Cisco press CCIE routing and switching exam certification guide 4th edition dec 2009 ebook DDU
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (13.28 MB, 1,081 trang )
CCIE Routing and Switching
Certification Guide
Fourth Edition
Wendell Odom, CCIE No. 1624
Rus Healy, CCIE No. 15025
Denise Donohue, CCIE No. 9566
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
ii
CCIE Routing and Switching Certification Guide, Fourth Edition
Wendell Odom, CCIE No. 1624
Rus Healy, CCIE No. 15025
Denise Donohue, CCIE No. 9566
Copyright © 2010 Pearson Education, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage and retrieval system, without written
permission from the publisher, except for the inclusion of brief quotations in a review.
Printed in the United States of America
First Printing November 2009
Library of Congress Cataloging-in-Publication Data
Odom, Wendell.
CCIE routing and switching exam certification guide / Wendell Odom, Rus Healy, Denise Donohue. -- 4th ed.
p. cm.
Includes index.
ISBN-13: 978-1-58705-980-3 (hardcover w/cd)
ISBN-10: 1-58705-980-0 (hardcover w/cd) 1. Telecommunications engineers—Certification—Study guides.
2. Routing (Computer network management)—Examinations—Study guides. 3. Telecommunication—Switching
systems—Examinations—Study guides. 4. Computer networks—Examinations—Study guides. 5. Internetworking
(Telecommunication)—Examinations—Study guides. I. Healy, Rus. II. Donohue, Denise. III. Title.
QA76.3.B78475 2010
004.6—dc22
2009041604
ISBN-13: 978-1-58705-980-3
ISBN-10: 1-58705-980-0
Warning and Disclaimer
This book is designed to provide information about Cisco CCIE Routing and Switching Written Exam, No. 350-001.
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is
implied.
The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither
liability nor responsibility to any person or entity with respect to any loss or damages arising from the information
contained in this book or from the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book
should not be regarded as affecting the validity of any trademark or service mark.
iii
Corporate and Government Sales
Cisco Press offers excellent discounts on this book when ordered in quantity for bulk
purchases or special sales. For more information, please contact: U.S. Corporate and Government Sales
1-800-382-3419
For sales outside of the U.S. please contact: International Sales
1-317-581-3793
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted
with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any comments regarding how we could
improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at
Please make sure to include the book title and ISBN in your message.
We greatly appreciate your assistance.
Publisher: Paul Boger
Associate Publisher: Dave Dusthimer
Cisco Representative: Erik Ullanderson
Cisco Press Program Manager: Anand Sundaram
Executive Editor: Brett Bartow
Managing Editor: Patrick Kanouse
Development Editor: Dayna Isley
Project Editor: Seth Kerney
Copy Editor: Keith Cline
Technical Editor(s): Maurilio Gorito, Narbik Kocharians
Editorial Assistant: Vanessa Evans
Book Designer: Louisa Adair
Composition: Mark Shirar
Indexer: Tim Wright
Proofreader: Apostrophe Editing Services
iv
About the Authors
Wendell Odom, CCIE No. 1624, is a 28-year veteran of the networking industry. He
currently works as an independent author of Cisco certification resources and occasional
instructor of Cisco authorized training for Skyline ATS. He has worked as a network
engineer, consultant, systems engineer, instructor, and course developer. He is author of
several best-selling Cisco certification titles. He maintains lists of current titles, links to
Wendell’s blogs, and other certification resources at www.TheCertZone.com.
Rus Healy, CCIE No. 15025, has worked on several Cisco Press projects, including the
third edition of this book as a coauthor, and the second edition as a technical reviewer. Rus
is chief technology officer of Annese & Associates, Cisco’s Education Partner of the Year
for the Northeast US and Canada. Rus serves on the Board of Directors of Habitat for
Humanity of New York State and Habitat for Humanity of Ontario County, NY.
Denise Donohue, CCIE No. 9566, is senior solutions architect for ePlus Technology, a
Cisco Gold partner. She works as a consulting engineer, designing networks for ePlus’s
customers. Prior to this role, she was a systems engineer for the data consulting arm of
SBC/AT&T. She has co-authored several Cisco Press books in the areas of route/switch and
voice. Denise has been a Cisco instructor and course director for Global Knowledge and
did network consulting for many years. Her areas of specialization include route/switch,
voice, and data center.
About the Technical Reviewers
Maurilio Gorito, CCIE No. 3807 (Routing and Switching, WAN Switching, and Security),
has more than 20 years of experience in networking, including Cisco networks and IBM/
SNA environments, which includes the planning, designing, implementation, and
troubleshooting of large IP networks running RIP, IGRP, EIGRP, BGP, OSPF, QoS, and
SNA worldwide, including in Brazil and the United States. Maurilio has worked for Cisco
since 2000 with the CCIE Team. As program manager, he is responsible for managing the
CCIE Routing and Switching track certification exams, and he has more than seven years
of experience proctoring CCIE lab exams. He holds degrees in mathematics and pedagogy.
