Alcatel-Lucent Scalable IP Networks Module 0 — Introduction to Scalable IP Networks
The Alcatel-Lucent Service Routing Certification Program – Four Certifications
ALCATEL-LUCENT NETWORK ROUTING SPECIALIST I
ALCATEL-LUCENT NETWORK ROUTING SPECIALIST II
4 DAYS / 1 COURSE / 1 WRITTEN EXAM
17 DAYS / 4 COURSES / 4 WRITTEN EXAMS / 1 PRACTICAL LAB EXAM
ALCATEL-LUCENT TRIPLE PLAY ROUTING PROFESSIONAL 34 DAYS / 8 COURSES / 8 WRITTEN EXAMS / 1 PRACTICAL LAB EXAM
ALCATEL-LUCENT SERVICE ROUTING ARCHITECT 47 DAYS / 11 COURSES / 11 WRITTEN EXAMS / 2 PRACTICAL LAB EXAMS
Alcatel-Lucent Scalable IP Networks v2.01
Module 0 |
2
All rights reserved © 2008 Alcatel-Lucent
The Alcatel-Lucent Service Routing Certification (SRC) program gives you the training required to design, operate and troubleshoot today’s IP/MPLS based multi-service networks, allowing your corporation to get the most from its investment in IP service routing. The Alcatel-Lucent SRC program is specifically designed to arm network engineers, as well as operations and strategic planning staff, with the skills necessary to meet new operational challenges and to align network changes with their companies’ business goals. Adding video to the service mix creates an entirely new set of networking architectural challenges. Our program is unique in its ability to prepare you to address these challenges, both now and in the future. The NRSI is our introductory certification and the SRA is our highest level certification. As you move from the introductory certification to the SRA you will gain more knowledge associated with the ALU approach to Services such as VPLS,VPRNS, and solutions such as Triple Play.
Scalable IP Networks v2.01
Module 0 - 2
SRC Program - Courses and Exams Common Courses and Exams Across Certification Tracks
SRA Specific Course and Exam
Lab Exam
Recommended Courses 1
Alcatel-Lucent Scalable IP Networks
2
Alcatel-Lucent Interior Routing Protocols and High Availability
3
Alcatel-Lucent Border Gateway Protocol
4
Alcatel-Lucent Multiprotocol Label Switching
5
Alcatel-Lucent Services Architecture
6
Alcatel-Lucent Virtual Private LAN Services
7
Alcatel-Lucent Virtual Private Routed Networks
8
Alcatel-Lucent Quality of Service
9
Alcatel-Lucent Multicast Protocols
10
Alcatel-Lucent Triple Play Services
11
Alcatel-Lucent Advanced Troubleshooting
Practical Lab Exams Alcatel-Lucent Network Routing Specialist II Lab Exam Alcatel-Lucent Service Routing Architect Lab Exam RECERTIFICATION Certification is valid for three years. You must complete additional exams to keep your certification active.
Alcatel-Lucent Scalable IP Networks v2.01
Module 0 |
3
All rights reserved © 2008 Alcatel-Lucent
The break out of the components for each Alcatel-Lucent SRC Certification is outlined above. Based on their experience and expertise, students may choose which courses to follow. Courses have suggested prerequisites. However, a certification can be awarded only to those who pass the written and lab exams required for their chosen certification. All exams identified per certification are mandatory. For more information, please see the course outlines and exam overviews at www.alcatel-lucent.com/src SRC courses range from 3 to 5 days in length. Each course offers extensive lab activities which range from 30 to 80% of the course time.
Scalable IP Networks v2.01
Module 0 - 3
SRC Program Exam Profile Exam Name
Exam Number
Exam Prerequisites (4A0-XXX) NA
Alcatel-Lucent Scalable IP Networks
4A0-100
Alcatel-Lucent Interior Routing Protocols and High Availability
4A0-101
NA
Alcatel-Lucent Border Gateway Protocol
4A0-102
NA
Alcatel-Lucent Multiprotocol Label Switching
4A0-103
NA
Alcatel-Lucent Services Architecture
4A0-104
NA
Alcatel-Lucent Virtual Private LAN Services Alcatel-Lucent Virtual Private Routed Networks
4A0-105
NA
4A0-106
NA
Alcatel-Lucent Quality of Service
4A0-107
NA
Alcatel-Lucent Multicast Protocols
4A0-108
NA
Alcatel-Lucent Triple Play Services
4A0-109
NA
4A0-110
NA
Alcatel-Lucent Advanced Troubleshooting Alcatel-Lucent Network Routing Specialist II Lab Exam Alcatel-Lucent Service Routing Architect Lab Exam
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
NRSII4A0
100, 101, 103, 104
ASRA4A0
100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, NRSII4A0
Written Exams Delivered by Prometric Global provider of testing services 5000+ test sites worldwide Register at: www.prometric.com/alcatel-lucent
Lab Exams Written at Alcatel-Lucent sites NRS II Certification • Half-day lab exam SRA Certification • Full-day lab exam
Module 0 |
4
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 4
Credit for Other IP Certifications Cisco or Juniper certified? You can receive exemptions from some of the SRC exams if you hold any one of the Cisco or Juniper certifications identified Certifications must be valid to receive exemptions Submit your request for exemptions at: http://www.alcatel-lucent.com/srcexemptions
Cisco Certifications
SRC Exam Exemption
Cisco Certified Internetwork Professional (CCIP)
4A0-100
Cisco Certified Internetwork Expert (CCIE) – Routing and Switching and Service Provider
4A0-100/4A0-101/4A0-102
Juniper Certifications M- Series
SRC Exam Exemption
Juniper Networks Certified Internet Professional (JNCIP-M)
4A0-100
Juniper Networks Certified Internet Expert (JNCIE-M)
4A0-100/4A0-101/4A0-102
Juniper Certifications E- Series
SRC Exam Exemption
Juniper Networks Certified Internet Professional (JNCIP-E)
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 0 |
5
4A0-100
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 5
Alcatel-Lucent SRC Program – Global Reach
Delivered from nine Alcatel-Lucent locations globally: APAC y Shanghai, China y Sydney, Australia y Melbourne, Australia
Europe y Antwerp, Belgium y Newport, UK y Paris, France
North America y Plano, USA y Ottawa, Canada y Mexico City, Mexico
Class schedules posted @ www.alcatel-lucent.com/src Registration online @ www.alcatel-lucent.com/srcreg Customer on-site classes also available
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 0 |
6
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 6
Module Overview Course timeline Course objectives Course prerequisites Course introduction
Alcatel-Lucent Scalable IP Networks v2.01
Module 0 |
7
All rights reserved © 2008 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks This course is part of the Alcatel-Lucent Service Routing Certification (SRC) Program. For more information on the SRC program, see www.alcatel-lucent.com/src To locate additional information relating to the topics presented in this manual, refer to the following: Technical Practices for the specific product Internet Standards documentation such as protocol standards bodies, RFCs, and IETF drafts Technical support pages of the Alcatel website located at: http://www.alcatel-lucent.com/support
Scalable IP Networks v2.01
Module 0 - 7
Alcatel-Lucent Scalable IP Networks — Timeline Day 1 Module 0 — Introduction Module 1 — The Evolution of the Internet Module 2 — Alcatel-Lucent 7750 SR Platforms Day 2 Module 3 — Introduction to Layer 2
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 0 |
8
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 8
Alcatel-Lucent Scalable IP Networks — Timeline Day 3 Module 4 — Layer 3 and IP Services Module 5 — IP Routing Protocol Basics Day 4 Module 6 —Transport Layer Protocols Module 7 — Tunneling and Services
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 0 |
9
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 9
Alcatel-Lucent Scalable IP Networks — Objectives After the successful completion of this course, you should be familiar with: OSI protocol suite Key functions of the Ethernet protocol Key functions of an IP network IP address classes, IP subnet masking, and IP supernetting Configuration of IP addresses and subnet masks on router interfaces Static and dynamic routing IGP and EGP and the differences between the routing protocols
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 0 |
10
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 10
Alcatel-Lucent Scalable IP Networks — Objectives (continued) After the successful completion of this course, you should understand: The basic operation and configuration of OSPF The basic operation of BGPv4 TCP and UDP as transport protocols The purpose and benefits of MPLS How MPLS tunnels are used to support VPN services The various services offered on the 7750 SR including VPWS, VPLS, and VPRN services
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 0 |
11
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 11
Alcatel-Lucent Scalable IP Networks —Goal
Provide the participants with the basic knowledge of IP networking, its application, and its implementation in an AlcatelLucent environment.
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 0 |
12
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 12
Prerequisites and Follow-On Courses Suggested prerequisites There is no prerequisite for this course, however, familiarity with binary arithmetic is an asset Suggested follow-on courses Based on the material covered in this course, it is recommended that, after the successful completion of this course that you enrol in the Alcatel-Lucent Interior Routing Protocols & High Availability course Certification exam To ensure full comprehension of the material covered in this course, it is recommended that the student register for and take the Alcatel-Lucent Scalable IP Networks exam following completion of this course
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 0 |
13
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 13
Alcatel-Lucent Scalable IP Networks — Overview
IP technology has experienced phenomenal growth over the last decade. This technology has become a part of every facet of our lives. This 4-day course introduces the Layer 2 and Layer 3 technologies that are used in the networking world.
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 0 |
14
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 14
Graphical Symbols and Icons Generic router
Provider Edge
Table
Switch
User
Flow or lookup
Packet (showing detail)
Physical link (solid black)
Control plane (dashed red)
10.1.1.1
Workstation
Customer site 1
SA
Type
Data plane (dotted blue)
IP Data
Network Cloud
1
Server
DA
System or loopback Interface
Customer site 2
Alcatel-Lucent Scalable IP Networks v2.01
Module 0 |
15
All rights reserved © 2008 Alcatel-Lucent
These typical graphical symbols and icons are used throughout this course.
Scalable IP Networks v2.01
Module 0 - 15
Administration Registration Facility information Restrooms Communications (Set cell phones and pagers to silent mode.) Materials Schedule Introductions
y Name and company y Experience y Expectations
Questions
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 0 |
16
All rights reserved © 2008 Alcatel-Lucent
Module 0 - 16
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 02
Alcatel-Lucent Scalable IP Networks Module 1 – The Evolution of the Internet
Scalable IP Networks v2.01
Module 1 - 1
Module Overview How the Internet Began Components of the Internet How the Internet Works – TCP/IP Layering
Alcatel-Lucent Scalable IP Networks v2.00
Scalable IP Networks v2.01
Module 1 |
2
All rights reserved © 2008 Alcatel-Lucent
Module 1 - 2
The Evolution of the Internet Section 1 – How the Internet Began
Scalable IP Networks v2.01
Module 1 - 3
How the Internet Began The Development of the Internet ARPANET TCP/IP Traffic on the Internet today
Alcatel-Lucent Scalable IP Networks v2.00
Scalable IP Networks v2.01
Module 1 |
4
All rights reserved © 2008 Alcatel-Lucent
Module 1 - 4
The Development of the Internet Before the Internet Early computing devices consisted of large systems for data processing Proprietary networking architectures and protocols were used Network infrastructure was extended with similar components General interest in cross-platform connectivity was non-existent Interworking between research organizations Driven by Advanced Research Projects Agency (ARPA) Department of Defense (DoD) Need of users in different organizations to share information Reliability required for typical network component failure Advanced Research Projects Agency Network (ARPANET)
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
5
All rights reserved © 2008 Alcatel-Lucent
Before the Internet In the early days of commercial computing, the late 1960s, most companies purchased one large computer system for all of their data processing needs. These systems used proprietary networking architectures and protocols, consisting primarily of plugging dumb terminals or line printers into an intelligent communications controller. Each of these devices used proprietary networking protocols to communicate with the central host. These computer systems used proprietary design, products, protocols, and services to interconnect. Companies expanded their existing networks by purchasing more of the same type of equipment. Cross-platform connectivity did not exist and was not expected. Interworking between organizations Interworking between vendors first occurred when the US Military realized that different sites around the country could not connect with each other because they all ran proprietary systems and protocols. Without cross-platform support, effective communication or resource sharing between sites was not possible. This could become critical in the event of a national disaster, or more commonly, equipment failure where the inability to transfer resources or to backup information could leave that information unprotected.
Scalable IP Networks v2.01
Module 1 - 5
Significance of ARPANET Initial ARPANET consisted of: y Interface message processors (IMP) y Host computers connected to IMP via serial line y Host-to-host protocol called Network Control Protocol (NCP)
Another network called ALOHANET funded by ARPA Other packet switched networks developed in Europe In 1972, INWG decided to connect all of these networks
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
6
All rights reserved © 2008 Alcatel-Lucent
Cross-organizational communications The project to enable cross-organizational communications was initiated by ARPA of the DoD. The priority for this project was vendor-independent networking. As a result, the world’s first packet switched network, ARPANET, was conceived. ARPANET was initially deployed between four sites (Stanford University, University of California at Santa Barbara, University of California at Los Angeles, and University of Utah). It was designed with reliability in mind and consisted of redundant packet switches, links, and a dynamic routing protocol. In 1969, ARPA funded an experimental packet radio network at the University of Hawaii. This network, ALOHANET was directed by Professor Norman Abramson, and connected sites that were spread throughout the Hawaiian islands to a central time-sharing computer on the University of Hawaii campus. ALOHANET users could connect to the ARPANET. However, this access through the terminal interface processor (TIP) meant that, from the ARPANET perspective, ALOHANET was just a terminal connection. Dr. Robert Kahn, one of the BBN IMP researchers who was instrumental in developing the IMP-to-host protocol, architecting the ARPANET, and improving its reliability, organized an event to demonstrate ARPANET. During this event, a new working group called the International Network Working Group (INWG), was organized. One of the tasks that INWG undertook was to connect ARPANET and ALOHANET to some of the new packet switching European networks to create a Giant Global network. Kahn began a lengthy series of discussions with Vint Cerf, the INWG chairman, to find a solution. Their model was an internetworking of the ARPANET with a packet radio network and a satellite network (SATNET)—each of which used different protocols and different interfaces, and were optimized for each particular network's needs.
Scalable IP Networks v2.01
Module 1 - 6
The Challenge of ARPANET Challenges ARPANET was designed for a very high degree of reliability, and NCP depended upon this level of reliability Addressing Each network had its own maximum packet sizes Solution Kahn developed a new host-to-host protocol with global addressing In 1973, TCP was developed as a protocol to connect these networks
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
7
All rights reserved © 2008 Alcatel-Lucent
Challenges Packet radio and satellite links could not guarantee the same kind of reliability that was designed into ARPANET. NCP only supported local addressing to the next hop node. It did not provide the addressing plan that was required for a global network such as the Internet. Each network supported its own maximum packet size. When a packet traveled from one network to the next it may have needed to be broken into a number of smaller packets to traverse the next network. Solution The development of a new host-to-host protocol that supported global addressing, the ability to recover lost packets, perform fragmentation and reassembly, calculate end-to-end checksums, and provide host-to-host flow control. The first version of this new protocol was presented by Kahn and Cerf at a meeting of the INWG at Sussex University in the United Kingdom in September 1973. It was called the Transmission Control Protocol (TCP). In 1978, TCP evolved to become TCP/IP. TCP/IP The introduction and wide-scale deployment of TCP/IP represented a major shift in computer networking. Prior to TCP/IP, most network topologies required hardware-based network nodes to send traffic to a central host for processing with the central host delivering the data to the destination node on behalf of the sender. With the introduction of TCP/IP, each network device was treated as a fully functional, self-aware network endpoint, capable of communicating with any other device directly without using a central host.
Scalable IP Networks v2.01
Module 1 - 7
The Birth of the Internet From military to research-based network y TCP/IP grew in popularity after it was offered with the UNIX OS y ARPANET was replaced by NSFNET
In 1990, commercial agencies and other general purpose companies required networking, giving rise to Internet service providers (ISPs) From research to commercial-based network y NFSNET was replaced by commercial ISPs in the mid-1990s y Protocols associated with the Internet and TCP/IP were developed through the RFC process y INWG evolved into IETF as the standards organization for Internet-related protocols
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
8
All rights reserved © 2008 Alcatel-Lucent
In 1980, the U.S. military adopted TCP/IP as a networking standard. A "flag day" transition from NCP to TCP/IP that took place on January 1, 1983, marks the beginning of the Internet and the beginning of the end for the ARPANET. By 1985, the ARPANET was heavily utilized and burdened with congestion. In response, the National Science Foundation initiated phase 1 for the development of the National Science Foundation network (NSFNET). The NSFNET used a hierarchical network architecture from its inception in 1986 and was more distributed than the ARPANET. The bottom tier consisted of University campuses and research institutions. These were connected to the middle tier (the regional networks). The regional networks were then connected into the main backbone network (the highest tier), consisting of links between six nationally funded supercomputers. As late as the early 1990s, the NSFNET was still reserved for research and education applications, and government agency backbones were reserved for mission-oriented purposes. These networks and other emerging networks were feeling new pressures as different agencies needed to interconnect with one another. There was increasing commercial and general interest in obtaining network access and interconnectivity which gave rise to an entire industry of network service providers, also known as internet service providers. Networks outside the U.S. developed with international connections between them. As the various new and existing entities pursued their goals, the complexity of connections and infrastructure grew.
(….continued on slide 9)
Scalable IP Networks v2.01
Module 1 - 8
The Birth of the Internet From military to research-based network y TCP/IP grew in popularity after it was offered with the UNIX OS y ARPANET was replaced by NSFNET
In 1990, commercial agencies and other general purpose companies required networking, giving rise to Internet service providers (ISPs) From research to commercial-based network y NFSNET was replaced by commercial ISPs in the mid-1990s y Protocols associated with the Internet and TCP/IP were developed through the RFC process y INWG evolved into IETF as the standards organization for Internet-related protocols
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
9
All rights reserved © 2008 Alcatel-Lucent
(….continued from slide 8) The INWG managed the development of Internet and TCP/IP related protocols. From its very beginning, anyone was allowed to participate in the process merely by generating ideas for protocols to use on these emerging networks. These original documents were known then, as they are today, as Requests For Comments (RFCs). While today's RFCs are more formal and build on a rich and storied tradition of previous RFCs, they are still the major driving force for innovation of new protocols and features. The INWG evolved over the years into the IETF which is now the standards body for IP and related protocols. The IETF does not and has never had an official charter. It still operates as an open organization where anyone representing research or commercial interests can contribute and improve the existing internet protocols. IETF working groups enable individual contributors to meet, present, and review their work with every one else through the RFC process.
Scalable IP Networks v2.01
Module 1 - 9
Traffic on the Internet Today NSFNET traffic in the early 90s
Credit: Donna Cox and Robert Patterson, courtesy of the National Center for Supercomputing Applications (NCSA) and the Board of Trustees of the University of Illinois
The modern Internet today
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
10
All rights reserved © 2008 Alcatel-Lucent
The modern Internet evolved from the NSF-based Internet where, instead of research and government institutions providing a common backbone, any commercial enterprise or industry participates in generating or propagating traffic that is generated by other enterprises. The common goal is to provide access to the Internet hosts, and provide an abundance of information housed by various organizations.
Scalable IP Networks v2.01
Module 1 - 10
The Evolution of the Internet Section 2 - Components of the Internet
Scalable IP Networks v2.01
Module 1 - 11
Components of the Internet The Internet Defined Roles and Functions Service Provider Tiers Connections Modern ISP Services ISP with POPs IP Addressing TCP/IP
Alcatel-Lucent Scalable IP Networks v2.00
Scalable IP Networks v2.01
Module 1 |
12
All rights reserved © 2008 Alcatel-Lucent
Module 1 - 12
The Internet Defined Simple Definition The Internet is built with computers that are connected by wires. Each wire serves as a way to exchange information between the two computers that are connected.
Practical Definition The Internet consists of many distributed network architectures that are operated by many commercial organizations (ISPs) connected via major network exchange points as well as direct network interconnections [Internet Routing Architectures, 2nd Edition, Sam Halibi], all using the IP.
Alcatel-Lucent Scalable IP Networks v2.00
Scalable IP Networks v2.01
Module 1 |
13
All rights reserved © 2008 Alcatel-Lucent
Module 1 - 13
Roles and Functions Content Provider An organization or individual that creates information, that is, educational or entertainment content for the Internet Service Provider An organization that provides Internet service and access to various content providers Peering Peering is the arrangement of traffic exchange between ISPs
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
14
All rights reserved © 2008 Alcatel-Lucent
The terms content provider and service provider can be applied to a broader scope than the Internet. However, in this course, content provider and service provider are referred to in the context of the Internet. Service Provider vs Content Provider Anyone that offers Internet connectivity can claim to be an Internet provider or service provider. The term service provider covers everything from a provider with a multimillion-dollar backbone and infrastructure to a provider with one router and an access server in their garage. A content provider provides only the information that is requested by the home user or small corporation. This information typically resides on data servers. Access to these data servers occurs by using application protocols, a concept which will be discussed later. The most common example of an application protocol that is used to access information is Hypertext transfer protocol (HTTP), which is the fundamental protocol of the world wide web (WWW). By using HTTP, users can access information from the server that contains the particular information (the website) sought by the user. For example, when the user types www.google.com on their web browser, the browser uses HTTP to obtain information from the website or the data server that hosts www.google.com. It is quite typical for an Internet user to obtain content from servers outside of their vicinity. The Internet gives any user access to content on servers located anywhere in the world. For example, the user is in Ottawa, Canada obtaining services from a local ISP (ISP A) and the data server hosting Google is in Palo Alto, USA connected to its content provider. ISP A and the content provider must either be able to connect directly to each other or must be able to use the service of another ISP that provides transit services to both ISP A and the content provider. Only then will the local user send and receive traffic from the Google server. This type of arrangement between the ISPs and the content provider is referred to as a peer arrangement or peering. Peering is a mutual agreement between two or more ISPs to enable the exchange of information between each other’s customers by direct or indirect interconnections. The indirect interconnection is through an Internet Exchange Point (IXP). Apart from web access, ISPs can also provide e-mail access with multiple e-mail accounts, data storage, and very recently broadcast television services.
Scalable IP Networks v2.01
Module 1 - 14
Service Provider Tiers Tier 1 service providers serve primarily as transit providers y For example – AT &T, Global Crossing, Level 3
Tier 2 service providers provide transit for some networks and receive transit service from Tier 1 service providers to connect to other parts of the Internet y For example - Bell Canada, Sprint
Tier 3 service providers can provide reselling services for various Tier 2 services to their customers IXPs enable Tier 1, 2, and 3 service providers to exchange Internet data
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
15
All rights reserved © 2008 Alcatel-Lucent
Tier 1 Service Providers In this context of Tier 1, service provider and network are interchangeable. By definition, a Tier 1 network does not purchase information transit from any other network to reach any other portion of the Internet. Therefore, in order to be a Tier 1 network, a network must peer with every other Tier 1 network. A new network cannot become a Tier 1 network without the explicit approval of every other Tier 1 network, because any network's refusal to peer with it prevents the new network from being considered a Tier 1 network. Tier 2 Service Providers Tier 2 service providers purchase transit services from one or more Tier 1 service providers. Tier 3 Service Providers Tier 3 service providers are smaller than Tier 2 services providers and require a Tier 2 or Tier 1 service provider for transiting to parts of the Internet. Internet Exchange Points IXPs enable information exchange at local points, which avoids needing to traverse or backhaul traffic through major points in order to reach the Internet.
Scalable IP Networks v2.01
Module 1 - 15
Home to Local ISP Connections
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
16
All rights reserved © 2008 Alcatel-Lucent
The slide shows a typical scenario where small home users are connected to the Internet. The home user connects to the local service provider, which can be a Tier 2 or Tier 3 service provider depending on the size of their local ISP. The Tier 2 service provider houses local content that is immediately delivered to the home user and also peers with another Tier 1 or Tier 2 service provider for home-to-home connectivity. This is the case where two homes are connected to two independent ISPs and are using a network application such as Microsoft Messenger or other Internet chat services. The Tier 1 ISP may also peer directly with a content provider or through a Tier 2 ISP.
Scalable IP Networks v2.01
Module 1 - 16
Enterprise-to-enterprise Connections
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
17
All rights reserved © 2008 Alcatel-Lucent
Enterprises can connect between their regional offices through the Tier 2 and Tier 1 ISPs. For example, an enterprise in one region can connect to a local Tier 2 ISP, or one office can connect to a Tier 2 ISP in another region. Using the same Internet backbone as shown in the previous slide, enterprise companies in two different locations that are connected to two different local ISPs can communicate with each other. Enterprise services can include, for example, video conferencing, electronic whiteboard presentations. Often, ISP A is connected to both residential (home) subscribers and enterprise organizations. One major difference between enterprise and residential subcribers is their resource requirements. The needs of an enterprise are typically more resource intensive than those of a residential home subscriber. Therefore, local ISPs typically reserve more bandwidth for their enterprise customers depending upon their service level agreements. Another major difference between the enterprises and residential subscribers is the addressing plan. Enterprises can have their own publically allocated addressing space whereas residential subscribers typically borrow addressing from their local ISP.
Scalable IP Networks v2.01
Module 1 - 17
Modern ISP Services ISP Services Residential and enterprise Service Level Agreements Contractual obligation to ensure traffic guarantees Demarcation Points Provides a clear separation between the customer network and the service provider network Separation of the service provider and customer responsibilities Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
18
All rights reserved © 2008 Alcatel-Lucent
ISP Services Traditionally ISPs provided dial-up Internet access using phone lines (28.8 to 56 kb/s). This was upgraded to high-speed Internet access which provided 2 to 3 or 5 to 7 Mb/s. Along with Internet access, modern ISPs can also be content providers or can peer with several content providers to provide their users with a variety of services, mainly voice, video, and data applications. To compete with the traditional cable and satellite providers and Telecom providers, modern ISPs bundle the major services (voice, data, and video) into what is referred to as a triple play package. In contrast, some of the cable providers and satellite providers now offer Internet services to compete with the Telecom providers and other ISPs. Cost reduction is one major motivation for bundling services that were traditionally offered as individual services. Another motivation is to offer customized services with varying price points. For example, an ISP may offer end users three packages - a basic service, a premium service, and an elite service. The package with higher service utilization costs more than the package that offers a basic service. The basic package may offer a 10 Mb/s combined voice, Internet, and basic video services; the premium package may offer 20 Mb/s voice service and Internet and basic video services; and the elite package may offer 40 Mb/s voice, very high speed Internet, and high definition video services. (…continued on slide 19)
Scalable IP Networks v2.01
Module 1 - 18
Modern ISP Services ISP Services Residential and enterprise Service Level Agreements Contractual obligation to ensure traffic guarantees Demarcation Points Clear separation between the customer network and service provider network Separation of the service provider and customer responsibilities Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
19
All rights reserved © 2008 Alcatel-Lucent
(…continued from slide 18) Service Level Agreements A service level agreement is a contractual agreement between an ISP and its customers that defines traffic flow guarantees and may include penalties when traffic is not delivered in compliance with the service level agreement. In addition to residential customer traffic needs, ISPs typically provide the business traffic needs for enterprises. A medium to large enterprise that requires the ISP’s geographical presence to connect to its offices or to other enterprise organizations will have traffic requirements for bandwidth and timely delivery that are well beyond that of the home user. The enterprise may require additional services from an ISP such as web hosting, and services for intersite connectivity. Typically, the traffic that travels through the ISP’s network is critical to the daily operations of the enterprise. The delivery of this type of traffic is usually guaranteed by the ISP with a service level agreement. Demarcation Points Demarcation points provide separation between the service provider and the customer. The demarcation point is the point where the service provider's responsibility ends and the customer's responsibility begins.
Scalable IP Networks v2.01
Module 1 - 19
ISP with POPs in Different Cities
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
20
All rights reserved © 2008 Alcatel-Lucent
Today’s Internet backbone is quite complex. The backbone is a collection of service providers with connection points over multiple regions. These connection points are called points of presence (POPs). The collection of POPs and the interconnections between them form the provider networks. Customers who purchase Internet service from these service providers are connected through access or hosting facilities located in the service provider’s POP. The service providers may have direct or indirect access to the content providers. The customers are the end hosts that receive Internet service from their service provider. In this slide, the ISP B in Montreal is not connected directly to the content provider. Instead ISP B must send its traffic to Toronto which is connected. Similarly, the ISP A POP in Ottawa must send its traffic through Toronto or Montreal to reach the content provider. Service providers with POPs throughout the country are commonly referred to as national providers. Service providers that cover specific regions are referred to as regional providers. To enable customers of one provider to reach customers connected to another provider, traffic is exchanged at public IXPs or through direct interconnections. The term ISP is commonly used to refer to any entity that provides Internet connectivity service directly to the end user or to other service providers.
Scalable IP Networks v2.01
Module 1 - 20
ISP with POPs and IXPs
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
21
All rights reserved © 2008 Alcatel-Lucent
With an IXP at the city level, traffic between various ISPs and content providers can be handled within the same city. For example, in the slide, ISP A POP and ISP B POP in Ottawa can communicate with each other locally through Ottawa’s IXP. If a content provider is connected to the IXP in a local city, the traffic between the ISP POPs and the content provider is localized. Without the local IXP, the traffic between ISPs may need to be carried to another city with an IXP before the traffic arrives at the destination ISP in the original city. For example, if there is no local IXP in Ottawa, traffic from ISP A in Ottawa may travel to Toronto before returning to communicate with ISP B in Ottawa.
Scalable IP Networks v2.01
Module 1 - 21
IP Addressing
Some of the IP address allocations managed by RIR (Regional Internet Registry)
Alcatel-Lucent Scalable IP Networks v2.00
RIPE NCC 77/8 to 95/8
ARIN 96/8 to 99/8, 204/8 to 209/8
AfriNIC 41/8, 196/8 LACNIC 186/8, 187/8, 189/8, 190/8
APNIC 114/8 to 126/8
Module 1 |
22
All rights reserved © 2008 Alcatel-Lucent
For the Internet to operate, the components need a common method of communication and common addressing of all of the physical components. Internet protocol (IP) provides this common method of communication and common addressing. Every device that connects to the Internet, or that communicates with another computer on the Internet has a unique IP address. An example of an IP address is 138.120.105.45. These addresses are distributed and controlled by the Internet Assigned Numbers Authority (IANA).
Scalable IP Networks v2.01
Module 1 - 22
TCP/IP A network protocol is a standardized method of communicating between computers; for example: TCP TCP is a layered protocol with distinct functions A layer in a protocol stack receives services from the lower layers and provides services to the upper layers The advantages of standard layering are: Simplifies complex procedures into a structure that is easier to understand Modularizes protocol functionality and hides changes in the lower layers from the upper layers
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
23
All rights reserved © 2008 Alcatel-Lucent
Layering of information can be compared with the regular postal service where there are several distinct functions: Creating the letter Placing the letter in an envelope, and writing the sender’s and recipient’s address Choosing the type of delivery for the letter (same day service, same week and so on) Placing the appropriate stamp on the letter to pay for the service Physically sending the letter via carriers; for example, by truck or airplane After the sender writes the letter, all of the functions listed above are relevant to transporting the letter to the appropriate destination. At the destination, the letter is received by the recipient, and depending upon the transport service, an acknowledgement may be sent to the sender confirming the receipt of the letter. The letter can then be removed from the envelope and its contents read. The layering of information on the Internet occurs in a similar fashion. The objective of this data transfer is to inter-network with different computer systems. The applications need to send data to and receive data from other applications on different hosts/systems. In doing so, the application composes the data and requests a layering stack to transport the information. Each layer of the protocol stack adds the pertinent information for that layer to the existing data. As the data is sent from the sender to the receiver, the data passes through several other systems. These systems only check the information that is relevant to the layers in which they have an interest. The systems use this information to assist in transmitting the data to the appropriate destination.
Scalable IP Networks v2.01
Module 1 - 23
The Evolution of the Internet Section 3 - How the Internet Works – TCP/IP Layering
Scalable IP Networks v2.01
Module 1 - 24
How the Internet Works - TCP/IP Layering TCP/IP Layers - Overview TCP/IP Layers - Characteristics Encapsulation End-to-end Frame transfer OSI Model
Alcatel-Lucent Scalable IP Networks v2.00
Scalable IP Networks v2.01
Module 1 |
25
All rights reserved © 2008 Alcatel-Lucent
Module 1 - 25
TCP/IP Layers - Overview
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
26
All rights reserved © 2008 Alcatel-Lucent
The network protocol suite defines the protocols and technologies that support the interconnection of a diverse array of hardware and systems to support the operation of a wide range of applications over the network. Anyone who has used an Internet application, such as a web browser or e-mail can appreciate the complexity of the systems that are required to support these applications. The layering of protocols simplifies this complex problem by dividing the protocol into a number of simpler functions. Each layer performs a specific function that contributes to the overall functioning of the network. The TCP/IP suite, also known as the Internet protocol suite, contains four layers of technology. The application services layer provides all of the services that are available to users of the Internet. The two intermediate layers (transport and Internet protocol) provide a common set of services that are available to all of the Internet applications and operate on the Internet hardware infrastructure. The network interfaces layer includes all of the hardware that comprises the physical infrastructure of the Internet.
Scalable IP Networks v2.01
Module 1 - 26
TCP/IP Layers - Characteristics
User interface to the network User applications E-mail, Telnet, FTP, WWW
Application interface to IP Layer Reliable/unreliable transfers Unique network addressing scheme to identify hosts Routing protocols for path determination End-to-end forwarding of datagrams Physical transfer of data ATM, Ethernet, frame relay
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
27
All rights reserved © 2008 Alcatel-Lucent
The application services layer is where the user interfaces with the network. This layer applies only to network applications, such as e-mail, Telnet, FTP, and WWW. Without network connectivity, these applications would be useless. Applications such as word processors and database programs are not considered network applications because they do not require network connectivity. The transport layer is the application’s interface to the network. The transport protocol provides a mechanism for an application to communicate with another application that resides on another device in the network. In the TCP/IP suite, there are two transport protocols: TCP and user datagram protocol (UDP). TCP is a connection-oriented protocol that provides an ordered and reliable transfer of data over the network. UDP is a connectionless protocol that supports the transfer of a single datagram across the network with no delivery guarantee. UDP is simpler than TCP and operates with less overhead than TCP. Most Internet applications, such as HTTP (web-browsing), e-mail, Telnet, and file transfer protocol (FTP), use TCP for data transfer because it provides a reliable transfer service. Some applications, such as domain name system (DNS) and simple network management protocol (SNMP), use UDP because they only require a simple datagram transfer. Other applications, such as reliable transfer protocol (RTP), use UDP to avoid the overhead of TCP and because there is no benefit in the retransmission of lost packets for the applications that use RTP. The Internet protocol layer provides a common addressing plan for all of the hosts on the Internet as well as a simple, unreliable datagram transfer service between these hosts. IP is the common glue that defines the Internet. IP also defines the way a datagram (or packet) is routed to its final destination. In an IP network, packet forwarding across the network is handled by routers. IP routers examine the destination address of a datagram and determine which router is the next hop that will provide the best route to the destination (known as hop-by-hop routing). Routers communicate with each other using dynamic routing protocols to exchange information about the networks to which they are connected. The protocols allow routers to make forwarding decisions for the datagrams that they receive. The network interface layer comprises the hardware that supports the physical interconnection of all of the network devices. The technologies of the network interface layer are often defined as multiple layers. The common trait of all technologies of this layer is that they can forward IP datagrams. There are many different technologies that operate at this layer, some of which are very complex. Some of the protocols commonly used at this layer include ATM, frame relay, point-to-point protocol (PPP), and Ethernet. However, many other protocols are used; some of the protocols are open standards and some are proprietary. The diversity of the network interfaces layer demonstrates one of the benefits of protocol layering. As new transmission technologies are developed, it is not necessary to change the upper layers in order to incorporate these technologies in the network. The only requirement is that the new technology be able to support the forwarding of IP datagrams.
Scalable IP Networks v2.01
Module 1 - 27
Encapsulation Encapsulation is the inclusion of one data format in another data format in order to hide the former data format In the context of TCP/IP, encapsulation is the mechanism by which the TCP/IP stack adds layered information to the application-generated data TCP/IP includes four types of encapsulation y Application encapsulation y Transport encapsulation y IP encapsulation y Data link encapsulation
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
28
All rights reserved © 2008 Alcatel-Lucent
The application generates the data, which is handed to the transport layer. The transport layer (TCP or UDP layer) adds its overhead to the data, thereby hiding the original data. The data now is part of the transport layer and identified by the transport header. Similarly, once the transport data is received by the lower IP layer, the IP layer adds its overhead. At this point, the packet is referred to as an IP packet, thereby hiding the transport layer overhead and the application data. Finally, the IP layer needs the data link layer to perform the physical transmission of the IP packet. The data link layer adds its own overhead to the IP packet and then transmits the data to the next hop in the network.
Scalable IP Networks v2.01
Module 1 - 28
Application Encapsulation
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
29
All rights reserved © 2008 Alcatel-Lucent
When a network application needs to communicate with another application across the network, the application must first prepare its data in the specific format defined by the protocol to be used by the receiving application. A specific protocol is used so that the receiving application will know how to interpret the received data. For an e-mail message, there are two parts: the message header and the body. The message header contains the sender’s and receiver’s addresses, as well as other information such as the urgency of the message and the nature of the message body. The format of the header and the nature of the addresses is defined by the application protocol. An e-mail message protocol is Simple Message Transfer Protocol (SMTP). In addition to defining the format of the message, the protocol also specifies how the applications are expected to interact with each other, including the exchange of commands and the expected responses. The application uses the services of the transport layer to transfer the application’s data.
Scalable IP Networks v2.01
Module 1 - 29
Transport Encapsulation
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
30
All rights reserved © 2008 Alcatel-Lucent
The transport layer provides a service to transfer data between applications across a network. Two transport protocols are used on the Internet: TCP and UDP. To exchange e-mail across the Internet, an e-mail application uses SMTP. SMTP uses TCP to accomplish the transfer. TCP provides a reliable transfer service to ensure that all of the data is properly transferred. UDP provides a simple, unreliable datagram delivery service, which is similar to IP. TCP treats all application data as a simple byte stream, including both the message header and the message body. TCP accepts the application’s data and breaks the data into segments for transmission across the network as required. To accomplish this reliable transfer, TCP packages the application data with a TCP header. On the receiving end of the connection, TCP removes the TCP header and reconstructs the application data stream exactly as the data was received from the application on the sender’s side of the network. The TCP and UDP headers carry source and destination addresses that identify the sending and recipient applications because a single host system may support multiple applications. These addresses are known as port numbers. The TCP units of data are known as segments; UDP data is called a datagram. To transmit its segments of data across the network, TCP uses the services of the IP layer.
Scalable IP Networks v2.01
Module 1 - 30
IP Encapsulation
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
31
All rights reserved © 2008 Alcatel-Lucent
The IP layer provides a common addressing scheme across the network as well as a simple, unreliable datagram forwarding service between nodes in the network. Data from the transport layer is packaged in IP datagrams for transfer over the network. Each datagram travels independently across the network. The intermediate routers forward the datagram on a hop-by-hop basis based on the destination address. Each datagram contains source and destination addresses that identify the end nodes in the network. Every node in an IP network is expected to have a unique IP address. IP uses the services of the underlying network interfaces to perform the physical transfer of data.
Scalable IP Networks v2.01
Module 1 - 31
Data Link Encapsulation
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
32
All rights reserved © 2008 Alcatel-Lucent
The data link layer is the term for the network interfaces that are used by IP to physically transmit the data across the network. The units of data transmitted at the data link layer are usually known as frames. IP datagrams must always be encapsulated in some type of data link frame for transmission. A typical data link frame contains a header, usually with an address. The frame may also contain a trailer with a checksum to verify the integrity of the transmitted data. There are many types of technologies used as network interfaces by IP. Each type of technology has its own specific format and rules of operation. The common characteristic is that all of these technologies can carry IP datagrams. Most protocols at this layer also use some form of addressing. The address is specific to the data link protocol and identifies the endpoints of the data exchange. For example, the slide shows the address of an Ethernet frame. Some point-to-point protocols such as PPP may not use addresses when there is only one possible destination for the data.
Scalable IP Networks v2.01
Module 1 - 32
End-to-end Frame Transfer
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
33
All rights reserved © 2008 Alcatel-Lucent
This slide shows how data is transferred from a source PC to a destination server across the Internet. An application running on the source PC generates the data to be transmitted to the server. The application does not need to be concerned with the details of the transmission and only passes the data to the TCP layer of the TCP/IP protocol stack included in the PC operating system. The TCP layer encapsulates the application data within a TCP header and passes the data to the IP layer. TCP is also not concerned about the details of the transmission and relies on the IP layer to handle the end-to-end routing of the data across the network. However, TCP does make sure that the data is transmitted reliably across the network. The IP layer encapsulates the data within an IP header and makes a decision about where the data should be transmitted to reach the destination server. Since IP uses hop-by-hop routing, it is only concerned with finding the next hop towards the destination. In an IP network, the hops are between IP routers and from the source PC, the next hop is usually the default gateway. The source PC transmits the data to the default gateway which then decides which router is the next hop towards the destination and then transmits the data to that router. The IP datagram travels from router to router across the Internet, until it reaches the destination server. However, the IP layer does not physically handle the transmission of the data. The transmission of data between routers is performed by the network interface or by the data link layer. IP passes its data (including the IP header) to the data link layer, which then encapsulates it in a data link frame for transmission to the next router. The data link from the source PC may be an Ethernet network; therefore, the IP datagram travels to the next router in an Ethernet frame. The physical connection between that router and the next router may be an ATM network; therefore, the IP datagram will travel in an ATM frame to the next IP router. If the next hop is a different data link technology from the technology of the previous hop, the IP datagram will travel in the appropriate frame used by that technology. This continues hop by hop until the IP packet reaches the destination server. Because IP provides end-to-end forwarding across the network, the IP datagram is created at the source PC, including the IP header, the TCP header, and the application header. The IP datagram then travels intact across the IP network, although it is encapsulated in a different data link frame at each hop (each IP router). When the IP datagram reaches the destination system, the data is extracted by the TCP/IP protocol stack on that system and the data is provided to the application. Scalable IP Networks v2.01
Module 1 - 33
OSI Model Overview
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
34
All rights reserved © 2008 Alcatel-Lucent
The open systems interconnection (OSI) reference model represents an alternative method to TCP/IP for organizing how networks communicate with each other so that all hardware and software vendors have an agreed-upon framework to develop networking technologies. With this model, the International Organization for Standardization (ISO) intended to: Simplify complex procedures by separating them into simpler, discrete layers Allow network equipment from different vendors to interoperate Support a modular plug-and-play functionality Provide an alternative method to TCP/IP to organize The OSI model is represented by the seven layers, as shown in the slide. These layers may be grouped into two main areas: upper and lower layers.
Scalable IP Networks v2.01
Module 1 - 34
Development of the OSI Model Early 1970s — Canepa and Bachman at Honeywell Information Systems worked to develop a mechanism to distribute databases March 1978 – 7-layer model created by Bachman and Canepa was the only model submitted to the ISO Late 1970s — Specific standards developed by ISO and CCITT 1983 — The ISO and CCITT documents merged into the Basic Reference Model for Open Systems Interconnection 1984 — The merged document was published by both ISO and CCITT, with CCITT being renamed ITU-T (ISO 7498 and ITU-T X.200) Early 1990s - Some OSI protocols (for example, X.500 and CLNS) competed with TCP/IP, but growth of the Internet caused IP to be adopted.
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
35
All rights reserved © 2008 Alcatel-Lucent
The OSI reference model was developed at the end of the 1970s, but the development of actual protocols to support the reference model was slow. By the early 1990s, a number of OSI protocols (for example, TP0-4, CLNS, CONS, X.400, and X.500) had been specified and commercial implementations were attempted. However, the success of TCP/IP and the weaknesses of the OSI led to the adoption of TCP/IP for internetworking. The OSI was designed as an open standard to replace the strictly proprietary networking technologies that were in use in the 1970s (IBM’s SNA was dominant, but many others were also in use). However, TCP/IP applications and implementations grew much more rapidly than the OSI, and by 2000, OSI was essentially replaced by TCP/IP. The OSI reference model is widely used to describe the layering of network protocols, and much networking terminology derives from the OSI protocol suite. A few remnants of OSI are still in use; for example, LDAP, which is a derivation and simplification of X.500, and IS-IS, which was designed as an OSI routing protocol and was adapted to TCP/IP networks.
Scalable IP Networks v2.01
Module 1 - 35
OSI vs TCP/IP Suite
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
36
All rights reserved © 2008 Alcatel-Lucent
The TCP/IP suite differs from the OSI model in that the TCP/IP suite uses four protocol layers and the OSI model uses seven layers. The slide shows the protocol layer relationship between the two models. Network interfaces — This layer defines the actual interface between network nodes and contains the functionality of both the physical and data link layers of the OSI model. Protocols such as Ethernet describe both the framing of data (Layer 2) and the physical transmission of the frame over the media (Layer 1). This layer is often referred to as Layer 2 because it provides OSI Layer 2-type services to the IP layer. Internet protocol — The IP layer provides a universal and consistent forwarding service across a TCP/IP network. IP provides services that are comparable to the OSI network layer and is sometimes referred to as a Layer 3 (also known as L3) protocol. The OSI network protocol, CLNP corresponds most closely to IP. Transport — The transport layer comprises two main protocols: TCP and UDP. These transport protocols provide services that are similar to the OSI transport protocols. TCP is very similar to the OSI transport protocol, TP4. TCP and UDP may be referred to as Layer 4 protocols. Application services — The application services provide end-user access to the Internet. Any of the services of the upper three OSI protocols that are required are incorporated into the application protocols. There are a number of Internet protocols that provide services similar to these OSI layers, although they do not follow the layering or service definitions of the OSI. For example, TLS provides session-like services to Internet applications and MIME provides presentation-like services to SMTP and HTTP. Application layer protocols are sometimes referred to as Layer 7 protocols.
