Технологии построения крупных сетей

Технологии построения крупных сетей

Антон Меркушов: CCNP, CCSP, CCSI 33059, CCAI

10.03.2013

[email protected]

Содержание

•  Введение

•  Протокол BGP в корпоративной сети

•  Рост/слияние компании – объединение сетей

•  Внедрение IPv6 – неизбежное будущее или

реальность

•  Заключение

#

Введение

•  Сети демонстрируют как количественный, так и качественный рост

•  Растёт сложность сетей и используемых в них технологий

•  Повышаются требования к сетевым инженерам

#

Рост сетей

#

Протокол BGP в

корпоративной сети

IGP против EGP

#

•  Interior gateway protocol (IGP) –  A routing protocol operating within an Autonomous System (AS). –  RIP, OSPF, and EIGRP are IGPs.

•  Exterior gateway protocol (EGP) –  A routing protocol operating between different AS. –  BGP is an interdomain routing protocol (IDRP) and is an EGP.

Автономная система (AS)

#

•  An AS is a group of routers that share similar routing policies and operate within a single administrative domain.

•  An AS typically belongs to one organization. –  A single or multiple interior gateway protocols (IGP) may be used

within the AS. –  In either case, the outside world views the entire AS as a single

entity. •  If an AS connects to the public Internet using an exterior gateway

protocol such as BGP, then it must be assigned a unique AS number which is managed by the Internet Assigned Numbers Authority (IANA).

IANA

#

•  The IANA is responsible for allocating AS numbers through five Regional Internet Registries (RIRs). –  RIRs are nonprofit corporations established for the purpose of

administration and registration of IP address space and AS numbers in key geographic locations.

Региональные интернет регистраторы (RIR)

#

RIR Name Geographic Coverage Link

AfriNIC Con&nent of Africa www.afrinic.net

APNIC (Asia Pacific Network Informa&on Centre)

Asia Pacific region www.apnic.net

ARIN (American Registry for Internet

Numbers)

Canada, the United States, and several islands in the Caribbean Sea and North Atlan&c Ocean

www.arin.net

LACNIC (La&n America and Caribbean Internet Addresses Registry)

Central and South America and por&ons of the Caribbean www.lacnic.net

RIPE (Réseaux IP Européens)

Europe, the Middle East, and Central Asia www.ripe.net

Номера автономных систем

#

•  AS numbers can be between 1 to 65,535. –  RIRs manage the AS numbers between 1 and 64,512. –  The 64,512 - 65,535 numbers are reserved for private use (similar

to IP Private addresses). –  The IANA is enforcing a policy whereby organizations that connect

to a single provider use an AS number from the private pool. •  Note:

–  The current AS pool of addresses is predicted to run out by 2012. –  For this reason, the IETF has released RFC 4893 and RFC 5398. –  These RFCs describe BGP extensions to increase the AS number

from the two-octet (16-bit) field to a four-octet (32-bits) field, increasing the pool size from 65,536 to 4,294,967,296 values.

Основы BGP

#

•  The Internet is a collection of autonomous systems that are interconnected to allow communication among them. –  BGP provides the routing between these autonomous

systems. •  BGP is a path vector protocol.

•  It is the only routing protocol to use TCP.

–  OSPF and EIGRP operate directly over IP. IS-IS is at the network layer.

–  RIP uses the User Datagram Protocol (UDP) for its transport layer.

Основы BGP

#

•  BGP version 4 (BGP-4) is the latest version of BGP. –  Defined in RFC 4271.

–  Supports supernetting, CIDR and VLSM . •  BGP4 and CIDR prevent the Internet routing table from

becoming too large. –  Without CIDR, the Internet would have 2,000,000 +

entries. –  With CIDR, Internet core routers manage around

450,000 entries. –  http://bgp.potaroo.net/

Текущий размер глобальной таблицы BGP

#

•  As of March1, 2013, there were 445,961 routes in the routing tables of the Internet core routers.

•  http://bgpupdates.potaroo.net/instability/bgpupd.html

Основы BGP

#

•  When two routers establish a TCP enabled BGP connection, they are called neighbors or peers. –  Peer routers exchange multiple connection messages.

•  Each router running BGP is called a BGP speaker. •  When BGP neighbors first establish a connection, they exchange all candidate

BGP routes. –  After this initial exchange, incremental updates are sent as network

information changes.

Основы BGP

#

•  BGP provides an interdomain routing system that guarantees the loop-free exchange of routing information between autonomous systems.

Сравнение BGP с IGP

#

•  BGP works differently than IGPs because it does not make routing decisions based on best path metrics. –  Instead, BGP is a policy-based routing protocol that allows an AS

to control traffic flow using multiple BGP attributes. •  Routers running BGP exchange network attributes including a list of

the full path of BGP AS numbers that a router should take to reach a destination network.

•  BGP allows an organization to fully use all of its bandwidth by manipulating these path attributes.

Сравнение BGP с IGP

#

Protocol Interior or Exterior Type Hierarchy

Required? Metric

RIP Interior Distance vector No Hop count

OSPF Interior Link state Yes Cost

IS-‐IS Interior Link state Yes Metric

EIGRP Interior Advanced

distance vector No Composite

BGP Exterior Path vector No Path vectors (aGributes)

Подключение корпоративной сети к ISP

#

•  Modern corporate IP networks connect to the global Internet. •  Requirements that must be determined for connecting an enterprise to

an ISP include the following: –  Public IP address space –  Enterprise-to-ISP connection link type and bandwidth –  Connection redundancy –  Routing protocol

Использование глобальных IP адресов

#

•  Public IP addresses are used: –  By internal enterprise clients to access the Internet using NAT. –  To make enterprise servers accessible from the Internet using

static NAT. •  Public IP addresses are available from ISPs and RIRs.