Narbik Kocharians, CCIE No. 12410 (Routing and Switching, Security, SP), is a Triple
CCIE with more than 32 years of experience in the IT industry. He has designed,
implemented, and supported numerous enterprise networks. Narbik is the president of
Micronics Training Inc. (www.Micronicstraining.com), where he teaches CCIE R&S and
SP boot camps.
v
Acknowledgments
Maurilio and Narbik each did a nice job tech editing the book and finding the technical
errors that can creep into a manuscript. On his third time with editing this book, Maurilio
did his usual great job with one of the most difficult challenges with this book: help us
choose what to cover, and in what depth, and what to not cover. And what a treat to get
Narbik, one of the world’s most respected CCIE instructors, to review the book. His
comments both on technical accuracy and suggested improvements of how to go about
describing the topics were very valuable.
Joe Harris (CCIE 6200, R/S, Security, SP) did a great job for us working to update and add
to the CD question bank. Joe's expertise and experience has been a tremendous help to
improve the questions on the CD. Thanks, Joe!
We had the privilege of working with Dayna Isley as development editor this time around.
Dayna got the task of juggling a wide variety of details, keeping track of a large number of
chapters, some with few changes, some with many small changes, and some with big
chunks of new material that needed to fit well with existing material (and with 3 authors to
boot). And oh yeah, she had to do the usual development work, too. Amazing job, Dayna!
The wonderful (and mostly hidden) production folks—Patrick Kanouse’s group—did their
usual great job. When every time you see how they reworded something, or made a figure
look better, or catch a problem, it makes me appreciate the kind of team we have at Cisco
Press. In particular, thanks to Seth Kerney for managing the production process as Project
Editor for the book, and for working through all the competing tasks, large and small
changes, and the competing timelines. Many thanks to the entire production team for
pulling us through the process and making the book better.
From a more strategic perspective, thanks to Brett Bartow, the executive editor for this
book. I can remember sitting at a table at the Cisco Networker’s conference back in… 2004
I believe, and talking with Brett about the possibility of rewriting the first edition of this
book for what came to be called the second edition. Not only did Brett work hard, and with
flexibility, to get me the chance to write this book originally, he has also helped me keep a
great group of co-authors engaged with the book to help use keep the book up-to-date on a
relatively frequent update cycle.
From Wendell Odom:
As usual, the timeline for the new edition of this book coincided with a couple of other projects.
Yet again, Rus helped beyond compare. Frankly, while I may have written more net pages in this
book overall, Rus has become invested in this book, not just in time and effort, but in the amount
he cares about this book in the marketplace. Rus’s value to the ongoing shape of this book goes
far beyond any particular words or figures printed in the pages.
vi
Denise Donohue joined the team for this fourth edition, making her the fifth co-author to
work on various parts of the book. It was great to have a fresh set of eyes looking at the
content, and to have an experienced author and respected consultant/instructor work with
us was a big help as well. Without Denise, we never would have made the requested due
dates—thanks, Denise!
Finally, on the personal side, thanks to my wife, Kris, for helping make this work lifestyle
happen for me. I truly love to write, and Kris helps make that happen. Thanks, doll! And as
always, thanks to my Lord and Savior, Jesus Christ.
From Rus Healy:
Thanks to Wendell Odom and Denise Donohue for the opportunity to work with them on
this book. It’s been a satisfying and enjoyable project. It’s always a pleasure to serve on a
great team, and along with the great folks from Cisco Press, this group is one of the best!
Finally, I want to thank my wife, Nancy, and our kids, Gwen and Trevor, for putting up with
me as I took time away from family life to work on this book.
From Denise Donohue:
I would like to second all the wonderful things that Wendell said about the Cisco Press staff
and our technical reviewers. Authors are but the tip of the iceberg; producing a quality book
requires many hands, and we are so very grateful for all the help.
A big “thank you” to Wendell for the opportunity to work on this new edition. The subject
matter was interesting, and I learned some new things! What more can you ask? He and Rus
are so professional in their writing; my future books will be better because of the tips I
picked up from them.
I promised my Lord and Savior, Jesus Christ, that I’d give him a shout-out in this book.
Thanks to Him for all He’s done, including helping me understand how to explain a tough
concept or keep motivated to stay inside and write on bright, sunny spring days.
Finally, thank you to my husband and children for picking up the slack while I’m writing.