Scalable IP Networks v2.01
Module 1 - 36
The Evolution of the Internet Section 4 - Module Summary and Learning Assessment
Scalable IP Networks v2.01
Module 1 - 37
Module Summary After the successful completion of this module, you should be able to: Describe the evolution of the Internet Describe the components of the Internet Describe how the Internet works
Alcatel-Lucent Scalable IP Networks v2.00
Scalable IP Networks v2.01
Module 1 |
38
All rights reserved © 2008 Alcatel-Lucent
Module 1 - 38
Learning Assessment – The Evolution of the Internet Outline the events that led to the development of the Internet Describe the significance of ARPANET List the problems with having different protocols Describe the solution to the problem of different protocols Describe how the Internet evolved from a military-based network to a research-based network Describe how the Internet evolved from a research-based network to a commercial-based network Describe the importance of the IETF
Alcatel-Lucent Scalable IP Networks v2.00
Scalable IP Networks v2.01
Module 1 |
39
All rights reserved © 2008 Alcatel-Lucent
Module 1 - 39
Learning Assessment - The Components of the Internet Provide a practical definition of the Internet Describe the differences between an Internet service provider and a content provider Describe the differences between older and modern ISP services Identify the basic components required for the Internet to work List the advantages of protocol layering
Alcatel-Lucent Scalable IP Networks v2.00
Scalable IP Networks v2.01
Module 1 |
40
All rights reserved © 2008 Alcatel-Lucent
Module 1 - 40
Learning Assessment - How the Internet Works List and describe the characteristics of the TCP/IP layers Describe how the TCP/IP layers work together Describe the OSI Model Discuss the development of the OSI Model Discuss the similarities between the TCI/IP and OSI models of protocol
Alcatel-Lucent Scalable IP Networks v2.00
Scalable IP Networks v2.01
Module 1 |
41
All rights reserved © 2008 Alcatel-Lucent
Module 1 - 41
www.alcatel-lucent.com
Alcatel-Lucent Scalable IP Networks v2.00
Module 1 |
42
3HE-02767-AAAA-WBZZA Edition 02
All rights reserved © 2008 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks Module 2 —7750 SR and 7450 ESS Components and CLI
Module Overview 7750 SR and 7450 ESS Products 7750 SR Components Boot Process CLI Commands Basic Router Configuration
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
2
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 2
7750 SR and 7450 ESS Components and CLI Section 1 — 7750 SR and 7450 ESS Products
7750 SR and 7450 ESS Products Overview 7750 SR Family 7750 SR Features 7450 ESS Family 7450 ESS Features Comparison Between 7450 ESS and 7750 SR 7450 ESS and 7750 SR Control Plane vs Data Plane
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
4
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 4
7750 SR Family SR-12
Slot 1 2 3 4 5 A B 6 7 8 9 10
SR-7 1
MDA
2
Slot 1 2 3
1
4 5
MDA
A B
2
Three chassis options – 1, 7, and 12 slots Carrier-class reliability combined with high density in a small footprint
SR-1
1
A 1
Alcatel-Lucent Scalable IP Networks v2.01
MDA
2
System capacities scalable from 20 Gb/s to 200 Gb/s Modular design for the SR-7 and SR-12– removable IOM, SF/CPM, and MDAs Common operating system
Module 2 |
5
All rights reserved © 2008 Alcatel-Lucent
The 7750 SR-12 is the largest 7750 SR and has 12 front-access card slots. Two card slots are dedicated for redundant common equipment. Each slot holds one Switch Fabric/Control Processor Module (SF/CPM). Only one SF/CPM is required for operation. A second SF/CPM provides complete redundancy of the fabric and the control processors. There are two switch fabric options: 200 Gb/s and 400 Gb/s full-duplex throughput. When two 7750 SR SF/CPMs are installed, the traffic load is shared across the switch fabrics. Two 200 Gb/s/400 Gb/s fabrics provide 400 Gb/s/800Gb/s of non-redundant full-duplex throughout or 200 Gb/s/400 Gb/s of fully redundant, full-duplex throughput. The remaining 10 slots are used for Input/Output Module (IOM) base boards. The backplane supports 40 Gb/s full-duplex throughput to each IOM slot. The 7750 SR-7 chassis is a fully redundant system and has seven front-access slots. Two card slots are dedicated for redundant common equipment, each of which holds one SF/CPM. The remaining five slots are used for IOM base boards. The 7750 SR-1 has the management, switch fabric and one IOM base board integrated into the chassis. The 7750 SR-1 has an integrated switching system with 20 Gb/s full-duplex throughput and can accommodate two Media Dependent Adapters (MDAs) for physical interfaces. The 7750 SR-1 is a small form factor switch for installations that need the many 7750 SR service capabilities but with less interface and protocol scaling requirements.
Scalable IP Networks v2.01
Module 2 - 5
7750 SR Features Supports all industry-standard routing protocols y OSPF, IS-IS, BGP, RIP, VPRN, Multicast — OSPF v2 and v3 with multiple instances are supported in Release 5.0 or later
y BGP support with address families (IPv4, IPv6, VPN-IPv4, Multicast) y IPv6
Supports MPLS and LDP with services capability y VLL y VPLS y VPRN
Supports high availability y NSF, NSR y GR Helper Mode
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
6
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 6
7450 ESS Family ESS-1
ESS-7 Slot
1
MDA
2
1 2 3 4 5 A B
Integrated switch fabric/control, IOM, and power
7 slots (5 IOM, 2 SF/CPM)
20 Gb/s full-duplex system capacity
200 Gb/s switch fabric/control
Two 10 Gb/s MDAs
Five 20 Gb/s IOMs
Over-subscription of some MDAs available Power redundancy
Alcatel-Lucent Scalable IP Networks v2.01
100 Gb/s full-duplex system capacity Fabric/control redundancy Ten 10 Gb/s MDAs Over-subscription of some MDAs available Power redundancy
Module 2 |
7
All rights reserved © 2008 Alcatel-Lucent
The 7450 ESS-1 has the management, switch fabric and one IOM base board integrated into the chassis. The 7450 ESS-1 has an integrated switching system with 20 Gb/s full-duplex throughput and can accommodate two MDAs for physical interfaces. The 7450 ESS-7 chassis is a fully redundant system and has seven front-access slots. Two card slots are dedicated for redundant common equipment, each of which holds one SF/CPM. The remaining five slots are used for IOM base boards. The total switching capacity for the 7450 ESS-7 of 100 Gb/s is limited by the IOM capacity despite the switching fabric supporting up to 200 Gb/s.
Scalable IP Networks v2.01
Module 2 - 7
7450 ESS Family (continued) ESS-6
ESS-12
6 slots (4 IOM, 2 SF/CPM)
12 slots (10 IOM, 2 SF/CPM)
80 Gb/s full-duplex system capacity
400 Gb/s full-duplex system capacity
80 Gb/s switch fabric/control
400 Gb/s switch fabric/control
Fabric/control redundancy
Fabric/control redundancy
Four 10 or 20 Gb/s IOMs
Ten 20 or 40 Gb/s IOMs
Over-subscription of some MDAs available
Over-subscription of some MDAs available
Power redundancy
Power redundancy
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
8
All rights reserved © 2008 Alcatel-Lucent
The 7450 ESS-6 is a fully redundant system with a lower switching capacity than the 7450 ESS-7 making it available at a lower cost. Functionally it supports all of the features of the 7450 ESS-7. The 7450 ESS-12 is the largest 7450 ESS and has 12 front-access card slots. Two card slots are dedicated for redundant common equipment. Each slot holds one SF/CPM. Only one SF/CPM is required for operation. A second SF/CPM provides complete redundancy of the fabric and the control processors. There are two switch fabric options: 200 Gb/s and 400 Gb/s full-duplex throughput. When two 7450 ESS SF/CPMs are installed, the traffic load is shared across the switch fabrics. Two 200 Gb/s/400 Gb/s fabrics provide 400 Gb/s/800 Gb/s of non-redundant full-duplex throughput or 200 Gb/s/400 Gb/s of fully redundant, full-duplex throughput. The remaining 10 slots are used for IOM base boards. The backplane supports 40 Gb/s full-duplex throughput to each IOM slot.
Scalable IP Networks v2.01
Module 2 - 8
7450 ESS Features Supports industry-standard routing protocols y OSPF, IS-IS, RIP y IPV6
Supports MPLS and LDP with service capabilities y VLL y VPLS
Carrier grade with high availability y NSR, NSF, GR Helper
Designed for Ethernet aggregation in metro
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
9
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 9
Comparison Between 7450 ESS and 7750 SR
Type
7450 ESS
7750 SR
Purpose
Primarily designed to support Ethernet aggregation services
Supports Ethernet, ATM, frame relay, and VPRN services
Platforms
ESS-1, ESS-6, ESS-7, and ESS-12
SR-1, SR-7, and SR-12
ESS-6, ESS-7, and ESS-12
SR-7 and SR-12
Ethernet and POS
Ethernet, ATM, POS, and DS3/OC3 are channelized
Redundancy Pwr/Control MDA
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
10
All rights reserved © 2008 Alcatel-Lucent
The 7750 SR and 7450 ESS share the same robust service management, troubleshooting, and billing features. The 7450 ESS is based on the same technology foundation as the 7750 SR, but there are some key differences between the two products, as summarized in the slide. The MDAs, IOMs, and fabric modules are not interchangeable between the two products. They have different chassis, modules, MDAs, part numbers and list prices; and distinct roadmaps. The 7450 ESS has a separate software load from the 7750 SR. The 7450 ESS capabilities are focused on enabling the delivery of metro Ethernet services only. The 7450 ESS does not support Layer 3 services such as MPLS/BGP VPNs. The 7450 ESS does not contain key functionality and scalability attributes that are required in an edge router, for example BGP-4. The 7450 ESS does not have an upgrade path to the 7750 SR or to a PE router.
Scalable IP Networks v2.01
Module 2 - 10
7450 ESS and 7750 SR Control Plane vs Data Plane
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
11
All rights reserved © 2008 Alcatel-Lucent
Data plane operation The data plane operation occurs after the control plane has built the forwarding information and stored the data in the IOM. 1. Data from the remote network/customer site ingresses through the MDAs, where the data is formatted (internal format). 2. The data is then processed in the I/O module where the decision to switch occurs (Layer 2/Layer 3 forwarding information lookup) 3. The data packets are sent to the switch fabric. 4. The switch fabric then forwards the data to the appropriate IOM. 5. The IOM sends the data to the appropriate MDA. Control plane operation Control messages ingress the 7750 SR and 7450 ESS in a way that is similar to the data packets, except that the control messages are processed further by the control plane.
Scalable IP Networks v2.01
Module 2 - 11
7750 SR and 7450 ESS Components and CLI Section 2 — 7750 SR Components
7750 SR Components 7750 SR SF/CPM Cards 7750 SR IOMs, MDAs, and SFPs Ingressing the Router Egressing the Router Compact Flash
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
13
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 13
7750 SR SF/CPM Cards
Redundant SF/CPMs supported on SR-7 and SR-12
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
14
All rights reserved © 2008 Alcatel-Lucent
The SF/CPM module is an integrated module that functions as a switching fabric and as a system controller. Like the IOMs, the SF/CPM is built using common functionality blocks. The switching planes contain switching elements that are composed of fast ASICs, and the system controller contains two flexible fastpath complexes. The ASICs are responsible for the system’s control plane processing and for running the various routing and signaling protocols. The system controller also manages the shared input/output resources, which includes management Ethernet ports, serial ports, status LEDs, compact flash sockets capable of accepting compact flash or disk modules, system clocks, temperature monitors, fan controls, and so on.
Scalable IP Networks v2.01
Module 2 - 14
7750 SR IOMs, MDAs, and SFPs
10 IOMs per SR-12 5 IOMs per SR-7
SFP optics
IOMs and MDAs are hot-swappable
2 MDAs per IOM
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
15
All rights reserved © 2008 Alcatel-Lucent
IOMs IOMs are hot-swappable modules that connect to standard physical interfaces. IOMs contain two 10 Gb/s traffic-processing programmable fast path complexes. Each complex supports a pluggable MDA that allows a common programmable fast path to support all of the possible interface types. Each IOM also contains a CPU section to manage the forwarding hardware in each flexible fast path. The term hot-swappable refers to the ability to remove and replace an IOM from a live system without the need to shut down. MDAs MDAs provide one or more physical interfaces, such as Ethernet, ATM, or SONET/SDH. MDAs pass incoming frames to the IOM for processing, and transmit outgoing frames to the appropriate physical interface in the correct format. SFP interfaces SFPs transceivers are small optical modules that are available in a variety of formats.
Scalable IP Networks v2.01
Module 2 - 15
Ingressing the Router
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
16
All rights reserved © 2008 Alcatel-Lucent
Data that enters the router (ingressing) goes through the MDA. The MDA converts the received physical format of the data into an internal format and provides minimal buffering. The data is then sent to the flexible fast path complex (one for each MDA) where the following occurs: Quality of service is applied to classify and treat packets differently including buffering. Access control lists are applied in real time to discard packets that are not needed. Forwarding destination is determined, (that is, the destination IOM/MDA/port). If the data received is a user data packet, the data is forwarded to the switch fabric. If the data received is a protocol control data, the control data is forwarded to the control plane.
Scalable IP Networks v2.01
Module 2 - 16
Egressing the Router
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
17
All rights reserved © 2008 Alcatel-Lucent
Data is sent to the IOM from the switch fabric (for a user data packet), or to the control card (for a controlgenerated packet). The packet is sent to the flexible fast path complex responsible for the respective egress MDA. Similar to the ingress, the IOM will: Provide QoS classification and buffer management for egressing data Apply access control lists in real time to discard packets that are not needed The data is then reframed in the MDA and sent through the appropriate port.
Scalable IP Networks v2.01
Module 2 - 17
Compact Flash Each control/switch processor on a 7750 SR or 7450 ESS can have 3 compact flashes, CF1:, CF2:, CF3: Flash size can be 256 Mb, 512 Mb, 1 Gb and 2 Gb By default, the system startup checks for the boot.ldr file in CF3 CF3 can store the runtime image, that is, the running configuration Requires a shutdown of the compact flash before you remove the compact flash Compact flash 1 and 2 can be used to store debug and accounting logs
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
18
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 18
7x50 SR/ESS Components and CLI Section 3 — Boot Process
Boot Process Overview Basic Boot Components Software Release Media System Initialization Boot Options File
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
20
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 20
Basic Boot Components Uses a BOF to configure the system BOF is stored in the compact flash CF3 Other components required for startup y Boot loader y BOF configuration file y TiMOS-m.n.Y.Z software image file y Default config file
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
21
All rights reserved © 2008 Alcatel-Lucent
Basic operating system The 7750 SR and 7450 ESS use a Boot Option File (BOF) to configure the system. Each new system is shipped with a Compact Flash (CF) card that contains the files required to start the system. The system files that are required to initialize the system are stored on CF3. The CF3 card contains the following directories and files located from the root directory: boot.ldr - This file contains the system bootstrap image. bof.cfg - This file is user configurable and contains information such as: Management port IP address Location of the image files (that is, primary, secondary, and tertiary) Location of the configuration files (that is, primary, secondary, and tertiary) TiMOS-m.n.Y.Z - This directory is named according to the major and minor software release, type of release and version. For example, if the software release is Version 1.2 of a released software version, the directory name would be: TiMOS 1.2.R.0. On a 7750 SR-7 or SR-12, this directory contains two files, cpm.tim and iom.tim, for the SF/CPM and IOM cards respectively. Because the SR-1 has an integrated fabric/control and I/O, there is only one file, both.tim. config.cfg - This default configuration file is very basic and provides just enough information to make the system operational. You can create other configuration files and point the system to them using the bof.cfg file.
Scalable IP Networks v2.01
Module 2 - 21
Software Release Media
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
22
All rights reserved © 2008 Alcatel-Lucent
The image file is the software that is used to run on the 7750 SR and the 7450 ESS. This software is developed by the development team and is tagged with a release number. The software contains all of the features that are required to configure and run protocols on the 7750 SR and the 7450 ESS.
Scalable IP Networks v2.01
Module 2 - 22
System Initialization
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
23
All rights reserved © 2008 Alcatel-Lucent
The configuration file includes the chassis, IOM, MDA, port, system, routing, and service configurations. Persistence You can configure the BOF to turn persistence On or Off (default is Off). Persistence is required when the either the 7750 SR or the 7450 ESS is managed by the 5620 SAM. When persistence is on, the 7750 SR or the 7450 ESS creates an index file with the same file prefix name as the current configuration file. The index file contains variable index information (that is, interface indexes, LSP IDs, path IDs, and so on). The index file is built dynamically by the 7750 SR or the 7450 ESS operating system and does not contain the configuration information that is entered by the users. The index file is saved whenever the system configuration file is saved. The index file ensures that the 5620 SAM has the same index data as the 7750 SR or the 7450 ESS node after a system reboot. If a 7750 SR or the 7450 ESS reboots and the indexes stored on the 5620 SAM do not match the node indexes, a complete resynchronization between the node and the 5620 SAM occurs automatically. This can be a very time consuming and processor-intensive operation. If a node reboots with persistence turned on, it must locate the persistence index file and successfully process it before processing the system configuration file. If the index file cannot be processed, the system performs an SNMP shutdown (Get and Set functionality is disabled), however, traps continue to be generated. The system generates traps, log messages, and console messages to advise the user about the problem. The system does not require a shutdown of the SNMP to reactivate full SNMP functionality.
Scalable IP Networks v2.01
Module 2 - 23
Boot Options File For the 7750 SR and the 7450 ESS Stores parameters that specify the location of the image filename that the router will try to boot from and the configuration file that the router uses to configure the applications and interfaces The most basic BOF configuration should contain the following: y Primary address y Primary image location y Primary configuration location
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
24
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 24
Show BOF
A:sr1a# A:sr1a# show show bof bof ========================================================================== ========================================================================== BOF BOF (Memory) (Memory) ========================================================================== ========================================================================== primary-image cf3:\4.0.R9 primary-image cf3:\4.0.R9 primary-config primary-config cf3:\test\test_sr1a.cfg cf3:\test\test_sr1a.cfg address 138.120.199.60/24 address 138.120.199.60/24 active active autonegotiate autonegotiate duplex full duplex full speed 100 speed 100 wait 33 wait persist on persist on console-speed 115200 console-speed 115200 ========================================================================== ==========================================================================
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
25
All rights reserved © 2008 Alcatel-Lucent
The slide shows the information that is contained in the boot options file. The primary image location is one of the most important items in the BOF. If the router cannot find an image, router will remain in the boot cycle indefinitely. In this slide, the primary configuration is located in CF3. Therefore, when the router reboots, the router goes to CF3, gets the configuration that is specified in the BOF, and loads the configuration on the router. In addition, after the primary configuration location has been defined, when the operator enters the admin save command, the current configuration is saved to the primary configuration file. The address in the slide is the address of the management port on the CPM. The console speed is the default speed of the RS-232 port on the CPM. This speed can be changed in the BOF.
Scalable IP Networks v2.01
Module 2 - 25
7750 SR and 7450 ESS Components and CLI Section 4 — CLI Commands
CLI Commands Overview CLI Overview CLI File System CLI Prompts Command Completion CLI Context CLI Tree Structure CLI Navigation CLI Commands Finding Help
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
27
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 27
CLI Overview The 7750 SR Command Line Interface (CLI) is a command-driven interface that is accessible through the console, Telnet, and SSH The CLI is used to configure and manage 7750 SR The CLI command structure is a hierarchical inverted tree The highest level is root Navigation down the hierarchy tree is performed by typing the names of submenus Global commands can be used anywhere in the hierarchy
See the 7750 SR OS System Guide for detailed information about the CLI commands and navigation.
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
28
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 28
CLI File System DOS-based
Root file
Used to store software images, configuration files, and event logs File commands can be used to create, copy, move, delete files and directories
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
29
attrib cd copy delete dir md move rd scp type version All rights reserved © 2008 Alcatel-Lucent
NOTE: All of the commands are case-sensitive. delete
Deletes the specified file. The optional wildcard (*) can be used to delete multiple files that share a common partial prefix and/or partial suffix.
move
Moves a local file, system file, or a directory. If the target exists, the command fails and an error message displays.
scp
Copies a file from the local files system to a remote host on the network. The command uses SSH for the data transfer, and uses the same authentication and provides the same security as SSH.
type
Displays the contents of a text file
version
Displays the version of a 7750 SR OS cpm.tim or iom.tim file
Scalable IP Networks v2.01
Module 2 - 29
CLI Prompt Examples To configure OSPF SR1>config>router>ospf#
Host name SR1
Context separator
To create a router interface SR1>config# router interface Toronto SR1>config>router>if$ address 131.131.131.1/30 At the end of the prompt, there is either a pound symbol (#) or a dollar symbol ($). A # symbol indicates that the context is an existing context. A $ symbol indicates that the context is newly created.
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
30
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 30
Command Completion Command completion can be performed by one of the following:
Abbreviation, if the keystrokes entered are unique SR1>config>router>os [ENTER] SR1>config>router>ospf#
Tab key or space key to automatically complete the command SR1>config>router>os [TAB] SR1>config>router>ospf SR1>config>router>os [SPACEBAR] SR1>config>router>ospf
If a match is not unique, the CLI displays possible matches SR1>config# ro [TAB] router
router-ipv6
SR1>config# router
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
31
All rights reserved © 2008 Alcatel-Lucent
The system maintains a history of previously entered commands. The history command displays the last 30 commands that were entered.
Scalable IP Networks v2.01
Module 2 - 31
CLI Context Sometimes the context can be specified in a specific context with a single keyword, such as: SR>config# router SR>config>router# Sometimes a keyword and a user-supplied identifier are required: SR>config>router# interface system SR>config>router>if# Use the info or info detail commands to display information about the current context level. info
Displays non-default information
info detail
Displays all of the configuration information, including defaults
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
32
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 32
CLI Tree Structure tree
Displays available commands from context: – – – – – – – – – – – – –
SR1>config>router>ospf# tree ospf | +---area | | | +---area-range | | | +---blackhole-aggregate | | | +---interface | | | | | +---advertise-subnet | | |
Use the tree or tree detail commands to display the hierarchical CLI command structure below your current position Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
33
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 33
CLI Navigation When you enter a CLI command, you move from one command level to another command level When you start a CLI session, you start in the root context Navigate to another level by entering the name of successively lower contexts. For example, enter the configure or show commands at the root level to navigate to the config or show context, respectively Other navigation methods include: Move down the hierarchy by entering the level; for example, config Move up one level in the hierarchy by entering back at the command prompt Move several levels down in the hierarchy by entering multiple contexts separated by spaces; for example: #config router ospf
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
34
All rights reserved © 2008 Alcatel-Lucent
To move up in the hierarchy, enter the command node name; sometimes a parameter must be provided.
Scalable IP Networks v2.01
Module 2 - 34
Console Control Commands
Terminates the pending command
Terminates the pending command line and returns to the root context. This is a special keyboard sequence that is the same as pressing the Enter key and entering exit all to return the user to the root context
back
Navigates the user to the parent context
echo
Echoes the text that is typed; primarily to display messages within an exec file
exec
Executes the contents of a text file as if they were CLI commands entered at the console
exit
Returns the user to the previous higher context
exit all
Moves the user to the root context
help
Displays a brief description of the help system
?
Lists all commands in the current context
history
Displays a list of the most recently entered commands, which is similar to history in UNIX shell environments
info
Displays the running configuration for a configuration context
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
35
All rights reserved © 2008 Alcatel-Lucent
Console control commands are used to navigate in a CLI session and to display information about a console session. Many of these commands, such as back, exit, info, and tree, are global commands which means that the commands can be executed at any level of the CLI hierarchy.
Scalable IP Networks v2.01
Module 2 - 35
CLI Configuration Maintenance Commands The shutdown command can be used to disable protocols and interfaces The no form of any command may have one of the following results: y The removal of the object from the configuration (that is, no ospf) y Reset to default settings (that is, config>ospf>area>interface>no hello-interval)
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
36
All rights reserved © 2008 Alcatel-Lucent
The shutdown command does not change, reset, or remove any configuration settings or statistics. Many objects must be shut down before they can be deleted. A shutdown is saved in the configuration file. All ports are shut down, by default, when the system is first powered on. To restore the settings after a no command, you must reconfigure the router and reboot from a configuration file that has the correct configuration, or perform an exec command on a configuration file that contains the correct settings. You can use an exec command to process a configuration file and restore the configuration that is stored in the file.
Scalable IP Networks v2.01
Module 2 - 36
CLI Global Commands info
Displays information about on the configuration
logout
Terminates the CLI session
oam
Displays information about the OAM test suite (see service OAM in the 7750 SR OS Services Guide)
password
Changes the user CLI login password NOTE: This is not a global command. The password must be entered at the root level
ping
Verifies the reachability of a remote host
pwc
Displays the present or previous working context of the CLI session
sleep
Pauses the console session operation for 1 second or for the specified number of seconds; the primary use is to introduce a pause during the execution of an exec file
ssh
Opens a secure shell connection on a host
telnet
Telnet to a host
traceroute
Determines the route to a destination address
tree
Displays a list of all commands at the current level and all sublevels
write
Sends a console message to a specific user or to all users with active console sessions
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
37
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 37
CLI Environment Commands alias
Allows the substitution of a command line by an alias
create
Allows the create parameter check
more
Configures whether CLI output should be displayed one screen at a time, waiting for user input to continue
reduced-prompt
Configures the number of higher-level CLI context levels to display in the CLI prompt
terminal
Configures the number of lines to display for the current CLI session. The default is 24 lines
time-display
Specifies whether time should be displayed in local or UTC format
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
38
All rights reserved © 2008 Alcatel-Lucent
CLI environment commands are used to customize session preferences for a CLI session.
Scalable IP Networks v2.01
Module 2 - 38
Finding Help
Help
Displays a brief description of the help system
?
Lists all commands in the current context
string ?
Lists all commands available in the current context that start with string
command ?
Displays the command’s syntax and associated keywords
command keyword ?
Lists the associated arguments for keyword in command
string string
Completes a partial command name (auto-completion) or lists available commands that match string
Help Edit
Displays help about editing (editing keystrokes) Lists the available editing keystrokes
Help Globals
Displays help about global commands Lists the available global commands
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
39
All rights reserved © 2008 Alcatel-Lucent
The tree and tree detail system commands are help commands that are useful when you search for a command in a lower-level context.
Scalable IP Networks v2.01
Module 2 - 39
7750 SR and 7450 ESS Components and CLI Section 5 — Basic Router Configuration
Basic Router Configuration Overview Physical Access Provisioning Cards, MDAs, and Ports Initial System Setup Basic System Management Configuration BOF Parameters Show Card Show MDA Logs Configuring Logs Displaying Configuration Information
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
41
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 41
Physical Access SF/CPM (Switch Fabric/Control Processor Module) card common to the 7750 SR-7 and SR-12
CPM Console Port
OOB-CPM Management Ethernet Port
Alcatel-Lucent Scalable IP Networks v2.01
In-band customer-facing access ports and network ports are located in MDAs
Module 2 |
42
All rights reserved © 2008 Alcatel-Lucent
The 7750 SR can be accessed in three ways: In-band ports — Access ports and network ports on MDAs Console port — A DB-9 serial port, which is enabled by default. The default settings are: Baud Rate: 115 200 Data Bits: 8 Parity: None Stop Bits: 1 Flow Control: None CPM Ethernet port — A 10/100 Ethernet management port
Scalable IP Networks v2.01
Module 2 - 42
Provisioning Cards, MDAs, and Ports 7750 SR-7
MDA
1
2
Slot 1 2
7750 SR-12
3 4
Slot 1 2 3 4 5 A B 6 7 8 9 10
5 A B
1 MDA
7750 SR-1
1
MDA
2
2
A 1
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
43
All rights reserved © 2008 Alcatel-Lucent
The 7750 SR allows you to provision slots, IOMs, MDAs, and ports before or after they are physically installed. You can also optionally specify the line cards that can be installed in a slot and the MDAs that can be installed in an IOM. A line card or MDA will not initialize unless the installed type matches the allowed type. Provision the 7750 SR hardware in the following sequence: 1. Choose a chassis slot and provision the IOM type for the slot. 2. Choose an MDA slot and specify the MDA type for the slot. 3. Choose a port and configure the port. IOMs, MDAs, and ports must be enabled with a no shutdown command.
Scalable IP Networks v2.01
Module 2 - 43
Initial System Setup The following steps are typically used to configure a system from startup: Log in to the 7750 SR or 7450 ESS using console input Configure the system name and change the admin user password Configure the CPM Ethernet management IP address Configure additional BOF parameters Configure IOM cards Configure MDA cards View alarms Configure the system address Configure logs if required View the entire running configuration
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
44
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 44
Basic System Management Configuration
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
45
All rights reserved © 2008 Alcatel-Lucent
Some basic configuration on the 7750 SR is usually required before you place the router in service: System name Admin password CPM Ethernet management port IP address IOMs, MDAs, and ports System Name - Any ASCII printable string up to 32 characters. The system name is configured in the config CLI context. If the name contains spaces, the name must be enclosed in quotation marks to delimit the start and end of the name. The system name becomes part of the CLI prompt. Passwords - The default login and password is admin. This password should be changed before your router is placed in service. The system automatically creates at least one admin user (the default) and must retain at least one admin user unless you are using an external protocol, such as RADIUS or TACACS+, to provide authentication. You can configure the following password parameters: Aging — The maximum number of days (1 to 500) that a password remains valid before the user must change the password. The default is no aging enforced. Attempts — The number of unsuccessful login attempts that are allowed in a specified time period. If the configured threshold is exceeded, the user is locked out for a specified time. In the following example, a user is locked out for 10 minutes if 4 unsuccessful login attempts occur in a 10-minute period. Count: 4 Time (minutes): 10 Lockout (minutes): 10 Authentication Order — You can configure the sequence in which password authentication is attempted for the RADIUS, TACACS +, and local methods. Complexity — You can specify whether passwords must contain uppercase and lowercase characters, special characters, and numerical values. Minimum Length — You can specify the minimum number of characters (1 to 8) required for a password.
Scalable IP Networks v2.01
Module 2 - 45
BOF Parameters
Boot Boot 7750 SR uses the BOF to perform the following tasks: Option Option 1) Set up the CPM Ethernet port (speed, duplex, auto) File 2) Create an IP address for the CPM Ethernet port File 3) 4) 5) 6) 7) 8)
Create a static route for the CPM Ethernet port Configure the console port speed Configure the DNS domain name Configure the primary, secondary, tertiary configuration source Configure the primary, secondary, tertiary image source Configure the persistence requirements
Always be sure to save the BOF!
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
46
All rights reserved © 2008 Alcatel-Lucent
The slide contains the parameters that you can configure in the BOF. The configuration of the BOF is performed in the BOF CLI context. Sample BOF commands are: SR-1# bof
z
Change or create a BOF
SR-1>bof# address 10.10.10.2/24 primary
z
Change or create a CPM port IP address from the console)
SR-1>bof# speed 100
z
Configure the CPM Ethernet port speed to 100 Mb/s
SR-1>bof# primary-image cf3:/TIMOS.1.0.R0
z
Configure the primary image directory
SR-1>bof# primary-config cf3:/test.cfg
z
Configure the primary configuration file to test.cfg
SR-1>bof# save
z
Save the BOF
Show commands SR-1>show bof
z
Display the in-memory BOF that was last used
NOTE: Changes made to the bof.cfg file are not kept unless they are explicitly saved using the "bof save" command.
Scalable IP Networks v2.01
Module 2 - 46
Show Card
A:sr1a# A:sr1a# show show card card 11 ========================================================================== ========================================================================== Card Card 11 ========================================================================== ========================================================================== Slot Provisioned Equipped Admin Operational Slot Provisioned Equipped Admin Operational Card-type Card-type State State Card-type Card-type State State --------------------------------------------------------------------------------------------------------------------------------------------------11 iom-20g-b iom-20g-b up up iom-20g-b iom-20g-b up up ========================================================================== ==========================================================================
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
47
All rights reserved © 2008 Alcatel-Lucent
This slide shows the output of a show card command. The output indicates that the card slot is configured to support all IOMs. The columns list the card that the slot is configured to accept and the card that is installed in the slot. The two entries must match. Also, the administrative and operational states should both be up. IOM configuration example: SR1# configure card 1 SR1>config>card# card-type iom-20g SR1>config>card# no shutdown
Scalable IP Networks v2.01
Module 2 - 47
Show MDA
A:sr1a# A:sr1a# show show mda mda ========================================================================== ========================================================================== MDA MDA Summary Summary ========================================================================== ========================================================================== Slot Equipped Admin Slot Mda Mda Provisioned Provisioned Equipped Admin Operational Operational Mda-type Mda-type State State Mda-type Mda-type State State --------------------------------------------------------------------------------------------------------------------------------------------------11 11 m5-1gb-sfp-b m5-1gb-sfp-b up up m5-1gb-sfp-b m5-1gb-sfp-b up up 22 m16-oc3-sfp m16-oc3-sfp up up m16-oc3-sfp m16-oc3-sfp up up ========================================================================== ==========================================================================
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
48
All rights reserved © 2008 Alcatel-Lucent
This slide shows the output of a show mda command. The output lists the card slot that is referenced, in this case card 1, and the MDAs that are supported by the IOM in card slot 1. In this case, all MDAs are supported. The next column lists the IOM slot that is configured to accept the MDA, the MDA that is installed in the IOM MDA slot, and the status of the MDA. MDA configuration example: SR1>config>card# mda 1 SR1>config>card>mda# mda-type m60-10/100eth-tx SR1>config>card>mda# no shutdown Port configuration example: SR1# configure port 1/1/1 SR1>config>port# no shutdown Note — The port default is shutdown
Scalable IP Networks v2.01
Module 2 - 48
Logs Record events, alarms, and faults that result from actions performed on the 7750 SR and the 7450 ESS Can be used to record debug messages for troubleshooting Log sources y Main - most normal logs not specifically directed to any other event stream y Security - any attempt to breach system security such as failed login attempts y Debug - events generated when debug tracing is on y Change - any events that change the configuration or operation of the node
Log destinations y Console, session y Memory, file y SYSLOG server y SNMP trap group
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
49
All rights reserved © 2008 Alcatel-Lucent
Logs The 7450 ESS and 7750 SR keep very extensive logs of events, alarms, traps, and debug/trace messages. The logs are used to monitor events and troubleshoot faults in the 7450 ESS or the 7750 SR. You can configure the type of logging information that is captured and where to send the captured logging information. Log sources Applications and processes in the 7450 ESS or the 7750 SR generate event logs. The logs are divided into four streams – main, security, debug trace, and change. Forwarded events are placed into an event log. Each event log has a log identification (log-id) number and can contain events from more than one event stream. Log destinations You can configure the destination for the contents of a log-id. A log-id can be directed to one of the following destinations: Console – the physical 9-pin console port of the 7450 ESS or the 7750 SR Session – a console or Telnet session. Sessions are temporary log destinations that are valid only for the duration of the session. Memory – a circular buffer where the oldest entry is overwritten when the buffer is full File – event logs and accounting policy information can be directed to a file Syslog – event log information can be sent to a syslog server SNMP trap group – event log information can be sent to an SNMP trap group. All events and traps are time-stamped and numbered per destination. Traps are numbered sequentially per destination and stored in memory. If the network management system (NMS) is offline, the system may not receive some trap notifications. When the NMS is back online, the system will automatically recognize whether some trap notifications were missed because the last sequence number will not match the sequence number in the 7450 ESS or the 7750 SR. The NMS will then update its records with the missing traps. If the in-memory notification log is full and some records are overwritten, the NMS will resynchronize with the 7450 ESS or the 7750 SR. Scalable IP Networks v2.01
Module 2 - 49
Configuring Logs
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
50
All rights reserved © 2008 Alcatel-Lucent
This slide shows the capture of events and the subsequent logging of the events.
Scalable IP Networks v2.01
Module 2 - 50
CLI for Configuring Logs
A:PE1>config# log filter A:PE1>config# log filter - filter - filter - no filter - no filter
: [1..1001] : [1..1001]
[no] default-action - Specify the default action for the event filter [no] default-action - Specify the default action for the event filter [no] description - Description string for the event filter [no] description - Description string for the event filter [no] entry + Configure an event filter entry [no] entry + Configure an event filter entry A:PE1>config# log filter 14 A:PE1>config# log filter 14 A:PE1>config>log>filter$ description “critical filter" A:PE1>config>log>filter$ description “critical filter" A:PE1>config>log>filter$ default-action forward A:PE1>config>log>filter$ default-action forward A:PE1>config>log>filter$ entry 1 A:PE1>config>log>filter$ entry 1 A:PE1>config>log>filter>entry$ action forward A:PE1>config>log>filter>entry$ action forward A:PE1>config>log>filter>entry# match severity eq critical A:PE1>config>log>filter>entry# match severity eq critical A:PE1>config>log>filter>entry# exit all A:PE1>config>log>filter>entry# exit all
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
51
All rights reserved © 2008 Alcatel-Lucent
Steps to configure a log 1. Configure a log ID with a number from 1 to 98. 2. Identify the source. 3. Specify an optional filter to filter events if required. 4. Identify the destination. 5. Examine the logs to view the events.
Scalable IP Networks v2.01
Module 2 - 51
CLI for Configuring Logs (continued)
A:PE1>config>log# A:PE1>config>log# log-id log-id 14 14 A:PE1>config>log>log-id# A:PE1>config>log>log-id# from from main main A:PE1>config>log>log-id# A:PE1>config>log>log-id# to to session session A:PE1>config>log>log-id# filter A:PE1>config>log>log-id# filter 14 14
A:PE1>config>log>log-id# A:PE1>config>log>log-id# info info detail detail ------------------------------------------------------------------------------------------no no description description filter filter 14 14 time-format time-format utc utc from from main main to to session session no no shutdown shutdown ------------------------------------------------------------------------------------------A:PE1>config>log>log-id# A:PE1>config>log>log-id#
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
52
All rights reserved © 2008 Alcatel-Lucent
General log commands: show log applications show log event-control show log file-id show log filter-id show log log-collector show log log-id show log snmp-trap-group show log syslog
Scalable IP Networks v2.01
Module 2 - 52
Default Alarm Logs There are two default and one special use log. Log 99 – All severity levels of alarms Log 100 – Only critical errors Log 98 (special use) – Created by SAM managed nodes To view the logs, use the following commands: show log log-id 99 show log log-id 100 More granular information in the two log files can be displayed by using: show log log-id 99 subject 1/1/1 – port specific show log log-id 99 application chassis – chassis-related alarms Additional commands exist for displaying alarm information Only store about 500 of the latest entries. If more entries are required, specific alarm logs need to be created Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
53
All rights reserved © 2008 Alcatel-Lucent
Showing Layer 1 and Layer 2 alarms The 7750 SR and the 7450 ESS have two default memory logs (log-id 99 and log-id 100) that contain all of the events from the main application. All severity levels of alarms are recorded in log-id 99; log-id 100 only contains serious errors. There are several ways to view the alarms of a specific subject, such as alarms related to a particular port. One method is to create a log that only monitors the specific subject. Although Log 98 is not reserved or in use by default, it should be noted that the 5620 SAM network management software will try to use this log-id by default. Generally it is recommended not to use log-id 98.
Scalable IP Networks v2.01
Module 2 - 53
Default Logs – Alarm Monitoring Example The show log command A:PE1>config>log>log-id# A:PE1>config>log>log-id# show show log log log-id log-id 99 99 =================================================================== =================================================================== Event Event Log Log 99 99 =================================================================== =================================================================== Description Description :: Default Default System System Log Log Memory Memory Log Log contents contents [size=500 [size=500 next next event=25 event=25 (not (not wrapped)] wrapped)] 24 24 2006/08/17 2006/08/17 15:30:55.29 15:30:55.29 UTC UTC WARNING: WARNING: SYSTEM SYSTEM #2006 #2006 -- CHASSIS CHASSIS "tmnxMDATable: Slot 1, MDA 2 configuration modified" "tmnxMDATable: Slot 1, MDA 2 configuration modified" 23 23 2006/08/17 2006/08/17 15:30:55.29 15:30:55.29 UTC UTC WARNING: WARNING: SYSTEM SYSTEM #2007 #2007 -- PORT PORT "Pool "Pool on on Port Port 1/2/b.net-sap 1/2/b.net-sap Modified Modified managed managed object object created“ created“ ……………………. ……………………. 55 2006/08/17 2006/08/17 15:30:55.29 15:30:55.29 UTC UTC MINOR: MINOR: CHASSIS CHASSIS #2004 #2004 -- Mda Mda 1/2 1/2 "Class "Class MDA MDA Module Module :: wrong wrong type type inserted" inserted"
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
54
All rights reserved © 2008 Alcatel-Lucent
The show log log-id 99 application chassis command displays all alarms that are logged in the router. In the slide, the detailed information only displays minor alarms from the individual modules that are inserted in the chassis. From the time that appears in the slide, it appears that these entries are from when the router first booted.
Scalable IP Networks v2.01
Module 2 - 54
Displaying Configuration Information
The info command provides an informational display during configuration without the need to use the show config command A:Training1>config>router# interface Toronto A:Training1>config>router>if# info ---------------------------------------------address 131.131.131.1/30 port 1/1/1 ----------------------------------------------
You can view more details by using the detailed version of the info command: info detail
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
55
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 55
Admin display-config
A:acie_sr1a# A:acie_sr1a# admin admin display-config display-config ## TiMOS-B-4.0.R9 TiMOS-B-4.0.R9 both/hops both/hops ALCATEL ALCATEL SR SR 7750 7750 Copyright Copyright (c) (c) 2000-2007 2000-2007 Alcatel-Lucent. Alcatel-Lucent. ## All rights reserved. All rights reserved. All All use use subject subject to to applicable applicable license license agreements. agreements. ## Built on Tue Dec 19 15:56:05 PST 2006 by builder in /rel4.0/b1/R9/panos/main Built on Tue Dec 19 15:56:05 PST 2006 by builder in /rel4.0/b1/R9/panos/main ## Generated Generated FRI FRI DEC DEC 22 22 16:00:41 16:00:41 2006 2006 UTC UTC exit exit all all configure configure #-------------------------------------------------#-------------------------------------------------echo echo "System "System Configuration" Configuration" #-------------------------------------------------#-------------------------------------------------system system name name "acie_sr1a" "acie_sr1a" snmp snmp shutdown shutdown exit exit login-control login-control Press Press any any key key to to continue continue (Q (Q oo quit) quit)
Alcatel-Lucent Scalable IP Networks v2.01
Module 2 |
56
All rights reserved © 2008 Alcatel-Lucent
This slide shows a partial output of the admin display-config command. The first portion of the output displays the current version of the operating system that is running on the router. The router then outputs the entire configuration of the router, down to the port level. This command can display a large number of pages on a fully configured router.
Scalable IP Networks v2.01
Module 2 - 56
7750 SR and 7450 ESS Components and CLI Section 6 — Module Summary and Learning Assessment
Scalable IP Networks v2.01
Module 2 - 57
Module Summary After successful completion of this module, you should be able to: Describe the 7750 SR and 7450 ESS Describe the 7750 SR Components Understand the boot process Use the CLI commands Configure a basic router using the CLI Configure alarm logs
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
58
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 58
Learning Assessment What information does the BOF contain? What steps are typically performed to configure a system from startup? List the steps required to configure the BOF. What is the CLI context in which interfaces are configured? What command can be used to view the status of the MDAs? List the possible log sources. How many default logs are there, and what information do they provide?
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
59
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 59
Lab 1 Exercise – Hardware Configuration Lab 1.1 – System Identification Lab 1.2 – System Configuration Lab 1.3 – Hardware Lab 1.4 - Logs
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 2 |
60
All rights reserved © 2008 Alcatel-Lucent
Module 2 - 60
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 02
Alcatel-Lucent Scalable IP Networks Module 3 – Data Link Overview
Scalable IP Networks v2.01
Module 3 - 1
Module Overview Layer 2 OSI and Ethernet Defined Ethernet Ethernet Addressing and Operation Ethernet Physical Cabling Ethernet Devices and Switching Ethernet Redundancy Virtual LAN SONET/SDH and Packet over SONET/SDH
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
2
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 2
Data Link Overview Section 1 — Layer 2 OSI and Ethernet Defined
Scalable IP Networks v2.01
Module 3 - 3
Layer 2 OSI and Ethernet Overview Layer 2 Overview Scope of Data Link Layer Point-to-Point Data Links Point-to-Point Protocol Circuit-Switched Data Links ATM Protocol Time Division Multiplexing Data Link Types – Broadcast/Shared Access Sonet and SDH and framing types
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
4
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 4
Layer 2 Overview Why do we need Layer 2? Required for higher-layer data transfer between directly/indirectly connected components of a network based on the characteristics of the physical medium
Characteristics of Layer 2 Scope of Data Link layer is the local network Data Link headers are stripped and added as frames move from one network to another point-to-point, circuit-based, or shared network Addressing/Identification MTU Error Checking
Examples of Layer 2 Protocols Ethernet, ATM, Frame Relay, X.25, TDM
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
5
All rights reserved © 2008 Alcatel-Lucent
The application packages the data into a Transport Layer segment that is to be transmitted to the remote station. The Network Layer (OSI) or Internet Protocol Layer constructs a packet with an IP address that uniquely identifies the source and destination network device in the internetwork. The packet may then have to be transmitted over several different networks (same/different physical media) before it reaches its destination. In any one particular network, the Data Link Layer is responsible for encapsulating the packet into a frame for Layer 2 forwarding. The frame is stamped with a Data Link header, which contains Data Link source and destination addresses. When Ethernet is used, these Data Link addresses are called media access control (MAC) addresses. After adding the Data Link addresses to the frame, the Data Link Layer passes the frame to the physical layer for transmission over the physical medium. The receiving network device must be able to recognize that the frame is destined for itself and verify that the packet is intact. Because the entire packet is transmitted over the physical medium, noise and other signal disturbances could corrupt or change the packet, rendering it meaningless to the higher-layer application. Layer 2/Data Link networks can be classified broadly into point-to-point networks, circuit-based networks, and shared networks. Point-to-point network protocols do not usually require a source and destination addresses since they are established between two networking devices only. The Layer 2 framing usually consists of: a circuit identifier in the case of circuit-based networks an address that directs the packet to the required destination, usually on shared media a fixed-length maximum size, maximum transmission unit (MTU) established between the source and receiving component; data from higher-layers is broken into fixed-length frames (covered later) an error check that is inserted by the source component and verified by the receiving component to maintain data integrity
Scalable IP Networks v2.01
Module 3 - 5
Scope of Data Link Layer
L2 frames are transmitted only to devices and hosts within the same network L2 protocols are dependent on physical medium connecting the network components L2 networks are separated by routers Within a network, L2 frames are switched; the data link headers are not modified unless a network is crossed via a router or the frame reaches its destination
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
6
All rights reserved © 2008 Alcatel-Lucent
The scope of a Data Link frame is the local network. For example, in a typical scenario of IP/Ethernet, each IP subnet is considered to be one network. The Data Link frame remains intact while it traverses the Layer 2 devices in a particular IP subnet. If the IP packet needs to be routed to another subnet via an IP router, the original Data Link frame is stripped after it ingresses the IP router. When forwarding the IP packet out from the appropriate port, the IP router constructs a new Data Link frame with correct headers and Data Link addresses. This new Data Link header is used as the frame traverses to the next subnet. This process continues until the destination host is reached. The application data sent between two host stations can traverse several physically different networks. Each network has a different Data Link header and may even use different Data Link protocols that depend upon the physical wire; for example Ethernet, point-to-point protocol (PPP), ATM, Frame Relay. In this slide, the end hosts on the Layer 2 network communicate with each other, or by way of Layer 2 devices, using the specific Layer 2 protocol. The PCs on the left side of the Ethernet network do not require anything other than Ethernet L2 framing to communicate with each other. The PCs on the right side of the network similarly require only ATM L2 framing to communicate with each other. The L2 networks are separated by routers, which are Layer 3 OSI devices. The PCs on the Ethernet network can only communicate with the PCs on the ATM network using Layer 3 addresses.
