Monthly Archives: April 2016

Performance Routing (PfR)

Leave a reply

Phases wheel:

  1. Profile/Learning Phase – learn flows with high latency and throughput = monitored traffic classes (MTC).
  2. Measure Phase – Collect and compute performance metrics for MTC.
  3. Apply Policy Phase – create low and high thresholds defining in-policy and out-of-policy (OOP) categories.
  4. Control Phase – influence by manipulating routing or PBR.
  5. Verify Phase – verify OOP event to make adjustmets to bring back in-policy.

Inrefaces types:

  1. Internal – connect to the internal network with Master Controller
  2. External – used to transmit packets out of the local network. Interfaces that monitored. At least 2.
  3. Local – used in the formation of the control plane mechanism. Source to communicate with Master Controller.

Operational Roles

Mandatory authentication – key-chains!

Master Controller (MC) and Border router (BR).

A single MC can support up to ten individual border routers
or up to 20 managed exit interfaces (external interfaces).

 

Passive monitoring: Measuring the performance metrics of interesting prefixes while the traffic is flowing through the device using NetFlow technology

Active monitoring: Creating a stream of synthetic traffic replicating the interesting traffic classes as closely as possible to measure the performance metrics of the synthetic traffic; uses Cisco integrated IP SLAs technology

Both active and passive monitoring: Combining both active and passive monitoring to generate a more complete picture of traffic flows within the network

Route redistribution and summarization

Leave a reply

Order of metric operations:

  1. Call a route map from the redistribute command, with the route map using the set
    metric command. This method allows different metrics for different routes.
  2. Use the metric option on the redistribute command. This sets the same metric for
    all routes redistributed by that redistribute command.
  3. Use the default-metric command under the router command. This command sets the
    metric for all redistributed routes whose metric was not set by either of the other
    two methods.
IGP Default Metric Default (and Possible) Metric Types
RIP
EIGRP External
OSPF 20/1 E2 (E1 or E2)
IS-IS 0 L1 (L1, L2, L1/L2, or external)

Distance

distance { distance-value neigh-ip-address { wildcard-mask } [ ip-standard-list ]
[ ip-extended-list ]
distance distance
distance eigrp internal-distance external-distance
distance ospf {[ intra-area dist1 ] [ inter-area dist2 ] [ external dist3 ]}
distance bgp external internal local

Default routing

RIP EIGRP OSPF
redistribute static Yes Yes No
default-information originate Yes No Yes
ip default-network Yes Yes No
Summary routes No Yes No

If a static route to 0.0.0.0/0 is in the local routing table, the default-information originate command does NOT cause RIP to inject a default. Redistribute static should be used in that case.

Cisco documentation advises against using route summarization to create a default route.

 

OSPF

Leave a reply

 

Change the cost of the default route advertised into a stub or NSSA area.

area 1 default-cost 123

 

Type7 to Type5 by ABR with highest RID.
Forwarding-address not ZERO in Type7 and Type7 to Type5. Recurse to Type3 and not Type4.
The ABR connected to the NSSA takes the type 7 LSAs and converts them into type 5 LSAs, which makes it an ASBR as well. Therefore this ABR doesn’t generate a type 4 LSAs for itself. The type 4 LSA is rather generated by the other ABRs connected to other areas.
Per the NSSA area RFC, the use of FA is mandatory with these LSAs. The reason is that there is only one 7-to-5 translating ABR and this might result in suboptimal routing without the use of FA.
FA SHOULD be reachable via OSPF.

(config-router)#area 2 nssa translate type7 ?
  always       Always translate LSAs on this ABR
  suppress-fa  Suppress forwarding address in translated LSAs

area 1 nssa default-information-originate – generates Type7 default with metric 1

default-information originate [always] – generates Type5 default with metric 1

Redistribution

Optional subnets. Metric 1 for BGP, 20 for others.

  default-metric         Set metric of redistributed routes

 

LSInfinity
http://thenetworksherpa.com/ospf-lsinfinity-not-equal-lsinfinity/

Hidden commands

sh ip ospf delete
show ip ospf maxage-list

 

 

 

DHCP options

Leave a reply
Option Description Command
Option 12
 Name of the client ip dhcp client hostname host-name
Option 51
 Request lease time ip dhcp client lease days [hours] [minutes]
Option 55
 Turn off some of the requested options [no] ip dhcp client request option-name
Option 60
 Vendor class identifier string ip dhcp client class-id { ascii string | hex string }
Option 61
 Specify unique client identifier ip dhcp client client-id { interface-name| ascii string | hex string }

DHCP Client Identifier = hardware type (usually 01) + client hardware address.

Client Identifier NOT used for BOOTP. Solely for DHCP.

URPF with ACL configured order of operations

Leave a reply

Step 1 Input ACLs configured on the inbound interface are checked.