Couldn’t have done it without you!
vii
Contents at a Glance
Foreword
xxxi
Introduction
xxxii
Part I
LAN Switching
Chapter 1
Ethernet Basics
Chapter 2
Virtual LANs and VLAN Trunking
Chapter 3
Spanning Tree Protocol
Part II
IP
Chapter 4
IP Addressing
Chapter 5
IP Services
Part III
IP Routing
Chapter 6
IP Forwarding (Routing)
Chapter 7
EIGRP
217
Chapter 8
OSPF
249
Chapter 9
IGP Route Redistribution, Route Summarization, Default Routing,
and Troubleshooting 309
Chapter 10
Fundamentals of BGP Operations
Chapter 11
BGP Routing Policies
Part IV
QoS
Chapter 12
Classification and Marking
Chapter 13
Congestion Management and Avoidance
Chapter 14
Shaping, Policing, and Link Fragmentation
Part V
Wide-Area Networks
Chapter 15
Wide-Area Networks
3
31
63
105
141
181
365
427
611
493
529
567
viii
Part VI
IP Multicast
Chapter 16
Introduction to IP Multicasting
Chapter 17
IP Multicast Routing
Part VII
Security
Chapter 18
Security
Part VIII
MPLS
Chapter 19
Multiprotocol Label Switching
Part IX
IP Version 6
Chapter 20
P Version 6
Part X
Appendixes
Appendix A
Answers to the “Do I Know This Already?” Quizzes
Appendix B
Decimal to Binary Conversion Table
Appendix C
CCIE Exam Updates
Index
986
643
689
753
817
879
979
983
CD-Only
Appendix D
IP Addressing Practice
Appendix E
RIP Version 2
Appendix F
IGMP
Appendix G
Key Tables for CCIE Study
Appendix H
Solutions for Key Tables for CCIE Study
Glossary
949
ix
Contents
Foreword
xxxi
Introduction
Part I
xxxii
LAN Switching
Chapter 1
Ethernet Basics
3
“Do I Know This Already?” Quiz 3
Foundation Topics 7
Ethernet Layer 1: Wiring, Speed, and Duplex 7
RJ-45 Pinouts and Category 5 Wiring 7
Auto-negotiation, Speed, and Duplex 8
CSMA/CD 9
Collision Domains and Switch Buffering 9
Basic Switch Port Configuration 11
Ethernet Layer 2: Framing and Addressing 13
Types of Ethernet Addresses 15
Ethernet Address Formats 16
Protocol Types and the 802.3 Length Field 17
Switching and Bridging Logic 18
SPAN and RSPAN 20
Core Concepts of SPAN and RSPAN 22
Restrictions and Conditions 22
Basic SPAN Configuration 24
Complex SPAN Configuration 24
RSPAN Configuration 25
Foundation Summary 26
Memory Builders 29
Fill In Key Tables from Memory 29
Definitions 29
Further Reading 29
Chapter 2
Virtual LANs and VLAN Trunking
31
“Do I Know This Already?” Quiz 31
Foundation Topics 35
Virtual LANs 35
VLAN Configuration 35
Using VLAN Database Mode to Create VLANs 36
Using Configuration Mode to Put Interfaces into VLANs
Using Configuration Mode to Create VLANs 39
Private VLANs 40
VLAN Trunking Protocol 42
VTP Process and Revision Numbers 43
VTP Configuration 44
38
x
Normal-Range and Extended-Range VLANs
Storing VLAN Configuration 47
VLAN Trunking: ISL and 802.1Q 48
ISL and 802.1Q Concepts 48
ISL and 802.1Q Configuration 49
Allowed, Active, and Pruned VLANs 52
Trunk Configuration Compatibility 52
Configuring Trunking on Routers 53
802.1Q-in-Q Tunneling 55
Configuring PPPoE 56
Foundation Summary 59
Memory Builders 60
Fill In Key Tables from Memory 61
Definitions 61
Further Reading 61
Chapter 3
Spanning Tree Protocol
46
63
“Do I Know This Already?” Quiz 63
Foundation Topics 67
802.1d Spanning Tree Protocol 67
Choosing Which Ports Forward: Choosing Root
Ports and Designated Ports 67
Electing a Root Switch 67
Determining the Root Port 69
Determining the Designated Port 70
Converging to a New STP Topology 71
Topology Change Notification and Updating the CAM 72
Transitioning from Blocking to Forwarding 73
Per-VLAN Spanning Tree and STP over Trunks 74
STP Configuration and Analysis 76
Optimizing Spanning Tree 79
PortFast, UplinkFast, and BackboneFast 79
PortFast 80
UplinkFast 80
BackboneFast 81
PortFast, UplinkFast, and BackboneFast Configuration 81
PortChannels 82
Load Balancing Across PortChannels 82
PortChannel Discovery and Configuration 83
Rapid Spanning Tree Protocol 84
Rapid Per-VLAN Spanning Tree Plus (RPVST+) 86
Multiple Spanning Trees: IEEE 802.1s 87
Protecting STP 88
Root Guard and BPDU Guard: Protecting Access Ports 89
UDLD and Loop Guard: Protecting Trunks 89
xi
