Archive for November, 2010

150 hours done

November 30, 2010 Leave a comment

I’m finishing up on MPLS, will be finished in a day or two and then I will put up some notes. I reached 150 hours today. Written exam is about two or three months away I think before I am comfortable taking it.

Categories: Announcement, CCIE Tags:

Starting MPLS

November 24, 2010 Leave a comment

Finished BGP yesterday and I’m now moving on to MPLS. I have read the certification guide and now I’m going to read MPLS and VPN architectures by Pepelnjak.

Categories: Announcement, CCIE Tags: , ,

Border Gateway Protocol (BGP) – notes

November 22, 2010 4 comments

  • Uses TCP as transport, port 179
  • Path vector protocol

Checks before becoming a neighbor

  • The TCP connection request must come from an IP associated with a neighbor command
  • The AS number must match that in the neighbore statement
  • The routers can not have duplicate router IDs
  • If authentication is configured it must also match


Uses a keepalive and hold timer, defaults to 60 and 180 seconds.

BGP neighbor states

Idle  –  BGP not initiated yet
Connect  – Listening for TCP
Active  – Initiate TCP
Open sent –  Open sent, TCP is up
Open confirm – Open receivec, TCP is up
Established – Peering has been established

BGP message types

Open  – Used to establish neighbor session and exchange parameters
Keepalive – Used to maintain the neighbor relationship
Update  – Used to exchange routing information
Notification – Used when BGP errors occur, resets neighbor session


  • Uses a sub ASN, real AS divided into smaller sections where each section has an private ASN
  • The range is from 64512 to 65535
  • Every sub-AS has to be fully meshed internally and uses iBGP logic
  • Connections between different sub AS acts as an EBGP connection
  • Confederation ASNs is not considered when deciding the AS-path length
  • Painful to migrate since it requires to change AS number in router bgp command
  • Real AS identified with bgp confederation identifier
  • Peers defined with bgp confederation peers
  • Confederation AS numbers in AS-path will be removed before advertising to true eBGP peer

Route reflectors

  • Removes the need for full mesh, all iBGP routers peer with route reflector
  • RR responsible for reflecting routes to clients, RR is usually not in forwarding path
  • No change is needed on clients to implement RR
  • The RR and its clients create a cluster, it is possible to have multiple RRs in a cluster
  • Route reflectors in different clusters should be fully meshed

To ensure no loops in this topology BGP needs two new attributes:

Cluster_list – Route reflectors add their cluster ID to this attribute before sending an update.   Updates with same cluster ID as local RR will be discarded.

Originator_ID – The ID of the router that originated the prefix. If a router sees its own ID in this  attribute it will not use or propagate this prefix.


AS_PATH   – Lists ASNs trough which the route has been advertised  –  Well known Mandatory
NEXT_HOP  – Lists the next-hop IP address used to reach the NLRI –  Well known Mandatory
AGGREGATOR  – Lists the RID and ASN of the router that created a summary NLRI – Optional Transitive
ATOMIC_AGGREGATE – Tags a summary NLRI as being a summary –  Well known Discretionary
ORIGIN  – The origin of the route, igp, egp or incomplete – Well known Mandatory
ORIGINATOR_ID  – The RID of the iBGP neighbor that injected a NLRI into the AS –  Optional Nontransitive
CLUSTER_LIST  – Used by RRs to lister the RR cluster IDs in order to prevent loops – Optional Nontransitive

Injecting routes into BGP

Done via network command or redistribute from an IGP or static routes.

Injecting a default route into BGP

Use the network command – Requires that exists in routing table
neighbor default-originate – Always advertise default route even if not present in local routing table
default-information originate – Requires route in routing table and a redistribute command

BGP best path algorithm

0. Discard routes with invalid next-hop
1. Routes with highest weight (Cisco proprietary)
2. Routes with highest local preference
3. Routes locally injected
4  Routes with shortest AS-path
5. Routes with best origin
6. Routes with lowest Multiple Exit Discriminator (MED)
7. Prefer eBGP over iBGP (confederation eBGP treated as iBGP)
8. Routes with lowest metric to next-hop

Categories: BGP, CCIE, Notes Tags: , ,

BGP almost done

November 22, 2010 Leave a comment

I’m 3/4 done with Halabis book Internet routing architectures. It’s one of the best books out there and a recommended read for ayone wanting to learn some serious BGP. When done with BGP I will probably move on to MPLS. Will try to add my notes for BGP either tonight or tomorrow.

