chassis
— Different for each platform

1-54 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
(Reference only)
• Full-size, shelf-contained enclosure
- Does not need separate mounting rack
• 16 PLIM and MSC pairs
- PLIMs are installed in the front side
- MSCs are installed in the back side
• 8 SFM cards
• Separate redundant fan and alarm controllers
• Ability to set up a multishelf system
• Maximum forwarding rate
- 1.2 Tb/s for CRS-1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-9

The 16-slot CRS-1 is the most powerful model in CRS-1 family:


 Full-size, shelf-contained enclosure, which means it does not need a separate mounting
rack
 16 PLIM and MSC pairs: PLIMs are installed in the front side, while MSCs are installed in
the back side
 8 SFM cards
 Separate redundant fan and alarm controllers
 Ability to set up a multishelf system
 Maximum forwarding rate is 1.2 Tb/s for CRS-1

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-55


(Reference only)
• Half-size chassis
• 8 PLIM and MSC pairs
- PLIMs are installed in the front side
- MSCs are installed in the back side
• 4 half-size SFM cards
• The RP manages alarm and fan control
• Maximum forwarding rate
- Up to 640 Gb/s for CRS-1
- Up to 2.24 Tb/s for CRS-3

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-10

The 8-slot CRS-1 has the following characteristics:


 Half-size chassis
 8 PLIM and MSC pairs: PLIMs are installed in the front side, while MSCs are installed in
the back side
 4 half-size SFM cards
 The RP manages alarm and fan control
 Maximum forwarding rates are as follows:
— Up to 640 Gb/s for CRS-1
— Up to 2.24 Tb/s for CRS-3

1-56 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
(Reference only)
• Half-size chassis
• 4 PLIM and MSC pairs
• PLIMs and MSCs are installed in the front side
• 4 half-size SFM cards (installed in the back
side)
• The RP manages alarm and fan control
• Maximum forwarding rate
- Up to 320 Gb/s for CRS-1
- Up to 1.12 Tb/s for CRS-3

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-11

The 4-slot CRS-1 has the following characteristics:


 Half-size chassis
 4 PLIM and MSC pairs, both of which are installed in the front side
 4 half-size SFM cards (installed in the back side)
 The RP manages alarm and fan control
 Maximum forwarding rates are as follows:
— Up to 320 Gb/s for CRS-1
— Up to 1.12 Tb/s for CRS-3

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-57


(Reference only)
• From 2 to 72 line card chassis (LCC)
• From 1 to 8 fabric card chassis (FCC)
• Highly scalable
- Up to 1152 line cards
- Maximum data rate of 92 Tb/s
• In LCCs, S123 type SFMs are replaced
with S13 type SFMs
• FCCs comprise the following:
- Up to 24 S2 type SFMs in the front
- Up to 24 OIM cards in the back for
connectivity with S13 cards in the LCCs
• Switch fabric optical cables have a
distance limit of 328 feet (100 m)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-12

The multishelf CRS-1 has the following characteristics:


 From 2 to 72 line card chassis (LCC)
 From 1 to 8 fabric card chassis (FCC)
 Highly scalable as it can contain up to 1152 line cards with a maximum data rate of 92 Tb/s
 In LCCs, S123 type SFMs are replaced with S13 type SFMs
 FCCs comprise the following:
— Up to 24 S2 type SFMs in the front
— Up to 24 Optical Interface Module (OIM) cards in the back for connectivity with
S13 cards in the LCCs
 Switch fabric optical cables have a distance limit of 328 feet (100 m)

1-58 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco 12000 Series Routers
This topic describes the Cisco 12000 Series Routers.

• Gigabit switch router


• Cisco IOS and IOS XR
• Up to 1.28 Tb/s switching capacity (wire speed)
• Fully redundant hardware
- Fabric card redundancy
- RP redundancy
- Power supply redundancy
• Field-upgradable fabric cards

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-13

Cisco 12000 Series Routers or gigabit switch routers (GSRs) are high-performance routers with
1.28-Tb/s wire-speed switching capacity.
Cisco IOS or IOS XR Software can be used as the operating system for GSR routers.
GSR hardware is designed to be highly redundant with the following:
 Fabric card redundancy
 RP redundancy
 Power supply redundancy

GSR routers are also very scalable. There are field-upgradable fabric cards that you can use
when you have to extend the switching capacity of your GSR.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-59


(Reference only)
• Full-size chassis
• Models:
- Cisco 12016 (80 Gb/s)
- Cisco 12416 (320 Gb/s)
- Cisco 12816 (1.28 Tb/s)
• Up to 40 Gb/s per slot with full-duplex throughput
• One or two route processors
• 3 switch fabric cards (SFCs)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-14

The 16-slot GSR is the most powerful GSR chassis. It fits in a standard 19-inch rack. Its height
depends on the power supply that is used (from 71.5 to 79.11 inches).
There are three different models of the 16-slot GSR with different switch fabric cards (SFCs)
that are installed:
 Cisco 12016 Router (with 80-Gb/s throughput)
 Cisco 12416 Router (with 320-Gb/s throughput)
 Cisco 12816 Router (with 1.28-Tb/s throughput)

Each line card has up to 40-Gb/s, full-duplex throughput to the SFC. The chassis is built fully
redundant and can run with two RPs and three SFCs.

1-60 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
(Reference only)
• Half-size chassis
• Models:
- Cisco 12010 (50 Gb/s)
- Cisco 12410 (200 Gb/s)
- Cisco 12810 (800 Gb/s)
• Up to 40 Gb/s per slot with full-duplex throughput
• One or two route processors
• 5 switch fabric cards (SFCs)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-15

The 10-slot GSR is a half-size chassis (21 rack units [RUs]). There are three models with
different throughputs:
 Cisco 12010 Router (with 50-Gb/s throughput)
 Cisco 12410 Router (with 200-Gb/s throughput)
 Cisco 12810 Router (with 800-Gb/s throughput)

Each line card has up to 40-Gb/s, full-duplex throughput to the SFC. The chassis is built fully
redundant and can run with two RPs and five SFCs.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-61


(Reference only)
• One-quarter, rack-size chassis—6 slot
• Models:
- Cisco 12006 (30 Gb/s)
- Cisco 12406 (120 Gb/s)
• Up to 10 Gb/s per slot with full-duplex throughput
• One or two route processors
• 3 switch fabric cards (SFCs)

• 1/8, rack-size chassis—4 slot


• Models:
- Cisco 12404 (80 Gb/s)
• Up to 10 Gb/s per slot with full-duplex throughput
• One or two route processors
• 1 switch fabric card (SFC)
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-16

There are two 6-slot (one-quarter, rack-size chassis) GSR models:


 Cisco 12006 (with 30-Gb/s throughput)
 Cisco 12406 (with 120-Gb/s throughput)

They provide up to 10 Gb/s per slot with full-duplex throughput and can have one or two RPs
and three SFCs.
There is also a 4-slot (1/8, rack-size chassis) GSR model, the Cisco 12404 (with 80-Gb/s
throughput). It provides up to 10 Gb/s per slot with full-duplex throughput and can have one or
two RPs and one SFC.

1-62 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco IP NGN Edge and Aggregation Networks
This topic shows the Cisco IP NGN edge and aggregation network layers within the IP NGN
architecture.

• Cisco routers and switches in the edge and aggregation network

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-17

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-63


Cisco ASR 9000
This topic describes the Cisco ASR 9000 Series Routers.

• Increased power and simplicity to the edge of the provider network


• Fully distributed system
- Packet forwarding decisions take place on individual line cards
- Line cards equipped with highly specialized network processors
• Redundant hardware
- Route Switch Processor
- Switching fabric
- Fans
- Power supply
• Modular operating system
- Cisco IOS XR is used
- Microkernel with additional modules
- Nonstop operation during image upgrade and module changes

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-18

The Cisco Aggregation Services Router (ASR) 9000 Series is used as the edge router in large
P-networks. It can be also used as the core router in smaller P-networks.
The Cisco ASR 9000 Series is a fully distributed system with packet forwarding decisions that
take place on individual line cards, and line cards that are equipped with highly specialized
network processors.
The Route Switch Processor (RSP), switching fabric, fans, and power supply are all redundant.
The Cisco ASR 9000 Series runs a modular operating system with Cisco IOS XR Software and
microkernel with additional modules, and it provides nonstop operation during image upgrade
and module changes.

1-64 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Route Switch Processor (RSP)
- Performs control plane and management functions
- Dual core CPU processor with 4-GB DRAM
- Dual out-of-band 10/100/1000 management interface
• Switch Fabric
- Fabric is logically separate from line card and RSP
- Physically resides on RSP
• Cisco ASR 9922 Router has separated SF and RP
- Operates separately from RSP function
• Line Card Support
- 40/100/160-Gb/s line rate
- Scalable architecture
- Base and extended memory options

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-19

Most important, the Cisco ASR 9000 components are as follows:


 RSP
— Performs control plane and management functions
— Dual core CPU processor with 4-GB DRAM
— Dual out-of-band 10/100/1000 management interface
 Switch fabric
— Fabric is logically separate from the line card and RSP
— Physically resides on the RSP
 Cisco ASR 9922 Router has separated switch fabric and RP
— Operates separately from RSP function
 Line card support
— 40-, 100-, and 160-Gb/s line rate
— Scalable architecture
— Base and extended memory options

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-65


(Reference only)
• 43 RUs high
• 22 slot (20 line card slots)
• RSPs segregated into RP and Fibre Channel
- 6+1 redundant Fibre Channels
- 2 RPs
• Airflow: front to back

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-20

Some technical characteristics of the Cisco ASR 9922 follow:


 43 RUs high
 22 slot (20 line card slots)
 RSPs segregated into the RP and Fibre Channel
— 6+1 redundant Fibre Channels
— 2 RPs
 Airflow: front to back

1-66 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
(Reference only)
• 21 RUs high
• 10 slot (8 line card slots)
• Dual redundant RSPs
- One switch fabric per RPS
• Airflow: front to back

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-21

Some technical characteristics of the Cisco ASR 9010 Router follow:


 21 RUs high
 10 slot (8 line card slots)
 Dual redundant RSPs
— One switch fabric per redundant power supply (RPS)
 Airflow: front to back

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-67


(Reference only)
• 10 RUs high
• 6 slot (4 line card slots)
• Dual redundant RSPs
- One switch fabric per RPS
• Airflow: front to back

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-22

Some technical characteristics of the Cisco ASR 9006 Router follow:


 10 RUs high
 6 slot (4 line card slots)
 Dual redundant RSPs
— One switch fabric per RPS
 Airflow: front to back

1-68 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
(Reference only)
• 1 RU high
• 44 SFP-based ports (1 Gb/s)
• 4 SFP+-based, 10-Gb/s ports
• Functions as a remote line card
- Maximum 80 km away from host ASR 9000 and ASR 9900
- Cisco Network Virtualization (nV) Technology

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-23

The Cisco ASR 9000v Series functions as remote line cards for the Cisco ASR 9000 or ASR
9900 Series, which, taken as a whole, form a distributed modular ASR system. This
architecture enables physical topologies with the flexibility and benefits of both colocated and
remote deployments.
The Cisco ASR 9000v Series is a compact and operationally simple, yet highly scalable and
flexible, platform that is optimized for delivering advanced Carrier Ethernet services such as
Ethernet Private Lines (EPLs), VPN, multicast, and many other capabilities for business,
residential, mobile backhaul, data center, and video services. Its unique Cisco Network
Virtualization (nV) technology is designed to scale, simplify, and enhance service-delivery
networks.
Some technical characteristics of the Cisco ASR 9000v Router follows:
 1 RU high
 44 small form-factor pluggable (SFP)-based ports (1 Gb/s)
 4 small form-factor pluggable plus (SFP+)-based, 10-Gb/s ports
 Function as a remote line card
— Maximum 80 km away from the host Cisco ASR 9000 and ASR 9900 Series
— Cisco nV technology

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-69


Cisco 7600 Series Routers
This topic describes the Cisco 7600 Series Routers.

• Edge service provider and core enterprise router


• High-performance service delivery
• Up to 720-Gb/s crossbar switch fabric (using RSP720-10 Gigabit
Ethernet)
- 40 Gb/s of switching fabric capacity per slot
• Forwarding rate of up to 400 mpps
• Redundancy
- Redundant supervisor
- Redundant power supply

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-24

Cisco 7600 Series Routers are edge service provider and core enterprise routers. Here are some
Cisco 7600 Series Routers features:
 Run on Cisco IOS operating system
 High-performance service delivery
 Up to 720 Gb/s crossbar switch fabric (using RSP720-10 Gigabit Ethernet)
— 40 Gb/s of switching fabric capacity per slot
 Forwarding rate of up to 400 mpps
 Redundancy
— Redundant supervisor
— RPS

1-70 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
(Reference only)
• Cisco 7603 and 7603-S Routers
- 4 RUs
- 3 line card slots
- 96-mpps forwarding
- 240-Gb/s backplane capacity

• Cisco 7604 Router


- 5 RUs
- 4 line card slots
- 144-mpps forwarding
- 320-Gb/s backplane capacity

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-25

Cisco 7600 Series Routers are modular routers that came in different sizes. In the next two
pages, different 7600 Series Routers models are introduced.
The Cisco 7603 and 7603-S Routers are the smallest routers in the 7600 Series Routers. Here
are some technical characteristics of those routers:
 4 RUs
 3 line card slots
 96-mpps forwarding
 240-Gb/s backplane capacity

Here are some technical characteristics of the Cisco 7604 Router:


 5 RUs
 4 line card slots
 144-mpps forwarding
 320-Gb/s backplane capacity

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-71


(Reference
only)
• Cisco 7606 and 7606-S Routers
- 7 RUs
- 6 line card slots
- 420-mpps forwarding
- 480-Gb/s backplane capacity

• Cisco 7609 and 7609-S Routers


- 21 RUs
- 9 line card slots
- 400-mpps forwarding
- 720-Gb/s backplane capacity

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-26

Here are some technical characteristics of the Cisco 7606 and 7606-S Routers:
 7 RUs
 6 line card slots
 420-mpps forwarding
 480-Gb/s backplane capacity

Here are some technical characteristics of the Cisco 7609 and 7609-S Routers:
 21 RUs
 9 line card slots
 400-mpps forwarding
 720-Gb/s backplane capacity

1-72 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
(Reference
only)
• Cisco 7613 Router
- 19 RUs
- 13 line card slots
- 400-mpps forwarding
- 720-Gb/s backplane capacity

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-27

The Cisco 7613 Router is the most powerful router from the 7600 Series Routers. Here are
some technical characteristics of this router:
 19 RUs
 13 line card slots
 400-mpps forwarding
 720-Gb/s backplane capacity

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-73


Cisco ASR 1000 Router
This topic describes the Cisco ASR 1000 Series Routers.

• Midrange edge and aggregation services router


• Cisco QuantumFlow Procesor for high performance
- Wire speeds from 2.5 to 40 Gb/s
- Process security and QoS services
• Separation of control and data planes
• Modular operating system
- Cisco IOS XE

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-28

The Cisco ASR 1000 Series Aggregation Services Routers are midrange edge and aggregation
services routers. For high performance, the Cisco QuantumFlow Processor is used. Quality of
service (QoS) and security services are processed in hardware in wire speeds from 2.5 to
40 Gb/s.
The Cisco ASR 1000 Series has separated the control and data planes. Cisco IOS XR Software
is used as the Cisco ASR 1000 Series operating system.

1-74 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Route processor (RP)
- Performs control plane and management functions
- Address route-processing requirements
- First (RP1) and second (RP2) generation
- Field-replaceable and hot-swappable
• Embedded Services Processor (ESP)
- Centralized forwarding engine
- Responsible for data-plane processing tasks
• Shared port adapter (SPA) and SPA Interface Processor (SIP)
- Programmable interface processors
• Integrated daughter card (IDC)
- Cisco ASR 1001
- Additional I/O connectivity or an integrated hard disk drive

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-29

Basic components of the Cisco ASR 1000 Series are the following:
 RP:
— Performs control plane and management functions
— Address route-processing requirements
— First (RP1) and second (RP2) generation
— Field-replaceable and hot-swappable
 Embedded Services Processor (ESP)
— Centralized forwarding engine
— Responsible for data-plane processing tasks
 Shared port adapter (SPA) and SPA Interface Processor (SIP)
— Programmable interface processors
 Integrated daughter card (IDC)
— Cisco ASR 1001
— Additional I/O connectivity or an integrated hard disk drive

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-75


(Reference only)
• 2.5-Gb/s throughput (upgradable up to 5 Gb/s)
• 4 10/100/1000 ports
• Different integrated daughter cards
• Integrated SIP
• Integrated RP

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-30

The Cisco ASR 1001 Router is the smallest member of the Cisco ASR 1000 Series family.
Here are some technical characteristics of this router:
 2.5-Gb/s throughput (upgradable up to 5 Gb/s)
 4 10/100/1000 ports
 Different IDCs
 Integrated SIP
 Integrated RP

1-76 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
(Reference only)
• 5-Gb/s throughput (upgradable up to 10 Gb/s)
• 4 10/100/1000 ports (fixed)
• Integrated SIP
• Integrated RP

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-31

The Cisco ASR 1002 Router came in fixed and modular versions.
The fixed router comes in a 2-RU form factor with the following:
 Integrated RP (RP1)
 Integrated ESP (ESP-2.5G)
 Integrated SIP (SIP10)
 4 built-in Gigabit Ethernet ports

The modular router also comes in a 2-RU form factor with the following:
 Integrated RP
 Integrated SIP
 3 SPA slots
 5- or 10-Gb/s ESP
 4 built-in Gigabit Ethernet ports

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-77


(Reference only)
Cisco ASR 1004 Router
• 10-Gb/s throughput (upgradable up to 20 Gb/s)
• ASR-1000-SIP10
• ASR1000-RP1 or ASR1000-RP2
- Software redundancy
Cisco ASR 1006 Router
• 10-Gb/s throughput (upgradable up to 40 Gb/s)
• ASR-1000-SIP10 or ASR-1000-SIP40
• ASR1000-RP1 or ASR1000-RP2
- Hardware redundancy

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-32

Here are some technical characteristics of the Cisco ASR 1004 Router:
 10-Gb/s throughput (upgradable up to 20 Gb/s)
 ASR-1000-SIP10
 ASR1000-RP1 or ASR1000-RP2
— Software redundancy
Here are some technical characteristics of the Cisco ASR 1006 Router:
 10-Gb/s throughput (upgradable up to 40 Gb/s)
 ASR-1000-SIP10 or ASR-1000-SIP40
 ASR1000-RP1 or ASR1000-RP2
— Hardware redundancy

1-78 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
(Reference only)
• 40-Gb/s throughput (scalable to 360 Gb/s)
• ASR-1000-SIP10 or ASR-1000-SIP40
• Slots for the following:
- Route processor (RP2 and RP3)
• Hardware redundancy
- ESP (40, 80, and 160 Gb/s)
• Expanded capacity
- Up to six I/O slots
• Four 40-Gb/s slots
• Two 100-Gb/s slots

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-33

The Cisco ASR 1013 Router is the most powerful router from the Cisco ASR 1000 Series. Here
are some technical characteristics of this router:
 40-Gb/s throughput (scalable to 360 Gb/s)
 ASR-1000-SIP10 or ASR-1000-SIP40
 Slots for the following
— RP (RP2 and RP3)
 Hardware redundancy
— ESP (40, 80, and 160 Gb/s)
 Expanded capacity
— Up to six I/O slots
 Four 40-Gb/s slots
 Two 100-Gb/s slots

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-79


Cisco 7200 Router
This topic describes the components of the Cisco 7200 Series Routers.

• Compact, high-performance 1-RU router


• Up to 2-Mbps Cisco Express Forwarding
• 1.8-Gb/s backplane capacity
• Operating system: Cisco IOS
• Four Gigabit Ethernet ports (SFP)
- Two dual-purpose ports

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-34

The Cisco 7201 Router is a compact and high-performance 1-RU router that is capable of the
following:
 Up to 2-Mb/s Cisco Express Forwarding
 1.8-Gb/s backplane capacity
The Cisco 7201 Router runs on the Cisco IOS operating system. It has four integrated Gigabit
Ethernet ports; two of them are SFP ports, and two are dual-purpose (that is, SFP and copper)
ports.

1-80 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
(Reference only)
• Compact, high-performance modular routers
- Four port adapter slots (7204 VXR)
- Six port adapter slots (7206 VXR)
• Up to 2-Mb/s Cisco Express Forwarding
• 1.8-Gb/s backplane capacity
• Operating system: Cisco IOS

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-35

The Cisco 7204 VXR and 7206 VXR Routers are compact and high-performance modular
routers.
The Cisco 7204 VXR Router is a modular router with four port adapter slots. The Cisco 7206
VXR Router has six port adapter slots.
Both routers have up to 2-Mb/s Cisco Express Forwarding, 1.8-Gb/s backplane capacity, and
run on the Cisco IOS operating system.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-81


Cisco ME 3800X Series Switches
This topic describes the Cisco ME 3800 Series Switches.

• ME 3800X-24FS
• 1 RU
- 24 SFP slots (1 Gb/s): UNI
- 2 SFP+ slot (10 Gb/s): NNI uplinks
• “Any-play” service by combining voice, video, mobile, and data services
• Preaggregation platform for mobile backhaul
• Increased service availability
- Optional redundant power supply (AC or DC)
- Field-replaceable power supplies
• High-speed performance
- 44-Gb/s switching fabric
- 65-mpps L2/L4/L4 forwarding (in hardware)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-36

The Cisco® ME 3800X Series Carrier Ethernet Switch Router is a converged, full-featured
aggregation platform that is purposely designed for the mobile, business, and residential
markets.
The Cisco ME 3800X Series is a small footprint fixed-form-factor platform that comes in the
following configuration:
 24 SFP slots (1 Gb/s): User-Network Interface (UNI)
 2 SFP+ slot (10 Gb/s): Network Node Interface (NNI) uplinks
The Cisco ME 3800X Series supports broadband aggregation for delivering "any-play"
services (that is, voice, video, data, and mobility). Designed to support thousands of
subscribers, QoS on the Cisco ME 3800X Series is capable of scaling to 32,000 queues per
device. This high number of queues that are combined with a more granular QoS algorithm (or
three-level hierarchical QoS) results in a greatly enhanced broadband user experience. This
plentiful Layer 2 and Layer 3 switch router supports various broadband applications including
IPTV and VoD, enhancing and extending the Cisco IP NGN architecture.
Deployed as a preaggregation platform for mobile backhaul, the Cisco ME 3800X Series can
aggregate the Cisco MWR 2941 Mobile Wireless Edge Router and use Multiprotocol Label
Switching (MPLS) as a transport for Radio Access Network (RAN) backhaul traffic.
For increased service availability, additional RPS can be installed. All power supplies are field-
replaceable.
The Cisco ME 3800X Series is also a high-speed performance switch with the following:
 44-Gb/s switching fabric
 65-mpps L2/L4/L4 forwarding (in hardware)

1-82 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco IP NGN Access Network
This topic shows the Cisco IP NGN access network layer within the IP NGN architecture.

• Cisco routers and switches in the access network

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-37

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-83


Cisco Integrated Services Routers Generation 2
This topic describes the Cisco Integrated Services Routers Generation 2.

• Next generation of Cisco ISR routers


• Three ISR G2 series routers:
- Cisco 3900
- Cisco 2900
- Cisco 1900
• Modular architecture
• Gigabit interfaces
• Powered by high-performance, multicore processors
• Single Cisco IOS universal image
- IP Base License (by default)
- Data License
- Unified Communications License
- Security and Security-NPE License

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-38

Cisco Integrated Services Routers Generation 2 (Cisco ISR G2) is used mostly in enterprise
networks. This platform is sometime used also in the P-network and Carrier Ethernet network
service.
There are three ISR G2 series routers:
 Cisco 3900
 Cisco 2900
 Cisco 1900
Here are some technical characteristics of ISR G2 routers:
 Modular architecture
 Gigabit interfaces
 Powered by high-performance, multicore processors
 Single Cisco IOS universal image
— IP Base License (by default)
— Data License
— Unified Communications License
— Security and Security-NPE License

1-84 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco 3900 Series ISR G2
This topic describes the Cisco 3900 Series ISR G2.

3945E 3925E 3945 3925


Total 10/100/1000 ports 4 4 3 3
SFP-based ports 2 2 2 2
EHWIC slots 3 3 4 4
Single-mode slots 4 2 4 2
Cisco Services Performance SPE-250 SPE-200 SPE-150 SPE-100
Engine

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-39

Cisco 3900 Series ISR G2 routers are the most powerful routers in the Cisco 3900 Series
family. Routers are used for high-speed links between service provider and customer.
Cisco 3945E and 3925E ISR routers are models with a more powerful Cisco Services
Performance Engine and with up to 3.5 times of better performance than regular Cisco 3945
and 3925 ISR routers.
All models have integrated 1-Gb/s Ethernet ports (that is, copper and SFP). Additionally,
different Cisco Enhanced High-Speed WAN Interface Card (Cisco EHWIC) modules and
single-mode modules can be installed for functionality expansion.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-85


Cisco 2900 Series ISR G2
This topic describes the Cisco 2900 Series ISR G2.

2901 2911 2921 2951


Total 10/100/1000 ports 2 3 3 3
SFP-based ports 0 0 1 1
EHWIC slots 4 4 4 4
Single-mode slots 0 1 1 2
WAN speed up to 25 Mb/s 35 Mb/s 50 Mb/s 75 Mb/s

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-40

Cisco 2900 Series ISR G2 routers are used for links up to 75 Mb/s. All routers are modular and
can be upgraded with EHWIC and single-mode modules (except the Cisco 2901 ISR, which
does not support single-mode modules). The routers have integrated 1-Gb/s Ethernet ports (and
the Cisco 2921 and 2951 ISRs also have dual-purpose SFP and copper ports).

1-86 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco 1900 Series ISR G2
This topic describes the Cisco 1900 Series ISR G2.

1921 1941
Total 10/100/1000 ports 2 2
SFP-based ports 0 0
EHWIC slots 2 2
Single-mode slots 0 0
WAN speed up to 15 Mb/s 25 Mb/s

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-41

Cisco 1900 Series ISR G2 routers are low-end customer routers for links up to 25 Mb/s. The
routers have 2-Gb/s Ethernet ports and support Cisco High-Speed WAN Interface Card (Cisco
HWIC) modules but do not support single-mode modules.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-87


Cisco Mobile Wireless Router 2941
This topic describes the Cisco Mobile Wireless Router 2941 ISR G2.

• Most compact, affordable, high-performance cell site router with


features enabled:
• 16 fixed T1/E1 ports—expandable to 24 T1/E1 ports with
HWICs*
• 6x Gigabit Ethernet ports—4x RJ45 100/1000; 2 SFP 1000BT
• 2 HWIC slots
• Front to back airflow with 4 exhaust fans
• Clocking (Sync T1/E1, Sync-E master and slave, IEEE 1588v2,
adaptive clock recovery, external BITS input, and Stratum 3 time
server)
• 1 RU, redundant power feeds, extended operating temperature

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-42

Note: BITS = Building Integrated Timing Supply.


The latest Cisco MWR series product follows:
 6 built-in Gigabit Ethernet ports (4 RJ-45, 2 SFP)
 16 built-in T1/E1 Ports, expandable to 24
 Multiple industry standard clocking options
 IEEE 1588 version 2 (1588v2), Sync-E master and slave, adaptive clock recovery, and
Stratum 3 time server
 Expanded capacity
 Support for the Cisco 2800 and 3800 HWICs

Key applications follow:


 IP RAN: Activate flexible and efficient all-IP RANs for new revenue-generating services
with intelligent IP network features
 RAN optimization: Optimize and reduce backhaul costs for second-generation (2G) (such
as Global System for Mobile Communications [GSM]) and third-generation (3G) (such as
Universal Mobile (UMTS) and High-Speed Packet Access (HSxPA) wireless networks
 Standards-based pseudowire (PW): Use IETF Pseudowire Emulation Edge to Edge
(PWE3) to transport 2G, 3G, and fourth-generation (4G) wireless networks over low-cost
alternative networks such as xDSL, Carrier Ethernet, MPLS, and so on

1-88 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco ME 4924-10GE Switch
This topic describes the Cisco ME 4924-10GE Switches.

• Cisco ME 4924-10GE Switch


• 1 RU
- 24 SFP slots (1 Gb/s)—UNI
- 4 SFP slots (1 Gb/s)—NNI uplinks
- 2 X2 slots (10 Gb/s)—NNI uplinks
• Triple-play service by combining voice, video, and data services
• Increased service availability
- Optional redundant power supply (AC or DC)
- Field-replaceable power supplies
• Wire-speed performance (full-duplex)
- 96-Gb/s switching fabric
- 71-mpps L2/L4/L4 forwarding (in hardware)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-44

The Cisco® ME 4924-10GE Switch is a next-generation Layer 3, user-facing premise


equipment aggregation device that is purposely built for high-performance Carrier Ethernet
networks. Based on Cisco Catalyst® 4900 Series Switch technology, the Cisco ME 4924-10GE
Switch delivers on the performance, availability, and form factor that is required in residential
broadband triple-play service aggregation and business Ethernet deployments.
The configuration of this switch follows:
 24 Gigabit Ethernet SFP UNIs
 4 Gigabit Ethernet SFP uplinks and trunk ports
 2 10 Gigabit Ethernet X2 uplinks
The Cisco ME 4924-10GE Switch is optimized for triple-play service. By delivering essential
features in the areas of QoS, multicast, and security, the Cisco ME 4924-10GE Switch helps
service providers increase their competitive edge by deploying successful triple-play services.
The Cisco ME 4924-10GE Switch can be equipped with an optional RPS that is available in
both AC and DC versions. The RPS gives service providers an immediate failover capability in
the case of a power supply or circuit failure.
Another important feature of the Cisco ME 4924-10GE Switch is wire-speed (or full-duplex)
performance:
 96-Gb/s switching fabric
 71-mpps L2/L4/L4 forwarding (in hardware)

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-89


Cisco ME 3600X Series Switch
This topic describes the Cisco 3600X Series Switches.

• Cisco ME 3600X-24TS (copper)


- 24 10/100/1000 (1 Gb/s)
- 2 SFP+ slot (10 Gb/s)—uplinks
• Cisco ME 3600X-24FS (fiber)
- 24 SFP slots (1 Gb/s)
- 2 SFP+ slot (10 Gb/s)—uplinks
• "Pay-as-you-Grow" investment model
• Increased service availability
- Hot-swappable redundant power supplies
• High-speed performance
- 44-Gb/s switching fabric
- 65-mpps L2/L4/L4 forwarding (in hardware)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-45

The Cisco ME 3600X Series Ethernet Access Switches are 1-RU, fixed-form-factor platforms
that are available in copper and fiber hardware-optimized configurations:
 Cisco ME 3600X-24TS (copper) with 24 10/100/1000 ports and 2 10 Gigabit Ethernet
SFP+ ports
 Cisco ME 3600X-24FS (fiber) with 24 Gigabit Ethernet SFP ports and 2 10 Gigabit
Ethernet SFP+ ports

The use of licensing to activate features on the Cisco ME 3600X Series allows service
providers to customize and schedule their investment in access features for a time when
network growth and customer demand justify the investment. This is known as the “pay as you
grow” investment model.
The 1-RU switch holds two slots for hot-swappable and RPSs.
The Cisco ME 3800X Series Carrier Ethernet Switch Routers are also high-speed performance
switches with the following characteristics:
 44-Gb/s switching fabric
 65-mpps L2/L4/L4 forwarding (in hardware)

1-90 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco ME 3400E Series Switch
This topic describes the Cisco ME 3400E Series Switches.

• Cisco ME 3400EG-12CS
- 12 dual-purpose ports (SFP or 10/100/1000)
- 4 SFP uplinks
- 32 Gb/s forwarding rate
• Cisco ME 3400EG-2CS
- 2 dual-purpose ports (SFP or 10/100/1000)
- 2 SFP uplinks
- 8-Gb/s forwarding rate
• Cisco ME 3400E-24TS
- 24 Ethernet 10/100 ports
- 2 dual-purpose uplinks (SFP or 10/100/1000)
- 26-Gb/s forwarding rate
• Customer-located devices
• "Pay-as-you-grow" investment model
- “Metroaccess” image
- “MetroIPaccess” image
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-46

Cisco® ME 3400E Series Ethernet Access Switches are next-generation Layer 2 and Layer 3
customer-located devices for service providers.
The Cisco ME 3400E Series includes the following configurations:
 Cisco ME 3400EG-12CS chassis
— 12 dual-purpose (10/100/1000 or SFP) ports
— 4 SFP uplinks
— 2 slots for field-replaceable modular power supply and fan unit
— 32-Gb/s forwarding rate
 Cisco ME 3400EG-2CS chassis
— 2 dual-purpose (10/100/1000 or SFP) ports
— 2 SFP uplinks
— Integrated AC power supply
— 8-Gb/s forwarding rate
 Cisco ME 3400E-24TS chassis
— 24 Ethernet 10/100 ports
— 2 dual-purpose (10/100/1000 or SFP) uplinks
— 2 slots for field-replaceable modular power supply and fan unit
— 26-Gb/s forwarding rate

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-91


The Cisco ME 3400E Series offers two different Cisco IOS Software feature images,
“metroaccess” and “metroIPaccess,” providing cost-effective, "pay-as-you-grow" upgrade
options for service providers that are deploying multiple services. The service providers do not
have to pay for the features they do not need today and still have the option in the future to
receive those features with a simple software upgrade.