Troubleshooting Complex Layer 2 Issues 91
Layer 2 Troubleshooting Process 91
Layer 2 Protocol Troubleshooting and Commands 92
Troubleshooting Using Basic Interface Statistics 92
Troubleshooting Spanning Tree Protocol 95
Troubleshooting Trunking 95
Troubleshooting VTP 96
Troubleshooting EtherChannels 98
Approaches to Resolving Layer 2 Issues 100
Foundation Summary 101
Memory Builders 103
Fill in Key Tables from Memory 103
Definitions 103
Further Reading 103
Part II IP
Chapter 4
P Addressing
105
“Do I Know This Already?” Quiz 105
Foundation Topics 108
IP Addressing and Subnetting 108
IP Addressing and Subnetting Review 108
Subnetting a Classful Network Number 109
Comments on Classless Addressing 111
Subnetting Math 111
Dissecting the Component Parts of an IP Address 111
Finding Subnet Numbers and Valid Range of IP Addresses—Binary 112
Decimal Shortcuts to Find the Subnet Number and Valid Range of IP
Addresses 113
Determining All Subnets of a Network—Binary 116
Determining All Subnets of a Network—Decimal 118
VLSM Subnet Allocation 119
Route Summarization Concepts 121
Finding Inclusive Summary Routes—Binary 122
Finding Inclusive Summary Routes—Decimal 123
Finding Exclusive Summary Routes—Binary 124
CIDR, Private Addresses, and NAT 125
Classless Interdomain Routing 125
Private Addressing 127
Network Address Translation 127
Static NAT 128
Dynamic NAT Without PAT 130
Overloading NAT with Port Address Translation 131
Dynamic NAT and PAT Configuration 132
xii
Foundation Summary 135
Memory Builders 138
Fill in Key Tables from Memory
Definitions 139
Further Reading 139
Chapter 5
IP Services
138
141
“Do I Know This Already?” Quiz 141
Foundation Topics 146
ARP, Proxy ARP, Reverse ARP, BOOTP, and DHCP 146
ARP and Proxy ARP 146
RARP, BOOTP, and DHCP 147
DHCP 148
HSRP, VRRP, and GLBP 150
Network Time Protocol 154
SNMP 155
SNMP Protocol Messages 157
SNMP MIBs 158
SNMP Security 159
Syslog 159
Web Cache Communication Protocol 160
Implementing the Cisco IOS IP Service Level Agreement (IP SLA) Feature
Implementing NetFlow 165
Implementing Router IP Traffic Export 166
Implementing Cisco IOS Embedded Event Manager 167
Implementing Remote Monitoring 169
Implementing and Using FTP on a Router 170
Implementing a TFTP Server on a Router 171
Implementing Secure Copy Protocol 171
Implementing HTTP and HTTPS Access 172
Implementing Telnet Access 172
Implementing SSH Access 173
Foundation Summary 174
Memory Builders 179
Fill In Key Tables from Memory 179
Definitions 179
Further Reading 179
Part III IP Routing
Chapter 6
Forwarding (Routing)
181
“Do I Know This Already?” Quiz
Foundation Topics 186
IP Forwarding 186
181
163
xiii
Process Switching, Fast Switching, and Cisco Express Forwarding 187
Building Adjacency Information: ARP and Inverse ARP 188
Frame Relay Inverse ARP 189
Static Configuration of Frame Relay Mapping Information 192
Disabling InARP 193
Classless and Classful Routing 194
Multilayer Switching 195
MLS Logic 195
Using Routed Ports and PortChannels with MLS 196
MLS Configuration 197
Policy Routing 201
Optimized Edge Routing and Performance Routing 206
Device Roles in PfR 208
MC High Availability and Failure Considerations 209
PfR Configuration 209
GRE Tunnels 211
Foundation Summary 213
Memory Builders 215
Fill In Key Tables from Memory 215
Definitions 215
Further Reading 215
Chapter 7
EIGRP
217
“Do I Know This Already?” Quiz 217
Foundation Topics 221
EIGRP Basics and Steady-State Operation 221
Hellos, Neighbors, and Adjacencies 221
EIGRP Updates 224
The EIGRP Topology Table 226
EIGRP Convergence 228
Input Events and Local Computation 229
Going Active on a Route 231
Stuck-in-Active 233
Limiting Query Scope 234
EIGRP Configuration 234
EIGRP Configuration Example 234
EIGRP Load Balancing 237
EIGRP Authentication 238
EIGRP Automatic Summarization 239
EIGRP Split Horizon 240
EIGRP Route Filtering 240
EIGRP Offset Lists 242
Clearing the IP Routing Table 243
xiv
Foundation Summary 244
Memory Builders 246
Fill In Key Tables from Memory
Definitions 246
Further Reading 247
