The document discusses network virtualization using Virtual Routing and Forwarding (VRF) to separate network traffic for multiple customers or groups on a single router without allowing inter-group access. It describes how each VRF functions as an independent routing table, and provides examples of configuring VRFs on a single router and between multiple routers to isolate network segments at the Layer 3 level. Overlay networks are also introduced as another method to provide Layer 3 isolation using virtual private networks (VPNs) built with tunnels.
The document discusses routing concepts including routing tables, directly connected routes, statically configured routes, and dynamic routing protocols. It provides examples of configuring RIP routing between two routers to automatically exchange routing information and populate each router's routing table with routes to networks connected to other interfaces. Key steps include configuring RIP, enabling RIP on connected interfaces, and verifying routes are learned through RIP.
The document provides an overview of the Open Shortest Path First (OSPF) routing protocol, including that it is an interior gateway protocol that uses link state routing to establish neighbor relationships and exchange routing information within an autonomous system in order to determine the shortest path between any two routers on a network. OSPF detects changes in network topology quickly and converges on a new loop-free routing structure within seconds, and it has been widely implemented in large enterprise networks to provide efficient routing.
The following three sentences summarize the key information from the document:
1) The next step in the router boot sequence after the IOS loads from flash is to perform the POST routine. 2) Routing protocols use different metrics to determine the best path, with EIGRP using bandwidth as its only metric. 3) When troubleshooting networks, show and debug commands can be used to determine if OSPF hellos are propagating between routers that are unable to establish neighbor adjacency.
The document describes IEEE 802.16j multi-hop relay networks. It outlines the benefits of using relay stations such as coverage extension and throughput enhancement. It discusses key concepts like relay links and access links. The document also provides details on relay station network entry procedures including scanning, synchronization, ranging, registration. It explains relay frame structure and functional blocks. Finally, it summarizes procedures like neighbor measurement reporting, access station selection, and operation parameter configuration.
Routing information protocol & rip configuration3Anetwork com
Routing Information Protocol (RIP) is a distance-vector routing protocol that uses hop count as its routing metric. RIP version 1 (RIPv1) uses broadcast updates every 30 seconds and has a maximum hop count of 15. RIPv1 supports classful routing only. RIP version 2 (RIPv2) is an enhanced protocol that uses multicasts, supports classless routing with VLSM, and allows for authentication. The document then provides the configuration and verification steps to implement RIPv2 routing between three routers connected in a network.
The document discusses IP routing protocols RIP, RIP version 2, EIGRP, and OSPF. It provides details on configuration and features of each protocol, including route summarization, route filtering, default routing, and stub routing. It also covers troubleshooting routing loops caused by interface summaries in RIP and using leak maps in EIGRP.
The document discusses routing concepts including routing tables, directly connected routes, statically configured routes, and dynamic routing protocols. It provides examples of configuring RIP routing between two routers to automatically exchange routing information and populate each router's routing table with routes to networks connected to other interfaces. Key steps include configuring RIP, enabling RIP on connected interfaces, and verifying routes are learned through RIP.
The document provides an overview of the Open Shortest Path First (OSPF) routing protocol, including that it is an interior gateway protocol that uses link state routing to establish neighbor relationships and exchange routing information within an autonomous system in order to determine the shortest path between any two routers on a network. OSPF detects changes in network topology quickly and converges on a new loop-free routing structure within seconds, and it has been widely implemented in large enterprise networks to provide efficient routing.
The following three sentences summarize the key information from the document:
1) The next step in the router boot sequence after the IOS loads from flash is to perform the POST routine. 2) Routing protocols use different metrics to determine the best path, with EIGRP using bandwidth as its only metric. 3) When troubleshooting networks, show and debug commands can be used to determine if OSPF hellos are propagating between routers that are unable to establish neighbor adjacency.
The document describes IEEE 802.16j multi-hop relay networks. It outlines the benefits of using relay stations such as coverage extension and throughput enhancement. It discusses key concepts like relay links and access links. The document also provides details on relay station network entry procedures including scanning, synchronization, ranging, registration. It explains relay frame structure and functional blocks. Finally, it summarizes procedures like neighbor measurement reporting, access station selection, and operation parameter configuration.
Routing information protocol & rip configuration3Anetwork com
Routing Information Protocol (RIP) is a distance-vector routing protocol that uses hop count as its routing metric. RIP version 1 (RIPv1) uses broadcast updates every 30 seconds and has a maximum hop count of 15. RIPv1 supports classful routing only. RIP version 2 (RIPv2) is an enhanced protocol that uses multicasts, supports classless routing with VLSM, and allows for authentication. The document then provides the configuration and verification steps to implement RIPv2 routing between three routers connected in a network.
The document discusses IP routing protocols RIP, RIP version 2, EIGRP, and OSPF. It provides details on configuration and features of each protocol, including route summarization, route filtering, default routing, and stub routing. It also covers troubleshooting routing loops caused by interface summaries in RIP and using leak maps in EIGRP.
RIP is an interior gateway protocol that employs distance-vector routing and uses hop count as its routing metric. It works by periodically sharing full routing tables between neighboring routers to detect changes in network reachability. The maximum number of hops allowed in the RIP protocol is 15, which limits the size of networks it can support. There are two versions of RIP - version 1 lacks support for VLSM and authentication, while version 2 adds these features and multicasts updates. RIP has limitations such as slow convergence, count to infinity problems, and an inability to support networks larger than 15 hops without extensions.
MPLS SDN 2016 - Microloop avoidance with segment routingStephane Litkowski
The document discusses micro-loops in networks and how segment routing can be used to avoid them. Micro-loops are a natural phenomenon in hop-by-hop routed networks caused by transient disagreements between routers during convergence. Segment routing allows building a temporary loop-free path using a two-stage convergence - first using a precomputed loop-free label stack, then switching to the standard path once convergence is complete. This approach could help address issues caused by micro-loops like broken fast reroute and traffic loss.