1-92 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Summary
This topic summarizes the key points that were discussed in this lesson.

• Cisco supports different hardware platforms and operating systems.


• Cisco has two router platforms that can be used in the IP NGN core
networks.
• Cisco CRSs are high-end Cisco routers that are used in the IP NGN
core networks.
• Cisco GSRs are high-performance Cisco routers that are used in the IP
NGN core networks.
• Cisco has several router platforms that can be used in the IP NGN edge
and aggregation networks.
• Cisco ASR 9000 Series is a fully distributed system that is used as edge
router in large provider networks.
• Cisco 7600 Series Routers are edge service provider and core
enterprise routers.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-47

• The Cisco ASR 1000 Series Aggregation Services Routers are midrange
edge and aggregation services routers.
• Cisco 7201 Router is a compact and high-performance edge router.
• The Cisco ME 3800X Series Carrier Ethernet Switch Router is used in
aggregation networks.
• Cisco has several router platforms that can be used in the IP NGN
access networks.
• Cisco ISR G2 routers are used mostly in enterprise networks.
• Cisco 3900 Series ISR G2 routers are the most powerful routers in the
Cisco Series ISR family.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-48

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-93


• Cisco 2900 Series ISR G2 routers are used for links up to 75 Mb/s.
• Cisco 1900 Series ISR G2 routers are low-end customer routers for links
up to 25 Mb/s.
• Cisco Mobile Wireless Router 2941 is a cell-site access gateway.
• Cisco has several switch platforms that can be used in the IP NGN
access networks.
• The Cisco ME 4924-10GE Switch is Layer 3, user-facing premise
aggregation device.
• The Cisco ME 3600X Series Ethernet Access Switches are 1-RU, fixed-
form-factor platforms
• Cisco ME 3400E Series Ethernet Access Switches are next-generation
Layer 2 and Layer 3 customer-located devices for service providers.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-49

1-94 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Module Summary
This topic summarizes the key points that were discussed in this module.

• The Internet is based on the principle of global reachability, so ISPs


have to interconnect their networks.
• The Cisco IP NGN architecture provides an IP network for services and
applications regardless of access type.
• The Cisco provides several high-end and medium-class platforms that
can be used in IP NGN networks.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—1-1

This module is an introduction to the Cisco IP Next-Generation Network (Cisco IP NGN)


architecture and describes some basics of provider network (P-network) design. The first lesson
describes the Cisco IP NGN architecture, its basic building blocks, and functions of certain
layers that are defined in the Cisco IP NGN model. The second lesson describes Cisco
hardware platform placement in the Cisco IP NGN model. The third lesson explains how
service providers are interconnected and how they exchange information for establishing global
reachability.

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-95


1-96 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Module Self-Check
Use the questions here to review what you have learned in this module. The correct answers
and solutions are found in the Module Self-Check Answer Key.
Q1) Subscribers are usually connected to which of the following: (Source: Introduction to
Service Providers)
A) Tier 1 ISP
B) Tier 2 ISP
C) Tier 3 ISP
Q2) Which layer of the Cisco IP NGN architecture is responsible for providing video
stream for VoD? (Source: Cisco IP NGN Architecture)
A) Application layer
B) Services layer
C) IP infrastructure layer
Q3) Which layer of the Cisco IP NGN architecture is responsible for performing billing and
authorization of subscribers? (Source: Cisco IP NGN Architecture)
A) Application layer
B) Services layer
C) IP infrastructure layer
Q4) Which high-end Cisco router can be set up as a multishelf system? (Source: Cisco
Hardware Platform Placement)
A) GSR
B) CRS
C) ASR 9000
Q5) Which Cisco router is using the Cisco IOS XR operating system? (Source: Cisco
Hardware Platform Placement)
A) GSR
B) CRS
C) ASR 9000
D) Cisco 7201
E) Cisco 7600
Q6) Which operating system is used by the Cisco ISR G2 routers? (Source: Cisco Hardware
Platform Placement)
A) Cisco IOS
B) Cisco IOS XR
Q7) If two service providers establish a connection and exchange traffic for free, this
relationship is called which of the following: (Source: Introduction to Service
Providers)
A) Transit
B) Peering

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-97


Q8) ISPs that can reach every other network on the Internet without purchasing IP transit or
paying settlements are which of the following: (Source: Introduction to Service
Providers)
A) Tier 3 ISPs
B) Tier 2 ISPs
C) Tier 1 ISPs
Q9) Who is responsible for coordinating the global pool of IP addresses and the global pool
of AS numbers? (Source: Introduction to Service Providers)
A) RIR
B) IANA
C) Customer ISP
D) NIR
Q10) Provider-independent address space is assigned to customers by which of the
following: (Source: Introduction to Service Providers)
A) RIR
B) IANA
C) Customer ISP
D) LIR
Q11) Which routing protocol is used for routing traffic between different autonomous
systems? (Source: Introduction to Service Providers)
A) OSPF
B) RIP
C) BGP
D) EIGRP

1-98 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Module Self-Check Answer Key
Q1) C
Q2) B
Q3) C
Q4) B
Q5) A, B, and C
Q6) A
Q7) B
Q8) C
Q9) B
Q10) A
Q11) C

© 2012 Cisco Systems, Inc. Service Provider Network Architecture 1-99


1-100 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Module 2

Advanced LAN Switching


Overview
Network administrators must address many aspects when expanding a switched network. Cisco
provides solutions across its suite of internetworking switches that not only solve many of the
immediate problems that are associated with administrative changes, but also provide
scalability, interoperability, increased dedicated throughput, and security.

Module Objectives
Upon completing this module, you will be able to build a service provider LAN with multiple
switches, supporting VLANs, trunking, and spanning tree. This ability includes being able to
meet these objectives:
 Describe how and when to implement and verify VLANs and trunking, and then implement
them on the network
 Describe situations in which spanning tree is used and implement it on the network
 Describe the application and configuration of inter-VLAN routing for a medium-sized
routed network
 Describe characteristics and configuration of First Hop Redundancy Protocols (FHRP)
2-2 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 1

Implementing VLANs and


Trunks
Overview
A VLAN is a group of end stations with a common set of requirements, independent of their
physical location. A VLAN has the same attributes as a physical LAN, except that it lets you
group end stations even when they are not physically located on the same LAN segment. A
VLAN also lets you group ports on a switch so that you can limit unicast, multicast, and
broadcast traffic flooding. Flooded traffic that originates from a particular VLAN floods only to
the ports belonging to that VLAN. VLAN trunks with IEEE 802.1Q tagging facilitate
interswitch communication with multiple VLANs.
Understanding the operation of VLANs and the associated protocols is important for
configuring, verifying, and troubleshooting VLANs on Cisco IOS switches. This lesson
describes VLAN operations and their associated protocols, including queue-in-queue (QinQ)
tunneling that allows customers to run their VLANs inside the VLAN of the service provider.

Objectives
Upon completing this lesson, you will be able to describe how to implement VLANs and
trunking. You will be able to meet these objectives:
 Show the Cisco IP NGN access network layer within the IP NGN architecture
 Describe problems in Layer 2 switched networks
 Describe basic VLAN concepts
 Describe basic VLAN design concepts
 Describe VLAN creation guidelines
 Explain how to add, assign, and verify VLANs
 Describe the basic concepts of VLAN trunking
 Describe 802.1Q trunking
 Describe the 802.1Q frame format
 Describe the native VLAN
 Explain how to configure and verify 802.1Q trunking
 Describe the Cisco IP NGN edge and core network layers within the IP NGN architecture
 Describe basic QinQ concepts
 Describe the 802.1QinQ frame format
 Explain how to configure 802.1 QinQ

2-4 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco IP NGN Access Network
This topic shows the Cisco IP NGN access network layer within the IP NGN architecture.

• VLANs are placed in the Access.

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-3

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-5


Layer 2 Switched Network Issues
This topic describes problems in Layer 2 switched networks.

• Unbounded failure domains


• Large broadcast domains
• Large amount of unknown
MAC unicast traffic
• Unbounded multicast traffic
• Management and support
challenges
• Possible security
vulnerabilities

engineering accounting sales administration

marketing management HR IT

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-4

A poorly designed network has increased support costs, reduced service availability, and
limited support for new applications and solutions. Less-than-optimal performance directly
affects end users and their access to central resources. Some of the issues that stem from a
poorly designed network include the following:
 Failure domains: One of the most important reasons to implement an effective network
design is to minimize the extent of problems when they occur. When Layer 2 and Layer 3
boundaries are not clearly defined, failure in one network area can have a far-reaching
effect.
 Broadcast domains: Broadcasts exist in every network. Many applications and network
operations use broadcasts to function properly; therefore, it is not possible to eliminate
them completely. In the same way that avoiding failure domains involves clearly defining
boundaries, broadcast domains should also have clear boundaries. They should also include
an optimal number of devices to minimize the negative impact of broadcasts.
 Large amount of unknown MAC unicast traffic: Cisco Catalyst switches limit unicast
frame forwarding to ports that are associated with the specific unicast address recorded in
the MAC address table of the switch. However, when there is no entry corresponding to the
destination MAC address of the frame, this unicast frame, as is the case with broadcast
frames, will be sent to all forwarding ports within the respective VLAN, except the port
where the frame originally arrived. This behavior is called “unknown MAC unicast
flooding.” Because this type of flooding causes excessive traffic on switch ports, network
interface cards (NICs) must contend with a larger number of frames on the wire. When data
is propagated on a wire for which it was not intended, security could be compromised.

2-6 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
 Multicast traffic on ports where not intended: IP multicast is a technique that allows IP
traffic to be propagated from one source to a multicast group that is identified by a single
MAC destination group address or a single IP and MAC destination group-address pair.
Like unicast flooding and broadcasting, multicast frames are flooded out through all the
switch ports within the respective VLAN, except the port where the frame originally
arrived. A proper design allows for the containment of multicast frames, while allowing
them to be functional.
 Difficulty in management and support: A poorly designed network may be disorganized,
poorly documented, and may lack easily identified traffic flows, which can make support,
maintenance, and problem resolution time-consuming and difficult.
 Possible security vulnerabilities: A switched network that has been designed with little
attention to security requirements at the access layer can compromise the integrity of the
entire network.

A poorly designed network always has a negative impact, and becomes a support burden and a
cost burden for any organization.

Note The default behavior on a Cisco Catalyst Series switch is for multicast frames to be treated
like broadcast frames; techniques such as Internet Group Management Protocol (IGMP)
snooping may also be configured to optimize the use of multicasting in the switched LAN
environment. The topic of IGMP snooping is beyond the scope of this course.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-7


VLAN Overview
This topic describes basic VLAN concepts.

• VLAN is a virtual
independent LAN
network
• VLAN = Broadcast
Domain = Logical 3rd floor
Network (Subnet)
• VLANs address: 2nd floor
- segmentation
- security 1st floor
- network flexibility IT HR sales

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-5

Network performance can affect productivity in an organization and its reputation for
delivering as promised. VLANs contribute to network performance by separating large
broadcast domains into smaller segments. A VLAN allows a network administrator to create
logical groups of network devices. These devices act as if they were on their own independent
network, even if they share a common infrastructure with other VLANs. A VLAN is a logical
broadcast domain that can span multiple physical LAN segments. Within the switched
internetwork, VLANs provide segmentation and organizational flexibility. You can design a
VLAN structure that lets you group stations that are segmented logically by functions, project
teams, and applications without regard to the physical location of the users. VLANs allow you
to implement access and security policies to particular groups of users. You can assign each
switch port to only one VLAN, which adds a layer of security (if the port is operating as an
access port, covered later in this lesson). Ports in the same VLAN share broadcasts, whereas
ports in different VLANs do not share broadcasts. Containing broadcasts within a VLAN
improves the overall performance of the network.
A VLAN can exist on a single switch or span multiple switches. VLANs can include stations in
a single building or multiple-building infrastructures. VLANs can also connect across WANs.
A process of forwarding network traffic from one VLAN to another VLAN by using a router is
called inter-VLAN routing. VLANs are associated with unique IP subnets on the network. This
subnet configuration facilitates the routing process in a multi-VLAN environment. When you
are using a router to facilitate inter-VLAN routing, the router interfaces can be connected to
separate VLANs. Devices on those VLANs send traffic through the router to reach other
VLANs.

2-8 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Basic VLAN Design Concepts
This topic describes basic VLAN design concepts.

• VLAN design must take into consideration the implementation of a


hierarchical network-addressing scheme.
• The benefits of hierarchical addressing are these:
- Ease of management and troubleshooting
- Minimization of errors
- Reduced number of routing table entries

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-6

Each VLAN in a switched network corresponds to an IP network. Therefore, VLAN design


must take into consideration the implementation of a hierarchical network-addressing scheme.
Hierarchical network addressing means that IP network numbers are applied to network
segments or VLANs in an orderly fashion that takes into consideration the network as a whole.
Blocks of contiguous network addresses are reserved for, and configured on, devices in a
specific area of the network.
Some of the benefits of hierarchical addressing include the following:
 Ease of management and troubleshooting: A hierarchical addressing scheme groups
network addresses contiguously. Because a hierarchical IP addressing scheme makes
problem components easier to locate, network management and troubleshooting are more
efficient.
 Fewer errors: Orderly network address assignment can minimize errors and duplicate
address assignments.
 Reduced routing table entries: In a hierarchical addressing plan, routing protocols are
able to perform route summarization, allowing a single routing table entry to represent a
collection of IP network numbers. Route summarization makes routing table entries more
manageable and provides these benefits:
— Fewer CPU cycles when recalculating a routing table or sorting through the routing
table entries to find a match
— Reduced router memory requirements
— Faster convergence after a change in the network
— Easier troubleshooting

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-9


• Allocate one IP subnet per VLAN.
• Allocate IP address spaces in contiguous blocks (summarization)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-7

When you are deploying VLANs in a network, you must also assign IP address space to these
VLANs. For IPv6, you should follow the general rule of assigning one /64 per segment—in this
case, per VLAN.
The following are some guidelines for IPv4 addressing:
 Design the IP addressing scheme in the blocks of 2n contiguous network numbers (such as
4, 8, 16, 32, 64, and so on). These blocks of IP addresses can be assigned to the subnets in a
given building distribution and access switch block. This approach lets you summarize
each switch block into one large address block.
 At the building distribution layer, continue to assign network numbers contiguously out to
the access layer devices.
 Have a single IP subnet correspond to a single VLAN. Each VLAN is a separate broadcast
domain.
 When possible, subnet at the same binary value on all network numbers to avoid variable-
length subnet masks. This approach helps minimize errors and confusion when you are
troubleshooting or configuring new devices and segments.

Example: Network Design


A business with approximately 250 employees wants to migrate to the Cisco Enterprise
Architecture.
The table shows the number of users in each department.
Users per Department

Department Number of Users Location

IT 45 Building A

Human Resources 10 Building A

Sales 102 Building B

2-10 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Department Number of Users Location

Marketing 29 Building B

Finance 18 Building C

Accounting 26 Building C

In this example, six VLANs are required to accommodate one VLAN per user community. Six
IP subnets are required to follow the guidelines of the Cisco Enterprise Architecture.
The business has decided to use network 10.0.0.0 as its base address.
The Sales department is the largest department, and requires a minimum of 102 addresses for
its users. A subnet mask of 255.255.255.0 (/24) is chosen, which provides a maximum number
of 254 hosts per subnet. To accommodate future growth, there will be one block of IP addresses
per building, as follows:
 Building A is allocated 10.1.0.0/16.
 Building B is allocated 10.2.0.0/16.
 Building C is allocated 10.3.0.0/16.

These tables show the allocation of VLANs and IP subnets within the buildings.
Building A: VLANs and IP Subnets
Department VLAN IP Subnet Address

IT VLAN 11 10.1.1.0/24
Human Resources VLAN 12 10.1.2.0/24
For future growth 10.1.3.0–10.1.255.0

Building B: VLANs and IP Subnets

Department VLAN IP Subnet Address

Sales VLAN 21 10.2.1.0/24


Marketing VLAN 22 10.2.2.0/24
For future growth 10.2.3.0–10.2.255.0

Building C: VLANs and IP Subnets

Department VLAN IP Subnet Address

Finance VLAN 31 10.3.1.0/24


Accounting VLAN 32 10.3.2.0/24
For future growth 10.3.3.0–10.3.255.0

A currently unused VLAN and IP subnet can be used as the management VLAN to manage the
network devices. If the company decides to implement IP telephony, some of the unused
VLANs and IP subnets will be allocated to the voice VLANs.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-11


Traffic types to consider
when designating VLANs:
• Network management
• IP telephony
• IP multicast
• Normal data
• Scavenger class

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-8

Considering Traffic Source to Destination Paths


This table lists the different types of network traffic that should be taken into consideration
before placing devices and configuring the VLAN.
Traffic Types

Traffic Type Description

Network management Many different types of network management traffic can be


present on the network. Some examples are bridge protocol data
units (BPDUs), Cisco Discovery Protocol updates, Simple
Network Management Protocol (SNMP) traffic, and Remote
Monitoring (RMON) traffic. To make network troubleshooting
easier, some designers assign a separate VLAN to carry certain
types of network management traffic.

IP telephony There are two types of IP telephony traffic: signaling information


between end devices (IP phones and softswitches, such as Cisco
Unified Communications Manager) and the data packets of the
voice conversation itself. Designers often configure the data to
and from the IP phones on a separate VLAN that is designated
for voice traffic. Quality of service (QoS) measures can be
applied to these VLANs to give high priority to voice traffic.

IP multicast IP multicast traffic is sent from a particular source address to a


multicast group that is identified by a single IP and MAC
destination-group address pair. Examples of applications that
generate this type of traffic are Cisco IP/TV broadcasts and
imaging software that is used to quickly configure workstations
and servers. Multicast traffic can produce a large amount of data
streaming across the network. For example, video traffic from
online training, security applications, Cisco Unified MeetingPlace,
and Cisco TelePresence is proliferating on some networks.
Switches must be configured to keep this traffic from flooding to
devices that have not requested it. Routers must be configured to
ensure that multicast traffic is forwarded to the network areas
where it is requested.

2-12 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Traffic Type Description

Normal data Normal data traffic is typical application traffic that is related to file
and print services, email, Internet browsing, database access,
and other shared network applications. This data will need to be
treated in either the same ways or different ways in different parts
of the network, depending on the volume of each type. Examples
of this type of traffic are Server Message Block (SMB), Netware
Core Protocol (NCP), Simple Mail Transfer Protocol (SMTP),
Structured Query Language (SQL), and HTTP.

Scavenger class Scavenger class includes all traffic with protocols or patterns that
exceed their normal data flows. This type of traffic is used to
protect the network from exceptional traffic flows that may be the
result of malicious programs executing on end-system PCs.
Scavenger class is also used for “less than best effort” traffic,
such as peer-to-peer traffic.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-13


VLAN Creation Guidelines
This topic describes VLAN creation guidelines.

• The maximum number of VLANs is switch-dependent.


• VLAN 1 is the factory default Ethernet VLAN.
• The Cisco switch IP address should be in the management VLAN.
• Avoid using VLAN 1.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-9

The maximum number of VLANs is switch-dependent. Many access-layer Cisco switches can
support up to 250 user-defined VLANs.
Cisco switches have a factory default configuration in which various default VLANs are
preconfigured to support various media and protocol types. The default Ethernet VLAN is
VLAN 1. Cisco Discovery Protocol and Virtual Terminal Protocol (VTP) advertisements are
sent on VLAN 1.
If you want to communicate with the Cisco switch remotely for management purposes, the
switch must have an IP address. This IP address must be in the management VLAN, which by
default is VLAN 1.

2-14 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Adding and Verifying a VLAN
This topic explains how to add, assign, and verify VLANs.

SwitchX#configure terminal
SwitchX(config)#vlan 2
SwitchX(config-vlan)#name switchlab99

Add VLAN 2 and name it “switchlab99.”


SwitchX#show vlan id 2

VLAN Name Status Ports


---- -------------------------------- --------- -------------------------------
2 switchlab99 active Fa0/2, Fa0/12

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
2 enet 100002 1500 - - - - - 0 0

. . .
SwitchX#

Verify VLAN 2.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-10

By default, a switch is in VTP server mode, so that you can add, change, or delete VLANs. If
the switch is set to VTP client mode, you cannot add, change, or delete VLANs.
Use the vlan global configuration command to create a VLAN and enter VLAN configuration
mode. Use the no form of this command to delete the VLAN. The example shows how to add
VLAN 2 to the VLAN database, and how to name it “switchlab99” using the name command.
To add a VLAN to the VLAN database, assign a number and name to the VLAN. VLAN 1 is
the factory default VLAN. Normal-range VLANs are identified with a number between 1 and
1001. VLAN numbers 1002 through 1005 are reserved for Token Ring and FDDI VLANs. If
the switch is in VTP server or VTP transparent mode, you can add, modify, or remove
configurations for VLAN 2 to 1001 in the VLAN database. (VIDs 1 and 1002 to 1005 are
automatically created and cannot be removed).
Configurations for VIDs 1 to 1005 are written to the vlan.dat file (VLAN database). You can
display the VLANs by entering the show vlan privileged EXEC command. The vlan.dat file is
stored in flash memory.
To add an Ethernet VLAN, you must specify at least a VLAN number. If no name is entered
for the VLAN, the default is to append the VLAN number after “VLAN.” For example,
VLAN0004 would be the default name for VLAN 4 if no name is specified.
After you configure the VLAN, validate the parameters for that VLAN.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-15


Use the show vlan id vlan_number or the show vlan name vlan-name command to display
information about a particular VLAN. The figure shows an example of using the show vlan
command to display the contents of the vlan.dat file. The “switchlab99” VLAN, VLAN 2, is
highlighted in the screen capture.
Use the show vlan command to display information on all configured VLANs. The show vlan
command displays the switch ports that are assigned to each VLAN. Other VLAN parameters
that are displayed include the type, the security association ID (SAID), the maximum
transmission unit (MTU), the Spanning Tree Protocol (STP), and other parameters that are used
for Token Ring or FDDI VLANs. The default type is Ethernet. The SAID is used for the FDDI
trunk.

2-16 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
SwitchX#configure terminal
SwitchX(config)#interface range fastethernet 0/2 - 4
SwitchX(config-if-range)#switchport access vlan 2

Assign switch ports Fa0/2, Fa0/3, and Fa0/4 to VLAN 2, using the
interface range command.

SwitchX#show vlan
VLAN Name Status Ports
---- ------------------------- --------- -------------------
1 default active Fa0/1
2 switchlab99 active Fa0/2, Fa0/3, Fa0/4
3 1002 fddi-default act/unsup
4 1003 token-ring-default act/unsup
5 1004 fddinet-default act/unsup
6 1005 trnet-default act/unsup
<output omitted>

Verify VLAN assignments.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-11

When an end system is connected to a switch port, it should be associated with a VLAN, in
accordance with the network design. To associate a device with a VLAN, the switch port to
which the device connects is assigned to a single data VLAN and thus becomes an access port.
A switch port can become an access port through static or dynamic configuration.
After creating a VLAN, you can manually assign a port or a number of ports to that VLAN. A
port can belong to only one VLAN at a time. When you assign a switch port to a VLAN using
this method, it is known as a static-access port.

Note By default, all ports are members of VLAN 1.

Configure the VLAN port assignment from interface configuration mode using the switchport
access vlan command. To configure a bundle of interfaces to a VLAN at the same time, first
use the interface range command to enter the interface configuration mode for a range of
ports, and then use the switchport access vlan command, as shown in the example.
Use the show vlan command to display information on all configured VLANs. The example in
the figure shows VLAN 2, named “switchlab99,” and three interfaces that are assigned to it.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-17


SwitchX#show interface fa0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 2 (switchlab99)
Trunking Native Mode VLAN: 1 (default)
--- output omitted ----

Verify VLAN membership on Fa0/2 interface.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-12

Alternatively, use the show interfaces switchport privileged EXEC command to display the
VLAN information for a particular interface. The output in the figure shows that the
FastEthernet0/2 interface is operating in access mode. The interface is assigned to VLAN 2,
which is named “switchlab99”.

2-18 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Trunking
This topic describes the basic concepts of VLAN trunking.

• Running many VLANs between switches would require the same


number of interconnecting links.
• Combining many VLANs on the same port is called trunking.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-13

If every port belongs to one VLAN and you have several VLANs configured on switches,
interconnecting these VLANs would require one physical cable per VLAN. When the number
of VLANs increases, so does the number of required interconnecting links. Ports are then used
for interswitch connectivity instead of attaching end devices.
To fix this problem, you can use a concept of trunks which allows transportation of frames
from different VLANs on the same physical link.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-19


• A trunk allows transportation of frames from different VLANs.
• Each frame has a tag that specifies to which VLAN it belongs.
• Frames are forwarded to the corresponding VLAN based on the tag
information.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-14

A trunk is a point-to-point link between one or more Ethernet switch interfaces and another
networking device, such as a router or a switch. Ethernet trunks carry the traffic of multiple
VLANs over a single link and allow you to extend the VLANs across an entire network. A
trunk does not belong to a specific VLAN; rather, it is a conduit for VLANs between switches
and routers. A special protocol is used to carry multiple VLANs over a single link between two
devices. Cisco supports the 802.1Q trunking protocol for Ethernet interfaces. A trunk could
also be used between a network device and a server or other device that is equipped with an
appropriate 802.1Q-capable NIC.

2-20 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
802.1Q Trunk
This topic describes 802.1Q trunking.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-15

Ethernet trunk interfaces support different trunking modes. You can configure an interface as
trunking or nontrunking, or have it negotiate trunking with the neighboring interface.
By default, all configured VLANs are carried over a trunk interface. Frames belonging to the
native VLAN do not carry VLAN tags when they are sent over the trunk so that older devices
that do not support 802.1Q can understand it. Conversely, if an untagged frame is received on a
trunk port, the frame is associated with the native VLAN. On an 802.1Q trunk port, there is one
native VLAN which is untagged (by default VLAN 1), and all other VLANs are tagged with a
VLAN ID (VID).

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-21


802.1Q Frame
This topic describes the 802.1Q frame format.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-16

When Ethernet frames are placed on a trunk, they need additional information about the
VLANs that they belong to. This task is accomplished by using the 802.1Q encapsulation
header. IEEE 802.1Q uses an internal tagging mechanism that inserts a 4-byte tag field into the
original Ethernet frame between the Source Address and Type or Length fields. Because
802.1Q alters the frame, the trunking device recomputes the frame check sequence (FCS) on
the modified frame.
It is the responsibility of the Ethernet switch to look at the 4-byte tag field and determine where
to deliver the frame.
The first part of the 802.1Q tag consists of the tag protocol ID (ethertype) which is set to
0x8100 to identify the frame as an IEEE 802.1Q tagged frame.
A tiny part of the 4-byte tag field—3 bits, to be exact—is used to specify the priority of the
frame. The details are specified in the IEEE 802.1p standard. The 802.1Q header contains the
802.1p field, so you must have 802.1Q to have 802.1p.
A 12-bit VLAN ID field is used to specify the VLAN to which the frame belongs.

2-22 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Understanding Native VLANs
This topic describes the native VLAN.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-17

An 802.1Q trunk and its associated trunk ports have a native VLAN value. When you are
configuring an 802.1Q trunk, a matching native VLAN must be defined on each end of the
trunk link. 802.1Q does not tag frames for the native VLAN. Therefore, ordinary end stations,
which do not support 802.1Q, can read the native untagged frames; however they cannot read
any other frame because the frames are tagged.

Note The default native VLAN is VLAN 1.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-23


Configuring and Verifying 802.1Q Trunk
This topic explains how to configure and verify 802.1Q trunking.

• Enter interface configuration mode.


• Allow VLANs on the trunk.
• Configure the Fa0/11 interface as a VLAN trunk.
• Native VLAN can be changed.

SwitchX#configure terminal
SwitchX(config)#interface fa0/11
SwitchX(config-if)#switchport trunk allowed vlan 1,10,99
SwitchX(config-if)#switchport mode trunk
SwitchX(config-if)#switchport trunk native vlan 99

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-18

The example configures the Fa0/11 port on SwitchX as a trunk port. Use the switchport mode
trunk interface configuration command to set a Fast Ethernet or Gigabit Ethernet port to trunk
mode. Many Cisco Catalyst switches support the Dynamic Trunking Protocol (DTP), which
manages automatic trunk negotiation. DTP is a Cisco proprietary protocol. Switches from other
vendors do not support DTP. DTP is automatically enabled on a switch port when certain
trunking modes are configured on the switch port. DTP manages trunk negotiation only if the
port on the other switch is configured in a trunk mode that supports DTP.
The example is showing the configuration of the Fast Ethernet interface 0/11. The switchport
trunk allowed command is allowing VLANs on the trunk. The switchport mode trunk
command is setting the Fast Ethernet port 0/11 to trunk mode. The example is also showing the
configuration of the native VLAN to VLAN 99. VLAN 99 is configured as native VLAN and
therefore traffic from VLAN 99 will be sent untagged. Ensure that the other end of the trunk
link is configured the same way.
There are four options for the switchport mode command:
switchport mode Parameters

Parameter Description

trunk Configures the port into permanent 802.1Q trunk mode and
negotiates with the connected device to convert the link to trunk
mode
access Disables the port trunk mode and negotiates with the connected
device to convert the link to nontrunk
dynamic desirable Triggers the port to negotiate the link from nontrunk to trunk
mode. The port negotiates to a trunk port if the connected device
is in either trunk state—desirable state or auto state. Otherwise,
the port becomes a nontrunk port.

2-24 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Parameter Description

dynamic auto Enables a port to become a trunk only if the connected device
has the state set to trunk or desirable. Otherwise, the port
becomes a nontrunk port.
The switchport nonegotiate interface command specifies that DTP negotiation packets are not
sent on the Layer 2 interface. The switch does not engage in DTP negotiation on this interface.
This command is valid only when the interface switchport mode is access or trunk (configured
by using the switchport mode access or the switchport mode trunk interface configuration
command). This command returns an error if you attempt to execute it in dynamic (auto or
desirable) mode. Use the no form of this command to return to the default setting. When you
configure a port with the switchport nonegotiate command, the port trunks only if the other
end of the link is specifically set to trunk. The switchport nonegotiate command does not form
a trunk link with ports in either dynamic desirable or dynamic auto mode.

SwitchX#show interfaces fa0/11 switchport


Name: Fa0/11
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 99
Trunking Native Mode VLAN: 99
. . .

SwitchX#show interfaces fa0/11 trunk

Port Mode Encapsulation Status Native vlan


Fa0/11 on 802.1q trunking 99

Port Vlans allowed on trunk


Fa0/11 1-4094

Port Vlans allowed and active in management domain


Fa0/11 1-13

• Verify a trunk on the Fa0/11 interface.


© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-19

To verify a trunk configuration, use the show interfaces switchport and show interfaces
trunk commands. These two commands display the trunk parameters and VLAN information
of the port. As shown in the figure, the switchport administrative and operational mode is now
set to trunk mode.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-25


Cisco IP NGN Edge and Core Networks
This topic describes the Cisco IP NGN edge and core network layers within the IP NGN
architecture.

• QinQ is placed in the Edge and Core.

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-20

2-26 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
QinQ
This topic describes basic QinQ concepts.

• Defined as IEEE 802.1ad (sometimes referred to as 802.1QinQ)


• Allows dual tagging and transportation of customer VLANs over core
network
sales sales

.1Q tagged .1Q tagged


engineering engineering
Customer A .1ad tagged Customer B
VLANs 1-100 VLANs 50-100
Customer B Customer A
VLANs 50-100 VLANs 1-100
sales sales
.1Q tagged .1Q tagged

C-VLAN S-VLAN

engineering Customer A 1-100 10 engineering

Customer B 50-100 20
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-21

In some cases, a service provider will build a pure Layer 2 network for interconnecting its
customer VLANs. If several customers are spanning the same service provider, and they use
VLANs, there is bound to be some overlapping. Thus it is not possible to maintain customer
separation if you use the same equipment for all customers.
Business customers of service providers often have specific requirements for VLAN IDs and
the number of VLANs to be supported. The VLAN ranges required by different customers in
the same service-provider network might overlap, and traffic of customers through the
infrastructure might be mixed. Assigning a unique range of VLAN IDs to each customer would
restrict customer configurations and could easily exceed the total VLAN limit of the 802.1Q
specification. To solve this problem, the 802.1ad standard defines double tagging, so that each
customer can have a dedicated service provider outer tag and its own local customer VLAN
inside tags. A frame that is double-tagged will therefore have an outer tag (S-VLAN) which is
used for separation of customers within the service provider network, and a second inner tag
(C-VLAN) that defines the customer VLAN. Different customers can have the same customer
VLAN IDs and the traffic will not mix, due to the presence of the outer tag.
For example, when you are using the double-tagging feature, service providers can use a single
VLAN to support customers who have multiple VLANs. Customer VLAN IDs (C-VLANs) are
preserved, and traffic from different customers is segregated within the service-provider
network, even when they appear to be in the same VLAN. Each customer requires a separate
service- provider VLAN ID (S-VLAN), but that service-provider VLAN ID supports all of the
VLANs of that customer.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-27


802.1QinQ Frame
This topic describes the 802.1QinQ frame format.