Chapter 8
OSPF
246
249
“Do I Know This Already?” Quiz 249
Foundation Topics 254
OSPF Database Exchange 254
OSPF Router IDs 254
Becoming Neighbors, Exchanging Databases, and Becoming
Adjacent 255
Becoming Neighbors: The Hello Process 257
Flooding LSA Headers to Neighbors 258
Database Descriptor Exchange: Master/Slave Relationship 259
Requesting, Getting, and Acknowledging LSAs 259
Designated Routers on LANs 260
Designated Router Optimization on LANs 260
DR Election on LANs 262
Designated Routers on WANs and OSPF Network Types 263
Caveats Regarding OSPF Network Types over NBMA Networks 264
Example of OSPF Network Types and NBMA 265
SPF Calculation 268
Steady-State Operation 269
OSPF Design and LSAs 269
OSPF Design Terms 270
OSPF Path Selection Process 271
LSA Types and Network Types 271
LSA Types 1 and 2 272
LSA Type 3 and Inter-Area Costs 275
Removing Routes Advertised by Type 3 LSAs 278
LSA Types 4 and 5, and External Route Types 1 and 2 278
OSPF Design in Light of LSA Types 280
Stubby Areas 281
Graceful Restart 284
OSPF Path Choices That Do Not Use Cost 285
Choosing the Best Type of Path 285
Best-Path Side Effects of ABR Loop Prevention 286
OSPF Configuration 288
OSPF Costs and Clearing the OSPF Process 290
Alternatives to the OSPF Network Command 292
OSPF Filtering 293
Filtering Routes Using the distribute-list Command 293
xv
OSPF ABR LSA Type 3 Filtering 295
Filtering Type 3 LSAs with the area range Command
Virtual Link Configuration 296
Configuring OSPF Authentication 298
OSPF Stub Router Configuration 301
Foundation Summary 302
Memory Builders 306
Fill In Key Tables from Memory 307
Definitions 307
Further Reading 307
Chapter 9
296
IGP Route Redistribution, Route Summarization, Default Routing, and
Troubleshooting 309
“Do I Know This Already?” Quiz 309
Foundation Topics 314
Route Maps, Prefix Lists, and Administrative Distance 314
Configuring Route Maps with the route-map Command 314
Route Map match Commands for Route Redistribution 316
Route Map set Commands for Route Redistribution 317
IP Prefix Lists 318
Administrative Distance 320
Route Redistribution 321
Mechanics of the redistribute Command 321
Redistribution Using Default Settings 322
Setting Metrics, Metric Types, and Tags 325
Redistributing a Subset of Routes Using a Route Map 326
Mutual Redistribution at Multiple Routers 330
Preventing Suboptimal Routes by Setting the Administrative Distance 332
Preventing Suboptimal Routes by Using Route Tags 335
Using Metrics and Metric Types to Influence Redistributed Routes 337
Route Summarization 339
EIGRP Route Summarization 341
OSPF Route Summarization 341
Default Routes 342
Using Static Routes to 0.0.0.0, with redistribute static 344
Using the default-information originate Command 345
Using the ip default-network Command 346
Using Route Summarization to Create Default Routes 347
Troubleshooting Complex Layer 3 Issues 349
Layer 3 Troubleshooting Process 349
Layer 3 Protocol Troubleshooting and Commands 351
IP Routing Processes 352
Approaches to Resolving Layer 3 Issues 359
xvi
Foundation Summary 361
Memory Builders 363
Fill In Key Tables from Memory
Definitions 363
Further Reading 363
363
Chapter 10 Fundamentals of BGP Operations
365
“Do I Know This Already?” Quiz 365
Foundation Topics 370
Building BGP Neighbor Relationships 371
Internal BGP Neighbors 372
External BGP Neighbors 375
Checks Before Becoming BGP Neighbors 376
BGP Messages and Neighbor States 378
BGP Message Types 378
Purposefully Resetting BGP Peer Connections 379
Building the BGP Table 380
Injecting Routes/Prefixes into the BGP Table 380
BGP network Command 380
Redistributing from an IGP, Static, or Connected Route 383
Impact of Auto-Summary on Redistributed Routes and the network
Command 385
Manual Summaries and the AS_PATH Path Attribute 388
Adding Default Routes to BGP 391
ORIGIN Path Attribute 392
Advertising BGP Routes to Neighbors 393
BGP Update Message 393
Determining the Contents of Updates 394
Example: Impact of the Decision Process and NEXT_HOP on BGP
Updates 396
