JNCIA SUMMARY Contents 1. Static Static routing routing..... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... ............ ................. ..................... ...................2 ........2 1.1 1.2 1.3 1.4 1.5
2. 3. 4. 5. !.
Reject Reject and discard...... discard............. .............. .............. ............. ............. .............. .............. ............. ............. .............. ............. ............. ........................ ......................2 .....2 Qualified-nex Qualified-next-hop.. t-hop......... ............. ............. .............. .............. ............. ............. .............. .............. ............. ............. .............. ............. ..................... ...................2 ....2 Resolve..... Resolve............ ............. ............. .............. ............. ............. .............. .............. ............. ............. .............. ............. ............. .............. .............. ............. ................... ..............2 .2 next-table... next-table.......... ............. ............. .............. ............. ............. .............. .............. ............. ............. .............. .............. ............. ............. .............. ............. ............. .............2 ......2 no-readvertis no-readvertise...... e............. ............. ............. .............. .............. ............. ............. .............. .............. ............. ............. .............. ............. ............. ............... ................3 ........3
Aggregat Aggregatee Routes... Routes........ .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......3 ..3 Routing Routing Instances. Instances...... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... ........... ................ .................3 .......3 RIB Groups. Groups...... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... ............... .............3 ...3 Routing Routing Beteen Beteen Instances.. Instances....... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... ........... .......! .! "oa# Ba$ancin Ba$ancing.... g......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... ............ ..............% .......%
6.1 6.2 6.3
C ch! load balancin".... balancin"........... ............. ............. .............. .............. ............. ............. .............. .............. ............. ............. .............. ............... ..................# ..........# C$u h%nh load balancin"... balancin"......... ............. .............. ............. ............. .............. .............. ............. ............. .............. .............. ............. ............. .................# ..........# C ch! hasin" load balance...... balance............. .............. ............. ............. .............. .............. ............. ............. .............. .............. ............. ................ ...............& .....&
%. &i$ter &i$ter 'ase (orar#in (orar#ing.... g......... .......... .......... .......... .......... .......... .......... .......... .......... ............ ................. .................... ..................1) ........1) #.1 #.2 #.3
'vervie(..... 'vervie(............ ............. ............. .............. .............. ............. ............. .............. ............. ............. .............. .............. ............. ............. .............. ......................1) ...............1) Confi" *+*.......... *+*................. .............. ............. ............. .............. ............. ............. .............. .............. ............. ............. ................... .................................1) .....................1) instance-i,p instance-i,port... ort.......... .............. ............. ............. .............. ............. ............. .............. .............. ............. ............. .............. ............. ............. .............. ...............1 ........133
*. +S,&..... +S,&.......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... ........14 ...14 &. -... -........ .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... .......... ............... .................... .....................14 ...........14
1. JUN JUN+S +S so( so(ta tare re Rou Routin tingg -a'$ -a'$es es Routing ta'$e
Route tpes
inet.)
/he inet.) routin" table is the table used to store 0v4 unicast routes. unicast routes. /he router interfaces and all routin" protocols place infor,ation into /'-CC /
1
this table b7 default inet.1
/he inet.1 routin" table is the table used to store 0v4 ,ulticast routes. /his is often referred to as the ,ulticast for(ardin" cache.
inet.2
/he inet.2 routin" table is also used to store 0v4 unicast routes. /he use of those routes8 ho(ever8 is 9uite different fro, the inet.) table. Routes in the inet.2 table are used b7 ,ulticast routin" protocols to prevent routin" loops. /his process is called the Reverse 0ath *or(ardin" :R0*;
inet.3
/he inet.3 routin" table contains the e"ress 0 address of a 0 label s(itched path :0;
inet.4
/he in inet.4 ro routin" ta table st stores infor,ation learned us usin" the ulticast ource
inet6.)
/he inet6.) routin" table contains 0v6 unicast routes
,pls.)
/he ,pls.) table is not actuall7 a routin" table but is instead a s(itchin" table. 0 label values are stored in this table
b"p.l3vpn.)