Dest Src Len/Etype Data FCS

Dest Src Tag Len/Etype Data FCS

Dest Src S-Tag C-Tag Len/Etype Data FCS

Service provider VLAN ID Customer VLAN ID

Double-tagged frame

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-22

The figure shows how tags are added to the original frame. Each time the tag is added, the
frame check sequence must be recomputed and appended.

Note Not shown in the figure is the fact that the tag also includes ethertype of its own. Single-
tagged and double-tagged frames can therefore be distinguished, based on ethertype within
the tag.

For example, an outer tag with an ethertype value of 0x9100 may be used to indicate an
802.1ad (QinQ, double-tagged) frame. And the inner tag will have an ethertype of 0x8100,
to indicate an 802.1Q-tagged frame.

2-28 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Configuring QinQ
This topic explains how to configure 802.1 QinQ.

• Enable native VLAN tagging.


• Switch the port to 802.1Q tunnel mode.

SwitchX(config)# vlan dot1q tag native


SwitchX(config)# interface FastEthernet 0/1
SwitchX(config-if)# switchport mode dot1q-tunnel

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-23

In order to configure QinQ, you need to enter the command switchport mode dot1q-tunnel on
a port.
Native VLAN is untagged by default. As such, it cannot be successfully double-tagged, as it
would result in a single tag. In such a case, it is not entirely clear whether this is tagged native
VLAN or single tagged VLAN. To remove the confusion, you can force the switch to tag all
VLANs, even the native, by configuring vlan dot1q tag native.
QinQ configuration is supported on Cisco Metro Ethernet series switches. STP is supported
only on Network Node Interfaces (NNIs). User Network Interfaces (UNIs) on the Cisco Metro
Ethernet series switch do not participate in STP, and forward traffic immediately when they are
brought up.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-29


Summary
This topic summarizes the key points that were discussed in this lesson.

• VLANs are used in the access network on the IP NGN infrastructure


layer.
• A poorly designed Layer 2 network has increased support costs,
reduced service availability, and limited support for new applications and
solutions.
• VLANs allow virtual LANs on the same switch.
• Each VLAN should correspond to one IP subnet.
• The maximum number of VLANs is switch-dependent.
• After creating a VLAN, you can manually assign a port or a number of
ports to that VLAN.
• Trunks allow multiple VLAN frames on the same link.
• On an 802.1Q trunk port, there is one native VLAN which is untagged.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-24

• IEEE 802.1Q uses an internal tagging mechanism that inserts a 4-byte


tag field into the original Ethernet frame.
• An 802.1Q trunk and its associated trunk ports have a native VLAN
value.
• Many Cisco Catalyst switches support DTP, which manages automatic
trunk negotiation.
• QinQ is used in the edge and core network of the IP NGN infrastructure
layer.
• QinQ allows transportation of customer VLANs over core network.
• QinQ permits double tagging of frames.
• When configuring QinQ, force the switch to tag native VLAN.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-25

2-30 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 2

Spanning Tree Protocol


Enhancements
Overview
Most complex networks include redundant devices to avoid single points of failure. Although a
redundant topology eliminates some issues, it can introduce other problems. Spanning Tree
Protocol (STP) is a Layer 2 link-management protocol that provides path redundancy while
preventing undesirable loops in a switched network.
This lesson discusses enhanced spanning-tree protocols such as Rapid Spanning Tree Protocol
(RSTP), Per VLAN Spanning Tree Plus (PVST+), Per VLAN RSTP Plus (PVRSTP+), and
Multiple Spanning Tree (MSTP) to improve spanning tree protocol convergence time and
operations.

Objectives
Upon completing this lesson, you will be able to describe how and when to implement and
verify spanning tree protocol and resilient Ethernet protocol (REP). You will be able to meet
these objectives:
 Show the Cisco IP NGN access network layer within the IP NGN architecture
 Describe the types of spanning-tree protocols that Cisco Catalyst switches support
 Describe how PVST+ functions
 Describe the PVST+ extended bridge ID
 Describe a spanning-tree operations example
 Describe spanning-tree path cost
 Describe spanning-tree recalculation
 Describe STP convergence
 Describe the basic functionality that is provided by RSTP
 Describe PVRST+ configuration guidelines
 Explain PVRST+ configurations and verifications
 Describe Multiple Spanning Tree Protocol (MSTP)
 Describe MST regions
 Explain MST configurations and verifications
 Describe the spanning-tree PortFast feature
 Describe the spanning-tree BPDU guard feature
 Describe the spanning-tree BPDU filtering feature
 Describe the Resilient Ethernet Protocol (REP)
 Describe the REP redundancy options
 Explain how to configure REP

2-32 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco IP NGN Access Network
This topic shows the Cisco IP NGN access network layer within the IP NGN architecture.

• Different spanning tree protocols are placed in the Access.

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-4

Per PVSTP, PVRST MSTP, spanning tree options, and REP are all placed in the Access in
Cisco IP Next-Generation Network (NGN) Infrastructure Layer.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-33


Default Spanning Tree Configuration
This topic describes the types of spanning-tree protocols that Cisco Catalyst switches support.

• Cisco Catalyst switches support three types of spanning tree protocols:


- PVST+
- PVRST+
- MSTP
• Spanning tree protocol is enabled by default.
• The default spanning tree protocol for Cisco Catalyst switches is
PVST+:
- A separate spanning tree protocol instance for each VLAN
- One root bridge for all VLANs
- No load sharing

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-5

Cisco Catalyst switches support three types of spanning-tree protocols: PVST+, PVRST+, and
MSTP.
 PVST+ : Based on the 802.1D standard; includes Cisco proprietary extensions, such as
BackboneFast, UplinkFast, and PortFast
 PVRST+: Based on the 802.1w standard; has a faster convergence than 802.1D
 MSTP (802.1s): Combines the best aspects of PVST+ and the IEEE standards

2-34 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
PVST+ Operation
This topic describes how PVST+ functions.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-6

The 802.1D standard defines a Common Spanning Tree (CST) that assumes only one spanning-
tree instance for the entire switched network, regardless of the number of VLANs. In a network
that is running CST, these statements are true:
 No load sharing is possible; one uplink must block for all VLANs.
 There is less CPU overhead; only one instance of spanning tree must be computed.

PVST+ defines a spanning-tree protocol that has several spanning-tree instances running for the
network (one instance of spanning-tree protocol per VLAN). In a network that is running
several spanning-tree instances, these statements are true:
 Optimum load sharing can result.
 One spanning-tree instance for each VLAN maintained can mean a considerable waste of
CPU cycles for all of the switches in the network (in addition to the bandwidth used for
each instance to send its own bridge protocol data units [BPDUs]). The waste of CPU
cycles and bandwidth for each instance would only be problematic if there were a high
number of VLANs configured.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-35


PVST+ Operation
In a Cisco PVST+ environment, you can tune the spanning-tree parameters so that half of the
VLANs forward on each uplink trunk. Correct configuration must be applied to the network.
The configuration must define a different root bridge for each half of the total number of
VLANs. Providing different spanning-tree protocol root switches per VLAN creates a more
redundant network.
As shown in the figure, the (left) port on switch C is the forwarding port for VLAN 1, and the
(right) port on switch C is the forwarding port for VLAN 2. This is accomplished by
configuring switch A to be elected as the root bridge for half of the total number of VLANs in
the network, and configuring switch B to be elected as the root bridge for the other half of the
VLANs. In the figure, switch A is the root bridge for VLAN 1, and switch B is the root bridge
for VLAN 2.

2-36 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
PVST+ Extended Bridge ID
This topic describes the PVST+ extended bridge ID.

System ID = VLAN

Bridge ID Without the


Extended System ID

Extended Bridge ID
with System ID

SwitchX#configure terminal
SwitchX(config)#spanning-tree vlan 10 root primary

• Enable switch to become root bridge for particular VLAN


© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-7

Spanning-tree operation requires that each switch have a unique bridge ID (BID). In the
original 802.1D standard, the BID was composed of the bridge priority and the MAC address of
the switch, and a CST represented all VLANs. PVST+ requires that a separate instance of
spanning tree that is run for each VLAN and the BID field must carry VLAN ID (VID)
information. This functionality is accomplished by reusing a portion of the priority field as the
extended system ID to carry a VID.
To accommodate the extended system ID, the original 802.1D 16-bit bridge priority field is
split into two fields. The BID includes the following fields:
 Bridge priority: A 4-bit field that is still used to carry bridge priority. The priority is
conveyed in discrete values in increments of 4096 rather than discrete values in increments
of 1, because only the four most significant bits of the 16-bit field are available. In other
words, in binary: priority 0 = [0000|<sys-id-ext #>], priority 4096 = [0001|<sys-id-ext #>],
etc. Increments of 1 would be used if the complete 16-bit field will be available. The
default priority, in accordance with IEEE 802.1D, is 32,768, which is the midrange value.
 Extended system ID: A 12-bit field carrying, in this case, the VID for PVST+
 MAC address: A 6-byte field with the MAC address of a single switch

Because of the MAC address, a BID is always unique. When the priority and extended system
ID are prepended to the switch MAC address, each VLAN on the switch can be represented by
a unique BID.
This is an example of a VLAN 2 default BID: Bridge priority = 32770 (priority 32768+sys-id-
ext 2) + MAC address. If no priority has been configured, every switch will have the same
default priority, and the election of the root for each VLAN is based on the MAC address. This
method is a random means of selecting the ideal root bridge. For this reason, the
recommendation is to assign a lower priority to the switch that should serve as the root bridge.
© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-37
The spanning-tree vlan vlan-ID root primary command enables a switch to become the root
bridge for particular VLAN.

PVRST+
The RSTP (802.1w) standard uses CST, which assumes only one spanning-tree instance for the
entire switched network, regardless of the number of VLANs. PVRST+ defines a spanning-tree
protocol that has one instance of RSTP per VLAN.

MSTP
MSTP, originally defined in IEEE 802.1s and later merged into IEEE 802.1Q-2005, defines a
spanning-tree protocol that has several spanning-tree instances running for the network. But
unlike PVRST+, which has one instance of RSTP per VLAN, MSTP reduces the switch load by
allowing a single instance of spanning tree to run for multiple VLANs.

2-38 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Spanning Tree Operation Example
This topic describes a spanning-tree operations example.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-8

Example: 802.1D Spanning Tree Operation


The following describes the STP port states in the figure:
 The root bridge is switch Z, which has the lowest BID.
 The root port is port 1 on switches X and Y. Port 1 is the lowest-cost path to the root on
both switches.
 The designated ports on switch Z are port 1 and port 2. All ports on the root are designated
ports. Port 2 of switch X is a designated port for the segment between switch X and switch
Y. Because switch X and switch Y have the same path cost to the root bridge, the
designated port is selected to be on switch X. Switch X has a lower BID than switch Y.
 Port 2 on switch Y is the nondesignated port on the segment and is in the blocking state.
All designated and root ports are in the forwarding state.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-39


• Verify spanning tree operation on Switch Z.

SwitchZ#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0000.0CDD.AAB5
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address 0000.0CDD.AAB5
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- ------------------------
Fa0/1 Desg FWD 19 128.2 P2p
Fa0/2 Desg FWD 19 128.1 P2p

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-9

The show spanning-tree command that is used on switch Z is showing that this switch is the
root bridge and includes two designated ports.

• Verify spanning tree operation on Switch X.

SwitchX#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0000.0CDD.AAB5
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address 000A.F34A.8913
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- ------------------------
Fa0/1 Desg FWD 100 128.2 P2p
Fa0/2 Root FWD 19 128.1 P2p

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-10

The show spanning-tree command that is used on switch X is showing the cost of 19 to reach
the root bridge and two ports. One port is a designated port and one port is a root port.

2-40 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Verify spanning tree operation on Switch Y.

SwitchY#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0000.0CDD.AAB5
Cost 19
Port 1(FastEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address 00D0.97D5.416D
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- ------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Altn BLK 100 128.2 P2p

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-11

The show spanning-tree command that is used on switch Y is showing the cost of 19 to reach
the root bridge and two ports. One port is the root port and one port is in the blocking state.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-41


Spanning Tree Path Cost
This topic describes spanning-tree path cost.

• Verify interface costs on Switch Y.

Current IEEE cost


Link Speed
Specification
10 Gb/s 2
1 Gb/s 4
100 Mb/s 19
10 Mb/s 100

SwitchY#show spanning-tree
<output omitted>

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- ------------------------
Fa0/1 Root FWD 19 128.1 P2p
Fa0/2 Altn BLK 100 128.2 P2p

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-12

Example: Spanning Tree Path Cost


Switches use the concept of cost to evaluate how close they are to other bridges. The spanning-
tree path cost is an accumulated total cost that is based on the bandwidth of all the links in the
path. In the figure, some of the path costs specified in the 802.1D specification are shown. The
802.1D specification has been revised; in the older specification, the cost was calculated based
on a bandwidth of 1000 Mb/s. The calculation of the new specification uses a nonlinear scale,
to accommodate higher-speed interfaces.

Note Most Cisco Catalyst switches incorporate the revised cost calculations. A key point to
remember about spanning-tree protocol cost is that lower costs are better.

2-42 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Spanning Tree Recalculation
This topic describes spanning-tree recalculation.

• Switch Z fails.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-13

When there is a topology change because of a bridge or link failure, spanning tree adjusts the
network topology to ensure connectivity by placing blocked ports in the forwarding state.

Example: Spanning Tree Recalculation


In the figure, if switch Z (the root bridge) fails and does not send a BPDU to switch Y within
the max_age time (default is 20 seconds: 10 missed BPDUs), switch Y detects the missing
BPDU from the root bridge. When the max_age timer on switch Y expires before a new BPDU
has been received from switch Z, a spanning-tree recalculation is initiated. Switch Y transitions
its blocking port (port 2) from the blocking state, to the listening state, to the learning state, and
then finally to the forwarding state.
At the end, the switch ports have transitioned to either a forwarding state or a blocking state.
The output in the figure shows that switch X becomes the root bridge and forwards traffic
between the segments.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-43


STP Convergence
This section describes STP convergence.
Convergence in spanning-tree protocol is a state in which all the switch and bridge ports have
transitioned to either the forwarding or the blocking state. Convergence is necessary for normal
network operations. For a switched or bridged network, a key issue is the amount of time that is
required for convergence when the network topology changes.
Fast convergence is a desirable network feature because it reduces the amount of time that
bridge and switch ports are in transitional states and not sending any user traffic. The normal
convergence time is 30 to 50 seconds for 802.1D STP.

2-44 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
RSTP
This topic describes the basic functionality that is provided by RSTP.

• Fast convergence (approximately 5 seconds)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-14

RSTP, specified in the IEEE 802.1w standard, supersedes STP as specified in 802.1D, while
remaining compatible with STP. RSTP can be seen as an evolution of the 802.1D standard,
rather than a revolution. The 802.1D terminology remains primarily the same. Most parameters
have been left unchanged, so users that are familiar with 802.1D can configure the new
protocol comfortably.
RSTP negates the need for the 802.1D delay timers, significantly reducing the time to
reconverge the active topology of the network when changes to the physical topology or its
configuration parameters occur. RSTP defines the additional port roles of alternate and backup,
and it defines port states as discarding, learning, or forwarding. RSTP requires full-duplex
point-to-point connection between adjacent switches to achieve fast convergence.
RSTP selects one switch as the root of a spanning-tree active topology and assigns port roles to
individual ports on the switch, depending on whether the ports are part of the active topology.
RSTP provides rapid connectivity following the failure of a switch, a switch port, or a LAN. An
RSTP topology change causes a transition in the appropriate switch ports to the forwarding
state. The transition is done through an explicit handshake between the ports, and hence the
delay timers as in 802.1D are not necessary. RSTP allows switch port configuration so that the
ports can transition to forwarding directly when the switch reinitializes.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-45


RSTP Port Roles
RSTP defines the port roles as follows:
 Root: A port that is elected for the spanning-tree topology
 Designated: A port that is elected for every switched LAN segment
 Alternate: An alternate path to the root bridge that is different from the path that the root
port takes
 Backup: A backup path that provides a redundant (but less desirable) connection to a
segment which is already connected to another port on the same switch (which is the
Designated port for that segment)
 Disabled: A port that has no role within the operation of spanning tree

Root and designated port roles include the port in the active topology. Alternate and backup
port roles exclude the port from the active topology.

RSTP Port States


The port state controls the forwarding and learning processes and provides the values of
discarding, learning, and forwarding. The table compares STP port states with RSTP port
states.

Operational Status STP Port State RSTP Port State Port Included in
Active Topology

Enabled Blocking Discarding No

Enabled Listening Discarding No

Enabled Learning Learning Yes

Enabled Forwarding Forwarding Yes

Disabled Disabled Discarding No

In a stable topology, RSTP ensures that every root port and designated port transitions to
forwarding, while all alternate ports and backup ports are always in the discarding state.

2-46 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
PVRST+ Configuration Guidelines
This topic describes PVRST+ configuration guidelines.

1. Enable PVRST+.
2. Designate and configure a switch to be the root bridge (optional).
3. Designate and configure a switch to be the secondary root bridge
(optional).
4. Verify the configuration.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-15

To implement PVRST+, perform these steps:


Step 1 Enable PVRST+.
Step 2 Designate and configure a switch to be the root bridge (optional).
Step 3 Designate and configure a switch to be the secondary (backup) root bridge
(optional).
Step 4 Verify the configuration.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-47


Implementing PVRST+
This topic explains PVRST+ configurations and verifications.

• Configure PVRST+.
SwitchX#configure terminal
SwitchX(config)#spanning-tree mode rapid-pvst

• Verify the spanning-tree configuration for VLAN 2.


SwitchX#show spanning-tree vlan 2

• Display PVRST+ debug messages.


SwitchX#debug spanning-tree pvst+

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-16

The spanning-tree mode command is used to set the spanning-tree mode. The switch supports
PVST+, rapid PVST+, and MSTP, but only one version can be active at any time: all VLANs
run PVST+, all VLANs run rapid PVST+, or all VLANs run MSTP. When you enable the MST
mode, RSTP is also automatically enabled.

SW1(config)#spanning-tree mode ?
mst Multiple spanning tree mode (MSTP) mode
based on 802.1s
pvst Per-Vlan spanning tree plus (PVST+) mode
based on 802.1D
rapid-pvst Per-Vlan rapid spanning tree mode (PVRST+)

The default mode on the ME3400 is rapid-pvst.

Note On the Cisco ME3400 switch, STP is only supported on the network node interfaces (NNIs).
It is not supported on user network interfaces (UNIs).

The spanning tree mode rapid-pvst command is used to configure PVRST+ on Cisco
Catalyst switches. The show spanning-tree vlan 2 command is used to verify the spanning-
tree configuration for VLAN 2. The debug spanning-tree pvst+ command is used to display
PVRST+ event debug messages.

Note Use all debug commands with caution. When verification is complete, use the no debug all
or undebug all command to disable debugging.

2-48 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Verify spanning-tree configuration for VLAN 2.
SwitchX#show spanning-tree vlan 2
VLAN0002
The spanning-tree mode
Spanning tree enabled protocol rstp
Root ID Priority 24578 is set to “rapid-pvst”
Address 00E0.A308.5D6A
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24578 (priority 24576 sys-id-ext 2)


Address 00E0.A308.5D6A
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Gi1/2 Desg FWD 4 128.26 P2p
Gi1/1 Desg FWD 4 128.25 P2p
Fa0/2 Desg FWD 19 128.2 P2p

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-17

The show spanning-tree vlan 2 command is used to verify the spanning-tree configuration for
VLAN 2. In the command output on the figure, the statement “Spanning tree-enabled protocol
rstp” indicates that switch X is running PVRST+, the Cisco RSTP implementation.
Switch B is the root bridge for VLAN 2. Its priority of 24578 is derived from the sum of the
assigned priority of 24576 and VLAN 2. The MAC address of switch X, which is
00E0.A308.5D6A, is appended to the priority, 24578, to make up the bridge ID.
As the root bridge for VLAN 2, all the interfaces of switch X are designated ports in the
forwarding state (FWD).

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-49


MSTP
This topic describes Multiple Spanning Tree Protocol (MSTP).

• In some scenarios, many VLANs are spanning several switches.


• With six VLANS configured in this example, PVRST+ will require six
instances.
• Grouping instances simplifies the tree structure.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-18

The main purpose of MSTP (also referred to as MST) is to reduce the total number of
spanning-tree instances to match the physical topology of the network and thus reduce the CPU
loading of a switch. The instances of spanning tree can be reduced to the number of links (that
is, active paths) that are available.
If the example in the figure were implemented via PVST+, there could be up to six instances of
spanning tree, each with its own bridge protocol data unit (BPDU) conversations, root bridge
election, and path selections.
Imagine another example (not shown in the figure) with hundreds of VLANs configured, where
the goal would be to achieve load distribution with VLANs 1 through 500 using one path and
VLANs 501 through 1000 using the other path. Instead of creating 1000 PVST+ instances, you
can use MSTP with only two instances of spanning tree. The two ranges of VLANs are mapped
to two MSTP instances, respectively. Rather than maintaining 1000 spanning trees, each switch
needs to maintain only two instances.
Implemented in this fashion, MSTP converges faster than PVST+ and is backward-compatible
with 802.1D STP, 802.1w Rapid Spanning Tree Protocol (RSTP), and the Cisco PVST+
architecture. Implementation of MSTP is not required if the Cisco Enterprise Campus
Architecture is being employed, because the number of active VLAN instances, and hence the
STP instances, would be small and very stable due to the design.
MSTP allows you to build multiple spanning trees over trunks by grouping VLANs and
associating them with spanning-tree instances. Each instance can have a topology independent
of other spanning-tree instances. This architecture provides multiple active forwarding paths for
data traffic, and enables load balancing.

2-50 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Network fault tolerance is improved over Common Spanning Tree (CST) because a failure in
one instance (forwarding path) does not necessarily affect other instances. This VLAN-to-
MSTP grouping must be consistent across all bridges within an MST region. Interconnected
bridges that have the same MSTP configuration are referred to as a Multiple Spanning Tree
(MST) region.
In large networks, you can more easily administer the network and use redundant paths by
locating different VLAN and spanning-tree assignments in different parts of the network. A
spanning-tree instance can exist only on bridges that have compatible VLAN instance
assignments.
You must configure a set of bridges with the same MSTP configuration information, which
allows them to participate in a specific set of spanning-tree instances. Bridges with different
MSTP configurations or legacy bridges running 802.1D are considered separate MST regions.
The MSTP implementation in Cisco IOS Release 12.2(25)SEC is based on the IEEE 802.1s
standard. The MSTP implementations in earlier Cisco IOS releases are prestandard.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-51


MST Regions
This topic describes MST regions.

MST configuration on each switch:


• Name
• Revision number
• VLAN association table

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-19

MSTP differs from the other spanning-tree implementations in that it combines some, but not
necessarily all, VLANs into logical spanning-tree instances. This difference raises the problem
of determining which VLAN is to be associated with which instance. More precisely, this
means tagging BPDUs so that receiving devices can identify the instances and the VLANs to
which they apply.
The issue is irrelevant in the case of the 802.1D standard, in which all instances are mapped to
a unique and common instance CST. In the PVST+ implementation, different VLANs carry the
BPDUs for their respective instances (one BPDU per VLAN), based on the VLAN tagging
information.
To provide this logical assignment of VLANs to spanning trees, each switch that is running
MSTP in the network has a single MSTP configuration, consisting of three attributes:
 An alphanumeric configuration name (32 bytes)
 A configuration revision number (two bytes)
 A 4096-element table that associates each of the potential 4096 VLANs that are supported
on the switch with a given instance
To be part of a common MST region, a group of switches must share the same MSTP
configuration attributes. It is the responsibility of the network administrator to propagate the
configuration properly throughout the region.

Note If two switches differ on one or more configuration attributes, they are part of different MST
regions.

2-52 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
To ensure a consistent VLAN-to-instance mapping, it is necessary for the protocol to be able to
identify the boundaries of the regions exactly. For that purpose, the characteristics of the region
are included in BPDUs. The exact VLAN-to-instance mapping is not propagated in the BPDU,
because the switches need to know only whether they are in the same region as a neighbor.
Therefore, only a digest of the VLAN-to-instance mapping table is sent, along with the revision
number and the name. After a switch receives a BPDU, it extracts the digest (a numerical value
derived from the VLAN-to-instance mapping table through a mathematical function) and
compares it with its own computed digest. If the digests differ, the mapping must be different,
so the port on which the BPDU was received is at the boundary of a region.
In generic terms, a port is at the boundary of a region if the designated bridge on its segment is
in a different region or if it receives legacy 802.1D BPDUs.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-53


Implementing MST
This topic explains MST configurations and verifications.

• There are two MST instances.


• Each instance has a set of VLANs.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-20

In the preceding figure, six VLANs need to be implemented. Spanning tree must be configured
across three switches. The upper two switches are distribution switches. Either of them would
be a possible candidate to perform the root bridge role.
A possible solution is to use MSTP with two instances, each instance grouping half the needed
VLANs. One switch would be the root for the first instance; the other switch would be the root
for the second instance.
In the figure, odd VLANs are assigned to the first instance and even VLANs are assigned to the
second instance. This repartition is given as an example. Any other repartition would be
possible.

2-54 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Configuration for the top left switch
• Root for instance 1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-21

Given the following steps, all switches would be configured to be in the MSTP spanning-tree
mode, and only the distribution switches would have their priority changed. The switch on the
left is to be the root bridge for VLANs 11, 21, and 31 (instance 1).

Step Description Notes and Comments

1. Enter the MSTP configuration submode. You can use the no keyword to clear the MSTP
Switch(config)# spanning-tree configuration.
mst configuration
2. Display the current MSTP configuration.
Switch(config-mst)#show current
3. Switch(config-mst)#name name Specify the configuration name. The name
string has a maximum length of 32 characters
and is case-sensitive.

4. Set the MSTP configuration revision number. The revision number can be any unassigned
Switch(config-mst)#revision 16-bit integer. It is not incremented
revision_number automatically when you commit a new MSTP
configuration.

5. Map the VLANs to an MSTP instance. If you do not specify the vlan keyword, you can
Switch(config-mst)#instance use the no keyword to unmap all the VLANs
instance_number vlan vlan_range that were mapped to an MSTP instance. If you
specify the vlan keyword, you can use the no
keyword to unmap a specified VLAN from an
MSTP instance.

6. Display the new MSTP configuration to be


applied.
Switch(config-mst)#show pending
7. Apply the configuration and exit MSTP
configuration submode.
Switch(config-mst)#end

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-55


Step Description Notes and Comments

8. Assign root bridge for MSTP instance. From global configuration mode, this syntax
Switch(config-mst)# spanning-tree mst makes the switch root primary or secondary
instance_number root primary|secondary (active only if primary fails). It sets primary
priority to 24576 and secondary to 28672.

9. Switch(config)# spanning-tree extend system- This command enables the extended system ID
id feature.

10. Switch(config-if)# spanning-tree mst pre- This command is required if the neighboring
standard switch is using a prestandard version of MSTP.
The MST implementation in Cisco IOS Release 12.2(25)SEC is based on the IEEE 802.1s
standard. The MST implementations in earlier Cisco IOS releases are prestandard.

• Configuration for the top right switch


• Root for instance 2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-22

The same logic applies to the other distribution switch. The switch on the right is to be the root
bridge for VLANs 2, 22, and 32 (instance 2). When configuring MSTP, the same instances are
created as on the previous figure. The main difference is that this switch is set to be the root
bridge for the second instance.
The same configuration logic would be applied to the switch at the bottom of the figure. Two
instances would be created, grouping VLANs 11, 21, and 31 in the first instance, and VLANs
12, 22, and 32 in the second instance. Because this third switch is not expected to be the root
for any instance, the default priorities would be kept and the spanning-tree mst root primary
command is not required.

2-56 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Verification of MST setup

switch# show spanning-tree mst configuration


Name [XYZ]
Revision 1 Instances configured 2

Instance Vlans mapped


-------- --------------------------------------------------------
0 1-10,13-20,23-30,34-4094
1 11,21,31
2 12,22,32
------------------------------------------------------------------

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-23

Use the show spanning-tree mst command to display multiple spanning-tree region
configuration and status.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-57


PortFast
This topic describes the spanning-tree PortFast feature.

• Skips regular STP port states transitions


• Puts port directly into forwarding state
• Useful for end nodes

SwitchX#configure terminal
SwitchX(config)#interface fa0/1
SwitchX(config-if)#spanning-tree portfast

Configure PortFast on an interface FastEthernet0/1.


OR

SwitchX#configure terminal
SwitchX(config)#spanning-tree portfast default
Enable PortFast on all non-trunking interfaces.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-24

PortFast skips regular STP port states transitions, puts port directly into forwarding state, and is
useful for end nodes.
PortFast has two modes of operation. One is global; the other one is per-port configuration.
Global configuration will cause access ports to start forwarding traffic immediately, unless
BPDU is received on the port. If BPDU is received, the port loses PortFast status and reverts to
normal operation, i.e. passing through all the STP states. On the other hand, enabling the
PortFast feature on the port itself is unconditional. Regardless of any BPDU being received, the
port will remain in PortFast state.
Use the spanning-tree portfast interface configuration command to enable the PortFast feature
on the interface.
Use the spanning-tree portfast default global configuration command to globally enable the
PortFast feature on all nontrunking interfaces.
On the ME3400, you can enable the spanning-tree PortFast feature only on NNI ports or on
enhanced network interface (ENI) ports on which STP has been enabled. You can enable this
feature when the switch is operating in the per VLAN spanning-tree plus (PVST+), the rapid
PVST+, or the multiple spanning-tree (MST) mode.

2-58 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
BPDU Guard
This topic describes the spanning-tree BPDU guard feature.

• Shuts down a port if BPDU is received


• Useful for end nodes in combination with PortFast
• Prevents connection of an STP-enabled switch
• Prevents loops with switches unaware of STP

SwitchX#configure terminal
SwitchX(config)#interface fa0/1
SwitchX(config-if)#spanning-tree bpduguard enable

Configure BPDU guard on an interface FastEthernet0/1.


OR

SwitchX#configure terminal
SwitchX(config)#spanning-tree portfast bpduguard default
Enable BPDU guard on all PortFast interfaces.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-25

The STP PortFast BPDU guard enhancement allows network designers to enforce the STP
domain borders and keep the active topology predictable. The devices behind the ports that
have STP PortFast enabled cannot influence the STP topology. At the reception of BPDUs, the
BPDU guard operation disables the port. BPDU guard transitions the port into the error-
disabled state, and a message appears on the console. To return the port to the operational
mode, you can shut down the port in err-disabled state and then no shut it, or you can use the
errdisable recovery cause bpduguard command. This message is an example:
2010 May 12 15:13:32 %SPANTREE-2-RX_PORTFAST:Received BPDU on PortFast
enable port.Disabling 2/1
The BPDU guard feature provides a secure response to invalid configurations because you must
manually put the STP port back into service. Use the BPDU guard feature in a service-provider
network to prevent an interface from being included in the spanning-tree topology.

Applying BPDU Guard Globally vs. per Port


At the global level, you can enable BPDU guard on PortFast-enabled ports by using the
spanning-tree portfast bpduguard default global configuration command. In a valid
configuration, PortFast-enabled ports do not receive BPDUs. Receiving a BPDU on a PortFast-
enabled port signals an invalid configuration, such as the connection of an unauthorized device,
and the BPDU guard feature puts the port into the error-disabled state.
At the interface level, you can enable BPDU guard on any port by using the spanning-tree
bpduguard enable interface configuration command, without also enabling the PortFast
feature. When the port receives a BPDU, it is put into the error-disabled state.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-59


Configuring BPDU Guard
To enable BPDU guard globally on the switch ports that are enabled with PortFast, use this
global configuration command:
Switch(config)# spanning-tree portfast bpduguard default

To enable PortFast BPDU guard on a specific switch port, enter this interface configuration
command:
Switch(config-if)# spanning-tree bpduguard enable
On the ME3400, you can configure BPDU guard only on NNIs or on ENIs on which STP has
been enabled.

2-60 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
BPDU Filter
This topic describes the spanning-tree BPDU filtering feature.