Summary of Rules for Routes Advertised in BGP Updates 402
Building the IP Routing Table 402
Adding eBGP Routes to the IP Routing Table 402
Backdoor Routes 403
Adding iBGP Routes to the IP Routing Table 404
Using Sync and Redistributing Routes 406
Disabling Sync and Using BGP on All Routers in an AS 408
Confederations 409
Configuring Confederations 411
Route Reflectors 414
Foundation Summary 420
xvii
Memory Builders 424
Fill In Key Tables from Memory
Definitions 424
Further Reading 425
Chapter 11 BGP Routing Policies
424
427
“Do I Know This Already?” Quiz 427
Foundation Topics 433
Route Filtering and Route Summarization 433
Filtering BGP Updates Based on NLRI 434
Route Map Rules for NLRI Filtering 437
Soft Reconfiguration 438
Comparing BGP Prefix Lists, Distribute Lists, and Route Maps 438
Filtering Subnets of a Summary Using the aggregate-address Command 439
Filtering BGP Updates by Matching the AS_PATH PA 440
The BGP AS_PATH and AS_PATH Segment Types 441
Using Regular Expressions to Match AS_PATH 443
Example: Matching AS_PATHs Using AS_PATH Filters 446
Matching AS_SET and AS_CONFED_SEQ 449
BGP Path Attributes and the BGP Decision Process 452
Generic Terms and Characteristics of BGP PAs 452
The BGP Decision Process 454
Clarifications of the BGP Decision Process 455
Three Final Tiebreaker Steps in the BGP Decision Process 455
Adding Multiple BGP Routes to the IP Routing Table 456
Mnemonics for Memorizing the Decision Process 456
Configuring BGP Policies 458
Background: BGP PAs and Features Used by Routing Policies 458
Step 0: NEXT_HOP Reachable 460
Step 1: Administrative Weight 460
Step 2: Highest Local Preference (LOCAL_PREF) 463
Step 3: Choose Between Locally Injected Routes Based on ORIGIN PA 466
Step 4: Shortest AS_PATH 467
Removing Private ASNs 467
AS_PATH Prepending and Route Aggregation 468
Step 5: Best ORIGIN PA 471
Step 6: Smallest Multi-Exit Discriminator 471
Configuring MED: Single Adjacent AS 473
Configuring MED: Multiple Adjacent Autonomous Systems 474
The Scope of MED 474
Step 7: Prefer Neighbor Type eBGP over iBGP 475
Step 8: Smallest IGP Metric to the NEXT_HOP 475
xviii
The maximum-paths Command and BGP Decision Process Tiebreakers
Step 9: Lowest BGP Router ID of Advertising Router (with One
Exception) 476
Step 10: Lowest Neighbor ID 476
The BGP maximum-paths Command 476
BGP Communities 478
Matching COMMUNITY with Community Lists 482
Removing COMMUNITY Values 483
Filtering NLRI Using Special COMMUNITY Values 484
Foundation Summary 486
Memory Builders 490
Fill In Key Tables from Memory 490
Definitions 490
Further Reading 490
Part IV QoS
Chapter 12 Classification and Marking
493
“Do I Know This Already?” Quiz 493
Foundation Topics 497
Fields That Can Be Marked for QoS Purposes 497
IP Precedence and DSCP Compared 497
DSCP Settings and Terminology 498
Class Selector PHB and DSCP Values 499
Assured Forwarding PHB and DSCP Values 499
Expedited Forwarding PHB and DSCP Values 500
Non-IP Header Marking Fields 501
Ethernet LAN Class of Service 501
WAN Marking Fields 501
Locations for Marking and Matching 502
Cisco Modular QoS CLI 503
Mechanics of MQC 504
Classification Using Class Maps 505
Using Multiple match Commands 506
Classification Using NBAR 507
Classification and Marking Tools 508
Class-Based Marking (CB Marking) Configuration 508
CB Marking Example 509
CB Marking of CoS and DSCP 513
Network-Based Application Recognition 515
CB Marking Design Choices 516
Marking Using Policers 517
QoS Pre-Classification 518
Policy Routing for Marking 519
475
xix
AutoQoS 519
AutoQoS for VoIP 520
AutoQos VoIP on Switches 520
AutoQoS VoIP on Routers 521
Verifying AutoQoS VoIP 522
AutoQoS for the Enterprise 522
Discovering Traffic for AutoQoS Enterprise 522
Generating the AutoQoS Configuration 523
Verifying AutoQos for the Enterprise 523
Foundation Summary 524
Memory Builders 526
Fill In Key Tables from Memory 526
Definitions 526
Further Reading 527
Chapter 13 Congestion Management and Avoidance
529
“Do I Know This Already?” Quiz 529
Cisco Router Queuing Concepts 533