Scalable IP Networks v2.01
Module 3 - 6
Point-to-Point Data Links
Point-to-point data link
Dedicated physical connection between two devices Leased Lines between CPE equipments (local and remote) Layer 2 protocol that can provide authentication and error checking For example: SLIP, PPP
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
7
All rights reserved © 2008 Alcatel-Lucent
In earlier times of the Internet, point-to-point data links allowed hosts to communicate with each other through the telephone network. Older protocols such as SLIP (serial line IP) provided a simple mechanism for framing higher-layer applications for transmission along serial lines. SLIP, in accordance with RFC 1055, sent the datagram across the serial line as a series of bytes, and it used special characters to mark when a series of bytes should be grouped together as a datagram. SLIP was simple enough but could not control the characteristics of the connection. Today, the protocol of choice is PPP, which provides advantages such as link control to negotiate the link characteristics, network control to transfer multiple Layer 3 protocols, and provides authentication used by remote computers to dial into their Internet service.
Scalable IP Networks v2.01
Module 3 - 7
Point-to-Point Protocol Frame
Flag 0x7E
Address 0xFF
Control 0x03
Protocol First byte
Protocol Second byte Data Padding Packing
Flag 0x7E
Frame Check Sequence
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
8
All rights reserved © 2008 Alcatel-Lucent
PPP is a point-to-point data link layer protocol that was initially designed to transport IP packets. Flag: The first flag field indicates the start of a PPP frame. It always has the value “01111110” binary (0x7E hexadecimal, or 126 decimal). The last flag field indicates the end of a PPP frame. It always has the value “01111110” binary (0x7E hexadecimal, or 126 decimal). Address: In HDLC, the address of the destination of the frame. However, in PPP we have a direct link between two devices, so this field has no meaning. Therefore, it is always set to “11111111” (0xFF hexadecimal, or 255 decimal), which is equivalent to a broadcast (it means “all stations”). Control: This field is used in HDLC for various control purposes, but in PPP it is set to “00000011” (0003 hexadecimal, or 3 decimal). Data: Zero or more bytes of payload that contains either data or control information, depending on the frame type. For regular PPP data frames, the network-layer datagram is encapsulated here. For control frames, the control information fields are placed here instead. Padding: In some cases, additional dummy bytes may be added to pad out the size of the PPP frame. (for example, FCS2 or FCS4) Frame Check Sequence (FCS): A checksum computed over the frame to provide basic protection against errors in transmission. This checksum is a CRC code similar to the one used for other layer two protocol error protection schemes, such as the one used in Ethernet. FCS can be either 16 bits or 32 bits (default is 16 bits). The FCS is calculated over the Address, Control, Protocol, Data, and Padding fields. Protocol: Identifies the protocol of the datagram encapsulated in the Data field of the frame. See below for more information about the Protocol field. Value (in hex) 0001 0003 0005 0007 to 001f 0021 0023 0025 0027 0029 002b
Protocol Name Reference Padding Protocol ROHC small-CID [RFC3095] ROHC large-CID [RFC3095] reserved (transparency inefficient) Internet Protocol version 4 OSI Network Layer Xerox NS IDP DECnet Phase IV Appletalk Novell IPX
Scalable IP Networks v2.01
Module 3 - 8
Point-to-Point Protocol Operation Physical – Can operate across any physical media Link Control Protocol (LCP) – to build data link connections Network Control Protocol (NCP) - to allow multiple network protocols to be used over point-to-point links Supports authentication, compression, error detection, multi-link as part of the LCP protocol
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
9
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 9
Circuit-Switched Data Links
Many logical connections transferred over one physical connection Virtual circuits based For example: ATM, Frame Relay
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
10
All rights reserved © 2008 Alcatel-Lucent
Circuit-switched protocols allow the transfer of user information as a unique set of packets identified by virtual circuits. In the slide, the switch on the left accepts traffic from each host PC into a virtual circuit and switches to another virtual circuit when going to the router. The virtual circuit number is the same between the host PC and the switch, and between the switch and the router. Traffic from each PC is uniquely identified by a virtual circuit at every hop.
Scalable IP Networks v2.01
Module 3 - 10
Asynchronous Transfer Mode Protocol
0
Bits
7
GFC
VPI
VPI
VCI VCI
VCI
PT
CLP
HEC
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
11
All rights reserved © 2008 Alcatel-Lucent
Application packets are broken into 53-byte fixed-sized cells including a 5-byte header also referred to as an ATM packet ATM circuit is identified by a VPI/VCI value Enhanced QoS support with 5 service classes Ideal for multiple services on the same line The ATM header consists of the following fields: GFC—4 bits of generic flow control that are used to provide local functions, such as identifying multiple stations that share one ATM interface. The GFC field is typically not used and is set to a default value. VPI—8 bits of virtual path identifier that is used, in conjunction with the VCI, to identify the next destination of a cell as it passes through a series of switch routers on its way to its final destination. VCI—16 bits of virtual channel identifier that is used, in conjunction with the VPI, to identify the next destination of a cell as it passes through a series of switch routers on its way to its final destination. PT—3 bits of payload type. The first bit indicates whether the cell contains user data or control data. If the cell contains user data, the second bit indicates congestion, and the third bit indicates whether the cell is the last in a series of cells that represent one AAL5 frame. CLP—1 bit of cell loss priority that indicates whether the cell should be preferentially discarded if it encounters congestion as it moves through the network HEC—8 bits of header error control that are a checksum calculated only on the header.
Scalable IP Networks v2.01
Module 3 - 11
ATM Adaptation Layer 5 Data Links Generally used to transport non-real time connectionless data Encapsulation used for transporting IP packets and inter-working with Frame Relay or Ethernet packets AAL5 is the simple and efficient AAL which is the one used most for data traffic; it has no per-cell length nor per-cell CRC fields Variable length
0-47
1
1
2
4 Bytes
PDU payload
PAD
UU
CPI
LI
CRC-32
PDU -
Variable length user information field (broken into 48-byte segments)
PAD -
Padding used to cell-align the trailer between 0 and 47 bytes long.
UU -
CPCS user-to-user indication to transfer one byte of user information
CPI -
Common part indication
LI -
Length indicator
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
12
All rights reserved © 2008 Alcatel-Lucent
ATM packets are further encapsulated by ATM adaptation layers (AAL), which are responsible for the segmentation and reassembly (SAR) of ATM cells of higher-layer data received at the other end. The purpose of this is to adapt the class of service from higher-layers onto connectionless ATM cells. The AAL classification is related to the service and application required for transport. Usually the following adaptation layers are mapped to the following classes of service: AAL1 – Constant Bit rate service AAL2 – Variable Bit rate service AAL3/4 – Connection-oriented data usually AAL5 – Connectionless data service usually (for example, IP) Constant Bit Rate (CBR) service: AAL1 encapsulation supports a connection-oriented service where minimal data loss is required. Examples of this service include 64 kb/s voice, fixed-rate uncompressed video, and leased lines for private data networks. Variable Bit Rate (VBR) service: AAL2 encapsulation supports a connection-oriented service in which the bit rate is variable but requires a bounded delay for delivery. Examples of this service include compressed packetized voice or video. The requirement on bounded delay for delivery is necessary for the receiver to reconstruct the original uncompressed voice or video. Connection-oriented data service: For connection-oriented file transfer and data network applications where a connection is set up before data is transferred, this type of service has variable bit rate and does not require bounded delay for delivery. Two AAL protocols were defined to support this service class and have been merged into one type called AAL3/4. Connectionless data service: Examples of this service include datagram traffic and data network applications where no connection is set up before data is transferred. Connectionless data service is used to transport IP/Ethernet/Frame Relay applications. Higher-level Service Delivery Units (SDUs) may be several bytes in length. However, as the ATM payload is only 48 bytes, the SDU must be segmented into multiple cells as it enters the ATM network, then reassembled when it exits the ATM network. This function of the ATM adaptation layer is known as SAR. The adaptation layer comprises two sublayers, one of which is the SAR sublayer, the other being the convergence sublayer (CS), which performs service-dependent functions. Scalable IP Networks v2.01
Module 3 - 12
Time Division Multiplexing
Synchronous channel based Each station gets a fixed-length slot Unused slots are idle – transmitted without data For example: T1, SONET
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
13
All rights reserved © 2008 Alcatel-Lucent
Each host PC sends information to the switch. The switch then transmits a frame to the router at a constant data rate (for example, 1.5 Mb/s). This frame now divided into many fixed time slots (24), each slot contains 64 kbits. Each host can occupy one or more time slots per frame. Each host PC is assigned a fixed data rate. If the host uses one time slot, then its transmission is 64 kbits in that slot. Because the pipe rate is 1.5 Mb/s, the host will have to supply their next 64 kbits in the next frame. In this slide, each host PC transmits its characteristic frame (grey, yellow, purple). The frames that are transmitted from the switch contain several timeslots. Within each of these frames three of the timeslots are used by the respective host PCs.
Scalable IP Networks v2.01
Module 3 - 13
Time Division Multiplexing DS1/T1 1.544 Mb/s Framing Rate 24 subchannels (DS0) each 8 bits sampled at 8000 + framing bit
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
14
All rights reserved © 2008 Alcatel-Lucent
Time Division Multiplexing (TDM) is a digital technology where individual signals are interleaved into a composite multiplexed signal. Recurring fixed-length time slots are created such that each individual signal is represented by one channel or by multiple channels. The total transmission bandwidth is split among the time slots. The total composite signal includes the payload bits for the composing channels and overhead bits. The frame structures of the DS1 [ANSI95b] and the European E1 [ITU-T98a] signals are shown above. The DS1 signal consists of 24 payload channels plus overhead. The basic frame of each of these signals repeats every 125 µs, that is, 8000 times per second. With 8 bits carried in each channel, this gives rise to a basic data rate of 64 kb/s for each channel. The requirement for this data rate stems from the need to sample the analog telephony signal 8000 times per second and encoding each sample in 8 bits. A DS-1 frame contains 24 channels, each consisting of 8 bits, plus 1 framing/overhead bit, leading to a total of 193 bits. Because the frame repeats every 125 µs (or 8000 times a second), the total bit rate of the DS1 signal is 1.544 Mb/s. Similarly, the total bit rate of the E1 signal is 2.048 Mb/s (32 channels of 8 bits, repeating every 125 µs). Widely used signaling examples: • DS1/T1, E1, DS3, E3, OC3/STM-1, OC12/STM-4 Other signaling examples: • DS3 that uses 28 DS1 or 7 DS2 or 1 DS3 = 45 M • OC3 that uses 3 DS3
Scalable IP Networks v2.01
Module 3 - 14
Time Division Multiplexing E1 2.048 Mb/s Framing Rate 32 subchannels (DS0) each 8 bits sampled at 8000
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
15
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 15
SONET/SDH Overview SONET/SDH is was a layer-1 technology but uses layer-2 framing such as PPP, ATM or frame-relay for carrying data between routers SONET and SDH are TDM technologies designed for voice traffic SONET is used in North America, SDH in the rest of the world SONET aggregates older synchronous carriers such as DS1 and DS3 SDH aggregates European carriers such as E1 and E3 Basic SDH frame is the STM-1, which operates at 155.52 Mb/s and is equivalent to the SONET STS-3 Basic SONET frame is the STS-1, which operates at 51.84 Mb/s and is designed to carry a DS1 (T1) frame. STS-1 is exactly one third of an STM-1 frame SONET/SDH is the underlying technology for ATM transmission Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
16
All rights reserved © 2008 Alcatel-Lucent
Synchronous optical network/Synchronous Digital Hierarchy (SONET/SDH) is a high-bandwidth WAN transport technology developed by Bell Communications Research and later standardized by ANSI and ITU. SONET/SDH is synchronous in nature and specifies framing and multiplexing at the physical layer of the OSI model. SONET/SDH was originally designed to transport voice but has been adapted to transport data by using Layer 2 framing technologies such as PPP/HDLC and ATM. SONET/SDH technology is typically not implemented by small or medium-sized businesses, because of its high cost. It is more commonly used by large global companies, long-distance companies linking metropolitan areas and countries, or ISPs that need to guarantee fast, reliable access to the Internet. SONET/SDH is particularly suited to audio, video, and imaging data transmission. As you can imagine, because of its reliance on fiberoptic cable and its redundancy requirements, SONET/SDH technology is expensive to implement.
Scalable IP Networks v2.01
Module 3 - 16
SONET/SDH Overview (continued) Basic SONET frame is known as STS-1 at 51.84 Mb/s Each STS-1 can carry one DS3 frame STM-1 frame is the equivalent of the STS-3 frame and designed for European carriers Higher levels achieved by combining exact multiples of STS-1 and STM-1 Bit rate (Mb/s)
SONET frame
DS3s
DS1s
DS0s
SDH frame
E3s
E1s
OC-1
51.84
STS-1
1
OC-3
155.52
STS-3
3
28
672
STM-0
1
16
512
84
2016
STM-1
4
64
2048
OC-12
622
STS-12
12
336
8064
STM-4
16
256
8192
OC-48
2488
OC-192
9953
STS-48
48
1344
32 256
STM-16
64
1024
32768
STS-192
192
5376
129 024
STM-64
256
4096
131072
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
17
E0s
All rights reserved © 2008 Alcatel-Lucent
The basic SONET signal is known as synchronous transport signal (STS-1) and has a bit rate of 51.84 Mb/s. This includes a payload of 50.112 Mb/s and an overhead of 1.728 Mb/s. The STS-1 frame is 810 bytes and is transmitted in 125 ms, hence the bit rate of 51.84 Mb/s. Each STS-1 can carry one DS3 or 28 DS1 frames. For higher data rates, STS-1 signal is incremented at fixed levels to STS-3, STS-48, and STS-192. Multiplexing can occur in one or multiple stages. For example, an STS-12 can be formed by 4 STS-3s, or 12 STS-1s, or 3 STS-3s and 3 STS-1s. Each STS-1 payload in a SONET frame is assigned a fixed position and can be extracted without having to fully demultiplex the entire frame. This is a very big advantage of SONET compared to DS3. The STM frames (STM-1, and so on) used by SDH are effectively a multiple of STS-3 frames. The overhead is identical, although the terminology and overhead usage varies somewhat between the standards. STM-1 is designed to carry an E3 frame. A number of different standards have been defined for the multiplexing of lower data rates within STS-1 or STM-1 frames.
Scalable IP Networks v2.01
Module 3 - 17
SONET/SDH Deployment
Most commonly deployed on rings with ADM Other layouts are mesh, pointto-point Many sites connect to the ADM using various signalling formats Support automatic protection switching on bidirectional rings under 50 ms
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
18
All rights reserved © 2008 Alcatel-Lucent
The ring topology is, by far, the most common in current service provider networks. It is common because it is the most resilient. Rings are based on two or four fibers. Transmission is in one direction on one half of the fibers and in the opposite direction on the other half. Half the bandwidth can be reserved for protection. Quick recovery from a fiber cut anywhere on the ring can be accomplished by switching to the signal being transmitted in the opposite direction. Ring topologies have been so successful at providing reliable transport that even long-haul carriers often use multiple, very large circumference rings in their nationwide networks. Add/drop multiplexers (ADM) are used at nodes on the ring for traffic origination or termination. It is not unusual for rings to be connected to other rings—in that case, cross-connects provide the interconnection function.
Scalable IP Networks v2.01
Module 3 - 18
Packet over SONET/SDH (POS)
IP
PPP frame
SONET/SDH frame
Datagram
Protocol encapsulation and error control
Byte delineation
Packet over SONET/SDH uses PPP encapsulated data to provide framing for application packets Specified in RFC 2615 IP traffic is usually carried via POS Supports SONET/SDH level alarm processing, performance monitoring, synchronization, and protection switching Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
19
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 19
Data Link Types – Broadcast/Shared Access
Physical media is shared between many devices Each device can transmit independently Each station has a unique address For example: Wire and Wireless Ethernet
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
20
All rights reserved © 2008 Alcatel-Lucent
Broadcast networks typically use shared media to communicate to all the devices that are attached to that shared media. For data to be reliably delivered from the source to the destination, each of the devices on the shared media is identified by a particular address. The frame that is sourced from the sending device is sent to all the devices sharing the media (broadcasting). All devices will receive the frame but only the device whose address appears in the frame as the destination address will interpret the data. The rest of the devices will ignore the data. To transmit data reliably, the sending device on the shared media must compose the frame, obtain control of the media, and transmit the information. Because the media is shared, it is possible for multiple stations to transmit their information simultaneously, resulting in a collision. This collision causes data corruption. Depending on the protocol used, an algorithm needs to be followed to ensure a minimum number of collisions and also to ensure proper recovery from collisions. An example of a shared media protocol that is very commonly used today is Ethernet.
Scalable IP Networks v2.01
Module 3 - 20
Data Link Overview Section 2 – Ethernet
Scalable IP Networks v2.01
Module 3 - 21
Ethernet Overview Ethernet Ethernet History Ethernet Frame Types General Ethernet Frame Format Ethernet II Frame Capture Ethernet and the OSI Model
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
22
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 22
Ethernet Broadcast technology using shared media A passive, wait-and-listen network architecture Interfaces on the common network media are identified by L2 addresses called MAC addresses Encapsulates higher-layer traffic in a frame with source and destination interface addresses to identify the devices on the media Can send a data frame to all devices (broadcasting) attached to the media Devices connected to each other using shared media are commonly referred to as a Local Area Network (LAN)
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
23
All rights reserved © 2008 Alcatel-Lucent
Computers must contend for transmission time on the network media. In fact, Ethernet is commonly described as a contention-based architecture.
Scalable IP Networks v2.01
Module 3 - 23
Ethernet History Ethernet is a LAN architecture developed by the Xerox Corporation in cooperation with DEC and Intel in 1976 Ethernet supports data transfer rates of 10 Mb/s Ethernet specification served as the basis for the IEEE 802.3 standard, which specifies the physical and lower software layers Ethernet started using the CSMA/CD access method (halfduplex) to handle simultaneous demands Ethernet is one of the most widely implemented LAN standards
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
24
All rights reserved © 2008 Alcatel-Lucent
Ethernet was originally designed by the Xerox Corporation, but the company was unsuccessful at launching the technology commercially. Later Xerox joined with Digital Equipment Corporation to commercially standardize a suite of network products that would use the Ethernet technology. Intel Corporation later joined the group, known as DEC-Intel-Xerox (DIX). DIX developed and published the standard that was used for the 10 Mb/s version of Ethernet. Originally, the only medium capable of handling these speeds was a multidrop thick coaxial cable. Carrier Sense, Multiple Access, Collision Detection (CSMA/CD) is used to arbitrate the access devices using the shared media. This is covered in detail later. The IEEE had started project 802, which was to provide the industry with a framework for standardizing of LAN technology. Because the technology was so diverse, the IEEE formed working groups in support of the different LAN technologies. The 802.3 working group was tasked with standardizing LANs based on the Ethernet technology.
Scalable IP Networks v2.01
Module 3 - 24
Ethernet Frame Types Ethernet II Length replaced by type to identify upper layer protocols Used for IP transport - most commonly used frame today Preamble
SFD
DA
SA
Type
P a y l o a d (46 to 1500 bytes)
FCS
802.3 IEEE format defined for Ethernet Intended to be used with IEEE 802.2 Preamble
SFD
DA
Alcatel-Lucent Scalable IP Networks v2.01
SA
Length
LLC header and P a y l o a d (46 to 1500 bytes)
Module 3 |
25
FCS
All rights reserved © 2008 Alcatel-Lucent
Ethernet supports two frame types, but they have been standardized so that all types can be transmitted on a common Ethernet network. The 16-bit field that follows the source address (SA) indicates whether the frame is Ethernet II or 802.3. If the value is 1536 or less, the frame is treated as 802.3. If the value is greater than 1536, the frame is treated as Ethernet II. Ethernet II was originally developed by Digital, Intel, and Xerox in 1980 and is commonly known as the DIX standard. It was adopted by the IEEE and went through formal standardization to form the 802.3/802.2 frame types. The Ethernet II frame is usually used for transmission of IP datagrams. Ethernet 802.3 was developed by the IEEE from the original Ethernet standard in 1983. IEEE Ethernet defines two layers; the lower MAC layer in 802.3 and an upper LLC (logical link control) layer in 802.2. These are sublayers of the OSI data link layer (Layer 2). The two layers were defined separately to provide additional link control features and so that common LLC frames could be used for different media types, such as Ethernet, Token Ring and FDDI. This allows bridging at Layer 2 between the different media types. There are three different 802.3 formats that were used for older protocols such as Novel Netware’s IPX and Apple Computer’s Appletalk protocols and OSI protocols. Today, these formats are rarely used. The AlcatelLucent 7750 SR uses the 802.3 for the transmission of IS-IS routing updates; however, it uses Ethernet II for other traffic such as IP and MPLS.
Scalable IP Networks v2.01
Module 3 - 25
General Ethernet Frame Format
Preamble
SFD
DA
SA
Length/ type
P a y l o a d (46 to 1500 bytes)
FCS
Frame check sequence (4 bytes) Payload: Internet layer Frame length or type information (2 bytes) Source MAC address (6 bytes) Destination MAC address (6 bytes) Fixed sequence to alert the receiver (8 bytes) (0x55555555555555D5), start frame delimiter
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
26
All rights reserved © 2008 Alcatel-Lucent
The frame consists of a set of bits organized into several fields. These fields include address fields, a variablesize data field that carries from 46 to 1500 bytes of data, and an error checking field that checks the integrity of the bits in the frame to make sure that the frame has arrived intact. The original Ethernet standards defined the minimum frame size as 64 bytes and the maximum as 1518 bytes. These numbers include all bytes from the destination MAC address field to the frame check sequence field. The preamble and the start frame delimiter fields are not included when quoting the size of a frame. The IEEE 802.3ac standard released in 1998 extended the maximum allowable frame size to 1522 bytes to allow for a VLAN tag to be inserted into the Ethernet frame format. Gigabit Ethernet and 10 gigabit Ethernet ports may support jumbo frames, which can be 9000 bytes. Preamble: A stream of bits that allows the transmitter and receiver to synchronize their communication. The preamble is a 56-bit long pattern of alternating ones and zeroes. The preamble is immediately followed by the Start Frame Delimiter. Start Frame Delimiter (SFD): Always 10101011 and is used to indicate the beginning of the frame information. Destination MAC (DA): The MAC address of the machine receiving data. Source MAC (SA): The MAC address of the machine transmitting data. Length/Type: The payload length or type field, (also known as Ethertype). If the Ethernet frame is in the 802.3 format, this field is interpreted as length. If the Ethernet frame is in the Ethernet II or original DIX format, the field is interpreted as type, or Ethertype. The numeric value in this field determines whether the frame is an 802.3 frame or Ethernet II frame. If the value is less than 1536, it is an 802.3 frame. If the value is 1536 or greater it is an Ethernet II frame.
(. . . continued on slide 22)
Scalable IP Networks v2.01
Module 3 - 26
General Ethernet Frame Format
Preamble
SFD
DA
SA
Length/ type
P a y l o a d (46 to 1500 bytes)
FCS
Frame check sequence (4 bytes) Payload: Internet layer Frame length or type information (2 bytes) Source MAC address (6 bytes) Destination MAC address (6 bytes) Fixed sequence to alert the receiver (8 bytes) (0x55555555555555D5), start frame delimiter
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
27
All rights reserved © 2008 Alcatel-Lucent
(. . . continued from slide 21)
Data/Padding (also known as Payload): Where the IP header and data are placed if you are running IP over Ethernet. This field contains IPX information if you are running IPX/SPX (Novell). Contained within the payload section of an IEEE 802.2 frame are four specific fields: DSAP - Destination Service Access Point SSAP - Source Service Access Point CTRL - Control bits for Ethernet communication NLI - Network Layer Interface An Ethernet frame must be a minimum of 64 bytes long. Therefore, if the data field is less than 46 bytes in length, padding is included to bring the frame length to 64 bytes. Frame Check Sequence (FCS): A part of the frame that verifies that the information each frame contains is not damaged during transmission. If a frame is damaged during transmission, the FCS on the frame will not match with the recipient's calculated FCS. The FCS is calculated by the sender based on the entire contents of the frame. The recipient calculates an expected FCS value on the frame that it receives. Any frames that do not match the calculated FCS are discarded.
Scalable IP Networks v2.01
Module 3 - 27
Ethernet II Frame Capture
Destination address
0000 0010 0020 0030 0040 0050 0060 0070 0080 0090 00a0 00b0
00 01 35 40 65 0d 6b 61 61 74 70 65
11 21 95 00 3a 0a 73 72 2c 68 72 73
43 0e 00 bc 20 41 20 63 20 6f 6f 73
Source address
45 ab 17 0e 20 6c 43 68 4f 72 68 20
Alcatel-Lucent Scalable IP Networks v2.01
61 00 09 00 73 63 61 20 6e 69 69 74
23 00 55 00 54 61 6e 52 74 7a 62 6f
00 40 98 ff 57 74 61 6f 61 65 69 20
e0 06 09 fb 33 65 64 61 72 64 74 74
52 ea 6c 03 32 6c 61 64 69 20 65 68
Ether type
d4 a8 96 0d 66 20 2c 2c 6f 61 64 69
a5 8a 8e 0a 62 4e 20 20 0d 63 2e 73
00 78 7b 64 69 65 36 4b 0a 63 20 20
08 35 67 65 38 74 30 61 55 65 20 64
L3/IP information
00 fe a7 76 32 77 30 6e 6e 73 41 65
45 8a 50 69 0d 6f 20 61 61 73 63 76
00 78 18 63 0a 72 4d 74 75 20 63 69
Module 3 |
28
TCP information
..CEa#..R.....E.
[email protected] 5....U..l..{g.P. @..........devic e: sTW32fbi82.. ..Alcatel Networ ks Canada, 600 M arch Road, Kanat a, Ontario..Unau thorized access prohibited. Acc ess to this dev
All rights reserved © 2008 Alcatel-Lucent
This slide shows an actual sniffer trace of an Ethernet packet. Details of this trace are as follows: Frame 234 (303 bytes on wire, 303 bytes captured) Ethernet II, Src: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00), Dst: Dell_45:61:23 (00:11:43:45:61:23) Destination: Dell_45:61:23 (00:11:43:45:61:23) Source: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00) Type: IP (0x0800) Internet Protocol, Src: 138.120.53.254 (138.120.53.254), Dst: 138.120.53.149 (138.120.53.149) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) Total Length: 289 Identification: 0x0eab (3755) Flags: 0x00 Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xeaa8 [correct] Source: 138.120.53.254 (138.120.53.254) Destination: 138.120.53.149 (138.120.53.149) Transmission Control Protocol, Src Port: 23 (23), Dst Port: 2389 (2389), Seq: 4, Ack: 1, Len: 249 Source port: 23 (23) Destination port: 2389 (2389) Sequence number: 4 (relative sequence number) Next sequence number: 253 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x0018 (PSH, ACK) Window size: 16384 Checksum: 0xbc0e [correct] Telnet
Scalable IP Networks v2.01
Module 3 - 28
Ethernet and the OSI Model
LLC – Interface to the L3 protocol MAC – L2 addressing, data transfer, sync, error control, and data flow
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
29
All rights reserved © 2008 Alcatel-Lucent
Ethernet resides at the Data Link layer. This layer can be subdivided further into two sublayers: LLC – logical link control 802.2 MAC – media access control The LLC interfaces between the network interface layer and the higher L3 protocol and may provide additional functions such as flow control. LLC is only used with 802.3 Ethernet. It is not used with Ethernet II. The MAC layer is responsible for determining the physical source and destination addresses for a particular frame and for the reliable transfer of data, synchronization of data transmission, error control, and flow of data. At the physical layer, to observe the physical link condition, Ethernet uses the link integrity test, in which Ethernet transceivers continually monitor the data path for activity. The physical layer standards also define the format of the electrical or optical signaling that is used to represent the binary ones and zeroes on the transmission media.
Scalable IP Networks v2.01
Module 3 - 29
Data Link Overview Section 3 – Ethernet Addressing and Operation
Scalable IP Networks v2.01
Module 3 - 30
Ethernet Addressing and Operation Overview MAC Address Format Unicast Addressing Broadcast Addressing Multicast Addressing Ethernet Transmission Half-Duplex Operation (CSMA/CD) Full-duplex Operation Auto-negotiation
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
31
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 31
MAC Address Format
OUI is the number assigned by the IEEE to vendors such as AlcatelLucent OUI examples: Alcatel-Lucent Canada 00-80-21 and 00-D0-F6, Alcatel-Lucent USA 00-17-CC, Alcatel-Lucent Italia 00-20-60 OUI engine: http://standards.ieee.org/regauth/oui/index.shtml
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
32
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 32
Unicast Addressing
00:e0:b1:88:0d:c0
00:14:22:c5:79:87
Ethernet II, Src: 138.120.100.2 (00:e0:b1:88:0d:c0), Dst: Dell_c5:79:87 (00:14:22:c5:79:87) Type: IP (0x0800)
Output
Trailer: 000000000000 Internet Protocol, Src: 138.120.252.84 (138.120.252.84), Dst: 138.120.132.135 (138.120.132.135) Transmission Control Protocol, Src Port: 8080 (8080), Dst Port: 2730 (2730), Seq: 0, Ack: 3811441139, Len: 0
Unique source and destination MAC addresses Frame is meant for one particular destination or host
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
33
All rights reserved © 2008 Alcatel-Lucent
In this slide, an Ethernet frame is composed by the source with the following source and destination addresses: Src : 00:e0:b1:88:0d:c0 Dest : Dell_c5:79:87 (00:14:22:c5:79:87) The frame is sent to a hub that connects all devices on a 4-node LAN. The hub being a simple replicator, sends the frame out on all its ports except the port where the frame was received (the port attached to the source). Although all devices receive the frame, only the device whose MAC address matches the destination device accepts the frame. The output sample shows the use of an Ethernet frame destined for a unicast address.
Scalable IP Networks v2.01
Module 3 - 33
Broadcast Addressing
00:13:ce:2b:6b:28 Frame 1 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: 192.168.0.101 (00:13:ce:2b:6b:28), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Output
Destination: Broadcast (ff:ff:ff:ff:ff:ff) Source: 192.168.0.101 (00:13:ce:2b:6b:28) Type: ARP (0x0806) Address Resolution Protocol (request)
Unique source MAC address only, destination address is broadcast (ff-ff-ff-ff-ff-ff) Frame is meant for all devices on the LAN in a broadcast domain
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
34
All rights reserved © 2008 Alcatel-Lucent
In this slide, an Ethernet frame is composed by the source with the following source and destination addresses: Src : 00:13:ce:2b:6b:28 Dest : ff:ff:ff:ff:ff:ff The frame is sent to a hub that connects all devices on a 4-node LAN. The hub being a simple replicator, sends the frame out on all its ports except the port where the frame was received (the port attached to the source). All devices recognize that the destination address (ff-ff-ff-ff-ff-ff) is a special address and process the frame. The output sample shows the use of an Ethernet frame destined for a broadcast address.
Scalable IP Networks v2.01
Module 3 - 34
Multicast Addressing
00:13:ce:2b:6b:28
01:00:5e:01:01:01
01:00:5e:01:01:01
Ethernet II, Src: 192.168.0.101 (00:13:ce:2b:6b:28), Dst: 01:00:5e:01:01:01 (01:00:5e:01:01:01) Destination: 01:00:5e:01:01:01 (01:00:5e:01:01:01)
Output
Source: 192.168.0.101 (00:13:ce:2b:6b:28) Type: IP (0x0800) Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 239.1.1.1 (239.1.1.1) Internet Control Message Protocol
Unique source MAC address only, destination address is multicast group (01-00-5e-01-01-01) Frame is meant for only devices who are members of that group
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
35
All rights reserved © 2008 Alcatel-Lucent
In this slide, an Ethernet frame is composed by the source with the following source and destination addresses: Src : 00:13:ce:2b:6b:28 Dest : 01-00-5e-01-01-01 The frame is sent to a hub that connects all devices on a 4-node LAN. The hub being a simple replicator, sends the frame out on all its ports except the port where the frame was received (the port attached to the source). All devices that are members of the particular group (239.1.1.1) process that message. The output sample shows the use of an Ethernet frame destined for a multicast address.
Scalable IP Networks v2.01
Module 3 - 35
Ethernet Transmission Half-duplex transmission Data sent in one direction at a time Results in collisions Uses CSMA/CD to resolve collisions Hubs are the most common halfduplex devices
Full-duplex transmission Data sent in both directions at the same time Requires point-to-point connections No collisions An approach to higher network efficiency Switches are the most common fullduplex devices
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
36
All rights reserved © 2008 Alcatel-Lucent
Half-duplex transmission is the traditional means of transporting Ethernet frames. Because data is transmitted in one direction at a time over a shared medium, such as a hub, collisions are possible. The CSMA/CD algorithm is used to handle collisions. A hub uses shared media and supports half-duplex only. 10Base-T, which works on half-duplex, is efficient 30 to 40% of the time because of collisions, and as such the effective throughput is only 3 to 4 Mb/s. Full-duplex transmission has data forwarding in both directions simultaneously. Full-duplex implementations require a point-to-point connection between the sender and the receiver port. Therefore, a switch with 8 ports would have each of the 8 ports connected to the rest of the ports through a dedicated set of wires. This ensures that there is no shared medium and collision is not possible. Because data can be transmitted bidirectionally, the effective rate of a 10-Mb/s full-duplex transmission is 20 Mb/s (that is, 10 Mb/s each way). Therefore, full-duplex transmissions are more efficient than half-duplex. Switches and routers usually support full-duplex transmissions. When devices such as switches and hubs are interconnected, care must be taken to ensure that the proper transmission parameters are set on the ports. For switch-to-hub connections, the switch port must be set to half-duplex because the hub only supports half-duplex. For switch-to-switch, switch-to-host, or switch-torouter connections, full-duplex can be used.
Scalable IP Networks v2.01
Module 3 - 36
Half-Duplex Operation (CSMA/CD) Hub
Host A
Host B
Host C
Host D
All hosts constantly listen to the line Host A transmits Hosts B, C, and D listen to Host A and do not transmit All hosts receive Host A’s message
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
37
All rights reserved © 2008 Alcatel-Lucent
The CSMA/CD access rules are summarized by the protocol acronym. Carrier sense (CS)— Each Ethernet LAN-attached host continuously listens for traffic on the medium to determine when gaps between frame transmissions occur. Multiple access (MA)— LAN-attached hosts can begin transmitting any time that they detect that the network is quiet, meaning that no traffic is travelling across the wire. Collision detect (CD)— If two or more LAN-attached hosts in the same CSMA/CD network or collision domain begin transmitting at approximately the same time, the bit streams from the transmitting hosts will interfere (collide) with each other, and both transmissions will be unreadable. If that happens, each transmitting host must be capable of detecting that a collision has occurred before it has finished sending its respective frame. Each host must stop transmitting as soon as it has detected the collision and must wait a random length of time as determined by a back-off algorithm before attempting to retransmit the frame. In this event, each transmitting host transmits a 32-bit jam signal alerting all LAN-attached hosts of a collision before running the back-off algorithm. The CSMA/CD reduces the chance of collisions but does not prevent them. Both hosts A and B could decide to transmit at once because no other hosts are transmitting a message on the line (idle line).
Scalable IP Networks v2.01
Module 3 - 37
Half-Duplex Operation (CSMA/CD) (continued) Hub
Host A
Host B
Host C
Host D
All hosts constantly listen to the line Host A and Host B transmit simultaneously Messages collide Both hosts back off for a random time interval
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
38
All rights reserved © 2008 Alcatel-Lucent
When host A and host B transmit frames at the same time, they both detect collisions and corruption of the data. Both host A and host B generate a jam signal, which is received by other hosts so that they discard the data that was just corrupted by the collision. A random back-off timer is then started on the transmitting hosts. Depending on whose timer expires first, either host A or host B transmits if they detect no other transmission on the line.
Scalable IP Networks v2.01
Module 3 - 38
Full-duplex Operation
Point-to-point only Attached to a dedicated switched port Requires full-duplex support on both ends Collision-free
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
39
All rights reserved © 2008 Alcatel-Lucent
Full-duplex operation is an optional MAC layer capability that allows simultaneous two-way transmission over point-to-point links. Full-duplex transmission involves no media contention, no collisions, and no need to schedule retransmissions. There are exactly two hosts connected on a full-duplex point-to-point link. The link bandwidth is effectively doubled because each link can now support full-rate, simultaneous, two-way transmission.
Scalable IP Networks v2.01
Module 3 - 39
Auto-negotiation Ethernet auto-negotiable operation Speed y 10 Mb/s y 100 Mb/s y 1000 Mb/s y 10000 Mb/s
Operation mode y Half-duplex (CSMA/CD) y Full-duplex
If auto-negotiation is enabled, directly-connected Ethernet nodes negotiate their speed and their duplex mode prior to establishing a link
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
40
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 40
Data Link Overview Section 4 – Ethernet Physical Cabling
Scalable IP Networks v2.01
Module 3 - 41
Ethernet Standards Four data rates are currently defined for operation over optical fiber and twisted-pair cables: 10 Mb/s — 10Base-T Ethernet: twisted pair only 100 Mb/s — 100Base-T or Fast Ethernet 1000 Mb/s — 1000Base-T or Gigabit Ethernet 10 000 Mb/s — 10 Gigabit Ethernet
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
42
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 42
10Base-T Ethernet Originally IEEE 802.3i Current standard is 802.3x Transmission rate with 802.3i is 10 Mb/s half-duplex; with 802.3x is 10 Mb/s full-duplex Frame format was based on Ethernet II, also called DIX Most networks currently use the 802.3x frame format
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
43
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 43
100Base-T Ethernet IEEE standard is 802.3u Full-/half-duplex modes, 100 Mb/s data rate Cabling options y 100Base-TX — 2 pairs of twisted-pair cable y 100Base-T4 — 4 pairs of twisted-pair cable y 100Base-FX — Optical cable
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
44
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 44
1000Base-T Ethernet Also known as gigabit Ethernet or GigE IEEE standard is 802.3ab Full-duplex mode only, 1000 Mb/s data rate 802.3ab specifies distances of 100 m using 4 pairs of Cat 5e cabling
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
45
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 45
10 Gigabit Ethernet IEEE standard is 802.3ae Full-duplex only, with 10 Gb/s data rate Minimizes the user's learning curve by maintaining the same management tools and architecture Physical media used is optical only
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
46
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 46
Ethernet Physical Cable Types
Ethernet
Designation
Type
Wavelength
Distance
10/100Base
TX
Copper
—
100 m
—
FX
Optical SFP
1310 nm
2 km
Multimode
FX-SM
Optical SFP
1310 nm
25 km
Single-mode
TX
Copper
—
100 m
—
SX
Optical SFP
850 nm
550 m
Multimode
LX
Optical SFP
1310 nm
10 km
Single-mode
ZX
Optical SFP
1550 nm
70 km
Single-mode
CWDM
Optical SFP
1470 nm to 1610 nm
70 km
Single-mode
100Base
Gigabit Ethernet
10 gigabit Ethernet
LW/LR
Optical SFP
1310 nm
10 km
Single-mode
EW/ER
Optical SFP
1550 nm
40 km
Single-mode
SR
Optical SFP
850 nm
300 m
Multimode
LR
Optical SFP
850 nm
10 km
Single-mode
ZR
Optical SFP
1550 nm
80 km
Single-mode
T
Copper
-
30-100m
-
CX4 Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Fiber Type
15m Module 3 |
47
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 47
Data Link Overview Section 5 – Ethernet Devices and Switching
Scalable IP Networks v2.01
Module 3 - 48
Ethernet Devices and Switching Overview Ethernet Devices Switching Building up the MAC FDB MAC Address Exercise Broadcast/Multicast Across Switches Ethernet Network Domains Collision Domains
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
49
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 49
Ethernet Devices
Hubs/Repeaters Signal amplification and replication Layer 1 devices that receive Ethernet frames and replicate across all other ports including the receiving port Do not inspect Layer 2 frame headers
Switches Layer 2 devices that inspect Ethernet frame headers Switches receive Ethernet frames based on destination MAC address Full-duplex operation
Half-duplex operation Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
50
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 50
Switching
Switch Forwarding Table
Alcatel-Lucent Scalable IP Networks v2.01
Node MAC Address
Interface
00 00 A2 00 00 01
1
00 00 A2 00 00 02
2
Module 3 |
51
All rights reserved © 2008 Alcatel-Lucent
Ethernet switches use the source MAC address to dynamically learn which MAC addresses are associated with an interface. The switch records this address information into a forwarding table known as the MAC forwarding database (FDB). When the switch receives an Ethernet frame, it records the source MAC address and the interface on which it arrived. It looks at the destination MAC address of the frame, compares it to the entries in its MAC FDB, and transmits the frame out of the interface for that MAC address. If no entry is found in the MAC FDB for the destination, the switch floods the frame out of all its interfaces except the interface on which the frame arrived.
Scalable IP Networks v2.01
Module 3 - 51
Building up the MAC FDB MAC FDB Step 2
1/1/1
Step 4
1/1/2
0000.8c01.000B
Step 6
1/1/3
0000.8c01.000C
1/1/4
0000.8c01.000D
0000.8c01.000A
Step 1: Host A sends a frame to Host B Step 2: The switch receives the frame on 1/1/1 and places the source in MAC FDB Step 3: The destination is not in the MAC FDB so the switch floods the frame to all ports except the source Step 4: Host B responds to Host A. The switch adds the source address of Host B to the MAC FDB Step 5: The switch can now forward frames between Host A and Host B directly, that is, without flooding Step 6 : Host C and Host D also send frames and are added to the FDB
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
52
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 52
MAC Address Exercise
What are the MAC FDBs for Switches A and C after every PC has communicated with each other?
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
53
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 53
Broadcast/Multicast Across Switches Broadcast and Multicast frames are treated similarly The switch examines the destination MAC address; if it is broadcast or multicast, the switch floods the frame out of all the remaining ports Advanced switches can build a special multicast table based on the destination group address and therefore only flood multicast frames to the required destinations
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
54
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 54
Ethernet Network Domains
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
55
All rights reserved © 2008 Alcatel-Lucent
A collision domain is a group of Ethernet or Fast Ethernet devices in a CSMA/CD LAN that are connected by repeaters and that compete for access in the network. Only one device in the collision domain may transmit at any one time, and the other devices in the domain listen to the network to avoid data collisions. A collision domain is sometimes referred to as an Ethernet segment. A broadcast domain is a restricted area in which information can be transmitted to all devices in the domain. More specifically, Ethernet LANs are broadcast domains. Any device attached to the LAN can transmit frames to any other device because the medium is a shared transmission system. Frames are normally addressed to a specific destination device in the network. While all devices detect the frame transmission in the network, only the device to which the frame is addressed actually accepts it. A special broadcast address consisting of all 1s is used to send frames to all devices in the network. In an IP network, broadcast domains are separated by an IP router. Two devices on separate broadcast domains cannot send Ethernet frames directly to each other. Instead they must send the frame to the router which then forwards the IP datagram to the destination in a new Ethernet frame on the appropriate broadcast domain.
Scalable IP Networks v2.01
Module 3 - 55
Collision Domains
Collision domain
Collision domain
Collision domain
Broadcast domain Collision domain
Collision domain
Broadcast domain
Collision domain
Collision Broadcast domain domain Collision domain
In this slide, there are 8 collision domains and 3 broadcast domains.
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
56
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 56
Data Link Overview Section 6 – Ethernet Redundancy
Scalable IP Networks v2.01
Module 3 - 57
Ethernet Redundancy Overview Ethernet Redundancy LAG Redundant Topology Broadcast Storms Database Instability STP Bridge Protocol Data Units RSTP Port States and Roles Port Role Assignment
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
58
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 58
Ethernet Redundancy Two types of redundancy Link redundancy on full-duplex connections y Using multiple links between two devices via LAG y Logical bundling to provide failover for one or more links
Redundant topology y Multiple paths to reach the same destination y Provides protection for path failures where ports/devices fail
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
59
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 59
Link Redundancy - LAG Based on IEEE 802.3ad standard Benefits y increased performance by providing incremental bandwidth between two devices . Support for up to 200 LAGs (R5.0) with 8 links per LAG, 64 LAGs on SR-1 ) y increased resiliency by providing automatic, point-to-point redundancy between two devices if one or more links in the LAG should fail
Statically configured or formed dynamically with LACP Failover time less than one second Alcatel-Lucent enhanced features y Dynamic cost y LAG port threshold Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
60
All rights reserved © 2008 Alcatel-Lucent
A Link Aggregation Group (LAG) increases the bandwidth available between two nodes by grouping up to eight ports into one logical link. The aggregation of multiple physical links allows for load sharing and offers seamless redundancy. If one of the links fails, traffic is redistributed over the remaining links. Up to eight links can be supported in one LAG, and up to 64 LAGs can be configured on a 7x50 SR/ESS. Link Aggregation Control Protocol (LACP) is defined in IEEE802.3ad (Aggregation of Multiple Link Segments). LACP provides a standardized method for implementing link aggregation between different manufacturers.
Scalable IP Networks v2.01
Module 3 - 60
LAG Configuration LAG configurations should include at least two ports A maximum of eight ports can be included in a LAG All ports in the LAG must share the same characteristics (speed, duplex, hold-timer, and so on) Port characteristics are inherited from the primary port Auto-negotiation must not be configured for 10/100 ports that are part of a LAG. Ports in a LAG must be configured as full-duplex. Configure ports as ”no autonegotiate” (For 10GE ports, the xgig setting must be set to the same value) Example configuration
Alcatel-Lucent Scalable IP Networks v2.01
config> config> lag lag 11 config>lag# config>lag# description description “LAG “LAG from from PE1 PE1 to to PE2” PE2” config>lag# config>lag# port port 2/1/1 2/1/1 2/2/1 2/2/1 3/1/1 3/1/1 4/1/1 4/1/1 config>lag# config>lag# port-threshold port-threshold 22 action action down down config>lag# config>lag# dynamic-cost dynamic-cost config>lag# no shutdown config>lag# no shutdown
Module 3 |
61
All rights reserved © 2008 Alcatel-Lucent
LAG Port Threshold Parameter This parameter determines the behaviour of a LAG when the number of available links falls below the configured threshold value. Two actions can be specified: Option 1: configure lag port-threshold action down If the number of available links is less than or equal to the threshold value, the LAG is declared operationally down until the number of available links is greater than the threshold value. Option 2: configure lag port-threshold action dynamic-cost If the number of available links is less than or equal to the threshold value, dynamic costing is used to determine the advertised LAG cost. Note: The costing of a LAG only affects the IGP costing (OSPF only) Dynamic Cost Parameter Dynamic cost can be enabled with the general command config>lag dynamic-cost. This parameter enables or disables the dynamic IGP costing of a LAG when the number of active links is greater than the port-threshold value. When dynamic cost is enabled with this command and the number of active links is greater than the port-threshold value (0-7), the path cost is dynamically calculated whenever there is change in the number of active links regardless of the specified port-threshold action. Note that if the port-threshold action is to declare the LAG “down”, then if the number of active links falls below the portthreshold value the LAG is declared down, even if dynamic cost is enabled. Conversely, if the port-threshold is met and the action is set to dynamic cost, then the link cost is dynamically recalculated even if the general dynamic cost parameter is not configured.