This document discusses different types of routing protocols:
- Nonroutable protocols are used in small peer-to-peer networks without network addressing. Routed protocols contain network layer addressing to pass between multiple networks.
- Interior Gateway Protocols (IGPs) like RIP, IGRP, and OSPF are used within an autonomous system (AS). Exterior Gateway Protocols like BGP are used between ASes.
- Distance-vector protocols broadcast full routing tables periodically. Link-state protocols broadcast link updates, which routers use to independently calculate paths via SPF algorithm.
This chapter describes how to configure VLANs on Cisco 7600 series routers. It discusses VLAN default configurations, guidelines for VLAN configuration, and how to configure VLANs. It also provides an overview of how VLANs work, including different VLAN types and ranges.
EIGRP is an advanced distance vector routing protocol created by Cisco that uses the Diffusing Update Algorithm to calculate paths and backup paths. It establishes neighbor adjacencies, uses reliable transport for packet delivery, and sends partial and bounded updates only when there are changes.
Basically it contains information about the OSPF routing protocol. As much as possible the information was tried to be summarized and a slideshow of visual weight was made.
The document discusses the framing structure of SDH and various alarms that can occur in SDH networks. It explains the hierarchy from STM-1 frame down to VC-4 and tributary unit levels. It then describes alarms like LOS, LOF, LOP that can happen at different levels due to issues like signal loss, missing frames, or lost pointers. It also covers alarms for indicating defects or errors like AIS, RDI, REI, BIP and methods for error monitoring using bytes in the SDH frame.
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteBruno Decraene
This document discusses Topology Independent LFA (TI-LFA), a fast reroute technique that provides 100% node and link protection using Segment Routing. It begins by outlining requirements for fast reroute, then introduces TI-LFA which computes the post-convergence path and encodes it as a loop-free Segment Routing path. The document analyzes applicability on Orange network topologies and presents simulation results showing TI-LFA achieves low stack depth and path compression. It concludes that TI-LFA is a scalable solution that meets requirements by providing optimal fast reroute paths without side effects.
The document provides an overview of the Open Shortest Path First (OSPF) routing protocol. It describes how OSPF routers exchange link state advertisements to maintain a synchronized topological database. The database allows each router to calculate the shortest path to all destinations within the autonomous system. The document also discusses OSPF packet types, the process of forming adjacencies between neighbors, and the election of designated routers on multi-access networks.
This document provides an overview and summary of OSPF multi-area concepts including:
- Areas are used to divide large OSPF networks into smaller areas to reduce routing table size and limit SPF calculations.
- There are different types of areas including normal, stub, totally stubby, and NSSA areas. Routing behavior varies between area types.
- Link state advertisements (LSAs) including router LSAs, network LSAs, inter-area LSAs, and AS external LSAs are used to distribute routing information within and between areas.
BGP uses the AS path attribute to prevent routing loops. When a route passes through multiple autonomous systems (AS), each AS prepends its AS number to the AS path. Routers will ignore any updates containing their own AS number in the path to avoid loops. This is demonstrated by enabling debugging on R2 - it rejects an update from R4 containing its own AS 65003 in the path. IBGP within an AS also prevents loops through the split horizon rule and a full mesh of IBGP sessions.
STP prevents network loops by placing ports in blocking state. It establishes a root bridge with the lowest bridge ID, composed of priority and MAC address. STP transitions ports through blocking, listening, learning and forwarding states. When the network changes, STP maintains connectivity by transitioning some blocked ports to forwarding.
OSPF is an interior gateway protocol that uses link state routing and the Shortest Path First algorithm to calculate the best routes between destinations in a router network. It elects a Designated Router and Backup Designated Router on each multi-access network that distribute routing information to other routers through link state advertisements. OSPF supports authentication, manual route summarization, and metric adjustments to optimize routing behavior.
This document discusses configuring and troubleshooting single-area OSPF routing. It covers topics like:
- Configuring static and dynamic routing on distribution and core routers
- Configuring and verifying single-area OSPF
- Designated router election process for multiaccess networks
- Propagating default static routes in OSPF
- Securing OSPF with message digest 5 authentication
- Components of troubleshooting single-area OSPF like forming adjacencies and transitioning states
OSPF (Open Shortest Path First) Case Study: Anil NembangAnil Nembang
- The document discusses Open Shortest Path First (OSPF) configuration for a network comprising routers and PCs partitioned into 4 areas.
- An addressing scheme is proposed using /30 subnet masking to assign point-to-point interfaces between routers in areas 120, 120, and 120. Area 99 is an OSPF multi-access network requiring a different approach.
- OSPF is configured on the network with areas and interfaces assigned addresses according to the proposed scheme. A virtual link is also specified to connect the non-contiguous areas as required.
- Open Shortest Path First (OSPF) is an open standard link-state routing protocol that works with link state advertisements to dynamically calculate the shortest path to destinations. It maintains neighbor, database, and routing tables.
- OSPF uses areas and link state routing to converge quickly and find the shortest paths between routers within an autonomous system. It supports hierarchical routing designs and classless routing.
The document discusses troubleshooting BGP routing issues using Juniper examples. It begins by outlining some caveats and assumptions. Then it covers topics like originating routes, filtering routes, summarizing routes, and next hop problems. Examples are provided using show commands on Juniper routers to verify routes are being advertised and received correctly. Troubleshooting steps like modifying routing policies are demonstrated to resolve issues like more specific routes being advertised or next hop reachability problems.
Rip version1 configuration on Cisco routertcpipguru
The document describes configuring RIP version 1 on routers R1 and R2. On R1, RIP is configured with version 1, and the 192.168.1.0 and 172.16.0 networks are included. R1's routing table shows the 192.168.1.0 and 172.16.0 networks as directly connected. On R2, RIP is also configured with version 1 and the 192.168.2.0 and 172.16.0 networks are included. R2's routing table shows the 192.168.2.0 network as directly connected and learns the 192.168.1.0 network from R1 through RIP.