–  Most enterprises acquire their IP addresses and AS number from ISPs.

–  Large enterprises may want to acquire IP addresses and AS number from a RIR.

Пример использования статических маршрутов

#

•  Static routes are the simplest way to implement routing with an ISP. –  Typically a customer has a single connection to an ISP and the customer

uses a default route toward the ISP while the ISP deploys static routes toward the customer.

•  PE(config)# ip route 10.0.0.0 255.0.0.0 serial 0/0/1 •  PE(config)# ip route 172.16.0.0 255.255.0.0 serial 0/0/1 •  PE(config)# ip route 172.17.0.0 255.255.0.0 serial 0/0/1

Company A

Internet PE R1 S0/0/1

10.0.0.0 172.16.0.0 172.17.0.0

ISP

S0/0/0

R1(config)# router eigrp 110 R1(config-router)# network 10.0.0.0 R1(config-router)# exit R1(config)# ip default-network 0.0.0.0 R1(config)# ip route 0.0.0.0 0.0.0.0 serial 0/0/0

Использование BGP

#

•  BGP can be used to dynamically exchange routing information. •  BGP can also be configured to react to topology changes beyond a

customer-to-ISP link.

Company A AS 65010


ISP AS 65020

S0/0/0

Резервирование подключений

#

•  Redundancy can be achieved by deploying redundant links, deploying redundant devices, and using redundant components within a router. –  The ISP connection can also be made redundant.

•  When a customer is connected to a single ISP the connection is referred to as single-homed or dual-homed.

•  When a customer is connected to multiple ISPs the connection is referred to as multihomed or dual-multihomed.

Резервирование подключений

#

Dual-‐mulNhomed Dual-‐homed

MulNhomed Single-‐homed

Connec&ng to Two or more ISPs Connec&ng to One ISP

Подключение к одному ISP – без резервирования

#

•  The connection type depends on the ISP offering (e.g., leased line, xDSL, Ethernet) and link failure results in a no Internet connectivity.

•  The figure displays two options: –  Option 1: Static routes are typically used with a static default route from

the customer to the ISP, and static routes from the ISP toward customer networks.

–  Option 2: When BGP is used, the customer dynamically advertises its public networks and the ISP propagates a default route to the customer.

Company A AS 65010


ISP AS 65020

S0/0/0

StaNc Route(s) Default Route

BGP

OpNon 1:

OpNon 2:

Подключение к одному ISP – с резервированием

#

•  The figure displays two dual-homed options: –  Option 1: Both links can be connected to one customer router. –  Option 2: To enhance resiliency, the two links can terminate at separate

routers in the customer’s network.

Company A

Internet

ISP OpNon 1:

PE R1

Company A

Internet

ISP OpNon 2:

PE R1

R2

Подключение к одному ISP – с резервированием

#

•  Routing deployment options include: –  Primary and backup link functionality in case the primary link fails. –  Load sharing using Cisco Express Forwarding (CEF).

•  Regardless, routing can be either static or dynamic (BGP).

Company A

Internet

ISP OpNon 1:

PE R1

Company A

Internet

ISP OpNon 2:

PE R1

R2

Подключение к нескольким ISP – без резервирования

#

•  Connections from different ISPs can terminate on the same router, or on different routers to further enhance the resiliency.

•  Routing must be capable of reacting to dynamic changes therefore BGP is typically used.

Company A

Internet

ISP 1

PE

R1

R2 ISP 2

PE

Подключение к нескольким ISP – без резервирования

#

•  Multihomed benefits include: –  Achieving an ISP-independent solution. –  Scalability of the solution, beyond two ISPs. –  Resistance to a failure to a single ISP. –  Load sharing for different destination networks between ISPs.

Company A

Internet

ISP 1

PE

R1

R2 ISP 2

PE

Подключение к нескольким ISP – с резервированием

#

•  Dual multihomed includes all the benefits of multihomed connectivity, with enhanced resiliency.

•  The configuration typically has multiple edge routers, one per ISP, and uses BGP.

Company A

Internet

ISP 1

PE

R1

R2 ISP 2

PE

Особенности подключения к нескольким ISP

#

1. Each ISP passes only a default route to the AS. –  The default route is passed on to internal routers.

2. Each ISP passes only a default route and provider-owned specific routes to the AS. – These routes may be propagated to internal routers, or

all internal routers in the transit path can run BGP to exchange these routes.

3. Each ISP passes all routes to the AS. – All internal routers in the transit path run BGP to

exchange these routes.

Характеристики векторов пути BGP

#

•  Internal routing protocols announce a list of networks and the metrics to get to each network.

•  In contrast, BGP routers exchange network reachability information, called path vectors, made up of path attributes.

•  The path vector information includes: –  A list of the full path of BGP AS numbers (hop by hop) necessary to reach

a destination network.

–  Other attributes including the IP address to get to the next AS (the next-hop attribute) and how the networks at the end of the path were introduced into BGP (the origin code attribute).

Процесс выбора маршрута в BGP

#

•  Prefer the route with highest weight.

•  Prefer the route with highest LOCAL_PREF.

•  Prefer the locally generated route (network or aggregate routes).

•  Prefer the route with the shortest AS-‐PATH.

•  Prefer the route with the lowest ORIGIN (IGP<EGP<incomplete)

•  Prefer the route with the lowest MED.

•  Prefer the EBGP route over IBGP route.

•  Prefer the route through the closest IGP neighbor.

•  Prefer the oldest EBGP route.

•  Prefer the route with the lowest neighbor BGP router ID value.

•  Prefer the route with the lowest neighbor IP address.

Когда использовать BGP

#

•  Most appropriate when the effects of BGP are well-understood and at least one of the following conditions exists: –  The AS has multiple connections to other autonomous

systems. –  The AS allows packets to transit through it to reach

other autonomous systems (eg, it is a service provider). –  Routing policy and route selection for traffic entering

and leaving the AS must be manipulated.