• Disables spanning tree protocol on a port


• No BPDUs are sent, none are processed
• Global configuration is slightly different

SwitchX#configure terminal
SwitchX(config)#interface fa0/1
SwitchX(config-if)#spanning-tree bpdufilter enable

Configure BPDU filter on an interface FastEthernet0/1.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-26

BPDU filter, configured on the interface, is used to prevent the interface from sending and
receiving BPDUs. An explicit configuration of BPDU filter on an interface that is not
connected to a host station could result in bridging loops. The interface does not send any
BPDUs, and changes to the forwarding state immediately. BPDU filter, configured directly on
an interface, is unconditional. It will always be active and no BPDU frames will be sent.
Switches with globally enabled BPDU filter will send a couple of BPDU frames when they
become active. Globally configuring BPDU filter is conditional; it will revert the port out of the
PortFast configuration if BPDU is received.

Configuring BPDU Filter


To enable PortFast BPDU filter globally on the switch ports that are enabled with PortFast,
enter this command:
Switch(config)# spanning-tree portfast bpdufilter default
To enable PortFast BPDU filter on a specific switch port, enter this command:
Switch(config-if)# spanning-tree bpdufilter enable
On the ME3400, you can configure BPDU filter only on NNIs or on ENIs on which STP has
been enabled.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-61


REP
This topic describes the Resilient Ethernet Protocol (REP).

REP is designed to address the following:


• Fast reconvergence for simple ring networks (<200 ms)
• No Spanning Tree (STP)
• VLAN load balancing
• Manual configuration for predictable failover behavior
• Support on existing hardware platforms

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-27

REP is a new technology implemented on Cisco Carrier Ethernet switches and intelligent
service edge routers. This software enhancement for Cisco Carrier Ethernet platforms extends
network resiliency across Cisco IP Next-Generation Network (NGN) Carrier Ethernet Design.
Requiring no hardware upgrades, REP is designed to provide network and application
convergence within 50 ms. In some scenarios, the network convergence times may increase to
within 250 ms, but a 250-ms convergence time is still expected to have limited or no
discernable effect on most network applications.
REP is a segment protocol that integrates easily into existing Carrier Ethernet networks. It does
not intend to replace the Spanning Tree Protocol, but allows network architects to limit the
scope of Spanning Tree Protocol domains. Since Cisco REP can also notify the Spanning Tree
Protocol about potential topology changes, it allows for interoperability with Spanning Tree.
Ideally, REP can be positioned as a migration strategy from legacy spanning-tree domains.
Cisco REP is easy to configure and manage, using tools such as topology-archiving to simplify
network management. Its preemption mechanism also makes the network more predictable.
Because REP is a distributed and secure protocol, it does not rely on a master node controlling
the status of the ring. Hence, failures can be detected locally either through loss of signal (LOS)
or loss of neighbor adjacency. Any REP port can initiate a switchover if it has acquired the
secure key to unblock the alternate port. By default, REP elects an alternate port unless the
administrator defines a preferred port. For optimal bandwidth usage and for traffic engineering,
REP supports load balancing per group of VLANs.

2-62 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Ports are explicitly configured to be part of a segment.
• When all links in the segment are operational, a blocked port is
determined so that there is no connectivity between the edges A and B
through the segment.

A B

• If a failure occurs within the segment, the blocked port goes forwarding.

A B

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-28

Cisco REP is a segment protocol; a REP segment is a chain of ports connected to each other
and configured with the same segment ID. Each end of a segment terminates on an edge switch.
The port where the segment terminates is called the edge port. The figure illustrates a REP
segment with two edges, A and B. This basic element makes REP extremely flexible in the way
you can plug this topology entity into existing topologies, which can include ring, dual home,
and hub-and-spoke designs, to name a few.
With REP, at least one port, the alternate port, is always blocked in any given segment. The
blocked port helps ensure that the traffic within the segment is loop-free by requiring traffic
flow to exit only one of the edge ports, and not both. So when a failure occurs in the segment,
REP opens the alternate port so traffic can reach the edge of the segment.
Cisco REP relies primarily on LOS to detect a link failure, and can always learn the location of
the failure within the ring. When a failure occurs, the failed ports immediately send link-failure
notifications to all REP peers. The failure notification has two purposes:
 Instruct the alternate port to immediately unblock, because the segment is broken.
 Flush MAC entries on all REP ports within the segment.
A REP node maintains neighbor adjacencies and continuously exchanges hello packets with its
neighbors. In scenarios where LOS is not detected, the loss of a REP adjacency also triggers a
switchover. Neighbor adjacency awareness is unique to REP, and has advantages over alternate
polling mechanisms that require centralized management from a master node. Note that the
Unidirectional Link Detection protocol (UDLD) can be enabled on REP interfaces to detect
unidirectional failures.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-63


REP Redundancy Options
This topic describes the REP redundancy options.

• The segment provides redundancy to the hosts within its boundaries; they can
reach the rest of the network through either A or B.
• The segment will not unblock to cover a failure outside of its boundaries.
Host
Bridged Bridged Redundancy
domain domain

A B A B
x x

• When it is wrapped into a ring, a REP segment can also provide redundant
connectivity between any two switches.
• A combination of rings and segments allows the creation of almost any kind of
network. Link
Redundancy

A B A B
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-29

There are two aspects of redundancy with REP.


The first is gateway redundancy. Each segment has two exit points, one through edge switch A,
the second one through edge switch B. In case of connectivity loss, the blocked link is
unblocked to allow traffic to flow out of the segment. REP will not consider any loss of link
outside of its segment as a reason for unblocking.
In the second case, a REP segment is wrapped into a ring. Such a ring always has two paths
from one point to another. One link must be blocked to break a loop. In case of a failure
however, REP will unblock the link to permit traffic to flow over an alternate path.

2-64 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Configuring REP
This topic explains how to configure REP.

• A port must be NNI type.


• A port must be in trunk mode.
• EtherChannel interfaces are supported.
• Not supported in combination with these:
- STP
- Flex Link

SwitchY#conf t
SwitchY(config)#interface fa0/1
SwitchY(config-if)#port-type nni
SwitchY(config-if)#switchport mode trunk
SwitchY(config-if)#rep segment 1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-30

REP is configured simply by configuring a segment number on an interface using the rep
segment number command.
There are a few requirements however, that the ports must meet:
 If you are using Metro Ethernet switches, port mode must be NNI.
 Port must be in trunk mode.
 Port must not be running STP.
 Port must not be in a Flex link.
Additionally, port may be a part of an EtherChannel group.

Note This course does not cover all the REP configuration options. Please refer to the Metro
Ethernet switch Configuration Guides on www.cisco.com for more information on REP.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-65


Summary
This topic summarizes the key points that were discussed in this lesson.

• Spanning tree protocol is used in the access network of the Cisco IP


NGN.
• Cisco Catalyst switches support three types of spanning-tree protocols.
• PVSTP+ implements one STP instance for each VLAN.
• In PVSTP+, the VLAN ID is carried inside the extended bridge ID.
• In STP, all designated and root ports are in the forwarding state.
• Switches use the concept of cost to evaluate how close they are to other
switches.
• When there is a topology change, STP adjusts the network topology.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-31

• To configure PVRST+, you have to enable PVRST+ mode and optionally


designate a switch to be the primary or secondary bridge.
• The spanning-tree mode command is used to set the spanning-tree
mode.
• MST can be used in an environment with many VLANs in order to
reduce calculations.
• To be part of a common MST region, a group of switches must share the
same MSTP configuration attributes.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-32

2-66 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• To configure MSTP, you have to enable MSTP, configure MSTP
parameters, and map VLANs to MSTP instances.
• PortFast skips regular STP ports transitions and puts port directly into
forwarding state.
• BPDU guard shuts down a port if BPDU is received.
• BPDU filter disables STP on a port.
• REP can be used in a simple environment as an alternative to STP.
• In REP, in case of connectivity loss, the blocked link is unblocked to
allow traffic to flow out of the segment.
• To enable REP, you have to configure a segment number on an
interface.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-33

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-67


2-68 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 3

Routing Between VLANs


Overview
Routing is the process of determining where to send data packets that are destined for addresses
outside of the local network. Routers gather and maintain routing information to enable the
transmission and receipt of data packets. For traffic to cross from one VLAN to another, a
Layer 3 process is necessary.
This lesson describes the basics of inter-VLAN routing operations, including subinterfaces and
router on a stick.

Objectives
Upon completing this lesson, you will be able to describe the purpose of subinterfaces for inter-
VLAN routing, and configure inter-VLAN routing using 802.1Q and an external router. You
will be able to meet this objective:
 Show the Cisco IP NGN access network layer within the IP NGN architecture
 Describe inter-VLAN routing
 Explain router-on-a-stick inter-VLAN routing configuration
 Explain Layer 3 switching inter-VLAN routing configuration
Cisco IP NGN Access Network
This topic shows the Cisco IP NGN access network layer within the IP NGN architecture.

• Inter-VLAN routing is placed in the Access.

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-3

2-70 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Inter-VLAN Routing Overview
This topic describes inter-VLAN routing.

• VLAN creates a separate switching segment.


• Traffic cannot be switched between VLANs.
• VLANs often have different IP subnets.
• Routing is necessary to forward traffic between VLANs.

192.168.3.0/24 192.168.4.0/24
VLAN 3 VLAN 4

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-4

Each VLAN is a unique broadcast domain. Computers on separate VLANs are, by default, not
able to communicate. The way to permit these end stations to communicate is to use a solution
called inter-VLAN routing. Inter-VLAN communication occurs between broadcast domains via
a Layer 3 device.
VLANs perform network partitioning and traffic separation at Layer 2 and are usually
associated with unique IP subnets on the network. This subnet configuration facilitates the
routing process in a multi-VLAN environment. Inter-VLAN communication cannot occur
without a Layer 3 device. When using a router to facilitate inter-VLAN routing, the router
interfaces can be connected to separate VLANs.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-71


• Inter-VLAN routing is routing between several directly connected
interfaces.
• No explicit routing configuration is necessary.
• A Layer 3 device is necessary:
- Router
- Layer 3 switch

192.168.3.0/24 192.168.4.0/24
VLAN 3 VLAN 4

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-5

Inter-VLAN routing is routing between several (at least two) directly connected interfaces.
Because these segments are directly connected and local, it is not necessary to set up any
special routing options. The Layer 3 device will have all required information in the routing
table and will be able to perform routing decisions.
A Layer 3 device that does the routing can be a router or a Layer 3 switch. If it is a router it
needs to be attached via a cable. A Layer 3 switch can route traffic locally, or it can function
just like a router.

2-72 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Configuring a Router for Inter-VLAN Routing
This topic explains router-on-a-stick inter-VLAN routing configuration.

• A router can be used when these are true:


- The switch is not Layer 3 capable.
- Centralized routing from several switches is needed.
• It is called “router on a stick.”
• All VLANs must pass to the router.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-6

The figure shows a router that is attached to a core switch. The configuration between a router
and a core switch is sometimes referred to as a “router-on-a-stick.” The router interface is
configured to operate as a trunk link and is connected to a switch port that is configured in
trunk mode.
The router performs the inter-VLAN routing by accepting VLAN-tagged traffic on the trunk
interface coming from the adjacent switch, and internally routing between the VLANs using
subinterfaces. To perform inter-VLAN routing functions, the router must know how to reach all
the VLANs being interconnected. There must be a separate logical connection on the router for
each VLAN, and VLAN trunking (such as IEEE 802.1Q) must be enabled on those
connections. The router already knows about directly connected networks. The router then
forwards the routed traffic-VLAN, which is tagged for the destination VLAN- out the same
physical interface.
Subinterfaces are multiple virtual interfaces that are associated with one physical interface.
These subinterfaces are configured in software on a router; these subinterfaces are then
independently configured with their own IP addresses and a VLAN assignment to operate on a
specific VLAN. Subinterfaces are configured for different subnets, corresponding to their
VLAN assignment, to facilitate logical routing before the data frames are VLAN-tagged and
sent back out the physical interface.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-73


• Simplest solution: run one physical cable for each VLAN
• High performance
• Many wires and ports used up
• Good solution for small number of high-traffic VLANs

fa0/0

fa0/1
VLAN 10 VLAN 20 Router

10.1.1.2 10.2.2.2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-7

The simplest solution when implementing inter-VLAN routing with a router would be to use a
separate physical connection for each VLAN. Such a solution has only one advantage: higher
performance capacity, because each VLAN receives the capacity of the entire physical
interface.
This approach will, however, consume a significant amount of ports and is not at all scalable. It
is rarely used, except in specific cases with a very small number of VLANs.

2-74 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• When many VLANs are present, it is better to configure VLAN tagging.
• All traffic goes over one physical interface (lower throughput).
• Subinterfaces must be configured.

fa0/0

Trunk
VLAN 10 VLAN 20 Router on
a Stick

10.1.1.2 10.2.2.2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-8

To support 802.1Q trunking, you must subdivide the physical Fast Ethernet interface of the
router into multiple, logical, addressable interfaces, one per VLAN. The resulting logical
interfaces are called subinterfaces.
This approach is much more scalable, but all VLANs will share the data capacity of the
physical link.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-75


Configuration of interfaces:
Gi 0/24 Gi 0/0/0/1
Gi 0/23 Gi 0/0/0/0

2001:db8:100:3::/64 2001:db8:100:4::/64
VLAN 3 VLAN 4

interface GigabitEthernet 0/23 interface GigabitEthernet 0/0/0/0


switchport mode access ipv6 address 2001:db8:100:3::1/64
switchport access vlan 3 interface GigabitEthernet 0/0/0/1
interface GigabitEthernet 0/24 ipv6 address 2001:db8:100:4::1/64
switchport mode access
switchport access vlan 4

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-9

In the figure, two physical interfaces, GigabitEthernet0/0/0/0 and GigabitEthernet0/0/0/1, are


configured, each for one VLAN.
On the switch, each VLAN also uses one physical port.
Configuration is simple but the design is not scalable, especially if the router has few physical
interfaces.

2-76 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Configuration of subinterfaces:

Gi 0/24 Gi 0/0/0/0

2001:db8:100:3::/64 2001:db8:100:4::/64
VLAN 3 VLAN 4

interface GigabitEthernet 0/24 interface GigabitEthernet 0/0/0/0.3


switchport mode trunk dot1q vlan 3
ipv6 address 2001:db8:100:3::1/64
interface GigabitEthernet 0/0/0/0.4
dot1q vlan 4
ipv6 address 2001:db8:100:4::1/64

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-10

In the figure, the GigabitEthernet0/0/0/0 interface is divided into multiple subinterfaces:


GigabitEthernet0/0/0/0.3 and GigabitEthernet0/0/0/0.4. Each subinterface represents the router
in each of the VLANs for which it routes.
In the example, the command encapsulation dot1q 3, enables 802.1Q encapsulation trunking
on the subinterface GigabitEthernet0/0/0/0.3 and the value ‘3’ represents the VLAN number
(the VLAN identifier), thus associating 802.1Q tagged traffic from that VLAN with the
subinterface.
Each IEEE 802.1Q tagged VLAN on the trunk link requires a subinterface with 802.1Q
encapsulation trunking enabled in this manner. The subinterface number does not have to be the
same as the dot1q VLAN number. However, management and troubleshooting are easier when
the two numbers are the same.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-77


Verification
RP/0/RSP0/CPU0:CRS# show route ipv6
Wed Jul 27 12:26:49.905 UTC

Codes: C - connected, S - static, R - RIP, B - BGP


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, (!) - FRR Backup path

Gateway of last resort is not set

C 2001:db8:100:3::/64 is directly connected,


00:00:06, GigabitEthernet0/0/0/0
L 2001:db8:100:3::1/128 is directly connected,
00:00:06, GigabitEthernet0/0/0/0
C 2001:db8:100:4::/64 is directly connected,
00:00:06, GigabitEthernet0/0/0/1
L 2001:db8:100:4::1/128 is directly connected,
00:00:06, GigabitEthernet0/0/0/1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-11

The show route ipv6 command displays the current state of the routing table. The sample
output shows two subinterfaces. The GigabitEthernet0/0/0/0.3 and GigabitEthernet0/0/0/0.4
VLAN subinterfaces are directly connected on the router.

2-78 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Configuring a Layer 3 Switch for Inter-VLAN
Routing
This topic explains Layer 3 switching inter-VLAN routing configuration.

• The Layer 3 switch has


routing capability.
• It eliminates the need for
an external device.
• Routing is done locally
between switch virtual
interfaces.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-12

Some switches can perform Layer 3 functions, replacing the need for dedicated routers to
perform basic routing on a network. Multilayer switches (MLS) are capable of performing
inter-VLAN routing.
Traditionally, a switch makes forwarding decisions by looking at the Layer 2 header, whereas a
router makes forwarding decisions by looking at the Layer 3 header. A multilayer switch
combines the functionality of a switch and a router into one device. It switches traffic when the
source and destination are in the same VLAN, and routes traffic when the source and
destination are in different VLANs (that is, on different IP subnets).
To enable a multilayer switch to perform routing functions, VLAN interfaces on the switch
need to be properly configured. You must use the appropriate IP addresses that match the
subnet that the VLAN is associated with on the network. The MLS must also have IP routing
enabled. Multilayer switching is beyond the scope of this course.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-79


• Switches have switch virtual interfaces.
• One interface can be created per VLAN.
• Configured as interface vlan VLAN number
• Creating a VLAN does not create a SVI, and vice versa.
• SVI is down if there is no port in a corresponding VLAN in the up state.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-13

Switches have switch virtual interfaces (SVIs). These interfaces can be created, one for each
VLAN. An unconfigured switch will have only one SVI – vlan 1, for management purposes.
The interface number signifies which VLAN the SVI is associated with. There can be only one
SVI per VLAN and only one VLAN per SVI.
Creating a VLAN is not directly dependent on creating the SVI, or vice versa. If you create a
SVI without creating the corresponding VLAN, that SVI will be in a "down" state and useless.
VLAN without a SVI will work normally.
For the SVI status to go in the "up" state, one of the following conditions must be satisfied:
 A port in a corresponding VLAN must be in a connected state ("up/up").
 A trunk port with the corresponding VLAN allowed and forwarded must be in a connected
state ("up/up").

2-80 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Configuration of a Layer 3 switch:

192.168.3.0/24 192.168.4.0/24
VLAN 3 VLAN 4

vlan 3,4
interface GigabitEthernet 0/3
switchport access vlan 3
interface GigabitEthernet 0/4
switchport access vlan 4
interface vlan 3
ip address 192.168.3.1 255.255.255.0
interface vlan 4
ip address 192.168.4.1 255.255.255.0

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-14

In the figure, two VLANs are created—3 and 4. Two access ports are configured for two
VLANs —3 and 4. Two SVIs are created—3 and 4. Each has an IP address.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-81


Verification
Switch# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

C 192.168.3.0/24 is directly connected, Vlan3


C 192.168.4.0/24 is directly connected, Vlan4
S* 0.0.0.0/0 [1/0] via 192.168.0.1

Switch# show interfaces status


Port Name Status Vlan Duplex Speed Type
Gi0/3 connected 3 full 1000 1000BaseSX
Gi0/4 connected 4 full 1000 1000BaseSX

Switch# show ip interface brief


Interface IP-Address OK? Method Status Protocol
Vlan3 192.168.3.1 YES NVRAM up up
Vlan4 192.168.4.1 YES NVRAM up up
GigabitEthernet0/3 unassigned YES NVRAM up up
GigabitEthernet0/4 unassigned YES NVRAM up up

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-15

The show ip route command displays the current state of the routing table. The sample output
shows two switch virtual interfaces, the VLAN 3 and VLAN 4, and their corresponding
segments as directly connected on the switch.
The show interfaces status command displays the status of physical interfaces. We see that
gigabitethernet interfaces 0/3 and 0/4 are connected and configured for their respective VLANs.
The show ip interface brief command shows status of all interfaces, both physical and logical.
You can see the status of VLAN interfaces and configured IP addresses on VLAN interfaces. In
the example, you can see status and IP addresses on VLAN3 and VLAN4 interfaces. You can
also see the status of physical interfaces. In the example, you can see the status of the
GigabitEthernet0/3 and GigabitEthernet0/4 interfaces.

2-82 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Summary
This topic summarizes the key points that were discussed in this lesson.

• Inter-VLAN routing is used in the access network of the Cisco IP NGN.


• Inter-VLAN routing is necessary to forward traffic between VLANs.
• If a switch is not Layer 3 capable, a router is needed to route traffic
between VLANs.
• A Layer 3 switch has routing capabilites and supports routing between
VLANs.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-16

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-83


2-84 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 4

First Hop Redundancy


Protocols
Overview
This lesson describes the characteristics of First Hop Redundancy Protocol (FHRP). FHRPs are
used to configure redundancy of a single gateway setting on end nodes.

Objectives
Upon completing this lesson, you will be able to configure Hot Standby Router Protocol
(HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol
(GLBP). You will be able to meet these objectives:
 Show the Cisco IP NGN edge network layer within the IP NGN architecture
 Describe default gateway problems
 Describe the default gateway redundancy solution
 List the supported first hop redundancy protocols
 Describe the Hot Standby Router Protocol (HSRP)
 Explain HSRP configuration
 Describe HSRP load balancing
 Show how to verify HSRP status
 Describe the Virtual Router Redundancy Protocol (VRRP)
 Explain VRRP configuration
 Describe VRRP load balancing
 Show how to verify VRRP status
 Describe the Gateway Load Balancing Protocol (GLBP)
 Explain GLBP configuration
 Describe GLBP load balancing
 Show how to verify GLBP status
Cisco IP NGN Edge Network
This topic shows the Cisco IP NGN edge network layer within the IP NGN architecture.

• First Hop Redundancy Protocols are placed in the Edge.

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-3

The First Hop Redundancy Protocols in this lesson are placed in the Edge.

2-86 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Default Gateway Problems
This topic describes default gateway problems.

• On most devices only one


gateway is configured.
• Failure of gateway results in
loss of network availability.
• Two gateways cannot be
configured on end nodes.
• The problem must be solved
on routers.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-4

Today, most end-host devices will allow you to configure one default gateway to reach all
nodes outside of the local segment. Since a client receives only one default gateway, there is no
way to configure a secondary gateway, even if a second route exists to carry packets off the
local segment.
For example, primary and secondary paths between the building access submodule and the
building distribution submodule provide continuous access in the event of a link failure at the
building access layer. Primary and secondary paths between the building distribution layer and
the building core layer provide continuous operation if a link fails at the building distribution
layer.
In this example, Router A is responsible for routing packets for Subnet A, and Router B is
responsible for routing packets for Subnet B. If Router A becomes unavailable, routing
protocols can quickly and dynamically converge and determine that Router B will now transfer
packets that would otherwise have gone through Router A. Most workstations, servers, and
printers, however, do not receive this dynamic routing information.
End devices are typically configured with a single default gateway IP address that does not
change when network topology changes occur. If the router (that has an IP address that is
configured as the default gateway) fails, the local device will be unable to send packets off the
local network segment, effectively disconnecting it from the rest of the network. Even if there
is a redundant router that could serve as a default gateway for that segment, there is no dynamic
method by which these devices can determine the address of a new default gateway.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-87


Default Gateway Redundancy Solution
This topic describes the default gateway redundancy solution.

• Use multiple physical gateways.


• Use one virtual gateway.
• End node has virtual gateway
configured.
• One of the gateways forwards
the traffic.
• Others are on standby.
active router standby router

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-5

With gateway redundancy, a set of routers works together to present the illusion of a single
virtual router to the hosts on the LAN. By sharing an IP address and a MAC (Layer 2) address,
two or more routers can act as a single “virtual” router.
The IP address of the virtual router will be configured as the default gateway for the
workstations on a specific IP segment. When frames are to be sent from the workstation to the
default gateway, the workstation will use Address Resolution Protocol (ARP) to resolve the
MAC address that is associated with the IP address of the default gateway. The ARP resolution
will return the MAC address of the virtual router. Frames that are sent to the MAC address of
the virtual router can then be physically processed by any active or standby router that is part of
that virtual router group.
A protocol is used to identify two or more routers as the devices that are responsible for
processing frames that are sent to the MAC or IP address of a single virtual router. Host devices
send traffic to the address of the virtual router. The physical router that forwards this traffic is
transparent to the end stations.
The redundancy protocol provides the mechanism for determining which router should take the
active role in forwarding traffic and determining when that role must be taken over by a
standby router. The transition from one forwarding router to another is transparent to the end
devices.

2-88 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• If the forwarder fails, standby takes
over.
• Standby uses the same IP and MAC
addresses.
• End node does not detect the change.

failed router active router

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-6

When the forwarding router or a link fails, this process occurs.


The table describes the steps that take place when a router fails.
Router Redundancy Process

Step Description

1. The standby router stops seeing hello messages from the forwarding router.

2. The standby router assumes the role of the forwarding router.

3. Because the new forwarding router assumes both the IP and MAC addresses of the virtual
router, the end stations see no disruption in service.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-89


Supported First Hop Redundancy Protocols
This topic lists the supported first hop redundancy protocols.

FHRP Protocol Cisco IOS/IOS XE Cisco IOS XR Software


Software
HSRP IPv4, IPv6 (with version 2) IPv4
VRRP IPv4 IPv4, IPv6
GLBP IPv4, IPv6 Not supported

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-7

Not all Cisco platforms support all first hop redundancy protocols with all address families.
The following table presents the current status of support.

FHRP protocol Cisco IOS/IOS XE software Cisco IOS XR software

HSRP IPv4, IPv6 (with version 2) IPv4

VRRP IPv4 IPv4, IPv6

GLBP IPv4, IPv6 Not supported

2-90 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Hot Standby Router Protocol
This topic describes the Hot Standby Router Protocol (HSRP).

• Virtual router has a separate IP address


• Virtual router has a separate MAC address
• Active router handles traffic for virtual router
• Supports priority
• Supports preemption
• Supports object tracking
• Redundancy groups:
- Many virtual IP addresses on the same interface
- Load balancing

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-8

HSRP defines a standby group of routers, with one router as the active one. HSRP provides
gateway redundancy by sharing IP and MAC addresses between redundant gateways. The
protocol consists of virtual MAC and IP addresses that are shared between two routers that
belong to the same HSRP group.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-91


HSRP Terminology

Term Definition

Active router The router that is currently forwarding packets for the virtual router

Standby router The primary backup router

Standby group The set of routers participating in HSRP that jointly emulate a virtual router

An HSRP group comprises these entities:


 One active router
 One standby router
 One virtual router
 Other routers

HSRP active and standby routers send hello messages to multicast address 224.0.0.2. Hello
packets are sent using User Datagram Protocol (UDP) and are sent to UDP port 1985.
 Priority: Enables you to specify which routers you prefer to be the active ones
 Preemption: By default, routers with higher priority will not preempt a lower priority
router if it is already active.
 Object tracking: Allows you to dynamically alter the priority of a router, based on the
status of certain interfaces, routes, or other defined objects

2-92 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
HSRP Configuration
This topic explains HSRP configuration.

standby router active router


IOS XR IOS
interface GigabitEthernet 0/0/0/0 interface Ethernet 0/0
ip address 192.0.2.3 255.255.255.0 ip address 192.0.2.2 255.255.255.0
router hsrp standby 1 ip 192.0.2.1
interface GigabitEthernet 0/0/0/0 standby 1 priority 105
hsrp 1 ipv4 192.0.2.1 standby 1 preempt
hsrp 1 priority 95 standby 1 track Ethernet 0/1
hsrp 1 preempt
hsrp 1 track GigabitEthernet 0/0/0/1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-9

This command enables HSRP on an interface:


on IOS XR:
router hsrp
interface interface
hsrp group-number ipv4 ip-address
on IOS/IOS-XE:
interface interface
standby group-number ip ip-address
The following table describes the variables in the command that are used to configure an HSRP
group on an interface.
After the hsrp ipv4 or standby ip command is issued, the interface changes to the appropriate
state. When the router successfully executes the command, the router issues an HSRP message.
Each standby group has its own active and standby routers. The network administrator can
assign a priority value to each router in a standby group, allowing the administrator to control
the order in which active routers for that group are selected.
To set the priority value of a router, enter this command in interface configuration mode:
hsrp group-number priority priority-value
standby group-number priority priority-value

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-93


The table describes the variables for the commands.
HSRP Standby Priority Configuration Commands

Variable Definition

group-number Indicates the HSRP group. This number can be in the range of 0 to 255.

priority-value Indicates the number that prioritizes a potential hot standby router. The range is
0 to 255; the default is 100.

During the election process, the router with the highest priority in an HSRP group becomes the
active router. In the case of a tie, the router with the highest configured IP address will become
active.
To reinstate the default standby priority value, enter the no hsrp priority or the no standby
priority command.
If the routers do not have preempt configured, then a router that boots up significantly faster
than the others in the standby group will become the active router, regardless of the configured
priority. The former active router can be configured to resume the forwarding router role by
preempting a router with a lower priority.
When you enter the hsrp preempt or the standby preempt command, the interface changes to
the appropriate state.
To remove the interface from preemptive status, enter the no hsrp preempt or the no standby
preempt command.

2-94 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
HSRP Load Balancing
This topic describes HSRP load balancing.

active router active router


IOS XR IOS
interface GigabitEthernet 0/0/0/0 interface Ethernet 0/0
ip address 192.0.2.3 255.255.255.0 ip address 192.0.2.2 255.255.255.0
router hsrp standby 1 ip 192.0.2.1
interface GigabitEthernet 0/0/0/0 standby 1 priority 105
hsrp 1 ipv4 192.0.2.1 standby 1 preempt
hsrp 1 priority 95 standby 2 ip 192.0.2.254
hsrp 1 preempt standby 2 priority 95
hsrp 2 ipv4 192.0.2.254 standby 2 preempt
hsrp 2 priority 105
hsrp 2 preempt

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-10

Routers can simultaneously provide redundant backup and perform load sharing across
different IP subnets and within the same IP subnet.
By configuring two groups, you can have two active routers at the same time within the same
IP domain. If you configure half of your devices with the first router as the default gateway and
the other half with the second router as the default gateway, you will achieve load sharing
across both active routers. If traffic is equally distributed across all nodes, load will be
efficiently balanced between both active routers.
Such setup also provides redundancy; if one of the routers fails, the other will immediately take
over the forwarding of the traffic.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-95


HSRP Verification
This topic shows how to verify HSRP status.

Router# show standby brief


P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/0/1 1 105 P Active local 192.0.2.3 192.0.2.1

IOS

IOS XR

RP/0/RSP0/CPU0:Router# show hsrp


Wed Aug 17 13:51:31.032 UTC
P indicates configured to preempt.
|
Interface Grp Pri P State Active addr Standby addr Group addr
Gi0/0/0/1 1 95 P Standby 192.0.2.2 local 192.0.2.1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-11

The function of the HSRP standby router is to monitor the operational status of the HSRP
group and to quickly assume packet-forwarding responsibility if the active router becomes
inoperable. Both the active and standby routers transmit hello messages to inform all other
routers in the group of their role and status. The routers use multicast address 224.0.0.2 UDP
port 1985 for these HSRPv1 messages.
An HSRP group may contain other routers that are group members but are not in an active or
standby state. These routers monitor the hello messages that are sent by the active and standby
routers to ensure that an active and standby router exists for the HSRP group of which they are
members. These routers do forward packets that are addressed to their own specific IP
addresses, but they do not forward packets that are addressed to the virtual router. These routers
issue speak messages at every hello interval time.

2-96 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Virtual Router Redundancy Protocol
This topic describes the Virtual Router Redundancy Protocol (VRRP).

• Virtual router has:


- IP address
- MAC address
• Virtual IP can be shared with one physical router
• Active router handles traffic for virtual router
• Supports priority
• Preemption is default
• Supports object tracking
• Redundancy groups:
- many virtual IP addresses on the same interface
- load balancing

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-12

Like HSRP, VRRP allows a group of routers to form a single virtual router. In an HSRP or
VRRP group, one router is elected to manage all requests that are sent to the virtual IP address.
With HSRP, this is the active router. An HSRP group has one active router, one standby router,
and perhaps many listening routers. A VRRP group has one master router and one or more
backup routers.
VRRP offers these redundancy features:
 VRRP provides redundancy for the real IP address of a router or for a virtual IP address
that is shared among the VRRP group members.
 If a real IP address is used, the router with that address becomes the master. If a virtual IP
address is used, the master is the router with the highest priority.
 A VRRP group has one master router and one or more backup routers. The master router
uses VRRP messages to inform group members that it is the master.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-97


VRRP Configuration
This topic explains VRRP configuration.

standby router active router


IOS XR IOS
interface GigabitEthernet 0/0/0/0 interface Ethernet 0/0
ip address 192.0.2.2 255.255.255.0 ip address 192.0.2.1 255.255.255.0
router vrrp vrrp 1 ip 192.0.2.1
interface GigabitEthernet 0/0/0/0
address-family ipv4
vrrp 1
address 192.0.2.1 Priority set to 255 (maximum) because
priority 95 the virtual IP matches the interface IP.
track interface GigabitEthernet 0/0/0/0 10

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-13

This command enables VRRP on an interface:


on IOS XR:
router vrrp
interface interface address-family ipv4
vrrp group-number
address ip-address
on IOS/IOS-XE:
interface interface
vrrp group-number ip ip-address
Note that because VRRP supports both IPv4 and IPv6 in IOS XR, there are two address-family
submodes (IPv4 and IPv6) available within router VRRP interface configuration mode.
After the vrrp address or vrrp ip command is issued, the interface changes to the appropriate
state. When the router successfully executes the command, the router issues a VRRP message.
Each VRRP group has its own master router and backup routers. The network administrator can
assign a priority value to each router in a VRRP group, allowing the administrator to control the
order in which master routers for that group are selected.