Scalable IP Networks v2.01
Module 3 - 61
LAG Architecture – Dynamic Cost If each link in LAG 1 and LAG 2 has a cost of 100, then the cost of logical link LAG 1 is 100/4 = 25 and LAG 2 is 100/3 = 33
config> lag 1 config> lag 1 config>lag# dynamic-cost config>lag# dynamic-cost config>lag# port 2/1/1 2/2/1 3/1/1 3/2/1 config>lag# port 2/1/1 2/2/1 3/1/1 3/2/1 config>lag# port-threshold 2 action down config>lag# port-threshold 2 action down config> lag 2 config> lag 2 config>lag# port 4/1/1 4/2/1 5/1/1 config>lag# port 4/1/1 4/2/1 5/1/1 config>lag# port-threshold 2 action dynamic-cost config>lag# port-threshold 2 action dynamic-cost
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
62
All rights reserved © 2008 Alcatel-Lucent
In this slide, each physical link is configured with a cost of 100. Thus the cost of the logical link LAG 1 is 100/4 = 25 and LAG 2 is 100/3 = 33. The LAG groups LAG 1 and LAG 2 are configured as follows: LAG 1does not have the dynamic-cost parameter configured. If one link in LAG 1 fails, there are three active links and the port threshold is two so the port-threshold action is not executed. However, because the dynamic-cost parameter is not enabled on the LAG, the cost of LAG 1 remains the same (100/4=25). If another link in LAG 1 fails, the number of active links matches the port threshold and the port-threshold action is executed, therefore LAG 1 is declared operationally down. LAG 2 does have the dynamic-cost parameter configured. If one link in LAG 2 fails, there are two active links and the port threshold is two, so the port-threshold action is executed. Because the dynamiccost parameter is enabled on the LAG, the cost of LAG 2 changes to 100/2 = 50.
Scalable IP Networks v2.01
Module 3 - 62
Redundant Topology Redundancy Advantages y Protection when an entire switch fails, rather than just link protection y Load balancing across switches rather than just across links of the same switch
Disadvantages y May cause broadcast storms if not designed correctly y May cause FDB table instability
Frame looping problems Layer 2 has no mechanism to stop looping as Layer 3 has with TTL
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
63
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 63
Broadcast Storms
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
64
All rights reserved © 2008 Alcatel-Lucent
Networks that are designed with redundancy and no Spanning Tree Protocol (STP) are vulnerable to broadcast storms because as the switch receives multiple copies of a frame, it further replicates each frame and transmits them out one or more ports on the switch. Because of the Layer 2 loop, the transmitted frames are received back and replicated again. This results in an exponential increase in Layer 2 traffic in the looped network. Because there is no time to live (TTL) in Layer 2, this frame is copied and transmitted repeatedly until the switch gets overwhelmed with activity and possibly resets or locks up. Consider the case where no traffic has been transmitted on the above network. Therefore, both Switch 1 and Switch 2 have an empty MAC FDB: Host A sends a frame with destination MAC address of Host B. One copy of the frame is received by Host B and processed. The original frame is also received by Switch 1. Switch 1 records the source MAC of Host A to be on Segment 1. Because Switch 1 does not know where Host B is, it replicates the frame and sends it out the port connected to Segment 2. The original frame is also received by Switch 2. Switch 2 records the source MAC of Host A to be on Segment 1. Because Switch 2 does not know where Host B is, it replicates the frame and sends it out the port connected to Segment 2. Switch 2 receives the replicated frame from Switch 1 via Segment 2. Switch 2 removes the existing entry for Host A in the MAC FDB and records that Host A belongs to the port attached to Segment 2. Switch 2 then replicates the frame and transmits it out the port attached to Segment 1. The process is continues indefinitely causing a broadcast storm and MAC FDB instability.
Scalable IP Networks v2.01
Module 3 - 64
Database Instability
MAC Address FDB Host A Port 0
Alcatel-Lucent Scalable IP Networks v2.01
MAC Address FDB Host A Port 0 Host A Port 1
Module 3 |
65
All rights reserved © 2008 Alcatel-Lucent
Redundant networks without STP can also cause database instability. In this slide, Switch 1 and Switch 2 will map the MAC address of Host A to Port 0. Later, when the copy of the frame arrives at Port 1 of Switch 2, Switch 2 must remove its original entry for Host A and replace it with the new entry for Host A, mapping it to Port 1. This activity causes an unstable database as Switch 2 tries to keep up with the perceived location of Host A.
Scalable IP Networks v2.01
Module 3 - 65
STP Standardized by IEEE in 1990 as 802.1d, for Ethernet link management y RSTP introduced as 802.1w in 1998 to speed convergence y RSTP incorporated in latest STP in IEEE 802.1d-2004
Designed to prevent loops and therefore allow path redundancy to be designed into Ethernet bridge/switchbased networks STP uses a root/branch/leaf model, which determines one path to each leaf spanning the entire L2 network STP will selectively block ports to remove L2 loops End hosts (for example, PCs) are oblivious to STP and instead see one LAN segment
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
66
All rights reserved © 2008 Alcatel-Lucent
Spanning Tree Protocol (STP) was invented in 1985 by Radia Perlman and was first published as a standard by IEEE as 802.1d. Revisions to STP were published in 1998 and 2004. Rapid Spanning Tree Protocol (RSTP) was introduced in 1998 as IEEE 802.1w. In 2004, the IEEE incorporated RSTP in the Spanning Tree Protocol and made the previous version obsolete. This version was published as IEEE 802.1d-2004. STP is intended to prevent loops in an Ethernet network. It does this by selectively blocking ports to achieve a loop-free topology. The first version of STP was slow at converging. Enhancements were introduced with RSTP to speed convergence and convergence time was improved again with IEEE 802.1d-2004.
Scalable IP Networks v2.01
Module 3 - 66
STP Topology
Main purpose of the STP is building loop-free active topologies Our ring topology will be converted into a spanning tree active topology with the root on top
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
67
All rights reserved © 2008 Alcatel-Lucent
Spanning Tree topology can be thought of as a tree that includes the following components : a root (a root bridge/switch) branches (LANS and designated bridges/switches) leaves (end nodes) There are no disconnected parts that are considered part of the tree. That is, the tree encompasses all of its leaves. There are no loops in the tree. If you trace a path from one leaf to any other leaf, there is only one possible path. STP organizes and connects switches into a loop-free topology while leaving no segments isolated.
Scalable IP Networks v2.01
Module 3 - 67
Data Link Overview Section 7 – Virtual LAN
Scalable IP Networks v2.01
Module 3 - 68
Virtual LAN Overview The Development of VLANs Switches and VLANs How do VLANs Work? VLANs Over Multiple Switches VLAN Trunking VLAN Tagging VLAN Stacking VLAN Tags and VLAN Stacking
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
69
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 69
The Development of VLANs
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
70
All rights reserved © 2008 Alcatel-Lucent
There are two main reasons for the development of VLANs: the amount of broadcast traffic increased security Broadcast traffic increases in direct proportion to the number of stations in the LAN. The goal of the virtual LAN (VLAN) is the isolation of groups of users so that one group is not interrupted by the broadcast traffic of another. VLANs also have the benefit of added security by separating the network into distinct logical networks. Traffic in one VLAN is separated from another VLAN as if they were physically separate networks. If traffic is to pass from one VLAN to another, it must be routed.
Scalable IP Networks v2.01
Module 3 - 70
Switches and VLANs A VLAN permits a group of ports to share a common broadcast domain regardless of physical location A VLAN can reside on one switch or on many switches Each VLAN is identified by a VLAN ID Devices in different VLANs can only communicate with each other if the frame is first sent to a Layer 3 device such as a router
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
71
All rights reserved © 2008 Alcatel-Lucent
On the 7750 SR and 7450 ESS there is no default VLAN for all ports to join. Other types of switches may have a default VLAN for ports that are not assigned to a particular VLAN.
Scalable IP Networks v2.01
Module 3 - 71
How do VLANs Work?
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
72
All rights reserved © 2008 Alcatel-Lucent
In this slide, VLANs subdivide the Ethernet switch into multiple switches. Note that there are no logical interconnections between these internal switches. Therefore, the broadcast traffic that is generated by a host in a VLAN stays within that VLAN, making the VLAN its own broadcast domain. Because broadcast traffic for a particular VLAN remains within that VLAN’s borders, inter-VLAN or broadcast domain communication must occur through a Layer 3 device such as a router. Usually, hosts are not VLAN-aware, and therefore no 802.1q configuration is required on the hosts. The VLAN configuration is done when the switch and ports are assigned on a VLAN-by-VLAN basis.
Scalable IP Networks v2.01
Module 3 - 72
VLAN Exercise
Broa dcas t
Host 1 sends out a broadcast. Which hosts will receive the broadcast?
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
73
All rights reserved © 2008 Alcatel-Lucent
In this slide, Host 1 sends out a broadcast. Because Host 4 is the only other member of the VLAN, it is the only host to receive the broadcast. The FDB entries behave much the same way in the VLAN model as they do in the switch model. They are updated based on the source address. In this slide, the source address of the broadcast frame is only learned by VLAN 101. VLAN 102 will not know the source address of Host 1 after Host 1 transmits its broadcast packet. Therefore, in a VLAN environment, a separate FDB is kept for each VLAN. In this case, this means that VLAN 101 will never learn about Host 3 or Host 2 unless it is manually configured or interconnected at Layer 3.
Scalable IP Networks v2.01
Module 3 - 73
VLANs Over Multiple Switches
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
74
All rights reserved © 2008 Alcatel-Lucent
The sharing of VLANs between switches is achieved by the insertion of a header with a 12-bit VID, which allows for 4094 possible VLAN destinations for each Ethernet frame. A VID must be assigned for each VLAN. Assigning the same VID to VLANs on different connected switches can extend the VLAN (broadcast domain) across a network. The 802.1q standard works by inserting a 32-bit VLAN header into the Ethernet frame of all network traffic of the VLAN. The VID uses 12 bits of the 32-bit VLAN header. The switch then uses the VID to determine which FDB it will use to find the destination. After a frame reaches the destination switch port, the VLAN header is removed. This slide indicates which ports belong to which VLAN. The traffic ingressing a port in one VLAN will only be allowed to egress a port on the same switch belonging to the same VLAN.
Scalable IP Networks v2.01
Module 3 - 74
VLAN Trunking
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
75
All rights reserved © 2008 Alcatel-Lucent
VLAN trunking provides efficient interswitch forwarding of VLAN frames. In the previous slide, each VLAN required a separate interswitch connection to forward frames from one switch to another. VLAN trunking allows one Ethernet port to carry frames from multiple VLANs. This allows the use of one highbandwidth port, such as a gigabit Ethernet port, to carry the VLAN traffic between switches instead of multiple fast Ethernet ports. VLANs are separated within the trunk based on their VLAN IDs (Q tags). The FDB at the destination switch designates the destination VLAN for the traffic on the VLAN trunk.
Scalable IP Networks v2.01
Module 3 - 75
VLAN Tagging 802.1q Ethernet Frame Preamble
SFD
DA
SA
Ether Type
VLAN tag
Ether Type
P a y l o a d (46 to 1500 bytes)
FCS
Payload Ether-type 2 bytes Range = 0x600-0xffff, default = 0x8100 For multi-vendor interoperability
3 bits User_priority
1 bit CFI (Canonical format: bit ordering can be different)
Alcatel-Lucent Scalable IP Networks v2.01
2 bytes Tag control information
12 bits VID
Module 3 |
76
All rights reserved © 2008 Alcatel-Lucent
The VLAN header can be broken down into two parts — the VLAN tag type and the tag control information. The VLAN tag type is a fixed value that is an indicator of a VLAN tag. The VLAN tag is a fix length of 2 bytes, which is followed by the original EtherType describing the payload. The tag control information has three parts: Priority value (User priority) — A 3-bit value that specifies a frame’s priority. CFI — One bit. A setting of 0 means that the MAC address information is in its simplest form. Currently no other value is supported. VID — A 12-bit value that identifies the VLAN that the frame belongs to. If the VID is 0, the tag header contains only priority information.
Scalable IP Networks v2.01
Module 3 - 76
VLAN Stacking
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
77
All rights reserved © 2008 Alcatel-Lucent
A restriction of Ethernet VLANs is the limited number of VIDs. With 12 bits used to define the VID, there are only 4096 possibilities. Because VLAN 0 and 4095 are reserved, the PE is really only capable of supporting 4094 VLANs — not a significant number if it is compared with the expanding rates of networks. One of the solutions to this restriction is VLAN stacking, also known as Q-in-Q. VLAN stacking allows the service provider to use Layer 2 protocols to connect customer sites. In this slide, three customers are connected through a common switch using VLAN stacking. At the PE, the administrator has assigned a VLAN to represent the customer on that port. When the customer traffic arrives at the PE device, the PE switch inserts another VLAN tag in the frame. It is this second or stacked VLAN tag that takes the customer traffic through the provider network. At the egress port of the PE equipment, the second or stack VLAN tag is removed and the traffic forwarded out the port. This allows Customers 1, 2, and 3 to use the same VLAN tags in their network. In theory, the service provider can support 4094 customers, with each customer supporting 4094 VLANs within their network.
Scalable IP Networks v2.01
Module 3 - 77
VLAN Tags and VLAN Stacking
Customer VLAN Tag 100
DA
SA
Ether Type
VLAN tag
Ether Type
P a y l o a d (46 to 1500 bytes)
FCS
Providers VLAN Tag 20 Customer VLAN Tag 100 DA
SA
Ether Type
Alcatel-Lucent Scalable IP Networks v2.01
VLAN tag
Ether Type
VLAN tag
Ether Type
P a y l o a d (46 to 1500 bytes)
Module 3 |
78
FCS
All rights reserved © 2008 Alcatel-Lucent
In the example on the previous slide, Customer 1 sent a frame to the PE switch with a VLAN tag of 100. The PE switch inserts a second VLAN tag of 20. This tag number represents Customer 1 traffic. The second tag keeps Customer 1 traffic separate from Customer 2 and 3 traffic and gives Customer 1 the ability to add 4095 more associated VLANs. The VLAN tag that is inserted by the provider is the VLAN tag that is used in the provider network. When the frame has reached the appropriate egress port, the provider’s VLAN tag is removed and the frame with the customer’s VLAN tag is forwarded out the egress port.
Scalable IP Networks v2.01
Module 3 - 78
Data Link Overview Section 8 – Module Summary
Scalable IP Networks v2.01
Module 3 - 79
Module Summary After the successful completion of this module, you should understand the following concepts: Layer 2 OSI and Ethernet Defined Ethernet Ethernet Addressing and Operation Ethernet Physical Cabling Ethernet Devices and Switching Ethernet Redundancy Virtual LAN SONET/SDH and Packet over SONET/SDH
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
80
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 80
Learning Assessments List the necessities of having Layer 2 Define and differentiate between the various Layer 2 protocols Describe Ethernet Distinguish between the Ethernet Frame types List the types of addressing formats supported by Ethernet Describe Half Duplex operation and CSMA/CD Identify the common Ethernet Standards Describe the operation of an Ethernet Switch and how it differs from a Hub Describe the building of the forwarding MAC database on an Ethernet Switch Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
81
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 81
Learning Assessments Differentiate between a collision domain and a broadcast domain Describe the operation of LAGS List the problems encountered in an Ethernet Loop Topology Describe the operation of STP and RSTP List the advantages of using VLANS in an Ethernet network Describe VLAN Tags and the types of Tags supported Describe the operation of SONET/SDH List the bit rates supported by the common SONET frames Describe the POS (Packet over SONET) mechanism
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 3 |
82
All rights reserved © 2008 Alcatel-Lucent
Module 3 - 82
www.alcatel-lucent.com
Alcatel-Lucent Scalable IP Networks v2.01
Module 3 |
83
3HE-02767-AAAA-WBZZA Edition 02
All rights reserved © 2008 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks Module 4 — Layer 3 and IP Services
Module Overview Layer 3 and IP Services Overview IP Addressing IP Subnet Basics IP Subnet Applications Route Aggregation IPv4 Forwarding Process IP in Home and Small Businesses Other Protocols that Support IP Operation IP Filters
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
2
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 2
Layer 3 and IP Services Section 1 - Layer 3 and IP Services Overview
Network Layer/Layer 3 OSI Why do we need Layer 3? Provides unique addressing for many devices to intercommunicate Finds a path for the end-to-end delivery of application data Characteristics Logical addressing Quality of service options for different application packets Routing protocols Devices Routers Layer 3 protocols IP, IPX, CLNS, AppleTalk
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
4
All rights reserved © 2008 Alcatel-Lucent
The network layer, or Layer 3, is considered to be the lowest layer in the TCP and OSI protocol stacks that handles the end-to-end delivery of application data. The main function of the network layer is to move data from the source to its destination or set of destinations regardless of where the destination exists. The network layer performs this function by using a unique address and a standard set of protocols to help forward the data. Although a number of Layer 3 protocols are still in use, Internet Protocol (IP) is used almost exclusively today. From the source, the data must pass through various physical mediums across several Layer 2 domains over routers before the data reaches its destination or destinations. The routers inspect the IP header before forwarding data to the appropriate interfaces. The IP address is a logical address that differs from a Layer 2 address, such as a MAC address, that is permanently programmed into the firmware. The IP address uniquely identifies the device on the Internet. Address distribution is controlled by the IANA, a global authority. The IANA ensures that every Internet address is unique. To ensure that the data is sent from a source to its correct destination, every device on the Internet must have a unique IP address. Routing protocols are required to forward the data. Routers use the routing protocols to build forwarding tables. When an IP packet is received, the router checks the forwarding table to identify the physical interface destination for the data. Typically, several routers are involved in an end-to-end data transfer. The most widely used L3 protocol is IP, which provides services that are roughly equivalent to the OSI network layer. IP provides a datagram (connectionless) transport service across the network. This service is referred to as unreliable, because the network does not guarantee delivery or notify the end host system about packets that are lost because of errors or network congestion. IP datagrams may be up to 65 535 bytes (octets) in length. IP does not provide a mechanism for flow control. This is handled by the transport layer.
Scalable IP Networks v2.01
Module 4 - 4
Layer 3 Connects Multiple Layer 2 Networks
Packet over SONET Point-to-Point Layer 3 IP Routed Network
Higher layer required to connect many Layer 2 networks Every device connected to the Internet requires a unique Layer 3 address
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
5
All rights reserved © 2008 Alcatel-Lucent
In this slide, IP is required because the physical networks that are connected to the user PCs are different in each location. The IP layer is required to direct the data from the source PC to the destination PC. The routers (as will be seen later) are responsible for directing the data based on information in the IP header. The TDM, ATM, POS, and Ethernet-based switches transmit the IP datagrams between the routers. The routers inspect the IP header and transmit the IP datagram to the next-hop router. IP provides a consistent service interface for the higher layer protocol to communicate across the different physical networks. The data from every Internet application is transmitted across the network in an IP datagram regardless of the type of data or the nature of the application. The IP network provides a universal addressing plan and simple forwarding service for every application using the network.
Scalable IP Networks v2.01
Module 4 - 5
Layer 3 Routing in the Network
Packet over SONET Point-to-Point Layer 3 IP Routed Network
Which path will data take from the source to the destination?
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
6
All rights reserved © 2008 Alcatel-Lucent
In this slide, the IP address of the source data is 138.120.54.98/24 and the IP address of the destination is 160.16.20.1/24. Because the destination is not on the same Layer 2 network as the source, the data will travel to the router that is attached directly to the Layer 2 switch using Layer 2 forwarding. The router (R1) must then decide which router, R2 or R3, is the best next hop to reach the destination. R1 then transmits the data to the next router using the Layer 2 technology that connects them (POS in this example). For R1 to decide which direction is the best path to the destination, the router must have the appropriate information about the network. This information is exchanged using routing protocols that run on all the routers involved. In this slide, routers R1 to R4 use the same routing protocol. Every router on the network builds a routing table using the routing protocols and the information that they receive from the other routers. When data arrives at the router, it uses the routing table to determine the next hop to the destination. The routing table contains a list of network destinations with the next-hop address to be used to reach them.
Scalable IP Networks v2.01
Module 4 - 6
Layer 3 and IP Services Section 2 — IP Addressing
IP Addressing Overview Internet Protocol Overview IPv4 Packet Header IPv4 Address IP Address Classes Unique IP Addressing IP Global Address Assignments IPv4 Addressing Types
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
8
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 8
Internet Protocol Overview Most commonly used Layer 3 protocol Connectionless protocol Provides support for framing and packet prioritization Maximum packet length is 65 535 bytes Version 4 is current version
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
9
All rights reserved © 2008 Alcatel-Lucent
The Internet Protocol (RFC 791) provides services that are roughly equivalent to the OSI network layer. IP provides a datagram (connectionless) transport service across the network. This service is sometimes referred to as unreliable because the network does not guarantee delivery or notify the end host system about packets lost due to errors or network congestion. IP datagrams contain a message or one fragment of a message, which may be up to 65 535 bytes (octets). IP does not provide a mechanism for flow control. This is handled by the transport layer.
Scalable IP Networks v2.01
Module 4 - 9
IPv4 Packet Header
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
10
All rights reserved © 2008 Alcatel-Lucent
Version — IP version is currently 4 IHL — IP header length. The number of 32-bit words that form the header. The value is usually five. TOS — Type of Service is also known as the Differentiated Services Code Point (DSCP). The TOS byte can be used to specify Quality of Service parameters for the packet, but this is often not respected by the network. Total Length — The combined length of the header and the data, in bytes Identification — Together with the source address, this 16-bit number uniquely identifies the packet. The number is used during the reassembly of fragmented datagrams. Flags — Three bits used for the fragmentation of packets. The first bit is unused. The second indicates DF, or don't fragment, meaning that the packet must be discarded instead of fragmented. The third indicates MF, or more fragments, indicating that this is not the last fragment Fragment Offset — A value that indicates which fragment of the original packet this corresponds to. This is used during the reassembly of fragmented datagrams. Time To Live — Number of hops or links that the packet may be routed over, decremented by each router (used to prevent accidental routing loops) Protocol — Identifier that indicates the type of transport packet being carried (for example, 1 = ICMP, 2= IGMP, 6 = TCP, 17 = UDP) Header Checksum —1s complement checksum that is inserted by the sender and updated whenever the packet header is modified by a router. Used to detect errors introduced into the IP header. Packets with an invalid header checksum are discarded by all nodes in an IP network. Source IP Address — IP address of the original sender of the packet Destination IP Address — IP address of the final destination of the packet Options — Not often used. However when the options are used, the IP header length is greater than five 32-bit words to indicate the size of the options field.
Scalable IP Networks v2.01
Module 4 - 10
IPv4 Address
IP address example: 192.168.2.100
Binary equivalent: 11000000101010000000001001100100
The unique L3 identifier of computers, routers, and other devices in an IP network The 32-bit address is expressed in dotted-decimal format, with each octet separated by a period
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
11
All rights reserved © 2008 Alcatel-Lucent
Dotted-decimal notation divides the 32-bit IP address into four octets of 8 bits each. These octets specify the value of each field as a decimal number. The range of each octet is from 0 to 255. As stated earlier, the L3 address is unique to the device and, as such, is used to recognize the device on the Internet. This is analogous to the postal service. For you to receive mail that is meant for you and your family, you need a unique address. In Canada, the address is a combination of a postal code for a region, a street name, and a house number. For example, 123 Walden Drive, K2K 2S6 is a unique address in Canada. Similarly, every device that needs access to the Internet needs a unique L3 address.
Scalable IP Networks v2.01
Module 4 - 11
IP Address Components
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
12
All rights reserved © 2008 Alcatel-Lucent
The first part of an IP address, which is known as the network number or network prefix, identifies the network that a host resides in. The second part of an IP address, which is known as the host number, identifies a host in the network. This creates a two-level hierarchy, as shown in this slide above. All hosts in a network share the same network number or prefix. However, the host numbers must be unique to each host. Conversely, hosts with different network prefixes may share the same host number. The size of the network/host portions vary, as described in the following slides.
Scalable IP Networks v2.01
Module 4 - 12
IP Address Classes
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
13
All rights reserved © 2008 Alcatel-Lucent
To provide some form of flexibility to support the implementation of various network sizes, the IP address space was originally divided into classes: Class A, Class B, and Class C. When the IP address was developed, the concept of classes could not have envisioned the enormous growth of the Internet. Therefore, many of the addressing problems can be traced back to this early classification of the IP address space. This division of addresses is referred to as classful addressing because the address space is split into predefined sizes. As shown in this slide, each class defines the boundary between the network and host at a different octet within the 32-bit address. Class A (1 to 126) — A Class A network has an 8-bit network prefix and the highest-order bit is always set to 0. This allows up to 126 networks to be defined because, 2 of the networks are reserved. The 0.0.0.0 network is reserved for default routes. The 127.0.0.0 network is reserved for loopback functions. Class B (128 to 191) — A Class B network has a 16-bit network prefix and the two highest-order bits are always set to binary 10. Up to 16 384 networks can be defined. Class C (192 to 223) — A Class C network has a 24-bit network prefix and the three highest-order bits are always set to binary 110. Up to 2 097 152 networks can be defined. Class D (224 to 239) — Class D is used for multicast addresses in applications such as OSPF. Class E (240 to 255) — Class E is reserved.
Scalable IP Networks v2.01
Module 4 - 13
Unique IP Addressing
Each node that uses the TCP/IP suite has a unique 32-bit logical IP address
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
14
All rights reserved © 2008 Alcatel-Lucent
A router’s function is to join different IP networks. In this slide, each router is connected to two or three networks through two or three interfaces. Each interface is identified by a unique IP address. The interfaces in the same network belong to the same network prefix or network class. There are five networks in this slide: Class C networks - 192.168.0.0 and 192.10.0.0 Class B networks - 172.5.0.0 and 172.16.0.0 Class A network - 10.0.0.0
Scalable IP Networks v2.01
Module 4 - 14
IP Global Address Assignments Global addressing is provided by the IANA Major organizations of the world have specific address assignments Address assignments are available in RFC 1466 at: http://www.iana.org/assignments/ipv4-address-space One of the Alcatel-Lucent IP address assignments is 138.120.0.0 The addresses assigned by the IANA are also referred to as public addresses In addition, the IANA reserves some addresses (referred to as private addresses) to be used in private networks
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
15
All rights reserved © 2008 Alcatel-Lucent
Under the current IP addressing scheme (known as IPv4 and eventually to be replaced by IPv6), the address space is divided into two types: public address space and private address space. Understanding the difference is important and useful for a network administrator, especially if your organization is connected to the Internet. All of the IP addresses (public address space) that are routable by using the Internet are managed by one of three RIRs. Each RIR is responsible for a geographic region. Note: This should not be confused with the InterNIC (http://www.internic.net) and its designated registrars, such as Network Solutions, Inc. These organizations handle domain name registration, not address registration. The IANA distributes IP addresses to the RIRs. Address space must be requested from IANA, which grants or denies. Alternatively, you can request the address space from your ISP. The ISP then allocates the space from its allotted address space or makes the request on your behalf. This system of requests manages address space and provides a central authority to prevent addressspace collisions. When you use a public address, you can send to and receive from all non-broken parts of the Internet. This means that all routers on the Internet can route your IP address to you. Therefore, not all address space is portable. If you own your address space, you can authorize an ISP to route the address space for you. However, there is a chance that when you change providers or locations, it will no longer be possible to route your IP address to the new location. It is important, therefore, to check before you travel and need to use your address space. The IANA has reserved the following three blocks of the IP address space for private Internets (local networks): 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 IP addresses from 169.254.0.0 to 169.254.255.255 are reserved for automatic private IP addressing. These IP addresses should not be used on the Internet.
Scalable IP Networks v2.01
Module 4 - 15
IP Address Hierarchy Early IP address allocation gave no consideration to hierarchy Routing tables started growing exponentially as Internet usage increased Hierarchical allocation introduced in the early 1990s, by region and by service provider BGPv4 supports address summarization IPv6 addressing provides vastly improved addressing hierarchy y Important for network and routing scalability
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
16
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 16
IP Global Address Assignments Address allocation is delegated by IANA to Regional Internet Registries (RIRs) y ARIN for North America — 96.0.0.0/6 — 204.0.0.0/6, 208.0.0.0/7
y RIPE NCC for Europe and Middle East — 77.0.0.0/8 through 95.0.0.0/8
y APNIC for Asia and Pacific region — 114.0.0.0/8 through 126.0.0.0/8
RIRs allocate address space to service providers Every attempt possible is made to maintain hierarchy in address allocation
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
17
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 17
Private IP Address Space Private IP address space allocated in RFC 1918 in 1996 Identifies blocks of addresses not to be routed on public Internet Networks using private addressing perform Network Address Translation (NAT) to support connectivity to public Internet Specific address ranges identified by RFC1918 y 10.0.0.0/8 y 172.16.0.0/12 (172.16.0.0 through 172.31.255.255) y 192.168.0.0/16
Supports more efficient use of public IP address space Provides additional security to hosts on private network
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
18
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 18
IPv4 Addressing Types - Unicast Address
A unicast address identifies a single specific device on an IP network y Example: 139.120.200.25
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
19
All rights reserved © 2008 Alcatel-Lucent
Unicast addresses are the addresses that are used for most data exchanges on the Internet.
Scalable IP Networks v2.01
Module 4 - 19
IPv4 Addressing Types - Broadcast Address
Refers to all IP devices in the broadcast domain A packet sent to all hosts in a broadcast domain (such as Ethernet) is referred to as a broadcast packet. A broadcast IP address contains the network number and all 1s for the host address y Example: A packet sent to the IP broadcast address 138.120.255.255 is delivered to all hosts in the 138.120.0.0 network
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
20
All rights reserved © 2008 Alcatel-Lucent
A broadcast address is an address that is used to send traffic to all of the hosts in a specific broadcast domain. Routers with interfaces in the broadcast domain receive the broadcast but do not propagate it.
Scalable IP Networks v2.01
Module 4 - 20
IPv4 Addressing Types– Multicast Address Used to address a group of hosts Reserved addresses are used for multicast applications (224.0.0.0 to 239.255.255.255)
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
21
All rights reserved © 2008 Alcatel-Lucent
Multicast addresses are reserved for group membership applications. Multicast technology is an efficient way to deliver data to a group of destinations that need to receive the same data. The group of destinations is characterized by an IP address in the multicast range of 239.0.0.0 to 239.255.255.255 that defines membership in the specific group. An example is a broadcast TV service. When a host wants to receive a specific channel, the host joins the multicast group for the channel, which is identified by a multicast address; for example, 239.1.1.1. Multicast routing protocols route the data from the source to the various hosts that have joined the multicast group.
Scalable IP Networks v2.01
Module 4 - 21
IPv4 Addressing Types– Anycast Address
A unicast address that does not uniquely identify a host Updates are sent to the nearest host or service No specific address ranges for anycast addresses
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
22
All rights reserved © 2008 Alcatel-Lucent
An anycast address is created by assigning the same unicast address to two or more hosts. In theory, the hosts are functionally equivalent, and you want to route packets to the nearest host. This works well in applications such as distributed Web sites. With the aid of dynamic routing protocols, the packets can find the nearest host and, if the host is not available, traffic is routed to the next nearest host.
Scalable IP Networks v2.01
Module 4 - 22
Layer 3 and IP Services Section 3 - IP Subnet Basics
IP Subnet Basics Overview Subnetting Subnet Masking Calculating Host Addresses Extended Network Prefix Subnet Address Plan Subnetworks and Routers Configuring Routers
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
24
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 24
Subnetting
Introduces an additional level of hierarchy in addressing Without subnetting, there are only the network and host portions With subnetting, there are the network, subnetwork, and host portions Host space is now more efficiently used. For example, with one network address, 6 or more subnetworks can be created Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
25
All rights reserved © 2008 Alcatel-Lucent
There are three main problems with classful addressing. Lack of Internal Address Flexibility — Big organizations are assigned large, monolithic blocks of addresses that do not match the structure of their underlying internal networks. Inefficient Use of Address Space — The existence of only three block sizes (Classes A, B, and C) leads to waste of limited IP address space. Proliferation of Router Table Entries — As the Internet grows, more and more entries are required for routers to handle the routing of IP datagrams, which causes performance problems for routers. Attempting to reduce inefficient address space allocation leads to even more router table entries. Subnetting resolves the problems associated with classful addressing by adding a layer of hierarchy to the addressing structure. Instead of being a simple two-level hierarchy that defines the network prefix and host number, the subnet introduces a third level that defines a subnet number. The third level provides network administrators with the flexibility to manage their current network address in a way that best suits their needs by assigning a distinct subnet number for each of their internal networks.
Scalable IP Networks v2.01
Module 4 - 25
Subnet Mask Defined Q. How do you identify the subnet portion of a network? A. Use a subnet mask A subnet mask is a 32-bit number that accompanies an IP address The mask indicates the network and the subnet Boolean logic is performed to differentiate the subnet host In a subnet, the first and last IP addresses are reserved y The first address identifies the subnetwork y The last address is reserved as a broadcast address for the subnetwork
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
26
All rights reserved © 2008 Alcatel-Lucent
The subnet mask was created so that it has a one (1) bit for each corresponding bit of the IP address that is part of its network ID or subnet ID, and a zero (0) bit for each bit of the IP address that corresponds to the host ID. Therefore, the mask informs TCP/IP devices as to which bits in the IP address belong to the network ID and subnet ID, and which bits in the IP address are part of the host ID.
Scalable IP Networks v2.01
Module 4 - 26
Subnet Mask and IP Address IP Address Example: 192.168.2.132 (Class C or /24 ) What is the network and what is the subnet? Assuming a subnet mask of 255.255.255.128 (32-bit value). What is the subnet for this address? Rewrite the IP address and subnet mask as binary, and apply Boolean logic: IP address
11000000.10101000.00000010.10000100
Subnet mask
11111111.11111111.11111111.10000000 equals 11000000.10101000.00000010.10000000 192.168.2.128 192.168.2.0 192.168.2.128 192.168.2.129 to 192.168.2.254
LOGICAL AND
Subnetwork Network Class C Subnetwork Host range
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
27
All rights reserved © 2008 Alcatel-Lucent
The subnet mask of 255.255.255.128 has been chosen and is applied to the IP address of 192.168.2.132, which is a Class C address. This subnet mask splits the Class C network of 192.168.2.0 into two subnetworks. Each subnetwork has 126 hosts.
Scalable IP Networks v2.01
Module 4 - 27
Subnet Mask and IP Address (continued) IP Address Example: 192.168.2.132 with mask 255.255.255.128 applied What are the network and host ranges?
192.168.2.132
255.255.255.128
11000000.10101000.00000010.10000100
&
192.168.2.128 11000000.10101000.00000010.1 0000000 25 bits
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Host bits
11111111.11111111.11111111.10000000 192.168.2.128
(Network)
192.168.2.129
(1st Host)
192.168.2.130
(2nd Host)
…………. 192.168.2.254
(Last Host)
192.168.2.255
(Broadcast)
Module 4 |
28
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 28
Subnet Masks An IP address is always associated with a subnet mask, for example: IP address 192.168.2.132 with a subnet mask of 255.255.255.128 IP address 192.168.2.132 with a subnet mask of 255.255.255.0 Another denotation for subnet masking uses /x, where x represents the number of 1s in the subnet mask, for example: 255.255.255.0 can be referred to as /24, as in 24 1s 255.255.255.128 can be referred to as /25, as in 25 1s IP address 192.168.2.132/24 implies a subnet mask of 255.255.255.0 Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
29
All rights reserved © 2008 Alcatel-Lucent
All possible subnet masks are as follows: 128.0.0.0
/1
255.255.128.0
/17
192.0.0.0
/2
255.255.192.0
/18
224.0.0.0
/3
255.255.224.0
/19
240.0.0.0
/4
255.255.240.0
/20
248.0.0.0
/5
255.255.248.0
/21
252.0.0.0
/6
255.255.252.0
/22
254.0.0.0
/7
255.255.254.0
/23
255.0.0.0
/8
255.255.255.0
/24
255.128.0.0
/9
255.255.255.128 /25
255.192.0.0
/10
255.255.255.192 /26
255.224.0.0
/11
255.255.255.224 /27
255.240.0.0
/12
255.255.255.240 /28
255.248.0.0
/13
255.255.255.248 /29
255.252.0.0
/14
255.255.255.252 /30
255.254.0.0
/15
255.255.255.254 /31
255.255.0.0
/16
Scalable IP Networks v2.01
Module 4 - 29
Subnet Example For a network 192.168.1.0 and subnet mask /27, what are the possible subnets and hosts? Subnet 0 192.168.1.0/27
11000000.10101000.00000001.00000000
Subnet 1 192.168.1.32/27
11000000.10101000.00000001.00100000
Subnet 2 192.168.1.64/27
11000000.10101000.00000001.01000000
Subnet 3 192.168.1.96/27
11000000.10101000.00000001.01100000
Subnet 4 192.168.1.128/27
11000000.10101000.00000001.10000000
Subnet 5 192.168.1.160/27
11000000.10101000.00000001.10100000
Subnet 6 192.168.1.192/27
11000000.10101000.00000001.11000000
Subnet 7 192.168.1.224/27
11000000.10101000.00000001.11100000 27 bits
What is the difference between 192.168.1.0/24 and 192.168.1.0/27?
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
30
All rights reserved © 2008 Alcatel-Lucent
The subnet address 192.168.1.0/27 defines the subnet where all the addresses start with the same 27 bits. This means that there are 5 bits remaining to define the host addresses for the subnet. These 5 bits can range from 00000 to 11111 or from 0 to 31. Therefore, the subnet address 192.168.1.0/27 defines the range of addresses from 192.168.1.0 to 192.168.1.31. The address with all 0s in the host portion is the subnet address (192.168.1.0). The address with all 1s in the host portion is the broadcast address for the subnet (192.168.1.31). The subnet address 192.168.1.0/24 defines the subnet where all the addresses start with the same 24 bits. This means that there are 8 bits remaining to define the host addresses for the subnet. These 8 bits can range from 00000000 to 11111111 or from 0 to 255. Therefore the subnet address 192.168.1.0/24 defines the range of addresses from 192.168.1.0 to 192.168.1.255. The address with all 0s in the host portion is the subnet address (192.168.1.0). The address with all 1s in the host portion is the broadcast address for the subnet (192.168.1.255).
Scalable IP Networks v2.01
Module 4 - 30
Calculating Host Addresses
Host address 0 192.168.1.0/27
11000000.10101000.00000001.00000000 All 0 host
Host address 1 192.168.1.1/27
11000000.10101000.00000001.00000001
Host address 2 192.168.1.2/27
11000000.10101000.00000001.00000010
…………………………. Host address 29 192.168.1.29/27 11000000.10101000.00000001.00011101 Host address 30 192.168.1.30/27 11000000.10101000.00000001.00011110 Host address 31 192.168.1.31/27 11000000.10101000.00000001.00011111 All 1 host Example: Find all hosts in subnet address
192.168.1.96/27
Total number of hosts
30
First host
192.168.1.96+1/27
Tenth host
192.168.1.96+10/27 192.168.1.106/27
Last host
192.168.1.96+30/27 192.168.1.126/27
Broadcast address
192.168.1.96+31/27 192.168.1.127/27
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
31
192.168.1.97/27
All rights reserved © 2008 Alcatel-Lucent
The assigned host address field of a subnet cannot contain all 0s or all 1s. The host number of all 0s is reserved for the network address; the host number of all 1s is reserved for the broadcast address for the network or subnet. In this slide, Five bits are used for the host address field. Using the formula of 2^5 -2 = 32 -2 = 30, there are 30 assignable host addresses in this subnet. This means that each of the subnets that were created can support up to 30 hosts. To define the host address for the tenth host in the subnet, you arrange the host bits in the bit pattern that represents 10 or 01010. This results in a host address of 192.168.1.10/27. If one of the other subnets is used, (for example, 192.168.1.96/27), defining the host address is a little more difficult. However, the concept is the same. For a subnet address of 192.168.1.96/27 to define the tenth host address, you arrange the host bits in the bit pattern that represents 10 or 01010. This value is then added to the network address of 192.168.1.96/27 to give the host address of 192.168.1.106/27. To define the broadcast address for this network, the host bits should be all set to 1 or 11111. This is the binary representation of 31, so 31 is added to the network address of 192.168.1.96, which gives a broadcast address of 192.168.1.127/27 for the subnet.
Scalable IP Networks v2.01
Module 4 - 31
Subnet Address Plan
1. How many subnets are required now? 2. How many subnets will be required in the future? 3. How many hosts are in the largest subnet? 4. How many hosts will be in the subnet in the future?
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
32
All rights reserved © 2008 Alcatel-Lucent
An addressing plan requires careful planning and consideration for future requirements. The network administrator cannot just look at the existing infrastructure in the assignment of addresses but must take into account the future growth of hosts of all the subnets, and the future growth in the number of subnets that will be required. To create a subnet address plan, the administrator must perform the following steps: 1. Define the number of subnets that are required. In this slide, there is a requirement for nine subnets; 8 or 2^3 subnets would not meet the requirement. 2. To meet the requirement for nine subnets, plan for 16 or 2^4 subnets. This now leaves room for future expansion. 3. Ensure that there is enough host space available to meet the requirements of the largest subnet. If the largest subnet requires 35 hosts, a 2^6- or 64-host space must be used. This size also leaves room for expansion. 4. After the design is completed, ensure that the organization’s allocated IP address space is sufficient to meet current and future needs.
Scalable IP Networks v2.01
Module 4 - 32
Subnet Address Plan - Example
1. Subnet 2, the largest subnet, requires 20 host addresses 2. Network IP address is 192.168.1.0/24
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
33
All rights reserved © 2008 Alcatel-Lucent
The administrator must identify the bits required to provide the six required subnets. Because the address is a binary address, the boundaries for the subnets are based on the power of 2. In this slide, the administrator requires 3 bits of the existing host address to provide the necessary subnets: 2^3 = 8 available subnets. This gives the subnets an extended prefix of 27 bits. The 4-octet subnet mask appears as 255.255.255.224. This leaves 5 bits of the last octet for host addresses. The calculation for usable or assignable host addresses is 2^n – 2, or in this case 2^5 – 2. Two host addresses must be subtracted from the total because the host address 00000 (all 0s) is reserved for the network address and the host address of 11111 (all 1s) is reserved for the broadcast address of the subnet. The base address is 192.168.1.0/24. With the subnet extended prefix defined, the administrator has the following subnets, with each subnet supporting 30 hosts: 192.168.1.0/27 192.168.1.32/27 192.168.1.64/27 192.168.1.96/27 192.168.1.128/27 192.168.1.160/27 192.168.1.192/27 192.168.1.224/27
Scalable IP Networks v2.01
Module 4 - 33
Subnetworks and Routers
192.168.10.1
Loopback
172.16.32.1
(192.168.10.0/30)
(172.16.32.0/20)
(1/1/1)
(1/2/1) (1.1.1.1/32)
1.1.1.1
How are IP networks associated with routers ? Routers separate broadcast domains Every physical and logical interface on the router can belong to a network An IP address in the broadcast domain is assigned to an interface y One interface per sub-network only
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
34
All rights reserved © 2008 Alcatel-Lucent
A router interface is a logical entity that is created in order to assign local networks in the router. The router interface is commonly referred to as a Layer 3 interface or L3 interface. The interface is always assigned an IP address. The IP address is applied along with the subnet mask. Although the interface is a logical entity, the interface can be associated with a physical port. This is typically done to physically connect the router to another router, switch, hub, or host. The other device that is attached to the router must also be configured with an IP address in the same network as the IP address that is assigned to the router interface. An interface that is not associated with a physical port can be associated with a loopback interface and is logical. The physical and loopback interfaces are considered internal to the router and represent networks within the router.
Scalable IP Networks v2.01
Module 4 - 34
General Router Interface Configuration To configure a network interface, use the following command Address must be a host address on the subnet Context: Context:config>router config>router Syntax: Syntax: interface interface ip-int-name ip-int-name address address ip-addr{/mask-length ip-addr{/mask-length || mask} mask} [broadcast [broadcast {allones {allones || host-ones}] host-ones}] port [port-id port [port-id || ccag-group] ccag-group] Example: Example:config>router> config>router> interface interface “to-ALA-2” “to-ALA-2” config>router>if# config>router>if# address address 10.10.24.4/24 10.10.24.4/24 config>router>if# config>router>if# port port 8/1/1 8/1/1 config>router>if# config>router>if# description description “to “to port port 6/1/1 6/1/1 on on ALA-2” ALA-2”
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
35
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 35
Adding Interfaces to Routers
172.17.10.1/24
A:ASIN# A:ASIN# configure configure router router interface interface system system A:ASIN>config>router>if# A:ASIN>config>router>if# address address 10.10.10.10/32 10.10.10.10/32 A:ASIN>config>router>if# back A:ASIN>config>router>if# back A:ASIN>config>router# A:ASIN>config>router# interface interface toRouterB toRouterB A:ASIN>config>router>if$ A:ASIN>config>router>if$ address address 192.168.10.18/31 192.168.10.18/31 A:ASIN>config>router>if$ A:ASIN>config>router>if$ port port 1/1/1 1/1/1 A:ASIN>config>router>if$ A:ASIN>config>router>if$ back back A:ASIN>config>router# A:ASIN>config>router# interface interface toLAN toLAN A:ASIN>config>router>if$ A:ASIN>config>router>if$ address address 172.17.10.1/24 172.17.10.1/24 A:ASIN>config>router>if$ A:ASIN>config>router>if$ port port 1/1/2 1/1/2 A:ASIN>config>router>if$ A:ASIN>config>router>if$ back back A:ASIN>config>router# A:ASIN>config>router# interface interface loopback1 loopback1 A:ASIN>config>router>if# A:ASIN>config>router>if# address address 172.25.0.1/24 172.25.0.1/24 A:ASIN>config>router>if# A:ASIN>config>router>if# loopback loopback A:ASIN>config>router>if# exit A:ASIN>config>router>if# exit
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
36
All rights reserved © 2008 Alcatel-Lucent
Router A has two physical interfaces: one is connected to the LAN and one is connected to router B. Router A also has two logical interfaces the system address and the loopback address, both of which are internal to Router A.