The document discusses configuring OSPF routing on Ethernet and Frame Relay networks. For the Ethernet network, OSPF is configured to elect R1 as the DR and R2 as the BDR by setting their interface priorities. For the Frame Relay network, OSPF is configured with static mappings between routers since Frame Relay is non-broadcast by default. Neighbor statements are used to define neighbors since hellos are unicast. Verification commands show the elected DR and neighbors.
RIP is a distance vector routing protocol that calculates routes based on hop count. The router learns remote networks from neighbor routers using RIP advertisements sent every 30 seconds. The administrator must configure which networks to advertise in RIP using the "network" command under the RIP configuration. Verifying RIP, the "show ip route" command displays the routing table including connected routes and RIP learned routes to remote networks.
EIGRP is an advanced distance-vector routing protocol created by Cisco that uses the Diffusing Update Algorithm (DUAL) to calculate paths and back-up paths. It establishes neighbor adjacencies, uses reliable transport to deliver packets to neighbors, and sends partial and bounded updates only when there is a change.
RIP is an interior gateway protocol that employs distance-vector routing and uses hop count as its routing metric. It works by periodically sharing full routing tables between neighboring routers to detect changes in network reachability. The maximum number of hops allowed in the RIP protocol is 15, which limits the size of networks it can support. There are two versions of RIP - version 1 lacks support for VLSM and authentication, while version 2 adds these features and multicasts updates. RIP has limitations such as slow convergence, count to infinity problems, and an inability to support networks larger than 15 hops without extensions.
MPLS SDN 2016 - Microloop avoidance with segment routingStephane Litkowski
The document discusses micro-loops in networks and how segment routing can be used to avoid them. Micro-loops are a natural phenomenon in hop-by-hop routed networks caused by transient disagreements between routers during convergence. Segment routing allows building a temporary loop-free path using a two-stage convergence - first using a precomputed loop-free label stack, then switching to the standard path once convergence is complete. This approach could help address issues caused by micro-loops like broken fast reroute and traffic loss.
This document discusses different types of routing protocols:
- Nonroutable protocols are used in small peer-to-peer networks without network addressing. Routed protocols contain network layer addressing to pass between multiple networks.
- Interior Gateway Protocols (IGPs) like RIP, IGRP, and OSPF are used within an autonomous system (AS). Exterior Gateway Protocols like BGP are used between ASes.
- Distance-vector protocols broadcast full routing tables periodically. Link-state protocols broadcast link updates, which routers use to independently calculate paths via SPF algorithm.
This chapter describes how to configure VLANs on Cisco 7600 series routers. It discusses VLAN default configurations, guidelines for VLAN configuration, and how to configure VLANs. It also provides an overview of how VLANs work, including different VLAN types and ranges.
EIGRP is an advanced distance vector routing protocol created by Cisco that uses the Diffusing Update Algorithm to calculate paths and backup paths. It establishes neighbor adjacencies, uses reliable transport for packet delivery, and sends partial and bounded updates only when there are changes.
Basically it contains information about the OSPF routing protocol. As much as possible the information was tried to be summarized and a slideshow of visual weight was made.
The document discusses the framing structure of SDH and various alarms that can occur in SDH networks. It explains the hierarchy from STM-1 frame down to VC-4 and tributary unit levels. It then describes alarms like LOS, LOF, LOP that can happen at different levels due to issues like signal loss, missing frames, or lost pointers. It also covers alarms for indicating defects or errors like AIS, RDI, REI, BIP and methods for error monitoring using bytes in the SDH frame.
MPLS WC 2014 Segment Routing TI-LFA Fast ReRouteBruno Decraene
This document discusses Topology Independent LFA (TI-LFA), a fast reroute technique that provides 100% node and link protection using Segment Routing. It begins by outlining requirements for fast reroute, then introduces TI-LFA which computes the post-convergence path and encodes it as a loop-free Segment Routing path. The document analyzes applicability on Orange network topologies and presents simulation results showing TI-LFA achieves low stack depth and path compression. It concludes that TI-LFA is a scalable solution that meets requirements by providing optimal fast reroute paths without side effects.
The document provides an overview of the Open Shortest Path First (OSPF) routing protocol. It describes how OSPF routers exchange link state advertisements to maintain a synchronized topological database. The database allows each router to calculate the shortest path to all destinations within the autonomous system. The document also discusses OSPF packet types, the process of forming adjacencies between neighbors, and the election of designated routers on multi-access networks.
This document provides an overview and summary of OSPF multi-area concepts including:
- Areas are used to divide large OSPF networks into smaller areas to reduce routing table size and limit SPF calculations.
- There are different types of areas including normal, stub, totally stubby, and NSSA areas. Routing behavior varies between area types.
- Link state advertisements (LSAs) including router LSAs, network LSAs, inter-area LSAs, and AS external LSAs are used to distribute routing information within and between areas.
BGP uses the AS path attribute to prevent routing loops. When a route passes through multiple autonomous systems (AS), each AS prepends its AS number to the AS path. Routers will ignore any updates containing their own AS number in the path to avoid loops. This is demonstrated by enabling debugging on R2 - it rejects an update from R4 containing its own AS 65003 in the path. IBGP within an AS also prevents loops through the split horizon rule and a full mesh of IBGP sessions.
STP prevents network loops by placing ports in blocking state. It establishes a root bridge with the lowest bridge ID, composed of priority and MAC address. STP transitions ports through blocking, listening, learning and forwarding states. When the network changes, STP maintains connectivity by transitioning some blocked ports to forwarding.
OSPF is an interior gateway protocol that uses link state routing and the Shortest Path First algorithm to calculate the best routes between destinations in a router network. It elects a Designated Router and Backup Designated Router on each multi-access network that distribute routing information to other routers through link state advertisements. OSPF supports authentication, manual route summarization, and metric adjustments to optimize routing behavior.