2-98 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
To set the priority value of a router, enter this command:
vrrp group-number priority priority-value
If the virtual IP address matches an address on the interface of a router, that router has priority
fixed to 255, which is the maximum.
The table describes the variables for the command that are used to configure a VRRP group on
an interface.
VRRP Standby Priority Configuration Commands
Variable Definition

group-number Indicates the HSRP group. This number can be in the range of 0 to 255.

priority-value Indicates the number that prioritizes a potential hot standby router. The range is
0 to 255; the default is 100.

During the election process, the router with the highest priority in a VRRP group becomes the
active router. In the case of a tie, the router with the highest configured IP address will become
active.
To reinstate the default standby priority value, enter the no vrrp priority command.
Preemption is enabled by default with VRRP.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-99


VRRP Load Balancing
This topic describes VRRP load balancing.

active router active router


IOS XR IOS
interface GigabitEthernet 0/0/0/0 interface Ethernet 0/0
ip address 192.0.2.253 255.255.255.0 ip address 192.0.2.254
router vrrp 255.255.255.0
interface GigabitEthernet 0/0/0/0 vrrp 1 ip 192.0.2.1
vrrp 1 vrrp 1 priority 95
address 192.0.2.1 vrrp 2 ip 192.0.2.2
priority 105 vrrp 2 priority 105
vrrp 2
address 192.0.2.2
priority 95

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-14

As with HSRP, VRRP supports load balancing with the same approach of multiple groups for
the same interface.

2-100 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
VRRP Verification
This topic shows how to verify VRRP status.

Router# show vrrp brief


Interface Grp Pri Time Own Pre State Master addr Group addr
Gi0/0/1 1 95 3003 Y Backup 192.0.2.253 192.0.2.1
Gi0/0/1 2 105 3609 Y Master 192.0.2.254 192.0.2.2

IOS

IOS XR
RP/0/RSP0/CPU0:Router# show vrrp
Thu Aug 18 08:53:00.947 UTC
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addr
Gi0/0/0/1 1 105 P Master local 192.0.2.1
Gi0/0/0/1 2 95 P Backup 192.168.254 192.0.2.2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-15

In this figure there are two outputs of show commands, for IOS and IOS XR. The outputs relay
the same information:
 Interface: The interface on which the protocol is active
 vrID or Grp: The VRRP group number
 Prio or Pri: The priority of the router
 Time: The uptime of the protocol on the interface
 A or Own: Shows whether the virtual IP is the same as the interface IP of the router
 P or Pre: Preemption
 State: State
 Master addr: The IP address of the master router (local if local, on IOS XR)
 VRouter addr or Group addr: The IP address of the virtual router

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-101


Gateway Load Balancing Protocol
This topic describes the Gateway Load Balancing Protocol (GLBP).

• Virtual router has an IP address


• There are no virtual MAC addresses
• Active forwarder handles traffic for virtual router
• Active gateway answers ARP and ND requests from clients
• MAC address sent to clients:
- Chosen from a list of active forwarders
- Assigned in round robin fashion
- Achieves load balancing

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-16

Although HSRP and VRRP provide gateway resiliency for the standby members of the
redundancy group, the upstream bandwidth is not used while the device is in standby mode.
Only the active router for HSRP and VRRP groups forwards traffic for the virtual MAC.
Resources that are associated with the standby router are not fully utilized. You can accomplish
some load balancing with these protocols by creating multiple groups and assigning multiple
default gateways, but this configuration creates an administrative burden.
GLBP is a Cisco proprietary solution that was created in 2005 to allow the automatic selection
and simultaneous use of multiple available gateways, in addition to automatic failover between
those gateways. Multiple routers share the load of frames that, from a client perspective, are
sent to a single default gateway address.
With GLBP, you can fully utilize resources without the administrative burden of configuring
multiple groups and managing multiple default gateway configurations, as is required with
HSRP and VRRP.

2-102 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
GLBP Configuration
This topic explains GLBP configuration.

standby router active router


IOS IOS
interface fa0/0 interface fa0/0
ipv6 address 2001:db8:1:1::/64 eui-64 ipv6 address 2001:db8:1:1::/64 eui-64
glbp 1 ipv6 autoconfig glbp 1 ipv6 autoconfig
glbp 1 preempt glbp 1 preempt

With IPv6 link, local


address is used for the
gateway address.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-17

GLBP is not supported on IOS XR.


To configure it on IOS use the command:
glbp group-id ip ip-address
or
glbp group-id ipv6 ip-address
The figure shows an example of GLBP IPv6 configuration. When you are configuring GLBP
for IPv6, you must configure a link-local address. It is also possible to use the autoconfig
parameter, and if so, GLBP will use EUI-64 to configure the host part of the link-local address.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-103


GLBP Load Balancing
This topic describes GLBP load balancing.

default gw default gw default gw


IP: IP1 IP: IP1 IP: IP1
MAC: MAC1 MAC: MAC2 MAC: MAC3

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-18

No additional configuration is necessary for GLBP load balancing because the MAC addresses
of all the active forwarders are sent to clients in round-robin fashion. Load distribution depends
on load distribution per client. In a worst-case scenario, nodes creating the most traffic will get
the MAC address of the same active forwarder.

2-104 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
GLBP Verification
This topic shows how to verify GLBP status.

Router2 is active
gateway

Router2# show glbp brief


Interface Grp Fwd Pri State Address Active router Standby router
Gi0/1 1 - 100 Active FE80::7:B4FF:FE00:100
local FE80::4255:39FF:FED1:D169
Gi0/1 1 1 - Listen 0007.b400.0101 FE80::4255:39FF:FED1:D169
-
Gi0/1 1 2 - Active 0007.b400.0102 local -

Router2 is active
forwarder IOS

Router1 is in
standby for
gateway role

Router1 is active
IOS forwarder

Router1# sh glbp brief


Interface Grp Fwd Pri State Address Active router Standby router
Gi0/1 1 - 100 Standby FE80::7:B4FF:FE00:100
FE80::6600:F1FF:FEA3:1BA1
local
Gi0/1 1 1 - Active 0007.b400.0101 local -
Gi0/1 1 2 - Listen 0007.b400.0102 FE80::6600:F1FF:FEA3:1BA1
-

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-19

The most useful command to verify the operation of GLBP is show glbp brief. It shows all
forwarders for all groups in a summarized table. In this table, you can see one group with two
forwarders, their MAC addresses, and the IP address of the active router—the one that is used
by clients as default gateway.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-105


Summary
This topic summarizes the key points that were discussed in this lesson.

• FHRPs are used in IP edge networks in the Cisco IP NGN.


• On most end devices, only one gateway can be configured. Failure of
the gateway results in loss of network availability.
• FHRPs enable you to use a single gateway setting on end nodes and
maintain fault tolerance.
• Cisco supports three FHRPs.
• HSRP defines a standby group of routers, with one router as the active
one.
• Each HSRP group has its own active and standby routers.
• HSRP routers can simultaneously provide redundant backup and
perform load sharing across different IP subnets and within the same IP
subnet.
• Use the show standby brief command to verify HSRP on the Cisco
IOS router.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-20

• VRRP is very similar to HSRP; it offers IPv6 support on IOS XR.


• Each VRRP group has its own master router and backup routers.
• As with HSRP, VRRP supports load balancing with the same approach
of multiple groups.
• Use the show vrrp brief command to verify VRRP on the Cisco IOS
router.
• GLBP allows simultaneous use of multiple available gateways, and
automatic failover between those gateways.
• GLBP is not supported on the Cisco IOS XR routers.
• GLBP offers load balancing without the use of groups.
• Use the show glbp brief command to verify GLBP on the Cisco IOS
router.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-21

2-106 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Module Summary
This topic summarizes the key points that were discussed in this module.

• When you are expanding a spanning-tree protocol network, VLANs,


VTP, and trunking provide a switched network infrastructure with
segmentation, flexibility, and security.
• The STP and its successor, RSTP, resolve bridging loops that are an
inherent part of redundant switched networks.
• One way to implement inter-VLAN routing is to configure a “router on a
stick” using subinterfaces and 802.1Q trunking.
• You can use one of the supported FHRP protocols to achieve first-hop
redundancy for end nodes.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—2-1

As their business grows, network administrators must address the many aspects of expanding a
switched network. Cisco provides solutions across its suite of internetworking switches. These
solutions solve many of the immediate problems that are associated with administrative
changes, and also provide scalability, interoperability, increased dedicated throughput, and
security.

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-107


2-108 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Module Self-Check
Use the questions here to review what you learned in this module. The correct answers and
solutions are found in the Module Self-Check Answer Key.
Q1) What is the default VLAN on a port on a Cisco Catalyst switch? (Source:
Implementing VLANs and Trunks.)
A) 0
B) 1
C) 2
D) 1002
Q2) When you forward a frame over a trunk link, is the frame check sequence recomputed?
(Source: Implementing VLANs and Trunks.)
A) yes, if the frame does not belong to native VLAN
B) no, because frames are not tagged on the trunk link
C) only if the frame belongs to native VLAN
D) yes, if computation is required by the neighboring switch or router
Q3) When you configure VTP, what is the safest mode of operation to avoid accidental
change of VLAN information on network switches? (Source: Implementing VLANs
and Trunks .)
A) transparent
B) server
C) client
D) access
Q4) What is the main purpose of QinQ? (Source: Implementing VLANs and Trunks.)
A) to transport information about configured VLANs over trunks
B) to transport tagged traffic within tagged frames by dual tagging them
C) to tag frames twice for redundancy purposes
D) to align VLAN tags in frame headers for faster processing
Q5) How many instances of spanning tree are active with default PVSTP+? (Source:
Spanning Tree Protocol Enhancements.)
A) one per group of 32 VLANs
B) one per group of 16 VLANs
C) one per switch
D) one per VLAN
Q6) What is the advantage of RSTP over standard STP? (Source: Spanning Tree Protocol
Enhancements.)
A) scalability
B) support of multiple VLANs
C) speed of convergence
D) fault tolerance

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-109


Q7) Which of the following is true for MSTP? (Choose one.) (Source: Spanning Tree
Protocol Enhancements.)
A) The advantage of MSTP over PVSTP is the fact that MSTP runs one instance
for several VLANs, while PVSTP runs an instance for every VLAN, thus
increasing resource consumption.
B) The advantage of MSTP over PVSTP is convergence time, since MSTP runs
multiple instances of STP over the network, thus calculating backup paths.
before switchover occurs.
C) MSTP has no advantages over PVSTP, and therefore PVSTP should be
preferred whenever possible.
D) The advantage of MSTP over PVSTP is apparent in dual-ring and multiring
networks, where each ring requires a separate instance of STP.
Q8) Match spanning-tree port options with their descriptions. (Source: Spanning Tree
Protocol Enhancements.)
A) PortFast
B) BPDU guard
C) BPDU filter
_____ 1. turns spanning tree on or off
_____ 2. immediately transitions from blocking to forwarding
_____ 3. shuts down port if BPDUs are detected
Q9) Which three of the following are true for REP? (Choose three.) (Source: Spanning Tree
Protocol Enhancements.)
A) REP has faster convergence than STP.
B) REP supports more complex topologies than STP.
C) REP supports VLAN load balancing.
D) REP is supported on existing hardware platforms.
Q10) Which devices can provide you with inter-VLAN connectivity? Check all that apply.
(Source: Routing between VLANs.)
A) Layer 2 switch
B) Router
C) Firewall
D) Layer 3 switch
Q11) In a simple inter-VLAN routing scenario, what is the type of route seen in a router's
routing table? (Source: Routing between VLANs.)
A) static
B) connected
C) virtual
D) BGP
Q12) Explain the difference between the purpose of the command vlan 4, and the purpose of
the command interface vlan 4. (Source: Routing between VLANs.)

2-110 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Q13) Why does managing a gateway failure require extra protocols? (Source: First Hop
Redundancy Protocols.)
A) Because gateways must signal a change of MAC address
B) Because all end nodes speak ES-IS protocol, which must also be spoken by
gateways
C) Because you need to signal a VLAN change when swapping a gateway
D) Because an end node can define only one default gateway
Q14) Will the introduction of a router with a higher priority into an HSRP group cause active
router change? (Source: First Hop Redundancy Protocols.)
A) No, priority is only checked when all routers are booted up.
B) Yes, because preemption is enabled by default.
C) Yes, but only if preempt is configured.
D) No, but a manual switch may be initiated with the command standby <group
id> priority recheck.
Q15) Is it possible to set VRRP virtual IP to an address that is already assigned to a physical
interface on a router? (Source: First Hop Redundancy Protocols.)
A) Yes, without any side effects.
B) Yes, but setting it will fix the priority of the owner of the IP address to the
highest possible value.
C) No, an additional shared virtual IP address is always required with FHR
protocols.
D) Yes, but only if preempt is configured.
Q16) What is the benefit of GLBP when compared to HSRP and VRRP? (Choose one.)
(Source: First Hop Redundancy Protocols.)
A) more complex configuration
B) support for VLAN configuration
C) faster response to failures
D) load sharing with the same gateway address on all clients

© 2012 Cisco Systems, Inc. Advanced LAN Switching 2-111


Module Self-Check Answer Key
Q1) B
Q2) A
Q3) A
Q4) B
Q5) D
Q6) C
Q7) A
Q8) 1-C
2-A
3-B
Q9) A, C, D
Q10) B, C, D
Q11) B
Q12) vlan 4 defines a VLAN (Layer 2 construct on a switch).
interface vlan 4 defines an SVI Layer 3 interface, which is connected to VLAN 4).
Q13) D
Q14) C
Q15) B
Q16) D

2-112 Building Cisco Service Provider Next Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Module 3

Internal Service Provider


Traffic Forwarding
Overview
For successful traffic forwarding, routing information has to be exchanged between routers in a
network. There are various types of routing protocols, but only link-state routing protocols meet
the requirements in service provider core networks. Routing information is often exchanged
between routers that are using more routing protocols. In this case, redistribution of routing
information is needed from one routing protocol to another. When all routers have the same
routing information, traffic forwarding can begin. One of the most-often-used traffic
forwarding technologies in service provider core networks is Multiprotocol Label Switching
(MPLS).
This module first describes link-state routing protocols. Then the module describes Open
Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) routing
protocols. The module also describes route redistribution and ends with MPLS basics.

Module Objectives
Upon completing this module, you will be able to describe routing protocols and traffic
forwarding mechanisms in service provider core networks. This ability includes being able to
meet these objectives:
 Describe the basics of link-state routing protocols
 Describe the operation and configuration of single-area OSPF, including load balancing
and authentication
 Describe the operation and configuration of single-area IS-IS, including load balancing and
authentication
 Describe the operation and configuration of route redistribution
 Describe and configure basic MPLS in a provider network
3-2 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 1

Link-State Routing Protocols


Overview
Link-state routing protocols are used in service provider IP and Multiprotocol Label Switching
(MPLS) core networks as interior gateway protocol (IGP) is used. Link-state protocols are used
because of scalability, support for multivendor requirements and quick convergence. All of
these features are very important in service provider environments, which should offer access
to plentiful services to customers.
This lesson starts with a description of service provider core network requirements and
continues with a description of link-state protocols operations, such as link-state adjacencies,
link-state advertisements (LSAs), and Shortest Path First (SPF) calculations.

Objectives
Upon completing this lesson, you will be able to describe the basics of link-state protocols. You
will be able to meet these objectives:
 Describe the basics requirements of the service provider IP and MPLS core network
 Describe link-state routing protocol basics
 Describe link-state adjacencies
 Describe link-state advertisements
 Describe link-state database and SPF calculations
Service Provider IP and MPLS Core Network
Requirements
This topic describes the basics requirements of the service provider IP and MPLS core network.

• Service provider core network provides multiservice connectivity to customers.


• Customers are connected to the service provider core network using the access
layer.
• The core network should meet certain requirements to provide limitless access
to media-rich services.
Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-3

IP and MPLS core network is a high-speed, high-capacity central part of the provider network
(P-network) that provides multiservice connectivity to customers. Customers connect to the
service provider core network via the access layer using different access technologies. IP and
MPLS core network should meet certain requirements to provide limitless access to plentiful
Cisco services, such as VoIP, VoD, Telepresence, Mobile Internet, and Cloud Services.

3-4 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
The service provider core network should meet the following
requirements:
• High speed of forwarding packets:
- Rich portfolio of Cisco routers for service provider environments
• High availability:
- Redundant devices and links
• Fast convergence:
- Link-state routing protocols
• Optimized bandwidth consumption and support for different real-time
services:
- Multicast
- QoS
• Integrated security:
- Various standard support on Cisco routers

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-4

Service provider IP and MPLS core network should meet the following requirements:
 High speed of forwarding packets: The service provider core should forward packets as
fast as possible to achieve minimal delay or packet loss. Cisco offers a rich portfolio of
industry-leading, high-performance routers for service provider environments, such as the
Cisco Carrier Routing System (Cisco CRS-1), Cisco Aggregation Services Router (ASR),
Cisco XR 12000 Series Router, and Cisco 7600 Series Router.
 High availability: The service provider core network should use a high-availability design
with redundant hardware, links, and routing protocols for reconfiguring network paths
when failures occur.
 Fast convergence: When failures occur, routing protocols should converge as fast as
possible and find a new path across a network. Link-state protocols, such as Open Shortest
Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS), offer fast
convergence and support for large networks.
 Optimized bandwidth consumption and support for different real-time services:
Multicast provides optimized bandwidth consumption, and quality of service (QoS)
prevents oversubscription to ensure that real-time traffic, such as voice, video, and critical
data, is not dropped or delayed.
 Integrated security: Integrated security protects against and mitigates the effect of worms,
viruses, and other attacks on the network—even at the port level. Cisco devices support
different security features and standards such as control, data and management planes
protection mechanisms, IP Security (IPsec) and MPLS VPNs, and identity and access
management. These features help improve performance and security as well as decrease
costs.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-5
Link-State Routing Protocol Basics
This topic describes link-state routing protocol basics.

• Only link-state IGPs, such as OSPF and IS-IS, are found in service
provider environments.
• Link-state routing protocols have several advantages when compared to
distance vector routing protocols:
- Link-state protocols are more scalable.
- Each router has a full picture of a topology.
- Updates are sent only when a topology change occurs.
- Link-state protocols respond quickly to topology changes.
- More information is communicated between routers.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-5

When a failure occurs in a service provider core network, routing protocols should detect the
failure as soon as possible and find another path across the network. Only link-state protocols
support fast convergence with support for scalability and multivendor environments, so they are
the only type of IGP found in service provider environments.
Link-state protocols have the following advantages when compared to distance vector routing
protocols:
 They are more scalable: Link-state protocols use a hierarchical design and can scale to
very large networks if properly designed.
 Each router has a full picture of a topology: Because each router contains full
information about all of the routers and links in a network, each router is able to
independently select a loop-free and efficient pathway, which is based on cost, to reach
every network in the network.
 Updates are sent only when a topology change occurs: Link-state protocols send only
updates of a topology change. By using triggered updates, bandwidth is preserved.
 They respond quickly to topology changes: Link-state protocols establish neighbor
relations with adjacent routers. Failure of a neighbor is detected quickly, and this failure is
communicated by using triggered updates to all routers in the network. This immediate
reporting generally leads to fast convergence times.
 More information is communicated between routers: Routers running a link-state
protocol have a common view on the network. This means that each router has full
information about other routers and links between them, including the metric on each link.

3-6 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• The link-state protocol uses a hierarchical design.
• Routers create a neighbor relationship by exchanging hello packets.
• The link-state protocol propagates LSAs rather than routing table
updates:
- The LSA describes a router and the links and networks (including the metric)
that are connected to this router.
• Each router floods LSAs to all routers in the area.
• Each router pieces together all of the LSAs that are generated by other
routers to create the link-state (topology) database.
• Each router uses the SPF algorithm to calculate the shortest path to
each destination and places it in the routing table.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-6

Link-state protocols can use a hierarchical design that makes networks more scalable. The
largest entity within the hierarchy is the autonomous system (AS), which is a collection of
networks under a common administration that share a common routing strategy. An AS can be
divided into a number of areas. An area is a group of contiguous networks.
Link-state routers first establish a neighbor relationship with adjacent routers by periodically
exchanging hello packets. Then routers exchange LSAs, which describe routers, links, and
networks that are connected to routers. An LSA would include, for example, the ID of a router
and networks and links that are connected to this router, including the IP subnet, network mask,
and metric on an interface. Each router floods its LSAs across the network at the beginning and
after a topology change. All other routers receive LSAs and piece them together to create a
link-state topology database (LSDB). This database is, essentially, an overall picture of
networks in relation to routers. The topological database contains the collection of LSAs that
are received from all routers in the same area. Because routers within the same area share the
same information, they have identical topological databases. After a topology database is
created or changed, the SPF algorithm is run on the database that finds the best paths to all
destinations from the perspective of each router. The best paths are then placed into the routing
table.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-7
Link-State Adjacencies
This topic describes link-state adjacencies.

• Two-way adjacencies are established between routers by exchanging


hello packets.
• Adjacency is established after certain information inside hello packets is
checked.
• Adjacent routers are put into the neighbor database.

Hello! Hello!
Neighbors
B X
B

D A C
Hello! Hello!

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-7

Routers that are running a link-state protocol must first recognize each other and establish
neighbor adjacencies with neighboring routers. Routers achieve this neighbor adjacency by
exchanging hello packets with the neighboring routers. In general, routers establish adjacencies
as follows:
1. The router sends and receives hello packets to and from its neighboring routers. The format
of the destination address is typically multicast.
2. The routers exchange hello packets that are subject to protocol-specific parameters, such as
checking whether the neighbor is in the same AS and area. Routers declare that the
neighbor is up when the exchange is complete.
3. After a router establishes neighbor adjacency by using the hello packets, the neighbor is put
into the neighbor database. After this, neighbors synchronize their LSDBs by exchanging
LSAs and confirming the receipt of LSAs from the adjacent router.
In the example, there are four routers, where each router establishes adjacency with
neighboring routers. Router A for example, establishes adjacency with routers B and D.

3-8 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Link-State Advertisements
This topic describes link-state advertisements.

• After adjacencies are established, LSAs are exchanged between


routers.
• LSAs describe a router and the links and networks (including the metric)
that are on this router.
• After all LSAs are exchanged, LSAs are stored in the LSDB (topology
database).
• Each router has the same topology database.

LSA:
Topology Hello! Hello!
Router C:
Router A B Stub network
Stub network X Two transit networks
Two transit networks
Router D A C
Two transit networks Hello! Hello!
And so on D

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-8

After a neighbor relationship is established between routers, the routers synchronize their
LSDBs by reliably exchanging LSAs. Recall that an LSA describes a router and networks that
are connected to this router. LSAs are stored in the LSDB (topology database). By exchanging
all LSAs, routers learn the complete topology of the network. Each router should have the same
topology database.
In the example, router C created an LSA, which describes router C, and this LSA states that
router C is connected to two transit networks (connecting to adjacent routers) and to one stub
network (network X in the example). This LSA is then forwarded across the network to all
routers. When router A receives all of the LSAs, its topology table describes the entire topology
with all routers and networks that are connected to these routers. Because the metric of each
router interface is also included in an LSA, each router also knows what the cost of reaching
distant networks is.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-9
Link-State Database and SPF Calculations
This topic describes link-state database and SPF calculations.

• Each router produces a map of a network in the form of a graph.


• Vertices and edges of a graph are created based on information in the
link-state topology database.
• Edges in a graph are weighted with a link metric.

Topology Map
B
10 20
10 20
B X

A C A C
10 10
10 10
D
D

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-9

When routers synchronize their LSDBs, each router creates a topology map in the form of a
graph. In mathematics, a graph is a representation of a set of objects where some pairs of the
objects are connected by links. Objects are called vertices, and the links that connect some pairs
of vertices are called edges. Vertices present routers, and edges present links between routers.
Vertices and edges of a graph are created based on information in the LSDB. Edges in the
graph are also weighted with a link metric that is also communicated inside LSAs.

3-10 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Each router finds the best path to destinations by applying the Dijkstra
SPF algorithm to the topology map.
• Each router places itself into the root of an SPF tree that is built.
• The best path is calculated based on a cumulative metric of all links to
destinations.

SPF Tree
A
10 20
10 10
B X

B D A C
10 10
10
C D

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-10

After the topology map is built, each router applies the SPF algorithm to the topology map. The
SPF algorithm uses the Dijkstra algorithm.

Note The Dijkstra algorithm was developed by Dutch computer scientist Edsger Dijkstra in 1956.
It solves the shortest path problem for a graph with edge path costs, producing a shortest
path tree.

The SPF algorithm builds a tree, where the root of the tree is the router itself, and leaves are
distant networks. The router places itself at the root of a tree and calculates the shortest path to
each destination, which is based on the cumulative cost that is required to reach this destination.
In the example, router A knows that it has to send a packet to router D to reach networks that
are connected to router C. The SPF algorithm chose this path because the cumulative cost is 20.
The path cost over router B would be 30, which is worse than 20.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-11
• The best routes to destinations are put into the routing table.
• When change occurs in the topology, new LSAs are created and sent
throughout the network.
• All routers must perform a SPF recalculation on the updated link-state
topology database.

Routing Table

Network X  D 10 20
B X
And so on

A C
10 10

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-11

The best paths to destinations are then put into the routing table. The routing table includes a
destination network and next-hop IP address. In the example, the routing table on router A
states that a packet should be sent to router D to reach network X.
Whenever there is a change in a topology, a new LSA is created and sent throughout the
network. All routers change their LSDB at the receipt of the new LSA, and the SPF algorithm
is run again on the updated LSDB to verify new paths to destinations.

3-12 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Summary
This topic summarizes the key points that were discussed in this lesson.

• Service provider core networks require fast convergence when topology


changes occur.
• Only link-state routing protocols meet service provider core network
requirements.
• Link-state routing protocols first establish adjacencies with neighboring
routers.
• After a neighbor relationship is established between routers, the routers
exchange LSAs to create a topology map.
• After the topology map is built, each router applies the SPF algorithm to
the topology map.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-12

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-13
3-14 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 2

Implementing OSPF
Overview
Open Shortest Path First (OSPF) routing protocol is one of the link-state routing protocols that
are found in service provider environments for internal routing. Understanding OSPF
operations and OSPF configuration is thus very important for network engineers working in
service provider environments.
This lesson describes the operation and configuration of single-area OSPF, including load
balancing and authentication. It starts with OSPF basics and basic configuration and then it
shows how to enable OSPF on router network interfaces. The lesson continues on how to
improve OSPF operations by enabling load balancing. The lesson concludes with how to secure
OSPF routing protocol by configuring OSPF authentication.

Objectives
Upon completing this lesson, you will be able to describe the operation and configuration of
single-area OSPF, including load balancing and authentication. You will be able to meet these
objectives:
 Describe basic OSPF concepts
 Describe OSPF adjacencies and hello packets
 Describe the OSPF cost metric
 Describe the OSPF router ID
 Explain how to enable the OSPF routing process and configure the OSPF router ID
 Describe how to enable network interfaces for OSPF
 Explain how to implement single-area OSPF
 Describe OSPF load balancing and the implementation of OSPF load balancing
 Describe OSPF authentication mechanisms
 Describe OSPFv2 authentication
 Describe OSPFv3 authentication
 Explain OSPFv2 and OSPFv3 authentication configuration
 Describe OSPF troubleshooting steps
OSPF Overview
This topic describes basic OSPF concepts.

• A link-state routing
protocol that uses a
hierarchical design
External Routing Domain
• Hierarchical design:
- Minimizes routing table OSPF ASBR
Backbone Area
entries
- Localizes effect of a
topology change within
an area
ABR ABR
• OSPFv2 used for IPv4
Area 1 Area 2
• OSPFv3 used for IPv6

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-3

OSPF is a link-state protocol that uses a two-layer network hierarchy. There are two primary
elements in the two-layer network hierarchy:
 Area: An area is a grouping of contiguous networks. Areas are logical subdivisions of the
autonomous system (AS).
 AS: An AS consists of a collection of networks under a common administration that share
a common routing strategy. An AS, sometimes called a domain, can be logically
subdivided into multiple areas.
Within each AS, a contiguous backbone area must be defined. All other nonbackbone areas are
connected off of the backbone area. The backbone area is the transition area because all other
areas communicate through it. For OSPF, the nonbackbone areas can be additionally
configured as stub areas, totally stubby areas, or not-so-stubby areas (NSSAs) to help reduce
the link-state database (LSDB) and routing table size.

Note The backbone area always uses 0 as an area ID. This course concentrates on single-area
OSPF only. In this case, the single area that is used should be the backbone area or Area 0.

Note OSPF special areas, such as stub areas, are not discussed in this course.

Routers that operate within the two-layer network hierarchy have different routing entities and
different functions in OSPF. The following are some examples that are based on the figure:
 Routers A and B are the backbone router. The backbone router provides connectivity
within the backbone area.

3-16 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
 Routers C and D are Area Border Routers (ABRs). ABRs attach to multiple areas, maintain
separate LSDBs for each area to which they are connected, and route traffic that is destined
for or arriving from other areas.
 Routers E and F are nonbackbone, internal routers. Nonbackbone, internal routers are
aware of the topology within their respective areas and maintain identical LSDBs about the
areas.
 Depending on the configuration of the OSPF nonbackbone area (that is, the stub area,
totally stubby area, or NSSA), the ABR advertises a default route to the nonbackbone,
internal router. The nonbackbone, internal router uses the default route to forward all
interarea or interdomain traffic to the ABR router.
 Router A is also an Autonomous System Boundary Router (ASBR) that connects to an
external routing domain or AS.
 Router G is a router that belongs to another routing domain or AS.

Hierarchical design minimizes routing table entries because routers in nonbackbone areas
include only routes belonging to the local area. To reach networks in other areas, a summary
route (or default route, in the case of totally stubby areas) is used. This design also minimizes
an effect that a topology change has because link-state advertisement (LSA) flooding and
Shortest Path First (SPF) recalculation are limited to a single area only.
OSPF that is currently used for IPv4 is OSPF version 2. For IPv6, OSPF version 3 is used,
which is based on version 2 with the following enhancements:
 OSPF version 3 (OSPFv3) adjacencies use link-local addresses to communicate. Router
next-hop attributes are neighboring router link-local addresses. Because link-local
addresses have the same prefix, OSPF needs to store the information about the outgoing
interface.
 OSPFv3 uses IPv6 for transport of LSAs.
 OSPFv3 is enabled per link and identifies which networks (or prefixes) are attached to this
link for determining prefix reachability propagation and OSPF area.
 OSPFv3 requires the router to run Cisco Express Forwarding.
 OSPFv3 is not backward-compatible with OSPF version 2 (OSPFv2).

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-17
Adjacencies
This topic describes OSPF adjacencies and hello packets.

• OSPF routers first establish adjacencies.


• Hello packets are periodically sent to multicast address 224.0.0.5 and
FF02::5.
• Routers must agree on certain information inside the hello packet
(marked with *) before adjacency can be established.

Hello!
Router ID
Hello/dead interval*
Neighbors
Area ID *
Router priority
Hello! Hello! DR IP address
Hello! BDR IP address
Authentication data *

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-4

Neighbor OSPF routers must recognize each other on the network before they can share
information because OSPF routing depends on the status of the link between two routers. This
process is done using the Hello protocol, which establishes and maintains neighbor
relationships by ensuring bidirectional (two-way) communication between neighbors.
Bidirectional communication occurs when a router recognizes itself listed in the hello packet
that is received from a neighbor.
Each interface that is participating in OSPF uses the OSPF routers multicast address 224.0.0.5
(IPv4) or FF02::5 (IPv6) to periodically send hello packets. A hello packet contains the
following information:
 Router ID: The router ID is a 32-bit number that uniquely identifies the router.
 Hello and dead intervals: The hello interval specifies the frequency in seconds at which a
router sends hello packets. The default hello interval on multiaccess networks is 10
seconds. The dead interval is the time in seconds that a router waits to hear from a neighbor
before declaring the neighboring router out of service. By default, the dead interval is four
times the hello interval. These timers must be the same on neighboring routers; otherwise,
an adjacency will not be established.
 Neighbors: The Neighbors field lists the adjacent routers with established bidirectional
communication. This bidirectional communication is indicated when the router recognizes
itself listed in the Neighbors field of the hello packet from the neighbor.
 Area ID: To communicate, two routers must share a common segment, and their interfaces
must belong to the same OSPF area on this segment. The neighbors must also share the
same subnet and mask. These routers will all have the same link-state information.