Enhanced Interior Gateway Protocol (EIGRP) – notes

November 20, 2010 Leave a comment

  • Cisco proprietary
  • Uses IP protocol 88 as transport
  • Support for MD5 authentication (no clear text)
  • Sends updates to
  • Distance vector but has some link state like features


Uses a hello and a hold timer. Neighbors discovered via hello protocol. Hold timer used for declaring when a neighbor is dead. EIGRP doesn’t use it own timers for keeping track of the neighbor, it uses the timers that the neighbor supplied in the hello packet. Retransmission TimeOut (RTO) timer used for knowing if to resend an update to a neighbor. Smoothed Round Trip Time (SRTT) keeps track of latency between neighbors and the RTO is derived from the SRTT timer. SRTT is the average time in ms between sending a packet to a neighbor and receiving an ACK. The default timer for hello is 5 seconds for most interfaces and a hold time of 15. NBMA interfaces with T1 or lower speeds use a 60 second hello timer and a 180 second hold time. Changing the hello timer does not automatically adjust the hold time.

Sending updates

Updates are sent as multicasts but resends are unicast to neighbors who didn’t ACK the update before the RTO timer expired. 16 resends using unicast will be used before declaring a neighbor dead. The multicast flow timer is used for knowing when to switch to unicast packets instead of multicast for a neighbor.


Based on cumulative delay and constraining bandwidth. Can factor in load, reliability and MTU if needed but not recommended by Cisco. To change what K values are used (constants) set them with the metric weights command. To calculate the metric use: 256*(10^7/bandwidth)+256(delay).

EIGRP measures delay in tens of microseconds, this needs to be considered when calculating the metric.
EIGRP uses Reported Distance (RD) and Feasible Distance (FD) for the metric. Reported distance is what the neighbor sending the update has calculated the metric to be. Feasible distance is the distance of the route with the lowest metric, it is the RD + the distance between the neighbor announcing the route and the local router. The route with the lowest metric that is entered into the routing table is called a successor route. A feasible successor route is a route that doesn’t have the lowest metric but meets the feasibility condition meaning it has a RD lower than what the current FD is.

Input events and local computation

When an input event occurs EIGRP needs to react, this could be an interface failing, a neighbor failing or an update for a new prefix. When the input event has occured EIGRP performs a local computation, EIGRP looks for a Feasible Successor (FS) route in its topology table and if it cannot find one it will actively query its neighbors for a route.

EIGRP algorithm

Uses the Diffusing Update ALgorithm (DUAL). Functioning routes are in a passive mode. Routes that no longer have a successor is in active mode since the route has to query its neighbors for a FS. The term Stuck In Active (SIA) means that an route has been active for too long, the active timer has expired. The active timer is set to 180 seconds by default, the active timer can also be disabled if needed.

Load balancing

EIGRP allows for up to 16 equal-metric routes to be installed in the routing table, the default is four.  EIGRP also has something called variance. Variance allows for non equal-metric load balancing.  The route still has to meet the feasibility condition to be considered for load balancing. The variance command is a multiplier,  if the FD is 10000 for the current succcessor and there is a FS with a RD of 5000 and FD of 200000, variance 2 would make the router load balance between these two routes, variance 2 means the FD of the second best route can be twice as high as the best.
The load balancing can be done in a few different ways, traffic-share balanced means that the traffic will be distributed according to the metric, routes with lower metrics will see more traffic on them. Traffic-share min, install multiple routes but send only traffic on the one with the lowest metric. Traffic-share min across-interfaces, if more than one route has the same metric choose different outgoing interfaces for a better load balancing. The no traffic-share command will balance evenly across routes no matter what the metric is.


EIGRP has support for MD5 authentication, clear text is not supported. The keys are entered into a key-chain. A key can have a lifetime specified or use a lifetime that is always valid. Authentication is configured per interface.


Uses auto-summary by default, turned off with no auto-summary. EIGRP has support for summarizing on every EIGRP interface compared to OSPF which can only summarize at area borders.

Split horizon

EIGRP is a distance vector protocol which means it uses split horizon. Split horizon means the router doesn’t send updates back out on the interface it received them. This can cause issues in non P2P networks. Split horizon can be turned off on an interface basis with the command no ip split-horizon eigrp asn command where asn is the AS-number specified.


Has support for distribute lists and offset lists. Distribute lists are used for filtering inbound or outbound routing updates and what is allowed to enter the routing table. Offset lists are used to change the metric, only adding to the metric is supported, not removing from it.