Рост/слияние компании –

объединение сетей

Использование нескольких протоколов маршрутизации

#

•  Different routing protocols were not designed to interoperate with one another. –  Each protocol collects different types of information and reacts to

topology changes in its own way.

•  Running muliple routing protocols increases CPU utilization and requires more memory resources to maintain all the topology, database and routing tables.

От простых к сложным сетям

#

•  Simple routing protocols work well for simple networks. –  Typically only require one routing protocol.

•  Running a single routing protocol throughout your entire IP internetwork is desirable.

•  However, as networks grow they become more complex and large internetworks may have to support several routing protocols. –  Proper inter-routing protocol exchange is vital.

Почему используют несколько протоколов маршрутизации?

#

•  Interim during conversion –  Migrating from an older IGP to a new IGP.

•  Application-specific protocols –  One size does not always fit all.

•  Political boundaries –  Multiple departments managed by different network administrators –  Groups that do not work well with others

•  Mismatch between devices –  Multivendor interoperability –  Host-based routers

•  Company mergers

Сложные сети

#

•  Complex networks require careful routing protocol design and traffic optimization solutions, including the following:

–  Redistribution between routing protocols

–  Route filtering

–  Summarization

Редистрибуция

#

•  Cisco routers allow different routing protocols to exchange routing information through a feature called route redistribution. –  Route redistribution is defined as the capability of

boundary routers connecting different routing domains to exchange and advertise routing information between those routing domains (autonomous systems).

Сложности редитрибуции

#

•  The key issues that arise when using redistribution: –  Routing feedback (loops)

•  If more than one boundary router is performing route redistribution, then the routers might send routing information received from one autonomous system back into that same autonomous system.

–  Incompatible routing information •  Each routing protocol uses different metrics to determine the best path

therefore path selection using the redistributed route information might not be optimal.

–  Inconsistent convergence times •  Different routing protocols converge at different rates.

•  Good planning should solve the majority of issues but additional configuration might be required. –  Some issues might be solved by changing the administrative distance,

manipulating the metrics, and filtering using route maps, distribute lists, and prefix lists.

Метрики маршрутов

#

•  A boundary router must be capable of translating the metric of the received route into the receiving routing protocol.

–  Redistributed route must have a metric appropriate for the receiving protocol.

•  The Cisco IOS assigns the following default metrics when a protocol is redistributed into the specified routing protocol:

Protocol That Route Is Redistributed Into … Default Seed Metric

RIP 0 (interpreted as infinity)

IGRP / EIGRP 0 (interpreted as infinity)

OSPF 20 for all except BGP routes (BGP routes have a default seed metric of 1)

IS-‐IS 0

BGP BGP metric is set to IGP metric value

Назначение метрики по умолчанию

#

•  A seed metric, different than the default metric, can be defined during the redistribution configuration. –  After the seed metric for a redistributed route is established, the

metric increments normally within the autonomous system. •  The exception to this rule is OSPF E2 routes.

•  Seed metrics can be defined in two ways: –  The default-metric router configuration command

establishes the seed metric for all redistributed routes. –  The redistribute can also be used to define the seed metric

for a specific protocol.

Пример OSPF #1

#

R3(config)# router rip R3(config-router)# network 172.18.0.0 R3(config-router)# network 172.19.0.0 R3(config-router)# router ospf 1 R3(config-router)# network 192.168.2.0 0.0.0.255 area 0 R3(config-router)# redistribute rip subnets metric 30 R3(config-router)#

172.16.0.0 172.17.0.0

172.20.0.0 172.19.0.0

172.18.0.0

192.168.2.0 Cost = 10

Cost = 100

RIP AS OSPF

R1 R2 R3 R4

C 172.16.0.0 C 172.20.0.0 R [120/1] 172.17.0.0 R [120/1] 172.19.0.0 R [120/2] 172.18.0.0

Table R1 C 172.17.0.0 C 172.19.0.0 C 172.20.0.0 R [120/1] 172.16.0.0 R [120/1] 172.18.0.0

Table R2 C 172.18.0.0 C 172.19.0.0 R [120/1] 172.17.0.0 R [120/1] 172.20.0.0 R [120/2] 172.16.0.0 C 192.168.2.0 O [110/110] 192.168.1.0

Table R3 C 192.168.1.0 C 192.168.2.0 O E2 [110/30] 172.16.0.0 O E2 [110/30] 172.17.0.0 O E2 [110/30] 172.18.0.0 O E2 [110/30] 172.19.0.0 O E2 [110/30] 172.20.0.0

Table R4

192.168.4.0

Пример OSPF #2

#

R3(config)# router rip R3(config-router)# network 172.18.0.0 R3(config-router)# network 172.19.0.0 R3(config-router)# router ospf 1 R3(config-router)# network 192.168.2.0 0.0.0.255 area 0 R3(config-router)# redistribute rip subnets R3(config-router)# default-metric 30

172.16.0.0 172.17.0.0

172.20.0.0 172.19.0.0

172.18.0.0

192.168.2.0 Cost = 10

Cost = 100

RIP AS OSPF

R1 R2 R3 R4

C 172.16.0.0 C 172.20.0.0 R [120/1] 172.17.0.0 R [120/1] 172.19.0.0 R [120/2] 172.18.0.0

Table R1 C 172.17.0.0 C 172.19.0.0 C 172.20.0.0 R [120/1] 172.16.0.0 R [120/1] 172.18.0.0

Table R2 C 172.18.0.0 C 172.19.0.0 R [120/1] 172.17.0.0 R [120/1] 172.20.0.0 R [120/2] 172.16.0.0 C 192.168.2.0 O [110/110] 192.168.1.0

Table R3 C 192.168.1.0 C 192.168.2.0 O E2 [110/30] 172.16.0.0 O E2 [110/30] 172.17.0.0 O E2 [110/30] 172.18.0.0 O E2 [110/30] 172.19.0.0 O E2 [110/30] 172.20.0.0

Table R4

192.168.4.0

Методы редистрибуции

#

•  Redistribution can be done through: –  One-point redistribution

•  Only one router is redistributing one-way or two-way (both ways).