3-18 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
 Router priority: The router priority is an 8-bit number that indicates the priority of a
router. OSPF uses the priority to select a designated router (DR) and backup DR (BDR).
OSPF routers on a multiaccess network segment (for example, Ethernet and Frame Relay)
elect a DR and BDR to reduce the number of adjacencies that are required. The idea behind
this is that routers have a central point of contact for information exchange. Instead of each
router exchanging updates with every other router on the multiaccess network segment,
every router only exchanges information with the DR and BDR. The DR then relays the
information to all other routers. If the DR fails, the BDR can take over the role of the DR.

Note OSPF DRs and BDRs are not discussed further in this course.

 DR and BDR IP addresses: These are the IP addresses of the DR and BDR for the
specific network, if they are known.
 Authentication data: If router authentication is enabled, two routers must exchange the
same authentication data. Authentication is not required, but if it is enabled, all peer routers
must have the same key configured.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-19
Metric
This topic describes the OSPF cost metric.

• OSPF uses a path cost as a metric.


• By default, cost is calculated based on interface bandwidth.
• Cost = Reference Bandwidth / Interface Bandwidth, where reference
bandwidth is 100 Mb/s.
• Path cost is a cumulated cost of all links on the path to destinations.

Cost = 40
P1 PE1

Cost = 10

Cost = 10 Cost = 20

Cost = 10
X
P2 Cost = 30 Cost = 10
PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-5

A metric is an indication of the overhead that is required to send packets across a certain
interface. OSPF uses cost as a metric. Smaller cost indicated a better path than higher cost. The
cost of an interface is inversely proportional to the bandwidth of this interface, so a higher
bandwidth indicates a lower cost. There is more overhead, higher cost, and more time delays
that are involved in crossing a 10-Mb/s Ethernet line than in crossing a 100-Mb/s Ethernet line.
The formula that is used to calculate OSPF cost is cost = reference bandwidth / interface
bandwidth (in bits per second).
The default reference bandwidth is 108, which is 100,000,000 or the equivalent of the
bandwidth of Fast Ethernet. Therefore, the default cost of a 10-Mb/s Ethernet link will be 108 /
107 = 10, and the cost of a 100-Mb/s link will be 108 / 108 = 1. The problem arises with links
that are faster than 100 Mb/s. Because OSPF cost has to be an integer, all links that are faster
than Fast Ethernet will have an OSPF cost of 1. In this case, it is required to change OSPF cost
on an interface manually or to adjust the reference bandwidth to a higher value.
To adjust the reference bandwidth for links with bandwidths greater than Fast Ethernet, use the
auto-cost reference-bandwidth command in router configuration mode, followed by a number
from 429 to 4967 in terms of megabits per second.
The cost to reach a distant network from a router is a cumulated cost of all links on the path
from the router to the network. In the example, the cost from router P1 to network X via PE1 is
40 (10 + 20 + 10), and the cost via router P2 is 30 (10 + 10 + 10). The path via P2 is better
because it has a lower cost.

3-20 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Router ID
This topic describes the OSPF router ID.

• Router ID is a 32-bit long number by which the router is known to OSPF.


• By default, router ID is the highest IPv4 address on an active interface at
the moment of OSPF process startup.
• Router ID can be overridden by a loopback interface—the highest IPv4
address of any active loopback interface.
• Router ID can be set manually by using the router-id command.

P1 PE1

Loopback0 Loopback0

Loopback0 Loopback0

P2 PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-6

Each router running an OSPF process requires a router ID. Router ID is a 32-bit long number in
decimal dotted notation by which a router is known to other OSPF routers.

Note OSPF router ID uses the same format as IPv4 addresses, but it is not an IP address.

The router ID value will be, by default, inherited from an active interface with the highest IPv4
address. If a loopback interface is configured, router ID will be inherited from an active
loopback interface with the highest IPv4 address. It is recommended to use loopback interfaces
for a router ID because loopback interfaces are always active and cannot be in the “down” state.
Router ID can also be manually set using the router-id command. In this case, manual
configuration of router ID takes precedence.
The same applies to IPv6 and OSPFv3; router ID will be the highest IPv4 address on a
loopback interface. If IPv4 addresses are not used on a router that is running OSPFv3, router ID
has to be manually set using the router-id command.

Note Once the router ID is set or chosen, it does not change, even if a loopback interface with a
higher IP address is configured. The router ID changes only if the router reloads, or the
OSPF process restarts.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-21
OSPF Configuration Scenario
This topic explains how to enable the OSPF routing process and configure the OSPF router ID.

• Configure the loopback interface


• Enable the OSPF process
• Set the router ID

P1 PE1

Loopback0 Loopback0

Loopback0 Loopback0
10.2.1.1/32 10.2.10.1/32
P2 PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-7

The figure shows an example that will serve as a configuration scenario. OSPF for IPv4 will be
enabled on routers, and loopback interfaces will be configured. Alternatively, manual
configuration of router ID will also be shown. Only configuration on router P2 will be shown,
where the IP address of a loopback interface will be set to 10.2.1.1/32. Router ID will be set to
the same value of 10.2.1.1. Configuration on other routers should be the same, except for IP
addresses and router IDs.

3-22 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
P1 PE1

Loopback0 Loopback0

Loopback0 Loopback0
10.2.1.1/32 10.2.10.1/32
P2 PE2
interface Loopback0 Configure the
ipv4 address 10.2.1.1 255.255.255.255 loopback interface
!
router ospf 1 Enable the
router-id 10.2.1.1 OSPF process

Set the
router ID

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-8

The figure shows a configuration for the Cisco IOS XR router. To configure a loopback
interface, first enter interface configuration mode using the interface loopback command.
Then use the ipv4 address command to set the IPv4 address and network mask. To enable the
OSPF process, use the router ospf command followed by the process ID name. The process ID
is any alphanumeric string that is no longer than 40 characters without spaces. As an alternative
to using the loopback interface, you can set the router ID using the router-id command in the
OSPF router configuration mode.
Configuration for IPv6 is very similar, except for specifying OSPF version 3 in the router
ospfv3 command:
interface Loopback0
ipv4 address 10.2.1.1 255.255.255.255
!
router ospfv3 1
router-id 10.2.1.1

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-23
Adding Interfaces to OSPF
This topic describes how to enable network interfaces for OSPF.

• Interfaces have to be explicitly enabled for the OSPF process.


• Adding an interface to OSPF means to enable OSPF on the interface and
to advertise a network on the interface.
• Different ways to add an interface to the OSPF process, which is based
on IP version and platform, follow:
- Specify interface under router configuration mode (Cisco IOS XR)
- Specify network under router configuration mode (IOS and IOS XE—IPv4 only)
- Specify OSPF process under interface configuration mode (IOS and IOS XE)

P1 OSPF PE1

X
P2 PE2
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-9

Once the OSPF process is started, OSPF has to explicitly be enabled on a network interface.
Enabling OSPF on an interface means to advertise the network on the interface and to start the
OSPF Hello protocol and LSA exchange on the interface.
There are different ways to enable the network interface for OSPF, which is based on the IP
version and router platform:
 Specify interfaces that should be enabled for OSPF in the OSPF area configuration mode.
This applies to the Cisco IOS XR platforms, for both IPv4 and IPv6.
 Specify networks that should be advertised under the OSPF router configuration mode.
Interfaces whose IP addresses fall within the specified network will be enabled for OSPF.
This applies to the Cisco IOS and IOS XE platforms, for IPv4.
 Specify the OSPF process ID under the interface configuration mode for interfaces you
would like to enable. This applies to the Cisco IOS and IOS XE platforms, for both IPv4
and IPv6.

3-24 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Single-Area OSPF Implementation Scenario
This topic explains how to implement single-area OSPF.

Enable single-area OSPF on:


• Loopback interfaces
• Gigabit Ethernet 0/0/0 and Gigabit Ethernet 0/0/0/0 interfaces

P1 PE1
OSPF
Area 0

Loopback0 192.168.102.0/24 Loopback0


10.2.1.1/32 10.2.10.1/32
GE0/0/0/0 GE0/0/0
P2 .20 .21 PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-10

The figure shows an example that will serve as a configuration scenario. Single-area OSPF for
IPv4 will be enabled on router P2 on the Loopback0, GigabitEthernet0/0/0, and
GigabitEthernet0/0/0/0 interfaces. The configuration will be shown for the P2 (Cisco IOS XR
Software) and PE2 (Cisco IOS and IOS XE Software) routers.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-25
P1 PE1

Loopback0 192.168.102.0/24 Loopback0


10.2.1.1/32 10.2.10.1/32
GE0/0/0/0 GE0/0/0
P2 .20 .21 PE2

router ospf 1 Specify the


area 0 area ID
interface Loopback0 Specify the
! interfaces
interface GigabitEthernet0/0/0/0 Enable the
OSPF process
Set the
router ospf 1
router ID
router-id 10.2.1.1
network 192.168.102.0 0.0.0.255 area 0
Specify the OSPF network 10.2.1.1 0.0.0.0 area 0
process ID and area ID

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-11

Cisco IOS XR
To enable interfaces for OSPF on Cisco IOS XR Software, first enter the OSPF router
configuration mode using the router ospf command. Then specify the OSPF area using the
area command followed by the area ID. The area ID argument can be specified as either a
decimal value or an IP address (or dotted decimal) format. The range is 0 to 4,294,967,295.
Because the single-area OSPF is configured, the area ID should be 0. Then specify the interface
names under the area to enable interfaces for the OSPF process in the area. In the example,
interfaces Loopback0 and GigabitEthernet0/0/0/0 are enabled for Area 0.
Configuration for IPv6 on the Cisco IOS XR Software is very similar:
router ospfv3 1
area 0
interface Loopback0
!
interface GigabitEthernet0/0/0/0

3-26 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco IOS and Cisco IOS XE
To enable interfaces for OSPF on the Cisco IOS and IOS XE routers, use the network area
command. Networks that should be advertised, along with the area that the networks are in, are
specified under the OSPF router configuration mode. Interfaces whose IP addresses fall within
the specified network and wildcard mask will be enabled for OSPF.

Note Wildcard masks will be discussed in the module ACLs and IP Address Translation. For now,
you can treat them as inverse of a network mask.

On the Cisco IOS and IOS XE routers, interfaces can be enabled for OSPF for IPv6 only under
the interface configuration mode. In some release of the software, it is required to first enable
IPv6 routing using the ipv6 unicast-routing command:
ipv6 unicast-routing
!
router ipv6 ospf 1
router-id 10.2.10.1
!
interface GigabitEthernet0/0/0
ipv6 ospf 1 area 0
!
interface Loopback0
ipv6 ospf 1 area 0

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-27
• Displays if OSPF is configured
RP/0/RSP0/CPU0:P2# show protocols

Routing Protocol OSPF 1


Router Id: 10.3.1.1
Distance: 110
Non-Stop Forwarding: Disabled
Redistribution:
None
Area 0
Loopback0
GigabitEthernet0/0/0/0

• Displays OSPF neighbors


RP/0/RSP0/CPU0:P2# show ospf neighbor

Neighbors for OSPF 1

Neighbor ID Pri State Dead Time Address Interface


10.3.10.1 1 FULL/BDR 00:00:36 192.168.112.40 GigabitEthernet0/0/0/0
Neighbor is up for 02:58:21

Total neighbor count: 1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-12

You can use a number of show commands to display information about an OSPF configuration.
The show protocol ospf command displays the router ID, administrative distance, areas that
the router is configured for, and interfaces that are enabled for OSPF. To verify OSPF for IPv6,
use the show protocols ospfv3 command. The printout is the similar to IPv4.

To verify OSPF neighbors, use the show ospf neighbors command. This command shows
neighbors on an interface basis. The command displays the neighbor ID, OSPF priority, state,
dead time, IP address of a neighbor, and local interface to reach the neighbor.

To verify OSPFv3 neighbors, use the show ospfv3 neighbor command:

RP/0/RSP0/CPU0:P2#show ospfv3 neighbor


Wed Jul 6 08:03:35.163 UTC

Neighbors for OSPFv3 1

Neighbor ID Pri State Dead Time Interface ID


Interface
10.2.10.1 1 FULL/DR 00:00:33 7
GigabitEthernet0/0/0/0
Neighbor is up for 00:02:14

3-28 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Displays routing table
RP/0/RSP0/CPU0:P1# show route

Codes: C - connected, S - static, R - RIP, B - BGP


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, (!) - FRR Backup path

Gateway of last resort is not set

L 10.3.1.1/32 is directly connected, 23:00:20, Loopback0


O 10.3.10.1/32 [110/2] via 192.168.112.40, 00:00:03, GigabitEthernet0/0/0/0
<…output omitted…>

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-13

The show route command displays the routes that are known to the router and how they were
learned. Routes that are marked with O were learned via OSPF. The output shows a distant
network, administrative distance, metric, next-hop IP address, the last time the route was
updated, and outgoing interface.
To verify IPv6 routes, use the show route ipv6 command. The output is the same, except that
the IP addresses that are shown are IPv6 addresses. Next-hop IP addresses in the IPv6 routing
table are always link-local IP addresses.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-29
• Displays OSPF information on an interface
RP/0/RSP0/CPU0:P2# show ospf interface

Interfaces for OSPF 1


GigabitEthernet0/0/0/0 is up, line protocol is up
Internet Address 192.168.112.30/24, Area 0
Process ID 1, Router ID 10.3.1.1, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1, MTU 1500, MaxPktSz 1500
Designated Router (ID) 10.3.1.1, Interface address 192.168.112.30
Backup Designated router (ID) 10.3.10.1, Interface address 192.168.112.40
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Index 1/1, flood queue length 0
Next 0(0)/0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
LS Ack List: current length 0, high water mark 4
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.3.10.1 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
Multi-area interface Count is 0

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-14

The show ospf interface command verifies that interfaces have been configured in the intended
areas. This command also displays the OSPF process ID, router ID, OSPF network type, OSPF
cost, and timer intervals including the hello interval, and it shows the neighbor adjacencies.
To verify interfaces for OSPFv3, use the show ospfv3 interfaces command:
RP/0/RSP0/CPU0:P2#show ospfv3 interface
Wed Jul 6 08:47:11.525 UTC

GigabitEthernet0/0/0/0 is up, line protocol is up


Link Local address fe80::4255:39ff:fe1f:2358, Interface ID 6
Area 0, Process ID 1, Instance ID 0, Router ID 10.2.1.1
Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 10.2.1.1, local address
fe80::4255:39ff:fe1f:2358
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Retransmit 5
Hello due in 00:00:05
Index 0/3/1, flood queue length 0
Next 0(0)/0(0)/0(0)
Last flood scan length is 4, maximum is 4
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Reference count is 0
<…output omitted…>

3-30 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
OSPF Load Balancing
This topic describes OSPF load balancing and the configuration of OSPF load balancing.

• OSPF can select several paths to destinations for load balancing.


• Paths have to be equal cost.
• The maximum number of paths is platform-dependent and is
configurable.
• You can ensure that paths are of equal cost by changing the OSPF cost
on a particular link.

P1 PE1

X
P2 PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-15

Load balancing allows a router to use multiple paths to a destination when it forwards packets.
In OSPF load balancing, paths have to be of equal cost to be used for load balancing. The
number of paths that can be used for load balancing is limited by the number of entries that the
routing protocol puts in the routing table. The maximum number of paths that can be used for
OSPF load balancing is platform-dependent and is configurable:
OSPF Load Balancing Per Cisco IOS XR Platform

Platform Maximum Number of Default Number of


Paths paths

Cisco Carrier Routing 32 32


System(Cisco CRS-1)

Cisco XR 12000 Series Router 16 16

Cisco ASR 9000 Series Router 8 8

For Cisco IOS XR Software, the maximum configurable number is 32, but the number 8 is
imposed by the platform. For Cisco IOS and IOS-XE Software maximum and default values,
please refer to the Cisco IOS and Cisco IOS XE Software Command Reference guides on
http://www.cisco.com.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-31
OSPF load balancing is done by Cisco Express Forwarding. Two general modes of load
balancing are supported: per-destination, where packets for a given destination are guaranteed
to take the same path even if multiple paths are available, and per-packet, which allows the
router to send successive data packets over different paths without regard to destination IP
address. By default, per-destination Cisco Express Forwarding load balancing is enabled.

Note Per-packet load balancing is generally not recommended because packets for a given
source-destination host pair might take different paths, which could introduce reordering of
packets and problems with stateful firewalls.

3-32 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Set the maximum number of paths to 2 on the P1 router
• Ensure that both paths are of equal cost

Cost = 30
P1 PE1
GE0/0/0/0
10
GE0/0/0/1 GE0/0/1
10 10

GE0/0/0/010
10.4.10.0/24
P2 Cost = 30 Cost = 10
PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-16

The figure shows an example that will serve as a configuration scenario. Set the maximum
number of OSPF paths to 2 on router P1 and make sure that the paths to network
10.4.10.0/24over router PE1 and router P2 are of equal cost.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-33
Cost = 30
P1 PE1
GE0/0/0/0
10
GE0/0/0/1 GE0/0/1
10 10

GE0/0/0/010
10.4.10.0/24
P2 Cost = 30 Cost = 10
PE2

router ospf 1
Specify the maximum
maximum paths 2
number of paths
area 0
interface GigabitEthernet0/0/0/0
cost 10
!
interface GigabitEthernet0/0/0/1
cost 10
Specify the OSPF
cost on an interface

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-17

Cisco IOS XR
To set the maximum number of OSPF paths, first enter the OSPF router configuration mode.
Then set the maximum number of paths using the maximum paths command, followed by a
number. The maximum number is imposed by the platform type. In the example, the maximum
number of paths is set to 2. Then you have to make sure that both outgoing interfaces have the
same OSPF cost. This is done using the cost command, followed by a number from 1 to
65,535. In the example, the OSPF cost is set to 10 on interfaces GigabitEthernet0/0/0/0 and
GigabitEthernet0/0/0/1.
The configuration for IPv6 is very similar:
router ospfv3 1
maximum paths 2
area 0
interface GigabitEthernet0/0/0/0
cost 10
!
interface GigabitEthernet0/0/0/1
cost 10

3-34 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco IOS and IOS XE
The following is the same configuration on the Cisco IOS and IOS XE platforms:
router ospf 1
maximum-paths 2
network 192.168.101.0 0.0.0.255 area 0
network 192.168.112.0 0.0.0.255 area 0
!
interface GigabitEthernet0/0/0
ip ospf cost 10
!
interface GigabitEthernet0/0/1
ip ospf cost 10
To configure the maximum number of paths on Cisco IOS and IOS XE routers, use the
maximum-paths command, followed by a number. The maximum number is imposed by
platform type and Cisco IOS Software release. To change the OSPF cost on an interface, use
the ip ospf cost command under the interface configuration mode, followed by a number from
1 to 65,535.
On Cisco IOS routers for IPv6, the configuration is similar:
router ipv6 ospf 1
maximum-paths 2
!
interface GigabitEthernet0/0/0
ipv6 ospf 1 area 0
ipv6 ospf cost 10
!
interface GigabitEthernet0/0/1
ipv6 ospf 1 area 0
ipv6 ospf cost 10

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-35
Cost = 30
P1 PE1
GE0/0/0/0
10
GE0/0/0/1 GE0/0/1
10 10

GE0/0/0/010
10.4.10.0/24
P2 Cost = 30 Cost = 10
PE2

router ospf 1 interface GigabitEthernet0/0/1


area 0 ip ospf cost 10
interface GigabitEthernet0/0/0/0
cost 10
Specify the OSPF
cost on an interface
Specify the OSPF
cost on an interface

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-18

You also have to make sure that interfaces on all of the other routers on both paths to the
10.4.10.0/24 network have the same OSPF cost. Because of this, the OSPF cost must also be
changed on the outgoing interfaces on routers P2 and PE1 as well.

3-36 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Displays routing table
RP/0/RSP0/CPU0:P1# show route
Fri Jul 1 09:30:35.687 UTC

Codes: C - connected, S - static, R - RIP, B - BGP


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, (!) - FRR Backup path

Gateway of last resort is not set

L 10.3.1.1/32 is directly connected, 1d19h, Loopback0


O 10.3.10.0/24 [110/2] via 192.168.134.40, 00:01:43, GigabitEthernet0/0/1
O 10.4.10.0/24 [110/30] via 192.168.103.31, 00:01:06, GigabitEthernet0/0/0
[110/30] via 192.168.134.40, 00:01:06, GigabitEthernet0/0/1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-19

To verify OSPF load balancing, display the routing table by using the show route command (or
the corresponding command for IPv6 or other Cisco platforms). You should see the two next
hops for a specific destination network. Observe that the metric is the same (cost = 30 in this
example) for both paths for destination 10.4.10.0/24.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-37
OSPF Authentication
This topic describes OSPF authentication mechanisms.

Hello

• OSPF authentication is used to prevent:


Hash
- Undesired adjacencies and thus rogue routes
to be inserted into OSPF
23r3f3r2dq3vq3v
- Changes in routing information
• OSPFv2: Hello
Authentication data:
- Plaintext authentication—avoid at all times! 23r3f3r2dq3vq3v

- MD5 authentication
- Authentication material is inserted into the
OSPF header of every OSPF packet and ?
checked by the other router
• OSPFv3 does not have an authentication 23r3f3r2dq3vq3v

mechanism; it relies on the IPsec build in


Hash
IPv6 instead
Hello

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-20

OSPF routing protocol supports the authentication of routing updates to prevent attacks to the
routing protocol. For example, an attacker might “poison” the routing table of the router by
sending a route toward one of the networks using very good cost, and traffic to this network
would be diverted to the attacker router. A similar situation applies to attackers that intercept a
routing update, change it, and then forward it to achieve the same thing. Authentication
prevents these attacks by authenticating each routing update. Authentication is accomplished by
the exchange of an authenticating material that is known to the sending and receiving router
only.
Both OSPFv2 and OSPFv3 support authentication. However, there is a significant difference in
authentication mechanisms in both protocols. OSPFv2 uses a built-in authentication mechanism
and supports plaintext or Message Digest 5 (MD5) authentication. Authentication material
(which is a plaintext password or MD5 hash produced from the key and routing update itself) in
OSPFv2 is inserted into the OSPF header and checked by the other router. Because the
password in plaintext authentication is sent across a line in cleartext, it is not considered safe,
and you should avoid it at all times.
OSPFv3 does not use a built-in authentication mechanism and relies on IPv6 native security
capabilities and native security stack, which uses IP Security (IPsec).

3-38 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
OSPFv2 Authentication
This topic describes OSPFv2 authentication.

• Cisco IOS XR:


- OSPFv2 authentication type and key can be configured at different levels:
• Routing process
• Area
• Interface
- If authentication is not configured on a lower level, the authentication settings
are inherited from a higher level.
• Cisco IOS and IOS XE:
- The authentication type can be configured per area in the router configuration
mode or per interface.
• If authentication is not configured per interface, the authentication type is
inherited from the area configuration.
- The authentication key can be configured only per interface.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-21

The OSPFv2 authentication type and key on Cisco IOS XR platforms can be configured at
different levels. Authentication can be specified for an entire OSPF routing process or area or
on an interface. An interface can be configured for only one type of authentication, not both.
Authentication that is configured for an interface overrides authentication that is configured for
the area or OSPF routing process. If authentication is not configured on a lower level (for
example, on an interface), then authentication is inherited from a higher level (for example,
from an area or OSPF routing process).
If you intend for all interfaces in an area to use the same type of authentication, you can
configure fewer commands if you use the authentication command in the area configuration
submode (and specify the message digest keyword if you want the entire area to use MD5
authentication). This strategy requires fewer commands than specifying authentication for each
interface.
The OSPF authentication type on the Cisco IOS and IOS XE platforms can be configured per
area in the OSPF router configuration mode or per interface. However, the authentication key
can be specified per interface only. If you intend for all interfaces in an area to use the same
type of authentication, you can configure fewer commands if you use the authentication
command in the area configuration. However, you still have to configure the authentication key
on each interface separately.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-39
OSPFv3 Authentication
This topic describes OSPFv3 authentication.

• OSPFv3 uses native functionality offered by IPv6:


- IPsec AH for authentication and integrity check
- IPsec ESP for encryption of payload
• Security policy definition on the router is mandatory:
- Security parameter index (SPI) value
- Hashing and encryption algorithms
- Keys for authentication and encryption
• Cisco IOS XR:
- OSPFv3 IPsec authentication and encryption can be configured at the same
levels as with OSPFv2.
• Cisco IOS and IOS XE:
- OSPFv3 IPsec authentication and encryption can be configured per area in
the router configuration mode or per interface.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-22

OSPFv3 uses IPv6 native security capabilities and native security stack. Two possible protocols
are available:
 Authentication Header (AH) for authentication and integrity check
 Encapsulating Security Payload (ESP) for encrypting the payload—the routing updates
themselves and authentication and integrity check

Using an IPsec connection for OSPFv3 authentication requires you to define a security policy
for every neighbor router. The security policy defines which protocol is used for
communication (that is, AH or ESP), hashing and encryption algorithm, keys, and the security
parameter index (SPI) value.
On Cisco IOS XR platforms, OSPFv3 authentication or encryption can be configured at the
same levels as with OSPFv2: the OSPF routing process, area, or interface. The concept of
inheritance applies as with OSPFv2 authentication.
On Cisco IOS and IOS XE platforms, OSPFv3 authentication or encryption can be configured
per area in the OSPF router configuration mode or per interface.

3-40 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
OSPF Authentication Configuration Scenario
This topic explains OSPFv2 and OSPFv3 authentication configuration.

• Enable OSPFv2 MD5 authentication between P1 and PE1


• Enable OSPFv3 SHA-1 authentication between P1 and PE1

P1 PE1
GE0/0/0/0 GE0/0/0

P2 PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-23

The figure shows an example that will serve as a configuration scenario. You will configure
OSPFv2 MD5 authentication on router P1 (Cisco IOS XR Software) on the
GigabitEthernet0/0/0/0 interface and on router PE1 (Cisco IOS Software) on the
GigabitEthernet0/0/0 interface. Because the OSPFv3 authentication configuration is
significantly different from OSPFv2, you will also enable Secure Hash Algorithm 1 (SHA-1)
authentication between routers P1 and PE1.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-41
P1 PE1
GE0/0/0/0 GE0/0/0

P2 PE2
router ospf 1
area 0
interface GigabitEthernet0/0/0/0 Configure
authentication message-digest OSPFv2 MD5
message-digest-key 1 md5 do4T7Ihl6g authentication
!
!
router ospfv3 1
area 0 Configure OSPFv3
interface GigabitEthernet0/0/0/0 SHA-1
authentication ipsec spi 256 sha1 Ba1… authentication

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-24

Cisco IOS XR
To enable OSPFv2 authentication, enter the OSPF router configuration mode, enter the area
subconfiguration mode, and enter the interface subconfiguration mode. First, specify the MD5
authentication type using the authentication message-digest command. Then specify the
actual key using the message-digest-key md5 command, with key-ID, and the actual key. Key-
ID in the example is 1, and the actual key is do4T7Ihl6g. The key-ID and key must match on
both routers where authentication is being enabled.
To enable OSPFv3 authentication, enter the OSPF router configuration mode, enter the area
subconfiguration mode, and enter the interface subconfiguration mode. Then specify
authentication using the authentication ipsec spi command, followed by an SPI index, hashing
method, and a key. The key must be of the correct length; the SHA uses a 160-bit long key, so
the key must be a 40-hexadecimal long number. In the example, the SPI index is 256, and the
hashing algorithm is SHA. (The full 40-hexadecimal long key is not shown in the figure.)
To configure encryption of OSPFv3, use the encryption ipsec spi command. In this case, you
also have to specify the encryption algorithm and encryption key.

3-42 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
P1 PE1
GE0/0/0/0 GE0/0/0

P2 PE2

interface GigabitEthernet0/0/0 Configure


ip ospf authentication message-digest OSPFv2 MD5
ip ospf message-digest-key 1 md5 do4T7Ihl6g authentication
!
interface GigabitEthernet0/0/0
ipv6 ospf authentication ipsec spi 256 sha1 BA1…
Configure OSPFv3
SHA-1
authentication

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-25

Cisco IOS and IOS XE


The figure shows a configuration for IPv4 and IPv6 on the Cisco IOS and IOS XE router. To
enable OSPFv2 MD5 authentication, use the ip ospf authentication message-digest command
under the interface configuration mode. Then specify the key-ID and key using the message-
digest-key md5 command.
To configure OSPFv3 SHA authentication, use the ipv6 ospf authentication ipsec spi
command, followed by an SPI index, hashing method, and a key. The key must be of the
correct length; the SHA uses a 160-bit long key, so the key must be a 40-hexadecimal long
number. In the example, the SPI index is 256, and the hashing algorithm is SHA. (The full 40-
hexadecimal long key is not shown in the figure.) To configure encryption of OSPFv3, use the
ipv6 ospf encryption ipsec spi command. In this case, you also have to specify the encryption
algorithm and encryption key.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-43
OSPF Troubleshooting
This topic describes OSPF troubleshooting steps.

show ospf
neighbors show route

No OSPF Yes Yes OSPF routes


Verify OSPF Verify
routes in the in the routing
adjacencies routing table
routing table table

No No
Verify interfaces
status, MTU, hello Verify associated
packet information, interfaces
and authentication
show protocols
show ip interface
debug ospf 1 adj

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-26

To troubleshoot an OSPF operation, follow these high-level steps:


1. First, verify OSPF adjacencies by using the show ospf neighbors command. If there are no
neighbors, verify whether the interfaces are up and if the same maximum transmission unit
(MTU) is configured on both routers. OSPF requires the same MTU on the interfaces on
both routers for an adjacency to be established. Both can be verified using the show ip
interfaces command. Then verify whether required values in hello packets match, and
verify whether the same authentication type and key are configured on both routers. This
can be verified by using the debug ospf adj command, where you also provide the OSPF
process ID number.
2. When adjacencies are established, and there are no routes in the routing table, verify
whether OSPF is enabled on the correct interfaces on the neighboring router. This can be
verified using the show protocols ospf command.

Note Use all debug commands with caution. When verification is complete, use the no debug all
or undebug all command to disable debugging.

3-44 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Summary
This topic summarizes the key points that were discussed in this lesson.

• OSPF is a link-state routing protocol that uses a hierarchy for fast


convergence.
• OSPF routers must recognize each other as neighbors before they can
exchange routing informationč
• OSPF uses cost as a metric.
• It is recommended to use the loopback interface for router ID.
• To enable OSPF routing, you have to create an OSPF process and
optionally set the router ID.
• Interfaces have to be explicitly enabled for the OSPF process.
• Enabling an interface for OSPF means to enable OSPF on the interface
and to advertise a network on the interface.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-27

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-45
• OSPF supports load balancing. The maximum number of paths is
platform-dependent.
• OSPF supports authentication to prevent undesired adjacencies and
changes in routing information.
• OSPFv2 supports plaintext and MD5 authentication.
• OSPFv3 does not use a built-in authentication mechanism and relies on
IPv6 native security capabilities, which uses IP Security.
• You can configure OSPF authentication at different configuration levels.
• You can use several show and debug commands for OSPF
troubleshooting.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-28

For additional information, refer to these resources:


 OSPF Design Guide
http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.sht
ml
 How Does Load Balancing Work?
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094820.shtml
 Load Balancing with Cisco Express Forwarding
http://www.cisco.com/en/US/products/hw/modules/ps2033/prod_technical_reference09186
a00800afeb7.html

3-46 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 3

Implementing IS-IS
Overview
Intermediate System-to-Intermediate System (IS-IS) routing protocol is another link-state
routing protocol that is common in service provider environments. Understanding IS-IS
operations and IS-IS configuration is thus fundamental for network engineers who are working
in service provider environments.
This lesson describes the operation and configuration of single-area IS-IS, including load
balancing and authentication. It starts with IS-IS basics and basic configuration, and then it
shows how to enable IS-IS on router network interfaces. The lesson continues on how to
improve IS-IS operations by customizing load balancing and changing IS-IS metrics. The
lesson concludes with how to secure IS-IS routing protocol by configuring IS-IS authentication.
The lesson also shows high-level troubleshooting steps that are needed to troubleshoot IS-IS
networks.

Objectives
Upon completing this lesson, you will be able to describe the operation and configuration of
single-area IS-IS, including load balancing and authentication. You will be able to meet these
objectives:
 Describe the basics IS-IS concepts
 Describe IS-IS features
 Describe CLNS addressing
 Describe the IS-IS metric
 Explain basic single-area IS-IS configuration (NET address, IS-IS router type, and enabling
wide-style metrics)
 Describe how to associate interfaces with the IS-IS process
 Explain basic single-area IS-IS implementation (enabling interfaces for IS-IS)
 Describe IS-IS load balancing and how to configure and verify it
 Describe IS-IS authentication and how to configure IS-IS authentication
 Describe IS-IS troubleshooting steps
IS-IS Basics
This topic describes the basics IS-IS concepts.