Software Queues and Hardware Queues 533
Queuing on Interfaces Versus Subinterfaces and Virtual Circuits
Comparing Queuing Tools 534
Queuing Tools: CBWFQ and LLQ 535
CBWFQ Basic Features and Configuration 536
Defining and Limiting CBWFQ Bandwidth 538
Low-Latency Queuing 541
Defining and Limiting LLQ Bandwidth 543
LLQ with More Than One Priority Queue 545
Miscellaneous CBWFQ/LLQ Topics 545
Queuing Summary 546
Weighted Random Early Detection 546
How WRED Weights Packets 548
WRED Configuration 549
Modified Deficit Round-Robin 550
LAN Switch Congestion Management and Avoidance 552
Cisco Switch Ingress Queueing 553
Creating a Priority Queue 553
Cisco 3560 Congestion Avoidance 555
Cisco 3560 Switch Egress Queuing 556
Resource Reservation Protocol (RSVP) 559
RSVP Process Overview 560
Configuring RSVP 562
Using RSVP for Voice Calls 563
534
xx
Foundation Summary 565
Memory Builders 565
Fill In Key Tables from Memory
Definitions 565
Further Reading 565
565
Chapter 14 Shaping, Policing, and Link Fragmentation
567
“Do I Know This Already?” Quiz 567
Foundation Topics 572
Traffic-Shaping Concepts 572
Shaping Terminology 572
Shaping with an Excess Burst 574
Underlying Mechanics of Shaping 574
Traffic-Shaping Adaptation on Frame Relay Networks 576
Generic Traffic Shaping 576
Class-Based Shaping 578
Tuning Shaping for Voice Using LLQ and a Small Tc 580
Configuring Shaping by Bandwidth Percent 583
CB Shaping to a Peak Rate 584
Adaptive Shaping 584
Frame Relay Traffic Shaping 584
FRTS Configuration Using the traffic-rate Command 586
Setting FRTS Parameters Explicitly 587
FRTS Configuration Using LLQ 588
FRTS Adaptive Shaping 590
FRTS with MQC 590
Policing Concepts and Configuration 590
CB Policing Concepts 591
Single-Rate, Two-Color Policing (One Bucket) 591
Single-Rate, Three-Color Policer (Two Buckets) 592
Two-Rate, Three-Color Policer (Two Buckets) 593
Class-Based Policing Configuration 595
Single-Rate, Three-Color Policing of All Traffic 595
Policing a Subset of the Traffic 596
CB Policing Defaults for Bc and Be 597
Configuring Dual-Rate Policing 597
Multi-Action Policing 597
Policing by Percentage 598
Committed Access Rate 599
QoS Troubleshooting and Commands 601
Troubleshooting Slow Application Response 602
Troubleshooting Voice and Video Problems 603
Other QoS Troubleshooting Tips 604
Approaches to Resolving QoS Issues 605
xxi
Foundation Summary 606
Memory Builders 608
Fill In Key Tables from Memory
Definitions 608
Further Reading 609
608
Part V Wide-Area Networks
Chapter 15 Wide-Area Networks
611
“Do I Know This Already?” Quiz 611
Foundation Topics 614
Point-to-Point Protocol 614
PPP Link Control Protocol 615
Basic LCP/PPP Configuration 615
Multilink PPP 617
MLP Link Fragmentation and Interleaving 619
PPP Compression 620
PPP Layer 2 Payload Compression 621
Header Compression 621
Frame Relay Concepts 622
Frame Relay Data Link Connection Identifiers 623
Local Management Interface 624
Frame Relay Headers and Encapsulation 625
Frame Relay Congestion: DE, BECN, and FECN 626
Adaptive Shaping, FECN, and BECN 627
Discard Eligibility Bit 628
Frame Relay Configuration 628
Frame Relay Configuration Basics 629
Frame Relay Payload Compression 632
Frame Relay Fragmentation 634
Frame Relay LFI Using Multilink PPP (MLP) 636
Foundation Summary 638
Memory Builders 641
Fill In Key Tables from Memory 641
Definitions 641
Part VI IP Multicast
Chapter 16 Introduction to IP Multicasting
643
“Do I Know This Already?” Quiz 643
Foundation Topics 646
Why Do You Need Multicasting? 646
Problems with Unicast and Broadcast Methods 647
How Multicasting Provides a Scalable and Manageable Solution
649
xxii
Multicast IP Addresses 652
Multicast Address Range and Structure 652
Well-Known Multicast Addresses 652
Multicast Addresses for Permanent Groups 653
Multicast Addresses for Source-Specific Multicast Applications and
Protocols 654
Multicast Addresses for GLOP Addressing 654
Multicast Addresses for Private Multicast Domains 655
Multicast Addresses for Transient Groups 655
Summary of Multicast Address Ranges 655