/he b"p.l3vpn.) routin" table stores routin" infor,ation in a a7er 3 virtual private net(or= :0; environ,ent.
b"p.l2vpn.)
/he b"p.l2vpn.) routin" table stores routin" infor,ation in a a7er 2 0 environ,ent
2. Sta tati ticc rout utin ingg tatic routin" usin" (ith so,e options>
2.1 Re/ e/ec ectt an an# #is #isca carr# 'ption n?7 s@ drop to?n bA "Bi tin ca dDi n?7 tron" ,En"8 =hFc nhau "iGa 2 option l? h?nh HAn" ca soft(are sau =hi drop pac=et - Reject> so soft( ft(are s@ "Ii "Ii bDn bDn tin C0 ,assa"e :net(or= unreachable; trD lEi 0 src - soft oft(are s@ =hJn" "Ii bDn "Ii bDn tin C0 ,assa"e8 nB drop silentl7
2.22 0u 2. 0ua$ a$i( i(ie ie# #ne net t op op ChKc nLn" tMn" tN nhM floatin" static route ca route ca Cisco Cho phOp c$u h%nh 1 static route tPi 1 destination H7 9ua nhiu hn 1 next-hop vPi cFc "iF trS preference =hFc nhau. Thi next-hop 1 unavailable traffic s@ tN HAn" chu7Un 9ua next-hop 2 Vedit routin"-optionsW userXR1Y show /'-CC /
2
static Z route ).).).)[) Z next-hop 1#2.3).25.1\ 9ualified-next-hop 1#2.3).25.5 Z preference #\ ] ] ] In the sample confguration shown, the 172.30.25.1 next hop assumes the deault static route preerence o 5, whereas the qualifed 172.30.25.5 next hop uses the defned route preerence o 7. ll tra!c using this static route uses the 172.30.25.1 next hop unless it "ecomes una#aila"le. I the 172.30.25.1 next hop "ecomes una#aila"le, the deault static route will then use the 172.30.25.5 next hop. $ome #endors reer to this implementation as a foating static route.
2.3 Reso$e I d^n" th_, option resolve =hi next-hop =hJn" phDi l? ,En" connected vPi router ca ,%nh ,? l? 1 ip H`u xa
2.4 netta'$e ext-hop ca 1 static route cB thU tr v routin" table =hFc tron" cn" router /hMn" thNc hin tr_n cn" 1 router =hi router chia th?nh cFc lo"ical router hoc cFc routin"instance
2.5 norea#ertise CFc route static n?7 s@ =hJn" HMc 9uDn" bF Hi cho d ,atch vPi b$t =g polic7 n?o ca cFc "iao thKc HSnh tu7!n :tEo static route n?7 nhMn" =hJn" ,un adv Hi b$t =g ,At nei"hbor n?o; "o?i ra cB thU th_, 1 s option cho static route nhM> ,etric8 as-path8 co,,unit78 preference
3. Aggregate Routes /Mn" tN nhM route su,,ar7 tron" Cisco8 cho phOp "roup nhiu net(or= nh th?nh 1 net(or= lPn hn trMPc =hi adv 9ua cFc nei"hbor
4. Routing Instances Routin"-instnace thMn" sI d^n" cho *+*8 0 service8 s7ste, virtualiation nstance t7pes> - *or(ardin"> sI d^n" cho *+* - 2vpn> sI d^n" cho 2 0 service - o-for(ardin"> /'-CC /
3
- irtual-router> sI d^n" cho cFc dSch v^ non-vpn8 nhM h thn" router Do - pls> sI d^n" cho l2vpn point-to-,ultipoint - rf> sI d^n" cho 30 au =hi tEo routin"-instance8 unos s@ tN HAn" tEo 1 route table cho R HB At s lnh =iU, tra> k-0m sho( route table 30-CT+aoiet-3331 k-0m pin" 1#2.16.1.& routin"-instance 30-CT+aoiet-3331 k-0m sho( arp vpn 30-CT+aoiet-3331