• Link-state routing protocol:


- Uses the Dijkstra SPF algorithm
- Uses hellos to establish adjacencies and LSPs to exchange link-state
information
- Efficient use of bandwidth, memory, and processor
• Hierarchical design:
- Level 1 used within areas
- Level 2 interconnects areas

IS-IS Area 2

Level 2 Level 2
Area 1 Area 3

Level 1–2 Level 1–2

Level 1 Level 1
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-3

Like Open Shortest Path First (OSPF), IS-IS is also a link-state protocol that uses the Dijkstra
algorithm, in which each router has identical topology information for its area. IS-IS is part of
the Open Systems Interconnection (OSI) standard protocol suite and originally was used with
Connectionless Network Service (CLNS). IS-IS refers to a router as an intermediate system and
enables communication between routers.
Each router is identified by using a unique network service access point (NSAP) address, which
is part of the CLNS protocol. IS-IS still uses CLNS to maintain adjacencies and build Shortest
Path First (SPF) trees, but the integrated version of IS-IS can be used for other protocols such
as IP. IS-IS uses hellos to establish adjacencies and link-state packets (LSPs) to exchange link-
state information. IS-IS uses bandwidth, memory, and processors efficiently because it is a
link-state protocol and because it supports hierarchical design.
The IS-IS autonomous system (AS) can be divided into several areas. When using multiarea
design, there are two levels of routing:
 Level 1 routing occurs within an IS-IS area. It recognizes the location of routers and then
builds a routing table to reach each router. All devices in a level 1 routing area have the
same area address. Routing within an area is accomplished by looking at the locally
significant address portion (known as the system ID) and choosing the lowest-cost path.
 Level 2 routers learn the locations of other routing areas and build an interarea routing
table. All routers in a level 2 routing area use the destination area address to route traffic
using the lowest-cost path.

3-48 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
To support the two routing levels, IS-IS defines three types of routers:
 Level 1: Level 1 routers learn about paths within the areas that they connect to (that is,
intra-area).
 Level 2: Level 2 routers learn about paths between areas (that is, interarea).
 Level 1–2: Level 1–2 routers learn about paths both within and between areas.

The path of connected level 2 and level 1–2 routers is called the backbone. All areas and the
backbone must be contiguous.

Note Area boundaries fall on the links. Each IS-IS router belongs to exactly one area.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-49
IS-IS Features
This topic describes IS-IS features.

• Service providers originally deployed IS-IS because the U.S.


government mandated Internet support of OSI and IP.
• IS-IS was originally designed as the IGP for the Connectionless Network
Service (CLNS), which is part of the OSI protocol suite.
• The OSI protocol suite Layer 3 protocol is the Connectionless Network
Protocol (CLNP).
• IS-IS uses CLNS addresses to identify routers and build the LSDB.
• IS-IS does not use IP for transport; IP independence makes IS-IS easily
extendable.
• Integrated IS-IS also carries IPv4 and IPv6 routing information in its
updates.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-4

IS-IS is a popular IP routing protocol in service provider environments. The simplicity and
stability of IS-IS make it robust in large internetworks. IS-IS is found in large service providers
because of their unique requirements for scalability, convergence, and stability.
IS-IS development began before development of OSPF. The U.S. government required support
for OSI and IP protocols in the early Internet. Although this requirement was later dropped, IS-
IS met both constraints. IS-IS was therefore used as a routing protocol for CLNS, which is a
part of the OSI suite that provides connectionless delivery of data. The actual Layer 3 protocol
is Connectionless Network Protocol (CLNP).
IS-IS hello packets and LSPs do not use IP for a transport. IS-IS packets are encapsulated
directly in a data-link frame instead. Because of this, IS-IS is independent of the protocol and is
easily extendable. The IS-IS packets contain variable-length fields, depending on the function
of the packet. Each field contains a type code, a length, and the appropriate values; this
information is known as the type, length, value (TLV). Two types of TLV also carry
information about IPv4 and IPv6 networks that are connected to routers. Support for newer
protocols could be easily implemented just by adding a new type of TLV.

3-50 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
CLNS Addresses
This topic describes CLNS addressing.

• Integrated IS-IS requires CLNS addresses even if they are used for IP
only.
• The most commonly used NSAP format for IS-IS follows:
- AFI set to 49 (private address; 2 bytes)
- Area ID (4 bytes)
- System ID (6 bytes)
- NSEL (2 bytes) should be 00
• The CLNS address with the NSEL set to 00 is called the NET address.
• The loopback IP address (or pseudo router ID) can be encoded into the
system ID.

49 . 0001 . 1921 . 6800 . 1001 . 00


AFI AREA S y s t e m I D NSEL

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-5

CLNS addresses that are used by routers are called NSAP addresses. Unlike IP addresses,
NSAP addresses apply to entire nodes and not to interfaces. The NSAP address is equivalent to
the combination of the IP address and upper-layer protocol in an IP header.
NSAP addresses have a maximum size of 20 bytes. The high-order bits identify the interarea
structure, and the low-order bits identify unique systems within an area.
IS-IS LSPs use NSAP addresses to identify the router and build the topology table and the
underlying IS-IS routing tree; IS-IS therefore requires NSAP addresses to function properly,
even if it is used only for routing IP.
The simplest NSAP format, which is used by most companies that are running IS-IS as their
interior gateway protocol (IGP), comprises the following:
 The area address: It must be at least 1 byte and separated into two parts:
— The authority and format identifier (AFI), which is set to 49, signifies that the AFI is
locally administered and therefore individual addresses can be assigned by the
company.
— The area identifier represents the octets of the area address after the AFI.
 A system ID: Cisco routers that are compliant with the U.S. Government Open Systems
Interconnection Profile (GOSIP) version 2.0 standards require a 6-byte system ID. The
MAC address of an interface or IP address (that is recommended to use a loopback
interface) could be encoded into the system ID.
 The NSAP Selector (NSEL): The NSEL identifies a process on the device and
corresponds roughly to a port or socket in IP. The NSEL is not used in routing decisions. It
must always be set to 00 for a router.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-51
The NSAP is called the network entity title (NET) when it has an NSEL of 0. Routers use the
NET to identify themselves in the IS-IS protocol data units (PDUs).
For example, you might assign 49.0001.1921.6800.1001.00, which represents the following:
 AFI of 49
 Area ID of 0001
 System ID of 1921.6800.1001 and the IP address of an interface, which is written with
leading zeros, where four numbers are grouped and divided by dot(.).
 NSEL of 00

3-52 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
IS-IS Metric
This topic describes the IS-IS metric.

• IS-IS uses by default a narrow-style metric, which is limited to a 6-bit


interface and a 10-bit path metric.
• A wide-style metric allows a 24-bit interface and a 32-bit path metric, but
they must be enabled.
• The IS-IS metric is not bound to interface bandwidth, and the metric of
all interfaces is set to 10 by default.
• The path metric is a cumulated metric of all links on the path to
destinations.
Metric = 40
P1 PE1

Metric = 10

Metric = 10 Metric = 20

Metric = 10
X
P2 Metric = 30 Metric = 10
PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-6

The path metric that is used by IS-IS is similar to one that is used by OSPF; the path metric is a
cumulated metric of all links on the path to destinations. However, there is a significant
difference in how the metric is calculated. With IS-IS, the metric does not relate to interface
bandwidth. Instead, the IS-IS metric is set to 10 by default on all interfaces, and it should be
changed to reflect the actual cost of a link.
Another issue with the IS-IS metric is that it uses narrow metrics that are limited to a maximum
interface metric of 63 (6 bits) and a maximum total path metric of 1023 (10 bits). This small
metric value proved insufficient for large networks and provided too little granularity for new
features such as traffic engineering (TE) and other applications, especially with high-bandwidth
links. It is recommended that the IS-IS metric enable wide metrics, which allow a 24-bit
interface and a 32-bit path metric.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-53
IS-IS Configuration Scenario
This topic explains basic single-area IS-IS configuration (NET address, IS-IS router type, and
enabling wide-style metrics).

• Enable single-area IS-IS


• Set NET address
• Change router type to level 2
• Enable wide-style metrics for IPv4

P1 PE1
IS-IS
Loopback0 Area 0 Loopback0

Loopback0 Loopback0
10.2.1.1/32 10.2.10.1/32
P2 NET PE2
49.0000.0100.0200.1001.00

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-7

The figure shows an example that will serve as a configuration scenario. Single-area IS-IS will
be configured and the NET address will be configured, using an extended IP address of a
loopback interface. All IS-IS routers are level 1–2 by default, which means they have separate
databases for level 1 (routing within an area) and level 2 (routing between areas). Because
single-area IS-IS is being configured, only level 2 routers are needed.

Note Routers in the example also could be configured as level 1 routers only. However, for the
sake of scalability, it is recommended to use level 2 routers in a single-area IS-IS routing
domain.

In the example, wide-style metrics also will be enabled for IPv4.

Note Because IS-IS is a multiprotocol routing protocol (which means that it can route for several
routed protocols), only one routing protocol process is needed on the router. Configuration
of IS-IS for IPv4 and IPv6 is thus the same. Different IS-IS features are enabled separately
for IPv4 and IPv6 under different address families as will be shown in the configuration
example.

3-54 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
P1 PE1
IS-IS
Loopback0 Area 0 Loopback0

Loopback0 Loopback0
10.2.1.1/32 10.2.10.1/32
P2 NET PE2
49.0000.0100.0200.1001.00 Configure the
Enable the IS-
NET address
IS process
Configure the router isis 1
NET address net 49.0000.0100.0201.0001.00
router isis 1 is-type level-2-only
net 49.0000.0100.0200.1001.00 metric-style wide
is-type level-2-only Change router
Change the type to level 2
address-family ipv4 unicast
router type to
metric-style wide Enable the wide-
level 2
style metric for
IPv4
Enable wide-style metric
for an address family

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-8

Cisco IOS XR
To enable the IS-IS process, use the router isis command, followed by the process name. The
process name is any alphanumeric string that is no longer than 40 characters without spaces. To
set the NET address, use the net command, followed by the address. Then use the is-type level-
2-only command to change the router type to level 2. Wide-style metrics are separately enabled
for IPv4 and IPv6; configuration should be performed under the address family. Use the
address-family ipv4 unicast command to enter the configuration submode for IPv4 and then
the metric-style wide command to enable wide-style metrics.
The configuration for IPv6 is very similar:
router isis 1
net 49.0000.0100.0200.1001.00
is-type level-2-only
address-family ipv6 unicast
metric-style wide

Cisco IOS and IOS XE


This configuration is very similar to the configuration on Cisco IOS XR Software. When
enabling wide-style metrics, this is done for the entire IS-IS process and not for a specific
address family.
Because IS-IS is multiprotocol routing protocol, configuration for IPv6 is the same as for IPv4.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-55
Adding Interfaces to IS-IS
This topic describes how to associate interfaces with the IS-IS process.

• Interfaces have to be explicitly enabled for the IS-IS process.


• Adding an interface to IS-IS means to enable IS-IS on the interface and
to advertise a network on the interface.
• Different ways to add an interface to the IS-IS process that are based on
router platform follow:
- Specify the interface under the router configuration mode (Cisco IOS XR)
- Specify the IS-IS process under the interface configuration mode (Cisco IOS
and IOS XE)

P1 PE1
IS-IS
Area 0

X
P2 PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-9

Once the IS-IS process is started, IS-IS has to be explicitly enabled on a network interface.
Enabling IS-IS on an interface means to advertise the network on the interface and to start the
IS-IS Hello protocol and LSP exchange on the interface.
There are different ways to enable the interface for IS-IS that are based on router platform:
 Specify interfaces that should be enabled for IS-IS in the router configuration mode. This
applies to Cisco IOS XR platforms, for both IPv4 and IPv6.
 Specify the IS-IS process name under the interface configuration mode for interfaces that
you would like to enable. This applies to Cisco IOS and IOS XE platforms, for both IPv4
and IPv6.

3-56 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
IS-IS Implementation Scenario
This topic explains basic single-area IS-IS configuration and verification (enabling interfaces
for IS-IS).

• Enable single-area IS-IS for IPv4 on:


- Loopback interfaces
- GigabitEthernet0/0/0/0 and GigabitEthernet0/0/0 interfaces

P1 PE1
IS-IS
Area 0

Loopback0 192.168.102.0/24 Loopback0


10.2.1.1/32 10.2.10.1/32
GE0/0/0/0 GE0/0/0
P2 .20 .21 PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-10

The figure shows an example that will serve as a configuration scenario. Single-area IS-IS for
IPv4 will be enabled on router P2 (Cisco IOS XR Software) on the Loopback0 and
GigabitEthernet0/0/0/0 interfaces and on router PE2 (Cisco IOS Software) on the Loopback0
and GigabitEthernet0/0/0 interfaces.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-57
P1 PE1

Loopback0 192.168.102.0/24 Loopback0


10.2.1.1/32 10.2.10.1/32
GE0/0/0/0 GE0/0/0
P2 .20 .21 PE2

router isis 1 Specify an interface GigabitEthernet0/0/0


interface Loopback0 interface ip router isis 1
address-family ipv4 unicast !
! interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/0/0 ip router isis 1
address-family ipv4 unicast
Specify IS-IS
process
Enable IS-IS on an interface
for an address family

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-11

Cisco IOS XR
On Cisco IOS XR Software, interfaces are enabled for IS-IS by specifying interfaces under the
router configuration mode. First, enter the router configuration mode by using the router isis
command. Then specify the interface names and specify an address family for which you would
like to enable IS-IS. In the example, interfaces Loopback0 and GigabitEthernet0/0/0/0 are
enabled for IPv4, so the address-family IPv4 unicast command is used.
The configuration for IPv6 is very similar:
router isis 1
interface Loopback0
address-family ipv6 unicast
!
interface GigabitEthernet0/0/0/0
address-family ipv6 unicast

Cisco IOS and IOS XE


On Cisco IOS and IOS XE Software, interfaces are enabled for IS-IS by specifying the router
process under the interface configuration mode. To enable IS-IS on an interface for IPv4, first
enter the interface configuration mode and then specify the IS-IS process name using the ip
router isis command, followed by the IS-IS process name.
The following example shows how to enable IS-IS on an interface on Cisco IOS and IOS XE
Software for IPv6:
interface GigabitEthernet0/0/0
ipv6 router isis 1
!
interface GigabitEthernet0/0/0
ipv6 router isis 1

3-58 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Displays if IS-IS is configured
RP/0/RSP0/CPU0:P2# show protocols isis

IS-IS Router: 1
System Id: 0100.0200.1001
IS Levels: level-2-only
Manual area address(es):
49.0000
Routing for area address(es):
49.0000
Non-stop forwarding: Disabled
Most recent startup mode: Cold Restart
Topologies supported by IS-IS:
IPv4 Unicast
Level-2
Metric style (generate/accept): Wide/Wide
Metric: 10
ISPF status: Disabled
No protocols redistributed
Distance: 115
Interfaces supported by IS-IS:
Loopback0 is running actively (active in configuration)
GigabitEthernet0/0/00/ is running actively (active in configuration)

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-12

To verify if IS-IS is running and how it is configured, use the show protocols isis command.
The command displays the system ID, IS-IS levels, area address, topologies that are supported,
metric style, administrative distance, and enabled interfaces.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-59
• Displays IS-IS neighbors
RP/0/RSP0/CPU0:P2# show isis neighbors

IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
P1 Gi0/0/0/0 e8b7.482c.a2a0 Up 26 L2 Capable

• Displays routing table


RP/0/RSP0/CPU0:P2# show route
Mon Jul 11 10:34:48.202 UTC

Codes: C - connected, S - static, R - RIP, B - BGP


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, (!) - FRR Backup path

Gateway of last resort is not set

L 10.2.1.1/32 is directly connected, 1w4d, Loopback0


i L2 10.2.10.1/32 [115/20] via 192.168.134.40, 01:47:44, GigabitEthernet0/0/0/0
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-13

To verify IS-IS neighbors, use the show isis neighbors command, which shows neighbors on
an interface basis. The command displays the system ID (which is by default dynamically
mapped to the neighbor hostname), interface through which the neighbor is reachable, data-link
address (also known as the subnetwork point of attachment [SNPA]) of the neighbor, adjacency
state of the neighboring interface, holdtime of the neighbor, and type of adjacency.
The show route command displays the routes that are known to the router and how they were
learned. Routes that are marked with “” were learned via IS-IS. Routes are additionally marked
with “L1” and “L2” to indicate whether routes are interarea or intra-area. The output shows a
distant network, administrative distance, metric, next-hop IP address, the last time the route was
updated, and outgoing interface.
To verify IPv6 routes, use the show route ipv6 command. The output is the same, except the IP
addresses that are shown are IPv6 addresses. Next-hop IP addresses in the IPv6 routing table
are always link-local IP addresses.

3-60 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Displays IS-IS information on an interface
RP/0/RSP0/CPU0:P2# show isis interface

GigabitEthernet0/0/0/0 Enabled

<…output omitted…>
IPv4 Unicast Topology: Enabled
Adjacency Formation: Running
Prefix Advertisement: Running
Metric (L1/L2): 10/10
MPLS LDP Sync (L1/L2): Disabled/Disabled
<…output omitted…>

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-14

To verify the IS-IS configuration on an interface, use the show isis interfaces command. This
command can be used to verify the IS-IS metric on an interface.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-61
IS-IS Load Balancing
This topic describes IS-IS load balancing and how to configure and verify it.

• As OSPF, IS-IS can select several paths to destinations for load


balancing.
• Paths have to have equal metrics.
• The maximum number of paths is platform-dependent and is
configurable.
• You can ensure that paths are of equal cost by changing the IS-IS metric
on a particular link.

P1 PE1

X
P2 PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-15

As with OSPF, IS-IS can select several equal cost paths to destinations as well. You can ensure
that paths have equal metrics by changing the IS-IS metric on a particular link.
The maximum number of paths that can be used for IS-IS load balancing is platform-dependent
and is configurable:
IS-IS Load Balancing Per Cisco Platform

Platform Maximum Number of Paths Default Number of paths

Cisco Carrier Routing System 32 32


(Cisco CRS-1)

Cisco XR 12000 Series Router 16 16

Cisco ASR 9000 Series Router 8 8

IS-IS load balancing is done by Cisco Express Forwarding. Therefore, the same rules apply to
IS-IS and OSPF load balancing.

3-62 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• Set the maximum number of paths to 2 on router P1.
• Change the IS-IS metric on GigabitEthernet0/0/0/0 and
GigabitEthernet0/0/0/1 on router P1 to 100.

Cost = 120
P1 PE1
GE0/0/0/0
100
GE0/0/0/1 GE0/0/1
100 10

10
10.2.10.1/32
P2 Cost = 120 Cost = 10
PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-16

The figure shows an example that will serve as a configuration scenario. Set the maximum
number of IS-IS paths to 2 on router P1. You will also change the IS-IS metric on the
GigabitEthernet0/0/0/0 and GigabitEthernet0/0/0/1 interfaces on router P1 to 100.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-63
Cost = 120
P1 PE1
GE0/0/0/0
100
GE0/0/0/1 GE0/0/1
100 10

10
10.2.10.1/32
P2 Cost = 120 Cost = 10
PE2

router isis 1
address-family ipv4 unicast Specify the maximum number
maximum-paths 2 of paths for an address family
!
interface GigabitEthernet0/0/0/0
address-family ipv4 unicast Specify the IS-IS metric on an
metric 100 interface for an address family
!
interface GigabitEthernet0/0/0/1
address-family ipv4 unicast
metric 100

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-17

Cisco IOS XR
To set the maximum number of IS-IS paths, first enter the router configuration mode. Then
enter the proper address family using the address-family command. In the example, the
maximum number of paths will be set for IPv4. Then set the maximum number of paths using
the maximum-paths command, followed by a number. The maximum number is imposed by
platform type. In the example, the maximum number of paths is set to 2.
To change the IS-IS metric on an interface, enter the interface configuration mode under the
router configuration mode and enter the proper address family using the address-family
command. Then specify the metric using the metric command, followed by a number. The
range is 1 to 63 for a narrow metric and 1 to 16,777,214 for a wide metric.
In the example, the IS-IS metric is set to 100 on interfaces GigabitEthernet0/0/0/0 and
GigabitEthernet0/0/0/1.
The configuration for IPv6 is very similar:
router isis 1
address-family ipv6 unicast
maximum-paths 2
!
interface GigabitEthernet0/0/0/0
address-family ipv6 unicast
metric 100
!
interface GigabitEthernet0/0/0/1
address-family ipv6 unicast
metric 100

3-64 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Cisco IOS and IOS XE
The following is the configuration for IPv4 on the Cisco IOS and IOS XE router:
router isis 1
maximum-paths 2
!
interface GigabitEthernet0/0/0
isis metric 100
!
interface GigabitEthernet0/0/1
isis metric 100
To set the maximum number of paths, use the maximum-paths command, followed by a
number. The maximum number is imposed by the platform type and Cisco IOS Software
release. To change the IS-IS metric on an interface, use the isis metric command under the
interface configuration mode, followed by a number from 1 to 16,777,214.
For IPv6, the configuration is similar:
router isis 1
address-family ipv6 unicast
maximum-paths 2
!
interface GigabitEthernet0/0/0
isis ipv6 metric 100
!
interface GigabitEthernet0/0/1
isis ipv6 metric 100

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-65
• Displays routing table
RP/0/RSP0/CPU0:P1# show route
Fri Jul 1 09:30:35.687 UTC

Codes: C - connected, S - static, R - RIP, B - BGP


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, (!) - FRR Backup path

Gateway of last resort is not set

L 10.3.1.1/32 is directly connected, 1d19h, Loopback0


i L2 10.2.10.1/32 [115/120] via 192.168.101.11, 00:00:07, GigabitEthernet0/0/0/0
[115/120] via 192.168.112.20, 00:00:07, GigabitEthernet0/0/0/1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-18

To verify IS-IS load balancing, display the routing table using the show route command (or
corresponding command for IPv6 or other Cisco platforms). You should see two next hops for
a specific destination network. Observe that the metric is the same (120) for both paths to
destination 10.2.10.1./32.

3-66 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
IS-IS Authentication
This topic describes IS-IS authentication and how to configure IS-IS authentication.

• As with OSPF, IS-IS authentication is used to prevent:


- Undesired adjacencies and thus rogue routes to be inserted into IS-IS
- Changes in routing information
• Authentication types:
- Plaintext authentication—avoid at all times!
- MD5 authentication
• IS-IS authentication can be separately configured for two types of IS-IS
packets:
- Authentication of hello packets—configured at interface level
- Authentication of LSPs—configured at routing process level

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-19

As with OSPF, IS-IS authentication is used to secure routing protocol by preventing undesired
adjacencies and changes in routing information. IS-IS authentication is accomplished by the
exchange of an authenticating material inside IS-IS packets that is known to the sending and
receiving router only. IS-IS supports plaintext and Message Digest 5 (MD5) authentication.
Authentication material (that is, a plaintext password or MD5 hash produced from a key and
routing update itself) in IS-IS is inserted into an IS-IS packet and checked by other routers.
Because the password in plaintext authentication is sent across a line in cleartext, it is not
considered safe, and you should avoid it at all times.
IS-IS authentication can be configured separately for two types of IS-IS packets:
 Authentication of hello packets: Each hello packet is authenticated. If authentication is
not successful, adjacencies are not established. Authentication of hello packets is
configured on a per-interface basis and is configured at the interface level.
 Authentication of LSP packets: Each LSP packet is authenticated. If authentication is not
successful, information about distant networks is not received. Authentication of LSP
packets is configured globally per routing process and is configured at the routing process
level.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-67
• Enable IS-IS MD5 hello packet authentication between P1 and PE1
• Enable IS-IS MD5 LSP packet authentication on P1 and PE1

P1 PE1
GE0/0/0/0 GE0/0/0

P2 PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-20

The figure shows an example that will serve as a configuration scenario. You will configure IS-
IS MD5 hello packet authentication between routers P1 and PE1. You will also configure MD5
LSP packet authentication on router P1 and PE1. Because IPv4 and IPv6 routing information is
carried in the same LSP packets, authentication is enabled for both protocols.

3-68 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
P1 PE1
GE0/0/0/0 GE0/0/0

P2 PE2
Enable LSP packet
authentication Configure key chain with
router isis 1 key chain IS-IS key ID and key string
lsp-password hmac-md5 do4T7Ihl6g key 1
interface GigabitEthernet0/0/0/0 key-string do4T7Ihl6gEnable hello packet
hello-password hmac-md5 do4T7Ihl6g ! authentication
interface GigabitEthernet0/0
isis authentication mode md5
Enable hello packet isis authentication key-chain IS-IS
authentication Enable LSP packet !
authentication router isis 1
authentication mode md5
authentication key-chain IS-IS

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-21

Cisco IOS XR
To enable IS-IS LSP packet authentication, enter the router configuration mode and then use
the lsp-password hmac-md5 command, followed by a key. To enable IS-IS hello packet
authentication, enter the interface configuration mode under the router configuration mode and
use the hello-password hmac-md5 command, followed by a key. In the example, hello
authentication is configured on the GigabitEthernet0/0/0/0 interface.

Note For a complete command reference, refer to Cisco IOS XR Software Command Reference
guides on Cisco.com.

Cisco IOS and IOS XE


IS-IS authentication using MD5 hash is configured using key chains. Key chains are a
configuration object that can obtain several keys with validity. Key chains make the transition
between different keys very easy because you can specify two keys inside a key chain, with a
slightly overlapping validity.
In the example, a simple key chain is created that contains only one key with infinite validity.
To create a key chain, use the key chain command, followed by a key chain name. Then
specify the key ID using the key command. The range of keys is from 0 to 2,147,483,647. Then
enter the actual key using the key-string command.
To enable IS-IS LSP packet authentication, enter the router configuration mode and first use the
authentication mode md5 command to specify that MD5 will be used for authentication. Then
use the authentication key-chain command to specify the key chain that contains the actual
key.
To enable IS-IS hello packet authentication, enter the interface configuration mode and first use
the isis authentication mode md5 command to specify that MD5 will be used for
authentication. Then use the isis authentication key-chain command to specify the key chain
that contains the actual key.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-69
IS-IS Troubleshooting
This topic describes IS-IS troubleshooting steps.

show isis neighbors show route

Verify IS-
No IS-IS Yes Verify Yes IS-IS routes
IS
routes in the routing in the routing
adjacenci
routing table table table
es

No No

Verify interfaces Verify associated


status, MTU, and interfaces,
hello authentication administrative
distance issues,
metric style, and
LSP authentication
show ip interface
debug isis packet-errors
show protocols isis
debug isis packet-errors

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-22

To troubleshoot an IS-IS operation, follow the following high-level steps:


Step 1 First verify IS-IS adjacencies using the show isis neighbors command. If there are
no neighbors, verify whether interfaces are up and if the same maximum
transmission unit (MTU) is configured on both routers. IS-IS hello packets are by
default padded to the full interface MTU size. If there is an interface MTU mismatch
on two routers, the router with the higher interface MTU will pad IS-IS hello packets
to full MTU size. This hello packet will be discarded on the interface of the other
router, which uses a smaller interface MTU. A MTU mismatch will result in the
router with the higher MTU on an interface being stuck in the initial state (INIT
state), while the router with the lower MTU on an interface will not know anything
about the other IS-IS router. To resolve this problem, you have to make sure that
both sides of the link use the same MTU. Both can be verified using the show ip
interfaces command. Verify also whether the same authentication type and key are
configured on both routers. This can be verified using the debug isis packet-errors
debugging command. The following is debugging output that indicates
misconfigured hello authentication:
RP/0/RSP0/CPU0:Jul 11 14:13:24.965 : isis[1002]: BAD L2 LAN
IIH rcvd from GigabitEthernet0/0/0/0 SNPA e8b7.482c.a210:
dropped because authentication TLV not found

3-70 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Step 2 When adjacencies are established, and there are no routes in the routing table, verify
whether IS-IS is enabled on the correct interfaces on the neighboring router. Verify
also whether the same route has been learned through a routing protocol with lower
administrative distance. You should also verify whether all routers use the same
metric style because different metric styles on routers can cause problems. All of
that can be verified using the show protocol isis command. Finally, verify whether
LSP packet authentication is misconfigured. Use the debug isis packet-errors
debugging command. The following is debugging output that indicates
misconfigured LSP authentication:
RP/0/RSP0/CPU0:Jul 11 14:15:11.313 : isis[1002]: BAD L2 CSNP
rcvd from GigabitEthernet0/0/0/0 SNPA e8b7.482c.a210: dropped
because authentication TLV not found.

Note Use all debug commands with caution. When verification is complete, use the no debug all
or undebug all command to disable debugging.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-71
Summary
This topic summarizes the key points that were discussed in this lesson.

• IS-IS is a link-state routing protocol that uses a hierarchy.


• IS-IS was built as a routing protocol for CLSN. Integrated IS-IS also can
carry information about IPv4 and IPv6 networks.
• Integrated IS-IS requires CLNS addresses to route for IPv4 and IPv6.
• The path metric that is used by IS-IS is similar to one that is used by
OSPF.
• To enable IS-IS, you have to create an IS-IS process and set the NET
address.
• Interfaces have to be explicitly enabled for the IS-IS process.
• There are different ways to add an interface to the IS-IS based on router
platform.
• IS-IS supports load balancing. The maximum number of paths is
platform-dependent.
• IS-IS authentication can be separately configured for hello and LSP
packets.
• You can use various show and debug commands for IS-IS
troubleshooting.
© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-23

References
For additional information, refer to these resources:
 Configuring Integrated IS-IS
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfisis.html
 How Does Load Balancing Work?
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094820.shtml
 Load Balancing with Cisco Express Forwarding
http://www.cisco.com/en/US/products/hw/modules/ps2033/prod_technical_reference09186
a00800afeb7.html

3-72 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 4

Implementing Route
Redistribution
Overview
Even though a single routing protocol is desired in networks, there are situations where at least
two routing protocols could be used as interior routing protocols in a service provider
environment. For example, this scenario would occur when transitioning from an older routing
protocol to a new one, and the transition takes place gradually. In the transition time, you have
to make sure that the old and the new routing protocols are able to exchange routing
information. This is done using a process called route redistribution.
This lesson describes route redistribution operations and the configuration of route
redistribution into Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate
System (IS-IS) as an example.

Objectives
Upon completing this lesson, you will be able to describe the operation and configuration of
route redistribution. You will be able to meet these objectives:
 Show the Cisco IP NGN edge network layer within the IP NGN architecture
 Describe the basic concepts of route redistribution
 Describe the need to use multiple routing protocols
 Describe a route redistribution example
 Describe the seed metric
 Describe configuration and verification of route redistribution into OSPF
 Describe configuration and verification of route redistribution into IS-IS
Cisco IP NGN Edge Network
This topic shows the Cisco IP NGN edge network layer within the IP NGN architecture.

• Route redistribution is placed in the edge network.

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-3

3-74 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Route Redistribution Basics
This topic describes the basic concepts of route redistribution.

• Some networks might use more then one routing protocol at the same
time.
• Different routing protocols cannot exchange information about networks
directly.
• Redistribution of routing information from one routing protocol to another
has to be explicitly configured.
• One router has to be configured for both routing protocols.

EIGRP OSPF

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-4

While running a single routing protocol throughout the entire network is desirable,
multiprotocol routing is common for a number of reasons. Routers that are on boundaries of
routing protocols cannot automatically transfer routes from one routing protocol to another due
to differences in routing protocol characteristics and metrics. However, a router can advertise
routes through another routing protocol that was used to learn the routes. The process of
advertising routes that were learned by some other means, such as by another routing protocol,
is called route redistribution, and this has to be explicitly configured. A router that performs
redistribution has to be configured for both routing protocols.
In the example, the network uses both Enhanced Interior Gateway Routing Protocol (EIGRP)
and OSPF routing protocol. The router in the middle should be configured for both protocols,
and redistribution of routes from EIGRP into OSPF and from OSPF into EIGRP should be
configured to have consistent routing information across the network.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-75
Multiple Routing Protocols
This topic describes the need to use multiple routing protocols.

• Multiple routing protocols are used in the following examples:


- When companies merge
- When multiple departments are managed by multiple administrators
- In multivendor environments
- Migration from one protocol to another
• In this case, route redistribution has to be configured to exchange
routing information between different routing protocols.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-5

Multiple routing protocols may be necessary in the following situations:


 When companies that used different routing protocols merge.
 When different departments are managed by different administrators, and they cannot agree
on a common routing protocol
 In a mixed-router vendor environment, you can use a routing protocol that is specific to
Cisco such as EIGRP in the Cisco portion of the network and a common standards-based
routing protocol such as OSPF to communicate with devices from other vendors.
 When you are migrating from an older routing protocol to a new one, multiple routing
protocols are necessary. Multiple redistribution boundaries may exist until the new protocol
has completely displaced the old protocol.