Mapping IP Multicast Addresses to MAC Addresses 656
Managing Distribution of Multicast Traffic with IGMP 657
Joining a Group 658
Internet Group Management Protocol 659
IGMP Version 2 660
IGMPv2 Host Membership Query Functions 662
IGMPv2 Host Membership Report Functions 663
IGMPv2 Leave Group and Group-Specific Query Messages 666
IGMPv2 Querier 669
IGMPv2 Timers 669
IGMP Version 3 670
LAN Multicast Optimizations 672
Cisco Group Management Protocol 672
IGMP Snooping 678
Router-Port Group Management Protocol 683
Foundation Summary 686
Memory Builders 686
Fill In Key Tables from Memory 687
Definitions 687
Further Reading 687
References in This Chapter 687
Chapter 17 IP Multicast Routing
689
“Do I Know This Already?” Quiz 689
Foundation Topics 693
Multicast Routing Basics 693
Overview of Multicast Routing Protocols 694
Multicast Forwarding Using Dense Mode 694
Reverse Path Forwarding Check 695
Multicast Forwarding Using Sparse Mode 697
Multicast Scoping 699
TTL Scoping 699
Administrative Scoping 700
xxiii
Dense-Mode Routing Protocols 700
Operation of Protocol Independent Multicast Dense Mode 701
Forming PIM Adjacencies Using PIM Hello Messages 701
Source-Based Distribution Trees 702
Prune Message 703
PIM-DM: Reacting to a Failed Link 705
Rules for Pruning 707
Steady-State Operation and the State Refresh Message 709
Graft Message 711
LAN-Specific Issues with PIM-DM and PIM-SM 712
Prune Override 712
Assert Message 713
Designated Router 715
Summary of PIM-DM Messages 715
Distance Vector Multicast Routing Protocol 716
Multicast Open Shortest Path First 716
Sparse-Mode Routing Protocols 717
Operation of Protocol Independent Multicast Sparse Mode 717
Similarities Between PIM-DM and PIM-SM 717
Sources Sending Packets to the Rendezvous Point 718
Joining the Shared Tree 720
Completion of the Source Registration Process 722
Shared Distribution Tree 724
Steady-State Operation by Continuing to Send Joins 725
Examining the RP’s Multicast Routing Table 726
Shortest-Path Tree Switchover 727
Pruning from the Shared Tree 729
Dynamically Finding RPs and Using Redundant RPs 730
Dynamically Finding the RP Using Auto-RP 731
Dynamically Finding the RP Using BSR 735
Anycast RP with MSDP 737
Interdomain Multicast Routing with MSDP 739
Summary: Finding the RP 741
Bidirectional PIM 742
Comparison of PIM-DM and PIM-SM 743
Source-Specific Multicast 744
Foundation Summary 746
Memory Builders 750
Fill In Key Tables from Memory 750
Definitions 751
Further Reading 751
Part VII Security
Chapter 18 Security
753
“Do I Know This Already?” Quiz
753
xxiv
Foundation Topics 757
Router and Switch Device Security 757
Simple Password Protection for the CLI 757
Better Protection of Enable and Username Passwords 758
Using Secure Shell Protocol 759
User Mode and Privileged Mode AAA Authentication 760
Using a Default Set of Authentication Methods 761
Using Multiple Authentication Methods 763
Groups of AAA Servers 764
Overriding the Defaults for Login Security 764
PPP Security 765
Layer 2 Security 766
Switch Security Best Practices for Unused and User Ports 767
Port Security 767
Dynamic ARP Inspection 771
DHCP Snooping 774
IP Source Guard 777
802.1X Authentication Using EAP 777
Storm Control 780
General Layer 2 Security Recommendations 782
Layer 3 Security 783
IP Access Control List Review 784
ACL Rule Summary 785
Wildcard Masks 787
General Layer 3 Security Considerations 788
Smurf Attacks, Directed Broadcasts, and RPF Checks 788
Inappropriate IP Addresses 790
TCP SYN Flood, the Established Bit, and TCP Intercept 790
Classic Cisco IOS Firewall 793
TCP Versus UDP with CBAC 793
Cisco IOS Firewall Protocol Support 794
Cisco IOS Firewall Caveats 794
Cisco IOS Firewall Configuration Steps 795
Cisco IOS Zone-Based Firewall 796
Cisco IOS Intrusion Prevention System 801
Control-Plane Policing 804
Preparing for CoPP Implementation 805
Implementing CoPP 806
Dynamic Multipoint VPN 809
Foundation Summary 811
Memory Builders 814
Fill In Key Tables from Memory 815
Definitions 815
Further Reading 815