5. RIB Groups R+ "roup dun" HU share route "iGa cFc routin" table tr_n cn" 1 router /rMn" hp cFc T 0 ,i T s@ cB 1 route table ri_n"8 ,un ,At s T cB thU thJn" vPi nhau ta sI d^n" R+ "roup
qU c$u h%nh R+ "roup c`n 2 bMPc +1> /Eo rib-"roups - xport-rib> ch chKa 1 route table t sI d^n" - ,port-rib> chKa nhiu route table8 table H`u ti_n l? source table HU place route tPi cFc table =hFc /'-CC /
4
- ,port-polic7> control route n?o s@ HMc add v?o rib-"roup +2> appl7 rib-"roup n?7 to routin" protocol :tatic8 '0*8 +k08 -8 ; hoc interface route xa,ple 1> appl7 to ospf Vedit routin"-optionsW userXR1Y show rib-"roups Z test Z i,port-rib V inet.) test.inet.) W\ ] ] Vedit protocols ospfW userXR1Y show rib-"roup test\ area ).).).) Z interface "e-)[)[1.)\ interface lo).)\ ] [ C$u h%nh n?7 share cFc ospf route t bDn" src inet.) v?o bDn" test.inet.) [
xa,ple 2> appl7 to +k0 [qSnh n"hwa rib-"roup[ thonvX-+R-y&6)R1Y sho( routin"-options rib-"roups inet)-to-+z-0-/ Z i,port-rib V inet.) +z-0-/.inet.) W\ i,port-polic7 inet)-to-+z-0-/\ ] [/Eo polic7 cho rib-"roup8 allo( cFc b"p v? direct route8 c{n lEi discard[ thonvX-+R-y&6)R1Y sho( polic7-options polic7-state,ent inet)-to-+z-0-/ ter, b"p Z fro, protocol b"p\ then accept\ ] ter, direct Z fro, protocol direct\ then accept\ ] ter, final Z then reject\ ] [ppl7 rib-"roup to +k0 protocol[ thonvX-+R-y&6)R1Y sho( protocols b"p "roup /'-RR Z t7pe internal\ local-address 13.&1.).145\ fa,il7 inet Z unicast Z rib-"roup inet)-to-+z-0-/\ ] ] export <-/'--RR\ nei"hbor 13.&1.).3)\ ]
xa,ple 3> ppl7 to interface-route :direct route; /'-CC /
5
[qSnh n"hwa rib-"roup[ thonvXC-y0-R)>k-0Y sho( routin"-options rib-"roups 30-))))34[2)14[/[C-'C0-to-inet) i,port-rib V 30-'C0-'0.inet.) inet.) W\ i,port-polic7 30-))))34[2)14[/[C-'C0-to-inet)\ [/Eo polic7 cho rib-"roup[ thonvXC-y0-R)>k-0Y sho( polic7-options polic7-state,ent 30-))))34[2)14[/[C-'C0to-inet) ter, 1 Z fro, Z protocol direct\ route-filter 1#2.1).).4[3) exact\ ] then accept\ ] ter, 2 Z fro, Z route-filter 1)).65..)[2& exact\ ] then accept\ ] ter, final Z then reject\ ] [ppl7 rib-"roup to interface-routes8 cB thU appl7 tPi cn" 1 l|c nhiu protocol nhM ospf8 static8 int-route[ thonvXC-y0-R)>k-0Y sho( routin"-instances 30-'C0-'0 instance-t7pe virtual-router\ interface ae23.6)#\ routin"-options Z interface-routes Z rib-"roup inet 30-))))34[2)14[/[C-'C0-to-inet)\ ]
!. Routing Beteen Instances /a cB thU sI d^n" lo"ical tunnel interface hoc ph7sical interface HU share route "iGa cFc routin"instance
/'-CC /
6