When multiple routing protocols are running in different parts of the network, there may be a
need for hosts in one part of the network to reach hosts in the other part. One solution is to
advertise a default route into each routing protocol, but this is not a solution in networks that
have multiple paths between routing domains. In this case, route redistribution is required.

Note The term routing domain denotes a collection of routers that use the same routing protocol.
Autonomous system (AS), in contrast, denotes a collection of routers under common
administration and can use different routing protocols.

3-76 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Route Redistribution Example
This topic describes a route redistribution example.

• A router redistributes routes from one protocol to another.


• A router that redistributes networks runs both protocols and learns about
the networks through the appropriate routing protocol.
• When redistributing into EIGRP or OSPF, redistributed routes are
marked with a special tag to indicate that they are external routes.

EIGRP OSPF

172.16.1.0 192.168.1.0
Routing Table A C Routing Table
B
D 172.16.1.0 O 192.168.1.0
D EX 192.168.1.0 O E2 172.16.1.0
Routing Table
O 192.168.1.0
D 172.16.1.0

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-6

The figure shows an example, where EIGRP and OSPF are used as routing protocols. Router A
runs EIGRP and learns about the 172.16.1.0 network over EIGRP. Router C runs OSPF and
learns about the 192.168.1.0 network over OSPF. Router B runs both routing protocols and
learns about both networks through the appropriate routing protocol. Router B is called a
boundary router because it resides on the boundary between two routing protocols.
Router B is configured for redistribution. When a router redistributes routes, it allows a routing
protocol to advertise routes that were not learned through this routing protocol. These
redistributed routes could have been learned via a different routing protocol, such as when
redistributing between EIGRP and OSPF, and they also could have been learned from static
routes or by a direct connection to a network.
Redistribution is always performed outbound. The router doing redistribution does not change
its routing table. In the example, redistribution between OSPF and EIGRP is configured on
router B. The OSPF process on the boundary router takes the EIGRP routes in the routing table
and advertises them as OSPF routes to its OSPF neighbors.
Likewise, the EIGRP process on the boundary router takes the OSPF routes in the routing table
and advertises them as EIGRP routes to its EIGRP neighbors. Then both routers A and C will
know about the routes of each other, and they can make routing decisions for these networks.
OSPF and EIGRP mark routes that were learned through redistribution using a special tag. This
makes it very easy to see which routes originated in a routing domain and were redistributed.
EIGRP uses the EX tag, and OSPF uses either the E1 or external type 2 (E2) tag.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-77
Seed Metric
This topic describes the seed metric.

• Each routing protocol uses its own metric.


• A number representing a metric in one routing protocol cannot simply be
reused in another protocol.
• Therefore, an initial seed metric has to be configured for external
networks from the redistribution point.
• When a seed metric is established, the metric increases as specified by
a routing protocol.

seed metric = 30

IS-IS OSPF
metric = 40
metric = 2750
metric = 35 metric = 50

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-7

Each routing protocol defines a metric for each route. The metric value determines the shortest
or “best” part to a network. When a router redistributes routes from one routing domain to
another, a number representing a metric cannot be translated from one routing protocol to
another. For example, a Routing Information Protocol (RIP) hop cannot be dynamically
recalculated to an OSPF cost by the router doing redistribution.
Therefore, a seed or initial metric is used to artificially set a metric of each external
(redistributed) network from the redistribution point. The metric of a redistributed network then
increases inside a routing domain as specified by a routing protocol.
For example, if networks are redistributed from RIP into IS-IS, the hop count from the RIP
domain should not be directly reused in the IS-IS domain. Therefore, an initial IS-IS metric
should be specified at a redistribution point. From the redistribution point on, the initial metric
would increase as specified by the IS-IS (that is, a metric of each interface on a path to a
destination would be added to a path metric).

Note OSPF uses two types of external routes, E1 and E2. The difference is in how a metric of a
redistributed network changes in an OSPF routing domain. With E1 routes, the metric of a
redistributed route increments as specified in OSPF, with the initial metric that is specified by
a seed metric. With E2 routes, the metric of a redistributed route remains the same across
the entire OSPF routing domain, as specified by a seed metric.

3-78 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Route Redistribution into OSPF
This topic describes configuration and verification of route redistribution into OSPF.

• The following can be redistributed into OSPFv3:


- BGP
- Connected routes—not common
- EIGRP
- IS-IS
- OSPFv3—another process
- RIP
- Static routes
• The default seed metric is 20 (from IGP) and 1 (from BGP).
• The default external metric type is E2.
• On Cisco IOS and IOS XE routers, classless subnets are not
redistributed into OSPF by default!

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-8

All routing protocols can be redistributed into OSPF, including static and connected routes. It is
also possible to have multiple OSPF processes on a router and to configure route redistribution
between them.

Note Redistribution of connected routes into OSPF is not common.

Routing protocols should support the same protocol stack to configure redistribution. For
example, IPv6 routes cannot be redistributed into the IPv4 routing protocol. Redistribution
configuration of IPv4 or IPv6 routes into OSPF is configured under the corresponding OSPF
process, IPv4 under OSPF version 2 (OSPFv2) and IPv6 under OSPF version 3 (OSPFv3).
By default, all routes that are redistributed from interior gateway protocol (IGP) into OSPF will
have a seed metric of 20, and routes that are redistributed from Border Gateway Protocol
(BGP) into OSPF will have a seed metric of 1, if not specified otherwise. The default metric
type is E2, which means this metric does not change when a route propagates across the OSPF
routing domain.
When configuring redistribution into OSPF on Cisco IOS and IOS XE routers, you should be
careful because classless subnets are not redistributed into OSPF by default. For example, if
you have a 172.16.1.0/24 network and would like to redistribute it into OSPF, it will not be
redistributed by default because 172.16.1.0/24 is a subnet of a classful 172.16.0.0/16 network.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-79
• Configure redistribution of IPv4 routes from IS-IS into OSPF on the P-
router
• Set the seed metric for redistributed networks to 30

IS-IS OSPF
GE0/0/0/0 GE0/0/0/1
172.16.1.0 192.168.1.0
GE0/0/0 GE0/0/0
P1 P Cost = 10 P2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-9

The figure shows an example that will serve as a configuration scenario. There are two routing
domains, IS-IS and OSPF. Router P is the boundary router and is configured for both routing
protocols. Redistribution from IS-IS into OSPF will be configured, and the seed metric for
redistributed routes will be set to 30.

3-80 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
IS-IS OSPF
GE0/0/0/0 GE0/0/0/1
172.16.1.0 192.168.1.0
GE0/0/0 GE0/0/0
P1 P Cost = 10 P2

router isis 1
net 49.0000.0100.0300.1001.00
Enable IS-IS on
interface GigabitEthernet0/0/0/0
an interface
address-family ipv4 unicast
! Configure redistribution
router ospf 1 from IS-IS into OSPF
redistribute isis 1 metric 30
area 0 Enable OSPF on
interface GigabitEthernet0/0/0/1 an interface

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-10

Cisco IOS XR
The example shows a basic configuration of the IS-IS and OSPF routing protocol, which was
discussed in the previous lessons, and servers for better representation only. To enable
redistribution from IS-IS into OSPF, first enter the router OSPF configuration mode and then
use the redistribute isis command, followed by an IS-IS process name. In the example, routes
are being redistributed from IS-IS process 1. To specify a seed metric for redistributed routes,
use the metric parameter, followed by a metric number. In the example, the seed metric is set to
30.
The configuration for IPv6 is very similar, except for specifying OSPFv3 in the router ospfv3
command:
router ospfv3 1
redistribute isis 1 metric 30
area 0
interface GigabitEthernet0/0/0/1

Cisco IOS and IOS XE


The configuration on Cisco IOS and IOS XE routers is very similar, with an exception that you
have to be careful when redistributing classless subnets into OSPF. The following is a sample
configuration on Cisco IOS or IOS XE Software for IPv4:
router ospf 1
redistribute isis 1 subnets metric 30
The subnets keyword specifies that classless subnets should be redistributed into OSPF as well.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-81
• Displays routing table
RP/0/RSP0/CPU0:P2# show route
Wed Jul 13 12:12:24.092 UTC

Codes: C - connected, S - static, R - RIP, B - BGP


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, (!) - FRR Backup path

Gateway of last resort is not set

O E2 172.16.1.0/24 [110/30] via 192.168.103.31, 00:00:05, GigabitEthernet0/0/0/0


O 192.168.1.0/24 [110/20] via 192.168.134.40, 00:25:26, GigabitEthernet0/0/0/1

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-11

To verify route redistribution into OSPF, use the show route command on a router in the OSPF
routing domain. You should see redistributed routes in the printout. Redistributed OSPF routes
are marked with E1 or E2. In the example, the 172.16.1.0/24 network was redistributed into
OSPF as an E2 route. (Recall that the default metric type is E2.) Note that the metric of the
route is 30, as specified by the seed metric, and the route metric was not incremented in the
OSPF domain because the metric type is E2.

3-82 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Route Redistribution into IS-IS
This topic describes configuration and verification of route redistribution into IS-IS.

• The following can be redistributed into IS-IS:


- BGP
- Connected routes—not common
- EIGRP
- IS-IS—another process
- OSPFv3
- RIP
- Static routes
• The default seed metric is 0.
• Redistribution for IPv4 and IPv6 is configured under an approriate
address family.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-12

As with OSPF, all routing protocols can be redistributed into IS-IS, including static and
connected routes. It is also possible to have multiple IS-IS processes on a router and to
configure route redistribution between them.

Note Redistribution of connected routes into IS-IS is not common.

By default, all routes that are redistributed into OSPF will have a seed metric of 0, if not
specified otherwise.
Recall that IS-IS is a multiprotocol routing protocol and is capable of carrying IPv4 and IPv6
routes. The redistribution configuration of IPv4 and IPv6 routes is thus enabled under the same
IS-IS routing process under an appropriate address family.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-83
• Configure redistribution of IPv4 routes from OSPF into IS-IS on the
P-router.
• Set the seed metric for redistributed networks to 20.

IS-IS OSPF
GE0/0/0/0 GE0/0/0/1
172.16.1.0 192.168.1.0
GE0/0/0 GE0/0/0
P1 P P2

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-13

The figure shows an example that will serve as a configuration scenario. There are two routing
domains, IS-IS and OSPF. Router P is the boundary router and is configured for both routing
protocols. Redistribution from OSPF into IS-IS will be configured, and the seed metric for
redistributed routes will be set to 20.

3-84 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
IS-IS OSPF
GE0/0/0/0 GE0/0/0/1
172.16.1.0 192.168.1.0
GE0/0/0 GE0/0/0
P1 P P2

router isis 1
net 49.0000.0100.0300.1001.00 Configure redistribution
address-family ipv4 unicast from OSPF into IS-IS
redistribute ospf 1 metric 20
interface GigabitEthernet0/0/0/0 Enable IS-IS on
address-family ipv4 unicast an interface
!
router ospf 1
area 0 Enable OSPF on
interface GigabitEthernet0/0/0/1 an interface

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-14

The figure shows a configuration on the Cisco IOS XR router. The example also shows a basic
configuration of the IS-IS and OSPF routing protocol, which was discussed in the previous
lessons, and servers for better representation only. To enable redistribution from OSPF into IS-
IS, first enter the router IS-IS configuration mode. Then enter an address family configuration
mode using the address-family command. In the example, redistribution is being configured
for IPv4, so the IPv4 address family is used. Then use the redistribute ospf command,
followed by an OSPF process name. In the example, routes are being redistributed from OSPF
process 1. To specify a seed metric for redistributed routes, use the metric parameter, followed
by a metric number. In the example, the seed metric is set to 20.
The configuration for IPv6 is very similar—instead of referring to the IPv4 address family, you
have to refer to the IPv6 address family:
router isis 1
net 49.0000.0100.0300.1001.00
address-family ipv6 unicast
redistribute ospfv3 1 metric 20
interface GigabitEthernet0/0/0
address-family ipv6 unicast
The configuration on Cisco IOS and IOS XE routers is very similar. The configuration for IPv4
is done under the router IS-IS configuration mode, and the configuration for IPv6 is done under
the IPv6 address family. The following is a sample configuration on the Cisco IOS or IOS XE
Software for IPv4:
router isis 1
redistribute ospf 1 metric 30

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-85
• Displays routing table
RP/0/RSP0/CPU0:P1# show route
Wed Jul 13 12:12:24.092 UTC

Codes: C - connected, S - static, R - RIP, B - BGP


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, (!) - FRR Backup path

Gateway of last resort is not set

i L2 172.16.1.0/24 [115/20] via 192.168.103.31, 00:00:05, GigabitEthernet0/0/0/1


i L2 192.168.1.0/24 [115/30] via 192.168.134.40, 00:25:26, GigabitEthernet0/0/0/0

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-15

To verify route redistribution into IS-IS, use the show route command on a router in the IS-IS
routing domain. You should see redistributed routes in the printout. Redistributed IS-IS routes
are not marked, and you cannot distinguish them from routes that originated in the IS-IS
routing domain. In the example, the 192.168.1.0/24 network was redistributed into IS-IS as a
level 2 route. Note that the metric of the route is 30, as specified by the seed metric that was set
to 20 and incremented by 10, which is a default metric of a link between routers P and PE1.

3-86 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Summary
This topic summarizes the key points that were discussed in this lesson.

• Route redistribution is used in the IP edge networks in the Cisco IP NGN.


• The process of advertising routes that were learned by some other means, such
as by another routing protocol, is called route redistribution.
• Route redistribution is needed in networks with two or more routing protocols.
• OSPF and EIGRP mark routes that were learned through redistribution using a
special tag.
• The seed metric should be specified when redistributing routes, if the default
values are not satisfactory.
• All routing protocols can be redistributed into OSPF. The default seed metric is
20.
• All routing protocols can be redistributed into IS-IS. The default seed metric is 0.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-16

References
For additional information, refer to these resources:
 Redistributing Routing Protocols
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009487e.shtml

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-87
3-88 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Lesson 5

MPLS Basics
Overview
Multiprotocol Label Switching (MPLS) is a switching mechanism that is often found in service
provider environments. MPLS leverages traditional IP routing and supports several services
that are required in next-generation IP networks.
This lesson discusses the basic concept of MPLS switching, MPLS labels, and forwarding
structures that are used by MPLS routers. The lesson provides information on Label
Distribution Protocol (LDP), label allocation, and label distribution. The lesson also describes
how to configure MPLS and how to verify and troubleshoot MPLS operations.

Objectives
Upon completing this lesson, you will be able to describe and configure basic MPLS in a
provider network (P-network). You will be able to meet these objectives:
 Show the Cisco IP NGN edge and core network layers within the IP NGN architecture
 Describe the basic concepts of MPLS
 Describe MPLS labels and how the label is inserted between the Layer 2 and Layer 3
header
 Describe MPLS label switch routers and edge LSRs
 Describe the MPLS forwarding structures, the FIB and LFIB
 Show an example of how a packet traverses an MPLS-enabled network
 Describe the Label Distribution Protocol (LDP)
 Describe the LDP adjacency establishment process
 Describe LDP label allocation
 Describe LDP label advertisement
 Describe the LDP steady-state condition
 Describe basic MPLS LDP configuration and verification
 Describe MPLS LDP troubleshooting steps
Cisco IP NGN Edge and Core Network
This topic shows the Cisco IP NGN edge and core network layers within the IP NGN
architecture.

• MPLS is placed in the core and edge networks.

Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-3

3-90 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
MPLS Introduction
This topic describes the basic concepts of MPLS.

• MPLS is a technology that enhances IP routing and Cisco Express


Forwarding switching in service provider core networks.
• A switching mechanism exists where packets are switched, based on
labels:
- Labels usually correspond to destination IP networks
• An additional header, called the MPLS label, is inserted and used for
MPLS switching.

IP
MPLS/IP
A B C D
IP L IP L IP IP IP

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-4

MPLS is a technology that is primarily used in service provider core networks. MPLS alleviates
classic IP routing using Cisco Express Forwarding by introducing an additional header into a
packet. This additional header is called the MPLS label. MPLS switches are packets that are
based on labels lookup instead of IP address lookup. Labels usually correspond to destination
IP networks; each destination has a corresponding label on each MPLS-enabled router.

Note Cisco Express Forwarding is an advanced Layer 3 switching technology that is used within a
router. It defines the fastest method by which a Cisco router forwards packets from ingress
to egress interfaces. Cisco Express Forwarding concepts are discussed in more detail in the
Cisco CCNP® curriculum.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-91
MPLS for service providers
• In the past—faster forwarding
• Today—a platform for traffic engineering and VPN service
• Works on a core and edge layer

MPLS traffic engineering


• Allows ISPs to optimize network utilization
• Can be used to increase fault tolerance

MPLS VPNs
• Allows separation of customers into VPNs
• Similar to virtual circuits (for example, from the Frame Relay world)
• Allows Layer 2 or Layer 3 VPNs

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-5

In P-networks, a result of using MPLS is that only the routers on the edge of the MPLS domain
perform a routing lookup, while all other routers forward packets that are based on labels. In
modern routers, MPLS label switching is not any faster than IP routing, and MPLS is not used
because of switching performance. What really makes MPLS useful in P- (and large enterprise)
networks is that it enhances Border Gateway Protocol (BGP) routing and provides different
services and applications, such as Layer 2 and Layer 3 VPNs, quality of service (QoS), and
traffic engineering (TE).

Note Services and applications that are provided by MPLS are not further discussed in this
course.

3-92 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
MPLS Labels
This topic describes MPLS labels and how the label is inserted between the Layer 2 and Layer
3 header.

• MPLS uses a 32-bit label header that is inserted between Layer 2 and
Layer 3 and comprises the following fields:
- 20-bit label
- 3-bit experimental field
- 1-bit, bottom-of-stack indicator
- 8-bit, Time-to-Live field
• MPLS can be used regardless of the Layer 2 protocol.

0 19 20 22 23 24 31
Label EXP S TTL

L2 Header MPLS Label IP Packet

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-6

The figure presents an MPLS label that is used for MPLS switching. This label is inserted
between Layer 2 and Layer 3 header and can be used regardless of the Layer 2 protocol.
The 32-bit-long label consists of the following fields:

Field Description

20-bit label The actual label that is used for switching. Values 0 to 15 are
reserved.

3-bit experimental bit (EXP bit) Undefined in the RFC. Used by Cisco to define a class of service
field (CoS) (that is, IP precedence).

Bottom-of-stack bit MPLS allows multiple labels to be inserted. The bottom-of-stack


bit determines if this label is the last label in the packet. If this bit
is set (at 1), it indicates that this is the last label.

8-bit Time to Live (TTL) field Has the same purpose as the TTL field in the IP header.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-93
Label Switch Routers
This topic describes MPLS label switch routers (LSR) and edge LSRs.

• LSRs forward packets based on labels and swap labels:


- The last LSR in the path also removes the label and forwards the IP packet
• Edge LSR:
- Labels IP packets (or imposes label) and forwards them into the MPLS
domain
- Forwards IP packets out of the MPLS domain
• A sequence of labels to reach a destination is called a LSP

IP
MPLS and IP
A B C D
20.0.0.1 20.0.0.1 35 32 20.0.0.1
10.0.0.1 25 34 10.0.0.1 10.0.0.1
Edge LSR LSR LSR Edge LSR

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-7

In an MPLS domain, there are two types of routers:


 Label switch router (LSR): A device that forwards packets that are primarily based on
labels
 Edge LSR: A device that primarily labels packets or forwards IP packets out of an MPLS
domain.
LSRs and edge LSRs usually are capable of doing both label switching and IP routing. Their
names are based on their positions in an MPLS domain. Routers that have all interfaces that are
enabled for MPLS are called LSRs because they mostly forward labeled packets (except the
penultimate LSR). Routers that have some interfaces that are not enabled for MPLS usually are
at the edge of an MPLS domain. An ingress edge LSR forwards packets that are based on IP
destination addresses and label them if the outgoing interface is enabled for MPLS. An outgress
LSR forwards IP packets that are based on routing lookup outside of the MPLS domain.
A sequence of labels that reach a destination is called label-switched path (LSP). LSPs are
unidirectional, which means that the return traffic uses a different LSP. The penultimate LSR
router in a LSP removes a label and forwards the IP packet to the outgress edge LSR router,
which routes the IP packet that is based on routing lookup. Removing a label on the
penultimate LSR is called penultimate hop popping (PHP).

3-94 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
For example, an edge LSR receives a packet for destination 10.0.0.1, imposes label 25, and
forwards the frame to the LSR in the MPLS backbone. The first LSR swaps label 25 with label
34 and forwards the frame. The second (penultimate) LSR removes the label and forwards the
IP packet to the edge LSR. The edge LSR forwards the packet that is based on IP destination
address 10.0.0.1.

Note PHP is implemented due to increased performance on the outgress edge LSR. Without
PHP, the edge LSR would receive a labeled packet, where two lookups would be needed.
The first one would be based on labels, and the result would be to remove the label. The
second lookup would be to route the IP packet that is based on a destination IP address and
routing table.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-95
MPLS Forwarding Structures
This topic describes the MPLS forwarding structures, the FIB and LFIB.

• FIB is used to forward unlabeled IP packets or to label packets if a next-


hop label is available.
• LFIB is used to forward labeled packets. A received label is swapped by
a next-hop label.

IP
MPLS and IP
A B C D
20.0.0.1 20.0.0.1 35 32 20.0.0.1
10.0.0.1 25 34 10.0.0.1 10.0.0.1
Edge LSR LSR LSR Edge LSR
FIB LFIB LFIB FIB
10.0.0.0/24  B  25 25  34  C 34  POP  D 20.0.0.0/24  C  32
20.0.0.0/24  Conn 35  POP  A 32  35  B 10.0.0.0/24  Conn

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-8

The data plane on a router is responsible for forwarding packets, which is based on decisions by
routing protocols (that are run in the router control plane). The data plane on an MPLS-enabled
router consists of two forwarding structures:
 Forwarding information base (FIB): When a router is enabled for Cisco Express
Forwarding, FIB is used to forward IP packets that are based on decisions by routing
protocols. FIB is populated from a routing table and in general includes destination
networks, next hops, outgoing interfaces, and pointers to Layer 2 addresses. FIB on an
MPLS-enabled router also contains an outgoing label, if an outgoing interface is enabled
for MPLS. FIB lookup is done when an IP packet is received. Based on the result, the
router can send out an IP packet or impose a label.
 Label forwarding information base (LFIB): LFIB is used when a labeled packet is
received. LFIB in general contains an incoming and outgoing label, outgoing interface, and
next-hop router. When an LFIB lookup is done, the result can be either to swap a label and
send a labeled packet, or the result can be to remove a label and send an IP packet.

These combinations of forwarding packets are possible:


 A received IP packet (FIB) is forwarded based on the IP destination address and sent as an
IP packet.
 A received IP packet (FIB) is forwarded based on the IP destination address and sent as a
labeled packet.
 A received labeled packet (LFIB) is forwarded based on the label; the label is changed (or
swapped), and the labeled packet is sent.
 A received labeled packet (LFIB) is forwarded based on the label; the label is removed, and
the IP packet is sent.

3-96 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
MPLS Example
This topic shows an example of how a packet traverses an MPLS-enabled network.

1. A router receives 2. A label is added,


an IP packet. A FIB and the packet is sent
lookup is performed. through an interface.
IP
MPLS and IP
A B C D
10.0.0.1 25

Edge LSR LSR LSR Edge LSR


FIB LFIB LFIB FIB
10.0.0.0/24  B  25 25  34  C 34  POP  D 20.0.0.0/24  C  32
20.0.0.0/24  Conn 35  POP  A 32  35  B 10.0.0.0/24  Conn

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-9

The figure shows an example of how a packet traverses an MPLS-enabled network. Router A
receives an IP packet that is destined for 10.0.0.1.
Step 1 Router A performs a FIB lookup. The FIB for this destination states that the packet
should be labeled using label 25 and sent to router B.
Step 2 Router A adds a label, and the packet is sent out of an interface.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-97
3. A labeled packet is 4. A label is swapped,
received, and a LFIB and the packet is sent
lookup is performed. through an interface.

IP
MPLS and IP
A B C D
10.0.0.1 25 34

Edge LSR LSR LSR Edge LSR


FIB LFIB LFIB FIB
10.0.0.0/24  B  25 25  34  C 34  POP  D 20.0.0.0/24  C  32
20.0.0.0/24  Conn 35  POP  A 32  35  B 10.0.0.0/24  Conn

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-10

Step 3 Router B receives an IP packet that is labeled with label 25. Router B performs an
LFIB lookup, which states that label 25 should be swapped with label 34.
Step 4 The label is swapped, and the packet is sent to router C.

3-98 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
5. A labeled packet is 6. A label is removed,
received, and a LFIB and an IP packet is sent
lookup is performed. out of an interface.

IP
MPLS/IP
A B C D
10.0.0.1 25 34 10.0.0.1

Edge LSR LSR LSR Edge LSR


FIB LFIB LFIB FIB
10.0.0.0/24  B  25 25  34  C 34  POP  D 20.0.0.0/24  C  32
20.0.0.0/24  Conn 35  POP  A 32  35  B 10.0.0.0/24  Conn

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-11

Step 5 Router C receives an IP packet that is labeled with label 34. Router C performs a
LFIB lookup, which states that label 25 should be removed (that is, PHP) and the IP
packet should be sent out of an interface. A pop is often used as a label value that
indicates that a label should be removed.
Step 6 The label is removed, and the IP packet is sent out of an interface.

Note A router actually will display a value of implicit null label instead of a pop. Implicit null label
states that a label should be removed, and it uses a value 3 from a reserved range of labels.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-99
7. An IP packet is 8. The IP packet
received, and a FIB is sent out of an
lookup is performed. interface
LFIB
IP
MPLS/IP 35  No label
A B C D
10.0.0.1 25 34 10.0.0.1 10.0.0.1

Edge LSR LSR LSR Edge LSR


FIB LFIB LFIB FIB
10.0.0.0/24  B  25 25  34  C 34  POP  D 20.0.0.0/24  C  32
20.0.0.0/24  Conn 35  POP  A 32  35  B 10.0.0.0/24  Conn

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-12

Step 7 Finally, router D receives an IP packet. Router D performs a FIB lookup that states
that the destination network is directly connected.
Step 8 The IP packet is sent out of an interface.

3-100 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Label Distribution Protocol
This topic describes the Label Distribution Protocol (LDP).

• Forwarding structures that are used by MPLS have to be populated.


• FIB is populated by:
- Routing table, which is populated by a routing protocol
- MPLS label is added to the FIB by LDP
• LFIB is populated by:
- LDP
• LDP is responsible for advertisement and redistribution of MPLS labels
between MPLS routers.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-13

Forwarding structures that are used by MPLS have to be populated with labels. LDP, which
runs in the router control plane, is responsible for label allocation, distribution, and storage.
The FIB table, which consists of destination networks, next hops, outgoing interfaces, and
pointers to Layer 2 addresses, is populated by a routing table and Address Resolution Protocol
(ARP) cache. The routing table is in turn populated by a routing protocol. Additionally, a
MPLS label is added to the destination networks, if an outgoing interface is enabled for MPLS
and a label has been received from the next-hop router. LDP is responsible for adding a label to
the FIB table.
The LFIB contains incoming (locally assigned) and outgoing (received from next hop) labels.
LDP is responsible for exchanging labels and storing them into the LFIB.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-101
LDP Sessions
This topic describes the LDP adjacency establishment process.

• Adjacent routers establish a LDP session:


- MPLS-enabled routers first discover neighbors using hello packets that are
sent to 224.0.0.2 (FF02:::2) using UDP on port 646.
- A MPLS-enabled neighbor will respond to hello packets by establishing a TCP
session on port 656 to a peer router ID.
• After the LDP session is established, labels can be exchanged.

MPLS and IP
UDP: Hello

TCP: Labels

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-14

Before labels can be exchanged, MPLS-enabled routers must first establish adjacencies. This is
done in two steps:
 LDP discovery: MPLS routers first discover neighbors using hello messages that are sent
to all of the routers on the subnet as UDP packets with a multicast destination address of
224.0.0.2 (or FF02::2 on IPv6) and a destination port number of 646.
 LDP adjacency: A neighboring MPLS router that received hello packets will respond by
opening a TCP session with the same destination port number of 646, and the two routers
begin to establish a LDP session through unicast TCP.

3-102 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
Label Allocation
This topic describes LDP label allocation.

• Each router generates a label for each network in a routing table:


- Labels have local significance.
- Label allocation is asynchronous.
• For path discovery and loop avoidance, LDP relies on routing protocols.
• Networks originating on the outside of the MPLS domain are not
assigned any label on the edge LSR. Instead, the pop label is
advertised.

Label for X is 21 Label for X is 25 Label for X is 34 Label for X is pop


IP
MPLS and IP
A B C D
Network X

Edge LSR LSR LSR Edge LSR

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-15

First, each MPLS-enabled router has to locally allocate a label for each network that is known
to a router. Labels are locally significant (that is, a label for the same network has a different
value on different routers), and the allocation of labels is asynchronous (that is, routers assign
labels independently of each other).
LDP is not responsible for finding a shortest, loop-free path to destinations. Instead, LDP relies
on routing protocols to find the best path to destinations. If, however, a loop does occur, a TTL
field in the MPLS label prevents a packet from looping indefinitely.
On the edge LSR, networks originating on the outside of the MPLS domain are not assigned a
label. Instead, the pop (or implicit null) label is advertised, which instructs the penultimate
router to remove a label.
In the example, all routers except router D assign a label for network X. Router D assigns an
implicit null label for this network.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-103
Label Advertisement
This topic describes LDP label advertisement.

• A router that receives a label from a next hop also stores the label
in the FIB.

1. Router B allocates, stores,


and advertises the label.
FIB (B) LFIB (B) LIB (B)
XC In Out Next hop Network LSR Label
IP
MPLS/IP 25 untag C X Local 25
A B C D
X = 25 X = 25
Network X

Edge LSR LSR LSR Edge LSR

FIB (A) LFIB (A) LIB (A)


2. Router A allocates, stores,
X  B  25 In Out Next hop Network LSR Label and advertises the label. It
21 25 B X Local 21 also receives a label from
X B 25
router B and stores it.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-16

After a label has been assigned locally, each router has to advertise a label to neighbors. The
figure shows how a label is assigned and advertised to neighbors on router B.
Step 1 Router B allocates label 25 for network X. The allocated label is first stored in the
label information base (LIB), which stores local labels and labels that are received
from neighbors as well. The label is also stored in the LFIB table as an incoming
label. The outgoing label has not been set yet because router B has not received a
label from the next-hop router yet. The allocated label is also advertised to
neighbors, regardless of whether a neighbor actually is a next hop for a destination
or not.
Step 2 Router A allocates its own label for network X (21 in the example). This label is
again stored in the LIB and in the LFIB as an incoming label. Router A also receives
a label 25 from router B and stores the label in the LIB. Because label 25 has been
received from a next hop for destination X, router A also stores label 25 in the LFIB
as an outgoing label. Router A also sets label 25 for destination X in the FIB table
because the label has been received from the next hop.
If a packet for network X was received by router A, a FIB lookup would be done. The packet
would be labeled using label 25 and sent to router B. Router B would perform a LFIB lookup,
which would state that the label should be removed because the outgoing label had not been
received yet from the next-hop router (router C).

3-104 Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2) v1.01 © 2012 Cisco Systems, Inc.
• A router stores a label from a neighbor even if the neighbor is not a next
hop for a destination.
4. Router B receives a label
from router C and stores it.

FIB (B) LFIB (B) LIB (B)


X  C  34 In Out Next hop Network LSR Label
IP 25 34 C X Local 25
MPLS/IP X C 34
A B C D
X = 34 X = 34
Network X

Edge LSR LSR LSR Edge LSR

FIB (C) LFIB (C) LIB (C)

3. Router C allocates, XD In Out Next hop Network LSR Label


stores, and advertises the 34 untag D X Local 34
label. It also receives and X B 25
stores a label from B.

© 2012 Cisco and/or its affiliates. All rights reserved. SPNGN2 v1.01—3-17

Step 3 Router C allocates label 34 for network X. The allocated label is first stored in the
LIB. The label is also stored in the LFIB table as an incoming label. The outgoing
label has not been set yet because router C has not received a label from the next-
hop router yet. The allocated label is also advertised to neighbors, regardless of
whether a neighbor actually is a next hop for a destination or not. Router C also
receives a label 25 from B and stores it, even though B is not a next hop for
destination X.
Step 4 Router B receives a label 34 from router C and stores the label in the LIB. Because
label 34 has been received from a next hop for destination X, router B also stores
label 34 in the LFIB as an outgoing label. Router B also sets the label 34 for
destination X in the FIB table because the label has been received from the next hop.

© 2012 Cisco Systems, Inc. Internal Service Provider Traffic Forwarding 3-105
• Networks originating on the outside of the MPLS domain are not assigned any
label on the edge LSR. Instead, the pop label is advertised.