This document discusses configuring and troubleshooting single-area OSPF routing. It covers topics like:
- Configuring static and dynamic routing on distribution and core routers
- Configuring and verifying single-area OSPF
- Designated router election process for multiaccess networks
- Propagating default static routes in OSPF
- Securing OSPF with message digest 5 authentication
- Components of troubleshooting single-area OSPF like forming adjacencies and transitioning states
OSPF (Open Shortest Path First) Case Study: Anil NembangAnil Nembang
- The document discusses Open Shortest Path First (OSPF) configuration for a network comprising routers and PCs partitioned into 4 areas.
- An addressing scheme is proposed using /30 subnet masking to assign point-to-point interfaces between routers in areas 120, 120, and 120. Area 99 is an OSPF multi-access network requiring a different approach.
- OSPF is configured on the network with areas and interfaces assigned addresses according to the proposed scheme. A virtual link is also specified to connect the non-contiguous areas as required.
- Open Shortest Path First (OSPF) is an open standard link-state routing protocol that works with link state advertisements to dynamically calculate the shortest path to destinations. It maintains neighbor, database, and routing tables.
- OSPF uses areas and link state routing to converge quickly and find the shortest paths between routers within an autonomous system. It supports hierarchical routing designs and classless routing.
The document discusses troubleshooting BGP routing issues using Juniper examples. It begins by outlining some caveats and assumptions. Then it covers topics like originating routes, filtering routes, summarizing routes, and next hop problems. Examples are provided using show commands on Juniper routers to verify routes are being advertised and received correctly. Troubleshooting steps like modifying routing policies are demonstrated to resolve issues like more specific routes being advertised or next hop reachability problems.
Rip version1 configuration on Cisco routertcpipguru
The document describes configuring RIP version 1 on routers R1 and R2. On R1, RIP is configured with version 1, and the 192.168.1.0 and 172.16.0 networks are included. R1's routing table shows the 192.168.1.0 and 172.16.0 networks as directly connected. On R2, RIP is also configured with version 1 and the 192.168.2.0 and 172.16.0 networks are included. R2's routing table shows the 192.168.2.0 network as directly connected and learns the 192.168.1.0 network from R1 through RIP.
The document discusses configuring OSPF routing on Ethernet and Frame Relay networks. For the Ethernet network, OSPF is configured to elect R1 as the DR and R2 as the BDR by setting their interface priorities. For the Frame Relay network, OSPF is configured with static mappings between routers since Frame Relay is non-broadcast by default. Neighbor statements are used to define neighbors since hellos are unicast. Verification commands show the elected DR and neighbors.
RIP is a distance vector routing protocol that calculates routes based on hop count. The router learns remote networks from neighbor routers using RIP advertisements sent every 30 seconds. The administrator must configure which networks to advertise in RIP using the "network" command under the RIP configuration. Verifying RIP, the "show ip route" command displays the routing table including connected routes and RIP learned routes to remote networks.
EIGRP is an advanced distance-vector routing protocol created by Cisco that uses the Diffusing Update Algorithm (DUAL) to calculate paths and back-up paths. It establishes neighbor adjacencies, uses reliable transport to deliver packets to neighbors, and sends partial and bounded updates only when there is a change.
Routing protocols like RIP are used between routers to determine the best paths and maintain routing tables. RIP is a distance vector routing protocol that uses hop count as the metric to select routes. It broadcasts routing updates every 30 seconds. RIPv1 is classful while RIPv2 is classless and supports VLSM and route summarization. The router rip command enables the RIP process while network identifies participating interfaces.
Eigrp on a cisco asa firewall configuration3Anetwork com
The document discusses configuring EIGRP routing on a Cisco ASA firewall. It describes setting up interfaces, IP addressing, and EIGRP routing on the ASA and two routers. The ASA separates an internal, DMZ, and external network, and redistributes a default static route into EIGRP. Configuration is verified by showing EIGRP neighbors, routes, and that the routers have learned routes from all connected networks.
OSPFv3 is a link-state routing protocol that uses link-state advertisements (LSAs) to exchange routing information. Routers running OSPFv3 generate different types of LSAs to advertise IPv6 address prefixes, network links, and routing information between areas. OSPFv3 supports multi-area configurations with a backbone area and regular areas connected via area border routers that generate summary LSAs.
The document provides instructions for a lab activity to configure and verify EIGRP routing between two routers, R1 and R2. The key steps are:
1. Configure IP addresses on the interfaces of R1 and R2.
2. Check the routing tables on each router which initially only show directly connected networks.
3. Enable the EIGRP routing protocol on each router to exchange routing information.
4. Verify the EIGRP neighbor relationship forms and each router learns routes to networks attached to the other router.
Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
This document provides information about Cisco exam 642-902:
- It lists the exam number, passing score, time limit, vendor, and name.
- It indicates the examinee passed the CCNP 640-902 exam with a score of 1000.
- It outlines the various sections covered in the exam, including EIGRP, OSPF, BGP, Redistribution, IPv6, Routing, Drag and Drop, Simulation, and Hotspot questions.
- It provides sample exam questions and answers related to OSPF configuration and troubleshooting.
Dynamic routing protocols are used to automatically discover remote networks, maintain up-to-date routing information, and choose the best path to destination networks. There are two main types - interior gateway protocols (IGPs) like RIP, OSPF, and EIGRP that are used within an autonomous system, and exterior protocols like BGP that route between autonomous systems. IGPs use metrics like hop count or bandwidth to determine the best path. OSPF is a link-state protocol that floods link information, while EIGRP uses DUAL algorithm and maintains topology tables for fast convergence.
1. The document discusses various OSPF concepts including DR-BDR election, OSPF areas, router types, virtual links, and NSSA areas. It provides configuration examples and show command outputs to illustrate these concepts.