/o connect t(o routin" instances (ith a lo"ical connection8 7ou confi"ure a lo"ical tunnel interface for each instance. /hen 7ou confi"ure a peer relationship bet(een the lo"ical tunnel interfaces8 thus creatin" a point-to-point connection. /o confi"ure a point-to-point connection bet(een t(o routin" instances8 7ou confi"ure the lo"ical tunnel interface usin" the ltfpc/ pic/ port for,at. Vedit interfaces lt-)[)[)W userXR1Y show unit ) Z encapsulation ethernet\ peer-unit 1\ fa,il7 inet Z ] ] unit 1 Z encapsulation ethernet\ peer-unit )\ fa,il7 inet\ ]
%. "oa# Ba$ancing %.1 C c6 $oa# 'a$ancing CB 2 c ch! load balancin"
/'-CC /
#
-
0er-pac=et> ,i "Bi tin HMc H7 ra ,At e"ress interface theo c ch! round robin8 phMn" phFp n?7 cB thU "}7 li out-of-se9uence ~ router Hch =hi cFc "Bi tin cB thU H!n Hch =hJn" theo H|n" thK tN - 0er-flo(> cFc pac=et cn" 1 flo( s@ HMc send tr_n cn" 1 e"ress interface [,At flo( bao "•, cFc "Bi tin cB chun" cFc th?nh ph`n nhM source ip8 destination ip8 protocol[
%.2 C7u 8n $oa# 'a$ancing CFc bMPc c$u h%nh +> +1> /Eo polic7 HU ch€n cFc prefix s@ HMc load balance hoc ch€n all prefix +2> ppl7 polic7 to for(ardin" table ca router
[c$u h%nh vn dn" state,ent per-pac=et nhMn" vPi cFc platfor, unos hin tEi Hu hiUu l? perflo([ axi,u, HMc load 9ua 64 e9ual-cost-path
/'-CC /
%.3 C c6 asing $oa# 'a$ance
/'-CC /
&
c HSnh unos HMa cFc traffic vPi cn" in"ress interface8 src 08 des 0 v? protocol l? 1 flo( "o?i ra cB thU Hiu chnh theo c$u h%nh hash-=e7 nhM th_, la7er 4 port8 . RYsho( route for(ardin"-table xa,ple> thonvX-y0R1>-y0Y sho( polic7-options polic7-state,ent + ter, 1 Z [,atch all trafic[ then Z load-balance per-pac=et\ ] ] thonvX-y0R1>-y0Y sho( routin"-options for(ardin"-table export V + W\ [hasin" theo unos default[
*. &i$ter 'ase (orar#ing *.1 +erie *+* tMn" tN nhM 0+R tron" cisco8 cho phOp Hiu chnh traffic theo ,At s ti_u ch8 nhM src ip8 des ip8
*.2 Con(ig &B& C$u h%nh *+* "•, 3 bMPc
/'-CC / 1)
+MPc 1> /Eo filter na,e v? H7 ra 1 routin"-instance ppl7 filter n?7 v?o input ca interface c`n Hiu chnh
+MPc 2> /Eo routin"-instance HU H7 ra 1 next-hop hoc 1 next-table8 tron" *+* routin" instance t7pe luJn l? for(ardin"
/'-CC / 11
routin"-instances Z instance-na,e Z instance-t7pe for(ardin"\ routin"-options Z static Z route ).).).)[) next-table inet.)\ ] ] ] ]
+MPc 3> /Eo R+ kroup HU lea=in" interface route v?o routin" instance8 HU resolve next-hop cho routin" instance
xa,ple> [/Eo fire(all filter[ thonvX-y0R1>-y0Y sho( fire(all filter *R'- ter, redirect-to-koo"le Z fro, Z source-address Z ).).).)[)\ ] destination-address Z ...)[2\ ...)[24\ ] ] then Z routin"-instance \ ]
/'-CC / 12