Categories: CCIE, EIGRP, Notes, Routing Tags: , , ,

OSPF – Open Shortest Path First (notes)

November 17, 2010 Leave a comment


  • Defined in RFC 2328
  • Supports VLSM and CIDR
  • Is a link state protocol
  • Uses a link state database (LSDB) for topology information, identical within area
  • Reliable flooding of LSAs
  • Uses hello protocol to build adjacencies
  • Runs directly over IP, protocol 89
  • Uses the Dijkstra algorithm

Packet types

OSPF uses five different packet types, do not confuse this with the different LSA types. The packet types are:

Type 1: Hello packet – The hello packet is used to discover/mantain neighbors
Type 2: Database description – Summarize database contents, sent when establishing adjacency.
Type 3: Link State Request – Database download
Type 4: Link State Update – Database update
Type 5: Link State ACK – Flooding acknowledgement

LSA types

These are the most common LSAs:

LS type 1: Router-LSA                   

Originated by all routers. Describes the collected states of the routers interfaces to an  area. Flooded throughout a single area only.

LS type 2: Network-LSA              

Originated for broadcast and NBMA networks by the designated router. Contains a list
 of routers connected to the network. Flooded throughout a single area only.

LS type 3: Summary-LSA            

Originated by area border routers. Describes a route to a destination outside the area(Inter-area route) but still inside the AS.

LS type 4: Summary-LSA              

Originated by area border routers. Describes routes to Autonomous System Border Routers.

LS type 5: AS-external-LSA        

Originated by Autonomous System Border Routers, flooded throughout the AS. Describes routes external to the AS. Defaults routes for the AS can be described by this LSA.

LS type 7: NSSA-LSA                     

Originated by Autonomous System Border Routers. Used to flood AS external routes through a stub area. The ABR connected to the backbone will then convert it to a type five LSA.

Designated Router (DR)

On broadcast and NBMA networks a Designated Router (DR) is elected. The router with the highest priority will be elected the DR. The priority can range from 0 to 255 where 255 is the most preferred and where 0 is ineligible to become the DR. A Backup DR (BDR) will also be elected and it will be the router with the second highest priority. The election is not preemptive which means if a router is setup later with a higher priority it will not become the DR unless clearing the OSPF process. The DR has two main functions. Generate a network LSA that lists the set of routers connected to the network. It is also responsible for maintaining adjacencies. The DR and BDR uses the AllDRRouters address of They send updates to the AllSPFRouters address.

Timers used by OSPF

HelloInterval – Length in seconds between hello packets sent on interface, defaults to ten seconds on broadcast networks and thirty on NBMA.
RouterDeadInterval – Number of seconds before neighbor is declared dead, 40 on broadcast and 120 on NBMA (4x missed hello packets)
Wait Timer – Number of seconds before router leaves Wait state and elects designated router. If a router joins later than this it will not have a chance to be elected as DR. Same value as RouterDeadInterval.
RxmtInterval – Number of seconds between LSA restransmissions, also used for DBD and LSR packets.

Interface states

Down – The initial state of an interface, lower level protocols have indicated that the interface is not ready for use. No protocol traffic can be sent or received and no adjacencies can form.

Loopback – The interface is looped back to the network either in hardware or in software. By default will be announced as host routes (/32). To announce with another mask on loopback interface use ip ospf network point-to-point.

Wait – Router is trying to determine the DR and BDR of the network. The router monitors the hello packets it receives. The router is not allowed to elect a DR or BDR until the wait timer has expired.

Point-to-point – In this state the interface is operational and connected to either a physical point-to-point network or to a virtual link. Upon entering this state the router attempts to form an adjacency and sends hello packets every HelloInterval.

DR Other – All routers except for DR and BDR will be in this state and will form adjacencies with the DR and BDR.

Backup – The backup designated router, will be promoted to DR if/when the DR fails. Forms adjacencies with all other routers.

DR – The designated router, forms adjacencies with all other routers. Responsible for building network LSA for attached network containing links to all routers.

Neighbor states

Attempt – Only seen on NBMA networks. No recent information has been received by the neighbor, send hello packets every HelloInterval.

Init –  A hello packet has recently been seen from the neighbor, 2-way communication has not yet beeen established. All neighbors in this state or higher are listed in hello packets sent from the interface.

2-way – Bidirectional communication has been assured through the hello protocol. The BDR is chosen from neighbors in state 2-way or greater.

ExStart – The first step in creating an adjacency between neighboring routers. The goal is to decide which router is the master and the initial DD sequence number.