OSPF- Open Shortest path first, had conveyed the details of OSPF routing explaination which comes under Dynamic routing protocols and also configured OSPF Multi-area with the help of CISCO Packet tracer. The persons who were Pursuing CCNA will gain more exposure on overviewing this.
OSPF is a link-state routing protocol that is widely used for routing traffic within autonomous systems. It works by flooding Link State Advertisements (LSAs) throughout a routing domain. OSPF supports various area types, uses Designated Routers to reduce the number of adjacencies needed, and has different LSA types that advertise routing information within and between areas. BGP can then be configured between autonomous systems to exchange routing information globally.
EIGRP and OSPF are routing protocols. EIGRP uses the DUAL algorithm and metric to select fast, loop-free routes. It supports multiple network layers and rapid convergence. OSPF is an open standard link-state protocol that provides a common network view and calculates the shortest path. It can route between autonomous systems and uses link state updates and SPF algorithm. Configuring OSPF involves assigning networks to areas and defining the routing process. Verification includes checking neighbors, routes, and topology tables.
EIGRP and OSPF are routing protocols. EIGRP uses the DUAL algorithm and metric to select fast, loop-free routes. It supports multiple network layers and rapid convergence. OSPF is an open standard link-state protocol that provides a common network view and calculates the shortest path. It can route between autonomous systems and uses link state updates and SPF algorithm. Configuring OSPF involves assigning networks to areas and defining the routing process. Verification includes checking neighbors, routes, and topology tables.
This document discusses configuring next-hop-self on routers to change the next hop attribute for BGP routes advertised between autonomous systems. It shows the configuration of ISP1, ISP2 and Branch routers without changing the next hop. ISP1 is then configured with next-hop-self so that routes learned from ISP2 and advertised to Branch will have ISP1 as the next hop rather than ISP2. This allows Branch to successfully ping the network learned via BGP.
OSPFv2 is a link-state routing protocol that runs on IP and uses protocol number 89. It supports areas, authentication, and route redistribution. On IOS-XR, OSPFv2 uses a hierarchical CLI with inheritance and multiple threads to handle different tasks like packet processing, route installation, and neighbor synchronization. Key differences between IOS and IOS-XR include the use of inheritance and the hierarchical organization of OSPFv2 configuration.
IP Infusion Application Note for 4G LTE Fixed Wireless AccessDhiman Chowdhury
SKY Brazil is one of the largest Pay TV provider in Brazil with 5Million+ subscribers created world’s first disaggregated 5G-ready Fixed Wireless Access (FWA) network using IPInfusion’s disaggregated Cell Site Gateway Solution to serve 35K broadband subscribers.
Learn how the deployment was done, read this application note to know more about the usecase and OcNOS configurations.
This document provides an overview of the Open Shortest Path First (OSPF) routing protocol. It explains that OSPF is a link-state interior gateway protocol that uses shortest path first (SPF) algorithm to calculate routes. It describes OSPF's key features such as using link state advertisements, flooding, authentication, routing hierarchy with areas and backbone, and different message formats. The document also explains OSPF's routing algorithm which involves exchanging link state packets, building a link state database, and using Dijkstra's algorithm to calculate the shortest path tree and routing tables.
Similar to Network virtualization beyond vla ns-part2 (20)
The Cisco IP Phone 8800 Key Expansion Module adds extra programmable buttons to the phone. The programmable buttons can be set up as phone speed-dial buttons, or phone feature buttons.
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
The Cisco Catalyst 9200 Series switches are Cisco’s latest addition to the fixed enterprise switching access platform, and are built for security, resiliency, and programmability.
The 900 ISRs offer easy management and pro-visioning capabilities through Cisco Configuration Professional Express, Cisco DNA Center, and Cisco IOS Software, with full visibility into and control of network configurations and applications.
Hpe pro liant gen9 to gen10 server transition guideIT Tech
The document summarizes the key features and benefits of HPE ProLiant Gen10 servers. It introduces the new Gen10 servers as offering high performance, security, and flexibility to run demanding applications and workloads. Specific Gen10 server models highlighted include the DL360 and DL380 for compute environments, the ML110 and ML350 for versatility, and the MicroServer for small offices. Key security capabilities of the HPE iLO 5 management tool are also outlined.
Cisco ISR 4461 is the newest number of Cisco 4000 Family Integrated Services Router. Now the Cisco 4000 Family contains the following platforms: the 4461 ISR, 4451 ISR, 4431 ISR, 4351 ISR, 4331 ISR, 4321 ISR and 4221 ISR.
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
Cisco unveiled new 400 Gigabit Ethernet (400G) switches to help large cloud and data center customers meet modern network challenges of high scale and bandwidth. The new portfolio includes the Nexus 3400 fixed switches and Nexus 9000 switches for Cisco's ACI architecture. The 400G switches bring more than just increased speed, with flexible deployment options and support for features like superfast policy enforcement, packet visibility, smart buffering, and low latency traffic prioritization.
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
Cisco ISR 1000 offers a branch-in-a-box solution with various types of uplink connectivity, multiple Power over Ethernet (PoE) and PoE+ capable Gigabit-Ethernet ports, and built-in Cisco Mobility Express Solution for WLAN access and SD-WAN capability.
Aruba’s modern, programmable switches easily integrate with our industry leading network management solutions, either cloud-based Aruba Central or on premise Aruba AirWave.
Cisco IOS XE opens a completely new paradigm in network configuration, operation, and monitoring through network automation. Cisco’s automation solution is open, standards-based, and extensible across the entire lifecycle of a network device. The various automation mechanisms are outlined here.
Cisco's wireless solutions can be broadly classified into Standalone systems that operate Cisco Aironet Access Points individually and Controller-based systems that centrally manage multiple Cisco Aironet Access Points using a Cisco Wireless Controller. Multiple expansion modes are also supported in Controller-based systems.