– There could still be other boundary routers but they are not configured to redistribute.

–  Multipoint redistribution •  Multiple routers are used to

redistribute either one-way or two-way (both ways).

•  More prone to routing loop problems.

RIP OSPF

MulNpoint RedistribuNon

RIP OSPF

One-‐Point RedistribuNon

Предотвращение петель маршрутизации

#

•  The safest way to perform redistribution is to redistribute routes in only one direction, on only one boundary router within the network. –  However, that this results in a single point of failure in

the network. •  If redistribution must be done in both directions or on

multiple boundary routers, the redistribution should be tuned to avoid problems such as suboptimal routing and routing loops.

Рекомендации при редистрибуции

#

•  Do not overlap routing protocols. –  Do not run two different protocols in the same Internetwork. –  Instead, have distinct boundaries between networks that use

different routing protocols. •  Be familiar with your network.

–  Knowing the network will result in the best decision being made.

Ключевые моменты редистрибуции

#

•  Routes are redistributed into a routing protocol. –  Therefore, the redistribute command is configured under the routing

process that is receiving the redistributed routes.

•  Routes can only be redistributed between routing protocols that support the same protocol stack. –  For example IPv4 to IPv4 and IPv6 to IPv6. –  However, IPv4 routes cannot be redistributed into IPv6.

•  The method used to configure redistribution varies among combinations of routing protocols.

–  For example, some routing protocols require a metric to be configured during redistribution, but others do not.

Общие шаги редистрибуции

#

1.  Identify the boundary router(s) that will perform redistribution. 2.  Determine which routing protocol is the core protocol. 3.  Determine which routing protocol is the edge protocol.

– Determine whether all routes from the edge protocol need to be propagated into the core and consider methods that reduce the number of routes.

4.  Select a method for injecting the required routes into the core. – Summarized routes at network boundaries minimizes the number

of new entries in the routing table of the core routers. 5.  Consider how to inject the core routing information into the edge

protocol.

Редистрибуция в RIP

#

•  Redistribute routes into RIP.

Router(config-router)#

redistribute protocol [process-id] [match route-type] [metric metric-value] [route-map map-tag]

Parameter DescripNon protocol The source protocol from which routes are redistributed.

process-id

For OSPF, this value is an OSPF process ID.

For EIGRP or BGP, this value is an AS number.

This parameter is not required for IS-‐IS.

route-type (Op&onal) A parameter used when redistribu&ng OSPF routes into another rou&ng protocol.

metric-value

(Op&onal) A parameter used to specify the RIP hop count seed metric for the redistributed route.

If this value is not specified and no value is specified using the default-metric router configura&on command, then the default metric is 0 and interpreted as infinity which means that routes will not be redistributed.

map-tag (Op&onal) Specifies the iden&fier of a configured route map to be interrogated to filter the importa&on of routes from the source rou&ng protocol to the current RIP rou&ng protocol.

Пример редистрибуции в RIP

#

R1(config)# router rip R1(config-router)# redistribute ospf 1 metric 3 R1(config-router)#

C 10.1.1.0 R 192.168.1.0 [120/1] 0 172.16.1.0 [110/50]

Table R1 C 10.1.1.0 C 192.168.1.0 R 172.16.0.0 [120/3]

Table R2

R1 .2

Fa0/0

10.1.1.0 /24 OSPF RIP

.1

Fa0/0

O 172.16.1.0/24 [110/50] R 172.16.0.0 [120/3]

192.168.1.0 /24

R2

Редистрибуция в OSPF

#

•  Redistribute routes into OSPF.


redistribute protocol [process-id] [metric metric-value] [metric-type type-value] [route-map map-tag] [subnets] [tag tag-value]


process-id For EIGRP or BGP, this value is an AS number. This parameter is not required for RIP or IS-‐IS.

metric-value

(Op&onal) A parameter that specifies the OSPF seed metric used for the redistributed route. The default metric is a cost of 20 (except for BGP routes, which have a default metric of 1).

map-tag (Op&onal) Specifies the iden&fier of a configured route map to be interrogated to filter the importa&on of routes from the source rou&ng protocol to the current OSPF rou&ng protocol.

subnets (Op&onal) OSPF parameter that specifies that subneced routes should be redistributed. Otherwise, only classful routes are redistributed.

tag-value (Op&onal) A 32-‐bit decimal value acached to each external route to be used by ASBRs.

Пример редистрибуции в OSPF

#

R1(config)# router ospf 1 R1(config-router)# redistribute eigrp 100 subnets metric-type 1 R1(config-router)#

C 10.1.1.0 0 192.168.1.0 [110/20] D 172.16.1.0 [90/409600]

Table R1 C 10.1.1.0 C 192.168.1.0 O E1 172.16.1.0 [110/20]

Table R2

R1 .2

Fa0/0

10.1.1.0 /24 EIGRP AS 100 OSPF

.1

Fa0/0

D 172.16.1.0/24 [90/409600] O E1 172.16.1.0 [110/20]

192.168.1.0 /24

R2

Метрика по умолчанию в RIP, OSPF, BGP

#

•  Apply default metric values for RIP, OSPF, and BGP.


default-metric number

§  The number parameter is the value of the metric. §  For RIP this is the number of hops. §  For OSPF this is the assigned cost.