] ter, ' Z then accept\ ] [/Eo routin" instance[ thonvX-y0R1>-y0Y sho( routin"-instances instance-t7pe for(ardin"\ routin"-options Z static Z route ).).).)[) Z 9ualified-next-hop 1)1.&&.).242 Z preference 3)\ ] 9ualified-next-hop 1)1.&&.).142 Z preference 2)\ ] 9ualified-next-hop 1)1.&&.).1## Z preference 1)\ ] ] ] ] [ppl7 *+* to in"ress interface[ thonvX-y0R1>-y0Y sho( interfaces ae22.3)# description ‚V -,obik-2YW -y0‚\ vlan-id 3)#\ fa,il7 inet Z filter Z input *R'-\ ] policer Z output /'-\ ] address 13.&1.5.12&[3)\ ] [/Eo R+ "roup[ thonvX-y0R1>-y0Y sho( routin"-options interface-routes rib-"roup inet int-route\ [int-route l? "roup na,e[ thonvX-y0R1>-y0Y sho( routin"-options rib-"roups int-route Z i,port-rib V inet.) .inet.) W\ [lea=in" cFc ip next-hop 1)1.&&.).2428 .).142 t inet.) v?o routin" table ca .inet.)[ ]
*.3 instancei9port "o?i vic lea=in" route v?o routin" instance bƒn" R+ "roup8 cB thU dn" instance-i,port HU share route "iGa cFc route table
/'-CC / 13
:. +S,& :.1 +erie -
-
'spf l? "iao thKc HSnh tu7!n k0 =iUu lin= state . i router s@ x}7 dNn" ri_n" ,At bDn" topolo"7 v HMn" Hi H!n cFc router =hFc tron" ,in ospf v? sI d^n" "iDi thu„t 0* HU t%, HMn" Hi n"…n nh$t QuF tr%nh thi!t l„p nei"hbor>
/'-CC / 14
-
% -r;ng tc ?i ti6t $@p neig'or tn cng 1. on> chMa trao H†i bDn tin hello 2. Init > bDn tin hello "Ii Hi 1 chiu 3. 2Da> bDn tin hello HMc nh„n v? "Ii b~i cD 2 router 8 b…t H`u 9uF tr%nh b%nh b`u ‡ trEn" thFi n?78 router ,J tD trEn" thFi c s~ dG liu lin=-state thJn" 9ua "Bi tin <+<. i "Bi tin <+< HMc HFnh s tu`n tN HU ph}n bit. /Ei ,i thi HiU, ch cho phOp "Ii Hi ,At "Bi tin <+<. kBi tin Re9uest cˆn" HMc "Ii Hi HU 7_u c`u c„p nh„t cFc "Bi tin . 6. "oa#ing > ‡ trEn" thFi n?78 "Bi tin Re9uest HMc "Ii Hi HU 7_u c`u trEn" thFi ,Pi nh$t ca #. &u$$ > au =hi nh„n HMc "Bi tin ‰pdate8 c s~ dG liu ca hai router HŠ H•n" bA hoF v? router s@ chu7Un san" trEn" thFi *ull
-
/'-CC / 15
-
-
/'-CC / 16
-
-
ic ph}n chia nh th?nh cFc area dn H!n cFc cˆn" HMc chia th?nh nhiu loEi nh hn. CB 11 loEi chnh. "SA -pes
Mc Hc s #ng
t7pe 1
an" thJn" tin ospf database HMc "Ii Hi tron" tron" nAi ,in area : intra area ;
ll '0* spea=er
t7pe 2
an" thJn" tin v ,in net(or= t7pe + 8 do
t7pe 3
inh ra b~i +R 8 "Ii thJn" bFo H!n cFc +R =hFc
R
t7pe 4
J tD thJn" tin v +R : router id ; "Ii v?o cFc area
+R
t7pe 5
an" thJn" tin v route =hFc ospf HMc redistribute v?o osfp +R
t7pe 6
ulticast ospf
-
t7pe #
8 "in" nhM t7p5 nhMn" sI d^n" cho not so stubb7 area
+R
/'-CC / 1#
t7pe
%xternal attri"utes &$
-
t7pe &
'paque &$ (lin) scope*
-
t7pe 1)
'paque &$ (area scope+used or tra!c engineering*
-
t7pe 11
'paque &$ ($ scope*
-
-
:.2 Netor? #esign -
qU HD, bDo tnh ,~ rAn" ca ospf v? "iD, tDi lMn" bDn tin "Ii Hi tron" 1 area 8 ospf cho phOp chia nh th?nh nhiu area . rea ) HMc coi l? area bac=bone. CFc area =hFc ,un =!t ni HMc vPi nhau phDi thJn" 9ua rea) hoc sI d^n" virtual lin=