Scalable IP Networks v2.01
Module 4 - 36
Verifying Added Interfaces
A:ASIN# A:ASIN# show show router router interface interface =============================================================================== =============================================================================== Interface Interface Table Table (Router: (Router: Base) Base) =============================================================================== =============================================================================== Interface-Name Adm Opr(v4/v6) Port/SapId Interface-Name Adm Opr(v4/v6) Mode Mode Port/SapId IP-Address PfxState IP-Address PfxState ------------------------------------------------------------------------------------------------------------------------------------------------------------loopback1 Up Up/-Network loopback1 Up Up/-Network loopback loopback 172.25.0.1/24 n/a 172.25.0.1/24 n/a system Up Up/-Network system system Up Up/-Network system 10.10.10.10/32 n/a 10.10.10.10/32 n/a toLAN Up Up/-Network toLAN Up Up/-Network 1/1/2 1/1/2 172.17.10.1/24 n/a 172.17.10.1/24 n/a toRouterB Up Up/-Network toRouterB Up Up/-Network 1/1/1 1/1/1 192.168.10.18/31 n/a 192.168.10.18/31 n/a ------------------------------------------------------------------------------------------------------------------------------------------------------------Interfaces Interfaces :: 44 =============================================================================== ===============================================================================
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
37
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 37
Special Subnet Masks /31 subnet mask (RFC 3021) y No broadcast or network address; only two host addresses y Ideal for point-to-point links y For example: 192.168.10.18/31, 192.168.10.19/31
/32 subnet mask y No broadcast or network address; only one host address that represents the network y Loopback addresses and system address y For example: 192.168.10.20/32
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
38
All rights reserved © 2008 Alcatel-Lucent
/31 subnet mask Using the example of 192.168.10.18/31 in the classical sense decodes to a subnet mask of 255.255.255.254 with a network address of 192.168.10.18 and a broadcast address of 192.168.10.19. Because no addresses are reserved for host spaces, the devices need to be able to handle the addresses as two host addresses. /32 subnet mask There is only one address which is reserved for loopback addresses and the system address. The system address is a special loopback address that serves as a router ID for routing protocols such as OSPF and BGP. Loopback addresses are internal logical addresses that are not associated with physical interfaces.
Scalable IP Networks v2.01
Module 4 - 38
Loopback and System Address Loopback address “virtual” address on the router – does not correspond to any specific interface May have any prefix value (/32, /24, /18, etc.) System address Special loopback address on the Alcatel-Lucent 7750 SR Used as an address to the reach the router itself As a loopback address, system address is not associated with any specific interface “system” interface is defined by default, but does not have an address assigned to it Always has a /32 prefix value Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
39
All rights reserved © 2008 Alcatel-Lucent
The system address is a special loopback address that serves as a router ID for routing protocols such as OSPF and BGP. It is also acts as an address for the router itself. The system address can be reached through any active interface on the router. Loopback addresses are internal logical addresses that are not associated with physical interfaces. Note that only the ‘system’ address is a /32 address and that the loopback addresses can be associated with any subnet mask range.
Scalable IP Networks v2.01
Module 4 - 39
Layer 3 and IP Services Section 4 – IP Subnet Applications
IP Subnet Applications Overview Application of IP Subnets Limited number of hosts
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
41
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 41
Application of IP Subnets For a network of 192.168.10.0/24, generate subnetworks to address each network
In this scenario, there are five networks (3 broadcast networks and 2 point-to-point link networks). Therefore, subnets can be generated with a /27 mask as listed in the table
Alcatel-Lucent Scalable IP Networks v2.01
192.168.10.0/27
192.168.10.128/27
192.168.10.32/27
192.168.10.160/27
192.168.10.64/27
192.168.10.192/27
192.168.10.96/27
192.168.10.224/27
Module 4 |
42
All rights reserved © 2008 Alcatel-Lucent
In this slide, all of the networks have a /27 network mask. This means there are 30 hosts and 2 addresses reserved for the network and broadcast networks. Five of these networks can be assigned to each of the router interfaces. However, the connection between the routers and the connection between the router and the Internet only require two host addresses for their respective interfaces.
Scalable IP Networks v2.01
Module 4 - 42
Limited Number of Hosts The following subnetworks have been assigned randomly: 192.168.10.0/27
192.168.10.32/27
192.168.10.96/27
192.168.10.64/27
192.168.10.128/27
Each subnet supports 30 hosts The point-to-point link between the routers requires only two host addresses The broadcast networks attached to the switch may require 60 hosts each but are limited to 30 hosts How is the problem of limited hosts resolved?
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
43
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 43
VLSM VLSM resolves the problem of limited hosts Assign different subnet masks to the network (for example, use /26 for 192.168.10.0/24). The following subnets are generated: y 192.168.10.0/26 y 192.168.10.64/26 y 192.168.10.128/26 y 192.168.10.192/26 (each subnet has 62 hosts)
The number of hosts is not enough to represent five networks, but apply /30 to the subnet 192.168.10.192/26 y 192.168.10.192/26 can then be divided into: — 192.168.10.192/30,192.168.10.196/30…….
192.168.10.252/30
— 192.168.252/30 can 192.168.10.252/31, 192.168.10.253/31, 192.168.10.253/31, 192.168.254/31
Any one of the above addresses (/31) can be used to represent point-topoint links between the routers
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
44
All rights reserved © 2008 Alcatel-Lucent
When you develop a subnet design, the network administrator must consider the same issues as the traditional subnet design. At each level, the administrator must ensure that there are enough bits available for expansion. If the networks are spread over a number of different sites, the administrator must ensure that enough bits are used to support the sites and any future sites that may be deployed. In addition, the administrator must envision how each site may further subdivide the network to support the subnetworks in each site. Development of this hierarchical addressing scheme requires careful consideration and planning. The network must recursively work its way down so that each level has enough space in the host address to support each requirement. This hierarchical addressing scheme is sometimes referred to as variable length subnet masking (VLSM). If this hierarchical scheme is planned correctly before deployment, the multiple networks can then be aggregated into a single address that will help to reduce the number of routing entries in the backbone routers.
Scalable IP Networks v2.01
Module 4 - 44
Supporting VLSM
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
45
All rights reserved © 2008 Alcatel-Lucent
Using subnet masks of different lengths introduces a new set of challenges. For example, how do the different subnets and their various extended prefixes get advertised throughout the network? This requires the use of more modern routing protocols. The routing protocol used must be able to: Carry the extended prefixes with each subnet advertised Make forwarding decisions based on the longest match Perform summarization to support route aggregation Modern routing protocols such as OSPF, IS-IS, and RIPv2 carry the subnet mask in the routing update and therefore, support VLSM.
Scalable IP Networks v2.01
Module 4 - 45
VLSM - Example 1 In this example, the service provider is allocated an IP address of 172.16.0.0/16 The organization requires five subnets; each subnet needs at least 2000 hosts
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
46
All rights reserved © 2008 Alcatel-Lucent
In a typical Class B network, there is only one network with 65 534 hosts. This network is represented by the last 16 bits. We need five networks. To obtain the required networks, we can use some of the default Class B host bits. Three options are available: Option 1: Use 2 bits out of 16 for 2^2 = 4 networks and 2^14 = 16 384 hosts. Option 2: Use 3 bits out of 16 for 2^3 = 8 networks and 2^13 = 8192 hosts. Option 3: Use 4 bits out of 16 for 2^4 = 16 networks and 2^12 = 4096 hosts. Option 2 or 3 can be used but, because only five networks are required, option 2 is the best choice. However, if the network is expected to grow with no more than 4000 hosts in any subnet, option 3 may be a better option because the network has been designed for 16 subnets.
Scalable IP Networks v2.01
Module 4 - 46
VLSM - Example 2
The service provider has the IP address 172.16.0.0/16 and a subnet 172.16.64.0/19, which must be further subnetted into 6 subnets that support different numbers of hosts
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
47
All rights reserved © 2008 Alcatel-Lucent
In this slide, subnet 172.16.64.0/19 has been isolated and will be further subdivided to support the six subnets that are located in the local campus. The total number of hosts that are supported in the /19 network is 8190. This can be further subdivided into more subnetworks, each with a smaller number of hosts. If the requirement is to have six unequal subnets, one option is as follows: 172.16.64.0/20 2^12 – 2
=
4094
172.16.80.0/21 2^11 – 2
=
2046
172.16.88.0/22 2^10 – 2
=
1022
172.16.92.0/23 2^9
–2
=
510
172.16.94.0/24 2^8
–2
=
254
172.16.95.0/24 2^8
–2
=
254
Note that the sum of all valid hosts is 8180. This is because by dividing further, two addresses are reserved for the subnetwork number and broadcast number. The use of VLSM allows flexibility in the design of networks. Not all subnetworks or networks require the same number of hosts.
Scalable IP Networks v2.01
Module 4 - 47
IP Subnets using VLSM - Exercise 1
The base network address is 138.120.0.0/16 Divide the address space into the subnets as shown in the figure
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
48
All rights reserved © 2008 Alcatel-Lucent
In this slide, the administrator is tasked with taking the base network address and subnetting it to support three subnets: Subnet 1, Subnet 2, Subnet 3. Then, the subnet 2 address must be further subdivided to support four subnets: Subnet 2a, Subnet 2b, Subnet 2c, Subnet 2d. The administrator must then define the first, last, and broadcast addresses for the second sub-subnet. Subnet 1 network address ______________________ Subnet 2 network address ______________________ Subnet 3 network address ______________________ Subnet 2a network address ______________________ Subnet 2b network address ______________________ Subnet 2c network address ______________________ Subnet 2d network address ______________________ Subnet 2b First host address ___________________ Last host address ___________________ Broadcast address __________________
Scalable IP Networks v2.01
Module 4 - 48
IP Subnets using VLSM - Exercise 2 Using 10.10.10.0/24 as the base address, provide the IP subnet addresses
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
49
All rights reserved © 2008 Alcatel-Lucent
In this slide, the administrator is tasked with taking the base network address and subnetting it to support six subnets, ensuring that each subnet will support its host requirements. The next task for the administrator is to take one of the subnets and further subdivide it to support the point-to-point links that join the subnet routers to the main router. Given the IP address, use VLSMs to extend the use of the address. Provide a possible address for each of the following: • HQ Æ A ________________________ • HQ Æ B ________________________ • HQ Æ C ________________________ • HQ Æ D ________________________ • HQ Æ E ________________________ • HQ Æ F ________________________ • Router A LAN ________________________ • Router B LAN ________________________ • Router C LAN ________________________ • Router D LAN ________________________ • Router E LAN ________________________ • Router F LAN ________________________
Scalable IP Networks v2.01
Module 4 - 49
Layer 3 and IP Services Section 5 — Route Aggregation
Route Aggregation Overview Classless interdomain routing Route aggregation Use cases
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
51
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 51
Classless Interdomain Routing
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
52
All rights reserved © 2008 Alcatel-Lucent
With the rapid expansion of the Internet, IPv4 addresses were quickly becoming depleted and the sizes of routing tables were expanding exponentially. The response to these problems was the development and adaptation of Classless Interdomain Routing (CIDR). CIDR eliminated the concept of address classes and replaced it with the concept of network prefixes. Rather than the first 3 bits defining the network mask, the network prefix now defines the network mask. This prefix mask is a method of defining the leftmost contiguous bits in the network portion of the routing table entry. By eliminating the concept of address classes, CIDR provided a more efficient allocation of the IP address space. In addition, CIDR supports the concept of route aggregation, which allows a single route entry to represent multiple networks.
Scalable IP Networks v2.01
Module 4 - 52
Route Aggregation
Routing Table 10.15.24.0/24 10.15.25.0/24 10.15.26.0/24 10.15.27.0/24 10.15.28.0/24 10.15.29.0/24 10.15.30.0/24 10.15.31.0/24
Routing Table 10.15.24.0/21
Common bit pattern
Common Line (/21)
Network Line (/24)
10.15.24.0/24
00001010 . 00001111 . 00011 000 . 00000000
10.15.25.0/24
00001010 . 00001111 . 00011 001 . 00000000
10.15.26.0/24
00001010 . 00001111 . 00011 010 . 00000000
10.15.27.0/24
00001010 . 00001111 . 00011 011 . 00000000
10.15.28.0/24
00001010 . 00001111 . 00011 100 . 00000000
10.15.29.0/24
00001010 . 00001111 . 00011 101 . 00000000
10.15.30.0/24
00001010 . 00001111 . 00011 110 . 00000000
10.15.31.0/24
00001010 . 00001111 . 00011 111 . 00000000
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
All possible combinations are contained within the network line and the common line
53
All rights reserved © 2008 Alcatel-Lucent
As was discussed with VLSM in section 4 of this module, address planning is extremely important when subnets are first deployed. The subnets should be deployed so that they support the concept of summarization and so that, when summarization is applied, all subnets can be represented by as few entries as possible in the routing table. In this slide, Router A supports eight subnets with a /24 prefix. Rather than advertising all eight subnets, the administrator decided to implement route summarization. To see what network address or addresses will be advertised from Router A to Router B, the administrator decided to calculate what the new network prefix or prefixes should be. To implement route summarization: Define the octet that will be manipulated by the summarization. In this case, it is the third octet. Identify the original network prefix (/24). Look to the left of the prefix line and identify the area where all of the addresses have the same bit pattern. Draw a line down that portion. Look between these two lines and ensure that all possible bit patterns are contained between the two lines. If this is the case, you can then summarize those bit patterns into (in this slide) a /21 mask.
Scalable IP Networks v2.01
Module 4 - 53
Route Aggregation - Exercise
For the information on this slide, what summarized route or routes will be advertised to Router 2 from Router 1?
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
54
All rights reserved © 2008 Alcatel-Lucent
In this slide, the administrator is going to be using route summarization on Router 1. What route or routes will be advertised to Router 2?
Scalable IP Networks v2.01
Module 4 - 54
CIDR and VLSM
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
55
All rights reserved © 2008 Alcatel-Lucent
When you first look at CIDR and VLSM, they seem to both provide the same function and they are very similar. The difference between the two is how they appear to the Internet. For both CIDR and VLSM: The routing protocol must carry network-prefix information with each advertised route. All routers must support the longest-match forwarding algorithm. Addresses must be allocated to support route aggregation. The difference is how the manipulation of the address space appears to the Internet. VLSM address manipulation is performed on the address that is assigned to an organization and is invisible to the Internet. CIDR manipulates addresses, and these manipulations are advertised to the Internet.
Scalable IP Networks v2.01
Module 4 - 55
Use Case 1 - An Enterprise Leases Addressing from ISP
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
56
All rights reserved © 2008 Alcatel-Lucent
In this slide, an Enterprise in its main location leases its IP addressing from an ISP. The ISP grants the enterprise ownership to its 100.1.1.0/23 block of addresses and the Enterprise divides its address block into many ‘/27’ subnetwork blocks.
Scalable IP Networks v2.01
Module 4 - 56
LAB 2.1-2.2 IP Addressing
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
57
All rights reserved © 2008 Alcatel-Lucent
See the Alcatel-Lucent IP Scalable Networks Lab Guide
Scalable IP Networks v2.01
Module 4 - 57
Layer 3 and IP Services Section 6 - IPv4 Forwarding Process
IPv4 Forwarding Process Involves moving IP packets from one interface to another interface Requires a forwarding table
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
59
All rights reserved © 2008 Alcatel-Lucent
Forwarding and routing are often used interchangeably, however, there are differences between the two terms. Forwarding refers to the process of moving transit packets from one interface to another interface. The forwarding process includes accessing the forwarding table, making the forwarding decision, and sending the packet out of an interface. For a typical router to forward packet, the router must be able to build routing tables by using routing protocols. The 7750 SR creates a routing table in the CPM card and then loads the routing table into a forwarding table on each IOM card.
Scalable IP Networks v2.01
Module 4 - 59
IP Forwarding Table
A:P1# show router fib 1 A:P1# show router fib 1 =============================================================================== =============================================================================== FIB Display FIB Display =============================================================================== =============================================================================== Prefix Protocol Prefix Protocol NextHop NextHop ------------------------------------------------------------------------------------------------------------------------------------------------------------10.10.10.1/32 LOCAL 10.10.10.1/32 LOCAL 10.10.10.1 (system) 10.10.10.1 (system) 10.10.10.2/32 OSPF 10.10.10.2/32 OSPF 10.12.0.2 (toP2) 10.12.0.2 (toP2) 10.10.10.3/32 OSPF 10.10.10.3/32 OSPF 10.13.0.2 (toP3) 10.13.0.2 (toP3) 10.12.0.0/24 LOCAL 10.12.0.0/24 LOCAL 10.12.0.0 (toP2) 10.12.0.0 (toP2) 10.13.0.0/24 LOCAL 10.13.0.0/24 LOCAL 10.13.0.0 (toP3) 10.13.0.0 (toP3) 10.23.0.0/24 OSPF 10.23.0.0/24 OSPF 10.13.0.2 (toP3) 10.13.0.2 (toP3) 10.34.0.0/24 OSPF 10.34.0.0/24 OSPF 10.13.0.2 (toP3) 10.13.0.2 (toP3) 192.168.1.0/24 LOCAL 192.168.1.0/24 LOCAL 192.168.1.0 (toPE1) 192.168.1.0 (toPE1) ------------------------------------------------------------------------------------------------------------------------------------------------------------Total Entries : 8 Total Entries : 8 -------------------------------------------------------------------------------------------------------------------------------------------------------------
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
60
All rights reserved © 2008 Alcatel-Lucent
This slide shows the output of the forwarding table on line card 1 of the 7750 SR-7. When a packet enters the router by way of the line card, the packet destination IP address is compared with the contents in the forwarding table. If there is a match (longest match) with a prefix in the forwarding table, the packet is switched to the interface shown above as the next hop. For example, if the incoming packet has a destination IP address of 10.12.0.12, the destination IP address matches the prefix 10.12.0.0/24 because 24 bits are compared. The packet will be switched to the toP2 interface and sent out from the toP2 interface.
Scalable IP Networks v2.01
Module 4 - 60
Packet Forwarding in Detail
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
61
All rights reserved © 2008 Alcatel-Lucent
Packet forwarding includes the following key actions: 1. Data link layer frame validation: basic frame length and FCS verification, as well as the frame sanity checks When a router receives a frame from a LAN, the first step is to read the destination MAC address to ensure that the router is the intended recipient of the frame. The next step, assuming that the router is the intended recipient of the frame, is to check the FCS to see whether there are any errors related to the frame. If there are errors, the router discards the frame at this point. 2. Network-layer protocol demultiplexing: determination of the upper protocol that needs to receive encapsulated data This step is performed after the L2 information is removed so that the payload, is handed to the correct upper layer. 3. IP packet validation: basic IP header verification A check is performed to determine whether this is an IP packet. The version and ToS fields are examined and removed. The TTL field should be greater than 1; if the TTL = 1, the packet is discarded because this packets TTL is finished. 4. Forwarding decision: forwarding table lookup Check the forwarding table. If there is a match between the destination IP address in the packet and one of the prefixes (every entry is checked), the egress interface is chosen. 5. Data link frame construction: packet encapsulation The IP packet is now encapsulated in the L2 frame that corresponds to the egress interface. If the interface is Ethernet, new source and destination MAC addresses are added including the type field, and a new FCS is generated. The packet is sent to the physical layer for transport.
Scalable IP Networks v2.01
Module 4 - 61
Layer 3 and IP Services Section 7 - IP in Home and Small Businesses
IP in Home and Small Business - Overview Use of IP in Home and Small Businesses Default Gateway Home Network Evolution Address Translation Address Assignment DHCP
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
63
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 63
Use of IP for Home and Business Protocol of choice for routing over the Internet Used extensively in service provider and carrier core networks Commonly used in the enterprise space Gaining popularity in the home network Has evolved from only Internet access to providing various services to the home and business/enterprise Used to deliver phone, television, and other multimedia services
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
64
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 64
Default Gateway Access to the Internet or any general network router H:\>ipconfig H:\>ipconfig Windows IP Configuration Windows IP Configuration Ethernet adapter Local Area Connection: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : bell.ca Connection-specific DNS Suffix . : bell.ca IP Address. . . . . . . . . . . . : 70.120.132.235 IP Address. . . . . . . . . . . . : 70.120.132.235 Subnet Mask . . . . . . . . . . . : 255.255.248.0 Subnet Mask . . . . . . . . . . . : 255.255.248.0 Default Gateway . . . . . . . . . : 70.120.128.1 Default Gateway . . . . . . . . . : 70.120.128.1
H:\>ipconfig H:\>ipconfig Windows IP Configuration Windows IP Configuration Ethernet adapter Local Area Connection: Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : bell.ca Connection-specific DNS Suffix . : bell.ca IP Address. . . . . . . . . . . . : 70.120.132.236 IP Address. . . . . . . . . . . . : 70.120.132.236 Subnet Mask . . . . . . . . . . . : 255.255.248.0 Subnet Mask . . . . . . . . . . . : 255.255.248.0 Default Gateway . . . . . . . . . : 70.120.128.1 Default Gateway . . . . . . . . . : 70.120.128.1
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
65
All rights reserved © 2008 Alcatel-Lucent
This slide shows a very simple home network. There are two home PCs that are connected to an L2 switch. The switch is then connected to a router, which is located in the service provider boundary. The demarcation point is the router interface towards the L2 hub. The L2 hub is owned by the home user. In order to communicate to the Internet, each of the PCs need a unique routable IP address. For traffic from the PCs to the general Internet, a designated router address is provided, which is the default gateway. The IP address is the address of the interface on the ISP router that faces the home network. Since the home PCs are on the same network, they can communicate with each other without accessing the Internet. For the home PC to access the eBay site, the IP packet composed will contain the source address of the PC, and the destination address of eBay (76.67.217.148). The PC does not know where the server for eBay exists and the packet is directed to the default gateway, which knows where to forward the packet.
Scalable IP Networks v2.01
Module 4 - 65
Home Network Evolution Home networks today use IP routing in the home environment Require a home-based router and Address Translation
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
66
All rights reserved © 2008 Alcatel-Lucent
Modern home networks, such as the one shown in this slide, support multiple services. These services can be delivered on a one technology by a one provider or by multiple service providers. Home networks have evolved from a PC that is connected to a modem or a switch to multiple PCs, home televisions, digital phones all connected via one L2 technology to a home router that is managed at the home and not the service provider. The router on one side connects to the home network and on the other side connects to the service provider access devices. In this case, the demarcation point is the modem. All the services (in this single provider multiple services scenario) are sent to the modem via DSL or cable. Every device in the home in the scenario requires an IP address in order to connect to the Internet. There are several disadvantages: It is not financially viable to have a unique public IP routed address. Also, this is not scalable. For the traffic to be received by each device, the ISP needs to monitor every home device for a single access point. The ISP is typically not interested in maintaining multiple IP addresses for the average home user. The best scalable solution for now is a home-managed router, which assigns private IP addresses to each of the home devices and has a public IP address that represents the home to the ISP. This is possible by using Network Address Translation or Port Address Translation.
Scalable IP Networks v2.01
Module 4 - 66
Network Address Translation
One-to-one address translation Does not monitor transport layer port numbers
Alcatel-Lucent Scalable IP Networks v2.01
NAT NATTable Table Public pool: 192.1.1.1 Public pool: 192.1.1.1——192.1.1.254 192.1.1.254/24 /24 Internal External Internal External 10.1.1.1 10.1.1.1 192.1.1.2 192.1.1.2 10.1.1.2 10.1.1.2 192.1.1.3 192.1.1.3 10.1.1.3 10.1.1.3 192.1.1.4 192.1.1.4
Module 4 |
67
All rights reserved © 2008 Alcatel-Lucent
NAT is defined in RFCs 2663 and 3022. It is important to note that the 7750 SR does not currently support Network address translation (NAT) or Port address translation (PAT). This feature is generally found in enterprise routers, and the 7750 SR is not an enterprise router. The 7750 SR is not generally placed at that level of a network. There are currently no plans for the 7750 SR to support NAT or PAT. However, NAT and PAT generally appear in the network infrastructure, and, therefore, network experts should have a generic understanding of their purpose. NAT and PAT were created to alleviate the stresses of IP address allocation. Working closely with the private IP address ranges, NAT and PAT allow for private IP addresses to be translated into public IP addresses. This translation can be in one of two forms. The first form of translation is “one-to-one” translation, also known as NAT. One private IP address is translated to one public IP address. In this form, the transport-layer port numbers are not monitored or modified. This allows all applications to function normally without any change to the upper layers. The disadvantage of this form of translation is that there must be a pool of available IP addresses to support all the private IP-addressed clients. If all of the IP addresses in the pool are in use and there is a new NAT requirement, it will fail because there is no available IP address in the pool of public IP addresses. In this example of NAT, the range of public IP addresses is from 192.1.1.2 to 192.1.1.254. Each client that sends traffic through the router is mapped to one IP address in the pool. If 253 clients are actively sending traffic through the router and if the 254th client tries to send traffic out the router, the request will time out because there are no available public IP addresses to use for NAT. Although this limits the number of clients that can simultaneously use this NAT router, it does not limit the types of applications that each client can use.
Scalable IP Networks v2.01
Module 4 - 67
Port Address Translation
Many-to-one address translation Monitors transport layer port numbers
Alcatel-Lucent Scalable IP Networks v2.01
PAT PATTable Table Public pool: 192.1.1.5/32 Public pool: 192.1.1.5/32(Int. (Int.1/1/1) 1/1/1) Internal External Internal External 10.1.1.1:1101 10.1.1.1:1101 192.1.1.5:2203 192.1.1.5:2203 10.1.1.2:1212 10.1.1.2:1212 192.1.1.5:2204 192.1.1.5:2204 10.1.1.3:1212 10.1.1.3:1212 192.1.1.5:2205 192.1.1.5:2205
Module 4 |
68
All rights reserved © 2008 Alcatel-Lucent
The second form of translation is “many-to-one”, also known as Port address translation (PAT). One public IP address supports multiple private IP addresses simultaneously. To accomplish this, the router must not only map the IP address of the client device, but the router must also map the port number in use by the client. As translation occurs, the IP address is changed to one public IP address. To keep track of the multiple streams of traffic from client devices, the port numbers are mapped to unique port numbers in the database. This port change is transparent to the client. Most modern applications do not have a problem with the change of port. However, some applications (mostly legacy applications) require specific source and destination port numbers. If the router modifies the source port to a port that differs from the port that the application expects or requires, the application may not function correctly.
Scalable IP Networks v2.01
Module 4 - 68
Addressing in a Routed Home Network
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
69
All rights reserved © 2008 Alcatel-Lucent
The router interface that faces the ISP, which is sometimes referred to as the WAN side, has a public IP address of 70.120.122.11/24. The router interfaces that face the home network are based on the 192.168.10.0/24 subnet and each device, including the router interface, has an IP address from the 192.168.10.0/24 subnet. The default gateway that is programmed into every IP device for Internet access is the router interface address that faces the home network, which, in this case, is 192.168.10.254/24. When any device attempts a TCP/UDP connection to the Internet, the home router handles the address translation by using a port address translation table.
Scalable IP Networks v2.01
Module 4 - 69
Accessing the Internet
How does the home router/gateway/PC receive a public routed IP address from the Service Provider ?
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
70
All rights reserved © 2008 Alcatel-Lucent
Every home router and PC that needs to connect to the Internet requires a public IP address. These IP addresses must be requested from the IANA and its regional subsidiaries. A home user does not request an IP address from the IANA, instead the user requests an IP address from a service provider. The service provider is assigned IP address blocks depending on their size and business requirements. A home address is assigned one IP address or multiple IP addresses depending on their service plan. The home router can also have a static IP address assigned by the service provider. However in most cases the IP addresses are distributed via a Dynamic means. In the former case the IP address is reserved for the particular home and programmed by the home user. In the latter case a protocol is used by the home router and an IP address is assigned by the service provider depending on the protocol parameters. The protocol is known as Dynamic Host control Protocol (DHCP).
Scalable IP Networks v2.01
Module 4 - 70
DHCP
Alcatel-Lucent Scalable IP Networks v2.01
DISCOVER
MAC address of home router
OFFER
IP address offered by ISP
REQUEST
Formal IP address request
ACK
Final confirmation of IP address
Module 4 |
71
All rights reserved © 2008 Alcatel-Lucent
DHCPDISCOVER— The DHCP client initiates the process by broadcasting a datagram that is destined for UDP port 68 (used by BOOTP and DHCP servers). This first datagram is known as a DHCP discover message, which is a request to any DHCP server that receives the datagram for configuration information. The DHCP discover datagram contains many fields, but the most field important contains the MAC address of the DHCP client. DHCPOFFER— A DHCP server, which is configured to lease addresses for the network that the client computer resides on, constructs a response datagram known as a DHCP offer and sends the datagram via broadcast to the computer that sent the DHCP discover. This broadcast is sent to UDP port 67 and contains the MAC address of the DHCP client. The DHCP offer also contains the MAC and IP addresses of the DHCP server, and the values for the IP address and subnet mask that are offered to the DHCP client. At this point, the DHCP client can receive several DHCP offers, assuming there are multiple DHCP servers with the capability to offer the DHCP client an IP address. In most cases, the DHCP client accepts the first DHCP offer that arrives. DHCPREQUEST— The client selects an offer, and constructs and broadcasts a DHCP request datagram. The DHCP request datagram contains the IP address of the server that sent the offer and the physical address of the DHCP client. The DHCP request performs two basic tasks. First of all, the request informs the selected DHCP server that the client requests the server to assign an IP address (and other configuration settings) to the DHCP client. Secondly, the request notifies the other DHCP servers with outstanding offers that their offers were not accepted. DHCPACK— When the DHCP server, from which the offer was selected, receives the DHCP request datagram, the server constructs the final datagram of the lease process. This datagram is known as a DHCP ACK (short for acknowledgement). The DHCP ACK includes an IP address and subnet mask for the DHCP client. Optionally, the DHCP client is often also configured with IP addresses for the default gateway, several DNSs, and possibly one or two WINS. In addition to IP addresses, the DHCP client can receive other configuration information such as a NetBIOS node type, which can change the order of NetBIOS name resolution. (…continued on slide 74) Scalable IP Networks v2.01
Module 4 - 71
DHCP
Alcatel-Lucent Scalable IP Networks v2.01
DISCOVER
MAC address of home router
OFFER
IP address offered by ISP
REQUEST
Formal IP address request
ACK
Final confirmation of IP address
Module 4 |
72
All rights reserved © 2008 Alcatel-Lucent
(….continued from slide 73) The DHCP servers maintain a list of assigned IP addresses and the term of each lease. Before the lease expiration, the client that requested an IP address via DHCP requests an IP address again. The server can choose to assign a different IP address or the IP address that was previously assigned. For a home gateway router that does address translation, the home router performs the role of a client to the service provider. The home router also performs the role of a DHCP server to the home devices. IP-enabled devices at home request IP addresses from the home router, which assigns IP addresses in the private range.
Scalable IP Networks v2.01
Module 4 - 72
Layer 3 and IP Services Section 8 - Other Protocols that Support IP Operation
Other Protocols ICMP ARP
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
74
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 74
ICMP Overview Defined in RFC 792 Core IP application protocol used mainly to report errors in delivering IP datagrams (RFC 1122) Also used for diagnostic or routing purposes Required to send error control messages to routers and hosts Encapsulated in the IP packet and routed similar to a data packet The version of ICMP for IPv4 is also known as ICMPv4 because it is part of IPv4. IPv6 has an equivalent protocol, ICMPv6
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
75
All rights reserved © 2008 Alcatel-Lucent
Internet Control Message Protocol (ICMP) messages are constructed at the IP layer, usually from a normal IP datagram that generated an ICMP response. IP encapsulates the appropriate ICMP message with a new IP header (to send the ICMP message to the original sending host) and transmits the resulting datagram in the usual manner. For example, each device (such as an intermediate router) that forwards an IP datagram must decrement the TTL field of the IP header by one. If the TTL reaches 0, an ICMP “time to live exceeded in transit” message is sent to the source of the datagram. Each ICMP message is encapsulated directly in one IP datagram, and therefore, as with UDP, ICMP does not guarantee delivery. Although ICMP messages are contained in standard IP datagrams, ICMP messages are usually processed as a special case, differentiated from normal IP processing, rather than processed as a normal subprotocol of IP. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application that generated the original IP packet (that is the application that prompted the sending of the ICMP message).
Scalable IP Networks v2.01
Module 4 - 75
ICMP Message Type 8 and Type 0 (Echo Request and Reply)
Host device sends an echo request to the destination device Destination device sends an echo reply
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
76
All rights reserved © 2008 Alcatel-Lucent
Echo request and echo reply messages are very frequently used. A host or router sends an ICMP echo request message to a specified destination. Any device that receives an echo request generates an echo reply and returns the reply to the original sender. The request contains an optional data area, and the reply contains a copy of the data sent in the request. The echo request and reply can, therefore, be used to test whether a destination is reachable. The echo request and reply are sent via IP datagrams. Assumptions: The IP software on the source computer must route the datagram. The intermediate routers between the source and destination must be operating and must route the datagram correctly. The destination device must be running, and both the ICMP and IP software must be working. All routers along the path must have the correct routes. Ping is the most common way to send an ICMP echo request. The command usually sends a series of echo request messages and captures the corresponding echo replies. Ping then calculates the data loss statistics.
Scalable IP Networks v2.01
Module 4 - 76
ICMP Message Type 3 (Destination Unreachable)
Normal IP packet flow from Host A to Host B Destination link is broken ICMP destination unreachable message is sent to source Destination link is repaired Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
77
All rights reserved © 2008 Alcatel-Lucent
The destination unreachable message is used to inform the sending host that the destination address cannot be reached. For example, if the destination device connects to an Ethernet network, the network hardware does not provide ACKs. Therefore, a router can continue to send packets to a destination even after the destination is powered down without receiving an indication that the destination is down. The destination unreachable message contains a code field that provides additional information as to why the packet was not delivered. For example: If a router does not have a route to the destination network, the router will return destination unreachable, code 0 (network unreachable). If the router connected to the destination network does not receive a reply to its ARP request for the destination address, the router will send a destination unreachable code 1 (host unreachable). If the packet must transit a network where the MTU is less than the IP datagram size and the DF flag (Don’t Fragment) is set in the IP header, the router drops the packet and returns a destination unreachable code 4 (fragmentation required and DF flag set).
Scalable IP Networks v2.01
Module 4 - 77
ARP Overview Resolves a host/gateway MAC address for a given IP address Required in a broadcast Ethernet LAN See RFC 826 and RFC 1122
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
78
All rights reserved © 2008 Alcatel-Lucent
The Address Resolution Protocol (ARP) is defined in RFC 826. However, RFC 826 contained some ambiguities which were clarified in RFC 1122 (Host Network Requirements). Therefore, ARP implementations need to incorporate both RFC 826 and RFC 1122 in order to work reliably and consistently with other implementations. RFC 826 introduced the concept of an ARP as a useful way for devices to locate the Ethernet hardware address of another IP host on the same LAN. All LAN media and many WAN media now use ARP to locate the hardware addresses of other IP devices on the LAN. When a device needs to send an IP packet to another device on the LAN, the IP stack software first checks whether it knows the hardware address that is associated with the destination IP address. If so, the sender transmits the data to the destination system, using the protocols and addressing appropriate for the network medium used by the two devices. However, if the destination system's hardware address is not known, the IP stack software must locate the address before any data can be sent. At this point, IP uses ARP to locate the hardware address of the destination system.
Scalable IP Networks v2.01
Module 4 - 78
Using ARP Host 1 needs to ping Host 2?
Which host has 192.168.10.4? 192.168.10.4 is 00:00:11:22:33:AB
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
79
All rights reserved © 2008 Alcatel-Lucent
ARP performs this task by sending a broadcast to the network, requesting (ARP request) the system that is using the specified IP address to respond with its hardware address. If the destination system is powered up and on the network, the system will detect this broadcast (as will all of the other devices on the LAN), and will return an ARP response to the original system. Note that the response is not broadcast over the network, but is sent directly to the requesting system. All of the local IP devices must monitor the network for ARP broadcasts and, if THEY detect a request for themselves (as indicated in the destination IP address field of the ARP request), the devices must generate a response packet and send the packet to the requesting system. The response packet consists of the local device's IP and hardware addresses. The response is also marked as such, with the messagetype field indicating that the current packet is an ARP response. The new ARP packet is then unicast directly to the original requester, where the packet is received and processed. In this slide, Host 1 tries to ping Host 2. Host 1 checks its cache of MAC addresses for the destination MAC address of Host 2. If the MAC address is not in the cache, Host 1 sends an ARP request message. The ARP request is a broadcast message that is sent to all hosts in the broadcast domain. Each host opens the frame and checks the destination IP address. If the address is not the host's address, the host ignores the packet. However, when Host 2 receives the request with its own IP address, it sends an ARP reply. This ARP reply is carried in a frame that has for its destination the MAC address of Host 1, and the source is the MAC address of Host 2. When the reply is received, Host 1 learns the MAC address of Host 2 and can now transmit the ICMP message in a frame with the MAC address to Host 2.
Scalable IP Networks v2.01
Module 4 - 79
ARP Cache
Host 1 ARP cache 192.168.10.4
00:00:11:22:33:AB
192.168.10.3
00:00:11:22:33:CC
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
80
All rights reserved © 2008 Alcatel-Lucent
When the requesting system receives an ARP response, the system stores the hardware and IP address pair of the requested device in a local cache. The next time that the system needs to send data, the system will check the local cache and, if an entry is found, the system will use the entry, which eliminates the need to broadcast another request. Similarly, the system that responded to the ARP broadcast will store the hardware and IP addresses of the system that sent the original broadcast. However, IP addresses that are assigned to a host may not be static and may move from host to host. If the ARP cache is not timed out, the source may be unable to send its traffic to the correct destination host. Several strategies exist that can alleviate the situation but they are outside the scope of this course. Host 1 maintains an ARP cache that has the MAC addresses for hosts 4 and 2. Therefore, Host 1 does not need to send an ARP request for these hosts. However, if Host 1 needs to send traffic to Host 3, Host 1 will use ARP to get Host 3’s hardware/MAC address and then insert the addresses in its ARP cache.
Scalable IP Networks v2.01
Module 4 - 80
Using ARP with a Router Host 1 needs to ping Host 7 in a remote network?
4
1
6
9
5 2 9
3
8
192.168.10.99
00:00:11:22:33:99
172.16.20.99
00:00:66:77:88:99
192.168.10.1
00:00:00:00:00:01
172.16.20.2
00:00:00:00:00:02
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
81
7
All rights reserved © 2008 Alcatel-Lucent
In the previous slide, we discussed the use of the ARP in the same subnet. What happens if the distant host is not in the same subnet, as shown in this slide? Host 1 needs to send traffic to Host 7, which is in a remote broadcast domain. Host 1 needs to know whether Host 7 can be reached. Host 1 tries to ping Host 7. However, in the absence of an ARP entry for 172.16.20.2, Host 1 needs to send an ARP request. Because 172.16.20.2 is not in the local broadcast domain, Host 1 sends an ARP request (1) for its default gateway which is the router interface, as shown in this slide. Host 1 and Host 3 are programmed with a default gateway address in case they need to connect to hosts that are outside their local domain. Note that for a local host to contact a remote host, the local host sends an ARP request to the default gateway. The router receives the broadcast on its interface in the 192.168.10.0 domain and sends an ARP response (2) with its MAC address. Host 1 can now form the IP packet to send to Host 7. The router uses its forwarding table and forwards the packet out of the second interface. However, the router does not have an ARP entry for the host 172.16.20.2. Therefore, the router uses its L3 interface and MAC address to send the ARP request (5) in this broadcast domain. When Host 7 receives the broadcast, it responds with a unicast ARP response (6) to the router. The ARP only works within the scope of a broadcast domain. Therefore, the response is not forwarded by a router. The router, similar to the hosts, maintains an ARP cache listing (3, 7) all of the entries in its broadcast domain. Host 1 can now send an IP packet (Echo Request) (4) and obtain an Echo Response (9) from Host 7.
Scalable IP Networks v2.01
Module 4 - 81
ARP Request Packet
Frame Frame 31 31 (60 (60 bytes bytes on on wire, wire, 60 60 bytes bytes captured) captured) Ethernet II, Src: 00:04:80:9f:78:00, Ethernet II, Src: 00:04:80:9f:78:00, Dst: Dst: ff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff Destination: Destination: ff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff Source: Source: 00:04:80:9f:78:00 00:04:80:9f:78:00 Type: Type: ARP ARP (0x0806) (0x0806) Trailer: Trailer: 000000000000000000000000000000000000 000000000000000000000000000000000000 Address Address Resolution Resolution Protocol Protocol (request) (request) Hardware type: Ethernet Hardware type: Ethernet (0x0001) (0x0001) Protocol Protocol type: type: IP IP (0x0800) (0x0800) Hardware Hardware size: size: 66 Protocol size: Protocol size: 44 Opcode: Opcode: request request (0x0001) (0x0001) Sender Sender MAC MAC address: address: 00:04:80:9f:78:00 00:04:80:9f:78:00 Sender Sender IP IP address: address: 138.120.53.253 138.120.53.253 Target Target MAC MAC address: address: 00:00:00_00:00:00 00:00:00_00:00:00 Target Target IP IP address: address: 138.120.53.149 138.120.53.149
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
82
All rights reserved © 2008 Alcatel-Lucent
In this slide, a host with IP address 138.120.53.253 is attempting to resolve the MAC address for a host with IP address 138.120.53.149. The destination MAC address of the Ethernet II frame is sent to the broadcast address ff:ff:ff:ff:ff:ff. All devices in the same broadcast domain will receive this frame. Only the host with IP address 138.120.53.149 will reply. The Type for ARP is 0x0806 and indicates which protocol is transported in the Ethernet II frame. ARP Packet Hardware type - Each L2 protocol is assigned a number that is used in this field; for example, Ethernet is 1. Protocol type - Each protocol is assigned a number that is used in this field; for example, IP is 0x0800. Hardware size – Size, in bytes, for hardware addressing. Ethernet addresses are 6 bytes. Protocol size – Size, in bytes, for logical addressing. IPv4 addresses are 4 bytes. Opcode - Operation that the sender is performing. A value of 1 is for an ARP request and a value of 2 is for an ARP reply. Sender MAC address - MAC address of the sender Sender IP address – The protocol address of sender Target MAC address - Hardware MAC address of the intended receiver. The MAC address will be all 0’s for a request. Target IP address - Protocol address of the intended receiver
Scalable IP Networks v2.01
Module 4 - 82
ARP Reply Packet
Frame Frame 32 32 (42 (42 bytes bytes on on wire, wire, 42 42 bytes bytes captured) captured) Ethernet II, Src: 00:11:43:45:61:23, Ethernet II, Src: 00:11:43:45:61:23, Dst: Dst: 00:04:80:9f:78:00 00:04:80:9f:78:00 Destination: Destination: 00:04:80:9f:78:00 00:04:80:9f:78:00 Source: Source: 00:11:43:45:61:23 00:11:43:45:61:23 Type: Type: ARP ARP (0x0806) (0x0806) Address Address Resolution Resolution Protocol Protocol (reply) (reply) Hardware type: Ethernet Hardware type: Ethernet (0x0001) (0x0001) Protocol Protocol type: type: IP IP (0x0800) (0x0800) Hardware Hardware size: size: 66 Protocol size: Protocol size: 44 Opcode: Opcode: reply reply (0x0002) (0x0002) Sender Sender MAC MAC address: address: 00:11:43:45:61:23 00:11:43:45:61:23 Sender Sender IP IP address: address: 138.120.53.149 138.120.53.149 Target Target MAC MAC address: address: 00:04:80:9f:78:00 00:04:80:9f:78:00 Target Target IP IP address: address: 138.120.53.253 138.120.53.253
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
83
All rights reserved © 2008 Alcatel-Lucent
In this slide, the packet is the ARP reply in response to the ARP request on the previous slide. The Ethernet frame is a unicast frame and is sent only to the MAC address of the ARP request sender. All of the fields in the ARP reply packet have the same meaning as the fields in the ARP request packet. The main differences in the APR reply packet are: the Opcode (2 is for a request) and the pack contains MAC addresses for the sender and the target. Note that the sender and target addresses have been swapped.
Scalable IP Networks v2.01
Module 4 - 83
Layer 3 and IP Services Section 9 - IP Filters
IP Filters Overview IP Filters Filter Operation IP Filter Configuration Components Configuring an IP Filter Applying an Filter on an Interface Show Filter IP Command
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
85
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 85
IP Filters Filter policies (also known as ACLs) are implemented on the 7750 SR Applied to interfaces Can be applied on inbound traffic, outbound traffic, or both Default is that a filter is not applied to interfaces Same filter can be used on multiple interfaces
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
86
All rights reserved © 2008 Alcatel-Lucent
Filters, also known as access control lists (ACL), are templates that are applied to services or network ports to control network traffic into (ingress) or out of (egress) a SAP or network port based on IP and MAC match criteria. Filters are applied to examine packets that are entering or leaving a SAP or network interface. Filters can be used on several interfaces. The same filter can be applied to ingress traffic, egress traffic, or both. Ingress filters affect only inbound traffic that is sent to the routing complex, and egress filters affect only outbound traffic that is sent from the routing complex. Configuring a service or network port with a filter is optional. If a service or network port is not configured with filter policies, all traffic is allowed on the ingress and egress interfaces. By default, no filters are associated with services or interfaces; the filters must be explicitly created and associated with the service or interface. When you create a filter, default values are provided although you must specify a unique filter ID for each new filter policy, each new filter entry, and the associated actions. The filter entries specify the filter match criteria. Only one ingress filter policy and one egress filter policy can be applied to a SAP or network interface. You can modify filter policies and entries. Network filter policies control the forwarding and dropping of packets based on IP match criteria. The IP match criteria are not applied to non-IP packets. Therefore, the default action in the filter policy applies to the non-IP packets.