Пример метрики по умолчанию в OSPF

#

R1(config)# router ospf 1 R1(config-router)# default-metric 30 R1(config-router)# redistribute eigrp 100 subnets metric-type 1 R1(config-router)#

C 10.1.1.0 0 192.168.1.0 [110/20] D 172.16.1.0 [90/409600]

Table R1 C 10.1.1.0 C 192.168.1.0 O E1 172.16.1.0 [110/30]

Table R2

R1 .2

Fa0/0

10.1.1.0 /24 EIGRP AS 100 OSPF

.1

Fa0/0

D 172.16.1.0/24 [90/409600] O E1 172.16.1.0 [110/30]

192.168.1.0 /24

R2

Редистрибуция в EIGRP

#

•  Redistribute routes into EIGRP.


redistribute protocol [process-id] [match route-type] [metric metric-value] [route-map map-tag]


process-id For OSPF, this value is an OSPF process ID. For BGP, this value is an AS number. This parameter is not required for RIP or IS-‐IS.

route-type (Op&onal) A parameter used when redistribu&ng OSPF routes into another rou&ng protocol.

metric-value

Required if the default-metric command is not configured otherwise it is op&onal . A parameter that specifies the EIGRP seed metric, in the order of bandwidth, delay, reliability, load, and maximum transmission unit (MTU), for the redistributed route. If this value is not specified when redistribu&ng from another protocol and no default metric has been configured, then no routes will not be redistributed.

map-tag (Op&onal) Specifies the iden&fier of a configured route map to be interrogated to filter the importa&on of routes from the source rou&ng protocol to the current EIGRP rou&ng protocol.

Пример редистрибуции в EIGRP

#

R1(config)# router eigrp 100 R1(config-router)# redistribute ospf 1 metric 10000 100 255 1 1500 R1(config-router)#

C 10.1.1.0 0 192.168.1.0 [90/307200] O 172.16.1.0 [110/50]

Table R1 C 10.1.1.0 C 192.168.1.0 D EX 172.16.1.0 [170/307200]

Table R2

R1 .2

Fa0/0

10.1.1.0 /24 OSPF EIGRP AS 100

.1

Fa0/0

O 172.16.1.0/24 [110/50] D EX 172.16.1.0/24 [170/281600]

192.168.1.0 /24

R2

Метрика по умолчанию в EIGRP

#

•  Apply metric values for EIGRP.

•  Router(config-router)#

•  default-metric bandwidth delay reliability loading mtu

Parameter DescripNon

bandwidth The route’s minimum bandwidth in kilobits per second (kbps).

It can be 0 or any posi&ve integer.

delay Route delay in tens of microseconds.

It can be 0 or any posi&ve integer that is a mul&ple of 39.1 nanoseconds.

reliability The likelihood of successful packet transmission, expressed as a number from 0 to 255, where 255 means that the route is 100 percent reliable, and 0 means unreliable.

loading The route’s effec&ve loading, expressed as a number from 1 to 255, where 255 means that the route is 100 percent loaded.

mtu Maximum transmission unit. The maximum packet size in bytes along the route; an integer greater than or equal to 1.

Пример метрики по умолчанию в EIGRP

#

R1(config)# router eigrp 100 R1(config-router)# default-metric 10000 100 255 1 1500 R1(config-router)# redistribute ospf 1 R1(config-router)#

C 10.1.1.0 0 192.168.1.0 [90/307200] O 172.16.1.0 [110/50]

Table R1 C 10.1.1.0 C 192.168.1.0 D EX 172.16.1.0 [170/307200]

Table R2

R1 .2

Fa0/0

10.1.1.0 /24 OSPF EIGRP AS 100

.1

Fa0/0

O 172.16.1.0/24 [110/50] D EX 172.16.1.0/24 [170/281600]

192.168.1.0 /24

R2

Изменение административной дистанции

#

•  When routes are redistributed between two different routing protocols, some information may be lost making route selection more confusing.

•  One approach to correct this is to control the administrative distance to indicate route selection preference and ensure that route selection is unambiguous. –  Although, this approach does not always guarantee the best route

is selected, only that route selection will be consistent. •  For all protocols use the distance administrative-distance

router configuration command. –  Alternatively for OSPF, use the distance ospf command. –  Alternatively for EIGRP, use the distance eigrp command.

Изменение административной дистанции

#

•  Change the default administrative distances.


•  distance administrative-distance [address wildcard-mask [ip-standard-list] [ip-extended-list]]


administrative-distance Sets the administra&ve distance, an integer from 10 to 255.

address (Op&onal) Specifies the IP address; this allows filtering of networks according to the IP address of the router supplying the rou&ng informa&on.

wildcard-mask (Op&onal) Specifies the wildcard mask used to interpret the IP address.

ip-standard-list ip-extended-list

(Op&onal) The number or name of a standard or extended access list to be applied to the incoming rou&ng updates. Allows filtering of the networks being adver&sed.

Изменение административной дистанции OSPF

#

•  Change the default administrative distances of OSPF.


•  distance ospf {[intra-area dist1] [inter-area dist2] [external dist3]


dist1

(Op&onal) Specifies the administra&ve distance for all OSPF routes within an area.

Acceptable values are from 1 to 255 while the default is 110.

dist2

(Op&onal) Specifies the administra&ve distance for all OSPF routes from one area to another area.


dist3

(Op&onal) Specifies the administra&ve distance for all routes from other rou&ng domains, learned by redistribu&on.


Изменение административной дистанции EIGRP

#

•  Change the default administrative distance of EIGRP.


•  distance eigrp internal-distance external-distance


internal-distance Specifies the administra&ve distance for EIGRP internal routes. The distance can be a value from 1 to 255 while the default is 90.

external-distance Specifies the administra&ve distance for EIGRP external routes. The distance can be a value from 1 to 255 while the default is 170.