Exchange – The router is describing its entire link state database with DBD packets. Every DBD packet has a sequence number and there can’t be more than one DBD packet outstanding unacknowledged at a time. LSR packets may also be sent requesting newer LSAs.

Loading – In this state LSR packets are sent asking the neighboring router for LSAs described in the DBD packets earlier.

Full – In this state the routers are now fully adjacent.

The hello protocol

Used to build and mantain neighbor adjacencies. Used to insure there is bidirectional communication between neighbors. Hello packets are sent out periodically on all OSPF interfaces unless passive interface is used. On broadcast and NMBA networks OSPF elects a Designated Router (DR) and a Backup Designated Router (BDR). If there is no support for multicast neighbors might need to be statically configured.

Synchronization of link state databases

When using link state protocols it is critical that the link state databases are syncrhonized. In OSPF this is done when building the adjacency by sending DataBase Description packets (DBD). The DBD packets describe the LSAs in the link state database, they are a summary only showing necessary information to request the whole LSA if needed. When exchanging LSAs there is a master/slave relationship. The router with the highest IP will become the master. This is indicated through the MS bit (Master/Slave). If the DBD packet is the first in sequence it will also have the I (Init) bit set. All DBD packets except for the last one will have the M bit set (More). After describing the database with DBD packets the routers can exchange the full LSAs through LSR (Link State Request) and LSU (Link State Update) packets.

Optional capabilities

ExternalRoutingCapability – indicates if the area supports external (type five) LSAs. Also known as the E-bit. Set to one if supporting external routes. Must be set to zero in stub areas.

Identifiers used by OSPF


A 32-bit number that uniquely identifies a router in the AS. In Ciscos implementation OSPF will choose a loopback interface with the highest IP configured as Router-ID, if no loopback is available it will pick the highest IP of normal interfaces. Recommended to set this manually. If Router-ID has changed, a restart of the OSPF process is necessary.This can be done with the clear ip ospf process command.

Area ID:

A 32-bit number identifying the area. The number is reserved for the backbone, also written as 0. All areas must connect to the backbone but note that if running a single area only this area doesn’t need to be area zero.

OSPF design and router roles

Topology divided into areas,  often not necessary with modern routers, scales to hundreds of routers in one area.
Depending on where router resides it can have different roles:

Internal router: Router with interfaces in only one area.
Backbone router: Router with an interface in the backbone (area zero).
Area border router (ABR): Router with interfaces in at least two areas.
Autonomous System Boundary Router (ASBR): Router which injects routing information external to the AS. Will often do redistribution.

Route preference in OSPF

1. Intra-area routes
2. Inter-area routes
3. Type 1 external
4. Type 2 external

External routing information

Can either be of type one or type two, E1 or E2. If using an E1 metric the metric will be the external cost and the cost internally to reach the router advertising the external route (ASBR). If the external metric is 100 and the internal metric is 150 then the E1 metric will be 250 but if using E2 metric it would be 100. If a route is advertised as both E1 and E2 then E1 is preferred.

The backbone

Area zero is called the backbone, most often written as area 0 but can also be expressed as The backbone area must be contigious. Doesn’t have to be physically contigious, can use virtual links to connect areas which are not directly connected to area zero.

Stub area

Area where no external routing information is allowed (type five). To reach external routes a default route is used, the default route is sent by the ABR. The stub area can not contain an ASBR, since type five LSAs are not allowed. All routers in a stub area must agree that the area is in fact a stub. A stub area usually has only one exit point but note that a stub can have both several exit points and several ABRs in the area.

Categories: CCIE, Notes, OSPF, Routing Tags: , , ,


November 17, 2010 Leave a comment

Doing some studying of BGP at the moment. Reading the certification guide and Halabis book. I already did certify BGP back when going for the CCIP but later decided to go straight for the IE so I have a pretty good foundation of BGP. Will try to get some notes on OSPF and EIGRP up soon.

Categories: Announcement Tags:

100 hours reached

November 3, 2010 1 comment

So I hit a milestone this week, I’ve done about 100 hours of study so far which means I’m at perhaps 10% of the time needed to get the IE. Work has been really busy but trying to get a least one or two hours of study every day. Right now I’m doing some reading about OSPF, I’ve studied OSPF several times, both for CCNA, CCNP and the ENS exam so most of it is very familiar. OSPF is one of those protocols though that has a lot of details and different packet types. I’m thinking of doing some posts with my favourite and most used commands, if you like this idea please comment this post.

Categories: Announcement, CCIE Tags: , ,