Scalable IP Networks v2.01
Module 4 - 86
Filter Operation
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
87
All rights reserved © 2008 Alcatel-Lucent
A filter policy compares the match criteria specified in a filter entry to the packets that are entering the system, in the order that the entries are numbered in the policy. When a packet matches all of the parameters in the entry, the system performs the specified action to drop or forward the packet. If a packet does not match the entry parameters, the packet continues through the filter process. If the packet does not match any of the entries, the system performs the specified default action. Each filter policy is assigned a unique filter ID. Each filter policy is defined with: Scope Default action Description At least one filter entry Each filter entry contains: Match criteria An action Filter-entry match criteria can be as general or specific as required, but all of the conditions in the entry must be met for the packet to be a match and the specified entry action performed. The process stops when the first complete match is found. Then the action defined in the entry is performed, that is, the packets that match the criteria are dropped or forwarded. Up to 65 535 IP and 65 535 MAC filter IDs (unique filter policies) can be defined. Each filter ID can contain up to 65 535 filter entries. As few or as many match parameters can be specified as required, but all of the conditions must be met for the packet to be a match and the specified action performed. The process stops when the first complete match is found and the action that is defined in the entry is performed. IP filter policies match criteria that associate traffic with an ingress or egress SAP. (…continued on slide 90) Scalable IP Networks v2.01
Module 4 - 87
Filter Operation
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
88
All rights reserved © 2008 Alcatel-Lucent
(…continued from slide 89) Match criteria to drop or forward IP traffic include: Source IP address and mask — The values can be entered as search criteria. Address ranges are configured by specifying network prefix values. The prefix mask length is expressed as an integer (range 0 to 32). Destination IP address and mask — The values can be entered as search criteria. Address ranges are configured by specifying network prefix values. The prefix length is expressed as an integer (range 0 to 32). Protocol — The protocol (for example, TCP, UDP) allows the filter to search for the specified protocol. Source port/range — The source port number or range allows the filter to search for the matching TCP or UDP port and range values. Destination port/range —The destination port number or range allows the filter to search for the matching TCP or UDP values. DSCP marking — A DSCP marking allows the filter to search for the specified DSCP. ICMP code — An ICMP code allows the filter to search for the matching ICMP code in the ICMP header. ICMP type — An ICMP type allows the filter to search for the matching ICMP type in the ICMP header. Fragmentation — When fragmentation matching is enabled, a match occurs when packets are set to the more fragment bit set or the fragment offset field of the IP header is set to a non-zero value.
Scalable IP Networks v2.01
Module 4 - 88
IP Filter Configuration
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
89
All rights reserved © 2008 Alcatel-Lucent
Filter implementation considerations: Creating a filter policy is optional. A filter must be explicitly associated with a service for the packets to be matched. Each filter policy must consist of at least one filter entry. Each entry represents a collection of filter match criteria. When packets enter the ingress or egress ports, packets are compared to the criteria that are specified in the entry or entries. When you configure a large (complex) filter, it may take a few seconds to load the filter policy configuration and for configuration to be implemented. The action keyword must be entered for the entry to be active. A filter entry without the action keyword is considered incomplete and is inactive.
Scalable IP Networks v2.01
Module 4 - 89
Components Major components of a filter policy Filter ID y Description y Entry y Scope y Default action
Entry ID y Description y Action y Packet-matching criteria
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
90
All rights reserved © 2008 Alcatel-Lucent
Filter ID Filter ID (mandatory) — The value that identifies the filter Description (optional) — A brief overview of the filter features Scope (mandatory) — A filter policy must be defined with an exclusive scope for one-time use, or a template scope, which enables the policy to use with multiple SAPs and interfaces. Default action (mandatory) — The action to be applied to packets when no action is specified in the IP or MAC filter entries, or when the packets do not match the specified criteria Entry ID (one or more) represents a collection of filter match criteria. Packet matching starts the comparison process with the criteria specified in the lowest entry ID. Entries identify attributes that define matching conditions and actions. All of the criteria in the entry must match the specified action to be performed. Each entry consists of the following components: Entry ID (mandatory) — The value determines the order of the entry IDs in a specific filter ID, in which the matching criteria specified in the collection are compared. Packets are compared to entry IDs in ascending order. • Description (optional) — A brief overview of the entry ID criteria. • Action (mandatory) — An action parameter must be specified for the entry to be active. A filter entry without a specified action parameter is inactive. • Packet-matching criteria — You can enter and choose criteria to create a specific template through which packets are compared, and forwarded or dropped, depending on the specified action.
Scalable IP Networks v2.01
Module 4 - 90
Configuring a Descriptor for an IP Filter
To create a context for an IP filter policy, use the following command Context: Context:config>filter config>filter Syntax: Syntax: [no] [no] ip-filter ip-filter filter-id filter-id [create] [create] Example: Example:config>filter# config>filter# ip-filter ip-filter 12 12 create create
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
91
All rights reserved © 2008 Alcatel-Lucent
ip-filter Syntax [no] ip-filter filter-id [create] Context config>filter Description This command creates a configuration context for an IP filter policy. An IP filter policy specifies a forward or drop action for packets, based on the specified match criteria. An IP filter policy (also called an ACL), is a template that can be applied to multiple services or multiple network ports when the scope of the policy is template. Changes to the existing policy, using the subcommands, are applied immediately to all services to which this policy applies. Therefore, when many changes to an IP filter policy are required, we recommend that you copy the policy to a work area. You can modify the workin-progress policy and then replace the original filter policy with the revised policy. Use the config filter copy command to maintain policies. The no form of the command is used to delete the IP filter policy. A filter policy cannot be deleted until the policy is removed from all SAPs or network ports to which the policy is applied. Parameters filter-id — IP filter policy ID number Values — 1 to 65 535 create The create keyword is required when the configuration context is first created. After the context is created, you can navigate to the context without using the create keyword.
Scalable IP Networks v2.01
Module 4 - 91
Creating a Description for an IP Filter
To name an IP filter, use the following command
Context: Context:config>filter>ip-filter config>filter>ip-filter Syntax: Syntax: description description string string Example: Example:config>filter>ip-filter# config>filter>ip-filter# description description test-filter-list test-filter-list
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
92
All rights reserved © 2008 Alcatel-Lucent
description Syntax [no] description string Context config>filter>ip-filter ip-filter-id config>filter>ip-filter ip-filter-id>entry entry-id config>filter>log log-id config>filter>mac-filter mac-filter-id config>filter>mac-filter mac-filter-id>entry entry-id config>filter>redirect-policy config>filter>redirect-policy>destination Description This command creates a text description that is stored in the configuration file for a configuration context. The description command associates a text string with a configuration context to identify the context in the configuration file. The no form of the command removes the description string from the context. Default — No description is associated with the configuration context. Parameters string — The description character string is up to 80 printable, 7-bit ASCII characters and excluding double quotation marks. If the string contains spaces, use double quotation marks to delimit the start and end of the string.
Scalable IP Networks v2.01
Module 4 - 92
Configuring the Default Action
To define the default action when none of the entries matches, use the following command
Context: Context:config>filter>ip-filter config>filter>ip-filter Syntax: Syntax: default-action default-action {drop {drop || forward} forward} Example: Example:config>filter>ip-filter# config>filter>ip-filter# default-action default-action drop drop
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
93
All rights reserved © 2008 Alcatel-Lucent
default-action Syntax default-action {drop | forward} Context config>filter>ip-filter ip-filter-id config>filter>mac-filter mac-filter-id Description This command specifies the action to be performed when the packets do not match the specified criteria in all of the entries of the IP filter. When multiple default-action commands are entered, the last command overwrites the previous command. Default drop Parameters drop — All packets will be dropped unless there is a specific filter entry that causes the packet to be forwarded. forward — All packets will be forwarded unless there is a specific filter entry that causes the packet to be dropped.
Scalable IP Networks v2.01
Module 4 - 93
Defining an Entry in an IP Filter
To create an entry ID, use the following command
Context: Context:config>filter>ip-filter config>filter>ip-filter Syntax: Syntax: [no] [no] entry entry entry-id entry-id [create] [create] Example: Example:config>filter>ip-filter# config>filter>ip-filter# entry entry 12 12 create create
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
94
All rights reserved © 2008 Alcatel-Lucent
entry Syntax [no] entry entry-id [create] Context config>filter>ip-filter ip-filter-id config>filter>mac-filter mac-filter-id Description This command allows you to create or modify an IP or MAC filter entry. Multiple entries can be created using unique entry ID numbers in the filter. The Alcatel-Lucent 7750 SR implementation exits the filter at the first match and perofrms the action according to the accompanying action command. For this reason, entries must be sequenced correctly from most explicit to least explicit. An entry may not have any match criteria (in which case, everything matches) but must have at least the action keyword for the entry to be considered complete. Entries without the action keyword are rendered inactive. The no form of the command removes the specified entry from the IP or MAC filter. Default — None Parameters entry-id — A unique identifier for the match criterion and the corresponding action. We recommend that you specify multiple entries for entry IDs in staggered increments. This allows users to add an entry to a policy without renumbering existing entries. Values — 1 to 65 535 create — This keyword is required when the configuration context is first created. After the context is created, you can navigate to the context without using the create keyword.
Scalable IP Networks v2.01
Module 4 - 94
Configuring Match Criteria To define a matching criterion, use the following command
Context: Context:config>filter>ip-filter>entry config>filter>ip-filter>entry Syntax: Syntax: [no] [no] match match [protocol [protocol protocol-id] protocol-id] Example: Example:config>filter>ip-filter>entry# config>filter>ip-filter>entry# match match src-ip src-ip 10.1.1.1/32 10.1.1.1/32 config>filter>ip-filter>entry# match protocol config>filter>ip-filter>entry# match protocol tcp tcp config>filter>ip-filter>entry# config>filter>ip-filter>entry# match match src-port src-port gt gt 1023 1023
When multiple criteria are specified in an entry, all must be met (AND condition) Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
95
All rights reserved © 2008 Alcatel-Lucent
match Syntax [no] match [protocol protocol-id] Context config>filter>ip-filter ip-filter-id>entry entry-id Description This command provides the context to enter match criteria for the filter entry. When the match criteria are met, the action associated with the match criteria is performed. If more than one match criterion in a match statement is configured using the AND function, all criteria must be met before the action that is associated with the match is performed. A match context may consist of multiple match criteria, but multiple match statements cannot be entered for an entry. The no form of the command removes the match criteria for the entry ID. Parameters protocol — The protocol keyword configures an IP to be used as an IP filter match criterion. The protocol type, such as TCP or UDP, is identified by its protocol number. protocol-id — The decimal value that represents the IP to be used as an IP filter match criterion. Protocol numbers include ICMP (1), TCP (6), and UDP (17). The no form of the command removes the protocol from the match criterion. Values — 1 to 255 (expressed in decimal, hexadecimal, or binary notation). Keywords are: none, crtp, crudp, egp, eigrp, encap, ether-ip, gre, icmp, idrp, igmp, igp, ip, ipv6, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, isis, iso-ip, l2tp, ospf-igp, pnni, ptp, rdp, rsvp, stp, tcp, udp, and vrrp.
Scalable IP Networks v2.01
Module 4 - 95
Configuring the Action to be Performed
To define the action to be performed, use the following command Context: Context:config>filter>ip-filter>entry config>filter>ip-filter>entry Syntax: Syntax: [no] [no] action action [drop [drop || {forward {forward [next-hop [next-hop {ip-address | indirect {ip-address | indirect ip-address ip-address || interface interface ip-int-name ip-int-name || redirect-policy redirect-policy policy-name}]}] policy-name}]}] Example: Example:config>filter>ip-filter>entry# config>filter>ip-filter>entry# action action drop drop
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
96
All rights reserved © 2008 Alcatel-Lucent
action Syntax [no] action [drop | {forward [next-hop {ip-address | indirect ip-address | interface ip-int-name | redirect-policy policy-name}]}] Context config>filter>ip-filter ip-filter-id>entry entry-id Description This command allows you to create or modify the drop or forward action that is associated with the match criteria. The action keyword must be entered for the entry to be active. Default — No action is specified, therefore, the entry is inactive. Parameters
[drop | forward] — If neither drop nor forward is specified, the filter action is No-Op, and the filter entry is inactive.
drop — Packets that match the entry criteria will be dropped forward — Packets that match the entry criteria will be forwarded Default No-Op — Filter entry is inactive. Values next-hop ip-addr — IP address of the direct next hop to which to forward matching packets, in dotted-decimal notation interface ip-int-name — Name of the egress IP interface from which matching packets will be forwarded. This parameter is only valid for unnumbered point-to-point interfaces. redirect policy-name — Redirect policy configured in the config>filter>redirect-policy context indirect ip-addr — IP address of the indirect next hop to which to forward matching packets, in dotted-decimal notation. The direct next-hop IP address and egress IP interface are determined by a routing table lookup.
Scalable IP Networks v2.01
Module 4 - 96
Applying a Filter on an Interface
To apply a filter on the egress or ingress of an interface, use the following command Context: Context:config>router>if>ingress config>router>if>ingress config>router>if>egress config>router>if>egress Syntax: Syntax: [no] [no] filter filter ip ip ip-filter-name ip-filter-name Example Example 1: 1: config>router>if>ingress> config>router>if>ingress> filter filter ip ip 11 Example Example 2: 2: config>router>if>egress> config>router>if>egress> filter filter ip ip 22
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
97
All rights reserved © 2008 Alcatel-Lucent
egress | ingress Context config>router>interface ip-int-name [egress | ingress] filter Syntax [no] filter ip ip-filter-name Context config>router>interface ip-int-name>ingress config>router>interface ip-int-name>egress Description This command allows access to the context to configure egress and ingress network filter policies for the IP interface. If an egress or ingress filter is not defined, filtering is not performed in the corresponding direction on the interface. This command also associates an IP filter policy with an IP interface. Filter policies control packet forwarding and dropping based on IP match criteria. The ip-filter-name must be configured before the filter command is performed. If the filter ID does not exist, an error is generated. Only one filter ID can be specified. The no form of the command removes the filter policy association with the IP interface. Default — No filter is specified. Parameters ip-filter-name — The filter name acts as the ID of the IP filter policy, expressed as a decimal integer. The allowed value is an integer, from 1 to 65 535, that corresponds to a previously created IP filter policy. The filter policy must already exist in the created IP filters. Values — 1 to 65 535
Scalable IP Networks v2.01
Module 4 - 97
IP Filter Configuration Example
ALC-A# ALC-A# configure configure filter filter ALC-A>config>filter# ALC-A>config>filter# ip-filter ip-filter 11 create create ALC-A>config>filter>ip-filter$ ALC-A>config>filter>ip-filter$ description description new-filter new-filter ALC-A>config>filter>ip-filter$ default-action ALC-A>config>filter>ip-filter$ default-action drop drop ALC-A>config>filter>ip-filter$ ALC-A>config>filter>ip-filter$ entry entry 11 create create ALC-A>config>filter>ip-filter>entry$ ALC-A>config>filter>ip-filter>entry$ match match src-ip src-ip 1.2.3.0/24 1.2.3.0/24 ALC-A>config>filter>ip-filter>entry$ ALC-A>config>filter>ip-filter>entry$ match match protocol protocol tcp tcp ALC-A>config>filter>ip-filter>entry>match$ src-port ALC-A>config>filter>ip-filter>entry>match$ src-port range range 666 666 999 999 ALC-A>config>filter>ip-filter>entry>match$ ALC-A>config>filter>ip-filter>entry>match$ exit exit ALC-A>config>filter>ip-filter>entry# ALC-A>config>filter>ip-filter>entry# action action forward forward ALC-A>config>filter>ip-filter>entry# ALC-A>config>filter>ip-filter>entry# ^z ^z ALC-A# ALC-A# configure configure router router interface interface to-ALC-B to-ALC-B ALC-A>config>router>if# ALC-A>config>router>if# ingress ingress ALC-A>config>router>if>ingress# ALC-A>config>router>if>ingress# filter filter ip ip 11 ALC-A>config>router>if>ingress# ALC-A>config>router>if>ingress#
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
98
All rights reserved © 2008 Alcatel-Lucent
In this slide, IP filter 1 was created. In the filter, the default action is to drop IP packets that do not meet the explicit match settings. In the match settings, the filter checks for all traffic sourced from IP subnet 1.2.3.0 that uses TCP at the transport layer and uses application ports 666 to 999. If these criteria are met, the packet is forwarded. After the filter is created, the filter must be associated with the ingress or egress of an interface. In this slide, the filter is applied to the ingress.
Scalable IP Networks v2.01
Module 4 - 98
IP Filter Configuration Example - Denying a Subnet
RTR-B# configure filter RTR-B# configure filter RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter>ip-filter$ default-action forward RTR-B>config>filter>ip-filter$ default-action forward RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter>entry$ match src-ip 1.2.3.0/24 RTR-B>config>filter>ip-filter>entry$ match src-ip 1.2.3.0/24 RTR-B>config>filter>ip-filter>entry# action drop RTR-B>config>filter>ip-filter>entry# action drop RTR-B# RTR-B# configure configure router router interface interface toRTR-C toRTR-C RTR-B>config>router>if# ingress RTR-B>config>router>if# ingress RTR-B>config>router>if>ingress# filter ip 1 RTR-B>config>router>if>ingress# filter ip 1
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
99
All rights reserved © 2008 Alcatel-Lucent
In this slide, RTR-B is configured to stop traffic from network 1.2.3.0/24 from entering the router on interface toRTR-C. This filter blocks all traffic received from that network from passing through to any other network in the topology. All other traffic received on the toRTR-C interface is allowed to enter, which is the default action.
Scalable IP Networks v2.01
Module 4 - 99
IP Filter Configuration Example - Allowing a Client
RTR-B# configure filter RTR-B# configure filter RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter>ip-filter$ default-action drop RTR-B>config>filter>ip-filter$ default-action drop RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter>entry$ match src-ip 1.2.3.4/32 RTR-B>config>filter>ip-filter>entry$ match src-ip 1.2.3.4/32 RTR-B>config>filter>ip-filter>entry# action forward RTR-B>config>filter>ip-filter>entry# action forward RTR-B# configure router interface toRTR-A RTR-B# configure router interface toRTR-A RTR-B>config>router>if# egress RTR-B>config>router>if# egress RTR-B>config>router>if>egress# filter ip 1 RTR-B>config>router>if>egress# filter ip 1
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
100
All rights reserved © 2008 Alcatel-Lucent
In this slide, the filter has been modified to allow only traffic from host 1.2.3.4 to reach RTR-A, by applying the filter on the egress direction of RTR-B’s interface toRTR-A. All other traffic received from RTR-C will be dropped if the traffic trying to access RTR-A. However, traffic from RTR-C to Other Networks will be accepted.
Scalable IP Networks v2.01
Module 4 - 100
IP Configuration Example - Allowing Access to a Server
RTR-B# configure filter RTR-B# configure filter RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter# ip-filter 1 create RTR-B>config>filter>ip-filter$ default-action drop RTR-B>config>filter>ip-filter$ default-action drop RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter$ entry 1 create RTR-B>config>filter>ip-filter>entry$ match dst-ip 172.2.3.4/32 RTR-B>config>filter>ip-filter>entry$ match dst-ip 172.2.3.4/32 RTR-B>config>filter>ip-filter>entry# action forward RTR-B>config>filter>ip-filter>entry# action forward RTR-B# RTR-B# configure configure router router interface interface to-Other-Networks to-Other-Networks RTR-B>config>router>if# ingress RTR-B>config>router>if# ingress RTR-B>config>router>if>ingress# filter ip 1 RTR-B>config>router>if>ingress# filter ip 1
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
101
All rights reserved © 2008 Alcatel-Lucent
In this slide, traffic from Other Networks can only be sent to server 172.2.3.4. Traffic from Other Networks to any other address is dropped. However, traffic from subnet 172.2.5.0/24 behind RTR-A can reach any client/server on subnet 172.2.3.0/24 behind RTR-C.
Scalable IP Networks v2.01
Module 4 - 101
Show Filter IP Command
To examine an IP filter, use the following command
Context: Context:show>filter show>filter Syntax: Syntax: ip ip {ip-filter-id {ip-filter-id [entry [entry entry-id] entry-id] [association [association || counters]} counters]} Example: Example:show show filter filter ip ip 11
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
102
All rights reserved © 2008 Alcatel-Lucent
ip Syntax ip {mac-filter-id [entry entry-id] [association | counters]} Context show>filter Description This command displays IP filter information. Parameters ip-filter-id — Detailed information about the specified filter ID and its filter entries • Values — 1 to 65 535 entry entry-id — Information about the specified filter entry ID of the specified filter ID only • Values — 1 to 9999 association — Appends information about where the filter policy ID is applied to the detailed filter policy ID output counters — Counter information for the specified filter ID Output No Parameters Specified — When no parameters are specified, a brief list of IP filters is produced. The following slide provides an example and describes the output for the command.
Scalable IP Networks v2.01
Module 4 - 102
Show Filter IP Example ALA-1# show filter ip 1 ALA-1# show filter ip 1 =============================================================================== =============================================================================== IP Filter IP Filter =============================================================================== =============================================================================== Filter Id : 1 Applied : Yes Filter Id : 1 Applied : Yes Scope : Template Def. Action : Drop Scope : Template Def. Action : Drop Entries : 1 Entries : 1 Description : new-filter Description : new-filter ------------------------------------------------------------------------------------------------------------------------------------------------------------Filter Match Criteria : IP Filter Match Criteria : IP ------------------------------------------------------------------------------------------------------------------------------------------------------------Entry : 1 Entry : 1 Log Id : n/a Log Id : n/a Src. IP : 1.2.3.0/24 Src. Port : 666..999 Src. IP : 1.2.3.0/24 Src. Port : 666..999 Dest. IP : 0.0.0.0/0 Dest. Port : None Dest. IP : 0.0.0.0/0 Dest. Port : None Protocol : 6 Dscp : Undefined Protocol : 6 Dscp : Undefined ICMP Type : Undefined ICMP Code : Undefined ICMP Type : Undefined ICMP Code : Undefined Fragment : Off Option-present : Off Fragment : Off Option-present : Off Sampling : Off Int. Sampling : On Sampling : Off Int. Sampling : On IP-Option : 0/0 Multiple Option : Off IP-Option : 0/0 Multiple Option : Off TCP-syn : Off TCP-ack : Off TCP-syn : Off TCP-ack : Off Match action : Forwarded Match action : Forwarded Ing. Matches : 0 Egr. Matches : 0 Ing. Matches : 0 Egr. Matches : 0 =============================================================================== ===============================================================================
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
103
All rights reserved © 2008 Alcatel-Lucent
In this slide, IP filter 1 was created. In the filter, the default action is to drop IP packets that do not meet the explicit match settings. In the match settings, the filter checks all traffic sourced from IP subnet 1.2.3.0 that uses TCP at the transport layer and uses application ports 666 to 999. If these criteria are met, the packet is forwarded.
Scalable IP Networks v2.01
Module 4 - 103
Layer 3 and IP Services Section 10 - Module Summary
Module Summary After successful completion of this module, you should be able to: Describe Layer 3 and IP services Describe the basics of IP addressing including its components, classes, how they are managed and allocated, and the purpose and types of addresses State the purpose, components, and operation of the IP subnet address Develop an IP address plan using IP subnetting and addressing summarization Recognize and define the fields in the IP header Describe other protocols that support IP operation Describe the IP address forwarding process Describe the 7750 SR IP filter operation, components, configuration, and application Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
105
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 105
Learning Assessment Describe Layer 3 and IP services Describe the basics of IP addressing including its components, classes, how they are managed and allocated, and the purpose and types of addresses State the purpose, components, and operation of the IP subnet address Develop an IP address plan using IP subnetting and addressing summarization Recognize and define the fields in the IP header Describe other protocols that support IP operation Describe the IP address forwarding process Describe the 7750 SR IP filter operation, components, configuration, and application
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 4 |
106
All rights reserved © 2008 Alcatel-Lucent
Module 4 - 106
LAB 2.3-2.4 – Layer 3 Interfaces and ICMP/ARP
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
107
All rights reserved © 2008 Alcatel-Lucent
See the Alcatel-Lucent IP Scalable Networks Lab Guide
Scalable IP Networks v2.01
Module 4 - 107
www.alcatel-lucent.com
Alcatel-Lucent Scalable IP Networks v2.01
Module 4 |
108
3HE-02767-AAAA-WBZZA Edition 02
All rights reserved © 2008 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks Module 5 — IP Routing Protocol Basics
Module Overview Concepts and Purpose of IP Routing Static Routes Dynamic Routing Protocol Concepts OSPF Routing Protocol Introduction to Border Gateway Protocol
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
2
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 2
IP Routing Protocol Basics Section 1 — Concepts and Purpose of IP Routing
Concepts and Purpose of IP Routing Overview IP Routing Concepts Routing Protocols The Routing Table Building the Routing Table and its Components
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
4
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 4
IP Routing Concepts What is IP routing? Determines a path to send packets from a source to a destination along a set of routers Each router forwards the packet from one interface to another interface What is a routing protocol? • Provides the mechanism to maintain routing tables for routers • Allows routers to share route information used to build and maintain routing tables
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
5
All rights reserved © 2008 Alcatel-Lucent
IP routing IP routing is the set of tasks involved in sending a packet from the source to the destination across an IP network. The packet enters the IP network via a router and is sent to another router in the network and so on until the packet reaches the destination. The routers in the network use their routing tables to determine how to forward the packet. Routing tables The routing tables are built manually by the network administrator or by protocols that run on every router. The routing table maintains a list of IP networks and the physical interfaces on the router to reach these networks. Using the routing table, an IP packet is routed to its destination.
Scalable IP Networks v2.01
Module 5 - 5
Routing Protocols IP routing populates the routing table with routes
Static
Explicitly define next
Dynamic
IGP
EGP
hop on every router/ Define default route
Distance Vector RIPv1 and RIPv2
Link State
Path Vector
OSPF
BGP
IS-IS
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
6
All rights reserved © 2008 Alcatel-Lucent
IP routing can be divided into two main categories - static and dynamic. Dynamic routing protocols can be further divided into two main categories - Interior Gateway Protocols (IGP) and Exterior Gateway Protocols (EGP). IGPs such as RIP and OSPF are used for routing within an autonomous system. An autonomous system is defined as the networks and routers that are under the control of one entity or administrative authority. The goal of an IGP is to find the lowest cost route to every destination in the network. IGPs can be further divided into distance vector and link state protocols. Distance vector routing protocols use a hop-count metric to determine the best route to a destination regardless of the bandwidth capability of the network links along the path. RIP is a distance vector protocol. Each router that participates in a distance vector routing protocol does not have a complete topological view of the network; the router only knows the best next hop to the destination. This is covered in further detail later in this module. Link state routing protocols use a cost metric that is a representation of the link status and the physical bandwidth of the router interfaces along the path. Therefore, the link state protocols select a path based on the route that has the least cost, which is representative of the path that has the most physical bandwidth. Common LS protocols are OSPF and IS-IS. Each router that participates in a link state routing protocol has a complete topological view of the network. This is covered in further detail later in this module. The goal of an EGP is to provide routes between autonomous systems. However the EGP must also consider policy enforcement that may exist between the autonomous systems. Because an EGP works within policy constraints, the protocol will not necessarily choose the lowest cost route. BGPv4 is the current EGP used in the Internet. BGP is a path vector protocol that chooses the path based on the number of autonomous systems that must be traversed rather than on the number of routers that the path must traverse. BGP performs policy-based routing because policies can be used in many different ways to influence the ways a preferred route is chosen.
Scalable IP Networks v2.01
Module 5 - 6
IP Routing Example
Network
Type
NH
Hops
Network
Type
NH
Hops
1.1.1.0/24
Direct
-
0
2.2.2.0/24
Direct
-
0
3.3.3.0/24
Direct
-
0
3.3.3.0/24
Direct
-
0
2.2.2.0/24
Remote
IP-C
2
1.1.1.0/24
Remote
IP-B
2
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
7
All rights reserved © 2008 Alcatel-Lucent
Assuming that the routing tables exist on the routers in this slide, the basic flow of a packet of data through a network can be described as follows: Device A (1.1.1.2) needs to send data to server D (2.2.2.2). Because device A is not located on the same segment as device D, device A must use the default gateway (1.1.1.1) for the segment. Device A uses ARP for the 1.1.1.1 address to learn the MAC address of the gateway. The router responds with the MAC B address. Device A can now encapsulate the data, as shown in the top block diagram of this slide. Note that the source and destination IP addresses identify the overall source and destination devices; the frame source and destination addresses identify the path across one Ethernet segment. When the frame arrives at router B, the router removes the L2 header and trailer, examines the IP header, checks the routing table for an entry that matches the destination IP address in the IP packet, and determines that the data needs to be sent to router C. To send the data, router B encapsulates the data in a POS/PPP frame and forwards the data. Router C removes the IP datagram from the PPP frame and checks its routing table. Because the destination IP network is directly connected to its Ethernet port, router C checks its ARP cache to find the destination MAC address. When the destination L2 MAC address is determined, router C creates the frame of data and forwards the data to server D. Note that the IP addressing did not change throughout the movement of the data. However, the L2 framing changed over each segment that the packet traversed. The IP address identifies a device within the entire network topology; the L2 address identifies a device on that segment only.
Scalable IP Networks v2.01
Module 5 - 7
7750 SR Sample Routing Table
A:PE1# show router route-table A:PE1# show router route-table =============================================================================== =============================================================================== Route Table (Router: Base) Route Table (Router: Base) =============================================================================== =============================================================================== Dest Prefix Type Proto Age Pref Dest Prefix Type Proto Age Pref Next Hop[Interface Name] Metric Next Hop[Interface Name] Metric ------------------------------------------------------------------------------------------------------------------------------------------------------------10.1.2.0/24 Local Local 03d23h08m 0 10.1.2.0/24 Local Local 03d23h08m 0 to-p2r1 0 to-p2r1 0 10.1.3.0/24 Local Local 03d23h08m 0 10.1.3.0/24 Local Local 03d23h08m 0 to-p3r1 0 to-p3r1 0 10.1.4.0/24 Local 04d00h34m 10.1.4.0/24 Local Local Local 04d00h34m 00 to-p4r1 0 to-p4r1 0 10.2.3.0/24 Remote OSPF 00h41m00s 10 10.2.3.0/24 Remote OSPF 00h41m00s 10 10.1.2.21 2000 10.1.2.21 2000 10.2.4.0/24 Remote OSPF 00h41m00s 10 10.2.4.0/24 Remote OSPF 00h41m00s 10 10.1.2.21 2000 10.1.2.21 2000 10.3.4.0/24 Remote OSPF 04d00h16m 10 10.3.4.0/24 Remote OSPF 04d00h16m 10 10.1.3.31 2000 10.1.3.31 2000 10.10.10.11/32 Local Local 06d18h33m 0 10.10.10.11/32 Local Local 06d18h33m 0 system 0 system 0 10.10.10.21/32 Remote OSPF 00h41m04s 10 10.10.10.21/32 Remote OSPF 00h41m04s 10 10.1.2.21 1000 10.1.2.21 1000 ------------------------------------------------------------------------------------------------------------------------------------------------------------No. No. of of Routes: Routes: 88 =============================================================================== ===============================================================================
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
8
All rights reserved © 2008 Alcatel-Lucent
This slide displays the output from a 7750 SR routing table. Major components of the routing table Dest Prefix - The network that has been advertised to this router. The terms prefix and network are used interchangeably. Type – The type of interface. Indicates whether the destination prefix belongs to a locally attached network or to a remote network. Protocol - If the destination network is not directly attached to the router, the routing protocol that was used to advertise the destination prefix to this router is displayed. The protocols can be, for example, RIP, OSPF, BGP, and static. Age - How long this entry has been in the routing table. Preference - A unit of measurement that indicates the preference of one routing protocol over another routing protocol. Next Hop - The IP address of the neighbor that advertised the destination prefix to the router. Metric - The numerical value used by a routing protocol to calculate the best route to a destination. Depending on the routing protocol, the metric is usually a hop count or a cost that is assigned to a network link.
Scalable IP Networks v2.01
Module 5 - 8
Building the Routing Table and its Components
How many networks is router 1 connected to?
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
9
All rights reserved © 2008 Alcatel-Lucent
All routing protocols serve the same purpose: to find paths through a network and store the paths in a routing table. The paths are also called routes, or more specifically, IP routes. The routes are advertised to neighbors. Each router in a network needs to populate its routing table so that it can forward IP data packets.
Scalable IP Networks v2.01
Module 5 - 9
Routing Protocol Basics – Building the RIB on R1
1. R1 records all of the directly connected networks including its system address, which is an internal loopback address 2. R2 advertises its direct networks to R1 3. R3 advertises its direct networks to R1
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
10
All rights reserved © 2008 Alcatel-Lucent
This slide describes a routing protocol operation that is based on a distance vector protocol. Distance vector protocols will be discussed in detail later. When routers 2 and 3 are turned up, they both send information about their local networks to their neighbors. In this case, R1 receives routing updates from both R2 and R3 about their directly connected networks. A routing update is a type of network advertisement made by one router to another router. This is part of the routing protocol that runs between the routers in order to exchange the updates. A typical routing update consists of the following components: a network address with a network mask (also known together as a network prefix) a metric associated with the prefix the IP address of the next hop to reach this network prefix R1 uses this information, including its locally discovered networks, and builds a routing information base (RIB). The RIB is protocol dependent.
Scalable IP Networks v2.01
Module 5 - 10
Routing Protocol Basics – Continuing to Build the RIB
Information sent from R2 to R1 Dest. Prefix
Next-Hop
Metric
10.10.2.0/30
10.10.1.2
0
192.168.20.30/32
10.10.1.2
0
Existing RIB on R1 Information sent from R3 to R1
Dest. Prefix
Next Hop
Metric
172.16.1.0/24
to Net A
0
Dest. Prefix
Next-Hop
Metric
192.168.10.10/32
system
0
172.16.2.0
10.10.3.2
0
10.10.1.0/30
toR2
0
10.10.2.0/30
10.10.3.2
0
10.10.3.0/30
toR3
0
192.168.30.30/32
10.10.3.2
0
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
11
All rights reserved © 2008 Alcatel-Lucent
Each routing update typically consists of a network, an associated mask, a metric, and the next hop to reach the destination. In this slide, router 1 builds a RIB, which collects and maintains all of the information from its neighbors. If routers 2 and 3 advertise new network information, the routers send an advertisement to router 1. Router 1 then updates the information in the RIB if necessary.
Scalable IP Networks v2.01
Module 5 - 11
Routing Protocol Basics – Routing Metrics
Continuing to build the router information base on R1 4. R2 sends its learned information to R1 5. R3 sends its learned information to R1 6. R1 recalculates all of the learned information to build the final routing table that will be used for IP forwarding
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
12
All rights reserved © 2008 Alcatel-Lucent
When updates are received from their directly attached neighbors, routers 2 and 3 build their respective RIBs and then propagate the information to other neighbors. The updates include the learned destination prefix, the network mask, the metric, and the next-hop IP address or interface.
Scalable IP Networks v2.01
Module 5 - 12
Routing Protocol Basics – Continuing to Build the RIB
Information sent from R2 to R1 Dest. Prefix
Next-Hop
Metric
172.16.1.0/24
10.10.1.2
2
192.168.10.10/32
10.10.1.2
2
Existing RIB on R1
10.10.3.0/30
10.10.1.2
2
Dest. Prefix
172.16.2.0/24
10.10.1.2
2
192.168.30.30/32
10.10.1.2
2
Next-Hop
Metric
172.16.1.0/24
to Net A
0
192.168.10.10/32
system
0
10.10.1.0/30
toR2
0
10.10.3.0/30
toR3
0
Dest. Prefix
Next-Hop
Metric
10.10.2.0/30
10.10.1.2
1
172.16.1.0/24
10.10.3.2
2
10.10.2.0/30
10.10.3.2
1
192.168.10.10/32
10.10.3.2
2
172.16.2.0/24
10.10.3.2
1
10.10.1.0/30
10.10.3.2
2
192.168.20.20/32
10.10.1.2
1
192.168.20.20/32
10.10.3.2
2
192.168.30.30/32
10.10.3.2
1
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Information sent from R3 to R1
Module 5 |
13
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 13
Routing Protocol Basics – Generating the Routing Table
Existing RIB on R1
Routing table on R1 (Best routes) Dest. Prefix 172.16.1.0/24 192.168.10.10/32 10.10.1.0/30 10.10.3.0/30 10.10.2.0/30 172.16.2.0/24 192.168.20.20/32 192.168.30.30/32
Alcatel-Lucent Scalable IP Networks v2.01
Next-Hop to Net A system toR2 toR3 10.10.1.2 10.10.3.2 10.10.1.2 10.10.3.2
Metric 0 0 0 0 2 2 2 2
Dest. Prefix 172.16.1.0/24 192.168.10.10/32 10.10.1.0/30 10.10.3.0/30 10.10.2.0/30 10.10.2.0/30 172.16.2.0/24 192.168.20.20/32 192.168.30.30/32 172.16.1.0/24 192.168.10.10/32 10.10.3.0/30 172.16.2.0/24 192.168.30.30/32 172.16.1.0/24 192.168.10.10/32 10.10.1.0/30 192.168.20.20/32
Module 5 |
14
Next-Hop to Net A system 10.10.1.2 10.10.3.2 10.10.1.2 10.10.3.2 10.10.3.2 10.10.1.2 10.10.3.2 10.10.1.2 10.10.1.2 10.10.1.2 10.10.1.2 10.10.1.2 10.10.3.2 10.10.3.2 10.10.3.2 10.10.3.2
Metric 0 0 0 0 1 1 1 1 1 3 3 3 3 3 3 3 3 3
All rights reserved © 2008 Alcatel-Lucent
In this slide, router 1 takes the information from the RIB and generates a routing table. Using an algorithm, router 1 will calculate the best path to a particular network. The parameter that is used in the algorithm to differentiate between two advertisements about the same network from two different neighbors is referred to as the metric or cost. In this example, the metric is the hop count or the number of hops that the destination network is from the source R1. For example, routers 2 and 3 advertise the destination network 172.16.2.0/24 to router 1. R2 advertises 172.16.2.0/24 with a metric of 2. R3 previously advertised 172.16.2.0/24 with a metric of 0 because this network was directly attached to R3. Any local networks on a particular router are considered to be the lowest metric or 0. When R1 receives the update from R2 and R3, R1 installs both the updates in its RIB and adds the value 1 to the metric advertised by both R2 and R3. In this case, the 172.16.2.0/24 update from R2 will be installed in the R1 RIB with a metric of 3 (2 + 1); the update from R3 will be installed with a metric of 1 ( 0 +1). Because R1 receives the update about 172.16.2.0/24 from R2 and R3, a metric of 1 will be added to their individual advertised metrics. The routing table on R1 is built from the existing RIB on R1. The best routes, depending on the algorithm used, are sent to the routing table and this will be used to forward the IP packets. The best routes in our example are the routes with the least cost or hop count to the particular destination. Note also for advertisements about a prefix that contains equal metrics, the route selection algorithm must use a differentiator to install one route in the routing table. In this slide, network 10.10.2.0/30 is the network that is directly attached to routers 2 and 3. Therefore, when it is advertised to R1 from R2 and R3, the advertisement contains the same metric. R1 updates its RIB with both the updates. However, R1 chooses to install only the update from R2. This is dependent entirely on the routing protocol who can use different criteria to install the update.
Scalable IP Networks v2.01
Module 5 - 14
Routing Protocol Basics – IP Routing
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
15
All rights reserved © 2008 Alcatel-Lucent
When an IP packet enters router R1, the IP packet’s destination address is compared to the entries in the R1 forwarding table. If an entry matching the destination is found, the next hop IP address is examined. The local interface corresponding to the next hop IP address is then determined by reexamining the R1 forwarding table. The IP packet is then forwarded to the corresponding local interface and out of the router R1.
Scalable IP Networks v2.01
Module 5 - 15
Routing Protocol Basics – Control Plane vs Data Plane
Routing updates sent as part of the routing protocol operation comprise the control plane Data that is forwarded using the routing table comprises the data plane Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
16
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 16
Routing Protocol Basics – Next Hop Interface The neighbor interface may not always be a point-to point interface, as shown in the following example
Dest. Prefix
Next-hop
Metric
172.16.1.0/24
To Network A
0
192.168.10.10/32
system
0
10.10.10.0/29
To Network 2
2
172.16.2.0/24
???
2
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
17
All rights reserved © 2008 Alcatel-Lucent
In this slide R1, R2, and R3 are connected in a common broadcast domain. R1 has one interface that is configured towards the broadcast domain. When R3 and R2 send updates about their local networks to R1, they include the IP address of their interface on the broadcast domain. R1 installs network 172.16.9.0/24 with a next-hop of 10.10.10.3 and network 172.16.2.0/24 with a next-hop of 10.10.10.2.
Scalable IP Networks v2.01
Module 5 - 17
Routing Protocol Basics - Preference
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
18
All rights reserved © 2008 Alcatel-Lucent
A router may run more than one routing protocol. In this slide, the R1-R2 and R2-R3 interfaces are running OSPF, and the R1-R5 and R5-R3 interfaces are running RIP. Network B can be advertised on both the interfaces of R3, each running a different protocol. Therefore, this network is advertised to R1 by both RIP and OSPF. R1 has to decide which entry to install in its routing table. In order to choose between the two updates, R1 uses an additional parameter known as preference. The preference parameter indicates the router’s preference of one protocol over another protocol. By default, on the 7750 SR, routes learned from OSPF are preferred over routes learned from RIP. Therefore, the route learned from OSPF is installed in the routing table on R1. Note that protocol with a lower preference value is preferred.
Scalable IP Networks v2.01
Module 5 - 18
Routing Protocol Basics - Routing Table Management
Each routing protocol populates its routes in its RIB Each protocol independently chooses the best routes based on the lowest metric The best routes from each protocol are sent to the RTM process
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
19
All rights reserved © 2008 Alcatel-Lucent
When a routing protocol learns routes from its neighbors, the protocol populates its RIBs with the routes. Each protocol stores the routes it has learned from its neighbors in its RIB. For each destination in the RIB, the routing protocol chooses the best route based on the lowest metric. The best routes are sent to the routing table manager (RTM).
Scalable IP Networks v2.01
Module 5 - 19
Routing Protocol Basics – Route Selection Using Preference
The RTM may receive a best route from multiple protocols Selection is based on lowest preference value The RTM sends its best route to the FIB This route is the active route and is used for forwarding
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
20
All rights reserved © 2008 Alcatel-Lucent
Because metrics from different protocols are not comparable, the RTM uses the preference to choose from all of the best routes that it receives. The lower the protocol’s preference, the more likely that the best or active route will be selected from that protocol. Different protocols should not be configured with the same preference. The best routes from the RTM are placed in the forwarding information base (FIB), also commonly referred to as the routing table. The FIB is distributed to the various line cards on the 7750 SR and is used to forward incoming IP packets.
Scalable IP Networks v2.01
Module 5 - 20
Routing Protocol Basics - Default Preference Table
Route type
Preference
Configurable
Direct attached
0
No
Static
5
Yes
OSPF internal
10
Yes
IS-IS Level 1 internal
15
Yes
IS-IS Level 2 internal
18
Yes
RIP
100
Yes
OSPF external
150
Yes
IS-IS Level 1 external
160
Yes
IS-IS Level 2 external
165
Yes
BGP
170
Yes
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
21
All rights reserved © 2008 Alcatel-Lucent
This slide lists the default preference values that are assigned to each routing protocol on the 7750 SR. All of the preference values, with the exception of the preference for directly attached networks, are configurable.
Scalable IP Networks v2.01
Module 5 - 21
IP Routing Protocol Basics Section 2 — Static Routes
Static Routes Configured by an administrator and not dynamically learned using routing protocols Entries do not change dynamically if the topology changes Preferred over any other dynamic protocol
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
23
All rights reserved © 2008 Alcatel-Lucent
Static routes are manually configured. They describe the remote destination network and the nexthop that a packet must be forwarded to in order to reach the destination. The destination can be one network or a range of networks. Note that for two routers to forward data to each other bidirectionally, a static route needs to be configured on both routers. For example, in this slide, there would be a static route on router 1 (10.10.1.2) to forward packet data. There would also need to be a static route configured on router 2 so that it knows how to packet forward data to router 1. By default, a static route is created with a preference of 5 and a metric of 1. However, these parameters can be changed to accommodate a different configuration. If the preference and metric parameters are left at the default values, a static route is always preferred over a route learned from a dynamic routing protocol. By adjusting the preference value, the user can define a secondary route that will be used if the dynamic protocol fails to provide a route. Or, a second static route can be configured as a backup to the primary static route by assigning a higher metric to the secondary route. Static routing saves bandwidth and processing because there are no advertisements or updates. However, any changes to the routes must be made manually, so there is no real-time response if a destination becomes unreachable. Static routing also allows you to override any decision by a routing protocol.
Scalable IP Networks v2.01
Module 5 - 23
Static Route - Example Static Route Config on R1 config router static-route 192.168.1.0/24 next-hop 10.10.1.2 Static Route Config on R5 config router static-route 172.16.0.0/24 next-hop 20.10.1.2
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
24
All rights reserved © 2008 Alcatel-Lucent
In this example, the corporate headquarters network is connected to two remote sites. The corporate site provides the remote sites with resources and Internet access. Because the corporate network is connected through one link to each of the sites, the corporate site will only send traffic on this link to each of its remote sites. A remote network like this, with only one connection to the backbone network, is often referred to as a stub network. By configuring a static route on R1, traffic destined for network 192.168.1.0/24 will exit out of the interface on R1 to CR1. A static route configured on R5 will send traffic to CR2. If R2 wants to reach either remote site, it must also be configured with a static route in the correct direction. In order for traffic to flow in both directions, the remote networks must also be configured with static routes to reach the corporate network.
Scalable IP Networks v2.01
Module 5 - 24
Default Routes
Static Default Route in CR1 config router static-route 0.0.0.0/0 next-hop 10.10.1.1
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
25
All rights reserved © 2008 Alcatel-Lucent
A static default route in the routing table is a wildcard entry that fits any destination. The route is used when the destination address of a packet does not match any other entry in the routing table. A default route is often used on a stub network when there is only one path to reach the other remote networks. The default route is a static route with a network address and mask of 0.0.0.0. In this slide, for the Remote site 1 to access the resources of the corporate headquarters network, it does not need to list every entry in its routing table for every resource that it needs to send traffic to. Therefore it uses the default route to match any possible route. The default route is the longest match in the routing table when nothing else matches.