Проверка редистрибуции

#

•  Know the network topology. –  Pay particularly attention to where redundant routes exist.

•  Study the routing tables on a variety of routers in the network. –  For example, check the routing table on the boundary router and on some

of the internal routers in each autonomous system. •  Examine the topology table of each configured routing protocol to ensure that

all appropriate prefixes are being learned.

•  Use the traceroute EXEC command on some of the routes to verify that the shortest path is being used for routing.

–  Be sure to run traces to networks for which redundant routes exist. •  When troubleshooting, use the traceroute and debug commands to

observe the routing update traffic on the boundary routers and on the internal routers.

Внедрение IPv6 –

неизбежное будущее или

реальность

Будущее – IPv6

•  Возможность развития сетей в будущем напрямую зависит от доступности IP адресов

–  IPv6 совмещает в себе расширенное адресное пространство и более эффективный заголовок

–  Будучи очень похожим на IPv4, IPv6 поддерживает более жесткую иерархию, необходимую в будущем

#

Адресное пространство IPv4

•  IPv4 был стандартизирован в 1981г. •  Адресное пространство – 4,29 миллиарда адресов •  Население планеты – 4,41 миллиарда человек

#

Взрывной рост IP устройств

#

Адресное пространство IPv6

#

Оставшиеся IPv4 адреса

•  IANA уже распределила последний /8 префикс региональным регистраторам

•  В некоторых регионах уже не осталось /8 префиксов

#

Особенности IPv6

•  Larger address space –  IPv6 addresses are 128 bits, compared to IPv4’s 32 bits.

•  There are enough IPv6 addresses to allocate more than the entire IPv4 Internet address space to everyone on the planet.

•  Elimination of public-to-private NAT –  End-to-end communication traceability is possible.

•  Elimination of broadcast addresses –  IPv6 now includes unicast, multicast, and anycast addresses.

•  Support for mobility and security –  Helps ensure compliance with mobile IP and IPsec standards.

•  Simplified header for improved router efficiency

#

Типы адресов IPv6

#

Тип адреса Описание Топология

Unicast “One to One” •  An address des&ned for a single interface. •  A packet sent to a unicast address is delivered to the

interface iden&fied by that address.

Mul&cast “One to Many” •  An address for a set of interfaces (typically belonging to

different nodes). •  A packet sent to a mul&cast address will be delivered to all

interfaces iden&fied by that address.

Anycast “One to Nearest” (Allocated from Unicast) •  An address for a set of interfaces. •  In most cases these interfaces belong to different nodes. •  A packet sent to an anycast address is delivered to the

closest interface as determined by the IGP.

Новшества IPv6

•  Prefix renumbering –  IPv6 allows simplified mechanisms for address and prefix

renumbering. •  Multiple addresses per interface

–  An IPv6 interface can have multiple addresses. •  Link-local addresses

–  IPv6 link-local addresses are used as the next hop when IGPs are exchanging routing updates.

•  Stateless autoconfiguration: –  DHCP is not required because an IPv6 device can automatically

assign itself a unique IPv6 link-local address. •  Provider-dependent or provider-independent addressing

#

IPv4 устарел?

•  IPv4 is in no danger of disappearing overnight. –  It will coexist with IPv6 and then gradually be replaced.

•  IPv6 provides many transition options including: –  Dual stack:

•  Both IPv4 and IPv6 are configured and run simultaneously on the interface.

–  IPv6-to-IPv4 (6to4) tunneling and IPv4-compatible tunneling.

–  NAT protocol translation (NAT-PT) between IPv6 and IPv4.

#

Адреса IPv6

•  IPv6 increases the number of address bits by a factor of 4, from 32 to 128, providing a very large number of addressable nodes.

#

IPv4 = 32 bits

11111111.11111111.11111111.11111111

IPv6 = 128 bits

11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111

Распределение адресов IPv6

•  The following displays how IPv6 global unicast addresses are allocated by the IANA. –  Only a small portion (12.5%) of the IPv6 address space is being

allocated to the Registries in the range of 2001::/16.

#

Специфика адресов IPv6

•  The 128-bit IPv6 address is written using hexadecimal numbers. –  Specifically, it consists of 8, 16-bit segments separated

with colons between each set of four hex digits (16 bits).

–  Referred to as “coloned hex” format.

–  Hex digits are not case sensitive. –  The format is x:x:x:x:x:x:x:x, where x is a 16-

bit hexadecimal field therefore each x is representing four hexadecimal digits.

•  An example address is as follows: •  2035:0001:2BC5:0000:0000:087C:0000:000A

#

Пример адреса IPv6

#

2031:0000:130F:0000:0000:09C0:876A:130B

2031: 0:130F: 0: 0: 9C0:876A:130B

2031:0:130F:0:0:9C0:876A:130B 2031:0:130F:0:0:9C0:876A:130B

2031:0:130F::9C0:876A:130B

Пример адреса IPv6

#

FF01:0:0:0:0:0:0:1 = FF01::1

E3D7:0000:0000:0000:51F4:00C8:C0A8:6420 = E3D7::51F4:C8:C0A8:6420

3FFE:0501:0008:0000:0260:97FF:FE40:EFAB

= 3FFE:501:8:0:260:97FF:FE40:EFAB

= 3FFE:501:8::260:97FF:FE40:EFAB

FF01:0000:0000:0000:0000:0000:0000:1

IPv6 Addressing in an Enterprise Network

•  An IPv6 address consists of two parts: •  A subnet prefix representing the network to which the interface is

connected. •  Usually 64-bits in length.

•  An interface ID, sometimes called a local identifier or a token. •  Usually 64-bits in length.