Step 2 Unicast RPF checks to see if the packet has arrived on the best return path to the source, which it does by doing a reverse lookup in the FIB table.

Step 3 CEF table (FIB) lookup is carried out for packet forwarding.

Step 4 Output ACLs are checked on the outbound interface.

Step 5 The packet is forwarded.

EIGRP

Leave a reply

K values and Classic and Wide metrics

K1 trough K5. By default K1 and K3 == 1; all others – 0 (only BW and Delay re taken into account).

  • metric = [k1 * BW + (k2 * BW)/(256 – load) + k3 * delay]
  • If k5 != 0, metric = metric * [k5/(reliability + k4)]

Scaled Bandwidth = 10^7/minimum interface bandwidth (in kilobits per second) * 256
Delay is in tens of microseconds * 256. hexadecimal FFFFFFFF (decimal 4294967295) – unreachable.
Reliability is given as a fraction of 255. That is, 255 is 100 percent reliability or a perfectly stable link.
Load is given as a fraction of 255. A load of 255 indicates a completely saturated link.

  • metric = [k1 * Throughput + (k2 * Troughput)/(256 – load) + k3 * Latency + k6 * ExtM]
  • If k5 != 0, metric = metric * [k5/(reliability + k4)]

BW is now Throughput * 65536
DLY is now Latency * 65536
ExtM are the extended metrics (Jitter, Energy, and Quiescent Energy).

RIB is capable of handling only 32-bit metrics. Default is to scale * 1/128

metric rib-scale [1-255]

 Packet format

Encapsulated directly to IP with proto number 88;

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Header Version | Opcode        |           Checksum            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                             Flags                             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Sequence Number                        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                    Acknowledgement number                     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  Virtual Router ID              | Autonomous system number    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Flags – 32-bit field indicating specific flags: 0x1 = Init (used during initial adjacency buildup), 0x2 = Conditional Receive (used by RTP to allow this message to be received only by a subset of receivers), 0x4 = Restart (indicates that a router has restarted), 0x8 = End-of-Table (indicates that the transmission of the entire EIGRP database is complete).

Opcode – 4 bit field. 1 = Update, 3 = Query, 4 = Reply, 5 = Hello/Ack, 10 = SIA Query, 11 = SIA Reply.

Virtual router ID – 0x1 = Unicast Address Family, 0x2 = Multicast Address Family, 0x8000 = Unicast Service Address Family

TLVs: 
0x0001 EIGRP Parameters (General TLV Types)
0x0002 Authentication Type (General TLV Types)
0x0003 Sequence (General TLV Types)
0x0004 Software Version (General TLV Types)
0x0005 Next Multicast Sequence (General TLV Types)
0x0102 IPv4 Internal Routes (IP-Specific TLV Types)
0x0103 IPv4 External Routes (IP-Specific TLV Types)
0x0402 IPv6 Internal Routes (IP-Specific TLV Types)
0x0403 IPv6 External Routes (IP-Specific TLV Types)
0x0602 Multi Protocol Internal Routes (AFI-Specific TLV Types)
0x0603 Multi Protocol External Routes (AFI-Specific TLV Types)

Packet types

  • Hello

    224.0.0.10 in IPv4, and FF02::A in IPv6. 5 seconds; 60 seconds for NBMA with the bandwidth setting of 1544 kbps and less;

  • Acknowledgement

    always unicasted to the sender of the acknowledged packet. Hello packet with an empty body (that is, no TLVs) and having a non-zero Acknowledgment number field.

  • Update
     Multicast or unicast. During a new adjacency buildup – unicast, then – multicast. Might choose to use multicast for efficiency (DMVPN). On point-to-point interfaces and for statically configured neighbors – always unicast. Retransmit the Update as unicast to the unresponsive neighbor.
  • Query

    Involve neighbors in the task of searching for the best route toward a destination. ACK does not constitute a response to the Query message, only an acknowledgment that the Query has been received. Multicast on multiaccess, unicast on point-to-point and static neighbors; unicast to unresponsive neighbor.

  • Reply

    Response to Query. Always unicasted to the originator.

  • SIA-Query
  • SIA-Reply

    If the neighbor is reachable and is still engaged in the diffusing computation for the destination specified in the SIA-Query, it will immediately respond with an SIA-Reply packet. As a result, the timer that governs the maximum time a diffusing computation is allowed to run is reset, giving the computation extra time to finish. Both are unicast.

Update, Query, Reply, SIA-Query, and SIA-Reply packets are also called reliable packets.