Scalable IP Networks v2.01
Module 5 - 25
Static Route Configuration To configure static routes in the routing table, use the following command Context: config>router> Context: config>router> Syntax: [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] Syntax: [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] [next-hop ip-address | ip-int[metric metric] [tag tag] [enable | disable] [next-hop ip-address | ip-intname] name] [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] indirect ip-address [metric metric] [tag tag] [enable | disable] indirect ip-address [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] black-hole [metric metric] [tag tag] [enable | disable] black-hole Example: config>router> static-route 10.1.1.0/24 next-hop 10.2.2.2 Example: config>router> static-route 10.1.1.0/24 next-hop 10.2.2.2 Example: config>router> static-route 0.0.0.0/0 next-hop 10.3.3.3 Example: config>router> static-route 0.0.0.0/0 next-hop 10.3.3.3 Example config>router> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10 Example config>router> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10 Example config>router> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10 metric Example config>router> static-route 10.1.1.0/24 next-hop 10.2.1.2 preference 10 metric 100 100
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
26
All rights reserved © 2008 Alcatel-Lucent
Syntax [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] [next-hop ip-address | ip-int-name] [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] indirect ip-address [no] static-route {ip-prefix/mask | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] black-hole Context config>router Description This command creates static route entries for both the network and access routes. When a static route is configured, one of the parameters must be configured: next-hop, indirect, or black-hole. Parameters ip-prefix — The destination address of the static route, in dotted-decimal notation mask — The mask associated with the network address preference preference — The preference of this static route compared to other routes metric metric — The cost metric for the static route, expressed as a decimal integer next-hop [ip-addr | ip-int-name] — Specifies the directly connected next-hop IP address black-hole — Specifies that the route is a black-hole route
Scalable IP Networks v2.01
Module 5 - 26
LAB 3 – Static Routing, Default Routes and IP Filters
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
27
All rights reserved © 2008 Alcatel-Lucent
See the Alcatel-Lucent IP Scalable Networks Lab Guide
Scalable IP Networks v2.01
Module 5 - 27
IP Routing Protocol Basics Section 3 — Dynamic Routing Protocol Concepts
Dynamic Routing Protocol Concepts Overview Distance Vector Overview Topology Change Link State Overview Exchange of Link State Information Link State Protocol Distance Vector vs Link State
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
29
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 29
Distance Vector Overview
Routers send periodic updates to physically adjacent neighbors Updates contain distance (how far) and vectors (direction) for networks Routers do not have a view of the entire network topology; routers only have a view of a distance and a vector Examples: RIPv1 and RIPv2
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
30
All rights reserved © 2008 Alcatel-Lucent
If using a distance vector routing algorithm (Bellman-Ford) a router passes a copy of its routing table periodically to all its neighbors. These regular updates between routers communicate topology changes. Each router receives a routing table from its direct neighbor. In this slide, RTR-B receives a routing update from RTR-A. RTR-B uses the information received from RTR-A to recalculate its routing table. RTR-B then sends its routing table to RTR-D. This same step-by-step process occurs in all directions between direct-neighbor routers. IMPORTANT — With distance vector, a routing table is not transmitted beyond the immediate neighbor. For example, RTR-D does not receive a routing update directly from RTR-A. The distance vector algorithm allows network metrics to accumulate. Each router maintains a routing table with the next hop for all of the listed destinations.
Scalable IP Networks v2.01
Module 5 - 30
Distance Vector Overview – Topology Change
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
31
All rights reserved © 2008 Alcatel-Lucent
This slide shows the distance vector step-by-step process for updating all routers in a network when a topology change occurs. Each router sends its entire routing table to each of its adjacent neighbors. This table includes reachable addresses, a value that represents the distance metric, and the IP address of the first router on the path to each network that the router knows about. As each router receives an update from its neighbor, the router calculates a new routing table and transmits the table to each of its neighbors at the next timed interval. In a very large network with many routers, it can take a long time for all the routers in the network to know about a topology change. Therefore, distance vector protocols have a high convergence time which is very undesirable.
Scalable IP Networks v2.01
Module 5 - 31
Link State Overview Routers send triggered updates to physically adjacent neighbors Updates/LSP contain router names and link cost metrics Each router has a view of the entire topology Examples: OSPF, IS-IS
Adjacency Database RTR-B — on 1/1/2 RTR-C — on 1/1/1
Alcatel-Lucent Scalable IP Networks v2.01
Link State Database RTR-A to RTR-C, cost=1000 RTR-A to RTR-B, cost=1000 RTR-C to RTR-B, cost=1000 RTR-B to 2.2.2.0/24, cost=1000 ……
Module 5 |
Routing Table 2.2.2.0/24 — via 1/1/2
32
All rights reserved © 2008 Alcatel-Lucent
Link state routing protocols maintain a complete database of topology information. While distance vector protocols have nonspecific information about distant networks, link state routing protocols maintain full knowledge of distant routers and how they interconnect, that is, the latter have a view of the entire internetwork topology. OSPF and IS-IS are examples of link state routing protocols. Link State Packets (LSPs) are used to transmit the information that is required to build the topological database, which is used by the Shortest Path First (SPF) algorithm to build an SPF tree, and finally, a routing table of paths to each network destination. When a link-state topology changes, all of the routers must become aware of the change so they can update their routing table accordingly. This involves the propagation of common routing information to all routers in the network. To achieve information convergence, each router performs the following: Keeps track of it neighbors Builds an LSP that lists neighbor router names and link metrics (cost). This includes new neighbors, changed metrics, and links to neighbors that are down. Sends out the LSP so that all routers receive the LSP Upon receiving an LSP, records the LSP in its database so that it has the most up-to-date topology information Using accumulated LSP data, builds a complete network topology, and independently executes the SPF algorithm to calculate routes to every network Each time there is a change to the link-state database, the router recalculates the best paths and updates the routing table Link state protocols keep three databases in the router: The adjacency database, sometimes called the neighbor database, keeps track of all of the other routers that are directly attached. The adjacency database is maintained with periodic hello messages. The link state database (LSDB) stores the most recent LSPs sent by all the routers in the network. The database is used to create the SPF tree that ultimately creates the routing table. The routing table, sometimes called the forwarding database, is used by the router to optimally forward IP packets to the destination network. Scalable IP Networks v2.01
Module 5 - 32
Exchange of Link State Information
Link-state routers use the following process to discover the network topology: Each router creates an LSP with link-state information about all its directly connected networks Routers exchange LSPs with their directly connected neighbors The link-state information is flooded to all routers in the network
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
33
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 33
Link State Protocol - Topological Database
Each router builds a topological database that consists of all the LSPs from the other routers in the network
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
34
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 34
Link State Protocol - Topology Changes Link-state updates are driven by topology changes
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
35
All rights reserved © 2008 Alcatel-Lucent
When a router recognizes a topology change (that is, link down, neighbor down, new link, or new neighbor), the router must notify its neighbors. To do this, each link-state router performs the following: The router that recognizes the change sends new link-state information about the change. When a router receives new link-state information, the router must populate the information in its topological database and send the information to its neighbors. The SPF algorithm must be run against the new topological database to update the routing table with the new information. Each time that there is a topology change that causes an update to the topological database, the SPF algorithm must be run.
Scalable IP Networks v2.01
Module 5 - 35
Distance Vector vs Link State
Distance vector
Link state
Views the network topology from the neighbor’s perspective
Gets a common view of the entire network topology
Adds distance vectors from router Calculates the shortest path to to router other routers Frequent, periodic updates: slow convergence
Event-triggered updates: faster convergence
Passes copies of the routing table Passes link-state routing updates to neighbor routers to other routers
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
36
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 36
IP Routing Protocol Basics Section 4 —OSPF Routing Protocol
OSPF Routing Protocol Overview OSPF OSPF Router ID OSPF Point-to-Point Neighbor Adjacency OSPF Link State Flooding Sequence Numbers OSPF Single Area Point-to-Point Configuration
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
38
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 38
OSPF Link-state protocol with fast convergence and inherent loop prevention mechanisms Scalable Hierarchical using “areas” Uses the Shortest Path First (SPF) algorithm for routing decisions Default cost metric takes into account the physical bandwidth of the port or can be set manually Classless protocol Authentication support Support for VLSM and address aggregation OSPF Version 2 is a widely deployed, well known protocol for IPv4, OSPF Version 3 is standardized and supports IPv6
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
39
All rights reserved © 2008 Alcatel-Lucent
OSPF is a link-state routing protocol. As such, it uses the SPF algorithm to find the shortest path to every destination in the network. Link-state routing protocols are inherently loop free and have a fast convergence time. Link-state routing protocols have limited scalability, so OSPF supports hierarchy with the concept of areas. This greatly increases the scalability of OSPF. The subnet mask is carried in OSPF link-state updates, so variable length and noncontiguous subnets are supported. Route aggregation is also supported to enable more efficient address management. OSPF supports authentication for security. The OSPF cost metric is based on the physical bandwidth of the port. This allows OSPF to make its path decisions based on the path that has the most bandwidth rather than the least number of hops. The traffic engineering extensions to OSPF allow the protocol to track and advertise the available bandwidth, administration groups, maximum number of hops, and so on. This feature is used by MPLS to create traffic tunnels and is covered in the Alcatel-Lucent MPLS course.
Scalable IP Networks v2.01
Module 5 - 39
OSPF Router ID
OSPF requires a unique method of identifying each router in the network OSPF must be able to associate router interfaces with a specific router, just as a person may say R1 has two links, one link is in the 10.10.2.0 network and the other link is in the 10.10.1.0 network
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
40
All rights reserved © 2008 Alcatel-Lucent
The router ID that is used for OSPF can be configured explicitly using the following command: configure router router-id . This router ID is also used for other routing protocols such as BGP. To use a separate router ID for different protocols, you can override this high-level router ID with an OSPF-specific router ID using the following command: configure router ospf router-id . If a router ID is not configured but a system interface is configured with an IP address, the system IP address is used as the OSPF router ID. To configure a system interface, use the following command: configure router interface system address /32. If neither a router ID nor a system interface address is configured, the last four octets of the chassis MAC address are used as the OSPF router ID. The chassis MAC address can be viewed using the following command: show chassis. The OSPF router ID selection is not pre-emptive. If the OSPF router ID is reconfigured, the change will not take effect until the OSPF routing process is restarted.
Scalable IP Networks v2.01
Module 5 - 40
Configuring an OSPF Point-to-Point Neighbor Adjacency
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
41
All rights reserved © 2008 Alcatel-Lucent
OSPF is a dynamic routing protocol that is based on routers exchanging link-state information with each other. Two OSPF routers must create an OSPF neighbor adjacency before they can exchange routing information. On point-to-point OSPF networks, neighboring routers become fully adjacent with each other. For example, in this slide, R1 becomes fully adjacent with both R1 and R3. In this slide, all neighbor adjacencies in the point-to-point network are indicated with the arrows. Routers can be connected on a shared broadcast segment, such as Ethernet, rather then a point-topoint segment. On a broadcast segment, additional steps are performed to reduce the amount of OSPF control traffic that flows between routers on the segment. This involves electing designated routers (DRs) and backup designated routers (BDRs). However, these concepts are beyond the scope of this course and are covered in the Alcatel-Lucent Interior Routing Protocols course. This course discusses only the point-to-point scenario. Note that the default OSPF interface type is broadcast for Ethernet interfaces and must be explicitly configured as point-to-point. The configuration will be presented later in this section.
Scalable IP Networks v2.01
Module 5 - 41
OSPF Neighbor Adjacency – Hello Packet
The main components of the OSPF Hello Packet are shown below
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
42
All rights reserved © 2008 Alcatel-Lucent
Parameters that are denoted with an asterisk must be set the same on both routers to form an adjacency or to keep an adjacency alive. Hello packets are sent between routers to form an adjacency and to proceed to 2-way state. Hello packets are also used as a keep-alive when the adjacency is formed. On point-to-point links, OSPF traffic is always sent to reserved multicast address 224.0.0.5.
Scalable IP Networks v2.01
Module 5 - 42
OSPF Neighbor Adjacency - Discovery
Consider the case where R1 and R2 are rebooted, they need to re-create their adjacency
OSPF State = DOWN OSPF State = INIT OSPF State = 2-Way
Alcatel-Lucent Scalable IP Networks v2.01
Hello (RID = 1.1.1.1 Neighbors = 0)
OSPF State = DOWN
Hello (RID = 2.2.2.2 Neighbors = 1.1.1.1)
OSPF State = INIT
Hello (RID = 1.1.1.1 Neighbors = 2.2.2.2)
OSPF State = 2-Way
Module 5 |
43
All rights reserved © 2008 Alcatel-Lucent
When both routers are first powered up, they are in the OSPF down state. Both OSPF routers send OSPF hello packets to discover each other. When the discovery process is complete, the routers are in a 2-way state and are ready to exchange routing information.
Scalable IP Networks v2.01
Module 5 - 43
OSPF Neighbor Adjacency – Exchanging Routing Information
After the routers discover each other, they are ready to start exchanging routing information
OSPF State = Exchange start
DBD - RID 1.1.1.1 DBD RID = 2.2.2.2
Higher Router Id is decided as the Master MTU Check is performed OSPF State = Exchange
DBD RID 1.1.1.1 summary of networks DBD RID 1.1.1.1 summary of networks
At this point, each router has a summary of the routing information of their neighboring router. The routers are now ready to request specific routing information from their neighbor
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
44
All rights reserved © 2008 Alcatel-Lucent
In the exchange start state, both routers send database description (DBD) packets to establish a master-slave relationship. The highest router ID becomes the master. MTU checking is also performed in the exchange start state. The OSPF MTU from both neighbors must match to proceed beyond the exchange start state. The OSPF MTU can be configured explicitly on the OSPF interface. If the MTU is not configured, the physical port MTU becomes the OSPF MTU. Therefore, if an OSPF MTU is not configured, the physical port MTUs must match to create an adjacency. The OSPF MTU determines the maximum size of the OSPF CTL packets, which is typically the size of the link state update and link state request packets. In the exchange state, the database description is first sent by the slave router to the master router to provide a summary of the networks that the slave router knows about. The master router then sends the slave router a summary of the networks that the master router knows about.
Scalable IP Networks v2.01
Module 5 - 44
OSPF Neighbor Adjacency – Requesting Specific Routing Information
After the routers have a summary of their neighbors link state database, they can request specific information as needed
OSPF State = Loading
LSREQ – Send specific information on these networks LSUPDATE – Receipt of the information as you requested LSREQ – Send specific information on these networks LSUPDATE – Receipt of the information you requested LSACK – Acknowledge
OSPF State = Full – at this point, both routers have identical routing information
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
45
All rights reserved © 2008 Alcatel-Lucent
In loading state, routers use a specific OSPF packet type, called a link state advertisement (LSA), to describe their routing information. In loading state, both routers go through a Request, Reply, Acknowledge sequence until each router has a full view of their neighbor’s routing information. At this point, both routers have an identical link state database and are considered fully adjacent. Once the link state database is fully up to date, the routers run the SPF algorithm to calculate the best path to each destination in the network and use this information to build their routing table. In a single area point-to-point network, only the router LSAs (Type 1 LSAs) will be used. In more complex topologies, there are other types of LSAs exchanged.
Scalable IP Networks v2.01
Module 5 - 45
OSPF Link State Flooding - Keeping Routing Information Up to Date
R2 Floods its Router LSA every 30 min
R2 LSDB R2 Router LSA Adv router = 2.2.2.2 Networks: 10.10.2.0/30 10.10.3.0/30 2.2.2.2/32
R8 LSDB R2 Router LSA Adv router = 2.2.2.2 Networks: 10.10.2.0/30 10.10.3.0/30 2.2.2.2/32
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
46
All rights reserved © 2008 Alcatel-Lucent
A router LSA is flooded to all routers in the OSPF every time there is a topology change on one of the directly connected links of the router. If there are no topology changes, the router will still flood the router LSA every 30 minutes. Every LSA has a maximum age of 60 minutes. An OSPF router will age all LSAs in its link state database and will purge any LSAs for which it has not received a refresh in the last 60 minutes. Router LSAs on point-to-point networks are always flooded to multicast IP address 224.0.0.5. This is the same multicast address that is used for OSPF hello packets while creating and maintaining an OSPF neighbor adjacency.
Scalable IP Networks v2.01
Module 5 - 46
Sequence Numbers
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
47
All rights reserved © 2008 Alcatel-Lucent
OSPF uses a sequence number to ensure that LSAs are not transmitted around the OSPF area indefinitely. The acknowledgement of LSAs is used to guarantee the reliability of LSA transmission to neighboring routers. The following rules are applied by the OSPF router to process the LSAs that are received from its neighbors. If the sequence number is lower than the sequence number in the link state database, the incoming link-state information is considered to be out of date and is discarded. The receiving router will update the sending router with an up to date LSA from its own database. If the sequence number is the same as the number in the database, an acknowledgement is sent. The incoming link-state information is then discarded. If the sequence number is higher than the number in the database, the new link-state information is added to the link state database, an acknowledgement is sent and the linkstate information is forwarded to its neighbors. All OSPF control packets use IP protocol discriminator 89. OSPF does not use TCP or UDP as a transport layer. Instead IP uses the protocol ID 89 to extract all OSPF packets for the OSPF process on the router.
Scalable IP Networks v2.01
Module 5 - 47
OSPF Single Area Point-to-Point Configuration
R1 OSPF Configuration Step 1 – Create the Router Interfaces R1>config>router# info interface "system“ address 1.1.1.1/32 exit interface "toR2“ address 10.10.2.1/30 port 1/1/2 exit interface "toR3“ address 10.10.1.1/30 port 1/1/3 exit
Alcatel-Lucent Scalable IP Networks v2.01
Step 2 – Add the Router Interfaces to OSPF as type Point-to-Point R1>config>router>ospf# info area 0.0.0.0 interface "system“ interface-type point-to-point exit interface "toR2" interface-type point-to-point exit interface "toR3" interface-type point-to-point exit
Module 5 |
48
All rights reserved © 2008 Alcatel-Lucent
The steps for OSPF configuration for R2 and the other routers in the network follow the R1 configuration. The only difference is that you need to verify that the IP addresses and port numbers on the interfaces are accurate. It is also good practice to verify that the interface names have the correct descriptions.
Scalable IP Networks v2.01
Module 5 - 48
Show OSPF Neighbors
R1# R1# show show router router ospf ospf neighbor neighbor =============================================================================== =============================================================================== OSPF OSPF Neighbors Neighbors =============================================================================== =============================================================================== Interface-Name Rtr State Pri TTL Interface-Name Rtr Id Id State Pri RetxQ RetxQ TTL ------------------------------------------------------------------------------------------------------------------------------------------------------------toR3 3.3.3.3 Full 1 0 35 toR3 3.3.3.3 Full 1 0 35 toR2 2.2.2.2 Full 11 00 31 toR2 2.2.2.2 Full 31 ------------------------------------------------------------------------------------------------------------------------------------------------------------No. No. of of Neighbors: Neighbors: 22 =============================================================================== =============================================================================== R1# R1#
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
49
All rights reserved © 2008 Alcatel-Lucent
This slide shows the OSPF adjacencies created by R1 with its directly-connected neighbors. The output includes the logical router interface that the adjacency was created on and the router ID of the neighbors. The neighbor state is Full when the routers have synchronized their databases and have fully created their adjacency. Other states that may be displayed are: Init, 2Way, Exstart, and Exchange, which are usually only briefly displayed.
Scalable IP Networks v2.01
Module 5 - 49
OSPF Metric Calculation
Default Metric OSPF Reference Bandwidth/Actual Bandwidth of Physical Port Configured Metric R1>config>router>ospf# area 0 interface toR1 R1>config>router>ospf>area>if# info interface-type point-to-point metric 674
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
50
All rights reserved © 2008 Alcatel-Lucent
The OSPF metric that is advertised in the R1 LSA for an interface is automatically calculated based on the OSPF reference bandwidth which, by default, is 100 Gb/s. The metric is calculated by dividing the reference bandwidth by the actual bandwidth of the link. For example, the metric of a 1 Gb link is 100 Gb/s / 1 Gb/s = 100. The metric of a 100 Mb link is 100 Gb/s / 100 Mb/s = 1000. Lower bandwidth links have a higher metric (cost) and are thus less preferred. Alternatively, the OSPF metric of an interface can be configured in the OSPF interface context. The default metric of system and loopback interfaces on a router is zero.
Scalable IP Networks v2.01
Module 5 - 50
Show OSPF Interfaces
R1# R1# show show router router ospf ospf interface interface ========================================================================== ========================================================================== OSPF OSPF Interfaces Interfaces ========================================================================== ========================================================================== If Area Designated If Name Name Area Id Id Designated Rtr Rtr Bkup Bkup Desig Desig Rtr Rtr Adm Adm Oper Oper --------------------------------------------------------------------------------------------------------------------------------------------------system 0.0.0.0 0.0.0.0 0.0.0.0 Up system 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP PToP toR3 0.0.0.0 0.0.0.0 0.0.0.0 Up toR3 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP PToP toR2 0.0.0.0 0.0.0.0 0.0.0.0 Up toR2 0.0.0.0 0.0.0.0 0.0.0.0 Up PToP PToP --------------------------------------------------------------------------------------------------------------------------------------------------No. No. of of OSPF OSPF Interfaces: Interfaces: 33 ========================================================================== ========================================================================== R1# R1#
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
51
All rights reserved © 2008 Alcatel-Lucent
This slide shows the interfaces that are running OSPF, including their names and the areas that they belong to. Note that the operating status for the interfaces to R2 and R3 is “PToP” because the routers have been defined as point-to-point interfaces in the OSPF configuration. The “Designated Rtr” and “Bkup Desig Rtr” fields are only applicable to OSPF broadcast interfaces, which are not covered in this course. For OSPF point-to-point Interfaces, the Designated Rtr and Bkup Desig Rtr values are always “0.0.0.0”.
Scalable IP Networks v2.01
Module 5 - 51
Show Route Table
R1# show router route-table R1# show router route-table Route Table (Router: Base) Route Table (Router: Base) =============================================================================== =============================================================================== Dest Prefix Type Proto Age Pref Dest Prefix Type Proto Age Pref Next Hop[Interface Name] Metric Next Hop[Interface Name] Metric ------------------------------------------------------------------------------------------------------------------------------------------------------------1.1.1.1/32 Local Local 23d04h39m 0 1.1.1.1/32 Local Local 23d04h39m 0 system 0 system 0 2.2.2.2/32 Remote OSPF 01h35m59s 10 2.2.2.2/32 Remote OSPF 01h35m59s 10 10.10.2.2 674 10.10.2.2 674 3.3.3.3/32 Remote OSPF 01h15m54s 10 3.3.3.3/32 Remote OSPF 01h15m54s 10 10.10.1.2 1000 10.10.1.2 1000 4.4.4.4/32 Remote OSPF 00h05m49s 10 4.4.4.4/32 Remote OSPF 00h05m49s 10 10.10.2.2 1674 10.10.2.2 1674 10.10.1.0/30 Local Local 01h44m29s 0 10.10.1.0/30 Local Local 01h44m29s 0 toR3 0 toR3 0 10.10.2.0/30 Local Local 01h46m07s 0 10.10.2.0/30 Local Local 01h46m07s 0 toR2 0 toR2 0 10.10.3.0/30 Remote OSPF 00h05m49s 10 10.10.3.0/30 Remote OSPF 00h05m49s 10 10.10.2.2 1674 10.10.2.2 1674 ------------------------------------------------------------------------------------------------------------------------------------------------------------No. of Routes: 7 No. of Routes: 7
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
52
All rights reserved © 2008 Alcatel-Lucent
This slide shows the forwarding information that is used by the router to forward traffic to its destination. Note that local routes always have a metric of 0 and a preference of 0. Therefore, even if OSPF had learned of paths to these destinations, the paths would not be entered in the forwarding table because the OSPF preference value is 10. The information also includes the address or name of the next-hop interface. For a local route, the name of the interface is displayed (for example, toR3 or toR2). For a remotely learned route, the address of the next hop is displayed (for example, 10.10.2.2). A data packet whose destination address matches this entry in the route table will be forwarded to the next hop address.
Scalable IP Networks v2.01
Module 5 - 52
LAB 4 – OSPF
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
53
All rights reserved © 2008 Alcatel-Lucent
See the Alcatel-Lucent IP Scalable Networks Lab Guide
Scalable IP Networks v2.01
Module 5 - 53
IP Routing Protocol Basics Section 5 — Introduction to Border Gateway Protocol
Introduction to Border Gateway Protocol Overview Interior and Exterior Gateway Protocols Routing End-to-end from Enterprise to Content Provider BGP When to Use BGP Use Cases Protocol Summary
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
55
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 55
Interior and Exterior Gateway Protocols Interior Gateway Protocols y Run within an organization y Purpose is to provide routing to internal networks
Exterior Gateway Protocols y Run between organizations y Purpose is to provide routing to the Internet y Example: BGP y Based on Distance Vector
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
56
All rights reserved © 2008 Alcatel-Lucent
The IGP is designed to route between networks within an organization. The networks within an organization are private or public addresses that are typically not advertised to other organizations. Routing information must also be exchanged between organizations. These routes are public IP addresses because they are exchanged on the Internet. More control is required over the way that traffic flows between organizations - it is not always the shortest path that is preferred. BGPv4 provides many features to control traffic flows between organizations and is the EGP used on the Internet. BGPv4 is also able to scale to very large networks, which is an important requirement in order to manage the 200,000+ routes of the Internet.
Scalable IP Networks v2.01
Module 5 - 56
Routing End-to-end from Enterprise to Content Provider
Information from the content provider must reach the enterprise router for data transfer However, every ISP, including the content provider, runs its choice of IGP A common protocol is required for end-to-end routing
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
57
All rights reserved © 2008 Alcatel-Lucent
In this slide, the enterprise offices need the address information of the content providers. However, the information from the content provider must traverse many ISPs, and each ISP runs their own choice of IGP. When the origin of the prefix is the content provider that runs OSPF as their IGP and the Tier 2 ISP runs IS-IS, the prefix must be relearned in the Tier 2 ISP as an IS-IS prefix and, therefore, the prefix could lose its original attributes. Every other ISP in the path of the prefix towards the enterprise will need to relearn the prefix in the protocol of its choice. In this slide, although end-to-end routing can be achieved by the process of redistribution, there are several disadvantages, such as the following: Router redistribution removes the metrics of the original protocol and uses the metrics of the newer protocol. This could have a negative effect. Router redistribution needs to be managed carefully with extensive policies. Distributing the Internet addresses into an IGP is not a scaleable design and most routers are not designed to handle the large number of Internet prefixes. Router distribution requires a common protocol to run between all of the routers that are involved in the transfer of network prefixes.
Scalable IP Networks v2.01
Module 5 - 57
BGP Overview IGPs run within an autonomous system EGPs run between autonomous systems
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
58
All rights reserved © 2008 Alcatel-Lucent
From earlier modules of this course, we know that an autonomous system (AS) is a group of networks and networking equipment under a common administration. An IGP (such as OSPF) is used to exchange routing information within the AS and an EGP (such as BGP) is used to exchange routing information between ASs. BGP is not a discovery protocol and BGP routers are not always directly connected. BGP routers are manually configured to connect to other BPG routers using TCP/IP. They become BGP peers. An IGP is required within the AS to route traffic in the AS, including traffic between BGP peers. BGP sessions between routers in different ASs are known as external BGP sessions (EBGP), while sessions between routers in the same AS are internal BGP sessions (IBGP). BGP is administratively much more complex than an IGP. BGP updates include path information that is used for routing policy enforcement and loop detection between ASs. Adding to the complexity of BGP is the fact that topology and routing table sizes become much larger than in an IGP environment. The increased size of the tables means that factors such as CPU loading, memory utilization, update generation, and route processing have greater implications in BGP. These items, and others, affect convergence. Convergence may be viewed in two ways. Local convergence is the time for a router to receive and process all outstanding messages, and achieve a stable topology. Network convergence is the time for all routers in the system to achieve a stable topology. In IGP terms, the system is usually the local AS. In BGP terms, the system is the Internet. Because the entire Internet is the scope of BGP, the administration is more complex than the administration of one AS.
Scalable IP Networks v2.01
Module 5 - 58
BGP Scope
Enables the exchange of routing information between autonomous systems “An Autonomous System is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS, and using an exterior gateway protocol to route packets to other Autonomous systems”. – RFC 1930
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
59
All rights reserved © 2008 Alcatel-Lucent
Note: As of March, 2008, the routing table for the Internet backbone consists of approximately 245 000 routes. A key strength of BGP is that it enables the implementation of administrative policies to manage traffic flow between autonomous systems based on virtually any policy. BGP is scalable to the following characteristics: Large number of autonomous systems Large number of neighbors Large volume of table entries High rate of change BGP has proven scalability. BPG is the protocol of choice for service providers and runs on their Internet routers. The protocol is the fundamental building block of the Internet and is used by every service provider in the world for service-provider interoperability. BGP is the most feature-rich and scalable routing protocol in use today. It supports the current requirements of the Internet and, with extended capabilities such as multiple protocol families and extended AS numbers, is well-positioned for the future.
Scalable IP Networks v2.01
Module 5 - 59
BGP Autonomous Systems
Types of autonomous systems Public y Range is 0 to 64511 y Assigned by ARIN or another regional authority
Private y Range is 64512 to 65535
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
60
All rights reserved © 2008 Alcatel-Lucent
Public autonomous systems Are assigned by the IANA or a regional authority Must be used to connect to other autonomous systems in the Internet Range is 0 to 64511 Private autonomous systems Are assigned by ISPs (for some clients), local administrators, and so on Are not allowed to be advertised to other ISPs or on the Internet Range is 64512 to 65535 Regional Internet Registries The IANA is the umbrella organization. Regional Internet Registries (RIRs) are nonprofit corporations established for the purpose of administration and registration of IP address space and Autonomous System (AS) numbers. There are five RIRs. Registry
Geographic Region
AfriNIC
Africa, portions of the Indian Ocean
APNIC
Portions of Asia, portions of Oceania
ARIN
Canada, the United States, and many Caribbean and North Atlantic islands
LACNIC
Latin America, portions of the Caribbean
RIPE NCC
Europe, the Middle East, Central Asia
Scalable IP Networks v2.01
Module 5 - 60
BGP Establishment
Initiate TCP connection TCP Phase
Initiate TCP connection OPEN BGP Session (AS Num)
BGP Phase
OPEN BGP Session (AS Num) Remove Redundant TCP connection
Keep Alive Session Maintenance
Keep Alive
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
61
All rights reserved © 2008 Alcatel-Lucent
Although BGP behavior is similar to other TCP/IP applications, BGP is an enhanced distance vector protocol, also called a path vector protocol. The characteristics of BGP are: Neighbors can be any reachable devices, not just directly connected devices Unicast exchange of information Reliability via TCP Uses well known TCP port 179 Periodic keepalive for session management Event-driven Robust metrics Neighbor relationships in BGP are somewhat different from what is normal in the IGP world. Traditionally, neighbors are always directly connected routers. With BGP, this is not the case. Neighbors may be directly connected, but it is not required because BGP uses unicast TCP/IP for neighbor establishment. Neighbor relationships can be established with any IP-reachable device. At the application layer, BGP functions similarly to other TCP/IP applications, such as Telnet, FTP, and HTTP. BGP may be viewed as an application because it uses registered port number 179 in the TCP/IP model.
Scalable IP Networks v2.01
Module 5 - 61
BGP Sessions IBGP neighbors are peers in the same autonomous system By default, they do not need to be directly connected
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
62
All rights reserved © 2008 Alcatel-Lucent
There are two types of BGP neighbor relationships: EBGP and IBGP. Regardless of the type, a BGP session between two devices is referred to as a neighbor or peer session. A BGP router is also referred to as a BGP speaker. A session between two devices in different autonomous systems is referred to as an external BGP or EBGP session. Typically devices with an EBGP session are directly connected, and share a common data link, but it is not mandatory. Because the devices are in different autonomous systems, the administration of each device is usually handled separately. Therefore, you should ensure that the configuration parameters match so that peering will succeed. A session between two devices in the same autonomous system is referred to as an internal BGP or IBGP session. Typically devices with an IBGP session are not directly connected, because they may be across the country or the world. Because the devices are in the same autonomous system, the administration of each device is usually handled by the same organization. You need to ensure that the configuration parameters match so that peering will succeed.
Scalable IP Networks v2.01
Module 5 - 62
BGP Routing
BGP uses multiple metrics to choose the best routes Requirements are different from IGP For example, AS 65250 will only use the link between Router A to C to send all traffic into AS 65250
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
63
All rights reserved © 2008 Alcatel-Lucent
The criteria that BGP uses for route selection are very different from an IGP. In an IGP environment, the routes are selected based on one metric such as cost, or hop count. However, when you use BGP to route traffic between organizations, the choice may not be solely made based on the shortest path, but rather financial, security, and geographical reasons. In this slide, AS 65250 has the following agreement with AS65200: any prefixes that are sent from AS 65250 will be installed such that the return traffic from AS 65200 will only exit from router A. Under the same agreement, AS65200 requires traffic from AS 65250 only enter the AS via router B.
Scalable IP Networks v2.01
Module 5 - 63
When to Use BGP Use BGP in the following environments You are an ISP and need to pass client traffic from one AS to another AS You need to multi-home to several ISPs because of company requirements Traffic flow from or to your company must be managed and controlled Do not use BGP in the following environments You do not need to have more than one connection to the Internet The company engineers do not understand how BGP works The hardware and physical links to the ISP cannot handle the load of BGP traffic
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
64
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 64
Use Case 1 – Which Customer Should Run BGP?
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
65
All rights reserved © 2008 Alcatel-Lucent
ISP-1 and ISP-2 will be running BGP since they are acting as transit providers for their customers to the Internet. The Internet is made up of hundreds or thousands of routers and AS numbers. Some of the larger Internet providers are shown in the Internet cloud and they interconnect and share routes between each other using eBGP. There are two enterprise customers shown in the diagram. Customer 1 has a single connection to ISP-1 and is borrowing address space from that provider (subnet 209.217.64.64/28). This customer will use a default-route to ISP-1. ISP-1 will have a route back to their customers subnet using either static-routes or a dynamic routing protocol. ISP-1, using BGP, will advertise their supernet of 209.217.64.0/18 to their upstream providers in the Internet cloud using eBGP. From the Internet it will appear as though 209.217.64.64/28 is not being advertised and only the supernet will be seen (209.217.64.0/18) coming from AS 7788 which belongs to ISP-1 (best practice is to summarize and not leak specific subnets in most cases). Customer 2 has a two connections for redundancy to ISP-1 and ISP-2. Customer 2 has their own IP address block which they received from ARIN. In the previous slide it was mentioned that, in most cases, there is no need to run a complex routing-protocol like BGP unless you have multiple connections to the Internet like Customer 2. Customer 2 requires redundant connectivity to the Internet because either they needed the extra bandwidth or simply cannot afford to be offline from the Internet if a link fails. The server in the Customer 2 cloud could be offering important files and must be online 24/7/365. From the Internet it will appears as though 200.46.198.0/24 is coming from AS 31000 which was assigned to Customer 2 from ARIN. In fact the Internet, using BGP, will see 200.46.198.0/24 with two ‘paths’. One path will be 200.46.198.0/24 from AS 31000, 26230 (ISP-2) and another path for this same address space coming from AS 31000, 7788 (ISP-1). Since BGP is a path-vector protocol, in most cases, the route selection used by the Internet (from AT&T as an example) will make it’s route selection to reach Customer 2 based on the shortest amount of AS-PATH’s (ASN’s). There are several route-metrics used in BGP for route selection and they are covered in detail in Alcatel-Lucent’s BGP course. Scalable IP Networks v2.01
Module 5 - 65
Use Case 2 - Enterprise to ISP Connection (BGP)
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
66
All rights reserved © 2008 Alcatel-Lucent
In this slide, the enterprise has a large OSPF network with multiple LAN segments. The enterprise also has multiple connections to two ISPs (AS 47 and AS 395). In this configuration, the enterprise will often run BGP to manage the connections with their ISPs. BGP policies are used to determine the path that is used for traffic to leave the enterprise. One ISP may be preferred for some routes, or one ISP may be used as a primary connection to the Internet with the other ISP used as a backup. Within the enterprise network, internal routing information is exchanged with OSPF. The enterprise networks are summarized as 100.200.0.0/20, and advertised to the ISPs and onwards to the Internet with BGP. In this scenario, the enterprise uses a private AS number and its routes are advertised by the ISPs using their AS numbers. The full set of Internet routes is not exported into OSPF. Instead, a default route is advertised by the Internet-connected routers. Some subsection of the BGP routes that are received may be advertised into the enterprise in order to influence the route for that traffic egresses the enterprise network.
Scalable IP Networks v2.01
Module 5 - 66
Use Case 3 - ISP Interconnections (Transit Traffic)
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
67
All rights reserved © 2008 Alcatel-Lucent
In this slide, an enterprise is connected to its two ISPs (AS 47 and AS 395). Routing information is exchanged between the enterprise and the two ISPs using BGP. Both ISPs are Tier 2 ISPs which means that they purchase transit capacity from one or more Tier 1 ISPs. Similar to the enterprise, the Tier 2 ISPs pay the Tier 1 providers to carry their traffic. The Tier 1 providers carry transit traffic. This is traffic that originated outside of their network and has a destination outside of their network. A Tier 2 ISP may be connected to more than one Tier 1 ISP, or may have transit arrangements with other Tier 2 ISPs. Multiple connections are often used to provide the ISP with a redundant path to all Internet destinations. An ISP with multiple connections to the Internet usually needs to control the path used for its traffic. The reason may be to ensure the shortest path, but often is related to cost or other considerations.
Scalable IP Networks v2.01
Module 5 - 67
Protocol Summary
Feature
RIPv2
BGP
OSPF
Updates
Periodic
Incremental
Incremental
Update type
Broadcast/Multicast
Unicast
Multicast
Authentication
Simple & MD5
MD5
Simple & MD5
Metric
Hops
Multiple
Cost
Metric type
Distance vector
Adv. DV
Link-state
VLSM/CIDR support
Yes
Yes
Yes
Topology size
Small
Very large
Large
Transport protocol
UDP
TCP
—
Application port #
520
179
—
IP #
17 (UDP)
6 (TCP)
89
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
68
All rights reserved © 2008 Alcatel-Lucent
This slide shows the differences and similarities of the routing protocols that are supported on the 7750 SR platforms. RIP, OSPF, and IS-IS are the IGPs; BGP is the EGP.
Scalable IP Networks v2.01
Module 5 - 68
LAB 5 – BGP
Alcatel-Lucent Scalable IP Networks v2.01
Module 5 |
69
All rights reserved © 2008 Alcatel-Lucent
See the Alcatel-Lucent IP Scalable Networks Lab Guide
Scalable IP Networks v2.01
Module 5 - 69
IP Routing Protocol Basics Section 6 — Module Summary
Scalable IP Networks v2.01
Module 5 - 70
Module Summary After successful completion of this module, you should understand: The concepts and purpose of IP routing The purpose and configuration of static routes The basic concepts of a dynamic routing protocol The purpose and basic operation of OSPF The purpose and basic operation of BGP
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
71
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 71
Learning Assessment Describe IP routing and the need for a routing protocol Differentiate between the static and dynamic routing protocols List and discuss the basic elements of a routing table Distinguish between the control plane and data plane Describe and differentiate between the Distance Vector and Link state methodologies Describe the OSPF adjacency establishment process Describe the usage of sequence numbers in OSPF Differentiate between an IGP and a EGP Describe the scope and operation of BGP Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 5 |
72
All rights reserved © 2008 Alcatel-Lucent
Module 5 - 72
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 02
Alcatel-Lucent Scalable IP Networks Module 6 — Overview of Transport Protocols
Module Overview Transport Layer Protocols TCP UDP Port Numbers and Sockets
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 6 |
2
All rights reserved © 2008 Alcatel-Lucent
Module 6 - 2
Overview of Transport Protocols Section 1 - Transport Layer Protocols
Transport Layer – Layer 4 Layer 4 of the OSI model Provides a data transport service to higher protocol layers Internet applications use a transport layer (TCP or UDP) TCP and UDP are transport protocols for the TCP/IP stack TCP provides a high level of service to upper protocols y Reliable data transfer and packet reordering y End-to-end error checking and flow control
UDP provides simple datagram delivery service y Unreliable service, but less overhead
OSI transport layers are TP0, TP1, TP2, TP3, and TP4 TP4 and TCP are functionally similar TP0 and UDP are functionally similar
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
4
All rights reserved © 2008 Alcatel-Lucent
In the TCP/IP stack Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) provide services similar to the OSI transport protocols. Therefore, TCP and UDP are often referred to as transport or Layer 4 protocols. Internet applications such as web browsing and e-mail transfer use the services of the transport protocols. If the application needs a high level of service, such as reliable data transfer and flow control, the application typically uses TCP for data transfer. If an application needs a simpler service with less overhead, the application may use the UDP. There are very few higher level protocols that do not use TCP or UDP. OSPF uses IP datagrams directly. OSPF does not use a transport protocol. The transport layers that are defined in the OSI provide a wide range of services. TP0 provides the lowest level of service and TP4 provides the highest level of service. Both TP4 and TCP are built to provide a reliable, connection-oriented, end-to-end transport service on top of an unreliable network service. The network service may lose packets, store packets, deliver packets in the wrong order, or even duplicate packets. Both protocols must be able to deal with the most severe problems (for example, a subnetwork stores valid packets and sends them at a later date). TP4 and TCP both have connect, transfer, and disconnect phases; their principles of operation during these phases are also quite similar. In an OSI network the session layer uses the OSI transport layer.
Scalable IP Networks v2.01
Module 6 - 4
Encapsulation of Application Data by TCP
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
5
All rights reserved © 2008 Alcatel-Lucent
An Internet application such as e-mail, that needs to transfer data across the Internet will use the services of an Internet transport protocol. E-mail uses TCP, because e-mail needs a reliable data transfer service. The application data is passed to the TCP services layer. The TCP layer divides the application data into segments, if necessary. Each TCP segment contains a TCP header. The size of the segments is based on the MTU size of the Layer 2 networks that are expected to be used for the transfer. The TCP segments are passed to the IP services layer. The IP services layer is responsible for the delivery of IP datagrams across the network. Each IP datagram contains an IP header and is routed across the network. Because IP is an unreliable service, if TCP determines that some of the IP datagrams were not received, TCP requests retransmission of the missing TCP segments, which provides a reliable transfer service. After the TCP segments are received by the receiving system, the TCP services layer supplies the application data to the receiving application exactly as the data was sent by the transmitting application. On a computer that is connected to the Internet, the TCP and IP services are usually provided as part of the operating system services.
Scalable IP Networks v2.01
Module 6 - 5
Overview of Transport Protocols Section 2 – Transmission Control Protocol
TCP Overview TCP Concepts TCP Header TCP Connection Management Establishing a TCP Connection – the Three-way Handshake TCP Reliable Data Transfer TCP Flow Control TCP Operation Congestion Control in TCP
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 6 |
7
All rights reserved © 2008 Alcatel-Lucent
Module 6 - 7
TCP Concepts
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
8
All rights reserved © 2008 Alcatel-Lucent
The primary purpose of TCP is to provide reliable communications between application services. Because the lower levels are unreliable, TCP must guarantee the delivery of the data. Functionality provided by TCP Data transfer — From the application-services viewpoint, TCP provides a contiguous stream of data through the network. TCP groups the bytes into segments, and passes the segments to the Internet layer for transmission to the destination. Reliability — TCP uses sequence numbers, which count each byte transmitted, and TCP waits for an acknowledgment from the far end. If the acknowledgment is not received within a specific interval, the data is retransmitted. Flow control — Flow control refers to the capability of the receiver to control the rate at which data is sent by the sender. The receiver specifies the "window size" parameter which indicates how many bytes it is capable of buffering. The sender is not permitted to send more than the amount specified by the window size until it receives an acknowledgement. If the window size is 0, the sender is not permitted to transmit any data until the window size is changed. Multiplexing — Port numbers are used for multiplexing and demultiplexing. Logical connections — To support reliability and flow control, TCP must initialize and maintain status information for each connection. The status information contains sockets numbers, sequence numbers, and window size. These components combine to form a logical connection. Full-duplex — A TCP connection is full duplex - either end may transmit data at any time. ---REFERENCE: RFC 793 defines details of TCP.
Scalable IP Networks v2.01
Module 6 - 8
TCP Header
The TCP header is used for all TCP segments including session establishment, session destruction, and during basic data transfer
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
9
All rights reserved © 2008 Alcatel-Lucent
Source and Destination ports — Port addresses identify the upper-layer applications that use the connection. Sequence Number — Each byte of data is assigned a sequence number. This 32-bit number ensures that data is correctly sequenced. The first byte of data that is sent by a station in a TCP header has its sequence number in this field (for example, 58000). If this segment contains 700 bytes of data, the next segment sent by this station will have sequence number of 58700 (that is, 58000 + 700). Acknowledgment Number — This 32-bit number indicates the next sequence number that the sending device expects from the other station. HLEN — The header length provides the number of 32-bit words in the header. Sometimes called the Data Offset field. Reserved — The value is always set to 0. Code bits — The following flags indicate the type of header: URG — Urgent pointer ACK — Acknowledgment PSH — Push function. This function causes the TCP sender to push all unsent data to the receiver rather than send segments when the sender sends the data (for example, when the buffer is full) RST — Reset the connection SYN — Synchronize sequence numbers FIN — End of data Window — The window indicates the range of acceptable sequence numbers after the last segment that was successfully received. The range of numbers is the allowed number of octets that the sender of the ACK is willing to accept before an acknowledgment. Checksum — Checksum is used to verify integrity of the TCP segment. Checksum calculation is performed on the TCP pseudo-header and data. This is the IP source and destination addresses, TCP header and the TCP data. Urgent pointer — The urgent pointer indicates the end of the urgent data so that interrupted data streams can continue. When the URG bit is set, the data is given priority over other data streams. Option — Several options are defined for TCP. The most common is the TCP MSS, which is sometimes called the Maximum Window Size or SMSS. Scalable IP Networks v2.01
Module 6 - 9
TCP Connection Management Before data is transmitted, connection must be established using three-way handshake MSS and other parameters may be negotiated at session establishment After session is established, data can be transmitted in both directions (full duplex) All of the data that is sent by the near end and the far end is acknowledged by the receiving end The connection is closed by each side when they are finished transmitting data
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
10
All rights reserved © 2008 Alcatel-Lucent
Maximum Segment Size (MSS) defines the largest segment that will be sent on the connection. The value is an estimate by the TCP of the size of datagrams that can be accommodated on the connection without fragmentation. Usually each side sends the MTU value of their Layer 2 connection in the MSS field. The lower of the two values is then used by both sides as the MSS. The problem with determining the MSS from the two endpoints is that there may be a link in the middle of the connection that has a smaller MTU than either end. In this case, all full size packets will have to be fragmented to transverse this link. Fragmentation is an inefficient operation, and should be avoided if possible. TCP may also perform Path MTU Discovery in which TCP attempts to find the MTU that is supported across the connection and use this MTU as the MSS. However Path MTU Discovery is not always supported.