Four reasons to consider the all in-one isr 1000IT Tech
The document discusses the benefits of Cisco's 1000 Series Integrated Services Routers for small and medium-sized businesses. It provides an all-in-one solution for routing, switching, wireless access and security in a single device. Key benefits include advanced wired and wireless connectivity, enterprise-class security features, and the ability to evolve the software-defined WAN over time through centralized management and policies. The 1000 Series offers an affordable way for SMBs to securely connect endpoints, devices and networks.
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
What is the Difference between Yellow and White Labeled Ports on a Nexus 2300 Series FEX?
The Cisco Nexus 2300 platform provides two types of ports: ports for end-host attachment (host interfaces) and uplink ports (fabric interfaces). Both yellow and white colored fabric interfaces can be used to provide connectivity to the upstream parent Cisco Nexus switch. There is no difference between yellow labeled and white labeled uplink ports.
The Cisco 892F ISRs have an SFP port that supports auto-media-detection, auto-failover, and remote fault indication (RFI), as described in the IEEE 802.3ah specification.
The Nexus 7000 Series switches form the core data center networking fabric. There are multiple chassis options from the Nexus 7000 and Nexus 7700 product family. The Nexus 7000 and the Nexus 7700 switches offer a comprehensive set of features for the data center network.
The document discusses the replacement of legacy Cisco transceiver modules that have reached end-of-sale and end-of-life with newer models. It provides a table listing the legacy modules and their replacement modules. It also discusses the target end-of-sale dates for legacy modules and features of the new modules, including backward compatibility and enhanced monitoring. Finally, it lists and describes the newest Cisco SFP transceiver modules.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
1. Network Virtualization-Beyond VLANs-Part2
We have explored the L2 aspects of virtualization
with VLANs, SVIs and Subinterfaces, but what if we needed to virtualize things
at a L3 layer. What if we needed a router to handle traffic for multiple customers or
groups without allowing access between them. A traditional non-virtualized way to
deal with this would be with ACLs between each of these groups, but this can
become cumbersome to manage and a mistake in an ACL can cause a security issue.
You could also tackle the separation of these group via virtualization using Virtual
Routing and Forwarding (VRF). Technically I’ll be discussing VRF-Lite here, for info
on full blown VRF see the upcoming post on L3 MPLS VPNs.
A device supporting VRF will have:
A global routing table which is the default routing table, this exists if you are
using VRF or not
One or more VRFs
Each interface on the device will belong to either the global routing table or
one of the VRFs
So for example say we have a red group and a green group which we want to keep
separate. Each group has two switches that are all connected to a single router. The
solution would look something like this.
Here we have a router with a Red and a Green VRF along with it’s global routing
table. The Red VRF includes interfaces Gi0/1 and Gi1/1 connected to the switches for
the red group and the Green VRF includes interfaces Gi0/2 and Gi1/2 connected to
switches for the green group. Since each VRF is a separate routing table a system
2. with the IP 192.168.10.10 in the Red VRF could not ping a system with the IP
192.168.20.10 in the Green VRF. The ping packets would simply be dropped by the
router since the VRF that received the traffic (i.e. Red) does not have a route to the
destination.
If we looked at the routing table for Red VRF it would look something like this:
Router# show ip route vrf Red
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, GigabitEthernet0/1
C 192.168.11.0/24 is directly connected, GigabitEthernet1/1
As you can see the only routes that exist in the Red VRF are for the two subnets for
the red group. The green VRF looks the similar with just connected routes for the
subnets for the green group.
The router also has a global table which act’s just like a VRF (it’s often refereed to as
the Global VRF, but it’s technically not a VRF). The global routing table only includes
routes that are not specifically included in another VRF and has no special visibility
into the other VRFs. Here is the routing table of the global routing table.
Router# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
3. C 10.1.1.0/24 is directly connected, GigabitEthernet2/0
If you only need to separate two groups, you could even just create a single VRF and
have one group in the VRF and the other in the global table. In the example above
the global table would likely be used for management.
Another effect of keeping the routing tables of VRFs separate is that the same
address space can be used in the different VRFs. For example it’s possible the same
subnets could be used in both the Red and Green VRFs.
The routing tables for the VRFs would look like this, where connected routes for the
same ip networks would show up on different interfaces.
Router# show ip route vrf Red
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, GigabitEthernet0/1
C 192.168.11.0/24 is directly connected, GigabitEthernet1/1
Router# show ip route vrf Green
4. Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, GigabitEthernet0/2
C 192.168.11.0/24 is directly connected, GigabitEthernet1/2
Of course providing L3 separation on a single device maybe of limited use. Often you
will want to segment different groups located in different buildings/offices and there
may be several routers in between those groups. One way to provide L3 separation
over several L3 devices is with a Back-to-Back VRF configuration.
In the Back-to-Back VRF setup you have two or more L3 devices connected together
where each one is configured with the VRFs needed to keep the routing separate.
5. In this case we have two routes connected together via a trunk. Each router has a
Red and Green VRF where each VRF includes an interface connected to a switch and
a subinterface connected to the other router over the trunk. This would allow a
server with IP 192.168.10.10 to talk with a server with the IP 192.168.20.10 (both in
the Red VRF), but neither could talk to a server with IP address 192.168.20.10 (in
the Green VRF).
The routing tale of router1 would look like:
Router1# show ip route vrf Red
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
6. o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.0.0/30 is directly connected, GigabitEthernet0/0.1
S 192.168.10.0/24 [1/0] via 192.168.0.2
C 192.168.11.0/24 is directly connected, GigabitEthernet0/1
Router# show ip route vrf Green
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.0.4/30 is directly connected, GigabitEthernet0/0.2
S 192.168.20.0/24 [1/0] via 192.168.0.6
C 192.168.21.0/24 is directly connected, GigabitEthernet0/2
Each VRF has it’s connected routes along with the static route to reach the network
on the other router. While this example uses static routes, dynamic routing protocols
can be used and would just form adjacencies with each other over their respective
subinterfaces.