Next Multicast Sequence TLV contains the upcoming sequence number of the next reliable multicasted message. The Sequence TLV contains a list of all lagging neighbors by their IP address.  A neighbor receiving this Sequenced Hello packet and not finding itself in the Sequence TLV will know that it is expected to receive the upcoming multicast packet, and will put itself into a so-called Conditional Receive mode (CR-mode).  Sending router will send the next multicast packet with the CR flag set in its Flags field. Routers in CR-mode will process this packet as usual and then exit the CR-mode; routers not in CR-mode will ignore it.

multicast flow timer – time to wait for ACK
retransmission timeout (RTO) – time between the sub- sequent unicasts. Typically 6 times the SRTT. Min 100ms, max 5000 ms.
smooth round-trip time (SRTT) –  average elapsed time, measured in milliseconds, between the transmission of a reliable packet to the neighbor and the receipt of an acknowledgment

If a reliable packet is not acknowledged before 16 retransmissions and the Hold Timer duration has passed, re-initialize the neighbor.

Router Adjacencies

Parameters to match:

  • EIGRP Authentication Parameters (if configured)
  • EIGRP K-Values
  • EIGRP Autonomous System (AS) Number
  • Use of primary addresses for EIGRP neighbor relationships
  • Use of the common IP network address on a single subnet

Timers (do not need to match):
Hello – 5 seconds60 seconds for NBMA with the bandwidth setting of 1544 kbps and less;
Hold – 15 or 180 seconds, depending on the interface type. Changing Hello does NOT result recalculation of Hold.

Process:
add image from page 377 here.

DUAL

  • Reported Distance (RD) (or Advertised Distance) corresponds to the current best distance of the particular neighbor to the destination.
  • Computed Distance (CD) shows the total metric of reaching the destination over the particular neighbor. RD of the neighbor + the cost of the link to the neighbor.
  • FD is a record of the lowest known distance since the last transition from the Active to Passive state. FD is a historical record, or a historical copy, of the smallest known CD toward a particular destination, with the history starting anew with the last Active-to-Passive transition. Not necessarily equal to CD. Internal value. Not advertised.
  • Feasibility condition – any neighbor whose Reported Distance is strictly smaller than this router’s Feasible Distance cannot form a routing loop. RD < FD. Sometimes called the Source Node Condition.

Feasible Successors – neighbors that pass the FC.
Successors – neighbors that report the least CD.

Local & diffusing computations.

After a failure:
1. Choose the neighbor that provides the least CD.
2. If it meets FCstart using it right away; if it does notput route into Active .

Stuck-In-Active – torn down all neighbors that did not reply. Consider that they responded with an infinite metric.
Active timer – 3 min; 1 – 65535.

(config-router)#timers active-time

If a neighbor does not respond to a Query message with its Reply within half of the Active timer time, the router will send the neighbor a SIA-Query message. Wait for SIA-Reply within the next half of the Active timer. Receiving an SIA-Reply allows the Active timer to be reset.  Three SIA-Queries can be sent, each after half of the Active timer.

Named Mode

Starting from 15.0(1)M.
Multiple processes named and classic mix.
All EIGRP-related commands outside the named mode (such as per-interface commands) will be ignored if configured.

  • Address Family (AF) section: the AS is part of AF definition
  • Per-AF-interface section:  af-interface default holds settings for all IFs.
    • passive-interface – do not form adj
    • shutdown – completely ignore
  • Per-AF-topology section: Multi Topology Routing (MTR) in EIGRP. topology base is always present.

Router ID

4 Byte. Manually or highest IP of Lo.
Can be different for each AF.
External routes tagged by RID. Dropped if own RID received.
Recent IOSs tag internal routes also.
0.0.0.0 and 255.255.255.255 disallowed.

(config-router)#eigrp router-id

Unequal-Cost Load Balancing

variance multiplier

or

topology base
     variance multiplier

Defines how many times worse than the best path a route through a Feasible Successor can be.

Add-Path Support

Since IOS 15.3.2(T)
Must be installed in touting table (maximum-path , metric ).
Split Horizon must  be deactivated on the multipoint tunnel interface (DMVPN).
Only in named mode. Range 1 – 4.

R1-Hub(config)# router eigrp CCIE
R1-Hub(config-router)# address-family ipv4 unicast autonomous-system 1 
R1-Hub(config-router-af)# topology base 
R1-Hub(config-router-af-topology)# variance 1 
R1-Hub(config-router-af-topology)# maximum-paths 6 
R1-Hub(config-router-af-topology)# exit
R1-Hub(config-router-af)# af-interface Tunnel0 
R1-Hub(config-router-af-interface)# no split-horizon 
R1-Hub(config-router-af-interface)# no next-hop-self 
R1-Hub(config-router-af-interface)# add-paths 4

The Variance (Unequal Cost Load Balancing) and Add-Path features are not compatible with each other.

no next-hop-self no-ecmp-mode is recommended with the Add-Path feature if the hub uses multiple tunnel interfaces to reach the spoke sites (avoid setting NHS when the route is reachable via other tunnel if any of these routes’ Successors can be reached over the interface on which the route is going to be readvertised).

Stub Routing