1). IS 1).1 +erie k0 lin= state sI d^n" "iDi thu„t 0*8 tMn" tN ospf 1 - net(or= l? 1 sin"le v? cB thU chia th?nh nhiu area - HMc chia th?nh level 1 v? level 2 - evel 1> routin" tron" 1 area - evel 2> routin" "iGa cFc area v? vPi =hFc evel1[evel 2 router role as +R in '0*8 routin" bet(een 1 v? 2 do,ain evel 2 do,ain role as area ) bac=bone in '0* 0<‰ role as in '0* evel 1 router =hJn" adjacenc7 vPi level 2 router v? n"Mc lEi evel 1 adj phDi cn" area <8 evel 2 adj cB thU cn" hoc =hFc area < ote> '0* v? - ha7 li =hJn" adj HMc do ,is,atch /‰
1).2 Netor? #esign Pi cFc ,En" nh ta thMn" thi!t =! cFc router chun" 1 level
/'-CC / 1
Pi cFc ,En" lPn8 HU HD, bDo tnh ,~ rAn" ta thMn" thi!t =! chia l?, nhiu level vPi ,En" core[bac=bone l? level 2 v? cFc ,En" level 1 evel 1 router chKa cFc route tron" level v? default route )[) tr l_n evel 2 evel 2 chKa to?n bA route tron" ,En"
C$u h%nh - +1> c$u h%nh HSa ch / tr_n int loopbac= - +2> enable fa,il7 iso tr_n interface - +3> c$u h%nh is-is protocol
/'-CC / 1&
11. BG, 12. I, -unne$ing 13. Kig Aai$a'i$it
14. Routing ,o$ic Las cisco Route9ap Routin" polic7 dun" HU opti,ie bDn" routin" 0olic7 result - ccept - Reject - ext-polic7 polic-options polic-statement policy-name term term-name rom match-conditions / then actions/ term term-name
/'-CC / 2)
rom match-conditions / then actions/
At s thao tFc -
Rena,e
-
Replace patern
/'-CC / 21
Route &i$ters an# +ter Matc Criteria
Routing protoco$s
e(au$t po$ic out
e(au$t po$ic in
+k0
xport all
,port all
R0
/he default export polic7 for R0 is to not advertise an7 routes to an7 nei"hbors
/he default i,port polic7 is to accept all routes advertised to the local router via R0
'0*
/he default export polic7 for '0* is to reject all routes
'0* is a lin=-state routin" protocol that ,andates that each router in an '0* area ,aintain an identical lin=-state database. *ilterin" out and rejectin" inco,in" routin" infor,ation could brea= this ,andate8 so i,port policies are not per,itted. /his ,eans that there is no default i,port polic7 for '0*.
-
the default export polic7 for - is to export all direct routes confi"ured for -
/his once a"ain ,eans that i,port policies are not per,itted and that there is no default i,port polic7 for -
15. &irea$$ &i$ters Las cisco AC" I a term does not contain a from statement, the pac)et is considered to match and the action in the then statement o the term is ta)en. I a term does not contain a then statement, or i an action has not "een confgured in the then statement, and the pac)et matches the conditions in the from statement o the term, the pac)et is accepted. %#er frewall flter contains an implicit deny statement at the end o the flter, which is equi#alent to the ollowing explicit flter term term implicit-rule { then discard; }
/'-CC / 22
1!. ,rotecting te Routing Engine
/'-CC / 23