The problem with Back-to-Back VRF configurations is that each router in the path
must be configured with the appropriate VRFs. In the next posts I’ll show how we
can connect VRFs using Overlay networks or L3 MPLS VPNs which minimize the need
of VRFs on transport devices.
Overlay Networks
Another method of providing L3 isolation is by using an Overlay Network. An Overlay
Network is really just a fancy name for a VPN and the most common overlay
networks are built with IPSec tunnels over the Internet.
7. A common misconception is that a VPN requires encryption, but this is not always
true. In the case where you are sending data over an untrusted network, such as the
Internet, encryption is key. But, for data sent across your corporate network,
encryption may not be necessary. In this case utilizing non-encrypted GRE tunnels
to provide a VPN between users or sites works just fine.
The best way to explain how an overlay network provides L3 isolation is by example.
Let’s say we have a enterprise that wants to keep it’s R&D Group (Red), Finance
(Green) and other Corporate Users (Blue) separate. Some buildings have a mix of
users while others have just one type of user. We also want to allow each of these
users to access a data center.
The above shows our topology with four sites and two core routers. Here we will
need to configure VRFs on the office routers to keep our users in each site separate.
But we won’t need to configure VRFs on our core routers.
For our HQ in San Francisco we will need to configure all three VRFs on the router.
The appropriate VLAN interfaces will be added to each VRF and the interfaces
connecting to the core will be left in the global routing table. Additional one loopback
interface for each VRF will be created and left in the global routing table (i.e. SFO
will have three loopbacks in the global table since SFO has three VRFs.)
8. Once configured the interfaces belonging to each VRF will look like this.
SFO#show ip vrf interfaces
Interface IP-Address VRF Protocol
Vlan20 10.100.20.1 Corp-Blue up
Vlan21 10.100.21.1 Corp-Blue up
Vlan22 10.100.22.1 Corp-Blue up
Vlan99 10.100.99.1 Finance-Green up
Vlan10 10.100.10.1 RD-Red up
Vlan11 10.100.11.1 RD-Red up
Vlan12 10.100.12.1 RD-Red up
Each of the other offices will be configured n the same way. Each will be configured
with the VRFs needed for their users and the loopback interfaces to match the
number of VRFs (i.e. LAX will be configured with the R&D and Corp VRFs and two
loopbacks). Once this configuration has been completed our network will consist of
islands of isolated users. Users located in SFO that are part of the Corp-Blue VRF will
9. be able to talk to each other, but not to users in the Corp-Blue VRF of different
offices.
To allow offices to talk to each other we need to start creating tunnels and building
our overlay networks. The core routers will only have routes for the links connecting
each site to the core and the loopbacks at each site. We will use these loopbacks as
the source and destination for our tunnels. Hence the reason why the number of
loopbacks match the number of VRFs configured at an office.
GRE tunnels will be configured on each router to connect the VRFs together, so SFO
will have a GRE tunnel connecting it’s R&D VRF with the R&D VRFs in LA, Seattle and
the Data Center. The config for these tunnels would look like the following.
interface Tunnel11010
description RD-Red Tunnel to LAX
ip vrf forwarding RD-Red
ip address 10.0.10.6 255.255.255.254
tunnel source Loopback10
tunnel destination 192.168.110.10
interface Tunnel12010
description RD-Red Tunnel to SEA
ip vrf forwarding RD-Red
ip address 10.0.10.8 255.255.255.254
tunnel source Loopback10
tunnel destination 192.168.120.10
interface Tunnel20010
description RD-Red Tunnel to DC
ip vrf forwarding RD-Red
ip address 10.0.10.1 255.255.255.254
tunnel source Loopback10
tunnel destination 192.168.200.10
Here we have three tunnels, one to each other office (if this were for Corp-Blue we
would just have tunnels to the Data Center and LAX). We specify all the normal
things you would need for a tunnel such as the source and destinations, ip addresses
and additionally we add the tunnel interface to the desired VRF, in this case RD-Red.
Notice each of these tunnels have the same source interface, loopback10. If these
tunnels were for the Corp-Blue VRF then they would use loopback20 for their source
interface.
10. After the tunnels for each VRF are created the topology for each virtual network
would look like this.
Now that the overlay network for each VPN has been created we just need to
configure routing for that VPN. Whether you use static or dynamic routing there are
some changes that will be needed for deployments with VRFs, make sure to check
the documentation of your protocol of choice.
In this example I chose to implement OSPF. In this case each VPN has it’s own OSPF
process (in addition to any OSPF process used for the core). Since different
processes are used for each VPN that means each VPN has its own independent area
topology. Here is an example of the OSPF configuration for SFO, with OSPF 192
being used for the core network.
router ospf 10 vrf RD-Red
log-adjacency-changes
network 10.0.10.0 0.0.0.255 area 0
network 10.100.10.0 0.0.0.255 area 0
network 10.100.11.0 0.0.0.255 area 0
network 10.100.12.0 0.0.0.255 area 0
router ospf 20 vrf Corp-Blue
log-adjacency-changes
network 10.0.20.0 0.0.0.255 area 0
network 10.100.20.0 0.0.0.255 area 0
network 10.100.21.0 0.0.0.255 area 0
network 10.100.22.0 0.0.0.255 area 0
11. router ospf 99 vrf Finance-Green
log-adjacency-changes
network 10.0.99.0 0.0.0.255 area 0
network 10.100.99.0 0.0.0.255 area 0
router ospf 192
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
Each OSPF process includes the networks belonging to the local interfaces
(10.100.X.X in this example) and for the tunnels (10.0.X.X) that belong to the VRF.
Here I show the OSPF neighbors for the Corp-Blue VRF and the routes learned in the
VRF.