IPv6 = 128 bits

11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111 11111111.11111111.11111111.11111111

Subnet prefix Interface ID

IPv6 адресация в корпоративной сети

#

•  IPv6 uses the “/prefix-length” CIDR notation to denote how many bits in the IPv6 address represent the subnet.

•  The syntax is ipv6-address/prefix-length –  ipv6-address is the 128-bit IPv6 address –  /prefix-length is a decimal value representing how many of

the left most contiguous bits of the address comprise the prefix. For example: fec0:0:0:1::1234/64

is really fec0:0000:0000:0001:0000:0000:0000:1234/64

–  The first 64-bits (fec0:0000:0000:0001) forms the address prefix.

–  The last 64-bits (0000:0000:0000:1234) forms the Interface ID.

Префикс подсети

#

•  The prefix length is almost always /64. –  However, IPv6 rules allow for either shorter or longer prefixes –  Although prefixes shorter than /64 can be assigned to a device

(e.g., /60), it is considered bad practice and has no real application.

•  Deploying a /64 IPv6 prefix on a device: –  Is pre-subscribed by RFC3177 (IAB/IESG Recommendations on

IPv6 Address Allocations to Sites) –  Allows Stateless Address Auto Configuration (SLAAC) (RFC 2462)

Специальные IPv6 адреса

#

IPv6 Address DescripNon

::/0 • All routes and used when specifying a default sta&c route. •  It is equivalent to the IPv4 quad-‐zero (0.0.0.0).

::/128 • Unspecified address and is ini&ally assigned to a host when it first resolves its local link address.

::1/128 •  Loopback address of local host. • Equivalent to 127.0.0.1 in IPv4.

FE80::/10 •  Link-‐local unicast address. •  Similar to the Windows autoconfigura&on IP address of 169.254.x.x.

FF00::/8 • Mul&cast addresses.

All other addresses • Global unicast address.

Диапазоны IPv6 адресов

#

•  Address types have well-defined destination scopes: –  Link-local address –  Global unicast address –  Site-local address

Link-‐Local Site-‐Local Global (Internet)

§ Note: •  Site-‐Local Address are deprecated in RFC 3879.

Несколько IP адресов на интерфейсе

#

•  An interface can have multiple IPv6 addresses simultaneously configured and enabled on it. –  However, it must have a link-local address.

•  Typically, an interface is assigned a link-local and one (or more) global IPv6 address. –  For example, an Ethernet interface can have:

•  Link-local address (e.g., FE80::21B:D5FF:FE5B:A408) •  Global unicast address (e.g., 2001:8:85A3:4289:21B:D5FF:FE5B:A408)

•  Note: –  An interface could also be configured to simultaneously support

IPv4 and IPv6 addresses. –  This creates a “dual-stacked” interface which is discussed later.

IPv6 Link-Local адреса

#

•  Link-local addresses are used for automatic address configuration, neighbor discovery, router discovery, and by many routing protocols.

•  They are dynamically created using a link-local prefix of FE80::/10 and a 64-bit interface identifier. –  Unique only on the link, and it is not routable off the link.

128 bits

FE80 1111 1110 1000 0000 0000 0000 ... 0000 0000 0000

Interface ID

/10

FE80::/10

/64

IPv6 Link-Local адреса

#

§  Link-local packets are unique only on the link, and are not routable off the link.

–  Packets with a link-local destination must stay on the link where they have been generated.

–  Routers that could forward them to other links are not allowed to do so because there has been no verification of uniqueness outside the context of the origin link.K

128 bits

FE80 1111 1110 1000 0000 0000 0000 ... 0000 0000 0000

Interface ID

/10

FE80::/10

/64

Пример IPv6 Link-Local адресов

#

R1# show ipv6 interface loopback 100

Loopback100 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::222:55FF:FE18:7DE8

No Virtual link-local address(es):

Global unicast address(es):

2001:8:85A3:4290:222:55FF:FE18:7DE8, subnet is 2001:8:85A3:4290::/64 [EUI]

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF18:7DE8

MTU is 1514 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is not supported

ND reachable time is 30000 milliseconds (using 31238)

Hosts use stateless autoconfig for addresses.

R1#

IPv6 Global Unicast адреса

#

•  A global unicast address is an IPv6 address from the global public unicast prefix (2001::/16). –  The structure enables aggregation of routing prefixes to reduce the

number of routing table entries in the global routing table. •  Global unicast addresses are aggregated upward through

organizations and eventually to the ISPs.

IPv6 Global Unicast адреса

#

•  The global unicast address typically consists of: –  A 48-bit global routing prefix –  A 16-bit subnet ID –  A 64-bit interface ID (typically in EUI-64 bit format).

Global Rou&ng Prefix Subnet ID Interface ID

2001 0010

0008 21B:D5FF:FE5B:A408

/23

Registry

/32

ISP Prefix

/48

Site Prefix

/64

Subnet Prefix

Пример IPv6 Global Unicast адреса

#

R1# show ipv6 interface loopback 100

Loopback100 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::222:55FF:FE18:7DE8

No Virtual link-local address(es):

Global unicast address(es):

2001:8:85A3:4290:222:55FF:FE18:7DE8, subnet is 2001:8:85A3:4290::/64 [EUI]

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF18:7DE8

MTU is 1514 bytes

ICMP error messages limited to one every 100 milliseconds

ICMP redirects are enabled

ICMP unreachables are sent

ND DAD is not supported

ND reachable time is 30000 milliseconds (using 31238)

Hosts use stateless autoconfig for addresses.

R1#

Настройка IPv6 Unicast адресов

#

IPv6 Unicast Address Assignment

Link-‐local (FE80::/10) Address Assignment

StaNc

IPv6 Address

Dynamic

Automa&cally created (EUI-‐64 format) if a global unicast IPv6 address is

configured

Global Routable Address Assignment

StaNc

IPv6 Address

IPv6 Unnumbered

Dynamic

Stateless Autoconfigura&on

DHCPv6

Включение IPv6 на интерфейсе

#

Configure an IPv6 address and prefix.