Scalable IP Networks v2.01
Module 6 - 10
Establishing a TCP Connection – the Three-way Handshake
1. SYN (seq=A, ack=0) 2. SYN/ACK (seq=B, ack=A+1) 3. ACK (seq=A+1, ack=B+1)
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
11
All rights reserved © 2008 Alcatel-Lucent
The slide shows how a three-way handshake is established. In a TCP session, data is not transmitted until the three-way handshake is successfully completed and the session is considered open. The opening TCP segments include the sequence numbers from both sides. After a session is established between the two hosts, data can be transferred until the session is interrupted or shut down. Data is sent in TCP segments. The TCP segment is a combination of the data and a TCP header. There are three steps to establish the TCP session, (therefore, the term three-way handshake). These steps are: One endpoint (Host A) sends a TCP segment with the SYN bit set in the header. This indicates that the host needs to establish a TCP connection. TCP also selects a 32-bit sequence number to use for the session. This number is included in the TCP header and is known as the Initial Send Sequence (ISS). The acknowledgement field is 0. The other endpoint (Host B) receives the SYN segment and, if an application is ready to accept the connection, TCP sends a second segment with the SYN and the ACK bits set in the header. TCP on this host also selects its sequence number for the session and transmits the number as its ISS. TCP also sends a value in the acknowledgement field of the TCP header. This number is the value of the ISS that was received from the original sender plus 1. After the first endpoint (Host A) receives the SYN/ACK from the second endpoint (Host B), the first endpoint (Host A) transmits a TCP segment with only the ACK bit set. The sequence number that is sent is the original ISS plus 1. The acknowledgement number sent is the ISS that was received from the second endpoint (Host B) plus 1. The original endpoint (Host A) now considers the connection to be open and can start transmitting data. After the second endpoint (Host B) receives the ACK segment, the second endpoint (Host B) considers the connection to be open and the second endpoint (Host B) can start to transmit and receive data.
Scalable IP Networks v2.01
Module 6 - 11
TCP Reliable Data Transfer TCP provides a full-duplex, reliable data transfer service TCP maintains the order of application data across the network Reliable transfer is accomplished using positive acknowledgement with retransmission y Sender specifies sequence number of data sent y Receiver acknowledges by stating next sequence number expected y Sender retransmits if a specific sequence number is not acknowledged y Receiver uses sequence numbers to reorder the data stream for the application
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
12
All rights reserved © 2008 Alcatel-Lucent
If an application requires reliable transfer of its data across the network, the applications will use TCP to obtain that service. TCP is responsible for ensuring that all data is received and sent to the receiving application in the order in which it was sent. The technique is known as positive acknowledgement with retransmission. Data is often exchanged in both directions between the two ends of an application, therefore, TCP provides a full-duplex data exchange. This means that after the connection is established, each endpoint can transmit data. Only one TCP connection is required to provide this two-way data exchange. Each segment that is sent by TCP has an identifying sequence number transmitted in the TCP header. This sequence number indicates the number of the first byte of data in the overall data stream for this connection. The receiver acknowledges receipt of this data by transmitting an acknowledgement number that indicates the next byte of data in the stream that the receiver expects to receive. If some of the data is lost, the receiver will continue to send the same acknowledgement number that indicates the bytes that were received successfully. The sender maintains a retransmission timer. If the sender does not receive an acknowledgement for some bytes of data that were sent, the data will be retransmitted when the retransmission timer expires. Because the TCP segments are transmitted over an unreliable network service (IP network), the segments may arrive at the destination in a different order than they were originally sent. The sequence numbers are used by the receiver to reconstruct the data stream and ensure that the data is provided to the application in the same order that the data was sent.
Scalable IP Networks v2.01
Module 6 - 12
TCP Reliable Data Transfer Example
Sender
Receiver SEQ number 27000 TCP 500 bytes data ACK number 27500 Lost
SEQ number 27500 TCP 500 bytes data SEQ number 28000 TCP 500 bytes data ACK number 27500 SEQ number 28500 TCP 500 bytes data ACK number 27500 Retransmit
SEQ number 27500 TCP 500 bytes data ACK number 29000
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
13
All rights reserved © 2008 Alcatel-Lucent
This slide shows reliable data transfer between two hosts. 1. The sender sends a TCP segment with 500 bytes of data on an established connection. The sequence number is 27000. 2. The receiver acknowledges the receipt of this data with an acknowledgement number of 27500. 3. The sender sends another segment of 500 bytes with a sequence number of 27500. This segment is lost by the network (unreliable service). 4. The sender sends another segment of 500 bytes with a sequence number of 28000. This segment is successfully received by the receiver and is buffered. 5. The receiver sends an acknowledgement number of 27500 because the receiver still has not received the segment that contains the 500 bytes of data in the overall data stream. 6. The sender sends another segment of 500 bytes with a sequence number of 28500. This segment is received and buffered. Another acknowledgement of 27500 is sent. 7. The retransmission timer expires for the sender and the missing segment that contains 27500 is retransmitted. 8. The receiver receives the segment 27500 and now has the data up to byte 29000. The receiver sends an acknowledgement of 29000.
Scalable IP Networks v2.01
Module 6 - 13
TCP Flow Control Sending multiple segments without an acknowledgement results in higher data transfer rates Receiver must buffer the received data until the application requests it Flow control allows receiver to control the transmission rate Receiver uses the window parameter in TCP header to indicate how many bytes can be sent y The window field specifies how many bytes can be sent without an acknowledgement y If window value is 0, sender cannot transmit data until the receiver adjusts window size y The window size is always controlled by receiver
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
14
All rights reserved © 2008 Alcatel-Lucent
If a sender waits to receive acknowledgement for each segment that it sends before sending another segment, the effective throughput of the connection can be greatly limited over the bandwidth that is supported by the transmission media. This is not significant on a high-speed LAN because the acknowledgements are received very quickly. However, if the network round trip time (RTT) is long, the sender may spend a significant amount of time waiting for acknowledgements. To increase the overall throughput on TCP connections, TCP allows the sender to send more than one segment without waiting for an acknowledgement. This provides a higher overall throughput. However there is a danger of overwhelming the receiver with too much data. To avoid overwhelming the receiver, the amount of data that can be sent to the receiver must be controlled. To accomplish this, the received data is buffered in a preset amount of buffer space until it is requested by the application. The amount of buffer space is specified in the TCP header window parameter. When the receiver sends an acknowledgement, the receiver’s TCP header sets the value of the window parameter to specify the amount of buffer space in bytes that is available. This is the maximum amount of data that the sender can send before it receives the next acknowledgement. If the receiver’s buffer becomes full, the receiver sends a window size of 0 and the sender cannot transmit any more data. When the receiving application requests the data and buffer space is available, the receiver sends an updated window size and the sender can start to transmit more data. The window value is always set by the receiver, which provides a flow control mechanism for the receiver.
Scalable IP Networks v2.01
Module 6 - 14
TCP Flow Control Example
Sender
Receiver
ACK number 27000, window = 5000 SEQ number 27000 1000 bytes data SEQ number 28000 1000 bytes data SEQ number 29000 1000 bytes data
3000 bytes buffered
ACK number 30000, window = 2000 SEQ number 30000 1000 bytes data SEQ number 31000 1000 bytes data
5000 bytes buffered
ACK number 32000, window = 0 Application requests all data from TCP (5000 bytes) ACK number 32000, window = 5000 0 bytes buffered
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
15
All rights reserved © 2008 Alcatel-Lucent
This slide shows how flow control works. 1. The sender received an ACK from a previous transmission that indicates a window size of 5000 bytes. 2. The sender has 3000 bytes to send and transmits them in three 1000-byte segments, one after the other. 3. The receiver buffers the received data and sends an ACK to acknowledge all the received data. The receiver sets the window size to 2000. 4. The sender has more data to send. Because the last window size was 2000, the sender cannot send more than 2000 bytes. This data is sent in two 1000-byte segments. 5. The receiver buffers the 2000 bytes as they are received. Because the application has not requested any data, the initial 3000 bytes received are still being buffered. 6. The receiver’s buffer is now full and an ACK with a window value of 0 is sent. 7. Even if the sender has more data to send, the sender must not transmit any more data because the window size is currently 0. 8. The application requests data from TCP and the 5000 bytes are taken from the buffer. The buffer is now empty and an ACK is transmitted to reset the window size to 5000. 9. When the sender receives the new window size, the sender can now transmit more data.
Scalable IP Networks v2.01
Module 6 - 15
TCP Operation Example
Seq.no. 122 Ack.no. 0 Wnd 8192 LEN = 0B
Initial 3-way handshake
SYN
Seq.no. 286 Ack.no. 123 Wnd 8760 LEN = 0B Seq.no. 123 Ack.no. 287 Wnd 8192 LEN = 0B
SYN+ACK ACK
Seq.no. 123 Ack.no. 287 Wnd 8192 LEN = 200B
Data transfer
Ack.no. 323 Wnd 8560 Seq.no. 323 Ack.no. 287 Wnd 8192 LEN = 400B Ack.no. 723 Wnd 8160 Seq.no. 723 Ack.no. 287 Wnd 8192 LEN = 0B
Closing session
FIN
Seq.no. 287 Ack.no. 724 Wnd 8160 LEN = 0B Seq.no. 724 Ack.no. 288 Wnd 8192 LEN = 0B
Alcatel-Lucent Scalable IP Networks v2.01
FIN+ACK ACK
Module 6 |
16
All rights reserved © 2008 Alcatel-Lucent
Assumptions Although the data transfer and window parameter negotiation occur as a duplex operation, the slide above only shows a single-sided transfer. Initial Three-way handshake 1. The session begins with host 10.10.10.1/24, which initiates a SYN that contains the sequence number 122, which is the ISS. There are only zeros in the acknowledgment number field because this field not used in the SYN segment. The window size of the sender starts as 8192 octets. 2. The receiving host sends its ISS (286) in the sequence number field and acknowledges the sender's sequence number by incrementing the number by 1 (123); the receiver expects this value to be the starting sequence number of the data bytes that the sender will send next. This is called the SYN-ACK segment. The receiver's window size starts as 8760. 3. When the SYN-ACK is received, the sender issues an ACK that acknowledges the receiver's ISS by incrementing the ISS by 1 and placing the value in the acknowledgment field (287). The sender also sends the same sequence number that it sent previously (123). These three segments that are exchanged to establish the connection never contain any data. Data transfer 1. From now on, ACKs are used in every segment sent. The sender starts sending data by specifying the sequence number 123 again because this is the sequence number of the first byte of the data that it is sending. Again, the acknowledgment number 287 is sent, which is the expected sequence number of the first byte of data that the receiver will send. In this example, the sender initially sends 200 bytes of data in one segment. (…Continued on slide 17)
Scalable IP Networks v2.01
Module 6 - 16
TCP Operation Example
Seq.no. 122 Ack.no. 0 Wnd 8192 LEN = 0B
Initial 3-way handshake
SYN
Seq.no. 286 Ack.no. 123 Wnd 8760 LEN = 0B
SYN+ACK
Seq.no. 123 Ack.no. 287 Wnd 8192 LEN = 0B
ACK
Seq.no. 123 Ack.no. 287 Wnd 8192 LEN = 200B
Data transfer
Ack.no. 323 Wnd 8560 Seq.no. 323 Ack.no. 287 Wnd 8192 LEN = 400B Ack.no. 723 Wnd 8160 Seq.no. 723 Ack.no. 287 Wnd 8192 LEN = 0B
Closing session
FIN
Seq.no. 287 Ack.no. 724 Wnd 8160 LEN = 0B
FIN+ACK
Seq.no. 724 Ack.no. 288 Wnd 8192 LEN = 0B
Alcatel-Lucent Scalable IP Networks v2.01
ACK
Module 6 |
17
All rights reserved © 2008 Alcatel-Lucent
(…Continued from slide 16) Data transfer (continued) 2. The receiver acknowledges the receipt of the data by sending the number 323 in the acknowledgment number field, which acknowledges that the next byte of data to be sent will start with sequence number 323. It is assumed that sequence numbers up to and including 323 have been successfully received. Note that not every byte needs to be acknowledged. The receiver subtracts 200 bytes from its previous window size of 8760 and sends 8560 as its new window size. 3. The sender sends 400 bytes of data, starting at sequence number 323. Closing session 1. The receiver acknowledges receipt of the data with the number 723 (323 + 400). The receiver subtracts 400 bytes from the previous window size of 8560 and sends the new window size of 8160. 2. The sender transmits the expected sequence number 723 in a FIN because, at this point, the application needs to close the session. The receiver sends a FIN-ACK that acknowledges the FIN and increments the acknowledgment sequence number by 1 to 724, which is the number that the receiver will expect on the final ACK. 3. The sender transmits the final ACK, which confirms the sequence number 724.
Scalable IP Networks v2.01
Module 6 - 17
Congestion Control in TCP IP does not provide a congestion control mechanism An IP router that experiences congestion drops packets TCP includes a congestion control mechanism y TCP gradually increases transmission rate on a new connection until there is congestion (slow start) y When there is congestion, TCP reduces the transmission rate (congestion avoidance) y Transmission rate is gradually increased until there is congestion again
Transmission rate is controlled by the congestion window which is maintained by the sender Regardless of the congestion window value, the sender never sends more data than allowed by the window size Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
18
All rights reserved © 2008 Alcatel-Lucent
Congestion control and IP Although ICMP contains a “source quench” message type that is intended for congestion control, this message type is not used for end-to-end congestion control. The normal behavior of an IP router when there is congestion is to queue packets for a relatively short period. If the queuing space is depleted, additional packets are discarded. Congestion control and TCP TCP implements a congestion control mechanism to help manage congestion on an end-to-end connection. A variety of different algorithms are used, but TCP congestion control typically has two phases slow start and congestion avoidance. After a TCP connection is established, data is not immediately transmitted to the maximum value that is allowed by the TCP window size. Instead, transmission by the sender is limited by the congestion window. This value is initially set to one or two segments. Each time a segment is acknowledged, the congestion window is increased. This is the slow start phase of TCP. When congestion is detected (either through the receipt of duplicate ACKs or the expiry of a timer that measures the round trip time), TCP enters congestion avoidance. The congestion window is reduced and then gradually increased until congestion is encountered again. This process continues through the life of the TCP connection. The maximum transmission rate is ultimately controlled by the TCP window size, because this is the receiver’s flow control mechanism. If the window size is less than the size allowed by the congestion window, the transmission rate will never exceed the size specified by the TCP window.
Scalable IP Networks v2.01
Module 6 - 18
TCP Congestion Control Example
Sender
Receiver ACK number 12000, window = 8000
Slow start
SEQ number 12000 1000 bytes data
cnwd = 1 cnwd = 2
ACK number 13000, window = 7000 SEQ number 13000 1000 bytes data SEQ number 14000 1000 bytes data
cnwd = 4
ACK number 15000, window = 6000 SEQ number 15000 1000 bytes data SEQ number 16000 1000 bytes data SEQ number 17000 1000 bytes data
dropped
SEQ number 18000 1000 bytes data
delayed
ACK number 17000, window = 6000 cnwd = 2
Congestion avoidance
Alcatel-Lucent Scalable IP Networks v2.01
ACK number 17000, window = 7000
Module 6 |
19
All rights reserved © 2008 Alcatel-Lucent
This slide shows how TCP congestion control works. 1. During the three-way handshake to establish the connection, the receiving side specified a window size of 8000. An MSS of 1000 bytes has also been established for the connection. 2. Because this is the start of the session, the sender is in the slow start phase and therefore, sets its congestion window (cnwd) value to 1. Therefore, the sender transmits one segment of 1000 bytes even though there is more data to send and a window size of 8000 is specified by the receiver. 3. The first segment is acknowledged by the receiver with a window size of 7000 and the segment is buffered. The sender increases its cnwd value to 2. The sender can now transmit two segments of 1000 bytes each. 4. The receiving application has used the previous segment, but the two new segments are buffered and are acknowledged with a window size of 6000. 5. Because the sender received an acknowledgement for two more segments, the sender increases the cnwd value by 2 to 4. The sender then transmits 4 segments of 1000 bytes each. 6. The third segment is dropped due to congestion and the fourth segment is delayed. When the first two segments are received, an acknowledgement (17000) is sent. Because the previously buffered segments have been used and the two new segements are buffered, the window size is 6000. 7. After a delay, because of congestion, the fourth segment is received and acknowledged. Because the third segment is still missing, the acknowledgement number is still 17000. Because the two previous segments have been used and the new segment is buffered, the window size is 7000. 8. When the sender receives the second acknowledgement, the sender determines that congestion occurred and enters the congestion avoidance phase. The cnwd value is reduced by half to 2. Depending on timer values and the implementation, the missing segment may be retransmitted immediately or later.
Scalable IP Networks v2.01
Module 6 - 19
Overview of Transport Protocols Section 3 - User Datagram Protocol
UDP - Overview Capabilities UDP header User Datagram Protocol
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 6 |
21
All rights reserved © 2008 Alcatel-Lucent
Module 6 - 21
UDP Capabilities UDP provides a connectionless, unreliable datagram delivery service Used when a reliable mechanism is not required or when the overhead of TCP is not required, for example y DNS performs simple query/response and does not require reliable service y RPC needs simple transport and manages reliability itself y UDP is often used for audio and video streams y Real-time nature of the application means that retransmission is not practical y RTP provides sequencing and timing information
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
22
All rights reserved © 2008 Alcatel-Lucent
The User Datagram Protocol (UDP) provides a simple, connectionless, unreliable datagram delivery service. The service is similar to the service that is provided by IP, although UDP has port addresses to support multiplexing between different applications. UDP is used when an application does not need a reliable transfer mechanism or if the application needs to avoid the additional overhead of TCP. Unreliable refers to the fact that UDP does not provide flow control, acknowledgement, or retransmission capabilities such as those provided by TCP. These capabilities slow down communication. Therefore, UDP may be used for applications where real-time factor is more critical than packet loss; for example for Voice over IP. Domain Name System (DNS) resolves domain names (such as www.alcatel-lucent.com) to an IP address. This is a simple query and response. As a result, the overhead of establishing a connection is not worthwhile. If the query or response is dropped, the host sends the query again. Remote Procedure Call (RPC) supports inter-process communication across a network. Many implementations of RPC manage the reliability and sequencing of data and use UDP as a simple datagram delivery service to avoid the overhead of TCP. UDP is also widely used for real-time audio and video streaming. Because these applications often have realtime constraints, retransmitting lost data is not a viable option and the application uses other methods to handle missing data. Many of these applications use Real Time Protocol (RTP), which includes a mechanism for carrying sequence and timing information. Timing information is not provided in TCP and this is important for many real-time applications. RTP data is carried in UDP datagrams.
Scalable IP Networks v2.01
Module 6 - 22
UDP Header
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
23
All rights reserved © 2008 Alcatel-Lucent
UDP provides a simple datagram delivery service. There is no additional connection overhead such as the overhead in TCP. The application data is transmitted in a UDP datagram. The UDP header is very simple compared to the TCP header. There are no synchronization, sequence, or acknowledgment fields. The header only contains the source and destination application port number, a length field for the length of the data, and a checksum. Therefore, the UDP datagram has very little overhead. Some protocols that use UDP include: SNMP, DNS, and DHCP. ----REFERENCE: Originally defined in RFC768
Scalable IP Networks v2.01
Module 6 - 23
UDP Example
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
24
All rights reserved © 2008 Alcatel-Lucent
Unlike TCP, UDP offers no delivery guarantees or congestion avoidance. UDP is considered to be a means of best-effort transport. UDP provides a transport mechanism for one application to send a datagram to another application. The responsibility for error recovery or any form of reliability resides with the application itself. Similar to TCP, UDP uses port numbers to identify the receiving and sending application processes. UDP uses the port numbers in the multiplexing and demultiplexing operations. UDP is especially suitable for real-time applications such as VoIP that require low overhead and do not benefit from retransmission of lost data. The following are some of the well-known UDP port numbers: Port 67 – Dynamic Host Configuration Protocol (DHCP) Port 69 – Trivial File Transfer Protocol (TFTP) Port 123 – Network Timing Protocol (NTP) Port 520 – Routing Information Protocol (RIP)
Scalable IP Networks v2.01
Module 6 - 24
Overview of Transport Protocols Section 4 - Port Numbers and Sockets
Ports and Sockets Overview Ports and Sockets Ports Sockets Telnet
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 6 |
26
All rights reserved © 2008 Alcatel-Lucent
Module 6 - 26
Ports and Sockets Transport layer (TCP and UDP) port numbers act as transport addresses Port numbers allow multiple applications to use a transport protocol simultaneously (multiplexing) Port numbers identify the application that receives incoming data at the receiver Application access to transport layer services is through a socket Server applications usually “listen” to a well-known port y 80 is a well-known port for HTTP y 23 is a well-known port for Telnet
Client application connects to the server on the well-known port
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
27
All rights reserved © 2008 Alcatel-Lucent
Both TCP and UDP contain a source and destination port number in their headers. These port numbers allow multiple applications to use the transport simultaneously on the same physical connection. This capability is known as transport-level multiplexing. If several transport sessions are active for a system on the network, the data is demultiplexed based on the source address and port number when the data arrives. This allows TCP or UDP to identify the application process that the incoming data is destined to. Typically, a server application listens to a well-known port. This means that all incoming data destined for the port is given to the application. The client application will then connect to the well-known port in order to establish communication. Servers are not required to use the well-known port, but the client application must know the port to connect to. For example, the well-known port for HTTP is 80. When the web server is started, the server will typically listen to port 80. Client requests will be made to port 80 and the requests will be passed to the web server to respond. In some cases, the web server may be configured to listen to a port other than 80; for example, some web servers are configured to listen on port 8080. In this case, the client must know to connect to port 8080. If the request is made to port 80, there will be no response since there is no process listening to port 80.
Scalable IP Networks v2.01
Module 6 - 27
Ports
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
28
All rights reserved © 2008 Alcatel-Lucent
Ports identify an application service. This allows the transport layer to differentiate between application services. Each process that needs to communicate with another process identifies itself to the transport layer by using one or more port numbers. A port is a 16-bit number that is used by the host-to-host protocol to identify to which higher-level protocol or application service the port must deliver incoming messages. There are two types of port numbers: Well-known ports — Well-known port numbers belong to standard servers. The port numbers range from 1 to 1023. These port numbers are assigned by the IANA. Ephemeral ports — Client applications do not require well-known port numbers because they initiate communications with servers. The host system allocates each client process a port number for as long as the process needs the port number. The port numbers range from 1024 to 65535 and are not controlled by the IANA. Because the host dynamically assigns the port number to the client application, the port number may vary each time that the client application is started.
Scalable IP Networks v2.01
Module 6 - 28
Sockets Unique application handle into the TCP/IP stack Used to differentiate application users between network hosts Formulated by using a transport protocol, IP address, and application source and destination port numbers Created at both ends of the data transfer (that is, the source and destination) Example: y Socket address = Protocol, local IP address, and local port number (for example, TCP, 138.120.3.1, 15633) y Conversation = Protocol, local IP address, local port number, remote IP address, and remote port number (for example, TCP, 138.120.3.1, 15633. 137.10.2.2, 23) Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
29
All rights reserved © 2008 Alcatel-Lucent
Sockets are used to identify the network connection between applications. Although applications on different hosts can be differentiated using IP addresses and destination addresses, it is impossible to differentiate between two sessions on the same hosts for the same application. Example: There are two Telnet sessions between Host A and Host B. The IP address and destination port numbers are not enough for Host B to differentiate between the two Telnet sessions. In this case, the source port numbers, which are unique for each Host A client session, are required for Host B to differentiate between the packets of each of the sessions. The next slide contains a detailed example of Telnet. In this example of a Telnet request, Host A uses a unique source port number and the well-known port number 23 as the destination port for the server application on Host B.
Scalable IP Networks v2.01
Module 6 - 29
Transport Example — Telnet
TCP/IP A1 138.120.191.233
A2
2 Telnet client 1 6
2 Telnet client 2 4
Operating system
7
1 4
Telnet server
5
138.120.168.100
6
Operating system
Operating system
1. 2.
Enable Telnet server application Enable Telnet client 1 and Telnet client 2 application
3.
Create socket address for client 1 of TCP,138.120.168.100,23, 138.120.191.233,15633, and for client 2 of TCP, 138.120.168.100,23, 138.120.191.233,15634
4. 5.
Connect client 1 and client 2 to server Listen to client requests, incoming request from client 1 and incoming request from client 2
6. 7.
Conversation with client 1: TCP, 138.120.168.100,23,138.120.191.233,15633 and Conversation with client 2: TCP, 138.120.168.100,23,138.120.191.233,15634
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
30
All rights reserved © 2008 Alcatel-Lucent
PC A wants to Telnet into a server with two applications, A1 and A2. The IP address of A is 138.120.191.233 and the server address is 138.120.168.100. Application A1 opens a client session with a socket handle. Application:
Telnet
Source port number:
15633
Destination port number: 23 Transport layer:
TCP
Socket handle:
TCP, 138.120.191.233, 15633
Application A2 Application:
Telnet
Source port number:
15322
Destination port:
23
Transport layer:
TCP, 138,120.191.233, 15634
The server enables the Telnet server and creates a destination socket. Application:
Telnet server
Source port number:
23
Destination port number: 15633, 15634 Socket handle:
Scalable IP Networks v2.01
TCP, 138.120.168.100, 23
Module 6 - 30
Overview of Transport Protocols Section 5 - Module Summary and Learning Assessment
Scalable IP Networks v2.01
Module 6 - 31
Module Summary After the successful completion of this module, you should understand the following concepts TCP uses port numbers for multiplexing between applications TCP provides connection-oriented services between hosts TCP provides delivery guarantees for data UDP uses port numbers for multiplexing between applications UDP provides a connectionless service UDP does not provide delivery guarantees for data
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 6 |
32
All rights reserved © 2008 Alcatel-Lucent
Module 6 - 32
Learning Assessment Describe what a send_SYN is used for Describe whether the send and receive windows on a local host must match Describe the process that works in conjunction with the congestion-avoidance process in TCP when network congestion is detected Describe how UDP establishes a session Describe how UDP identifies the application services that it is supporting
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 6 |
33
All rights reserved © 2008 Alcatel-Lucent
Module 6 - 33
www.alcatel-lucent.com
Alcatel-Lucent Scalable IP Networks v2.01
Module 6 |
34
3HE-02767-AAAA-WBZZA Edition 02
All rights reserved © 2008 Alcatel-Lucent
Alcatel-Lucent Scalable IP Networks Module 7 — 7750 SR and 7450 ESS Services Overview
7750 SR and 7450 ESS Services Overview Services Building Blocks - Network Components Provider Edge (PE) Node Components VPN Service Building Blocks – Tunneling Concepts MPLS Basics Service Building Blocks – MPLS Fundamentals MPLS VPN Services VPWS – Ethernet Encapsulation VPLS VPRN
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 7 |
2
All rights reserved © 2008 Alcatel-Lucent
Module 7 - 2
Services Building Blocks - Network Components
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
3
All rights reserved © 2008 Alcatel-Lucent
Customer edge devices A customer edge (CE) device resides on the customer premises. The CE device provides access to the service provider network over a link to one or more provider edge (PE) routers. The end user typically owns and operates these devices. The CE devices are unaware of tunneling protocols or VPN services that are provided by the service provider. Provider edge devices A provider edge (PE) device has at least one interface that is directly connected to the CE devices. In addition, a PE device usually has at least one interface that connects to the service provider core devices, or provider routers. Because the PE device must be able to connect to different CE devices over different access media, the PE device is usually able to support many different interface types. The PE device is the customer's gateway to the VPN services offered by the service provider. Provider router Provider (P) routers are located in the provider core network. The P router supports the service provider’s bandwidth and switching requirements over a geographically dispersed area. The P router does not connect directly to the customer equipment.
Scalable IP Networks v2.01
Module 7 - 3
Provider Edge (PE) Node Components
Service Access Point (SAP) y The logical entity that serves as the customer access to the service
Service Distribution Points (SDP) y The method that a service uses to connect to another router’s service y The transport tunnel encapsulation that this service will be using MPLS/RSVP-TE, MPLS/LDP, or IP/GRE y SDPs are locally unique, the same SDP ID can be used on another router y SDP is not specific to one service, many services can use the same SDP
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
4
All rights reserved © 2008 Alcatel-Lucent
The terms customers and subscribers are used synonymously The customer ID is assigned when the customer account is created To provision a service, a customer ID must be associated with the service at the time of service creation
Scalable IP Networks v2.01
Module 7 - 4
4
VPN Service Building Blocks – Tunneling Concepts
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
5
All rights reserved © 2008 Alcatel-Lucent
In order to be able to provide a virtual private network (VPN) service, the service provider must encapsulate the customer data to traverse the service provider network. Depending on the nature of the VPN service, the encapsulation of the Layer 2 and Layer 3 headers may be included. The customer data must be transported without any changes across the service provider network from one customer site to another customer site. In order to accomplish this, an additional header is added to the customer data for transport across the service provider network. Instead of routing or switching the data across the service provider’s network using the customer’s Layer 2 or Layer 3 headers, the data traverses the network using the header that is added at the edge of the service provider network. Therefore, the customer data is effectively tunneled across the service provider network unchanged.
Scalable IP Networks v2.01
Module 7 - 5
MPLS Basics – Common Acronyms MPLS has become the basic building block for the various services and VPNs offered on the 7750 SR platforms. Below are some of the more common MPLS acronyms that are used when discussing services: LER — Label edge router LSR — Label switch router LSP — Label switch path Push Swap Pop Label Stack RSVP-TE — Resource reservation protocol with traffic engineering extensions T-LDP — Targeted label distribution protocol
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 7 |
6
All rights reserved © 2008 Alcatel-Lucent
Module 7 - 6
MPLS Basics
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
7
All rights reserved © 2008 Alcatel-Lucent
In an MPLS network, routers are categorized as Label Edge Routers (LERs) or Label Switch Routers (LSRs). The LERs are the endpoints of the MPLS tunnels, known as Label Switched Paths (LSPs), and are normally at the edge of the network. The LSRs are at the core of the network and provide the connectivity between the LERs. The MPLS-enabled routers (LERs and LSRs) use a signaling protocol to distribute labels across the network. These labels are used to make the forwarding decision for incoming traffic rather than the IP address. This basically turns the Layer 3, routed network into a switched network. The method for distributing labels through the network depends on the signaling protocol being used, either LDP or RSVP. The next few slides discuss LDP at a high level. RSVP and LDP are covered in more detail in the MPLS course.
Scalable IP Networks v2.01
Module 7 - 7
MPLS Basics (continued)
Alcatel-Lucent Scalable IP Networks v2.01
Network
Label
Interface
10.1.1.0/24 10.1.2.0/24
20
1
Module 7 |
8
All rights reserved © 2008 Alcatel-Lucent
Before LDP can be enabled on a router, the network must be running a routing protocol. The routing protocol allows LDP to find the adjacent router and automatically set up a peering session with adjacent LDP-enabled routers. Once a peering session is established, the routers check their routing tables and send out a label associated with networks that they see. In this slide, an LDP session is established between Router 2 and Router 3. Router 3 checks its routing table for networks that Router 3 sees behind Router 2 and sends a label to Router 2 to represent those networks. For example, Router 3 sends a label with the value 20 to represent networks 10.1.1.0/24 and 10.1.2.0/24. Each time Router 2 receives a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, the router pushes the label (20) onto the packet and puts the packet in the LSP that takes the MPLS frame to Router 3. Because Router 3 has sent the label (20), the router knows that any MPLS frame coming in with the label (20) is destined for a network that is terminated from it. Router 3 removes the label (20) from the frame, does a Layer 3 look up, and routes the packet to its destination.
Scalable IP Networks v2.01
Module 7 - 8
MPLS Basics (continued)
Alcatel-Lucent Scalable IP Networks v2.01
Ingress Label
Network
Egress Label
Interface
10
10.1.1.0/24 10.1.2.0/24
20
1
Module 7 |
9
All rights reserved © 2008 Alcatel-Lucent
The previous slide described the LDP session between Router 2 and Router 3. In this slide, LDP is enabled on Router 1. Router 1 now sets up a peering session with Router 2. Router 2 sends a label to Router 1 to represent the networks that Router 2 sees behind Router 1. In this case, Router 2 sends a label with a value of 10 to Router 1 to represent the 10.1.1.0/24 and 10.1.2.0/24 networks. Note that the label that is sent to Router 1 is not the same label that Router 2 received from Router 3. Labels are only locally significant. When receiving a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, Router 1 pushes a label (10) onto the packet and sends it to Router 2. At this point Router 2’s function has changed. Now, when it receives an MPLS frame with a label (10) it swaps (switches) out the label (10), replaces it with the label (20), and sends it to Router 3. Router 3’s function remains the same. Router 3 removes the label (20) and routes the packet to its destination.
Scalable IP Networks v2.01
Module 7 - 9
MPLS Basics (continued)
Network 10.1.1.0/24 10.1.2.0/24
Label
Interface
Label
10
1
20
Ingress Label 10
Alcatel-Lucent Scalable IP Networks v2.01
Network 10.1.1.0/24 10.1.2.0/24
Egress Label 20
Route
Interface 1
Module 7 |
10
All rights reserved © 2008 Alcatel-Lucent
This slide shows the complete LSP setup from Router 1 to Router 3. Router 1’s function is to perform a Layer 3 lookup, and if the packet is destined for one of the networks supported by Router 3, Router 1 pushes (encapsulates the packet in an MPLS frame) the appropriate label onto the packet. This is the function of an LER. When Router 2 receives the MPLS frame, it examines the label, swaps the label for the appropriate egress label, and sends the frame out the appropriate interface to its destination. Router 2 now functions as an LSR and is basically a Layer 2 switch function. When receiving the MPLS frame, Router 3 examines the label and pops (removes the packet from the MPLS frame) the label, performs a Layer 3 lookup, and routes the packet to the appropriate network. Note that LSPs are unidirectional. For bidirectional communications, an additional LSP must be set up in the opposite direction.
Scalable IP Networks v2.01
Module 7 - 10
Service Building Blocks – MPLS Fundamentals
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
11
All rights reserved © 2008 Alcatel-Lucent
The encapsulation by the MPLS label of the Layer 2 header that is received from the CE device depends on whether a Layer 2 or Layer 3 VPN service is offered by the carrier. This is discussed later in this module. In an MPLS network, the first PE router is called the Ingress Label Edge Router (iLER). The iLER encapsulates the customer PDU with an MPLS label. The intermediate routers, which are usually P routers, are called Label Switching Routers (LSRs). LSRs make switching decisions that are based on the MPLS label. The LSR reads the label in the incoming MPLS frame, makes a switching decision, swaps the label, and then transmits the MPLS frame out the appropriate port. The last PE router on the LSP is the Egress Label Edge Router (eLER). The eLER is the termination point of the LSP, or the end of the tunnel. The egress LER removes the MPLS label and forwards the customer PDU to the CE device. Packet walkthrough In this slide, CE1 sends a data frame towards CE2. On an Ethernet interface, this is a normal IP datagram that is encapsulated in Ethernet. CE1 is not aware of the MPLS LSP that originates on PE1. The packet that is sent from CE1 to PE1 is unlabeled because the packet does not contain an MPLS label. When the packet reaches PE1, an MPLS label is applied to the frame. This label corresponds to the LSP that ends on PE2. The MPLS label encapsulates the unlabeled packet that was received from CE1. The labeled MPLS packet is then sent along the LSP to P2. P2 processes the MPLS packet and checks its MPLS table to perform a label swapping operation. It reads label value 101, performs a table lookup, switches the packet out of the appropriate interface to P3, and applies the label value of 96. P3 performs a similar label swap operation and switches the MPLS packet out from its interface to PE2 with the label value 101. Note that, by coincidence, this is the same label value that is used by PE1. However, this is not a problem because labels are locally significant to the router. When PE2 receives the labeled packet, PE2 performs a lookup on the received label value of 101. Because P2 is an edge router that is directly connected to CE2, PE2 strips the MPLS label and then forwards the unlabeled packet to CE2. As with CE1, CE2 is totally unaware of the LSP through the provider core. CE2 receives the same PDU as though CE1 and CE2 were directly connected.
Scalable IP Networks v2.01
Module 7 - 11
Services Building Blocks - MPLS Fundamentals (continued)
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
12
All rights reserved © 2008 Alcatel-Lucent
Because MPLS tunnels are unidirectional, two LSPs are required for bidirectional communication. Therefore, traffic that is sent between two customer sites may follow different paths over the network. The LSP is defined by the labels that are used to switch along the path. These labels may be configured statically, but are usually signaled dynamically with an MPLS label signaling protocol. Because MPLS labels are locally significant to the router, two routers on the LSP can use the same label for the same or different LSPs.
Scalable IP Networks v2.01
Module 7 - 12
MPLS An MPLS path is defined by the labels used to switch along the path Two protocols are available to dynamically signal labels: LDP and RSVP LDP always follows the path chosen by the IGP y An MPLS node distributes labels to all its neighbors y The MPLS node selects the next-hop neighbor according to the IGP and uses the label from that next-hop neighbor
RSVP LSPs may follow IGP or may take other paths y Path can be explicitly specified y Path can be chosen using a traffic engineering-enabled routing protocol y Additional paths can be created for redundancy Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
13
All rights reserved © 2008 Alcatel-Lucent
An MPLS path is defined by the labels that are used to switch along the path. The egress router of the LSP signals the label that should be used for the LSP to the next upstream router. The upstream router will transmit data; data flows from upstream to downstream. The two protocols that are available to dynamically signal labels are: LDP and RSVP. MPLS and LDP When LDP is the label signaling protocol, the LSP always follows the path chosen by the Interior Gateway Protocol (IGP). An LSR that has LSPs passing through or ending on the router distributes a label for each LSP to all its LDP neighbors. An upstream router may receive labels for a specific LSP from multiple neighbors and chooses the downstream router to use based on the next hop that is determined by the IGP. This means that the next-hop LSR for the LSP is the same as the next-hop router that is chosen by the IGP; the label that is used is the one signaled by that neighbor. MPLS and RSVP When RSVP is the label signaling protocol, labels are specifically requested by the ingress router for the LSP. The request travels along the path to the egress LSR, which generates a label for the LSP. This path may follow the IGP, in which case the path will be the same as the one used by LDP. A second option is that the path of the LSP may be explicitly specified, partially or completely. A third option is that a traffic engineering-enabled routing protocol will be used to choose a path that meets some specific constraints. The RSVP also allows additional, redundant paths to be created that can be used for fast failover if the original LSP fails. The services that are transported over an LSP are then protected so that a failover to the backup LSP can be performed much more quickly than when only the IGP is relied on.
Scalable IP Networks v2.01
Module 7 - 13
VPN Services Service routers allow service providers to offer simple, transparent L2 and L3 VPNs to customers over the service providers existing IP/MPLS networks The 7750 SR offers the following L2 and L3 VPN services: y VPWS — Provides L2 point-to-point service — Emulates a single leased line or circuit between two locations — Supports Ethernet, frame relay, and ATM encapsulation
y VPLS — Provides L2 multipoint service — Emulates a simple L2 LAN switch between two or more locations
y VPRN — Provides L3 service — Emulates a simple IP router between two or more sites
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
14
All rights reserved © 2008 Alcatel-Lucent
Service routers use MPLS to provide a variety of VPN services over their core IP/MPLS network. The service provider can offer simple, transparent Layer 2 and Layer 3 VPN services to multiple customers over a single network. Three types of services are supported: VPWS, VPLS and VPRN. Virtual Private Wire Service Virtual Private Wire Service (VPWS) is a simple Layer 2 service that emulates a single leased line or circuit between two locations. The customer has no knowledge of the service provider network; the service acts as a simple point-to-point connection between customer sites. The VPWS can emulate an Ethernet connection (epipe), a frame relay connection (fpipe), or an ATM connection (apipe). The Layer 2 frames of customer data are encapsulated in MPLS labels and tunneled across the service provider network. Virtual Private LAN Service Virtual Private LAN Service (VPLS) is a Layer 2 multipoint service that can be used to interconnect more than two customer locations. From the customer’s perspective, VPLS looks as though a simple Layer 2 LAN switch exists between the different customer locations. The Ethernet frames of customer data are encapsulated in MPLS labels and tunneled across the service provider network. Virtual Private Routed Network Virtual Private Routed Network (VPRN) is a Layer 3 service that makes the service provider network appear as a simple IP router that connects two or more customer locations. The VPRN allows the CE devices to exchange route information with the VPRN as if it were an IP router. The IP packets containing customer data are encapsulated in MPLS labels and tunneled across the service provider network.
Scalable IP Networks v2.01
Module 7 - 14
VPWS – Ethernet Encapsulation
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
15
All rights reserved © 2008 Alcatel-Lucent
A VPWS is a simple point-to-point service, emulating a simple Layer 2 connection between two customer locations. The customer frame is not checked and MAC learning is not performed by the VPWS. The customer Layer 2 frames are encapsulated in MPLS labels and switched across the service provider network. Service access points (SAPs) are defined on the PE devices that face the customer device. The SAPs represent the customer access to the service. Multiple SAPs may be defined on the same physical port and may be used for different services. Service distribution points (SDPs) are defined on the service provider network side and define the connection of the service to an MPLS transport tunnel. Many services can be bound to one SDP. The concepts of SDP and SAP are further discussed in the Alcatel-Lucent Services course.
Scalable IP Networks v2.01
Module 7 - 15
VPWS – Ethernet Encapsulation (continued)
PE2 strips the MPLS label PE2 then looks at the service label to determine which service the frame belongs to PE2 then makes the appropriate forwarding decision for the destination customer site
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
16
All rights reserved © 2008 Alcatel-Lucent
The ingress PE receives customer data on a SAP that is associated with a specific service. The SAP may be a port, a port with a specific VLAN tag in the case of an Ethernet port, or a port with a specific circuit ID in the case of ATM or frame relay. The customer data is encapsulated with a service label by the ingress PE. Because many services may be configured on the PE, the service label identifies the specific service that the data belongs to. The service label value is signaled to the ingress PE by the egress PE when the service is initialized. After the data is encapsulated with the service label, the data must be forwarded over the correct SDP that is defined by the service. A second, outer label is added to the data. This label identifies the LSP that will be used to transport the MPLS packet to the far end of the tunnel – the egress PE device. The data is label switched along the LSP using this outer label. The egress PE removes the MPLS-encapsulated data from the SDP. The inner, service label is used to identify the service that the data belongs to and, after the labels are removed, the data is transmitted on the appropriate SAP for the service. In other words, the service label is used to demultiplex the data from the SDP to the appropriate service. CE devices are never aware of SDPs and SAPs. The CE devices transmit to the ingress PE device, possibly using a specific VLAN tag, and then receive an unlabeled packet from the egress PE device.
Scalable IP Networks v2.01
Module 7 - 16
VPLS
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
17
All rights reserved © 2008 Alcatel-Lucent
A VPLS is similar to a VPWS, with SAPs to provide customer access and SDPs to provide the transport connection across the network to the remote PEs of the service. However, a VPLS is a multipoint service that supports multiple access points (as opposed to a VPLS, which is only point-to-point with two access points). A VPLS acts as a logical Layer 2 switch that connects all of the CE devices that are attached to the service.
Scalable IP Networks v2.01
Module 7 - 17
VPLS (continued)
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
18
All rights reserved © 2008 Alcatel-Lucent
Because a VPLS emulates a switched Ethernet service, a MAC address forwarding database (FDB) must be maintained for each VPLS. When a unicast frame with an unknown source address arrives on a SAP or an SDP, the VPLS learns the address, in the same way that an Ethernet switch learns a MAC address on its ports. The VPLS FDB associates MAC addresses with SAPs and SDPs, but is otherwise similar to an Ethernet switch. When an Ethernet frame arrives on a SAP or an SDP, a lookup is performed in the FDB for the destination address. If there is an entry for the address, the frame is forwarded to the appropriate SAP or SDP. If there is no entry for the address, the frame is flooded to all other SAPs and SDPs, which is similar to the flooding of an unknown frame on an Ethernet switch.
Scalable IP Networks v2.01
Module 7 - 18
VPRN
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
19
All rights reserved © 2008 Alcatel-Lucent
A VPRN is a class of VPN that allows the connection of multiple sites in a routed domain over a service provider IP/MPLS network. VPRN is a Layer 3 service (as opposed to VPWS and VPLS, which are Layer 2 services). From the customer’s perspective, all of the sites appear to be connected to a private routed network that is administered by the service provider for that customer only. Each PE router providing VPRN services maintains a separate IP forwarding table for each VPRN. Each customer of the service provider has their own private IP address space and, therefore, may have overlapping IP addresses. The VPRN service uses VPN Routing and Forwarding Instances (VRFs) within the PE device to maintain forwarding information on a per-customer basis. A VRF is a logical private forwarding (routing) table that securely isolates the routing information of one customer from the next customer, and also from the routes of the provider core network. Each PE maintains multiple separate VRFs that are based on the number of distinct VPRN services that the PE supports. Each CE router becomes a routing peer of the provider PE router that it is directly connected to. Routes are exchanged between the CE and the PE routers. The PE devices in a VPRN service exchange routes with each other so that the routes can be transmitted to the remote CE devices of the customer. The transport of customer data is similar to a VPWS or VPLS, except that the Layer 2 headers are removed and the IP datagrams are encapsulated with the MPLS headers. Customer data arrives at a VPRN SAP, is encapsulated with an inner service label and an outer transport label, and is then carried across the network using MPLS.
Scalable IP Networks v2.01
Module 7 - 19
7750 SR and 7450 ESS Services Overview Module Summary and Learning Assessment
Module Summary After the successful completion of this module, you should be able to: Describe the different types of routers and their function in a VPN services-based network Describe the concept of tunneling and its role in providing VPN services Describe how MPLS can be used as a method of tunneling and label switching Describe the three major VPN services - VPWS, VPLS, and VPRN Describe SAPs, SDPs, and their application to VPN services
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 7 |
21
All rights reserved © 2008 Alcatel-Lucent
Module 7 - 21
Learning Assessment CE routers reside on customer premises and are unaware of VPN services provided to the customer by carrier PE routers P Routers make up the service provider’s core network and are concerned with switching labeled packets across the network Tunneling allows a service provider to transparently transport a customer’s traffic though an IP/MPLS network MPLS employs label switching as a method of tunneling There are three major VPN services, VPWS, VPLS, and VPRN VPWS is a layer 2 point to point service that supports Ethernet, frame relay or ATM connections VPLS is a layer 2 Ethernet multipoint service that emulates an Ethernet switch
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 7 |
22
All rights reserved © 2008 Alcatel-Lucent
Module 7 - 22
Learning Assessment (continued) VPRN is a layer 3 routed VPN service over a service providers existing IP / MPLS network MPLS transport tunnel labels are swapped by the service provider routers along an MPLS path as the customer data traverses the MPLS nework. MPLS service labels are inner labels negotiated by the PE routers of the service and remain constant as the traffic traverses the MPLS network
Alcatel-Lucent Scalable IP Networks v2.01
Scalable IP Networks v2.01
Module 7 |
23
All rights reserved © 2008 Alcatel-Lucent
Module 7 - 23
LAB 6 - Services
Alcatel-Lucent Scalable IP Networks v2.01
Module 7 |
24
All rights reserved © 2008 Alcatel-Lucent
See the Alcatel-Lucent IP Scalable Networks Lab Guide
Scalable IP Networks v2.01
Module 7 - 24
www.alcatel-lucent.com
3HE-02767-AAAA-WBZZA Edition 02