SFO#show ip ospf 10 neighbor
Neighbor ID Pri State Dead Time Address Interface
10.200.10.1 0 FULL/ - 00:00:39 10.0.10.0 Tunnel20010
10.120.10.1 0 FULL/ - 00:00:33 10.0.10.9 Tunnel12010
10.0.10.10 0 FULL/ - 00:00:32 10.0.10.7 Tunnel11010
SFO#show ip route vrf Corp-Blue
Routing Table: Corp-Blue
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 10.0.20.6/31 is directly connected, Tunnel11020
O 10.0.20.2/31 [110/22222] via 10.0.20.7, 00:50:49, Tunnel11020
[110/22222] via 10.0.20.0, 00:50:49, Tunnel20020
12. C 10.0.20.0/31 is directly connected, Tunnel20020
O 10.110.20.0/24 [110/11121] via 10.0.20.7, 00:50:49, Tunnel11020
C 10.100.22.0/24 is directly connected, Ethernet2/0.22
C 10.100.20.0/24 is directly connected, Ethernet2/0.20
C 10.100.21.0/24 is directly connected, Ethernet2/0.21
O 10.200.20.0/24 [110/11121] via 10.0.20.0, 00:50:49, Tunnel20020
Notice that the OSPF process for the Corp-Blue VRF does not have an adjacncy to
the core routers, nor has it learned any of the core routes (192.168.X.X).
Overlay networks provide an obvious benefit of removing the VRF configuration from
the core, but require the additional configuration needed for tunnels. This limits the
usefulness of overlay networks (in a general sense) to only a small number of end
points. Larger deployments should look at MPLS based Layer 3 VPNs which I’ll cover
in the next part.
MPLS L3 VPNs
n this segment of my network virtualization series I will cover MPLS L3 VPNs. Like
the rest of the topics in this series I’ll be covering things at a high level which ideally
allow folks to at least get the concepts.
Like Back-to-Back VRF and Overlay networks, MPLS L3 VPNs provide L3
isolation to virtual networks hosted on a physical infrastructure.
What is MultiProtocol Label Switching (MPLS)?
When a packet is sent over a MPLS network a network label is added to the
datagram between layer 2 and layer 3. MPLS is often referred to as a Layer 2.5
protocol.
13. This is similar to other network virtualization techniques that add a new header, such
as a GRE, but the MPLS label doesn’t include a source or destination address which
stay with the packet as it travels across the network. Instead a 20-bit label value is
used and that value is changed at every hop.
When a MPLS router receives a packet with a MPLS label it references a table that
determines which interface that packet should be sent out of and what value to set
for the label. So for example if we have a router that has two interfaces: Gi0/1 and
Gi1/1. This router would have a MPLS forwarding table which, in this example, says
that every packet it receives with a label of 36 is to be forwarded out Gi1/1 with a
label of 222. So when the router gets a packet with a label of 36 it forwards it out
Gi1/1. The router doesn’t need to do a routing look up or any real high level
functions to forward the traffic which allow MPLS to operate pretty quickly.
So how does the MPLS router know how to build it’s forwarding table and what
labels to use. This is all based on the Label Distribution Protocol and Multiprotocol
BGP, and is beyond the scope of this article.
Another basic concept of MPLS is the nomenclature used for the routers in the
network. MPLS networks typically have:
Provider (P) routers, for the most part, only receive and send MPLS packets.
They are basically the core routers in the MPLS network.
Provider Edge (PE) routers are at the boarder of the MPLS and IP networks.
They connect to non-MPLS enabled routers called CE routers and to other P
and PE routers. PE routers add and remove MPLS labels from IP packets.
Customer Edge (CE) routers do not run MPLS and connect up to PE routers.
CE routers have no knowledge of the MPLS network.
How do L3 MPLS VPNs work?
Each PE router maybe connected to multiple customer networks that need to be kept
separate. This is accomplished by adding the connections to VRFs dedicated for each
customer. The PE router keeps these VPNs separate in the same way that is done in
a back-to-back VRF or overlay network design. The difference comes from how the
VPNs are kept separate by the rest of the network.
Separation in the MPLS network is accomplished by using multiple labels, in a similar
fashion to Q-in-Q, and basically builds MPLS tunnels.
14. When a PE receives an IP packet it needs to send over a MPLS L3 VPN it adds two
labels to the packet. It adds an MPLS label which is used to get the MPLS packet to
the destination PE. It also adds a MPLS label for that specific VPN which is used by
the destination PE to determine which VPN the packet belongs to and ultimately
which interface to send the packet out of.
What about an example?
In this example we have two CE routers each connected to a PE router with each PE
router connected to a P router.
When the CE router on the left has an IP packet destined for a network reachable via
the CE router on the right it sends that packet to the left PE router.
The left PE router takes the IP packet and encapsulates it into an MPLS
packet with two labels. This first label it adds is the VPN label with a value of 12.
This VPN label will only been used by the PE on the right to determine which VPN
this packet belongs to. It also adds a label with the value of 36, this label value is
used for packets that are destined for the PE on the right.
The P router receives the MPLS packet, examines the MPLS label and sees that it has
a value of 36. It looks up label value 36 in its forwarding table and sees that it needs
to forward the packet out it’s interface connected to the PE router on the right. It
also need to change the label value to 96. The P router never examines the MPLS
VPN label.
The PE router on the right receives the MPLS packet and sees that it is the
destination of the packet. It then looks at the VPN label and sees that this packet
15. belongs to a specific VPN. It then forwards it out the interface connected to the CE
router on the right as a normal IP packet. (Usually there is something called
Penultimate Hop Popping that changes this sequence a little but the concept does
not change).
The CE router on the right receives a normal IP packet and routes that packet
appropriately.
Reference from http://infrastructureadventures.com/series/#BeyondVLANs
More Related…
Network Virtualization beyond VLANs-Part1
VLAN vs. Subnet
ASA Routed vs. Transparent
LANs vs. WANs