Router(config-if)#

ipv6 address address/prefix-length [link-local | eui-64]

•  Command is used to statically configure an IPv6 address and prefix on an interface. –  This enables IPv6 processing on the interface.

•  The link-local parameter configures the address as the link-local address on the interface.

•  The eui-64 parameter completes a global IPv6 address using an EUI-64 format interface ID.

Назначение Link-Local адресов

#

•  Link-local addresses are created: –  Automatically using the EUI-64 format if the interface has IPv6 enabled on

it or a global IPv6 address configured.

–  Manually configured interface ID. •  Manually configured interface IDs are easier to remember than EUI-64 generated

IDs.

•  Notice that the prefix mask is not required on link-local addresses because they are not routed.

R2 R1

.2

R1(config)# interface fa0/0 R1(config-if)# ipv6 address FE80::1 ? link-local use link-local address R1(config-if)# ipv6 address FE80::1 link-local R1(config-if)# end R1#

Назначение Link-Local адресов

#

§  The output confirms the link-local address.

R2

FE80::1

R1

.2

R1# show ipv6 interface fa0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 [TEN] No global unicast address is configured Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. R1(config-if)#

Назначение Static Global Unicast адресов

#

•  Global Unicast IPv6 addresses are assigned by omitting the link-local parameter.

•  For example, IPv6 address 2001:1::1/64 is configured on R1’s Fast Ethernet 0/0. –  Notice that the entire address is manually configured and that the EUI-64

format was not used.

R2 R1

.2

R1(config)# ipv6 unicast-routing R1(config)# interface fa0/0 R1(config-if)# ipv6 address 2001:1::1/64 R1(config-if)#

FE80::1


#

•  Notice that by simply configuring a global unicast IPv6 address on an interface also automatically generates a link-local interface (EUI-64) interface.

R2 R1

.2 FE80::1

R1# show ipv6 interface fa0/1 R1# config t R1(config)# int fa0/1 R1(config-if)# ipv6 add 2001::/64 eui-64 R1(config-if)# do show ipv6 interface fa0/1 FastEthernet0/1 is administratively down, line protocol is down IPv6 is enabled, link-local address is FE80::211:92FF:FE54:E2A1 [TEN] Global unicast address(es): 2001::211:92FF:FE54:E2A1, subnet is 2001::/64 [EUI/TEN] Joined group address(es): FF02::1 FF02::2 FF02::1:FF54:E2A1 MTU is 1500 bytes <output omitted>


#

R2

FE80::1 2001:1::1/64

R1

.2

R1# show ipv6 interface fa0/0 FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 [TEN] Global unicast address(es): 2001:1::1, subnet is 2001:1::/64 [TEN] Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. R1#

Назначение нескольких IPv6 адресов

#

•  What would happen if we configured 2 different IPv4 addresses and 2 different IPv6 addresses on the same interface?

R2 R1

.2

R1(config)# interface fa0/0 R1(config-if)# ip address 10.20.20.1 255.255.255.0 R1(config-if)# ip address 10.10.10.1 255.255.255.0 R1(config-if)# ipv6 address 2001:1::1/64 R1(config-if)# ipv6 address 2002:1::1/64 R1(config-if)# end R1#

FE80::1 2001:1::1/64

Назначение нескольких IPv6 адресов

#

•  The second IPv4 entry replaced the first entry. –  However, both IPv6 addresses have been assigned to the Fa0/0 interface.

•  Interfaces can have multiple IPv6 addresses assigned to them. –  These addresses can be used simultaneously.

R2 R1

.2

R1# show run interface fa0/0 Building configuration... Current configuration : 162 bytes ! interface FastEthernet0/0 ip address 10.10.10.1 255.255.255.0 duplex auto speed auto ipv6 address 2001:1::1/64 ipv6 address 2002:1::1/64 ipv6 address FE80::1 link-local end R1#

10.10.10.1/24 FE80::1 2001:1::1/64 2001:2::1/64

Маршрутизация IPv6

#

•  IPv6 supports the following routing: –  Static Routing –  RIPng –  OSPFv3 –  IS-IS for IPv6 –  EIGRP for IPv6 –  Multiprotocol BGP version 4 (MP-BGPv4)

•  For each routing option above, the ipv6 unicast-routing command must be configured.

Заключение

Сертификация для сетевых инженеров

#

§ CCENT: install and verify basic IP network with supervision

§ CCNA: also… configure and maintain a multisite enterprise network, as directed

§ CCNP: also… plan and troubleshoot enterprise networks with advanced solutions, collaborating with network specialists § CCIE: also… independently troubleshoot and optimize network performance in complex and integrated enterprise networks

Курс CCNP ROUTE

•  Курс «Построение маршрутизируемых сетей

Cisco» (ROUTE) – является частью трека CCNP

•  Цель курса - Подготовка сетевых профессионалов,

способных планировать, строить и поддерживать

большие маршрутизируемые IP сети

#

Курс CCNP ROUTE

В результате обучения вы научитесь:

•  осуществлять расширенную настройку протоколов

маршрутизации EIGRP и OSPF;

•  управлять обновлениями протоколов маршрутизации;

•  настраивать фильтрацию маршрутной информации;

•  настраивать протокол BGP в корпоративной сети для

подключения к нескольким сетям провайдера;

•  использовать возможности маршрутизации для

подключения удаленных офисов;

•  внедрять протокол IPv6 в сети предприятия.

#

Промокод #BIGNET

Скидка 10% на профессиональный курс CCNP ROUTE

Курс CCNP ROUTE

#

Вопросы?

[email protected]

Технологии построения крупных сетей

Technology